Firewall Wizards mailing list archives

Re: Y2K trojans, and outsourcing...

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Mon, 19 Jul 1999 11:57:27 -0500 (CDT)

On Mon, 19 Jul 1999, Henry wrote:


-----Original Message-----
From: Shappard, Richard, A (Rich) <rashappard () att com>
To: firewall-wizards () nfr net <firewall-wizards () nfr net>
Date: Sunday, July 18, 1999 3:19 PM
Subject: RE: Y2K trojans, and outsourcing...

The only Trojans that the reporters at NBC know anything about come in
foil
packages.  If you rely on the lamestream media for your technology news
you're in deep trouble.

Did they happen to provide any references to this rumor?


Saw the bit they did;  essentially its a problem of insufficient background
checks for the code crunchers who have been brought in. No exploits have
been found so far, but they had a few fairly respectable professionals
(including someone from l0pht) talking about how they SHOULD'VE been more
careful.

I would have to agree, although I think as usual the media is jumping on the
glamourous hacker chic bandwagon on this one.

The $1 billion figure was a complete "guestimate", and as I said, no one's
actually discovered a trojan or a backdoor.  However, I know of a few
companies where consultants have been hired without the sort of background
checks you would normally give for people who get to directly handle code.
If a company has a decent security policy in place to begin with, it really
shouldn't be a problem.

From the article:


   Several security firms say they have found "trap doors" in Y2K
   programming. Some were placed to provide reputable firms an entry for
   future repairs, but others have been intentionally hidden.

   "I'm aware of at least three such incidents," says Mike Higgins of the
   consulting firm Para-Protect Services. "One was in a major information
   technology company which used a Pakistani company to do (upgrades).
   The company left a hidden trap door and has since gone out of
   business."


Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

Current thread:

Y2K trojans, and outsourcing... R. DuFresne (Jul 16)
- <Possible follow-ups>
- RE: Y2K trojans, and outsourcing... Shappard, Richard, A (Rich) (Jul 18)
  - Re: Y2K trojans, and outsourcing... Patrick Oonk (Jul 19)
  - RE: Y2K trojans, and outsourcing... Cohen Liota (Jul 20)
- Re: Y2K trojans, and outsourcing... Henry (Jul 19)
  - Re: Y2K trojans, and outsourcing... R. DuFresne (Jul 19)
- RE: Y2K trojans, and outsourcing... sean . kelly (Jul 19)
  - Re: Y2K trojans, and outsourcing... Joseph S D Yao (Jul 20)
- RE: Y2K trojans, and outsourcing... Bill Stout (Jul 19)
- RE: Y2K trojans, and outsourcing... Henry Sieff (Jul 19)
- RE: Y2K trojans, and outsourcing... Alan Lustiger (Jul 19)
- RE: Y2K trojans, and outsourcing... Marcus J. Ranum (Jul 19)
- Re: Y2K trojans, and outsourcing... Steven M. Bellovin (Jul 20)
- RE: Y2K trojans, and outsourcing... Bill_Royds (Jul 20)
- Re: Y2K trojans, and outsourcing... Ryan Russell (Jul 21)