Questions tagged [openbsd]

OpenBSD is a Unix computer operating system descended from Berkeley Software Distribution (BSD) which emphasizes portability, standardization, correctness, proactive security and integrated cryptography.

34 questions
15
votes
5 answers

What is the potential impact of the alleged OpenBSD IPSEC attack?

Recently there is a bit of concern over encryption back doors in IPsec and while the status of this has not been confirmed, I don't know what impact something like this might have. For instance, does this mean that, since encryption on this layer…
Incognito
  • 5,204
  • 5
  • 27
  • 31
14
votes
2 answers

Do any OpenBSD protections mitigate the damage from Heartbleed?

OpenBSD provides a list of substantial protections against exploits inherent to the OS. Most of these features are not found in other operating systems, or at least are not turned on by default. The list from the OpenBSD website linked above…
Brian M. Hunt
  • 537
  • 1
  • 3
  • 16
14
votes
4 answers

OpenBSD vs. NetBSD security

If I search for the two words: OpenBSD and NetBSD on http://www.exploit-db.com/ then I get 17 hits regarding security bugs on OpenBSD, and 8 hits regarding security bugs on NetBSD. So what are the differences exactly, and how do NetBSD and OpenBSD…
LanceBaynes
  • 6,149
  • 11
  • 60
  • 91
12
votes
3 answers

How to best set up public WiFi without giving access to the rest of my network?

For reference, this is just for my home network. Anyway, I have quite a few of my neighbors ask me to share my internet with them. I'd really like to eliminate this "here's the password" portion though by just making my network publicly accessible.…
Earlz
  • 604
  • 2
  • 6
  • 15
12
votes
9 answers

Where to download OpenBSD release ISO's over HTTPS?

OpenBSD claims to be highly secure. So why doesn't it allow downloading the release iso's over HTTPS? Or I'm missing something? Can someone please explain this to me?
LanceBaynes
  • 6,149
  • 11
  • 60
  • 91
8
votes
1 answer

Is receiving IPv4 connections on AF_INET6 sockets insecure?

The FreeBSD man page for inet6 has the following: By default, FreeBSD does not route IPv4 traffic to AF_INET6 sockets. The default behavior intentionally violates RFC2553 for security reasons. Listen to two sockets if you want to accept both IPv4…
imgx64
  • 1,370
  • 2
  • 13
  • 10
7
votes
4 answers

Why do people use "burner phones" rather than Signal or similar solutions?

Why do people use burner phones rather than Signal or similar? I would imagine that if you are high value target the police or intelligence service would simply eavesdrop every phone call passing the base station nearest the location where you…
EmLi
  • 171
  • 5
6
votes
3 answers

Increase security without using "dynamic" kernel modules?

I recently read that NOT using loadable kernel modules could increase security. In my interpretation this consist about recomplying the kernel with only built-in kernel modules. (how to disable loadable kernel modules support? - in various os, like:…
LanceBaynes
  • 6,149
  • 11
  • 60
  • 91
6
votes
4 answers

In this case, does Virtualization gives more security?

A: running an OpenBSD machine with a httpd and a smtp server? vs. B: running an OpenBSD machine as virtualization host with QEMU having two guest OpenBSD system: one for smtp and one for httpd. Q: Which solution provides more security? For…
gasko peter
  • 843
  • 1
  • 12
  • 20
6
votes
2 answers

Is installing an old version of OpenBSD on an internet-facing server a security risk?

I have one specific package (moodle) which is not available on newer versions of the aforementioned OS. The last version of moodle was available on OpenBSD 5.3, which is more than 4 years old. Knowing of OpenBSD's impressive security track…
user166931
  • 69
  • 2
6
votes
1 answer

OpenBSD is implementing KARL. How does this improve security?

According to this article, OpenBSD is implementing a feature that will create a unique kernel every time a user reboots or upgrades his computer. It is called KARL, "Kernel Address Randomized Link". This works by relinking internal kernel files in…
Digital fire
  • 3,126
  • 5
  • 31
  • 44
5
votes
1 answer

OpenBSD-based LiveCD/LiveDVD - is it secure? is it offical?

Does the OpenBSD LiveCD/LiveDVD get deeply audited like the original OpenBSD? Is it an official "port"? Experiences with it?
LanceBaynes
  • 6,149
  • 11
  • 60
  • 91
5
votes
1 answer

OpenBSD, fbtab and X Window

The afterboot(8) man page of OpenBSD advises "You might wish to tighten up security more by editing /etc/fbtab as when installing X. " I would like to know what entries in /etc/fbtab would make sense for a machine that's used as a desktop for a…
Nicholas
  • 86
  • 2
5
votes
2 answers

Is there any safe OpenBSD desktop screenlocker?

Linux screen lockers don't seem so very secure, at least not in the past [1, 2, 3]. But is there any very secure OpenBSD screen locker? (Or perhaps OpenBSD uses the same desktop related source code as Linux and therefore would have similar…
KajMagnus
  • 687
  • 1
  • 5
  • 10
4
votes
2 answers

OpenBSD 32 or 64bit installer?

is the 64 bit or the 32 bit installer better? (not counting that if i have x>4 GByte RAM) - so i mean like is there any ASLR in OpenBSD? https://secure.wikimedia.org/wikipedia/en/wiki/Address_space_layout_randomization So that 64bit would be…
LanceBaynes
  • 6,149
  • 11
  • 60
  • 91
1
2 3