>From: MichaelP <[EMAIL PROTECTED]>
>To: undisclosed-recipients:;
>Subject: Magic Lantern and recent worms
>Date: Fri, 31 May 2002 10:05:28 -0500 (CDT)
>Received: from [128.206.49.181] by hotmail.com (3.2) with ESMTP id MHotMailBEC41C3300094004311C80CE31B551160; Sun, 02 Jun 2002 19:15:16 -0700
>Received: from localhost (lists@localhost)by chumbly.math.missouri.edu (8.9.1a/8.9.1) with SMTP id VAA1447696for <[EMAIL PROTECTED]>; Sun, 2 Jun 2002 21:15:15 -0500 (CDT)
>Received: by chumbly.math.missouri.edu (bulk_mailer v1.9); Sun, 2 Jun 2002 21:15:15 -0500
>From [EMAIL PROTECTED] Sun, 02 Jun 2002 19:16:16 -0700
>Organization: ?
>Article: 139461
>Message-ID: <[EMAIL PROTECTED]>
>
>It's worth meditating on the question of whether the recent "worm"
>epidemic is independent of the "Magic Lantern" scheme.
> I havn't been pointed to anything recent that's specific on the subject,
>and I havn't, myself, been receiving any signs
>of infection other than that some spam schemes seem to be posting to open
>lists and accusing the list-owners of spreading the worm.
>
>Cheers
>MichaelP
>
>================================
>
>
http://www.wired.com/news/conflict/0,2100,48648,00.html
>
>'Lantern' Backdoor Flap Rages
> By Declan McCullagh
> 8:25 a.m. Nov. 27, 2001 PST
>
> WASHINGTON -- Network Associates has been snared in a web of
>accusations over whether it will place backdoors for the U.S. government
>in its security software.
>
>Since Network Associates (NETA) makes popular security products, including
>McAfee anti-virus software and Pretty Good Privacy encryption software,
>reports of a special arrangement with the U.S. government have drawn
>protests and threats of a boycott.
>
>The flap started last week, when news reports began to appear about an FBI
>project code-named "Magic Lantern." Details are sketchy, but Magic Lantern
>reportedly works by masquerading as an innocent e-mail attachment that
>will insert FBI spyware inside your computer.
>
>In the past, the FBI has said publicly that agents have been flummoxed by
>suspects using encryption, something that software such as Magic Lantern
>could circumvent by secretly recording a passphrase and secret encryption
>key, then forwarding the confidential data to the feds.
>
>An Associated Press article then reported that "at least one antivirus
>software company, McAfee Corp., contacted the FBI ... to ensure its
>software wouldn't inadvertently detect the bureau's snooping software and
>alert a criminal suspect."
>
>Condemnation from security mavens was quick and fierce. Columnist Brett
>Glass echoed the Slashdot crowd when he said: "Network Associates has
>shown that it is willing to compromise its integrity by selling
>intentionally faulty products. For this reason, it is no longer
>appropriate or wise for those concerned about the security of their
>networks, systems or confidential data to use them."
>
>Other security mavens pointed to free software projects such as
>openvirus.org as more trustworthy alternatives to Network Associates'
>McAfee anti-virus products, and GPG as a replacement for Network
>Associates' PGP encryption software.
>
>The criticism raised a well-known point in security circles: Security
>software, including PGP and anti-virus products ware, is either looking
>out for your interests or those of the government. It can't do both.
>
>But on Monday, Network Associates denied contacting the FBI.
>
>In a statement released late in the day, a spokeswoman for the company
>made four points:
> "1. Network Associates/McAfee.com Corporation has not contacted the FBI,
>nor has the FBI contacted NAI/McAfee.com Corp. regarding Magic Lantern.
> 2. We do not expect the FBI to contact Network Associates/McAfee.com
>Corporation regarding Magic Lantern."
> 3. Network Associates/McAfee.com Corp. is not going to speculate on
>Magic Lantern as it's (sic) existence has not even been confirmed by the
>FBI or any government agency.
> 4. Network Associates/McAfee.com Corporation does and will continue to
>comply with any and all U.S. laws and legislation."
>
>Sharp-eyed critics pointed to the narrowness of Network Associates'
>denial: It did not rule out the possibility of conversations with the
>White House, the Justice Department or even conversations with the FBI
>about a product with identical capabilities that was not called Magic
>Lantern. Network Associates also did not pledge to reject future pleas
>from the FBI done in the absence of legislation making backdoors
>mandatory.
>
>In an e-mail, Network Associates was asked to clarify with this question:
>"Can you assure ... that Network Associates/McAfee has not had any contact
>with any law enforcement or intelligence agencies or other government
>entities including Congress or the White House about Magic Lantern or a
>product with capabilities it is reported to have?"
>
>Tony Thompson, a spokesman for the company, replied: "You are correct.
>We have not."
>
>Thompson also rejected the possibility of any conversations with the
>government between Network Associates or other anti-virus vendors taking
>place informally through trade associations in Washington.
>
>For his part, Ted Bridis, a veteran reporter for the Associated Press,
>says he stands by his story from last week that reported the link between
>the FBI and Network Associates.
>
>Bridis wrote in an e-mail message Monday afternoon, "I stand by my
>reporting for the AP. This information came from a senior company officer.
>I won't identify this person in this post because I've been unable to
>reach this person by phone or e-mail since the flap erupted."
>
>"I can't resolve what McAfee told me last week and today's contradictory
>statement except to note the critical public response against McAfee that
>emerged over the holiday weekend," Bridis added.
>
>In a well-documented incident that was tried in court in New Jersey, the
>FBI sneaked into an alleged mobster's office to implant PGP
>password-sniffing software in his Windows computer. Since that approach
>requires physical breaking and entering, FBI agents seem to want to be
>able to bypass encryption without leaving their desks.
>
> The feds have worked with technology companies in the past to insert
>backdoors for surveillance and eavesdropping.
>
>To gain an export license, IBM's Lotus subsidiary weakened the encryption
>used in its Lotus Notes program so the U.S. government could readily
>penetrate it. (All versions of Notes use 64-bit keys, but export versions
>of Notes gave a portion of the key to the U.S. government, allowing
>federal agencies to decode Notes-encrypted files in real-time.)
>
>In his 1982 book The Puzzle Palace, author James Bamford recounted how the
>National Security Agency's predecessor coerced Western Union, RCA, and ITT
>Communications to turn over telegraph traffic to the feds in 1945.
>
>"Cooperation may be expected for the complete intercept coverage of this
>material," an internal agency memo said.
>
>ITT and RCA gave the government full access, while Western Union limited
>the number of messages it handed over. The arrangement, according to
>Bamford, lasted at least two decades.
>
>In 1995, The Baltimore Sun reported that for decades the NSA had rigged
>the encryption products of Crypto, a Swiss firm, so U.S. eavesdroppers
>could easily break their codes.
>
>The six-part story, based on interviews with former employees and company
>documents, said Crypto sold its security products to some 12 countries,
>including prime U.S. intelligence targets such as Iran, Iraq, Libya and
>Yugoslavia. Crypto disputed the allegation.
>
>====================================
