lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.44.0411171046430.31903-100000@courgette.jml.net>
Date: Wed, 17 Nov 2004 11:07:03 +0000 (GMT)
From: James Davis <jamesd@....net>
To: Jason Coombs <jasonc@...ence.org>
Cc: full-disclosure@...ts.netsys.com, <bugtraq@...urityfocus.com>
Subject: Re: Airport x-ray software creating images of phantom weapons?


On Tue, 16 Nov 2004, Jason Coombs wrote:

> If the devices create phantoms by design, why would they not also obey
> commands to display arbitrary replacement images when some
> non-TEMPEST-hardened component is blasted with RF from within the x-ray
> scanning chamber?

A few years ago I met someone who worked on the development of X-ray
machines. One problem in the operation of the machines is that weapon in
luggage are extremely rare and it's difficult to motivate a human operator
into concentrating fully on the display for months on end without ever
spotting anything. They literally are looking for needles in haystacks.

The machines plant images of weapons into the display in order to keep the
operator alert. I suppose the system is configured in such a way that a
button press will remove imaginary weapons. Operators failing to spot the
imaginary weapons will fail to press the button, revealing problems in
training.

Normally it would be difficult to discover these problems before it's too
late as you'll never learn about real weapons that have passed through
without being spotted.

I imagine that the systems are well shielded from any interferance that
the X-rays machine causes.

> Do such transportation security technologies really benefit from
> technical obscurity? Why not publish the design, specs and source code
> for analysis and for all to see?

I suspect the problem was either a glitch in the software or, perhaps more
likely operator error?

James

--
"You're turning into a penguin. Stop it"
http://jamesd.ukgeeks.co.uk/





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists