cypherpunks@toad.com is going away
The cypherpunks list degenerated a long time ago to the point where I have no idea why more than 500 people are still receiving it every day. As part of cleaning up the email system on toad.com, I plan to shut down the cypherpunks-unedited list, which receives all the traffic sent to [EMAIL PROTECTED], within the next week or two. I suggest that anyone who wants to talk or listen about encryption should send mail to: [EMAIL PROTECTED] with a one-line plain text message saying subscribe. This will begin the process of subscribing them to the Cryptography mailing list, which is edited to remove irrelevant postings and to keep the volume down and the discussion focused. (I tried to do this with the cypherpunks list some years ago, but was shouted down by people who complained of censorship. So I just left it unedited, with the expectable result that serious discussions deserted it.) If you were subscribed to the [EMAIL PROTECTED] list because you like to collect spam, talk with me personally and I'll see if I can help you. I have a large collection :-). The old cypherpunks-announce list was superseded many months ago by [EMAIL PROTECTED]. Cypherpunks-announce is no longer in existence. There remains a single encryption-related mailing list on toad.com, coderpunks which is for people who write code. John Gilmore - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
IP: Magic Lantern
--- begin forwarded text Status: U Date: Tue, 27 Nov 2001 06:44:34 -0500 To: [EMAIL PROTECTED] From: David Farber [EMAIL PROTECTED] Subject: IP: Magic Lantern Sender: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] From: Thompson, Tony [EMAIL PROTECTED] To: [EMAIL PROTECTED] Dave, With regards to a message you sent earlier on Magic Lantern, Network Associates/McAfee has not contacted the FBI, nor has the FBI contacted NAI/McAfee, regarding Magic Lantern. Additionally, we do not expect the FBI to contact Network Associates/McAfee regarding Magic Lantern. Please let me know if you have additional questions. Regards, Tony Thompson Public Relations Manager Network Associates / McAfee 408_346.3696 [EMAIL PROTECTED] For archives see: http://www.interesting-people.org/archives/interesting-people/ --- end forwarded text -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
private-sector keystroke logger...
It's not just the FBI, of course. There are press reports this morning of a new worm, Badtrans.b, that not only leaves behind a Trojan horse, it includes a keystroke logger. Now, that particular leakage isn't a major concern, since it emails the stolen text to an account that's now been shut down, but I'm sure we can all think of other ways to export information like that. --Steve Bellovin, http://www.research.att.com/~smb Full text of Firewalls book now at http://www.wilyhacker.com - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: private-sector keystroke logger...
Derek Atkins [EMAIL PROTECTED] writes: Hrm, how about a worm with a built-in HTTP server that installs itself on some non-standard port, say TCP/28462 (to pick one at random)? Too easy to detect. Encrypt the key in some key known only to the attacker, and start leaking little bits of it in things like tweaks to tcp timings or selections of tcp client port numbers or initial sequence numbers and such. Very hard to detect something like that with network sniffing. -- Perry E. Metzger[EMAIL PROTECTED] -- NetBSD Development, Support CDs. http://www.wasabisystems.com/ - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: private-sector keystroke logger...
Jay D. Dyson writes: On 27 Nov 2001, Derek Atkins wrote: Hrm, how about a worm with a built-in HTTP server that installs itself on some non-standard port, say TCP/28462 (to pick one at random)? Craftier still, backdoor an existing service that behaves normally until it receives a few specially-crafted packets, then it opens a high port for direct login or data retrieval. Neither of these will get past a firewall on an uncompromised machine. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: IP: Magic Lantern
Adam Fields writes: On a somewhat related note, is it wise for the FBI to open itself up to potential lawsuits if their software corrupts data or otherwise interferes with legitimate business, or allows an intruder to do so undetected by utilizing the AV-invisibility channel reserved for FBI-ware (if such a thing exists)? I can see it now: FBIware is now ready to complete installation of FBILogger [tm]. However, you must first read and agree to the following end-user licence agreement. This software is provided as is, with no warranty. Under no circumstance is FBIware responsible for loss or corruption of data. You may have additional rights according to the state you live in. On a slightly more serious note: given the multiplicity of software that has similar licence agreements, exactly how would you prove in court that it was the FBI's installed logger software that caused the problem? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: private-sector keystroke logger...
[EMAIL PROTECTED] wrote: Jay D. Dyson writes: -BEGIN PGP SIGNED MESSAGE- On Tue, 27 Nov 2001 [EMAIL PROTECTED] wrote: Hrm, how about a worm with a built-in HTTP server that installs itself on some non-standard port, say TCP/28462 (to pick one at random)? Craftier still, backdoor an existing service that behaves normally until it receives a few specially-crafted packets, then it opens a high port for direct login or data retrieval. Neither of these will get past a firewall on an uncompromised machine. While I didn't enumerate the service that could be backdoored, I do believe Eric Murray hit the nail on the canonical head when he mentioned that such a beastie could target the firewall's configuration, forcing it to relax its stance enough to allow the automated intrusion agent plenty of latitude to conduct its business. I am assuming a firewall on a separate machine, which simply does not allow incoming connections to the window's boxes, and constrains the outgoing connections. I do not claim that this prevents all covert loss of data, but it constrains the options, and certainly does not permit the described backdoor to work. Yeah right - so it sets up an outgoing connection to some webserver to pass on the info. Firewall that. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: private-sector keystroke logger...
On Tue, 27 Nov 2001, Ben Laurie wrote: Yeah right - so it sets up an outgoing connection to some webserver to pass on the info. Firewall that. Easy, have your firewalling software keep a list of all the connections you allow. Each time a connection to a machine not on the list occurs it asks for permission, if you give it then it goes on the list. Couple this will a sniffer on the outside of the firewall to look for probes. -- Day by day the Penguins are making me lose my mind. Bumper Sticker The Armadillo Group ,::;::-. James Choate Austin, Tx /:'/ ``::/|/ [EMAIL PROTECTED] www.ssz.com.', `/( e\ 512-451-7087 -~~mm-'`-```-mm --'- - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: FBI-virus software cracks encryption wall
Jetico ( http://www.jetico.com/ ) has a hard disk encryption software called BestCrypt, which can actually intercept the keystrokes at BIOS level, get the correct keys and re-maps them to random for upper layers... like keystroke loggers. I'd be interested to see how the FBI horror fares with something like BestCrypt. By the way... BestCrypt also encrypts on the fly with a random key the windows SWAP file... so after system crash, nothing useful can be recovered from SWAP leftovers... Next thing is to encrypt $TEMP :) Oh... FBI thing... so do they expect to have a version working for Linux, NetBSD, OpenBSD, Solaris (had to name that one), Mac, Palm, BeOS (OK... they're dead)... and who knows what else? If they only cover Windoze (which is likely) the result will be that the criminal / paranoid / privacy freak / hacker community will just plain migrate to another OS... Which would be good for the world, don't you think? Gilles. Jei wrote: Does anyone know if this software sends the logged traffic in clear-text or does it use encryption to protect it from being intercepted? (If not, unauthorized persons and hackers can sniff it and abuse it.) What if the security is weak and breakable? Has the software been validated to be secure and work correctly under all circumstances? Does the FBI-virus come with multi-language support, or does it just crash the computers (like IE does for the Finnish version of Windows computers) and make them inoperable? (Lots of Microsoft software does this if you install the wrong language version and you have to reinstall everything. - Can be several days of work.) Also, now that the FBI has assumed global jurisdiction (can legally hack foreigners), do they cover damages if the software in question causes the computers to malfunction, become inoperable, destroys data, leaks confidential data to outsiders, compromises the security of computers or by malfunction just causes people not being able to work? A lot of damage and error issues are possible, especially in situations where computers need to have all their software validated. Does the FBI cover the costs of rebuilding the security infrastructure for example a company who's employee's user passwords were logged? What about the loss of face for a security company, if FBI-virus has breached their security, and FBI publishes that someone in the company was logged? Notable is also what kind of copyright does the FBI acknowledge for the captured keys-strokes? Can they publish the information somewhere? I just think that these issues need to be covered and answered clearly to the general public. Thanks. http://www.washingtonpost.com/wp-dyn/articles/A1436-2001Nov22.html At least one antivirus software company, McAfee Corp., contacted the FBI on Wednesday to ensure its software wouldn't inadvertently detect the bureau's snooping software and alert a criminal suspect. http://www.msnbc.com/news/660096.asp?cp1=1 FBI software cracks encryption wall 'Magic Lantern' part of new 'Enhanced Carnivore Project' By Bob Sullivan MSNBC Nov. 20 - The FBI is developing software capable of inserting a computer virus onto a suspect's machine and obtaining encryption keys, a source familiar with the project told MSNBC.com. The software, known as Magic Lantern, enables agents to read data that had been scrambled, a tactic often employed by criminals to hide information and evade law enforcement. The best snooping technology that the FBI currently uses, the controversial software called Carnivore, has been useless against suspects clever enough to encrypt their files. MAGIC LANTERN installs so-called keylogging software on a suspect's machine that is capable of capturing keystrokes typed on a computer. By tracking exactly what a suspect types, critical encryption key information can be gathered, and then transmitted back to the FBI, according to the source, who requested anonymity. The virus can be sent to the suspect via e-mail - perhaps sent for the FBI by a trusted friend or relative. The FBI can also use common vulnerabilities to break into a suspect's computer and insert Magic Lantern, the source said. Magic Lantern is one of a series of enhancements currently being developed for the FBI's Carnivore project, the source said, under the umbrella project name of Cyber Knight. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED] -- Gilles Gravier - Platform Infrastructure - SDN - EMEA Email: [EMAIL PROTECTED]Sun Microsystems Phone: +41 22 7077856 2 rue de Jargonnant Fax: +41 79 4351052CH-1207 Geneva PGP Key ID: 0xF5F60C45Switzerland My Current Location is: N:046°12'03.8 - E:006°09'31.9
Re: FBI-virus software cracks encryption wall
If they only cover Windoze (which is likely) the result will be that the criminal / paranoid / privacy freak / hacker community will just plain migrate to another OS... Which would be good for the world, don't you think? When outlaws use Linux, Linux will be outlawed. And I'm not being entirely facetious -- the US has a long history of things being criminalized only after groups in low favor took them up. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]