This from Extreme Tech Security -- Very worrisome.
FBI's "Magic Lantern" Trojan Snoops on Citizens; McAfee and
Symantec Refuse to Block It Shortly after the US Congress passed
the "USA PATRIOT Act," which authorized government agents to
conduct unannounced "Sneak and Peek" searches. An article posted
on MSNBC.COM revealed that the FBI intended to plant a Trojan
Horse program code-named "Magic Lantern" on the computers of
citizens it suspected of crimes. (Apparently, the FBI had been
engaged in such practices even before the bill was signed
into law; in October, the agency sought to suppress information about
keystroke logging technology it had used to obtain encryption keys
from the computer of alleged gangster Nicodemo Scarfo.)
Unfortunately, the FBI's enthusiasm for stealth technology has led to
a troubling development: complicity by vendors of security software.
According to an Associated Press article (first link below), Network
Associates, maker of the McAfee line of antivirus products, had
contacted the FBI so as to ensure that its products would NOT detect
computer tampering by government snoops. While Network
Associates' public relations staff quickly published a narrowly worded
denial, the reporter who wrote the original story stuck to his guns,
saying that he'd been told of the policy by a Network Associates
executive.
Shortly thereafter, Symantec, another antivirus vendor, also
announced that it had pledged not to allow its antivirus software to
detect the FBI's illicit code.
The prospect of "back doors" or intentional "blind spots" in security
products is particularly troubling because hackers and industrial
spies could exploit these weaknesses just as easily as could the
government. And both Symantec and Network Associates sell other
products upon which companies and individuals rely for security. NAI
also sells the Pretty Good Privacy (PGP) encryption software, the
Sniffer network monitoring products, and the Magic Solutions remote
control software, and Symantec's "Norton" line contains several
similar products.
Customers must now be concerned that any or all of these products
could potentially be rigged not to report possibly unconstitutional
snooping by the government--or by third parties who designed their
products to mimic the government's snooping software. Any or all
could allow systems and networks to be compromised. The best
alternatives may be products that are manufactured overseas--or
"open source" products in which back doors can be usually be
detected by inspection of the code.
http://www.factsquad.org/radio/2001-11-26.mp3 (a voice message)
http://www.washingtonpost.com/wp-dyn/articles/A1436-
2001Nov22.html
http://www.politechbot.com/p-02839.htmlhttp://www.wired.com/news/conflict/0,2100,48648,00.html?tw=wn200
11127
http://www.politechbot.com/p-02851.htmlhttp://www.msnbc.com/news/660096.asp?cp1=1http://www.theregister.co.uk/content/55/23057.html
- - - -
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
