Firewall Wizards mailing list archives
RE: Y2K trojans, and outsourcing...
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Mon, 19 Jul 1999 18:25:02 -0400
Ultimately, there was no evidence to back it up, just the generalized fear that consultants hired to make Y2k mods to software for, say, financial insititions, might surreptitiously code a backdoor in the program. Basically, it was a "there's no way we can be sure they didn't do it" argument.
Kind of ironic to have one kind of consultant (security consultants) sowing Fear, Uncertainty, and Doubt, about another kind of consultant (Y2K consultants) when the same FUD can be applied to them. What about security consultants that learn all about the victim's network, leave backdoors, and come back? Same problem, conceptually. "There's no way to be sure they didn't do it" almost applies to the same degree (though maybe a bit less). Sounds like lamer consultants trying to drum up business with semi fictional scare stories, to me. Remember the "banks in the UK are being stuck up for billions of dollars by extortionist hackers" F.U.D. that was going around last summer? That was all fiction, too. This kind of nonsense just makes reputable security professionals into media patsies. mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- RE: Y2K trojans, and outsourcing..., (continued)
- RE: Y2K trojans, and outsourcing... Shappard, Richard, A (Rich) (Jul 18)
- Re: Y2K trojans, and outsourcing... Patrick Oonk (Jul 19)
- RE: Y2K trojans, and outsourcing... Cohen Liota (Jul 20)
- Re: Y2K trojans, and outsourcing... Henry (Jul 19)
- Re: Y2K trojans, and outsourcing... R. DuFresne (Jul 19)
- RE: Y2K trojans, and outsourcing... sean . kelly (Jul 19)
- Re: Y2K trojans, and outsourcing... Joseph S D Yao (Jul 20)
- RE: Y2K trojans, and outsourcing... Bill Stout (Jul 19)
- RE: Y2K trojans, and outsourcing... Henry Sieff (Jul 19)
- RE: Y2K trojans, and outsourcing... Alan Lustiger (Jul 19)
- RE: Y2K trojans, and outsourcing... Marcus J. Ranum (Jul 19)
- Re: Y2K trojans, and outsourcing... Steven M. Bellovin (Jul 20)
- RE: Y2K trojans, and outsourcing... Bill_Royds (Jul 20)
- Re: Y2K trojans, and outsourcing... Ryan Russell (Jul 21)
- RE: Y2K trojans, and outsourcing... Shappard, Richard, A (Rich) (Jul 18)