McAfee Will Ignore FBI Spyware

Drew writes: "The Washington Post is reporting on the FBI's new spyware called 'Magic Lantern.' According to their article, 'At least one antivirus software company, McAfee Corp., contacted the FBI on Wednesday to ensure its software wouldn't inadvertently detect the bureau's snooping software and alert a criminal suspect.' It is ridiculous that the software companies that are supposed to help us protect computers purposefully leave in loopholes for the FBI to operate their spyware."

This is NOT a gaping loophole

[SumDeusExMachina]

I'm sorry, mod me down as flamebait if you must, but I can't let this idiocy go on any longer. So...

YOU CAN'T JUST MAKE UP A VIRUS THAT WILL MATCH ANOTHER VIRUS'S SIGNATURE!. If any one of you had even a lick of sense, you would know that even a basic MD5-hash would be computationally infeasible to replicate with a different document. That is, there are roughly 2^128 possible MD5 hashes, and, according to Bruce Schnier's excellent book, Applied Cryptography:

Assume that a one-way hash function is secure and the best way to attack it is by using brute force. It produces an m-bit output. Finding a message that hashes to a given hash value would require hashing 2^m random messages.

(Applied Cryptography, pg. 166)(the emphasis on "random" was mine).

Now, with that little bit of information in mind, how long do you think it would take to find a random text message assuming your processor could hash messages at 1 million/second? Approximately 1,200,000 years, if my calculations are accurate. Mind you, this is for a random message. Writing a real, functioning virus that still matches the same signature would be, well, impossible for all intents and purposes.

So grab a paper bag, put it to your face, and breathe deeply. There, that wasn't so bad, now was it?

Re:Fuck McAfee.

[MattyG]

Assuming your an American, you're fairly ungrateful to the 'FBI pigs' that are trying to protect you and your family.