Skip to comments.
FBI software cracks encryption wall
MSNBC ^
| November 20, 2001
| Bob Sullivan
Posted on 11/20/2001 2:03:16 PM PST by testforecho
click here to read article
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61 next last
To: Nita Nupress
Surely they have a solution to the "cut & paste," ya think?!Cut and past would get around the key logging software, but would require that you have the encryption keys stored in a file on the computer to cut and paste from. If they can find that file, they don't need the key logging software.
To: testforecho
All of this is easier said then done.
For every FBI hack out there, there are 1000 hackers who will spot the FBI code and come up with ways to foil it.
To: go star go
Actually, the best way to defeat this is to design PGP to crash the instant it's opened on a Magic Lantern-infected box.
23
posted on
11/20/2001 3:05:26 PM PST
by
Poohbah
To: Poohbah
<< "Actually, they do--because they don't count actual keystrokes, they parse the value entered into the user ID and password fields, regardless of source--just like Windows does." >>
What's the definition of "parse the value?" Are you saying each character on a keyboard has a value that can be read even after being CNTL/V'd onto a screen?
To: testforecho
Bwah hah hah ha........ahah!
25
posted on
11/20/2001 3:05:57 PM PST
by
Mat_Helm
To: tacticalogic
Cut and past would get around the key logging software, but would require that you have the encryption keys stored in a file on the computer to cut and paste from. If they can find that file, they don't need the key logging software. This is possibly the only time in a woman's life where something being described as "floppy" would be a good thing. ;-)
To: testforecho
Why not just have the virus "patch" PGP?
"Encryption keys are unbreakable by brute force,..."
The author lost all credibility with me at this point.
27
posted on
11/20/2001 3:11:40 PM PST
by
The Duke
To: Nita Nupress
No, the entire password input box contains a value, such as "t4@!dd_KqZ$h" (if the user has a strong password) or "password" (if the user is an idiot). That value is passed into the PGP program through a standard Windows Foundation Class library function call. It sounds like the Magic Lantern software grabs that value and copies it to its own buffer. Keystroke logging takes entirely too much memory--suppose it was a guy composing an opus which would take ten pages to print out before hitting "ENCRYPT." Also, the cut-paste would be an easy dodge--so the FBI would look for a way around it before anyone else would think of it.
28
posted on
11/20/2001 3:12:13 PM PST
by
Poohbah
To: tacticalogic
Laptop or second pc running Linux, and not connected to the internet, with the encryption software on it. Encrypt, then sneakernet to the internet connected computer for transmission. Duh. Damn, you just defeated the FBI! :-)
To: Poohbah
Thanks.
To: Nita Nupress
This is possibly the only time in a woman's life where something being described as "floppy" would be a good thing. ;-)There are rare occasions when floppy is better, as anyone who's had to roll up a garden hose in the winter will attest to.
To: Poohbah
Yes, you are probably right. Also, they can "hide" the program so it doesn't show up under task manager so you don't know that it is running.
As for AV software... if they were in bed with the FBI then they wouldn't make it part of their pattern files.
To: Brookhaven
I agree. This reminds of of the file sharing/swapping software out today.
Once the genie has been let out of the bottle, there's no putting it back.
33
posted on
11/20/2001 3:23:17 PM PST
by
rdb3
To: oc-flyfish
Might be able to hide it in the home versions of Windows...but would they be able to do that in the NT/2000 variants?
34
posted on
11/20/2001 3:24:22 PM PST
by
Poohbah
To: Poohbah; Nita Nupress
What about the "hushmail" program, where the passphrase is generated by passing the mouse over a hidden grid? Is that a more difficult system to "break"?
35
posted on
11/20/2001 3:29:56 PM PST
by
logos
To: logos
The grid can't be TOO hidden, and neither can the passphrase.
36
posted on
11/20/2001 3:31:24 PM PST
by
Poohbah
To: testforecho
I don't know a whle lot about hacking but....isn't this old technology ? Back when corporate America was into counting key strokes AutoCad had a lisp that would log your keystrokes. I used to disable it to conserve memory and increase the speed of the machine.
37
posted on
11/20/2001 3:31:37 PM PST
by
SSN558
To: testforecho
A few security tips.
Use the Zonealarm firewall (free for personal use), or something similar.
Avoid Microsoft products.
Binary (non-text) files sent by email are a major security risk...
Avoid or minimize their use. Do not accept a non-text file from someone
you don't know, and then only with a reason to do so.
Be careful with email attachments.
Older, or text-only email readers, are more secure than new email readers.
IMO, every new feature is a security risk.
To: testforecho
You don't need Windows for that...It could be done on any platform.
To: Poohbah
Sorry. Sloppy choice of words on my part. Rather than being hidden, the grid from which the passphrase on "hushmail" is generated is a "blind" grid. Would this Magic Lantern softward be able to pick that up - not even the user knows what his passphrase is in this system.
You're absolutely right that nothing can be "TOO hidden;" any security system that one person can devise, another person can break, given sufficient time and motivation.
40
posted on
11/20/2001 3:46:41 PM PST
by
logos
Navigation: use the links below to view more comments.
first previous 1-20, 21-40, 41-60, 61 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson