-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 J. Grant wrote: > Interesting.. > http://www.vnunet.com/vnunet/news/2156620/commercial-software-opens
I just read this article. The company in question is Cyber Defense Agency (CDA). Grand title. "The company advises governments, organisations and firms responsible for critical infrastructure to architect critical systems with defence-in-depth security mechanisms from different vendor sources under the assumption that some of the software contains life-cycle attacks." Life-cycle attacks being pesky instances of malicious code inserted into seemingly innocent software by dodgy out-sourced foreign workers. To quote, the CDA "suggest that software built by less expensive overseas labour is exposed to "several threats such as the insertion of malicious code"." It all sounds like speculation to me. What instances of life-cycle attacks have been seen? Where did they originate from? What is the probability of such an attack subverting a firewall and VPN setup? We're lacking any concrete data here. I would not lose too much sleep over this one, though I will gnash my teeth a little. I wish I was running a company that was getting paid by the US government to speculate about what may or may not happen to networks. It's a big field, and I'm sure it's worth millions. Shane - -- Shane Martin Coughlan e: [EMAIL PROTECTED] m: +447773180107 w: www.shaneland.co.uk - --- Projects: http://mobility.opendawn.com http://gem.opendawn.com http://enigmail.mozdev.org http://www.winpt.org - --- Organisations: http://www.fsfeurope.org http://www.fsf.org http://www.labour.org.uk http://www.opensourceacademy.gov.uk - --- OpenPGP: http://www.shaneland.co.uk/personalpages/shane/files/publickey.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4-svn4127: (MingW32) iQCVAwUBRHL5dNwG3M95JPpzAQjPbQQAslEi7//+nr1a7UBLhDvDGtR9Ha3oIYFY JEmq1iB3G36FjOA67twOXhuMFzs3nr5Hg2lXIlOKz9LUuFd9s3PpK0bgQ70DWMTO CVoybYJXm5icBtOQluGnBLOiSdoXsXIEsAClqkop4vfgu68wyMvqnTPXpCsh87bO rg9h47H2OlM= =NYBp -----END PGP SIGNATURE----- _______________________________________________ Fsfe-uk mailing list Fsfe-uk@gnu.org http://lists.gnu.org/mailman/listinfo/fsfe-uk
