New AV Updates; TEMPEST makes a comeback

Published: 2004-08-28
Last Updated: 2004-08-28 23:27:27 UTC
by Tony Carothers (Version: 1)
0 comment(s)
McAfee releases update for 1.gif trojan
http://vil.nai.com/vil/content/v_100715.htm
This trojan takes advantage of the exploits covered in Microsoft Security Bulletin MS03-032 or Microsoft Security Bulletin MS03-040. McAfee notes that if these patches are applied, you are immune from this virus. McAfee will still and identify the trojan with the latest updates applied.
Compromising Emanations - a new study on an old technique
http://www.cl.cam.ac.uk/TechReports/UCAM-CL-TR-577.html
Markus G. Kuhn has done a study of compromising emanations, or TEMPEST,, and it is worth discussing a bit here. This is the technique of using signals emanating from computer and communications equipment for the purpose of eavesdropping. It is not the first study that has been done, this has been an area of interest for the Government for almost 50 years. Over time they have used many different approaches to combat the compromising emanations, including shielding, signal separation, and isolation techniques. Today's signaling and communications equipment, as opposed to what existed 25 years ago, uses a much lower voltage levels for the processing of the signal. The trend for TEMPEST defense waned a bit, with newer equipment being immune to the eavesdropping equipment of yesterday due to the extreme low level voltages used for signal processing. However, with the advent of newer technologies developed to exploit today?s equipment TEMPEST is drawing attention once again. The article referenced by Mr. Kuhn described in this report demonstrates ?how to make information emitted via the video signal more easily receivable, how to recover plaintext from emanations via radio-character recognition, how to estimate remotely precise video-timing parameters, and how to protect displayed text from radio-frequency eavesdroppers by using specialized screen drivers with a carefully selected video card.? Today we are most concerned about protecting data from sources that directly access it. This is a new concept for a lot of administrators out there, and well worth the read. More than anything, it will introduce a new approach to data compromise.

---

Tony Carothers

Handler on Duty

tony.carothers@gmail.com
Keywords:
0 comment(s)

Comments


Diary Archives