Security for Mafiosos and Freedom Fighters
Several good suggestions in this thread about securing machines and keyboards against FBI black bag jobs and the like. (By the way, the USB flashdrive (a 256 MB FlashHopper) I have on my keychain--my physical keychain!--is probably waterproof. The USB port has a little plastic cover which slides on snugly. Until I eventually misplace it, I am using it. I expect the thing is showerproof, though I don't intend to test it. Water resistance can be tested nondestructively with things like Fluorinert, of course. Also, surfers and kayakers often have O-ring sealed gizmos they wear under their wet suits, coming in different sizes. It would be trivial to find one to hold either a USB flashdrive or a Compact Flash card.) The larger issue is a business/consulting opportunity: The collection of "lore" on resisting bugs and intercepts and bad security measures is not something the average Mafioso or freedom fighter is much interested in learning himself. Just as specialists are used to sweep rooms for bugs, the same should apply to helping Vito Corleone beef up his computer system. --- "Have LAN, will Travel." Security Consultants, Inc. will provide you, your family, and your associates with a computer and communications package which is resistant to FBI or CIA wiretaps, black bag jobs, Van Eyck interception, and remote surveillance. We will evaluate your current system, your needs, and design a system for you. This will included throwaway cellphones, easy to use but robust encryption, steganography, access to offshore accounts, physical security for the computers, digital dead drops, use of untraceable remailers, personal security devices (such as USB flash drives storing sensitive material), and set up of t.v. cameras under your control for monitoring snooping, intrusion, and even dishonest associates and family. Security Consultants does not currently handle weapons issues, but all your other bases are belong to us. --- I mean this somewhat whimsically, but the fact is that this kind of security consulting will become more and more important as even mobsters move into the information age. (When I was developing some of the ideas prior to the formation of Cypherpunks, one of the interesting news items was about how a guy on the run from the Feds was using an early bulletin board system--I think it was GEnie, but it may have been Prodigy--to communicate with his wife in chat rooms.) In a free society, those who provide services like roofing or plumbing or security needs are of course not implicated in the possible crimes or other activities of their customers. A guy who builds a security fence for Don Corleone is not guilty of aiding and abetting. But we have not had a free society for many decades, and it is more than possible that RICO and Espionage statutes would be interpreted by government to say that assisting someone like Aldrich Ames in improving his tradecraft is ipso facto part of a conspiracy. Or the spooks could demand that Security Consultants, Inc. place "special" networks and cameras... Issues of trust and fear. (When the Mob finds out this has been done and snatches one of the children of the company and returns the child as a "turkey," with both arms, both legs, the nose, the ears, and the tongue precisely and surgically removed, others in the industry may realize the dangers of crossing the Mob.) --Tim May, Occupied America "They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759.
At 8:49 AM -0700 7/16/03, Tim May wrote:
(By the way, the USB flashdrive (a 256 MB FlashHopper) I have on my keychain--my physical keychain!--is probably waterproof. The USB port has a little plastic cover which slides on snugly. Until I eventually misplace it, I am using it. I expect the thing is showerproof, though I don't intend to test it. Water resistance can be tested nondestructively with things like Fluorinert, of course. Also, surfers and kayakers often have O-ring sealed gizmos they wear under their wet suits, coming in different sizes. It would be trivial to find one to hold either a USB flashdrive or a Compact Flash card.)
Ever since I heard that manufacturers were cleaning assembled boards with soap and water I have wondered just how much you need to protect electronic circuits from water. You obviously don't want to allow them to stay damp so they corrode, but immersion for a time (up to weeks) followed by a fresh water rinse and drying might not be so bad. Do any hardware experts have an opinion? Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | "A Jobless Recovery is | Periwinkle -- Consulting (408)356-8506 | like a Breadless Sand- | 16345 Englewood Ave. frantz@pwpconsult.com | wich." -- Steve Schear | Los Gatos, CA 95032, USA
On Wednesday, July 16, 2003, at 03:28 PM, Bill Frantz wrote:
At 8:49 AM -0700 7/16/03, Tim May wrote:
(By the way, the USB flashdrive (a 256 MB FlashHopper) I have on my keychain--my physical keychain!--is probably waterproof. The USB port has a little plastic cover which slides on snugly. Until I eventually misplace it, I am using it. I expect the thing is showerproof, though I don't intend to test it. Water resistance can be tested nondestructively with things like Fluorinert, of course. Also, surfers and kayakers often have O-ring sealed gizmos they wear under their wet suits, coming in different sizes. It would be trivial to find one to hold either a USB flashdrive or a Compact Flash card.)
Ever since I heard that manufacturers were cleaning assembled boards with soap and water I have wondered just how much you need to protect electronic circuits from water. You obviously don't want to allow them to stay damp so they corrode, but immersion for a time (up to weeks) followed by a fresh water rinse and drying might not be so bad. Do any hardware experts have an opinion?
DI water (deionized water) is used at various stages to rinse boards, wafers, plated devices, etc. Soap and water is often used for cleaning bare PCBs, but this is long before the chips go in. After wave soldering (PCBs fed on conveyer belt above hot solder bath, soldering the devices to the board in one continuous process) the flux and dross and gunk is washed off with special soaps (e.g., high acid content soaps) and water. But the water is certainly not left on the boards, not left to dry and cause spotting, etc. Alcohol and other rinses are used. We used to use vapor degreasers a lot, and TCE, before it got restricted. As for the effects of water on packaged chips, they vary. Moisture intrusion usually comes when a "driving force" exists for some long amount of time, e.g., '85/85" (85 per cent relative humidity, 85 C, for some number of hours or days). External corrosion is also possible. (One of the first things I devised for Intel was dubbed the "water drop test." Still in use, 28 years later.) My point about not wanting to immerse my flash drive is related to why I would no immerse any other piece of electronics unless I had a compelling reason to do so. --Tim May, Occupied America "They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759.
On Wed, 16 Jul 2003, Bill Frantz wrote:
Ever since I heard that manufacturers were cleaning assembled boards with soap and water I have wondered just how much you need to protect electronic circuits from water. You obviously don't want to allow them to stay damp so they corrode, but immersion for a time (up to weeks) followed by a fresh water rinse and drying might not be so bad. Do any hardware experts have an opinion?
If you can avoid it, do so. Otherwise I'd suggest that a few hours to a couple days might not be too bad, longer periods are going to be problematic. Especially as depth increases. 33ft is 1atm, I wouldn't trust anything submerged below that period. Saltwater is a killer. However, if you do get water (or Coke, Dr. Pepper, Beer, Margarita's,, Jalapeno dip, etc.) on a board then dry it off. If it's been more than a very quick dip I'd want it to spend 24hrs under a heat lamp (but limit max Temp to 90F). Silica Gell in a closed box w/ the board for 24hrs can also work. Irrespective of how you dry it, your next step is a alcky swab. It's hydrophilic and evaporates with no residue. At that point connect to power, find a monkey to hit the big red switch, and see if the magic smoke comes out... -- ____________________________________________________________________ We are all interested in the future for that is where you and I are going to spend the rest of our lives. Criswell, "Plan 9 from Outer Space" ravage@ssz.com jchoate@open-forge.org www.ssz.com www.open-forge.org --------------------------------------------------------------------
Bill Frantz wrote:
Ever since I heard that manufacturers were cleaning assembled boards with soap and water I have wondered just how much you need to protect electronic circuits from water. You obviously don't want to allow them to stay damp so they corrode, but immersion for a time (up to weeks) followed by a fresh water rinse and drying might not be so bad. Do any hardware experts have an opinion?
A long time ago I used to teach an "intro to computing" class. many students were older people who were afraid to physically touch a keyboard - partly just because it was unfamiliar, because it meant they were actually, now, starting on the road to learning, because they feared to "break something", or because they thought they might get a shock (I kid you not). I digress. One way of making them feel more comfortable was to "accidently" spill a drink on a keyboard, than immerse it in a sink, rinse, and hang out to dry. Sometimes I used a hairdrier to reuse the keyboard during the lesson, but mostly I just left it overnight to dry. That gave some at least of them some confidence that it was ok to touch the keyboard. I've also washed an iMac (which had fallen in the sea) by immersion in tap water and careful drying, the CD needed more care (drying with IPA), I took out the hard drive first and was careful with that, also cleaned all connectors with solvent cleaner, but it worked ok afterwards. <peeve> BTW, do NOT do this with crappy Apple keyboards! They are membrane-based and will be destroyed. They are also hard to open for repair, and when I asked an Apple chap about them he said "You should never drink near a keyboard". What crap! </peeve> I give no guarantee that it won't destroy your keyboard, but it won't hurt most keyboards. -- Peter Fairbrother BTW, m-o-o-t uses a randomised virtual keyboard with TEMPEST (both EM and optical) resistant fonts. It's okay for inputting keys, but it's a hassle for inputting text. Which means that your keys might be safe from keyloggers (both hardware and software), but your plaintext isn't. Sigh. I'm trying to improve it by putting the "senhorita" letters in one block and the rest elsewhere (not for key input obviously), and you do learn where the keys are after a while, but it's still a hassle.
Peter Fairbrother (me) wrote (in a different thread):
BTW, m-o-o-t uses a randomised virtual keyboard with (both EM and optical) TEMPEST resistant fonts. It's okay for inputting keys, but it's a hassle for inputting text.
Which means that your keys might be safe from keyloggers (both hardware and software), but your plaintext isn't. Sigh. I'm trying to improve it by putting the "senhorita" letters in one block and the rest elsewhere (not for key input obviously), and you do learn where the keys are after a while, but it's still a hassle.
(senhorita contains the 9 most-commonly-used-in-English letters, tho' not in order) There is another problem - assuming the TEMPEST gear or camera can't see the randomised resistant letters, if it can follow the cursor then it's just a simple substitution cypher to get plaintext (assuming the gear can get clicks). I thought of having a large cursor grid, with resistant symbols on each grid place, and changing the position of the operative symbol every so often - how often? - but I don't know how to get such a large cursor - any ideas? X on OpenBSD preferred. Any better ideas? -- Peter Fairbrother
participants (4)
-
Bill Frantz
-
Jim Choate
-
Peter Fairbrother
-
Tim May