[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Fwd: FC: Symantec pledges to acquiese to FBI backdoor demands
Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This is a forwarded message
From: Declan McCullagh <declan -!
- well -
com>
To: politech -!
- politechbot -
com
Date: Wednesday, November 28, 2001, 2:00:20 PM
Subject: FC: Symantec pledges to acquiese to FBI backdoor demands
===8<==============Original message text===============
Symantec sells security software including:
Norton Antivirus
Symantec Intruder Alert
Symantec NetProwler 3.5
Symantec AntiVirus Enterprise Edition
Symantec AntiVirus Command Line Scanner 1.0
Symantec Desktop Firewall 2.0
Symantec Enterprise Firewall 6.5
Symantec Enterprise VPN 6.5
Symantec Enterprise Security Manager 5.5
Symantec NetRecon 3.5
*********
Date: Wed, 28 Nov 2001 12:47:21 +0100
To: declan -!
- well -
com
From: Maurice Wessling <maurice -!
- bof -
nl>
Subject: Symantec will not detect Magic Lantern
http://www.theregister.co.uk/content/55/23057.html
Eric Chien, chief researcher at Symantec's antivirus research lab,
said
that provided a hypothetical keystroke logging tool was used only by
the
FBI, then Symantec would avoid updating its antivirus tools to detect
such
a Trojan. The security firm is yet to hear back from the FBI on its
enquiries about Magic Lantern but it already has a policy on the
matter.
"If it was under the control of the FBI, with appropriate technical
safeguards in place to prevent possible misuse, and nobody else used
it -
we wouldn't detect it," said Chien. "However we would detect modified
versions that might be used by hackers."
*********
Date: Wed, 28 Nov 2001 00:57:28 -0500
To: politech -!
- politechbot -
com
From: red <red -!
- isr -
net>
Subject: FC: McAfee broadens denial: No contact with government of
any
sort
Cc: declan -!
- well -
com, tbridis -!
- ap -
org
Declan, et al.
I believe it to be impossible that McAfee would build-in some sort of
mechanism that would enable an authority to remotely allow keystroke
logging. Not because this would technically be inconceivable - I
believe it
is, and I believe it is done as well -, but merely because of the
international ramifications such construct would bring along. NAI,
and
McAfee.com certainly look forward to a more prosperous financial
year. And
they do their best to accomplish that. This company simply cannot
afford
under its new leadership to see its overseas competition (as
F-Secure,
Sophos and others) eat away their international market share. If
McAfee.com/NAI would entertain what was said, this would be quite
possibly
the end of the company, as their international revenue would halt
almost
instantly. The impact would be felt in all NAI products. And then
with so
many a.v. manufacturers, they'd still only cover those who'd agreed
to do
this. The possibility of an embarrassing leak would be a federal
disaster.
Come to mind that none of the foreign owned a.v.'s would go along.
Although
it might be seen that way by some, this would not be a "home land"
security
issue, sec. It would impact almost all foreign nations. E.g. the EU
would
start stripping Mr. Mueller's pants down so fast, he even wouldn't
have
known he has 'em on. There's under the current EU regime (after the
first
Echelon raid) no-one willing to accept another candid U.S. camera
trick. Not even the U.K. would accept it. And mix in that you also
need
to row-up all network intrusion vendors. And I simply do not see guys
like
Marcus Ranum (Network Flight Recorder) and Christopher Klaus
(Internet
Security Systems), just to name my personal pick of the crop, agree
with
compromising their product lines and future international sales. To
top it
off, look at this from the user side as well. A program like
SurfinShield
(Finjan) or Agnitum's Tauscan will take care of almost ANY Trojan.
And, it
would be a good idea to start using Evidence Eliminator (the latest
version
is here: http://www.evidence-eliminator.com/go.shtml?A660528 ) made
by a
real neat Brit, Andy Churchill, who deserves to be complemented for
his
efforts to contribute relentlessly to protect privacy of computer
use.
On MagicLantern. MagicLantern, according to my reliable sources is a
derivative of the D.I.R.T. program (see
http://www.codexdatasystems.com/
for details). A by no means for the experienced network administrator
unbeatable, but nevertheless nifty pack of sleuth goodies, which do
exactly
what is promised: remote keystroke logging. Codexdatasystems
provides the
software free of charge to law enforcement, so it's beyond the likely
stage
that the FBI didn't study it, and hence after some de-compilation
made it
more tailor-made, so to speak. You'd be utterly surprised to learn
what
can be done and seen if you mix in the latest version of Network
Observations, and use remote installed nodes. By the way, Jack
Valenti (
the movie mogul ) attempted to legally incorporate DIRT applications
in the
latest digital music trivia battle. Not too long ago I saw a remark
from
John Young passing by, mentioning this.
with regards / stringing along
Jack
Jack Ryan, PhD
research editor
Internet Security Review
*********
- ----------------------------------------------------------------------
- ---
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech:
http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
- ----------------------------------------------------------------------
- ---
===8<===========End of original message text===========
- --
Best regards, get my pgp-key at:
Joerg-Olaf www.fx3.de/js.asc
s JÞ
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5i
iQA/AwUBPAUHWqS04wBhKfC+EQLkhQCg6M13Z0lDhI+fe3M/kqyqgh/GYzsAn060
ZfG5wZ2Qs0TcUNxBrRAaDGnJ
=SM43
-----END PGP SIGNATURE-----
---------------------------------------------------------------
Liste verlassen:
Mail an infowar -
de-request -!
- infopeace -
de mit "unsubscribe" im Text.