Slashdot Mirror
McAfee Will Ignore FBI Spyware
Drew writes: "The Washington Post is reporting on the FBI's new spyware called 'Magic Lantern.' According to their article, 'At least one antivirus software company, McAfee Corp., contacted the FBI on Wednesday to ensure its software wouldn't inadvertently detect the bureau's snooping software and alert a criminal suspect.' It is ridiculous that the software companies that are supposed to help us protect computers purposefully leave in loopholes for the FBI to operate their spyware."
Now anyone can craft their virii to look like the FBI's brood and avoid detection alltogether.
Fabulous, I hope everyone feels safer already.
--
WHO ATE MY BREAKFAST PANTS?
Seems to me that we are getting an unusual number of dupes recently.
Maybe Taco et al should work out a better way to classify incomming email, and flag the topic as posted or some such.
Now all one needs to do is modify ones spyware/virus to look similar to FBI's Magic Lantern, and you can avoid detection by virus software. Just great.
Absolutely ludicrous. I cannto believe my eyes, can it acutally be true that not even terrorists can be safe from the harm that virii written by the FBI will be infecting their computers. I am positive that Nimda and CodeRed are just viruses created by the FBI to hack the gibson and steal our passwords.
Great - well McAffee will notice a pretty steep fall in sales once this gets out - hahahh - these people really know how to sell product!
No sig.
Does anyone know where one would get the source or the general idea of what Magic Lantern is doing, if you could get your hands on this then write a virus it wouldn't be detected by Mcafee at least and that means that you have an effective counter Magic Lantern weapon(Mcafee would have to detect ML then, or "they" would have to update ML continously so that it was not detected.
* Anyone with half a brain will be able to find the spyware.
* Everyone knows that terrorists use NAV.
* There will likely be dedicated programs to find the spyware.
* It's a bad idea to have client-side spyware.
If these people are smart anough to use encryption when sending their messages they should be smart anough not to use a windows machine.
I mean, just how are you going to be able to get your hands on that software? Its not like you can just go download it off FBI.gov :P
autopr0n is like, down and stuff.
Someone should start a wiki wiki web (a page modifiable by anyone, a la Wikipedia) for people to post information they find about this little bastard. Eventually, enough info should come together to allow writing a specific detection utility, which could then be slashdotted. I would do it myself, but I don't have a server (I'm in Romania).
The point is, these aren't loopholes for the FBI. McAfee will ignore this loophole, and that will allow CRACKERS to get into your system. This program, which is intended to prevent people from getting into your computer, will happily ignore all cracking that takes place through the same loopholes as this so-called Magic Lantern.
Oh well... Next time, use OpenBSD.
does anyone know of a URL for a well-written anti-microsoft screed that would be understood by my grandmother? something that intelligently synthesizes arguments against hailstorm/passport/closed source/key escrow/etc. and for the adoption of free software?
kind of like how slashdot allows writers to post blatently uninformed and trolling "articles" without users being able to "moderate" them down. because of all the money they have, the so called writers of slashdot are free to ram their agenda down our throats while anyone who speaks out is gagged by the unjust moderation system. yet, in the 4 year history of slashdot not ONE article has adressed this lack of moral lack of journalistic integrity. it's almost as if the owners of slashdot are mocking the freedom fighting users by posting these type of hypocritical stories.
I think this issue might acutally bring OpenSource to the forefront in an unexpected way.
So far, we see commercial ventures quickly bowing in, without any forced legislation, but I dont thnk OpenSource, esp FreeBSD (and its variants) or Linux quickly bowing in to ignoring FBI attempts to log our private communications (even if they involve "...no, your the stinky butt)
What i can see happening is the OpenSource being used to very openly define what eavesdropping can be and can't be enforced.
Anyway, thanks for listening.
btw, this will make me even more leary of using commercial, closed, software, and be even more inclined to use opensource software
Sigs are dangerous coy things
So I guess for linux users, the email would probably look like the following:
Dear Sir or Madam,
Please make sure you are root when you execute this file.
Thanks,
The FBI
For one thing, I wonder if this "Magic Lantern" has been ported to Linux. I tend to think not - it probably needs some pretty OS-specific code to hide itself effectively, so for now my bet would be Windows only. If you think Linux is common enough they'll want to rewrite a Magic Lantern for it soon, just continue along the path of security through (relative) obscurity, and switch to BeOS.
Another option: I wonder what a port sniffer/firewall would see while the Magic happened? If anyone posting to slashdot thinks the Feds might want to shine a Lantern on them, could you try this experiment? We won't know whether you really have ML installed until you're disappeared, of course, but at that point your data might prove useful.
I'm the stranger...posting to
Just proves that one should always encrypt on a known secure computer. One that has not nor will be ever connected to a network, be it the Internet or some LAN/WAN. Additionally, the computer should never be infected with potentiallly comprimising tools (floppy drive, CD-ROM, etc...). Encryption should also be conducted on a known secure operating system of some sort. There are many other techniques for those encrypting potentially devestating information.
Arrggghh!
OK, I really need to get this off my chest here.
How will this affect copies of software sold countries outside the US? Will my AV software end up crippled and able to be exploited by those who have reverse engineered the "FBI Friendly" code?
Why is this acceptable? Because the good old US Government wishes to remove the much-lauded freedom of its citizens, the rest of the world also loses those freedoms. Will McAfee for example really bother to have a US-only version with the FBI-lover code in it, and remove that code from all other versions? Even if they say they have, how will we know???
Grrrrrrrrr....
Prisoner #655321
This more then mildly disturbing, OTOH MacAffie can sell whatever they software they want, and since there is competition on the market people will have a choice. if There was a monopoly, or if Norton decides to do the same thing it could be a lot worse.
Btw, does anyone know if various spyware programs are explicitly blocked by AV software? It seems that in this day and age there is more of a gradient between 'legitimate' software and 'viruses'. Which I would count any software executing that does not run for the express benefit of the owner of the computer, rather then a program intended to cause harm. If AV service companies are protecting their 'fellow corporations' I see an even bigger problem...
autopr0n is like, down and stuff.
Oh well...it probably just runs on windows anyway...a good Linux/Unix sysadmin would notice it if it were running on their machine anyway, and would promptly figure out how to remove it and/or scan for it.
Trying is the First Step to Failing --Homer Simpson
can be done if the subject have a firewall loging each and every packet.
once he finds strange packets leaving the machine a smart guy with some knowledge can start searching manually his system, and once he finds what he's looking for he can put togheter a package similar to backorifice, knowing that it wont be cought by antivirus.
What ? Me, worry ?
Is anyone else wondering whether this means that it would soon be mandatory for software that is used in the US to have exploitable security flaws in order to better catch terrorists?
For those that would point out that convincing someone to click on an attachment is social engineering and not really an exploit, I'd like to point out that there are mechanisms that can be put in place both at by the OS or the mail reader to make things like clicking attachments less dangerous (automatically running attachments as a user with minimal privileges is one of them). But given that the FBI is relying on OSes not to make doing this easy would applications or OSes that tend towards security start to face the same stigma and negative association that encryption has faced since the events of 9-11?
What if you simply send out the actual FBI trojan to tons of people?
--
WHO ATE MY BREAKFAST PANTS?
They'll all get Mac's and that's that. The only ones that suffer the feds stupidity are the unwashed masses with windows.
/dev/null
Picture it now...
[jeff goldblum voiceover]
This is for the thinkers, the tinkerers, the troubled souls that blow shit up... the computer that says think different, apple macintosh.
Hmm... I should go and register blowupdifferent.com in anticipation!
-coward >
America. Home and land of brave and free? Yeah, right. More like the growing-grounds for stupidity and the implementation of "1984" or "One of these days". Welcome to how USSR KGB and DDR Stasi worked.
When's the next bus to Canada?
There will always be another program that will aid in blocking this. I do not get to upset over McAfee not preventing this. I am sure you can go to Freshmeat or C|Net downloads and find some freeware ap in time that blocks this behavior.
No biggy getting upset over it. The only thing to get upset about is the extra few k of resources that another program will take. With how ram is now days... who cares?
30% off web hosting. Coupon code "SLASHDOT".
no need to be root just to monitor the user...
So, the FBI is creating this virii that lives on a computer and spys on potential terrorist actions -- what's stopping the inverse from happening -- the terrorists writing virii to sit on the FBI's computers and spys on potential antiterrorist actions? Hey, the FBI opened the doors so that McAfee won't detect them either.
Hum, all we have to have is some hackers go through the virus scanning software and figure out what they're "ignoring" for keystroke logging and other things and impliment it the same way the FBI would. That way it would go completely undetected.
I'm glad the PC world feels safe with virus scanners installed.
In case you want to shout at them about how you'll not buy any more of their products. Maybe if McAfee understands how stupid this is, they'll change their minds (hahaha, right).
http://www.mcafee.com/aboutus/contact_us.asp?
McAfee.com Corporate Headquarters
McAfee.com
535 Oakmead Parkway
Sunnyvale, CA 94085
USA
Telephone: (408) 992-8100
Fax: (408) 720-8450
"If he thinks he can hide and run from the United States and our allies, he's sorely mistaken." Bush on bin Laden
Why does an organization like the FBI even need the ant-virus makers cooperation? If they were half as good as the federal government makes them out to be they would have a cross-platform, stealthed, and god-only-knows-what program out in a day.
Or is that the NSA?
But honestly, if virus writers can bypass virus-scanners, why can't the Feds?
If there was a program to detect Magic Lantern, then the FBI probably wouldn't use it much. Installing Magic Lantern would be an immediate tip-off to the suspect that the FBI was watching!
"McAfee Will Ignore FBI Spyware"
They've been ignoring viruses for years. Why change now?
;)
Knunov
Why do users with IDs under 100,000 or over 700,000 usually have the most worthwhile comments?
The FBI is only trying to protect you. Relax. The FBI bug is only supposed to be deployed following a judicial order. It is not going to be distributed to everyone on the net -- only criminals. So stop demanding your so-called rights as an individual to the detriment of the collective.
Maybe if they had a Linux version it would have helped them catch their spy... Robert Hansen.
After all, like any good communist, Mr. Hansen was a Linux user.
Feb. 12, 2008:
If you're serious about security, you won't even need anti-virus, since you're using an OSS OS.
Norton Personal Firewall/Internet Security detects and stops this software from operating, as a personal firewall program is designed to do.
If McAfee does not, then they should be investigated by the FTC for marketing a low quality product.
average cost of living there? airline tickets to get there? for shipping my stuff once i find a house?
It just may be that the FBI's so-called "Magic Lantern" is a classic magician's trick. They are telling the whole world that this Magic Lantern is a technology that will seek out and destroy every dangerous criminal on the face of the planet. They're marketing it as an unbeatable technology that works on EVERY SINGLE COMPUTER IN THE WORLD (that is, every one that's running Windows). They're causing lusers to think that there really is some kind of crimefighting technology when it's really nothing more than a bug which allows crackers to compromise Windows.
Then, the criminals who are trying to avoid the FBI see this and talk to someone who understands computers. That person tells them how to patch their system to remove the vulnerability.
Here's where the classic trick takes place. The criminal thinks he's immune from the Lantern, so he goes on with business as usual. He writes down his drug trafficking records or whatever, and then the FBI goes in behind his back, using some other system that nobody knows about, and gets the information.
I'm not saying this is what's going on. On the contrary--government people are really stupid, and even more so when it comes to computers. But I'm saying this is a possibility, and I'll try not to discount the FBI's intelligence just yet.
Oh well.
It doesn't need to be as complex as that. They could just require that all computers contain a user account named 'fbi', group 'root', password 'jedGaRHoOVer'. Simple.
Failure to support the account would be considered an act of harboring terrorists. Civilians using this account would be considered impersonating a federal agent: that's illegal, so there won't be a problem with unauthorized access.
I wouldn't worry about it TOO much....I'm sure some legit coders will come up with some detector/cleaner for us innocent uber geeks to remove it. Besides....if someone is truelly innocent they shouldn't have anything to worry about, SHOULD they ?!?! I think you guys gotta stop being SO freakin paranoid.....you think the FBI and CIA has time to worry about every freakin MP3 and illegal copy of Windows someone might have laying around...they got enough DUMBASS muslim extremists to worry about !
OSS has *nothing at all* to do with whether or not there are viruses.
It's the way in which people use their computers that cause virii to spread.
You can be sure, one of the main reasons there isn't a huge spread of virii for linux is a) Not nearly as many machines out there, so it's hard to catch an infection, and there's no motivation for someone to write one.
b) People generally install software from trusted sites, not their friends, not from emails.
Open-source commie hippies... sheesh.
damn...and to think that I actually like McAfee...until now, anyway...
wonder if this "Magic Lantern" has been ported to Linux. I tend to think not ... so for now my bet would be Windows only.
That's a hell of a bet to make if you're a criminal. There are a reasonable number of remote-root exploits for Linux, and it's possible that they're may be unknown ones out there.
I mean, Christ, the FBI isn't that stupid, I'm sure they have the resources to port software to different platforms, even if they need a totally new codebase.
autopr0n is like, down and stuff.
So, McAfee will allow it to pass undetected....
I bet they didn't even have to code for that - since McAfee can't detect anything that even remotely resembles a virus in the first place.
/sig "Shop smart! Shop S-Mart!"
It seems to me that Patrick Naughton may have devloped the Java Language initially to facilite searching the internet for child pornography
In my mind, Java is so associated with Naughton and kiddie porn, that I refuse to use it.
PLEASE--check the references here, all on legit news sites--and MODERATE UP! There are too many friends of Patrick Naughton who support Child Pornography that like to moderate these down.
A long time ago USArmy decided that biological harzadous weapons would be a great idea. Then they developed a deadly biological weapon, they called A-n-t-h-r-a-x.
Many years later they decided to ban biological weapons, that was a great idea. But this year when the world asked for the end of all the kinds of biological weapons Mr.Bush said NO.
Six months later he realized that it was a Bad Idea(c). (needless to say why)
What do you think? Is this Magic Lantern a good idea or a bad idea?
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
McAfee is a "product group" of Network Associates, Inc. Another one of NAI's product groups is PGP Security.
NOW how much do you trust recent versions of PGP...?
-----
PGP Key ID 0xCB8FF658
As long as it's not illegal to produce AV software that does detect this "Magic Lantern", then I'll be happy to take by business elsewhere. No skin off my nose, just too bad for McAfee.
a couple of hundreds of years ago, quite a lot of people fought for their freedom and against their suppressing governments. they created a couple of free, democratic nations all around the world. now those governments are back in their old way of doing whatever they want and completely ignoring their citizens' rights. how long till the next revolution? call me, i'll be there...
YOU CAN'T JUST MAKE UP A VIRUS THAT WILL MATCH ANOTHER VIRUS'S SIGNATURE!. If any one of you had even a lick of sense, you would know that even a basic MD5-hash would be computationally infeasible to replicate with a different document. That is, there are roughly 2^128 possible MD5 hashes, and, according to Bruce Schnier's excellent book, Applied Cryptography:
Now, with that little bit of information in mind, how long do you think it would take to find a random text message assuming your processor could hash messages at 1 million/second? Approximately 1,200,000 years, if my calculations are accurate. Mind you, this is for a random message. Writing a real, functioning virus that still matches the same signature would be, well, impossible for all intents and purposes.
So grab a paper bag, put it to your face, and breathe deeply. There, that wasn't so bad, now was it?
Is your company running tools written by ma
This hasn't been news since, oh, Teddy Roosevelt was President.
"but there is just one slitght tiny problem with it - its been nuts" I mean FBI on all computers? eh? Is McAfee going to sell only in US from now on? If not - thank you very much, but i dont want weird agency from other country to go inside my computer. Not to mention that whole thing looks like privacy intrusion of worst kind. Yet another time for me to be happy to be under Linux wing. :)
If McAfee won't provide a way to fight Magic Lantern, shouldn't it be possible to code something that will detect it and kill it? It's not as though you're trying to build a complete anti-virus progrm; just something to find one specific file or set of files and delete them. While Joe Sixpack probably won't care, at least we nerds won't be spied on by the FBI.
Now the only difference is a badge.
This place is getting worse every minute. It reminds me of "V for Vendetta" comic book.
Sad.
Right. Thousands of hackers with no life haven't really improved the worm - its still in one form or another. The Fbi's idea is gonna fall flat on its face - What makes them think that they will be able to create a worm that will be undetectable? Once someone deiscovers it and posts it's signiture on the 'net its gonna be useless.
Do you honestly think that the FBI isn't capable of writing mac software?
autopr0n is like, down and stuff.
I wonder if this loophole is mandated by the CALEA, or under the PATRIOT act, or if the FBI/FCC will leverage the CALEA to encompass de facto hiding of snooping devices... I doubt mcAffee will stand up to the pressure of the FBI slapping an interfering with an investigation charge on them... Not that the FBI would stoop to such strong arm tactics... Welcome to 1984...
Pretend I said something meaningful or insightful here.
The way anti-virus software generally works is that it detects particular programs and patterns. This isn't like fixing a security hole or something, where a number of programs can be stopped with a single fix.
In this case, they'll probably just not write a detector for ML, and it won't get caught. If someone writes something similar to ML, they'll probably just test their detector to make sure it only catches the intended virus and not ML.
McAfee is in the business of stopping particular exploits, not of fixing anything. That's why people keep getting new viruses that aren't significantly different from old viruses.
Of course, ML doesn't seem to be designed to spread all over the net, so McAfee probably wouldn't do anything about it anyway, any more than they do anything about other non-automated security breaches.
There is no doubt that Macafee's mindless show of patriotism invites a new breed of free-to-do-as-they-will virii from everyone, including terrorists -- merely by attempting to appear to be the Golden Lantern.
But moreover, it shows an economic cluelessness, inviting competitors to provide a service they do not. Even worse, it is one thing to sell a "here's some filters, we're trying to keep the buggers out," program, but another thing entirely to sell one KNOWING that it will permit viruses to go undetected. That additional scientermight even invite litigation from companies injured by their recklessness.
In short, it is amazing what a little jingoism can do to get people to lose their minds.
It's only a matter of time before someone hijacks the progam and changes the hardcoded FBIs IP adress to one of his own, and voila, a new haxx0r tool for all scr1pt k1dd1es.... Normally this wouldn't be too much of a problem, but if it can't be detected your computer will join in the next large DDOS attack... or become a porn/warez server... or whatever...
Riiight. Just like making murder illegal has stopped it, or drug dealing, or assault, or car theft, or etc. And what happens (assuming they catch whoever's doing the illegal stuff) to the person who happens to be a foreign intelligence officer, or a person from another country with weak to no extradition laws. (sarcasm)I feel safer already.(/sarcasm)
When will people learn you can't preserve freedom and liberty by destroying it.
Is there any truth to the rumor that installing
McAfee antivirus software now will automatically
install the FBI's Magic Lantern virus without
telling anyone except the FBI?
You know what? I'm sick of everyone complaining about "invastion or privacy" and all that. If you don't like it then move somewhere else. How many more people have to be killed before everyone finally realizes that maybe the government eavesdropping is for the good of everyone.
Or else they would have the accumulated experience to realize that all this will do is catch _really_ stupid criminals. Funny that, though... the criminals that do the most damage aren't all that dumb. Smart ones wouldn't be likely to leave known exploitable services running (and if the gov't knows about the exploits, then so can the general public), and even _I_ wouldn't click on an unsolicited email attachment, no matter _who_ it was from, even my own mother. Great going, FBI... you've provided a way to catch really dumb criminals while creating a potential security hole that smart criminals will actually be able to exploit.
File under 'M' for 'Manic ranting'
Once everyone wakes up and smells their proprietary skunkware, ppl will ditch it for gpl in a heart beat.
It is because of the Fear of political messages in viruses, that congress has decided to tighten up the net. ie.. if they don't have control of a political tool, they'll work to make it dissappear.
We could look at this as a weakness for exploitation, but by examining MacAffee's pattern files, the fingerprint of the FBI's exploit could be guessed at, if not revealed.
What are they ignoring? Obviously the pattern files are scoured despite "Magic Lantern", but when you purposely ignore something, it tends to stand out.
You mean where the government can put you in jail for failing to turn over encryption keys? Where there are cameras on the street?
Yeh, by all means move to the United Kingdom for better privacy from the government, the US could use less idiots.
autopr0n is like, down and stuff.
Way to go. The FBI, in hopes of protecting the nation, introduces its mystical spyware to facilitate its enforcement. MacAfee, in its strong show of faux patriotism willfully places a security hole in its virus systems (and I have no doubt that some government backdoors is part of the Microsoft antitrust settlement).
Net result is that we have made an internet security infrastructure even weaker than it was before. While this overall approach is not likely to beat up on well-informed criminals and terrorists, it does weaken everybody else's system, making the nation even more vulnerable to actual cyberterrorism than it was before.
All we have done is to make a nation weaker.
It is naturally occurring, y'know.
The Army just happened to develop stronger strains of it.
This creates an interesting situation. As I understand it, virus detection programs use:
1) signatures -specific byte patterns which are searched for in files, and
2) heuristics - in this case algorithms which seek unlikely looking data to determine whether the user should be alerted to a possible intrusion attempt.
McAfee can of course omit signatures for this 'Magic Lantern' (ML) software from their database. However, in the case of the heuristics, avoiding user notification of ML requires either:
a) a weakening of the heuristic(s), presumably to such an extent that other viruses may penetrate the system or
b) the presence of a special signature in the McAfee software which (on recognizing ML) can 'override' the heuristic
Case (b) is interesting. If McAfee do this with a simple byte pattern search this will immediately provide viruses with a neat little 'binary tag' which permits them to evade McAfee's software
The alternative must be to use a cryptographic hash which can be used to identify ML but which cannot be readily forged by other virus code. Using this checksum technique also demands that the ML 'payload' remain unchanged. Very restrictive for code which needs to be stealthy.
But the most important side-effect of both of these techniques - and any others McAfee might choose to use, would be that it provides an easy route for developers to produce software which can check for ML.
In other words, McAfee cannot both provide useful levels of virus detection and avoid alerting the user to Magic Lantern without giving other developers a blueprint to locate it.
Programmers of the world unite, you have nothing to lose but your strings.
Haven't you heard? AG Ashcroft has declared Linux (and BSD and all other open source projects)to be Un-American. Anyone caught using Linux is a domestic terrorist, and can be shot on sight. No trial or appeal for you bastards.
What are you talking about? Anthrax has a documented existence of thousands of years -- presumably it has been around much longer -- having been a problem for the ancients right up until Louis Pasteur developed a vaccine in the 1870s. The microorganism was isolated by Dr. Robert Koch in 1876, who named it Bacillus anthracis after its accepted name of anthrax, from Middle English antrax carbuncle, from Latin anthrax, from Greek, coal, carbuncle. [1] It wasn't until WWI that the US started exploring the use of anthrax as a biological weapon. [2] All that we did was make it more portable. But to say that we developed something new and decided to call it anthrax? That's just silly.
n ary&va=anthrax
-Waldo Jaquith
[1] http://www.m-w.com/cgi-bin/dictionary?book=Dictio
[2] http://www.defencejournal.com/dec98/anthrax.htm
One thing about viruses is that once you are infected with one, there's nothing to stop you from disassembling it and posting the results all over the Net. All it takes is one netizen who gets hit with this badboy to blow that particular revision of the virus out of the water. And then a new version comes out.. and is disassembled. And again... And again.... repeat ad nauseum.
Who would have thought that underground virus scanners would be a reaction to a virus? This seems like it reverses the natural order of things.
Conspiracy mode on:
You know, this is a little too neat for my tastes. First it's made illegal to reverse engineer code (copy protection, in particular), and now the FBI wants to use viruses to gather intelligence for them. Of course, it's now illegal to reverse engineer said virus. Copy protection.. encryption. Perhaps the code of the Magic Lantern virus would be protected with a cryptosystem of some sort?
Conspiracy mode off:
Yeah. Like that's going to stop anyone.
Proteus' Child
Doko ni datte; hito wa, tsunagette iru.
A user account might be all that needs to be compromised. You don't need root access to read your mail, and you don't need root to make IP connections. And with facilities like cron the trojan could make sure it was always running.
We should all feel warm and fuzzy inside knowing that private software companies are willingly becoming wholly owned subsidiaries of the federal government. Give me an aspirin!
The only people they will be able to catch using this method would be script kiddies. I doubt the smartest and most evil hackers use windows for their tasks.
The Slashdot Effect: A new for
- Create message on machine isolated from any network.
- Encrypt message, then copy to floppy
- Load floppy on networked PC
- Send to all your buddies!
- Don't forget to take isolated machine with you when you leave your hideout...
Bad FBI, no donut!Yeah, right.
I said there was no text.
Sell McAfee stock the very fucking instant the market opens monday.
Oh, don't forget to unstall the lameware & replace it with the competition, too.
--
Spaz!
"Life is tough. Life is tougher if you're stupid" -- John Wayne
So how long before the FBI virus is modified to carry a different payload, almost identically matching the same visus (eg, MagicLanternA)? Will they detect this then, if it is no longer doing the dirty work that the original virus was supposed to do? Looks like an easy way to cause havoc to me...
The other antivirus software vendors
should jump on this too.
Then writing completely stealthy virii
will only entail embedding "FBI" signatures
into the code.
Does magic lantern require a search warrant?
Does this qualify as wire tapping?
Does the international cybercrime treaty apply here?
Can they install this virus on a computer in another country ? (where US due process may not apply?)
Just some thoughts.
and not purchase, nor recommend to anybody including my employer (2000+ PCs) McAfee's products. Or any other product that doesn't jive with what I want it to do.
Will be interesting to see what the marketplace thinks of this move when their stocks start trading again on Monday.
F-Prot isn't based in the States, and maybe they will provide the protection users want.
Would one be guilty of obstruction of justice if one were to knowingly distribute software which could interfere with law enforcement software? For instance, in many states, radar detectors are illegal. Of course in that case there is a specific law which covers them. I'm just wondering about existing laws which would apply to "Magic Lantern Busters".
And from an end-user perspective, would I be guilty of obstruction of justice if I detected Magic Lantern in my computer and deliberately removed it by, say, re-installing the OS from a CD-ROM? Presumably if Magic Lantern were installed, it would have been done so with a warrant.
This could be a real issue for people who run software like Tripwire. I'm not a lawyer, and I realize Slashdot isn't the best place to seek legal advice, but I am a bit curious if anyone knows of any relevent statutes or precedents. Of course Magic Lantern is too new to have a case history of its own, but does anyone know of related precedents or laws which might be relevent?
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
You can lock a UNIX box down tighter than a virgin whore if you know what you're doing. And with the current IT job shortage, I bet Don Parcheesi can find a pet UNIX geek or three dirt cheap. Or some trustworthy ones for a bit more.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I use filters for web, scanners for adware, virus checkers, back up programs, password safes, security tools and firewall software.
My computer is a warzone, as long as I have the tools I can win the war. I wonder how long before my tools will be outlawed.
-
Politics is the art of preventing people from taking part in affairs which properly concern them. - Paul Valery
I thought they'd install the virus for you with your next set of updates. That or MS agreed to add it with XP to get the FBI off their backs. Ho hum, looks like I won't be upgrading windos any time soon.
--Roy
Deploying Magic Lantern like a virus has a number of problems. As a virus, it will no doubt exploit some kind of security vulnerability, if not using backdoors created by the software company (No names will be mentioned to spare the obvious).
./uber_exploit www.microsoft.com
Companies have seen this so far, that when something so-called "secret" or "proprietary" is released out onto the internet, it is eventually reverse-engineered. Case in point, the SDMI challenge. Another case in point, CSS, and we ALL know the controversy over that one.
The point here is that whatever the FBI is using as a vehicle for their code will be uncovered, and used by someone other than our government. Its the makings for CodeRed on a much larger scale. Or, it's an invitation to leet kiddies, seriously, how easy would this make it?
[leet_kid@leet_box sploits]$
Government sanctioned security holes are bad. I've said my piece.
... like assuming the virus checker uses md5 ...
For all you know, it uses a simple 8-bit checksum.
If you voted for Bush you're getting what you wanted. He's a puppet for his father and the far right. So as your civil liberites slip away, as MS only gets a slap on the hand, and as we spend billions on a undeclared war in the middle east, say to yourself that's my Bush.
Sure I know you're saying, with 9/11/01 would you want Gore. I say if Gore was elected would there of even been a 9/11/01. Bush Jr is out to fix his daddy's mistakes and go back after Iraq and the middle east.
Are you kidding? US citizens have no rights. Lawyers and politicians have taken them away without us even knowing.
Nobody here has any right to complain about not having rights, because we all voted them away over the last 20 or 30 years. The USSA (United Socialist States of America) is nothing more than a nation of 260 million hypocrites and whiners, a bunch of slack-jawed, stupid, lazy, immoral rednecks who sue people for tripping over their own fucking shoelaces.
This country is a disgrace, and so are its people.
It's likely (if not certain) that some enterprising hacker will figure out how McAfee allows ML to slip under the radar, and will code an exploit of their own to do the same.
Now, if someone buys AV software and it lets a virus slip through, the shrinkwrap licence probably protects the AV vendor from civil suit - but if the vendor willfully put a hole in then a court might well find that the AV vendor acted in bad faith, which opens the door to large punitive judgements.
McAfee would be covered if the Feds had compelled them do to this, but given that they're volunteering then that doesn't apply.
Of course, it isn't going to be you or I suing them, but when Bluechip Inc. loses millions from an attack of "Tragic Lantern" or whatever, going after McAfee for actual and punitive damages will, I suspect, sound pretty compelling.
## W.Finlay McWalter ## http://www.mcwalter.org ##
This is Microsoft's wet dream... If the holes the FBI uses are unique, then the holes will be classified to protect the FBIs ability to monitor terrorists (therefore protecting national security). That means, they will have the ability to stop security exploits from being published in the interests of national security.
int func(int a);
func((b += 3, b));
Try zone alarm it is free! Or grab a *nix box and set up ipchains (or a secure equivalent). Or you can try one of those routers with NAT for your security.
I am actually planning on using alternate forms of authentication such as fingerprint scanning to help prevent such attacts. Does any one know of a *nix supported product?
We need to protect ourselves vigorously from crime. However, creating secret agencies who are able to commit crimes themselves is not the way to protect ourselves.
Already there is a serious problem with people committing some destructive act and claiming it was done by the CIA or other U.S. government secret agency. There is no good defense against this, because people worldwide know that the U.S. government secret agencies routinely break the law. How could it be proven that the FBI, CIA, or NSA, or some other secret agency didn't do a particular crime?
The U.S. FBI, CIA, and NSA are now worldwide surveillance agencies. They are supported by Americans who are not allowed to know how much of their money is spent on surveillance. United States citizens are not allowed to know what the U.S. government secret agencies are doing, so they don't know if the agencies are doing things they would now support.
The people who work for the FBI are often not smart people. They don't realize that trust is absolutely necessary in a democracy. They have often in the past not shown understanding of the other needs of democracy. They have often acted like secret police. They often believe in killing or other ways of being destructive as a way of curing some ill in society.
Now they will be attacking computers like the criminals. They will say that they are doing it only to solve crimes, but it is socially impossible to control this kind of thing. Once the principle is established that a secret agency can break the law, there is in practice no limit to what some people in that agency might feel "justified" in doing. Consider your own experience. When has the boss had complete knowledge and complete control over the actions of employees? Never. A company's only good policy is to hire open and honest people and to encourage honesty and genuine caring.
The FBI's influence will mean that the U.S. taxpayer's money will become a powerful force in preserving security holes, instead of closing them. Generally, this kind of software has had holes of its own. You may be attacked by a cracker exploiting a security hole created by FBI software. Governments will detect FBI snooping software and feed the FBI erroneous information.
This is all support for people who like snooping and sneaking. It is not actually a way to reduce crime. It is for adults who like to treat the whole world as a video game. It is for the kind of people who think of themselves as James Bond, who like the idea of being able to kill other people legally.
How U.S. government policy contributed to terrorism: What should be the Response to Violence?
Bush's education improvements were
If the fbi/any authorised agency/interpol/UN/cia/whatever logs your keystrokes if you have nothing to "hide" (terrorist stuff, not that porn crap). (I think this has been going on for a long time now.)
Actually Corporates should be be more concerned some cracker/hacker gets hold of the software and starts using it or sells it to the competition. wonder what mcafee will do then.
Next week's headlines:Also, I'm wondering how long it will be before some enterprising soul catches a copy of the lantern, analyzes it for a
Or better yet (for suitable notions of "better"), use McA to detect it, but rather than replacing it just install a script to fake a safe log for the FBI's reading pleasure?
Sheesh, evil *and* a jerk. -- Jade
Let's make it illegal to commit a crime. That's right, make crime illegal. And conspiracy to commit a crime should be illegal.
That way a criminal could be arrested for conspiracy to commit a conspiracy to commit a conspiracy to commit a crime to commit a crime to commit a conspiracy to commit a crime.
That will stop criminals and help our government catch them all.
I wonder how fast organized crime will switch?
Remind me to never open "Here's the important info you requested" email from AFriend@fbi.gov
One line blog. I hear that they're called Twitters now.
How long until OSS is banned because it is a clear and present danger to the national security of the United States?
Chances are they will have the program send the info to magicl.fbi.gov or something like this. Once this DNS name is well known it would be trivial to just add 127.0.0.1 magicl.fbi.gov to either make the program useless. The program may end up just storing data that it captures so if the computer is confiscated by the FBI, and it's infected with Magic Lantern they could just query what magic lantern has found to find out key strokes, etc.
Trust? Government?
These terms do not go together.
Power corrupts. I think we've seen more than enough evidence of that inside our borders. You don't have to go to the middle east to see how bad things can get. Just look at DC.
And don't think you as a voter can do anything to change it now. Any law that gives up control of the government by the citizens is pretty much set in stone, even if it contradicts an earlier law set to protect the citizens.
Freedom is dead.
I am seeing lots of conjecture about how virus protection needs to be altered to allow Magic Lantern to work. I guess I may have missed something, but two things come to mind:
Anti-virus systems are not firewalls or proxies. The heuristic scanning they do is against certain behaviours common to malware, including, but not limited to, self-replication. Certainly, that would not be a factor with Magic Lantern.
Does anyone have more that a pure bloody guess at what Magic Lantern is supposed to do, let alone the mechanics of it?
It just seems to me that a lot of theory is being built without any foundation at all.
just my two cents worth, of course
The TinWeasle: "Worming Out of Culpability since 1978" - Opinions expressed are mine alone, yadda, yadda, yadda
>I mean, Christ, the FBI isn't that stupid
You never read "The Hacker Crackdown", did you?
I can't even believe they were intelligent enough to code a virus, never mind anything else.
They obviously aren't intelligent enough to get around McAfee without providing them a copy of the virus, which will very soon be availiable to all now via connections on the inside (if warez groups can get -14 day warez, smuggling out a couple of kb is nothing).
But, maybe we'll just have to watch the fun go on. Fortunately, I keep my systems on fake IPs behind a firewall that only accepts SSH connections -- that way I only need to keep the kernel and SSH updated. No, I have the only account on the firewall, and no, I only login to do maintenance, no mail reading or any other "user" activities. I only run things compiled for source.
I suppose they could integrate it into some source code somewhere, but I'd probably find out about it in a few days. Same thing if the code made it into Linux install disks.
I guess the FBI can prove me wrong. Lets see.
I'm AC for a reason. I am glad they decided to do this at this time. I am in the process of renewing my corporate software contracts, and having a company that I am paying to *protect* my corporation condone clandestine acts, even by law enforcement, is unacceptable. Installing something like this seems to be in opposition to certain HIPPA privacy requirements, which we're required to adhere to. How can we comply with these new and existing privacy laws if the government keeps dropping these surprises?
What if McAfee or some other software vendor were to prevent the FBI software from doing what it was designed to do? Would that act be considered an obstruction of justice? If so, would the vendors themselves be held liable? It sounds to me like McAfee is just trying to remove themselves from this possibility.
Or perhaps the FBI has already threatened them with this scenario.
Furthermore, considering the recent revelation regarding the recent 'firehole' exploit, this tool could be a real threat, even if you are running personal firewall software. Of course, I doubt anything other than Windows will be targeted...
I can't help but notice you're using a pseudonym. You wouldn't be doing this unless you have something to hide; why else would you not give your real name?
Vintage computer games and RPG books available. Email me if you're interested.
the original release says that the virus uses common security flaws to crack into a system, then mcaffe not blocking the virus wont make a difference if you keep your system patched.
I refer to my previous post on this very subject a few days ago...
3 071
http://slashdot.org/comments.pl?sid=23995&cid=259
Skiers and Riders -- http://www.snowjournal.com
It just might work, too.
... oh... say...the past year of -1 posts from slashdot.
Find out what port they are monitoring. (most likely 31337).
When it wants acknowledgements of key logging, just send a quick banner of
If that isn't enough to keep whatever scripts they run busy for decades...I don't know what is.
Magic Lantern...meh...more like Magic Lampoon.
Don't worry FBI dudes...the clue^H^H^H^H truth is out there....
Have you read the moderator guidelines? Well, have you, PUNK? (and I want a Karma: Gnarly option)
Putting an exploit in a "kernel upgrade" could also work.
;)
Hey, maybe that is the explanation for why 2.4.15 is so buggy.
Just because it CAN be done, doesn't mean it should!
1. Somebody gets ahold of ML and uses it for a DoS on the FBI.
2. FBI requests help from hackers on solving the ML problem.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
US government decides to subsidize overseas OS development by crippling own industry !
This McAfee thing is a little troubling, but what really worries is what will happen once the spooks and the BIOS writers get together...
- Are these devices legal?
- Will they detect wiretaps placed by the police?
This is EXACTLY the same situation. What is the legal precedent?Why do you continue to post your ill informed nonsense? Has your dick not grown yet?
Really, people, if the schmucks want to use Windows and make life easy for the FBI pigs, then they deserve it. In the meantime, I'd like to see that McCarthyite pig Ashcroft put together a worm for FreeBSD that any admin with half a brain and a decent toolkit can't find and squish.
If the only way we can retain our freedom and security is to allow them to be taken away, I don't mind. Heck, I like that kind of thinking, and am going right now to ask my wife to help me regain my virginity!
Warning: This signature may offend some viewers.
- The security of an iterative hash algorithm cannot be any better than that of its compression function. (Source: Menezes, Van Oorschot and Vanstone, Handbook of Applied Cryptography)
- MD5 is an iterative hash function. (Source: Schneier, Applied Cryptography Second Edition; also, Menezes)
- Collisions can be generated in MD5's hash algorithm (Dobbertin, 1996).
- Dobbertin's compression-function collision algorithm executes in just a few hours on a 586 (Dobbertin, 1996).
- Therefore, collisions in the full MD5 algorithm can be generated in the same time or less. (This is known to be true as a logical consequence of what's already been proven; if anyone has actually used Dobbertin's attack on the full algorithm, they've kept quiet about it.)
... Next time, before you quote Applied Cryptography, you might want to ask a cryptographer what the latest research in the field is.Since The McAfee (i.e. Network Associates) also develop PGP, and PGP source code will not be released in future versions, I wonder how many (!) back doors they will be included...
When has the boss had complete
knowledge and complete control over the actions of employees? Never.
During the Industrial Revolution, many had to buy from company stores, live in company housing, etc.
And nowadays, H1-Bs can basically be deported by their employer.
Just because it CAN be done, doesn't mean it should!
Easy way to abuse the FBI's new Magic Lantern "virus."
Do illegal stuff online, and be conspicuous about it. If you are already involved in organized crime, this will be easy. Do all your stuff using PGP on a Windows 2000 base install. Regularly talk on the phone to your buddies about those idiot FBI agents who can't read your encrypted email. Make sure to do everything with LCD montitors so that the FBI has to crack the email instead of just tapping your CRT. Get a geek to learn a lot about virus operation so that he can regularly check the system and snag the virus.
As soon as the virus pops up, keep playing along. Send out encrypted crap messages that make no sense, and appear to be written in code words so that the FBI spends more time trying to crack THAT code after cracking the message. At the same time, decompile the virus and figure out how it works. Alter the virus to be self-propigating and extremely malicious, destroying all filesystems on infected machines and shutting them down while residing only in memory to prevent people from finding the virus on disk.
After a few days, set up an online store selling anti-virus software at $19.95 a seat licensing. Encrypt everything the program contains with the exception of an executable, so that no other virus company can figure out how it works without violating the DMCA.
Laugh at the FBI agents who are too busy trying to figure out what all your code words are to notice you raking in millions with a foreign company selling anti-virus software, move to Zug, and retire.
I admit, that scenario is a bit of a stretch. A more likely scheme (And what will likely happen very soon.) is a few good crackers decompile antivirus software from McAffee and Norton, both American companies that will allow the FBI virus through, and compare it with antivirus software from foreign firms, which will likely block the FBI virus to prevent the USA from spying on their companies as the USA does with echelon. Bingo, killer virus in no time flat, watch it take the world by storm. And before any of you bother to post about how the FBI will manage to keep all the details secret so that this doesn't happen, think about this; if the FBI could manage to keep a secret, we would not know about things like Magic Lantern and Carnivore to begin with.
I want to thank the FBI for fucking over America with their inability to realize the dire consequences of their poorly-planned actions. By doing this the FBI is screwing over:
1- All of the companies around the world, especially in the US, that will spend a ton of money dealing with the downtime caused by the first virus to exploit the Magic Lantern backdoors.
2- All of the American antivirus software companies who will lose market share to foreign software companies who do not leave FBI backdoors in their products.
3- Microsoft, who will likely be accused of leaving FBI backdoors in Windows, and who will lose market share when a virus sweeps the Windows world on a level that shames Code Red I and II.
4- All the Windows admins out there who will now have to rebuild all of their compromised machines, and switch to antivirus software by companies that do not leave backdoors for the FBI.
According to RSA Security's website, while Dobbertin's work did find weaknesses in the compression function of MD5, it did not provide collisions for the hash function in its entirety. This seems to be at odds with your first statement, but you are welcome to take that one up with RSA Labs if you feel like it.
Is your company running tools written by ma
Forget McAfee. The best antivirus software for Windows is Kaspersky Antivirus, and they are based in Russia.
Comment removed based on user account deletion
Makes you wonder what the real reason was behind Microsoft's settlement....could part of the terms have been to disclose "unknown" security holes to the FBI for use with their Magic Lantern spyware? Conspiracy theory is fun :) Big brother is watching....
I'm a little more positive. I hope something can be done. But it is VERY scary.
Bush's education improvements were
Dobbertin created collisions in the compression function.
The security of an iterative hash algorithm can be no greater than the security of its compression function.
This means that if you can create collisions in the compression function, then you can create collisions in the hash.
Dobbertin did not extend his attack to the full MD5 algorithm, and nobody knows quite why--maybe RSADSI asked him not to, or maybe Dobbertin wanted to give people a few years to migrate from MD5 to SHA-1 before he applied his attack to the full MD5 algorithm.
RSADSI is correct to say that Dobbertin did not break the full MD5 algorithm. But don't think that doesn't mean Dobbertin didn't break MD5 in half. By analogy, imagine a locked door. Someone comes along, picks the lock, and demonstrates that yes, the doorknob turns freely and the bolt turns. The lock manufacturer (RSADSI) says, "well, yes, Dobbertin did expose some weaknesses in the lock, but he didn't open the door."
RSADSI, by the way, nowadays recommends the use of SHA-1 as a hash algorithm instead of MD5. Given that MD5 is the brainchild of one of RSADSI's founders, I think that says worlds.
I for one hope that other anti-virus and/or firewall manufacturers opt to not ignore this poorly planned intrusive boorish spying mechanism, or choose to let it pass without warning the user, which leaves a HUGE hole in personal and corporate security nets. The Federal Government is obviously using "terrorism" as the new catch all for more spending, it is tantamount to the "communism" and the witch hunts in Salem, Mass. It is clear that our own government is insouciant to the basic rights of man, life, liberty, and the pursuit of happiness. The Washington overreacting machine is in overdrive now, in full kneejerk mode to enact stupid laws, that are not always easy to repeal.
Insert Sig Here.
I hate sigs.
I quit not long after that, as did a lot of other people. Whee.
It seems that FBI officers knew well in advance about the terrorist activities regarding Oklahoma, 9/11 and on-going events; the higher ups forbade FBI officers from shutting the terrorist cells down. Sounds amazing, but the lead lawyer responsible for the Clinton impeachment, (David Shippers), is representing FBI officers who are outraged by the corruption which allowed the terrorist actions to proceed when they could easily have been prevented.
Who is David Shippers? Here's a brief link explaining.
And after you've glanced at that, an interview with him regarding the above claims.
-Fantastic Lad
OK, here is another thought. It would be logical that "crooks" do some things in common, or share some electronic traits.
I mean, one could expect that they use encryption with a reasonable certainty. One would expect certain words or phrases to stick out (pertaining to the crimes being discussed).
That would indicate that ML could USE these traits in a heuristic fashion to TRIGGER it's own events. A simple (small) dictionary and a presence checker for PGP or similar, and voila!, you have a method to identify "possible criminal activity".
INAL, but it would seem that this pertains to proper warrants, which is part of the brew-haha over the current Electronic acts in congress, right?
The TinWeasle: "Worming Out of Culpability since 1978" - Opinions expressed are mine alone, yadda, yadda, yadda
This can help, but IIRC the context in which Magic Lantern was first mentioned was in catching a mobster. He *did* encrypt his files and apparently wasn't dumb enough to run random email attachments -- federal officials searched his house, and while doing so, installed the software. Granted, a BIOS password, encrypted boot partition, etc. would have slowed them down. Enough physical security (like most geeks ever consider that...) might have stopped them, but something like a room-vault would have been bulky and suspicious-looking.
''
1 )Magic lantern software will take advantage of one of the Windoze flaws.
2 )The flaws are the very kind Microsoft & partners are now trying very hard to keep undisclosed.
3 )The DOJ "threw up their hands" in the DOJ case and gave Microsoft a suprisingly sweet deal.
4 )The DOJ is currently led by the guy also responsible for loosening laws for the police, etc.
Q )Could there be a deal there? I'm a suspicious sort and it looks like the "appearance of a confict of interest."
It also sounds like the makings of a great FOI request to me. Any US citizens up for the challenge?
""
Wouldn't work. Not possible to keep secret, so everyone knows there are backdoors. That would pretty immediately kill any overseas market. China is already really skittish about MS Windows because they don't trust the Feds not to secretly have MS do exactly this. France jumps at the slightest possibility of US backdoors/monitoring. Most other countries aren't as extreme, but would be very displeased with something like this.
We can make their job easier. From now on we can all start by putting a webcam in each and every room in the house. Whenever an FBI agent or the IRS feels like spying on us, they'll just have to look at the webcams.
Well, I'm seeing a completely different issue here, beyond other people being able to craft virii exploiting the same holes that this Magic Lantern does. (Although I'm assuming that as security holes get patched, Magic Lantern will ultimately refer to a family of virii rather than any single virus; it's going to make McAfee's job of trying to explicitly exclude it from virus searches all the more ridiculous)
The thing that occurs to me is that, back when I was an easily amused kid I used to capture computer viruses, dissect them and study them. If Magic Lantern is genuinely going to be an effective way to retreive data -- and if it's a virus designed by a team of top-level professionals, which it is likely to be, then it should be so -- then how long a matter of time is it going to be before everyone and his mad bastard cousin starts to make copies of this virus and mutate it for their own ends? This seems like it would quickly become a valuable corporate espionage tool, and then a personal espionage tool, and then just a total disaster area.
The problem with this is, if they design a powerful cracking tool which by its nature must be primarily built out of code resident on the target's machine, it's only a brief matter of time before such software and any upgrades thereof enter the mainstream of black-hat equipment.
Frankly, I'm not looking forward to script kiddies with tools like this...
Remember Cringley's columnabout Microsoft wanting to replace TCP/IP with their own protocols? Imagine a requirement that American's only use software that the FBI can get at- and if that software ran on proprietary Microsoft protocols, the government could force American ISPs to block the older protocols that only criminals need anyway. Given that George Bush will likely be elected if he can drag on his "war on terrorism" until 2004 (Americans always re-elect wartime preisdents.), that leaves us with seven more years of a federal government supports Microsoft, supports John Ashscroft's assault on the freedoms provided by our constitution, and is not afraid of the political ramifications of extreme actions.
I think we all have a reason to be paranoid...
Just figure out how it sends data back to the fbi and make a new virii which sends gigs of garbage
"So you have all this incredibly nasty software sitting happily on some (criminal enough to get the FBI's attention) hacker's computer, conveniently within his reach."
Exactly.
They'll spend $30,000,000 of your money (if you are a U.S. citizen) on software to exploit security flaws. Then they'll broadcast that software free to criminals. This will teach some of the criminals how to exploit security flaws. Then there will be more crime. Then the FBI will get more money to fight crime. They will see this as a big success.
The CIA used this same method in Afghanistan. They trained Arabs in terrorism. Read about that in: What should be the Response to Violence?
How many criminals smart enough to use computers will be smart enough to run Tripwire, or some program like it, such as the one that comes with Mandrake? At least some, is my guess. Those criminals will know immediately that their computers have been compromised. The criminals will then use the compromised computers to write email saying how much they believe in law enforcement, and to send Paypal payments to charities.
Bush's education improvements were
Fuck their software, fuck their company, may as well say fuck the FBI too. The garbage they peddle will never *ever* finds it's way onto any network that I am remotely involved in. Nor onto the boxen of any of my friends or family.I reserve the right to fight back when *anyone* messes with one of my computers or one of my users.
The time is coming when we will have to fight to protect our basic rights in the USA and probably in other countries as well. You may as well decide now where you stand, either you will stand up to this kind of abuse or you will bend over and take it like a good joe six pack should. Freedom in this country is in serious peril, if you value yours you will take this kind of action seriously and start thinking about what you can do to protect your rights. Hint: the government you elected is not going to do it for you.
...Come Monday, I know what I'm doing. Having a "Sit-Down" with a few Big-Wigs...
I've been using VirusScan for 4 or 5 years on my machines (Servers and (l)users) at work. This is the last nail in the coffen, for as far as I'm concerned (scan.exe --> bootscan.exe anyone? Which is a minor nit-pick, but still...). I've had a good amount of problems with (now) NAI's stuff over the years, but they've always held true, for as far as I've ever needed then to be anyway.
This scares me. *NOT* that they are opening their mouths and letting this trojan in, but that they're letting this TROJAN in. And to think I convinced my company to renew the subscription just a few months ago...
Man, I don't know how I'm gonna pull this one off, but it's time to switch to something else.
I'm not a prophet or a stone-age man,
I'm just a mortal with potential of a super man.
Well, since most readers are most likely open-source enthusiasts, I would like to say that an obvious solution is not to use McAFee and only install software that you have faith in or that you compile from the source. This is a damn shame that this retarded crap is happening.
I would also like to point out some problems I foresee. What will stop the FBI from hacking into my pc here in Canada if I install McAfee? Is this not outside of the FBI jurisdiction? Will software developpers only create software that complies to US demands the and sell it the world-over.
You better believe that in the near future more and more people will have a pc bundle and only use one (clean) pc to use the net (disconnected when not in use and removed from the network when in use) and use the others on a network to remove all data from that pc and store info. Essentially, if the trail of wires leads to and pc hd and its powered, it'll be your fault for letting the FBI access the info.
I guess we finally realise that we have no rights. Its just wishful thinking on our parts and propaganda used by the governments.
-I wish I could be sure that my thoughts werent being monitored.
-My own tragic Hero - GoV
Does this piss you off? Would you like to join forces with others who oppose this kind of Government abuse? Then go here and get involved:
http://www.lp.org/lp-golden-key.html
Microsoft, Zone-Labs, and other vendors of firewall and intrusion-detection software have announced their products will not interfere with the operation of "Magic Lantern".
Hmmm, you think this isn't already happening? I wonder what the "NSAKEY" string means in windows?
gee, the warshington post offers to "e-mail this to a friend", wonder how the printer friendly version looks like... C_nemo -------- wondering how a nuclear submarine would make the coolest nightclub ever
If we want to put out various conspiracy theories, we can always assume that the DOJ and M$ have gotten together to allow.
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
Oh wait... I did once under win95, when it killed my system (isn't that the job of a VIRUS anyways? :) ) I've been on norton since then.
Now the thing that scares me the most is that norton will probably pull the same thing... it starts with one hole, and you end up being the big ass at the end ;)
Now let's picture this (sorry if it's redundant)
First, your job is to kill viralware, now you blattanly say you won't...One MAJOR loophole is just what it takes to pull another redalert/codered/etc type of attack...
Second, how many time do you think it will take for ANY hackers to find that bitch and slap it? how many milliseconds after that will it take to make a load of varient based on that same code that passes right thru the system you're supposed to protect?
Before I didn't really see the need for open-source stuff, I didn't NEED opensource tools to do my job, the commercial alternative were cheap enought to be worth the timesaving they would bring me, so you can picture me as a Blind Microsoft cash cow IT administrator, but with enough IQ to pull out when we milk me before I can even eat my wheat (goes well with my nick, no? :)).
The IDEA of my comment is the following: The more I see this stuff going, the more you're completely losing my trust, hense, my buisness, I've started learning NetBSD to replace that new Microsoft Firewall server that I was supposed to buy when I've found out it was as bad as the rest of Microsoft's product security-wise (i.e. Codered infecting your supposely secure firewall, you would have thought that even if it's using windows technology, they would have worked out the loophole for that expensive product). Now I know that viruses can go thru a firewall, but INFECTING your firewall server at the same time? and spreading across your users as well? that's bad :) it's even worse when you get hit twice within 2 months with about the same virus!.
Now, this is making me losing my confidence in a product... but you might give them a chance, you've invested enough and a lot of companies depend on their software so you'd assume that they would address it quickly and do their best to not pull that kind of thing a second time, but what's next, product activation (A NIGHTMARE for administrators that do upgrades to users from pro to developper or to upgrade their machines and putting the older one with something that let's say doesn't require Developper but the small buisness license could do).. anyways that's just an example, I've boycotted windowsXP after my horrible officeXP XPrience, and if major companies continue pulling that kind of stunt, they will create their own recession. I won't put the company I am working for at risk because some guy somewhere chose to blattantly put holes in every single security steps. If you want a backdoor to hack, a lot of kids will find the keys, and they will drive it down the road till they hit something, I won't risk the company's IP because of people that are powertripping somewhere.
And besides, the point of a SECURE SERVER/FIREWALL/DESKTOP/OS/NAMEIT is to have 0.00000 Known defect, putting a hole into it makes it NON-SECURE. If you want to fool customers and do false advertising, you can continue using Secure desktop terminology, but if y a virus writer goes thru that security hole of yours and smash systenms and posts it publicly, you will get Shafted so bad by a class-action suit that you'll be sorry that you ever made that decision! This is so depressing, someone should really start doing an opensource antivirus software for the win32 platform, seems like there's a nice new niche here.
I wonder where all this will stop.. speeding photoradar, gps phones, encryption backdoor, spycams everywhere, IP confidential mail getting opened "in case there's some anthrax"?, phone tapping without court approval, carnivore, heh , heck, with this logic, I can see the day where having a dildocam on every dildo or condoms be mandatory in case you're hiding drugs somewhere... :)
I'm wondering how long it will be before some enterprising soul catches a copy of the lantern, analyzes it for a .sig, and then tells the (under)world how to add it to the McA virus list by hand?
Probably the first time that the said "enterprising soul" gets put under the FBI microscope and has the FBI trojan/virus/whatever uploaded to his computer. When the lights flash and the alarms go off (smart enterprising soul) then said soul says, "Ba-da-bing!" and rips 'er apart, writes a report, and publishes it in Bad Guy News.
If you're a zombie and you know it, bite your friend!
Slashdot munged my last post!
To put out various conspiracy theories, we can always assume that the DOJ and M$ have gotten together to allow a "hand-slap" judgement/settlement in return for expressly putting such a back door into XP and it's ilk. Something along the lines of the "NSA Key" that made the rumor rounds a year or two ago.
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
Chances are that the FBI won't tell the virus companies the virus's signature, since it's not important. The FBI program is not a virus. It's a trojan-horse. It doesn't try to infect other files. It doesn't try to infect other computers. It doesn't set the local machine up to be a DDoS client. The anti-virus software wouldn't find it anyway. In order for a virus to be found, it needs to either have a known signature (i.e., be a well-known virus) or it needs to do suspicious things (like attaching itself to other files). The FBI isn't going to write a program that can be detected by any commercial anti-virus software. In fact, they will write their program specifically in such a way that it does not set off any anti-virus software.
Instead of believing in to the hype that Slashdot has come to like, let's look at the situation(s) more closely. My main questions spawn from ponderance of the WHOLE situation. These questions I plan to adress.
1:Why did MCafee allow this trojan?
2:What is the FBI's purpose in creating this tool?
3:Why did the FBI tell?
4:Who is this tool targeted at(main classes of criminals)?
5:How will other anti-virus companies look at the FBI's choice?
Well, lets consider the targets first. I see the most common groups targeted at are drug dealers and computer _criminals_. It's safe to say that the Computer criminals probably will not be caught in a trap like this. The FBI's main tool is believed to be a windows executible however, don't make rash belifs that the FBI hasn't considered a *nix tool yet.
The main mode of transport is that of a binary segment sent over email. Since Outlook is the most popular form of email client, Outlook buffer hacks that 'autorun' binary code are the best transport. Next off, who said that the FBI would be sending data back through the Internet or do any dialing? If I wrote a tool like that, I'd store data (keystrokes, logins/passwds, 'certain sites') in a secure place of the computer. I'd aim for the segment after the bootsector code. There's plenty of space for a few KB of the 'best info'. The FBI would raid the machine anyways, so sending back data is useless (trace of tcp/udp streams would be evident).
However, I question why the FBI even told here. Thier purpose is to catch intrastate criminals and investigate bad political dealings. I'm questioning if the FBI even has this technology. I'm much more scared of a hardware dongle that has 5 megs of storage capibility. Those types of entering have been cleared by the courts, providing the correct documents have been presented. Malware is going to be caught, unless the FBI destroys the data before the criminal sends it away elsewhere.
The last fields of questions deal with the AV companies themselves. Why exactly did MCafee do such a thing? Perhaps they have no choice. There is such a law called Obstruction of Justice. If the AV companies do not allow some sort of loophole, they could be tried in a court of law. Most of you Slashdotters would say "So What", but this type of court battle would lead to either horrendous losses to the company, and eventually having to put the anti-FBI code in, or the destruction of the company. However all is not lost. There is more AV companies outside the US. They WILL defend thier rights to no FBI code in thier computers. I mainly count the Russian AV coders to somehow get the code and track/kill it.
Flat out, the FBI will fail only because of public outcry. They will catch a few criminals and will parade around saying how the US is a better place without the 'scum of the Earth' around. However the worst thing people could do is to assume that the FBI is stupid. They have already addressed most of the questions, better than that has slashdot crowd.
Would they let us know that?
Josh Crawley
Don't worry, I'm sure Loonix has plenty of flaws to exploit, and I'm sure the FBI knows of root hacks that exist in the kernel right now that nobody else will discover for years. I've gotten my Loonix box rooted on a couple occasions by rogue hacker kiddies (no not crackers, they may not necessarily be all whiteys). It's funny, nobody's broken into my Windows machine and yet the open source people tout the open source model's anecdotal high security and high stability.
How can anyone trust anything NAI produces anymore?
I doubt very many people with a clue did even before this. But at that time their rather powerfull marketing machine was able to keep the $$$ rolling in from joe blows buying computers with the software pre-installed and computer "hobbyists" who think they know what they are doing and recommend software like McAffee and NAV and so on because the names are well known.
"No nation could preserve its freedom in the midst of continual warfare."
--James Madison
.
offtopic troll tending.
virus is, in latin, a mass noun - similar to how 'air' is considered a colective noun in english. you do not breath 'an air', you breathe 'air' (although you can breathe 'an air _molecule_' if you're unfortunate enogh to find yourself in a very very very low pressure zone). such words, in latin, do not get the usual plural suffix transformation us -> -ii, because for all practical purposes they are already plural.
a radius is a single thing - either a straight line that joins the centre of a circle to any point on the circle's perimeter, or the measured length of such a line.
so, for latin,
radius -> radii
virus -> virus
english speaking programmers borrowed a word (aptly, i suppose) originally intended as a mass noun to identify a non-mass noun. it seems safe to say that the 'rules' of latin don't apply. use the most convenient rules - i mean, if i invent a new word to identify something (i.e. i went downtown to buy a florkus) people would justly call me pretentious if i said i was going downtown to get ten florkii. and they might question the wisdom of buying ten florkuses when RAM is so cheap these days.
so, for english,
virus -> viruses
air -> air
i am not a linguist. pedantry for everyone!
united states nuclear device terrorist bioweapon encryption cocaine korea syria iran iraq columbia cuba
It seems to that there would be two ways. The first way could be to just not scan for programs that look for the hole the FBI uses. Or, it could look to see if the attacking program is the FBI program, and if so let it in.
If the take the first way, then any program can exploit that hole. This means that if we see a hole that McAfee doesn't cover for an exceptionally long time, then it is possibly the one the FBI uses. But more imporantly, people will get peaved at the when McAfee fails to protect the from virii.
If McAfee checks if the attacking program is from the FBI (say by look for a specific string or signature), then it should be reasonably easy for any competent hacker to figure out how a hostile 3rd party program could take advantage of the FBI loophole. Of course, said hacker should preferably be a respectable academic, and preferably a foreign national with no imeddiate travel plans to the US.
But, it seems that if McAfee really is cooperating with the FBI, then in the not too distant future their software will be torn the threads, and perhaps they will loose market share.
Of course, we don't know that Norton and other haven't done the same thing, but with less publicity. I wonder how feasible an open source virus scanner would be.
Of course, in this day and age, do you really need a competent virus scanner, instead of just good OS security? I mean, how often are unix boxes compromised in by programs with no local access in ways that a good firewall would have prevented? Although, we also would have to worry about no exploitable holes that a program run by a user reading email could take advantage of...
Well, boot sector and related virii seem to be pretty much dead, especially if you use linux, netbsd, etc.
I'm a loser baby, so why don't you kill me.
Agreed. Also, even if we were to use the Latin plural, it would be "viri" with one "i," not two. The reason "radii," the plural of "radius," has two is that the "us" is preceded by an "i" already (the stem of the noun is "radi-").
Mcboboche
Wowoche, ur 2 cool-aliscious.
As a solution to this problem:-
I was wondering if there is a open source alternative to traditional Anti-Virus software. If yes, I am confused as to who would take care of updating the virus defition files etc.. is it practically possible?
As you can see LOOP-HOLE cannot be left in an open source anti-virus software (if one exists... alteast in works).
regards,
JayaBharath
By openining McAfee up to the "FBI Virus", they are obviously opening it up to any "similar, but malicious" viruses. The only way to guarantee that it will work, it will have to be able to compare the virus byte-for-byte with the FBI virus. For it to do that, it must quite literally have a copy of this virus buried internally in the virus definition file. Since you have a copy of the virus coming packaged with McAfee, why doesn't McAfee just INSTALL THE VIRUS when requested to do so by the FBI. That would solve the probelm of allowing other "cracker" versions of the virus on to the system, since they will be installed locally by McAfee itself... Of course, this makes no sense for an anti-virus company to be intentionally installing viruses, but whatever.
"Your superior intellect is no match for our puny weapons!"
Remember the millionaire Software guy who helped build java, went to work for Disny, and then got ousted as a pedophile by the FBI?
Well supposedly he's in on building FBI's new cyber crime fighting software.
A lot has happened since the 1980's. I'm sure the FBI is capable of hiring some mac/linux programmers
autopr0n is like, down and stuff.
I think all this criticism is silly- obviously the virus is smart enough only to infect your computer if you're a terrorist and will compromise your system _only_ to the FBI via some flawless authentication mechanism. All in under a KB, I'd guess.
I'm not sure why this is such a huge factor since most spyware is not discovered by virus scanners. I just see this as an opportunity for people to look at proggies such as Ad-Aware to deal with these "straggler" backdoor programs purposely eliminated from virii protection.
I know somebody there and think I'll ask them if they are planning on making security holes for every local law-enforcement agency. Could be a money maker but somehow I doubt it.. if it was China they would probably have to allow the government to install keyboard loggers on your pc through this Patriotic Remote Exploit facility. Unfortunately Japanese nuclear power plants are running Windows 95 as far as I could see from a recent newspaper photo.. (+3, Cynical, Despair)
Me thinks I'll set a NIC for promiscuous mode and scan for packets being sent to fbi.gov on my broadband network. I'd be interested in who in my neighborhood the FBI thinks is a terrorist too. Maybe it'll be me! After all, I'm a white Protestant farm raised male who believes that Revelations ain't far away. As I understand it, that now makes me a terrorist suspect! So much for One Nation Under God...
How many people got that? =)
Please correct me if I am wrong, and I'm sorry if someone already said this. I believe there is a simple solution to keystroke logging: MS-DOS windows don't have a message loop, which prevents the ability to log keys that are typed into them. In other words: use encryption software that runs under a DOS window
<sig>what-mib-says | mib2english</sig>
...that fedz haven't implanted their spyware directly into the Windoze kernel? Perhaps this could explain why US legal system is so tolerant with MS (in exchange for their "services"). And now they leak this info to ensure you that cooperation with McAfee is the most intrusive thing they've ever came up with.
Fuck you, this is why we use Linux (or *BSD). This kind of shit (FBI viruses that send info off of your computer or crack crypto keys) will NEVER happen on my computer, which will always run Debian. Maybe there will be something that works for Red Hat or other commercial distros, that those distros choose to 'ignore', but Debian will never do this (nor, I suspect, will Free/Net/OpenBSD). If there ever is a Linux virus/worm from the FBI that does this, Debian developers will notice and find a way to prevent it, probably within a day or 2. Help yourself to your AOL^H^H^H^HWindowsXP. I'll take a truly FREE OS any day of the fucking week.
/.: why the hell am I here?
Virus scanners frequently employ the use of heuristic virus pattern matching -- that is, defining something as a virus because of the actions that it takes. If the behaviour of one virus matches another known virus, a virus scanner should detect that virus -- therefore it shouldn't matter what version of some virus a person has, so long as the behaviour is relatively the same.
Kaspersky Antivirus (KAV, sometimes known as AVP) added badtrans.b/badtransII to its database today. Even more, KAV updates are free; no subscriptions are required.
http://www.avp.ch to anyone who's interested.
so, for english,
virus -> viruses
air -> air
So why does virus break the us -> ii rule? That didn't make much sense. Virus isn't a mass noun in English.
Or in english: peers don't fight among themselves. @ least that's what McAfee thinks they are: some big, respected corp. that's part of some really cool club. So if you're not part of it well, sh*t on you: BO2k the most complete remote administration kit was deemed a haker kid worm ("...industrial espionage...") but FBI's script kiddie stuff no. Well don't worry folks... the world is full of brilliant black hats eager to get their pockets lined of green just to make shure your criminalia laptop is secure. BTW... Totò Riina, the most ferocious Mafia leader of the past decade (he ordered multiple terrorist bombings in Rome, Florence and killed two of the most active investigators Falcone and Borsellino) is an ignorant thug... I doubt he can even use a cellular phone!
Mi domando chi à il mandante di tutte le cazzate che faccio - Altan
the plural could also be "vires" if it was a group 3 noun in latin....
I`ll get me coat..
I was working with the CS Department at my school on this research project for DARPA. Basically it is a self-learning IDS program based on data-mining techniques. How it works is that it sets up a number of different sensors within the computer. When something fits the footprint of a potential intrusion, it marks it as such. Then it creates a model (or virus definition) for the intrusion.
By using this technique, you limit the amount of work that the developers have to do.
_______________________________
"I'm not Conceited...I'm just a realist..."
Do our constitutional rights even exist anymore?
.45 in my pocket, the constitution says I can, the government tells me I'm breaking the law......
:)
Owning a weapon is a priviledge, let alone owning a weapon and carrying it on your person. "The right to bear arms." You need specific reason now to carry a concealed weapon, why is that? I'm an american citizen, if I want to carry a
Sorry using an example of the breakdown of our constitutional rights.
This really disturbs me. Between Carnivore and now Magic Lantern, we have pretty much given up all rights to privacy on the internet. I know that most of you will say that its been likely that the government has been monitoring traffic for some time anyways secretly, now we are publically accepting this as "ok in the name of our safety." Don't think they monitor your cell phone calls? Explain how they got voice recordings of the conversations of the doomed flight to Sommerset, PA.
This is disgusting. We are just handing over our freedom and very few people are saying a word. Funny how not all that long ago, the Supreme court ruled that aquiring search warrants based upon thermal readings from a house was illegal and yet they haven't said a word about anything the FBI has been doing.
Its really fscking sad that the alleged "war on terrorism" is really just a lame excuse to quickly remove a good deal of our rights. People in New York City are being searched randomly in Manhattan. What the hell is that? In 10 years can I expected to be searched if I walk down my street? If I have something illegal, is the search unreasonable, or does the court care more about me just having something illegal? If our phones and computers are tapped (lets assume for the moment that they are for the most part) where does the government stop? They can see what I am writing and talking about....why shouldn't they be allowed to see what I am doing in my home without a search warrant? The best part of it is, nobody would even know if they were being watched. I know this has been something people have complained about over the years (as the government has slowly crept into their privacy), but now its really in our faces. 1984 is not very far away indeed.
Let's take Magic Lantern for instance. If one were to disassemble it, it would violate the DMCA ruling. If one were to circumvent it (which likely anyone in their right mind will), the techniques used would likely violate DMCA. (Remember Skylarov?.....)
Can anyone think of software they might use that might possibly violate the DMCA ruling? I can think of a few, and I am not talking about cracking software. Also this makes me wonder about Windows....does DMCA make WINE illegal?
Indeed, the whole issue is a lot like a runaway train coming down the hill. People see it from the distance and don't realize how dire their situation is and eventually the train comes pummeling down into their sleepy little town and destroys it. I wonder how long before we lose all faith in the government entirely. Too bad we decided that we are too weak and lazy to take the government back into our own hands. What's so sad is that the more disillusioned we become with our government the more likely we will feel that it is out of our control. Judging by the recent elections and the completely disgusting turnout, it seems we are just about there. What do we do in 10 years when we don't even have enough voters voting to elect an official?
Its really time to either:
A) Do something about the slippery path we have slid on
or
B) Walk away from it, buy a huge ranch/estate/tract of land, start a community of like minded individuals, and ignore what the government does. I suggest some western states that do not tax their land so you can totally live government free.
Just some random infuriating thoughts I've had lately.....
Zos/Xavius.23
zos[@]winwood.net
Art is the realization of truth - AOS
zosxavius photography
Yes you can! Their signatures bytes are *not* Hashes but simple opcodes series. Can you imagine the time it would take so MD5 SUM files when scanning ?
Anyways, their software can be resumed to a simple loop searching for paterns of bytes.
Btw, McAfee are SPAMMERS! I received spam from them by the mail and i did not ever give my address to them !
How about this argument?
Microsoft has been convicted of being a monopoly that illegally uses that monopoly to extend it's monopoly itself into new areas. The conviction was upheld unanomously by the appeals court.
Seems to be a pretty good argument against Microsoft to me.
So what's the plural of mongoose?
Suggestions:
mongeese
mongi (maybe it's a mispronunciation of mongus)
mongooses
???
Relax. As as soon as someone manages to design a virus to exploit the hole, McAfee is definately going to find out that shoddy software doesn't pay.(At least McAfee users will.) I guess right now it just leaves most of us wondering, "Why produce virus software designed to let viruses in?" (Which if you're McAfee or the FBI must make perfect sense in a perverted sort of way.)
What's in a Sig?
Of course McAffee et al wanted a signature for the thing, and this was the best way to formulate the question. Besides, now they can produce a spevif Lantern-detector, and sell under the counter for a high price - and sell the names of the buyers to FBI. Ah the beauty of the free market...
In Murphy We Turst
Anybody know if F-prot is going to follow McAfee's example? Considering the fact that they based in Scandinavia?
Outside the US of A, many countries have strict laws against assisting foreign powers in their spying, and rightly so. I suppose knowingly installing backdoors might fall under such clauses. I would not dare to install or recommend installing McAffees scanners on sensitive networks without seeking legal advice!
In Murphy We Turst
Land of the free my ass. Talk about privacy invasion.
If the news reports are to be believed, the FBI is merely taking advantage of a loophole people have known about for years - keylogging.
Most keyloggers don't get reported by most "virus" programs. I think Norton AV does, but then again its "Corporate Edition" might not - keylogging is something a lot of corporations do, believe it or not, and that might be against their target market.
People really concerned with privacy should be using software with anti-keylogging features, which on Windoze machines includes products like Scramdisk (freeware! and with crypto module plug-in support, though not fully tested by the community), its successor DriveCrypt (commercial and untested by the community so far, but made by people who maintained Scramdisk), and I think possibly BestCrypt(commercial but tested somewhat). These all have the ability to mask input against keylogging, to varying degrees. Read the documentation and enable it.
And again, remember. For them to use the keylogger, they have to install it on your system, and have some way to retrieve the info.
Practice good data hygiene, like you should be doing anyway, and you should be fine. If you want to test whether the programs mask effectively, install some program like Back Orifice and have it log while you create and mount containers. If the log shows your password, obviously it's not working.
I am 100% positive some dood out there will create a small app that will detect(and possibly remove) magic lantern.
If i were a criminal i would make sure i would have such an app.
As will most smart criminals.
So magic lantern would only catch stupid criminals and spy on innocent citizens.
So how effective will the FBI`s lantern really be?
Gee, and you wonder why Phil Zimmerman, the creator of PGP, left NAI, aka McAfee? He saw what NAI was turning into. http://web.mit.edu/prz/ All users, even Linux users, could get this new FBI ML virus if software companies are forced to include it on their CDs. Remember, the FBI is reading these messages.
I have a couple questions on this one.
1) I'm aware of some utilities/scripting that can be done under *nix to check for unauthorized modifications to filesystems, is there a similar utility/scripting that can be used for windows ?
2) Are there any lawyers out there familiar with the legality of *actively* defending ones private computer against unauthorized connections/intrustions ?
I.E. : systems notices trojan, locates where it's sending it's traffic, broadcasts a 'cease and desist' warning, then floods the bandwidth with garbage data, or something more destructive. (Run script, root the attacking box, rm -rf / )
Supposedly we have the right to bear arms. Supposedly we have the right to defend our homes from intrusion. I'm wondering if such active defense of one's own computer and data could plausibly fall under 'home defense'.
More likely it would fall under 'hindering prosecution' or 'domestic terrorism'.
Or, could just develop a script that detects said trojan, and instead of sending keytrokes it just sends a billion instances of "Your mother's a $2.00 whore."
Don't like foreign gevernments snooping on my PC here in the UK at all.
So why bother make one?
Now maybe you are more free in Afganistan
How do this go with the DMCA?
Maybe that is a stupid question because
I think US is looking more and more like
soviet union, the only diff is they not
calling themself communistic
When everyone keeps calling multiple virus, virii, guess what's going to happen?
Yet another exception in the English language. Chill, the evolution of the language is happening before your eyes.
Democrats or Republicans. They are both taking us to the same place and they are not afraid of us anymore.
You didn't read the article.
You can start reducing violence by being less mentally violent.
Bush's education improvements were
Of course you remember to shield your system so that it does not leak telltale signals while your message is in clear text. ;-)
Show me one remote root hole in the latest version of any commonly used Linux software.
It's hard to be religious when certain people are never incinerated by bolts of lightning.
...if the bad guys have a BlueTooth keyboard and/or mouse, since it's broadcasting every key stroke and mouse movement. A high gain directional antenna and amplifier will let them "target" a home miles away.
Can You Say Linux? I Knew That You Could.
So now the government can spy on us and the anti-virus programs will ignore it. Um, I thought those things were to protect you from spyware? I think I'll get a new virus scanner.
Somebody will post the FBI virus/trojan on some web page, Slashdot will link to it and everyone will have a good time owning some FBI's official stuff.
Excellent! Here FBI...How about you french-kiss my ass!!!
You're using her as bait, Master!
I quit using Mcafee a year ago when I installed it on a new computer and started experiencing lockups and strange behavior. As soon as I removed Mcafee the computer ran perfectly. Now when a get a support call. I ask are you running Mcafee? 99% of the time "yes". Remove it. Problem solved. This is just another reson to avoid their crappy product.
The road to hell is filled with good intentions.
All to often has something been done with good intentions to only become used wrongly.
Whatever we make, we can break, and that includes FBI/CIA/NSA/etc.. spyware.
So the reality is not one of catching the bad but rather removing the incentive of being bad.
As an example, take a close look at:
What the World Wants
Imagine that! We have enough resources from world military spending to solve major world problems not once, not twice, but three times over.
Hmmm, guess that means I just busted them all. And I didn't even need spyware (MAD - spy vs. spy) to do it.
Well, quite a few posters above did say those who work for such organizations as the FBI/CIA/NSA/etc.. aren't very smart. Now everybody has proof.
.
Why not ship the sniffer with McAfee?
So we do not have to double-click that stuff in the first place.
You think they don't already (in certain cases)? Search the Web for " promis backdoor" and read some of the stuff that comes up.
This same question came up with Back Office vs. Back Orifice. Because Microsoft was a "respectable" company (and because it costs money), antivirus companies decided that Back Office was a legit remote network administration tool. However, when the "hacker group" cult of the dead cow released Back Orifice, the antivirus vendors decided that, even though Back Office could do everything that Back Orifice did, because it was free and not released by a corporation it should be classified as a trojan.
So, besides magic lantern, you could have the SMS part of Back Office installed, too. And with its weak encryption, it's a greater security risk than BO2K.
More BO2k docs and info
HIV Crosses Species Barrier... into Muppets
Excuse me, but if a company sells virus-detecting software, and it contains code that explicitly ignores certain viruses, wouldn't this be an open-and-shut case of consumer fraud?
If I were working at McAffee, I'd probably be trying to make sure that their legal staff is working on the problem of a disclaimer in the fine print that covers this. And it would have to be worded in such a way that most purchasers (including the legal staff of corporate purchasers) wouldn't realize that the disclaimer is talking about the fact that they are knowingly making their product fail at the sole job that it's purchased for.
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
huh? i don't follow your argument.
macaffee wishes to foist on the consumers a product that, by design, _will_not_ do what it is supposed to do - stop programs that you don't want to have on your computer from being on your computer. they want to (a) do this as a matter of policy, and (b) be seen to have this policy.
at which point, any other competing product picked at random has a better chance of being superior. spending time looking for the one that actually is better ( because some truly lame programs exist) is now time not wasted.
happy happy joy joy shopping time.
united states nuclear device terrorist bioweapon encryption cocaine korea syria iran iraq columbia cuba
Say some company does the right thing and refuses to comply to these government demands, won't they just pass a law making it mandatory for commercial virus detectors to ignore FBI originated viruses.
I don't see how we can win this battle, this is no longer the home of the free.
-Mark
A score of zero?
I though it was possible to mod up anonymous posts, or am I wrong in that assumption!?
Unfortunately I'm out of points, but the parent post, I think, deserves more than zero since it does point out some truths.
In a society that believes in nothing, fear becomes the only agenda ~ Bill Durodié
legally obtained, back by due process and according to the established laws based on the Constitution and the Bill of Rights... then it is ok, by me.
Ha! This is precisely why I never install anti-virus software....
I'm so clever.
There are definitely some things I want to keep private from most people... although if the FBI found out some of my "secrets", I don't think I'd be that upset.
And I really am curious as to how they would react to some of my secrets... although I wouldn't be too surprised if either:
a) They just didn't care / were neutral about it
OR
b) They wanted to do "experiments/testing" on me (but I would probably want some compensation for the latter, although it wouldn't necessarily include giving me money, as I consider certain other things more important).
to check the signature, the software needs to have the public key.
It is possible to extract the public key, and then check every binary data on disk for signatures with that key. If you found souch signed data, you probably have also discovered the FBI-Spyware.
Therefore it would be trivial to detect such signed Viruses.
virus -> viruses
air -> air
But on slashdot we would say "virusen" as in:
Box - Boxen
Linux - Linuxen
You make the mistake of thinking you can educate the fundamental stupidity out of people. You can't.
Come'on, people. Before you get all upity about what a closed source company decides to do as a business decision, why don't you write your own open source scanner that can scan for the thing? I am not suggesting a open source virus scanning package; having the source of a scanner being open seems somehwat self-defeating. But a scanner for Magic Lantern, which, as a single virus with a signature I am sure you can track (since McAfee is going to block it) would not be that hard. Whine, whine, whine.
It's more complicated than this. Myopic McAffee is taking a *huge* risk by deliberately building a flaw into their product. That inevitably blows up in a vendor's face.
Other companies, who choose *not* to take this path, will capture the market sector of all customers who want to be invulnerable to the Lantern and its offspring, along with all the profits it contains. McAffee has knowingly thrown away market share.
And the more porous their AV is, the more customers they'll lose. If their software becomes so weak that baddies can walk right through it, as you have suggested, their product will become worthless enough to threaten their corporate life. They will be forced to adapt or die,and they'll have no choice but to close the loophole.
If you want to do the world a favor, get a copy of the Magic Lantern (wish I knew how to do that!), and modify it into harmless virus with the same footprint. After it spreads far and wide, McAfee will wise up to their mistake.
That's a better alternative than waiting for a sicko to write a virus that re-formats the victims' hard drives, and if you are diligent about making sure that infected machines aren't damaged, and that the internet doesn't sag under the load, you won't land in jail.
Only the transition from this social state to the next will be painful. When it's all over, the industry will be better for it.
John, MIT '85
"'Tis such sport to see the engineer hoist by his own petard." -- Shakespeare
As the article says, the U.S. government has killed an average of 100,000 people a year for more than 30 years.
I'm against violence. However, 6,000 in one year is a lot less than 100,000 per year for 30 years.
Bush's education improvements were
maybe FBI has power to put its backdoor into linux and other unix kernels too ? What about this recent Cox coverup on linux kernel security ?
__
L.
Democracy: The God That Failed by Hans-Hermann Hoppe
from http://www.lewrockwell.com/hoppe/hoppe4.html
At the request of LRC, Professor Hoppe discusses his extremely important new book, Democracy: The God That Failed (Transaction Publishers, Rutgers, NJ: 2001).
Theory and History
On the most abstract level, I want to show how theory is indispensible in correctly interpreting history. History - the sequence of events unfolding in time - is "blind." It reveals nothing about causes and effects. We may agree, for instance, that feudal Europe was poor, that monarchical Europe was wealthier, and that democratic Europe is wealthier still, or that nineteenth-century America with its low taxes and few regulations was poor, while contemporary America with its high taxes and many regulations is rich. Yet was Europe poor because of feudalism, and did it grow richer because of monarchy and democracy? Or did Europe grow richer in spite of monarchy and democracy? Or are these phenomena unrelated?
Likewise, is contemporary America wealthier because of higher taxes and more regulations or in spite of them? That is, would America be even more prosperous if taxes and regulations had remained at their nineteenth-century levels? Historians qua historians cannot answer such questions, and no amount of statistical data manipulation can change this fact. Every sequence of empirical events is compatible with any of a number of rival, mutually incompatible interpretations.
To make a decision regarding such incompatible interpretations, we need a theory. By theory I mean a proposition whose validity does not depend on further experience but can be established a priori. This is not to say that one can do without experience altogether in establishing a theoretical proposition. However, it is to say that even if experience is necessary, theoretical insights extend and transcend logically beyond a particular historical experience. Theoretical propositions are about necessary facts and relations and, by implication, about impossibilities. Experience may thus illustrate a theory. But historical experience can neither establish a theorem nor refute it.
The Austrian School
Economic and political theory, especially of the Austrian variety, is a treasure trove of such propositions. For instance, a larger quantity of a good is preferred to a smaller amount of the same good; production must precede consumption; what is consumed now cannot be consumed again in the future; prices fixed below market-clearing prices will lead to lasting shortages; without private property in production factors there can be no factor prices, and without factor prices cost-accounting is impossible; an increase in the supply of paper money cannot increase total social wealth but can only redistribute existing wealth; monopoly (the absence of free entry) leads to higher prices and lower product quality than competition; no thing or part of a thing can be owned exclusively by more than one party at a time; democracy (majority rule) and private property are incompatible.
Theory is no substitute for history, of course, yet without a firm grasp of theory serious errors in the interpretation of historical data are unavoidable. For instance, the outstanding historian Carroll Quigley claims that the invention of fractional reserve banking has been a major cause of the unprecedented expansion of wealth associated with the Industrial Revolution, and countless historians have associated the economic plight of Soviet-style socialism with the absence of democracy.
>From a theoretical viewpoint, such interpretations must be rejected categorically. An increase in the paper money supply cannot lead to greater prosperity but only to wealth redistribution. The explosion of wealth during the Industrial Revolution took place despite fractional reserve banking. Similarly, the economic plight of socialism cannot be due to the absence of democracy. Instead, it is caused by the absence of private property in factors of production. "Received history" is full of such misinterpretations. Theory allows us to rule out certain historical reports as impossible and incompatible with the nature of things. By the same token, it allows us to uphold certain other things as historical possibilities, even if they have not yet been tried.
Revisionist History
More interestingly, armed with elementary economic and political theory, I present in my book a revisionist reconstruction of modern Western history: of the rise of absolute monarchical states out of state-less feudal orders, and the transformation, beginning with the French Revolution and essentially completed with the end of World War I, of the Western world from monarchical to democratic States, and the rise of the US to the rank of "universal empire." Neo-conservative writers such as Francis Fukuyama have interpreted this development as civilizational progress, and they proclaim the "End of History" to have arrived with the triumph of Western - US - democracy and its globalization (making the world safe for democracy).
Myth One
My theoretical interpretation is entirely different. It involves the shattering of three historical myths. The first and most fundamental is the myth that the emergence of states out of a prior, non-statist order has caused subsequent economic and civilizational progress. In fact, theory dictates that any progress must have occurred in spite - not because - of the institution of a state.
A state is defined conventionally as an agency that exercises a compulsory territorial monopoly of ultimate decison-making (jurisdiction) and of taxation. By definition then, every state, regardless of its particular constitution, is economically and ethically deficient. Every monopolist is "bad" from the viewpoint of consumers. Monopoly is hereby understood as the absence of free entry into a particular line of production: only one agency, A, may produce X.
Any monopoly is "bad" for consumers because, shielded from potential new entrants into its line of production, the price for its product will be high er and the quality lower than with free entry. And a monopolist with ultimate decison-making powers is particularly bad. While other monopolists produce inferior goods, a monopolist judge, besides producing inferior goods, will produce bads, because he who is the ultimate judge in every case of conflict also has the last word in each conflict involving himself. Consequently, instead of preventing and resolving conflict, a monopolist of ultimate decision-making will cause and provoke conflict in order to settle it to his own advantage.
Not only would no one accept such a monopoly judge provision, but no one would ever agree to a provision that allowed this judge to determine the price to be paid for his "service" unilaterally. Predictably, such a monopolist would use up ever more resources (tax revenue) to produce fewer goods and perpetrate more bads. This is not a prescription for protection but for oppression and exploitation. The result of a state, then, is not peaceful cooperation and social order, but conflict, provocation, aggression, oppression, and impoverishment, i.e., de-civilization. This, above all, is what the history of states illustrates. It is first and foremost the history of countless millions of innocent state victims.
Myth Two
The second myth concerns the historic transition from absolute monarchies to democratic states. Not only do neoconservatives interpret this development as progress; there is near-universal agreement that democracy represents an advance over monarchy and is the cause of economic and moral progress. This interpretation is curious in light of the fact that democracy has been the fountainhead of every form of socialism: of (European) democratic socialism and (American) liberalism and neo-conservatism as well as of international (Soviet) socialism, (Italian) fascism, and national (Nazi) socialism. More importantly, however, theory contradicts this interpretation; whereas both monarchies and democracies are deficient as states, democracy is worse than monarchy.
Theoretically speaking, the transition from monarchy to democracy involves no more or less than a hereditary monopoly "owner" - the prince or king - being replaced by temporary and interchangeable - monopoly "caretakers" - presidents, prime ministers, and members of parliament. Both kings and presidents will produce bads, yet a king, because he "owns" the monopoly and may sell or bequeath it, will care about the repercussions of his actions on capital values. As the owner of the capital stock on "his" territory, the king will be comparatively future-oriented. In order to preserve or enhance the value of his property, he will exploit only moderately and calculatingly. In contrast, a temporary and interchangeable democratic caretaker does not own the country, but as long as he is in office he is permitted to use it to his advantage. He owns its current use but not its capital stock. This does not eliminate exploitation. Instead, it makes exploitation shortsighted (present-oriented) and uncalculated, i.e., carried out without regard for the value of the capital stock.
Nor is it an advantage of democracy that free entry into every state position exists (whereas under monarchy entry is restricted by the king's discretion). To the contrary, only competition in the production of goods is a good thing. Competition in the production of bads is not good; in fact, it is sheer evil. Kings, coming into their position by virtue of birth, might be harmless dilettantes or decent men (and if they are "madmen," they will be quickly restrained or if need be, killed, by close relatives concerned with the possessions of the dynasty). In sharp contrast, the selection of government rulers by means of popular elections makes it essentially impossible for a harmless or decent person to ever rise to the top. Presidents and prime ministers come into their position as a result of their efficiency as morally uninhibited demagogues. Hence, democracy virtually assures that only dangerous men will rise to the top of government.
In particular, democracy is seen as promoting an increase in the social rate of time preference (present-orientation) or the "infantilization" of society. It results in continually increased taxes, paper money and paper money inflation, an unending flood of legislation, and a steadily growing "public" debt. By the same token, democracy leads to lower savings, increased legal uncertainty, moral relativism, lawlessness, and crime. Further, democracy is a tool for wealth and income confiscation and redistribution. It involves the legislative "taking" of the property of some - the haves of something - and the "giving" of it to others - the have-nots of things. And since it is presumably something valuable that is being redistributed - of which the haves have too much and the have-nots too little - any such redistribution implies that the incentive to be of value or produce something valuable is systematically reduced. In other words, the proportion of not-so-good people and not-so-good personal traits, habits, and forms of conduct and appearance will increase, and life in society will become increasingly unpleasant.
Last but not least, democracy is described as resulting in a radical change in the conduct of war. Because they can externalize the costs of their own aggression onto others (via taxes), both kings and presidents will be more than 'normally' aggressive and warlike. However, a king's motive for war is typically an ownership-inheritance dispute. The objective of his war is tangible and territorial: to gain control over some piece of real estate and its inhabitants. And to reach this objective it is in his interest to distinguish between combatants (his enemies and targets of attack) and non-combatants and their property (to be left out of the war and undamaged). Democracy has transformed the limited wars of kings into total wars. The motive for war has become ideological - democracy, liberty, civilization, humanity. The objectives are intangible and elusive: the ideological "conversion" of the losers preceded by their "unconditional" surrender (which, because one can never be certain about the sincerity of conversion, may require such means as the mass murder of civilians). And the distinction between combatants and non-combatants becomes fuzzy and ultimately disappears under democracy, and mass war involvement - the draft and popular war rallies - as well as "collateral damage" become part of war strategy.
Myth Three
Finally, the third myth shattered is the belief that there is no alternative to Western welfare-democracies a la US. Again, theory demonstrates otherwise. First, this belief is false because the modern welfare-state is not a "stable" economic system. It is bound to collapse under its own parasitic weight, much like Russian-style socialism imploded a decade ago. More importantly, however, an economically stable alternative to democracy exists. The term I propose for this alternative is "natural order."
In a natural order every scarce resource, including all land, is owned privately, every enterprise is funded by voluntarily paying customers or private donors, and entry into every line of production, including that of property protection, conflict arbitration, and peacemaking, is free. A large part of my book concerns the explanation of the workings - the logic - of a natural order and the requirements for the transformation from democracy to a natural order.
Whereas states disarm their citizens so as to be able to rob them more surely (thereby rendering them more vulnerable also to criminal and terrorist attack), a natural order is characterized by an armed citizenry. This feature is furthered by insurance companies, which play a prominent role as providers of security and protection in a natural order. Insurers will encourage gun ownership by offering lower premiums to armed (and weapons-trained) clients. By their nature insurers are defensive agencies. Only "accidental" - not: self-inflicted, caused or provoked - damage is "insurable." Aggressors and provocateurs will be denied insurance coverage and are thus weak. And because insurers must indemnify their clients in case of victimization, they must be concerned constantly about the prevention of criminal aggression, the recovery of misappropriated property, and the apprehension of those liable for the damage in question.
Furthermore, the relationship between insurer and client is contractual. The rules of the game are mutually accepted and fixed. An insurer cannot "legislate," or unilaterally change the terms of the contract. In particular, if an insurer wants to attract a voluntarily paying clientele, it must provide for the foreseeable contingency of conflict in its contracts, not only between its own clients but especially with clients of other insurers. The only provision satisfactorily covering the latter contingency is for an insurer to bind itself contractually to independent third-party arbitration. However, not just any arbitration will do. The conflicting insurers must agree on the arbitrator or arbitration agency, and in order to be agreeable to insurers, an arbitrator must produce a product (of legal procedure and substantive judgment) that embodies the widest possible moral consensus among insurers and clients alike. Thus, contrary to statist conditions, a natural order is characterized by stable and predictable law and increased legal harmony.
Moreover, insurance companies promote the development of another "security feature." States have not just disarmed their citizens by taking away their weapons, democratic states in particular have also done so in stripping their citizens of the right to exclusion and by promoting instead - through various non-discrimination, affirmative action, and multiculturalist policies - forced integration. In a natural order, the right to exclusion inherent in the very idea of private property is restored to private property owners.
Accordingly, to lower the production cost of security and improve its quality, a natural order is characterized by increased discrimination, segregation, spatial separation, uniculturalism (cultural homogeneity), exclusivity, and exclusion. In addition, whereas states have undermined intermediating social institutions (family households, churches, covenants, communities, and clubs) and the associated ranks and layers of authority so as to increase their own power vis-a-vis equal and isolated individuals, a natural order is distinctly un-egalitarian: "elitist," "hierarchical," "proprietarian," "patriarchical," and "authoritorian," and its stability depends essentially on the existence of a self-conscious natural - voluntarily acknowledged - aristocracy.
Strategy
Finally, I discuss strategic matters and questions. How can a natural order arise out of democracy? I explain the role of ideas, intellectuals, elites, and public opinion in the legitimation and de-legitimation of state power. In particular, I discuss the role of secession - and the proliferation of independent political entities - as an important step toward the goal of natural order, and I explain how to properly privatize "socialized" and "public" property.
The book grew out of speeches I presented at various Mises Institute and CLS conferences during the 1990s. These conferences, organized by Lew Rockwell, Burt Blumert, and, until his death in 1995, Murray Rothbard, had the purpose of advancing libertarianism by locating and anchoring abstract libertarian theory historically, sociologically, and culturally and thereby creating what has become known in the meantime as paleo-libertarianism (in contrast to left-countercultural-libertarianism and cold-and-hot-war "new" and "neo"-conservatism). The Rothbard-Rockwell Report, the precusor to LRC, was the first and most immediate expression and reflection of this intellectual movement. Others included The Costs of War, Reassessing the Presidency, and The Irrepressible Rothbard. Democracy the God That Failed is my attempt to define and give expression to the paleo-libertarian movement.
The Ludwig von Mises Institute. The reasoning individuals economics
Duh. ;)
If corporations are people, aren't stockholders guilty of slavery?
Vietnam 1969, never forget, never forgive
> english speaking programmers borrowed a word
"Virus" was already an english word (with plural "viruses") when programmers started using it as a metaphor based on the medical/biological usage.
rant
God does not want you to worship other "gods" because He does not want you to be duped by fakes.
I wonder if norton AV software will follow suit, since Mr. Norton himself started as a virus writer, and would have likly been a victim of the FBI spy-ware.
I guess will just have to wait and see.
-
"Consistency is the hobgoblin of small minds" - RWE
+1, Informative? I think not. Try -1, Wrong. "Virii" is in fact the proper Latin plural of the (medical Latin) word "Virus". "Viruses" is an INCORRECT English pluralization of a Latin word.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
I understand everyone's concerns about crackers exploiting the spyware to gain entry into their systems. I think this could be easily solved by the FBI providing free, convenient upgrades to the spyware product in the event that vulnerabilities are discovered.
It would also be nice if we were notified by email whenever a patch was available.
Anthony,
Thank you for contacting McAfee.com Support Center. My name is Brett. I have received your email and I apologize for the inconvenience you're experiencing. I'd be happy to support your needs.
From the information you provided, I see you are experiencing some challenges with
magic lantern.
Currently we are working to decide if we are going to allow the scan to detect
it in Canada or other countries. Please check back with us in the future.
I'm sure you will find these answers/solutions should meet your needs. If you
have any additional questions or concerns, please let me know and I will be
happy to support you further.
Thank you for visiting McAfee Support Center. I've appreciated this opportunity
to support you.
Brett S.
Technical Support Agent
McAfee Technical Support
.sig: Open Source, Open Mind
Cryptnotic
My other first post is car post.
The FBI claimed that they were really after private keys for encrypted data. They really found a friend in McAfee.
They sell PGP, Firewall protection and AntiVirus protection.
Why not just skip the AntiVirus cooperation and give the FBI a backdoor into PGP and your firewall?
Forgot my password:
phyrephox@kelsey.org
Nah, viren. Much nicer.
>
:)
:)
I was just reviewing this thread...mulling over how everyone had misinterpreted my point* when I saw this. Thank you. I am, and remain an agnostic with atheistic tendencies, but I had never looked at it like that before.
Thanks for being different!
* I do not claim we "foreigners" should have any rights afforded by the US Government. I was commenting on the "by default" choice to use US software, and the power this gives the US. Remember Yoda? "With great power comes great responsibility"!
Prisoner #655321
They have done something similar a year ago. McAfee anti-virus enables employee monitoring. Read it at http://www.theregister.co.uk/content/archive/11012 .html
/-\ |-|
All "law enforcement" are specifically exempted from the DCMA. (I checked due to another project.) This would, and since we must depend on the US legal system will, be extended to companies that aid in "law enforcement" activities.
US like the Soviet Union? Actually, it is worse. I am not sure why US citizens naively believe that Soviet citizens lived in a sepiatone world and constantly strived to be "free." Soviet life was/is much like US life. Secret police, wire tapping, para-military police units/military policing, surreptious observation/spying on citizens, legal systems rather than justice systems, welfare state (Social Security, AFDC, WIC, HUD, FHA Mortgages, IRAs/401ks), enormous tax rates (averaging about 50% in the US), police invasions of private property, state control of property (zoning, wet lands protection, "endangered species" protection, federal land ownership (outside DC), DCMA, "terrorism", "drug war"), manipulation of currency (by the privately held "Fed"), financial spying (Bank "Secrecy" Acts), etc. I don't see a significant difference.
But we are happy because we don't need to wait for ten years for a car -- rather, we go into debt for four or five years for the car and then need to replace it constantly.
Well, looks like people interested in privacy will be picking their favorite *nix (mine's Linux, hence the subject).
However, there is one aspect of open source which worries me: the FBI developing a kernel with a built-in security backdoor, and dropping it onto a system.
I don't think there's time to crack a system for kernel replacement during a sneak-and-peek search warrant, but the idea of replacing kernel source in some manner doesn't seem too far-fetched.
One scenario that comes to mind is contacting an individual who bought a boxed set and isn't a programmer, and through subterfuge getting the source code on the system for a kernel recompile (which have gotten much easier in the past few years). A plausible excuse might be "you have just won" a proprietary device requiring a kernel recompile.
Yes, a programmer would catch the error pretty quick, but the targets here are non-programmers.
Norton is also gunning for gov dollars you can bet they will not detect this trojan key logger of the FBI's.
Only they will not tell you about it!
~TSS~
Well, Jesus Christ.
Since we're making up the plural, why not use virii? It's more in the spirit than viruses.
Virii it is, then. Death to all viruses lovers.
I am for the complete Trantorization of Earth.
> God does not want you to worship other "gods"
> because He does not want you to be duped by fakes.
Isn't it rather arrogant to believe that one little god would only start out with one little tribe, and leave the rest of humanity to see their wisdom or go to hell?
Remember that there were other actual Gods existant (and maybe so even unto today!) It was a real, Egyptian god that made "Pharoah's" priest's stick turn into two asps, not just some slight of hand easily detectable.
And then there's the demigods born when the gods walked the earth and mated with human women.
I am for the complete Trantorization of Earth.
"We were killing people that were trying to kill us, and our way of life."
You picked a bad example. During the time the U.S. was killing 2,000,000 people in Vietnam, the average income in Vietnam was under $200 per year. The Vietnamese were not able to threaten anyone 8,000 miles away, even if they had heard of us.
The Vietnam war was about whether the north could force their manner of politics on the south. The U.S. government spent billions of dollars, killed millions of people, and they north did that anyway.
Bush's education improvements were
Symantec announces "All your keystrokes are belong to us"...
Do you or your partner snore? - Visit www.snoring.com.au
Never noticed before that 11th September is 911.
Over here we use ddMMyyyy. Interesting date though.
The McCaffee/FBI flap raises questions about other market powers. I am not a conspiracy theorist by nature, but the announcement of the government's change of heart with regard to the Microsoft settlement seems oddly timed. In wartime (WWI & WWII), the U.S. and British governments worked with transatlantic cable companies to keep an eye on communications of foreign governments. With the MS source code still a closely held secret and its broad global market dominance, its a no-brainer for the U.S. government to establish a quid pro quo with Microsoft: a tolerated market monopoly in return for an invaluabble intelligence asset, access to the majority of PC's worldwide.
On Thursday, November 22, an article ran in the Washington Post titled "FBI
Develops Eavesdropping Tools." The article speculates about the FBI's
development of a password-stealing Trojan, Magic Lantern, as part of the
FBI's surveillance efforts. In the article, the AP reporter writes "At
least one anti-virus software company, McAfee Corp., contacted the FBI on
Wednesday to ensure its software wouldn't inadvertently detect the bureau's
snooping software and alert a criminal suspect."
The Network Associates official position on this is as follows:
1. Network Associates/McAfee has not contacted the FBI, nor has the FBI
contacted NAI/McAfee, regarding Magic Lantern.
2. We do not expect the FBI to contact Network Associates/McAfee regarding
Magic Lantern.
3. Network Associates/McAfee is not going to speculate on Magic Lantern as
it's existence has not even been confirmed by the FBI or any government
agency.
4. Network Associates/McAfee does and will continue to comply with any and
all U.S. laws and legislation.
Regards,
Allysa Myers
Virus Research Analyst
McAfee AVERT
A division of McAfee, Inc.
Liberty in your lifetime
I can give you links about it....
http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf
This should explain it fairly well.
I am not a computer expert, however I have what may be an easy solution. If you have a computer that is at high risk to be infected by MAGIC LANTERN or other password sniffing programs you may like this idea. Create an encryption program that, when the user is prompted to create a password, opens a field(new window)which would contain the letters a-z and the numbers 1-0. The user would then, instead of typing in the key, would use the mouse to click on the desired letters/numbers to form the password. Much like one would place their initials on a high score screen in a video game.I have never seen this option on any encrption programs, but I doubt it would be difficult for someone with programming experience to create. What do you think about my idea? If you like it let me know.