Penetration Testing mailing list archives
Re: Political Analysis of Security Products
From: "Rainer Duffner" <rainer () ultra-secure de>
Date: Tue, 05 Feb 2002 21:39:04 GMT
R. DuFresne writes:
Marcus Ranum, if I recall correctly, has an outstanding reward for anyone with proof that fw-1 was ever backdoored by the Israeli's, it has never bee collected
Well, even if I'd find it, I'd _really_ be scared to "get collected" by Mossad. It has happend before.http://www.google.com/search?q=vanunu
An open backkdoor should be able to be gleened from port mapping techniques, the port has to be openly accesible for it to be used,
No. You could require a certain "port-scan-pattern" to be present to open it.
yes? A review/audit of the code for the product might further provide evidence, but, would require much more time as well as skill level <i.e. one would need to know C or C++ quite well, or whatever code base the application./device was written in An examination of theunderlying OS, before and after install, if this is not a drop and place and configure blackboox device might prove useful also.
Only code audit is useful. You can't rely on anything else. As Checkpoint has licensed the source to differnt parties, itis unlikely that a potential backdoor was contained in there.
Danger is not on this front. The soft- and hardware to control the suveillance of telephone-calls is partly built by companies that are either subcontractor of Mossad or are rumoured to be "controlled" by Mossad. TELCOs are concered by this, because, at least in Germany, every TELCO has to have a wiretap-mechanism in place for Secret Service or other Police-Forces. These wiretaps must be (qua definitionem) undetectable by the victim when used, and undetectable by the TELCO itself ! If one of these devices were backdoored (by an "enemy force"), the integrity of the whole telecommunication infrastructure would be, well, non-existant. Of couse, the TELCOs also (or mostly, let's be honest) the high costsassociated with this system.
I have no direct (English) link for this, just this one:http://www.heise.de/tp/deutsch/html/result.xhtml?url=/tp/deutsch/inhalt/te/9 395/1.html&words=Geheimdienst
but surf around the HeiseTelepolis site and get a feeling of just what is in stock for us... http://www.heise.de/tp/english/special/enfo/default.html
cheers, Rainer -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Rainer Duffner Munich rainer () ultra-secure de Germany http://www.i-duffner.de Freising ======================================== When shall we three meet again In thunder, lightning, or in rain?~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Political Analysis of Security Products pentestlist (Feb 05)
- Re: Political Analysis of Security Products William D. Colburn (aka Schlake) (Feb 05)
- Re: Political Analysis of Security Products R. DuFresne (Feb 05)
- Re: Political Analysis of Security Products ed (Feb 05)
- Re: Political Analysis of Security Products Kurt Seifried (Feb 05)
- Re: Political Analysis of Security Products E (Feb 06)
- Re: Political Analysis of Security Products Charles 'core' Stevenson (Feb 05)
- Re: Political Analysis of Security Products Rainer Duffner (Feb 05)
- Re: Political Analysis of Security Products Patrick Oonk (Feb 06)
- Re: Political Analysis of Security Products yossarian (Feb 05)
- <Possible follow-ups>
- RE: Political Analysis of Security Products Brass, Phil (ISS Atlanta) (Feb 05)
- RE: Political Analysis of Security Products Moonen, Ralph (Feb 06)