Slashdot Mirror

Troodon writes: The Register reports on Forensics Explorers' NetWitness. Rather than relying upon the FBI's 'fail-safe' separation of Carnivore Operators and Case Agents to discriminate between legitimate data and that inadmissably, incidentally siphoned up along with it and submitting to the installation of a mysterious black box within their network, ISP's can comply with CALEA in-house for approximately $2,500 per collector and between $35,000 and $45,000 for an analysis station. Should you fancy a little development, another cheaper alternative exists: Altivore." Not sure any of this is much comfort -- the lesser of two evils is still evil.

Johnno74 writes "According to this story on The Register, Windows XP rc2 now includes the ability for Microsoft to prevent users from installing certain device drivers. Sounds like a good idea? Well, apparently among the casualties are ZoneAlarm and BlackIce... Two popular free personal firewall products for windows. Guess What? XP includes its own firewall ... So you don't really need then anyway, right? The full details on how this works are in this 1mb word document on Microsoft's site.

The document details how XP will automatically download the latest drivers for your hardware from the windows update site, and more worringly, XP will reguarly update the list of blocked drivers from the site. Quote from the document:

&nbsp&nbsp&nbsp"On a related note, Windows XP provides the ability for Microsoft to receive crash dump data on specific drivers (i.e. when a user receives a blue screen, we upload that information for further analysis). When Microsoft reporting systems indicate crashes have exceeded a certain threshold, Microsoft will notify the Vendor that the device is being considered for the blocked driver list. If reports pass an even greater threshold, we will then flag that specific version of the driver as needing to be blocked."

Boy, The site that uploads that crash dump data (and whatever else it snags...) better have a lot of bandwidth... ;-) As The Register points out, this brings back memories of how Microsoft killed Caldera DR-DOS by deliberately crashing Windows 3.1 if you were running on DR-DOS -- for no reason other than forcing you to use MS-DOS."

Note: according to this article, the change does not prevent Black Ice or other programs from running per se -- but it does require them to use updated versions tailored for XP.

Not that programmers or writers are ever a little bit competitive all by themselves, it seems that they have to be motivated with the carrot of fame (or some sort of perverse derivative) and prizes -- check the results of the two contests below and perhaps hone your ideas for next year's versions. Also, the dirt below on how to get Netscape quick (oxymoron?) and a new, old Neal Stephenson book (OK, that one was an oxymoron ...)

Play with directories to find the X-rated version. Remember the Interactive Fiction Contest mentioned here a while ago? Andrew Plotkin writes with some results: "After six weeks of judging, the results of this year's text adventure competition are in. The top three places go to "Kaged", "Metamorphoses", and "Being Andrew Plotkin". But personally I'd be happy to recommend any of the top ten entries.... and not just because my entry (which was not called "Being Andrew Plotkin"!) came in tenth. Heh. Many of the lower-down placers are worth a look, too -- this is one of the best competition rosters we've ever had."

And speaking of contests ... chongo writes: "The International Obfuscated C Code Contest, the oldest Internet based contest, is not ready to go on the cart as some may had feared. With the addition of Simon Cooper as the 4th IOCCC judge and my early vacation return the IOCCC is moving forward again.

We (the judges), have been processing a near record number of entries. We have now entered the final judging out of which the IOCCC winners will be selected. We apologize for the delay and would like to assure all the contestants and the spectators that the IOCCC 2000 winners will be announced prior to the end of the true millennium. :-) Watch the IOCCC news for further development.

P.S. The rumor that some judges are considering opening up the 2001 IOCCC to C++ programs is true."

(Or try the Perry-Casteneda Library at the really big U) Thanks to xFoz you can rest easy in the knowledge that "you won't have to spend big bucks to put that long lost out of print Neal Stephenson book under the tree this year. But you will have to wait for next year for your very own less than $500 a copy of "The Big U." Preorder now and save $2.60! Amazon has the listing here" mattdm points out that "You can pre-order from Barnes and Noble," as well.

Apparently, this is not Stephenson's favorite of his works. In fact, it's also the only one of his books that I didn't read compulsively with little more than breaks for micturation and nutrition, but it's hard to complain about having some more Neal Stephenson to read! (Thanks to my brother for turning me on to The Diamond Age, too.)

Straight up, no chaser LunarOne writes "I accidentally found the real direct link to downloading Netscape 6, without using their annoying little setup app. Thought I would contribute this since I hadn't seen the link anywhere here on /. I found it while downloading the Windows version of Netscape 6. I protect my Windoze box with BlackIce Defender and this firewall-ish program reported back to me the real download site. Anyways, I had low expectations of NS6 due to some negative comments I had heard here earlier. But, I gotta say I really like it. I have been downloading Mozilla builds regularly for a very long while, and still have high hopes for Mozilla. However, right now I'm enjoying Netscape 6, despite the included commercialisms previously condemned in this forum."

On October 5th we put out a call for questions about the FBI's Carnivore boxen that we could send off to Dean Henry H. Perrit, Jr. of the Illinois Institute of Tech [IIT] Chicago-Kent College of Law, who is overseeing the legal side of the Carnivore review. If you didn't read the call for questions, please check it now, and even follow a few of the links. Then read Dean Perrit's answers, which were not written or checked by the FBI or DoJ, whose agents can read them here for the first time just like anyone else, assuming they have nothing better to do than read Slashdot.

1) Ethical question
by Devolver42

Is it fair for an individual or group with clear political ties to a system to give that system a review? In other words, how can you be unbiased while still being politically tied to the situation?

Perritt:

Members of the review team do not have "clear political ties" to the Carnivore "system." I was last employed by the Federal Government 24 years ago in an Administration of the opposite party. Dean Krent was last employed by the Federal Government in the Reagan Administration, and has spent more time suing the Justice Department than he has working for it.

The notion that past federal employment or consulting with federal agencies, no matter how remote their connection to a particular program, disqualifies one from undertaking an independent review is preposterous. Certain expertise in technology and the functioning of government agencies is prerequisite to a competent review of Carnivore.

2) Is a whitewash inevitable?
by Jay Maynard

There's been a lot of comment on how the conditions the DoJ has put on the reviewers make a fair review impossible. Things like the right to edit before release, the right to veto participants, and the need to only use cleared personnel cast a cloud over the impartiality of the process. Many prestigious institutions were invited to submit proposals,and yet only two - yours and one other lesser-known - did. The backgrounds of the people atIIT and their past ties with the DoJ don't give any more reason to be comfortable.

How do those of us concerned about Carnivore's immense power for invasion of privacy have any reason to believe what you and your institution produce will be other than a whitewash designed to make Carnivore appear in the most favorable light?

Perritt:

Carnivore is used in sensitive criminal and foreign intelligence investigations. The need for confidentiality in such investigations long has been recognized by the Congress and Supreme Court of the United States. It is not unreasonable for the Justice Department to assure that the details of confidential criminal investigations or of foreign intelligence methods and procedures will not disclosed to the public.

The existence of limitations on personnel and on disclosure do not suggest a "whitewash."

It is very unusual for a federal agency to acquiesce in a third party review of an important system. Having commissioned such a review, the interests of the Justice Department would not be served by censoring the review or otherwise acting so as to compromise its integrity and credibility. The review team, institutionally and personally, has an interest in preserving their reputations for professional independence, analytical competence, and candor. None of these interests are tied to future dealings with the Justice Department or the FBI. They are more closely tied to reputation in many of the communities which have been critical of Carnivore. It is counterintuitive to suppose that the review team would sacrifice these interests by undertaking a "whitewash."

3) Political or Technical Review?
by Anonymous Coward

Is the substance of this review to be political or technical?

To wit, is this review to determine if Carnivore performs actions that are within the scope of the law (political), or is it to define the complete potential of Carnvore (technical)?

Perritt:

The review will not be political in the sense that the term "politics" ordinarily is used. It will be technical in the sense that term is used in the RFP.

Because Carnivore is a tool, just as a hammer or a firearm is a tool, which conceivably could be used outside the limits permitted by law, the review appropriately will consider the operation of human, organizational, and judicial controls to limit Carnivore's use.

4) Your impressions.
by M-2

Can you give us your first impressions of the concept of the Carnivore concept when you initially heard about it?

Can you give us your initial feelings as to the legal standings under the Fourth Amendment that allows Carnivore to be used for the purposes stated, which it would appear technically violates the Electronic Communications Privacy Act?

What is your impression of the amount of interest the Internet community at large is taking in the entire Carnivore concept?

Do you feel there is too much paranoid fantasy going on, or do you feel there is some justification?

Perritt:

Any electronic surveillance involves balancing needs for effective enforcement of the criminal laws and protection of national security against threats of invasion of privacy. It is appropriate for the public to be concerned about how this balance is struck.

The Internet community appropriately has been concerned about technological developments that may affect the balance, including restrictions on encryption, development of new telecommunication systems that facilitate or hamper electronic eavesdropping and devices such as Carnivore.

In this respect, interest in Carnivore and a certain amount of controversy over it is healthy.

On the other hand, conspiracy theories suggesting that no one with present or past associations with the Federal Government shares constitutional values or can be trusted to review new systems for their compliance with the law are overblown.

5) Who would Carnivore Really Affect?
by drenehtsral

In the end a system like carnivore will only work for a while, and only against fairly unintelligent users because end-to-end strong encryption is no longer compuationally infeasable. Joe Schmoe with the middle of the road prebuilt gateway could easily handle the processor load of encrypting all his e-mail with 2048 bit RSA (which is now freely available, and even exportable). Not only that, but even with existing (and reasonably near-term) quantum computers, we are not even near enough qbits to start tackling these cyphers, since they can't be broken down when being fed to a quantum computer.

So in short, is this whole thing just a moot point? Who would Carnivore really catch?

Perritt:

Any electronic eavesdropping technique or system is subject to frustration by new technologies. It is appropriate for law enforcement and national security agencies constantly to be developing new technology to keep pace with technological developments generally.

6) Are you willing to lose everything for your rights
by anticypher

If you found that carnivore did more than the FBI is claiming, would you stand up to their threats if you published your results to counter their "edited" report? Would you be willing to lose everything you have to stand up for the rights of Americans, your property, your retirement, your liberty, and your professional reputation? You would be vilified and persecuted by the FBI for your actions, even though you would win the admiration of liberty loving individuals all over America.

Or...

Would you shrug your shoulders, and knowing that some day the truth will out, say nothing if the FBI completely changed your report, and hope that when exposed your reputation is not too badly tarnished?

Perritt:

Neither the Justice Department nor the review team has any interest in a process that will not report conclusions of the review honestly and candidly.

I have seen no indication of any intent by the Justice Department to block the review team from expressing its views completely.

Given the level of interest in the Carnivore review, it is unlikely that an effort by the FBI to "completely change" the review team's report would succeed.

I am not willing to speculate as to what action I would take if inappropriate control is exercised.

7) Is this a real review?
by Apuleius

Jeff Schiller of MIT has declined to review Carnivore, saying that "what they want is a rubber stamp."

Obviously, you will say you intend to do a genuine review.

Why should anyone take your word over Schiller's?

Perritt:

I don't know how Mr. Schiller has any knowledge of what the Justice Department wants. I have been assured by senior officials at the Justice Department that a complete review, with honest conclusions freely expressed, is desired.

It may be that what Mr. Schiller wants is a soapbox, and I don't see why he should use a government-funded review for that purpose.

8) Carnivore vs. Sniffer vs. Altivore
by RobertGraham

I'm the author of Altivore and a long time sniffer user. The RFP was for a "technical" review to validate that Carnivore captures only the data allowed by the court order. Yet reading the resumes of the members of your team, I don't see anybody with sufficient techical experience in sniffing technologies.

Packet reassembly and state-based protocol analysis are critical to the minimization function. My believe is that Carnivore is essentially stateless, just like my own Altivore. I can create real-world scenarios where Altivore fails the minimization test. Sure, they occur less than 1% of the time; I don't know how that fits within the law. However, software can be written to meet minimization requirements 100% of the time (e.g. BlackICE does this for detecting cr/hacking).

My question is: will a sniffing expert be analyzing the packet reassembly and protocol analysis part of the source code in order to validate that Carnivore captures all the data authorized by the court order, but no additional data? Moreover, is there really somebody on your team that understands even what I'm talking about?

Perritt:

A number of members of the review team are quite familiar with sniffing technology. Sniffers are routinely used as network management tools.

9) Comparing to wire-tapping laws
by VP

During the congressional hearing on Carnivore, the FBI stated that current wire-tapping laws are adequate for the use of Carnivore. Further more, they revealed that the uses so far of Carnivore had been according to the regulations of optaining a "pen-register" wire tap. Are you aware that (from what we know) technically Carnivore is much closer to the concept of trunk-tapping, as most, if not all the traffic at the ISP has to go through Carnivore? AFAIK, trunk-tapping is illegal - would you be of the opinion that Carnivore automatically falls under the same illegal category of wire-tapping?

Perritt:

Any network interface card on a networked computer "taps" all of the traffic traversing a particular network segment. It is far from clear that such limited acquisition of network packets at lower levels of the OSI stack constitutes interception under the law. Indeed, if appropriate filters are used in a sniffer or other network monitoring device, preventing human knowledge of material that is filtered out, there may be less threat to privacy interests than if human beings must review content in order to apply minimization requirements, as is commonplace with telephone wiretaps.

We will review whether Carnivore acquires information not permitted by law or in a manner prohibited by law.

10) Oversight of this interview
by Col. Klink (retired)

Are you free to answer questions posted here, or does the FBI review your answers first?

Perritt:

Neither the FBI nor any other government agency reviewed my answers to these questions.

Woodie asks: "Hi,I'm wondering, after reading Dvorak's article on crackers , whether good intrustion detection software exists for Linux. He specifically mentions a product called "BlackICE" - which I checked out the details of - that sounds very interesting. What Linux alternatives are there? I'm not necessarily expecting an easy to use GUI; some kind background daemon that generates a usable log and that can be preconfigured to respond to certain "attacks" would be great. " How reliable are the results from various Intrusion Detection packages? Are these things worthwhile? Or would do-it-yourself monitors be a better choice?

Update: 11/03 11:58 by C : Jargon was also interested in Linux Intrusion Detection and was curious if there were Linux contenders to the likes of Cybercop Sting, and Mantrap"