Magic Lantern?

[freeflir29 0]

Some of you computer/hacker/cracker geeks. What's up with this new Big Brother software and how do we kick it's ass? It just seems like a pretty standard "Trojan horse" key log just like "Bad.trans" So whats the big deal other than the fact that the FBI wants to use it?
"and I'm not easily impressed...Ooohh look...a blue car!" -Homer Simpson

[PhreeZone 20]

Its a sweet little program. Some of the lists and such that I'm part of have been talking about it and its limitations. Basically, its just a rewrote versoin of a lot of viruses through out the ages. Only catch is that since the item will only be used in "criminal investigations" then destroyed the code will remain secret (untill the gov is hacked.... again). The kicker is that the FBI and the DOD are pressureing Anti virus companies to exclude the "Magic Lantern" from their defination files. Sad huh? The smartest minds at the FBI can only come up with a product that a freeware version of an virus scanner could destroy. If any one remembers the CoDC and their BO2K tool, its just a really scaled down version of the Little Bo Peep plug in. Like 2-5 k in size.
I'm not sure what to put here right now.....

[Zennie 0]

I haven't reallybeen following this (or the Carnivore) stuff all that closely. Is the FBI planning on distributing this wholesale or targeting specific machines? If so it seems like they'd need a warrant to avoid running afoul of the Fed's own anti-hacking laws.
"Wear the grudge like a crown. Desperate to control. Unable to forgive. And we're sinking deeper."

[PhreeZone 20]

Thats the kicker.... they are exempt from those laws. Before Cypherpunks went off line, there was a big discussion on the deployment of Magic Latern and Carnavore. Magic Latern can be deployed via email as an attachment, embedded in the text/comment area of a gif picture's code,installed locally, or even piggy backed via IR or wireless if you are'nt smart enough to be running at least 68 bit encryption with variable length keys that are changed on a constant basis. Carnivore is alive and active already. All the FBI has to do is walk up to and ISP and say install this on your mail servers and routers and the only thing that the ISP can do is refuse and then get taken to court, have a short but expensive court time and then be forced to install it via the court order.
Lessons that are needed if you don't want any one to get your info. Encrypt everything. 128 is the minimum to use IMHO. 256 is better and 1024 is the best. Granted 1024 is'nt cheap, but then again neither is your privacy. Don't accept any mail from unknown senders, and don't open any attachments from even trusted senders unless they are sent using encryption and their keys match. Setup personal firewalls and tripwires looking for and logging any attempted hacks into your machine and physically secure your computer, using something like biometrics if possible.
I'm not sure what to put here right now.....

[weid14 0]

yeah, what he said (like I understood any of it)

[indyz 1]

Simple rule: If you don't want to see it printed on the front page of the New York Times, encrypt it.
--
Brian

[Zennie 0]

Quote

Simple rule: If you don't want to see it printed on the front page of the New York Times, encrypt it.

Oh man. Skreamer is so fucked.
"Wear the grudge like a crown. Desperate to control. Unable to forgive. And we're sinking deeper."

[skreamer 1]

"£$$^ $^%%^ ** £$%&& ££$! + %(£" %^ £%^% &^ £"<> |" £$....
^% "^&*% **(()%$^ - £ ^^£"?

[freeflir29 0]

Encryption huh......didn't the government outlaw the "good" crypto. I remember a debate in congress a couple years ago where they were making all kinds of rules on encryption. Export rules and basically outlawing anything the government couldn't easily crack. So is the crypto out now good enough to beat the geeks at NSA? Afterall, they produced every piece of crypto I ever used in the military. Of course, they also just figured out that one of the training manual encryption cards that we used for radio comms compromised a lot of "real world" stuff. Those geniuses never cease to amaze me.....
"and I'm not easily impressed...Ooohh look...a blue car!" -Homer Simpson

[Zennie 0]

Interesting trivia tidbit.
Apparently during WW2 we brought in a number of Navajo indians to transmit and "decode" messages in native Navajo. Many in the military considered it one of our most secure "encryption" schemes during the war.
I mean, how many German Navajos can there be?
"Wear the grudge like a crown. Desperate to control. Unable to forgive. And we're sinking deeper."

[flyhi 24]

Quote

Apparently during WW2 we brought in a number of Navajo indians to transmit and "decode" messages in native Navajo.

I think they made a movie with Nicholas Cage about this called, "Wind Talkers". It's either about that or skydivers at 10,500 feet the morning after Burrito Night.
flyhi

[indyz 1]

All encryption has always been legal inside the US, but there used to be export restrictions to basically any other country. They really loosened up a few years back, and now the list of restrictions is:
and may not be exported or re-exported to certain countries (currently Afghanistan (Taliban controlled areas), Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria) or to persons or entities prohibited from receiving U.S. exports (including Denied Parties, entities on the Bureau of Export Administration Entity List, and Specially Designated Nationals).
This is from the Mozilla web browser, which contains cypto components.
--
Brian

[freeflir29 0]

"All encryption has always been legal inside the US"
So, I can use any encryption I am smart enough to invent or rich enough to buy. That's a good thing!
"and I'm not easily impressed...Ooohh look...a blue car!" -Homer Simpson

[airann 1]

Thats right, I have all your names. The background check is running.
I always assumed it was one of those wreck dotters, but clearly we have enough info here to boggle the minds of certain website makers whereby you can get your own viruses and share them with your friends. -that is just wrong!
Having said that- I also- care of these hack/crack geniuses- have learned what to do and how to handle various and sundry attacks on my system. I now have a near Pentegon Level security systems. Near Moat-like Castel Walls of protection. If you break thru one the other will get you, or the other or the other. One of the trojan deals will smash you or one of the DDT virus, bug, super spy infection sniffer will snuff you out. Then I will back track your footprints from satelight to satelight.
Here is the sad part. I have no interesting data in my system what so ever. No need to encrypt. Well, there is one of my ass... but everyone has seen it already. So no more screwing with my system. I have already swiped the hard drive 4 times and finally replaced it with a Kevlar one. hehe, freakin bulletproof. My other one virtually looked like swiss cheese.
AirAnn of http://www.AirAnn.com
Multimedia Page: secret link- upper left hand corner

[Shark 0]

for a minute i thought you were referring to "I dream of Jeannie."

[SkymonkeyONE 4]

Quote

there is one of my ass... but everyone has seen it already.

Did this just turn into an ass and boobies thread?
By the way....nice ass![grin]
Chuckie
My webpage HERE

[freeflir29 0]

"Did this just turn into an ass and boobies thread"
That's always a good thing! Now if we can just get a picture of a "Naked Ann's Ass" we'll be in there! "and I'm not easily impressed...Ooohh look...a blue car!" -Homer Simpson

[skyhawk 2]

the fbi can look at my hard drive i dont care one question if ppl are so worried about ppl hacking into "secret files" and stuff why dont you have 2 computers the small one coneected to the net with a burner and the bigger one not connected to anything if you want somethen from the net downloaded it then burn it, then it doesnt matter if you copy the hack over cause they cant get the info back
Click Me

[indyz 1]

If a file has ever touched your hard drive (or any magnetic media, for that matter), there is a chance that it can be recovered. The location of files on a disk is recorded in something called the File Allocation Table, or FAT. If you "delete" a file, its entry in the FAT is deleted. The actual file still exists on the disk and is easily recoverable. Of course, after some time, another file will probably overwrite the data, but it can (in theory, anyway) still be recovered by physically ripping the disk apart.
The most important thing is that your unencrypted data passed through a network connected computer that could have Magic Lantern, Back Orifice, NetBus, or god knows what else on it. It might not have even been your computer.
--
Brian

[freeflir29 0]

"Of course, after some time, another file will probably overwrite the data"
There are some good overwrite programs out there. i believe "Window Washer" does that. Regularly defragging your drive has a nice effect on this too.
"and I'm not easily impressed...Ooohh look...a blue car!" -Homer Simpson

[Zennie 0]

Quote

If a file has ever touched your hard drive (or any magnetic media, for that matter), there is a chance that it can be recovered.

Not if you format the hard drive.
Actually, there are some "shredder" programs out there that will essentially format the sectors that contain the files you want destroyed. Oncethe bits are flipped, there ain't no recovering what was previously there.
"Wear the grudge like a crown. Desperate to control. Unable to forgive. And we're sinking deeper."

[scottbre 0]

Check this out:
http://www.cryptoheaven.com
Scott
"Can't keep my mind from the circling sky. Tongue-tied & twisted just an earth-bound misfit, I."

[indyz 1]

True for the most part, but there is some speculation that you could use an electron microscope to pull the data off the drive. I doubt even the gov't would want to try it, but you never know. The truly paranoid would just use an encrypted file system. Of course, then the FBI can just subpeona you for the key, and if you refuse then you go to jail.
I have to stop posting to this thread. I'm starting to sound like some sort of paranoid wacko, when in reality I don't have anything sensitive on my computers anyway. If the FBI wants my MP3 collection, or the source to my projects, they can have them.
--
Brian

[indyz 1]

I said I wouldn't, but I can't help myself:
I recommend GPG. It's the GNU version of PGP, another great crypto package. It uses well known and proven algorithms. Of course, I don't have anything worth encrypting, but it is nice to be able to sign your USENET posts and emails so that the reciever knows that they aren't being spoofed.
--
Brian

[freeflir29 0]

"I don't have anything sensitive on my computers anyway."
Today it isn't. Tomorrow may be very differen't........
"and I'm not easily impressed...Ooohh look...a blue car!" -Homer Simpson