Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Penetration Testing and Van Eck Scanning

From: David Alexander <dalexander () TRISKELE CO UK>
Date: Thu, 9 Nov 2000 09:46:00 -0000
I don't think the legality issue is going to bother someone who is already
intent on an illegal act I.E. stealing information from another
organisation.

On a separate note, does anyone know if the new LCD/plasma flat screens are
vulnerable to this ?

David Alexander
Project Manager & Information Security Consultant
Qualified BS7799 Lead Auditor
Triskele Ltd.

Office  01491 833280
Mobile 0780 308 3130



-----Original Message-----
From: Rob Shein [mailto:rshein () MAIL WASH AVERSTAR COM]
Sent: 08 November 2000 16:08
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Penetration Testing and Van Eck Scanning


If I understand the laws correctly (and I am NOT a lawyer, thank god),
construction of a Van Eck device is illegal in the U.S.  The
concept behind
the law is similar to the law regarding ownership or
construction of bugging
devices.  Frankly, I don't see how viable it really is for a typical
commercial enterprise to go sufficiently TEMPEST-compliant to
thwart this
form of surveillance.  If they're a small business, it's too
expensive for
their budget, and if it's a large business, it's too
difficult to cast the
net that wide and be sure that some high-level manager
doesn't circumvent
the controls because he doesn't want to deal with the
inconvenience or cost.


-----Original Message-----
From: Penetration Testers

[mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf

Of Johann van Duyn
Sent: Wednesday, November 08, 2000 10:45 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Penetration Testing and Van Eck Scanning


Just a thought I had while on a nicotine-and-caffeine break:

Has anyone ever done a bit of Van Eck (aka TEMPEST) surveillance
as part of
a penetration test, just to show people what can be seen

from a van in the

corporate parking lot when the security attendant is on his

lunch break?

That could provide a few hot debates in boardrooms,

especially if one were

to tune in to the Internet browsing habits of a few senior

directors...


Has anyone done it, or had/seen it done (esp. outside of a military
environment)? Are there any good references around re.

proposed civilian

standards for 'safety' from Van Eck scanning? And where

would one look

around either for people who do that type of surveillance, or the
equipment
to do that with.

And, finally, if this is not the right forum for such

discussions, could

anyone in the know point me to such?

Very ta,

+----------------
| Johann van Duyn BA, MCSE, BCP-ISS
| Network Manager: The Appleton Group Ltd
| johann.vanduyn () appleton com
| tel. +27 21 7998026
| cel. +27 82 4588472
| fax. +27 21 7944677
+----------------

"Many that live deserve death. And some that die deserve life.
Can you give
it to them? Then do not be too eager to deal out judgement.

For even the

very wise cannot see all ends."
                -- Gandalf, in "Lord of the Rings" by JRR Tolkein


***The Appleton Group Ltd***

This message, including any attachments, is intended only for the
individual
or institution to which it is addressed and may contain
information that is
privileged, confidential or prohibited from disclosure or
unauthorized use.
If the recipient of this transmission is not the intended
recipient, you are
hereby notified that any use, reproduction dissemination, copying,
disclosure, modification, distribution and/or publication

of this email

message or any of its attachments other than by its

intended recipient is

strictly prohibited by the sender. If you have received

this message in

error, please notify The Appleton Group Ltd immediately at
postmaster () appleton com and destroy the message and all

copies thereof in

your possession.

****************************
Previous By Date Next
Previous By Thread Next

Current thread: