--- "privacy.at Anonymous Remailer" <mixmaster@remailer.privacy.at> wrote:
Steve Thompson:
If that's true, then the government couldn't have stolen it. However, I suspect that mainfraim code of any sophistication is rarely released into the public domain. I imagine the author would be able to clear that up, assuming he has no financial reason to falsify its history.
The page clearly states that the enhanced version was not in the public domain or owned by the government, it was a completely new version and the development was not funded by the government. The old one was for 16 bit architecture whereas the new one was for 32 bit.
Excuse me; I only skimmed the article and missed the part that described the original funding arrangements supporting the development of the initial version. You'd think that the development of software intended to be used by the Justice Department, for an application of non-trivial sensitivity, would be contracted out to a firm with existing connections to the government law enforcement community. But at that time, I suppose it could be said that computer security and trust issues would have little chance of being understood by largely computer-illiterate prosecutors and administrative personnel. Presumably today the award of software development contracts follows a rigid and formal protocol -- for the protection of both parties.
Perhaps I am stupid. I don't know how one would go about modifying application software to include a 'back door' that would presumably enhance its susceptibility to TEMPEST attacks. Isn't tempest all about EM spectrum signal detection and capture?
ALL electronic devices emits signals that you can intercept and obtain information from. Whether or not you can extract much useful data or not depends, but generally you can always extract something.
There are more general principles of information theory that apparently apply to any instance in which code and a dictionary are used to process information. I believe that the extraction of information from such processes at arbitrary points of access is something of a black art.
This is a vast field and it's hard to generalize. I have personally attended tests at a firm working for the military in a western European country and I've seen how extremely easy it is to do remote classic tempest-reading of the screen of a lap-top, to name only one example. The equipment easily fits in only a station wagon. Generally
So goes the contemporary non-specialist understanding of the field.
this is really hard to protect yourself from. Let's say you build yourself a bunker and put your computer inside it but you forget to run it on batteries, then you'll find out that signals will be carried out on the electric cord entering your bunker and they'll be readily readable outside anyway. You can't have any kind of opening in and out of that bunker, not even for ventilation, so you see this is hard to do.
Quite. If you want to get any actual work done, the process exposes you to the risk of leaking information to third-parties. Assuming that is not what is intended, I suppose you can spend a metric shitload of money on measures designed to mitigate against specific risks, without any guarantee of success.
Maybe they built in other forms of remotely usable back-doors too, just in case there were able to make contact with the computer remotely over some network. This makes sense too, since one or two or those computers surely were less protected.
In .5M LOC, just about anything is possible. However, I don't believe that back-door code would have had anything to do with enhancing the vulnerability of the system to TEMPEST attacks.
Some people falsely believe that only CRT screens can be read remotely using TEMPEST techniques, this couldn't be more false, in fact one of the test managers I spoke to said he thought it was easier with TFT type monitors. Also remeber that we're not just talking about monitors, many other devices emits interesting and potential useful informaation: faxes, printers, networking hardware etc.
Indeed. I've heard rumours suggesting that arbitrary bus signals (SCSI, PCI, FSB) are radiated with the same promiscuity as are monitor signals. IIRC, a sharp right-angle trace on a circuit board will allow the emmission a detectable RF signal, contingent only on the sensitivity and proximity of a suitably configured receiver. Presumably the expense of designing digital electronics with the criterion of minimising radiated signals is not worth the bother for the vast majority of devices. The status quo of the commodity consumer market for computers and peripherals suggests that the primary design criterion is the minimisation of manufacturing cost. Function and security criterion are necessarily compromised.
Those PROMIS people built in hardware on the motherboards that emitted signals using a kind of jumping frequency technique. If you have the key giving you he answer to how the frequencies are changed you can easily intercept the data otherwise it becomes really hard to do and esp hard to find out that there's anything emitting in the first place - it looks like noise. The purpose of this was so that they could sell the whole package, the PC with the software pre-installed to customers and then they could sit in their wan down the street and record.
Fascinating.
It's no only happening in the movies you know :)
Don't get me started. Social engineering on a grandiose scale; and that's just about all anyone (in or out of the entertainment industry) needs to know about Hollywood: foresight that can be measured in calendar months; ethics that make the BATF look good, etc.
BTW: I would also be interested in some more comments on Michael Riconosciuto as a person, doesn't anyone have an opinion or know of interesting info in this regard? Are there any books written by him or by people on "his side" of the story?
As people retire from the DOJ, FBI, and so on, it may happen that people make mention of him in their biographies. Assuming that they aren't intimidated or into silence (or bought). Regards, Steve ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca