on Mon, Dec 03, 2001 at 12:45:49PM +0000, Gil Hamilton (gil_hamilton@hotmail.com) wrote:
Karsten Self writes:
on Mon, Nov 26, 2001 at 01:12:53PM -0800, Tim May (tcmay@got.net) wrote:
Some interesting tips (bottome of this message) for detecting FBI/SS snoopware that NAI/McAfee is now assisting the FBI in installing.
I especially like the idea of "type hundreds of random key strokes and see which files increase in size." (Or just look for any file size changes, as most of us type tens of thousands of keystrokes per day.)
Defeat: create a log buffer file of fixed size, logged activity changes its contents, but not the size of the file. E.g.: a filesystem image file under GNU/Linux. Techniques could be used to maintain a constant global MD5 checksum to defeat other detection attempts.
What techniques could be used to do this? MD5 has some weaknesses, but creating collisions still is not trivial. Unless you know something I don't.
My bad. I don't. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html