[Full-disclosure] Allegations regarding OpenBSD IPSEC

[Valdis.Kletnieks at vt.edu]

On Wed, 15 Dec 2010 12:32:47 CST, Paul Schmehl said:
> So for 10 years IPSEC has had a backdoor in it and not one person examining 
> the code has noticed it?  Or even questioned it?

Debian/Ubuntu/etc SSL/SSH key vuln FTW.  That backdoor with a commit
message of 'shut up valgrind' managed to hide for 2 years before anybody
noticed what the effect was....



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20101215/bc55b8a6/attachment.bin