Antivirus software will ignore FBI spyware: solutions

Tim May tcmay at got.net
Mon Nov 26 13:12:53 PST 2001 

Some interesting tips (bottome of this message) for detecting FBI/SS
snoopware that NAI/McAfee is now assisting the FBI in installing. 

I especially like the idea of "type hundreds of random key strokes and
see which files increase in size." (Or just look for any file size
changes, as most of us type tens of thousands of keystrokes per day.)

The mathematical side of most encryption is vastly stronger than the
"crypto hygiene" side. There's a reason "code rooms" and "crypto
shacks" on military ships and bases have lots of hoops to jump through,
with locked boxes, double-keyed switches, controlled access, etc.  

Most users of PGP take no steps to secure key materials. (I plead
guilty, too.) Most of us are used to immediate access, and we want
crypto integrated with our mail. The notion of going to a locked safe,
taking out the laptop or removable hard drive, ensuring an "air gap"
between the decoding system and the Net, and checking for keyloggers
and hostile code, and so on, is foreign to most of us. 

The "dongle" idea (e.g., Dallas Semiconductor buttons, etc.) has been
around for a long time. Here's a new twist: the Apple iPod music
player. I just got one. A 4.6 GB hard disk (Toshiba 1.8"). Hooks up via
Firewire/IEEE 1394, with the link recharging the battery and
auto-linking. The disk can also be mounted as a standard Firewire disk.
Meaning, it could be used to store key material and even be used for
PGP scratch operations. The increased security comes from its small
size (easy to lock up) and because I usually have it with me when I am
away from home. This makes "sneak and peek" searches and plants of
malicious code less useful. Not a complete solution. Crypto hygiene and
all.

Here's the article:

> Path: sjcpnn01.usenetserver.com!e420r-sjo4.usenetserver.com!sjcppf01!usenetserver.com!hub1.nntpserver.com!headwall.stanford.edu!newsfeed.stanford.edu!sn-xit-01!sn-post-01!supernews.com!news.supernews.com!not-for-mail
> From: Rastus P. Riley <an11211 at hushmaildot.com>
> Newsgroups: misc.survivalism
> Subject: Re: Antivirus software will ignore FBI spyware: solutions
> Date: Mon, 26 Nov 2001 12:37:27 -0800
> Organization: Posted via Supernews, http://www.supernews.com
> Message-ID: <1m950usq1saskrs1g0ajmdi5h3e49fcd8b at 4ax.com>

> 
> On 25 Nov 2001 21:48:28 GMT, phatmike at isomorphic.net (phatmike) wrote:
> 
> >> According to the Washington Post, "At least one antivirus software company,
> >> McAfee Corp., contacted the FBI on Wednesday to ensure its software wouldn't
> >> inadvertently detect the bureau's snooping software and alert a criminal
> >> suspect."
> >> 
> >> http://www.washingtonpost.com/wp-dyn/articles/A1436-2001Nov22.html
> 
> 1.  Use a secure type of OS with login screen for every session
>          a.  Log out after every use
>          b.  If house invaded, Feds need to have initial login
>               password to insert trojan.
> 
> 2.  Use In/Out firewall
>          a.  Zone Alarm Pro
>          b.  Monitors in/out traffic
>                   1.  If trojan tries to send data, then firewall will
>                        highlight it.
> 
> 3.  Always check for small programs by last accessed date.
>           a.  Uncheck hidden files
>           b.  Look for files that increase in size by testing with 300
>                random keystrokes.
> 
> 4.  Use Proxies, don't run attatchments, don't use
>      Outbreak Express.
> 
> Hope this helps,
> 
> -Rastus

More information about the Testlist mailing list