Firewall Wizards mailing list archives

Re: Y2K trojans, and outsourcing...

From: "Henry" <hsieff () orthodon com>
Date: Mon, 19 Jul 1999 02:13:14 -0500


-----Original Message-----
From: Shappard, Richard, A (Rich) <rashappard () att com>
To: firewall-wizards () nfr net <firewall-wizards () nfr net>
Date: Sunday, July 18, 1999 3:19 PM
Subject: RE: Y2K trojans, and outsourcing...

The only Trojans that the reporters at NBC know anything about come in
foil
packages.  If you rely on the lamestream media for your technology news
you're in deep trouble.

Did they happen to provide any references to this rumor?


Saw the bit they did;  essentially its a problem of insufficient background
checks for the code crunchers who have been brought in. No exploits have
been found so far, but they had a few fairly respectable professionals
(including someone from l0pht) talking about how they SHOULD'VE been more
careful.

I would have to agree, although I think as usual the media is jumping on the
glamourous hacker chic bandwagon on this one.

The $1 billion figure was a complete "guestimate", and as I said, no one's
actually discovered a trojan or a backdoor.  However, I know of a few
companies where consultants have been hired without the sort of background
checks you would normally give for people who get to directly handle code.
If a company has a decent security policy in place to begin with, it really
shouldn't be a problem.

--
Henry Sieff
Network Administrator
Orthodontic Centers of America
(504) 834-4392 ext. 135


Rich Shappard
Client Technical Associate
Global Client Support Center
AT&T Solutions

-----Original Message-----
From: R. DuFresne [mailto:dufresne () sysinfo com]
Sent: Friday, July 16, 1999 7:01 PM
To: firewall-wizards () nfr net
Subject: Y2K trojans, and outsourcing...



The national news for NBC ran an interesting topic
tonight;

Estimating that some company/industry faces a loss
potential
of a billion
or more at least, due to a backdooring trojan inserted
by
one or more
consultants brought in to fix the Y2K problem...

Thanks,

Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in
humanity.  It
eliminates dreams, goals, and ideals and lets us get
straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

Current thread:

Y2K trojans, and outsourcing... R. DuFresne (Jul 16)
- <Possible follow-ups>
- RE: Y2K trojans, and outsourcing... Shappard, Richard, A (Rich) (Jul 18)
  - Re: Y2K trojans, and outsourcing... Patrick Oonk (Jul 19)
  - RE: Y2K trojans, and outsourcing... Cohen Liota (Jul 20)
- Re: Y2K trojans, and outsourcing... Henry (Jul 19)
  - Re: Y2K trojans, and outsourcing... R. DuFresne (Jul 19)
- RE: Y2K trojans, and outsourcing... sean . kelly (Jul 19)
  - Re: Y2K trojans, and outsourcing... Joseph S D Yao (Jul 20)
- RE: Y2K trojans, and outsourcing... Bill Stout (Jul 19)
- RE: Y2K trojans, and outsourcing... Henry Sieff (Jul 19)
- RE: Y2K trojans, and outsourcing... Alan Lustiger (Jul 19)
- RE: Y2K trojans, and outsourcing... Marcus J. Ranum (Jul 19)
- Re: Y2K trojans, and outsourcing... Steven M. Bellovin (Jul 20)
- RE: Y2K trojans, and outsourcing... Bill_Royds (Jul 20)
- Re: Y2K trojans, and outsourcing... Ryan Russell (Jul 21)