Shades of FV's Nathaniel Borenstein: Carnivore's "Magic Lantern"

Kent Borg kentborg at borg.org
Wed Nov 21 13:31:16 EST 2001 

On Wed, Nov 21, 2001 at 10:40:11AM -0500, pasward at big.uwaterloo.ca wrote:
> In the same vein, but a different application, does anyone know what
> the state of the art is for detecting such tampering?  In particular,
> when sitting at a PC doing banking, is there any mechanism by which a
> user can know that the PC is not corrupted with such a key logger?
> The last time I checked, there was nothing other than the various
> anti-virus software.

I can imagine an arms race between the Feds and anti-virus-types, that
is until the anti-virus programs are strong-armed one way or the other
into backing down.  I am certain that will happen, either behind the
scenes or by public law.

I think you are toast if you are sitting at a PC and the Feds ~really~
want to catch your keystrokes.  That is, if the Feds are acting
competently.  They might be coy with their good keyloggers to keep
samizdat word of their details from getting out.  They might save the
good stuff for important targets.

Alternatively, to move to a physical analogy, instead of leaving a
telltale thread on your door and trying to spot intruders that way,
you might instead invest in good locks in the first place.  That is,
to use a reasonably secure operating system.  At risk of starting an
OS war, a well managed Linux box is going to be pretty secure.

Or, for a practical example, I am typing this on a Linux notebook that
mostly is obscured behind firewalls.  If I keep damn Javascript OFF
and don't launch viruses that might be sent to me, and don't reuse
passwords between here and an unsecure computer, I think they are
going to have a very hard time cracking in without my knowing.

This could change, however, if the son-of-DMCA passes; it outlaws
Linux (and all other open source software).


-kb, the Kent who points out that even Linux can be broken if the Feds
manage to embed their spyware in the BIOS.



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list