| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1175408177.2463.24.camel@localhost>
Date: Sun, 01 Apr 2007 01:16:16 -0500
From: "I)ruid" <druid@...ghq.org>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: CAU-2007-0001: Window Transparency Information
Disclosure
____ ____ __ __
/ \ / \ | | | |
----====####/ /\__\##/ /\ \##| |##| |####====----
| | | |__| | | | | |
| | ___ | __ | | | | |
------======######\ \/ /#| |##| |#| |##| |######======------
\____/ |__| |__| \______/
Computer Academic Underground
http://www.caughq.org
Security Advisory
===============/========================================================
Advisory ID: CAU-2007-0001
Release Date: 04/01/2007
Title: Window Transparency Information Disclosure
Application/OS: Windows made from silica or plastics
Topic: Panes used in windows are usually transparent, allowing
sensitive information to be observed from the outside.
Vendor Status: Not Notified
Attributes: Remote, Information Disclosure
Advisory URL: http://www.caughq.org/advisories/CAU-2007-0001.txt
Author/Email: I)ruid <druid (at) caughq.org>
===============/========================================================
Overview
========
An information disclosure attack can be launched against buildings that
make use of windows made of glass or other transparent materials by
observing externally-facing information through the window.
Impact
======
Sensitive information stored on whiteboards, cork-boards, calendars,
post-it notes, or other medium which faces a window is susceptible to
being disclosed to a remote entity.
Affected Systems
================
1) Silica Windows
2) Plastic Windows
Technical Explanation
=====================
Silica-based (glass) windows have molecular structures that are very
random like a liquid yet retain the strong bond and rigidity of a solid.
Transparent and translucent plastic windows have molecular structures
wherein the long-chain molecules (polymers) in the plastic are made to
settle into a similarly random pattern.
These random patterned molecular structures have electrons that do not
absorb the energy of photons in the visible spectrum, thus allowing
visible light to traverse them. This traversal of visible light allows
the human eye to observe an object through the window.
Solutions & Recommendations
==========================
1) Do not store sensitive information on any medium which faces a window.
2) Draw blinds or curtains over the vulnerable window so as to prevent
remote observers from viewing any sensitive information.
3) Apply an opaquing layer to vulnerable windows.
Exploitation
============
Use the naked eye, binoculars, or a telescoping lens to peer through the
windows of your target building. Locate information storing mediums such
as whiteboards, cork-boards, or post-it notes which face outward through
the window. Read the medium's content.
References
==========
Howstuffworks "What makes glass transparent?"
http://science.howstuffworks.com/question404.htm
Credits & Gr33ts
================
Computer Academic Underground
Prof. Julius Sumner Miller
--
I)ruid, CĀ²ISSP
druid@...ghq.org
http://druid.caughq.org
Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists