Antivirus software will ignore FBI spyware: solutions

Karsten M. Self kmself at ix.netcom.com
Sun Dec 2 00:43:13 PST 2001


on Mon, Nov 26, 2001 at 01:12:53PM -0800, Tim May (tcmay at got.net) wrote:

> Some interesting tips (bottome of this message) for detecting FBI/SS
> snoopware that NAI/McAfee is now assisting the FBI in installing.
>
> I especially like the idea of "type hundreds of random key strokes and
> see which files increase in size." (Or just look for any file size
> changes, as most of us type tens of thousands of keystrokes per day.)

Defeat:  create a log buffer file of fixed size, logged activity changes
its contents, but not the size of the file.  E.g.:  a filesystem image
file under GNU/Linux.  Techniques could be used to maintain a constant
global MD5 checksum to defeat other detection attempts.

Manipulating file create/modify times is trivial under most OSs.

> Most users of PGP take no steps to secure key materials. (I plead
> guilty, too.) Most of us are used to immediate access, and we want
> crypto integrated with our mail. The notion of going to a locked safe,
> taking out the laptop or removable hard drive, ensuring an "air gap"
> between the decoding system and the Net, and checking for keyloggers
> and hostile code, and so on, is foreign to most of us.

These measures can be taken for specific, high-security, messages.  Risk
profiles are not isomorphic in all circumstances.

> The "dongle" idea (e.g., Dallas Semiconductor buttons, etc.) has been
> around for a long time.

Many of which are woefully poorly designed.  Zimmerman at ALS spoke of
one in which the key was stored in cleartext within the dongle, don't
recall the specific device.

> Here's a new twist: the Apple iPod music player. I just got one. A 4.6
> GB hard disk (Toshiba 1.8"). Hooks up via Firewire/IEEE 1394, with the
> link recharging the battery and auto-linking. The disk can also be
> mounted as a standard Firewire disk.  Meaning, it could be used to
> store key material and even be used for PGP scratch operations. The
> increased security comes from its small size (easy to lock up) and
> because I usually have it with me when I am away from home. This makes
> "sneak and peek" searches and plants of malicious code less useful.
> Not a complete solution. Crypto hygiene and all.

The iPod's definitely an attractive target for portable computing, it's
also fairly robust (I bounced the demo off the hardwood floor of Apple's
Palo Alto store from about 4-5 ft.).  It appears you're just using it
for storage purposes.  Note that this still requires trusting the
environment to which the iPod is attached.

Various handhelds, particularly running an advanced OS (e.g.:
GNU/Linux), would be similarly attractive devices, readily kept on ones
person at most times, and support encrypted filesystems or files.

Peace.

--
Karsten M. Self <kmself at ix.netcom.com>       http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?             Home of the brave
  http://gestalt-system.sourceforge.net/                   Land of the free
   Free Dmitry! Boycott Adobe! Repeal the DMCA! http://www.freesklyarov.org
Geek for Hire                     http://kmself.home.netcom.com/resume.html

[demime 0.97c removed an attachment of type application/pgp-signature]





More information about the cypherpunks-legacy mailing list