On Thu, 17 Jul 2003, Trei, Peter wrote:

Lets not forget optical TEMPEST - remember a few months ago, when it was demonstrated that the image on a CRT could be reconstructed just from the light it reflected on walls? The point where the electron beam is hitting the phosphors is much brighter than the rest of the screen, and by syncing a fast photodetector to monitor scan rates, you can reconstruct the image on a screen in a distant room just by viewing the backwash light through a telescope.

Absolutely. Which is why people worried about security in this manner, should move to LCD's. Not just for weakening TEMPEST signals, but also for defeating optical TEMPEST... (and saving power.) However I have to say that from a purely user point of view, I like the way CRT's look much better than LCD's. CRT's tend to be richer and brighter than LCD's, and their refresh rates are much better... LCD's are still suceptible to TEMPEST monitoring, though there are far less emissions since there isn't this great big nuclear particle accelerator sitting infront of you :) (what? electrons are nuclear particles. :) But the signals from poorly shielded VGA cables can still be picked up (as can those of keyboards, and other hardware.) Other tricks include using more than one monitor (make sure they're all the same brand/model, attached to video cards that are identical and operating at the same resolution, depth, and refresh rate, and displaying random junk, etc. + using tempest fonts on the non-decoy system.) Better yet, use a notebook computer on battery power (so that power saving mode comes intoplay) with several decoys as they'd (generally) dump much less RF. You could also add some shielding, but it's unlikely to help very much... I actually played with a fox & hound kit one day. For those who never had to run ethernet (CAT 3,5,5e,etc.) or phone cable, this consists of a pair of tools: a tone injector that makes lots of noise, and a detector. The detector can pick up not just the signal from the tone injector, but also lovely things such as 60Hz hum, phone conversations (in analog phones anyhow), etc... You can also learn to "hear" the different sounds various things like 100BTx make and distinguish from - say, 10BT, or cable TV, etc... with a cheap proble that doesn't filter... I did find that when used on a keyboard, with some cheaper keyboards anyway, you can "hear" the keystrokes and the key scanning pattern, and that the individual keys are certainly distinctive enough - you could probably hook this thing up to a sound card and figure out which keys send what RF pattern... So with the right recorder/relay/decoder hidden under someone's desk, you could capture their keystrokes without disturbing epoxy or taking the keyboard apart. (As with all bugs, you'd need a power suply, some way to intercept the data, and either some way to record the data, or relay it. Relaying it, and hooking into existing power is better than just recording it or using a battery as a source, because you don't need a 2nd blag bag job to remove your bug and dump the data.) Of course if the bug transmits, it can be picked up in a sweep, but if the PC is on, the guy doing the sweep might not realize that there's a bug since the PC is a noise source... YMMV, etc. So all this talk of expoying keyboards down is somewhat naive in light of this. Not to say that if you, hypothetically speaking, were in a position to have a well funded, and determined set of enemies who were out to get your data, that using expoxy to glue down your keyboard wouldn't frustrate them, but rather to point out that there are other means and methods that would more than ruin your day. :) The path of least resistance, again, is not to attract the attention of such enemies in the first place. But hey, if your threat model is your kid sister or RIAA, then much less thought is perfectly fine. [As with all my posts, "you" is always a fictional character, and in this one, "you" switches from the guy trying to steal data to the guy trying to protect data, YMMV, #include <std_disclaimer.h> ]