Re: FBI must reveal computer snooping technique
David Honig <honig@sprynet.com> wrote :
At 07:52 PM 8/8/01 -0400, Declan McCullagh wrote:
But he asked for info on the "national security" aspects of the highly classified surveillance technique under seal.
Defense attys don't get to see it. See my wired.com article.
-Declan
On Tue, Aug 07, 2001 at 11:00:25PM -0500, Harmon Seaver wrote:
The judge in the Scarfo. case just ordered the feebs to reveal how they got the evidence, full details.
The difference is that now the feds have to trust a judge with no security clearance/experience not to accidentally spill the beans.
Don't hold your breath. I doubt that they used anything that has not been the subject of speculation here. Mike
At 11:43 AM 8/9/01 -0700, mmotyka@lsil.com wrote:
David Honig <honig@sprynet.com> wrote :
The difference is that now the feds have to trust a judge with no security clearance/experience not to accidentally spill the beans.
Don't hold your breath. I doubt that they used anything that has not been the subject of speculation here.
Mike
Yes, but it would resolve whether software could find the trojan or whether you have to check your cables for extra lumps.
David Honig wrote:
At 11:43 AM 8/9/01 -0700, mmotyka@lsil.com wrote:
David Honig <honig@sprynet.com> wrote :
The difference is that now the feds have to trust a judge with no security clearance/experience not to accidentally spill the beans.
Don't hold your breath. I doubt that they used anything that has not been the subject of speculation here.
Mike
Yes, but it would resolve whether software could find the trojan or whether you have to check your cables for extra lumps.
So if it is SW and you write some little ring 0 code that repeatedly walks the chain from the kyb input to your apps you'll feel safe? You're assuming a one trick pony in a static world. Mike
At 03:15 PM 8/9/01 -0700, mmotyka@lsil.com wrote:
David Honig wrote:
Yes, but it would resolve whether software could find the trojan or whether you have to check your cables for extra lumps.
So if it is SW and you write some little ring 0 code that repeatedly walks the chain from the kyb input to your apps you'll feel safe? You're assuming a one trick pony in a static world.
Mike
Well, I said only that knowing hardware xor software would tell you what you *could* do. I didn't say it would be *easy*. If you ran a file-system-integrity-checker and kept your checksums in a different system, you'd catch some changes. As well as your more directed search. The more the merrier; defense in depth. That being said, due diligence (vigilance?) requires the readers of this list to consider both, and countermeasures to same. And 'out of the box' hazards like video bugs in the smoke detector. dh
participants (2)
-
David Honig -
mmotyka@lsil.com