Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Political Analysis of Security Products

From: "William D. Colburn (aka Schlake)" <wcolburn () nmt edu>
Date: Tue, 5 Feb 2002 11:03:46 -0700
You could always start with "Reflections on Trusting Trust" for a "has
this ever happened" paper.  http://www.acm.org/classics/sep95/

There is lots of folklore that it has happened recently, but none of it
is real.  There were lots of rumor that the US used trojaned copiers
against Hussein in Desert Storm, but that was an April Fools joke that
the foreign press didn't understand.  There are web sites that have set
up special content for competitors to see, but that isn't in the same
league.

The terrible thing is that such an attack is possible, doable, and can
be nearly impossible to detect, prove, or disprove.  It all comes down
to trust.

On Tue, Feb 05, 2002 at 09:50:49AM -0800, pentestlist () hushmail com wrote:

I remember reading years ago discussions like this about Firewall-1
and for the most part nothing of interest ever came from it. Does
anyone have any evidence which can be publicly cited that something
like this has ever happened? And does anyone here have any idea how we
would go about performing a review like this without looking like
conspiracy theorists?




--
William Colburn, "Sysprog" <wcolburn () nmt edu>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: