____/ Mark Kent on Tuesday 04 December 2007 08:38 : \____
> Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx> espoused:
>> Microsoft wireless keyboards crypto cracked
>>
>> ,----[ Quote ]
>>| Bluetooth is increasingly becoming the de-facto standard for wireless
>>| communication in peripheral devices and is reckoned to be secure. But some
>>| manufacturers such as Logitech and Microsoft rely on 27 MHz radio
>>| technology which, it transpires, is anything but secure.
>> `----
>>
>> http://www.theregister.co.uk/2007/12/03/wireless_keyboard_crypto_cracked/
>>
>> Also the proprietary QuickTime for Windows should now be treated as a
>> secuirty hazard.
>>
>
> Nothing sent by radio is ever likely to be proof against eavesdropping.
> Perhaps using modulated lasers is one of the safe methods, but even that
> could be sniffed using partially silvered mirrors.
>
> It's also possible to sniff signals through fibres by curving them
> around a sufficiently narrow bend radius that they leak light. That
> light can be collected and demodulated. Coaxial transmission systems
> all leak a little, as do twisted pairs and fixed-separation transmission
> line systems.
Yes, but that's why it should be encrypted properly, which in this case it
wasn't (and still isn't). Being an embedded device like this, you can't just
reflash to patch.
> Not so long ago, some researcher in the UK (Cambridge?) came up with
> a method for detecting the content of CRT screens remotely by radio
> detection. He showed his system displaying the screen of a nearby
> monitor sufficiently clearly to be easily read.
>
> The best way to keep a secret is, well, don't tell anyone. If secret
> data needs to be on a machine, then it should be encrypted, with strong
> encryption, and should be physically isolated, ideally within a Faraday
> cage to eliminate as far as possible eavesdropping opportunities.
Kind of like WEP.
> Even then, as HMG found out recently, people make mistakes and
> accidentally send the bank account details, names, dates of birth of
> Parents, children, NI numbers and more unencrypted on CDs through the
> post across the country.
>
> Of course we can trust the government!
Well, the NHS have lost 3.6 billion pounds more than the value of this data.
People just need to change their passwords... and names... and start a new
family... and open a new bank account...
--
~~ Best of wishes
For governments that eavesdrop, here is a quick list of tags: Communism,
Hawaiian shirts, China, Suitcase, Martha Stewart, Encryption, Prison, Stalin.
Thanks for tuning in.
|
|
