On Monday, January 7, 2002, at 05:10 PM, Dr. Evil wrote:
Setting a trap gun to blow away anyone who inserts a floppy (or hooks up a cable) to a machine he has not been given access to is morally permissable.
Morally permissable or not, a shotgun and a string are unlikely to be effective. The FBI went so far as to get a law passed that says that they can use classified technical techniques to execute the warrant so that they don't have to reveal their methods in court. Could those methods include something as simple as a backdoor in Windows, or some kind of hack into Windows? I don't have any evidence one way or the other, but it's a reasonable possibility. These guys are risk averse and they are on a budget, and sending in a team of armed hackers is both risky and expensive.
Before you get the shotgun and some string and risk blowing your own head off, install a real OS. Do you think the FBI break-in team has an OpenBSD rootkit?
Look into what's inside OS X, which is what I run. A lot of FreeBSD, some Mach, etc. However, I don't kid myself that keystroke loggers for Macs, which I have bought myself for my own use (some years ago) won't be carried by spooks doing sneak and peak entries. One approach is to use a removable hard disk, or a PC Card (PCMCIA) to handle the PGP keys and buffers. The new flash-based USB dongles, a la "PEN," look intriguing. Carry it around your neck and only insert it long enough to get the needed passphrases and private keys off it. A technical question for anyone: If I store passphrases (and keys, for extra security) on a flash-based USB drive dongle, and then use cut-and-paste to access them and paste them into PGP, is it possible for a keystroke logger to see them? In the Mac at least, pasting from a file or from the clipboard does not of course go through the keyboard. So a straightforward intercept of the keyboard driver at the BIOS level should not see the pasted material. I realize that "keystroke logger" can mean more than just logging the keyboard, however. Some of you might have already looked into this and may have some data points. It seems to me that the older type of keystroke logger (history file in Unix, Ghostwriter, etc.) can be defeated thusly. Selecting letters with a mouse on the screen also bypasses the keyboard. The question is, are "keystroke loggers" actually doing more than keystroke logging. Are they, for example, monitoring all screen I/O (seems unlikely, for bandwidth reasons).
My attitude is to think about simple things and think about ways to de-escalate a conflict as much as possible, so I'm not so enthusiastic about a shotgun on a string.
That's cool. Just don't support laws affecting my decisions. --Tim May "A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects." --Robert A. Heinlein