1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Should Kaspersky Lab Show Its Source Code To The US Government?


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Should Kaspersky Lab Show Its Source Code To The US Government?

RSS Kategorie Pfeil IT Security Nachrichten vom | Quelle: it.slashdot.org Direktlink öffnen

Today the CEO of Kaspersky Lab said he's willing to show the company's source code to the U.S. government, testify before Congress, and even move part of his research work to the U.S. to dispel suspicious about his company. The Associated Press reports: Kaspersky, a mathematical engineer who attended a KGB-sponsored school and once worked for Russia's Ministry of Defense, has long been eyed suspiciously by his competitors, particularly as his anti-virus products became popular in the U.S. market. Some speculate that Kaspersky, an engaging speaker and a fixture of the conference circuit, kept his Soviet-era intelligence connections. Others say it's unlikely that his company could operate independently in Russia, where the economy is dominated by state-owned companies and the power of spy agencies has expanded dramatically under President Vladimir Putin. No firm evidence has ever been produced to back up the claims... Like many cybersecurity outfits in the U.S. and elsewhere, some Kaspersky employees are former spies. Kaspersky acknowledged having ex-Russian intelligence workers on his staff, mainly "in our sales department for their relationship with the government sector." But he added that his company's internal network was too segregated for a single rogue employee to abuse it. "It's almost not possible," he said. "Because to do that, you have to have not just one person in the company, but a group of people that have access to different parts of our technological processes. It's too complicated." And he insisted his company would never knowingly cooperate with any country's offensive cyber operations. A key Democrat on the Senate Armed Services Committee has told ABC that "a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure." Meanwhile, Slashdot reader Kiralan shares this article from Gizmodo noting Kaspersky Lab "has worked with both Moscow and the FBI in the past, often serving as a go-between to help the two governments cooperate." But setting the precedent of gaining trust through source code access is dangerous, as is capitulating to those demands. Russia has been making the same requests of private companies recently. Major technology companies like Cisco, IBM, Hewlett Packard Enterprise, McAfee, and SAP have agreed to give the Russian government access to "code for security products such as firewalls, anti-virus applications and software containing encryption," according to Reuters. Security firm Symantec pointedly refused to cooperate with Russian demands last week. "It poses a risk to the integrity of our products that we are not willing to accept," a Symantec spokesperson said in a statement.

Read more of this story at Slashdot.

...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu Should Kaspersky Lab Show Its Source Code To The US Government?






Ähnliche Beiträge

  • 1. Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs vom 762.74 Punkte ic_school_black_18dp
    Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be
  • 2. P4wnP1 A.L.O.A. - Framework Which Turns A Rapsberry Pi Zero W Into A Flexible, Low-Cost Platform For Pentesting, Red Teaming And Physical Engagements vom 515.37 Punkte ic_school_black_18dp
    P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Rapsberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements ... or into "A Little Offensive Appliance".0. How to installThe latest image could be fou
  • 3. Try out Nullable Reference Types vom 491.39 Punkte ic_school_black_18dp
    Try out Nullable Reference Types With the release of .NET Core 3.0 Preview 7, C# 8.0 is considered "feature complete". That means that the biggest feature of them all, Nullable Reference Types, is also locked down behavior-wise for the .NET Core release. It wi
  • 4. TA17-117A: Intrusions Affecting Multiple Victims Across Multiple Sectors vom 434.06 Punkte ic_school_black_18dp
    Original release date: April 27, 2017 | Last revised: May 14, 2017Systems Affected Networked Systems Overview The National Cybersecurity and Communications Integration Center (NCCIC) has become aware of an emerging sophisticated campaign, occurrin
  • 5. DevAudit - Open-source, Cross-Platform, Multi-Purpose Security Auditing Tool vom 408.08 Punkte ic_school_black_18dp
    DevAudit is an open-source, cross-platform, multi-purpose security auditing tool targeted at developers and teams adopting DevOps and DevSecOps that detects security vulnerabilities at multiple levels of the solution stack. DevAudit provides a wide array o
  • 6. Announcing TypeScript 3.5 vom 402.12 Punkte ic_school_black_18dp
    Today we’re happy to announce the availability of TypeScript 3.5! If you’re new to TypeScript, it’s a language that builds on JavaScript that adds optional static types. TypeScript code gets type-checked to avoid common mistakes like typos and
  • 7. Announcing TypeScript 3.2 vom 394.2 Punkte ic_school_black_18dp
    TypeScript 3.2 is here today! If you’re unfamiliar with TypeScript, it’s a language that brings static type-checking to JavaScript so that you can catch issues before you even run your code – or before you even save your file. It also includes the late
  • 8. Announcing TypeScript 3.5 RC vom 383.8 Punkte ic_school_black_18dp
    Today we’re happy to announce the availability of our release candidate (RC) of TypeScript 3.5. Our hope is to collect feedback and early issues to ensure our final release is simple to pick up and use right away. To get started using the RC, you ca
  • 9. OSXCollector - A Forensic Evidence Collection & Analysis Toolkit For OS X vom 374.9 Punkte ic_school_black_18dp
    OSXCollector is a forensic evidence collection & analysis toolkit for OSX.Forensic CollectionThe collection script runs on a potentially infected machine and outputs a JSON file that describes the target machine. OSXCollector gathers information from pl
  • 10. TIDoS Framework - The Offensive Web Application Penetration Testing Framework vom 352.12 Punkte ic_school_black_18dp
    TIDoS Framework is a comprehensive web-app audit framework. let's keep this simpleHighlights :-The main highlights of this framework is: TIDoS Framework now boasts of a century+ of modules. A complete versatile framework to cover up everything from
  • 11. TIDoS-Framework v1.7 - The Offensive Manual Web Application Penetration Testing Framework vom 349.67 Punkte ic_school_black_18dp
    TIDoS Framework is a comprehensive web-app audit framework. let's keep this simpleHighlights :-The main highlights of this framework is: TIDoS Framework now boasts of a century+ of modules. A complete versatile framework to cover up everything from
  • 12. Me playing with a tunnel. I don't do it every day! :) vom 335.82 Punkte ic_school_black_18dp
    23:05:18.031621 IP xxx.openvpn > cxxxxst.net.50451: UDP, length 40 [email protected]@..-....I"<@.....0..H.........#..pbu7 .$...E.%tx.. 23:05:23.186044 IP cxxxxx.50451 > xxxx.openvpn: UDP, length 67 .....[.#.....6.V.... s.9.K..H......HPv.|1..N .y. )..z