lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <41441D29.12330.949A1987@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Does the following...

James Tucker to me to Andrew Farmer:

> <snip>
> > > - RF keyboards don't exist. Nobody's *that* unconcerned about security.
<<snip>>
> > In case you don't know, "typical" RF cordless keyboards and mice have
> > been recorded to have effective ranges to around 150m (way beyond what
> > the manufacturer's specs say):
> > 
> >    http://www.aftenposten.no/english/local/article427668.ece
> > 
> >    http://www.securityfocus.com/archive/100/374785
> 
> Amusing articles, but there are lessons to be learned here. 
> 1) RF ranges are based upon the environments the transmitters and
> receivers are in.

What effect would a steel-reinforced concrete structure with mainly 
windows (and/or other non-ferrous material on the outside wall) have?  
My _guess_ is that it could act as something of a directional "horn", 
focussing more RF energy out the "soft" wall due to signal reflection 
off the other walls.  This may explain the 150m result in the Norwegian 
apartment scenario from the first article.

> 2) RF can be boosted (both ends effective) by adding GAIN to ONE END
> ONLY. (Yes that means the coke can with a little wire out of one end
> hanging out of the next door neighbors kids window is in fact a
> wireless tapping antenna (joke, but this is not by any means
> impossible))

8-)

True, but I see little relevance to above anecdotes for as far as we 
can tell, the "victims" in both cases were ordinary folk using off-the-
shelf equipment.  Of course, if the products being used had wide 
manufacturing tolerances, I guess there could be an issue???

<<snip>>
> > Agreed -- these were stabs-in-the-dark by folk who forgot to understand
> > the problem description before responding...  
> 
> Are the wireless device and speech recognition ideas really that much
> more "likely", they are all "ideas" and are all possible in some way
> or another.

On balance, yes, the wireless and speech recognition suggestions are 
more likely.  Of course, it may turn out in this case that they are not 
the explanation, but based on a great deal of experience and the event 
descriptions given, I'd say that those are the more likely of the 
suggestions made to date.


Regards,

Nick FitzGerald


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ