RE: Checking for backdoors in software products

["Rob Shein" <shoten () starpower net>]

Really, the only way to be sure is source code review.  Look over the source
code (if they want you to distribute their software, they'll likely let you
see if if you sign an NDA), and then compile it and compare the resulting
binaries to what is distributed on CD.

> -----Original Message-----
> From: Bojidar Tzendov [mailto:bojidar_tzendov () mtel net] 
> Sent: Wednesday, June 04, 2003 10:22 AM
> To: focus-ids () securityfocus com
> Subject: Checking for backdoors in software products
>
>
>
>
> Dear All,
>
> A few software companies want we to distribute their products 
> abrpad. Do you know a system, software or methodology for 
> checking that software 
> products for possible backdoors?
>
> regards,
> Bojidar
>
> --------------------------------------------------------------
> -----------------
> INTRUSION PREVENTION: READY FOR PRIME TIME?
>
> IntruShield now offers unprecedented Intrusion IntelligenceTM 
> capabilities 
> - including intrusion identification, relevancy, direction, 
> impact and analysis 
> - enabling a path to prevention.
>
> Download the latest white paper "Intrusion Prevention: Myths, 
> Challenges, and Requirements" at: 
> http://www.securityfocus.com/IntruVert-focus-ids2
> --------------------------------------------------------------
> -----------------


-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities 
- including intrusion identification, relevancy, direction, impact and analysis 
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------