RE: A reminder that security is not inherently solvable with tech nology

[Randy Golly <rcgolly () vermeertexas com>]

YES!  I haven't been a big fan of offshore developers working on sensitive
domestic (US) projects.  I'm all for globalization of production and taking
advantage of the economies of scale that lower cost labor provides, it does
benefit consumers and the economies of countries involved.  But I do think
that the security risks involved with this type of software development or
support need to be further addressed and defined.  In this article, many of
the people involved had no idea that it was going offshore.  That leads me
to wonder who does know what is being done in this manner.  Do you suppose
there is any sensitive govt. work or national security projects being done
in Pakistan as in this story? Does anyone really know? What kind of
perception do these developers have of the US with the events of the last
few years as we tromp around the Mideast? Who else might be getting copies
of their work?  What is the chance of back-doors being dropped into code to
open our systems to potential cyber-terrorists?  I know much has been
written about cyber-terrorism since 9/11, and now I'm reading that some are
saying that nothing has happened along these lines and it was never a
threat, (liberal speak?).  But I do think this is a risk that is real and
giving them opportunities to get their hands on our systems or our code is
an open invitation in my book.

Thanks for the space to ramble...
Randy Golly


-----Original Message-----
From: Kamal Habayeb [mailto:mountainfury () fastmail fm] 
Sent: Thursday, October 23, 2003 12:15 PM
To: security-basics () securityfocus com
Subject: Re: A reminder that security is not inherently solvable with
technology

JGrimshaw () ASAP com wrote:

> http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2003/10/22/MNGCO2FN8G1.
DTL
> This article was posted on Slashdot today...
Does anyone else see the potential abuse of off shoring jobs that may 
contain sensitive customer information?  As this idea spreads, it could 
become the "hostage taking" of the new millennium.  No longer would one 
need to kidnap a person in South America and hold them for ransom, its 
much easier to obtain a job that gives access to sensitive information 
and then threaten to publicize the information if not paid.  We need to 
take steps to keep our jobs and our information secure.


---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about 
network analyzers. Are you sick of the three window text decodes? Download
ClearSight Network's Analyzer and see a new network analysis tool that 
makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_0310
21
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about 
network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new 
network analysis tool that 
makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021
----------------------------------------------------------------------------