Re: [Fsfe-uk] vunet.com: "Commercial software opens cyber-terror backdoo

fsfe-uk

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fsfe-uk] vunet.com: "Commercial software opens cyber-terror backdoo

From:	Shane M. Coughlan
Subject:	Re: [Fsfe-uk] vunet.com: "Commercial software opens cyber-terror backdoor"
Date:	Tue, 23 May 2006 13:00:52 +0100
User-agent:	Mobility Email 1.5.0.2 (Windows/20060423)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

J. Grant wrote:
> Interesting..
> http://www.vnunet.com/vnunet/news/2156620/commercial-software-opens

I just read this article. The company in question is Cyber Defense
Agency (CDA).  Grand title.

"The company advises governments, organisations and firms responsible
for critical infrastructure to architect critical systems with
defence-in-depth security mechanisms from different vendor sources under
the assumption that some of the software contains life-cycle attacks."

Life-cycle attacks being pesky instances of malicious code inserted into
seemingly innocent software by dodgy out-sourced foreign workers.  To
quote, the CDA "suggest that software built by less expensive overseas
labour is exposed to "several threats such as the insertion of malicious
code"."

It all sounds like speculation to me.  What instances of life-cycle
attacks have been seen?  Where did they originate from?  What is the
probability of such an attack subverting a firewall and VPN setup?
We're lacking any concrete data here.

I would not lose too much sleep over this one, though I will gnash my
teeth a little.  I wish I was running a company that was getting paid by
the US government to speculate about what may or may not happen to
networks.  It's a big field, and I'm sure it's worth millions.

Shane

- --
Shane Martin Coughlan
e: address@hidden
m: +447773180107
w: www.shaneland.co.uk
- ---
Projects:
http://mobility.opendawn.com    http://gem.opendawn.com
http://enigmail.mozdev.org      http://www.winpt.org
- ---
Organisations:
http://www.fsfeurope.org        http://www.fsf.org
http://www.labour.org.uk        http://www.opensourceacademy.gov.uk
- ---
OpenPGP: http://www.shaneland.co.uk/personalpages/shane/files/publickey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4-svn4127: (MingW32)

iQCVAwUBRHL5dNwG3M95JPpzAQjPbQQAslEi7//+nr1a7UBLhDvDGtR9Ha3oIYFY
JEmq1iB3G36FjOA67twOXhuMFzs3nr5Hg2lXIlOKz9LUuFd9s3PpK0bgQ70DWMTO
CVoybYJXm5icBtOQluGnBLOiSdoXsXIEsAClqkop4vfgu68wyMvqnTPXpCsh87bO
rg9h47H2OlM=
=NYBp
-----END PGP SIGNATURE-----

[Prev in Thread]

Current Thread

[Next in Thread]

[Fsfe-uk] vunet.com: "Commercial software opens cyber-terror backdoor", J. Grant, 2006/05/22
- Re: [Fsfe-uk] vunet.com: "Commercial software opens cyber-terror backdoor", Shane M. Coughlan <=

Prev by Date: [Fsfe-uk] vunet.com: "Commercial software opens cyber-terror backdoor"
Next by Date: [Fsfe-uk] [Fwd: [ORG-discuss] Evening talk in Manchester: "Update of the constitution: introduction to GPLv3"]
Previous by thread: [Fsfe-uk] vunet.com: "Commercial software opens cyber-terror backdoor"
Next by thread: [Fsfe-uk] [Fwd: [ORG-discuss] Evening talk in Manchester: "Update of the constitution: introduction to GPLv3"]
Index(es):
- Date
- Thread