
The OpenBSD IPsec-Stuxnet connection - riffraff
http://extendedsubset.com/?p=43
======
tptacek
Come on, Marsh. How many people at INL have worked on SCADA security research?
There's a lot of them.

Furthermore, your premise is incoherent. There hasn't _been_ a backdoor
identified in OpenBSD IPSEC. The "bugs" that have been found (scare-quotes
because all of them had been fixed already) weren't usable as backdoors.

Were commits to IPSEC laundered via Canada? Yes. The reason? Because Theo
believed that a US commit tainting the IPSEC source code could subject IPSEC
to US export controls.

What's the "coincidence" you think you've found?

~~~
motters
SCADA isn't exactly mainstream technology. It's used primarily in factories.
Having worked in industrial automation areas for quite a while I'd estimate
that the number of people doing security testing on Siemens PLCs is a very
small community.

~~~
marshray
_I'd estimate that the number of people doing security testing on Siemens PLCs
is a very small community_

Right, and how big was it in 2008? And how many of them do you suppose were
also committing to OpenBSD's network stack in 2000-2001?

~~~
tptacek
It was big in 2008, Marsh. We're not a SCADA specialty firm, and we ended up
doing SCADA-related work in 2008, and in 2007, and in 2006. One of my BigCo
enterprise clients hired a network security guy --- network security, not
software --- from a pure-play SCADA software security consultancy.

~~~
marshray
That's interesting. I'm not sure exactly how critical the absolute size of
SCADA security in 2006 is in the question of evaluating the magnitude of the
coincidence. It almost seems like something @alexhutton's could plug into one
of his Bayesian models.

------
Confusion

      This guy sure seems to have a talent for coincidences
    

With a limited number of people and places involved in a scene, such
'coincidences' are inevitable. It'd be more surprising if no such connection
could be found. Any evidence is lacking.

~~~
bootload
_"... meanwhile in calgary... wasting no time netsec was secretly funnelling
"security fixes" through mr.t that he was committing "stealth" into openbsd
tree. (this i only knew years later when i was telling mr.t over a beer about
the funny people i met on a west-coast trip (see later)). "stealth" means that
purpose of the diffs was not disclosed in the commit messages or the private
openbsd development forums except with a few "trusted" developers. ..."_ ~
<http://mickey.lucifier.net/b4ckd00r.html>

what you say is understandable, but there appeared to be a lot of subterfuge
going on.

------
nl
I hope the author of this post thought pretty carefully about posting that.

There have already been a number of people associated with Stuxnet and/or the
Iranian nuclear program who have gone missing/died from strange accidents/been
assassinated. [1][2]

In simple terms, claiming someone possibly wrote Stuxnet puts their life in
danger.

[1]
[http://www.theregister.co.uk/2010/12/06/iran_claims_stuxnet_...](http://www.theregister.co.uk/2010/12/06/iran_claims_stuxnet_expert_hit_squad_arrests/)

[2]
[http://news.yahoo.com/s/ap/20101129/ap_on_re_mi_ea/iran_nucl...](http://news.yahoo.com/s/ap/20101129/ap_on_re_mi_ea/iran_nuclear)

~~~
tptacek
"Associated with Stuxnet" and "associated with the Iranian nuclear program"
are two _extremely_ different things.

------
pyre
I love how he uses recent example of US citizens being hassled at the border
to imply that it happened well into the past (a time when the borders were a
lot more open).

~~~
marshray
Yes, it's not a perfect comparison since he (along with many other OpenBSD
devs from the time) wasn't a US citizen, but read the document from Mickey.

------
hackermom
This blog entry was just an unnecessarily inflammatory excuse for
"journalism". Why?!

~~~
tptacek
Content, please?

~~~
hackermom
Elaborate.

~~~
tptacek
Sure: you didn't say anything in your comment. You intimated that Marsh Ray
was perpetrating a false and puffed-up attempt at (your scare-quotes)
"journalism". You ought to have supported that argument with evidence.

For what it's worth: if you're following the story closely enough to have an
educated opinion about it, the name "Marsh Ray" means something to you.

~~~
hackermom
I'm sorry, I didn't know that I had to :) But, alright, for one, I think it
serves no use other than bringing false attention to the topic when
introducing the Stuxnet/SCADA angle in the discussion. There's no juicy
coincidence of any kind to take note of. "Coincidence? I think not!".

