Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Will Not Detect Magic Lantern

Posted by timothy on from the et-tu-eric dept.

An anonymous reader contributes: "In this article on Declan McCullagh's Politech, Symantec chief researcher Eric Chien stated that provided a hypothetical keystroke logging tool was used only by the FBI, Symantec would avoid updating its antivirus tools to detect such a Trojan, echoing a similar stance Network Associates allegedly took with its McAfee anti-virus software earlier this week. 'If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it -- we wouldn't detect it,' said Chien. 'However we would detect modified versions that might be used by hackers.'"

3 of 582 comments (clear)

  1. Actually, it's even simpler... by jd · · Score: 5, Interesting
    Use three intrusion detection programs, each using different cryptographic hashes, and each validating the other two.


    Such an arrangement would be next to impossible to compromise, as you would need to break all three programs within the check cycle of all three of them. Either that, or you need to break all three hashing algorithms, in such a way as to find a synonym in all three key spaces. Synonyms in a single key space are going to be common, simply because you're using fewer bits. Two coinciding synonyms will be very rare, and there's no guarantee that the software could be moulded into one. THREE coinciding synonyms will be so vanishingly rare that it wouldn't be worth anyone's while to search for one that's even remotely usable.


    There. Problem solved. And all it took was a bunch of Tripwire clones. And someone thought it was difficult?

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
  2. Re:Some need to clue in by jmauro · · Score: 5, Interesting

    Whould you complain if they didn't protect your system from government hackers in China? In France? Working for the UN? These are government agents and if you're systems weren't protected from them from security that you bought then you'd be really pissed. You pay for security companies to protect you. Your analogy of the security gaurd is flawed. A security guard will stop a Federal agent and verify his search warrent and then see to it that the warrent is not executed incorrectly. He's there to protect your stuff and your rights. He'll also notify you the police were there, why they were there and what occured. Electronic security companies are breaking the trust of the person who bought the software. One would expect that the software prevents all intrusions. If it does not then the software is flawed. Allowing back doors is considered bad software design, I don't see how this situation changes the rules of software design.

    Government agencies have no reason to "crack" a system, if they're really interested they can get a search warrent and examine the system. The search and ceasure laws were designed to put all government investigative action in public view. Secret searches cannot be justified. If there is no good way to get the passwords for the keys, then the government is SOL. So they don't have one piece of evidence, I hope that the evidence that they do have would be more than just bits on a hard drive.

  3. Savvy by ucblockhead · · Score: 5, Interesting
    It likely won't be long before someone writes something that automatically detects the attempt to install "Magic Lantern" and then turns on a "Magic Lantern" emulator that sends exactly whatever keystrokes the crook wants sent. Imagine the fun that could be had... A nasty crook could have fun implicating all sorts of innocent people in criminal activities.

    --
    The cake is a pie