Karsten Self writes:
on Mon, Nov 26, 2001 at 01:12:53PM -0800, Tim May (tcmay@got.net) wrote:
Some interesting tips (bottome of this message) for detecting FBI/SS snoopware that NAI/McAfee is now assisting the FBI in installing.
I especially like the idea of "type hundreds of random key strokes and see which files increase in size." (Or just look for any file size changes, as most of us type tens of thousands of keystrokes per day.)
Defeat: create a log buffer file of fixed size, logged activity changes its contents, but not the size of the file. E.g.: a filesystem image file under GNU/Linux. Techniques could be used to maintain a constant global MD5 checksum to defeat other detection attempts.
What techniques could be used to do this? MD5 has some weaknesses, but creating collisions still is not trivial. Unless you know something I don't. - GH _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp