Shades of FV's Nathaniel Borenstein: Carnivore's "Magic Lantern"

pasward at big.uwaterloo.ca pasward at big.uwaterloo.ca
Thu Nov 22 16:43:16 EST 2001 

Jay Sulzberger writes:
 > 
 > 
 > On Wed, 21 Nov 2001 pasward at big.uwaterloo.ca wrote:
 > 
 > > Jay Sulzberger writes:
 > >  >
 > >  >
 > >  > On Wed, 21 Nov 2001 pasward at big.uwaterloo.ca wrote:
 > >  >
 > >  > > R. A. Hettinga writes:
 > >  > >  > Everyone remember First Virtual's Nat Borenstein's "major discovery" of the
 > >  > >  > keyboard logger?
 > >  > >  >
 > >  > >  > 'Magic Lantern' part of new 'Enhanced Carnivore Project'
 > >  > >
 > >  > >  > [etc]
 > >  > >
 > >  > > In the same vein, but a different application, does anyone know what
 > >  > > the state of the art is for detecting such tampering?  In particular,
 > >  > > when sitting at a PC doing banking, is there any mechanism by which a
 > >  > > user can know that the PC is not corrupted with such a key logger?
 > >  > > The last time I checked, there was nothing other than the various
 > >  > > anti-virus software.
 > >  > >
 > >  > > Paul
 > >  >
 > >  > If you are running a source secret operating system, it is more difficult
 > >  > to detect tampering.
 > >
 > > I'm sure it is, unless you have to be the company that owns the
 > > "source-secret operating system," in which case you can presumably do
 > > whatever is done by an open-source system.  Now, what (beyond AV and
 > > tripwire) is done?
 > >
 > > Paul
 > 
 > There is much that the holder of copyright on a source secret OS could do.
 > But their best efforts would likely be less effective than the best
 > efforts called forth by the market forces which operate on free software.

Unclear at this point.  The fact that a certain company produces a
poor OS, does not mean all secret source OSes are poor.  Are AIX,
HPUX, Solaris, VMS, VM, ... all worse than Linux on this point?  They
certainly tend to be tampered with far less.




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list