| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <41D9652F.7050606@immunitysec.com> From: dave at immunitysec.com (Dave Aitel) Subject: Multiple Backdoors found in eEye Products (IRIS and SecureIIS) Daniel H. Renner wrote: >I recall an interview with a highly placed security executive back in >the later '90s. In this interview he lamented being in the security >business in the United States with a line similar to: > >"If you create and announce a security product in the United States, you >will very shortly have the NSA entering your premises and demanding 'Ok, >where is our backdoor?'" > >And remember, eEye was started after one of it's co-founders woke up to >federal guns pointed at his head one fine morning, having been mistaken >as someone who had penetrated somewhere he shouldn't have. > >Not to bash my own country here but, this leads to a question: How can >any security product, sub-product or service created in the U.S. hold >credibility even with the good intentions that the creators may have >originally had? > > It's an interesting question, and Immunity answers it in this email we sent to DailyDave a while back. http://archives.neohapsis.com/archives/dailydave/2004-q3/0206.html Dave Aitel Immunity, Inc.
Powered by blists - more mailing lists