LINUX.IE, website of the Irish Linux Users' Group
Tux rules!

   
Home
New Users
Articles
Download
Projects
Community
Vendors

  Print Version
Email to...
 
Archives:


planetILUG

Recent News

News Archive


Join the
ILUG
on FaceBook


Join the
ILUG
on LinkedIn


Join the
ILUG SETI
Group



















 
 :: Mailing Lists

[ILUG] Firenze Linux User's Group server tampered with

[ILUG] Firenze Linux User's Group server tampered with

Justin Mason jm at jmason.org
Thu Jul 14 23:25:50 IST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


David Golden writes:
> Indeed. Fun thought: I've also little doubt that a sort of vampire tap 
> or inductive pickup  device could be designed and used to snarf data 
> from any one of several points inside a running ordinary PC, 
> particularly cables snaking around. 
> 
> Within the tolerances of interference on an IDE or SCSI bus (the ribbon 
> cables are designed to handle that sort of thing, in fact, normal 
> connectors are like vampire taps onto the cable!),one could likely be 
> made to clamp around a ribbon cable, so one wouldn't need to shutdown a 
> system to "bug" it and capture all data being written to hard-drive.  
> It just depends on your budget and the person-hours you have to burn.

Well, it can be tricky to get at what's on the CPU, assuming the attackers
were after the anonymous remailer data. See Ross Anderson and Markus Kuhn
on smartcard attacks; it's really quite tricky to "get inside" a CPU,
although timing and emissions attacks can help guess crypto keys etc. from
outside the CPU.

It'd be easier for them to just rootkit the box and installed a backdoored
version of gpg, I think.

> Some explosives or a canister of something nice and toxic or virulent 
> strapped inside the case might be something of a deterrent, but if you 
> forgot to deactivate it in your excitement at getting a new graphics 
> card to fit or something... oops.

Again, see Ross Anderson on tamper-proofing ;)   There's lots of
techniques which were explored during the cold war era, regarding
tamper-proofing detonation systems, esp on nuclear weapons.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFC1uZuMJF5cimLx9ARAi0SAKCh2Czb0MK8BMBAtkuT53U1nw4NDQCfabSf
QJXAJGRQXAoxfNpBkcdw1Xg=
=Yc+E
-----END PGP SIGNATURE-----

More information about the ILUG mailing list
Read this without the formatting.
                                                                                                    

  

Hosted by HEAnet


 Maintained by the ILUG website team. The aim of Linux.ie is to support and help commercial and private users of Linux in Ireland. You can display ILUG news in your own webpages, read backend information to find out how. Networking services kindly provided by HEAnet, server kindly donated by Dell. Linux is a trademark of Linus Torvalds, used with permission. No penguins were harmed in the production or maintenance of this highly praised website. Looking for the Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
RSS Version
Powered by Dell