[ale] Oh boy - Now I feel safe...not!

aaron aaron at pd.org
Tue Feb 5 18:09:49 EST 2002


On Monday 04 February 2002 19:39, you wrote:

> > *MICROSOFT LOCKS IN NEW SECURITY BOSS

> this is an April fools joke isn't it. [?]

Looks to be authentic, even if is is mostly laughable.  The sceptisism is 
apropriate, though, since M$ is obviously counting on all the April 
corporate managers missing the humor and taking this seriously.  :-P

> > [...]
> > In his new role, Charney is charged with developing strategies to
> > enhance the security of Microsoft products and services to support
> > the company's new "Trustworthy Computing" initiative. [...]

...and just when we were convinced that "microsoft security" was the 
ultimate oxymoron, they cook up an even more absurd catch phrase:
 "Microsoft: the Trustworthy Corporate Criminals" 

> >   So, we have the gentleman who has been responsible for
> >  the incredibly rich security features in Microsofts products
> >  who is now helping to protect the Federal Governments systems.
> >   What a warm-n-fuzzy that gives me...
> >       Charles

Its worse than that. Scott Charney is an insider trade from the 
department of justice:
    http://www.theregister.co.uk/content/4/23912.html

While the M$ oxymorons are good for a laugh, I think there are more 
insidious implications to these government post connections, ones that 
tie part and parcel into the justice department payoffs and concessions 
with their proposed M$ antitrust settlement.  Now that the Enron well is 
dry, the installed regime will be surveying new oil sources to keep the 
palms greasy.  Drilling the M$ anti-trust conviction settlement deep into 
the monopoly pipeline would be a corrupt politician's panacea, and not 
just because of the money flow but because of the very real potentials 
for manipulating a lot of information resources and covertly compromising 
the privacy and security of legitimate dissenters and political 
opponents. If they can just keep these star spangled blindfolds on the 
nation for another 5 months, it may be that nobody notices until its too 
late (again). 

But just because I'm the paranoid brand of patriot it doesn't mean the 
evil ones aren't out to get me. Back on the humorous side, it seems that 
one other aspect of the so called "security initiative" is that Microsoft 
is climbing into bed with the crackers of the cDc and the FBI to insure 
that stealth wire-tapping viruses of the Magic Lantern project are 
running on every computer system on the [.]net:

================================================
Microsoft, cDc and FBI Cut a Deal: FBI Surveillance Software
to be Part of Windows XP Updates

By John Robbington 13-12-2001

The controversy, rumors and speculation surrounding the FBI's Magic 
Lantern projects have attracted a lot of ridicule from the internet 
underground. Not so any more. Now both the infamous hacker group the Cult 
of the Dead Cow (cDc) and Microsoft have offered a helping hand to the 
Feds and are preparing to include the surveillance software in all future 
editions and updates of the new Microsoft Windows XP operating system.

"This Magic Lantern could easily become a part of Windows XP Dynamic 
Updates, or even become a standard part of the operating system." 
Microsoft spokesperson Bob Devnull said. "We are really looking forward 
to experimenting this on a large scale. Our direct Marketing department 
was jumping out of their pants when they heard we would be doing this."

As well they should. The dream of both direct marketers and the FBI 
coming true at the same time! Also to be included in the future Microsoft 
Windows XP (R) are Microsoft's trademark profiling software meant for 
tracking individual users. [ Microsoft licenses profiling software for 
digital TV <http://www.theregister.co.uk/content/22/23318.html> ]

Microsoft's inclusion of this technology enables the FBI to profile 
individuals through their viewing habits and so provide Federal Agencies 
with useful information about potential terrorists and other enemies of 
the state.

Both Microsoft and FBI point out that individual profiles are not given a 
name and that the information is only stored on the FBI government 
computers, not on any public systems. But this holds little sway with 
privacy advocates. Predictive, a Microsoft partner in this venture,
[ <www.predictivenetworks.com/> ] has also filed a patent for a biometric 
system which identifies different individuals within the same household. 
The system works by recognizing people's keystroke, mouse or 
remote-control usage patterns. The software can quickly and reliably 
build a timing and sequence repeat profile which has the effect of 
identifying all the household's PC or media appliance users, even when 
they don't enter any text that could otherwise indicate who is using the 
device.

Andy Beers, a senior product manager for Microsoft said of the deal:
"The Predictive Network solutions will provide customers of Microsoft 
with state-of-the-art software that understands the characteristics and 
interests of suspected terrorists. The result will be the technology and
expertise needed to make secret police surveillance a seamless reality
for the consumer, while incrementally criminalizing various aspects of 
file swapping, free software distribution and other terrorist activities 
within the United States and abroad." 

Evidently still grizzled about the fact that their security is too bad to 
afford any real protection, Microsoft has withheld the publishing of a 
notorious security track record, that of Microsoft being the most often 
penetrated OS of the Millennium. Reid Flame, a cDc member and now a 
secret Microsoft employee, said: "Never before has the US faced a more 
troublesome enemy. To meet this growing challenge, the FBI has announced 
an ongoing effort to create and deploy best-of-breed electronic 
surveillance software. "While we applaud the innovation and drive of the 
federal law enforcement agency, those of us who are US citizens would be 
remiss if we did not offer our expertise in this area." 

A tongue in cheek announcement from the cDc group claims "We have more 
targeted experience than anyone else in the [cracker] arena", though this 
is probably true. A revised version of their "Back Orifice" designs would 
do the Magic Lantern job beautifully and is at the center of their Magic 
Lantern assistance efforts.

Although cDc coders are confident that the Microsoft and Federal 
Enforcement Agency Research facilities are more than capable, the 
crackers intend to re-architect Back Orifice from the ground up. "There 
will be absolutely no shared code between the two projects, in order to 
skirt detection by both commercial and freeware antivirus packages. The 
source code and binaries will, of course, remain totally secret. The 
software will never surface publicly, and it will be far more stealthy 
than anything we have ever released, demonstrated or publicly discussed," 
a group spokesperson said.

Indeed, cDc notes that the central design principle of Magic Lantern and 
this new breed of stealth viruses could easily be seen as "an artificial 
intelligence which is capable of intercepting and being witness to any 
and all information exchange that might lead up to or be involved with 
the potential commission of a computer related crime".

The cDc concluded that the project would deliver "the ultimate 
intelligence gathering tool for the U.S. government, and we intend to 
construct it, at no cost, exclusively for the aid of Microsoft and all 
our Federal special enforcement agencies" said Flame. "We are confident 
that Microsoft and the government will limit the use of this technology 
only to targets relevant to legitimate investigations and warranted 
searches" he added, further underscoring the cult's faith in federal
law enforcement organizations. "The FBI has a long history of following
Title 18 to the letter."

==================================================

While the user profiling software and input tracking viruses mentioned 
above are very real, we can be fairly assured that the rest of the 
article is a hoax and a joke.  I just wish we could be as certain that 
the implied invasions of privacy will remain humorously improbable.

peace
(after justice)
aaron


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.






More information about the Ale mailing list