Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Allegations regarding OpenBSD IPSEC
From: Charlie Derr <cderr () simons-rock edu>
Date: Fri, 17 Dec 2010 13:29:44 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/17/2010 12:52 PM, Paul Schmehl wrote:
--On December 17, 2010 12:31:37 PM -0500 Larry Seltzer 
<larry () larryseltzer com> wrote:

The one thing Mr. Perry has not done, and which, if his claims have any
merit at all, he could easily do, since he claims he's no longer under
NDA,
is post the code that proves that there is a backdoor.  After all, he
supposedly wrote it, along with others.

Actually, he did not say that he wrote code. He said that "Jason
Wright and several other developers were responsible for those
backdoors"


I quote Mr. Perry:

"I left NETSEC in 2000 to start another venture, I had
some fairly significant concerns with many aspects of these projects,
and I was the lead architect for the site-to-site VPN project
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
developed for Executive Office for United States Attorneys, which was
a statically keyed VPN system used at 235+ US Attorney locations and
which later proved to have been backdoored by the FBI so that they
could recover (potentially) grand jury information from various US
Attorney sites across the United States and abroad."

Still think he never wrote any and had no knowledge of the code?  What does 
"lead architect" mean?


I actually thought about this as possibly providing more motivation for Mr. Perry to whine about the FBI being
responsible for subverting a project that he was in charge of.  While the previous motivations that you guessed at all
seem plausible, this one jumped out at me.  Being able to pin his failure to secure the VPN for US Attorneys on the FBI
(and at least partially steer attention away from his own culpability) seems like potentially a very good reason for him
to have made these allegations in the first place.  But of course I have no evidence and am just guessing.

   best,
      ~c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNC6wXAAoJELuLPXMxqTZ/9CYQAMfDyu3ObqzrC0yK1pZxlim8
OTbbYXME5afuTpSONb/JDbBnJcRW024oXykU59KNJ8y8DTE+IgvnoihKaA8s143G
bkbA3zT60NFkUR+vQMgSVRDff2RNyGRBNSImEaWQP0kLva/ouaDsbyNqLFKhqaVB
b6+T600Gfb65gOSX3IbbIzJ64r7CinJvxY5aIYxCk4fHfTcy28+YxAtfFz2F3BLL
xwYHEcYZnHqnCFV1xpKLraAixeovqslCQG8HpM76KtZrTWoJ2Nc3ki5E4D/BOoZH
pTi8GcDZRrgesZQYmbeMGirJLSMD1LTZ6szg0Ul/z4HCOlcCWPC/Z30iAT+JcjqP
5FGh74n/PPirMBMzfb78Qd33j1AEyw0bZ5QEpLJG5rQjfDTZHJ7BHNJdvfie418N
/pyheNAdk3MFdgAt5fCUiWcMsQIixsqjn3hqaTolgxA34VCmhlaQyMrfEg/gPRbp
lFQJNNTOyWX3IWPIOhGRJNSc7XfrE6LIddcspDkYXOQt0jICpNdoHeDDCZddcVkR
hkGbQOS4kcVWPZ0lUjIlmXzLRtgnhnFI3t3VZpGqGOF5T5gi8Ax25lrdc6BT4XRd
TTVuBwylvtxYUUaI/nje1NFWgrXJikOJ+N1KLPBrT+w6IYfRchOOGNslsSCROduM
qedxwhjr9doLfkjmhaM2
=lUG1
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]