Re: Political Analysis of Security Products

["R. DuFresne" <dufresne () sysinfo com>]

Marcus Ranum, if I recall correctly, has an outstanding reward for anyone
with proof that fw-1 was ever backdoored by the Israeli's, it has never
bee collected nor has any evidence of such a backdoor ever really been
offered up.  It remains an unsubstantiated rumor, perhaps initiated by
those competing with fw-1, years back.  An open backkdoor should be able
to be gleened from port mapping techniques, the port has to be openly
accesible for it to be used, yes?  A review/audit of the code for the
product might further provide evidence, but, would require much more time
as well as skill level <i.e. one would need to know C or C++ quite well,
or whatever code base the application./device was written in>  An
examination of theunderlying OS, before and after install, if this is not
a drop and place and configure blackboox device might prove useful also.
Most of the blackbox designs might prove hard to thouroughly audit from an
OS/source perspective as they owner/writers might not be too willing to
provide particulars of their design.

Thanks,

Ron DuFresne

On Tue, 5 Feb 2002 pentestlist () hushmail com wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> I have never seen anything like this on the list so if it does not make it through I understand. I have a very large 
> client right now who is paying for
> a company wide (offices in 16 countries with 26 differant networks) audit
> of their security infrastructure. Nothing really out of the ordinary here.
>
> What is differant for us at least is this client has asked us to review their
> security products from a national security point of view. The case here is that
> they run or are evaluating several products from Israel and one from South Korea and want us to evalute how likely it 
> is that a sovereign state (in this
> case Israel or South Korea) may have manipulated these products in order to gain
> access to them remotely for their intel services.
>
> I remember reading years ago discussions like this about Firewall-1 and for the most part nothing of interest ever 
> came from it. Does anyone have any evidence which can be publicly cited that something like this has ever happened? 
> And does anyone here have any idea how we would go about performing a review like this without looking like 
> conspiracy theorists?
>
>
>
> Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
> HushMail Secure Email http://www.hushmail.com/
> HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
> Hush Business - security for your Business http://www.hush.com/
> Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/
>
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.1
> Note: This signature can be verified at https://www.hushtools.com
>
> wmAEARECACAFAjxgG0AZHHBlbnRlc3RsaXN0QGh1c2htYWlsLmNvbQAKCRCRKy2sIa3M
> 7XHOAJ9HqkJR344rGzuxGwz2SfUE95E1ugCeN99PvLaIOVJJk7dSsHb1/wCJHjo=
> =vhtz
> -----END PGP SIGNATURE-----
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/