[wordup] mcafee and "magic lantern"

Adam Shand adam at personaltelco.net
Mon Nov 26 13:00:45 EST 2001 

Via: politech at politechbot.com

Security software, including PGP and anti-virus ware, is either looking
out for your interests or those of the government. It can't do both, and
now we know where McAfee stands. I invite McAfee to reply; I will
distribute any response unedited.

http://www.washingtonpost.com/wp-dyn/articles/A1436-2001Nov22.html
    At least one antivirus software company, McAfee Corp., contacted the
    FBI on Wednesday to ensure its software wouldn't inadvertently detect
    the bureau's snooping software and alert a criminal suspect.

http://www.politechbot.com/p-02822.html
"FBI reportedly creating "Magic Lantern" anti-crypto virus"

-Declan
[Below posts forwarded from Dave Farber's IP list]

---

>Date: Sat, 24 Nov 2001 14:06:47 -0700
>To: David Farber <dave at farber.net>
>From: Brett Glass <brett at lariat.org>
>Subject: Re: IP: Detecting Magic Lantern?
>
>At 01:31 PM 11/24/2001, David Farber wrote:
>
>>At 01:52 PM 11/23/2001, Henry E. Schaffer wrote:
>>
>> >"At least one antivirus software company, McAfee Corp., contaced the FBI
>> >on Wednesday to ensure its software wouldn't inadvertently detect the
>> >bureau's snooping software and alert a criminal subject."
>> >
>> >http://www.washingtonpost.com/wp-dyn/articles/A1436-2001Nov22.html
>
>I have just removed all Network Associates products from my workstations
>and network servers, and will no longer recommend them to my clients
>or readers.
>
>I have taken this position because Network Associates, by rigging its
>products not to detect tampering by specific parties of its choosing, has
>betrayed users' trust and started a descent down a perilous, slippery
>slope. Will the company next change its PGP ("Pretty Good Privacy")
>software so that it contains back doors as well? Will its "Sniffer"
>products be configured to ignore certain types of attacks and allow
>selected parties onto customers' networks undetected, possibly hiding
>illegal searches by freewheeling law enforcement personnel? Will its
>"Magic Solutions" products, which allow remote control and maintenance
>of user workstations, become a vector for the installation of spying
>software by government snoops?
>
>Just as disturbing as the company's breach of trust with its customers
>is the prospect that others will exploit the back doors installed for
>the benefit of government agencies.
>
>Network Associates has shown that it is willing to compromise its
>integrity by selling intentionally faulty products. For this reason,
>it is no longer appropriate or wise for those concerned about the
>security of their networks, systems, or confidential data to use them.
>
>--Brett Glass

********

>Date: Sun, 25 Nov 2001 12:47:23 -0800 (PST)
>From: Lauren Weinstein <lauren at vortex.com>
>To: dave at farber.net

>Dave,
>
>The latest very short "Fact Squad Radio" audio commentary deals with the
>risks of the FBI's reported "Magic Lantern" project and similar systems.
>The piece is called "The Spy in Your Computer?" and is available via:
>
>    http://www.factsquad.org/radio
>
>Thanks much.
>
>--Lauren--
>Lauren Weinstein
>lauren at pfir.org or lauren at vortex.com or lauren at privacyforum.org
>Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
>Co-Founder, Fact Squad - http://www.factsquad.org
>Co-Founder, URIICA - Union for Representative International Internet
>                      Cooperation and Analysis - http://www.uriica.org
>Moderator, PRIVACY Forum - http://www.vortex.com
>Member, ACM Committee on Computers and Public Policy

********

-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------

[I hope McAfee will clarify what's going on. Babelfish translates:
"Network Associates speaker Alexander Wegner explained opposite heise
on-line, an appropriate report the Washington post office corresponds not
to the truth..." --Declan]

---

Date: Mon, 26 Nov 2001 08:35:58 -0800
From: Joachim Feise <jfeise at ics.uci.edu>
Organization: University of California, Irvine
To: declan at well.com
Subject: Re: FC: McAfee sides with FBI against customers on "Magic Lantern"

Hello Declan,

according to the German news site "Heise Online", Alexander Wegner, a
speaker for NAI (the German branch, I guess) said that the Washington Post
article is wrong:

    http://www.ct.heise.de/newsticker/data/wst-26.11.01-001/

He used pretty strong words:

Roughly translated, he said that "NAI doesn't care what the FBI does. NAI
writes software that detects malicious code. If there is a trojan or virus
on the system, it is reported. No exceptions."

Cheers,
-Joachim

---

Date: Mon, 26 Nov 2001 12:27:00 -0500 (EST)
From: Dildog <dildog at l0pht.com>
To: Declan McCullagh <declan at well.com>
Subject: Re: FC: McAfee sides with FBI against customers on "Magic Lantern"
In-Reply-To: <5.1.0.14.0.20011126103849.022698c0 at mail.well.com>
Message-ID: <Pine.BSO.4.21.0111261223060.2021-100000 at 0nus.l0pht.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-UIDL: d59308e3e0b84af70ff48ea63ca1f968

Heh. I guess once that 'Magic Lantern' software leaks out to the malicious
types, they'll end up using it since virus scanners will never pick it
up... did they even consider the consequences of writing software that was
a state-sanctioned version of Back Orifice?

Perhaps they should consider consulting the Cult Of The Dead Cow,
considering we've had considerably more experience in this arena than they
have...

--dil

---

From: mjinks at sysvi.com
Date: Mon, 26 Nov 2001 10:43:51 -0600
To: Declan McCullagh <declan at well.com>
Subject: Re: FC: McAfee sides with FBI against customers on "Magic Lantern"

call me a zealot.

http://www.openantivirus.org/
(no idea if it's any good or not but i'm sure they could use some help)

http://www.gnupg.org/
(use it, like it, there's a win/DOS version)

---




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------

More information about the wordup mailing list