Firewall Wizards mailing list archives
Re: Y2K trojans, and outsourcing...
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Mon, 19 Jul 1999 11:57:27 -0500 (CDT)
On Mon, 19 Jul 1999, Henry wrote:
-----Original Message----- From: Shappard, Richard, A (Rich) <rashappard () att com> To: firewall-wizards () nfr net <firewall-wizards () nfr net> Date: Sunday, July 18, 1999 3:19 PM Subject: RE: Y2K trojans, and outsourcing...The only Trojans that the reporters at NBC know anything about come in foil packages. If you rely on the lamestream media for your technology news you're in deep trouble. Did they happen to provide any references to this rumor?Saw the bit they did; essentially its a problem of insufficient background checks for the code crunchers who have been brought in. No exploits have been found so far, but they had a few fairly respectable professionals (including someone from l0pht) talking about how they SHOULD'VE been more careful. I would have to agree, although I think as usual the media is jumping on the glamourous hacker chic bandwagon on this one. The $1 billion figure was a complete "guestimate", and as I said, no one's actually discovered a trojan or a backdoor. However, I know of a few companies where consultants have been hired without the sort of background checks you would normally give for people who get to directly handle code. If a company has a decent security policy in place to begin with, it really shouldn't be a problem.
From the article:
Several security firms say they have found "trap doors" in Y2K programming. Some were placed to provide reputable firms an entry for future repairs, but others have been intentionally hidden. "I'm aware of at least three such incidents," says Mike Higgins of the consulting firm Para-Protect Services. "One was in a major information technology company which used a Pakistani company to do (upgrades). The company left a hidden trap door and has since gone out of business." Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
Current thread:
- Y2K trojans, and outsourcing... R. DuFresne (Jul 16)
- <Possible follow-ups>
- RE: Y2K trojans, and outsourcing... Shappard, Richard, A (Rich) (Jul 18)
- Re: Y2K trojans, and outsourcing... Patrick Oonk (Jul 19)
- RE: Y2K trojans, and outsourcing... Cohen Liota (Jul 20)
- Re: Y2K trojans, and outsourcing... Henry (Jul 19)
- Re: Y2K trojans, and outsourcing... R. DuFresne (Jul 19)
- RE: Y2K trojans, and outsourcing... sean . kelly (Jul 19)
- Re: Y2K trojans, and outsourcing... Joseph S D Yao (Jul 20)
- RE: Y2K trojans, and outsourcing... Bill Stout (Jul 19)
- RE: Y2K trojans, and outsourcing... Henry Sieff (Jul 19)
- RE: Y2K trojans, and outsourcing... Alan Lustiger (Jul 19)
- RE: Y2K trojans, and outsourcing... Marcus J. Ranum (Jul 19)
- Re: Y2K trojans, and outsourcing... Steven M. Bellovin (Jul 20)
- RE: Y2K trojans, and outsourcing... Bill_Royds (Jul 20)
- Re: Y2K trojans, and outsourcing... Ryan Russell (Jul 21)