Sorry for the top post...


Read below for the true story of Smoothwall from one of the developers.  If 
you still don't believe there was a backdoor in Smoothwall you can continue 
to delude yourself.


Bret.



----------  Forwarded Message  ----------

Subject: RE: [users] VPN / Dynamic IP question
Date: Monday 04 February 2002 2:47 pm
From: Ward William E DLDN <wardwe at navseadn.navy.mil>
To: "'Bret Baptist '" <bbaptist at iexposure.com>

Bret, I parted ways with SmoothWall back in November; I was unsatisfied with
the resolution of a number of security issues (which have still not been
corrected), nor with the overall attitude of certain members of the staff;
about six weeks later, my wife was ejected from the SmoothWall team when she
made a comment that Richard Morrel took offense with (she mentioned that he
had made promises to her that he hadn't kept, in a private email to a third
party, which he intercepted).

At current, I don't recommend to anyone that the utilize SmoothWall;
regardless of what it may SEEM, the reason is that during the month of
December, one of the then current (and to my understanding, once more
current) members of the team created a Trojan backdoor into the appliance,
and disseminated it to the list.  Some weeks later, in true 1984 language,
he was welcomed back with open arms, with a note saying that it had been a
hacker disguised as him.  However, correspondance from December pinpointed
the source of the Trojan as coming from the specific individual's machine;
so, I've heard two mutually exclusive things on the subject (and since my
wife was kicked out, I've heard nothing more).  However, since this was the
SECURITY manager for SmoothWall, my trust in the security of the system as a
whole is non-existant now; if he was a good enough for the job, his own
machine could not have been hacked.  If his machine was hacked, then how
good is the vetting of the security aspects of the software?

Strangely, though all this, up until the incident with my wife, I was still
a fan of Richard's, though his treatment of my wife, with his berating her,
calling HER a liar (I've seen proof on which is true and which isn't on
THOSE matters), his intercepting private email to her, his constant
badgering and threats, just turn me off.  I stopped responding to any
SmoothWall Emails when I left the team; I stopped using SmoothWall when I
lost faith and trust in the team members.  Right now, I wouldn't trust
SmoothWall for any important position; I would look elsewhere in preference
to using it with the current state of security in the product.

Bill Ward

-----Original Message-----
From: Bret Baptist
To: Ward William E DLDN
Sent: 2/4/02 10:35 AM
Subject: Re: [users] VPN / Dynamic IP question

Been reading the mailing list.  Glad to see that you decided to go with
a
X509 solution for the VPN access stuff.  I can tell you using that makes
me a
lot more interested in Server Edition.  Thank you for your efforts.

Bret.



On Friday 17 October 2003 8:31 am, Todd Young wrote:
> Wow! I really opened a can of beans with my original post, "grenaded"
> the can would be more like it. :-)
>
> Anyway, lets seperate fact from opinion.
>
> FACT:
> 1) Contrary to rumor, there is no "backdoor" to Smoothwall.
> 2) In March of 2002 Richard Morrell of Smoothwall accused IPCop of
> violating the GPL with respect to Smoothwall's v0.9.9 distro.
>
> MY OPINION:
> I believe Richard Morrell. He would not have gone public with his
> accusation if he did not believe it. Since that time, IPCop may have
> mended their ways, I really don't know. BUT, I view their original
> actions as distasteful and therefore I will NOT support their
> distribution, nor will I recommend it to anyone I know.
>
> ANOTHER THOUGHT:
> Support contracts, for open source applications and operating systems,
> is what will drive open source into the business environment. This can
> be shown to be true by RedHat and SUSE's success. Both offer their
> product for free, but also provide support through contracts. Therefore
> I submit that if you place yourself in the role of a mid-level IT
> support person at a small to mid-size company and you try to implement
> an open source appliction or OS, the first question from the CTO and/or
> CIO will be, "Who will support this product when you leave the company?"
> Telling the CTO or CIO that they have to subscribe to a user group to
> get their questions answered will NOT cut it. On the other hand, telling
> them that the software provider you have chosen will provide support for
> a yearly fee will ease their minds. Therefore, I submit that
> SmoothWall.co.uk is a better choice for the business environment. IPCop
> is fine for "at home" use, if you so prefer, but to be quite honest, I
> wouldn't try to sell it to the upper management of a business.
>
> This is my last post on the subject, unless someone directs a
> question/comment directly at me. Let's face it folks. There are as many
> opinions about different distros of Linux as there are people on this
> list, and banging our fists on the table proclaiming one over the other
> will get us nowhere. Let's all just agree to disagree.

-- 
Bret Baptist
Systems and Technical Support Specialist
bbaptist at iexposure.com
Internet Exposure, Inc.
http://www.iexposure.com
 
(612)676-1946 x17
Web Development-Web Marketing-ISP Services
------------------------------------------


Today is the tomorrow you worried about yesterday.


_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list