|
|
| LSD can help you imagine how broken OpenBSD really is. |
|
OpenBSD's DNS PRNG is torn into pieces by Amit Klein. - Nov, '07
Vendor response: [OpenBSD is] completely uninterested in the problem. lulz |
|
OpenBSD wins Pwnie for Lamest Vendor Response - Aug 02, '07 Quote: The OpenBSD team refused to acknowledge the bug as a security vulnerability and issued a "reliability fix" for it.
h4h4 |
|
OpenBSD's IPv6 mbufs remote kernel buffer overflow - Mar 13, '07 So much for making OpenBSD useless with a default install.
CVSweb for OpenBSD frontpage - Mar 13, '07h4h4^2 |
|
Content below is from '04
|
|
One of the many lies on the OpenBSD.org website "Only one remote hole in the default install, in more than 7 years!" Do NOT fall for the lies! OpenBSD is NOT secure. Security from their point of view is pre-authentication remote root vulnerabilities. Local vulnerabilties aren't considering being security issues - apparently you're not meant to have users on your system. Neither are Denial of Service vulnerabilities - it's not like it was ever meant to be a reliable OS. Project goals are among others: - "Pay attention to security problems and fix them before anyone else does" Just as if anyone else would want to patch THEIR bugs. - "Be as politics-free as possible; solutions should be decided on the basis of technical merit" But Theo and a bunch of other losers are still in charge/working on it.. - "Do not let serious problems sit unsolved." Haha? Obviously another lie. - "Try to be the #1 most secure operating system" Depends on how you DEFINE security. In the rest of the world's eyes it's not more secure than anything else - rather the opposite. Their front page says "Our efforts emphasize portability, standardization, correctness, proactive security and integrated cryptography" Correctness where? Proactive security - yeah right. Cryptography - totally useless when an endpoint is owned. |
|
Retarded quote from an OpenBSD supporter "Since OpenBSDs developers code as mathematically correct as they can and as bugfree and secure as they can and then having heavy security auditing on the tree it's less probable that malicious users were to discover serious vulnerabilities before OpenBSD." |
|
OpenSSH Security Advisory: buffer.adv
Yet another backdoor has been uncovered in OpenSSH.
[Full-Disclosure] The lowdown on SSH vulnerability Privsep didnt protect against this one either, haha. Theo went nuts, haha
"A preauthentication bug in OpenSSH? Who hasn't found one of those?" -OpenSSH Developer (source: here)
|
|
The truth about OpenSSH Does it come as a surprise to anyone that the OpenBSD team has managed to introduce numerous serious security vulnerabilities in their SSH implementation, geniusly called OpenSSH, since their fork of OSSH (bugfixed SSH 1.2.12)? When was the last time you heard about a serious security hole in SSH.com's SSH daemon? Correct, the crc32 bug the security-aware OpenBSD hackers happily reproduced in OpenSSH. Since then various people have discovered more and more backdoors in the code. In a lame attempt to fix future vulnerabilities, Niels Provos came up with Privilege Separation. Probably not one of the wiser things he has come up with. Quote: "Previously any corruption in the sshd could lead to an immediate remote root compromise if it happened before authentication, and to local root compromise if it happend after authentication. Privilege Separation will make such compromise very difficult if not impossible." Haha. |
|
Links worth visiting Re: arguments about OpenBSD's Security - Nov 06, '04 Hints on running OpenBSD - dont do things you shouldn't,
like letting an idiot open up SSH to the world.
[Dailydave] Theo's presentation on exploit prevention - Sep 15, '04 "one begins to suspect why the stupid greek sailors all died in the end."
[Full-Disclosure] yet another panic() in OpenBSD - Nov 21, '03 Surprised that OpenBSD.ORG never claims that OpenBSD is reliable? It's because it's NOT!
Go noir!
[Full-Disclosure] OpenBSD kernel panic, yet still O*BSD OpenBSD is not something you'd ever want to have users on.. noir <3
[Full-Disclosure] yet another OpenBSD kernel hole ... - Nov 17, '03 Noir posts a tool to exploit the latest OpenBSD backdoor.
[Full-Disclosure] OpenBSD kernel overflow, yet still"priv seperation, chroot jail, systrace yeah yeah right ;P theo and niels what a happy couple ..." *BSD much better than windows - Nov 13, '03 Georgi Guninski discover yet another OpenBSD 3.3 backdoor
[Full-Disclosure] OpenBSD kernel panic, yet still Georgi Guninski finds a bug in OpenBSD but fails to realize it's really a backdoor
Re: Selective quoting at its best - Aug 23, '03 Ted Unangst (dumb openbsd developer) isnt sure why W^X doesnt stop hackers, haha
Re: Selective quoting at its best - Aug 22, '03Have a look at index.html from their CVS and at the comment made 03:32PM
OpenCULT
RE: Buffer overflow prevention - Aug 15, '03
spendergrsecurity.net: Re: PowerPC W^X - Apr 19, '03 |
|
Although this has nothing to do with security, it's worth mentioning since it has more strong arguments on why not to run OpenBSD. Link: http://bulk.fefe.de/scalability/ Quote: "OpenBSD 3.4 was a real stinker in these tests. The installation routine sucks,
the disk performance sucks, the kernel was unstable, and in the network scalability department it was even outperformed by it's father, NetBSD. OpenBSD also gets points deducted for the sabotage they did to their IPv6 stack. If you are using OpenBSD, you should move away now." |
|
Powered by GentooX (we're "obviously Loonix nuts") with grsec patches and hypercube at prq Inet. Click here if you want to complain about the ugly HTML! |
