Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [ISN] Intrusion detection team denies Trojan claim
From: InfoSec News (isnc4i.org)
Date: Wed Sep 24 2003 - 00:32:35 CDT
Forwarded from: Kurt Seifried <listuserseifried.org>
If you are worried about back doors in Snort:
Snort is OpenSource.
Snort source archives going back several years (at multiple locations) are
available as well as vendor supplied packages/etc containing the original
source code in signed packages (such as source rpm's)
Snort CVS logs are available at public archives of mailing lists/etc.
Using diff and CVS logs to look for strange changes is not hard (time
consuming, but not hard).
Auditing the current code is also possible, probably harder then reading
just the diffs, but certainly within the realm of possibility.
Kurt Seifried, kurtseifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.