Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

IP: More on McAfee security flap

From: David Farber <dave () farber net>
Date: Tue, 27 Nov 2001 06:54:26 -0500



Subject:  FC: AP's Ted Bridis replies to McAfee: "I stand by my
reporting"
Date:       Mon, 26 Nov 2001 17:36:36 -0500
From:      Declan McCullagh <declan () well com>
To:          politech () politechbot com
CC:         tbridis () ap org

Previous Politech article:

"McAfee replies -- by denying any FBI contacts of any sort"
http://www.politechbot.com/p-02839.html

---

From: "Ted Bridis" <tbridis () ap org>
To: "Declan McCullagh" <declan () well com>, <politech () politechbot com>
Subject: RE: McAfee replies -- by denying any FBI contacts of any sort

Date: Mon, 26 Nov 2001 17:11:32 -0500

 >>Perhaps Ted can elaborate?<<

I stand by my reporting for the AP. This information came from a
senior
company officer. I won't identify this person in this post because
I've
been unable to reach this person by phone or e-mail since the flap
erupted.

I can't resolve what McAfee told me last week and today's
contradictory
statement except to note the critical public response against McAfee
that
emerged over the holiday weekend.

I do empathize with the awkward dilemma this puts companies in: Good
U.S.
corporate citizens have a responsibility to assist the FBI in criminal
and
terrorism investigations. But accommodating the government by
intentionally
building a weakness/vulnerability into detection or security software
seems
to carry a lot of consequences.

I noticed that McAfee's statement doesn't say they will not build any
such
an accommodation into its antivirus or its firewall software if the
FBI
asks, just that it hasn't been asked to do it yet and that it complies
with
all U.S. laws.

But as McAfee's PR release noted, much of this is speculative since
nobody's sure how Magic Lantern would be installed remotely (as an
enticing e-mail
attachment, "fbi-porn.exe"? Or using a buffer overflow? Or using
different
vectors depending on the target's o/s and applications?) If it's the
latter, wouldn't the major operating system vendors need to leave
unpatched holes
for the FBI to exploit? Where does it end?

Rgds,
Ted Bridis, staff writer
The Associated Press
2021 K St., NW, Suite 600
Washington, DC 20006
(202) 776-9462, voice
(202) 776-9570, fax
(202) 437-4640, cell




-------------------------------------------------------------------------

POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech:
http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------






============
To UNSUBSCRIBE from the ignition-point list, send email to:
majordomo () theveryfew net
In the body of the message, include only the line:
unsubscribe ignition-point <your address>



For archives see:
http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: