[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Barracuda backdoor



On Thu, 2011-04-28 at 12:59 +0200, Christian Sciberras wrote:
> Oh I'm sure someone on the list is going to help you.
> Just give us SSH and root access and we'll do the hard work for you.
> See, that's being open, not closed...!

Sure someone can do. I happen to know some people who are able to
reverse engineer anything on PC but they are busy doing useful stuff
instead of proving someones bad intentions in Barracuda. To me it looks
like only correct way for Barracuda is to issue clear statement that
they remove all such "features" from their products and and issue free
patch for this. 

And yes, I am sure if Barracuda will act to hide problem we soon see
what else community find out.

World is weird. I happen to write review on all Barracuda product line
at same time. I will praise their product as "works of out of box" and
meanwhile I do not recommend such timebomb into server room but pay some
guy to configure postfix with all proper addons instead. Also this fact
already changed two "go" desicions from Barracuda to "no-go" ones in my
close contacts. 

  Tõnu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/