Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Viability of power-line intrusions

microsoft.public.windows.vista.security






Speedup My PC
Reply
  #1 (permalink)  
Old 03-25-2008
FYIGMO
 

Posts: n/a
Viability of power-line intrusions
If I connect my Vista laptop to a power outlet in public, such as an airport
terminal, library, or coffee shop, how viable is the threat from someone
gaining access to my computer via a power-line network? If the threat is
viable today, what is the best method of stopping it?

I know many people will say this is too unlikely and that other security
threats are of much more concern to the average computer user, but with the
increasing sophistication of ripoff artists either trying to steal your
identity or pilfer your financial data I wouldn't assume the threat is not
viable and not likely to increase in the future. After all, the federal
government and the defense industry utilize TEMPEST, outlining the need for
classified "Red Power" systems to protect computers from power-line
monitoring and Van Eyck monitoring as well, versus "Black Power" systems that
are connected to the public grid. In fact, not too long ago the French were
caught conducting industrial espionage by tapping into a local power grid and
accessing information via power lines.

Any thoughts would be welcome. Thanks.
Reply With Quote
Sponsored Links
  #2 (permalink)  
Old 03-25-2008
Smithsonian
 

Posts: n/a
Re: Viability of power-line intrusions
There is no way really to prevent someone from accessing your computer. Id
say you wouldnt. I'd say dont enter any personal information.
"FYIGMO" <FYIGMO@discussions.microsoft.com> wrote in message
news:9B634E76-2334-458D-8C2B-D68F3BAB691C@microsoft.com...
> If I connect my Vista laptop to a power outlet in public, such as an
> airport
> terminal, library, or coffee shop, how viable is the threat from someone
> gaining access to my computer via a power-line network? If the threat is
> viable today, what is the best method of stopping it?
>
> I know many people will say this is too unlikely and that other security
> threats are of much more concern to the average computer user, but with
> the
> increasing sophistication of ripoff artists either trying to steal your
> identity or pilfer your financial data I wouldn't assume the threat is not
> viable and not likely to increase in the future. After all, the federal
> government and the defense industry utilize TEMPEST, outlining the need
> for
> classified "Red Power" systems to protect computers from power-line
> monitoring and Van Eyck monitoring as well, versus "Black Power" systems
> that
> are connected to the public grid. In fact, not too long ago the French
> were
> caught conducting industrial espionage by tapping into a local power grid
> and
> accessing information via power lines.
>
> Any thoughts would be welcome. Thanks.


Reply With Quote
  #3 (permalink)  
Old 03-27-2008
Alun Jones
 

Posts: n/a
Re: Viability of power-line intrusions
"FYIGMO" <FYIGMO@discussions.microsoft.com> wrote in message
news:9B634E76-2334-458D-8C2B-D68F3BAB691C@microsoft.com...
> If I connect my Vista laptop to a power outlet in public, such as an
> airport
> terminal, library, or coffee shop, how viable is the threat from someone
> gaining access to my computer via a power-line network? If the threat is
> viable today, what is the best method of stopping it?


Be realistic.

If you are concerned about the kind of highly-motivated, well-funded and
overly-technical attacker that would be able to deduce anything from
monitoring your power usage (let alone inject anything through the power
cable), you already work for an institution that can give you advice (such
as "don't use your laptop... anywhere but in the office").

Yes, Van Eyck phreaking allows an observer with a large truckful of
expensive equipment to get something of an idea of what's on your screen
(with varying degrees of success and/or resolution) - provided there isn't a
lot of interference. There are some interesting results with reading light
levels from a CRT in a darkened room, but your laptop doesn't have a CRT.

Your laptop power supply takes 50-60Hz alternating current, applies
rectifiers (diodes) and smoothers (capacitors) to it, plus probably a
significant level of other solid-state electronics, to create a more
smoothed direct current signal. I've not heard of any attacks that can use
fluctuating power drain to determine the activity on your system - that
doesn't mean they don't exist or aren't possible, but if you truly fear
that, carry a battery charger, and plug _that_ into the outlet; always work
off battery.

I'm pretty certain that there are no good attacks that allow any measure of
control over your system through fluctuating the power supply, short of the
obvious overloading, or de-powering.

The short answer - if you think your opponents are smarter and richer than
you, and they're interested in your information, stop using the information
in places they can get to.

Alun.
~~~~


Reply With Quote
  #4 (permalink)  
Old 03-28-2008
Jason
 

Posts: n/a
RE: Viability of power-line intrusions
Get a good antivirus program such as Kaspersky and a free firewall like ZoneAlarm. Kaspersky has auto detect and will cut your chances of getting penetrated by 90%.


Post Originated from http://www.VistaForums.com Vista Support Forums
Reply With Quote
  #5 (permalink)  
Old 03-30-2008
FYIGMO
 

Posts: n/a
Re: Viability of power-line intrusions
I understand realism, which is why anyone would simply use battery power if
they were that afraid of a power-line intrusion. The question is more
theoretical at this time, but for how long? If there's two things I've
learned over the years it's never underestimate the cunning and tenacity of
criminals, and second is that computer software and hardware continues to
increase in capability while dropping in price, resulting in home computers
or laptops today that two or three decades ago would have taken "national"
means to have owned and operated.

Also, you wrote: "If you are concerned about the kind of highly-motivated,
well-funded and overly-technical attacker that would be able to deduce
anything from monitoring your power usage...."

I clearly said in my original posting that power-line intrusions are used to
collect data, not monitor your power usage. I suggest you read about the
NSA's TEMPEST program and security requirements regarding it. Computer data
can be just as easily collected via power lines as through a broadband
connection, only it's much more covert. If governments and corporations can
use it and are concerned with protection against it, then there's no reason
to believe criminals have not, or will not soon, be using it.

You also said: "The short answer - if you think your opponents are smarter
and richer than you, and they're interested in your information, stop using
the information in places they can get to."

For now, you still have that option, but as companies and/or their products
are increasingly connected to the web and cell networks, it won't be long
before you don't have any choice. Have you ever tried operating a computer
that's not connected to the internet? It's amazing how many programs won't
function because the program can't communicate to the internet for reasons
such as product verification, and when you try to communicate with the
company they go into vapor lock (as though regular mail doesn't exist or is
not an option anymore for communications) and fail or refuse to pass along
authorization numbers, etc., for your legally owned software to function.

I don't think it's a dumb question to be asking about criminals and
power-line intrusions. As we all become more connected to the web for
everyday needs and services, it's just another possible vulnerability to be
concerned about.

FYIGMO


"Alun Jones" wrote:

> Be realistic.
>
> If you are concerned about the kind of highly-motivated, well-funded and
> overly-technical attacker that would be able to deduce anything from
> monitoring your power usage (let alone inject anything through the power
> cable), you already work for an institution that can give you advice (such
> as "don't use your laptop... anywhere but in the office").
>
> Yes, Van Eyck phreaking allows an observer with a large truckful of
> expensive equipment to get something of an idea of what's on your screen
> (with varying degrees of success and/or resolution) - provided there isn't a
> lot of interference. There are some interesting results with reading light
> levels from a CRT in a darkened room, but your laptop doesn't have a CRT.
>
> Your laptop power supply takes 50-60Hz alternating current, applies
> rectifiers (diodes) and smoothers (capacitors) to it, plus probably a
> significant level of other solid-state electronics, to create a more
> smoothed direct current signal. I've not heard of any attacks that can use
> fluctuating power drain to determine the activity on your system - that
> doesn't mean they don't exist or aren't possible, but if you truly fear
> that, carry a battery charger, and plug _that_ into the outlet; always work
> off battery.
>
> I'm pretty certain that there are no good attacks that allow any measure of
> control over your system through fluctuating the power supply, short of the
> obvious overloading, or de-powering.
>
> The short answer - if you think your opponents are smarter and richer than
> you, and they're interested in your information, stop using the information
> in places they can get to.
>
> Alun.
> ~~~~
>
>
>

Reply With Quote
  #6 (permalink)  
Old 03-30-2008
FromTheRafters
 

Posts: n/a
Re: Viability of power-line intrusions

"FYIGMO" <FYIGMO@discussions.microsoft.com> wrote in message
news:9B634E76-2334-458D-8C2B-D68F3BAB691C@microsoft.com...
> If I connect my Vista laptop to a power outlet in public, such as an
> airport
> terminal, library, or coffee shop, how viable is the threat from someone
> gaining access to my computer via a power-line network? If the threat is
> viable today, what is the best method of stopping it?
>
> I know many people will say this is too unlikely and that other security
> threats are of much more concern to the average computer user, but with
> the
> increasing sophistication of ripoff artists either trying to steal your
> identity or pilfer your financial data I wouldn't assume the threat is not
> viable and not likely to increase in the future. After all, the federal
> government and the defense industry utilize TEMPEST, outlining the need
> for
> classified "Red Power" systems to protect computers from power-line
> monitoring and Van Eyck monitoring as well, versus "Black Power" systems
> that
> are connected to the public grid. In fact, not too long ago the French
> were
> caught conducting industrial espionage by tapping into a local power grid
> and
> accessing information via power lines.
>
> Any thoughts would be welcome. Thanks.


Well engineered laptops would have good filtering of the AC to DC conversion
inbound as well as RF decoupling outbound. Nothing is perfect though, so
there
will be some leakage. This is not the same as 'access to my computer' in any
command and control sense. It is data leakage only, and not very much at
that.

Back when I was more familiar with TEMPEST, laptops didn't exist. However,
I'm reasonably sure the guidelines for sensitive data on laptops include not
doing
as you suggest. )

Reply With Quote
  #7 (permalink)  
Old 03-31-2008
FYIGMO
 

Posts: n/a
Re: Viability of power-line intrusions
That's why the threat is potentially so great. For example, some businessman
is waiting to board his flight and using his computer in the terminal. The
battery dies, and he's forced to plug-in (good luck finding a plug!).
Anyway, he may be doing something as simple as his home finances with Quicken
and, BAM!, some thief who's accessed his laptop via the power lines has just
tapped into his financial data. For people who are prudent with security
that will never be a problem, but the scenario above describes the vast
majority of computer users who innocently operate their computers yet are
totally vulnerable to intrusion. Just more food for thought.

FYIGMO

"FromTheRafters" wrote:

> Back when I was more familiar with TEMPEST, laptops didn't exist. However,
> I'm reasonably sure the guidelines for sensitive data on laptops include not
> doing
> as you suggest. )
>
>

Reply With Quote
  #8 (permalink)  
Old 03-31-2008
FromTheRafters
 

Posts: n/a
Re: Viability of power-line intrusions
No, it's not that simple. It would take much time to
gather enough information from the data leakage
to allow penetration of your system. The bad guy
would have to invest much time gathering and then
analyzing - just to get the merest crumbs.

I'm reasonably sure there won't be enough time in the
case of your businessman.

Governments have to worry about such things because
the bad guys know that the end result may prove worth
the time and effort.

"FYIGMO" <FYIGMO@discussions.microsoft.com> wrote in message
news:6E46E558-4C0A-4B96-A9A3-C7F8C441C08E@microsoft.com...
> That's why the threat is potentially so great. For example, some
> businessman
> is waiting to board his flight and using his computer in the terminal.
> The
> battery dies, and he's forced to plug-in (good luck finding a plug!).
> Anyway, he may be doing something as simple as his home finances with
> Quicken
> and, BAM!, some thief who's accessed his laptop via the power lines has
> just
> tapped into his financial data. For people who are prudent with security
> that will never be a problem, but the scenario above describes the vast
> majority of computer users who innocently operate their computers yet are
> totally vulnerable to intrusion. Just more food for thought.
>
> FYIGMO
>
> "FromTheRafters" wrote:
>
>> Back when I was more familiar with TEMPEST, laptops didn't exist.
>> However,
>> I'm reasonably sure the guidelines for sensitive data on laptops include
>> not
>> doing
>> as you suggest. )
>>
>>


Reply With Quote
  #9 (permalink)  
Old 04-02-2008
FYIGMO
 

Posts: n/a
Re: Viability of power-line intrusions
I can see your point, but I'll still remain a bit paranoid when it comes to
the tenacity of thieves. I read in the Wall Street Journal yesterday about a
grocery chain's fiber optic network (thought to be secure) which was
penetrated by malware, allowing the thieves to intercept customer's credit
card numbers as they swiped them at the checkout counter. I figure that at
some point these guys will resort to power-line intrusions of banks, etc.,
because, as you mentioned, the financial gain is such that it is worth the
time and effort of sifting through the data. In summary, I don't trust
anyone these days....

FYIGMO

"FromTheRafters" wrote:

> No, it's not that simple. It would take much time to
> gather enough information from the data leakage
> to allow penetration of your system. The bad guy
> would have to invest much time gathering and then
> analyzing - just to get the merest crumbs.
>
> I'm reasonably sure there won't be enough time in the
> case of your businessman.
>
> Governments have to worry about such things because
> the bad guys know that the end result may prove worth
> the time and effort.
>
> "FYIGMO" <FYIGMO@discussions.microsoft.com> wrote in message
> news:6E46E558-4C0A-4B96-A9A3-C7F8C441C08E@microsoft.com...
> > That's why the threat is potentially so great. For example, some
> > businessman
> > is waiting to board his flight and using his computer in the terminal.
> > The
> > battery dies, and he's forced to plug-in (good luck finding a plug!).
> > Anyway, he may be doing something as simple as his home finances with
> > Quicken
> > and, BAM!, some thief who's accessed his laptop via the power lines has
> > just
> > tapped into his financial data. For people who are prudent with security
> > that will never be a problem, but the scenario above describes the vast
> > majority of computer users who innocently operate their computers yet are
> > totally vulnerable to intrusion. Just more food for thought.
> >
> > FYIGMO
> >
> > "FromTheRafters" wrote:
> >
> >> Back when I was more familiar with TEMPEST, laptops didn't exist.
> >> However,
> >> I'm reasonably sure the guidelines for sensitive data on laptops include
> >> not
> >> doing
> >> as you suggest. )
> >>
> >>

>
>

Reply With Quote
  #10 (permalink)  
Old 04-03-2008
FromTheRafters
 

Posts: n/a
Re: Viability of power-line intrusions

"FYIGMO" <FYIGMO@discussions.microsoft.com> wrote in message
news:0FACF03C-3F61-471B-9A95-655A2E4C1A33@microsoft.com...
>I can see your point, but I'll still remain a bit paranoid when it comes to
> the tenacity of thieves.


A healthy paranoia is a good thing. )

> I read in the Wall Street Journal yesterday about a
> grocery chain's fiber optic network (thought to be secure) which was
> penetrated by malware, allowing the thieves to intercept customer's credit
> card numbers as they swiped them at the checkout counter.


I believe that that is my employer. I hadn't heard about
the fiber optic angle though. Man in the middle attack
is all I heard. I was wondering how the man got in the
middle.

> I figure that at
> some point these guys will resort to power-line intrusions of banks, etc.,
> because, as you mentioned, the financial gain is such that it is worth the
> time and effort of sifting through the data. In summary, I don't trust
> anyone these days....

[snip]

Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Snapshots from the NYC iPhone line: Sellouts and power hounds Paul Security News 0 06-29-2007 19:58
A CIO's View of SUSE's Enterprise Viability Steve General Technology News 0 06-24-2007 03:51
Attack-Proof Power Line to be Installed Under NY Steve General Technology News 0 05-22-2007 00:45
Attack-proof power line to be installed under NY Steve General Technology News 0 05-21-2007 18:27
No data stolen in 2006 computer intrusions, says Commerce Dept. Steve Security News 0 04-19-2007 20:25




All times are GMT +1. The time now is 21:41.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120