Optical Tempest from LED's
A previously unknown form of compromising emanations has been discovered. LED status indicators on data communication equipment, under certain conditions, are shown to carry a modulated optical signal that is significantly correlated with information being processed by the device. Physical access is not required; the attacker gains access to all data going through the device, including plaintext in the case of data
encryption systems. Experiments show that it is possible to intercept data under realistic conditions at a considerable distance. Many di®erent sorts of devices, including modems and Internet Protocol routers, were found to be vulnerable. A taxonomy of compromising optical emanations is developed, and design changes are described that will successfully block this kind of “Optical Tempest” attack.
Thursday, March 07, 2002
Optical Time-Domain Evesdropping Risk op CRT Displays
Tempest (in PDF format) with an extensive scientific explanation.
Tempest (in PDF format) with an extensive scientific explanation.
Wednesday, March 06, 2002
Opentap
Opentap plans to release free software that will be a minimalistic implementation of the Dutch (and soon European) tapping requirements, in so far they make sense and have been defined in current law and policies so that the ISP's costs and risks are limited to a minimum, and the citizen's tapped data is better protected against the unknowns of overspecified black boxes that ISP's would otherwise need to buy.
We are further redistributing and organizing all information regarding lawful interception for public access on this site, so people can find their way through the trememdous bureaucratic heap of papers that are and have been produced.
Opentap plans to release free software that will be a minimalistic implementation of the Dutch (and soon European) tapping requirements, in so far they make sense and have been defined in current law and policies so that the ISP's costs and risks are limited to a minimum, and the citizen's tapped data is better protected against the unknowns of overspecified black boxes that ISP's would otherwise need to buy.
We are further redistributing and organizing all information regarding lawful interception for public access on this site, so people can find their way through the trememdous bureaucratic heap of papers that are and have been produced.
iPod at core of 'virtual shoplifting' case
According to a report in Wired, a youth armed with only an iPod walked into a US computer store and walked out with hundreds of pounds worth of Mac software.
By plugging the iPod into a display Mac using a FireWire cable, the virtual thief was able to simply drag and drop applications from the Mac to the iPod. The iPod wouldn't even have had to leave the thief's pocket.
According to a report in Wired, a youth armed with only an iPod walked into a US computer store and walked out with hundreds of pounds worth of Mac software.
By plugging the iPod into a display Mac using a FireWire cable, the virtual thief was able to simply drag and drop applications from the Mac to the iPod. The iPod wouldn't even have had to leave the thief's pocket.
Network scanners pinpoint problems
In the past, there hasn't been much good news about the state of vulnerability-assessment scanners. Their reputation has been plagued with false positive reports, lack of scalability, lagging updates and inadequate reporting tools.
While some areas still need a bit of improvement, vulnerability scanners have useful tools for helping network professionals identify potential vulnerabilities and security. However, we also found that many of these products may have trouble scaling to fit the requirements of enterprise networks.
In the past, there hasn't been much good news about the state of vulnerability-assessment scanners. Their reputation has been plagued with false positive reports, lack of scalability, lagging updates and inadequate reporting tools.
While some areas still need a bit of improvement, vulnerability scanners have useful tools for helping network professionals identify potential vulnerabilities and security. However, we also found that many of these products may have trouble scaling to fit the requirements of enterprise networks.
Tuesday, March 05, 2002
K12LTSP - K12 Linux Terminal Server Project
K12LTSP is based on RedHat Linux and the LTSP terminal server packages. It's easy to install and configure. It's distributed under the GNU General Public License . That means it's free and it's based on Open Source software.
Once installed K12LTSP lets you boot diskless workstations from an applications server. You can use old PC's as diskless clients or buy new ones for under $200 each.
All applications run on the terminal server. Workstations are "thin." They have no software or hard drives. Thin-clients are perfect for schools because they are easy to install and require little maintenance. They are reliable and immune to malicious tampering and viruses.
K12LTSP is based on RedHat Linux and the LTSP terminal server packages. It's easy to install and configure. It's distributed under the GNU General Public License . That means it's free and it's based on Open Source software.
Once installed K12LTSP lets you boot diskless workstations from an applications server. You can use old PC's as diskless clients or buy new ones for under $200 each.
All applications run on the terminal server. Workstations are "thin." They have no software or hard drives. Thin-clients are perfect for schools because they are easy to install and require little maintenance. They are reliable and immune to malicious tampering and viruses.
Monday, March 04, 2002
Sandtrap
Sandtrap is the FIRST commercially available, multi-line wardialer detector. It makes an excellent add-on to Phonesweep or use it on its own.
Sandtrap is the FIRST commercially available, multi-line wardialer detector. It makes an excellent add-on to Phonesweep or use it on its own.
Sunday, March 03, 2002
Free online network utilities - traceroute, nslookup, smart whois, ping, finger - each utility with source code
- Domain Dossier
- Email Dossier
- Browser Mirror
- Traceroute
- NsLookup
- AutoWhois
- TcpQuery
- AnalyzePath
Excel password remover
Have you ever forgotten your Excel workbook or sheet password?
Here you can download an almost FREE (Postcard ware) Excel add-in that removes/cracks sheet and workbook password protection in Excel® upto XP version.
Have you ever forgotten your Excel workbook or sheet password?
Here you can download an almost FREE (Postcard ware) Excel add-in that removes/cracks sheet and workbook password protection in Excel® upto XP version.
Subscribe to:
Posts (Atom)