Slashdot Mirror

← Back to Stories (view on slashdot.org)

Slashback: Petdom, Denial, Confusion

Posted by ryuzaki0 on from the back-in-blacksburg dept.

Slashback tonight features updates (below) on Aibo hacking (a rare bit of good news on the technical freedom front), some not-great information for excite@home users concerned about the looming darkness, a strange update in the FBI/Magic Lantern story, and more. Only Carnivore operators will know the truth. elem writes "McAfee has now come on the record and has denied contact with the FBI about the 'Magic Lantern' Project.

In an e-mail to Declan McCullagh which has also been posted on his PoliTech mailing list McAfee said the following:

"Dear Sir/Madam:

  1. Network Associates/McAfee.com Corporation has not contacted the FBI, nor has the FBI contacted NAI/McAfee.com Corp., regarding Magic Lantern.
  2. We do not expect the FBI to contact Network Associates/McAfee.com Corporation regarding Magic Lantern.
  3. Network Associates/McAfee.com Corp. is not going to speculate on Magic Lantern as its existence has not even been confirmed by the FBI or any government agency.
  4. Network Associates/McAfee.com Corporation does and will continue
    to comply with any and all U.S. laws and legislation.
Regards,
Marisa Lewis
Investor Relations Manager
McAfee.com Corporation
NASDAQ: MCAF
535 Oakmead Parkway
Sunnyvale, CA 94085
408-992-8100 phone
408-720-8450 fax
www.mcafee.com"

In a subsquent post AP reporter Ted Bridis responed by saying: "I stand by my reporting for the AP. This information came from a senior company officer. I won't identify this person in this post because I've been unable to reach this person by phone or e-mail since the flap erupted."

He also noted that McAfee never specificly denied that they might write such allowances (for Magic Lantern) into their software, it just says that they have yet to have been asked to.

Original story on slashdot and Politech with follow ups

McAfee's Response and Ted Bridis' response"

Rethinking is always a good idea. javester writes: "Sony has come to its senses and has struck a deal with AIBOPET, after the fan site was shut down when Sony's lawyers came calling last week of October.

Way to go Sony and AIBOPET!!!! More power to both of you for finding a compromise where everybody wins! Hopefully, other parties having DMCA tussles follow Sony's and AIBOPET's example, and have more constructive discussions instead of legal suits galore."

Penguin cause pollution. x136 writes "I saw this on my local Fox affiliate, but found a link on LinuxWorld. IBM has been fined again for spraypainting their blue "Peace, Love & Linux" logo, this time on the streets of San Francisco. The bill? $120,000. First Chicago, then San Francisco ... Who thought this was a good idea in the first place?"

Well, I thought the giant murals in NYC were great, but the sidewalk idea strikes me as IBM playing Brewster's Millions with the billion dollars they pledged to spend on Linux.

Out of the freezer and into the blizzard ... An Anonymous Coward writes "Comcast has decided to offer a backup plan in case their cable modem's die due to Excite@Home's bankruptcy. Good thought but the backup is NetZero. Gee thanks Comcast. Here is a link to their Service Interruption FAQ. http://www.comcastonline.com/info.htm"

Make it obfuscated, but make it snappy. Rosco P. Coltrane writes "If you haven't submitted your program(s) to the International Obfuscated C Code Contest, now is the time : the deadline is December 1st, 2001, there is only two days left !"

5 of 286 comments (clear)

  1. Magic Lantern: Big effing deal. by Tackhead · · Score: 4, Interesting
    I don't get all the objections to the FBI spyware thingy. Nor do I get the notion that it's somehow as intrusive as even the sneak-and-peek thing they did against that mobster a few months ago.

    In the case of Scarfo (the mob guy), the Fedz had to break into the guy's home and h4x0r his b0x3n with a hardware device. Obvious case of the Fedz breaching the mobster's right to be secure in his home and property.

    In the case of Magic Lantern, they'll do it from their office. It'll be up to the target to do the st00pid thing and run the executable. I can see an argument that by voluntarily running trojanned code, he gives up his right to security.

    That is, it's not the Feds breaking into the guy's home, it's the Feds sending the user an email. If the user doesn't run it, the user remains safe. If the user chooses to run it, he violates his own security *on behalf of* the Feds. This may be the crucial legal distinction that makes this work in court, where the Scarfo keylogger didn't.

    (And besides, isn't this what half the /. crowd says when the latest Microsoft worm-du-jour shows up? "Well, they were running Windoze, they shouldn't expect to be secure!" ;-)

    Finally, I don't see what the worry is about virus scanners not detecting it.

    This is *not* a worm, nor is it a virus. That is, it doesn't try to spread to other computers over a network, nor through infecting files (remember, its goal is to *avoid* changing anything on the target system, to preserve the integrity of the evidence), so there's no risk of collateral damage.

    So you have a data collector that doesn't damage data, and doesn't replicate. Since it doesn't replicate, it doesn't leave the infected system. Since it never leaves the infected system, the number of copies of Magic Lantern "in the wild" will always be a small number - likely, "one per suspect".

    Since it doesn't exist in the wild, doesn't propagate, and since each instance of it may be unique, there's really no way for a virus scanning company to add its signature to a database, even if they needed or wanted to.

    And on that "one copy per suspect" note, because it doesn't need to propagate beyond the infected system, I would guess that it's likely to be an executable tailored to the target machine - which may imply different checksums/signatures, and very probably, different "bait" email messages, tailored to the suspect.

    Suppose we decide to use a 'sploit based on Javashit embedded in PDFs. We'd send a PDF of plans for a meth lab to our suspect drug kingpin, and PDFs of the You-Know-Who's "Jihad-HOWTO on CD-ROM" to our suspect terrorists.

    OK, so we probably have come up with a totally different infection vector when Adobe calls up and contracts us to perform a hit on m0st-ph33r3d c0pywr1t3 t3rr0r1st Dmitry Sklyarov, but for most dirtbags, it'll work...

  2. Who is the real author of Magic Lantern? by Ryu2 · · Score: 4, Interesting
    Usually, the US government itself doesn't produce its tools, it uses commercial subcontractors to design/make them. For example, the Air Force itself doesn't build its own fighter jets, Boeing or some other company does.

    IIRC, FBI's Carnivore is just commerical off the shelf packet sniffer (forgot the company), modified at the request of the FBI to look at SMTP, etc traffic.

    So, does anyknow know which company or individual is the author of the Magic Latern program under such a government contract? Or did the FBI itself write it?

    --
    There's 10 types of people in this world, those who understand binary and those who don't.
  3. A *real* ISP by theantix · · Score: 5, Interesting
    Here is why my ISP is doing about the situation.

    Excite @Home is the corporation that supports @home.com e-mail. It is operating in bankruptcy and it is unknown how long it will continue to support the @home.com e-mail. Over the last year Shaw has been building its own Data Centre to support e-mail, provisioning web space, etc. and given, the circumstances with Excite @Home, we are accelerating the migration of our customers over to our Shaw infrastructure which includes transitioning email addresses to @shaw.ca. We are asking our customers to complete an Email Quickstep process and then begin using their new @shaw.ca email address to ensure that impact is minimized in the event that the Excite@Home corporation is unable to continue supporting their @home email service.
    Not only will there be no service downtime, but they took preventative measures to avoid this in advance of any problem. Don't you wish you live in Canada?
    --
    501 Not Implemented
  4. It IS a big deal. Because... by hillct · · Score: 5, Interesting
    First McAffee and now Symantec are willing to ignore the presence of this virus. This article describes Symantec's position on the issue:
    Eric Chien, chief researcher at Symantec's antivirus research lab, said that provided a hypothetical keystroke logging tool was used only by the FBI, then Symantec would avoid updating its antivirus tools to detect such a Trojan.

    Symantec is yet to hear back from the FBI on its enquiries about Magic Lantern.

    "If it was under the control of the FBI, with appropriate technical safeguards in place to prevent possible misuse, and nobody else used it - we wouldn't detect it," said Chien. "However we would detect modified versions that might be used by hackers."
    The bigger problem here, though is that these antivirus vendors are violating the public trust and esentially providing faulty products (nothing new in the software industry) intentionally (which is a new prescident).

    Furthermore, if antivirus vendors can be currupted this ay in the name of national security, does this mean that OS vendors will do the same, to accomodate the delivery methods chosen by the FBI? Will there be un-closed security holes intentionally left open as delivery vectors (like buffer overflow problems etc.) for 'Magic Lantern'? And regardless of the position of Stmantec that they will try to detect variants of Magic Lantern, what happens when a virus writer succeeds in writing a piece of code with a signature sufficiently similar to the FBI code as to be indestinguishable? the risk introduced here is too great to justify through the promise of improved crime fighting capabilities.

    --CTH
    --

    --Got Lists? | Top 95 Star Wars Line
  5. @home conspiracy theory by Sadfsdaf · · Score: 4, Interesting

    Why do the creditors want @home out of business?

    Considering that one of the major shareholders is AT&T (broadband or parent company it doesn't matter), they MUST keep the service running anyway.

    AT&T WILL obtain the hardware and maybe the people who keep the cable internet system running.AT&T WANTS @HOME TO FILE FOR CHAPTER 7 (liquidation, bubye). Why? If they kept @home, they would still have less control over the system and if they obtained @home's hardware when they make the new system it'd be cheaper (not to mention the same people to run the familiar system).

    Then why don't they BUY OUT @home? Simple! @home has something like SIX BILLION DOLLARS IN DEBT. If AT&T bought them out, they would have to deal with that debt and do you really think the shareholders would be happy about a sudden 6 billion in debt? HELL NO! AT&T will let @home liquidate and pick up everything (people and hardware) dirt cheap (because no one else will set up a cable system in that area, they CAN'T AT&T controls it, thus they're the only buyer).

    AT&T is playing a smart move here, and they probably have @HOME executives in on this too and have other cable providers notified (that's why they're all making "backup" plans, because if they really weren't going out of business, then why would @home tell them, that would make the CO's trust @home less!)

    Sigh... just a stupid ploy for AT&T to get full administration to the cable internet system dirt cheap w/o paying any debts.

    Smart move AT&T.

    If they decide to do anything different, AT&T execs are stupid for not doing this. ;-]