Slashdot Mirror
Feds Kill Check Point's Sourcefire Bid
Caffeinated Geek writes to tell us The Register is reporting that Check Point Software has removed their bid to buyout rival software company Sourcefire following objections from the FBI and the Pentagon to the Treasury's Committee on Foreign Investments. From the article: "Federal agency objections to the security software tie-up center on the implementation of Sourcefire's anti-intrusion software 'Snort' by the Bureau and Department of Defense, AP reports. In private meetings between the panel and Check Point, FBI and Pentagon officials took exception to letting foreigners acquire the sensitive technology."
'Check Point says the two companies will find ways round the roadblock. CEO Gil Shwed said: "We've decided to pursue alternative ways for Check Point and Sourcefire to partner in order to bring to market the most comprehensive security solutions."'
:)
So, they can't merge, but the items in question will be shared anyway.. so much for regulation and oversight
{} ------ When I think of a good sig, I'll put it here
http://www.snort.org/
Isn't snort open source? What am I missing?
It is about support contracts and how much information about DoD infrastructure they want a foreign firm to have. This is far more of a serious and legitimate issue than the sale of the operation of a few cargo cranes to a Dubai firm.
The issue is that the DoD is very serious about controlling the amount of access foreigners have to their infrastructure and information on that infrastructure. I have it on very good authority that some DoD divisions are moving away (at a cautious rate) from Microsoft technologies precisely due to their difficulty in avoiding having their tech support calls routed outside the US. However, this is probably all I can say on this board.
LedgerSMB: Open source Accounting/ERP
I'll bet their objections stem more from the realization that a lot of organizations download the latest rules and trust them blindly, installing them automatically. It is pretty trivial to create a server-side filter to provide "custom" rules based on the client or requesting IP address, thus "infiltrating" a particular organization.
After all, VRT-certified rules require a subscription and how many places have the expertiese and time to validate them?
I figure someone at the Pentagon asked the simple question "Hey, do we use Snort?" and got the answer "Yeah, it is everywhere. Why?" and just about had heart failure.
-Charles
Learning HOW to think is more important than learning WHAT to think.
I work for a very large MSSP, and this makes me quite sad.
Sad, because Snort's source code is not exactly a mystery. And Check Point's technology already does a much better job at preventing intrusions, since it is a firewall and Snort is a really shitty IPS. (All IPS are shitty, sorry. I like Snort for IDS, really) My sadness here is deep and mournful.
I'm also really disappointed, because I hate Sourcefire. I was really looking forward to Check Point reigning in their way-out-of-line sales guys. More than that, tech support at Sourcefire (all 3 guys!) sucks, 'cause they're all arrogant pricks who don't really give a shit about the customer, and honestly believe their code is perfect and never has problems. Actually, that sums up SF pretty well. Check Point, for all their problems, actually listens when we complain, which is nice, though getting things fixed is an ungodly slow process.
Oh well. Fuckin' government.
So um, anyone have a problem with the fact that Checkpoint NGX is closed source firewall software, that quite a few government sites use? It doesn't bother them that there could be a backdoor waiting for the "secret Israeli shutdown code" in every Checkpoint firewall in the world?
Casca
I really am frustrated that we've allowed the Feds this power -- there really is no Constitutional or reasonable allowance for letting them disturb trade. The "secrets" everyone is so adamant in protecting are already all over the world, almost nothing is secret anymore.
The reason I am frustrated is not just because the Feds attempt to use security as a reason for trade barriers, but because it also seems to leave me with the opinion that such coercion could have underlying cronyist reasons. I don't like giving powers and rights up to the Feds when I don't know who is truly profiting from these actions. There are a lot of global motivators hidden in the closet, and we don't have an open book to the finances of those in power.
I don't trust anyone with securing the borders anymore, not when they do it with trade barriers rather than a real defense of our land and only our land. I prefer isolationism of government -- keeping our government only in our sight, away from prying and entangling and financing others. I prefer open trade -- no tariffs, no embargoes, no taxes, no favoritism, no protectionism and no limits to what people can sell and buy.
The ports issue was blown way out of purportion. The ports themselves were not being taken over, just the operation of a few cargo cranes.
Here it is not about the technology and control thereof. It is about ensuring that the DoD, FBI, etc. don't have to provide sensitive information about their infrastructure to foreign firms as a part of technical support.
I have it on good authority that some branches of the DoD are moving away from Microsoft software because they keep getting their tech support calls routed to India and they *require* support from engineers in the US.
LedgerSMB: Open source Accounting/ERP
I mean.... sourcefire is based in OpenSource.... there is no closing that lid.
NO SIG
If the issue is really preventing snort technology from falling into foreign hands, then shouldn't someone tell them that snort is opensource, and already in the hands of those nasty foreign devils?
"We are all geniuses when we dream"
- E.M. Cioran
The GPL only requires that you provide source code if you provide the binary. So if you do a version for $SecretAgency, with $SecretStuff in it, then you only have to provide the source to $SecretAgency. Not to the general public.
Best Slashdot Co
Ah, yes, nothing like some good old xenophobia, mixed with a nice measure of nationalism. You just can't trust those foreigners - many don't even speak English, or have funny skin colours, or similar things. The government is really just protecting you from these traitors, citizen.
quidquid latine dictum sit altum videtur.
"Hello? Tech support in north korea? I have a problem with this encryption that is not exportable outside the us, and..."
Slow Down, Cowboy! It's been 60 minutes since you last successfully posted a comment.
reminds me of a toon at a local newspaper here:
scene: night time, husband and wife in bed (please dont stretch your imaginations)
Husband: ah, now that we know for sure that the Dubai company isnt handling the US ports, I can get a sound sleep.
Wife: Yes, Its good and heartening that the DHS still oversees security.
They pause, give a shocked and scared-to-death look.
I work for the gubment, and I can tell you.
There is the hugest need for assh()le to elbow road maps here.
Geesh, what's next, Exporting Knoppix will be illegal?
This makes less sense than it seems. Sure, all the comments make sense of things, but one thing doesn't fall into line. Why is the government stopping this sale when they could just as easily take the open source code, mangle it for their own, and carry on with their own internal protection software? Its obviously not rocket science, and makes sense to keep security development internal when its that sensitive.
This really smells like interference for reasons that are not floating on the surface. Only time and investigative measures will tell for certain, but I suspect we should all be wearing tin foil hats when we read this story.
Support NYCountryLawyer RIAA vs People
Dan Brown must be jizzing his pants "adapting" this news story for his next book.
"Made up/misattributed quote that makes me look smart. I am on
First of all UAE is our partner in fighting terrorism. Unless of course, your just racist by nature, then that wouldn't matter to you. Second, it was not ports being sold to the UAE corp, it was the terminals which operate in those ports. Those terminals are actually leased, not owned by those corps, even if that corp built the facility. The actual owner is the government and they get all the toys at the end of the lease, which they turn around and lease yet again.
Same thing at airports. Hangers or terminals maybe built and paid for by corporations or individuals, but at the end of the lease, the airport authority (usually state but could be county or city) has ownership of those structures.
Dammy
And?... nothing. Crypto was removed from the munitions list years ago wan't it? It's been about 10 years since I have done crypto work and I haven't kept up on the munitions list status. Even if it is still on the list, why would it matter? If it is a vetted algorithim and implimentation, having the source code would do nothing to help the enemy state anyway. The only reason something like keeping the code out of forign hands would work is if the "security" of the product was enforced by "obscurity". Age old problem, and stupid implimentation if it is.
.gov version of Snort has some hooks that allow it to work with some .gov developed software to identify traffic of a certain nature outside the realm of the intrusion detection rules built in, or pass off data streams to a seperate node for follow-on processing like decryption and such.
My guess is that the
And?... nothing. Crypto was removed from the munitions list years ago wan't it?
No.
Slow Down, Cowboy! It's been 60 minutes since you last successfully posted a comment.
I have read more BS in these threads than anywhere else in recent memory.
So, I'll in you on the truth.
Foreign nations are actively seeking to get their hands into US classified govt sites, to get the underlying information which they want DESPERATELY. Israel, France, China, Russia - they are the most aggressive.
A few years back I was working for DOD. Someone was trying to make a sales pitch for equipment they wanted to sell us, for use in classified environments. They claimed to be a US company.
My boss asked me to look into the company and get back to him. It took a few hours, but I found exactly what I think he already suspected.
The company was a US company in name only. The entire company was infested at the upper levels by former intelligence personnel from one of the above countries already mentioned. Most of their company also, was in this foreign country too. Only a small amount of sales ppl actually were in the US for the company.
They made a huge amount of factual misrepresentations, trying to trick us.
When the US govt says no, there is normally a reason behind it, or active intelligence efforts supporting their rationale. Don't believe some moronic reporter with shit for brains that is labelling something as "protectionism".
But when the UAE, a nation with strong direct terrorist ties, is interested in aquiring 6 major US sea ports, the fed tries to give it to them with no oversight and sneak it under our noses in violation of federal law.
Are you on the same planet we are? I'd have to say no, considering the UAE is one of the friendliest nations. Considering the US Navy stops there on average 400 times per year for shore leave, they can't be all bad. And that's a fact. Get rid of your stereotyping, and you may learn something.
{} ------ When I think of a good sig, I'll put it here
Well, since it's still on the list, it's still as moronic a regulation now as it was 10 years ago when I stopped tinkering with crypto.
All these foreigners collect dollars by selling products/services, and when they try to use these dollars - with the Dubai ports deal or this case - they are rejected by the US Government.
So essentially foreigners are stuck with 'funny money' which they cannot use as true currency. Sooner or later they will wake up, sell dollars en masse and opt for another currency after they realize they have been had. They've been giving us commodities and services while we give them monopoly money.
2 years and no mod points. Join reddit. Because openness is good.
Yes... security... stop the sale. But AT&T, SBC, MCI - you guys go ahead and buy each other up all you want. Monopoly good. But WHOA - you're putzing with some OSS stuff we use! Bad company! NO PURCHASE FOR YOU!
Excuse my speling.
Making The Bar Project
Two legitimate companies should not be bound by countries. I think this is dumb.
[%] Cingular Ringtones
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
This will great for the value of Sourcefire. Image if the Feds said that your company was too valuable to them to sell to a foreign country. Woot! That will be several hundred million extra, please.
Snort is now a national asset.
I am jealous, I want to write a national asset of mine own so that the feds can block its sale to a Canadian Homebrew Club.
I think you underestimate just how much I just dont care.
Create an American based company and then buy the other two. Or simply merge them and set up shop here.
BTW. What does the government have against an Israeli company. I thought we were friends with them. Might bit strange. Im sure they will find a way arround this.
Procrastinating life a way at a rapid rate of speed.
Will someone teach the government what "open sourse" and "oss" mean. Not the meaning of the words or letters but the Ideals.
Don't let the government that ANYONE can "get this technology" by downloading the source code.
http://www.snort.org/dl/
Yikes.. looks like were too busy listening to Suzie Q's phone calls to Julie.
Of course, the mitigating factor would be the other staff who might notice 'something fishy'.
The grass is only greener, if you don't take care of your own lawn.
If this is true this was VERY VERY POOR spying :
Quote " The company was a US company in name only. The entire company was infested at the upper levels by former intelligence personnel from one of the above countries already mentioned. Most of their company also, was in this foreign country too. Only a small amount of sales ppl actually were in the US for the company."
So I guess this is not what was happenning, or else they are VERY STUPID spies. I am not a spy but what I would do is the following : create 2 US based company for spying. One I would fill up of former intelligence operative as to make it "within sight". This would be my decoy. The other one would be a normal foreign based company, or even with only 1 or two "in the know" only. Result : your chef see the decoy but ignore the non decoy.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Because it's obvious that none of the 300 million people in the US are security risks? Because it's impossible for a non-US attacker to get a plane ticket to the US and get a job at a call center?
I think they are still on the munitions list, but I think that there are provisions made which allows their export under most circumstances. IANAL though.
LedgerSMB: Open source Accounting/ERP
The fear at the time was that the states would erect trade barriers between each other. Thus, only the federal government was able to restrict trade between states, and [sarcasm]they would NEVER abuse that power, would they?[/sarcasm].
HTML really needs a <sarcasm> tag.
Don't piss off The Angry Economist
I have owned snort.net for some time now, hoping to find a way to use it to help the snort community.
I have no other relation to Snort project, but Marty seems to be satisfied with me having it... I am kind of pleased since I have known Checkpoint to be a Big Scary Company. Who might come after me with lawyers... good intentions aside...
Anyways glad to see that will not be an issue
Fred Trotter
The main reason for the restrictions on crypto export are nothing to do with security through obscurity. They are about try to restrict other, possibly hostile countries from obtaining technology which could restrict US snooping. (Not neccessarily a bad thing with so many spare nukes in the world / Russia)
I remember hearing a story regarding public key cryptography actually being invented by GCHQ (British Govt Snooping Dept). The maths geek in question however then surpressed his research until somebody else realised how to do it so we could snoop on others more easily. The main difference between this and the US approach is that the american approach tries to get some benefit while denying that benefit to anyone else.
GCHQ like snooping on everyone so this was not in their interest. Maybe now the US govt like snooping on their own population so much they will adopt a similar approach. Maybe they already have, or maybe they just ask GCHQ to do it for them.
I dont read
I understand what the governments reasons were for having crypto on the munitions list, but it is still a dumb reason. The math is fairly simple for quite a few of the algorithms and there are people outside the U.S. who can code, so making it so U.S. companies can't sell their software outside the U.S. is stupid.
As to my security through obscurity comment, it had nothing to do with crypto being on the munitions list, but with FBI/DOD having extensions and additional code tied into the software which they wouldn't want others who weren't cleared to know to have access to, but that the company providing support needed to know.
Since the issue is mostly that the US gov is using snort and is at risk, how about not using snort anymore? Seriously they are preventing the sale of private companies because they are to lazy to seek alternative solutions. Please don't reply to this post with 'snort is free and open source!' the US gov has money, and will license the code if needed to any solution that they need or request copies (Like microsoft vs china)
Believe me, if I started murdering people, there would be none of you left.
Ah, yes, nothing like some good old xenophobia, mixed with a nice measure of nationalism. You just can't trust those foreigners - many don't even speak English, or have funny skin colours, or similar things. The government is really just protecting you from these traitors, citizen.
An equally predictable reflex reaction of a liberal recklessly discounting legitimate threats and cheering for the next terror attack
an ill wind that blows no good
I mean a company that produces a lions share of the firewalls that are used by DoD surely already has access to infrastructure information. What further information would they get if they had IDS technology too?
You mean like the Snort rules?
Think about it. Suppose the Israelis (or someone else) put a backdoor in the Checkpoint firewalls that would give them remote access. Or suppose they found a flaw that would do the same.
Suppose the same company also has access to most of the information about how the IDS is implemented. Not only could they devise a way in, but they could possibly do so undetected.
LedgerSMB: Open source Accounting/ERP
WTF are you talking about? The port operator has ZERO to do with security! Security is run by the FBI, Homeland security, and the Coast Guard, not by the operators. If being unloaded later in the day is the way to get around security then there IS no security, because as we keep preaching security by obscurity is no security at all. You either have a secure process which doesn't require the participation of the shipper, or you don't have security.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Not the point. They are a huge customer of Microsoft's and they require (for whatever reason) support by U.S.-based staff. Certainly the Federal Government spends enough hard-earned taxpayer dollars on Microsoft that this shouldn't be a problem. However, if it's true that Microsoft is unwilling to meet their customers' requirements, then they should lose the business just like any other uncooperative vendor.
The real issue is that someone in a foreign country is not subject to United States law. That's a big deal, since if it can be shown that a Microsoft employee did something illegal he can be prosecuted. If the employee in question is in India, it's pretty much impossible to do anything about it.
The higher the technology, the sharper that two-edged sword.
Even if the engineers aren't citizens of the U.S. Got to love that.
Are you honestly that clueless?
The FBI, DoD, etc. often require US citizens for the support as well. In fact, for some projects you have to have security clearance to offer tech support, since you might have to be disclosed some sensitive infrastructure information.
The GP poster had it dead on.
There's good reason for concern.
An Israeli company in charge of US law enforcement wiretapping got caught selling wiretap info to drug dealers in LA. The FBI was also worried that Federal wiretap information was being supplied to the Mossad.
Israel has figured out that the best way to spy on everybody else is to be the country making all the security hardware and software. Brilliant.
It would behoove all companies to do due diligence as to exactly what connections the companies running their security hardware and software have to government agencies - either through the employment histories of the company officers or through government funding sources as is the case with many Israeli companies. Industrial espionage is a state-sponsored activity in many countries.
I wouldn't touch CheckPoint with a ten foot pole after this.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
The main factor for Check Point's acquisition was for the RNA technology and the way that the rest of SourceFire's products fit into a centralized management architecture (like Check Point's). Check Point's firewalls have been doing IPS/IDS firewalling for some time. Now combine the existing technology with SourceFire's passive IDS approach and you have quite an interesting technology. Check Point is constantly pushing the envelope and it would have been exciting to see what this would have brought.
As far as all the "US gov't doesn't use Check Point" consider this: one of Check Point's largest customers is the U.S. Army. So we can pretty much put that to rest.
Let's put another one to rest: this whole "Check Point sucks because its all closed source and they make money" is tiring. While yes Check Point's security applications are closed source, the development platform for all the apps is Linux. Check Point's own hardened Linux version SecurePlatform is available at no extra cost, is supported without extra cost and is the preferred platform. Download a version and see for yourself http://www.vmware.com/vmtn/appliances/. You'll see that Check Point makes extensive use of OSS, and even contributes back to the community from what I hear.
Check Point is a strong advocate for Open Source where it makes sense, and I don't think they need to apologize for being profitable when US based companies like Cisco and Microsoft make billions off the crap they have slopped together.
This whole Israeli "back door" thing is ridiculous, and stings of anti-semetic conspiracy. Israel has consistently been the US's most staunch ally (when allowed). What possible benefit would Israel or Check Point gain by allowing a backdoor to be widely distributed throughout the world? Think about it, Check Point has been in business for 13+ years, and has hundreds of thousands of Internet perimeter firewalls out there in operation. Don't you think that if there was a deliberate back door that it would have been found by now. Yeah those crazy Jews are out for world domination again. Ridiculous.
It is no secret that Check Point is run by mad scientists who make great product, but don't have a clue when it comes to running a business (well maybe just the bribing part). Could it be that Check Point maybe didn't grease Washington the way it should have? Could it be that Sam Nunn being on the board of directors for direct competitor of Sourcefire and Check Point's might have had something to do with this? Could it be that market powerhouses like Cisco who spend more money on marketing the mythical "self-defending network" than actually fixing their sh!t helped put a stop to this?
Follow the money. It was big businees and big Bush that killed this deal. And yes Check Point is a $Billion+ company so I'm sure they will survive (sniff sniff), but how does this play into the mythical "global free market" we keep hearng about? Is protecting stagnant companies like ISS and Cisco what is really best for the security market and the rest of us?
The israelis have been busted multiple times messing with equipment sold to US govt and law enforcement.
Look at AMDOCs and Comverse Infosystems.
While snort is open source, Sourcefire retains EDITORIAL control over what goes into the source tree and complete control over the closed source sections of code in their appliances.
This is not about technology but about what potentially could be backdoor'd - just like how the israelis got busted wiretapping the wiretap equipment supplied by Comverse.
This country is BUILT by foreigners...
...that earned their citizenship . ;)
If I really am talking out of my ass...explain it to me with respect so I'll at least pull my ears out to listen.
being sold to nations with ties to terrorism: OK.
Your lack of understanding about the world stage and the UAE's role is astounding.
That you actually believe what you said is incredibly depressing.
Try and do some research before painting every arab nation with the same brush.
Trying to do business with the UAE invoked some shred of respect for Bush with me, even if it was hilarious that his "war on terror" campaign backfired on him with reactions like yours.
I cannot say checkpoint doesnt have a firewall somewhere in the .gov but I can say that I know my agency cannot use checkpoint, and I know that I've never seen checkpoint being used anywhere.
Really, as a foreign national you can't even enter a building that has a classified section to it without going through literally months of hurdles, I can assure you that this was indeed a huge deal for the government.
Selling an intrusion detection software company to a legitimate and prestigious security firm from an allied nation: Not OK.
Israel is one of those 'keep your friends close and your enemies closer' type of Allies. They maintain a very active intelligence program against the US. but, I'm not telling you anything that you couldn't learn from google
The Feds, INSPECT (some) cargo, and the tend to 'oversee' some aspects of the physical security. However that oversight is bureaucratic in nature.
The grass is only greener, if you don't take care of your own lawn.