Domain: tscm.com
Stories and comments across the archive that link to tscm.com.
Comments · 26
-
Re:only cell phones?
Pre cell phones, landline phones could be tapped using the 'infinity device'. Google it, here is one link I found. http://www.tscm.com/phone/infinity_transmitter.html All you had to do was plug it in between a phone and a phone line, then dial any phone#. The phone dialed would not ring and an open connection was made, allowing the 'tapper' to hear anything via the 'tapees' phone microphone. No loacating function to it, but if you had the phone number, information via reverse lookup phonebooks gave the address of even 'unlisted' numbers.
-
secure = kill switch?
This press statement makes me really worried. Considering the recent news about Congress wanting a kill switch for the Internet, an NSA announcement that it will "secure" the internet sounds like spin.
Have you ever heard the joke about how different branches of the U.S. military "secure" a building? The NSA puchline would be "rig the building for demolition, then put the Big Red Button right next to the light switch.
Between my experience with STU-IIIs and being a Dune fan ("He who can destroy a thing, controls a thing") I'm really worried that the NSA has been tasked to create an internet kill switch, and that the "security" efforts they will soon recommend will be a pretext for the kill switch's creation. The NSA is the logical government agency to implement a kill switch, and designing the new security system would give them the access they'd need. Normally I hate conspiracy theories, but this is just creepy to me.
Footnotes:
For all you coders out there, I meant "=", not "=="; in my opinion the NSA getting involved assigns the value "kill switch" to "secure".Joke punchline origin: every piece of NSA designed hardware I've handled has a kill switch built in, and one of my biggest headaches was people asking "what does (PRESS) this do?". Quote from the STU-III handbook:
The STU-III battery backup allows power to be removed, as in a power failure or unplugging the unit to move it, without losing the encryption data. The zeroization button bypasses this backup and erases the encryption data. After zeroization, the STU-III must be rekeyed and the CIKs must be remade. The STU-III is zeroized:
In an Emergency. - If the STU-III is ever in danger of falling into hostile hands, zeroize it to prevent the adversary from obtaining a functional unit. . .
By Accident. - The accident usually follows an employee's curiosity. The employee starts playing with the buttons and zeroizes the unit. Be sure to brief your employees on the importance of not pressing or playing with the zeroization button. Refill the STU-III using a new seed key [or operational key].
-
Re:FAIL!
Google Tempest Specification and hit "I'm feeling lucky", here's what found
tscm.com
This is one of many more. -
Re:Overkill...If you do have shielded cable, don't ground both ends!!! Bring all cables at one end to a common ground, and let the other end float. Otherwise, you will create a ground loop and actually make the noise worse.
There are generally two schools of thought on grounding:- ground everything in a nice "tree", with no possiblity for loops
- ground the @#$% out of everything
The problem with choice 1 is that the length of the return path can become long enough to become significant when compared to the frequency of the signals of interest. When this happens, your ground isn't really ground anymore.
If you want proof of this try probing a 1 GHz signal on an o-scope using a 6" ground lead, instead of the very short ground pin provided with the probe. (You'll need a multi-GHz o-scope and high frequency probe for this experiment obviously.)
A "tree" style grounding is more practical for low frequency signals, or special situations.
If you want to learn more about all of this, I recommend MIL-HDBK-217.
See sections 5.4.1 and 5.4.2 to start. -
Re:NAACP and guns
given that we're discussing a home invasion here we're talking about pretty close quarters. it's pretty easy to hit some one in the face with mace under such conditions. as for your statement about a "high" probability of hitting ones self all i can say is that based on how i have seen mace work i can only disagree and ask for some sort of evidence (some sort of study giving a probability would be nice).
You are talking about home invasion. I am speaking of defense in the general sense. That said, I have not been able to locate a study on the chances of self inflicted injury, however, most training programs for using mace as a weapon include very strong and stern warnings that it is likely you will get some on you, and that you should expose yourself to it in doses to build up some tolerance and know what to expect. An example of one such program can be found here:
http://www.tscm.com/mace.html
Also, if you get the chance, I suggest talking with some cops who have had to deploy mace in a defensive environment, most of the one's that I personally have spoken with will attest to the downside of mace being that it's easy to get hit yourself. Not a full dose mind you, but enough to potentialy harm your defensive position.
baseball bats also work very well inside houses.
Only in an open room where you can swing. Also note assault with a bat will be an assault with a deadly weapon charge, the same as if you used a gun to defend yourself. Personally I would rather avoid getting within melee range of an attacker.
fifteen feet is more than enough room to work with in most houses.
A home is not the only place one might be attacked. Furthermore, the major downside to a taser is that in order for it to be effective, both prongs must hit. Moving targets and furniture can both cause a miss, and then you must reload. Also note that in between shocks (and perhaps while being shocked) an attacker can remove the probes rendering the taser useless.
i am completely confident in my own abilities to disarm and pin and intruder after stunning them.
I am glad that you are, but not everyone is. Your wife for example, may not be. Your daughter or son may not be. Certainly the old millers down the street aren't likely to pin anyone down with their walkers. The right to self defense should not be limited to one's physical prowess.
i will say, however, that mace or a bat would be the preferred solution here.
I would prefer to not have to use either. In my house, I would hope that a burglar would have left after being confronted with a shotgun. Ideally I don't want to attack my burglar, I want him to leave.
at the age you're talking about simply putting either mace or a taser in my top dresser drawer should easily keep it out of any child so young as to be able to be killed by mace or taser. a gun will kill a child of any age, however.
The age at which your child is old enough to reach the gun and break the locks or security mechanisms you have in place on said gun is the age your child should be old enough and smart enough to know a gun is serious business, that it should not be pointed at anything that you don't intend to kill and that he should not be handling it without supervision. And both mace and tasers can kill or severely wound any child of any age. Your child may have asthma and OC or real mace (which is a tear gas) can certainly pose a severe threat. Tasers can start fires, take out eyes and depending on what happens cause your child to severely injure themselves. That said, certainly of all the weapons that would be mostly unsecured, my taser will be as opposed to the gun. But ideally, none of the weapons will be so unsecure and my children know safety.
i might also add that you're dodging my point that most home intruders are simply after your property. dishing out death for something as petty as theft doesnt seem terribly ethical (and lets face it, -
Re:6.4Mhz - Oh Dear.It really needs to be operating on an ISM frequency. Otherwise, the power level would have to be extremely low to comply with the interference regulations.
Even ignoring the interference cap, coupling useful amounts of power at several meters separation means the Q of the resonators would have to be extremely high. With the EPA efficiency standards for rechargers, this seems to be a poor time to introduce any product that wastes even a little power. -
Re:NPRs complaintLow power intentional radiators are not tested by the FCC. They are "certificated" based on tests performed by the manufacturer or an independent test laboratory. Part 2 [pdf, 1.2MB] of the FCC regulations explains the procedure. The FCC accepts the manufacturers' test data unless they have good reason to doubt it, though the FCC can demand to inspect the equipment, test reports, etc. at any time. They aren't likely to do that unless there are interference complaints, and that's what NPR and NAB are doing: complaining the FM modulators have excessively high output and cause interference to licensed stations.
Another possibility you didn't mention is deliberate design changes in the FM modulators. With most consumer product manufacturing outsourced to the lowest bidder, there's a good chance that changes (cost reductions) will occur without the knowledge of the company whose name is on the label. But they're the ones ultimately responsible for compliance to the FCC rules and the ones who will pay the fines for any violations.
-
Re:Australia does it right
But doesn't even the most open, verified system still suffer from having the "Vote for Bob" patch installed at the last minute by an official-looking guy with glasses and a clipboard? I know, this shouldn't be allowed, but it seems to happen all the flippin' time!
Believe me, on formalities you can trust bureaucrats more than Windows developers. That's for sure.
It all boils down to responsibilities. The machine needs (and is) to be tamper proof. Nobody of bureaucrat want to risk their jobs - nobody would try to circumvent anything, since that would be found immediately and the election results would be nullified. And elections would be repeated.
That's possible - if original vendor tried to achieve such goals. Or the goals were put into requirements. It is very ironical that rest of the world uses NSA safety guidelines, while US itself for sake of its own elections cannot enforce the guidelines on vendors.
If I were an American, I'd be very frightened about voting using an electronic machine, given all the horror stories I've been reading. And as a Canadian, I'm quite happy with our paper ballot system, and I'll resist any attempt to replace it!
Paper ballot system is also Okay - when paper ballots are made machine readable. And they are easily made so. And I believe such tallying machines are already used on most of the modern elections. Probably Canadian elections too. Anyway, many people cannot come to election offices - and vote using alternative means, mostly paper ballots. One cannot dismiss paper ballots overnight.
-
Re:Hmmm
There are lots of products around which provide secure voice communications over your regular land-line; the weakness of nearly all of them are that it requires both the sender and receiver to have the same model and type of unit, and outside of the government there's not really any standard. (And unfortunately I don't think that they sell STU-IIIs, fun as that would be.) The old Mac-based PGPPhone was a software-based version of a "secure phone," if you had it and the person you were calling also had it, you could have a quite secure communication (of course it basically required a dedicated computer at each end). It was never very popular though, although cryptographically it was nicely done. I'm betting that two old Macs, two headsets and microphones, and two modems is probably the cheapest solution (aside from Skype, if you trust it) for secure voice that you can easily obtain.
I have heard that General Dynamics makes a module for some GSM cellphones called Sectera that gives them encrypted capabilities, but assumedly the recipient of the call also needs to have one, and I don't know whether they sell to the public or not (my feeling is probably not). I'm sure there are companies around that cater to corporate customers desiring secure voice communications, so the technology is undoubtedly out there, if you are willing to pay the right price.
Actually, I may have been wrong about the unavailibility of STU-IIIs; it seems you might be able to get them here, though I can't vouch for it (page looks a little old though). -
Re:Its still illegal
Actually, to make a fine point, it's ignorance of the law that is not a defence.
In this case, it's ignorance that the material in question is a trade secret. You need to know and profit and/or cause damange and some other bits. There's already several links in this thread to the law if you want to read it for your self. -
Re:Its still illegalFrom TFA:
My position on the Asteroid postings is that I didn't steal the information and I didn't ask for it. Someone volunteered it to me and it looked credible, so I posted it. It wasn't marked confidential, trade secret or any such thing but it looked legit to me, so I ran it. When Apple later asked me to remove it, I complied.
The Law (emphasis mine)In General.-- Whoever, intending or knowing that the offense will benefit any foreign government, foreign instrumentality, or foreign agent, knowingly-- (3) receives, buys, or possesses a trade secret, knowing the same to have been stolen or appropriated, obtained, or converted without authorization
So assuming he doesn't get journalist protection (which imho he should, and in which case this entire case is pretty much moot), then they have to prove that he knew it was obtained without authorization. Since he says it wasn't marked, and he wasn't told, unless they can prove otherwise, I'd say Apple is SOL... 'course IANAL. :)I'm going to assume that Apple doesn't so much want him, as the for him to give up the source so they can lay some real hurt...
-
Re:Its still illegal
Yes. It is.
No. It isn't. -
Re:Its still illegal
It's not illegal.
Yes. It is. -
Wiretapping 101 and moreA good introduction to Wiretapping and Outside Plant Security
Our old story on VoIP Wiretapping
Interestingly in U.S., there are serious legal restrictions on the use of wiretaps by police agencies. The Supreme Court has consistently held that wiretaps qualify as searches under the Fourth Amendment.
Article on related topic of Open Internet Wiretapping: Carnivore
IETF (Internet Engineering Task Force) policy on wiretapping which says: The IETF restates its strongly held belief, stated at greater length in [RFC 1984], that both commercial development of the Internet and adequate privacy for its users against illegal intrusion requires the wide availability of strong cryptographic technology.
Another issue: Is Dialing Into a Conference Call an Interception?
-
Re:Ok let me get this straight....
In case anyone was wondering, TDR=Time Domain Reflectometry.
http://www.tscm.com/tdr.html
Basically you just send a pulse using the cable which has a fault. At the point of the fault, the signal reverses its path. By timing how long it takes for a pulse to return, and by knowing the speed of the pulse in the cable, you can figure out how far along the cable the fault is.
Of course, it can suck if your cable doesn't travel in a straight line... -
Re:complete bunk
What I still dont understand is that unlike digital setups, frequencies are all analog. Instead of seeing noticable spikes in a "graphical signal", why not just encode data on much smaller deviations of the sine wave? In essence, more sensitive tramsnitter/receiver?
Simple answer: noise. Noise limits the ultimate sensitivity of ANY system.
n-QAM systems do just what you suggest: by using both AM and QPSK, n-QAM systems encode many bits on each symbol, increasing the spectral efficiency of the trasmission. Of course, that comes at the expense of noise immunity. -
Some times an altimeter comes in handy
A watch with a built-in altimeter helped save 13 lives. In 1991 a Canadian C-130 Hercules aircraft crashed a few miles short of the runway at Alert. Canadian Forces Station Alert, located on the north coast of Ellesmere Island in the Northwest Territories, is the most northern permanently inhabited settlement in the world. Amazingly 13 of the crew and passengers survived the crash. SAR Techs jumped in but had to wait for a ground rescue crew to reach them to bring them out. It was pitch dark and too far north for a compass or GPS to work. One of the ground rescue guys had an altimeter built-in to his wristwatch and they were able to navigate by comparing the elevation to the map. No touch screen but it worked well enough to help save those lives.
-
NASA Memo explaining COMSEC requirements
Here is a memo that explains the National Policy on Application of Communication Security to U.S. Civil and Commercial Space Systems, NTISSP No. 1.
http://www.tscm.com/communsec.html
Some excerpts:
The need for and means to protect the command/control uplink associated with civil satellite systems, intended exclusively for unclassified missions, will be determined by the organization responsible for the satellite system in coordination with the National Security Agency....
...Approved techniques as they pertain to space COMSEC equate to National Security Agency (NSA) endorsed encryption and authentication systems....
..Government or Government contractor use of ... commercial satellites ... shall be limited to space systems using accepted techniques necessary to protect the command/control uplink.
Basically, if your group is doing as little as what you say they're doing, they may be in violation of law.
--Braddock Gaskill -
Re:Grow up, GeorgieThe military has been sendding encryption keys over the radio waves for years. Naturally it has found a way to encrypt them. As far as my post here is what someone told me before an exercise I helped set up. The intel people's data is classified top secret and is encoded with the appropriate encryption. General classified data is secret and isn't encrypted as well as top secret data. At another point these two streams are combined with plain text data and then encrypted again. The opposite happens at the other end. Here is some info on the web: KIV-7
The NSA has some really smart people to rip this stuff apart and certify it to be secure before it goes into production. These products are usually designed to a higher standard than software programmed by people in their spare time or microsoft.
-
securely wiping drives
The definition of wiping drives properly, like other security related matters, depends on what adversary you are trying to protect the data from. If your adversary is a coworker, shred ( gnu fileutils (older) or gnu fileutils (newer) ), wipe , or norton utilities wipeinfo (see Norton System Works , you might have to get the professional edition to get wipeinfo) might work. For adversaries that have more funding and/or time, purchasing sanitizer is advisable as its "D" version meets DOD requirements for electronically disposing of classified and sensitive data on a hard drive. It can apparently defeat electron microscopes with spin control, when properly utilized. Note that if you're going to this extent you probably want to TEMPEST shield (and here and there ) your life, and start using crypto sytems that keep the key material in FIPS 140 compliant crypto devices like these.
-
Iridium in EmbassiesI was at the US embassy in New Zealand for a few months about a year ago, and I recall both the Ambassador and the Deputy Chief of Mission received spiffy new Iridium handsets (follow the link; it cracks me up that the antennas, which were monstrous, are conviently not shown).
I think it was a great idea: Unclassified but Sensitive information could be phoned back to the US without high level personel having to locate a STU (secure telephone unit). Bypass landlines and possible wiretaps, and you can call from anywhere. I believe conversations from the handset to the satellite were encrypted, so it was a great investment. Of course, the Iridium shut down around 6 months later and the phones were useless...
-
Physical securityAlthough most of the Slashdot community will suggest different technological solutions (encryption, thermite on top of the hard drive) it is just as important, perhaps even more to consider physical security. Get a several specialists to your site. First start with a locksmith. Have good quality Medeco locks installed (you won't be able to find a locksmith that can pick them). They are not that much more expensive than normal locks, but worth the money. Pick resistance is only one of their features. These things are extremely reliable.
As with computer security don't just lock the front door, look at other methods of entry. How big of a gap is there under the door, could a agent put a tool under the door to unlock the door from the other side (hint, hint). Are there windows? What about an alarm? A good locksmith can take you through all these steps.
Second if you are serious about protecting your corporate secrets look into Technical Surveillance Counter Measures (TSCM). A good starting point is www.tscm.com. After your are comfortable that your site is secure look into ways of keeping it that way.
-
CSE: Home of Most Northerly Listening Post...I did an initial interview with CSE for a job shortly after grad school; pretty entertaining levels of physical security in their buildings.
I later discovered why it was a very good thing that I didn't pursue the position; it would be reasonably likely that there would be, at some point, a six month assignment to the listening post at CFS Alert, the "most northern permanently inhabited settlement in the world." As of 26 November 1992, the Special Service Medal is awarded to personnel who have completed 180 days of honourable service at the station.
Alert is so far north that it cannot communicate with geosynchronous satellites. Way, way, way, way, north...
-
Anti-paranoia postI notice a lot of fearmongering in this thread about the CIA and NSA snooping around the affairs of the American public. One of the hats I wore in my last job was as Intelligence Oversight officer for a unit within one of our intel agencies. As such, it was my responsiblity to make sure that my department conducted itself with complete probity under Executive Order 12333, which absolutely forbids covert intelligence collection activities against "United States persons" (defined in the Order) by any agency except the FBI, and by them only for valid law enforcement reasons, possibly requiring warrants and court orders.
I'm certainly not saying that it never happens, by any agency, at any classification level (no matter how deep you make it into the TS-SCI world, there's always weird stuff going on somewhere above), but it never happened in my department, and never to my knowledge anywhere else.
Chris
-
Re:Mr. James Atkinson, security expert, superheroFrom the Yahoo article:
James M. Atkinson, president and senior engineer of the Boston-based Granite Island Group, a technical counterintelligence firm, said computer logs show that Mafiaboy was looking for a "script" program and asking for information and assistance in IRC chat rooms last summer about how he can launch a denial-of-service attack
From Granite Island Group website, Mr. Atkinson's qualifications:
James M. Atkinson is a communications engineer, security consultant, and instructor with a reputation for designing and installing some of the most powerful secure communications systems used by both government agencies and major corporations.
...
He is also a prolific computer programmer with over 142 published software titles ranging from accounting packages and databases to TSCM, cryptographic, signals intelligence and electronic warfare software.
Mr. Atkinson has been trained by the U.S. Government in Intelligence, Covert Operations, Technical Surveillance, and Cryptanalysis; and is a graduate of the Defense Intelligence School with extensive field experience.
A military veteran with eight years of service, followed by several years of employment with a U.S. intelligence agency, and holds a Top Secret security clearance.
James M. Atkinson is one of a small number of people who have been formally certified and trained by the NSA as a TEMPEST Engineer, and Cryptographic Technician. He has extensive experience with the design and development of SIGINT systems to exploit and/or control compromising emanations. Additionally, he has many hours of experience working deep inside highly classified U.S. and NATO cryptographic, communications, and computer systems.
...
Also, he maintains the worlds largest private reference library regarding technical surveillance devices, and TSCM protocols used internationally. Included in this library is a computerized database of almost a quarter million eavesdropping devices. This computerized database includes complex mathematic models which permit the evaluation and analysis of eavesdropping devices.
In addition to a strong background in intelligence operations and electronics he also has extensive training in tactical operations, including Instructor and Master Instructor certifications for: Pistol, Shotgun, Rifle, Sniper Weapons Systems, Assault Weapons, Grenade Launchers, Chemical Weapons, Explosive Breaching, Stun and Distraction Devices, Straight/Expandable and Riot Baton, Non Lethal Use of Force, Specialty Impact Munitions, Riot Control, Vehicle Operations, and related tactical subjects.
Reminds me of this college application essay.
Didn't somebody already mention that April Fool's is long past? Or is this the real life James Bond? What I can't figure out is why he's so eager to publicize his credentials... if I were he, I would imagine it would be more profitable to be invisible...
Here's an interesting quote:
James M. Atkinson has completed more Formal Technical Training (from Apple) than anyone else we have on record.
- Apple Computer Training Department, Austin TX, Fall 1995
And the kicker:
In order to remain proficient, Mr. Atkinson attends at least 500 hours of formal security and technical training each year (a average of one day a week). He has currently completed over 12,500 hours of advanced security and technical training with industry leaders such as: Microsoft, Apple, AT&T, Sun, Silicon Graphics, Digital, Watkins Johnson, Hewlett Packard, Northern Telecom, Rolm, Cisco, IBM, Motorola, Toshiba, and dozens of others (including multiple government schools).
He must be a God. (Or maybe he has a really boring life).
Sheesh. Am I the only one who laughed at this? -
Re:Mr. James Atkinson, security expert, superheroFrom the Yahoo article:
James M. Atkinson, president and senior engineer of the Boston-based Granite Island Group, a technical counterintelligence firm, said computer logs show that Mafiaboy was looking for a "script" program and asking for information and assistance in IRC chat rooms last summer about how he can launch a denial-of-service attack
From Granite Island Group website, Mr. Atkinson's qualifications:
James M. Atkinson is a communications engineer, security consultant, and instructor with a reputation for designing and installing some of the most powerful secure communications systems used by both government agencies and major corporations.
...
He is also a prolific computer programmer with over 142 published software titles ranging from accounting packages and databases to TSCM, cryptographic, signals intelligence and electronic warfare software.
Mr. Atkinson has been trained by the U.S. Government in Intelligence, Covert Operations, Technical Surveillance, and Cryptanalysis; and is a graduate of the Defense Intelligence School with extensive field experience.
A military veteran with eight years of service, followed by several years of employment with a U.S. intelligence agency, and holds a Top Secret security clearance.
James M. Atkinson is one of a small number of people who have been formally certified and trained by the NSA as a TEMPEST Engineer, and Cryptographic Technician. He has extensive experience with the design and development of SIGINT systems to exploit and/or control compromising emanations. Additionally, he has many hours of experience working deep inside highly classified U.S. and NATO cryptographic, communications, and computer systems.
...
Also, he maintains the worlds largest private reference library regarding technical surveillance devices, and TSCM protocols used internationally. Included in this library is a computerized database of almost a quarter million eavesdropping devices. This computerized database includes complex mathematic models which permit the evaluation and analysis of eavesdropping devices.
In addition to a strong background in intelligence operations and electronics he also has extensive training in tactical operations, including Instructor and Master Instructor certifications for: Pistol, Shotgun, Rifle, Sniper Weapons Systems, Assault Weapons, Grenade Launchers, Chemical Weapons, Explosive Breaching, Stun and Distraction Devices, Straight/Expandable and Riot Baton, Non Lethal Use of Force, Specialty Impact Munitions, Riot Control, Vehicle Operations, and related tactical subjects.
Reminds me of this college application essay.
Didn't somebody already mention that April Fool's is long past? Or is this the real life James Bond? What I can't figure out is why he's so eager to publicize his credentials... if I were he, I would imagine it would be more profitable to be invisible...
Here's an interesting quote:
James M. Atkinson has completed more Formal Technical Training (from Apple) than anyone else we have on record.
- Apple Computer Training Department, Austin TX, Fall 1995
And the kicker:
In order to remain proficient, Mr. Atkinson attends at least 500 hours of formal security and technical training each year (a average of one day a week). He has currently completed over 12,500 hours of advanced security and technical training with industry leaders such as: Microsoft, Apple, AT&T, Sun, Silicon Graphics, Digital, Watkins Johnson, Hewlett Packard, Northern Telecom, Rolm, Cisco, IBM, Motorola, Toshiba, and dozens of others (including multiple government schools).
He must be a God. (Or maybe he has a really boring life).
Sheesh. Am I the only one who laughed at this?