Slashdot Mirror
Symantec Will Not Detect Magic Lantern
An anonymous reader contributes: "In this article on Declan McCullagh's Politech, Symantec chief researcher Eric Chien stated that provided a hypothetical keystroke logging tool was used only by the FBI, Symantec would avoid updating its antivirus tools to detect such a Trojan, echoing a similar stance Network Associates allegedly took with its McAfee anti-virus software earlier this week. 'If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it -- we wouldn't detect it,' said Chien. 'However we would detect modified versions that might be used by hackers.'"
I'd rather not use AV software that was designed not to work. Of course, I run Linux so it's not really an issure for me...
this is getting old and so are you
blog
Anyway, I don't use Windows, so this is not my problem. Ask yourself; is it really yours? :-)
Luck favors the prepared, darling.
McAfee Ignoring Magic Lantern Is Bogus?
Free Mac Mini
It would be nice if they included some sort of guarantee that the FBI would need to get a warrant to prevent their product from detecting it. Maybe some sort of encryption scheme where the FBI would need to provide Symantec with a warrant to get the key to get around their product.
Has TREND issued a statement ? That's the product of choice around here anyways. But you can be assured this will impact any purchasing decision in the future.
errr....umm...*whooosh* *whoosh* Is this thing on ?
So all the virii programmers need to do now is to emulate whatever key it's not picking up on and away they go!
-inno
this is not good for security. once they decide that they will let some through, that destroys all credibility IMHO. how can you trust that symantec and McAfee will detect other viri in the future if they won't hold consistent now just so the FBI can send a trojan to some one to get their passwords?
I am the Alpha and the Omega-3
perhaps it is time for an open source virus detection program with options for non standard updates...
How's OpenAntiVirus doing? How does it compare to the Big Two? - If it can't hold up, do "we" have any other viable options outside of McAfee and Symantec?
Send your friends messages of love at fuck-you.org
ahh .. and this idea brought to your buy the same people whom wanted the "Clipper Chip".
... Would a software program whos only goal is to find and exterminate this FBI, big brother, "virus" be considered illegal and be regarded as destruction of FBI property?
But one would have to wonder
-- Knowing too much can get you killed, but knowing who knows too much can make you rich.
I'm not a conspiracy nut, and I certainly don't have total trust, or total mistrust, of the government either.
But it isn't the idea of the FBI trying to use these tools that offends me. I expect them too, and I don't have anything to hide. But the issue of a company that I pay money for to help protect me to turn a blind eye to government intrusion is insane.
If I pay someone to give me security, I expect them to provide it against anyone who wants my information. Pure and simple. And I'm not worried about the "Oh, we won't check the FBI's version - but we would check variants."
Oh, that makes me feel *much* better. Imagine a cracker getting his fingers on the FBI software and using that on my systems. Gee, thanks for not checking that, Symantec.
Of course, you have to admit that Symantec and McAfee are in a bind. If they state they're going to detect the FBI software, then they're anti-government. If they don't, then they're aiding big brother. But considering that the United States was formed from a healthy distrust of our government (and that distrust has only proved to help us, thank you Hubert Hoover and your bra collection), I would rather have the security companies on my side and make my government work just a little harder to prove guilt. Or at least, that's what my tax dollars should be going to.
Of course, this is just my opinion. I could be wrong.
52 Weeks, 52 Religions with John Hummel
So they're not going to detect the original, but they WILL detect any hacker-modified clones?
What about Norton Firewall? Will it still detect unexpected outgoing connections? How can I expect it to reliably detect and permit FBI-approved software, but not hacker software with a similar MO?
Oh, maybe there'll be a hard-coded IP address in the outgoing connection -- now THERE'S a nice target for DDOS!
It's supposed to be completely automatic, but actually you have to press this button.
Eventually, I'm gonna need a scorecard to keep all this striaght.
"Prepare for the worst - hope for the best."
At least under linux there's 'rpm -Va', assuming the hacker hasn't mucked your rpm database.
--Bob
1^2=1; (-1)^2=1; 1^2=(-1)^2; 1=-1; 1=0.
From the time a copy of this "Magic Lantern" is first discovered in the wild until an exact copy of the FBI-approved (and consequently undetectable) version is available via alt.hackers.maliscious is going to take what, twenty minutes?
Malda might as well start composing (and spellchecking) the headline now, because it's a sure bet he'll get to use it.
'If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it -- we wouldn't detect it,'
That's a risky assumption.
'However we would detect modified versions that might be used by hackers.'
How do you know if a [cracker] is using an unmodified version on my PC and is watching me? You don't.
There is no such thing as an 'appropriate technical safeguard'; the way to defeat it simply has not been discovered yet.
GOBACK.
I've yet to see the the "Is my phone tapped service(tm)" on ordinary phone lines. So why would any company trying to stay on the right side of the government be producing tools to aid potential criminals?
The other assumption people seem to be making is that the people who are being tapped in this way, will understand that they have been infected by a virus and then sending it off to the anti-virus companies or someone else clued up for analysis.
- It would be a very stupid idea for the FBI to use it to spy on hackers..
Jason
http://www.kaspersky.com/ . Russian. F-Prot is also an option...they're Finnish. If memory serves, there are also Israeli options for virus protection. It's a big world. Even the FBI can't nail down everything.
Knowledge is power. Knowledge shared is power multiplied.
The FBI? Do anything illegal? Who would ever imagine that such a thing could happen?
<repressed_memory>
</repressed_memory>
Hmmm, I can't seem to think of any examples of how police spy powers have been abused in the past, can you?
Well, if the antivirus vendors are going to include a sufficiently detailed signature in their products for the FBI's virii, that should help anyone trying to build a detector.
I'm sure somebody will try to build malware that impersonates this so-called "Magic Lantern" - I hope they call it "Magic Latrine" :^).
But wouldn't it be nice to see a GPL'd program to detect the FBI's virus? Then, if I found it on my machine, I could stop the goverment-sponsored theft of my CPU cycles. Of course, I'd then call the FBI and offer to let them reinstall it given adequate monetary compensation - but that's just me, you might take some other action.
--Charlie
If government seeks to use clandestine and furtive methods to monitor citizen actions, it can ill afford to complain should the citizen insist on a method to effect his right to know he is under such surveillance.
Judge Joseph Ryan, Superior Court, District of Columbia
Granted, its only a district court, however it is a compelling opinion, and a brilliant interpretation of the Fourth Amendment. IR detection/imaging and monitoring utility bills have been tossed out on similar grounds. I wonder what AVP is going to choose... Perhaps this is a great opportunity for Free Software, I just wonder how a free software anti-virus lab would work. Anyway, end of my rant.
cat
Symantec are perfectly entitled to do whatever they want. If they want to sell crippled security software, it's their funeral ? Sophos has a more sensible attitude http://www.theregister.co.uk/content/55/23057.html , and better AV software anyway.
If US software companies want to sell crippleware in the interests of "patriotism" that's their business. There are plenty of companies willing to fill the gap.
http://rareformnewmedia.com/
Will Symantec also ignore trojans produced by other nations' intelligence agencies? Someone should encourage some third-world countries to set up online membership signups for their intelligence agencies at a nominal fee. Crackers will then be able to continue to do what they do without breaking any laws.
That's "Mr. Soulless Automaton" to you, Bub.
Does anyone know the stance of non-US companies of anti-virus software on Magic Lantern? If a foreign product detects an FBI trojan horse will it then become illegal under some US law?
most AV tools (including Symantec and McAfee) monitor program execution for anomolis behavior by unknown virii. would lantern be able to avoid being detected by that?
also, what about personal firewall programs? I use a Tiny Software's PF (yes, under Windows, sad isnt it) that checks the md5 of an executable before granting internet access. on top of that, it can allow you to block certain apps from making/accepting connections from various sites. for example I have it set to not allow Mozilla access to ads.x10.com.
Here, two things exist: the lantern has to find a way around the md5 and also find a way around "PGP wants to connect to [fbi-ip-address], allow it?" Getting through one or the other might prove difficult.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
why not have macafee and norton simply install FBI snitch-ware in its next update and cut out the middle-man?
If there is one lesson that IT history has taught us again & again, its that security through obscurity DOES NOT WORK. Somewhere along the line, this will be cracked by someone, and then these antivirus companies will be in some hot water.
;)
However, this will be good for companies besides NAI/Symantec, since it might give them an opportunity to appeal to the smaller, security-concerned windows users. Could be a veritable shot in the arm for them. If you are using Windows, might I recommend some Other virus scanners?
Also, not to turn this into an Anti-MS, Pro-Linux rant, but this is a perfect time to make the switch if you haven't already. None of this argument even applies to those running Linux. (except for those who have stock in those companies
Ted Brindis, the AP reporter that originally broke the story about McAfee ignoring Magic Lantern stands by his piece, Wired reports.
-Waldo Jaquith
Ya know, this thing has gotten enough coverage in the media that criminals are going to be on the lookout for any attachments, even from family/friends/partners in crime.
Most likely some researcher will post signatures from the file anyways, and somebody will create a detection utility just for the purpose of detecting this one "virus".
How long until this little app ends up on a PC that is not on US soil? Will some foreign nation be able to make an offical-issue of this? It seems like the FBI might not be thinking this through.
... then again, there is Echelon.... apparently no one minds...
Not to mention what happened the last time the FBI decided to abuse it's powers in blatant and utter disregard for the consitutionally guaranteed rights of the American people.
COINTELPRO
And this time we're GIVING the government this power by agreeing to be spoon-fed this 'for our own good' and 'war on terrorism' bullshit.
I say no thank you. If there was a tracking device installed subcutaneously on every single American citizen in the country, and our borders were closed, THEN would you people feel safe?
El riesgo vive siempre!
This will only catch the dumb or the pedophiles.
Are they writing this "virus" for BeOS? how about OS/2?
What about a linux box running as only old a.out?
I can think of at least 70 ways to make their "virus" not work on my machine. (I highly doubt that this "virus" will run on my Linux development box that uses a Hitachi SH4 processor)
all this hubub about company X or software Z will or will not detect this virus app is pure marketing and hype. Noone who is really threatened by this could care as it is easily defeated from ever infecting the system by simply changing the archetecture...... Hey FBI, not everyone runs windows on Intel hardware.
Do not look at laser with remaining good eye.
This begs the question: Why isn't there an opensource antivirus project?
Yeah, IF they showed a warrant. The thing is this "Magic Lantern" is designed explicitly to avoid detection. There is no search warrant for anybody to see. Heck, with recent Ashcroft blessings they don't even need a search warrant to run this thing.
Given your analogy, would a good guard just open the door to somebody who said "I'm with the FBI. I don't have a warrant to search the premises and I forgot my credentials back at the office."? That's a better analogy.
Such an arrangement would be next to impossible to compromise, as you would need to break all three programs within the check cycle of all three of them. Either that, or you need to break all three hashing algorithms, in such a way as to find a synonym in all three key spaces. Synonyms in a single key space are going to be common, simply because you're using fewer bits. Two coinciding synonyms will be very rare, and there's no guarantee that the software could be moulded into one. THREE coinciding synonyms will be so vanishingly rare that it wouldn't be worth anyone's while to search for one that's even remotely usable.
There. Problem solved. And all it took was a bunch of Tripwire clones. And someone thought it was difficult?
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Turn in your Score +1 Bonus!
- Have a picture
Will copies being sold in Europe contain this "feature" too? I'm European and I don't trust US goverment at all.
Assuming that this is a standardized attachment (ie the same size, etc.) it should be pretty easy for filters on the ISP or client to catch. Also, to my knowledge the only mail clients that can execute code w/o user intervention are M$ products. This narrows the people that can be affected alot.
I think that's exactly what he was mentioning.
--Blair
"Hey! Isn't that John Ashcroft...in a dress?"
Your analogy is, unfortunately, incomplete. Let's review:
In such a case, the following is expected to happen:
Now, in the case of Magic Lantern, the following *might* happen:
So, what's missing here? Simply enough, the agents did not have the consent of the court to infect your computer, and you've been deprived of the knowledge of what occured. This is the major issue here. I wouldn't want them poking inside my computers as much as the next guy, but if they're going to, I'd like to know when they're doing it, and they better have that bloody warrant in hand.
In Soviet Russia, Jesus asks: "What Would You Do?"
Whould you complain if they didn't protect your system from government hackers in China? In France? Working for the UN? These are government agents and if you're systems weren't protected from them from security that you bought then you'd be really pissed. You pay for security companies to protect you. Your analogy of the security gaurd is flawed. A security guard will stop a Federal agent and verify his search warrent and then see to it that the warrent is not executed incorrectly. He's there to protect your stuff and your rights. He'll also notify you the police were there, why they were there and what occured. Electronic security companies are breaking the trust of the person who bought the software. One would expect that the software prevents all intrusions. If it does not then the software is flawed. Allowing back doors is considered bad software design, I don't see how this situation changes the rules of software design.
Government agencies have no reason to "crack" a system, if they're really interested they can get a search warrent and examine the system. The search and ceasure laws were designed to put all government investigative action in public view. Secret searches cannot be justified. If there is no good way to get the passwords for the keys, then the government is SOL. So they don't have one piece of evidence, I hope that the evidence that they do have would be more than just bits on a hard drive.
I like to program but I'm not a huge trojan nut but have the basic concept and idea on how these things work....
First off:
Everyone keeps talking about how it will just be a matter of time before a wild version of "green lantern" or something of the sort shows up in the wild....
Dude, if you have Green Lantern on your computer and you find out about it, you've got a lot more things to worry about then sharing it with the hacker / cracker community!
Second of all:
Who cares that the anti-virus software won't recognize it. They haven't detected half the viruses for years!
Heck, Just create your basic client server in c++ or whatever and you'll notice that it is not recognized by the software anyways..... I started to learn sockets and create client/server chats, remote access for work, etc. My anti-virus, anti-trojan software never picked up on it... only my Zone Alarm caught it.
www.slightlycrewed.com - Because aren't we all?
We're constantly aware of viruses bringing down networks and destroying data. It's considered a terrorist activity to write one.
You would think the government would be interested in closing all potential security holes. But now they want to run a roto-rooter straight through every firewall and defence, tell us just to pretend it doesn't exist, and assume that they won't disrupt the normal process of computer security.
I'd like to borrow a technique from the MPAA and RIAA, an irrational analogy. We might as well install FBI doors in our house. They'd all take the same key. We wouldn't be allowed to look at them or put any furniture in front of them. Eventually criminals would fashion a key to all of them and waltz in our door, steal our valuables and shoot us. But we wouldn't be allowed to defend ourself from anyone who came through that door.
A rebuttel from myself: In my heart of hearts I want the FBI to be aware of all sinister plots (which exist aplenty). I want them to be able keep us safe. I know the danger off coordinated terrorist attacks which are beyond scrutiny.
But I worry about unrestrained government, which can closely watch everyone without checks and balances.
I also think that trying to make a security hole which only the good guys can use, and the bad guys must ignore is a bit far-fetched.
Add to that even the most basic of Windows e-mail viruses and you'll recognize that this may already be installed and operational on existing machines. How many desktop users would even notice a little extra traffic now and then?
I don't doubt that the FBI can already do this - what they are doing is slowly "leaking" the idea to the public and the press to see how citizens will react. The police/gov't can obtain anything they want by illegal means, it's just not admissible in court. That doesn't prevent them from using what they found and following those leads, then claiming "intuition" or "encryption cracking farms" as an excuse as to HOW they broke the encryption.
Prior to 9/11, U.S. citizens would've fought the idea, but now many people feel that complacency will yield security. The FBI hopes that both the government and its citizens will allow this when, in reality we all recognize that it shows a blatant disregard for our constitutional rights.
Just the $0.02 of the paranoid. Let me put my tin foil hat back on...
Lets see, I am betting within days, this Virus (that's what it is, the FBI can say what they want) ends up on say computers in Canada. What I want to know is what they well do to prevent non us computers from being infected. From what I have been reading, they are not doing a thing meaning even tho I am not in the US, they can still see what I am doing.
.exe on e mails, my friends never send me exe on e mail because they do the same thing I do, del it
Now her is how you prevent yourself from getting the virus.
1 don't open he
2 Use a firewall. Got a fire wall/dhcp running on a p120 Linux system. This means they would literally have to hack the firewall to get to my systems. Do they really have the time to hack my system that is non US
3 Just don't run windows (or at least on the computers you ar doing bad things on).
My 2 cents plus 2 more
Great links.
(I would have replied faster, but I was too busy reading the Kaczinski link from Crime Library)
Do you keep a file on FBI miscues on hand? You better be careful, Mr Ashcroft may out you on his "enemies" list.
The Olympics and Ted K. links don't worry me so much, as they describe leaks of superficial, sensational material.
It's the second link, from the Las Vegas Sun, that really gives me pause. This describes an FBI agent secretly passing along data from their databases to a private investigator.
Now this private dick was probably investigating some real scumbags, but it isn't too hard to imagine that someone wouldn't get the Magic Lantern info for "good" purposes and then it ended up in the wrong hands.
evanchik.net
My guards are paid extremely well, and for that, I expect absolute loyalty. A number of individuals have already tried to assault my lair, and warrant or no warrant, they all have been fed to my cybernetic sea bass.
Read this story from The Register:
t ml
http://www.theregister.co.uk/content/55/22788.h
As I understand it, Magic Lantern is designed in a style similar to that of your average email virus, an executable that they try to convince you to run...and if it gets that far, chances are it can do the DLL modification that the story mentions.
"That's Tron. He fights for the Users."
I spent a lot of money in a anti-virus software to avoid that any kind of unawanted software is running in my so-called servers.
I also was hoping to minimize the risk of having any kind of confidencial data stolen from my company.
And now? how can I be sure that FBI won't steal my confidencial data (note: I know they won't use it, but still he can steal)
I want my money back.
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
Yeah right. You're going to build in back doors and then assume that you've created a 100% fool-proof method of detecting modified versions? Who do they think they are kidding?
Is this really that hard? If the FBI works with them, couldn't they check whether the file is identical to the one the FBI provides to them? Of course, this would involve having the "magic lantern" executable encoded in entirity in the antivirus software.
__
Do ya feel happy-go-lucky, punk?
are they ill tempered sea bass?
A: None. The Universe spins the bulb, and the Zen master merely stays out of the way.
And good luck to them if they do. They're just another bunch of crackers trying to root my machine, and I've been dealing with those for 20 years now. Nothing new. And if they do root the thing, they can forget about it going undetected. Offsite copies of Tripwire checksums on CD-R are a Good Thing.
And no, I don't do that specifically because of the FBI or even crackers. My niece is curious and possesses clue in full measure and is at that age where rm -rf / is an irresistable temptation.
These companies provide detection and removal services for widely-distributed and automatic attacks. That is to say, it's their job to clean up when someone releases a virus that spreads all over the place. They discover something spreading, and they make an update.
If the FBI is doing their job well, that's not the situation here. The way they've been describing this working is that they set it up to attack the particular person against whom they've obtained a warrent. It doesn't email itself to the target's addressbook, it doesn't attack random IPs, it doesn't try to infect floppies. That would be both illegal (since it could destroy the data of non-targets) and probably invalidate their evidence (since they don't have a warrent to investigate every individual in the US).
So a virus scanner shouldn't catch Magic Lantern, because it's not really a virus, in the sense that they're scanning for. It's an attack tool, which uses the methods often employed by viruses. Virus scanners don't fix security holes; they look for particular malicious and spreading code on your computer and clean it up. They won't stop Magic Lantern, they won't stop someone hijacking your passport account, and they won't stop even script kiddies breaking into your webserver, because their purpose and system design just aren't good for that.
So far I haven't heard of any IDS companies saying they will ignore ML, nor have I heard of any companies saying they won't fix security holes that ML uses. That's what would be significant.
OTOH, finding out exactly what the hell it looks like is pretty good. I'm sorry, paranoiacs, but the chances of this thing cropping up on Joe Public's computer seem pretty slim. You'd have to be associating with some rather sketchy people before you'd ever get a glimpse of this thing in action, it seems.
I think there is a world market for maybe five personal web logs.
As soon as someone does get infected, someone will detect it. It has to send it somewhere, probably a simple IP. How long before someone hacks the crap out of that box(s). Or figures out how magic latern sends info back and starts just flooding it with, "hey FBI, you are a bunch of f***ing idiots.". Really this magic latern news is getting old, it is just a matter of time before the FBI realizes that this approach will not work. They are better off doing it a more legal way, case by case. If you first suspect someone, get a warrent, then you sniff their packets. If it's encrypted then you go the next route. But one at a time. Pay proffesional crackers, don't waste money on a cookie cutter solution that won't work three days after it is invented. I think most people don't need to worry unless they are doing illegal things in insecure ways, in and out of the internet.
Why is this thing a Trojan?
There would be no issue at all here if this program was something that had to be manually installed. If the FBI got a warrant to enter a suspect's home, install a 'tap' on his PC, and then retrieve the data, there would be no issue.
Any criminal savvy enough to detect that sort of intrusion is also savvy enough to detect and subvert Magic Lantern. Hell, if I had something to hide, I'd keep it away from the networks, on an encrypted drive, wired to destroy the data if I failed to log in correctly - and I am NOT a criminal mastermind.
All ML does, by being a Trojan, is get non-criminal technologists pissed off over civil rights and such.
Sure, it may make the 'tap' easier to set up remotely (does it really? only with very ignorant criminals I think) and to pull data off as it's being generated, so that a logfile can't be easily found (but anyone with something to hide is likely to be sniffing their own packets anyway, no?).
There's something else going on here. It could be about testing the waters for industry compliance to Federal backdoors (PGP anyone?). It could be to increase the anxiety level of technologically inept/newbie potential terrorists.
The publicity level of this strikes me as a diversionary tactic, because the technological aspects of ML are surely defeatable (we can look at our own packets down to the bit after all) and the audacity of it (Big Brother factor) is sure to kill it.. The next step is to have each cell phone sold with a listening device that the FBI could turn on remotely. Even the technologically ignorant would not stand up for that, or for this.
The REAL jabber has the user id: 13196
What you do today will cost you a day of your life
The only question Symantec should ask itself is 'is this a virus or not?' It seems to me that the FBI software is clearly not a virus if it is installed legally and used in concordance with all existing surveillance laws.
-josh
I just wonder how a free software anti-virus lab would work
Easy- we fix the problem instead of treating the symptoms:
If there are exploits, they get fixed. So you would never have to worry about an email or webpage hijacking your machine.
And so long as you stick to source-available code (not necessarily the same as open-source) which has at least a moderate distribution, you dont have to worry about trojans.
The run-away virus problems you see in windows are a direct result of a closed source culture where all software is delivered and exchanged via inscrutable black-box binaries. A typical windows user thinks nothing of downloading a .exe file from an untrusted source then running it, whereas a typical unix user would get shivers just at the thought of doing so.
Virus scanner software is just a huge patchwork of duct tape that is fundamentally incapable of solving any problem- or providing any security.
(for example nimda: it had already done its damage by the time it was in the pattern files)
If an open-source system and philosophy were ta take hold of the desktop- an entire industry (virus scanning/recovery) would simply disappear.
All of my windows boxes have screen saver passwords, and if I were really paranoid boot passwords - so I doubt getting a warrant to come into my house and install the thing would work all that well unless they want to do some harddrive swapping (even that would require some hardware matching, difficult but not impossible).
So, am I going to be stupid and click on that MagicLatern.exe attachment from bob@fbi.gov? I don't think so. And I read all of my home email over the web, which pretty much eliminates my exposure to VBScript holes in Outlook or Exchange.
Not that the FBI gives a rats ass about anything I type, but if they did they'd have a hard time installing this software on any computer I use.
-josh
"These 'houses' and their 'locks' are a dangerous threat to America, and I completely support the Shining Gold Christian Crucifix Crusaders of Goodness and Light in the FBI in their fight against the Minions of Satan that are using this dangerous, immoral technology," President Bush declared today from the same secure, fully locked secret bunker he disappeared to on September 11th.
Do Home Security firms get in trouble when their devices tip a criminal to police presence on their property? I doubt it. How would this be different?
Yes, but no. If the security firm notified the suspect that they were being surveilled by authorities they may be interfering with a criminal investigation. However, if I was running a large crime empire and I hired someone to find out if I was under surveillance and they found out that I was, I would not let those surveilling me know I was aware of them. Knowing if and how you're under surveillance would be a great benefit, allowing you to lay down a false scent and better hide your activities. So the first order of business would be to hide the knowledge.
Furthermore if such a company finds something but they are not sure what it is, they can rightfully tell the client that "SOMEONE" is listening. I think they would have a major problem only if they knowingly interfered with a police investigation.
I know several linesmen working for Verizon in the NYC area and they described how a wiretap is generaly obfuscated (by setting up weird routes for the lines, etc) and they all get to hear the same story when they first start. The story goes that a linesmen found a wiretap on some big shots line while troubleshooting, figuring he would collect a "finders fee" and maybe be owed a little favor he decided to inform the customer. Only problem is that he wasn't too bright and decided to call the customer on the line that was tapped, thus letting the FBI and whoever else listening know that he was blowing the whistle. He supposedly was prosecuted and relieved of his job.
-- Button up, your ignorance is showing
Take apart this government NOW. Don't bother writing letters; in the current atmosphere nobody is listening to reason. The only legal means left to try is recall petitions. Recall every congressman who votes for this shit and for every senator who voted to confirm Ashcroft. I'm not real sure how it could be made to happen, but you might even try a run at the shrub. Whom to replace them with? The weakest, most ineffectual non-leaders you can find - with any luck they'll waffle and dither around and stab each other in the back continuously so that nothing ever gets done. Congress really works best that way.
The Constitution is the country. You can't defend one without defending the other.
The cake is a pie
Ok, correct me if i'm wrong here... I live in Canada, if I buy software that claims to detect viruses and trojans but in fact it deliberately allows trojans from a foreign nation's secret service is that not some kind of fraud?
Seriously, would this even be legal outside the USA?
Nothing to hide, eh? Well, Mr.... Paladin, is it? We have noted via our *camera oscura* that you are using a *proscribed system* called Linux. Disgusting name, really. You are aware, I trust, of the penalties for trafficking in *non-object* code? Did you know that the *un-good, un-binary* code for this disgusting piece of filth is freely traded on the *black network*? I thought not. And I'm sure you'll be happy to submit to a prophylactic *decontamination*.
You'll need to *happy-boot*, of course.
anarchy rules
At the very least, foreign companies will get the chance to sell real antivirus software unlike these American guys who are selling their souls to the FBI.
See, there are two ways to go about fighting terrorism:
You can be patriotic, and support the ideals of what freedom stands for, or;
You can be nationalistic and support whatever dumbfuck policies that GWB and Ashcroft decide to shove down your throats.
It seems that most people in your country choose the latter. So I have no sympathy for you.
The FBI could change their mechanism, but they'd be stuck doing remote upgrades of all the computers they'd already infected. If you had a sniffer watching for upgrade traffic and keylog traffic, you could detect an infection.
"Prepare for the worst - hope for the best."
A few things happened in the Microsoft world that made it pretty easy for viruses to spread that could not happen in the Linux world.
1) most people don't read their email while logged in as root. This is the number 1 reason why viruses easily spread in Windows systems is because in Windows, just about everything is done with an account that has full control over the system.
2) In Windows-land you generally run binary-only programs and you have no idea what the source looks like. Most programs in Linux come with the source code. You are not likely to run a binary only program in Linux unless you know for sure who its coming from.
So, to reiterate, viruses are executable programs. They need both permission to execute and a means of spreading themselves. Windows systems were already set up to allow these things to happen by default. Linux systems will never be set up that way, at least not on a widespread basis.
I don't think we will ever see problems as widespread and damaging such as Nimda or Sircam on Linux systems, no matter how popular Linux gets. Its just not designed to easily allow programs to be run, without someone explicity giving it permission. Even exploits of commonly used server programs are limited in the damage they can do, because most servers do not run as root. No, the virus writer has a much much harder job to do on Unix systems. Why bother when Windows is so much easier?
No, Thursday's out. How about never - is never good for you?
Would it be possible for Magic Lantern to be built into a closed source OS like Windows XP?
Except modified versions that have been modified so as to fool Symantec's software into thinking it is part of a legitimate FBI investigation, in which case Symantec's software will ignore those versions.
Suddenly, my virus detection software is doing it's job again....
7 November 2006: The day Americans realized corruption and incompetence weren't addressing 11 September 2001
It seems to me that the best way to distribute something like this would be to integrate it into Windows XP.. Just let Microsoft ship it with every new copy sold.. Then let XP distribute it to other, possibly older, machines on its local area network..
$5 / month hosted VPS on linux = awesome!
...if anyone sent them a bill for the CPU usage?
I'd sure love to hear of a defense lawyer bringing that up the FBI's theft of electricity in court.
CUR ALLOC 20195.....5804M
I'm sure you know this one already but,
Amendment IV
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Someone screaming for help is probable cause, but if I tell my wife not to let ANYONE in unless they have a warrant, then she won't let them in. I would expect no less from a hired security officer.
Ummm, Jon, aren't you supposed to be dead...? - Otter(3800)
That's why the're cybernetic...
but they very carefully dance around the point, and the final statement about complying with any and all laws is a big out. If it is legal to have a keylogger, then they've no problem. Corporate morality is a greased pig on a very slippery glass hill.
errr....umm...*whooosh* *whoosh* Is this thing on ?
Hackers won't need to mod the program, just capture the data it pumps out. I can see this as THE hack. Once you can get Magic Lantern installed onto a system, just capture the data or intercept the packets. Since the hacked system won't detect Magic Lantern, you just need to write code capture the output. We'll see dozens of new viruses a day that capture this output. Sooner or later symantec will get tired of writing hundreds of updates a week trying to stop these intercept viruses while keeping the keylogger hidden.
As for firewalls, well this thing has got to send it's data somewhere, and once people figure out where it should be easy enough to detect and block or reroute to somewhere more fun.
I don't suppose it would actually send data all the way back to the FBI, probably to some machine sitting at the ISP. But if it were hardcoded, can you imagine the DDOS potential of just sending out the FBI logger as a VIRUS ITSELF?
-- If god wanted me to have a sig, he'd have given me a sense of humor.
What does the FBI need to do to keep American computers secure from terrorists?
Keep "Magic Lantern" out of the hands of criminals.
How does "Magic Lantern" work?
The FBI sends it to criminals.
That's the probable implementation. I was giving a foolproof method. An MD5 checksum only checks for accidental corruption. It's not difficult to deliberately make hostile code that will pass the MD5 check, and therefore be ignored by the virus scanner. A byte-by-byte check of the executable would be impossible to trick, unless I am missing something.
__
Do ya feel happy-go-lucky, punk?
I wander what their policy is towards government sponsored trojans and viruses.
According to their website, "Grisoft Inc. is a U.S.-based company established in 1998 as a holding company for Grisoft, s.r.o., a Czech Republic-based high-tech company specializing in the development and marketing of anti-virus software for computer systems since 1990."
I just finished sending them a letter asking what their position on this issue is. I'm hoping for a positive response, that being anything opposite of Symantech's or Network Associates policy.
Their web site is www.grisoft.com
Sure they could, if they could log your keystrokes, then they could log the data between the thumb/face reader and the computer. Then they can fake the input from the device, biometric approach defeated. The lesson here is that once they can into your system and interact with stuff like keyboard I/O, they can get pretty much any I/O your computer does, including biometric device I/O.
XML is like violence. If it doesn't solve the problem, use more.
Has Zone Alarm weighed in on the issue?
Speak truth to power.
Can you PROVE they're only used with a warrant? If you find a keylogger, you have every right to demand a warrant. Key loggers can't be always let through on the assumption that they are only used with warrants.
Nicotine free Amish .sig.
Vaapcon was much more recent and I knew a few feminists that got caught up in the net.
An Education is the Font of All Liberty
I believe we should call an immediate boycott of all companies producing anti-virus software who refuse to detect and tell the end-user of any viruses whatsoever that the user has not ok'd to be on his/her computer. Let these companies and the government learn that we will not simply accept whatever they wish to do to us and give us with no say whatsoever.
Am I guessing right that all that would be required to get your own Magic Lantern is set up a moderately suspicious system and then wait for the FBI to come install your copy? Ought to be not too complicated to put a Windows box behind a *nix firewall with standard packet sniffers in place so you can catch Magic Lantern's signatures on its way in. The hard part might be, if you want to use it yourself on other parties, dealing with any encryption it might be doing on data it sends back to base. But unless the encryption code itself is part of the signature that allows it past Symantec's firewall and/or antivirus detector, it should be possible to patch in your own routine there, rather than needing to fully disassemble the government's and break its keys.
What am I missing? What will keep thousands of curious kiddies from getting their own Magic Lanterns for fun and exploration? This kind of guarantees wide-spread vulnerability, doesn't it?
"with their freedom lost all virtue lose" - Milton
Sure, someone could break into my house, power off my system, cut the case padlock, jumper the motherboard switches to reset the CMOS password, boot to a boot floppy, load the esoteric filesystem modules, log in as root and install some shit, but I'm going to notice when I come back and my system isn't in the same state I left it in.
And I sure as hell know better than to run programs other people send me. It's true that no system is completely secure, but the system only has to be secure enough. Secure enough that I notice when someone's been tampering with it.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
In a global computing community where packets travel around the world crossing countries based on fastest route, not politics or tarrifs, any antivirus software that aligns itself with a particular government's intelligence agency is *not* going to be the dominant antivirus software package.
:( )
Bye Bye McAfee and Symantec. You're coming off my computers. Not that I'm paranoid, but why would I go the trouble of having PGP/GPG keys and signing email and then let the FBI install a keystroke logger. Would I voluntary install keystroke loggers for *ANYONE* on my production UNIX boxes (and still keep my job)?!? HECK NO!
Any bets on how long before these antivirus software companies start making alliances with other companies to install spyware and track users and display advertising while trying to stay alive?? I can see it now - NAV coming bundled with Magic Lantern *and* Gator (... to help you out, of course) and once installed there won't be any uninstall option until ad-aware gets updated. Great tool, that ad-aware - if you have a few brain cells and need to run windows anyway, it's a must - http://www.lavasoftusa.com
Windows is a petri dish, not an OS. As such, antivirus software is absolutely Critical. Why would I lock down my unix boxes, scan my servers, and then allow FBI keystroke loggers on windows boxes??
If only everyone I work with didn't use email as a vector for transmission of Microsoft office docs and other proprietary file formats, I wouldn't be in the predicamant I am now of needing to use windows for email instead of Mutt (No, Staroffice doesn't do it - ever try opening ppt95, visio, or an Office binder?
H+BEDV is a german software company which makes an excellent virus scanner. Other than most other scanners from mainstream companies, which can mostly be deactivated through a simple change of a few registry keys, it is actually pretty secure from any outside modification.
And there's also a free (beer) version available.
The simple antidote for this is a packet sniffer. There is lots of software out there that does it for free. They cannot get the keystrokes if you aren't online without breaking into your home. And if they don't have the keystrokes and you are running encrypted filesystem there is no way they can access your info (okay not noway, but very difficult). Next you would need a intrusion detection system that lets you know when someone has accessed your case, and cracked it.
And people believe that gun control is a good thing. Well this is the exact same issue as gun control.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
The FBI doesn't need to send anything to their servers! In fact it'd be really silly to do so.. They can simply mail the log file to gotchauterroristpunk@[your ISP] and then simply let their carnivore boxes search for keywords or phrases.. This would minimize the opportunity for DOS problems and get around some of the firewalls also..
Step 1 Go read this: http://www.wired.com/news/politics/0,1283,45730,00 .html
0 .html
0 .html
U.S. District Judge Nicholas Politan saved his sharpest needling for the assistant U.S. attorney prosecuting the case, asking how a court could accept the government's earnest assurances that its spy technology is permitted by federal law and the Bill of Rights.
Step 2 Then go read this: http://www.wired.com/news/politics/0,1283,45730,0
Note this little bit: Every bill -- including the Patriot Act, USA Act 1.0 and USA Act 2.0 -- would permit police to conduct Internet eavesdropping without a court order in some circumstances, allow federal prosecutors to imprison non-citizens for extended periods of time, and expand the power of a secret court that is used in foreign intelligence investigations.
Step 3 Now for real life: http://www.wired.com/news/conflict/0,2100,48711,0
Attorney General John Ashcroft has said the FBI began using the powers mere hours after President Bush signed the law. The Justice Department has prepared a "field guidance" manual (PDF) for prosecutors.
I would guess there is a 90% probability that Microsoft's SP2 for Explorer has an FBI or NSA hole. Not that I spend a ton of time on security, it's just that Windows' dialing out already gave me a thousand dollar bill for triggering my router (got out of it luckily) and I have no more patience for sheer bloodymindedness on the part of the World's Richest Man and his cohorts, the U.S. government. Utterly ridiculous.
Subject: Magic Lantern and you.
Alert Symantec users !! Norton Antivirus etc
Turns a blind eye on FBI-made viruses.
As a lot of people have found out recently, there is a virus on the loose
that logs whatever you type on your keyboard and periodicly sends it off
to specific email addresses, see (1).
Those that keep their anti-viruses up-to-date haven't had to worry to
much. AV products are stopping this virus dead in the hundreds/thousands
just as you are reading this.
Now, one anti-virus wendor is actually *building in support* for a
specific kind of such viruses. I.e. that will log your keystrokes and
send them to someplece on the internet.
The idea is that FBI will send such viruses to the "bad guys" and learn
all their passwords used to encrypt their evil plans.
But how will it work ? The FBI isn't telling, (so the "bad guys" can't
defend themselves), but logical thinking can tell us a few things.
Since each FBI case is different, it's no-way that every pice of this
virus can be hard-coded (i.e. unchangeable). The FBI will have to have
the ability to change certain things in this virus.
F.ex. where the virus stores your keystrokes before sending them,
and also the email address to send it to.
If it wouldn't be possible to change this, it would be to easy for
the "bad guys" to find out they were beeing 'bugged'.
So, the virus will be in at least 2 parts, program and data, and Symantec
AntiVirus can only check the program-part since the data-part is
always changing.
So what happens when the "bad guys" get their hands on it ? (And they
*will* since the feds will be extremely willing to send them a copy
Somebody will discover this virus on his PC, modify the address to send
the keystrokes to, and send the virus off in email. And it will more
than likely, finally, end up on *your* PC !
Now, think about it. Everything you will type on your keyboard,
your passwords, your credit-card numbers, your name, your address
*everything*, will be sent off to the "bad guys" and Symantec AntiVirus
will just smile and happily keep it's mouth shut about it !
Gives you a nice and warm feeling of security, doesn't it ?
This, unfortunately, is not a joke and it's not a hoax, see (2), (3),
(4) and (5) for more info.
If you disagree with Symantec opening up a security hole on your computer,
so big that you could sail a aircraft carries through it, you should do
something about it.
Sending complains to Symantec is one way to do it, you could go to (6)
and voice your opinion on this matter.
In any case, please inform those that you think should know about this by
forwarding them this letter (I know, this sounds like a standard hoax but
unfortunately it's not, just search the web for yourself)
Do something now, tomorow the contents of your bank-account might not
be there.
References:
1) http://www.cert.org/incident_notes/IN-2001-14.htm
2) http://www.politechbot.com/p-02851.html
3) http://cryptome.org/fbi-dirt.htm
4) http://www.theregister.co.uk/content/55/23057.htm
5) http://slashdot.org/article.pl?sid=01/11/28/17320
6) http://www.symantec.com/feedback/comment.html
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc