Forgot your password?
typodupeerror

U.S. Investigating Sale of Snort as Security Risk 327

Posted by CowboyNeal
from the homeland-security dept.
msmoriarty writes "The Associated Press is reporting today that the same U.S. committee that approved the Dubai ports deal is 'strongly objecting' to Israeli-based Check Point's acquisition of Snort's parent company, Sourcefire, because it doesn't want a foreign company to own Snort's underlying technology. According to the article, the broader 45-day review process rejected for the ports deal is already underway regarding this transaction, and 'secret' meetings between the FBI, DoD and Check Point have been held."
This discussion has been archived. No new comments can be posted.

U.S. Investigating Sale of Snort as Security Risk

Comments Filter:
  • Well the govt starts programs then pays their buddies newly created company to provide a service. As opposed to the government providing the service itself. All in the name of 'smaller government.'

    Well, selling of the company comes with the territory.
    • Use the SOURCE, Avi... I mean Luke.

      It is long since time we all forked from Marty, anyway. The Nessus debacle looms, again.

      Per Leonid Shebarshin, ex-chief of the Soviet Foreign Intelligence Service:
      Referring to his meeting with an unnamed al-Qaeda expert at the Rand Corporation, a nonprofit research organization in the U.S., Shebarshin said: "We have agreed that [al-Qaeda] is not a group but a notion."
  • Oh man (Score:3, Informative)

    by Anonymous Coward on Thursday March 02, 2006 @07:23PM (#14838935)
    After I saw this article headline and for a few seconds before I read the actual article summary, I was just sitting there dumbfounded, going "wait, so that War On Drugs thing is still going on?"
  • gotta love it (Score:5, Insightful)

    by dorko16 (797086) <drew.dorko@gma[ ]com ['il.' in gap]> on Thursday March 02, 2006 @07:25PM (#14838946)
    You've got to love how the post can have no mention of exactly what Snort is or the objectional underlying technology actually is or does.
    • I thought it was about the ports deal. I was thinking about what a stupid name for a company Snort is, and I figured it was some combination of SEA and PORT.
    • A Snort is a large piece of construction equipment which a tiny bird thinks may be its mother. I'm not sure what the security implications are.
    • Erm, this is news for nerds. You ought to know what Snort is.
    • Re:gotta love it (Score:2, Informative)

      by Crilen007 (922989)
      The Snort® open source intrusion prevention and detection technology was created in 1998 by Martin Roesch, the founder of Sourcefire. With its unprecedented speed, power and performance, Snort quickly gained momentum to become the single most widely deployed intrusion prevention and detection technology in the world. In fact, Gartner recognized the mainstream acceptance of Snort in their "Gartner Hype Cycle for Open-Source Technologies" citing Snort as "Widely available. Used by mainstream companies a
  • by commodoresloat (172735) * on Thursday March 02, 2006 @07:26PM (#14838956)
    Is the worry that the Israeli company will change the license? If they can't do this, what is the security risk? If the technology is open source, does it really matter what country the company that owns it resides in?
    • I think the US government is concerned that the new non-American owner could silently change the source code and hide backdoors in it. Of course, America is as paranoid as usal.
      • How does one "silently" change the code of an open source product? Code changes will be obvious to anyone auditing it; if the US government is concerned, they should hire a code auditor (or just run the diffs). This is a reason why it's better to use open source tools for such applications than closed source ones, regardless of what country owns them. It would be a lot easier for a terrorist to "silently" change the code of a closed source application by bribing the right people even if the code was owne
      • I wouldn't call it paranoia; the Israelis have spied on the US many, many times. Comparing it to the port deal isn't really fair. I'd say this story is the usual Zionist paranoia. You know, because, the US government secretly wants to support Arabs and destroy Israel. (Sarcasm. There really are people who think that way, though.)
        • I'd say somebody at Checkpoint didn't pay the rent. You can't have corruption with just a corrupt government. You gotta have corrupt influence-buyers as well. Being Israeli, you'd think Checkpoint would have been familiar with the concept.

          Besides, their firewall is targeted to lazy admins. That's why they sell so many. Snort doesn't fit their target audience.
      • While there is no reason to doubt that US is being paranoid there have been many instances of Israel spying on the US.

        I don't know if the state of Israel would use a company based in Israel for syping but their past behavior would suggest that they have no moral or ethicals prohibitions against it.

    • by twitter (104583) on Thursday March 02, 2006 @09:17PM (#14839640) Homepage Journal
      What a nice showcase of the difference between "open" and "free". From the article:

      Under the sale, publicly announced Oct. 6, Check Point would own all Sourcefire's patents, source-code blueprints for its software and the expertise of employees. ...

      Reinsch, a former Commerce Department undersecretary. "The most important case is where we're making an irrevocable technology transfer to a foreign party. Port operations raise security issues, but the ports are still in the United States."

      Patents == Forever? What do they mean "irrevocable"?

      Employees == Slaves.

      Dude, you're moving to Israel! Maybee that's a stretch but the panel and the companies seem to think they own their employees. How insulting, but that's what a NDA is all about, isn't it?

      Software freedom is important. Having the source code is useless if you don't have the legal right to compile it, change it and share it with your friends. Software patents, NDA's, closed source binaries keep you from doing what you want with your own computer. The DMCA will keep you from sharing what you know about someone else's stuff. What you find is that the "owner" holds the card you need. All the anti-competitive games people play have more serious consequences than meets the eye.

      Lawmakers are more aware of the consequences of the laws they have written than you might give them credit for. US "Ownership" of whole categories of computer function is clearly the intent of much recent IP legislation. RIM's problems make sense, viewed through this lens. It won't due to have foreigners buy or otherwise enjoy that ownership. It makes me sick.

  • the same U.S. committee that approved the Dubai ports deal
    What the heck?

    Whether or not the committees's qualms about Snort are justified, bringing up the "ports deal" is a useless flamebait... We all know perfectly well, that it was not the fact of the government ownership of the Dubai company, that is the real problem with that deal...

    • by Saeed al-Sahaf (665390) on Thursday March 02, 2006 @07:30PM (#14838981) Homepage
      Whether or not the committees's qualms about Snort are justified, bringing up the "ports deal" is a useless flamebait...

      No, it's pointing out a double standard that seems to have its root in cronyism and personal financial interests.

      • No, it's pointing out a double standard that seems to have its root in cronyism and personal financial interests.

        Khmm, I was almost convinced, the US government (the crusaders) is owned by the Israelis :-) Suddenly, it opposition to a deal, that would benefit an Israeli company draws fire...

        There is no "double standard" neccessarily — government ownership of a weapon (such as encryption) is a legitimate concern. Operating ports are not — despite all of the politicians' hysterics — a "k

        • I guess I didn't know Snort was an encryptation application. I thought is was a network intrusion suite.
          • I guess I didn't know Snort was an encryptation application. I thought is was a network intrusion suite.

            Whatever — it is a (defensive) weapon, which makes it something, that government always wanted to regulate.

            Whether or not such regulation makes sense (snort is open source) is irrelevant to your accusations of "double standard" and whatnot.

            That said, the company being acquired — Sourcefire — may well have other products, more closely related to encryption.

        • ...it's just that our Christian religious nut-jobs are of the belief that for Jebus to come back, the state of Israel has to be in existence. Now, IIRC when Jebus sets back down, it also means armageddon for the rest of us soulless, godless, heathen infidels. So in effect they are trying to bring about the end of the world (or at least maintaining the situation so that the end of the world may come). This is the reason the US lets Israel do whatever the fuck they want.

          Exactly how is that something a "good"

        • There is no "double standard" neccessarily -- government ownership of a weapon (such as encryption) is a legitimate concern. Operating ports are not -- despite all of the politicians' hysterics -- a "key to our national security". That is and will be in the hands of US Coast Guard.

          Most military analysts would disagree. Control of ports and port security has always been a major national security issue.

          It appears that the reason that the snort issue is being examined but the ports issue is not is simply d

      • Actually, it really doesn't have any relevancy. Very regularly, technology acquisitions like these are blocked due to foreign export of technical data. This comes up a lot in the defense business, and if the federal government uses this technology for security, then it has the ability to block these transactions. The State Department can also grant export licenses for technology and could do so in this case.

        I really think the claims of cronyism are unjustified in reguard to the ports deal, just as I th
        • "local security has and always will protect the ports"

          Protecting the ports themselves is not the issue. The issue is about what and who may be allowed into the country via the foreign-controlled ports. Sure, individual terrorists can sneak in anyway at the Mexican border, but at the border you can't just sneak in a huge boatload of bombs (pun intended).
          • The issue is about what and who may be allowed into the country via the foreign-controlled ports. Sure, individual terrorists can sneak in anyway at the Mexican border, but at the border you can't just sneak in a huge boatload of bombs (pun intended).

            Why would you need to sneak in bombs through a port? People can make bombs from materials available locally. [google.com]

            • "Why would you need to sneak in bombs through a port? People can make bombs from materials available locally."

              Because somebody buying huge quantities of materials to make tons of bombs is more likely to be caught than somebody who buys and builds them outside the country and then ships them in by a port operated by his cronies.
          • The issue is about what and who may be allowed into the country via the foreign-controlled ports.

            "What and who may be allowed into the country" is not up to the port's operator. It is — and will remain — up to US Coast Guard, Customs, and other border-control officials.

            If anything, you should be worried about the ports' current operator [wikipedia.org]. They are from the same country as the Shoe Bomber...

        • Hard to dismiss cronyism legitimately for the ports deal, or, conversely, if you reject the concept of cronyism you can't accept that other activities of the US government are not malicious in intent.

          This administration has overseen fairly egregious violations of citizen's rights in the wake of the 9/11 attacks in the name of national security. We have been asked to sacrifice a significant deal of privacy and had privacy in some cases taken without knowledge to them for the purposes of national security.
      • by JourneyExpertApe (906162) on Thursday March 02, 2006 @08:58PM (#14839521)
        Nope, I gotta agree with the GP. If you'd listened to objective coverage of the ports deal, you'd know that:

        1. The ports were already in the hands of a foreign company (Peninsular and Oriental Steam Navigation Company).
        2. Dubai and the UAE are US allies. The fact that a few criminals came from there does not change that.
        3. The inspection of cargo will still be handled by US Customs and Border Protection.
        4. Security will still be provided by the Coast Guard.

        Now, Israel, on the other hand, has a history of spying on the US, including having their spies caught on US soil. I'm not familiar with Snort, but since it is computer security related, I think further investigation is probably warranted before this is allowed. Israel, while nominally a US ally, could potentially be a great threat.

    • I think the implication is supposed to be that the decision is hypocritical--holding technological security to a "higher standard" than physical security doesn't really make any sense.

      But you're still right about it being useless flamebait. I mean, can you imagine this scenario:

      Committee Member: "We have some more foreigners trying to purchase things."

      Committee Chair: "Uh oh, another foreign company buying stuff. We really took a bath on that Dubai thing, let's go ahead and hold the review this ti

    • If Slashdot were prone to Xenophobia, there would be a lot less people saying essentially identical things to what you're saying. How about easing off of that crack pipe a bit and evaluating the posts before you call us all bigots next time? The fact of the matter is that most of the posts on that story (it got posted onto Slashdot... since it isn't at all about technology) were saying that people who don't support the deal are jerks.

      You're getting modded insightful because people agree with your notions
    • Not slashdot (Score:3, Informative)

      You can blame this flamebait on AP, not slashdot, since it appears in the article.
    • The insert did not commment on an assessment of the decision, only pointed out a relevant fact that we would expect be pointed out. It is neither xenophobic nor /.'s fault that the port deal is in the news. If it was decided by another news-worthy (or in this case, culturally relevant) entity, readers EXPECT this to be highlighted in the copy.
  • by JanneM (7445)
    So they learned from the huge row erupting from the Dubai deal, and are doing a real review of any foreign company to avoid another fight. Isn't that what you'd like (if you think controlling access in this manner is a good idea in the first place)?
  • I could be wrong... (Score:3, Interesting)

    by farrellj (563) on Thursday March 02, 2006 @07:29PM (#14838978) Homepage Journal
    But isn't Snort Open Source? Doesn't that mean that the "technology" is already *out* there?

    Could this just be another bogus attempt by the Bush's krewe to "spin" things, and make it look like they actually care about the US surviving another 200 years, as opposed to preparing for "The Rapture" that Fundamentalist Christians have been saying is 'comming soon', for the past 1,000 years?

    Good thing there are term limits!

    ttyl
              Farrell
    • by Secrity (742221)
      Snort is dual licensed. There is an open source version and a commercial version. The problem is that the commercial version, which the US government and industry buys, could be diddled with. It is possible to put back doors and other nasties in the commercial version.
      • There is an open source version and a commercial version.
        There is no reason that the government could not license source code and have a trusted person build the binaries for use on actual government machines -- heck, they should be doing that already!
  • Check Point's website has some decent info about the acquisition, [checkpoint.com] albeit somewhat fluffed with marketing. They also have a pdf FAQ [checkpoint.com] regarding the acquisition.
  • by Rac3r5 (804639) on Thursday March 02, 2006 @07:32PM (#14838998)
    This seems to be a really dumb move. Its basically telling the world that its ok for the US to take over foreign companies, but its not ok for foreign companies to take over a US business.

    What doesn't make sense is Snort is OPEN SOURCE. So if someone wanted to do something to the US computers, they would have already done so. There are lots of highly skilled network layer programmers all over the world that are capable of reporducing snort's functionality. This deal will just screw the US company involved, nothing more.
    • This seems to be a really dumb move. Its basically telling the world that its ok for the US to take over foreign companies, but its not ok for foreign companies to take over a US business.
      Allies or not, arabic interests owning American assets is a perceived security risk. That isn't dumb as much as it's consistent policy. If the PR for the war on terror hadn't been so effective, no person would have blinked.
  • by chris_sawtell (10326) on Thursday March 02, 2006 @07:33PM (#14839002) Journal
    When both countries and people have run up debts that they cannot service they have to be prepared to sell off things to repay those debts. Warmongering is an expensive exercise, you have to pay for by selling assets. US, get used to the idea; it will happen more and more in the future.
  • Eh, big deal. (Score:5, Interesting)

    by irregular_hero (444800) on Thursday March 02, 2006 @08:07PM (#14839210)
    First, I should point out that some of the other posters here seem to think Sourcefire == Snort. It does not, although Sourcefire's products have some dependency on Snort as a general engine. Sourcefire's main product line is actually far deeper than just SnortOnABox -- it delves into areas like vulnerability management and event collection/aggregation, things that "open source" Snort does only if you have a really good administrator who knows how to piece together all the various moving parts into something manageable.

    Second, it's remarkable that the DoD would question Check Point's intentions. If they truly cared whether this particular deal was in the best interests of "national security" (whatever that happens to mean today, then they wouldn't use Check Point's firewall products either. But they do! The US Navy uses Check Point firewalls in great, prodigious quantities -- enough that they need Check Point's ISP-class management console software to run all of them! And they're not the only branch of the military using it, not to mention the multitude of other Federal agencies.

    This sounds like a reach to me. Something based in rumor, started by a politician, that has to be ended by the press finding the real story inside the rumor...
  • What is the big deal? Snort is open source. It can be forked if concerns about foreign ownership prove true.
  • Bush wants to hog all the snorting for himself!

    Also, maybe during the 45 days they can find out what "open source" means, and how that Israeli company can already own and modify a copy of Snort.
    • They can't own and modify a copy that is closed source. IE, they can't take the product, and produce a non-open source product (legally), which they could if they had the rights.
  • Sssshhhhh be vwey vewy quiet. I'm hunting secwets! eheheheheheheh.
  • by WillAffleckUW (858324) on Thursday March 02, 2006 @08:55PM (#14839510) Homepage Journal
    Amusingly, both Congress and the White House have spent more time investigating the Isreali-produced Snort than they have investigating either the Dubai buying US ports or making a deal to allow India to receive US nuclear technology even though they won't permit inspections of their military nuclear facilities.

    Hypocrisy is rampant.
    • Yes, it's now become obvious just how much pro arab this administration and congress are. It's clear by now that they hold israel in much contempt and distain.

      Oh, wait a minute, that's not right at all. Err Ummm... Actually they are extemely pro israel and anti arab.

      So maybe this snort thing has nothing to do with any of that at all. It may have to do with the fact that checkpoint has not bribed enough congress critters yet. I suggest they ask for a 45 delay which will give them time to spread the dough aro
  • William Reinsch, a former senior U.S. official who participated in reviews under President Clinton, said the Israeli sale involves more dire security issues than the administration's recent approval for a Dubai-owned company to take over significant operations at six major American ports.

    "This raises a lot more important issues," said Reinsch, a former Commerce Department undersecretary. "The most important case is where we're making an irrevocable technology transfer to a foreign party. Port operations rai
  • I find it strange that Dubai, a U.S. ally in the War on Terror, should be allowed to buy the ports logistics company, while Israel, a U.S. ally in the War on Terror, should not be allowed to buy Snort's parent company.

    But you have to remember that this is all politics. According to the people who work in the ports themselves, the only thing that will change after the Dubai deal is who signs their paychecks. All they do is unload shipping containers off ships, and they don't even know what's in those contain

    • Re:Strange politics (Score:3, Informative)

      by johansalk (818687)
      Two things, what you need to understand about the Dubai Ports issue is that Dubai Ports is not directly running the US ports. What happened is that Dubai Ports recently acquired P & O, a British company with a long, long history, which had been running 6 US ports. It's as simple as that. P & O will run ports in the US and elsewhere, as it had long done. The Dubai thing will only be in name and on paper. It will continue to be a British operation. Also, Dubai did not buy a third of DaimlerChrysler,
  • /. effect (Score:2, Informative)

    by Psykosys (667390)
    I love how the above summary completely leaves out the reasons for the review. From the article:
    The objections by the FBI and Pentagon were partly over specialized intrusion detection software known as "Snort," which guards some classified U.S. military and intelligence computers.
  • by Anonymous Coward on Thursday March 02, 2006 @11:40PM (#14840349)
    I mean, an Israeli company buying a company with a pig as a logo?

"Once they go up, who cares where they come down? That's not my department." -- Werner von Braun

Working...