On Sun, Jul 09, 2006 at 09:38:21AM -0700, Darrin Chandler wrote: > Well, it's very hard to say that someone isn't trying to bug his > keyboard. It might be a valid concern. However, if someone *is* then you > have to look at all the other possibilities as well. A small audio bug > can be enough to pick up key clicks, and some interesting work has been > done in reconstructing input based on inter-key timing. The better > typist you are, the better it works. That's one small example. What
Would mixing keyboard noises at random into your music / external speaker at random be a useful countermeasure against that? > about the many, many others given physical access to the environment? > > I'm not saying that anyone should forget about securing their computer > and environment, just that if you're going to consider a new area to > secure, you should think about all the other ways an attacker with such > access might glean information. Pretend you're travelling with a zaurus like device and you take an external USB keyboard with you including a USB hub and shitloads of little USB devices that you can then use in the hotel room or hostel common room (I've actually seen a Swede have such a setup at a hostel in Ottawa). If you're in a foreign country and all of a sudden the USB hub blows up. You go out to buy a new one at the nearest computer store and they have bugged equipment you're up shits creek. > People with unquestioned need to secure their environment choose to > create a physically secure area, rather than try to allow free access > and secure individual components from tampering. It's cheaper. It's also > more effective since it also prevents the placing of surveillance > equipment *without* tampering with legitimate equipment, and prevents > tampering with some component you haven't thought about yet. Yeah well, if someone has a key to my apartment they can pet my computers including swap USB devices, and they can do it quite easily, and if it looks the same I probably wouldn't know a diff. It probably doesn't make sence to spy on an open source developer since they likely will release the source for free anyhow, however in the movie "antitrust" they did. And movies for some reason either shape behaviour or are a reflection of behaviour in the real world. Anyhow finding out that your devices are tampered with or, have spy functionality, or easter eggs, _after the fact_ is too late. Pro-activity to securing this stuff is key. -peter -- Here my ticker tape .signature #### My name is Peter Philipp #### lynx -dump "http://en.wikipedia.org/w/index.php?title=Pufferfish&oldid=20768394"; | sed -n 131,136p #### So long and thanks for all the fish!!!
