Interesting, but the bigger issue really is: what is the appropriate response from a corporate security standpoint? You have to assume that any loss of physical custody of a system to the US govt. represents a serious security breach, and therefore any system taken for inspection should be treated as permanently compromised.
IE: If it's taken, don't turn it on again, turn it into the corp security dept, who must hard wipe it, and audit the hardware (frankly, wipe and donate to charity). TSA/CBP staff don't get paid enough that the probability of your competitors compromising them and targeting you is enough above zero to be unconcerned, never mind any issues with the government. Further, the fishing expeditions of guys like Eliot Spitzer that are nothing more than a prelude to barratry are common enough that the elimination of any avenue for such expeditions to get behind the firewall, where the mass of data can be selectively filtered to prove the point required to advance the political career, is a requirement of proper governance. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hubbard, Dan Sent: Friday, August 01, 2008 2:17 PM To: Paul Ferguson; [email protected] Subject: Re: [funsec] U.S. Border Laptop Search & Detention: NoSuspicionRequi red Under DHS Policies As usual you heard it on FunSec first... Introducing... "Airpots" AKA "HoneyPort" These are a combination of hardware and software based honeypots that you take through the Airport. Assuming the local authorities take the equipment they will log and trap all use of the machine. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Ferguson Sent: Thursday, July 31, 2008 11:49 PM To: [email protected] Subject: Re: [funsec] U.S. Border Laptop Search & Detention: No SuspicionRequi red Under DHS Policies -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Paul Ferguson" <[EMAIL PROTECTED]> wrote: >Via The Washington Post. > >More: >>http://www.washingtonpost.com/wp-dyn/content/article/2008/08/01/AR2008 080 >103030.html Oh, yeah -- I forgot: Don't forget about about Magic Lantern -- that "inspection" of a laptop could easily be used as an opportunity... http://en.wikipedia.org/wiki/Magic_Lantern_%28software%29 :-) - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIkrHBq1pz9mNUZTMRAkW9AKDLtreIS/N8Htd+Lh+0nPOshriV0ACfYgvv dn7D5lmpaKsuosgm2tDajhU= =61vA -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. Protected by Websense Messaging Security -- www.websense.com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. No virus found in this incoming message. Checked by AVG - http://www.avg.com Version: 8.0.138 / Virus Database: 270.5.10/1586 - Release Date: 8/1/2008 6:59 PM _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
