Hi!
On Wed, Dec 05, 2007 at 12:15:01PM -0500, bofh wrote:
One risk would be the plans of "online surveillance" of computers e.g.
in Germany. One way to install surveillance even on OpenBSD would be to
actively interfere with the internet connection with the surveilled
person, in the man-in-the-middle sense, and inject trojanned code
("Bundestrojaner") into the updates of the victim.
Using OpenBSD CDs doesn't protect the victim from attacks like that
that much because many people need ports/packages and to get fixes one
virtually has to use -current most of the time, and to update -current,
one often uses snapshots over non-secured transfers (ftp, rsync, source
via cvsync/cvsup). The only exception I know of is anoncvs via ssh,
but then, the CDs, IIRC, don't even ship with a known_hosts file for
the anoncvs servers.
As the talk about those "online surveillance" plans includes talk about
tailored attacks for each victim, they could investigate which OS one
uses and which ways of updating, so they could tailor their attack
vector appropriately.
Yes, *I*'d be vulnerable. I'd be not if I had a public key (and anoncvs
known_hosts file) from CD, perhaps also cvsync with cryprographic
integrity protection and public key (fingerprints) from CD, etc.
So the "online surveillance" stuff would perhaps not only affect Windoze
boxen as some people would come to think, even though the installation
of a trojan is, of course, usually much easier for Windoze than for
OpenBSD (or even a Linux installation if people with some skills operate
them).
Yes, of course cryptographic integrity protection wouldn't secure
OpenBSD against all kinds of attack vectors, but against *some*. Yes, it
comes at a cost. And I don't know whether the cost is really worth
while...
But I question whether it's really sound to just dismiss it beforehand.
Kind regards,
Hannah.
