RE: A reminder that security is not inherently solvable with tech nology

From: Randy Golly (rcgolly_at_vermeertexas.com)
Date: 10/24/03

  • Next message: Gabriel Orozco: "AntiVirus for Red Hat 9?" 
    To: security-basics@securityfocus.com
Date: Thu, 23 Oct 2003 17:49:47 -0500

    YES! I haven't been a big fan of offshore developers working on sensitive
    domestic (US) projects. I'm all for globalization of production and taking
    advantage of the economies of scale that lower cost labor provides, it does
    benefit consumers and the economies of countries involved. But I do think
    that the security risks involved with this type of software development or
    support need to be further addressed and defined. In this article, many of
    the people involved had no idea that it was going offshore. That leads me
    to wonder who does know what is being done in this manner. Do you suppose
    there is any sensitive govt. work or national security projects being done
    in Pakistan as in this story? Does anyone really know? What kind of
    perception do these developers have of the US with the events of the last
    few years as we tromp around the Mideast? Who else might be getting copies
    of their work? What is the chance of back-doors being dropped into code to
    open our systems to potential cyber-terrorists? I know much has been
    written about cyber-terrorism since 9/11, and now I'm reading that some are
    saying that nothing has happened along these lines and it was never a
    threat, (liberal speak?). But I do think this is a risk that is real and
    giving them opportunities to get their hands on our systems or our code is
    an open invitation in my book.

    Thanks for the space to ramble...
    Randy Golly

    -----Original Message-----
    From: Kamal Habayeb [mailto:mountainfury@fastmail.fm]
    Sent: Thursday, October 23, 2003 12:15 PM
    To: security-basics@securityfocus.com
    Subject: Re: A reminder that security is not inherently solvable with
    technology

    JGrimshaw@ASAP.com wrote:

    >http://www.sfgate.com/cgi-bin/article.cgi?file=/c/a/2003/10/22/MNGCO2FN8G1.
    DTL
    >
    >This article was posted on Slashdot today...
    >
    Does anyone else see the potential abuse of off shoring jobs that may
    contain sensitive customer information? As this idea spreads, it could
    become the "hostage taking" of the new millennium. No longer would one
    need to kidnap a person in South America and hold them for ransom, its
    much easier to obtain a job that gives access to sensitive information
    and then threaten to publicize the information if not paid. We need to
    take steps to keep our jobs and our information secure.

    ---------------------------------------------------------------------------
    Visual & Easy-to-use are not words that you think of when talking about
    network analyzers. Are you sick of the three window text decodes? Download
    ClearSight Network's Analyzer and see a new network analysis tool that
    makes the complex - easy
    http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_0310
    21
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Visual & Easy-to-use are not words that you think of when talking about
    network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that
    makes the complex - easy
    http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021
    ----------------------------------------------------------------------------

  • Next message: Gabriel Orozco: "AntiVirus for Red Hat 9?"
    • Quantcast