On Wed, Jun 3, 2009 at 9:33 AM, cpghost <cpgh...@cordula.ws> wrote: >> There are MUCH simpler methods. Just pay few bucks to charwoman to look at >> papers glued to monitor with passwords on them ;), or maybe a minute more >> to look at different places. > > Oh yes indeed: THAT's always bee the more serious threat, > security-wise. >
A colleague of mine is a Windows administrator for a local company. I didn't think people actually did this until he told me a little "prank" he pulls on those who do: When he finds a Post-It on their monitor with a password (or something resembling a password), he will write a different "word" on the Post-It and replace it with what was there (the real password) to teach them a lesson... > And don't forget about TEMPEST-like kinds of attack: you can't > imagine just how much information you give away on the electromagnetic > spectrum, even if you don't use WLANs... information that can be picked > up a few hundred meters away or even more outside of your security > perimeter and reconstructed. > > Talking about (justified?) paranoia: some 10 years ago, we had some > routing equipment in a server room that was NOT in the basement (i.e. > it had a window to the outside). Guess what? We had to put black > electrician's tape on the switches' LEDs, because it turned out that > those LEDs were blinking at the exact rate of the transmitted data, > bit-for-bit, and that anyone with a telescope and an optical sensor > could have picked that pattern up, and reconstructed the data stream. > > Scary, uh? My colleagues never understood (nor do they to this day) my paranoia regarding security and untrusted code. I always point them in the same direction: http://cm.bell-labs.com/who/ken/trust.html -- Glen Barber http://www.dev-urandom.com http://www.linkedin.com/in/glenjbarber _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"