Ron DuFresne <[EMAIL PROTECTED]> asks:
>> the nsa would take great interest in knowing what backdoors
>> the 'ha-Mossad le-Modiin ule-Tafkidim Meyuhadim' might have available to
>> them.
>>
>
>Isn';t this rumor of backdoors in FW-1 one of Marcus' pet peves? Doesn't
>he have an outstanding award offered for those that can actually backup
>the rumored claim with positive proofs?
It sure used to be one of my pet peeves. I used to compete with
Checkpoint, and, while I never particularly liked their product,
I don't like people who play "dirty" in this industry. Marketing
against a competitor by sleazy innuendo just makes all security
products vendors look lame.
2 years (or maybe 3 or 5, I forget) (a long time) ago I got so
sick of it that I offered I think it was $4,000 out of my own
pocket to anyone who could _prove_ there was a _trapdoor_ in
Checkpoint. That doesn't include ordinary lameness such as the
stuff Dug Song's discovered - but a real honest-to-goodness
trapdoor that says "Mossad Enter Here" in binary. So far nobody
has come close to collecting (though one guy had a lot of useful
information on where the misinformation had come from)
Basically, here's what I've managed to find out: An early version
of FW-1 was examined by people from X group at NSA. They wrote
a classified technical report and one of the things in it was
an observation that allegedly some of the files in FW-1 contained
hardcoded IP addresses of machines in Israel. The modules in
question were apparently the SNMP trap generation code, which
was based on the CMU SNMP library - which, I believe, used to
have an option where you could hardcode default addresses for
minimal configurations. This is apparently what had happened.
I don't know the individuals who did this particular assesment,
but I've not been generally impressed by the technical skills
of some of the spooks who've done product assessments. I've seen
security assessment specialists who don't know C, for example.
My guess is that the guys in X group had a hissy fit over nothing
and made a mountain out of a molehill.
So then what happens? A sales rep from one of Checkpoint's
competitors (no, it wasn't someone from where I worked) apparently
got wind of this, and quickly spread word about it, in an attempt
to grab some market opportunity. The sales guy left that vendor
about a year later, but the damage was done. I've had "security
experts" look me in the eye and tell me they _know_ there's a
trapdoor, but when I ask them to prove it they backpedal into
"well, a friend, who I really trust, told me about it in confidence."
Yeah, whatever.
So, that's the story.
I don't think Mossad would do something so amateurish and
obvious, frankly. Maybe it was actually an FBI hole they found. ;)
mjr.
-----
Marcus J. Ranum
Chief Technology Officer, NFR Security, Inc.
Work: http://www.nfr.com
Personal: http://www.ranum.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
