Slashdot Mirror
Network Associates Buys "Better Carnivore"
ShaunC writes "CNet is reporting that Network Associates has just purchased a software company called Traxess, whose main product - DragNet - supposedly makes Carnivore look like a toy. DragNet is capable of monitoring everything from email to web, FTP sessions to IMs, even print jobs and VOIP conversations; sorting the protocols and logging it all to disk at gigabit speeds. One NAI exec envisions "the government using it to investigate employees and hackers." NAI has also issued a press release about DragNet."
I am no longer filtering spam. I'll make those suckers wish they didn't monitor my email!!
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
they bought a port scanner and logger.
Whoop de shit.
DrLunch.com The site that tells you what's for lunch!
I will continue not caring as I use my SSH sessions with impunity.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
All they need to do is set slashdot.org to 0.0.0.0 in the hosts file and productivity will go up 500%!
..there will be a startup to make a product. Even if it means the end of privacy on the internet. This doesn't surprise me at all.
Dirk
Encrypt your traffic!
They might see that it is SMTP traffic, but they can't see what you wrote. They might see it's web traffic, but they can't see exactly what it is. They might see an ssh session, but they can't sniff your root password. (Thanks to sftp, they can't grab your password there, either!)
Since some protocol headers can't very well be encrypted, there's no good reason to try running services on alternate ports; maybe now I can finally get my friends to install PGP (or similar) on their machines.
As long as this technology is not used against whites, what is the big deal? In light of 9/11 it is clearly obvious that the government is going to be focusing on immigrants (in particular, immigrants from Arab states.) When has a White ever committed terrorism against the US? What are all of you fearmongers really afraid of?
I am the only one who read "better carnivore" as "sharks with lasers"?
If you thought the idea behind carnivore was bad.... wow. Where do theses people live? Must be under a rock... they obviously don't remember the backlash there was against carnivore... now they're making an announcement about it?! how smart is that...
Of course Carnivore was pre-9/11 and I'm sure they'll spin this off as "Counter-Terrorism".
Its funny, every time I hear "War on Terrorism" or "to help counter-terrorism" I cringe because thats probably one more civil liberty being dragged off into some room to be beaten and interrogated...
but thats just my 2 cents on it.
"If I were bound by all laws everywhere I'm sure I would have committed a capital crime somewhere."
it's a company we can all trust.
---------
Launch all sig
Better reason to start encrypting everything. I do hate to see this type of power in the hands of a private company, though I'm sure monitoring like this has been done before. This tool just simplifies the data collection into a central, easy appliance.
My .sig beat up your honor student
"Eureka! We've got the evidence we need to convict! Too bad he died of old age a couple years ago..."
A feeling of having made the same mistake before: Deja Foobar
Comment removed based on user account deletion
Hey, you forgot to put your own sig on the list. Seriously, why?
Perhaps we should get cracking on an encrypted proxy that is peer to peer now...
;-)
Filtering traffic that is encrypted is like getting a haystack full of needles of which only one or two are sharp
Software such as Peekabooty would be efficient at getting just http secure, or PGP is great for email but encryping all packets and hiding your ips would be the comprehensive privacy solution to the problem of an all knowing sniffer.
.: 2+2 = PI SQRT(1+N)
ease up guys...NAI's just living up to their slogan - "Your network. Our business"
Don't you just love network spyware for corporations? It's fitting for Network Solutions, though:
Network Solutions: The Dot Commie People
~Dalcius
Rome wasn't burnt in a day.
I hope that if they put that much effort into it, it can act as man-in-the-middle for all your ssh traffic.
Can't have everybody getting around our spiffy new spyware now, can we?
At least somebody finally bought it.
___ I don't respond to Anonymous Cowards, and I Never Mod them UP.
The Creature demo. Hit the spacebar to hear their tribute to Dr. Evil.
Yeah , and as we all know , windows is sooo well written there'll never be another backdoor they could use to get hold of your stuff , oh no , won't ever happen , never...
Well there is one positive thing to this story, the fact that a private sector company got a hold of this software before the govt. did.
At this in this case, NA will be somewhat hesitant to allow the government to use this technology (the FBI could even turn it against NA!) to invade the privacy of citizens, whereas as we saw with Carnivore, the FBI pretty much gave us the answer "we have this technology and we are going to use it, too bad!"
Wow, this technology sounds incredible. Anyone who's run a packet sniffer on even a smallish office LAN (for debugging network problems, I swear! :) knows that it's nearly impossible to keep all of the different ports, protocols, and IP addresses straight.
It'll be great to see what law enforcement can do with this. I imagine if we'd had this kind of tech in place a year ago, we might have averted 9/11 altogether, so maybe this will help ensure it never happens again. Imagine the power: wondering if Tom R. O'Layman is funnelling money to the IRA? Just click a button and check out his emails, phone calls, and web history. It looks like we're headed toward a new era of public safety.
Karma: Good (despite my invention of the Karma: sig)
So, the govt and nai will then be opening the worlds largest pr()n sites from the stored cache?
Well, why not!?
Re "Junk company" -- well, here's the comment in the article that disturbed me the most:
"After acquiring more than 40 companies from 1994 to 1998, Network Associates took a break to restore profitability and integrate its new additions. The Traxess deal is Network Associates' first buyout in four years."
That's 40 companies, and gods know how many products, that for the most part vanished off the landscape. Why compete with another product when you can buy it out and kill it? And remember, NAI/McAfee's antivirus is the one that requires every sort of Windows scripting vulnerability be enabled to do auto-updates (and yes, I know what McAfee said about creating a market for antivirus products). Makes me feel just SO confident in whatever they might do with a sniffer-type product. [/cynic]
So where does one find this IPSEC?
~REZ~ #43301. Who'd fake being me anyway?
Look up at many intersections nowadays. See those tall white posts with white boxes on the top?
Cameras.
A few months ago we eval'd NetVCR and NetDetector.
http://www.niksun.com/
I guess it all depends on how the product is used though. We were looking for a forensics tool to compliment our IDS systems not something for spying (although it could easily be used that way as well).
If joe user would wake up and learn to encrypt his email (GnuPG). Alas, I have ranted about that to many times. No one listens.
UNIX/Linux Consulting
-Peter
:)
ill stick to ssh in my secret comms
Liberty freedom are no1, not dicks in suits.
It looks to me like they're going to market it as a tool for extra paranoid sysadmins. On one hand, I think it would be cool to be able to easily reconstruct common types of traffic on my own network. (Think Cuckoo's Egg reborn!)
Of course, it would be foolish to think that Carnivore won't ever be replaced with something new and "better."
Sigh.
I'm just going to stop communicating with everyone except the imaginary people in my head. That should stop their snooping, my tin foil hat protects me from the goverment mind control rays!
the whole internet. While it's obviously no good that something like this exists, I'm not too worried. Sure RIT (the college I'm at) could install one of these systems and see what I do, but there is no way that anyone can watch the whole internet. And as other have said, encryption is nice. VNC is encrypted too.
The GeekNights podcast is going strong. Listen!
https://www.encryptedsite.com/joe instead of https://www.joesmarvelousworld.com
all the real criminal commiting serious crime like murder, rape and armed robbery live in the hood and generally do not use computers. DragNet will fail to find these savages.
Its time you wake up and support programs like this http://www.4carnivore.org . Keep America safe.
I hope it has fun monitoring my SSHv2 connections. Traffic analysis is fine with me. Eavesdropping on plaintext conversations is not.
Everyone should use good encryption! The EFF should start a fund to develop easy to use encryption infrastructure for the masses.
Needed:
FTP clients that transparently use SFTP whenever possible, and warn the user when their session is unencrypted.
Seamless plugins to mozilla-mail and other popular standalone and web-based email clients to allow for easy key-exchange, signing, and encryption. Ideally the email client would automatically encrypt whenever it had the recipient's public key, and there was an automated mechanism to retrieve that key via an email attachment. Likewise, the client would automatically sent out attachments with your public key to all your recipients along with your normal email so others could use them.
Encrypted IM. Jabber, please save us. IM clients should be written to prefer jabber servers over "all your conversation are belong to us" style servers such as AIM and MSM.
FreeNet. Take however long it is necessary to do the right thing. Just don't give up. We need you.
Screw security update, new applications, and hackers. I'm unplugging the cables for all my users, giving them post-it notes & floppy disks, and taking a vacation.
Thou shalt encrypt.
(And keep bastards away from the physical layer.)
...What's the big deal? Seriously?
a.) It's a computer sniffing the traffic. No big deal. I prefer a computer getting nauseated by my lovenotes to my gf than a human.
b.) Who's been busted by it? I mean if I saw a story saying somebody was improperly jailed over it, then yeah I'd be all over getting it removed.
c.) Who didn't expect this after 9-11? What I think will happen is they'll sift through the data and realize "there's nothing we can do to use this to stop another attack." However, if everybody stars PGP'ing everything, then they won't stop until they've got the technology to break encyrption. The good news is that it might aceellerate development of a quantum computer, but once that's done you're hosed.
d.) Despite what scifi movies tell us, the Gov't can't really use this to control anybody. What resources do they have to use this for blackmail? "Heh, you think my wife's going to believe I had cybersex with a 13 year old? HAHAHAH!" It's not like the United States is hiding a Clone Army ready to swoop down and restore order.
e.) You're not being very smart if you're putting sensitive info on the net to begin with. Never mind the Gov't, somebody could be watching everything you do right now. It might be your employer, it might be a curious trainee at your ISP, it could be somebody playing with one of the servers routing your data. If info you are transmitting around the net is so sensitive you don't want the gov't anyway, you'd best be encrypting it anyway instead of acting surprised. Security on the internet is a pipe-dream. It wasn't built that way. Heck, this post is going to go through 19 different computers before it gets to the Slashdot server. You guys are worried about carnivore variants? You guys should be worried that you can't attain privacy on the internet PERIOD.
So maybe I'm being naieve, but I don't see it is a huge stinking threat that wasn't already there. It's certainly not going to change my privacy habits.
A woman on slashdot? I don't think so...
The technology itself is fine, and potentially beneficial, if properly and very narrowly used. It could accomplish a lot of good. But any good it could accomplish would be obliterated by the vast rights violations that would take place if it was mis-used.
In other words, this technology should be controlled by courts, which would grant access to government agencies to use it (i.e., by giving a temporary pass for limited purposes) for very specific and targetted purposes, when warranted by probable cause or reasonable suspicion.
But if we fear this kind of technology and want to outlaw it off-hand, declaring the technology evil, then we're no better than the RIAA/MPAA, who want to ban technologies (DVD-R(W), DVD-RAM, CD-RW, CD-R, P2P, etc) simply because they *can* be used for illegal purposes.
social sciences can never use experience to verify their statemen
I am not even sure how I feel about "advances" such as this. On the one hand I am glad that things are moving in a direction so that criminals can be caught quicker (or even before the act) but at what cost? I don't plan on ever commiting any sort of crime that would make me the target of such a system, however I would hate to be the victim of a misunderstanding or data glitch. It seems to me that the ability to gather information in this way needs to be tempered and balanced in some way with expanded rights to protection and defense or else its one sidedness will bring more damage to our society than the persons and acts it is designed to defend us against.
Data collection is useful only if you can analyze the data. There's no way with millions/billions of records stored this product will manage to expose that information in a useful way.
Unless, that is, they couple it with a high-speed database such as the addamark log management system, a high-compression Linux/SQL/Perl query engine.
"Your network. Our business."
My motto is:
"My network. None of your business." but I guess that is where they and I have a parting of the ways... ;-)
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"Went right over your head, didn't it? So sorry.
We need to kill this YRO-infringing monster by getting the people who own the rights to the DragNet TV series to sue these guys' asses off :-)
Fire with fire.
--
What short sigs we have -
One hundred and twenty chars!
Too short for haiku.
It's not that hard (at all) to install Eudora Light and PGP for Windows (since that's what all my non-techie friends use). Urging them to use a different email proggie and/or browser should be simple if they get bitten by "drive-by downloads" that randomly spawn porn windows; that's how I got my folks to use Eudora and Mozilla. :) However, PGP has Outlook Epress plugins, so it will work even if they refuse to use a different email client.
Encryption does not have to be a major pain to deal with, either. Frankly, the secret key DOES NOT need a passphrase to decrypt a message. I've set my folks up with a strong private key with no passphrase so they just open the message to read it as normal. (To encrypt, it's just another button.) Yes, I know this means that I shouldn't ultimately trust that a signed message is from them, but the whole point of encryption, in this case, is to "put your letter in an envelope"; to make it harder to arbitrarily read.
This solution does that nicely.
I'm waiting for someone to figure out how to detect, and then break into a Carnivore or similar data-logging host.
It's got CPU, it's got a network interface. Odds are it has some exploit that'll work.
It's too bad that they can't make sense of all that data just as fast as they accumulate it. Maybe then they could put that information to better purposes instead of some BS war on terrorism, like catching those who use the 'net to proliferate, such as pedophiles and child molesters and other such lower forms of life.
What happens if the FBI has a hooker sting all laid out and decides to catch one more fish in it? After all, who is the judge going to believe? The FBI, or a suspected terrorist? :P
If you had encrypted it, there wouldn't be any temptation to abuse the information sent.
requires every sort of Windows scripting vulnerability be enabled to do auto-updates
Not true.
Unless it automatically associates the spam with you...
In this case, they've profiled you as having an odd fetish for watersports and interspecies mating, as well as having an undersized libedo among various other email discernable details.
Suddenly the police show up at your door with a search warrant for unlawful pornography... and your boss demotes you for similar reasons...
Make everything encrypted and make it easy to use.
If it is really easy to use, it will likely be insecure anyway.
It is safer to have people know it is insecure and act as such, then to operate under a false sense of security because they use N-bit encryption.
There was an article on /. about this exact thing a while back; in the D.C. area, cops have it set up as a cash cow operation: shorter yellows, improper camera timing, etc.
The kicker was, accidents (usually rear-ends) INCREASED at camera-laden intersections. So much for "safety".
Not to mention that the potential for tracking you just got a little higher.
And this comes from the same company that put PGP into 'maintainance mode'. How long do you think it'll be before they put this promising technology to a premature end?
This has been a test. Had this been a real emergency, we would have fled in terror and you would not have been informed.
I don't know about the rest of you, but when I hear the words "Drag" and "Net" together, all I can imagine is Dan Akroyd as Det. Joe Friday doing the Can Can in Goatskin trousers..
Check this out. This FAQ regarding Palladium, in addition to the endless quest to engage in unreasonable searches (a al Carnivore and its brethren), are going to make for some interesting times. It gives rise to what I think is an important question - what happens when one or more private entities act in consort with a government to subvert the premises on which a society is founded?
I bet that Maxtor, frustrated by low demand for their 160GB ATA133 drives, created this software. By running it, customers would fill up hard drives "at gigabit speeds." Brilliant!
Under Communism we see:
Oppression, suppression and repression of the public and its will by the state.
Under Modern Capitalism we see:
Enriching of the few who sell the tools to facilitate oppression, suppression and repression of the public and its will by the state.
While it's not mentioned in his profile, anyone who cares to pay attention knows that NanoGator is an ass...
This gives you an interesting possibility: hide important mail inside a fake spam mail. As long as the person you're sending it to has their filters set up correctly to receive your mail, they would get it while anyone monitoring your email would have it filtered out.
Alphanos
it was:
cxzncf fdsajffirtur9340 saaafaa))P)Pf djfkjccn,fggrr irifk sdafjogjfklgurejg isafhsiohgosfu hfhgjpiogurio[a t589dfsmsapppyQ!3 hgvwerut90307948yt89ryudpojps [k]aitw90ug sup'hk
They admitted though they were stumped about what it said.
...now complete with DragNet Backdoor! (TM)
I think I saw the eyes in that jpeg watching me...
Whilst this story may grab the headlines, an application that has very similar functionality already exists and can be purchased today. I have a friend who works for Silent Runner ( http://www.silentrunner.com/ ) and believe me, this is already selling well to top corporates and governments / police forces here in Europe. Created by Raytheon, who work closely with US Government on many levels (NSA, CIA, Military - they make the software for the Patrior missile etc), Silent Runner is the one to look out for today. This announcement by NAI is them attempting to play catch up in the market. Their product is not yet ready to sell (ie you can't buy it today), whilst SR are quietly installing themselves in many large organisations. Big brother is already here!
they are using the most advanced eavesdropping/spying system on the planet to monitor employees and hackers? i know hackers are officially terrorists now...but employees?
Stop the Slashdot Effect! Don't read the articles!
The biggest problem that they face is replacing people who commit suicide after about a week of reading that stuff.
Okay, you have massive amounts of this raw data. I have always thought the problem isn't the collection of the data but rather the mining of the data. Am I wrong? and I didn't see anything beyond the data collection in the article.
If you don't understand the context of the traffic.
/tell offering to sell some stupid item that no one would buy while standing in a certain town at a certain time. How the hell would their system be able to decode such a message?
For example if I say play Everquest and
To them it would just look like I'm playing Everquest.
Okay, if the cops get to watch us all the time with cameras, why don't they let us watch too? Why not put the closed circuit feed onto the net, or cable tv? I mean, have you ever put a camera on a cop before? I have. They aren't exactly happy about it, and you can argue all you like, but they have intimidation down to a science. But if they can watch us, why can't we watch them?
I've got a bad attitude and karma to burn. Go ahead. Mod me down.
Sure, it's better than nothing, but Dug Song's work on Dsniff (and the resulting controversy) clearly revealed that SSH is not a panacea to sniffing and/or session hijacking. In fact, with a compromised network host doing ARP spoofing it's probably nowhere near as secure as you think, especially if the clients and servers aren't set up with appropriate configurations. (i.e. only allow SSH2, don't allow log in as root, perhaps even use skey if necessary, etc.
Also, if you use Windows, don't let WinSCP save your password in the registry. (as it tends to want to do so by default). WinSCP (and perhaps PuTTY?) also saves copies (unencrypted!) of any files you transfer in plain sight, right in your Windows temp folder! argh!)
I'm not saying it's futile - SSH is a good step in the right direction, obviously miles ahead of Telnet or FTP, but it's not the cure-all some people seem to think it is. So, you might want to think twice about how "secure" your little SSH session is before bragging about it on /.
Otherwise, you're just drawing attention to yourself. (shh! the feds might hear us. ;-)
Free music from Jack Merlot.
The content is encrypted, and if you are that worried about someone knowing who and where you are mailing/going, set up a server of your own to use as a bouncer.
The point of this is that if everyone starts encrypting their traffic, sniffing suddenly loses a large chunk of its usefulness.
What is the point in wasting money on this stuff. Dont governments have anything better to do? If a terrorist/criminal is so stupid that they dont encrypt all their communications then surely they are going to be caught doing something equally stupid, such as turning up to the airport with an AK under their arms. Al'Qaeda are not small time, they are far more competent than the American government in so many ways, they arnt going to be caught out with an un-encrypted email giving an exact time and location of their meet-up point to plant the nuke. Sorry, get over it, your just going to end up with 500TB of porn, spam, and cybersex logs, and afew bragging emails about how some kids wheeled some shopping carts full of road signs down the street on a drunken night out.
This comment does not represent the views or opinions of the user.
So where does one find this IPSEC?
Here.
Guess I didn't RTFA close enough.
-StupidKatz
Although tps12 has a trolling history (usually pretty good at it, too), you need to distinguish between humor/satire/sarcasm and trolling. I don't think this was a troll post.
The main problem with the moderators is that they usually cannot make this distinction.
There is also Raytheon's SilentRunner and Niksun's NetDetector. But while the privacy wonks are running scared, they are missing the essential usefulness of these tools. It's for forensics - something goes wrong, you can go back and see what it was. I can't comment for the other tools, but NetIntercept makes digging 500,000+ connections from 2 weeks ago easy.
Yes, I work for Sandstorm. Our motto, "Tools with Sharp Edges". Its a fun company.
Never send anything unencrypted that you don't want to have appear in court.
Get a floppy and put the keys for symmetric cipher there, then exchange new keys using the secured link.
I took a couple of classes at their HQ (near Washington DC of all places), and there were a lot of big government acronyms in the room taking the class with me. If you know the RetrievalWare product, you'll know that it has a lot of features which are perfect for wading through very large amounts of data, with minimal false positives.
RetrievalWare also does conceptual searching (very complex thesaurus) and OCR searching (works well for misspellings and l33t sp33k too), and all can be run through filters that continuiously scan a stream of data... weighs the results, and alerts the user to matching hits above the result threshold.
I've always assumed it was RWare they were using, does anyone know if this is true? =)
Please consider making an automatic monthly recurring donation to the EFF
Collecting the data now doesn't bother me. What bothers me is when I look for a new job 20 years from now, only to have my potential employer pull out a breifcase that holds EVERYTHING I've done on the internet since 2002 (Including all encrypted stuff, I'll bet brute force methods are a lot easier with faster computers).
But for me, that isn't a big deal, I'm already an adult. What happens for my kids, where they have their entire lives scrutinized before being given a job? What happens if they get in some trouble and are put in juvenile detention, but then they clean up their act? Will that be a permanent black marker on their file for the rest of their life?
What if they have controversial ideas or views?
This isn't about data mining for the present, when you are a sheep in the herd, no one will notice you. When people look at you as an individual, they will know everything about you, personal history and otherwise, that is what this is about.
Have you ever run a google search on someone? Imagine the results coming up with everything that person has done on the web, and being able to make sure it IS the person you wanted to look for.
10001001011101000 1001010101220001020
1998008 84884k8938833yhk 37836 hdf088
238jj3487 8sdowu2 9430049498Zj djd833
893kku usoiutj 847840 s8837jjjm d 849
8sk84k ss9 8d 898 467125125`65273 0-8
To think the entire thing is rendered useless by my wide use of ssl, ssh and Freenet.
But alas, maybe they'll catch a lot of really careless people.
Hey freaks: now you're ju
It won't. My cycles are already devoted to seti@home and distributed.net, i will not spend more on encryption too.
well, maybe if hardware crypto cards become standard...
Today i read Slashdot and suddenly feel that maybe the time is ripe for PGP for just plain old email's... when just yesterday i read a article asking me not to do that ;)
Dear FortKnox,
It has come to my most desired attention that you have established a presence on the internet via the member ID "FortKnox" on the slashdot.org discussion forum. It is to the benefit of myself, my co-workers, and the Former British Colonists of America (vessels in another land; Admiralty Jurisdiction reserved to Great Britain) to inform you that due to cirmustances of constitutional proportions, the establishment of the Federal Reserve Act and abolition thereof has released all property and interests of "Fort Knox" and is no longer a required service. Effective 12:00pm, Friday the 13th, September 2002, you have hereby received this affidavit to dismantel, abolish, destroy, de-construct, un-lease, surrender, and vacate the property formerly known as "Fort Knox" and release all accounting information and contracts unto the jurisdiction of the National Government of America (Department of Treasury). Should you not comply, you will be liable for no less than $1,000.00 Federal fine, no more than $250,000.00, and commit to no less than 5 years of federal imprisonment. Thankyou for your understanding. God save the queen!
Sincerely,
Sir Bob Cristand Sr. (RBGCeqT 1941, United States LLC)
Hopefully, if this technology is ever used by the government, they will not openly violate our rights by letting such a system scan and record ALL traffic on a certain ISP. That would be like asking for a phone tap on one house and listening to the conversations of a whole neighborhood.
SIGFAULT
I am very disturbed that a private company has the ability to monitor us like this, while encryption would certainly deal with the problem, I don't think EVERYTHING I do should need to be encrypted. I would think that current laws would prohibit the use of this technology on a wide scale. If they don't then I would hope companies would know better than to use this to monitor what people are doing in their private lives. If they want to monitor the websites I go to they are welcome to try, but if they try to monitor my email, regardless if its encrypted or not, they are going over the line.
Moderators, please pull your heads out of eachothers' ass
Thankyou for your co-operation.
There's also NetIntercept from Sandstorm (http://www.sandstorm.net/) which is available and deployed at a number of US sites (and has been advertized on slashdot, for that matter).
Use JAP (translation), a German government-subsidized still-free Internet Anonymizer service. It makes it virtually impossible to track you.
> what happens when one or more private entities act in consort with a government to subvert the premises on which a society is founded?
Grants, pork, regulatory favors, enabling laws for you, disabling laws for your less cooperative peers, favorable enforcement "priorities".
That's what happens. Nothing new.
I'm on a freakin MILITARY BASE, a rather critical one, and I ssh to my home server at LEAST once a day.
I won't work for a company that has such draconian laws, nor will I give them my root password.
We should be out there constructing packet sniffers from hell. Ultra-sophisticated, AI-packed, near-sentient cyberarchfiends at home on 8192-node Beowolf clusters, capable of effortlessly sifting terabit net backbones for exactly what a snooper's little heart might desire, in context and auto-correlated with ATM usage, air travel activity, credit card records, you name it.
All open-sourced, of course, so every organization with a Need To Know from the East Podunk police to the IRS to the UN to the Mafia to your middle-school counselor can deploy this wonderful technology to get the information they need to Do Their Jobs and Defend This Great Nation Of Ours, whichever one that happens to be.
We should advocate laws to make it easier for them to plug in and monitor what they want, when they want. We should volunteer to help set up these monster snooping machines, and train the people who'll use them!
We should do all this because it might bring a bit closer the day when one of those rat bastards misreads an email address or such, sending an anti-terrorist SWAT team to smash down the door of someone's grandparents, whereby Grandpa, who thinks it's drug dealers or something, grabs his 12-gauge and is instantly shot dead by the jackboots, with Grandma catching a stray round in the gut but living just long enough to get the horrific tale out to the press, TV, Matt Drudge, and Oprah, triggering a firestorm of outrage and controversy that finally pounds into the head of each and every Internet user the ugly truth that someone REALLY IS watching their every move on the net, and finally causes developers, politicians, and the public in general to get a fscking clue and make strong encryption simple and ubiquitous, and pass/repeal some laws encouraging same while giving net messages the same protection as snail-mail messages, so we can all have at least a modicum of privacy in our lives once again.
DDB
Life is like surrealism: if you have to have it explained to you, you can't afford it.
For those who wouldn't know a troll if it came up and bit you on the ass, YHBT. YHL. HAND.
HAH! I wouldn't be too worried. I was employed by NAI for a number of years as a QA Engineer. Knowing the development team and how NAI treats newly aquired companies and or software (Take Signal 9 for example and the ridiculous work they did to Conseal) Once Dev. gets there hands on it, they'll 1st. try to smoke it, 2nd shred the code and most likely never get it to work right. NAI's philosphy is simple. "If the customer does not know its broken, then there's nothing to fix." Just ask Shrivats Sampath if he to "drank the kool-aid"
Someone you trust is one of us.
Comment removed based on user account deletion
SSH is only as insecure as the user is stupid, at least with respect to MITM. The only way to do MITM is to get the client to accept a bogus host key, and no one who has any clue what they're doing would do that. And yes, there are plenty of ways to get a host key onto a client machine without relying on an unsecured network connection; think floppies, dead trees, etc.
Of course, as another poster commented, securing the connection itself won't help you if you're connecting to competitor.com from your work machine--but if you're doing that you've got moral problems anyway and deserve to be screwed.
Yesterday on Wired News there was an article about using CDs and overnight mail to get the throughput of a broadband connection. I would like to see Carnavor chew on that. I have been thinking about a P2P network with CDs and overnight mail as the transmission level. Is it possible, probably. Can it be made to work, not sure yet. If it works it will offer a level of security impossible on the internet, encrypted data on a CD encapsilated in an anonymous Fed Ex packet. Back to the future with sneaker net.
Tommasso de Amalfi
If you are not confused
You do not understand the situation
nuff said.