[LINK] FBI "Trojan horse" triggers alarms

[hartr@interweft.com.au]

On 25 Mar, Pilcher, Fred wrote:
> http://www.newscientist.com/hottopics/tech/article.jsp?id=99991608&sub=Secur
> ity%20and%20Defence
> 
> "Software companies may be asked to make their security applications ignore
> FBI computer surveillance tools, but experts say this could create security
> hazards.
> 
> The FBI is reportedly developing a "Trojan horse" computer tool called Magic
> Lantern. This program is designed to steal passwords from the computer of a
> suspected criminal. This would allow investigators to unlock and read
> encrypted communications and encrypted files."

Well, this is interesting.

Let's consider the implications for open source operating systems...and
the resultant impact everywhere else.

In order to include this capability in open source software such as BSD
or Linux, the details of the protocol will have to be made public (this
will make sure that a zealous sys admin does not blok the traffic at the
Linux/BSD firewall. Also, the mechanism for grabbing the passwords out
of /etc/shadow on Linux/BSD boxes will also have to be made available as
open source. This will require the introduction of some sourt of 'back
door' into the OS.

Of course, if this is all open source, the bad guys will have the info
necessary to go and hack all the boxes (irrespective of OS) out there.

Are the FBI really serious about this? Have they engaged brain?

-- 
Robert Hart					 hartr@interweft.com.au
Strategic IT & open source consulting                +61 (0)438 385 533
Brisbane, Australia			    http://www.interweft.com.au