Penetration Testing mailing list archives
Re: [PEN-TEST] Penetration Testing and Van Eck Scanning
From: Talisker <Talisker () NETWORKINTRUSION CO UK>
Date: Sun, 12 Nov 2000 19:27:36 -0000
The new EMC standards have drastically reduced EM emanations from monitors, however graphics cards don't seem to fall under this legislation (correct me if I'm wrong) they still emanate the same information at around 85 times per second. Your information is only a secure as the weakest link. It's reminiscent of the Dutch boy and the dyke, as soon as you plug up one hole another appears. Another and IMHO more important point is the strength of the EMC accreditation, there seems to be vendors out there that will claim to meet the standard and they quite clearly DO NOT. There is some value in buying good brand names. There is often a great deal of mythology and scaremongering where TEMPEST is concerned, the term TEMPEST is no longer classified, but certain individuals tend to lean on it's supposed secrecy to generate interest and dare I say it consultancy income. I have a TEMPEST FAQ on my site under counter eavesdropping - but be quick I don't think it will be there much longer Take Care Andy http://www.networkintrusion.co.uk Talisker's Network Security Tools List ''' (0 0) ----oOO----(_)---------- | The geek shall | | Inherit the earth | -----------------oOO---- |__|__| || || ooO Ooo talisker () networkintrusion co uk The opinions contained within this transmission are entirely my own, and do not necessarily reflect those of my employer. ----- Original Message ----- From: "Frank Darden" <fdarden () LOCKED COM> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Friday, November 10, 2000 8:29 PM Subject: Re: [PEN-TEST] Penetration Testing and Van Eck Scanning
A good way to get government spooks on your trail is to start calling and inquiring about commercial Tempest or EMF monitoring solutions... I did
this
a year or so ago, and started getting some VERY interesting phone calls. -----Original Message----- From: Alex Butcher [mailto:alex () S3 INTEGRALIS CO UK] Sent: Friday, November 10, 2000 11:09 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Penetration Testing and Van Eck Scanning ISSO wrote:I think TEMPEST eavesdropping has very limited value with today's low rad monitors.According to <http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf>, neither the use of low-radiation monitors nor LCD panels makes much difference. In fact, some TFT LCDs were found to be _more_ leaky than monitors! Best Regards, Alex. -- Alex Butcher PGP/GnuPG Key IDs: Consultant, S3 Systems Security Services alex@s3 B7709088 PGP: http://www.s3.integralis.co.uk/pgp/alex.pgp alex.butcher@ 885BA6CE
Current thread:
- Re: [PEN-TEST] Penetration Testing and Van Eck Scanning, (continued)
- Re: [PEN-TEST] Penetration Testing and Van Eck Scanning Cornali, Remo (Nov 09)
- Re: [PEN-TEST] Penetration Testing and Van Eck Scanning batz (Nov 09)
- Re: [PEN-TEST] Penetration Testing and Van Eck Scanning Bys, Cory (Nov 09)
- Re: [PEN-TEST] Penetration Testing and Van Eck Scanning ISSO (Nov 09)
- Message not available
- Re: [PEN-TEST] Penetration Testing and Van Eck Scanning Alex Butcher (Nov 11)
- Re: [PEN-TEST] Penetration Testing and Van Eck Scanning shaun (Nov 14)
- Message not available
- Re: [PEN-TEST] Penetration Testing and Van Eck Scanning Cornali, Remo (Nov 09)
- Re: [PEN-TEST] Penetration Testing and Van Eck Scanning Frank Knobbe (Nov 10)
- Re: [PEN-TEST] Penetration Testing and Van Eck Scanning David Alexander (Nov 10)
- Re: [PEN-TEST] Penetration Testing and Van Eck Scanning Brooke, O'neil (EXP) (Nov 10)
- Re: [PEN-TEST] Penetration Testing and Van Eck Scanning Frank Darden (Nov 11)
- Re: [PEN-TEST] Penetration Testing and Van Eck Scanning Talisker (Nov 13)