You are viewing a single comment's thread from:

RE: A Combination of IPSEC, Multiple Wan's and 802.3ad Link Aggregation for Top Secure TCP transmission

in #security7 years ago (edited)

Aware of it. (20 years old thing)

That old fact is based on strategy most of OpenBSD code come as a reverse engineering / ports of BSD itself. For a long time, BSD and RedHat was a channel for implementing exploits through code ports.

In the case of Gregory Perry, it's not the first nor the last time he tried to gain some publicity for his "ethical doings"...However, it he was ethical, he would not sign NDA for such project in the first place, rather then waiting 10 years to "deal ethically". NDA does not apply in criminal activity and law breaches, so the whole story of the guy is a bit cheap talk, since that NDA was illegal itself and can't stand on any court - nor the FBI would ever push that to trial at the cost of raising public concerns. Moreover, NDA could not be signed for period more then 5 years dating the end of employment (the court practice).

That, however does not goes against the fact that BSD and RedHat was a primary channel of "infecting" other open source projects at the time, as most vulnerabilities got ported along with the code, and was sneaky enough to simply got missed in the process. That way, vulnerabilities was introduced by people who were totally unaware what they are doing, while in fact, you can't attack gov. agencies for exploits in commercial products accepting these terms within the user agreements. Just take a look at RedHat user agreement. It's not gov to blame that someone ported the code from RedHat or BSD directly breaching the license and pull the vulnerability within the port.

Lucky enough, today distro maintainers pays much more attention due to fact you presented.

All he need to do is admit that his company induced the vulnerability by porting the code without even looking at what they are porting, rather then presenting as "Ethical guy"...

The distros his company created for Internal FBI use, is whole another story. But again, used to present as a nice guy after loosing much of credibility in both public and gov sector.

Sort: