glen.j.barber at gmail.com
Wed Jun 3 13:53:10 UTC 2009
On Wed, Jun 3, 2009 at 9:33 AM, cpghost <cpghost at cordula.ws> wrote:
>> There are MUCH simpler methods. Just pay few bucks to charwoman to look at
>> papers glued to monitor with passwords on them ;), or maybe a minute more
>> to look at different places.
> Oh yes indeed: THAT's always bee the more serious threat,
A colleague of mine is a Windows administrator for a local company. I
didn't think people actually did this until he told me a little
"prank" he pulls on those who do:
When he finds a Post-It on their monitor with a password (or something
resembling a password), he will write a different "word" on the
Post-It and replace it with what was there (the real password) to
teach them a lesson...
> And don't forget about TEMPEST-like kinds of attack: you can't
> imagine just how much information you give away on the electromagnetic
> spectrum, even if you don't use WLANs... information that can be picked
> up a few hundred meters away or even more outside of your security
> perimeter and reconstructed.
> Talking about (justified?) paranoia: some 10 years ago, we had some
> routing equipment in a server room that was NOT in the basement (i.e.
> it had a window to the outside). Guess what? We had to put black
> electrician's tape on the switches' LEDs, because it turned out that
> those LEDs were blinking at the exact rate of the transmitted data,
> bit-for-bit, and that anyone with a telescope and an optical sensor
> could have picked that pattern up, and reconstructed the data stream.
> Scary, uh?
My colleagues never understood (nor do they to this day) my paranoia
regarding security and untrusted code. I always point them in the
More information about the freebsd-questions