Re: Political Analysis of Security Products

From: William D. Colburn (aka Schlake) (wcolburn@nmt.edu)
Date: 02/05/02 

Date: Tue, 5 Feb 2002 11:03:46 -0700
From: "William D. Colburn (aka Schlake)" <wcolburn@nmt.edu>
To: pentestlist@hushmail.com

You could always start with "Reflections on Trusting Trust" for a "has
this ever happened" paper. http://www.acm.org/classics/sep95/

There is lots of folklore that it has happened recently, but none of it
is real. There were lots of rumor that the US used trojaned copiers
against Hussein in Desert Storm, but that was an April Fools joke that
the foreign press didn't understand. There are web sites that have set
up special content for competitors to see, but that isn't in the same
league.

The terrible thing is that such an attack is possible, doable, and can
be nearly impossible to detect, prove, or disprove. It all comes down
to trust.

On Tue, Feb 05, 2002 at 09:50:49AM -0800, pentestlist@hushmail.com wrote:
> I remember reading years ago discussions like this about Firewall-1
> and for the most part nothing of interest ever came from it. Does
> anyone have any evidence which can be publicly cited that something
> like this has ever happened? And does anyone here have any idea how we
> would go about performing a review like this without looking like
> conspiracy theorists? 

--
William Colburn, "Sysprog" <wcolburn@nmt.edu>
Computer Center, New Mexico Institute of Mining and Technology
http://www.nmt.edu/tcc/     http://www.nmt.edu/~wcolburn

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: faster scans? (nmap)
    ... one host using nmap for syn scans in burst mode with the ... >>>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: pen test help please asap
    ... > Machine A on client site makes a configurable encrypted OUTBOUND ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: ettercap help
    ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: ettercap help
    ... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Wardialing
    ... >>> achieving the connection with the modem. ... >>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)