U.S. Investigating Sale of Snort as Security Risk

msmoriarty writes "The Associated Press is reporting today that the same U.S. committee that approved the Dubai ports deal is 'strongly objecting' to Israeli-based Check Point's acquisition of Snort's parent company, Sourcefire, because it doesn't want a foreign company to own Snort's underlying technology. According to the article, the broader 45-day review process rejected for the ports deal is already underway regarding this transaction, and 'secret' meetings between the FBI, DoD and Check Point have been held."

gotta love it

[dorko16]

You've got to love how the post can have no mention of exactly what Snort is or the objectional underlying technology actually is or does.

Re:gotta love it

[A+beautiful+mind]

Erm, this is news for nerds. You ought to know what Snort is.

Isn't snort open source?

[commodoresloat]

Is the worry that the Israeli company will change the license? If they can't do this, what is the security risk? If the technology is open source, does it really matter what country the company that owns it resides in?

Re:Isn't snort open source?

[nuin]

I think the US government is concerned that the new non-American owner could silently change the source code and hide backdoors in it. Of course, America is as paranoid as usal.

Slashdot prone to xenophobia?

[mi]

the same U.S. committee that approved the Dubai ports deal

What the heck?

Whether or not the committees's qualms about Snort are justified, bringing up the "ports deal" is a useless flamebait... We all know perfectly well, that it was not the fact of the government ownership of the Dubai company, that is the real problem with that deal...

Re:Slashdot prone to xenophobia?

[Saeed+al-Sahaf]

Whether or not the committees's qualms about Snort are justified, bringing up the "ports deal" is a useless flamebait...

No, it's pointing out a double standard that seems to have its root in cronyism and personal financial interests.

Re:Slashdot prone to xenophobia?

[mi]

No, it's pointing out a double standard that seems to have its root in cronyism and personal financial interests.

Khmm, I was almost convinced, the US government (the crusaders) is owned by the Israelis :-) Suddenly, it opposition to a deal, that would benefit an Israeli company draws fire...

There is no "double standard" neccessarily — government ownership of a weapon (such as encryption) is a legitimate concern. Operating ports are not — despite all of the politicians' hysterics — a "key to our national security". That is and will be in the hands of US Coast Guard.

Anti Business Practices

[Rac3r5]

This seems to be a really dumb move. Its basically telling the world that its ok for the US to take over foreign companies, but its not ok for foreign companies to take over a US business.

What doesn't make sense is Snort is OPEN SOURCE. So if someone wanted to do something to the US computers, they would have already done so. There are lots of highly skilled network layer programmers all over the world that are capable of reporducing snort's functionality. This deal will just screw the US company involved, nothing more.

Re:Israelis are just fine

[einhverfr]

Where do you buy your gasolene? I am sure none of that money makes it back to Muslim countries.

Israelis Aren't "just fine" In Tech Industries

[cmholm]

Let's repeat that: the Israelis aren't just fine in tech industries. While there's quite a bit of cultural affinity with the US, the Israelis have a national interest which overlaps that of the US in only a few areas. Their commercial interests even less so. They have, like the French, been more than happy to sell or resell intelligence, technologies, and material to nations the US would just as soon they didn't.

In the case of Sourcefire, I suspect the goodies that go into the US Federal Govt's version of Snort are more 'interesting' than what you and I can download. And, whether it's more interesting or not, hiding information from one's adversaries isn't all about the latest rocket science. A look at what used to be classified shows that it's what seems mundane that's the most important to hide. "When is Admiral Yamamoto's plane leaving?" "Uday is in that house." "The FBI standardized on Snort 1.5.x."

It's nothing to transfer Sourcefire's IP, or the cubes where the work really gets done, or the sales and customer support data to Haifa or Tel Aviv.

Compare that to P&O's sale to - in essence - the Sheik of Dubai. The infrastructure P&O runs stay in the US, the dock workers and their management up several rungs remain American. There's pissing and moaning because Al Qaeda has links in Dubai. No shit. Dubai, Singapore, Lichtenstein, to a large degree Israel, on and on... sucessful small nations have to be hard core entreprenuerial to stay afloat, which means everybody and their uncle are running contriband and shady deals through them, in addition to Costco's jugs of olive oil. Tax havens, duty free ports, and other such city-states of commerce don't stay in business by asking too many questions.

Great summary troll...

I find the summary to be borderline trollish flaimbait. It seems to draw the conclusion that the U.S. committee that approved the ports deal supports Arabs but when it comes to Israelis, it rejects the deal. Many have already clearly pointed out in the comments that the security of our ports still must conform to U.S. standards and is open to surprise spotchecks whenever they are necessary. Our ports, our soil but the profits go to a foreign company--in this case the UAE--instead of a local American firm. Ports in Oakland, California are owned by the Danes as are many other such operations. The Arabs in the UAE have a vested interest in making sure that the port succeeds to the sake of profits. Another little cited but obvious fact is that when a foreign company puts money into a tangible asset such as a port or bonds, etc. then the United States can sieze that money if it suspects terrorism. To draw a Arab versus Israeli bias at this point is ludicrious. I'm actually surprised the summary didn't go as far as to call the U.S. committee anti-Semitic as so often happens when something doesn't go Israel's way. The problem is that an executive on Sourcefire's board happens to be the author of Snort. Snort is used to protect many computer systems within the government and military. Knowing how slow these beaurocracies move means that if the Israeli company were to find holes in snort, they could spy on U.S. systems. Would Israel spy on the United States? Yes, it has happened before. Links are available here and here (An Israeli mainstream paper!) and here and here (disappeared, linkrot? google cache of article.

When Arial Sharon, Prime Minister of Israel, openly bragged on October 3rd that, "We, the Jewish people, control America, and the Americans know it", why should I not find this statement objectionable, and anti-American? I whole-heartedly support this inquiry because the Israelis cannot be trusted with our (American) interests.

Snort, Dubai, and India

[WillAffleckUW]

Amusingly, both Congress and the White House have spent more time investigating the Isreali-produced Snort than they have investigating either the Dubai buying US ports or making a deal to allow India to receive US nuclear technology even though they won't permit inspections of their military nuclear facilities.

Hypocrisy is rampant.

US thinks it's non free and they should know.

[twitter]

What a nice showcase of the difference between "open" and "free". From the article:

Under the sale, publicly announced Oct. 6, Check Point would own all Sourcefire's patents, source-code blueprints for its software and the expertise of employees. ...

Reinsch, a former Commerce Department undersecretary. "The most important case is where we're making an irrevocable technology transfer to a foreign party. Port operations raise security issues, but the ports are still in the United States."

Patents == Forever? What do they mean "irrevocable"?

Employees == Slaves.

Dude, you're moving to Israel! Maybee that's a stretch but the panel and the companies seem to think they own their employees. How insulting, but that's what a NDA is all about, isn't it?

Software freedom is important. Having the source code is useless if you don't have the legal right to compile it, change it and share it with your friends. Software patents, NDA's, closed source binaries keep you from doing what you want with your own computer. The DMCA will keep you from sharing what you know about someone else's stuff. What you find is that the "owner" holds the card you need. All the anti-competitive games people play have more serious consequences than meets the eye.

Lawmakers are more aware of the consequences of the laws they have written than you might give them credit for. US "Ownership" of whole categories of computer function is clearly the intent of much recent IP legislation. RIM's problems make sense, viewed through this lens. It won't due to have foreigners buy or otherwise enjoy that ownership. It makes me sick.

Re:Israelis are just fine

[goodie3shoes]

Sadly the poster's viewpoint vis a vis "muslims" reflects the Administration's victory in painting all "A-rabs" and muslims as terrorists and enemies of the USA and "freedom". Hence the reaction of the ignorant to the Dubai Ports non-issue.