lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 17 Feb 2004 04:26:46 +0200
From: Gadi Evron <ge@...tistical.reprehensible.net>
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.netsys.com
Subject: OT: reports of a Trojan horse in the Arrow project


The Arrow is a counter-ballistic missiles project run by Israel.

There have been reports the past couple of days about a Trojan horse in 
the code, inserted by Egypt. As one of the Israelis on the list I feel 
obligated to provide with some facts. It's an interesting story in any case.

You can find the Hebrew URL at: 
http://www.maariv.co.il/channels/1/ART/648/326.html.

I am willing to translate it if anyone is really interested.

Here are some facts:

Some MOTIF code that was done by IBM Israel was being debugged in the 
Cairo (Egypt) office. The IDF has not commented on this and IBM claims 
that no restricted code was shared.
Some reports claim Egypt inserted a Trojan horse into that code, I've 
seen no facts that verify that, so I doubt it for now. I'll post more 
information as it becomes available.

That's all there is to it as far as facts go right now. Some code was 
being debugged in the Egypt office and that's about it. This fact raises 
the concern for such a Trojan horse existing, but there is a long way to 
go from such concerns to actual facts.

It is clearly a security fluke on Israel's side that such a 
relationship, on any level, existed, but no biggie.

What Trojan horse? Talk about hype. I'll see if I can find out some more 
facts.

This comes to show once again how security is not only about firewalls 
and IDS systems. Controlling who has access to what and how information 
is managed is just as if not more important.

     Gadi Evron.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ