Below is an interesting article that was posted on ZDNET.com on Dec.
4th. A few points:
* Paragraph two states they (FBI) want to use Magic Lantern "in the
war against terrorism" whereas in paragraph 6 they want to use
Magic Lantern "to find criminals and terrorists". It clearly does
not state to monitor or gleam information from suspected criminals
but says "to find criminals". Which one is it. Call me niave but I
think it is the latter.
* Making Magic Lantern and other activity such as Carnivore public
knowledge (one of the few times I think I have ever complimented
the press) has done two good things and I think one bad thing if
you change your paradigm. Carnivore brought to light that you must
use an encryption tool such as PGP. It told folks you need this
tool or something like it to keep others with absolutely no
business from snooping into and intercepting your private
communications . Great lesson from the Carnivore news and the
world benefited. Secondly, Magic Lantern brings to light that
folks must be very very careful with email attachments. Maybe even
to the point of paranoia. I never ever open any email attachment
on my computer that is conneted to the internet. Period. Not even
if my mother's name is on it. Don't even send attachments to me I
tell folks. Great lesson from the Magic Lantern news is that you
must protect you encryption keys. Treat them like gold!!! The bad
thing it has done is place ideas in the heads of those that may
not have ever thought to develop a key-logger for malicious
reasons. It is no deep dark secret that many government and
commerial computer networks lack adequate security and now a new
tool has been brought to light although actually not new. You will
see many malicious code writers developing their own key-logger
trojan because it is the latest craze.
* I use Norton at home (sorry Jimmy... it had the best rebate at the
time) and no I have not read the entire license agreement word for
word but my expectation is that it would scan for all cases where
a signature was available. The public's expectation I would think
would be very high that something this powerful would be able to
be scanned for and detected. I think folks could potentially sue
an AV and argue in a court of law that being able to detect for
Magic Lantern was a "reasonable expectation" based upon the type
of product I purchased and it was marketed to as a detection
program and thus why was Magic Lantern noted detected?. Is this
correct? I agree with the author of the article that collusion
with the FBI would probably begin the downfall of U.S AV company
dominance if not the end for those that were proven in the press
to collude. A company would then loose the trust that is so
important to the success of the company unless you have a monopoly
or something close. I am sure their are others (shadowy webs) with
no alligiance to anyone except the almighty dollar that would
gladly pick up the slack.
* I think with the news of Magic Lantern that makes it already
useless as an effective tool. Kind of like publishing that there
is photo radar at a particular intersection. What idiot would then
run a red light if he know. As the authors of many books on
hacking have stated, "know your emeny". They say this is key and
it could not be more true. I think in the hacker or malicious code
writer world they would say they clearly know whom they see as the
enemy and they are not impressed. Stories are published almost
daily about some sys. admin. not doing his/her job. Hackers and
malicious code writers know that for the most part sys. admins.
may not be well trained or very diligent about security or
applying know patches.
To something more topical... many years ago I played around with a voice
recognition S/W tool but never really understood how it worked
internally. I had issues with reliability and it was cumbersome to use
so I just uninstalled it and never played with it since. Does anyone
know how effective Magic Lantern (or any key-logging trojan) would be
againt a voice recognition key stroke generator tool instead of
physically touching the keys to create and send emails and does this
possiblity even exist with any email tools out there?
http://www.zdnet.com/zdfeeds/msncobrand/news/0%2C13622%2C2829781%2C-hud00025nshm3%2C00.html
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:36:50 PDT