Antivirus software will ignore FBI spyware: solutions

Jonathan Wienke JonathanW at gbgcorp.com
Mon Nov 26 23:00:05 PST 2001


-----Original Message-----
From: Tim May [mailto:tcmay at got.net]
Sent: Monday, November 26, 2001 1:13 PM
To: cypherpunks at lne.com
Subject: Antivirus software will ignore FBI spyware: solutions


Some interesting tips (bottome of this message) for detecting FBI/SS
snoopware that NAI/McAfee is now assisting the FBI in installing. 

I especially like the idea of "type hundreds of random key strokes and
see which files increase in size." (Or just look for any file size
changes, as most of us type tens of thousands of keystrokes per day.)

The mathematical side of most encryption is vastly stronger than the
"crypto hygiene" side. There's a reason "code rooms" and "crypto
shacks" on military ships and bases have lots of hoops to jump through,
with locked boxes, double-keyed switches, controlled access, etc.  

Most users of PGP take no steps to secure key materials. (I plead
guilty, too.) Most of us are used to immediate access, and we want
crypto integrated with our mail. The notion of going to a locked safe,
taking out the laptop or removable hard drive, ensuring an "air gap"
between the decoding system and the Net, and checking for keyloggers
and hostile code, and so on, is foreign to most of us. 

The "dongle" idea (e.g., Dallas Semiconductor buttons, etc.) has been
around for a long time. Here's a new twist: the Apple iPod music
player. I just got one. A 4.6 GB hard disk (Toshiba 1.8"). Hooks up via
Firewire/IEEE 1394, with the link recharging the battery and
auto-linking. The disk can also be mounted as a standard Firewire disk.
Meaning, it could be used to store key material and even be used for
PGP scratch operations. The increased security comes from its small
size (easy to lock up) and because I usually have it with me when I am
away from home. This makes "sneak and peek" searches and plants of
malicious code less useful. Not a complete solution. Crypto hygiene and
all.

-----End Original Message-----

An even better solution: a USB compact flash card reader. $30 at CompUSA or other fine electronics retailers, and $20 or less for a 16 MB compact flash card. This way more space than any normal person is going to need for PGP keyrings, with enough room left for your randseed file and other stuff like that, and at a price ($50 or so) that most anyone can afford. It is also transportable from computer to computer, so you could use it sneakernet style if you wanted to, especially if you get more/larger cards. 256MB cards are available for about $200, and a 1GB Microdrive runs around $400. Either of these could be carried in various orifices in extreme circumstances. :-)





More information about the cypherpunks-legacy mailing list