Some interesting tips (bottome of this message) for detecting FBI/SS snoopware that NAI/McAfee is now assisting the FBI in installing. I especially like the idea of "type hundreds of random key strokes and see which files increase in size." (Or just look for any file size changes, as most of us type tens of thousands of keystrokes per day.) The mathematical side of most encryption is vastly stronger than the "crypto hygiene" side. There's a reason "code rooms" and "crypto shacks" on military ships and bases have lots of hoops to jump through, with locked boxes, double-keyed switches, controlled access, etc. Most users of PGP take no steps to secure key materials. (I plead guilty, too.) Most of us are used to immediate access, and we want crypto integrated with our mail. The notion of going to a locked safe, taking out the laptop or removable hard drive, ensuring an "air gap" between the decoding system and the Net, and checking for keyloggers and hostile code, and so on, is foreign to most of us. The "dongle" idea (e.g., Dallas Semiconductor buttons, etc.) has been around for a long time. Here's a new twist: the Apple iPod music player. I just got one. A 4.6 GB hard disk (Toshiba 1.8"). Hooks up via Firewire/IEEE 1394, with the link recharging the battery and auto-linking. The disk can also be mounted as a standard Firewire disk. Meaning, it could be used to store key material and even be used for PGP scratch operations. The increased security comes from its small size (easy to lock up) and because I usually have it with me when I am away from home. This makes "sneak and peek" searches and plants of malicious code less useful. Not a complete solution. Crypto hygiene and all. Here's the article:
Path: sjcpnn01.usenetserver.com!e420r-sjo4.usenetserver.com!sjcppf01!usenetserver.com!hub1.nntpserver.com!headwall.stanford.edu!newsfeed.stanford.edu!sn-xit-01!sn-post-01!supernews.com!news.supernews.com!not-for-mail From: Rastus P. Riley <an11211@hushmaildot.com> Newsgroups: misc.survivalism Subject: Re: Antivirus software will ignore FBI spyware: solutions Date: Mon, 26 Nov 2001 12:37:27 -0800 Organization: Posted via Supernews, http://www.supernews.com Message-ID: <1m950usq1saskrs1g0ajmdi5h3e49fcd8b@4ax.com>
On 25 Nov 2001 21:48:28 GMT, phatmike@isomorphic.net (phatmike) wrote:
According to the Washington Post, "At least one antivirus software company, McAfee Corp., contacted the FBI on Wednesday to ensure its software wouldn't inadvertently detect the bureau's snooping software and alert a criminal suspect."
http://www.washingtonpost.com/wp-dyn/articles/A1436-2001Nov22.html
1. Use a secure type of OS with login screen for every session a. Log out after every use b. If house invaded, Feds need to have initial login password to insert trojan.
2. Use In/Out firewall a. Zone Alarm Pro b. Monitors in/out traffic 1. If trojan tries to send data, then firewall will highlight it.
3. Always check for small programs by last accessed date. a. Uncheck hidden files b. Look for files that increase in size by testing with 300 random keystrokes.
4. Use Proxies, don't run attatchments, don't use Outbreak Express.
Hope this helps,
-Rastus