Slashdot Mirror
Network Associates Buys "Better Carnivore"
ShaunC writes "CNet is reporting that Network Associates has just purchased a software company called Traxess, whose main product - DragNet - supposedly makes Carnivore look like a toy. DragNet is capable of monitoring everything from email to web, FTP sessions to IMs, even print jobs and VOIP conversations; sorting the protocols and logging it all to disk at gigabit speeds. One NAI exec envisions "the government using it to investigate employees and hackers." NAI has also issued a press release about DragNet."
I am no longer filtering spam. I'll make those suckers wish they didn't monitor my email!!
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
I will continue not caring as I use my SSH sessions with impunity.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
Encrypt your traffic!
They might see that it is SMTP traffic, but they can't see what you wrote. They might see it's web traffic, but they can't see exactly what it is. They might see an ssh session, but they can't sniff your root password. (Thanks to sftp, they can't grab your password there, either!)
Since some protocol headers can't very well be encrypted, there's no good reason to try running services on alternate ports; maybe now I can finally get my friends to install PGP (or similar) on their machines.
I oversimplified the article and am acting cynical to sound smarter than I really am.
Whoop de shit.
Comment removed based on user account deletion
Wow, this technology sounds incredible. Anyone who's run a packet sniffer on even a smallish office LAN (for debugging network problems, I swear! :) knows that it's nearly impossible to keep all of the different ports, protocols, and IP addresses straight.
It'll be great to see what law enforcement can do with this. I imagine if we'd had this kind of tech in place a year ago, we might have averted 9/11 altogether, so maybe this will help ensure it never happens again. Imagine the power: wondering if Tom R. O'Layman is funnelling money to the IRA? Just click a button and check out his emails, phone calls, and web history. It looks like we're headed toward a new era of public safety.
Karma: Good (despite my invention of the Karma: sig)
So, the govt and nai will then be opening the worlds largest pr()n sites from the stored cache?
-Peter
The technology itself is fine, and potentially beneficial, if properly and very narrowly used. It could accomplish a lot of good. But any good it could accomplish would be obliterated by the vast rights violations that would take place if it was mis-used.
In other words, this technology should be controlled by courts, which would grant access to government agencies to use it (i.e., by giving a temporary pass for limited purposes) for very specific and targetted purposes, when warranted by probable cause or reasonable suspicion.
But if we fear this kind of technology and want to outlaw it off-hand, declaring the technology evil, then we're no better than the RIAA/MPAA, who want to ban technologies (DVD-R(W), DVD-RAM, CD-RW, CD-R, P2P, etc) simply because they *can* be used for illegal purposes.
social sciences can never use experience to verify their statemen
"Your network. Our business."
My motto is:
"My network. None of your business." but I guess that is where they and I have a parting of the ways... ;-)
-WolfWithoutAClause
"Gravity is only a theory, not a fact!"FYI - There are no such things as civil liberties. The U.S. Constitution never mentions them. The ACLU, for example, believes in only the ones they think we should have and makes up some that could not otherwise exist. Statists like to call them that so that they can be taken away or sold - after all, they only exist through civil (government) fiat.
There are only human rights. When people tread on them they are acting less than human. They are undeniable, inalienable, and exist regardless of your race, citizenship, or religion. The U.S. Constitution is the only one that recognizes this and which does not claim to grant such rights. Alas, it's been long since abandoned and now we are reduced to discussing "civil rights".
When you lose the language, you lose the ability to defend the things it used to represent. Stop using the language of the enemy and insist that they recognize and respect your human rights and individual liberties. Live up to your personal responsibilities.
Check this out. This FAQ regarding Palladium, in addition to the endless quest to engage in unreasonable searches (a al Carnivore and its brethren), are going to make for some interesting times. It gives rise to what I think is an important question - what happens when one or more private entities act in consort with a government to subvert the premises on which a society is founded?
Whilst this story may grab the headlines, an application that has very similar functionality already exists and can be purchased today. I have a friend who works for Silent Runner ( http://www.silentrunner.com/ ) and believe me, this is already selling well to top corporates and governments / police forces here in Europe. Created by Raytheon, who work closely with US Government on many levels (NSA, CIA, Military - they make the software for the Patrior missile etc), Silent Runner is the one to look out for today. This announcement by NAI is them attempting to play catch up in the market. Their product is not yet ready to sell (ie you can't buy it today), whilst SR are quietly installing themselves in many large organisations. Big brother is already here!
> glad that things are moving in a direction so that criminals can be caught quicker (or even before the act)
.. placing more emphasis on the analysis of why people do these things could save millions of BA grads from Starbucks and Footlocker jobs, and prevent the american economy from becoming 100% service/retail/maintenance based in the future.
Have you ever heard of the cliff metaphor when discussing technology as solutions to problems?
This town had a cliff. Kids kept falling off the cliff, so they put an ambulance and a few nurses at the bottom. So, people got less careful around the cliff, and more folks fell off. So they added more ambulances and more medical staff. A small group of people in the town wanted to put some signs up at the top of the cliff saying, "Do not approach the cliff. In doing so, you are at your own risk," and conducting some classes around the town on how the cliff is not to be triffled with. But they were ignored. More ambulances, more nurses, more technology were added. Soon, everybody in the town was falling off the cliff. Nobody could act in a responsible manner, since the technological barriers were in place to prevent real-world (tm) tragedy.
This is the real problem. In placing all our eggs in the technology basket, we might be better at catching criminals, but we're doing very little to try and resolve the problem of why people are criminals in the first place. If you ask me which is the smarter society, the one that treats the symptoms, or the one thay tolerates symptoms to deal with cause of the problem, I'll take the society that can exercise tolerance and sacrifice for the overall good of the future. Unfortunately, the cliff story above is particularly blasphemous to the lifeblood of the american economy, the entrepeneur, although it would be music to the ears of all the folks getting BA's in psychology and sociology. Think about it
"Old man yells at systemd"
The biggest problem that they face is replacing people who commit suicide after about a week of reading that stuff.
This is a totally different issue here.
It's not the tool but how it has been used which was the problem.
Exactly the same thing as when you claim that they should not prohibit new technologies because it is their use which can be bad.
Public surveillance cameras are not inherently bad, they can be used for bad things tough.
And honnestly, you really think they need to place cameras in public place to track you?
If you ever happend to be of such interest to the police/fbi/whatever that they want to track your activities, I promess you they have better and more reliable ways of doing it then following your moves downtown on cameras.
I'd rather be sailing...
Okay, if the cops get to watch us all the time with cameras, why don't they let us watch too? Why not put the closed circuit feed onto the net, or cable tv? I mean, have you ever put a camera on a cop before? I have. They aren't exactly happy about it, and you can argue all you like, but they have intimidation down to a science. But if they can watch us, why can't we watch them?
I've got a bad attitude and karma to burn. Go ahead. Mod me down.
Sure, it's better than nothing, but Dug Song's work on Dsniff (and the resulting controversy) clearly revealed that SSH is not a panacea to sniffing and/or session hijacking. In fact, with a compromised network host doing ARP spoofing it's probably nowhere near as secure as you think, especially if the clients and servers aren't set up with appropriate configurations. (i.e. only allow SSH2, don't allow log in as root, perhaps even use skey if necessary, etc.
Also, if you use Windows, don't let WinSCP save your password in the registry. (as it tends to want to do so by default). WinSCP (and perhaps PuTTY?) also saves copies (unencrypted!) of any files you transfer in plain sight, right in your Windows temp folder! argh!)
I'm not saying it's futile - SSH is a good step in the right direction, obviously miles ahead of Telnet or FTP, but it's not the cure-all some people seem to think it is. So, you might want to think twice about how "secure" your little SSH session is before bragging about it on /.
Otherwise, you're just drawing attention to yourself. (shh! the feds might hear us. ;-)
Free music from Jack Merlot.
There is also Raytheon's SilentRunner and Niksun's NetDetector. But while the privacy wonks are running scared, they are missing the essential usefulness of these tools. It's for forensics - something goes wrong, you can go back and see what it was. I can't comment for the other tools, but NetIntercept makes digging 500,000+ connections from 2 weeks ago easy.
Yes, I work for Sandstorm. Our motto, "Tools with Sharp Edges". Its a fun company.
Never send anything unencrypted that you don't want to have appear in court.
Collecting the data now doesn't bother me. What bothers me is when I look for a new job 20 years from now, only to have my potential employer pull out a breifcase that holds EVERYTHING I've done on the internet since 2002 (Including all encrypted stuff, I'll bet brute force methods are a lot easier with faster computers).
But for me, that isn't a big deal, I'm already an adult. What happens for my kids, where they have their entire lives scrutinized before being given a job? What happens if they get in some trouble and are put in juvenile detention, but then they clean up their act? Will that be a permanent black marker on their file for the rest of their life?
What if they have controversial ideas or views?
This isn't about data mining for the present, when you are a sheep in the herd, no one will notice you. When people look at you as an individual, they will know everything about you, personal history and otherwise, that is what this is about.
Have you ever run a google search on someone? Imagine the results coming up with everything that person has done on the web, and being able to make sure it IS the person you wanted to look for.