on Mon, Nov 26, 2001 at 01:12:53PM -0800, Tim May (tcmay@got.net) wrote:
Some interesting tips (bottome of this message) for detecting FBI/SS snoopware that NAI/McAfee is now assisting the FBI in installing.
I especially like the idea of "type hundreds of random key strokes and see which files increase in size." (Or just look for any file size changes, as most of us type tens of thousands of keystrokes per day.)
Defeat: create a log buffer file of fixed size, logged activity changes its contents, but not the size of the file. E.g.: a filesystem image file under GNU/Linux. Techniques could be used to maintain a constant global MD5 checksum to defeat other detection attempts. Manipulating file create/modify times is trivial under most OSs.
Most users of PGP take no steps to secure key materials. (I plead guilty, too.) Most of us are used to immediate access, and we want crypto integrated with our mail. The notion of going to a locked safe, taking out the laptop or removable hard drive, ensuring an "air gap" between the decoding system and the Net, and checking for keyloggers and hostile code, and so on, is foreign to most of us.
These measures can be taken for specific, high-security, messages. Risk profiles are not isomorphic in all circumstances.
The "dongle" idea (e.g., Dallas Semiconductor buttons, etc.) has been around for a long time.
Many of which are woefully poorly designed. Zimmerman at ALS spoke of one in which the key was stored in cleartext within the dongle, don't recall the specific device.
Here's a new twist: the Apple iPod music player. I just got one. A 4.6 GB hard disk (Toshiba 1.8"). Hooks up via Firewire/IEEE 1394, with the link recharging the battery and auto-linking. The disk can also be mounted as a standard Firewire disk. Meaning, it could be used to store key material and even be used for PGP scratch operations. The increased security comes from its small size (easy to lock up) and because I usually have it with me when I am away from home. This makes "sneak and peek" searches and plants of malicious code less useful. Not a complete solution. Crypto hygiene and all.
The iPod's definitely an attractive target for portable computing, it's also fairly robust (I bounced the demo off the hardwood floor of Apple's Palo Alto store from about 4-5 ft.). It appears you're just using it for storage purposes. Note that this still requires trusting the environment to which the iPod is attached. Various handhelds, particularly running an advanced OS (e.g.: GNU/Linux), would be similarly attractive devices, readily kept on ones person at most times, and support encrypted filesystems or files. Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? Home of the brave http://gestalt-system.sourceforge.net/ Land of the free Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org Geek for Hire http://kmself.home.netcom.com/resume.html [demime 0.97c removed an attachment of type application/pgp-signature]