Date: Wed, 3 Jun 2009 09:53:07 -0400 From: Glen Barber <glen.j.barber@gmail.com> To: cpghost <cpghost@cordula.ws> Cc: freebsd-questions@freebsd.org Subject: Re: Open_Source Message-ID: <4ad871310906030653o62d7e708w1a7be44334ab8dab@mail.gmail.com> In-Reply-To: <20090603133343.GB1988@phenom.cordula.ws> References: <4d3f56c90906020812t40c5fcbv178bcd7f702356f@mail.gmail.com> <4ad871310906020843n3e7dc96ap28d5d622e844abf1@mail.gmail.com> <alpine.BSF.2.00.0906021757290.2065@wojtek.tensor.gdynia.pl> <20090603004914.73f40a60@gluon.draftnet> <alpine.BSF.2.00.0906030848330.49751@wojtek.tensor.gdynia.pl> <20090603091800.GA1177@phenom.cordula.ws> <alpine.BSF.2.00.0906031120260.50636@wojtek.tensor.gdynia.pl> <20090603102720.GB1349@phenom.cordula.ws> <alpine.BSF.2.00.0906031310420.51077@wojtek.tensor.gdynia.pl> <20090603133343.GB1988@phenom.cordula.ws>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 3, 2009 at 9:33 AM, cpghost <cpghost@cordula.ws> wrote: >> There are MUCH simpler methods. Just pay few bucks to charwoman to look at >> papers glued to monitor with passwords on them ;), or maybe a minute more >> to look at different places. > > Oh yes indeed: THAT's always bee the more serious threat, > security-wise. > A colleague of mine is a Windows administrator for a local company. I didn't think people actually did this until he told me a little "prank" he pulls on those who do: When he finds a Post-It on their monitor with a password (or something resembling a password), he will write a different "word" on the Post-It and replace it with what was there (the real password) to teach them a lesson... > And don't forget about TEMPEST-like kinds of attack: you can't > imagine just how much information you give away on the electromagnetic > spectrum, even if you don't use WLANs... information that can be picked > up a few hundred meters away or even more outside of your security > perimeter and reconstructed. > > Talking about (justified?) paranoia: some 10 years ago, we had some > routing equipment in a server room that was NOT in the basement (i.e. > it had a window to the outside). Guess what? We had to put black > electrician's tape on the switches' LEDs, because it turned out that > those LEDs were blinking at the exact rate of the transmitted data, > bit-for-bit, and that anyone with a telescope and an optical sensor > could have picked that pattern up, and reconstructed the data stream. > > Scary, uh? My colleagues never understood (nor do they to this day) my paranoia regarding security and untrusted code. I always point them in the same direction: http://cm.bell-labs.com/who/ken/trust.html -- Glen Barber http://www.dev-urandom.com http://www.linkedin.com/in/glenjbarber
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ad871310906030653o62d7e708w1a7be44334ab8dab>