IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / Any Security types following this? (detecting FBI Trojans)
Post #19,529
by Ashton
11/27/01 2:23:45 PM
Reply
New Any Security types following this? (detecting FBI Trojans)
[..no, not That kind of Trojans, silly]

[link|http://www.theregister.co.uk/content/55/23057.html|To flag the Good?Guys' BadStuff or not-to-flag..]

Oh what a tangled web we weave..
When GovtMorality\ufffd and other oxymorons can't tell the warp from the woof. And the weaver's got a short attention span.

It was all a lot easier with CP/M.



Ashton
Back to: Lemon juice. Read it. Burn it. All gone.
Post #19,538
by Silverlock
11/27/01 3:15:21 PM
Reply
New Extra small?
When I visit the aquarium, the same thought keeps running through my mind;
Leemmmooonnn, Buuttteerrr, MMMmmmmmm good!
Post #19,543
by kmself
Picture of kmself
11/27/01 4:05:56 PM
Reply
New McAffee waffling, in denial
Declan McCullaugh's [link|http://www.politechbot.com/p-02839.html|covering] [link|http://www.politechbot.com/p-02846.html|this]. The story's [link|http://www.politechbot.com/p-02840.html|not adding] up from McAffee's PoV.
--
Karsten M. Self [link|mailto:kmself@ix.netcom.com|kmself@ix.netcom.com]
What part of "gestalt" don't you understand?
Post #19,549
by Ashton
11/27/01 5:14:14 PM
Reply
New Ah.. thanks. Plot thickens. Double-Plus Ungood.
Particularly enjoyed John Gilmore's er itemized lists of Boolean exclusive-NORs. And another post mentioning the toxic cancelling-phrase appended to each McA 'denial': re Magic Lantern.

This accords with a comment on NPR this AM, suggesting that 'we all' reread Orwell. Soon. Methinks that this issue goes squarely to the conflict we are apparently already within:

To be law-abiding citizens [??] or not to be systematic and willing dupes of an unknown and unknowable list of Interested Authorities [??] Worldwide in Fact.

{sigh} and given the subtlety, the general public's unawareness on every scale - not merely about how machines work, but how Authorities work: are we not today thoroughly immersed in The Ugly phase?

What. To. Do.




Ashton
who will start with: no 'new' software to be allowed on any web-connected box. Save data to CDR and reload old, safe image periodically. Add-back data. Hmm - a good place for dir, file-compare utility - on each reload, esp. of *all* executables. Can run all night - I got time to fight Evil.

(I run sans McAfee anyway - realize that is not an option for many out there)
Post #19,901
by boxley
12/1/01 6:25:33 PM
Reply
New one more time with feeling
all net traffic can be monitored by anyone with enough incentive. pro active action against all intrusion systems is required regardless of source. It has been an ongoing cat and mouse game since day one.
thanx,
bill
tshirt front "born to die before I get old"
thshirt back "fscked another one didnja?"
Post #19,908
by Ashton
12/1/01 8:18:20 PM
Reply
New Get that, but - this seems about intentionally
failing to flag an installed trojan/worm/whatever - because it's Authorized by the Ashcroft Covenant: ie they *see it* but won't tell you *they saw it*.

Isn't it (about that)?

A.
Post #19,918
by boxley
12/1/01 9:32:18 PM
Reply
New well do you trust yer security to a program?
to a degree but I always sniff packets on a regular basis no matter which net I am on. raw data will tell all.
thanx,
bill
tshirt front "born to die before I get old"
thshirt back "fscked another one didnja?"
Post #19,937
by n3jja
Picture of n3jja
12/2/01 12:00:19 AM
Reply
New You should at least GREP your logs once in a while.
Otherwise you might never know WTF is going on. Hell, sometimes I don't know WTF is going on even when I do GREP my logs.

Case in point. A routine GREP of the SYSLOG files has turned up a rather interesting trend lately. It seems that my Linux firewall has been receiving an unusual amount of connection attempts to port 1214 over the last week or so.

Now, I don't know WTF port 1214 is (other than what is listed [link|http://www.iana.org/assignments/port-numbers|here]), but I'm keeping an eye on it now and if I see any weirdness on the firewall, at least I won't be completely blind-sided.

BTW, anybody know WTF could be going on with the above mentioned port connection attempts?
Post #19,964
by andread
12/2/01 1:31:43 PM
Reply
New KAZAA?
downloading any bootleg programs or music lately?

A
Play I Some Music w/ Papa Andy
Saturday 8 PM - 11 PM ET
All Night Rewind 11 PM - 5 PM
Reggae, African and Caribbean Music
[link|http://wxxe.org|http://wxxe.org]
Post #19,968
by n3jja
Picture of n3jja
12/2/01 1:59:39 PM
Reply
New *shrug* Beats me.
downloading any bootleg programs or music lately?

You mean other than the usual alt.binaries.cd.image.* and the alt.binaries.sounds.mp3.* groups? ;-)

Nope.

The highest total of hits seems to have ocurred on 11/24 thru 11/25, and at times I know I wasn't even at the computer.

What the hell is KAZAA anyway?
Post #19,972
by a6l6e6x
Picture of a6l6e6x
12/2/01 3:23:03 PM
Reply
New Google is your friend.
[link|http://www.kazaa.com/|KaZaA.]

[link|http://www.theregister.co.uk/content/55/22119.html|The Register on subject.]
Alex
Men never do evil so completely and cheerfully as when they do it from religious conviction. -- Blaise Pascal (1623-1662)
Post #19,995
by boxley
12/2/01 8:00:10 PM
Reply
New dont grep them read the logs religiously
tshirt front "born to die before I get old"
thshirt back "fscked another one didnja?"
Post #19,998
by n3jja
Picture of n3jja
12/2/01 8:11:54 PM
Reply
New Sorry, Box, I'm not that anal about it. ;-)
Post #20,069
by orion
Picture of orion
12/3/01 11:19:22 AM
Reply
New But isn't this a bit like wiretapping?
Putting a trojan on a system to monitor keystrokes. I admit this will defeat PGP and other encryption programs, but this is vitually a wire tap to do this. Plus what if they put a trojan on someone who is innocent and the trojan stays there and causes system lockups and hangups. Would the innocent party have the right to sue if they discover it?

It seems we are starting to lose our freedoms in exchange for security or trying to nail the bad-guys more? Is there even such a thing as privacy anymoe?
Picking up the pieces of my broken life.
Post #19,976
by inthane-chan
Picture of inthane-chan
12/2/01 3:54:22 PM
Reply
New So, what's the recommended AV software these days?
Given that Norton and McAfee (or the other big name - I can't remember it off the top of my head) seem to be folding as far as detecting this thing, and thus giving AV authors a back door in, what's the big Windows AV software these days?

And don't say Linux, I already know that one... ^_^

When I get my dead HD back, it's a Linux partition. 20gb of Linux, 20gb of Win2k.
"He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you." - Friedrich Nietzsche
Post #19,985
by pwhysall
Picture of pwhysall
12/2/01 6:09:47 PM
Reply
New Sophos.
British.
Good.

Peter
Shill For Hire
[link|http://www.kuro5hin.org|There is no K5 Cabal]
Post #20,048
by altmann
12/3/01 4:12:35 AM
Reply
New I second that motion
Light on the resources, clients for many OSen including Windows, OS/2, and Linux. Geared towards corporate multiuser licensing though. We have it on our mail server and desktops. I like it.

And less likely to let that "Magic Lantern" CIA virus through perhaps?

They have demos on their [link|http://www.sophos.com/downloads/products/|website]. You have to request a password to access them.
--
Chris Altmann
Post #20,067
by inthane-chan
Picture of inthane-chan
12/3/01 11:08:16 AM
Reply
New The main problem seems to be...
...finding a retailer in the U.S. that carries them for single users. :P

I sent their U.S. office an e-mail, we'll see if they have time for a single license sale... :)
"He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you." - Friedrich Nietzsche
Post #20,083
by tseliot
Picture of tseliot
12/3/01 1:33:16 PM
Reply
New I continue to recommend TrendMicro
We've had their OfficeScan Corp Edition product for a couple years now and it works swimmingly (okay, there was a glitch with *one* of the dailies last year--all fixed now).
---------------------------------
A stupid despot may constrain his slaves with iron chains; but a true politician binds them even more strongly by the chain of their own ideas;...despair and time eat away the bonds of iron and steel, but they are powerless against the habitual union of ideas, they can only tighten it still more; and on the soft fibres of the brain is founded the unshakable base of the soundest of Empires."

Jacques Servan, 1767
Post #20,299
by static
12/5/01 6:06:42 AM
Reply
New I prefer prevention.
No Outlook. No IIS.

But if you still want a signature scanner... I used to recommend Dr Solomon's and Vet from Cybec, but McAfee - whom I don't particularly trust - bought the former and Network Associates bought the latter.

I also recall a clever little product called Victor Charlie. I wonder what happened to it. It was really a file integrity manager, but it had it all packaged up so well and had a nifty signature scanner for the "common" ones that it could self update from "suspicious" files.

Wade.

"All around me are nothing but fakes
Come with me on the biggest fake of all!"
     Any Security types following this? (detecting FBI Trojans) - (Ashton) - (19) - Nov. 27, 2001, 02:23:45 PM EST
         Extra small? -NT - (Silverlock) - Nov. 27, 2001, 03:15:21 PM EST
         McAffee waffling, in denial - (kmself) - (1) - Nov. 27, 2001, 04:05:56 PM EST
             Ah.. thanks. Plot thickens. Double-Plus Ungood. - (Ashton) - Nov. 27, 2001, 05:14:14 PM EST
         one more time with feeling - (boxley) - (9) - Dec. 1, 2001, 06:25:33 PM EST
             Get that, but - this seems about intentionally - (Ashton) - (7) - Dec. 1, 2001, 08:18:20 PM EST
                 well do you trust yer security to a program? - (boxley) - (6) - Dec. 1, 2001, 09:32:18 PM EST
                     You should at least GREP your logs once in a while. - (n3jja) - (5) - Dec. 2, 2001, 12:00:19 AM EST
                         KAZAA? - (andread) - (2) - Dec. 2, 2001, 01:31:43 PM EST
                             *shrug* Beats me. - (n3jja) - (1) - Dec. 2, 2001, 01:59:39 PM EST
                                 Google is your friend. - (a6l6e6x) - Dec. 2, 2001, 03:23:03 PM EST
                         dont grep them read the logs religiously -NT - (boxley) - (1) - Dec. 2, 2001, 08:00:10 PM EST
                             Sorry, Box, I'm not that anal about it. ;-) -NT - (n3jja) - Dec. 2, 2001, 08:11:54 PM EST
             But isn't this a bit like wiretapping? - (orion) - Dec. 3, 2001, 11:19:22 AM EST
         So, what's the recommended AV software these days? - (inthane-chan) - (5) - Dec. 2, 2001, 03:54:22 PM EST
             Sophos. - (pwhysall) - (2) - Dec. 2, 2001, 06:09:47 PM EST
                 I second that motion - (altmann) - (1) - Dec. 3, 2001, 04:12:35 AM EST
                     The main problem seems to be... - (inthane-chan) - Dec. 3, 2001, 11:08:16 AM EST
             I continue to recommend TrendMicro - (tseliot) - Dec. 3, 2001, 01:33:16 PM EST
             I prefer prevention. - (static) - Dec. 5, 2001, 06:06:42 AM EST

Absorbant and yellow and porous is he!
84 ms