Comments on: Comments on 12704

Post number 12704

hobbes — Wed, 28 Nov 2001 18:35:04 -0800

In lieu of the Magic Lantern thread, Symantec will be ignoring the FBI trojan. [taken from ./]

By: hobbes

hobbes — Wed, 28 Nov 2001 18:38:46 -0800

Hopefully the hacker community will fix this corporate conniving. =Þ

By: jragon

jragon — Wed, 28 Nov 2001 18:44:46 -0800

(looking adoringly at G4 running OSX)

By: phalkin

phalkin — Wed, 28 Nov 2001 18:55:08 -0800

i reserve a doubt about whether the FBI has the moral scruples to use any such software responsibly. much less the MPAA.

By: danwalker

danwalker — Wed, 28 Nov 2001 19:11:55 -0800

Dotslash?

By: iceberg273

iceberg273 — Wed, 28 Nov 2001 19:16:04 -0800

Dotslash? Dotslash.

By: websavvy

websavvy — Wed, 28 Nov 2001 19:19:26 -0800

Please, /. is so long. Typos are pretty much inevitable.

By: jmd82

jmd82 — Wed, 28 Nov 2001 19:34:36 -0800

MPAA? i'm more scared about the RIAA...

By: yangwar

yangwar — Wed, 28 Nov 2001 19:40:41 -0800

The article states that Symantec will not detect magic lantern but will detect any variants. To me, this means that Symantec will go through the trouble of identifying magic lantern but not release it in their virus definition files. They will purposely ignore it. What happens when firewall makers start purposely ignoring attempts to broadcast on certain ports? This is a major, major digital civil liberties issue and I can't believe that you people are bitching about typos. Imagine that all new telephones had a recording feature that you couldn't disable which could be remotely activated by the government and secretly broadcast your conversations. Now imagine that those telephones have speakerphones which are always on, monitoring everything you say within earshot. Would you be so carefree then? Jragon: Do you really think that the FBI will only make a wintel binary of magic lantern?

By: rushmc

rushmc — Wed, 28 Nov 2001 19:41:07 -0800

Anyone know if McAfee is going the same route? I'm ready to switch today if not....

By: emptyage

emptyage — Wed, 28 Nov 2001 19:49:02 -0800

Here's the deal with McAfee. You decide.

By: iceberg273

iceberg273 — Wed, 28 Nov 2001 19:53:43 -0800

If the FBI can't use a trojan horse, they can still break into your office.

By: waxpancake

waxpancake — Wed, 28 Nov 2001 20:12:18 -0800

Or they can always use van Eck phreaking, a la TEMPEST.

By: skallas

skallas — Wed, 28 Nov 2001 20:49:35 -0800

So who's left? Trend Micro's Pc-cillian is what I use. What a great selling point Trend could make if they went against the big two. "Even Detects Government Trojans!" yangwar brings up some great points and I'm pretty skeptical that once magic lantern becomes known to the hacking community the anti-virus people will able to keep up. Allowing one vulnerability is one too many. Scary thought about government ignored packets. I can almost see the world's firewall makers getting an FBI bulletin on ignoring suspicious traffic from this IP block because its us hacking your stuff. Or they can always use van Eck phreaking, a la TEMPEST. Fine. Get a warrant. Go through my crap, its the blatant security laziness that's the issue here and the industry's kowtowing towards it.

By: StOne

StOne — Wed, 28 Nov 2001 21:29:11 -0800

Shades of the Clipper Chip.

By: clevershark

clevershark — Wed, 28 Nov 2001 21:34:37 -0800

Somehow I don't think that users of any UNIX variant who are resourceful enough to run "ps -aux" every once in a while have much to fear from this. OS X users - learn it, use it, love it.

By: Kikkoman

Kikkoman — Wed, 28 Nov 2001 21:54:53 -0800

My hope is that foreign anti-virus software makers (anyone have any links?), or open source initiatives such as nessus, or OpenAntiVirus will try to counter this threat.

By: Danelope

Danelope — Thu, 29 Nov 2001 01:08:47 -0800

"...acquiese to FBI backdoor demands" So, they're taking it in the ass, then?

By: salmacis

salmacis — Thu, 29 Nov 2001 02:19:13 -0800

clevershark: Any unix flavour of Magic Lantern will presumably install "new" versions of ls, ps, etc.

By: dlewis

dlewis — Thu, 29 Nov 2001 03:45:19 -0800

My, don't those intelligence people have a fertile imagination. This is such an obviously unworkable, fantastical scheme that it leads us to one of two conclusions. Either, (1) this is a publicity stunt attempting to show that the government is tech-savvy, or (2) the FBI is full of morons.

By: jragon

jragon — Thu, 29 Nov 2001 06:34:35 -0800

Jragon: Do you really think that the FBI will only make a wintel binary of magic lantern? Couldn't tell ya. But I know the chances of them making one for OSX is lower than for Wintel.

By: CrayDrygu

CrayDrygu — Thu, 29 Nov 2001 08:33:40 -0800

"clevershark: Any unix flavour of Magic Lantern will presumably install "new" versions of ls, ps, etc." They'd have to replace a whole slew of other utilities, too, or there would still be a way to find it. Like this simple way of finding out if any files in /etc (which is where all the startup files are, for the non-linux-users) have been changed, or if anything's been added: md5sum `find /etc -type f` > ~/md5sums Do that right after you install, and you can do it again with a different filename later. Diff the two files and you'll see any changes. They've replaced diff, too? Write a Perl script, and use its filesystem functions. That doesn't work? How about an emergency boot disk with copies of ls, ps, find, and so on? If you're serious enough about security on a *nix system, you can find anything.

By: sonofsamiam

sonofsamiam — Thu, 29 Nov 2001 09:05:33 -0800

Some more comprehensive ways to monitor for replaced files are listed here.