Shades of FV's Nathaniel Borenstein: Carnivore's Magic Lantern
R. A. Hettinga writes: Everyone remember First Virtual's Nat Borenstein's major discovery of the keyboard logger? 'Magic Lantern' part of new 'Enhanced Carnivore Project' [etc] In the same vein, but a different application, does anyone know what the state of the art is for detecting such tampering? In particular, when sitting at a PC doing banking, is there any mechanism by which a user can know that the PC is not corrupted with such a key logger? The last time I checked, there was nothing other than the various anti-virus software. Paul - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Shades of FV's Nathaniel Borenstein: Carnivore's Magic Lantern
Kent Borg writes: On Wed, Nov 21, 2001 at 10:40:11AM -0500, [EMAIL PROTECTED] wrote: In the same vein, but a different application, does anyone know what the state of the art is for detecting such tampering? In particular, when sitting at a PC doing banking, is there any mechanism by which a user can know that the PC is not corrupted with such a key logger? The last time I checked, there was nothing other than the various anti-virus software. I can imagine an arms race between the Feds and anti-virus-types, that is until the anti-virus programs are strong-armed one way or the other into backing down. I am certain that will happen, either behind the scenes or by public law. I think you are toast if you are sitting at a PC and the Feds ~really~ want to catch your keystrokes. That is, if the Feds are acting competently. They might be coy with their good keyloggers to keep samizdat word of their details from getting out. They might save the good stuff for important targets. My concern isn't with the Feds snooping. It is with some criminal who wants banking-type information so as to rob the account, though it would appear that solving the one implies solving the other. Alternatively, to move to a physical analogy, instead of leaving a telltale thread on your door and trying to spot intruders that way, you might instead invest in good locks in the first place. That is, to use a reasonably secure operating system. At risk of starting an OS war, a well managed Linux box is going to be pretty secure. Or, for a practical example, I am typing this on a Linux notebook that mostly is obscured behind firewalls. If I keep damn Javascript OFF and don't launch viruses that might be sent to me, and don't reuse passwords between here and an unsecure computer, I think they are going to have a very hard time cracking in without my knowing. But this doesn't really address the question. Certainly you take various precautions. The question is: how can I know if the system is compromised? Paul - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Shades of FV's Nathaniel Borenstein: Carnivore's Magic Lantern
At 10:40 AM 11/21/2001 -0500, [EMAIL PROTECTED] wrote: In the same vein, but a different application, does anyone know what the state of the art is for detecting such tampering? In particular, when sitting at a PC doing banking, is there any mechanism by which a user can know that the PC is not corrupted with such a key logger? The last time I checked, there was nothing other than the various anti-virus software. I have not used them, but you might find these of interest, all for Windows systems - Spycop http://spycop.com Hook Protect or PC Security Guard http://www.geocities.com/SiliconValley/Hills/8839/utils.html I note that the latter URL loads a page which Bugnosis http://www.bugnosis.org identifies as containing possible web bug single-pixel images and complicated cookies. -- Greg Broiles -- [EMAIL PROTECTED] -- PGP 0x26E4488c or 0x94245961 5000 dead in NYC? National tragedy. 1000 detained incommunicado without trial, expanded surveillance? National disgrace. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Do you know anything about IPrivacy.com? eom
http://www.iprivacy.com I don't think I've seen these guys before. They don't google up much, anyway... At a first approximation, it looks like a bunch of ex-Citicorpers gonna do the trust us, we used to be from Citicorp trusted third party thing. Don't recognize any of the names from my admittedly brief tenure at Citicorp, and I certainly don't recognize any of the technical names, except that their chief advisor has FSTC in his bio somewhere. The are, of course, lots of credit card people in the principal list, as well... Comments, anyone? Cheers, RAH --- begin forwarded text Status: U From: Somebody at a bank... To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Do you know anything about IPrivacy.com? eom Date: Wed, 21 Nov 2001 15:27:50 -0500 -- Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net) --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Shades of FV's Nathaniel Borenstein: Carnivore's Magic Lantern
On Wed, 21 Nov 2001 [EMAIL PROTECTED] wrote: R. A. Hettinga writes: Everyone remember First Virtual's Nat Borenstein's major discovery of the keyboard logger? 'Magic Lantern' part of new 'Enhanced Carnivore Project' [etc] In the same vein, but a different application, does anyone know what the state of the art is for detecting such tampering? In particular, when sitting at a PC doing banking, is there any mechanism by which a user can know that the PC is not corrupted with such a key logger? The last time I checked, there was nothing other than the various anti-virus software. Paul If you are running a source secret operating system, it is more difficult to detect tampering. oo--JS. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Shades of FV's Nathaniel Borenstein: Carnivore's Magic Lantern
Jay Sulzberger writes: On Wed, 21 Nov 2001 [EMAIL PROTECTED] wrote: R. A. Hettinga writes: Everyone remember First Virtual's Nat Borenstein's major discovery of the keyboard logger? 'Magic Lantern' part of new 'Enhanced Carnivore Project' [etc] In the same vein, but a different application, does anyone know what the state of the art is for detecting such tampering? In particular, when sitting at a PC doing banking, is there any mechanism by which a user can know that the PC is not corrupted with such a key logger? The last time I checked, there was nothing other than the various anti-virus software. Paul If you are running a source secret operating system, it is more difficult to detect tampering. I'm sure it is, unless you have to be the company that owns the source-secret operating system, in which case you can presumably do whatever is done by an open-source system. Now, what (beyond AV and tripwire) is done? Paul - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]