funsec mailing list archives
Re: Israeli Software Company Faces U.S. Probe
From: Aviram Jenik <aviram () beyondsecurity com>
Date: Sun, 5 Mar 2006 14:51:59 +0200
On Friday 03 March 2006 07:13, Dude VanWinkle wrote:
Ja, thanks dre. Still, sounds like there was a backdoor. I seem to remember that it was in 2002-3 that I heard of the whoops-sec, but it might have just been whiplash from a previous faux pas.
Here's the story as it was told to me by people from CheckPoint, (one of them was the person who was in charge of their product security at that time). If there are any errors they are due to my bad memory. When CheckPoint did a common criteria evaluation, one of the issues found was several hardcoded IP addresses that showed up in the binary. Those were all external IP's traced to a network in Ramat Gan, Israel. This immediately red flagged FW-1 since the assumption was that information is covertly sent to those IP's, obviously in the company's headquarter in Ramat Gan. In reality, those IP's were in dead code used for testing (you had to recompile the code base to make this testing code work) and the IP's were in Ramat Gan because, well, that's where the QA machines were located! The CC people being paranoid as they are, did a full cavity search but found nothing wrong and thus dropped the suspicion (fact is, FW-1 eventually passed CC). This example is repeatedly told to every foreign company trying to pass CC as a warning against what looks benign to the programmer but extremely suspicious to a paranoid tester. It is also surfaces once in a while when the CheckPoint rivals are frustrated by their small marketshare and resort to FUD to gain some. Recently I heard about it again when a competitor of ours told one of our resellers that "Israeli companies cannot sell to the federal government because of the CheckPoint incident". I guess all is fair in love and war... Note: I don't work for CheckPoint, never had, and don't plan to.
-JP
- Aviram _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: Israeli Software Company Faces U.S. Probe, (continued)
- Re: Israeli Software Company Faces U.S. Probe Dude VanWinkle (Mar 02)
- RE: Israeli Software Company Faces U.S. Probe Ryan Counts (Mar 02)
- Re: Israeli Software Company Faces U.S. Probe Andre Ludwig (Mar 02)
- Re: Israeli Software Company Faces U.S. Probe Dude VanWinkle (Mar 02)
- Re: Israeli Software Company Faces U.S. Probe Andre Ludwig (Mar 02)
- Re: Israeli Software Company Faces U.S. Probe Andre Ludwig (Mar 02)
- Re: Israeli Software Company Faces U.S. Probe S.f.Stover (Mar 03)
- RE: Israeli Software Company Faces U.S. Probe Larry Seltzer (Mar 03)
- RE: Israeli Software Company Faces U.S. Probe Henderson, Dennis K. (Mar 02)
- Re: Israeli Software Company Faces U.S. Probe Fergie (Mar 02)
- Re: Israeli Software Company Faces U.S. Probe Dude VanWinkle (Mar 02)
- Re: Israeli Software Company Faces U.S. Probe Aviram Jenik (Mar 05)
- Re: Israeli Software Company Faces U.S. Probe James Kehl (Mar 06)
- Re: Israeli Software Company Faces U.S. Probe Dude VanWinkle (Mar 02)