- TalkBack 1 of 4:
- Next »
- Thread View
- Flat View
- Backdoors by design or accident?
-
Surely you jest, Mr. Stiennon.
In 2000, one year after Check Point's Firewall-1 was certified by the NSA as the only EAL-2 compliant application & traffic firewall product, a group of security researchers ripped the product to shreds in a sobering presentation at the Blackhat Briefings conference in Las Vegas.
Among the gems in their security audit: a zero-knowledge attack against the default authentication protocol where the attacker simply replays the offered challenge as a response in order to gain full administrative control of the system. Every possible avenue of attack for a firewall was realized. Firewall-1 was owned 9 ways to Sunday, from authentication and application proxies to state management and VPN. And they published their 0day exploit code, thankfully a month of frenzied patching later.
For years, firewall wizards such as Marcus Ranum had speculated on the existence of a Mossad backdoor in the Israeli-owned Check Point. This episode confirmed the fact that such backdoors did actually exist, whether intentionally or not, and were able to be successfully exploited in the wild.
Bottom line -- the feds aren't calling the Sourcefire acquisition into question for nothing. Sourcefire has deep penetration in the fed/gov sector, enough to make this a real national security concern. They're doing the right thing. - Posted by: phunk Posted on: 03/05/06 You are currently: a Guest | Members login | Terms of Use
Backdoors by design or accident?
phunk | 03/05/06
|
 
No jest
RStiennon | 03/08/06
|
|
ASIC FW?
golfie | 03/09/06
|
Netscreen
RStiennon | 03/09/06
|
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now
- VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- The best support in the Linux business
-
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
- Learn more >>
- Save time with automated shipping solutions
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Visit the UPS Business Essentials Guide
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer >>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
- Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
- Linking Decisions and Information for Organizational Performance Read the Tom Davenport study
