Domain: applied-math.org
Stories and comments across the archive that link to applied-math.org.
Comments · 8
-
Re:What is old is new again
Want to elaborate? Like with some facts and not just a blanket dismissal?
It's been done using a PIN photo-diode. I make no claim that it could be done with a 20 year old consumer camcorder, but there were pro cameras with 1/20,000 shutter speeds available. Whether that applied on a frame or pixel basis, I don't know, so I'm not willing to dismiss the possibility out of hand, as you do. It's believable to me that there were commercially available cameras capable of doing it. -
Electronic Rape
-
!secure-by-designThere are a number of lines in TFA that imply that such technology is going to somehow give better security to wireless communications, but apparently people are forgetting that basically if you can see it, you can copy it:
Information Leakage from Optical Emanations specifically addresses devices that accidentally leak information, but the same principles will apply to information that is deliberately transmitted (in the visible spectrum, or otherwise).
It might not be as easy as eavesdropping on your neighbor's wifi, but the bottom line is that the physical transmission of information in both cases (wifi and visible/optical) is observable from a distance, and therefore both mediums face the same problems in terms of security.
-
Re:I had no idea
In a world not ruled by morons and legacy equipment, I imagine that the DECT link would just be carrying a nice SSL session, and it wouldn't much matter.
However, I submit the following(PDF warning) as evidence that we do not live in such a world, indeed, there is some reason to suspect the exact opposite. -
Re:Oh?You could carry your private keys on a separate USB token - like a smart card it performs the crypto operations internally, so the computer never learns the key.
(You'll also need to bring some foil to protect the monitor against Tempest attacks... and some loud music to prevent eavesdroppers from recording your keystrokes... and some tape to cover all the LEDs...)
-
Leakage from Optical Emissions Concern (Tempest)
Call me a little paranoid but this reminds me of the data leakage problems of some communication devices (Modems, DSU's, etc). Have to 'nix the plexiglass case mod now 8->. Here is the article: Information Leakage from Optical Emissions or Google HTML here
-
New Optical Tempest issues?
Now, will case modders with transparent cases have to face a new optical tempest problem (beware, PDF link!)? (People being able to sniff potentially critical data through analyzing LED blinking, that is...)
-
For the RTFA people
Reading 26 pages incuding diagrams in neatly formated pdf style can`t be that hard, but for those "No way....can`t be done" types who probebly when living a couple of hondred years ago would have said the same thing when invited to come and look and a presentation of an airplane.....
I will cut and paste a list of devices on wich they found what they call "class III behaviour" (led gives away "the" data)
- All but one of their tested modems (out of 13 14400/v32 and other slow external modems)
-Cisco 4000 IP router, Fast Serial TD indicator
-Cisco 7000 IP router, Fast Serial TD indicator(out of 7 wan-devices)
-WTI POLLCAT III PBX Data Recorder, PBX Input A, B indicators
(whatever that may be)
Now wait with running into your server room with a roll of black tape (I guess whe one most vocal one of the "cant be done" camp will now be the one shouting the loudest) and read the really juicy part:
4.3.3 Reverse Engineering of Devices. It appears that some types of data encryption devices, in particular standalone data encryptors and modems with built-in link encryption capability, may emit optical signals in unencrypted form. Figure 6 is a detail taken from the Installation and Operation Manual for the Paradyne InfoLock model 2811-11 DES encryptor. The InfoLock 2811 is a standalone DES (Data Encryption Standard) link encryptor of the type used by financial institutions to encrypt data on their wire transfer and ATM (automated teller machine) networks [Paradyne Corporation 1985]. The figure shows a portion of the data path between the DTE connector (Data Terminal Equipment?the side of the encryptor that connects to a computer) through the encryption function, to the DCE connector (Data Communications Equipment?the side that connects to a modem). The DTE, or red side is unencrypted; the DCE, or black side is encrypted [United States Department of Defense 1987]. It is clear from this diagram that LED indicators on the TXD and RXD (transmitted and received data, respectively) are on the red side of the InfoLock 2811.
Want to know more on their testing methology, read the article ans start contributing to the discusion or just take my word for it that they didn`t do the same kind of research that has lead to the discovery of the morpheus "vulnerbilities"