Re: Stego-empty hard drives... (fwd)
Forwarded message:
Date: Tue, 22 Sep 1998 13:04:15 -0500 From: Petro <petro@playboy.com> Subject: Re: Stego-empty hard drives... (fwd)
At a certain threat level or level of "interest" in your affairs, whether you can hide the fact that you are using crypto or not is going to become irrelevant.
When you're at that level you don't carry the data across the line you get some Johnnie Mnemonic to do it for you or put it in a diplomatic pouch...
If your opponent is using tempest, you are operating at that level. Tempest is expensive, and I'd imagine would have to be calibrated not only for each processor ([3-6]86, with all the variations (sx/dx, celeron, xenon etc,) as well as the NEC. AMD. and Cyrix clones thereof, ARM & StrongARM processors, PPC 601/3/4/G-3 processors, Motorola 68k processors, sparc processors etc) but (if you are looking at what the POST & BIOS actually does) for each BIOS AND OS. This is NOT an easy task, nor can it be done by a Bozo operating a X-Ray machine at an airport.
Consider that at any given time there are only a few hundred BIOS'es, made from a few dozen base images, driving all the machines out there. The number of companies that develop their own BIOS in toto for in-house products is next to nil (I know of none). What they do is buy a license and then re-write the sections they need to. The TEMPEST signal will be effected by speed, I see no reason to suspect that it's going to be processor dependant. Since the code gets executed in the same sequence in these shared BIOS there is going to be a shared footprint, which may get squeezed because of increased clock speed. Measuring that footprint at ranges of inches is nowhere near as expensive as trying to catch a monitor image from a block away. If you store those few thousand footprints and do a compare any bozo can in fact run the machine. Just sit and watch to see if the red light comes on and call your supervisor. ____________________________________________________________________ The seeker is a finder. Ancient Persian Proverb The Armadillo Group ,::////;::-. James Choate Austin, Tx /:'///// ``::>/|/ ravage@ssz.com www.ssz.com .', |||| `/( e\ 512-451-7087 -====~~mm-'`-```-mm --'- --------------------------------------------------------------------
Jim Choate wrote:
Consider that at any given time there are only a few hundred BIOS'es, made from a few dozen base images, driving all the machines out there. The number of companies that develop their own BIOS in toto for in-house products is next to nil (I know of none). What they do is buy a license and then re-write the sections they need to.
See: http://www.ping.be/bios/ for bioses and flash upgrades.
The TEMPEST signal will be effected by speed, I see no reason to suspect that it's going to be processor dependant. Since the code gets executed in the same sequence in these shared BIOS there is going to be a shared footprint, which may get squeezed because of increased clock speed. Measuring that footprint at ranges of inches is nowhere near as expensive as trying to catch a monitor image from a block away.
If you store those few thousand footprints and do a compare any bozo can in fact run the machine. Just sit and watch to see if the red light comes on and call your supervisor.
Come on guys, this is silly. Why the fuck would the UK tempest scan your notebooks? Manufacturers produce new machines every month, each with modified BIOSes for the features in their new notebooks, with hardware variations and imperfection, with different power levels of batteries, different PC cards installed, different CPU speeds, different options and other inconsistencies you get a very difficult situation. Your speculation that someone out there will tempest scan to see if you've modded your notebook is silly. Are you just pissing against the wind, or do you have knowledge that they actually do this? You're forgetting your threat model and planning for a level that's beyond demented paranoia. -- =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Sunder |Prying open my 3rd eye. So good to see |./|\. ..\|/..|sunder@sundernet.com|you once again. I thought you were |/\|/\ <--*-->| ------------------ |hiding, and you thought that I had run |\/|\/ ../|\..| "A toast to Odin, |away chasing the tail of dogma. I opened|.\|/. .+.v.+.|God of screwdrivers"|my eye and there we were.... |..... ======================= http://www.sundernet.com ==========================
participants (2)
-
Jim Choate -
Sunder