[9837] in cryptography@c2.net mail archive
Re: Shades of FV's Nathaniel Borenstein: Carnivore's "Magic Lantern"
daemon@ATHENA.MIT.EDU (pasward@big.uwaterloo.ca)
Fri Nov 23 10:41:44 2001
From: <pasward@big.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15357.29044.77024.139135@tolstoy.uwaterloo.ca>
Date: Thu, 22 Nov 2001 16:43:16 -0500
To: Jay Sulzberger <jays@panix.com>
Cc: pasward@big.uwaterloo.ca, "R. A. Hettinga" <rah@shipwright.com>,
<dcsb@ai.mit.edu>, <cryptography@wasabisystems.com>
In-Reply-To: <Pine.NEB.4.40.0111211714080.28089-100000@panix2.panix.com>
Jay Sulzberger writes:
>
>
> On Wed, 21 Nov 2001 pasward@big.uwaterloo.ca wrote:
>
> > Jay Sulzberger writes:
> > >
> > >
> > > On Wed, 21 Nov 2001 pasward@big.uwaterloo.ca wrote:
> > >
> > > > R. A. Hettinga writes:
> > > > > Everyone remember First Virtual's Nat Borenstein's "major discovery" of the
> > > > > keyboard logger?
> > > > >
> > > > > 'Magic Lantern' part of new 'Enhanced Carnivore Project'
> > > >
> > > > > [etc]
> > > >
> > > > In the same vein, but a different application, does anyone know what
> > > > the state of the art is for detecting such tampering? In particular,
> > > > when sitting at a PC doing banking, is there any mechanism by which a
> > > > user can know that the PC is not corrupted with such a key logger?
> > > > The last time I checked, there was nothing other than the various
> > > > anti-virus software.
> > > >
> > > > Paul
> > >
> > > If you are running a source secret operating system, it is more difficult
> > > to detect tampering.
> >
> > I'm sure it is, unless you have to be the company that owns the
> > "source-secret operating system," in which case you can presumably do
> > whatever is done by an open-source system. Now, what (beyond AV and
> > tripwire) is done?
> >
> > Paul
>
> There is much that the holder of copyright on a source secret OS could do.
> But their best efforts would likely be less effective than the best
> efforts called forth by the market forces which operate on free software.
Unclear at this point. The fact that a certain company produces a
poor OS, does not mean all secret source OSes are poor. Are AIX,
HPUX, Solaris, VMS, VM, ... all worse than Linux on this point? They
certainly tend to be tampered with far less.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
