You are viewing a single comment's thread from:
RE: A Combination of IPSEC, Multiple Wan's and 802.3ad Link Aggregation for Top Secure TCP transmission
Yeah from what I read this guy just wanted to make a quick buck.
I like the direction where OpenBSD is going now with all the weird experimental security features they are trying in the kernel etc. I hope this kind of thing won't ever happen again :) Thanks for thorough comment. I assume you have been Defcon and are probably a big BSD fan :)
I like how it's heading too, but actually I'm not the fan of Defcon nor BSD at all :)
As stated, BSD has been used for a while as a method to put sneaky vulnerabilities that indirectly finish in OpenSource projects through ports, making it close to impossible to accuse gov. agencies for them, since porting is not fully legal. It was a sneaky way to infect other distros. Even Apple dropped their line of products such as Time Capsule / AirPort express (BSD based) over many flaws they were unable to control. I would say it needs to take time to get my confidence back. Personally, I prefer Gentoo for mission critical systems, or Debian for less sensitive work.
Def Con, again, too much gov. sponsored. It's close impossible to present something that really affects millions of users. Such as: https://hal.archives-ouvertes.fr/hal-01759199/document :)
When I demonstrated the ability to forward any mobile number through SS7 flaws at GSMA / MWC back in 2013 in front of security audience, the unofficial talks with Def Con reps was something like "It's far better to push MNO's to fix the issues, rather then cause a pandemic attacks by making it further publicly visible". - Right :) If I found some flaws in ZTE or Huawei, that would probably get into the headlines. Millions of affected users - who cares :) It was not the flaw, it was the design.
But not much into it lately. Assuming you were poking about being a fan of BSD and def-con :)
This pic from NSA I hunt sysadmins sums up my view of Defcon, also there is lots of NSA and FBI there.(GCHQ is also probably there and they can die in a fire)
I volunteer at a security con in my area every year, but its mostly organized by like minded people , I also started a security meetup , but I'm hardly involved anymore.
I actually trust the BSD's more than Linux, I hear what you are saying about BSD, but remember Linux is not immune to security issues being purposefully inserted into the distro in whatever way. Did you forget about this one: https://www.schneier.com/blog/archives/2008/05/random_number_b.html? :)
I am not longer a Gentoo person, sorry to say. I was involved in anapnea.net back in the day, just as a lurker mostly. So I've had my fair dose of Gentoo. I like Grsecurity, this is probably the most real Linux security related project and they are definately doing something right, otherwise they wouldn't be getting such harsh reactions from the rest of the world.