Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: New AV Updates; TEMPEST makes a comeback - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New AV Updates; TEMPEST makes a comeback
McAfee releases update for 1.gif trojan
This trojan takes advantage of the exploits covered in Microsoft Security Bulletin MS03-032 or Microsoft Security Bulletin MS03-040. McAfee notes that if these patches are applied, you are immune from this virus. McAfee will still and identify the trojan with the latest updates applied.
Compromising Emanations - a new study on an old technique
Markus G. Kuhn has done a study of compromising emanations, or TEMPEST,, and it is worth discussing a bit here. This is the technique of using signals emanating from computer and communications equipment for the purpose of eavesdropping. It is not the first study that has been done, this has been an area of interest for the Government for almost 50 years. Over time they have used many different approaches to combat the compromising emanations, including shielding, signal separation, and isolation techniques. Today's signaling and communications equipment, as opposed to what existed 25 years ago, uses a much lower voltage levels for the processing of the signal. The trend for TEMPEST defense waned a bit, with newer equipment being immune to the eavesdropping equipment of yesterday due to the extreme low level voltages used for signal processing. However, with the advent of newer technologies developed to exploit today?s equipment TEMPEST is drawing attention once again. The article referenced by Mr. Kuhn described in this report demonstrates ?how to make information emitted via the video signal more easily receivable, how to recover plaintext from emanations via radio-character recognition, how to estimate remotely precise video-timing parameters, and how to protect displayed text from radio-frequency eavesdroppers by using specialized screen drivers with a carefully selected video card.? Today we are most concerned about protecting data from sources that directly access it. This is a new concept for a lot of administrators out there, and well worth the read. More than anything, it will introduce a new approach to data compromise.


Tony Carothers

Handler on Duty

150 Posts
ISC Handler
Aug 28th 2004

Sign Up for Free or Log In to start participating in the conversation!