Slashdot Mirror
FBI Confirms Magic Lantern Existence
The_THOMAS (and many others) writes: "A day after major
anti-virus firms waffle on their support for 'Magic Lantern', and nine days
after Thomas C Greene of The Register tried to throw cold
water on it's existence,
the FBI Confirms
the 'Magic Lantern' Project Exist. Welcome to a Brave New World!"
first post
grammatically correct post.
It's = short for "it is"
Its = the word you were looking for in your writeup
Lame filler for a lame filter!
linux still sucks
losers
MOM
ITS ITS ITS ITS ITS! NOT IT'S! AAAAAAAAGH! http://angryflower.com/bobsqu.gif
To start, I talked with my colleague's brother, "Joe," who is a criminal defense attorney. Joe told me that he has been following the Magic Lantern debate very closely, because his sources indicate that the FBI will be using it in many, many cases to prevent the possibility of seizing equipment with undecryptable data on it. In fact, it has been rumored that the proposed new FBI policy regarding searches of premises requires agents to attempt to use Magic Lantern (which technically counts as a consensual search) prior to even obtaining a warrant, if the warrant is to seize computer hardware.
Joe is not very familiar with computer technology, but he did say that a large part of the Magic Lantern program involves contacting ISPs to allow the FBI to alter network data destined for the suspect's computer. I will take that at face value because they seem to have no problem pulling rank on ISPs. I suspect that their "do it or we'll arrest you" attitude plays a big part in this.
With all of that in mind, I decided to find out just how vulnerable I was. I set up a stock Debian 2.2r3 box, and a stock Red Hat 7.2 box. Both used the installation CDs produced at least a few months ago, so they were both vulnerable to the wu-ftpd exploit and would need to be upgraded for production use.
My goal was simple: I needed to play the part of the FBI, and trick my machines into accepting a trojaned version of the new wu-ftpd package.
First, I set up a transparent proxy on my gateway box, which is used to split my cable modem connection amongst my home machines and those of several neighbors. I used a program called "squirm" to rewrite URLs ending in .deb or .rpm so that they would be redirected to my local web server,
from which the trojanned .deb and .rpm files would be served.
Second, I produced trojaned .deb and .rpm files. The .deb file was
trivial to modify, as only a checksum stood between me and a valid hacked
version. The .rpm was a bit more difficult, because RedHat signs their
packages with a PGP key. However, once I rebuilt the package and did not
sign it with PGP, I had a fixed package.
Third, I went to the Debian box and typed 'apt-get update ; apt-get upgrade'. After a few routine prompts, none of which triggered security alerts, the box was rooted by my "custom" package.
Fourth, I went to the Redhat box and did an 'rpm -U' pointed at the updates.redhat.com server. I got my trojanned RPM back, with no warnings or prompts to tell me it hasn't been signed. And I had an ftp server with a new backdoor up in a matter of minutes.
So, to summarize: the FBI can easily set up a transparent proxy between you and the Internet, and trick your OS into installing malware. You're damned if you do and you're damned if you don't, because you need to download the wuftpd-of-the-week sometime.
As a matter of comparison, my Windows 2000 box has no such vulnerability. The first time I went to Windows Update, I checked the box that said "always trust content from Microsoft Corporation." Therefore, only Microsoft's real certificate will be accepted by my machine. Even if the FBI forces Verisign to issue an impostor certificate, it will be detected and thwarted.
Linux distributions need to band together and find a trusted individual who will be responsible for signing all packages and verifying that they do not contain backdoors. That is the only way to solve this issue. Personally, I nominate Eric Raymond, because of his widespread respect from the community and business leaders alike. Additionally, he is a staunch libertarian and would not cave to government pressure to insert backdoors into something that he has signed. I believe that by charging the distribution vendors a small fee per package, ESR can again achieve financial success for himself and his family.
This is a serious issue for Linux users and I believe it should have been addressed years ago. That said, now is not too late and definitely not too early. I look forward to seeing this feature in all future releases of the major Linux distributions.
df
If you can't replace the word "it's" with "it is" in a sentence, use "its". Really, how hard is it?
Oh, wait, Taco still hasn't learned the difference between "then" and "than". (Hint: "better then" is not proper English.)
I thought that the antivirus companies had AGREED to NOT make their programs detect "Magic Latern"???
There's 10 types of people in this world, those who understand binary and those who don't.
I'm not worried about Magic Lantern. I'm worried about the stuff we haven't heard about yet. Really, if the FBI wants to spy on citizens (or criminals for that matter) there is no way they would let their ideas be known.
Everytime you look at porn a devil gets their horns.
Anyone else for getting a satilitte modem and solar panels and move with me up to the mountains?
Hello, Mr. FBI Man, would you fuck me? I'm a flaming homosexual faggot, like I believe you to be, and would very much enjoy locking you in my basement, tying you to a chair, stripping you naked, and spooging my jizz-snot all over your smooth, child-like pudgy body. How loud do you scream when someone flogs you between your legs with a leather whip?
Do you have a foot-fetish? Would you like to suck on my toes? Can I whip your feet? How loud will you squeal then?
Do you enjoy little boys? I have quite a harem of little boys myself (I borrow them from Jon Katz) and if you enjoy it, you can use any of their smooth, hairless little bodies to your liking. The youngest quite enjoys "bukkake" sex if you know what that means.
Email me if you're interested. wipotroll@hotmail.com!
J. Wipo Troll, Esq.
Crapflooder Associates
Slashdot.org
I'm can't believe they admitted it, talk about a smoking gun. Public opinion is just now turning towards questioning the "anti-terrorist" actions of our government. We could have figured out they were spying on us, I wonder what force inside made them be honest about it for once.
spacefem.com
How is this different than any other "Hacker" tool?
Seems to just be a government version of a keylogger that should be detected by any virus good virus scanner, unless the virus companies are made to not detected it....
Yes, I know this part is old news. Still, it makes me cringe whenever I see it. I assume there have been discussions of lawsuits/injunctions against ISPs to keep them from divulging this kind of stuff without a customer's consent. Could anyone post links to resources out there on these efforts for me? Thanks in advance.
"Prepare for the worst - hope for the best."
I wonder if this is related to the vulnerability in IE.
Also, why do they have to require back doors, sniffers, and other things to be installed on ISPs and asking anti-virus makers to turn a blind eye to the SECURITY VULNERABILITY that would obviously arise if one could somehow spoof Magic Lantern and in so doing attack or otherwise hijack the computer?
Why not try to gather intelligence by using spies and other methods that do not necessarily require them knowing my password for the QBasic forums that I visit, or my credit card info for purchases I make at Amazon.com?
Also, why deny it? People already don't trust the government as it is, so why pretend it doesn't exist? It doesn't help at all, but at least be honest about looking over our shoulders.
I have 3656.9 Bogomips. How many Bogomips do you have?
This is a very nice new troll. Well done, and I hope it serves you well in your quest for angry replies.
Let me start the ball rolling by saying
"You fucking ignoramous!!!!"
:-) Again, congrats...you obviously put plenty of work into this.
Does anybody know anybody with any information about how to trace it? Now is the time for making Magic-Lantern scanners if the commercial virus protection crew are in on it...
- Malx
The way I see it, since Magic Lantern uses security holes in software to install itself -- might the FBI have secretly persuaded Microsoft, etc. to NOT FIX, or maybe even CREATE security holes??? After all, what good is Magic Lantern if it gets "fixed" in the next Windows Service Pack?
There's 10 types of people in this world, those who understand binary and those who don't.
If the FBI wants to read our keystrokes to capture our passwords then I guess the next course of action is to move to hardware keys. There are a variety of biometric devices available, but the simpler (and more system-independant) solution would probably be to store private keys on one of those USB Flash-RAM dongles.
No word on Debian AFAIK, but I don't really support it so I wouldn't know.
-all dead homiez
All your privacy are belong to us.
CmdrTaco! Would you fuck me? I'm a flaming homosexual faggot, like I believe you to be, and would very much enjoy locking you in my basement, tying you to a chair, stripping you naked, and spooging my jizz-snot all over your smooth, child-like pudgy body. How loud do you scream when someone flogs you between your legs with a leather whip?
Do you have a foot-fetish? Would you like to suck on my toes? Can I whip your feet? How loud will you squeal then?
Do you enjoy little boys? I have quite a harem of little boys myself (I borrow them from Jon Katz) and if you enjoy it, you can use any of their smooth, hairless little bodies to your liking. The youngest quite enjoys "bukkake" sex if you know what that means.
Email me if you're interested. wipotroll@hotmail.com!
J. Wipo Troll, Esq.
Crapflooder Associates
Slashdot.org
LOL... glad to see you are as irritated by that as I am. Thanks for the post.
AGAIN: If you can't replace "it's" with "it is" in the sentence you were using, use "its". "it is existence" would not be correct; therefore, the correct form of the word is "its".
I don't want to be a troll, but I'm really sick of seeing this kind of amateurish grammar on Slashdot, and I know I'm not the only one. Taco seems to have given up. He always uses "its", but that's not correct either! Remember the "it is" rule stated above, and you'll be correct every time.
P.S. "Better then" is not correct either. When comparing, use "than."
Ok so to my understanding M.L. comes in the form of a virus.... Wouldn't that be considered on the same grounds as other virus' that have been released using major holes etc...?
Granted we're all going to hear about how they'll only use it with a warrant... but just the fact that they can use it in the first place, warant or not, should be enough to raise some serious questions. This is more along the lines of 1984 than Brave New World by the way...
What's to stop some random FBI hot-shot from logging keys of random people just to see what he/she can find?
The one good thing now is that since they have admited to it's existance, now it should be slightly harder to implement, and also have a few more sets of eyes watching the watchers.
I nomenate CowboyNeil.
"It's the Law of the Universe, and I'm the sheriff." Slash-cott 2/10-2/17
"The thought police would get him just the same. He had committed--would have committed, even if he had never set pen to paper--the essential crime that contained all others in itself. Thoughtcrime, they called it. Thoughtcrime was not a thing that could be concealed forever. You might dodge successfully for a while, even for years, but sooner or later they were bound to get you." --pg 19
I don't think this software will be much of a problem to the informed ones among us.
The people at risk will be the basic newbie user, the user who was gullible enough to install microsoft software, and Members of Congress.
http://en.wikipedia.org/wiki/2004_U.S._Election_c
Hopefully someone will find a copy of this thing and get it to the 'right' people so we can me a snort signature of it.
The "problem" with relying on security holes is that they tend to be discovered and published by third parties.
If there is an intentional security hole in Windows then it's likely to be found by someone - and then what does MS do?
Mmmmmmm
Does any of this come as news to anyone here? Every time we do anything linked to a public network like the net, we should consider that our actions are not secure. So Magic Lantern story is just highlighting that. Nothing is secure. That's life.
I'm not one for violating our freedoms however something like this may help in scaring would be virus creators, hackers and others problematic computer uses (ie. DDOS attackers). If it will help eliminate problems like that I'm all for it, even if my overall freedoms are curbed a little.
Nathaniel P. Wilkerson
www.haidacarver.com
People fear things like this, yet they really don't have reason to unless they've been doing something worth investigating which is most likely some illegal activity. The FBI doesn't care to read your email or get access to your pr0n, their goal is to deal with threats to security and other illegal activity. The average citizen or even seasoned geek doesn't have much to worry about.
The article says that they haven't actually started the program yet, so it isn't too late for distributions to begin implimenting fixes and detectors of this is it?
For all the FBI, CIA and the so-called "intelligence community" that have the blood of thousands of Americans on their hands. From this article.
But one of the things that would be interesting to know, is how on earth did this guitar strumming, white boy suburbanite, Cat Stevens-wannabe manage to infiltrate the Taliban, a task that is supposedly so formidable that not even the best of the Central Intelligence Agency has been able to achieve it over the past six years?
Well how long are you guys going to wait to call your babies? (Together) Six days.
...just another example of what happens when you use shitty free software.
I learnt along time ago that you only ever get what you pay for.
Linux == Free == Shit
Viruses spread because each time a user is infected they spread the infection to an average of more than one user. Most viruses die very quickly. Of the thousands launched each day only a handfull infect more than a few hundred sites. The probability of infecting a particular machine is actually quite low. It is going to take rather more effort to spread the trojan payload than the FBI expect.
Simply sending out random spam and hoping the target opens an executable that installs the trojan is not likely to work. A more likely means of succeeding is to attach the trojan to a downloaded executable.
A much easier solution with lower downside risk is simply to install a good old fashioned room mike or to use CRT radiation to snoop on the screen.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Comment removed based on user account deletion
you'd be calling it 'cyberwar'...
Buckets,
pompomtom
"There's an exception to every rule. Except for some rules"
You know, this Magic Lantern thing will sure make life boring. Whatever happened to the good ole days when the feds actually had to sneak in your house and plant a bug inside your coffeemaker (like in all those cool 80s action movies)? Man the feds are sure getting lazy.
I'll bet you wish now that you had counted all the votes back in December! "But we can't count illegal votes," you said. Well now your precious Bushy Wushy has gotten the World Trade Center blown up and started a war! Don't you remember? Who was it that forged the Jew-Arab peace accord? It was my pal Mr. Clinton! A Democrat! Democrats are friendly, cuddly teddybears who stand up for peace! Republicans are greedy, oil-soaked warmongers who would gladly kill New Yorkers in the name of higher oil prices!
Sorry, sorry, I got a little carried away. My point is that America needs a leader, someone who will give peace a chance. Someone who was once defeated but returns triumphantly, like Jesus. And who has a beard... like Jesus. And who casts his foes and his wife Tipper into a lake of fire... like, er, Jesus. I'm trying to be subtle here, but since some of you fucktards can't even use ballots without having brain spasms, I'll make myself clear: Vote Gore in 2004, or the blood of murdered Americans will be on your hands!
Thank you.
God Bless,
Al Gore
Inventor of the Internet
Father of our Country
So, here's the deal.
:)
Why do you need defense against "Magic Lantern" if you're not doing anything illegal? That's like telling a cop that you refuse to give him access to your home to search it without a warrent. All you're doing is causing a bigger hassle for yourself. I guarrentee, the more the internet/open source community rebels against this one, the worse it becomes.
You know what? This whole thing isn't anything new. Novices have been writing for their own ego to crash thousands of systems, and these are highly trained FBI officials with both a government and a population behind them. If you're caught doing illegal stuff, you're going to be found.
Of course, there have to be safeguards against this type of thing. If someone got ahold of the way to get data from a "Magic-Lanterned" system, this whole thing would be back-orifice 2. Anyone with any sort of information on which computers had the client software or crack done could get information as well.
Because of this, I propose the FBI must be doing something to limit this type of ability. The software must have some way to check who's grabbing the data out of it. If you're going to defend your other internet users against this type of thing, I say that's the key. Find out how to use their own software and twist it into nothing more than a downloadable program on your local website.
It seems inane. Guys, live with it. It's FBI in your home, but then again, its better than terrorists in your mall. My only concern is that this whole thing is going to end up in the wrong place once the scares are over, and then we're all in for a trip.
Stop pirating now.
Learn how to spell before you talk more shit.
Grab the source, check your code. Don't trust downloadable binaries any farther than you can throw your computer.
I like to fuck four-year-olds with my ponderously large penis. Preferably in their mouths. I especially enjoy jizzing on their virgin lips and cheeks. That is all. Carry on.
J. Wipo Troll, Esq.
Crapflooder Associates
Slashdot.org
The super-paranoid will be safe from Magic Lantern because they probably don't upgrade software often and they probably patch security holes themselves. But for the rest of us who want to *use* our computers, this is an enormous problem.
df
So now the FBI will be able to catch terrorists even better!
What this country needs is more power and oversight by police agencies - East Germany had it right when "smell samples" were collected in jars so dogs could hunt down disenters.
Of course, this will mean nothing to civil rights because as we all know that the FBI is a trust worthy organization that would never do things that would jeopardize our civil rights by installing key loggers via internet virus (because that would not exactly be targeted eh?.
The FBI is also trust worthy, they would never, for example, abuse the justice system by, say using RICO (anti-organized crime) laws to punish pesky protesting environmentalists, or arbitrarily ask nearly all muslim students in the USA to come in for interviews (and chase them down if they don't come by) - or even threaten to reveal that a person charged with a crime is gay (and cause his suicide)
And they would never do anything like compile a list of "persons of interest" and maintain a dossier on each person in the USA that has been charged (not convicted) of a crime), as well as all immigrants in the USA (they did a mighty fine fucking job lately eh?)
Don't worry, the FBI will protect you in the future because of their new powers!
BTW, would it be in a anti-virus company's best interest to reveal that their software has programmed defects? I dunno. . .
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
Look, guys. It's simple.
Get a warrant. I'll show you anything you want to see, but show me your goddamn warrant first. Until you have it, you have no right whatsoever to search my, or anyone else's computer. I don't care what your reason is. This is not acceptable.
The fact is, Brits don't know shit about grammar. You fucking Brit's don't even know that a "full stop" is called a "period". Morons!
Exactly. Thats what i always wonder about whenever they show stuff on TV which seems to us like inside stuff and a show-all policy.
I feel like i am sitting on on top of the largest iceberg.
nice to know, and thanks, but really - what else?
are you more afraid of hackers or the FBI? At least I have respect for hackers. Keep those packages up to date... It's us vs. them, "them" being both the bad guys and the "good" guys now. Pretty sad that basic rights to privacy can be stolen so blatently.
My penis is, I am somewhat proud to say, extremely large for a fourteen-year-old boy like myself. It takes two hands to hold it up. It is a monstrous phallus. When I rub it in a certain way, it gets even bigger! Then it feels really good and all this sticky stuff comes squirting out of the end of it! It is most disturbing, but it feels really good! I wonder what good the huge thing is, though...
J. Wipo Troll, Esq.
Crapflooder Associates
Slashdot.org
I think it's a relatively simple matter to be sure your keystrokes weren't being detected by the FBI.
Step 1: Buy a laptop.
Step 2: Buy a floppy disk
Step 3: Do all your encryping on laptop
Step 4: Ensure you never connect laptop to internet
Step 5: Use the floppy to transfer disk to encrypted data to internet computer.
Step 6: Send encrypted data
No doubt that saavier criminals are already taking such precautions.
---Technology will liberate us if it doesn't enslave us first.
But, there's one solution to the problem.
Another would be hella encryption on downloads with some new kind of checksumming procedure.
I dunno... Just throwing ideas out here, people.
I think if FBI had to deal with microsoft to request them NOT FIX or CREATE security holes, then why not just tell them to include it in the next service pack? It isn't something really new, as there have been rumours of Microsoft installing backdoors on users' machines anyway.
Don't quote me on this.
Why were they honest about it now? Simple: this is the best political climate the FBI could have asked for to reveal something like this.
:grin:
Surveys show that most people, given the 9-11 attacks, are more than willing to trade freedom for security.
"A recent ABC/Post survey found two out of three people expressing willingness to surrender 'some of the liberties we have in this country to crack down on terrorism.' Cole attributes this not only to a heightened concern for safety, but to the fact that the majority are not generally affected--that is, it's not their relatives being detained and questioned." (Taking Liberties: Fear and the Constitution)
"At times like this, a democracy must balance its need to protect itself with the freedoms that define it. Last week's terrorist attacks have raised the debate pitting homeland defense against civil liberties to a level not seen since World War II." (For now, security trumps liberties)
"From the very first surveys after the World Trade Center and Pentagon attacks, most Americans told pollsters that the country would have to give up some rights to fight terrorism (79 percent in a CBS/New York Times poll in September). A Gallup survey conducted Nov. 26-27 found six in 10 Americans who said the Bush administration has been 'about right' in its limits on civil liberties, as opposed to 10 percent who said the administration had gone too far and 26 percent who think it hasn't gone far enough." (Public Supports Domestic Crackdown on Terror)
After all, if you're innocent, what do you have to worry about anyway?
I just tore my own penis off in the paper shredder in the office. They told me it would feel good to stick it in there. Bastards.
Didn't M$ get caught with a special backdoor in NT where it included an 'NSAKey' in the registry? I don't recall its denials being particularly persuasive, but M$ is still with us...
I just took my own nipples off with a belt sander. Ouch...
Hot, sweaty sex with Gillian Anderson!
I like to rape them. With my huge wad.
"If MS intentionally and with clear thought..."
Footnote: in one of the proposed remedies against MS for its abuse of monopoly power, there was talk of opening the source for a bunch of their stuff... except for things that the government would choose to explicitly not allow open-sourcing.
One can readily see that as meaning the government gets to keep its backdoors and keyloggers and suchlike from prying eyes.
--
Don't like it? Respond with words, not karma.
First of all, anyone who defends "Magic Lantern" by claiming they have nothing to hide is kidding themselves. We all have something to hide. Our pirated software, our porn stash, our unpaid speeding tickets. Most people nowadays let their lives flow through their keyboard, so why not just install cameras in everyone's house? Because you wouldn't get nearly the same level of information.
Keylog yourself for a week and look at the results afterwards. If you take five people, four of them will have something to hide, and fifth one will next week.
This is a blatent violation of privacy and completely disgusts me. Next time you want to raid my life, get a fucking warrant.
I wish more people would actually read Huxley's "Brave New World" before applying that phrase everytime government gets a little out of control.
Seriously, "Magic Lantern" and all the other privacy-invasive technologies used to snoop on private citizens are still a far cry away from the world of "Brave New World." After all, we still possess enough of our wits to question whether these steps are necessary, legal, and ethical. The folks in "Brave New World" didn't even go that far.
We are much closer to Orwell's "1984" then we are to "Brave New World." And I'm not sure which is the more frightening.
In 1984, the government had to force people to behave using the classic methods of tyranny. In Brave New World, the citizens were kept so damn happy that they would never question that the government didn't have their best interest in mind, regardless of what it did.
Remember: in 1984, our protagonist was someone from withen the society who began to realize what a living hell he was in and began to try to do something to better his condition. In brave new world, our protagonist was someone how came from outside of the society, having been raised on a "reservation". It was only because of this distance from the reality of the "Brave New World" society that he was able to see how awful it truly was.
Publicly available debug symbols for Windows revealed that there is a constant in the code called NSAKey.
There's plenty of speculation about this.
Mmmmmmm
What part of "M O N O P O L Y" don't you understand?
You may just as well say that the past tendency of telecoms -be they the regional monopolies or AT&T, the mothership of them all- to give the FBI and others transparent access to your phone records and voice communications has made US. customers unwilling to do business with Verizon, PacBell, et al.
If they've heard of NSAkey or half of the holes MS software is festooned with, screensavers that BO your NT servers, desktops that can be made to execute arbitrary code through freaking CLIP ART files, and they STILL use Macrosieve products in sensitive areas then they must feel they have no choice in the matter for some reason, eh?
"We have a new software that does not exist yet but will give us the ability to infect a computer remotely"
With a remotely installed spy app they could remotely uninstall it. AKA no search warrant needed to get it on there in the first place because they can remove it any time they want causing a gapping hole in the 4th amendment (remember the Bill of Rights?). The other thing is how do they get this installed on a Linux system? The same binaries that work on win32 systems will not work natively on nix systems. Does this mean it could be the first Trojan to work across multiple OS's?
Ascii artist &
Distributions should reject packages that aren't signed with a trusted key by default. And make the user specify the --really-install-an-untrusted-package flag in order for the package manager to accept it.
df
I have no problem whatsoever of the FBI's using something like this, as long as it fits within the realms of how they already do investigations.
my fear is what if the FBI comes up empty after trying magic lantern against a target?
iow - install it, then fail to find or obtain what they're looking for. Will the warrants require removal of the lantern after a certain amount of time?
And what about repeated failures? Get into the computer, not find anything, back off, get another warrent, try again, still nothing. Would there be limits on how many attempts there are? Or a limit to the the number of searches within a given timeframe?
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
>I'm not one for violating our freedoms however
The word "however" doesn't belong in a sentence like that.
>something like this may help in scaring would be virus creators, hackers
>and others problematic computer uses
Since when is scaring people a valid function of our government? I thought striking up fear was a tactic of the "evil doers," not the good guys. Maybe you meant deter instead of scare. Like the death penalty prevents murder from happening. Like tickets keep people from speeding. Like the threat of a suspended license scares drunks out of driving. Yeah, deterrence really seems to work well...
>If it will help eliminate problems like that I'm all for it, even if
>my overall freedoms are curbed a little.
Statements like this make me afraid. Very afraid.
Randomly executing 1 in 100 Americans would help eliminate problems like the ones you mention; if you kill enough people, you're bound to hit a script kiddie eventually. Would you mind the risk of being the poor bastard out of 100?
Civil Disobedience has been the only real power The People hold. If the ability to do this is prevented it will be a great tragedy for America, and the begining of the end of the current Government. This is the _real_ need for Privacy, so you can do things which may not be wrong, but are illegal under current legislation. Illegal has no moral or ethical stance, it is an artificial creation.
What does this currently threaten? It is only through this avenue that I believe IP/Patent laws can or ever will be reformed. I certainly hope they do, so I don't have to explain to my grandchildren why knowledge and human creation built for thousands of years, their Birthright, the first creation of man that had no scarcity, enough for anyone willing to see, was caged and locked away only to be available to the richest, or at worst lost forever.
This is a direct attack to the defenses the people have against their rulers.
"I don't know that atheists should be considered citizens, nor should they be considered patriots." George HW Bush
most AV tools monitor program execution for anomolis behavior by unknown virii. would magic lantern be able to avoid being detected by that?
also, what about personal firewall programs? I use Tiny Software's PF (yes, under Windows, sad isnt it) that checks the md5 of an executable before granting internet access. on top of that, it can allow you to block certain apps from making/accepting connections from various sites. for example I have it set to not allow Mozilla access to doubleclick and some other ad servers.
Here, two things exist: the lantern has to find a way around the md5 and also find a way around asking the user "PGP wants to connect to [fbi-ip-address], allow it? (y/n)" Getting through one or the other might prove difficult.
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
And in 1968, the Hugues Glomar Explorer was looking for nodules on the pacific floor ...
Seriously though, how plausible do you think the following scenario is :
McAfee receptionist : Hello gentlemen, how can I direct you ?
Men in black : [showing their IDs] We work for the department of Homeland security. We need to speak to the CEO at once. You also are not to mention our visit to anyone by measure of national security.
MR : [picking up the phone] Mr. Sampath, important visitors for you.
Srivats Sampath : What can I do for you folks ?
MIB : Your company is under strict orders from the FBI and the department of Homeland security to provide appropriate backdoors in the software it produces. These backdoors are confidential-defense and must be revealed to the following persons only : [list of persons]. Any of you or your employees who have knowledge of these backdoors who reveals the existence of the backdoors will be detained and judged by a military court. Any question ?
SS : [going into brown alert] Yes yes Mister, anything you say. Have a good day Sir.
SS : [later, talking to the PR guy] John, write the following press annoucement and send it immediately to PRNewsWire : McAfee will NOT NEVER EVER UNDER ANY CIRCUMSTANCES NOT ON YOUR LIFE install any backdoor ever in our software. Never ever. Promise.
You think I'm paranoid ? Heck yes I am. The above is a bad fiction, and if nothing else, it certainly shows that I have no knowledge of who does what in the government, but my point is : none of these anti-viruses are open-source, how the hell are we supposed to know they're saying the truth ? especially nowaday, can you really trust anybody even remotely involved in computer security to tell you the truth ? Well, I'm taking the easy way out of that dilemma and I'm sticking to "alternative operating systems" that don't require proprietary anti-virus softwares in the first place, and that are known not to contain backdoors as long as the user administers the box properly.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
What's wrong with adding apostrophe's to all the word's that end in s's?
You Linux guy's suck.
MOD me up, too, for I know how comma's work.
Leucian "Not a troll" J.
spankmehoff@hotmail.com
Magic Lantern is not spread by software or over the internet. They get a warrant to do one of their black bag jobs, and they just go in and put it on your machine. It steals your passwords so that the wiretaps can decrypt your messages. The alternative for the FBI would be to do a black bag job and go in and place a camera that would watch your keystrokes and steal your passwords that way. Thus, Magic Lantern is much less intrusive, since it does not see everything that a camera would see. And the National Guard hasn't militarized the US-Canadian border; they are merely 'expediting' border crossings.
I wish to give every man in this room a taste of my gloriously large penis!
J. Wipo Troll, Esq.
Crapflooder Associates
Slashdot.org
Is it green? Can I fight evil with it?
In brightest day, in blackest night, no evil shall escape my sight,
let those that worship evil's might, beware my power --Green Lantern's light.
How about programming a "hardware abstraction layer" that would interact between the input and the system and the output.
The layer would only allow input to be passed to a specified program, and output would be passed only from that program - encryption would also be used between the input / system / output.
Sort of like an encrypted remote login, except that it would take place within / on the same machine, sorta a basterdized winnt.
It would be a shitload of programming methinks (i.e. a new shell, re-written (or heavily modified) programs) I dunno, I could be full of shit. However, if you would only be using the prog for the encryption of files / sensitive data . . . possibly send output to another device instead of thru the vid card..
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
Magic Lanterns are neat. They power up these kickass green rings which can kill terrorists with gigantic green hand tools. I feel a lot safer knowing our government has them.
The FBI has found the Magic Lantern. High level meetings are taking place, in which it will be decided who gets to rub the lamp and who exactly will get the three wishes.
This virus'll probably die out FAST. Programmers will probably download the virus, never run it, decompile it, steal the signature, and make an even more dangerous virus then it was previously. Like, say, instead of a keylogger make it wipe out CMOS like Chernobyl does. I honestly think that the FBI is making a big mistake by doing this, because they'll be flooded with useless data. Besides, are hackers REALLY stupid enough to check their email, and download programs that they don't even know who it's from? They're gonna get the stupid people, not the hackers..
There's a homily about how, when everyone is a lawbreaker, government has total control over everyone -- there will always be a pretext for detaining any person.
As another poster mentioned, it is quite likely that none of us would like to have all of our keystrokes made public -- some of our innermost thoughts go right through our keyboards, and Magic Lantern wouls apparently make no distinction between keystrokes that you intend to publish on the web, and those intended to stay private (financial info, personal letters, diaries, medical correspondence). If you think this sort of tapping would only occur under warrant, you aren't following the latest news.
Since 9/11, we already see our government detaining people for more extended periods of time even when the detaineee has not been accused of a crime, refusing to share the evidence against those detained, and the Dept of Justice is even, per AG Ashcroft, allowed to monitor conversations between people in custody and their lawyers. That last one applies to everyone, and is not limited to suspected illegal immigrants.
This is the top of a very slippery slope. If we give away rights to privacy in our homes and with our legal counsel, we will never get these rights back.
"A man who gives up some of his liberty for a little temporary safety deserves neither liberty nor safety." - Benjamin Franklin
"Whether or not legislation is truly moral is often a question of who has the power to define morality." -- Jerome Skolnick
Warning - Slightly off-topic
Since so many people are against things that impose upon the Bill of Rights, I was wondering how many people donate money to the ACLU? The groups main purpose is to defend our freedoms. So it would seem that one way to help fight the problem is to donate!
It seems to me that keeping Magic Lantern from working should be fairly easy for any terrorist who knows that much about it. He could have the computer that he writes and encrypts whatever it is he wants to send out disconnected from any network. Once the (let's say) email is written and encrypted he puts it on a disk goes over to another computer hooked up to the web and sends it off. Terrorist number two recieves it on one computer, puts it on a disk, loads it onto a disconnected computer, and decyphers the message using his key for the encryption scheme they used. This way, no computer that has the encryption on it (and thus the keystrokes) is hooked up to the internet and so can't get magic lantern. And if it somehow was infected, magic lantern would have no way of sending the info back to the FBI. Am I wrong? Shouldn't this work?
"A witty saying proves nothing." - Voltaire
"That's like telling a cop that you refuse to give him access to your home to search it without a warrent. All you're doing is causing a bigger hassle for yourself."
You are under the misguided beleifs that:
1. Only guilty people exercise their right to privacy
2. Only guilty poeple have items seized as evidence upon a voluntary search.
Lets say for example, the FBI knocks on your door saying they suspect someone has been sending death threats to the president from your computer. They are mistaken. They want in to "look around" and walk out with your computer. Good luck getting it back, cause it will be in a "evidence" vault till you die, regardless of innocence or charges being sought. They could do that with ANY item in your house that MIGHT be tied to the crime and odds are you won't get it back, ever.
Reminds me of a county n Texas, all traffic violators were searched and anything that the searchers thought was "drug related" was seized. Well, a buisness man was speeding though said county, pulled over and lost 10-15K (I don't remember the exact figure) in cash he was taking to his son as a loan, all of which he could prove was legally earned. He ended up sueing, and getting little more than half of it back.
So, my legal advice to you (IANAL-Lawyer) is to NEVER ever for any reason let any cop search any of your property, unless they have a court approved warrent.
Burn Hollywood Burn
Yeah right. The classic easy answer of someone that get nothing better to argue. In a matter of fact I'm not english native. I suppose it make me less intelligent ?
If it was that inportent for the me to keep the FBI (or anyone else) out of my data... the machine with PGP woulden't be the one on the network...sneaker net a cd of the encrypted data. To a box (or singel disk distro) decrypt there.. write a reply there.. sneaker net it back to the box on the net.. you get the picture.
Wasn't there a project going to create a bootable Linux-on-CD OS? Actually run from the CD and a ramdisk created on boot? Having trouble tracking it down, though.
>In a matter of fact I'm not english native. I suppose it make me less intelligent?
No, but when you know you may have problems with a language it would show intelligence if you would spell check your submissions.
Once again the old adage proves true. If we fund fundamentalist, paramilitary, or resistance groups in far-off countries, they're "freedom fighters." If someone else funds them, they're "terrorists."
If someone puts a trojan or virus on your machine to spy on you, it's "cyberterrorism."
If the government puts a trojan or virus on your machine to spy on you, it's "domestic security."
Why do you need defense against "Magic Lantern" if you're not doing anything illegal? That's like telling a cop that you refuse to give him access to your home to search it without a warrent.
You're damn right I'd refuse access. If all he's going to give me is his word that the search is for a lawful purpose, all he's going to get is my word that I'm not doing anything wrong.
Honestly, think of what your statement implies: that nobody deserves privacy because law-abiding citizens have nothing to hide. The next step is "Why do you need encryption if you're not talking about anything illegal?" And then perhaps "Why do you need blinds in your windows if you're not doing anything illegal?" We may as well put everyone under video surveillance -- after all, if they aren't doing anything illegal, they have nothing to hide. Right?
Come on. You'd allow the government to break into your computer (or the computers at your place of work, your school, your bank...) just to make sure you're being good? Grow some balls.
My only concern is that this whole thing is going to end up in the wrong place once the scares are over
It won't end up in the wrong place when the scares are over -- it'll end up in the wrong place immediately.
Visual IRC: Fast. Powerful. Free.
"Always trust code signed by Microsoft" trusts the certificate, not the name on the certificate. Users are actually safer if they check this box, because if they always trust the authentic MS certificate, their system will only prompt them for confirmation when a bogus "MS" certificate is offered, not when they see code signed by the cert they accepted. So if they ever see the prompt again, they will know somebody is up to no good.
Does ESR have the time to do this?? it seems like a daunting task.
How 'bout adding a layer of security to apt, so that it authorizes the server it is connecting to, with SSH or something? and/or adding a "secure" preference that won't install packages through apt/rpm that aren't signed... at least this way the user can automatically deny unsigned packages if he chooses.
are jews and niggers... luckily I am neither... Seig Heil!
I must burn in hell, suffer and pay for my sins
But Gods the one who's losing, Satan always wins!
Send all your mail (and I mean all: cheques, kiss-ass late notice replies, love letters, porn orders, everything) in clear ziploc sandwich baggies for a while (at least 3 or 4 months).
If, after all that, you come back and say "It made no difference. I had nothing to hide" then I'll believe you. No cheating by self-censorship allowed.
'Till then I bet you're just like everyone else -- you have at least one skeleton in the closet.
Remember, the FBI are people too. What interests the mailman that's in those baggies interests an FBI agent just as much. The only difference is that the mailman is under special orders not to read your mail.
If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
First off, this shows how much we need to have some kind of open registry of certificates. I mean, does anyone really trust Verisign, especially now that they own NSI? I mean, talk about people willing to give up credibility in order to pursue monopoly.
Also, is there not a way in which we can set up some kind of distance authenticity verification? Or routing verification?
What if there was a service set up that allowed us to send out a request through an alternate random routing (for which we got back and traceroute list to verify) and set a codekey on the machine, and then when we connected to the machine, it would only connect if it had the codekey. Even if they spoofed the network connections and routing, then we wouldn't be able to connect, since we'd know that there was no codekey there. Granted, doesn't solve the problem, but it quickly says to me, time to get a new ISP who doesn't let the Feds run the whole deal.
The power of accurate observation is commonly called cynicism by those who have not got it. - G.B. Shaw
might the FBI have secretly persuaded Microsoft, etc. to NOT FIX, or maybe even CREATE security holes???
Nah, it's easier to say something like "We'll deal with those icky monopoly charges if you just add this to your code..."
After all, who knows what's in there...
Feel the fear and do it anyway.
Do not fear what they tell you they are doing. Fear what you are not being told.
Does anyone really think that Magic lantern, or carnivore, or any other media whore flavor of the week is a truely serious concern? Yes, there are possibilities for backdoors to fall "into the wrong hands" But just what do *you* stand to lose? A piece of your freedom? yeah, that is a legitimate concern, however, was that a freedom you really had?
Anyone who has had to deal with law enforcement with a computer-related incident loves nothing more than to howl about how woefully out of touch those in authority are. Then, when said groups make attempts at learning, the same folks go on half cocked screaming orwellian brave new world like lemmings.
the one argument that keeps coming up is "if you have nothing to hide why are you concerned?" Well, if you have nothing to hide, odds are you'll never have to deal with software like this in the first place. they still need a warrent, they still need a reason to target you. There's a reason search warrents aren't mentioned in 1984.....
Is there a signifcant risk to freedom at stake with recent legislation? There could be. Is there a dedicated group of individuals that want to run around screaming "brown-shirted nazi jackboot black helicopter Orwellian thought crime brave new thugs!" at the first mention of the FBI? Yeah. Any government agency concerned with the safety of the populace is going to end up on the wrong end of popular opinion anyway.......
There are some people that if they don't know, you can't tell 'em.
/me unplugs cable modem and cowers in the corner in fear.
Linux: The world's best text-adventure game.
The one thing I take heavy issue with is the anti-virus companies decision to have the product that I paid to make sure unauthorized programs not run on my computer are letting this one in. To be honest, do I really need antivirus programs with all that I know now?
/. should do the same.
I have a bbiagent.net router that I routinely check on. Several times my friends have brought over M$ machines infected with viruses, I would see them trying to connect to the router on goofy ports, then look up what viruses use that port and take the right action.
What would be really nice is if the EFF or some similar organazation makes a blacklist of products infected with this crap. I don't think it would be too hard to detect, lots of smart people out of work with time on their hands now. More of us than the FBI, yeah coppers good luck!
I would not buy a product nor subscibe to a service that allows access unauthorized by me. The rest of
They took the first step, getting the virus catching companies to agree not to detect it.
The next requirement is to get Microsoft to agree NEVER to fix their security holes. Additionally they must agree never to release the source so someone else can develop a patch to fix the problem. Twist their arm even harder to get them to agree.
Then they have to get the snoopees never to use linux. While linux as the OS of choice of terrorists would academically increase usage, their testimonials would be unlikely and undesired. "Without linux we could never have blown up _____."
When MS includes Digital Rights Management in their operating system the RIAA will certainly try to sue linux out of existance and the Gov will support their lawsuits. "Protect the country from terrorism (and our copyrights) by banning linux."
While encryption is great, if the bad/good guys can recover my private key because it's sitting on my filesystem what good is it? What alternatives/solutions are out there for private key storage or are we all going to have to purchase biometric devices?
Just store your important information on a computer that is not connected to the internet. Unless Magic Lantern actually posses some magical abilities, it wont be able to keylog jack shit on the unconnected computer.
One solution is as follows... make a clear, concise statement that companies will refuse to run virus scanning software at all as long as the FBI's "virus" is allowed to roam free and unchecked.
Then, watch as Melissa hits again and devistates the economy. Seem radical? Yes. But frankly, there comes a time when drastic steps need to be taken. Just think about how long it would take, in such a scenario, for the FBI to force the antivirus makers to update their software to clean things out... Short-sighted lawmakers may take away a citizen's freedom, but we still have the power to control what does and what doesn't happen in our government (well, with regard to the FBI).
Maybe an open source anti-virus tool for Windows is a better idea... as long as the FBI's targets are protected the software will be useless.
Being board I've tried to click on all the news links provided in your story.
Unfortunatly I can't find anything - in every browser [IE, Mozilla and Netscape] I get a "host not found" error...
... weird.
But at least now when I say that they [Big Brother] are watching us I have proof and people won't say I'm crazy.
Get your Unix fortune now!
Magic Lantern is nothing new.
It's the networked computer-version of a phone wiretap.
In both cases, permission to use either information-collecting method has to be authorized first by a court-order. From the article [news.excite.com]:
When asked if Magic Lantern would require a court order for the FBI to use it, as existing keystroke logger technology does, Bresson said: "Like all technology projects or tools deployed by the FBI it would be used pursuant to the appropriate legal process."
...which is legalspeak for "Yeah, as long as wiretaps require court orders, so does Magic Lantern."
I can't believe the number of posts comparing the introduction of Magic Lantern to a civil liberties meltdown getting +1 Insightfuls. They're about as insightful as the patriotic idiots who'd allow government agencies unchecked freedom to invade private citizens' lives in the name of antiterrorism.
The citizens of the US have a responsibility to watch over the actions of its government, to serve as a check against the growth of abuse of power. Melodramatic statements like "Welcome to a Brave New World!" and knee-jerk antigovernment statements like "Trust the FBI to abuse this the minute they get it" merely serve to marginalize and decrease the credibility of those that speak out against government agencies becoming too unfettered.
Am I afraid that Magic Lantern may someday be abused? Well, yeah, but I'm a lot more frightened by the potential abuse of "old-fashioned" things like the aforementioned wiretaps and unwarranted searches and seizures than I am of the FBI emailing me an easily detectable and easily deletable script or executable virus. Magic Lantern doesn't strike me as a shadowy menace so much as the amateurish nature of a government agency still in the first steps of dealing with a wired world.
The key to preventing abuse by the FBI and other agencies is not by depriving it of tools to work with, such as wiretaps or Magic Lantern, but to ensure that adequate oversight exists and continues to do so in the future. Spending time and energy protecting and advocating the transparency and accountability of the FBI is infinitely more effective, and more likely to work, than seeking to deprive the FBI of intelligence-gathering tools to work with.
Light a fire for a man and he'll be warm for a day. Light a man on fire and he'll be warm for the rest of his life.
While that post was sarcastic, it brings up another question: do you trust your compiler? A person could download perfectly good code that is free of trojans, but the compiler could be slipping in backdoors into the binary...
All editorial writers ever do is come down from the hill after the battle is over and shoot the wounded.
J. Wipo Troll, Esq.
Crapflooder Associates
Slashdot.org
Idiots! Its *NOT* the FBI! Its Executive branch and the Legislative branches of government as well.
In 1999 and 2000 The US goverment created some brand new covert departments to explicitely write keyboard loggers and forensic tools. These departments are also charged with writing computer snooping tools in general for spying on US citizens.
For deniability and for control, the departments were not created under the umbrella of the CIA, the NSA nor even the NRO.
The Executive branch of government created one small software writing department controlled by the president and his cronies and secret service.
The Judicial branch created one not affiliated with the FBI strongly, but perhaps so.
Each has miniscule budgets for employees and staffing of about 16 million bucks a year.... totally negligible compared to the billions the NRO consumes tapping space-borne telephone calls.
But these small departments make tools to intercept PGP passphrases for black-bag no-knock warrentless searches, and other naughty tools that emit bursts of modulated energy by tickling RAM on motherboard of uncached data lines to enhance greatly the Tempest emmisions.
This modulated energy is usually burst and spread just after an ATA-IDE disk access so that it is less detectable by studying relationships between typing and monitoring using FM bugsweep tools.
The data from these tools can then be seen outside the system and can contain all sorts of goodies, emails, passphrases, even one-bit compressed images of screen updated areas.
Anyway, its not bullshit. Just search the nets older press releases and read cryptome.org more often.
and for goodness sake, only use a laptop for your pgp mail and always store all data in a pgpdisk volume and use a hack to click-enter your passphrase from a tablet of fuzzy edged glyphs randomly plotted, instead of the usb and adb tappable HID devices such as modern keyboards.
I am all certain you know all about the hardware keyboard loggers.
life sucks
May I plant my penis inside your manly buttocks and wiggle it about?
J. Wipo Troll, Esq.
Crapflooder Associates
Slashdot.org
If you have that much faith in firewalls, good luck with the next Microsoft worm du jour. Between MSN and Microsoft Update there have got to be plenty of holes not yet "discovered". For the conspiracy minded, consider why DOJ is trying to be so nice to Microsoft. Considering that Microsoft if living with Code Red and Nimda, something minor like helping out our war effort should be easy, very easy to spin.
Why hasn't anyone thought of this before?..
Its a bit insane but think about it..
This would ideally be applied to jxtra (www.jxta.org) - suns peer to peer protcal layor (different things can be put ontop, like a web browser, a IM message,file sharing, etc).
Have the a key/checksum on the file itself. Then to authenticate, connect to the p2p network. Each host would have their own UNIQUE key. The longer a machine is up the more trust. Nearby machines get the key as well.
So, to authenticate the program goes and finds a bunch of random machines, asks what their keys are and what the key is for the package file. Then, you check the machines keys with other machines to make sure they can be "trusted". This would be a cross between the gpg signing "web" and p2p networking.
So the machines that have been on longer can be trusted more. This is to prevent a machine at the isp to generate new keys on the spot (or use the same one over and over again). It would have to be around for a resonable amount of time (24 hours?).
So each time you check package x, at random a series of "hosts" are asked what their checksums are for package x. For the paranoid, could add some route/different isp checking as well. Let say it asks 20 machines. If all match, then odds are pretty good its correct. Also, each host's key would have to be unique and "trusted". Then you can go out onto 100's (even more?) of hosts to check.
True, (in theory) it would be possiable to fiter for those specific requests, generate a seperate key for a bunch of ip's RANDOMLY and have them authenticate with each other, but that would be quite difficult. In order to do that, they would essentially have your connection severed from the net, with no direct path and on a "virtual" network, in which case your screwed anyway.
It isn't the most efficent way, but probably about as secure as you could get. Well, without being the govenment itself ^_^.
Slashdot, you suck. You do. So much. Stop boring me. I have nothing better to do than fill you full of CRAP. Stupid Slashdot.
J. Wipo Troll, Esq.
Crapflooder Associates
Slashdot.org
I wonder what impact will that Magic Lantern thing have on the USA international relations? Good or bad, your FBI may do what it pleases at home but I don't want any foreign spyware on my computer here!!!
Also, even if such use is authorized by the US government, does FBI has the right to spy on foreigners outside the USA? I thought CIA exists for that purpose :-)
Why have I been receiving emails from CmdrTaco, in which he seems to be speaking in some kind of code language?
Good Lord. What is "Taco-snotting?"
Ewwwwww. So, can I stop receiving these emails?
I can't stop receiving these emails from CmdrTaco!?
Have you ever been Taco-Snotted?
That's horrible. Does "Taco-snotting" have anything to do with CmdrTaco's "special taco"?
Does Jon Katz get involved in any of this? I thought he was a paedophile, not a homosexual.
No, thanks. I'm already CmdrTaco's boi toi.
________________________________________
READER COMMENTS
by Anonymous Coward on 2001.12.02 19:01 (#2644105)
this is good shit man
by Dark_Cobra87 on 2001.12.01 23:03 (#2642180)
Oops, forgot to check that Taco-snot option...
by Fecal Troll Matter on 2001.12.01 20:55 (#2641791)
Mmmmmmm, Taco Sauce...
Sig (appended to the end of comments you post, 120 chars)
by ArchieBunker on 2001.12.01 20:19 (#2641679)
I love trolling but this shit is getting old, fast. At least start mixing them up a little bit. How about the 'How OSM was Freed' series?
http://www.naawp.org/
by Anonymous Coward on 2001.12.01 8:37 (#2640602)
Stop posting this! I've got hangover and Taco Snotting doesn't make me feel any better.
I'm really glad that Taco Snotting is illegal here in Europe.
by Anonymous Coward on 2001.11.30 1:01 (#2634213)
Get a life you loser! Don't you have anything better to do than insult CmdrTaco and the gay community? We are not perverts, we are human beings just like you. So give it a rest!
by perdida on on 2001.11.27 14:13 (#2618764)
Shut up you asshole.
I am not great, I am merely adequate. I live in adequacy.
by Anonymous Coward on 2001.11.26 22:22 (#2616035)
You weiner trool!
by Anonymous Coward on 2001.11.25 9:14 (#2609574)
try to find a pic of actual "taco-snotting"! fucking funny it would be! so go to gay porn sites day in and day out until you find a man giving another man a blowjob that has jizz coming out of his nose and mouth. by the way, keep up the good work
by Anonymous Coward on 2001.11.23 12:18 (#2603370)
WIPO, this is getting waaaay old, either drop it or revise it.... there've been no updates for days now...
CmdrTaco
by Anonymous Coward on 2001.11.22 17:28 (#2600815)
A truly excellent and very humourous troll indeed!
However...
To complete this perverted orgy, fellow geeks Michael, Timothy, and Jamie often join in, dressed in black Gestapo uniforms, jack boots, and leather gloves.
Black GeStaPo uniforms? The GeStaPo (Geheime Staatspolizei - Secret State Police) wore civilian clothes (although there are reports on them occasionally using Allgemeine SS uniforms in occupied territories).
I seriously doubt that perverted individuals like CmdrTaco et al would have the good taste to ever wear the outstandingly beautiful black Waffen SS uniforms! Please update the FAQ accordingly.
by Anonymous Coward on 2001.11.23 4:06 (#2602610)
Actually, it appears you are both wrong!! Ah ha!! I think our boy WIPO was thinking of the Allgemeine SS uniforms. Waffen SS were grey.
by Anonymous Coward on 2001.11.21 4:49 (#2594325)
oh yeah, you say you have masturbated only 2 times to this post. well, by the time it takes for me to get through reading it, i usually end up masturbated 5 to 6 times, 10 to 12 if i have the goatse.cx homepage loaded up and am looking at it side by side with the slashdot page. my keyboard, hands, mouse, monitor, the underside of my desk and around the floor under my desk are cum soaked and sticky with the man smell i know and love.
by Anonymous Coward on 2001.11.21 4:41 (#2594311)
for version 2 you should make a total re-write of the cod...errr...text and add some details about cmdrtaco and the homo-gang's happenings with their coworkers (osdn?) and all of the gay revelry they enjoy and promote. by the way, did i just see cmdrtaco on television promoting the nax hair removal system? i guess after using vaseline in and around his ass he grew quite a ponytail and it had to be removed somehow...ouch!
by TRoLLaXoR on 2001.11.21 3:59 (#2594191)
WIPO, do you notice how few comments you get for anything you write/post/spam nowadays?
-Trollaxor
by sales_worldwide on 2001.11.20 11:53 (#2588488)
You forgot to mention Jon Katz's "docking" games, where he places his chopper head to head with another chap, and rolls the other guys foreskin over his own circumcised end ("docking"), providing him with fantasies of actually having his own forskin
"Making linux GPL was the best thing I ever did" - Torvalds. I'd hate to see the worst thing...
by Fucky the troll on 2001.11.20 11:28 (#2588446)
Woah! When did the WIPO troll get freed? And how the fuck did I miss it?
Excellent FP, sir.
This is a sig virus. Please put me in your sig
by Anonymous Coward on 2001.11.20 11:04 (#2588407)
omg that is crapflooding material if i ever saw it!!!!!! and u got a first post!!!! whoot to the wipo troll!!!
by Anonymous Coward on 2001.11.19 9:03 (#2583756)
GW...you know we love every hair on your 27 acre ass... and I, for one, would never do anything untowards your graceful demeanor. And you probably have several friends that would love to help you do the bear dance all over my face if I so much as spelled your name wrong. And you know I'd defend your Constitutional right to defame God in heaven. I'd even help fund your education, should you ever decide to take that route. Hell, I'd buy you a tall tepid bear-whiz beer if you were here with me, right now!
But.
Now go stick your shaved head back down inside the woman's toilet, and just to show there's no hard feelings, I'll jump in the tow-truck and drive right over to help you pull it right out...ok?
thanks
by mark knopfler 69 on 2001.11.19 8:25 (#2583695)
I DO NOT BELIEVE YOU SIR. FOR ONE THING, THE E-MAIL FROM CMDRTACO DOES NOT HAVE ENOUGH GRAMMATICAL AND SPELLING MISTAKES. Let's be realistic here, CmdrTaco usually types with one hand, and since he is shaking from jacking off his aim on the keyboard isn't too good. Those e-mails were a little too well written. Sorry boy, you'll have to do better.
by WeatherTroll on 2001.11.19 8:14 (#2583667)
You should update this to say VA Software instead of VA Linux.
by smackmonkey on 2001.11.19 7:06 (#2583510)
Crackhead moderators: this is +5, Hilarious material.
--
CNN declares War on Islam!
Left-wing America declares War on its Civil Liberties!
by Anonymous Coward on 2001.11.19 5:40 (#2583336)
This was funny the first 100 times. Now it is getting boring!
by egg troll on 2001.11.18 22:27 (#2582054)
Having masturbated *twice* to this post, I'm still incredibly aroused! Come over for a Taco Snot. I'll be wearing my crotchless Clifford the Big Red Dog outfit!!
For more info check out this
by Anonymous Coward on 2001.11.18 12:03 (#2580822)
add more links to goatse and to cowboineal's site to make it better. a link to rotten.com would be nice too
by Anonymous Coward on 2001.11.18 12:18 (#2580832)
and a link to michael's site and to jon katz's site if he has one and homo's site. i dont know what else to say. maybe a few links to phallic.org they have nice penis pictures! a link to the planet quake site or whatever. really make the reader feel this faq really answers their questions. oh yeah, and when you talk about cmdrtaco snotting you, say he brought you to "orgasm after sweaty orgasm". describe it more is all i'm saying. and use more italics and bolding! and when you talk about jon katz shitting or whatever have a link to fecal japan on rotten.com
other wise a great job wipo troll! keep up the good work!
by Wil Wheaton on 2001.11.18 6:41 (#2580438)
Hi. Let's be buddies.. butt buddies.
--
WIL WHEATON DOT NET
by dead_puppy on 2001.11.18 5:33 (#2580342)
Here is an e-mail I received a week ago:
From: malda@slashdot.org
To: puppy_dead@hotmail.com
Subject: were where you last friday?
I thought we where supposed to meet at Backdoor's at 8-ish, sugar-lips? You could've at least told me that you could'nt make it! I was even in my favorite pink skirt for you, honey-cup... next time, you could be more considarite and tell me you cant come... bastard.
--
CmdrTaco (malda@slashdot.org)
You finding Ling-Ling's head?
by Big_Ass_Spork on 2001.11.18 4:53 (#2580300)
I do it wrong
Laying here in the shadows of my room, I squint up at my love. My Ms. Portman. I am sore and tired after fucking her for eight solid hours. My chapped and aching dick is soaking in grits to relieve the pain. She gets on her knees and starts lapping the grits up out of the bowl. She places her beautiful hands on my penis and starts to lick the grits off my achy piece.
Massaging my nutsack she....
WAIT, I DO IT WRONG!!!!
Yanking my dick out of her mouth I throw her to the ground and shove it in to her gaping freshly fisted ass. [goatse.cx]
"OH BIG ASS SPORK!! Fuck my ass, fuck my ass good. DEEPER, my stallion, deeper!! Make a Beowulf cluster of sperm on my back!!"
"Imagine a Beowulf cluster of this baby!"
I DO IT WRONG!!!!
---
All your Sporks are belong to Big_Ass_Spork! What you say?! All your Sporks are belo... forget it...
by j0nkatz on 2001.11.17 22:54 (#2579596)
I just heard some sad news on the radio -- famous queerbait Rob Malda was found dead in his Holland home this morning. The details were a bit hazy, but it seems that he drowned in jizz while Taco Snotting his friend Hemos. I'm sure everyone in the
I wanna Open Source sex so it won't be worth a shit either.
by Anonymous Coward on 2001.11.15 6:38 (#2567601)
No no no, the correct term for that is "donkey-punch". I have eye-witnessed this amazing eye-popping event demonstrated on unsuspecting hose-monsters by my frat brothers in the past.. .
by AbsoluteRelativity on 2001.11.15 5:31 (#2567457)
The WIPO Troll
Slashdot and the Karma Lottery - News for uber monkeys, by uber monkeys.
by Anonymous Coward on 2001.11.13 9:27 (#2557632)
Oh, man that's just sick !
by Anonymous Coward on 2001.11.13 9:03 (#2557604)
TELL ME WHERE I CAN GET AN ANONYMOUS proxy please WIPO Troll. Maybe later i will join you in a snotting at my place.
by vikool on 2001.11.13 7:43 (#2557495)
what is this bull shit,i feel offened that some people feel so so senseless to post stuff like these esp when such a tragic incident has occured
by I.T.R.A.R.K. on 2001.11.11 22:38 (#2551890)
Where the fuck do I sign up?!
- I throw rocks at retarded kids
"Adequacy.org: Where congenital stupidity is not an option, but a requirement."
by Anonymous Coward on 2001.11.11 21:53 (#2551753)
this shit is hilarious..keep up the good work.
by rockwood on 2001.11.11 21:49 (#2551746)
OMG! That is the most disgusting thing I have ever heard! WHo in their right mind would sit down and waste the time to construct such a replusive story. I guess I'll be skipping lunch and dinner today.. and possibly tomorrow also. The game doesn't affect reality. Reality affects the game.
by Anonymous Coward on 2001.11.11 14:43 (#2550701)
dude, this is crap-flood material if i ever saw it.
duuuuuuuuudddddddddddddeeeeeeeee.
by Anonymous Coward on 2001.11.11 8:16 (#2550266)
horny_rob_6969@hotmail.com
Ah, so that's what the alt.binaries.pictures.erotica.horny-rob newsgroup is about!
by egg troll on 2001.11.11 5:34 (#2550024)
+5, Arousing
For more info check out this
by Anonymous Coward on 2001.11.11 4:39 (#2549891)
WINNER>
by Anonymous Coward on 2001.11.11 4:37 (#2549887)
I love you. Why do you use your bitchslapped account, rather than signing up for a new account to post at +1 before getting bitchslapped by the censors here? I guess I should speak for myself, but I don't want to log out and lose all my slashdot customization properties, nor do I want to lose my 50 karma yet.
by Anonymous Coward on 2001.11.09 9:19 (#2542412)
you fucking rock! right down to the expanded cvs id!
WIPO trolls > linux
________________________________________
J. Wipo Troll, Esq.
Crapflooder Associates
Slashdot.org
And why is the corporation, err, government, keeping what they are doing secret? If they aren't procecuting the wrong folks, then there isn't much of a need for them to avoid telling everyone who they are tapping, is there?
If companies weren't doing something wrong, like Enron, they shouldn't be allowed NDA's and "trade secrets," should they?
It isn't hard to read. It is available online for free reading. Have a look. I took the time out to read it - and now I know what the parent to this post is on about.
In both cases:
Writing letters to your representatives and starting petitions about strengthening the oversight mechanisms over the FBI makes a lot more sense, just like the FBI using other methods to gather intelligence on criminals makes more sense than banning strong encryption.
Light a fire for a man and he'll be warm for a day. Light a man on fire and he'll be warm for the rest of his life.
This post will probably never be seen since I'm a latecomer to the conversation, but I knew a fellow a few years back that would never be affected by a keylogger. His method would work for bypassing any keylogger, but would probably be most useful to touch-typists as a way to not use the keyboard for entering passwords.
He claimed he was a terrible typist. I couldn't tell though, because he didn't touch the keyboard. He would literally copy and paste every character he entered. While this would be tedious for all typing, it strikes me that would be a good way to enter passwords if you're concerned about a keylogger.
That generally wouldn't work for whole-system logins, but it would work for encrypted files and other "lesser" logins. Copy a letter from this page, a letter from that, paste it in your password box, and I doubt seriously even a macro recorder could follow what you're doing.
And watch my OpenBSD box crunch, crunch away. Mmmm, nice box.
Magic Lantern in the source tree of an OS hosted in Canada? Homey don't think so.
You Americans had better keep it in your own country. American law is not enforcable outside America.
The Savage is the one who hangs himself at the end of BNW, NOT Bernard Marx. This makes for a drastically different interpretation than the direction you are wandering toward. If your understanding of the story is reflected in your post, then I would hate to think what your grasp of other works of literature are.
First - I don't think this is going to be used to catch one 'terrorist'. Not saying that it's going to be a complete failure... but that they are more using this to go after those 'Drink or Die' types. [makes sense, we are getting ready for DRM right?]
... \\\
Second - Get out your history books and find the word communist. Scratch out all references, and put the word terrorist over it. Read that. That is what is going to start.
Everyone applauded Bush after the attacks on Afghanistan and we love it when he makes those jokes, but I don't think he's the right person to be in that position. Boundries will be overstepped. John Ashcroft... what a joke, should be be John Stalin.
Also, I think I may have this 'virus' because everytime I try to download something from alt.binaries.pictures.centerfolds.playboy my USB cable modem goes off. Something doesn't seem right here.
\
\
\
Get your Unix fortune now!
I am Australian. I use American antivirus software. There is no indication that Symantec or McAfee are going to protect their Australian consumers from the American government.
Most of this discussion has centred on the FBI invading domestic computers. I am more concerned, not personally, but ethically as a global citizen, with the CIA or another US body using this technique to invade my country's rights.
I have no recompense, short of diplomatic channels, or through whatever (uberexpensive) international anti-espionage laws , at stopping this.
Magic Lantern is a very blunt intelligence instrument. Right now (and the irony is NOT lost on me) all I have to be thankful for is that my sychophantic Prime Minister has been licking Dubwya's scrotum so much lately that Australians are probably far down the list of suitable intelligence targets.
"If you create user accounts, by default, they will have an account type of Administrator with no password." KB Q293834
.. since we all know that terrorists use Playstation2's for their trajectory calculations...
The question is, when will the FBI confirm the existence of the Green Lantern?
"Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
Ditch your Nortons and Mcafee rubbish and get yourself a decent virus scanner. www.kaspersky.com
Their page also has an article about it along with links to other news sources.
With all of that in mind, I decided to find out just how vulnerable I was. I set up a stock Debian 2.2r3 box... I went to the Debian box and typed 'apt-get update ; apt-get upgrade'. After a few routine prompts, none of which triggered security alerts, the box was rooted by my "custom" package.
Progeny Linux Systems wrote, tested, deployed, and submitted as patches to Debian, code to implement cryptographic package signatures. Some of the patches now exist in dpkg CVS, but Wichert Akkerman rejected others. Part of it had to do with a command that would prompt you (package maintainer) for your GPG passphrase and cache it so that it could be applied to each binary package (consider how tedious it would be to re-type the passphrase for each binary package in a package like XFree86, which has dozens; moreover, you're no *more* susceptible to a keystroke logger if the passphrase is cached). Anyway, this tool was written in C for security (locked memory pages), but Wichert wanted a version in Python instead, so he never accepted the code.
I never have quite figured that one out.
Anyway, since Progeny ceased development on its own distribution, not much work has been done on our signed package implementation. The code has already been publicly released; maybe it's time for people in the Debian community to take up the fight?
The specification, authored jointly by Ben Collins and John Goerzen, allows for multiple signatures per package. I wrote a policy administration tool called apt-checksigs that would let the user configure the strictness of signature checking on a per-repository basis.
Is anyone interested in this stuff?
Address-collecting spam robots don't know how to crack ROT13. Do you?
What whould happen if a company like intel will work with the FBI????
=rant= Want to fight back against this crap? I say e-mail everyone you know with something about killing the president or sending anthrax to the Pentagon. Hell, put it in your sig, and tell everyone you know to do the same. This is bullshit, and it won't prevent someone sending an assassination message in morse code, or even pig latin, for god's sake.
What will they do when someone smuggles a ceramic knife onto an airplane in their shoe? Strip search everyone and X-Ray their clothes? Idle bitching on the 'net is all well and good, but take some bloody action. I'm a college student, and I see people protesting things all the time. Does it ever do anything? No. We all like to sit around and talk to our friends who agree with us, but strap on some balls and take the offensive, and convince somebody who's not already on your side. =/rant=
This is Orwell not Huxley...
Negative, I am a meat popcicle.
you hear about the i-love-you, mellisa virus etc etc and the authors being arrested and so forth.. can i call the FBI to chase the FBI once this sucker is on the loose?
Actually the apostrophe in that situation defines ownership.......so no, you don't know how commas work FOOL!
Real interesting.
For whatever purpose (I don't believe it has a legal background) an American goverment agency codes a backdoor and Antivirus companies offically declare they won't detect that one.
I want to know if it has a legal background and also how it will affect whole Internet? E.g. when that trojan "accidentally" installs to a top non-usa goverments top secret machine?
I have been to http://www.avp.ru , they seem totally neutral for now even though you "feel" they try to mean "we will detect it, it is just another virus for us and we aren't a USA company"
I can't believe we don't see thousands of feedbacks on this issue... An offical trojan? Seems everyone forgot there are other countries exist on the Net rather than USA...
yeap, I seem confused and yes I am really confused!
I thought the story after the FBI story was more interesting.
Now, that's what I call carnivore!
Vaya con huevos, my darling.
Because everyone knows that some warez group will have it out soon after. All the 5cr|p7 ||dd|35 will be like "|-|311z `/34!! /\/0 m0r3 B.0."
This will leave a gaping hole in all AV setups I think. Makes me glad I'm running everything on FreeBSD here at home :-)
I think what he say's about this virus being developed is actually scarier than the actual virus itself. He said that everyone should give the government access to their computers, even if it means through a back door. Without warning.
I kind of expect this behavior from the government, but to have a computer virus expert condone this behavior is really frightening to my sense of freedom.
My only hope is that someone comes out with an antivirus protection against this thing as soon as it comes out. Something tells me that the government isn't going to look over linux computers like most virus designers.
--theKiyote
I think welcome to Oceania is a much better comment. A Brave New World has more to do with the government making people happy.
I think my principles are reachin' an all time low
The funny thing is, Congress didn't tell Janet "the Waco wacko" Reno to create and deploy Carnivore and to authorize development of Magic Lantern. And Congress didn't tell John "junior Fuhrer" Ashcroft to continue deploying the former and developing the latter.
We know this because even the Congressional leadership didn't know about them, as evidenced by the hearings certain privacy-conscious sons of liberty among them demanded once Carnivore became known. The fact is the executive branch does most of what it does without any Congressional approval at all. Or what would you call President Bush's fiat about using military tribunals, an order which the Legislative branch did not authorize and, though most support it, almost all complain that they weren't even consulted.
You're quite naive if you believe this nation still operates as the Constitution intended it to. Instead of the Legislative branch setting things into motion through passing laws, the Executive branch carrying those laws out, and the Judicial branch overturning laws when necessary and interpreting them in just ways, it now works like this:
The Executive branch sets things into motion by executive order and abuse of over-broadened discretion; the Legislative branch quite rarely then puts the Executive back in its place by passing laws to curb its abuses, but much more often is too busy setting other abuses into motion through its own powers, such as CDA, COPA, DMCA, SSSCA, etc., which generally serve to magnify and reinforce the abuses of the Executive branch; meanwhile the Judicial branch occasionally slaps down a particular abusive law or executive practice only to be largely ignored and "worked around" by those other two branches who just keep hawking the same old abuses of liberty under new bills of sale, ceaselessly, since the actions of the Judicial have no bearing at all on what the Legislative and Executive branches have the power to do--write the same policy up into different words and all of a sudden it's a new law or executive order, which has to be nullified by a Court again through the same long and painful process, even though it's essentially the same abuse. Not that the Judicial branch can be trusted to defend liberty much better than the other two, though--cf. the insane decision upholding anti-sodomy laws by the High Court in *Bowers v. Hardwick*, which boils down to "your right to privacy doesn't include the right to go against mainstream moral teachings." Read the text of the decision--it actually uses the word "morality," as if the Judicial branch is there to enforce subjective Christian moral concepts rather than invoke objective attempts at justice.
To put it simply, the FBI has a Congressional mandate to arrest people for breaking laws, but it does not have a Congressional mandate to do whatever it wants and invent any methods of snooping it wants while investigating people it desires to arrest. The unfortunate part is that the Legislative branch is too busy violating our other rights and taking corporate perks to ever use its power to restrain the FBI by law, while the Judicial branch is so slow and addlepated that multitudes of people will have the FBI's Orwellian thoughtcrime-control toys unleashed on them before it ever decides to uphold or invalidate these invasions. Not that we can trust it to make the right decision anyway, considering that it won't even let me lick my adult and consenting wife or girlfriend's pussy in private.
Thomas Jefferson was right, my friends--"An elective despotism was not the government we fought for."
Chasing Amy
(We all chase Amy...)
"The more corrupt the state, the more numerous the laws"-Tacitus
...that has such people in't!" --Shakespeare
In case you couldn't tell, he was being sarcastic.
Huxley's book derives its title from a scene in The Tempest, in which Miranda, upon meeting a bunch of royal bad guys--whom she naively perceives as regal, not as the bunch of usurping, murderous scum they really are under their shiny hats--says "O wonder! How many goodly creatures are there here! How beauteous mankind is! O brave new world that has such people in't!" to which Prospero--sad cynic, curmudgeonly nihilist, all-around smarty-pants, exiled in a world of criminal dipshits--says "'Tis new to thee."
Not an inappropriate sentiment, in this case.
But of course you knew that.
Your mouth is like Columbus Day.
Where is my tin foil hat! :-P
It's actually very sad when a government is alsmot at war with it's citizens. They'll catch tons of pass phrases in order to get 5 they really need. All I can say is I really hope that it isn't ported to Linux or BSD.
Hey, when is this thing going to work? 100% sure someone will make a way to remove the 'Magic Lantern' from your computer the minute after it's released.
People already manage to break into computers and softwares. The Windows XP warez version was getting trade on the internet 4 hours after it was released. (okay, lame point for secure system, but you get the picture)
If there are people that can crack whole operating systems, what skills will be needed to remove a simple trojan horse? It's not like the most difficult job in the world. The Magic Lantern will simple not work, specially for folks who do NOT want it to.
Buy a Nintendo DS Lite
If the Antivirus software does not stop this "virus" they won't in other countries as well... Is this another "USA is the world police" thingy?
"If you keep an open mind people will throw a lot of garbage in it."
This is not about the FBI using this to catch the bad guys. This is about the FBI having a means of breaching privacy and security in a way that's just sick.
Say McAfee was purposefully flawed and let this thing through. We use McAfee at work, too. Bang, any encrypted data stored on a networked computer there is instantly vulnerable, and can be traded off. They've done it before, haven't they?
And then there's privacy at stake.
The Magic Lantern isn't going to be a self-propagating worm or virus like many others like Code Red/SirCam. Each computer will have to be individually chosen to be compromised by the FBI. What you are thinking of is called Polymorphism. Many old virii were written using this idea. Many others would do things like compress, and randomly recompress with a different seed to generate a different size/content virus. The problem is, the decompress routine must be uncompressed(obviously) in order for it to function.
You can't legislate goodness. Let each to his own destiny, by will of his freely made choices.
Can I sue the US Government for privacy infractions and computer crimes if I find this program on my PC? Can my government sue the US Government for the same?
Don't worry, noone will ever accuse Australians of having any intelligence to target.
*rimshot*
the surprise is NOT that it exists, but that the FBI confirms its existence.
I don't really see the problem with the AV vendors overlooking ML. No, I'm not mad - bear with me for a moment:
First - think about how AV software works. It usually scans a file when it's accesed for certain known patterns - the virus signatures. Every virus/trojan/worm have their more or less unique signature which is used to identify it. So, when AV vendors say they won't detect it they software is not deliberately letting ML through - the software just will not have a signature for ML, and therefore it won't be recognized as a trojan.
This is not a hole.
It's just how antivirus software works - looking for known malware patterns.
Now, if I were to make my own personal Magic Lantern, I could theoretically modify FBIs software, or write my own. They will both be equally undetectable. Now, when certain AV vendors say the won't look for ML it is in fact good - because they are open about it. You KNOW their software won't detect it, and if you feel threatened by it you are free to change vendor and add in additional layers of paranoia (Firewalls, IDS, tripwire).
If we are going to hate AV vendors for something, we could just as well blame them for not including anti-spyware in their signature files. They have overlooked this specific kind of malware for years, and not many have raised their voices about it.
I'm more scared of the methods they intend to infect their targets - pushing ISPs into modifying data as it arrives at the victim's computer is just plain scary.
Then again, it's FBI we're talking about. For the most part they play by the rules. And if you're really so scared about Magic Lantern, you should be scared about phone wiretaps and Tempest too. They are all equally privacy-invading technologies, but very few of us encrypt our telephone calls or install lead-walls to protect our privacy.
I'm not saying that Magic Lantern is a good thing (it's not), but the AV vendors are not trying to make a gaping hole in you computer, and shouldn't be accused of such things.
Have an antivirus company move a large part of its assets into banks in one or more countries other than its home country.
Give a lawyer in each country bank account number and legal duty to withdraw all the money when it has been proven that that company has been compromised. The lawyer must open a new bank account for a competitor who has never been compromised.
Something tells me we will end up pretty quickly with a well-funded open source antivirus company!
Many redundant copies, each signed by a different trusted 'good guy', for each checksum in the repository.
At least the FBI would have to work that much harder before it could get all the signers nobbled (or trojaned)...
((Of course, we would still have to obtain trusted copies of the signers' public keys -- from a non-internet source presumably, magazine cover CDs perhaps ?))
Man who at the FBI fucking thought this stupid shit up. I wonder if the FBI really and truely thinks that 1) this will not catch anybody that is moderately aware of anything about computers 2) that it would actually catch someone doing something wrong? There's far too many ways for knowlegable users to get around stuff like this and somebody somewhere is going to write a little hack that will find and kill the virus. Carnivore is a retarded dragnet intended to make the FBI look less like a giant pile of shit because somehow people will feel secure if they know terrorists can't e-mail each other using hidden messages. Magic Lantern is just an addition to a shitty idea which is only going to cause the FBI more problems. ML will get isolated and someone will use it for their own purposes. It is as fucking simple as that. The first case of the virus being used by a "hacker terrorist" to infect a company and cause them "billions" of dollars in damages the FBI is going to once again look like a big pile of shit. On top of that the damn thing will probably never catch a terrorist. With the proliferation of computers and internet access anywhere it would be hard to catch anybody sending messages to someone. Like the terrorists in Semptember, they used a public library's fucking computer to send e-mails to people. They didn't encrypt anything, they just sent a coded message. This post could be a coded message and nobody would fucking know it unless they knew what to look for. Maybe instead of writing computer virii the FBI should look up the research the CIA did on ESP. That'd probably find them more fucking criminals. Hopefully they start with their directorate and work their way down.
I'm a loner Dottie, a Rebel.
There's already software out there that records and sends keystrokes and mouse clicks to another party. It's called "clickcatcher" and I've found it on my computer. It was found running, and hidden, whenever I started my browser Netscape 4.78. That's on a G4 Mac with OS 9.1.
I found it because it screwed up my system. It started every time I started the browser. But it didn't shutdown when the browser was closed. And it wouldn't shut down..period. That caused my computer to refuse to shut down because it couldn't shut down this hidden program. And that's what caused me do search and find it.
AV software (Virex) did not find it. If it didn't cause my computer to refuse to shut down... I may not have noticed it for quite a while. I don't know how long it's been there, or who it was sending this information too. Has anyone heard of something called clickcatcher?
If this gets near to law over your side of the pond, I shall certainly be voicing my opinion to my government. I suggest the rest of the internet does the same.
While you are at it mod this up. I really hate people who use loose instead of lose. What a bunch of loosers (see I hate it!)
It seems to me that sooner or later these two government projects are going to come into conflict and it will be very interesting to see who comes out on top.
Why not do some fancy engineering footwork that would make it so that if I type "asdf", the Magic Lantern software would think I typed "jkl;", but my computer itself would read correctly as "asdf". Because the FBI would never physically have my keyboard, they would never have anything to match up the "jkl;" to, so they would never be able to determine what my real keystrokes were. I've gotta believe that is completely possible, and once something like that is available, it would forever be impossible to track keystrokes. Yes, it's a simplified example, but directionally speaking, that has got to be a viable solution. ...??...
with all your rants about big gov taking away your freedoms. Could it be that politics is a big circle and that a very thin line, if it exists at all, separates the extreme left from the extreme right?
Thomas C Green's arrogance is matched only by his ignorance, which is now plain for all to see. It is obvious the real target of his article was revealed in the hysterical rants, for which the "Magic Lantern" flub was only a pretext.
sure its wrong, but if youre not doing anything illegal (::cough cough::) then you have nothing to worry about.
that's gotta be one of the best trolls i've ever read...i almost fell out of my chair laughing when i got to the windows update part, and the shared cable connection is a nice touch :-D
It's not funny till someone gets hurt.
Since when is keystoking a new and miraculous invention of the FBI? So they employed some virus writers to string together a few exploits with a keystroke logger- this somehow makes it a new technology? Or is it because the FBI developed it that exploits have changed or that you should suddenly be concerned with intrusion detection? This is obviously unethical, but if you have illegal content on your box it should be protected IF you really think it should be online!
[fbi.exe has preformed an illegal operation]
dammit, how many times do I have to reinstall this thing before it works?!
The word "it's" means "it is". If you want to
mean "belonging to it", don't use an apostrophe
("its").
Grammar. It's important.
GPG keys of all Debian package maintainers are known (www.debian.org/devel/join/nm-amhowto), and dpkg-buildpackage which is used to build a package does sign the package.
--- Hindsight is 20/20, but walking backwards is not the answer.
Thank you, thank you, thank you!
Put a copy of Tripwire on the CD-R and occaisonally boot from it to confirm the integrity of the OS on disk. There could even be a script to run diff on a pair of files if Tripwire notices something screwy. I wonder how long it's going to be before their little keylogger gets very loudly posted to USENET.
What happened to the "it has" rule? Please consult your local friendly dictionary.
And while we're at it:
anyways
irregardless (which is now in the dictionary...)
Lie-nix vs Lin-ix (long i vs short is the point)
(and, yes, I've heard Torvolds say it so we could add "lee-nix" to the mix).
Hmmm, I think I'm sweating the small stuff - time for some small deodorant!
"Those who would give up essential liberty, to purchase a little temporary safety, deserve neither liberty nor safety." -- Benjamin Franklin
;)
I don't think so.
"Break out the gin, and the small violin, I'm a raging success as a failure." --Firewater
If US-gov can enforce backdoors in AV-software,
can the UK, german, franch, iraq, libien, cuban governements enforce also their backdoors in any AV-software?????
And does the German backdoor conflicts with the US-backdoor?
In stead of AV-software, it looks more like a toolkit for installing viri and backdoors (well looks more like a front gate to me) for any organisation who claims to be defending their version of "truth, freedom" , and their god-given-right to do what ever they like at the costs of other peoples rights and freedom....
I even wonder why i should pay for these products contaminated by state sponsored terrorists.
It should have been the other way round:
For the privilege that THEY can poke around on MY systems, i demand a paycheck from CIA, FBI, MI-5, MI-6, KGB, Deuxieme Bureau (who else want to contribute)......
Hackin' Hans
You coke smuggling, porn addicted, homosexual industry spy!
There were 5 instances of the f-word and 4 instances of the s-word. Just what were you trying to tell somebody.
1 s 1 f - Buy booze
1 s 2 f - Fly plane into building......
Dumb shit scenario: ." etc etc
First AAEP(Anti American Evil Person):Holding cup of anti american coffee,says to second AAEP,"Why don't we just make our own little personal code?".
AAEP2:"Great idea, Hassan, uhm I mean AAEP1"
AAEP1:"So...here goes:You'll be Britney and I'll be Pamela. Hacking will be called "posing naked" and AOL will be called "George Bush"
Coupla weeks later MIB(Men in Black ) intercept email from AAEP1 to AAEP2. Contents: Cool, Britney you wanna pose naked for george Bush tonight?
Being the ever vigilant MIB's that they are, they also intercepted the answer.
Contents:Yo, Pam, and after posing naked for GeorgeB I'm gonna suck his dick.
Get the picture? You don't need PGP or AV tools or whatever if you really want to hide whatever it is that you want to hide. I think those who are mostly innocent will be those who suffer the most as per usual whenever some or other government decides it has to spy on and control the general populace.
the FBI are saying: All your keystrokes are belong to us
*** Where are we going? And what's with this handbasket?
After a couple of years of reading slashdot, I think I have built up a resistance to bad grammar. I don't even notice these anymore. Sometimes I even forget that you don't spell hacker with a 4 and an x.
Robotiq.com is heavily tested on animals
Welcome to a Brave New World
Wrong book.
First point: And everybody here should know this. If you have really sensitive info, the stuff you don't want anybody to read, you are stupid to have it on a computer connected to the net.
Second point: Brave New World?? READ THE BOOK!! You are thinking of 1984, in Brave New World there was no reason to spy, people were all hooked on soma and sex.
You state that "one or two cases of the FBI overtepping its bound" would be likely. I think the very fact that millions of "overstepping" cases are possible, without our knowledge, is the bigger problem, by FAR. You have quite a naive trust of our government, and I would rather they didn't have that power.
A criminal shouldn't be sought after until they have shown criminal intent. Then and only then should they be investigated.
Magic Lantern is used to gain information. If you think that millions were spent to check Johnny pedophile's E-mail, you're wrong, and would STILL be illegal without a warrant.
I don't understand why people aren't up in arms about this. The damage to psychological freedom far outweighs the benefit of catching www criminals, which again, is a secondary use of this technology.
IMHO, we're getting the PR version, and we're eating it up.
As some of the other have pointed out... it is possible to 'tap' a user without being suspected. Ok, there are a issues such as anti-virus software.. ISPs etc, but when the FBI can do it... and its public knowledge, how far further are the real elites ? What is the potential of the FBI when they are not actually telling us all they know (not that they have to).
The violence at Ruby Ridge happened in 1992. Bush was President. Jante Reno was not Attorney General.
So, if I discover I have Magic Lantern on my computer, can I sue for an electronic attack, illegal search and siesure, or both?
Zone Alarm seems to secure Win2k nicely and if you were paranoid about open connections couldn't you execute the "netstat" command? There has to be an open port that, "Green Lantern" leaves open. Just some thoughts and if anyone has the answers please let me know. Peace.
Um... If this works so well what's to stop joe hacker from key logging the FBI? Things work both ways people.
You're damned if you do and you're damned if you don't, because you need to download the wuftpd-of-the-week sometime.
What I would like to know is how many terroists insist upon running anonymous ftp from their warboxen.
Maybe if you simply turn off the unnecessary services that you never use, it wont be as much of a problem.
The point is that those signatures aren't available anywhere except by doing something like searching the debian-devel-changes archives. (The .changes files, which contain those signatures, aren't in the debian mirrors, though the signed .dsc file is; however, this is only sufficient to verify the integrity of the source code, not the binaries)
Once a binary package has been installed in the debian mirror system, there's *NOTHING* in the package file itself to guarantee that it hasn't been tampered with.
Don't cha think preventitive warfare is in order.
You know, like preventitive healthcare.
osearth - Who are the real terrorist?
"If we were at war the government would be able to require technology companies to cooperate, I believe, in a number of ways, including getting back door access to information and computer systems."
The government and microsoft get back door action... I knew they'd f*ck me hard one of these days.
I'm not here. This isn't happening.
'When asked if Magic Lantern would require a court order for the FBI to use it, as existing keystroke logger technology does, Bresson said: "Like all technology projects or tools deployed by the FBI it would be used pursuant to the appropriate legal process."' He sheepishly looked down at his feet for a moment, then exclamed: "I had chili for lunch today!"
If these walls could talk they'd probly still ignore me. --MF DOOM
I am truly fucking sick of typing in a response to someone's post on slashdot and having to think "Should I copy before I hit preview?" because if I don't I just might lose completely what I typed and be redirected to some far off corner of Slashdot. What a piece of shit. Fuck this forum.
Now, if they ( the ever ubiquitous "they" ) were putting drugs ( got soma? ) into the water, then it'd be more similar to BNW, but instead it's the Government furthering it's ability to monitor the activities of it's citizen's, which strikes me as much more Orewllian.
Okay, back to your regulary scheduled MS sucks/Linux rules/I hate Katz ranting.
Remember, "a gramme is better than a damn!" :)
---
Segmentation Fault ( core dumped )
By checking that checkbox, it only pertains to that session. If you reboot, you will need to checkmark it again if you need to install it again (which usually happens when the next version of IE comes out).
... not alter there software to stop it from detecting viruses.
Assuming magic latern is different enough from every other virus, I don't see a commitmant to include that in the virus signatures.
Is it possible the FBI said "shut up and stop telling people you dumbasses otherwise the bad men won't use your software".
I can picture a criminal getting this e-mail.
to: osama.binladen@aol.com
from: magic.doughnut@fbi.gov
Please do not install the latest patches from Microsoft, the security issues that the patch solves also sends your women to school
signed
big brother
Ok, we have a sniffer on our keyboard. But who said we need to type out our passwords just like that? We can encrypt them!
Just take your favourite PDA or a computer that's not networked anywhere. Then write a piece of software, that, when asked, XORs any string (your password) with a one-time pad. Once done, this software returns you an encrypted password and a PIN code (for example an offset number). This PIN code will be fed into a decipher software (which XORs the "encrypted" passwords again with the same one-time pad), and ta-da, you have succesfully encrypted your keystroke traffic on those parts that need encryption the most.
__
Zarathustra.fi
Modern man has no goal, no aim, no ideals.
Does anyone else find it interesting that this was announced at the same time the Bin Ladin tape was released? I just visited CNN, and off to the side of the big story, I saw little links telling me that the U.S. has just pulled out of the ABM treaty, the army has admitted to producing anthrax in Utah, and that the FBI has confirmed the existence of Magic Lantern... unbelievable.
If John Ashcroft wants to read everyone's email, let him. I propose that, from now on, everyone put AskDOJ@usdoj.gov in the cc: field of all your personal emails. (That's John Ashcroft's "official" email address, as posted on the DOJ web site. Pretty lame, eh?)
Now, why is this a terrorist act, and why am I thus posting as AC? Because it could be construed as a denial of service attack on the DOJ mail server. DOS attacks "calculated to influence or affect the conduct of government by intimidation or coercion...or to retaliate against government conduct." are among those "hacks" now considered terrorist acts.
If you live in the U.S.A. be afraid. Be very afraid.
Hello civil liberties lawsuit!
American style would call for "period." Morons! and not "period". Morons! Interesting that you punctuated in the Brit style that you don't seem to care for.
i am an american and was "educated" in american schools. i always fought with my teachers about placement of end punctuation vis-a-vis the quotation marks. my sophomore year in high school i finally decided that i was going to place the period/exclamation/question outside the quotes, and if they wanted to deduct points i really didn't care. this was bad for my grades but good for my character, because i learned that being deliberately wrong can be satisfying.
of course, these days, postpostpostmodern formlessness has eaten my writing habits -- i mean, i can't remember when the last time was that i wrote anything that wasn't email or requests for video section reposts on a.b.m.e.m.
writing is dead, long live the written word!
Hollywood, Television, has become the dream machine. We need to take that back; each of us is a Dream Machine
and now that you, in you'r infinite wisdom, have abolished the difference between nouns and pronouns, whats next on you'r agenda?
i recommendation verbs and nouns. i always mixture verbs and nouns and belief that they debt change. you belief so too, eh?
As a matter of comparison, my Windows 2000 box has no such vulnerability. The first time I went to Windows Update, I checked the box that said "always trust content from Microsoft Corporation." Therefore, only Microsoft's real certificate will be accepted by my machine. Even if the FBI forces Verisign to issue an impostor certificate, it will be detected and thwarted
I applaud your investigation of the security flaws inherent in package updating, but do you really trust Microsoft to not cooperate with the FBI (i.e. provide a 'genuine' Microsoft certificate) in exchange for more federally-redeemable Brownie Points?
Make your voice get heard by those who supposedly represent you! Follow this ACLU link and email the Bureau of Prisons today! (and mention this slashdot article too, perhaps they'll actually read about what they fail to represent).
Use my userscript to add story images to Slashdot. There's no going back.
The only defense for an attack which was described here that I can think of, is to have a distributed network of CRC values for all files; in a gnutella-type fashion - then once you've downloaded your binary; you can verify your CRC with thousands of others who have the same file.
Just my thought - it would make *me* feel safer.
You can run but you can't hide, except, apparently, along the Afghan-Pakistani border.
right now its:
You need to get out more.
Mod what now? I dont understand.
I went to McAffee's web site to look up information about their antivirus products. And this is what it says:
I don't want to run any of their apps. I wanted to look at a web page and find out about what products they have. But they don't want me. Fine, I'll look at someone else's products instead.
I guess this isn't really a big issue for McAffee, because most of the people who would need Windows virus cleanup tools, would be the same exact kind of people who would have Javascript enabled. Strong correction, little actual marketshare loss.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I certainly have thought that the government has back doors in commercial software. I am sure they have designed it and are implementing it today. This Magic Lantern stuff is misdirection, I rather believe that parts of windows is being modified with Backdoors developed that lay dormant until activated as to avoid detection. Think it could be hidden in microsofts product activation, communicating over that protocol, or being activated and sending out information every time you send mail. Lets face it the government employs some very smart people, I am sure they have developed hacks for cell phones and cordless telephones, they have the capability to tap any phone line and probably privileged access to many corporate computers. US intelligence funding goes mainly to technology what exactly do we do with it.
Tsck Tcsk, I would expect better from someone named 4of12 and a self proported Star Trek viewer. Say it with me now, Holodeck. Holo, like Hologram or Holography. And BTW it's Moriarty.
On the flipside, I do think your analogy of Moriarty's holodeck is a pretty good one.
man RTFM
No manual entry for RTFM.
I agree, what a bunch of loosers!
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Do not get so worked up. All the FBI really did was say, "Tag , you're it!". Getting mad doesn't fix the problem at hand. And if you don't see a problem, heh, goooood.
Here's my thought:
bootable OpenBSD cd that has the normal desktop OS packages on it, so that I can boot into an X session from the CD.
It will use tmp space on the hard drive or RAM for working within (emails, documents, etc.) and save to floppies or CDR if I must.
If I get magic lanterned during a session, all I have to do is reboot (dumping RAM and tmp space) and keep going.
So, while not perfect, it will keep me from being keylogged for long, even if security through obscurity (openBSD) fails me.
Now, if Plan9 or Atheos were me choice, and able to do this, I'd be pretty well obscured from magic lantern. I wonder how good OpenStep would be at this?
Stupid question perhaps...I may have misread...
The spokesperson stated that they would have to use the appropriate legal channels to use ML...does this mean that they have to have a warrant to install the trojanon suspect systems? If so, how do they target that particular system, especially if they are using IDS's? I can see how they could force a major corporation (such as Microsoft) to bundle the trojan with a patch/SP which everyone who runs that system would use, but again, if they have to get a warrant to install it, it becomes impossible to target a specific system for install...
Am I clueless here?
"The difference between meat and fish is that if you beat your fish it dies"
that's because they are seperate words that already MEAN possesive. its is NOT a seperate word from it, it just has an affix stuck on. and in case you hadn't noticed, it's the ONLY word where the possesive affix "can't" have the appostraphe.
No dick cheese, "its" IS a separate word that means possesive, that's the whole fucking point! It is exactly the same as "his" and "hers" which is why I made the comparison. The pronoun is "he", and the possessive form of that pronoun is "his". The pronoun is "she", and the possessive form of that pronoun is "hers". The pronoun is "it", the possessive form of that pronoun is "its". But for some reason you and a million other lemmings insist on putting an apostrophe in the middle of it. "its" and "it's" are are two different words and they mean entirely different things!
There is a very simple rule to follow: If you ever consider using "it's" in a sentence, replace "it's" with "it is" or "it has". If the sentence still makes sense, then "it's" is correct.
Example: "I have a cat. It's brown." Now for the test: "I have a cat. It is brown." That makes sense, so "it's" is OK.
Now for another: "I have a cat. It's paws are dirty." And the test: "I have a cat. It is paws are dirty." Doesn't make sense does it, so "it's" cannot be used.
Make sure you do your research before bashing someone about the correctness of something that is easily verified. It's as simple as going to Dictionary.com:
Usage Note: Its is the possessive form of the pronoun it and is correctly written without an apostrophe. It should not be confused with the contraction it's (for it is or it has), which should always have an apostrophe.
If it's too hard a concept for you to grasp that maybe it should work just like every other word out there, and make things easier for us, then I fully expect yopu to be using whom wherever it is called for, as well as quite using conjunctions in written speech, as those are equally "incorrect".
The difficulting in grasping is with you and the other morons that can't understand that "its" and "it's" DO work just like every other word out there! By "easier for us" you mean "let us use whichever one we feel like typing, in whatever context and have it not be wrong." "Who" and "whom" is another elementary difference that should be easily understandable, as well as the relationship between "I" and "me". And contractions gained acceptance in the 1500s, and are easily recognized and understandable by everyone (when used correctly), so they ARE 'correct'.
The answer is not to allow every dipshit that doesn't want to learn the basic fundamentals of the most common words of his language to "change the rules" of that language to a dummer version. You would just keep dumbing down other words, but since there isn't any logic behind it, everyone won't be able to follow it equally. So you'll end up with the speech that 14 year old web site hackers currently use as "official English" while other equally corrupted versions are also "official English", and you start getting dialects within a language that other people can't understand, and prevent people from communicating with each other.
Yes, languages change. Yes, add new words to the language to describe a technology or idea that has not existed before. Yes, if an existing word's definition has been universally been altered to something significantly different from its old meaning, add that new meaning to the dictionary. But do NOT throw out the rules of grammar; that is not progress.
Sometimes the best solution to morale problems is just to fire all the unhappy people.
Half a day after FBI confirmed the existence of the Magic Lantern project (on Dec 12) CryptoHeaven released v1.0 build 7 of their client software with an optional Virtual Keyboard for passphrase entry to fight the key logging trojans. The privacy and security of the passphrase is of utmost importance to the clients. Virtual Keyboard is a graphical interface where users can select letters and symbols with a mouse from a randomly ordered list to form a passphrase, thus eliminating keyboard use. "We must fight for privacy and encourage other companies to do that too" developers spoke unanimously. http://www.cryptoheaven.com
<shameless plug> If you think there are valid reasons to get an offshore certificate to sign your packages, then see www.quovadisoffshore.com which is an offshore trusted third party certificate authority.</shameless plug>
I personally think the offshore cert is "safer" from compromise by US legal and business interests...
"I figure you're here 'cause you need some whacko who's willing to stick his finger in the fan. So who are we helping?
The FBI/DEA is using new technology to catch recreational ecstacy users. They implant a chip in pills to track dealers/users. Just one more invasion of our privacy... keep ur noses clean... ;-)
THANKS FEDS!
the link iz here www.overgrow.com/edge/sho...adid=82056