Re: tempest back doors

2004-12-11 Thread Major Variola (ret)
At 07:46 PM 12/9/04 -0500, Steve Thompson wrote:
 --- Major Variola (ret) [EMAIL PROTECTED] wrote:
 Perhaps I am stupid.  I don't know how one would go about modifying
 application software to include a 'back door' that would presumably
 enhance its suceptibility to TEMPEST attacks.  Isn't tempest all
about
 EM
 spectrum signal detection and capture?

 You have your code drive a bus with signal.  The bus radiates, you
 'TEMPEST' the signal, game over.  Back in the 60s folks programmed
 PDPs to play music on AM radios.  Same thing.  Dig?

Fine.  That's great as an example of transmitting data over a covert
channel, but so what?  As you suggest, people have been doing that with
AM
radios since the 60's, although the folklore mentions the phenomenon in

the context of monitoring the computer's heartbeat, purely as a
debugging
technique.

The poster didn't understand how to backdoor a program using
unintentional RF as the channel.  I told them.  That's so what





Re: tempest back doors

2004-12-11 Thread Steve Thompson
 --- Major Variola (ret) [EMAIL PROTECTED] wrote: 
 Perhaps I am stupid.  I don't know how one would go about modifying
 application software to include a 'back door' that would presumably
 enhance its suceptibility to TEMPEST attacks.  Isn't tempest all about
 EM
 spectrum signal detection and capture?
 
 You have your code drive a bus with signal.  The bus radiates, you
 'TEMPEST' the signal, game over.  Back in the 60s folks programmed
 PDPs to play music on AM radios.  Same thing.  Dig?

Fine.  That's great as an example of transmitting data over a covert
channel, but so what?  As you suggest, people have been doing that with AM
radios since the 60's, although the folklore mentions the phenomenon in
the context of monitoring the computer's heartbeat, purely as a debugging
technique.

What makes this odd is that the Wired article makes no mention of Tempest,
only of the possibility of there being a back door, which in the usual
vernacular of computer security, usually implies a method for unauthorised
access or use of the software system in question.


Regards,

Steve


__ 
Post your free ad now! http://personals.yahoo.ca



tempest back doors

2004-12-08 Thread Major Variola (ret)

Perhaps I am stupid.  I don't know how one would go about modifying
application software to include a 'back door' that would presumably
enhance its suceptibility to TEMPEST attacks.  Isn't tempest all about
EM
spectrum signal detection and capture?

You have your code drive a bus with signal.  The bus radiates, you
'TEMPEST' the signal, game over.  Back in the 60s folks programmed
PDPs to play music on AM radios.  Same thing.  Dig?