[Official] “We won’t allow [insert Israeli security company] firewalls as they won’t let us review the source code” (for which read, 'we are afraid Mossad has a back door').
[Me, playing devil’s advocate] “So how can the rest of the world be sure that the NSA doesn’t have a back door in [insert leading US network vendor] firewalls?
I was reminded of this when reading claims that the FBI sneaked a back door into the IPSEC encryption in OpenBSD. Now I have no idea whether it’s true or not, but in these days of post-9/11 paranoia, when it is assumed that the Chinese, Iran, Russians, Mossad, organised crime, are all trying to subvert our systems, what makes people think that the NSA, FBI or GCHQ are not?
Or is it just case of it’s OK if ‘we’ do it because we are the good guys and would never abuse it?
After all, the story about the CIA placing a camera in Xerox copiers sold to the Soviet embassy in the 1960 at the height of the cold war is well known.
In today's new pragmatic security environment COTS (commercial off the shelf) software, services and devices can all be Trojan horses for getting malware into any organisation, and in the rush for consumerisation and cloud/utility computing we forget this at our peril.
Paul Simmonds, Jericho Forum board member