FBI Confirms Magic Lantern Existence

The_THOMAS (and many others) writes: "A day after major anti-virus firms waffle on their support for 'Magic Lantern', and nine days after Thomas C Greene of The Register tried to throw cold water on it's existence, the FBI Confirms the 'Magic Lantern' Project Exist. Welcome to a Brave New World!"

Paranoia

[Jebediah21]

I'm not worried about Magic Lantern. I'm worried about the stuff we haven't heard about yet. Really, if the FBI wants to spy on citizens (or criminals for that matter) there is no way they would let their ideas be known.

TRading freedom for security

[webwench_72]

There's a homily about how, when everyone is a lawbreaker, government has total control over everyone -- there will always be a pretext for detaining any person.

As another poster mentioned, it is quite likely that none of us would like to have all of our keystrokes made public -- some of our innermost thoughts go right through our keyboards, and Magic Lantern wouls apparently make no distinction between keystrokes that you intend to publish on the web, and those intended to stay private (financial info, personal letters, diaries, medical correspondence). If you think this sort of tapping would only occur under warrant, you aren't following the latest news.

Since 9/11, we already see our government detaining people for more extended periods of time even when the detaineee has not been accused of a crime, refusing to share the evidence against those detained, and the Dept of Justice is even, per AG Ashcroft, allowed to monitor conversations between people in custody and their lawyers. That last one applies to everyone, and is not limited to suspected illegal immigrants.

This is the top of a very slippery slope. If we give away rights to privacy in our homes and with our legal counsel, we will never get these rights back.

"A man who gives up some of his liberty for a little temporary safety deserves neither liberty nor safety." - Benjamin Franklin

"Whether or not legislation is truly moral is often a question of who has the power to define morality." -- Jerome Skolnick

Possiable solution (peer-to-peer key checking)

[macmouse]

Why hasn't anyone thought of this before?..

Its a bit insane but think about it..
This would ideally be applied to jxtra (www.jxta.org) - suns peer to peer protcal layor (different things can be put ontop, like a web browser, a IM message,file sharing, etc).

Have the a key/checksum on the file itself. Then to authenticate, connect to the p2p network. Each host would have their own UNIQUE key. The longer a machine is up the more trust. Nearby machines get the key as well.

So, to authenticate the program goes and finds a bunch of random machines, asks what their keys are and what the key is for the package file. Then, you check the machines keys with other machines to make sure they can be "trusted". This would be a cross between the gpg signing "web" and p2p networking.

So the machines that have been on longer can be trusted more. This is to prevent a machine at the isp to generate new keys on the spot (or use the same one over and over again). It would have to be around for a resonable amount of time (24 hours?).

So each time you check package x, at random a series of "hosts" are asked what their checksums are for package x. For the paranoid, could add some route/different isp checking as well. Let say it asks 20 machines. If all match, then odds are pretty good its correct. Also, each host's key would have to be unique and "trusted". Then you can go out onto 100's (even more?) of hosts to check.

True, (in theory) it would be possiable to fiter for those specific requests, generate a seperate key for a bunch of ip's RANDOMLY and have them authenticate with each other, but that would be quite difficult. In order to do that, they would essentially have your connection severed from the net, with no direct path and on a "virtual" network, in which case your screwed anyway.

It isn't the most efficent way, but probably about as secure as you could get. Well, without being the govenment itself ^_^.

Entering passwords without the keyboard

[Katravax]

This post will probably never be seen since I'm a latecomer to the conversation, but I knew a fellow a few years back that would never be affected by a keylogger. His method would work for bypassing any keylogger, but would probably be most useful to touch-typists as a way to not use the keyboard for entering passwords.

He claimed he was a terrible typist. I couldn't tell though, because he didn't touch the keyboard. He would literally copy and paste every character he entered. While this would be tedious for all typing, it strikes me that would be a good way to enter passwords if you're concerned about a keylogger.

That generally wouldn't work for whole-system logins, but it would work for encrypted files and other "lesser" logins. Copy a letter from this page, a letter from that, paste it in your password box, and I doubt seriously even a macro recorder could follow what you're doing.

Signatures on Debian packages

[Overfiend]

With all of that in mind, I decided to find out just how vulnerable I was. I set up a stock Debian 2.2r3 box... I went to the Debian box and typed 'apt-get update ; apt-get upgrade'. After a few routine prompts, none of which triggered security alerts, the box was rooted by my "custom" package.

Progeny Linux Systems wrote, tested, deployed, and submitted as patches to Debian, code to implement cryptographic package signatures. Some of the patches now exist in dpkg CVS, but Wichert Akkerman rejected others. Part of it had to do with a command that would prompt you (package maintainer) for your GPG passphrase and cache it so that it could be applied to each binary package (consider how tedious it would be to re-type the passphrase for each binary package in a package like XFree86, which has dozens; moreover, you're no *more* susceptible to a keystroke logger if the passphrase is cached). Anyway, this tool was written in C for security (locked memory pages), but Wichert wanted a version in Python instead, so he never accepted the code.

I never have quite figured that one out.

Anyway, since Progeny ceased development on its own distribution, not much work has been done on our signed package implementation. The code has already been publicly released; maybe it's time for people in the Debian community to take up the fight?

The specification, authored jointly by Ben Collins and John Goerzen, allows for multiple signatures per package. I wrote a policy administration tool called apt-checksigs that would let the user configure the strictness of signature checking on a per-repository basis.

Is anyone interested in this stuff?

Re:Getting around Magic Lantern

[Bert+Peers]

It seems to me that keeping Magic Lantern from working should be fairly easy for any terrorist who knows that much about it. [...] Once the (let's say) email is written and encrypted he puts it on a disk goes over to another computer hooked up to the web and sends it off.[...]

This would work. In fact, this is exactly the method used by amazon.com in their (very) early days to "secure" their database of credit card information. Credit card info was stored on a separate, non-networked computer. Every morning, the names of customers who had placed an order since the previous day, would be saved to a floppy disk which was then physically "carried" to the database PC to be matched up against their credit card info. That PC then generated a list (on paper) of billing requests to be sent off to Visa etc. The only way to modify the database (to add a new customer or update a credit number) was to actually call Amazon.com, and get someone on the phone to walk over to the database machine and enter some SQL woopla.

Security Enhanced Linux?

[HuskyDog]

If I download and install the NSA's Security-Enhanced Linux (having checked the source carefully for back doors) am I then safe from Magic Lantern?

It seems to me that sooner or later these two government projects are going to come into conflict and it will be very interesting to see who comes out on top.

Re:Think for a minute

[Catiline]

Here's the one counterargument for what you said:

Power corrupts. Absolute power corrupts absolutly.

And now let me expound upon that.

I have a friend-of-a-friend story: a friend of mine is a lawer who defended a client accused of a computer crime- namely, running p0rn and selling 'services' on the 'net. When the police (Atlanta, GA- local mind you) raided his house, they took everything. Incuding, for no reason whatsoever, his pickup truck. And then auctioned said truck off. Before he was proven guilty in a court of law- before, even, he went to court. In total defiance of the constitutional protections against unreasonable search and seizure. And this was doubly unreasonable as a) they had no reason to sieze his vehicle and b) the had no right to sell it before his guilt was determined.

So if you want to say something sensible and levelheaded like "ensure that adequate oversight exists", keep in mind that the overseer needs to know about the issures involved. And when they don't, any amount of oversight won't do anything to stem corruption. Because I'm sure as sure can be that the goverment has sharp oversight over the local police departments, but yet that didn't stop this from happening. I don't even want to think about what the police really do in cases of phone tapping.

Re:What about your compiler?

[bowronch]

Interested parties should read this article... Ken Thompson created one of the coolest back doors ever... Compile the compiler to introduce code that creates a login backdoor every time login is compiled, and code so that everytime the compiler itself is compiled, the hack goes into the binary... after one compile, the hack isnt in the source... "Reflections on Trusting Trust"