Slashdot Mirror
U.S. Investigating Sale of Snort as Security Risk
msmoriarty writes "The Associated Press is reporting today that the same U.S. committee that approved the Dubai ports deal is 'strongly objecting' to Israeli-based Check Point's acquisition of Snort's parent company, Sourcefire, because it doesn't want a foreign company to own Snort's underlying technology. According to the article, the broader 45-day review process rejected for the ports deal is already underway regarding this transaction, and 'secret' meetings between the FBI, DoD and Check Point have been held."
After I saw this article headline and for a few seconds before I read the actual article summary, I was just sitting there dumbfounded, going "wait, so that War On Drugs thing is still going on?"
You've got to love how the post can have no mention of exactly what Snort is or the objectional underlying technology actually is or does.
Is the worry that the Israeli company will change the license? If they can't do this, what is the security risk? If the technology is open source, does it really matter what country the company that owns it resides in?
No, it's pointing out a double standard that seems to have its root in cronyism and personal financial interests.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
First, I should point out that some of the other posters here seem to think Sourcefire == Snort. It does not, although Sourcefire's products have some dependency on Snort as a general engine. Sourcefire's main product line is actually far deeper than just SnortOnABox -- it delves into areas like vulnerability management and event collection/aggregation, things that "open source" Snort does only if you have a really good administrator who knows how to piece together all the various moving parts into something manageable.
Second, it's remarkable that the DoD would question Check Point's intentions. If they truly cared whether this particular deal was in the best interests of "national security" (whatever that happens to mean today, then they wouldn't use Check Point's firewall products either. But they do! The US Navy uses Check Point firewalls in great, prodigious quantities -- enough that they need Check Point's ISP-class management console software to run all of them! And they're not the only branch of the military using it, not to mention the multitude of other Federal agencies.
This sounds like a reach to me. Something based in rumor, started by a politician, that has to be ended by the press finding the real story inside the rumor...
In the case of Sourcefire, I suspect the goodies that go into the US Federal Govt's version of Snort are more 'interesting' than what you and I can download. And, whether it's more interesting or not, hiding information from one's adversaries isn't all about the latest rocket science. A look at what used to be classified shows that it's what seems mundane that's the most important to hide. "When is Admiral Yamamoto's plane leaving?" "Uday is in that house." "The FBI standardized on Snort 1.5.x."
It's nothing to transfer Sourcefire's IP, or the cubes where the work really gets done, or the sales and customer support data to Haifa or Tel Aviv.
Compare that to P&O's sale to - in essence - the Sheik of Dubai. The infrastructure P&O runs stay in the US, the dock workers and their management up several rungs remain American. There's pissing and moaning because Al Qaeda has links in Dubai. No shit. Dubai, Singapore, Lichtenstein, to a large degree Israel, on and on... sucessful small nations have to be hard core entreprenuerial to stay afloat, which means everybody and their uncle are running contriband and shady deals through them, in addition to Costco's jugs of olive oil. Tax havens, duty free ports, and other such city-states of commerce don't stay in business by asking too many questions.
Luke, help me take this mask off
Nope, I gotta agree with the GP. If you'd listened to objective coverage of the ports deal, you'd know that:
1. The ports were already in the hands of a foreign company (Peninsular and Oriental Steam Navigation Company).
2. Dubai and the UAE are US allies. The fact that a few criminals came from there does not change that.
3. The inspection of cargo will still be handled by US Customs and Border Protection.
4. Security will still be provided by the Coast Guard.
Now, Israel, on the other hand, has a history of spying on the US, including having their spies caught on US soil. I'm not familiar with Snort, but since it is computer security related, I think further investigation is probably warranted before this is allowed. Israel, while nominally a US ally, could potentially be a great threat.
If you can read this sig, you're too close.
So you must be unaware that there are several departments in the government that are prohibited by policy from using Check Point products due to the parent company being foreign (Israeli)?
You sound also equally unaware that the Israeli's are routinely in the top 5 countries that use gov't-sourced espionage to illegally assist native (Israeli) businesses? (France and China are two others. I can't remember the rest off the top of my head.)
What is boils down to is Israel is more like the U.S. that almost anywhere else in when push comes to shove, they will put their best interests first and fuck everyone else and everone else's opinion.
Learning HOW to think is more important than learning WHAT to think.
Under the sale, publicly announced Oct. 6, Check Point would own all Sourcefire's patents, source-code blueprints for its software and the expertise of employees. ...
Reinsch, a former Commerce Department undersecretary. "The most important case is where we're making an irrevocable technology transfer to a foreign party. Port operations raise security issues, but the ports are still in the United States."
Patents == Forever? What do they mean "irrevocable"?
Employees == Slaves.
Dude, you're moving to Israel! Maybee that's a stretch but the panel and the companies seem to think they own their employees. How insulting, but that's what a NDA is all about, isn't it?
Software freedom is important. Having the source code is useless if you don't have the legal right to compile it, change it and share it with your friends. Software patents, NDA's, closed source binaries keep you from doing what you want with your own computer. The DMCA will keep you from sharing what you know about someone else's stuff. What you find is that the "owner" holds the card you need. All the anti-competitive games people play have more serious consequences than meets the eye.
Lawmakers are more aware of the consequences of the laws they have written than you might give them credit for. US "Ownership" of whole categories of computer function is clearly the intent of much recent IP legislation. RIM's problems make sense, viewed through this lens. It won't due to have foreigners buy or otherwise enjoy that ownership. It makes me sick.
Friends don't help friends install M$ junk.
Mmmm... yeah. You see, all nerds have to administer at least one network. Did you see the memo about this? So if you could just start to administer a network now that would be great, let me go and send you that memo again, Thanks.
Web Developers: Celebrate to our roots! Animated Gifs and Tiled Backgrounds, dont let our history die!
Sadly the poster's viewpoint vis a vis "muslims" reflects the Administration's victory in painting all "A-rabs" and muslims as terrorists and enemies of the USA and "freedom". Hence the reaction of the ignorant to the Dubai Ports non-issue.
BSA: "Would you like a free Software Audit"? me: "No, thanks. My software is all Free".
I mean, an Israeli company buying a company with a pig as a logo?