____/ Mark Kent on Tuesday 04 December 2007 11:18 : \____
> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> espoused:
>> ____/ Mark Kent on Tuesday 04 December 2007 08:38 : \____
>>
>>> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> espoused:
>>>> Microsoft wireless keyboards crypto cracked
>>>>
>>>> ,----[ Quote ]
>>>>| Bluetooth is increasingly becoming the de-facto standard for wireless
>>>>| communication in peripheral devices and is reckoned to be secure. But
>>>>| some manufacturers such as Logitech and Microsoft rely on 27 MHz radio
>>>>| technology which, it transpires, is anything but secure.
>>>> `----
>>>>
>>>> http://www.theregister.co.uk/2007/12/03/wireless_keyboard_crypto_cracked/
>>>>
>>>> Also the proprietary QuickTime for Windows should now be treated as a
>>>> secuirty hazard.
>>>>
>>>
>>> Nothing sent by radio is ever likely to be proof against eavesdropping.
>>> Perhaps using modulated lasers is one of the safe methods, but even that
>>> could be sniffed using partially silvered mirrors.
>>>
>>> It's also possible to sniff signals through fibres by curving them
>>> around a sufficiently narrow bend radius that they leak light. That
>>> light can be collected and demodulated. Coaxial transmission systems
>>> all leak a little, as do twisted pairs and fixed-separation transmission
>>> line systems.
>>
>> Yes, but that's why it should be encrypted properly, which in this case it
>> wasn't (and still isn't). Being an embedded device like this, you can't just
>> reflash to patch.
>
> Quite right, you can't. One wonders if open-source designs aren't the
> best way forward, since it could be possible to easily reflash with all
> manner of suitable encryption tailored to personal need. I'm not sure
> that HMG would accept this at 27MHz, though, since inter-continental
> transmission is regularly possible in this part of the spectrum with
> relatively low power.
>
>>
>>> Not so long ago, some researcher in the UK (Cambridge?) came up with
>>> a method for detecting the content of CRT screens remotely by radio
>>> detection. He showed his system displaying the screen of a nearby
>>> monitor sufficiently clearly to be easily read.
>>>
>>> The best way to keep a secret is, well, don't tell anyone. If secret
>>> data needs to be on a machine, then it should be encrypted, with strong
>>> encryption, and should be physically isolated, ideally within a Faraday
>>> cage to eliminate as far as possible eavesdropping opportunities.
>>
>> Kind of like WEP.
>>
>>> Even then, as HMG found out recently, people make mistakes and
>>> accidentally send the bank account details, names, dates of birth of
>>> Parents, children, NI numbers and more unencrypted on CDs through the
>>> post across the country.
>>>
>>> Of course we can trust the government!
>>
>> Well, the NHS have lost 3.6 billion pounds more than the value of this data.
>> People just need to change their passwords... and names... and start a new
>> family... and open a new bank account...
>>
>>
>
> If the data really makes it into the criminal world, it's quite possible
> that millions of people could be defrauded and have no idea even how to
> check on it.
Worse -- it could make it into the /hands/ of millions (just potentially,
taking it to the extreme. so consider this a figure of speech). The nature of
such leaks is that once they are out there, they spread. You could soon get
your own copy via a torrent, for example. That's just the nature of private
data which is so trivial to duplicate. I bet the underground world might be
having a good time with those CDs if they reached the wrong hands and the
recipient realises the monetary value of this data.
--
~~ Best of wishes
Roy S. Schestowitz | Othello for free: http://othellomaster.com
http://Schestowitz.com | RHAT Linux | PGP-Key: 0x74572E8E
19:20:03 up 1:40, 2 users, load average: 2.02, 2.16, 1.78
http://iuron.com - Open Source knowledge engine project
|
|
