Trojan horse attack involving many major Israeli

[Richard Stiennon]

...while having close to zero impact on US and EU security practises.

-RS

At 07:05 AM 6/1/2005, Amir Herzberg wrote:
>J.A. Terranson wrote:
>
>>So, how long before someone, possibly even me, points out that all
>>Checkpoint software is built in Israel?
>
>Nicely put, but I think not quite fair. From friends in financial and 
>other companies in the states and otherwise, I hear that Trojans are very 
>common there as well. In fact, based on my biased judgement and limited 
>exposure, my impression is that security practice is much better in 
>Israeli companies - both providers and users of IT - than in comparable 
>companies in most countries. For example, in my `hall of shame` (link 
>below) you'll find many US and multinational companies which don't protect 
>their login pages properly with SSL (PayPal, Chase, MS, ...). I've found 
>very few Israeli companies, and of the few I've found, two actually acted 
>quickly to fix the problem - which is rare! Most ignored my warning, and 
>few sent me coupons :-) [seriously]
>
>Could it be that such problems are more often covered-up in other 
>countries? Or maybe that the stronger awareness in Israel also implies 
>more attackers? I think both conclusions are likely. I also think that 
>this exposure will further increase awareness among Israeli IT managers 
>and developers, and hence improve the security of their systems.
>--
>Best regards,
>
>Amir Herzberg
>
>Associate Professor
>Department of Computer Science
>Bar Ilan University
>http://AmirHerzberg.com
>
>New: see my Hall Of Shame of Unprotected Login pages: 
>http://AmirHerzberg.com/shame.html
>
>---------------------------------------------------------------------
>The Cryptography Mailing List
>Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
>

Richard Stiennon
The blog: http://www.threatchaos.com