Shades of FV's Nathaniel Borenstein: Carnivore's "Magic Lantern"
pasward at big.uwaterloo.ca
pasward at big.uwaterloo.ca
Wed Nov 21 15:51:19 EST 2001
Kent Borg writes:
> On Wed, Nov 21, 2001 at 10:40:11AM -0500, pasward at big.uwaterloo.ca wrote:
> > In the same vein, but a different application, does anyone know what
> > the state of the art is for detecting such tampering? In particular,
> > when sitting at a PC doing banking, is there any mechanism by which a
> > user can know that the PC is not corrupted with such a key logger?
> > The last time I checked, there was nothing other than the various
> > anti-virus software.
>
> I can imagine an arms race between the Feds and anti-virus-types, that
> is until the anti-virus programs are strong-armed one way or the other
> into backing down. I am certain that will happen, either behind the
> scenes or by public law.
>
> I think you are toast if you are sitting at a PC and the Feds ~really~
> want to catch your keystrokes. That is, if the Feds are acting
> competently. They might be coy with their good keyloggers to keep
> samizdat word of their details from getting out. They might save the
> good stuff for important targets.
My concern isn't with the Feds snooping. It is with some criminal who
wants banking-type information so as to rob the account, though it
would appear that solving the one implies solving the other.
> Alternatively, to move to a physical analogy, instead of leaving a
> telltale thread on your door and trying to spot intruders that way,
> you might instead invest in good locks in the first place. That is,
> to use a reasonably secure operating system. At risk of starting an
> OS war, a well managed Linux box is going to be pretty secure.
>
> Or, for a practical example, I am typing this on a Linux notebook that
> mostly is obscured behind firewalls. If I keep damn Javascript OFF
> and don't launch viruses that might be sent to me, and don't reuse
> passwords between here and an unsecure computer, I think they are
> going to have a very hard time cracking in without my knowing.
But this doesn't really address the question. Certainly you take
various precautions. The question is: how can I know if the system is
compromised?
Paul
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list