FBI Confirms Magic Lantern Existence 461
The_THOMAS (and many others) writes: "A day after major
anti-virus firms waffle on their support for 'Magic Lantern', and nine days
after Thomas C Greene of The Register tried to throw cold
water on it's existence,
the FBI Confirms
the 'Magic Lantern' Project Exist. Welcome to a Brave New World!"
ITS (Score:2, Informative)
Re:They can get us Linux users too (Score:5, Informative)
Shaun
Why FBI came out with this news NOW (Score:5, Informative)
Surveys show that most people, given the 9-11 attacks, are more than willing to trade freedom for security.
"A recent ABC/Post survey found two out of three people expressing willingness to surrender 'some of the liberties we have in this country to crack down on terrorism.' Cole attributes this not only to a heightened concern for safety, but to the fact that the majority are not generally affected--that is, it's not their relatives being detained and questioned." (Taking Liberties: Fear and the Constitution [prospect.org])
"At times like this, a democracy must balance its need to protect itself with the freedoms that define it. Last week's terrorist attacks have raised the debate pitting homeland defense against civil liberties to a level not seen since World War II." (For now, security trumps liberties [csmonitor.com])
"From the very first surveys after the World Trade Center and Pentagon attacks, most Americans told pollsters that the country would have to give up some rights to fight terrorism (79 percent in a CBS/New York Times poll in September). A Gallup survey conducted Nov. 26-27 found six in 10 Americans who said the Bush administration has been 'about right' in its limits on civil liberties, as opposed to 10 percent who said the administration had gone too far and 26 percent who think it hasn't gone far enough." (Public Supports Domestic Crackdown on Terror [publicagenda.org])
After all, if you're innocent, what do you have to worry about anyway?
Re:They can get us Linux users too (Score:5, Informative)
Most major vendors (with the notable exception of Debian =( ) sign packages using GNuPG. You can check these signatures using rpm. There is no need to get Eric raymond to sign stuff (and he's supposed to read all the source code, then build all the packages on his own machines? excuse me?). I suggest reading the following two security advisories, which point out some mistakes that have been made, and one possible attack, but also largely corrected by vendors, and can be easily verified by users with minimal effort.
Devil in the details - why package signing matters [seifried.org]
Red Hat 7.2 GnuPG signed RPM verification fails on distribution files [seifried.org]
RPM PGP/GnuPG verification bug [seifried.org]
Re:They can get us Linux users too (Score:5, Informative)
You, sir, are not merely a troll, but an expert troll, and I applaud you for a job well done! Thanks for the best laugh I've had this thread.
References: Slashdot article: Don't Trust Code Signed by 'Microsoft Corporation' [slashdot.org]
Microsoft bulletin detailing story of VeriSign issuing two Class 3 code-signing digital certificates to an individual fraudulently claiming to be a Microsoft employee: Erroneous VeriSign-Issued Digital Certificates Post Spoofing Hazard [microsoft.com]
"Welcome to a Brave New World" (Score:5, Informative)
Seriously, "Magic Lantern" and all the other privacy-invasive technologies used to snoop on private citizens are still a far cry away from the world of "Brave New World." After all, we still possess enough of our wits to question whether these steps are necessary, legal, and ethical. The folks in "Brave New World" didn't even go that far.
We are much closer to Orwell's "1984" then we are to "Brave New World." And I'm not sure which is the more frightening.
In 1984, the government had to force people to behave using the classic methods of tyranny. In Brave New World, the citizens were kept so damn happy that they would never question that the government didn't have their best interest in mind, regardless of what it did.
Remember: in 1984, our protagonist was someone from withen the society who began to realize what a living hell he was in and began to try to do something to better his condition. In brave new world, our protagonist was someone how came from outside of the society, having been raised on a "reservation". It was only because of this distance from the reality of the "Brave New World" society that he was able to see how awful it truly was.
Re:They can get us Linux users too (Score:3, Informative)
Why can't the FBI use Microsoft's real certificate? Why wouldn't Microsoft work with them? Are you so certain that "always trust content from Microsoft Corporation" is such a good idea?
Even then, the code which checks a newly-downloaded package against the MS certificate is on your computer, right? It could be modified by anything (say, a virus) which had the right permissions to do something different, like checking against a certificate on microsoft.fbi.com, correct? Perhaps this will be the next "I Love You" payload (or the last one).
Re:"Magic Lantern" Defense? (Score:3, Informative)
(Flippant answer: "Look, it's the Fourth Amendment we're getting rid of, not the First! Get yer Amendments straight, duuuh!" ;-)
But I think that deserves a serious answer, and since it's the Constitution you're so worried about, I'll have at it.
Ashcroft's actions are highly constitutional. He's fulfilling his obligations as part of the Executive Branch as specified in the Constitution, namely to use the powers granted to him by Congress to fulfil his mandate. Once something gets passed by the Legislative branch, it's law, and the Executive is obliged to work within the (ever-shifting confines of the) law until the Judicial branch (after due prodding) says it did otherwise.
So if you have a beef with the changes going on lately, it's with your Congresscritters for passing bad law.
But please, if you're gonna go Constitutional on us, don't trash the Executive for doing what the Constitution says it has to do -- namely doing the things your representatives in the Legislature told it to!
My legal advice to you... (Score:3, Informative)
You are under the misguided beleifs that:
1. Only guilty people exercise their right to privacy
2. Only guilty poeple have items seized as evidence upon a voluntary search.
Lets say for example, the FBI knocks on your door saying they suspect someone has been sending death threats to the president from your computer. They are mistaken. They want in to "look around" and walk out with your computer. Good luck getting it back, cause it will be in a "evidence" vault till you die, regardless of innocence or charges being sought. They could do that with ANY item in your house that MIGHT be tied to the crime and odds are you won't get it back, ever.
Reminds me of a county n Texas, all traffic violators were searched and anything that the searchers thought was "drug related" was seized. Well, a buisness man was speeding though said county, pulled over and lost 10-15K (I don't remember the exact figure) in cash he was taking to his son as a loan, all of which he could prove was legally earned. He ended up sueing, and getting little more than half of it back.
So, my legal advice to you (IANAL-Lawyer) is to NEVER ever for any reason let any cop search any of your property, unless they have a court approved warrent.
Re:They can get us Linux users too (Score:2, Informative)
So basically, he was right, and you were wrong.
Wait, who's the troll again?
Re:"Welcome to a Brave New World" (Score:0, Informative)
Actually, you are incorrect. The protagonist of Brave New World, Bernard Marx, was an unusually ugly man for his class, who began to question the ethics, methods and politics of his government from the inside, and requested that he be given access to a reservation for curiositiy's sake. It is once he has seen the harsh reality of everyday life on an unsheltered reservation(and henceforth what the drug addled happiness of his world does to its inhabitants), that he finds his life irreconcilable and hangs himself.
I wish more peole would read Huxley's "Brave New World" before complaining about not enough people reading "Brave New World" before applying that phrase everytime government gets a little out of control.
Re:Unacceptable. (Score:2, Informative)
that's listed in the warrant. Don't get a warrant to search my workshop and then decide to search my house while you're here.
Re:Why do people get riddled with fear? (Score:2, Informative)
Then They came for the Trade Unionists, but I didn't say anything because I wasn't a Trade Unionist.
Then they came for the Jews, But I didn't say anything because I wasn't a Jew.
Then They came for the Catholics, but I didn' say anything because I wasn't Catholic.
Then they came for me, and nobody spoke because nobody was left.
Reverend Martin Niemoller
Re:Anti-virus software (Score:2, Informative)
No! You, like so many other people, didn't read the quotes well enough. To start with, everything was hypothetical (and that was made clear in the articles). All AV vendors were saying that they had not been contacted by anyone from the FBI, and the all also said that they did not know if there was a thing like Magic Lantern.
Now, some people in Network Associates and Symantec said that if the FBI gave them a copy of Magic Lantern, then they would avoid detecting it (I'm asuming using an MD5 sum or something similar so hacked versions won't escape detection).
Later, "higher" people in the same companies said that they WOULD detect magic lantern.
If we asume that the internal communication issue has been resolved and this has been discussed internally, the latter statements are probably the ones that will be followed.
End conclusion, AV programs WILL detect Magic Lanter if they get their hands on it.
Re:"Welcome to a Brave New World" (Score:3, Informative)
"Oh brave new world, that has such people in it."
"O brave new world... (Score:2, Informative)
In case you couldn't tell, he was being sarcastic.
Huxley's book derives its title from a scene in The Tempest, in which Miranda, upon meeting a bunch of royal bad guys--whom she naively perceives as regal, not as the bunch of usurping, murderous scum they really are under their shiny hats--says "O wonder! How many goodly creatures are there here! How beauteous mankind is! O brave new world that has such people in't!" to which Prospero--sad cynic, curmudgeonly nihilist, all-around smarty-pants, exiled in a world of criminal dipshits--says "'Tis new to thee."
Not an inappropriate sentiment, in this case.
But of course you knew that.
Re:Never claimed it would be easy. (Score:3, Informative)
make sure the publisher's public key is really the publisher's
Aye, there's the rub!
It really takes an independent confirmation route to verify the veracity of some random downloaded package.
It galls me to no end seeing a download site providing "one-stop" authentication: here's the package, here's the signature, here's the key!
Proving identity and authenticity in this kind of environment would be improved if there were multiple authorities for one to use. Anything else subjects you to the risk of living in Dr Morarty's HollowDeck, if you remember that particular episode of Star Trek TNG.
The network downloaded packages have to be verified independently, using
- public keys burned on the CD distro you bought for cash, on impulse, in a random location,
- additional public keys on floppies that you wrote from an entirely different computer and network connection,
- phone calls verifying fingerprints of keys
- many, many open certifying authorties that are not run by governments or corporations with vested interests that would be harder to compromise en masse,
- users that are less inclined to sacrifice security for convenience
Nothing is perfect, but you can tighten things down to the point where your spoofability risk is less.