Penetration Testing mailing list archives
Re: [PEN-TEST] V-E scanning & legality
From: David Alexander <dalexander () TRISKELE CO UK>
Date: Fri, 10 Nov 2000 09:41:24 -0000
I don't think the legality issue is going to bother someone who is already intent on an illegal act I.E. stealing information from another organisation. On a separate note, does anyone know if the new LCD/plasma flat screens are vulnerable to this ? David Alexander Project Manager & Information Security Consultant Qualified BS7799 Lead Auditor Triskele Ltd. Office 01491 833280 Mobile 0780 308 3130
-----Original Message----- From: Rob Shein [mailto:rshein () MAIL WASH AVERSTAR COM] Sent: 08 November 2000 16:08 To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Penetration Testing and Van Eck Scanning If I understand the laws correctly (and I am NOT a lawyer, thank god), construction of a Van Eck device is illegal in the U.S. The concept behind the law is similar to the law regarding ownership or construction of bugging devices. Frankly, I don't see how viable it really is for a typical commercial enterprise to go sufficiently TEMPEST-compliant to thwart this form of surveillance. If they're a small business, it's too expensive for their budget, and if it's a large business, it's too difficult to cast the net that wide and be sure that some high-level manager doesn't circumvent the controls because he doesn't want to deal with the inconvenience or cost.-----Original Message----- From: Penetration Testers[mailto:PEN-TEST () SECURITYFOCUS COM]On BehalfOf Johann van Duyn Sent: Wednesday, November 08, 2000 10:45 AM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Penetration Testing and Van Eck Scanning Just a thought I had while on a nicotine-and-caffeine break: Has anyone ever done a bit of Van Eck (aka TEMPEST) surveillance as part of a penetration test, just to show people what can be seenfrom a van in thecorporate parking lot when the security attendant is on hislunch break?That could provide a few hot debates in boardrooms,especially if one wereto tune in to the Internet browsing habits of a few seniordirectors...Has anyone done it, or had/seen it done (esp. outside of a military environment)? Are there any good references around re.proposed civilianstandards for 'safety' from Van Eck scanning? And wherewould one lookaround either for people who do that type of surveillance, or the equipment to do that with. And, finally, if this is not the right forum for suchdiscussions, couldanyone in the know point me to such? Very ta,
David Alexander Project Manager & Information Security Consultant Qualified BS7799 Lead Auditor Triskele Ltd. Office 01491 833280 Mobile 0780 308 3130
Current thread:
- Re: [PEN-TEST] V-E scanning & legality David Alexander (Nov 11)
- Re: [PEN-TEST] V-E scanning & legality Rob Shein (Nov 14)