[ILUG] Firenze Linux User's Group server tampered with
Justin Mason
jm at jmason.org
Thu Jul 14 23:25:50 IST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
David Golden writes:
> Indeed. Fun thought: I've also little doubt that a sort of vampire tap
> or inductive pickup device could be designed and used to snarf data
> from any one of several points inside a running ordinary PC,
> particularly cables snaking around.
>
> Within the tolerances of interference on an IDE or SCSI bus (the ribbon
> cables are designed to handle that sort of thing, in fact, normal
> connectors are like vampire taps onto the cable!),one could likely be
> made to clamp around a ribbon cable, so one wouldn't need to shutdown a
> system to "bug" it and capture all data being written to hard-drive.
> It just depends on your budget and the person-hours you have to burn.
Well, it can be tricky to get at what's on the CPU, assuming the attackers
were after the anonymous remailer data. See Ross Anderson and Markus Kuhn
on smartcard attacks; it's really quite tricky to "get inside" a CPU,
although timing and emissions attacks can help guess crypto keys etc. from
outside the CPU.
It'd be easier for them to just rootkit the box and installed a backdoored
version of gpg, I think.
> Some explosives or a canister of something nice and toxic or virulent
> strapped inside the case might be something of a deterrent, but if you
> forgot to deactivate it in your excitement at getting a new graphics
> card to fit or something... oops.
Again, see Ross Anderson on tamper-proofing ;) There's lots of
techniques which were explored during the cold war era, regarding
tamper-proofing detonation systems, esp on nuclear weapons.
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFC1uZuMJF5cimLx9ARAi0SAKCh2Czb0MK8BMBAtkuT53U1nw4NDQCfabSf
QJXAJGRQXAoxfNpBkcdw1Xg=
=Yc+E
-----END PGP SIGNATURE-----
More information about the ILUG
mailing list