I'd also be interested in the threat model both not only for this method
of attack but also the risk alluded to about using an unencrypted public
wifi connection earlier in this thread. As data between browser and
anything secure such as a bank web server uses https, surely the data
will be encrypted on an end to end basis anyway regardless of the
security or lack of it on the wifi network?
Chris Bayliss
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of George Ross
Sent: 14 July 2009 13:02
To: [log in to unmask]
Subject: Re: Information leaks through your socket
> ... "cold war" ... laser beam technology ... vibration in the window
...
A bit off-topic for this list, but if you're interested in eavesdropping
and
countermeasures, I'd recommend taking a look at the work of the Computer
Laboratory Security Group at the University of Cambridge:
<http://www.cl.cam.ac.uk/research/security/>. They've produced a fair
amount of fascinating stuff over the last few years.
I'm also reminded of Gene Spafford's comment that "using encryption on
the Internet is the equivalent of arranging an armored car to deliver
credit-card information from someone living in a cardboard box to
someone
living on a park bench." <http://catless.ncl.ac.uk/Risks/19.38.html>
has
some followup remarks. And there's always
<http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis>, of course.
What's your threat model? What's really your weakest link?
--
Dr George D M Ross, School of Informatics, University of Edinburgh
10 Crichton Street, Edinburgh, Scotland, EH8 9AB
Mail: [log in to unmask] Voice: +44 131 650 5147 Fax: +44 131 650
6899
PGP: 1024D/AD758CC5 B91E D430 1E0D 5883 EF6A 426C B676 5C2B AD75 8CC5
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|