lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.44.0411171046430.31903-100000@courgette.jml.net> Date: Wed, 17 Nov 2004 11:07:03 +0000 (GMT) From: James Davis <jamesd@....net> To: Jason Coombs <jasonc@...ence.org> Cc: full-disclosure@...ts.netsys.com, <bugtraq@...urityfocus.com> Subject: Re: Airport x-ray software creating images of phantom weapons? On Tue, 16 Nov 2004, Jason Coombs wrote: > If the devices create phantoms by design, why would they not also obey > commands to display arbitrary replacement images when some > non-TEMPEST-hardened component is blasted with RF from within the x-ray > scanning chamber? A few years ago I met someone who worked on the development of X-ray machines. One problem in the operation of the machines is that weapon in luggage are extremely rare and it's difficult to motivate a human operator into concentrating fully on the display for months on end without ever spotting anything. They literally are looking for needles in haystacks. The machines plant images of weapons into the display in order to keep the operator alert. I suppose the system is configured in such a way that a button press will remove imaginary weapons. Operators failing to spot the imaginary weapons will fail to press the button, revealing problems in training. Normally it would be difficult to discover these problems before it's too late as you'll never learn about real weapons that have passed through without being spotted. I imagine that the systems are well shielded from any interferance that the X-rays machine causes. > Do such transportation security technologies really benefit from > technical obscurity? Why not publish the design, specs and source code > for analysis and for all to see? I suspect the problem was either a glitch in the software or, perhaps more likely operator error? James -- "You're turning into a penguin. Stop it" http://jamesd.ukgeeks.co.uk/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists