1998-09-23 - Re: Stego-empty hard drives… (fwd)

Header Data

From: “Albert P. Franco, II” <apf2@ctv.es>
To: cypherpunks@Algebra.COM
Message Hash: 571005f1921558969a8bc2a53bb85cac9c55be57d120cfcf49162a12bbab1cf6
Message ID: <3.0.3.32.19980925045548.0069dbbc@pop.ctv.es>
Reply To: N/A
UTC Datetime: 1998-09-23 13:53:49 UTC
Raw Date: Wed, 23 Sep 1998 21:53:49 +0800

Raw message

From: "Albert P. Franco, II" <apf2@ctv.es>
Date: Wed, 23 Sep 1998 21:53:49 +0800
To: cypherpunks@Algebra.COM
Subject: Re: Stego-empty hard drives... (fwd)
Message-ID: <3.0.3.32.19980925045548.0069dbbc@pop.ctv.es>
MIME-Version: 1.0
Content-Type: text/plain



>From: Jim Choate <ravage@einstein.ssz.com>
>> From: "Albert P. Franco, II" <apf2@ctv.es>
>
>> I can't imagine that anyone that wasn't already sure that you were playing
>> tricks with the HD would be able to detect either of these on a normal
>> startup. Again I think the key is that it would vastly expensive and very
>> time consuming for customs services to make more than a cursory check. More
>> and more people are carrying notebooks with them on trips and just like
>> most bag searching has ended due to very fast, but not perfect, technology,
>> notebook scanning is limited by the very important public factor--the
>> people waiting in line behind you will tend to get very anxious. :)
>
>That's a rationale for doing TEMPEST scanning I hadn't thought of. Since it
>is time consuming and takes special training (which means higher personel
>budgets that don't amortise over time like hardware) to operate a floppy
>scanner and interpet the results there are budget forces involved.
>

I snipped the rest, but your point ignores that they still have to scan my
hard drive for what they are looking for. So TEMPEST on top of the other
measures just makes things slower. Also the vast variety of computers and
clock speeds on the market today would make a 30 byte (10-20 clock cycles
... )BIOS patch virtually undetectable. Again...UNLESS they want YOU in
particular. 

I would be more concerned about a Unix-like OS on their disk-following THEM
to bypass my BIOS to read the HD. Of course, perhaps another way around
this may be to carry a couple copies of an NDA and an Acceptance of
Liability for Damages Caused contract. Tell the stooge at the counter that
your machine contains highly valuable commercial information and that if
it's damaged in any way, shape or form he/she will be held personally
liable. Offer the two documents for his/her signature as you explain that
since the procedure they intend to use is so fool proof (the stooge is sure
to quote the party line...) this would only strengthen your case that
damage or discloser to/of contents must be a direct result of negligence or
criminal intent on the part of the stooge.

"If you can't dazzle 'em with brilliance, baffle 'em with bullshit." It
works for Clinton!

Al Franco, II





Thread