Re: Apology - not necessary

["Marcus J. Ranum" <mjr () nfr net>]

Frank Willoughby wrote:
> IMO, there is nothing to apologize for.

Frank, I gotta disagree.

Jason apologized, and like an upright man, and that was good.

His posting wasn't about national security, his posting was
rumor-mongering. It wasn't malicious, it was mistaken, but
it helped further a damaging rumor.

Since his posting I've made a number of enquiries of unquotable
nonexistent sources. None of them have pointed to a single
substantive "smoking gun."  Clearly the DOD may have problems
with Israelis, after that Israeli kid embarrassed some of the
DOD networkers so badly by pointing up how lame their security
was, but that's the best I could find. I spoke with Checkpoint's
VP of federal sales, and he said they've been working with NSA
to get them source code for review. (Hopefully source code that
compiles to an identical binary to the distribution!) :)  The
first time this rumor flared up I was still working for one
of Checkpoint's competitors and I still stuck up for them. :)
The rumor was (as far as I can tell) started by a consultant
who was closely tied to one of Checkpoint's competitors.

While Frank's points about national security make sense (especially
in the light of Crypto AG and related tales) this is about
squashing mud-slinging attempts, not security.

For the record, I'll reiterate my $3,000 challenge for a
disassembled proof of a trapdoor. I've appended the original
posting below.

mjr.

PS - NFR does not have any Mossad trapdoors in it. :)
We charge $1,000,000 for a trapdoor and they were too
cheap.:)
----
At 10:14 PM 6/26/97 +0000, Marcus J. Ranum wrote:
> Vin Writes:
> > This particular rumor, however, seems to fail the Test of Reason.
>
> I think that part of the confusion results from the fact that
> a lot of Israeli computer security technologies spring from
> folks at the Israeli DOD who commercialize things they
> invented/developed for the government. Not unlike other
> fine products in the US that were developed by cleaning
> up ARPA-funded research.
>
> The notion that Mossad would put a trapdoor in Checkpoint
> is laughable. That's not how they operate; they are more
> professional than that. I've run into the rumor several times,
> including from some Big Shot Consultants who subsequently
> weren't able to remember who their "sources" were when
> I called them on the phone. I suspect that if anyone's the
> Mossad agents, it's the Big Shot Consultants. :) There are a
> lot of useless know-nothing wankers who are jumping on
> the security bandwagon now that it's a "hot area" and
> are trying to cash in. Such individuals' stock in trade is
> spooky-sounding hush-hush stuff that makes them sound
> very important. Any studly Big Shot Consultant who *KNEW*
> that Checkpoint had a trapdoor would have posted the
> disassembled subroutines in question years ago.
>
> Indeed, for amusement value, I hereby offer a $3,000US
> cash prize out of my pocket to the first person who posts
> a verifiable disassembly of a dliberate trapdoor in a
> Checkpoint. Rules are that 2 other experts of my choice
> verify it. But first, let's apply the test of logic: a Big Shot
> Consultant who *KNEW* of such a hole and found it
> would get 15 minutes of fame on CNN and be the (/tmp)
> darling of the Information Warfare Lunatics. That's
> publicity worth the effort. If it was real. Casting aspersions
> is always easier than shedding light.
>
> mjr. (Secret Agent XZ3)
> -----
> Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
> <A HREF=http://www.clark.net/pub/mjr>Personal</A>
> <A HREF=http://www.nfr.net>Work</A>
> <A HREF=http://www.clark.net/pub/mjr/websec>New Book!!</A>
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr