Political Analysis of Security Products

From: pentestlist@hushmail.com
Date: 02/05/02 

From: pentestlist@hushmail.com
To: pen-test@securityfocus.com
Date: Tue,  5 Feb 2002 09:50:49 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have never seen anything like this on the list so if it does not make it through I understand. I have a very large client right now who is paying for
a company wide (offices in 16 countries with 26 differant networks) audit
of their security infrastructure. Nothing really out of the ordinary here.

What is differant for us at least is this client has asked us to review their
security products from a national security point of view. The case here is that
they run or are evaluating several products from Israel and one from South Korea and want us to evalute how likely it is that a sovereign state (in this
case Israel or South Korea) may have manipulated these products in order to gain
access to them remotely for their intel services.

I remember reading years ago discussions like this about Firewall-1 and for the most part nothing of interest ever came from it. Does anyone have any evidence which can be publicly cited that something like this has ever happened? And does anyone here have any idea how we would go about performing a review like this without looking like conspiracy theorists?

Hush provide the worlds most secure, easy to use online applications - which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wmAEARECACAFAjxgG0AZHHBlbnRlc3RsaXN0QGh1c2htYWlsLmNvbQAKCRCRKy2sIa3M
7XHOAJ9HqkJR344rGzuxGwz2SfUE95E1ugCeN99PvLaIOVJJk7dSsHb1/wCJHjo=
=vhtz
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: Ten least secure programs
    ... it's probably better you leave the topic alone ... I said I do not have security issues with the programs I code. ... I didn't realize you were a Linux user, ... > the most widely used and secure UNIX flavors? ...
    (Security-Basics)
  • "An Asp.Net accident waiting to happen" - Draft article
    ... In a time where Security ... in shared hosting environments. ... technologies that allow the creation and deployment of secure ... IIS 6 web server and windows 2003 also provide some tools to deploy ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: Why Easy To Use Software Is Putting You At Risk
    ... I do agree that the additions and changes to Solarius will make it more secure and that this is good. ... Why Easy To Use Software Is Putting You At Risk ... instead I would say that the view that security is ... Four Construction Workers Died after Crane Collapse in Toledo, ...
    (Security-Basics)
  • Why Easy To Use Software Is Putting You At Risk
    ... Anyone who has been working with computers for a long time will have noticed ... because DNS does not configure properly or security permissions are relaxed ... Is It Also Secure ... guarantee that no one really knows for sure, not even Microsoft developers. ...
    (Security-Basics)
  • RE: Why Easy To Use Software Is Putting You At Risk
    ... Anyone who has been working with computers for a long time ... because DNS does not configure properly or security ... Is It Also Secure ... Microsoft developers. ...
    (Security-Basics)