|
Posted by Nico Kadel-Garcia on June 5, 2006, 10:03 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I wrote Secure VPN Gateway. It does work and in my opinion it works
> really well. I believe that I have addressed some security issues
> that other products have not.
With no usable documentation, no published source code, and due to the lack
of published source code, a complete violation of the GPL license for any
GPL components such as glibc or a Linux kernel. It's a blackbox from an
unknown author with no previous large scale products, making outrageous
claims about being "Absolutely Secure VPN Gateway".
There's not even an installation guide: that's just pitiful. Without source
code, we have to assume to assume that the rest of your work is equally lax
and poorly thought out. Nothing personal against you, but that's not how you
engender the necessary trust in potential clients or users.
> My product needs to be tested, poked, and prodded by people that
> really know the security field.
Then publish your source, or do what a closed source software company must
do: hire experts to review it. No one sane is going to vouch for it without
access to the source.
> In particular I'd like to know answers to these questions regarding
> the Secure VPN Gateway:
> 1) Can you stage a man in the middle attack and successfully gain
> access to a users network services ?
> 2) Using some sort of spy ware (and not one you've written just for
> this product) can you automatically capture the ssh2 rsa file,
> username & password. Then use these to access any network services on
> the VPN gateway ? 3) Can anyone crack the Secure VPN gateway with whatever
> means they
> like and then gain access to any on the defined user network services
> ?
> Please note - Im really looking for constructive information here so
> please provide full details on how you managed to get around the
> security. I plan to use the information you provide to make the
> product even more secure. If I use your ideas, I'd like to include
> you in the product credits.
No, you're really not. You're looking for validation by some of the really
sharp people available here of your personal little black box security tool.
With no documentation and no source, this is like asking for a restaurant
review and not even showing people the menu, only showing them the sign on
the door.
I've just downloaded Smoothwall Express, and guess what? It's GPL Licensed,
and by failing to publish your source code to people using your software,
you're clearly in violation. I'm notifying them immediately.
Nico Kadel-Garcia
nkadel@comcast.net
| 
XML site map