Firewall Wizards mailing list archives
Re: Apology - not necessary
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Sat, 26 Sep 1998 00:57:03 -0400
Frank Willoughby wrote:
IMO, there is nothing to apologize for.
Frank, I gotta disagree. Jason apologized, and like an upright man, and that was good. His posting wasn't about national security, his posting was rumor-mongering. It wasn't malicious, it was mistaken, but it helped further a damaging rumor. Since his posting I've made a number of enquiries of unquotable nonexistent sources. None of them have pointed to a single substantive "smoking gun." Clearly the DOD may have problems with Israelis, after that Israeli kid embarrassed some of the DOD networkers so badly by pointing up how lame their security was, but that's the best I could find. I spoke with Checkpoint's VP of federal sales, and he said they've been working with NSA to get them source code for review. (Hopefully source code that compiles to an identical binary to the distribution!) :) The first time this rumor flared up I was still working for one of Checkpoint's competitors and I still stuck up for them. :) The rumor was (as far as I can tell) started by a consultant who was closely tied to one of Checkpoint's competitors. While Frank's points about national security make sense (especially in the light of Crypto AG and related tales) this is about squashing mud-slinging attempts, not security. For the record, I'll reiterate my $3,000 challenge for a disassembled proof of a trapdoor. I've appended the original posting below. mjr. PS - NFR does not have any Mossad trapdoors in it. :) We charge $1,000,000 for a trapdoor and they were too cheap.:) ---- At 10:14 PM 6/26/97 +0000, Marcus J. Ranum wrote:
Vin Writes:This particular rumor, however, seems to fail the Test of Reason.I think that part of the confusion results from the fact that a lot of Israeli computer security technologies spring from folks at the Israeli DOD who commercialize things they invented/developed for the government. Not unlike other fine products in the US that were developed by cleaning up ARPA-funded research. The notion that Mossad would put a trapdoor in Checkpoint is laughable. That's not how they operate; they are more professional than that. I've run into the rumor several times, including from some Big Shot Consultants who subsequently weren't able to remember who their "sources" were when I called them on the phone. I suspect that if anyone's the Mossad agents, it's the Big Shot Consultants. :) There are a lot of useless know-nothing wankers who are jumping on the security bandwagon now that it's a "hot area" and are trying to cash in. Such individuals' stock in trade is spooky-sounding hush-hush stuff that makes them sound very important. Any studly Big Shot Consultant who *KNEW* that Checkpoint had a trapdoor would have posted the disassembled subroutines in question years ago. Indeed, for amusement value, I hereby offer a $3,000US cash prize out of my pocket to the first person who posts a verifiable disassembly of a dliberate trapdoor in a Checkpoint. Rules are that 2 other experts of my choice verify it. But first, let's apply the test of logic: a Big Shot Consultant who *KNEW* of such a hole and found it would get 15 minutes of fame on CNN and be the (/tmp) darling of the Information Warfare Lunatics. That's publicity worth the effort. If it was real. Casting aspersions is always easier than shedding light. mjr. (Secret Agent XZ3) ----- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. <A HREF=http://www.clark.net/pub/mjr>Personal</A> <A HREF=http://www.nfr.net>Work</A> <A HREF=http://www.clark.net/pub/mjr/websec>New Book!!</A>
-- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- Apology Jason L. Snowden (Sep 24)
- Re: Apology - not necessary Frank Willoughby (Sep 25)
- Re: Apology - not necessary Marcus J. Ranum (Sep 25)
- Re: Apology - not necessary Paul D. Robertson (Sep 26)
- Re: Apology - not necessary Paul D. Robertson (Sep 29)
- Re: Apology - not necessary Marcus J. Ranum (Sep 25)
- Re: Apology - not necessary Perry E. Metzger (Sep 29)
- Re: Apology - not necessary John Nicholson (Sep 29)
- Re: Apology - not necessary Perry E. Metzger (Sep 29)
- Re: Apology - not necessary Frank Willoughby (Sep 25)