lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: dcopley at eeye.com (Drew Copley)
Subject: JAP back doored

Why is the state of Germany trojanizing applications which may be run by
anyone on the planet? 

How is it they believe they have a right to trojanize someone outside of
Germany? 

This is blatantly illegal in just about every country outside of
Germany.  Literally. 

Are they trying to set a precedent for other countries to follow?

Or, do they believe they are superior to other countries, and they may
invade at will?



<quote>
We know this because the JAP operators immediately warned users that
their IP traffic might be going straight to Big Brother, right? Wrong.
After taking the service down for a few days with the explanation that
the interruption was "due to a hardware failure", the operators then
required users to install an "upgraded version" (ie. a back-doored
version) of the app to continue using the service. 

"As soon as our service works again, an obligatory update (version
00.02.001) [will be] needed by all users," the public was told. Not a
word about Feds or back doors. 

Fortunately, a nosey troublemaker had a look at the 'upgrade' and
noticed some unusual business in it, such as: 

"CAMsg::printMsg(LOG_INFO,"Loading Crime Detection Data....\n");" 
"CAMsg::printMsg(LOG_CRIT,"Crime detected - ID: %u - Content: 
\n%s\n",id,crimeBuff,payLen);" 

and posted it to alt.2600. 
</quote>


> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com 
> [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of error
> Sent: Thursday, August 21, 2003 10:21 AM
> To: full-disclosure@...ts.netsys.com; cypherpunks@....com
> Subject: [Full-Disclosure] JAP back doored
> 
> 
> This is a terrible day for privacy advocates that used the 
> once (perhaps never true) "anonymous" Java Anonymous Proxy. 
> According to a  story (
> http://theregister.co.uk/content/55/32450.html) by The Register 
> 
> (It was also posted to
> ("http://securityfocus.com/archive/1/334382/2003-08-18/2003-08-24/0)
> BugTraq)
> 
> JAP was back doored by court order. It was a forced upgrade 
> (after a service interruption) to monitor "one site" that 
> continues to be unnamed. How sad it is when a group have a 
> motto of "Anonymity is not a crime." and then hand logs to 
> the police without a word? Clearly if they are able to defend 
> themselves on alt.2600 
> (http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&frame=
right&th=f4ef43f695ca29e8&seekm=3f3d3740%241_1%40news.vic.com#link10),
they aren't under a gag. Read it and weep.

-- 
error <error@...tinthenoise.net>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ