Slashdot Mirror

← Back to Stories (view on slashdot.org)

Enhanced Carnivore To Crack Encryption Via Virus

Posted by timothy on from the trust-us-once-again-ma'am dept.

suqur writes: "MSNBC has a story about a new Carnivore feature, dubbed 'Magic Lantern,' which arrives on a victim's computer in the form of a virus through email or well-known vulnerabilities. Magic Lantern uses keylogging to extract keys typed in, and sends them off to the FBI. This is similar to a story reported on previously, but taken one step further, allowing computers to be compromised remotely."

7 of 522 comments (clear)

  1. Legal? by aridhol · · Score: 5, Insightful

    Does this mean it will now be illegal to use a secure system? Having any type of security/virus protection will be circumvention of law-enforcing software.

    And what happens if this "happens" to get installed on a foreign government's computer? Can we say "espionage"?

    --
    I can't say that I don't give a fuck. I've just run out of fuck to give.
    1. Re:Legal? by statusbar · · Score: 5, Insightful

      More importantly, will it be illegal for Symantec to modify Norton Anti-Virus to block it?

      IF they do eventually make it illegal to block the virus then 'terrorist virus writers' can be guaranteed a hole in every system.

      And it is not far-fetched that they would make it illegal to block it. For instance, it is illegal to wear a bullet-proof vest if you are in a situation where the police want to shoot you.

      --jeff

      --
      ipv6 is my vpn
    2. Re:Legal? by Felinoid · · Score: 5, Insightful

      Additionally what happends to ISPs and SysAdmin who automaticly filter e-mail viruses.
      Could someone go to jail simply for NOT running an e-mail virus?
      Could Microsoft, RedHat, Apple or Sun get in trubble for fixing a defect?
      Could the government ask Microsoft to install a back door then on descovery when Symantic patches Windows to CLOSE the back door or if BugTrap discovers it and a third party patches it.. Would the government sue for discovery or patch?

      And Linux hacks have been known to exist that (for security reasons) pretend to be known Windows back doors to employ known defects in script kiddy toolkits.
      The defects themselfs could be easy to discover just in the way the backdoor works.. "Ahh here the script kiddy has a file reception system were I can send ANY file I want... any size.. oh and a typical redundency compression system.... Let's see compression code.. repeate "0" for 16 gig.. ok thats 6 bytes than expand into 16 gig.. He's dead.."

      On the inverse...
      "In todays news known terrorist Al Be Dumbby was set free on a legal technicallity.
      The terrorist group 'born stupid' is now counter suing for infecting Al Be Dumbbys computer...
      Many suggest this lawsute is an act of intelegence and disproves the groups contention that the terrorists have an inherent right to be stupid.
      Others point out had Al Be Dumbby not clicked on the virus or used Windows to start with this wouldn't be an issue"

      --
      I don't actually exist.
  2. AV software. by nate1138 · · Score: 5, Insightful

    What are the odds that antivirus software could be updated to find this virus? It obviously couldn't be cross-platform either. And if the gov't somehow manages to pressure a/v companies into not including it in virus defs, what would happen if some malicious kiddie got hold of the code, and unleashed a much more destructive version, knowing full well that most machines were not protected? Who would be liable in that case?

    --
    Where's my lobbyist? Right here.
  3. Re:Encryption Security by Tackhead · · Score: 5, Insightful
    > Extra bonus points if the entire operating system and software suite on the encryption machine lives on read only media, such as a CD-Rom.

    Remember Ken Thompson's hack! You only get the bonus points if you compiled the OS (and CD-ROM burning software) from source on a compiler you wrote yourself ;-)

  4. Easier Than I Thought by Puk · · Score: 5, Insightful

    At first I thought that this was just stupid, because no one running a reasonably secure system, keeping up to date with the latest patches, etc, would be caught by it. But then I thought: why rely on already known (and fixed) and other yet undiscovered holes, when you can roll your own?

    recently seen in #anti-trust:
    *** BillG is now known as GMoney ***
    <GMoney> How can we get out of this DOJ crap?
    <FBI> I have this "security patch" I'd like you to distributed through Windows Update. Say it fixes some hole using malformed URLs in IE5 and IE6. No one will blink twice. I'm not even sure most XP users can read.
    <GMoney> Will you put in a good word for me with the DOJ?
    <FBI> Sure.
    <FBI> DOJ: Let Microsoft go scott-free, or I post incriminating pictures of John Ahscroft and Hilary Rosen to usenet.
    <DOJ> Rokie dokie, baws.
    GMoney laughs maniacally.
    FBI laughs maniacally.
    DOJ tries to laugh maniacally, but chokes on the pencil eraser he was chewing.

    *poof*. Insta-hole. Security patches are worthless if you can't trust the source. And yes, this wouldn't work with non-MS OSes, especially decentralized open source ones. I hope.

    -Puk

  5. How far will you let them go? by Platinum+Dragon · · Score: 4, Insightful

    How many straws will it take before the people of the United States, the people who take pride in living in the "best nation on Earth", the "land of the free," stand up and say ENOUGH?

    Is a sense of security worth allowing Stalinist Russia to be reborn in America?

    How many straws, America? How many?

    --

    Someday, you're going to die. Get over it.