lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <146DCEAE811AC94D96510685EF2F92B401DED5ED@dalexmb3.corp.nai.org>
Date: Fri, 18 Aug 2006 12:09:30 -0500
From: <Bryan_McAninch@...fee.com>
To: <psz@...erved.de>
Cc: full-disclosure@...ts.grok.org.uk
Subject: RE: Tempest today


I believe the attack to which you're referring is known as Van Eck
phreaking; it was discovered in the mid-80's. TEMPEST is a USG standard
for limiting/eliminating EMR emanations and was declassified in the
mid-90's (which you mentioned). Faraday shielding seems to have been
used effectively as an EMR eavesdropping countermeasure, though I'm
uncertain if its pervasively used.


-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Paul
Sebastian Ziegler
Sent: Friday, August 18, 2006 11:45 AM
To: full-disclosure
Subject: [Full-disclosure] Tempest today

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi list,

I've seen some fuss about the technique called "tempest" lately. Some
people claim it would be "the thing" in modern security. This bugs me
somehow because first of all I think it is way to much of an effort
compared to the more casual techniques used today. Also all information
that I can find on the Internet refers to some stuff the NSA released in
the mid-nineties. Now that is not really a good and reliable source of
information in my believe. :)

Can anybody tell me how far evolved this technique is today and who uses
it? Maybe some reference to a whitepaper or something similar. Would be
great.

Thanks
Paul


Brief definition of tempest for those who have never heard of it:
Picking up the radiation produced by a monitor or cables that connect
the graphics-card or graphics-chipset with the monitor in order to spy
the screen of the user. Kind of like getting access to a VNC server on
the box without having input yourself. The interesting part is that it
is technically undetectable.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE5e6XaHrXRd80sY8RCg/9AKCBAs2SjvitArRFHs+6moRb0UX4GQCfbCo9
wi9z1V+h5m0YJFdz9IZK+EI=
=2pu2
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ