RE: cellphones as room bugs

2006-12-05 Thread Ian Farquhar (ifarquha)
The other problem for this technique is battery life. Let's assume we can shove a firmware update/hack/whatever into the phone to enable snooping, it's still transmitting when acting as a bug. Even if this feature is only enabled when the phone is geolocated somewhere interesting, the

RE: padlocks with backdoors - TSA approved

2007-02-27 Thread Ian Farquhar \(ifarquha\)
Some of the locks have special indicators which flag that a TSA key has opened it, which marginally improves the idea, but not by much. Whether those flags could represent a defence in the case of a corrupt official in possession of TSA keys I do not know. Without such flags, it's an

RE: Was a mistake made in the design of AACS?

2007-05-12 Thread Ian Farquhar \(ifarquha\)
On Thu, May 03, 2007 at 10:25:34AM -0700, Steve Schear wrote: Well, there's an idea: use different physical media formats for entertainment and non- entertainment content (meaning, content created by MPAA members vs. not) and don't sell writable media nor devices capable of writing it for

RE: Free Rootkit with Every New Intel Machine

2007-06-24 Thread Ian Farquhar \(ifarquha\)
I agree with Peter here. I also tried to procure a motherboard with a TPM chip - to play with Bitlocker mostly - and came to the same conclusion. I did find a few MBs, mostly from Intel, and a couple of other vendors. All of these were corporate-style MB's, as opposed to the gamer/enthusiast

RE: Free Rootkit with Every New Intel Machine

2007-06-25 Thread Ian Farquhar \(ifarquha\)
It seems odd for the TPM of all devices to be put on a pluggable module as shown here. The whole point of the chip is to be bound tightly to the motherboard and to observe the boot and initial program load sequence. Maybe I am showing my eternal optimist side here, but to me, this is how

RE: Free Rootkit with Every New Intel Machine

2007-07-02 Thread Ian Farquhar \(ifarquha\)
Dave Korn wrote: Ian Farquhar wrote: Maybe I am showing my eternal optimist side here, but to me, this is how TPM's should be used, as opposed to the way their backers originally wanted them used. A removable module whose connection to a device I establish (and can de-establish, assuming

RE: How the Greek cellphone network was tapped.

2007-07-09 Thread Ian Farquhar \(ifarquha\)
2. E2E crypto on mobiles would require cross-vendor support, which would mean that it would have to go into the standard. Unfortunately, standards in the mobile world are heavily influenced by governmnets, and the four horsemen of the apocalypse (drug dealers, paedophiles, spies, and

RE: Intercepting Microsoft wireless keyboard communications

2007-12-09 Thread Ian Farquhar (ifarquha)
When I looked at this circa 2001-2002, for another company, other 27MHz keyboards didn't even bother to encrypt. Most of the data was sent in the clear, with neither encryption nor robust authentication. Exactly what makes this problem so difficult eludes me, although one suspects that the