Shades of FV's Nathaniel Borenstein: Carnivore's "Magic Lantern"

pasward at big.uwaterloo.ca pasward at big.uwaterloo.ca
Wed Nov 21 15:51:19 EST 2001


Kent Borg writes:
 > On Wed, Nov 21, 2001 at 10:40:11AM -0500, pasward at big.uwaterloo.ca wrote:
 > > In the same vein, but a different application, does anyone know what
 > > the state of the art is for detecting such tampering?  In particular,
 > > when sitting at a PC doing banking, is there any mechanism by which a
 > > user can know that the PC is not corrupted with such a key logger?
 > > The last time I checked, there was nothing other than the various
 > > anti-virus software.
 > 
 > I can imagine an arms race between the Feds and anti-virus-types, that
 > is until the anti-virus programs are strong-armed one way or the other
 > into backing down.  I am certain that will happen, either behind the
 > scenes or by public law.
 > 
 > I think you are toast if you are sitting at a PC and the Feds ~really~
 > want to catch your keystrokes.  That is, if the Feds are acting
 > competently.  They might be coy with their good keyloggers to keep
 > samizdat word of their details from getting out.  They might save the
 > good stuff for important targets.

My concern isn't with the Feds snooping.  It is with some criminal who
wants banking-type information so as to rob the account, though it
would appear that solving the one implies solving the other.

 > Alternatively, to move to a physical analogy, instead of leaving a
 > telltale thread on your door and trying to spot intruders that way,
 > you might instead invest in good locks in the first place.  That is,
 > to use a reasonably secure operating system.  At risk of starting an
 > OS war, a well managed Linux box is going to be pretty secure.
 > 
 > Or, for a practical example, I am typing this on a Linux notebook that
 > mostly is obscured behind firewalls.  If I keep damn Javascript OFF
 > and don't launch viruses that might be sent to me, and don't reuse
 > passwords between here and an unsecure computer, I think they are
 > going to have a very hard time cracking in without my knowing.

But this doesn't really address the question.  Certainly you take
various precautions.  The question is: how can I know if the system is
compromised?

Paul



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list