Slashdot Mirror
Symantec Will Not Detect Magic Lantern
An anonymous reader contributes: "In this article on Declan McCullagh's Politech, Symantec chief researcher Eric Chien stated that provided a hypothetical keystroke logging tool was used only by the FBI, Symantec would avoid updating its antivirus tools to detect such a Trojan, echoing a similar stance Network Associates allegedly took with its McAfee anti-virus software earlier this week. 'If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it -- we wouldn't detect it,' said Chien. 'However we would detect modified versions that might be used by hackers.'"
I'd rather not use AV software that was designed not to work. Of course, I run Linux so it's not really an issure for me...
this is getting old and so are you
blog
Anyway, I don't use Windows, so this is not my problem. Ask yourself; is it really yours? :-)
Luck favors the prepared, darling.
McAfee Ignoring Magic Lantern Is Bogus?
Free Mac Mini
It would be nice if they included some sort of guarantee that the FBI would need to get a warrant to prevent their product from detecting it. Maybe some sort of encryption scheme where the FBI would need to provide Symantec with a warrant to get the key to get around their product.
Has TREND issued a statement ? That's the product of choice around here anyways. But you can be assured this will impact any purchasing decision in the future.
errr....umm...*whooosh* *whoosh* Is this thing on ?
So how long before we see antivirus software that doesn't obey the rules of the FBI?
How about adding our own definitions to the popular antivirus software?
Norton and McAffee aren't the only games in town, and anyone who the FBI will be spying on will know better than to not rely on those two options.
By the way: I thought that the FBI wasn't allowed to spy on American people?
So all the virii programmers need to do now is to emulate whatever key it's not picking up on and away they go!
-inno
this is not good for security. once they decide that they will let some through, that destroys all credibility IMHO. how can you trust that symantec and McAfee will detect other viri in the future if they won't hold consistent now just so the FBI can send a trojan to some one to get their passwords?
I am the Alpha and the Omega-3
perhaps it is time for an open source virus detection program with options for non standard updates...
So, the Carnivore Trojan won't be detected...until some hacker "borrows" the code and uses it to write a malicious trojan?
:)
I think I can stop losing sleep now.
How's OpenAntiVirus doing? How does it compare to the Big Two? - If it can't hold up, do "we" have any other viable options outside of McAfee and Symantec?
Send your friends messages of love at fuck-you.org
ahh .. and this idea brought to your buy the same people whom wanted the "Clipper Chip".
... Would a software program whos only goal is to find and exterminate this FBI, big brother, "virus" be considered illegal and be regarded as destruction of FBI property?
But one would have to wonder
-- Knowing too much can get you killed, but knowing who knows too much can make you rich.
I hate to do this since this seems like a neat site, but the "radio" broadcasts are not very packed with facts. I listened to several of them, and the only one that had any facts in it was the Cell Phone Ban segment. Most of it is just his opinoins. Maybe my definition of facts is too rigid. I like the concept, but the name doesn't ring true.
THIS SPACE FOR RENT
I'm not a conspiracy nut, and I certainly don't have total trust, or total mistrust, of the government either.
But it isn't the idea of the FBI trying to use these tools that offends me. I expect them too, and I don't have anything to hide. But the issue of a company that I pay money for to help protect me to turn a blind eye to government intrusion is insane.
If I pay someone to give me security, I expect them to provide it against anyone who wants my information. Pure and simple. And I'm not worried about the "Oh, we won't check the FBI's version - but we would check variants."
Oh, that makes me feel *much* better. Imagine a cracker getting his fingers on the FBI software and using that on my systems. Gee, thanks for not checking that, Symantec.
Of course, you have to admit that Symantec and McAfee are in a bind. If they state they're going to detect the FBI software, then they're anti-government. If they don't, then they're aiding big brother. But considering that the United States was formed from a healthy distrust of our government (and that distrust has only proved to help us, thank you Hubert Hoover and your bra collection), I would rather have the security companies on my side and make my government work just a little harder to prove guilt. Or at least, that's what my tax dollars should be going to.
Of course, this is just my opinion. I could be wrong.
52 Weeks, 52 Religions with John Hummel
So they're not going to detect the original, but they WILL detect any hacker-modified clones?
What about Norton Firewall? Will it still detect unexpected outgoing connections? How can I expect it to reliably detect and permit FBI-approved software, but not hacker software with a similar MO?
Oh, maybe there'll be a hard-coded IP address in the outgoing connection -- now THERE'S a nice target for DDOS!
It's supposed to be completely automatic, but actually you have to press this button.
"If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it - we wouldn't detect it," said Chien. "However we would detect modified versions that might be used by hackers."
Yeah right. You're going to build in back doors and then assume that you've created a 100% fool-proof method of detecting modified versions? Who do they think they are kidding? Look at the difficulty developers are faced simply trying to build secure software--this is without intentional back doors!
Eventually, I'm gonna need a scorecard to keep all this striaght.
"Prepare for the worst - hope for the best."
At least under linux there's 'rpm -Va', assuming the hacker hasn't mucked your rpm database.
--Bob
1^2=1; (-1)^2=1; 1^2=(-1)^2; 1=-1; 1=0.
From the time a copy of this "Magic Lantern" is first discovered in the wild until an exact copy of the FBI-approved (and consequently undetectable) version is available via alt.hackers.maliscious is going to take what, twenty minutes?
Malda might as well start composing (and spellchecking) the headline now, because it's a sure bet he'll get to use it.
If the FBI wants to catch some big-ass criminal and an anti-virus screws up to whole thing by busting magic lantern, wouldn't the anti-virus company get into serious legal trouble ?
Providing help in criminal acts or something like this ?
E.g. when you tip Sorpidio Calzone, big evil mafia bugger, that the police is tapping his phone etc. YOU would get into some trouble.
Many they plead for unknowingly help etc. but still holds some reputation damaging legal action.
Owner of a Mensa membership card.
'If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it -- we wouldn't detect it,'
That's a risky assumption.
'However we would detect modified versions that might be used by hackers.'
How do you know if a [cracker] is using an unmodified version on my PC and is watching me? You don't.
There is no such thing as an 'appropriate technical safeguard'; the way to defeat it simply has not been discovered yet.
GOBACK.
C'mon, think about it! Remember the story about the NSA keys built into NT? ALL major proprietary systems have back doors for "national security" purposes!
Yeah, right. Who determines what's secure? As soon as the FBI tells them it's secure, and that detecting it would threaten nation security they'll roll right over. I love the fact that the US .gov can HACK/CRACK all it wants, mean while it's citizens can't even watch an F'in DVD on their non-commercial OS because of reverse-engineering laws (DMCA).
-- mikeDOTd
I've yet to see the the "Is my phone tapped service(tm)" on ordinary phone lines. So why would any company trying to stay on the right side of the government be producing tools to aid potential criminals?
The other assumption people seem to be making is that the people who are being tapped in this way, will understand that they have been infected by a virus and then sending it off to the anti-virus companies or someone else clued up for analysis.
- It would be a very stupid idea for the FBI to use it to spy on hackers..
Jason
http://www.kaspersky.com/ . Russian. F-Prot is also an option...they're Finnish. If memory serves, there are also Israeli options for virus protection. It's a big world. Even the FBI can't nail down everything.
Knowledge is power. Knowledge shared is power multiplied.
The FBI? Do anything illegal? Who would ever imagine that such a thing could happen?
<repressed_memory>
</repressed_memory>
Hmmm, I can't seem to think of any examples of how police spy powers have been abused in the past, can you?
Well, if the antivirus vendors are going to include a sufficiently detailed signature in their products for the FBI's virii, that should help anyone trying to build a detector.
I'm sure somebody will try to build malware that impersonates this so-called "Magic Lantern" - I hope they call it "Magic Latrine" :^).
But wouldn't it be nice to see a GPL'd program to detect the FBI's virus? Then, if I found it on my machine, I could stop the goverment-sponsored theft of my CPU cycles. Of course, I'd then call the FBI and offer to let them reinstall it given adequate monetary compensation - but that's just me, you might take some other action.
--Charlie
You sure are elite because you don't run Windows. That makes you 100 times a better man than I.
I am sure it is against EULAs and all, but theoretically how hard would it be to mod these definitions?
I suppose it would be worlds easier if they included data on H4x0red varients used by malicious (non-FBI) persons who in turn modded to original FBI software.
P.S. I really hope that made sense and I didn't just make an ass outta myself.
Note to self: No more arguing with the faithful.
What worries me is when the other guy writes a program that as far as McAffee or Symantec are concerned, looks enough like Magic Lantern that it is left alone to merrily go about it's business on your computer.
Such a program would be very very bad.
Sig:
Barbeque is a noun. Not a verb.
If government seeks to use clandestine and furtive methods to monitor citizen actions, it can ill afford to complain should the citizen insist on a method to effect his right to know he is under such surveillance.
Judge Joseph Ryan, Superior Court, District of Columbia
Granted, its only a district court, however it is a compelling opinion, and a brilliant interpretation of the Fourth Amendment. IR detection/imaging and monitoring utility bills have been tossed out on similar grounds. I wonder what AVP is going to choose... Perhaps this is a great opportunity for Free Software, I just wonder how a free software anti-virus lab would work. Anyway, end of my rant.
cat
I'm seeing some posts like, "If I pay a company to provide me computer security, then I expect total security". This is simply wrong-headed. You are paying them for security against private cracks, not government cracks.
Put it this way. If you hired private security guards for your house, and the FBI showed up with a warrant to search the place, would you expect them to turn away the FBI? Get into a pitched gun battle to "protect" your house? Uh, no. Your private security guard will step out of the way, and show the government official the door, as they should.
Sometimes it's best to just let stupid people be stupid.
Symantec are perfectly entitled to do whatever they want. If they want to sell crippled security software, it's their funeral ? Sophos has a more sensible attitude http://www.theregister.co.uk/content/55/23057.html , and better AV software anyway.
If US software companies want to sell crippleware in the interests of "patriotism" that's their business. There are plenty of companies willing to fill the gap.
http://rareformnewmedia.com/
Will Symantec also ignore trojans produced by other nations' intelligence agencies? Someone should encourage some third-world countries to set up online membership signups for their intelligence agencies at a nominal fee. Crackers will then be able to continue to do what they do without breaking any laws.
That's "Mr. Soulless Automaton" to you, Bub.
Are there any open source virus detection software available?
Hmmm... answered my own question at source forge. There are several projects there that are related to a specific worm or virus, but this seems to be what I was looking for.
There doesn't seem to be much interest though. Perhaps because open source projects are predominantly non-windows, and windows seems to be where most of the virii are.
I think the trick to getting this type of project going might be a set of tools for creating/finding new virus signatures. Maybe an intelligent hex editor/dis-assembler that can heueristcally suggest portions of code to look closely at.
And an easy way for users to submit strings to the project.
--Scott
What happens when the CIA or NSA decide they want antivirus software to ignore their new toys? What, then, if it's INTERPOL? Maybe the Russian government would now have a claim as well, followed by the Chinese...
What's that smell? Ah, that's my karma burning...
It seems to me that a better solution would be to install a logging device in the keyboard itself. While it would not be as convenient as a piece of software that could send its data capture back to the FBI via the Internet, I would think that it would be harder to detect.
In theory the FBI dressed as cleaning people (or however they enter someone's home) would go in to the office(home) in the evening and install it. Periodically they would go back in attach it to a data extractor box that has a PS/2 port and download the data.
With this method, you wouldn't have to worry about someone finding your software and hacking and telling the world about it. Of course, there is the periodic re-entry. You might be able to rig up a transmission system, but then someone that sweeps for radio waves could detect it. Then again, the keyboard might go bad and then they throw it away. That might be a good way to get your data back. Just set the device to disable the keyboard and retrieve it.
Only tricky thing is that most people love their keyboards. You mess with their keyboards and they know. If there is much difference in the weight, then they probably would notice.
Another option would be to wrap a device aroud the keyboard cable that picks up the rf given off, sorta like a tempest device. Maybe it would magnify the signals and people out side could just pick it up and record it that way. The only time it kicks in is when the computer is on and anyone sweeping for radio frequency might just think that it additional noise from the machine.
This is all just hypothetical though and I don't know what I'm talking about.
Later
James
Does anyone know the stance of non-US companies of anti-virus software on Magic Lantern? If a foreign product detects an FBI trojan horse will it then become illegal under some US law?
most AV tools (including Symantec and McAfee) monitor program execution for anomolis behavior by unknown virii. would lantern be able to avoid being detected by that?
also, what about personal firewall programs? I use a Tiny Software's PF (yes, under Windows, sad isnt it) that checks the md5 of an executable before granting internet access. on top of that, it can allow you to block certain apps from making/accepting connections from various sites. for example I have it set to not allow Mozilla access to ads.x10.com.
Here, two things exist: the lantern has to find a way around the md5 and also find a way around "PGP wants to connect to [fbi-ip-address], allow it?" Getting through one or the other might prove difficult.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
maybe the American anti-virus peeps arnt going to do anything about it .. but you can bet your bottom dollar that every other country out there will have "Anti-Carnivore" virus detection.
... the countries will come out and give the virus detection software away for free just to be able to say "See .. even your people hate you FBI!"
"I be thinking" that Moscow, Bejing and the rest are going to want to have FBI viruses running around there systems and will have the means to terminate it. In fact in regards to propaganda
In fact I am surprised that these countries are not bringing up the issue that this could almost be consider a form of "spying", "terrorism", or even "digital warfare".
The carnivore virus is some upper FBI officers pipe dream.
-- Knowing too much can get you killed, but knowing who knows too much can make you rich.
why not have macafee and norton simply install FBI snitch-ware in its next update and cut out the middle-man?
If there is one lesson that IT history has taught us again & again, its that security through obscurity DOES NOT WORK. Somewhere along the line, this will be cracked by someone, and then these antivirus companies will be in some hot water.
;)
However, this will be good for companies besides NAI/Symantec, since it might give them an opportunity to appeal to the smaller, security-concerned windows users. Could be a veritable shot in the arm for them. If you are using Windows, might I recommend some Other virus scanners?
Also, not to turn this into an Anti-MS, Pro-Linux rant, but this is a perfect time to make the switch if you haven't already. None of this argument even applies to those running Linux. (except for those who have stock in those companies
I've yet to hear how the FBI will determine who this program will be used on. If this is an attachment file on an email(as the wired article suggested) then how can this file not be spread to everyone who recieves a foward? Is this going to be an executable file in which case even some MS users know not to open now, or will it be planted by govenment hackers?
The FBI was quoted in the wired article as saying to the effect that they don't like breaking and entering to plant these devices so that only leaves the above two.
And yes I've been told that I bitch too much about government involvement but how many doors will this open? How long until this access is available to anyone with a good script library? How long will a person be monitered? Who determines who gets monitored to begin with?! Expecially if the code is in a Damn email attachment so that everyone will have it on there systems.
And just because you don't use MS doesn't mean that they won't try to load it on your systems as well. How many of you know what every chip on your new Hardware does?
This really bugs me and I keep hoping that it's a hoax.
..which just shows that the human brain is ill-adapted for thinking and was probably designed for cooling the blood-T P
Ted Brindis, the AP reporter that originally broke the story about McAfee ignoring Magic Lantern stands by his piece, Wired reports.
-Waldo Jaquith
So basically the government is allowed to use this type of software, but if anyone else does, its prison time. This isnt all bad, it is how it works now. the police have more powers than citizens, but now they are having Software companies protect their power. Why should the software companies do this? its not their responsibility. What is stupid about this is that it wont matter, someone else will detect it with a small little program. so the FBI's nifty little $2 million (or whatever) will be useless against actual criminals, but against average citizens it is effective (THIS IS NOT saying they will use it against everyone)
Ya know, this thing has gotten enough coverage in the media that criminals are going to be on the lookout for any attachments, even from family/friends/partners in crime.
Most likely some researcher will post signatures from the file anyways, and somebody will create a detection utility just for the purpose of detecting this one "virus".
I say you just steal a copy of that bullshizat program and distribute it all over the place until they have no choice but to have it detected by virus detectors. Either that or some people have alot of fun after it's all over the place. ^_^
This sh*t is going on right now. Do you really think that the FBI, CIA and NSA play by the book?
If you do, then you probably still believe in the tooth fairy!
I look at it this way...The stuff we're reading about now is what they've been forced to
admit they do. I know for a fact that they do things that would positively curl your spine.
An acquaintance of mine works for NSA and he claims that it's almost a prerequisite of the job to be sadistic.
Finally, all these new laws have simply allowed them to push the envelope even more....
what the fuck are we supposed to do?
See the following article in The Register:
l
http://www.theregister.co.uk/content/56/22846.htm
How do you know if your keystrokes are not being recorder right now? Not like anybody has seen all the windows code yet....
Recording keystrokes could be a fantastic marketing tool.
If there is one thing I have learned from working with computers is the only foolproof security is to unplug a computer from the network or turn it off.
=-=-=-=-=-=-=-=-=
Oh bother.
How long until this little app ends up on a PC that is not on US soil? Will some foreign nation be able to make an offical-issue of this? It seems like the FBI might not be thinking this through.
... then again, there is Echelon.... apparently no one minds...
Not to mention what happened the last time the FBI decided to abuse it's powers in blatant and utter disregard for the consitutionally guaranteed rights of the American people.
COINTELPRO
And this time we're GIVING the government this power by agreeing to be spoon-fed this 'for our own good' and 'war on terrorism' bullshit.
I say no thank you. If there was a tracking device installed subcutaneously on every single American citizen in the country, and our borders were closed, THEN would you people feel safe?
El riesgo vive siempre!
It doesn't really matter if they monitor your system of not. The FBI tends to ignore things.. On the other hand, they do abuse people from time to time. Whatever.
This will only catch the dumb or the pedophiles.
Are they writing this "virus" for BeOS? how about OS/2?
What about a linux box running as only old a.out?
I can think of at least 70 ways to make their "virus" not work on my machine. (I highly doubt that this "virus" will run on my Linux development box that uses a Hitachi SH4 processor)
all this hubub about company X or software Z will or will not detect this virus app is pure marketing and hype. Noone who is really threatened by this could care as it is easily defeated from ever infecting the system by simply changing the archetecture...... Hey FBI, not everyone runs windows on Intel hardware.
Do not look at laser with remaining good eye.
This begs the question: Why isn't there an opensource antivirus project?
Seems to me that it should be relatively trivial even under something as archaic as windows to run md5 fingerprints against the files, as well as get a list of "new files" added since last sweep.
The other really easy thing to do would be to write some software that follows the IRQ chain on the keyboard controller and see what software is wedged in there.
Check it periodically (lather, rinse, repeat)
Old age and treachery almost always overcome youth and skill.
..have the ability to scan for "virus-like" behaviour and point it out to the user? If so, how would they prevent that from seeing the FBI's malware?
if its not authorized my be to be on a computer i own and yet is there doing things I dont want it to do. its a virus/worm/bad thing. change the name of your software to almost anti-virus then.
"i was saying gnu-rd"
As if we should fully trust the FBI is capable of keeping something like this from being compromised. It doesn't take but a matter of secods to see that they are not cabale of keeping information secret. 30 seconds at google gave me these little tidbits from
CNN
The Las Vegas sun
and Crimelibrary Online
Since this thing was first announced I'm willing to bet there have been swarms of unethical people waiting in the wings to snatch it up. Bah! I'm just a little bothered at the whole thing. In the past I've been a victim of the wrong person getting their hands on information that was supposed to be protected. Incompitence, that's all I have to say.
And no, I don't double check my grammar/spelling.
I am on linux and I dont care much about the magic lantern for now till FBI comes up with the "magic lantern kernel module" required by law if you are running linux.
I am just curious how does this magic lantern will work ? How does it communicate back the findings to FBI ? Will products like ZonAlarm detect any communication attempt by trojans ? ( provided they dont follow symantec, mcaffee ) Or will it piggyback on an actual allowed communication channel fooling ZoneAlarm ? Anyone who knows more about the working of trojans and how ZoneAlaram kind of products detect it, and scenarios how to workaround this ?
I seem to remeber a way (Yes this is from back in the late 80's) to check for an active software keystroke logger using the echo effec, same bytes wrtitten elsewhere, although admittedly this wouldnt work if the software encrypts the output, it probably does. BUT couldnt you use the same principal, nothing else running, one app is catchin bit on every keystroke Voila, theres your logger ? anyone else remeber this , BYTE magazine perhaps.
Sig went tro...aahemmm.....fishing........
Symantec Will Not Detect Magic Lantern
From where I sit, Stmantec's Norton Utilities won't detect much anyways - not without making the poor Windows computer slow to a crawl. Who needs a virus to make a compuer crash and hang when thers Notont's 'Antivirus' to do it for you?
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
Anyway, I don't use Windows, so this is not my problem. Ask yourself; is it really yours?
I'm a Linux user and it is my problem.
Why?
Because personal data conserning me is stored on a variaty of computer systems (with my permision). I'd be an idiot not to think that at least one of these is a windoze system.
Yes I'm a geek and I know (!) my box is secure. I can't say that for Joe Sixpack working at my universitys personel dept.
Anyone quoted by a reporter knows how little they understand
Don't believe what you read is the truth.
if you dont like it email them and let them know - i believe this is the guys email address:
echien@SYMANTEC.COM
I think that we should all give a standing ovation to Ashcroft and his influences for creating a government that's as close to George Orwell's 1984 as we've ever seen. Thanks, you Mr. Ashcroft for illegally arresting and "trying" people. Thank you, Mr. Ashcroft for trampling all over our rights just so that idiots can feel "safe". Thank you, Mr. Ashcroft. I'm sure Adolf Hitler would be proud.
Oh, I see... So now McAfee and Symantec have developed technology that can tell the difference between when my computer is being hax0red by the Feds and when my computer is being hax0red by a script kiddy. Awesome!
Such an arrangement would be next to impossible to compromise, as you would need to break all three programs within the check cycle of all three of them. Either that, or you need to break all three hashing algorithms, in such a way as to find a synonym in all three key spaces. Synonyms in a single key space are going to be common, simply because you're using fewer bits. Two coinciding synonyms will be very rare, and there's no guarantee that the software could be moulded into one. THREE coinciding synonyms will be so vanishingly rare that it wouldn't be worth anyone's while to search for one that's even remotely usable.
There. Problem solved. And all it took was a bunch of Tripwire clones. And someone thought it was difficult?
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
So all someone needs to do to succeed in the anti-virus market is announce that you will detect Magic Lantern.
Lets face it:
A. It's a privacy invasion technique regardless of the need for a warrant. It seems to be increasingly easy for law enforcement agencies to get warrants these days - and we've all heard about the new and proposed relaxation of the wire tap laws. This means the geeks will complain - and we're the ones who make the technical purchasing decisions - and write the software.
B. This will be used against not only capital C Criminal (Those out to blow tings up and cause bloody mayhem) but maybe the lowercase c criminals as well (Those who "forgot" to pay tariffs on the 40 million in imported electronics, or maybe traded on "just a little bit" of insider information. This means that the corporate world is no more eager to have the government listening in than we are.
C. No one should trust the federal government to write stable code. Imagine loosing a few hours of consulting work 'cause it turns out your client is being investigated for tax fraud, and you were working on his WS when ML caused a crash. Oh happy.
Everyone should switch to the first AV provider that says they won't overlook a federal Trojan.
\Drew National Data Director, John Edwards for President
Yes, but what happens when the government writes a trojan that patches GCC to remove the detection routine? Then, someone must write a program to detect the trojan patch to GCC. But if the trojan patch checks for programs checking for trojan patches to GCC that prevent trojan detection, then it won't work. So someone will need to write a program to detect trojan detecting trojan patch detectors...
Will copies being sold in Europe contain this "feature" too? I'm European and I don't trust US goverment at all.
Everyone keeps saying, "Oh, they won't do anything to me, I run Linux." Yeah, well it's just a matter of time before they move over to linux. Only this time, they don't have to ask you to "click here" in an email. They'll just own your box remotely with an exploit and install a rootkit.
Also, of all the Linux users out there, how many will honestly be able to know when they've been owned, especially by someone with mad skills. Don't think for a second that the FBI will just pick up any idiot to do the job. They more than likely will find the best they can.
So, my advice. Be happy they're going after windows, because it's a matter of time before they come after your Linux/BSD box.
Assuming that this is a standardized attachment (ie the same size, etc.) it should be pretty easy for filters on the ISP or client to catch. Also, to my knowledge the only mail clients that can execute code w/o user intervention are M$ products. This narrows the people that can be affected alot.
...but the better ones are not based in the US. Trend mankes the best antivirus software out there. They are based in Japan. There are other vendors that are based out of former communist block countries (I believe AVG is from Russia.)If an Antivirus company goes on record saying that they will ignore certian viruses, I doubt that anyone will buy their software. I know that I wouldn't...
This could already be the case. The auto-update could be reporting back the captured keystrokes...
I think that's exactly what he was mentioning.
--Blair
"Hey! Isn't that John Ashcroft...in a dress?"
Dang - I haven't played that game in over a year. I hope the PS2 version is as cool.
52 Weeks, 52 Religions with John Hummel
but ZoneAlarm Pro will. It detects any app that tries to bind to a port or connect to the internet that hasn't previously been given permission to do so. The second this supposed "key logger" tries to send out it's payload, an alert comes up and it halts until it's been either approved and denied. If it's denied that's it, it can never send anything out on the network again.
And there's no way that the goverment can force them to make it "Not Work" cause it's not signature based.
The same goes for heuristic based scanners that look for malicious code.
Now they will loose all the non-american market!
ROFL
Though i also live in Europe.... ;)
But then i dont use a virusscanner anyways...
I have the knowledge to avoid virusses as i was never afected, except for that bootfloppy virus on my old Atari
Quazion.
#1) How is this really news?
Did anyone actually believe that Norton or McAffee (however you spell that name) would actually detect Magic Lantern?
In addition, is anyone here really concerned about the FBI hacking into your computer?
The only thing I would be concerned about would be someone mis-using the Magic Lantern program itself...
#2) A heuristic anti-virus program that is combined with an auto-checksummer, like what Thunderbyte Anti-Virus (TBAV) was (now Norman Virus Control) would probably still be able to detect Magic Lantern. Programs like these combine a general-purpose virus pattern scanner with an enormous set of checksum files. IIRC, TBAV actually had a checksum file for every single directory it scanned, which was conforting.
-D
... for every time that a story was duplicated on slashdot... the possibilities are endless.
Remembering your name in the morning is already a good start...
I'm sure eventually someone will be able to pick this thing apart and write a tool to detect it. Who cares if Symantec doesn't? I guess that's not really the issue or point, though. By not detecting it, it opens up the possibility of other security holes, and a lot of users will never know about it.
I like to program but I'm not a huge trojan nut but have the basic concept and idea on how these things work....
First off:
Everyone keeps talking about how it will just be a matter of time before a wild version of "green lantern" or something of the sort shows up in the wild....
Dude, if you have Green Lantern on your computer and you find out about it, you've got a lot more things to worry about then sharing it with the hacker / cracker community!
Second of all:
Who cares that the anti-virus software won't recognize it. They haven't detected half the viruses for years!
Heck, Just create your basic client server in c++ or whatever and you'll notice that it is not recognized by the software anyways..... I started to learn sockets and create client/server chats, remote access for work, etc. My anti-virus, anti-trojan software never picked up on it... only my Zone Alarm caught it.
www.slightlycrewed.com - Because aren't we all?
Chances are that if you are in a position to be tapped by the FBI, you probably will be pretty careful about your computer.
Who this is really going to affect are the real end users who buy this software to protect them from viruses, NOT to open their computers up to a possible very large virus/security hole. The criminals will find a way around this.
that future versions of NAV and Mcafee might actually deliver the trojan.
Magic latern will not stop people who want to be avoided. Like other posters have said just use Linux or whatever. So instead the general populous will be taken advantage of. Kinda like national id cards, the terrorists had proper id, that wasn't the problem. So yet again our freedom will be eroded a little further in the name of security, which won't stop the bad guys anyways.
Yes but every time I try to see it your way, I get a headache.
We're constantly aware of viruses bringing down networks and destroying data. It's considered a terrorist activity to write one.
You would think the government would be interested in closing all potential security holes. But now they want to run a roto-rooter straight through every firewall and defence, tell us just to pretend it doesn't exist, and assume that they won't disrupt the normal process of computer security.
I'd like to borrow a technique from the MPAA and RIAA, an irrational analogy. We might as well install FBI doors in our house. They'd all take the same key. We wouldn't be allowed to look at them or put any furniture in front of them. Eventually criminals would fashion a key to all of them and waltz in our door, steal our valuables and shoot us. But we wouldn't be allowed to defend ourself from anyone who came through that door.
A rebuttel from myself: In my heart of hearts I want the FBI to be aware of all sinister plots (which exist aplenty). I want them to be able keep us safe. I know the danger off coordinated terrorist attacks which are beyond scrutiny.
But I worry about unrestrained government, which can closely watch everyone without checks and balances.
I also think that trying to make a security hole which only the good guys can use, and the bad guys must ignore is a bit far-fetched.
I can't imagine the Russians are gonna be putting up with this FBI-nonsense (especially if there's gonna be a profit to be made as the only *real* antivirus-tool :))
Add to that even the most basic of Windows e-mail viruses and you'll recognize that this may already be installed and operational on existing machines. How many desktop users would even notice a little extra traffic now and then?
I don't doubt that the FBI can already do this - what they are doing is slowly "leaking" the idea to the public and the press to see how citizens will react. The police/gov't can obtain anything they want by illegal means, it's just not admissible in court. That doesn't prevent them from using what they found and following those leads, then claiming "intuition" or "encryption cracking farms" as an excuse as to HOW they broke the encryption.
Prior to 9/11, U.S. citizens would've fought the idea, but now many people feel that complacency will yield security. The FBI hopes that both the government and its citizens will allow this when, in reality we all recognize that it shows a blatant disregard for our constitutional rights.
Just the $0.02 of the paranoid. Let me put my tin foil hat back on...
Everytime I want to play a Warren Spector game, I still reach for the System Shock series instead of Deus Ex. Don't get me wrong, Deus Ex is a wonderful game, but System Shock 2 (yeah, its not a "true" spector game) just always keeps me on my toes. That game is just freaky!
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
Sure this is an issue between the FBI and two US corporations, but these companies reach internationally. Could they release patches that apply only in non-US countries? Although, I know the answer is really no, look at the PGP export regulations (ie. "Are you from Canada or the US" "Yes" "Go download"!), it is something to consider.
The new anti-terrorism laws implemented are only in valid the US. The argument pro "Magic Latern" can therefore only be enforced in the US. Anywhere else and truly its espionage. I certainly believe that spyware for the purposes of espionage should be prevented by an anti-virus program. What if Canada and the CSIS (all you Canadians can laugh now), came up with a similar program? Would you not as an American be concerned about CSIS spying on you?
The internet has no national boundries and this is of course not resolvable in the foreseeable future. The US government and the FBI should just be careful that this doesn't further complicate an already controversial foreign policy.
My $0.02 (and maybe a bit off topic)...
Cheers
The FBI is not an international terrorist.
1st The FBI is mostly a domestic organization. Secondly the idea that you could find some sort of equivalence between those who flew Girl Scouts into the Pentagon and the FBI is sickening. You were obviously not spanked enough as a child.
AVP (www.avp.ru) is an excellent piece of antivirus software which beats both CA and Symantec shit hands down all over the Europe. I don't think they're bound by US laws, and, mind you, you're downloading your signature updates from Russia, so they aren't constrained by US laws either.
If I were a software developer for an Anti-Virus company, I'd make a new anti-virus software called "Magic Missle". Its sole purpose would be to detect this virus, and only this virus.
You know how many paranoid, anti-government, Art Bell fans would buy it ?? Even if I sold it for $9.99, I'd be a millionare.
* First, how are they going to disseminate this? Anyone that opens "foo.vbs" or "foo.exe" etc. from an e-mail attachment deserves to be locked up :-) Just don't run scripts or executables and you are safe. Additionally, this has to be targted for a specific system. Are they going to keep different revisions of Magic Lantern for different OSs. Sounds like a development/maintenence nightmare to me.
;-)
* Second what firewall software isn't going to be able to block undesirable IP traffic. Magic Lantern is not an original idea.
* Third, I seriously question the claim that all variants will be detected. You would have to have very accurate profiling to detect all variants, and I doubt that AV software makers will be able to get a copy of Magic Lantern to play with. Additionally, what's to stop "133+ ]-[4X0Rz" from using an UNMODIFIED version of Magic Lantern. This thing is going out into the wild.
I haven't seen the code, so I don't know what the magic is. Around here, any code that is termed "magic" usually gets a code-reveiw
'If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it -- we wouldn't detect it,' said Chien. 'However we would detect modified versions that might be used by hackers.'"
I prefer the quote made in the movie "The Phantom": If you give someone a gun, you better make sure you know which direction it's being aimed.
Mod Karma -1: I sed bad wurds. If I cep my mouf shut, I wud be at riyses.
Great now government agencies as well as hackers want to put root kits on my machine (and burn network bandwidth). I suspose we could just reinstall our Windows machines frequently to try and keep them klean.
Doesn't this sound like the program they used to trap some Russian hackers last year. Remember they hired them and gave them notebooks which recorded everything they did. Then later the FBI used the play back to discover sites, passwords, who knows what else.
Hmmm, maybe when I go in for my voluntary interview I'll ask them for my old DSL modem password which I forgot. Ahh the ravages of age.
Lets see, I am betting within days, this Virus (that's what it is, the FBI can say what they want) ends up on say computers in Canada. What I want to know is what they well do to prevent non us computers from being infected. From what I have been reading, they are not doing a thing meaning even tho I am not in the US, they can still see what I am doing.
.exe on e mails, my friends never send me exe on e mail because they do the same thing I do, del it
Now her is how you prevent yourself from getting the virus.
1 don't open he
2 Use a firewall. Got a fire wall/dhcp running on a p120 Linux system. This means they would literally have to hack the firewall to get to my systems. Do they really have the time to hack my system that is non US
3 Just don't run windows (or at least on the computers you ar doing bad things on).
My 2 cents plus 2 more
Of course, the worms we've seen so far are pretty indiscriminate. Perhaps the FBI can come up with something better targeted.
In any case, I predict more of the rest of the world moving to Linux, soon.
Just use non-US AV software. Norman is great., and there is no reason it should be affected by whatever the FBI decides to do.
Too bad for US AV companies having their software ruined by FBI.
Little of this argument is new; just tweaked a bit on the details. About the only thing that is changed, is the FBI has more support from the citizenry to protect against terrorists. Symantec would get labelled as "anti-american" in this fervor if they did anything else.
And while Symantec might not make many products for Unix or Linux, don't think that the FBI doesn't care what you do with your computer... undoubtably they've got a version for you, too.
Bahh!
Does anyone know whether non-US A/V vendors (like Panda) will detect this virus? Might be a great time for them to advertise this.
Work is for people who lack the imagination to play.
To get onto a target system, yes, it's gotta sneak past the antivirus guard dog. But once it gets in, via email or whatever, it has to install itself. How's that going to happen?
Is it via a trojanized "whack-a-frog" application? What happens when that gets into the wild (when the target, quite predictably, forwards it to his friends). Will the FBI then be inadverdently collecting from the suspect's mother's machine at her office? What safeguards are in place for this?
Is it via an unknown security hole in the mail app? Or in the operating system? Now you've got one branch of the FBI funded and chartered to help detect and quash security holes for the good of the infrastructure, and another branch actively looking for security holes nobody else knows about so they can use it for modern "black bag" jobs.
This doesn't even talk about the problems with other people using the machines and such. I'll leave that to the folks in congress and the courts to debate (ha!). But, from a security-geek point of view, we've got:
Suddenly there's a whole new world of legal black-hat activities. What's an ethically-minded security professional to do?
The only way we can show Symantec the injustice of their actions is to hurt their bottom line. I believe it is appropriate at this time to call for a boycot of all Symantec products until such a time as they reverse their decision.
Who's to say that the FBI, Symantec and Network Associates are not already in bed together?
I spent a lot of money in a anti-virus software to avoid that any kind of unawanted software is running in my so-called servers.
I also was hoping to minimize the risk of having any kind of confidencial data stolen from my company.
And now? how can I be sure that FBI won't steal my confidencial data (note: I know they won't use it, but still he can steal)
I want my money back.
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
...When the security breach is exploited by a "hacker" instead of the FBI?
These companies provide detection and removal services for widely-distributed and automatic attacks. That is to say, it's their job to clean up when someone releases a virus that spreads all over the place. They discover something spreading, and they make an update.
If the FBI is doing their job well, that's not the situation here. The way they've been describing this working is that they set it up to attack the particular person against whom they've obtained a warrent. It doesn't email itself to the target's addressbook, it doesn't attack random IPs, it doesn't try to infect floppies. That would be both illegal (since it could destroy the data of non-targets) and probably invalidate their evidence (since they don't have a warrent to investigate every individual in the US).
So a virus scanner shouldn't catch Magic Lantern, because it's not really a virus, in the sense that they're scanning for. It's an attack tool, which uses the methods often employed by viruses. Virus scanners don't fix security holes; they look for particular malicious and spreading code on your computer and clean it up. They won't stop Magic Lantern, they won't stop someone hijacking your passport account, and they won't stop even script kiddies breaking into your webserver, because their purpose and system design just aren't good for that.
So far I haven't heard of any IDS companies saying they will ignore ML, nor have I heard of any companies saying they won't fix security holes that ML uses. That's what would be significant.
It would expose them to all kinds of liability, "oops, we didn't mean to log all your keystrokes Mr Gates, we thought we were infecting Bobo 'The Clown' Longfoot's machine, so sorry". If you need a search warant to put such a tool in place then they need to be danged sure that it _can't_ end up on someone elses machine.
It would probably be counter productive, if a crook is sophisticated enough to use encryption to begin with then he's probably going to make use of any means that will come about to detect such a virus. Which means he can take advantage of it - learning that he's being watched, using it to provide false information, etc etc.
OTOH, finding out exactly what the hell it looks like is pretty good. I'm sorry, paranoiacs, but the chances of this thing cropping up on Joe Public's computer seem pretty slim. You'd have to be associating with some rather sketchy people before you'd ever get a glimpse of this thing in action, it seems.
I think there is a world market for maybe five personal web logs.
... I did place the wrong FBI "code name" in ...
.. Pipe Dream seems to be more fitting.
Still
-- Knowing too much can get you killed, but knowing who knows too much can make you rich.
I'll take a chapter from the book of biology. If they won't protect against Magic Lantern, then perhaps some people (assuming they can get access to the ML code) create viruses/worms/whatever which use the same methods as Magic Lantern.
Then, that'll put the companies in a tight spot.
As soon as someone does get infected, someone will detect it. It has to send it somewhere, probably a simple IP. How long before someone hacks the crap out of that box(s). Or figures out how magic latern sends info back and starts just flooding it with, "hey FBI, you are a bunch of f***ing idiots.". Really this magic latern news is getting old, it is just a matter of time before the FBI realizes that this approach will not work. They are better off doing it a more legal way, case by case. If you first suspect someone, get a warrent, then you sniff their packets. If it's encrypted then you go the next route. But one at a time. Pay proffesional crackers, don't waste money on a cookie cutter solution that won't work three days after it is invented. I think most people don't need to worry unless they are doing illegal things in insecure ways, in and out of the internet.
Why is this thing a Trojan?
There would be no issue at all here if this program was something that had to be manually installed. If the FBI got a warrant to enter a suspect's home, install a 'tap' on his PC, and then retrieve the data, there would be no issue.
Any criminal savvy enough to detect that sort of intrusion is also savvy enough to detect and subvert Magic Lantern. Hell, if I had something to hide, I'd keep it away from the networks, on an encrypted drive, wired to destroy the data if I failed to log in correctly - and I am NOT a criminal mastermind.
All ML does, by being a Trojan, is get non-criminal technologists pissed off over civil rights and such.
Sure, it may make the 'tap' easier to set up remotely (does it really? only with very ignorant criminals I think) and to pull data off as it's being generated, so that a logfile can't be easily found (but anyone with something to hide is likely to be sniffing their own packets anyway, no?).
There's something else going on here. It could be about testing the waters for industry compliance to Federal backdoors (PGP anyone?). It could be to increase the anxiety level of technologically inept/newbie potential terrorists.
The publicity level of this strikes me as a diversionary tactic, because the technological aspects of ML are surely defeatable (we can look at our own packets down to the bit after all) and the audacity of it (Big Brother factor) is sure to kill it.. The next step is to have each cell phone sold with a listening device that the FBI could turn on remotely. Even the technologically ignorant would not stand up for that, or for this.
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
The only question Symantec should ask itself is 'is this a virus or not?' It seems to me that the FBI software is clearly not a virus if it is installed legally and used in concordance with all existing surveillance laws.
-josh
Righto. The FBI probably will use it cautiously and not very widespread for awhile, but eventually it will probably get discovered on some diplomat's computer and everyone over there will freak out.
And if its inner workings are kept secret, then how are we to differentiate between the software? Any remote keystroke logger that get's by AV or ID products might be mistaken for the FBI's version, and there would be no way to determine who it really was: "Uhh.. no, Mr. Putin, that wasn't the FBI's version of the keystroke logger on your top aide's computer.. but we can't tell you how we know without disclosing how OUR system works... just take our word for it." Sure.....
These av companys are sooo dumb. If hackers want to find out if the fbi has this on their comp then they will write there own tools to detect it. In my opion most AV software isnt worth crap because there are tons of different ways of writing a program to the exact same thing. They will never beable to find every virus. And if they leave out detection for this keylogger that will just leave another hole for hackers.
I just wonder how a free software anti-virus lab would work
Easy- we fix the problem instead of treating the symptoms:
If there are exploits, they get fixed. So you would never have to worry about an email or webpage hijacking your machine.
And so long as you stick to source-available code (not necessarily the same as open-source) which has at least a moderate distribution, you dont have to worry about trojans.
The run-away virus problems you see in windows are a direct result of a closed source culture where all software is delivered and exchanged via inscrutable black-box binaries. A typical windows user thinks nothing of downloading a .exe file from an untrusted source then running it, whereas a typical unix user would get shivers just at the thought of doing so.
Virus scanner software is just a huge patchwork of duct tape that is fundamentally incapable of solving any problem- or providing any security.
(for example nimda: it had already done its damage by the time it was in the pattern files)
If an open-source system and philosophy were ta take hold of the desktop- an entire industry (virus scanning/recovery) would simply disappear.
Geez.1
Does this:
www.slashdot.org/article.pl?sid=01/11/24/232424
look familiar?
"A terrorist is someone who has a bomb but doesn't have an air force." -William Blum
i think mlantern.com should sue them for trying to diffuse their copyright or whatever and confuse their customers.. if it were me, i wouldn't want my companies good name associated with an evil gov't plot..
Winston, I see by our *camera oscura* that you haven't meta-moderated today. As you know, meta-moderation is an important part of *user hygiene*. If you choose not to meta-moderate today, you will loose your bandwidth priviliges for a week. Continued negligence will result in *account termination*.
anarchy rules
All of my windows boxes have screen saver passwords, and if I were really paranoid boot passwords - so I doubt getting a warrant to come into my house and install the thing would work all that well unless they want to do some harddrive swapping (even that would require some hardware matching, difficult but not impossible).
So, am I going to be stupid and click on that MagicLatern.exe attachment from bob@fbi.gov? I don't think so. And I read all of my home email over the web, which pretty much eliminates my exposure to VBScript holes in Outlook or Exchange.
Not that the FBI gives a rats ass about anything I type, but if they did they'd have a hard time installing this software on any computer I use.
-josh
Hey! Isn't that John Ashcroft...in a dress?"
No, it appears to be Richard Stallman. And he's doing the tango with Airsick Raymond, who has... is that a strapon on his head harness??
"These 'houses' and their 'locks' are a dangerous threat to America, and I completely support the Shining Gold Christian Crucifix Crusaders of Goodness and Light in the FBI in their fight against the Minions of Satan that are using this dangerous, immoral technology," President Bush declared today from the same secure, fully locked secret bunker he disappeared to on September 11th.
Anti virus companies deemed terrorist by the Bush administration.
Three US anti-virus software makers failed to comply with the FBI on its key logging software called Magic Lantern. Magic lantern will help the FBI track and hunt down terrorists (Hackers). The Pentagon claims that these companies are harboring terrorist and might be targets in the war against terrorism.
Symantec, McAffee and Network Associates have joined the list along with Somalia, Iraq and North Korea as targets of America's new war on terrorism president bush said yesterday.
Take apart this government NOW. Don't bother writing letters; in the current atmosphere nobody is listening to reason. The only legal means left to try is recall petitions. Recall every congressman who votes for this shit and for every senator who voted to confirm Ashcroft. I'm not real sure how it could be made to happen, but you might even try a run at the shrub. Whom to replace them with? The weakest, most ineffectual non-leaders you can find - with any luck they'll waffle and dither around and stab each other in the back continuously so that nothing ever gets done. Congress really works best that way.
The Constitution is the country. You can't defend one without defending the other.
The cake is a pie
that's one i'll buy.
Ok, correct me if i'm wrong here... I live in Canada, if I buy software that claims to detect viruses and trojans but in fact it deliberately allows trojans from a foreign nation's secret service is that not some kind of fraud?
Seriously, would this even be legal outside the USA?
This means that I can write a clone that self-replicates but has the same signature, and...voila! A single copy sent to Norton and another sent to McAffee and we'll see how fast they turn around.
That green slime had it coming.
- Begin Email -
As the "alpha geek" in my peer/family groups, my friends and relatives always check with me before purchasing software. Given the statements made by your company in regards to allowing federal torjans to live undetected on your paying customers machines, I will now refer the inquisitors to an alternative brand of AV software. I am also asking all of my other "geek" friends to take similar action in thier peer groups.
I sincerly hope that this will negatively impact your company enough that you will consider changing this reactionary policy.
Thank You.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
- Benjamin Franklin, Historical Review of Pennsylvania, 1759.
- End of Email -
If we all did this in a non obtrusive way, (friend asks what AV should i buy, you say ,"Sophos") this could have a huge impact on the offending software companies.
Is there a ZoneAlarm-type program for Linux? Yes, yes, I know the built-in firewall can filter out whatever I want, but the feature of ZoneAlarm that I like is that it pops up and tells me WHAT app is trying to access network resources and what address it's trying to connect to and then I get the option to allow or deny it.
does anyone really think that this virus will only infect u.s. machines?
if i was tasked with the design of this software i would code it to spread like nimda or code red.
it would only be a matter of hours before this virus crossed the border and who knows where it'll be next!
I wonder if the expressed policy on their antivirus products (if it's FBI, it's OK) is extensible to other even more sensible products...
That is, should I trust NAI and their PGP product? What's the difference between not detecting an FBI-designed virus and having a backdoor on PGP only known to the FBI (or any other 3-letter agency by that matter)?
Does Symantec's firewall turn into a highway when it is the FBI that is trying to 'access' the network?
I consider this issue quite pathetic, security is build on trust and I don't see how can I trust these companies anymore after they publicly recognize their collaboration with third parties.
Partly, I am already using open source and non-US products but I will do it even more from now on and I encourage you all to do the same.
I might be missing something, but if this spyware is close to something out there now, or potentially out there later, would there rather have to be a distinction made between "this is spyware" and "this is FBIware"? Detection of modified versions also suggests there will be SOME form of awareness, so don't both these cases provide some sense of a blueprint to look for as a potential FBI target?
"If you're not failing every now and again, it's a sign you're not doing anything very innovative." -- Woody Allen
When I buy a new lock, the locksmith doesn't send a key to the FBI, why are the AV companies (basically) doing this??
--
Don't sweat the petty things, and don't pet the sweaty things.
Nothing to hide, eh? Well, Mr.... Paladin, is it? We have noted via our *camera oscura* that you are using a *proscribed system* called Linux. Disgusting name, really. You are aware, I trust, of the penalties for trafficking in *non-object* code? Did you know that the *un-good, un-binary* code for this disgusting piece of filth is freely traded on the *black network*? I thought not. And I'm sure you'll be happy to submit to a prophylactic *decontamination*.
You'll need to *happy-boot*, of course.
anarchy rules
Looks like an opportunity for an open source virus scanner project... if one doesn't already exist...
Magic Lantern has to be the non issue of the year. It presents a means for the FBI to specifically track suspected criminals, after obtaining a warrent with REASONABLE CAUSE.
If you oppose Magic Lantern, then you'd have to oppose the fourth amendment, which allows searches for "probable cause"
And the issue of this technology being hacked is absurd. Does anyone really think that the FBI has better hackers than the rest of the private security community? Black hats would create this tech (and probably have already) and wouln't need the FBI. Moreover, Magic Latern has to be running on your box, which is a non-trivial feat if you keep your box secure.
So how would this work exactly?
The only way I could imagine the AV software would be able to skip the FBI version and still catch 'un-authorized' installs would be if the trojan were cryptographically signed... it would have to sign the whole thing, including the destination for the transmitted keylogs.
if they hard-code an IP to deliver keylogs to they would be open to DDOS attacks.
if they use a domain name then virus writers could just use an unmodified FBI trojan and also send a hosts file to the victim that maps the keylogs.fbi.gov site to their own system. (or subvert DNS some other way, god knows that's easy enough to do)
So how exactly could AV software allow legit FBI trojans but not others??? It's definitely non-trivial, and we won't get to peer-review their implementation.
hmmm, maybe if the trojan encrypts all the keylogs for the FBI using a public key...and the trojan itself is signed...
hmmm, anti-virus updates might now include pro-virus updates?
Actually, you could build a DOS attack on that basic principle (even if they log the strokes instead of sending out in real time, they gotta upload the logs at some point). Admitted, it'd be tough to get a copy (not in stores, not open source, definately not in a published RFC...) but if someone could reverse engineer the protocol (some encrypted FTP, I presume) you could build all kind of nasty utilities!
What to name it, though? "Magic Darkness" or maybe "Flashbang"?
"Prepare for the worst - hope for the best."
First McAfee, now Symantec, how long until the FBI can get past any virus scanner they like?
If there's spyware on my system, I don't care whose it is, I want it off! I wouldn't be too happy if I discovered a keystroke recorder running on my computer, with total immunity to antivirus programs, and I don't think anybody else would either.
Try doing a search on fbi.gov's website for Magic Lantern.
Search found 0 documents from 3838 searched
After all the information being covered on it I figured the FBI would have something to say about it. Guess not.
At the very least, foreign companies will get the chance to sell real antivirus software unlike these American guys who are selling their souls to the FBI.
See, there are two ways to go about fighting terrorism:
You can be patriotic, and support the ideals of what freedom stands for, or;
You can be nationalistic and support whatever dumbfuck policies that GWB and Ashcroft decide to shove down your throats.
It seems that most people in your country choose the latter. So I have no sympathy for you.
a new firewall software package? I havent heard of this company IBF (Integrated Business Firewall) before. Wonder how good it is... guess I'll give it a try. ;)
An optimist believes we live in the best world possible; a pessimist fears this is true.
The FBI could change their mechanism, but they'd be stuck doing remote upgrades of all the computers they'd already infected. If you had a sniffer watching for upgrade traffic and keylog traffic, you could detect an infection.
"Prepare for the worst - hope for the best."
Personally, I wouldn't be surprised if part of Micro$oft's deal with the DoJ was to add this application to the already invasive registration scheme built into XP. Maybe we should start the rumor... };->
Do you honestly think that every computer that has your personal info on it is a non-windoze system?
We are geeks, our linux boxes are secure.
What about your personal data held by the idiot in personel on an unpatched Win95 box?
This affects everybody
Anyone quoted by a reporter knows how little they understand
Don't believe what you read is the truth.
god damn, that is a scary idea.. magic lantern wtf? what a gay name anyways, might as well call it FBI is a secretly gay gardeners association
By not detecting magic lantern, symantec and mcafee are just promoting Linux. If I was a criminal I wouldn't trust Microsoft operating systems.
A few things happened in the Microsoft world that made it pretty easy for viruses to spread that could not happen in the Linux world.
1) most people don't read their email while logged in as root. This is the number 1 reason why viruses easily spread in Windows systems is because in Windows, just about everything is done with an account that has full control over the system.
2) In Windows-land you generally run binary-only programs and you have no idea what the source looks like. Most programs in Linux come with the source code. You are not likely to run a binary only program in Linux unless you know for sure who its coming from.
So, to reiterate, viruses are executable programs. They need both permission to execute and a means of spreading themselves. Windows systems were already set up to allow these things to happen by default. Linux systems will never be set up that way, at least not on a widespread basis.
I don't think we will ever see problems as widespread and damaging such as Nimda or Sircam on Linux systems, no matter how popular Linux gets. Its just not designed to easily allow programs to be run, without someone explicity giving it permission. Even exploits of commonly used server programs are limited in the damage they can do, because most servers do not run as root. No, the virus writer has a much much harder job to do on Unix systems. Why bother when Windows is so much easier?
No, Thursday's out. How about never - is never good for you?
Proper security is impossible without real user accounts. Those who use Windoze are naked.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Would it be possible for Magic Lantern to be built into a closed source OS like Windows XP?
During the Johnson Administration, the FBI was used to spy on the Civil Rights movement.
During the Clinton Administration, the FBI was used to spy on Republicans, and upon Christians, including the Cardinal Archbiship of New York, under "terrorism" laws.
They also used the IRS to go after journalists critical of the administration.
You think they will only spy on genuine criminals? Wake up and strenghten the things that remain.
How many people die each year trying to immigrate to your country?
Except modified versions that have been modified so as to fool Symantec's software into thinking it is part of a legitimate FBI investigation, in which case Symantec's software will ignore those versions.
Suddenly, my virus detection software is doing it's job again....
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
http://marc.theaimsgroup.com/?t=100695477800001&w= 2&r=1
If you are aware that the FBI may be watching what you are doing on a particular system, then would you use that system for illicit purposes anyway? Or if you specifically were using your computer for illicit purposes, would you try to circumvent those FBI security measures?
.doc file attachment just says, "Hi. You know you shouldn't click on these things. It's takes a week to get the system back when you do. You're fired, please clean out your desk."
It sounds to me like the only people that this is going to affect are the people who aren't going to be trying to get away with anything.. ie 'I don't care if I can detect if Magic Lantern is on my computer because I'm not doing anything wrong'.
If someone is too stupid to realize this then they're going to get caught anyway so what's the big deal? It's like people who think no one can log their web surfing when they log into their proxy at work. If I found someone surfing porn at work I would fire them not because I care that they are looking at porn, but because if they are to stupid to realize that I can watch what they are doing, then I don't want them working for me. It's quite stunning those supposed 'experts' that click on weird email attachments and bring down the whole system. These people know better. An idea would be to send out an email like that that looks like a trojon but in the
Ok, so I'm on a pointless rant, but the point is that this monitoring seems to be pointless. So I guess they can do whatever they want.
Since the internet is world wide, and it is impossible to limit this program to running just in the US and countries that might pose a threat... How would China or Russia feel about us infesting their computers with this spy software? How much different is it than finding a person that is a spy? It's punishable by death in many places. So should the makers of this software be punishable by death? Does the US really have a leg to stand on here? Just a thought.
if you tried to DDOS the FBI, you would be secretly taken by the secret internal security police, tried by a military kangaroo court, and secretly executed. All of your friends and neighbors would be spied on as 'suspected terrorists or protectors of terrorists' all under the grossly mis-named "USA Patriot's Act" Which overturns the last 800 years of English-speaking Constitutional history.
$5 / month hosted VPS on linux = awesome!
This could be the starting point for a big push for home biometrics use. I am not that fully versed in how the software works but I think it would be pretty difficult for the FBI tosteal your passwords if you passwords were your thumbprint or your face. ;)
"Like Ma Bell I got the ill communication..." ---Moron
This is fucked up..
<^>_<(ô ô)>_<^>
..and you sure there are no root exploits available ever, and you can not modify you shells to log what you type after "su", etc.etc. Do not live in a dilusion..
<^>_<(ô ô)>_<^>
Step 1: Install Linux over your Win98 partition.
I'll leave the subsequent steps to others.
(Sorry... just couldn't resist.)
No biggy, fed-b-gone.sourceforge.net will appear on the net shortly after the FBI starts using it, and every semi-witted criminal will use it. This program will detect and neutralize the FBI trojan and all will be back to square one.
Version 1.2 will have animated systray icons, audio alarms, and alphanumeric/SMS paging.
Also, this presents an exciting new opportunity for virus authors to try and mask their payloads as Magic Lantern.
So, Ask yourself, if your AV can't find these programs. Did u continue to using ?
.NET on way.
This keyloggin thing totatly useless idea.
What if some one crack up the these keylogger and get logged data for himself?.
Putting someting on user computer can't resolve your problems. Is it too hard to understand ?
Software companies try to protect their products with dongles, prgrams, locks etc. But it not worked.
What they do?
Try control someting from their servers.
Like online games, like M$ XP. Also
It seems FBI waching too much Holywood NET movies.
If FBI wants to do someting. Perhaps they can put giantic loggers on the central routers. But that much of data can't be checked.
My suggestions to USA Goverment.
Made them more rich. Other wise every time they coming. Noting can stop them. A man ain't got anything to loose your worst enemy. Your nukes, Your Agencies, Armies even FBI keyloggers can't stop them.
This is war of the share.
[My english is better than most other people's Turkish, so please point out mistakes politely. Thank you.]
You go, friend. Oh, and make sure to register your GPS tracking device with the ACLU and the EFF.
1. All future virus and worms will look like magic latern, or behave like one... for examples, melissa latern, magic i love you, sirmagic, etc.
2. Criminmals may start sending fake magic latern messages or keystrokes to fbi.
3. There will be a new breed of open source virus-definition files or software that will do the job right.
...if anyone sent them a bill for the CPU usage?
I'd sure love to hear of a defense lawyer bringing that up the FBI's theft of electricity in court.
CUR ALLOC 20195.....5804M
I'm sure you know this one already but,
Amendment IV
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Someone screaming for help is probable cause, but if I tell my wife not to let ANYONE in unless they have a warrant, then she won't let them in. I would expect no less from a hired security officer.
Ummm, Jon, aren't you supposed to be dead...? - Otter(3800)
but they very carefully dance around the point, and the final statement about complying with any and all laws is a big out. If it is legal to have a keylogger, then they've no problem. Corporate morality is a greased pig on a very slippery glass hill.
errr....umm...*whooosh* *whoosh* Is this thing on ?
> Crime is murder, rape, arson, robbery, identify
> theft, violence and abuse...
> NOT backing up software, fair use, recording a
> tv show, downloading an mp3, having sex,
> smoking, erotica, fiction writing, speaking
> against the government, abortion and sexual
> orientation...
That's your own opinion. You are no more "right" than the percieved "moral majority" that you believe controls the legislature, the courts, and the weather.
Wake up and smell the hypocrisy, Slash-hole.
hopefully ad-aware (www.lavasoftusa.com) will detect and remove this as just another piece of spy-ware.
Lawyers, MBA's, RIAA? A jedi fears not these things!
Hackers won't need to mod the program, just capture the data it pumps out. I can see this as THE hack. Once you can get Magic Lantern installed onto a system, just capture the data or intercept the packets. Since the hacked system won't detect Magic Lantern, you just need to write code capture the output. We'll see dozens of new viruses a day that capture this output. Sooner or later symantec will get tired of writing hundreds of updates a week trying to stop these intercept viruses while keeping the keylogger hidden.
As for firewalls, well this thing has got to send it's data somewhere, and once people figure out where it should be easy enough to detect and block or reroute to somewhere more fun.
I don't suppose it would actually send data all the way back to the FBI, probably to some machine sitting at the ISP. But if it were hardcoded, can you imagine the DDOS potential of just sending out the FBI logger as a VIRUS ITSELF?
-- If god wanted me to have a sig, he'd have given me a sense of humor.
'If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it -- we wouldn't detect it,' said Chien. 'However we would detect modified versions that might be used by hackers.'"
If it was safeguarded properly and no one misused it, there wouldn't be a modified version that would be used maliciously, would there?
void women (int money, time_t time);
What does the FBI need to do to keep American computers secure from terrorists?
Keep "Magic Lantern" out of the hands of criminals.
How does "Magic Lantern" work?
The FBI sends it to criminals.
I work for a medical marijuana dispensary in California. We are a full service harm reduction center, serving ~3,000 members, most of whom have very serious, life threatening diseases. We have the full support of our local and state elected officials for what we do, but the Federal Government still considers what we do to be completely illegal.
We have a computerized member verification and POS system. We store some confidential member data, for research purposes.
Even though our private network sits behind a firewall, Magic Lantern scares the pants off of me. I really, really hope someone finds this in the wild and fingerprints it so I can implement some mail filtering. I'd feel pretty bad if someone with cancer went to jail because I couldn't protect their confidential data.
Anonymous for obvious reasons
This will actually be fun, when I get infected with it, and the FBI doesn't have a warrent for this to be there. Then the government will have a lot of explaining to do, and will end up costing the taxpayers for their incompetance.
Write your own little "access-to-my-computer/network" program using something wack like ROT13. Get a copy of Magic Lantern (or whatever its progeny will be called) onto your computer (I doubt they will track how it GETS onto your box), and sue them under the DMCA for using a CIRCUMCISION DEVICE to get around your encryption device.
I wander what their policy is towards government sponsored trojans and viruses.
According to their website, "Grisoft Inc. is a U.S.-based company established in 1998 as a holding company for Grisoft, s.r.o., a Czech Republic-based high-tech company specializing in the development and marketing of anti-virus software for computer systems since 1990."
I just finished sending them a letter asking what their position on this issue is. I'm hoping for a positive response, that being anything opposite of Symantech's or Network Associates policy.
Their web site is www.grisoft.com
You have no idea how relevant this is to me. I'm in the process of setting up a new home computer system and I need to buy anti-virus software. I have to thank Eric Chien for warning me that Symantec would happily accept my money WITHOUT really working to secure my system on my behalf. Not that I have anything to hide...except my passwords and credit card numbers.
Now, my problem is finding someone else to buy AV software from.
Download.
Don't mind yankee wankers...m'kay.
I'm a republican, but I'm not a nazi. I don't care who the democrats have --- I'm voting for him.
Has Zone Alarm weighed in on the issue?
Speak truth to power.
And before you claim you can't get a desktop ARM based computer, my father uses two every single day.
cpeterso
Vaapcon was much more recent and I knew a few feminists that got caught up in the net.
An Education is the Font of All Liberty
I find it rather amusing that with all the typos or misspellings throughout your comment, you attempted to use the word "whom". And you got it wrong.
Win dain a lotica, en vai tu ri silota
Which gives the FBI the right to spy on people without a court order.
A little history for starters2 32 12&mode=thread] and a reference to a previous article [http://slashdot.org/article.pl?sid=01/11/24/23242 41&mode=thread] and [http://slashdot.org/article.pl?sid=01/11/20/21552 51&mode=thread].
first for the fun this should be lumped in
[http://slashdot.org/article.pl?sid=01/11/28/16
3 other articles related in almost as many days, and differing authors, Becareful never to inundate and spray too much knowledge, lest u insulate those who need to know. Why anonymous, fighting the insane masses,,,,, or just to lazy to find that slashdot login and password? Frazzle
I appologize if this is redundant but...
What difference does it make if the FBI or Hackers are using Trojan code to log events on my PC or home Network?
Either way it is a violation of my civil rights.
And where do companies like Network Associates or Symantec get off picking and choosing just WHO they allow to violate MY rights?
If I'm paying them for software they say will PROTECT my PC/Network, I'm paying them to protect against ANYONE who might violate my rights, not just who THEY deem to be a "hacker".
And that's my rant for the week.
"You are not a beautiful and unique snowflake."...Tyler Durden
This big brother, "homeland" crap has gone too far, and each of us should take action. The way to make a change is to change our government. I'm a Republican, but I'm not a Nazi. I don't care if the Democrats put Bert or Ernie up as a candidate --- I'm voting against Bush.
I believe we should call an immediate boycott of all companies producing anti-virus software who refuse to detect and tell the end-user of any viruses whatsoever that the user has not ok'd to be on his/her computer. Let these companies and the government learn that we will not simply accept whatever they wish to do to us and give us with no say whatsoever.
You might want to ake a look at These Guys. Good, free AV for windozers...
Am I guessing right that all that would be required to get your own Magic Lantern is set up a moderately suspicious system and then wait for the FBI to come install your copy? Ought to be not too complicated to put a Windows box behind a *nix firewall with standard packet sniffers in place so you can catch Magic Lantern's signatures on its way in. The hard part might be, if you want to use it yourself on other parties, dealing with any encryption it might be doing on data it sends back to base. But unless the encryption code itself is part of the signature that allows it past Symantec's firewall and/or antivirus detector, it should be possible to patch in your own routine there, rather than needing to fully disassemble the government's and break its keys.
What am I missing? What will keep thousands of curious kiddies from getting their own Magic Lanterns for fun and exploration? This kind of guarantees wide-spread vulnerability, doesn't it?
"with their freedom lost all virtue lose" - Milton
Never mind the virus scanners, I bet 99% (if not more) of all checksum utilities will see it (tripwire, et al) ;-)
How on earth can anyone (i.e. FBI) think they're going to get a trojan installed on a bad guys machine with out notice. Sure, some won't notice, but if I were doing bad things (disclaimer: I'm not!!) I would be really paranoid and doing regular MD5 scans of my file's checksums would be apart of that now that I know what they're up to.
Last time I checked, there is little one can do to circumvent a Tripwire checksum scan if the Tripwire database wasn't compromised.
just a thought...
-s
As evidenced by this thread, the kiddies at Symantec Customer Service don't know when to punt!
Ya Sure! You Betcha!, The_THOMAS
Perhaps citizens of other countries can sue their representatives of NAI and Symantec for intentionally giving FBI access to their machines.
For my X number of machines that are NOT connected to the Internet which I can do WHATEVER I WANT ON(redundant, I know). Besides, if you know your OS well enough, this won't be an issue. Period. Of course Windoz machines may have a problem.....
Its funny how this will be a problem on MS OS's(proprietary) and probably not a problem on Open Source OS's.
It never felt so good to be a Linux User
Sure, someone could break into my house, power off my system, cut the case padlock, jumper the motherboard switches to reset the CMOS password, boot to a boot floppy, load the esoteric filesystem modules, log in as root and install some shit, but I'm going to notice when I come back and my system isn't in the same state I left it in.
And I sure as hell know better than to run programs other people send me. It's true that no system is completely secure, but the system only has to be secure enough. Secure enough that I notice when someone's been tampering with it.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
OK, so the Big Two US antivirus companies appear to be voluntarily cooperating with the FBI as far as non-detection of FBI keyloggers is concerned. How long until:
1. Companies are pressured to install government backdoors in their software
2. It becomes illegal to produce software without government backdoors
3. It becomes illegal to download/use software without government backdoors
4. It becomes illegal to download/use software which DETECTS or REMOVES software containing government backdoors
Fun fun fun! Dum de dum... "Land of the what?"
-----
PGP Key ID 0xCB8FF658
freedom has lost
Look, everyone knows that the whole virus anti-virus thing is a big protection racket. You need to buy this product, or who knows what will happen to your computer. Probably M$ is getting a cut of the action also by making outlook express the perfect virus spreading application. I just wish I had thought of it.
These are basically the same prediction.
Not quite. What I meant was that if they can't use a worm/trojan to install the backdoor on a certain OS, they will use some other means to sniff your keystrokes.
The mass majority of criminals are going to use the OS used by the mass majority of consumers.
Criminals are not all stupid. Any criminal savvy enough to use encryption will be savvy enough to use an alternative OS.
You can be sure that this would NEVER happen.
Considering the rate at which rights we assumed we would always have are being eroded, I could NEVER be sure that something will NEVER happen. Nor should you.
Takahashi Rumiko made beats! DON, taku, DON, taku. . .
I wonder. Take Kaspersky antivirus. From what i hear, it's better. I don't see it starting to dominate the market.
This privacy issue is currently too marginal.
So what this means is that the FBI just needs to enter the standard code for your home alarm system, and they are in. You'll never know either, unless you have some other sort of tripwire.
As far as X10 systems go, you've got to be kidding. You can disable these suckers from an electrical outlet outside your house.
The mass majority of criminals are going to use the OS used by the mass majority of consumers.
The vast majority of criminals are, indeed, not very bright. I sincerely believe that's because if they were indeed smart, they would find a better way to make a living than through crime and so on.
For proof, attend court someday and watch the carry-on. It's amazing. "The perpetrator left his wallet on the table when he tipped the stripper just before he held up the nightclub. We identified him using his drivers license." And it goes on and on. Crime, by and large, is committed on the spur-of-the-moment and against a target of opportunity; in other words, it doesn't involve a lot of advance planning, no matter what the movies say.
Therefore, your statement is correct in that the majority of computer-using criminals will be using Windows, just because it's there. However, I suspect that the real "career criminals" like the Mafia and such will have people around to advise them on computer and communication matters and those guys will likely be beyond the reach of this Magic Lantern stuff.
Which actually takes the point away, doesn't it. Those are the guys that the FBI will want to get using this technology because they can't get them any other way (or so the story goes). However, they will be the only criminals (generally) who will have the know-how (or people "on staff" with the know-how) to circumvent the methods used.
If you're a zombie and you know it, bite your friend!
The TLA?
:)
I'd think, if you don't know the howto's , just copy the just use the pgp and mail editor on a separate machine, like your handheld.
The main reason why FBI spyware could work, and be ubiquitous is, paranoid people stand out. People don't like to stand out.
It makes them paranoid
And of course, the feeling that someone MAY be able to read everything you write really can have a strong censoring impact.
In a global computing community where packets travel around the world crossing countries based on fastest route, not politics or tarrifs, any antivirus software that aligns itself with a particular government's intelligence agency is *not* going to be the dominant antivirus software package.
:( )
Bye Bye McAfee and Symantec. You're coming off my computers. Not that I'm paranoid, but why would I go the trouble of having PGP/GPG keys and signing email and then let the FBI install a keystroke logger. Would I voluntary install keystroke loggers for *ANYONE* on my production UNIX boxes (and still keep my job)?!? HECK NO!
Any bets on how long before these antivirus software companies start making alliances with other companies to install spyware and track users and display advertising while trying to stay alive?? I can see it now - NAV coming bundled with Magic Lantern *and* Gator (... to help you out, of course) and once installed there won't be any uninstall option until ad-aware gets updated. Great tool, that ad-aware - if you have a few brain cells and need to run windows anyway, it's a must - http://www.lavasoftusa.com
Windows is a petri dish, not an OS. As such, antivirus software is absolutely Critical. Why would I lock down my unix boxes, scan my servers, and then allow FBI keystroke loggers on windows boxes??
If only everyone I work with didn't use email as a vector for transmission of Microsoft office docs and other proprietary file formats, I wouldn't be in the predicamant I am now of needing to use windows for email instead of Mutt (No, Staroffice doesn't do it - ever try opening ppt95, visio, or an Office binder?
If the AV applications can detect modified versions, then the specifications .com file
.
for the file WILL be included in the AV data or it couldn't filter it
out..... Gee, if you really want to tell me the file is 847bytes and is a
(or whatever) how hard do you think it will be to locate on computers?
Or am I just wrong and this just makes everyone that much safer?...
but really... safer from whom?
Let's just lay all of our rights down on the table one at a time and under the
guise of public safety remove them one by one until we are the
new Russia? Extreme I know, but look at the last few years and tell me,
have your rights and freedoms increased or decreased?
... Now ask why...
It's starting to feel more and more like the movie Matrix in format to rules
and to the bottom line, control. Soon, we'll have to go back to BBS
boards and access to them being restricted to only those people you know
in the real
Goodbye internet, Hello Governed-Net!
The idea that the FBI will stick a trojan on your system to log your keystrokes, shows me crimminals are pretty stupid.
If you REALLY was wanting to do something illegal, and it's on computer, would you leave your computer hooked to the internet? I mean *physcially?*.
Anyone can get 2 computers, one as a net computer, (hooked to the internet), and a main system NOT hooked to the internet in anyway, physcially disconnected.
Hell, in Mission:Impossible (1), that was shown! Cruise needed to rapple down from the ceiling to access that machine. I have 1,000s of MP3s on my 1.5 ghz machine, *along* with business records, my credit card #, and other things. If I allowed any one to get on my system with my family's business records, I'd be liable! I cannot afford to allow that.
So guess what? No cracker can get into it, from the internet cause it has NO PHYSICAL CONNECTION!. No lan, no laplink (null cable), no cable, no dial up, nothing. Only wires are the ones going from the computer to the perifs.
Why did I do this in the first place? I got fed up with all the idiot programs sending out data about me, to sell off. Only after my system was destoryed with a virus, and took me weeks to rebuild, did I finally break the connection. Now if a cracker gets into my system, and damages it, so what? I can rebuild in an hour and go from there. They can't steal anything, since all is on it, is 2 accounts, linux redhat 71, a FTP daemon, an instant messenger, a browser, and a few other things, along with a CDRW drive to transfer files I DL to keep, to my main system.
The only thing I'm not sure of yet, is if Tripwire can detect (or would) the FBI sticking their Magic lantern trojan on my system. Does anyone know if a CD ONLY linux machine is used? I seemed to have heard of such reciently.
Anyway, that's my thoughts.
Shadowwalker Delaforge
shadwalk at operamail (REMOVE2EMAIL) dot com
H+BEDV is a german software company which makes an excellent virus scanner. Other than most other scanners from mainstream companies, which can mostly be deactivated through a simple change of a few registry keys, it is actually pretty secure from any outside modification.
And there's also a free (beer) version available.
With the way information is amassed, do you think anyone will have time to look at it? It's stored to be queried later.
If the DOJ/FBI uses Magic Lantern in the way that they SHOULD use it, (probable cause, judges, warrants, blah blah blah) researchers at Symantec will never get their hands on it in the first place. If it is deployed just to sniff passwords from keyboards, it will be deployed, used, and then the computer containing Magic Lantern will most likely be siezed when a physical warrant is served. Symantec will probably never get their hands on Magic Lantern to analyze, research, and find ways to detect it.
As some have pointed out, Symantec may not have much of a choice in this case. In the unlikely event that they DO get their hands on Magic Lantern, it could be FAR more detrimental to their bottom line to include Magic Lantern detection in NAV than to leave out such detection. The government has deep pockets (i.e. 300 million pockets of taxpayers) and could easily tie Symantec up in lawsuits that would more than likely never see their day in court. Instead, Symantec would probably see that the benefits of detecting one trojan are not worth spending thousands or tens of thousands of dollars (or millions?) going to court to defend their right to detect Magic Lamp.
Regardless of how bad this decision looks on an idealistic level, the bottom line is this: Symantec will likely lose a few end users of NAV, but the cost is going to be a lot less than waging a legal/moral war against the FBI or the DOJ. Even if they win a moral victory, it may cost so much that they may lose their profitability. In the US judicial system, the guys with the white hats don't always win.
So boycott NAV if you feel it necessary (though most that read these types of articles probably don't care much), but Symantec is a corporation that is there to fight battles for their own bottom line, not battles for truth, justice, and the American way.
.sig wanted. Inquire within.
It's not exactly an idea that's running ahead of current technology. The hot virus of the moment is badtrans 2(badtrans@mm)which is a worm + trojan. The trojan part sends the keyboard log and uses mail.
The simple antidote for this is a packet sniffer. There is lots of software out there that does it for free. They cannot get the keystrokes if you aren't online without breaking into your home. And if they don't have the keystrokes and you are running encrypted filesystem there is no way they can access your info (okay not noway, but very difficult). Next you would need a intrusion detection system that lets you know when someone has accessed your case, and cracked it.
And people believe that gun control is a good thing. Well this is the exact same issue as gun control.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
This is a much broader violation of privacy. There isn't anything to protect the privacy of innocent people. I am confident the unconstitutionality of this will be decided in court. I don't use WinBloz for anything but corporate email anyway...
if my first thread was posted, I don't know dang public computers lock up. Anyway, there is a product out that you can buy that stores all keystrokes typed into a computer, it is attached to the keyboard, and can store 64K worth of strokes. Visit www.keykatcher.com for more info. Peace
For proof, attend court someday and watch the carry-on. It's amazing. "The perpetrator left his wallet on the table when he tipped the stripper just before he held up the nightclub. We identified him using his drivers license." And it goes on and on. Crime, by and large, is committed on the spur-of-the-moment and against a target of opportunity; in other words, it doesn't involve a lot of advance planning, no matter what the movies say.
Even if this assertion were not completely false, I would like to point out that the FBI would not be conducting surveillance on impulse or opportunity criminals. They are developing these tools to fight the many sophisticated, technically savvy criminals that are out there. I say many, because why else woule the FBI bother to develop such a tool? I say sophisticated because this kind of tool is used to sniff encryption passwords. The fact that someone is using encryption to hide their crimes certainly indicates some level of spohistication to me, and certainly enough to run MacOS or Linux, etc.
Contrary to your experience at traffic court or wherever, criminals are not ALL like the ones you see on Cops or America's Dumbest. By definition, anyone you saw in court was not smart enough to evade capture, anyway, so they could hardly be among the smartest.
Takahashi Rumiko made beats! DON, taku, DON, taku. . .
so, if I use it, its electronic terrorism, but if "they" use it, its just fine. of course, law is interpretive, as good ol' boy dubya is showing us with the military tribunals
Me lose brain? Uh, oh! (laughter) Why I laugh? -Homer Simpson
Here in Australia we have a problem with lots of illegal immigrants (or 'boat people') fleeing persecution (rightly or wrongly) from various countries.
I can't wait until we have an influx of geek boat people clutching laptops fleeing from America.
Just kidding.
'Welcome to Rivendell, Mr. Anderson...'
A secret organisation in the government dedicated to the wiping out of closed-source software is responsible for this.
As MagicLantern (stupid name) spreads people will trust software companies more and more and the demand for open-source software will sky-rocket even amongst ordinary citizens.
www.linuxfromscratch.org - the only way to go.
'Welcome to Rivendell, Mr. Anderson...'
Reminds me of those tobacco companies and gun manufacturers that settle out of court with the government in order to avoid getting sued despite the fact that there aren't enough votes in the legislature to make what these companies do illegal. You'll notice that once the feds sued Microsoft, state and local governments started their own suits to get a piece of the action. That's the future of government. In Germany before the war, the judicial branch was one of the first things to be destroyed by the fascists because the judges were supposed to stop abuses of the law. In the U.S. today, the judges and prosecutors are becoming the fascists by legislating from the bench.
Thats right, cockgnome. Linux will never be like Windows. Windows is stable, mature and well-supported. Linux isn't. Its the OS of ponytailed compufags who use Linux as a way of dealing with their failings at life, and for being socially unpopular. It gives them something to feel superior about. Unfortunately turd burglars like yourself have picked something that no one cares about with which to make yourselves feel better.
Its like being the guy who knows all the Monty Python quotes. Its not like you can use that to pick up women or get invited to parties. Instead it makes you even further of a pariah. How about putting down that C program you've been coding and go meet some people.
Ugh, the only thing worse than Linux are its fantatical users, like you sizzlechest.
Egg Troll, posting AC cause Jaime banned me after feeling jilted that I didn't let him be the centerpiece of last nights homosexual bukkake party, or even invite me!
As for Viable Options, have you taken a look at Panda Platinum (or the new "Titanium") Anti Virus. They've come on the top of every review I've seen, and their customer service is great.
:)
You have trial versions at http://www.pandasoftware.com/
I think they're really worth checking out!
No, I'm in no way affiliated with them... They're just the only AV SW I've tried that I've found worth registering and paying for!
The FBI doesn't need to send anything to their servers! In fact it'd be really silly to do so.. They can simply mail the log file to gotchauterroristpunk@[your ISP] and then simply let their carnivore boxes search for keywords or phrases.. This would minimize the opportunity for DOS problems and get around some of the firewalls also..
i have a tough time trying to accept the possible reality of echelon in america.
maybe at one time, the cia et al, had some kick-ass recon.
however... if they still did today, the events of september 11th would have never happened.
Considering how obfuscicated perl code is, it's a wonder no one hasn't released a perl script that anylizes your web logs and erases all the user files it can. Or maybe someone has, but those affected keep quiet to avoid looking stupid.
Wow, where to begin? First, you have not described a secure system. Bin is owned by root, so only root (is that "thay" on your machines?) can put files there or modify those that exist there. Letting your users put random files in bin is likely to get you something funny named ls.
While running executables can open the door to nasties, reasonable binary distribution systems like Debian have checks against such things. Only a very well formed executable that takes advantage of known venerabilities to elevate privladges can overcome the built in safegaurds of reasonable multi-user systems. A web nasty is may delete user files, but is unlikely to get further than that. While this is sad, the home directory concept makes backups much easier than on some OSs where important information is written in dozens of places. Other usefull user protections, such as real java virtural machines, are enhanced by the true user accounts. These things can not exist on other OS.
The "critical mass" idea is total nonsense. Considering the dollar value of M$'s "market", M$'s track record of breaking other people's applications, and M$'s less than ethical use of astroturfing, I imagine that MicroTurds everywhere are bussy trying to make Linux worms and viruses. Their lack of success is demostrated at uptime where linux and BSD systems have much greater performance than M$'s numerically inferior offerings.
Who needs "warez"? Free software kicks ass.
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
...Is to track terrorists... with all that publicity, it *WILL* miss the point....
Good job FBI, with all the public awareness you got recently, I'm sure your secret is safe with us... 6 billion population.
Of course if it was to spy on those evil aliens.... it's another story.
Cluley adds: "What if the French intelligence service, or even the Greeks, created a Trojan horse program for this purpose? Should we ignore those too?" ®
... that's a diversion from the real principle at stake here.
... the Founding Fathers of the US thought privacy to be among the goals worth staking their "life, honor, fortune" on.
... and script it through a second or third level, too. Keep the second pass phrase off the keyboard. Make ALL the email traffic encoded and force the gov't. to have to guess who has a secret worth knowing and who has a secret favorite flavor of ice cream.
... if people will rise to its defense.
Forget Symantec
Isn't there some point in a persons life where he/she can draw a line and force the government to stay on the other side?
You don't have to be a criminal to want privacy
The right of free speech and the right of privacy in that speech are intertwined. When a person chooses to use encryption he has taken steps to keep his private thoughts private.
The countermeasure that will defeat this intrusive tactic is for the great majority of email users to adopt some form of encryption
This is nothing less than a wholesale trampling on the Bill of Rights that has served this country for over 200 years and will keep right on serving it
Until now, I have put encryption on the back burner. But now I think I should enable it and script it so as to have it tucked away before my computer is bugged.
Who knows, someday I may choose to send my friends my secret recipe for chocolate cookies.
Like many truely geeky and inquisitive types have pointed out there are many ways around this. A month doesn't go by here when some "super secure" format (adobe), copyright protection (SDMI), authentication (anything from microsoft) etc being broken and exposed for all to see. Do you think a bounch of suit with badges can do any better at hidding there little back door. I am sure within a few week of release the dreaded virus someone will have posted on some hacker site or maybe alt.binaries.crack a scanner or detecter for this trojan mule. You would think they would have better use for there resources, like checking for known terrorist at the border or in airports.
You have to wonder if Sym and other were put under tremendous pressure from the Feds for this jesture. It seems to me like Sym and other are giving them the big FU. "We will do what you want mister secret agent man, but see if it does you any good."
It just makes me think of all this crazy shit you would see in the media about hidden messages in jpegs and such. As if these guys have to get that high tech to pull this stuff off. The FBI doesn't even have the ability to pick up the individuals that are already known terrorists. I mean shit they had picture of some of these assholes and showed us video of them on there way to boarding the plane. It is like giving a net admin job to someone who can't even set the time on their vcr. Anyway these guys new what they were going to do before they even entered the country. There was no passing of indepth information over the wires. The only info the master mind of this plot had to send out was a date, which flights to take and where to fly if that. "We are having a party to celebrate my brother's new job in new york at the WTC. It all happens on Sept 11 at 7:15. See you there."
When I hear how the powers that be plan on making us safer I do not feel so safe.
Have to go I just got an alert from my firewall "do you want FBIKeyStroker.exe to act as a server?"
It's 40 below and I don't give a....
"The better way" to monitor keystrokes is to embed the monitor code right in the Operating System.
But how could any government ever get such monitoring code embedded into an Operating System? Oh...
...of whatever these fools at Symantec are smokin'? Their software's going to detect hacker's versions, but not the 'real deal from the FBI'? Huh?
So I guess that the FBI will always be sending the results to the same IP address eh? I doubt it - which means that the heuristics are going to have to be pretty loose to allow for changing IP destinations... Which means, that as a hacker, I don't have to change the code, just hack the IP destination to go where I want it to...
Volia! undetectable trojan... Damn morons... FBI probably has pictures of some exec in a dress with a whip or some such nonsense...
I'm curious what you're using that's got an SH4 in it?
The Sega Dreamcast console contains a Hitachi SH4 processor and runs Linux and NetBSD.
Will I retire or break 10K?
Well, you can rest easy: everybody knows the really dangerous people are running Linux boxen with encrypted ReiserFS partitions and communicating with each other using PGP and GPG. It's those evil bastards that they're really after, you know. I mean, the Chinese are using Linux, for Chrissakes. Why, with the help of their star agent, the infamous Richard Stallman, them commies have been attempting to subvert the national computing infrastructure for years! Where's senator McCarthy when you need him? Raaaaaah!
Oh, wait -- wrong decade. Well, never mind, then.
Really, though, this is great: if the FBI wants to toss some more users in our general direction, that's OK with me. :-)
Actually no that's not just his opinion, but the actual definition of a 'crime' is clearly defined in the Constitution and basically requires violence and/or harm to another person to be a crime. All the non-violent 'crimes' that people are currently being jailed or held in prison for are technically illegal according to the constitution.
Where did you find this? The U.S. Constitution mentions "crime" or "criminal" in 2.4 (impeachment of President), 3.2.3 (trial by jury in the same state), 4.2.2 (interstate rendition), 5.5 (grand jury; double jeopardy; self-incrimination; due process), 5.6 (speedy and public trial by jury, etc.), 5.13 (slavery can be a punishment for crime), and 5.14 (states can take away voting privileges of convicted criminals). Nowhere does the document mention that crimes have to have a victim. Can you quote article and section?
Will I retire or break 10K?
I would guess there is a 90% probability that Microsoft's SP2 for Explorer has an FBI or NSA hole. Not that I spend a ton of time on security, it's just that Windows' dialing out already gave me a thousand dollar bill for triggering my router (got out of it luckily) and I have no more patience for sheer bloodymindedness on the part of the World's Richest Man and his cohorts, the U.S. government. Utterly ridiculous.
GET /scripts/root.exe?/c+dir
/MSADC/root.exe?/c+dir
/c/winnt/system32/cmd.exe?/c+dir
/d/winnt/system32/cmd.exe?/c+dir
/scripts/..%255c../winnt/system32/cmd.exe?/c+dir
/_vti_bin/..%255c../..%255c../..%255c../winnt/syst em32/cmd.exe?/c+dir
/_mem_bin/..%255c../..%255c../..%255c../winnt/syst em32/cmd.exe?/c+dir
/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c 1%1c../..%c1%1c../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir
/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir
/scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir
/scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir
/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
/scripts/..%25%35%63../winnt/system32/cmd.exe?/c+d ir
GET
GET
GET
GET
GET
GET
GET
GET
GET
GET
GET
GET
GET
GET
Subject: Magic Lantern and you.
Alert Symantec users !! Norton Antivirus etc
Turns a blind eye on FBI-made viruses.
As a lot of people have found out recently, there is a virus on the loose
that logs whatever you type on your keyboard and periodicly sends it off
to specific email addresses, see (1).
Those that keep their anti-viruses up-to-date haven't had to worry to
much. AV products are stopping this virus dead in the hundreds/thousands
just as you are reading this.
Now, one anti-virus wendor is actually *building in support* for a
specific kind of such viruses. I.e. that will log your keystrokes and
send them to someplece on the internet.
The idea is that FBI will send such viruses to the "bad guys" and learn
all their passwords used to encrypt their evil plans.
But how will it work ? The FBI isn't telling, (so the "bad guys" can't
defend themselves), but logical thinking can tell us a few things.
Since each FBI case is different, it's no-way that every pice of this
virus can be hard-coded (i.e. unchangeable). The FBI will have to have
the ability to change certain things in this virus.
F.ex. where the virus stores your keystrokes before sending them,
and also the email address to send it to.
If it wouldn't be possible to change this, it would be to easy for
the "bad guys" to find out they were beeing 'bugged'.
So, the virus will be in at least 2 parts, program and data, and Symantec
AntiVirus can only check the program-part since the data-part is
always changing.
So what happens when the "bad guys" get their hands on it ? (And they
*will* since the feds will be extremely willing to send them a copy
Somebody will discover this virus on his PC, modify the address to send
the keystrokes to, and send the virus off in email. And it will more
than likely, finally, end up on *your* PC !
Now, think about it. Everything you will type on your keyboard,
your passwords, your credit-card numbers, your name, your address
*everything*, will be sent off to the "bad guys" and Symantec AntiVirus
will just smile and happily keep it's mouth shut about it !
Gives you a nice and warm feeling of security, doesn't it ?
This, unfortunately, is not a joke and it's not a hoax, see (2), (3),
(4) and (5) for more info.
If you disagree with Symantec opening up a security hole on your computer,
so big that you could sail a aircraft carries through it, you should do
something about it.
Sending complains to Symantec is one way to do it, you could go to (6)
and voice your opinion on this matter.
In any case, please inform those that you think should know about this by
forwarding them this letter (I know, this sounds like a standard hoax but
unfortunately it's not, just search the web for yourself)
Do something now, tomorow the contents of your bank-account might not
be there.
References:
1) http://www.cert.org/incident_notes/IN-2001-14.htm
2) http://www.politechbot.com/p-02851.html
3) http://cryptome.org/fbi-dirt.htm
4) http://www.theregister.co.uk/content/55/23057.htm
5) http://slashdot.org/article.pl?sid=01/11/28/17320
6) http://www.symantec.com/feedback/comment.html
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Good point. That's what they're saying, but who knows how much they will capture? How do they do they do that I wonder? I'm not a programmer, but it seems pretty complicated to me to detect when PGPTray (which is already running as a Doze process) pops up the passphrase window so that Magic Lantern can start recording. Seems like it would be easier to just capture everything.
-- If god wanted me to have a sig, he'd have given me a sense of humor.
If a politician ran with this policy, their popularity would go up.
Once more unto the breach, dear friends, once more, Or close the wall up with our American dead!
One can't help but wonder if a new breed of virii might show up, who's purpose is to remove magic lantern. Though they may be caught, if distributed correctly, their payload would do a lot of good.
Not like it matters anyway, use an open-source firewall, write one yourself, or use a slightly older version of a good firewall you can trust.
No outgoing transmissions for Mr.FBI Spy man.
Or just manually remove it yourself when the manuals for how to do so are plastered all over astalavista or wherever the INSTANT they use this trojan on someone with any computer savvy.
This is just another fairly lame attempt by the FBI to spy on people. It's not like they haven't done it before over the years.
Maybe this whole thing about McAffee ignoring Magic Lantern is so that McAffee will have to make a statement to the contrary, and follow it up. Has it ever occured to you that maybe McAffee didn't think about it, and would detect it just like anything else?? Maybe this is the same deal for Trend Micro, if you prompt them to say something, they are certainly going to say something to make the public happy, if they don't follow up on it, it's false advertising. IANAL, but can't you sue for that?
Class action me!
--M
Leaving aside all the techie stuff for a minute. I may be a strange sorta person... but I wouldnt trust the FBI as far as I could throw one of em.
I dont think the issue here is what some bored rich "script kiddie" is gonna do with the 'features' of this virus/program, the issue is what the FBI are gonna do with it, if this program pulls keystrokes to a file.. then will there be any write security on the file? or will mr/ms FBI be able to rewrite it so someone gets patsy'd for a murder or similar that they (FBI)are being squeezed to solve. Its happened in the UK before.
On another note... is it me or am I noticing another outbreak of isolation-ism in the US?. If so thats gonna be dangerous for america in general. It wasnt so bad in 1918 but if the powers that be decide to try and make things as difficult as possible for foreign companies to sell into US and triple check every e-mail sent to every company (with the associate screw ups that will allow every man+dog to read private internal e-mails) then people will start pulling out. It may take 50 years... but it *will* happen.