Spyware implemented by IBM in Lotus Notes used by Tax Agents

Discussion in 'Backup and Security' started by harrytrader, Mar 1, 2004.

  1. It is far BEFORE 9/11 so terrorism is just a pretext for governments to spy their citizens.

    http://www.searchlores.org/fiatlu/GUIDnumber.html
    "According to the Interception Capabilities www.aci.net/kalliste <http://www.aci.net/kalliste/echelon/ic2000.htm>2000 report, Lotusbuilt in an NSA "help information" trapdoor to its Notes system, as the Swedish government discovered to its embarrassment in 1997. By then, the system was in daily use for confidential mail by Swedish MPs, 15,000 tax agency staff and 400,000 to 500,000 citizens. (section 43) The report goes on to describe a feature called a "workfactor reduction field" that is built into Notes and incorporated into all email sent by non-US users ofthe system. The feature "broadcasts 24 of the 64 bits of the key used for each communication", and relies on a public key system that can only be read by the NSA. "
     
  2. rognvald

    rognvald

    FRIGHTENING!!!

    What is left of our freedom as individuals?
     
  3. Government of each country, by INTERNATIONAL LAW, is normally forbidden to spy on their OWN CITIZENS. So how they do circumvent the law ? The example above shows that: they use US agency to spy SWEDEN CITIZENS and probably in exchange some european countries spy US CITIZENS for US government so that each government can never be out of law.
    Since 11/9 law has dramatically changed : now europe can openly spy private emails and phone calls whereas it was strictly forbidden before. But as I've said already the example above was far before 11/9 so just a pretext to change the law.

     
  4. One can wonder what NSA did put on Linux now :D

    "Linux Gets Security Boost from NSA"
    http://www.internetnews.com/dev-news/article.php/3317331

     
  5. CalTrader

    CalTrader Guest

    Nobody would want to reverse engineer a giant product like lotus - although it has been done - just to use it for communications. It is relatively simple to build a secure communication system that uses the public internet transport. There is no need for Lotus or any other commercial system for this purpose. If these backdoors do exist they are more likely for the purpose of license enforcement and their existence would probably disqualify the product for use in most companies - there are freeware alteratives so there is no need to use Notes or exchange etc.

    Just keep in mind that anything truly secret is not relayed in this manor so its not an issue.

    I wouldn't believe everything you hear in the press - nor comment on it ad nauseum.........
     
  6. http://jya.com/nsa-sun.htm

    The agency has amassed the world's largest concentration of supercomputers to produce the number-crunching power necessary to break foreign codes. It has dispatched FBI agents on break-in missions to snatch code books from foreign facilities in the United States, and CIA agents to recruit foreign communications clerks and buy their code secrets, according to veteran intelligence officials.
    The agency has imposed secrecy orders on U.S. scientists to prevent them from publishing code-making breakthroughs that might be exploited abroad. It has designed the so-called Clipper chip, an encryption device that would scramble telephone calls to foil eavesdroppers -- except FBI and NSA agents with a warrant who could obtain the secret numeric "keys" to unlock the code.
    And NSA has pressured American encryption companies to rig their own machines to permit U.S. eavesdropping, as Crypto is alleged to have done, in return for the export licenses the agency controls.
     
  7. I wonder if you read the article : do you know what NSA is (then read above) if you think that they are interested by licence enforcement for a product which cost only a few buckets :D

    With free software it's even more easier to spread the backdoors. If you think that this is impossible with open source

    http://www.securityfocus.com/news/19

    SECURITYFOCUS NEWS

    Wide Open Source

    Is Open Source really more secure than closed? Elias Levy says there's a little security in obscurity.
    By Elias Levy, SecurityFocus Apr 17 2000 12:59AM

    All the benefits of source code peer review are irrelevant if you can not be certain that a given binary application is the result of the reviewed source code.

    Ken Thompson made this very clear during his 1983 Turing Award lecture to the ACM, in which he revealed a shocking, and subtle, software subversion technique that's still illustrative seventeen years later.

    Thompson modified the UNIX C compiler to recognize when the login program was being compiled, and to insert a back door in the resulting binary code such that it would allow him to login as any user using a "magic" password.

    Anyone reviewing the compiler source code could have found the back door, except that Thompson then modified the compiler so that whenever it compiled itself, it would insert both the code that inserts the login back door, as well as code that modifies the compiler. With this new binary he removed the modifications he had made and recompiled again.

    He now had a trojaned compiler and clean source code. Anyone using his compiler to compile either the login program , or the compiler, would propagate his back doors.

    The reason his attack worked is because the compiler has a bootstrapping problem. You need a compiler to compile the compiler. You must obtain a binary copy of the compiler before you can use it to translate the compiler source code into a binary. There was no guarantee that the binary compiler you were using was really related to the source code of the same.

    Most applications do not have this bootstrapping problem. But how many users of open source software compile all of their applications from source?

    A great number of open source users install precompiled software distributions such as those from RedHat or Debian from CD-ROMs or FTP sites without thinking twice whether the binary applications have any real relationship to their source code.



     
  8. They add
    "While some of the binaries are cryptographically signed to verify the identity of the packager, they make no other guarantees. Until the day comes when a trusted distributor of binary open source software can issue a strong cryptographic guarantee that a particular binary is the result of a given source, any security expectations one may have about the source can't be transferred to the binary."

    Expect of course that NSA will propose itself such "guarantee" whereas :D

    http://jya.com/nsa-sun.htm

    The agency has amassed the world's largest concentration of supercomputers to produce the number-crunching power necessary to break foreign codes. It has dispatched FBI agents on break-in missions to snatch code books from foreign facilities in the United States, and CIA agents to recruit foreign communications clerks and buy their code secrets, according to veteran intelligence officials.
    The agency has imposed secrecy orders on U.S. scientists to prevent them from publishing code-making breakthroughs that might be exploited abroad. It has designed the so-called Clipper chip, an encryption device that would scramble telephone calls to foil eavesdroppers -- except FBI and NSA agents with a warrant who could obtain the secret numeric "keys" to unlock the code.
    And NSA has pressured American encryption companies to rig their own machines to permit U.S. eavesdropping, as Crypto is alleged to have done, in return for the export licenses the agency controls.
     
  9. CalTrader

    CalTrader Guest

    Let me repeat what I said earlier: its SIMPLE to construct a secure custom protocol to use over the public internet for secure communications.

    All your points about secret backdoors etc are moot: truly secure systems dont use any of the tools you mention so these problems are non-issues.

    Keep in mind that the only systems reported on by the so-called security "experts" are the ones that people know about. The mere fact that they are public already tells you that they are not the systems actually in use.

    Use your mind rather than your mouth: Why do you think anyone would release a system for a bunch of hack security experts to break apart unless they had an ulterior motive for doing so ?
     
  10. Turok

    Turok

    >I wouldn't believe everything you hear in
    >the press - nor comment on it ad nauseum.........

    Hey, Harry has to have something to do between watching endless taped re-runs of the spoof "we didn't go to the moon" movie that he thinks is real.

    JB

    http://www.elitetrader.com/vb/showthread.php?s=&threadid=24926
     
    #10     Mar 3, 2004