Re: Political Analysis of Security Products

["yossarian" <yossarian () planet nl>]

a far as i can remember the swedish government stopped using Lotus Notes 4.6
on suspicions (or proof?) that it contained a backdoor for the US
government - in '98 or '97.

These generic fears are based on the clipper chip thing in the early 90-s
when the US gov planned to force all encryption product makers to give the
keys for National Security reasons. The issue was raise again recently. I
don't think the possible financial claims will make thing like this
possible, though. Who can be sure that any govt is capable of guarding the
keys....

Haven't heard anything related to any other govt, though.

----- Original Message -----
From: <pentestlist () hushmail com>
To: <pen-test () securityfocus com>
Sent: Tuesday, February 05, 2002 6:50 PM
Subject: Political Analysis of Security Products


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> I have never seen anything like this on the list so if it does not make it
through I understand. I have a very large client right now who is paying for
> a company wide (offices in 16 countries with 26 differant networks) audit
> of their security infrastructure. Nothing really out of the ordinary here.
>
> What is differant for us at least is this client has asked us to review
their
> security products from a national security point of view. The case here is
that
> they run or are evaluating several products from Israel and one from South
Korea and want us to evalute how likely it is that a sovereign state (in
this
> case Israel or South Korea) may have manipulated these products in order
to gain
> access to them remotely for their intel services.
>
> I remember reading years ago discussions like this about Firewall-1 and
for the most part nothing of interest ever came from it. Does anyone have
any evidence which can be publicly cited that something like this has ever
happened? And does anyone here have any idea how we would go about
performing a review like this without looking like conspiracy theorists?
> Hush provide the worlds most secure, easy to use online applications -
which solution is right for you?
> HushMail Secure Email http://www.hushmail.com/
> HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
> Hush Business - security for your Business http://www.hush.com/
> Hush Enterprise - Secure Solutions for your Enterprise
http://www.hush.com/
> -----BEGIN PGP SIGNATURE-----
> Version: Hush 2.1
> Note: This signature can be verified at https://www.hushtools.com
>
> wmAEARECACAFAjxgG0AZHHBlbnRlc3RsaXN0QGh1c2htYWlsLmNvbQAKCRCRKy2sIa3M
> 7XHOAJ9HqkJR344rGzuxGwz2SfUE95E1ugCeN99PvLaIOVJJk7dSsHb1/wCJHjo=
> =vhtz
> -----END PGP SIGNATURE-----
>
>
> --------------------------------------------------------------------------
--
> This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
see:
> https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/