Involvement of FOX-IT in OpenVPN
Posted: Wed Mar 28, 2012 11:52 am
Dear OpenVPN users,
We've noticed that the security company FOX-IT is responsible for a lot of new code in the latest OpenVPN versions, which is nice because this has a positive effect on it's security.
But, as a Dutch security company, we are also familiar with the FOX-IT history. FOX-IT does not only provide security solutions, but they also also provide spyware, deep-packet-inspection and lawful interception solutions to goverments, like their product "FoxReplay" for example:
http://wikileaks.org/spyfiles/list/comp ... foxit.html
Can the OpenVPN developers guarantee us that every bit of code FOX-IT provides is carefully audited for backdoors? I assume we don't want to have a OpenBSD IPSEC/FBI scandal on this nice VPN product. Just imagen how much of their spy products they could sell when they have created a backdoor into OpenVPN.
We also like to inform you that PolarSSL in mainted by another former FOX-IT member Paul Bakker.
Note: We don't have the intention to start a flaming-war here, but this is something the OpenVPN users and developers should be aware of.
The Fortress Linux Security Team,
http://www.fortresslinux.org
We've noticed that the security company FOX-IT is responsible for a lot of new code in the latest OpenVPN versions, which is nice because this has a positive effect on it's security.
But, as a Dutch security company, we are also familiar with the FOX-IT history. FOX-IT does not only provide security solutions, but they also also provide spyware, deep-packet-inspection and lawful interception solutions to goverments, like their product "FoxReplay" for example:
http://wikileaks.org/spyfiles/list/comp ... foxit.html
Can the OpenVPN developers guarantee us that every bit of code FOX-IT provides is carefully audited for backdoors? I assume we don't want to have a OpenBSD IPSEC/FBI scandal on this nice VPN product. Just imagen how much of their spy products they could sell when they have created a backdoor into OpenVPN.
We also like to inform you that PolarSSL in mainted by another former FOX-IT member Paul Bakker.
Note: We don't have the intention to start a flaming-war here, but this is something the OpenVPN users and developers should be aware of.
The Fortress Linux Security Team,
http://www.fortresslinux.org