Slashdot Mirror
U.S. Investigating Sale of Snort as Security Risk
msmoriarty writes "The Associated Press is reporting today that the same U.S. committee that approved the Dubai ports deal is 'strongly objecting' to Israeli-based Check Point's acquisition of Snort's parent company, Sourcefire, because it doesn't want a foreign company to own Snort's underlying technology. According to the article, the broader 45-day review process rejected for the ports deal is already underway regarding this transaction, and 'secret' meetings between the FBI, DoD and Check Point have been held."
After I saw this article headline and for a few seconds before I read the actual article summary, I was just sitting there dumbfounded, going "wait, so that War On Drugs thing is still going on?"
Snort is dual licensed. There is an open source version and a commercial version. The problem is that the commercial version, which the US government and industry buys, could be diddled with. It is possible to put back doors and other nasties in the commercial version.
You can blame this flamebait on AP, not slashdot, since it appears in the article.
Nope, I gotta agree with the GP. If you'd listened to objective coverage of the ports deal, you'd know that:
1. The ports were already in the hands of a foreign company (Peninsular and Oriental Steam Navigation Company).
2. Dubai and the UAE are US allies. The fact that a few criminals came from there does not change that.
3. The inspection of cargo will still be handled by US Customs and Border Protection.
4. Security will still be provided by the Coast Guard.
Now, Israel, on the other hand, has a history of spying on the US, including having their spies caught on US soil. I'm not familiar with Snort, but since it is computer security related, I think further investigation is probably warranted before this is allowed. Israel, while nominally a US ally, could potentially be a great threat.
If you can read this sig, you're too close.
The Snort® open source intrusion prevention and detection technology was created in 1998 by Martin Roesch, the founder of Sourcefire. With its unprecedented speed, power and performance, Snort quickly gained momentum to become the single most widely deployed intrusion prevention and detection technology in the world. In fact, Gartner recognized the mainstream acceptance of Snort in their "Gartner Hype Cycle for Open-Source Technologies" citing Snort as "Widely available. Used by mainstream companies and supported by many vendors." The wide availability of open source brings many advantages. Since the code is open and non-proprietary, open source development occurs at a markedly accelerated pace compared to proprietary models, thanks to a vast community of security experts continually analyzing and improving code. Simply, users in the open source security community worldwide can detect and respond to bugs and other security threats faster and more efficiently than in a "closed" environment. Now, with more than 2 million downloads, the Snort open source community has a well-earned reputation for extraordinary organization and dedication. Literally hundreds of thousands of security engineers and specialists the world over contribute Snort rules to new and evolving threats every hour of the day, often in record time. Today: The Best of Both Worlds Today, Sourcefire combines the very best of open source with the best of the commercial world. Leveraging the power and reach of the open source Snort rules-based detection engine, Sourcefire adds a critical layer of asset and behavioral profiling. Sourcefire's RNA (Real-time Network Awareness) maintains a persistent profile of a network and its assets. Using passive discovery methods, RNA adds a new level of visibility and intelligence. Sourcefire products are easy to use, out of the box, tuned and fully loaded, plug-n-protect appliances, with pre-optimized hardware and OS. Building on the proven, time-tested Snort intrusion prevention and detection engine, Sourcefire brings a new generation of the first ever unified intrusion and vulnerability management technologies to enterprises from manufacturing to the military. These include Sourcefire Intrusion Agents(TM) for Snort, commercial appliance versions based on Snort code, designed to make it easy for open source Snort users to fully capitalize on their investment in all open source Snort deployments. In addition, the Sourcefire Vulnerability Research Team (VRT), joined by the eyes and ears of the vast open source Snort community put the largest brain trust in network security at work for every Sourcefire customer. As part of an ongoing dedication and active involvement in the community, Sourcefire continues to enhance Snort. For example, the Sourcefire Security Education Program is a comprehensive certified training program. Delivered direct from the creators of Snort, users will learn the latest real world tools and techniques for optimizing Snort technology and all Sourcefire products. Sourcefire will continue to enhance open source as well as commercial versions. The result is a win-win for bringing truly effective network security for the real world. Source: http://www.sourcefire.com/snort.html
Two things, what you need to understand about the Dubai Ports issue is that Dubai Ports is not directly running the US ports. What happened is that Dubai Ports recently acquired P & O, a British company with a long, long history, which had been running 6 US ports. It's as simple as that. P & O will run ports in the US and elsewhere, as it had long done. The Dubai thing will only be in name and on paper. It will continue to be a British operation. Also, Dubai did not buy a third of DaimlerChrysler, it bought $1 Billion in shares which made it the third largest shareholder. $1 Billion is hardly something to cry about in the international investment world.