Richard Johnson (rdump@river.com)
Tue, 17 Mar 1998 13:11:50 -0700
At 07:42 -0700 on 3/17/98, The Spectre wrote:
> At 17:41 3/17/98 , you wrote:
>
> >* Original: FROM: BILL SMITH, Fidonet
> >
> > EID:F58A FC6C6460
> >Electronic Telegraph Thursday 12 March 1998
> >Issue 1021
> >
> >Detector van to nab software
> >pirates
> >By Roger Highfield, Science Editor
>
> I just have to ask, is there any more to back up this story?
Quite a bit.
Beat van Eck monitoring with software. Code your OS and design your fonts
to resist snooping by that gentleman in the van outside.
http://www.cl.cam.ac.uk/~mgk25/
http://www.cl.cam.ac.uk/~mgk25/ih98-tempest.pdf
(Markus Kuhn has posted here before, and may still be on the list.)
Or, cause your target's machines to leak his or her PGP key and passphrase.
Ross Anderson mentioned in a message to the ukcrypto mailing list
(forwarded to best-of-security on 12 Feb 1998) that the work was started at
the request of Bill Gates when he donated money for a new building to the
University. He pointed out that it would have been churlish to refuse.
Microsoft didn't like the technique, however, as it's not very useful for
tracking individual license violators, just corporate cells.
But causing PCs to leak a detectable license number signature is not the
real point, nor is it the whole story.
Ross Anderson wrote:
> In the old days, Tempest was about expensive hardware -- custom equipment
> to monitor the enemy's emissions and very tricky shielding to stop him
> doing the same to you. It was all classified and strictly off-limits to
> the open research community.
>
> We have ended that era. You can now use software to cause the eavesdropper
> in the van outside your house to see a completely different image from
> the one that you see on your screen. In its simplest form, our technique
> uses specially designed `Tempest fonts' to make the text on your screen
> invisible to the spooks. Our paper tells you how to design and code your
> own.
>
> There are many opportunities for camouflage, deception and misconduct.
> For example, you could write a Tempest virus to snarf your enemy's PGP
> private key and radiate it without his knowledge by manipulating the
> dither patterns in his screen saver. You could even pick up the signal on
> a $100 short wave radio. The implications for people trying to build
> secure computer systems are non-trivial.
The usual non-clueful job by "science editors" like Roger Highfield results
in much confusion. Avoid the needless wailing and gnashing of teeth that
sells newspapers, and start modifying your window manager to use tempest
fonts. :-)
Richard
PS - Please skip the "highest" priority tag on your mail next time, OK?
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:16:02 ADT