Contributed by Johan Berg on from the dept.
"OpenBSD is quite possibly the most secure operating system on the planet. Every step of the development process focuses on building a secure, open, and free platform. UNIX® and Linux® administrators take note: Without realizing it, you probably use tools ported from OpenBSD every day. Maybe it's time to give the whole operating system a closer look."
And..
"In fact, OpenBSD is so secure that it was once banned for use in a DEF CON competition, where crackers go after each other's systems."
Article can be found here
(Comments are closed)
By tubbs (67.161.136.166) on
Which leads to another thought. What do the developers/users think of the Internet Storm Center and DShield in general? I have seen positive references to OpenBSD on ISC, don't know if any of the handlers have contributed or not.
I think the DShield OpenBSD client for reporting firewall logs is broken, my first attempt produced a load of unparsable log entries. Has anyone cared enough to produce a port of the DShild reporting client? Seems like a good cause, and good publicity.
Comments
By Jan J (130.237.209.42) on
I think the idea is great and have submitted logs for several machines for long times.
However the project is dead. No Feedback since Feb 8 2005? The windows client picks an IP address from my internal interface. How can a string conversion between two different log formats suddenly turn up another IP? I reported the bug several months ago and yet no fix or respons.
It is just very badly run.
By David Chisnall (213.105.224.17) on
Is this true? As far as I was aware, the only OS to be banned from DEF CON was OpenVMS (and I do keep typing OpenBSD when I try to type OpenVMS, so it's a possible mistake). Technically, OpenVMS was not banned either; they just created a rule saying that the OS had to run on x86, which ruled out OpenVMS, since it only runs on VAX, Alpha and Itanium. I found one other article from 2002 which made the same claim, but didn't cite any sources.
Comments
By Iruata Souza (muzgo) (201.52.20.57) on http://openvms-rocks.com/~muzgo
>
> Is this true? As far as I was aware, the only OS to be banned from DEF CON was OpenVMS (and I do keep typing OpenBSD when I try to type OpenVMS, so it's a possible mistake). Technically, OpenVMS was not banned either; they just created a rule saying that the OS had to run on x86, which ruled out OpenVMS, since it only runs on VAX, Alpha and Itanium. I found one other article from 2002 which made the same claim, but didn't cite any sources.
this is best explained here:
http://deathrow.vistech.net/defcon.txt
Comments
By Anonymous Coward (24.46.21.229) on
> >
> > Is this true? As far as I was aware, the only OS to be banned from DEF CON was OpenVMS (and I do keep typing OpenBSD when I try to type OpenVMS, so it's a possible mistake). Technically, OpenVMS was not banned either; they just created a rule saying that the OS had to run on x86, which ruled out OpenVMS, since it only runs on VAX, Alpha and Itanium. I found one other article from 2002 which made the same claim, but didn't cite any sources.
>
> this is best explained here:
> http://deathrow.vistech.net/defcon.txt
>
>
Maybe the idea came from this:
http://www.vmsone.com/~opcom/defcon9.htm
Comments
By Anonymous Coward (24.46.21.229) on
> > >
> > > Is this true? As far as I was aware, the only OS to be banned from DEF CON was OpenVMS (and I do keep typing OpenBSD when I try to type OpenVMS, so it's a possible mistake). Technically, OpenVMS was not banned either; they just created a rule saying that the OS had to run on x86, which ruled out OpenVMS, since it only runs on VAX, Alpha and Itanium. I found one other article from 2002 which made the same claim, but didn't cite any sources.
> >
> > this is best explained here:
> > http://deathrow.vistech.net/defcon.txt
> >
> >
>
> Maybe the idea came from this:
> http://www.vmsone.com/~opcom/defcon9.htm
>
hmm, PointSecure (OpenVMS security company) doesn't help either:
http://www.pointsecure.com/
From their site (main page)
""Highly recommended by HP, our solutions have been declared "virtually unhackable" and were banned from Defcon.""
I severaly doubt that an OS would be banned simply because it is "unhackable"; It's more likely that no one had a clue what to do with something so Very Much Strange... Although VMS is solid as a rock (run the 'open' systems here: OpenBSD, OpenVMS & OpenSolaris).
By Matt Van Mater (67.105.229.98) on
In recent years capture the flag has not been about a free for all hackfest like the early days, but rather "here is a system build, protect it and try to break everyone else's". This year was based on Solaris 10 i think. With that in mind, I don't think OpenBSD was banned per se, but it's avoided because its not as 'fruitful' a ground for hacking competitiions.
By Chris (70.186.194.173) on
It be nice if the author mentioned that the project is funded from CDROM sales before saying get the distribution from the download page. Oh well, at least he put the online ordering page link in the "Resources" section.
By Great advocacy (69.246.68.23) on
We have thousands of machines acting as servers in my global corperation, and the only unix variants used are mainly AIX on IBM hardware and solaris on sun hardware.
We are constantly frustrated with these unix vendors who are unable to compete and keep up with the competition, and constantly demanding new hardware in our already crammed facilities.
With this article hosted on one of these vendors' website, it may provide a bit of a 'seal of quality' over what I have been trying to push as a solution since I've been hired.
Comments
By Anonymous Coward (151.188.0.249) on
>
> We have thousands of machines acting as servers in my global corperation, and the only unix variants used are mainly AIX on IBM hardware and solaris on sun hardware.
>
> We are constantly frustrated with these unix vendors who are unable to compete and keep up with the competition, and constantly demanding new hardware in our already crammed facilities.
>
> With this article hosted on one of these vendors' website, it may provide a bit of a 'seal of quality' over what I have been trying to push as a solution since I've been hired.
Largely, but not entirely, true. If you're referring to users of, say, Web services being hosted on OpenBSD, then you're right. If, on the other hand, you're referring to someone (like me) who actually runs OpenBSD on his laptop, or someone who has a shell account on an OpenBSD server, then they probably do indeed care, especially that laptop user. There are some OpenBSD users who do care about security and cleanliness, and they therefore use and appreciate the operating system for what it is.
I have an idea of your frustration, above. Working in a Microsoft shop like I do, I am hard-pressed to even get GNU/Linux in here, let alone something "unsupported" (senior management's words, not mine or my boss's) like OpenBSD. Yes, I've known for years that plenty of small firms out here can--and would gladly--do it, but, see, they're not a "Big, Reputable Company (TM)" like Microsoft. However, after years of work, the PHB's are starting to allow GNU/Linux into our data centre, and we even have some OpenBSD that is very, *VERY* low profile. Guess which servers don't require constant reboots? Right, the GNU/Linux and OpenBSD boxes. Just that fact alone scares the hell out of all the MCSE's in the Windows team, including their boss; they're afraid that "those Linux guys" will make them redundant. :-)