Slashdot Mirror

← Back to Stories (view on slashdot.org)

Slashback: Petdom, Denial, Confusion

Posted by ryuzaki0 on from the back-in-blacksburg dept.

Slashback tonight features updates (below) on Aibo hacking (a rare bit of good news on the technical freedom front), some not-great information for excite@home users concerned about the looming darkness, a strange update in the FBI/Magic Lantern story, and more. Only Carnivore operators will know the truth. elem writes "McAfee has now come on the record and has denied contact with the FBI about the 'Magic Lantern' Project.

In an e-mail to Declan McCullagh which has also been posted on his PoliTech mailing list McAfee said the following:

"Dear Sir/Madam:

  1. Network Associates/McAfee.com Corporation has not contacted the FBI, nor has the FBI contacted NAI/McAfee.com Corp., regarding Magic Lantern.
  2. We do not expect the FBI to contact Network Associates/McAfee.com Corporation regarding Magic Lantern.
  3. Network Associates/McAfee.com Corp. is not going to speculate on Magic Lantern as its existence has not even been confirmed by the FBI or any government agency.
  4. Network Associates/McAfee.com Corporation does and will continue
    to comply with any and all U.S. laws and legislation.
Regards,
Marisa Lewis
Investor Relations Manager
McAfee.com Corporation
NASDAQ: MCAF
535 Oakmead Parkway
Sunnyvale, CA 94085
408-992-8100 phone
408-720-8450 fax
www.mcafee.com"

In a subsquent post AP reporter Ted Bridis responed by saying: "I stand by my reporting for the AP. This information came from a senior company officer. I won't identify this person in this post because I've been unable to reach this person by phone or e-mail since the flap erupted."

He also noted that McAfee never specificly denied that they might write such allowances (for Magic Lantern) into their software, it just says that they have yet to have been asked to.

Original story on slashdot and Politech with follow ups

McAfee's Response and Ted Bridis' response"

Rethinking is always a good idea. javester writes: "Sony has come to its senses and has struck a deal with AIBOPET, after the fan site was shut down when Sony's lawyers came calling last week of October.

Way to go Sony and AIBOPET!!!! More power to both of you for finding a compromise where everybody wins! Hopefully, other parties having DMCA tussles follow Sony's and AIBOPET's example, and have more constructive discussions instead of legal suits galore."

Penguin cause pollution. x136 writes "I saw this on my local Fox affiliate, but found a link on LinuxWorld. IBM has been fined again for spraypainting their blue "Peace, Love & Linux" logo, this time on the streets of San Francisco. The bill? $120,000. First Chicago, then San Francisco ... Who thought this was a good idea in the first place?"

Well, I thought the giant murals in NYC were great, but the sidewalk idea strikes me as IBM playing Brewster's Millions with the billion dollars they pledged to spend on Linux.

Out of the freezer and into the blizzard ... An Anonymous Coward writes "Comcast has decided to offer a backup plan in case their cable modem's die due to Excite@Home's bankruptcy. Good thought but the backup is NetZero. Gee thanks Comcast. Here is a link to their Service Interruption FAQ. http://www.comcastonline.com/info.htm"

Make it obfuscated, but make it snappy. Rosco P. Coltrane writes "If you haven't submitted your program(s) to the International Obfuscated C Code Contest, now is the time : the deadline is December 1st, 2001, there is only two days left !"

19 of 286 comments (clear)

  1. Magic Lantern: Big effing deal. by Tackhead · · Score: 4, Interesting
    I don't get all the objections to the FBI spyware thingy. Nor do I get the notion that it's somehow as intrusive as even the sneak-and-peek thing they did against that mobster a few months ago.

    In the case of Scarfo (the mob guy), the Fedz had to break into the guy's home and h4x0r his b0x3n with a hardware device. Obvious case of the Fedz breaching the mobster's right to be secure in his home and property.

    In the case of Magic Lantern, they'll do it from their office. It'll be up to the target to do the st00pid thing and run the executable. I can see an argument that by voluntarily running trojanned code, he gives up his right to security.

    That is, it's not the Feds breaking into the guy's home, it's the Feds sending the user an email. If the user doesn't run it, the user remains safe. If the user chooses to run it, he violates his own security *on behalf of* the Feds. This may be the crucial legal distinction that makes this work in court, where the Scarfo keylogger didn't.

    (And besides, isn't this what half the /. crowd says when the latest Microsoft worm-du-jour shows up? "Well, they were running Windoze, they shouldn't expect to be secure!" ;-)

    Finally, I don't see what the worry is about virus scanners not detecting it.

    This is *not* a worm, nor is it a virus. That is, it doesn't try to spread to other computers over a network, nor through infecting files (remember, its goal is to *avoid* changing anything on the target system, to preserve the integrity of the evidence), so there's no risk of collateral damage.

    So you have a data collector that doesn't damage data, and doesn't replicate. Since it doesn't replicate, it doesn't leave the infected system. Since it never leaves the infected system, the number of copies of Magic Lantern "in the wild" will always be a small number - likely, "one per suspect".

    Since it doesn't exist in the wild, doesn't propagate, and since each instance of it may be unique, there's really no way for a virus scanning company to add its signature to a database, even if they needed or wanted to.

    And on that "one copy per suspect" note, because it doesn't need to propagate beyond the infected system, I would guess that it's likely to be an executable tailored to the target machine - which may imply different checksums/signatures, and very probably, different "bait" email messages, tailored to the suspect.

    Suppose we decide to use a 'sploit based on Javashit embedded in PDFs. We'd send a PDF of plans for a meth lab to our suspect drug kingpin, and PDFs of the You-Know-Who's "Jihad-HOWTO on CD-ROM" to our suspect terrorists.

    OK, so we probably have come up with a totally different infection vector when Adobe calls up and contracts us to perform a hit on m0st-ph33r3d c0pywr1t3 t3rr0r1st Dmitry Sklyarov, but for most dirtbags, it'll work...

    1. Re:Magic Lantern: Big effing deal. by AgTiger · · Score: 3, Interesting

      > In the case of Magic Lantern, they'll do it from their office.
      > It'll be up to the target to do the st00pid thing and run the executable.

      Or... perhaps it's just delivered to his machine as an application or operating system upgrade. All it takes is a verified IP in the right upgrade engine, and a 'different' upgrade is sent than most get, or perhaps even see.

      You usually even click to agree to allow the upgrade to happen, thus, consent. Admittedly, not very informed consent, but... consent none the less.

  2. $120,000 ?? by Axe · · Score: 2, Interesting

    That's probably cheaper then they paid to the consultants who came up with this graffity idea. Plus all the free publicity of being in the news: now all the country saw this graffity in prime time. I am afraid this is clever enough that we see this marketing done again and again. Not that I like it..

    --
    <^>_<(ô ô)>_<^>
    1. Re:$120,000 ?? by captin+nod · · Score: 3, Interesting


      Just recently, m$ got fined A$300 per X-Box logo they sprayed on the streets of various Australian state capitals.

      Full story here.

      Its a 'cheap' marketing technique thats turning out to be qute expensive :) hehe :)

      --
      Moo.
  3. Who is the real author of Magic Lantern? by Ryu2 · · Score: 4, Interesting
    Usually, the US government itself doesn't produce its tools, it uses commercial subcontractors to design/make them. For example, the Air Force itself doesn't build its own fighter jets, Boeing or some other company does.

    IIRC, FBI's Carnivore is just commerical off the shelf packet sniffer (forgot the company), modified at the request of the FBI to look at SMTP, etc traffic.

    So, does anyknow know which company or individual is the author of the Magic Latern program under such a government contract? Or did the FBI itself write it?

    --
    There's 10 types of people in this world, those who understand binary and those who don't.
    1. Re:Who is the real author of Magic Lantern? by WasterDave · · Score: 2, Interesting

      Probably McAfee, or Symantec, or both. Be a pretty cool way of solving both the delivery and virus scanner problems in one fell swoop.

      Dave

      --
      I write a blog now, you should be afraid.
  4. A *real* ISP by theantix · · Score: 5, Interesting
    Here is why my ISP is doing about the situation.

    Excite @Home is the corporation that supports @home.com e-mail. It is operating in bankruptcy and it is unknown how long it will continue to support the @home.com e-mail. Over the last year Shaw has been building its own Data Centre to support e-mail, provisioning web space, etc. and given, the circumstances with Excite @Home, we are accelerating the migration of our customers over to our Shaw infrastructure which includes transitioning email addresses to @shaw.ca. We are asking our customers to complete an Email Quickstep process and then begin using their new @shaw.ca email address to ensure that impact is minimized in the event that the Excite@Home corporation is unable to continue supporting their @home email service.
    Not only will there be no service downtime, but they took preventative measures to avoid this in advance of any problem. Don't you wish you live in Canada?
    --
    501 Not Implemented
    1. Re:A *real* ISP by CptnKirk · · Score: 2, Interesting

      AT&T is also taking similar measures. But it does bring up a quality of service issue. If the lights do go out at Excite@home and an ISP can't provide service to it's users for a week or so until they get their backup networks online (if they have them), should they expect their users to pay for that month. I wouldn't, but I expect that most will. There will probably be more /. stories about this aftermath.

  5. AT&T's backup plan(s)? by badvilbel · · Score: 1, Interesting

    Has anyone heard any further about AT&T's plan to either: a) purchase Excite@Home or b) launch their own fantabulous network ? The latter option thus far has been very sparsely elucidated and very unclear. It's also interesting to me that, here in the Seattle area, AT&T broadband seems to be sending out a different "special" offer each week with a different pricing scheme. Perhaps they're trying to be proactive about the potential customer loss due to the impending craziness.

  6. Excite@Home Customer Communication by slugfro · · Score: 2, Interesting

    As an excite@home customer I am not happy about the current situtation since a fast (or somewhat fast) internet connection is now a necessary part of life. However I am less happy with the lack of communication from excite to their customers. A few weeks ago I recieved one email stating that connections and features could be affected in the future and that they would be in steady contact with further updates. I haven't heard back since! Hopefully DSL is available in my area now.

    --

    -- Find the Truth...
  7. The exodus... by sterno · · Score: 3, Interesting

    This makes me wonder a couple things:

    1) Will there be a mass exodus of cable modem users to DSL? Could this be the shot in the arm Covad needs?

    2) Will the NetZero service be able to handle the influx of customers from Comcast? I'm sure all the NetZero customers will be real happy when they get endless busy signals.

    3) Will ComCast pay for a user's modem so that they can use this "backup" if they don't already have a modem?

    I'm guessing they through this situation at the PR department and that it was the best they could come up with.

    --
    This sig has been temporarily disconnected or is no longer in service
  8. No, that's the cheap part by HerrNewton · · Score: 2, Interesting
    [B]ut the sidewalk idea strikes me as IBM playing Brewster's Millions with the billion dollars they pledged to spend on Linux.

    Ummm... shopping list:
    1. Stencils, easy enough to diecut on a press
    2. Chalk paint
    3. Motivated guerilla marketers to spray chalk paint over stencils.

    All of that---including any fines levied---is very, very cheap relative to a more traditional campaign. Extremely cost effective strategy, especially when you take into account the freepress afforded by media coverage of the pissed city governments.
    --

    ----
    Am I the only one who thinks Microsoft is a misnomer? Perhaps Macrosoft would be a better fit?
  9. It IS a big deal. Because... by hillct · · Score: 5, Interesting
    First McAffee and now Symantec are willing to ignore the presence of this virus. This article describes Symantec's position on the issue:
    Eric Chien, chief researcher at Symantec's antivirus research lab, said that provided a hypothetical keystroke logging tool was used only by the FBI, then Symantec would avoid updating its antivirus tools to detect such a Trojan.

    Symantec is yet to hear back from the FBI on its enquiries about Magic Lantern.

    "If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it - we wouldn't detect it," said Chien. "However we would detect modified versions that might be used by hackers."
    The bigger problem here, though is that these antivirus vendors are violating the public trust and esentially providing faulty products (nothing new in the software industry) intentionally (which is a new prescident).

    Furthermore, if antivirus vendors can be currupted this ay in the name of national security, does this mean that OS vendors will do the same, to accomodate the delivery methods chosen by the FBI? Will there be un-closed security holes intentionally left open as delivery vectors (like buffer overflow problems etc.) for 'Magic Lantern'? And regardless of the position of Stmantec that they will try to detect variants of Magic Lantern, what happens when a virus writer succeeds in writing a piece of code with a signature sufficiently similar to the FBI code as to be indestinguishable? the risk introduced here is too great to justify through the promise of improved crime fighting capabilities.

    --CTH
    --

    --Got Lists? | Top 95 Star Wars Line
    1. Re:It IS a big deal. Because... by jemagid · · Score: 2, Interesting
      The whole question of security bugs included intentionally in software reminds me of the Inslaw case, in which the federal government took a piece of software which they pirated from a contractor (who they put out of business), and hacked it up to include a back door. This software was written to track the complicated web of relationships between the sort of people intelligence agencies work with/against (depending on the phase of the moon and the particular situation). They sold this software to friendly (And probably not so friendly) intelligence agencies world-wide, using the back door to suck out information from their customers databases.

      Pretty cool hack. (a technical judgement independent on the morality of the entire affair).

      So the government has dealt in intentionally insecure software in the past, and they will probably do so in the future.

      Personally, I think with a real warrant (none of this no-burden-of-proof "judicial certification" which the PATRIOT act institutes") this is a fine tactic. It's essentially the same as a wiretap.

      Obviously, mass distribution of weakened software to the public or to anyone whom there is no probable cause to suspect is completely unacceptable.

      --

      --
      Global Village Idiot
      Email: jem@sunsite^H^H^H^H^H^H^Hmetalab^H^H^H^H^H^H^Hibib lio.org
  10. Re:Comcast should know better. by IRNI · · Score: 3, Interesting

    Netzero is Windows Only. Thats the part that really bugs me.

  11. sure they do by vscjoe · · Score: 2, Interesting

    Both the military and the civilian parts of the US government design and implement lots of special-purpose gadgets and software, and they spend billions doing it. Often, the work is done by government employees, not contractors. That is entirely justified when there is no commercial vendor around. The decision is no different from whether any other big company outsources or does something in-house. If the FBI wants Magic Lantern, they can develop it in house; they don't need a vendor.

  12. @home conspiracy theory by Sadfsdaf · · Score: 4, Interesting

    Why do the creditors want @home out of business?

    Considering that one of the major shareholders is AT&T (broadband or parent company it doesn't matter), they MUST keep the service running anyway.

    AT&T WILL obtain the hardware and maybe the people who keep the cable internet system running.AT&T WANTS @HOME TO FILE FOR CHAPTER 7 (liquidation, bubye). Why? If they kept @home, they would still have less control over the system and if they obtained @home's hardware when they make the new system it'd be cheaper (not to mention the same people to run the familiar system).

    Then why don't they BUY OUT @home? Simple! @home has something like SIX BILLION DOLLARS IN DEBT. If AT&T bought them out, they would have to deal with that debt and do you really think the shareholders would be happy about a sudden 6 billion in debt? HELL NO! AT&T will let @home liquidate and pick up everything (people and hardware) dirt cheap (because no one else will set up a cable system in that area, they CAN'T AT&T controls it, thus they're the only buyer).

    AT&T is playing a smart move here, and they probably have @HOME executives in on this too and have other cable providers notified (that's why they're all making "backup" plans, because if they really weren't going out of business, then why would @home tell them, that would make the CO's trust @home less!)

    Sigh... just a stupid ploy for AT&T to get full administration to the cable internet system dirt cheap w/o paying any debts.

    Smart move AT&T.

    If they decide to do anything different, AT&T execs are stupid for not doing this. ;-]

  13. From the AiboPet FAQ. . . by SMN · · Score: 3, Interesting
    From the AiboPet FAQ:
    Q: How can I be part of the Legit-i-Mutt©TM program?
    A: Well you can't. Legit-i-Mutt©TM is just a bogus name I came up with to explain the situation. Heck, it isn't trademarked, copyrighted, patented or with any legally clout what-so-ever. The real legally binding part is the Sony EULA, and standard copyright law. The EULA stays with the software in its original form or in experimental enhanced form found on this site.
    Does anyone else think it's not very smart for a site that just received a threatening letter from hihhly paid lawyers for a multi-billion dollar corporation to be sticking little copyright and trademark indicators everywhere as a joke?
    --
    -- Imagine how much more advanced our technology would be if we had eight fingers per hand.
  14. Penguin cause pollution? by DarklordJonnyDigital · · Score: 2, Interesting
    x136 asked, "IBM has been fined again for spraypainting their blue "Peace, Love & Linux" logo, this time on the streets of San Francisco. The bill? $120,000... Who thought this was a good idea in the first place?"

    Rumours abound that it was a Microsoft idea, in the first place. While we can't be sure if Microsoft thought up the idea before anyone else - I believe EasyJet tried a similar thing in Belfast, Northern Ireland with chalk drawings on the pavement, and were sued accordingly - it's been rumoured that Microsoft was forced to get their checkbook out after hiring spraypaint artists to advertise the X-Box in a number of cities.

    So, if it makes you feel any better... it's not just the Penguins who are causing all that pollution. :)