1998-09-22 - Re: Stego-empty hard drives… (fwd)

Header Data

From: Jim Choate <ravage@einstein.ssz.com>
To: cypherpunks@einstein.ssz.com (Cypherpunks Distributed Remailer)
Message Hash: 59f54a6cbe764adc7bb60c5f5ce9ce8db5cb7163ed7659c651dc7418dafe99ad
Message ID: <199809221546.KAA04142@einstein.ssz.com>
Reply To: N/A
UTC Datetime: 1998-09-22 02:18:45 UTC
Raw Date: Tue, 22 Sep 1998 10:18:45 +0800

Raw message

From: Jim Choate <ravage@einstein.ssz.com>
Date: Tue, 22 Sep 1998 10:18:45 +0800
To: cypherpunks@einstein.ssz.com (Cypherpunks Distributed Remailer)
Subject: Re: Stego-empty hard drives... (fwd)
Message-ID: <199809221546.KAA04142@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text

Forwarded message:

> Date: Tue, 22 Sep 1998 09:38:18 -0500
> From: Petro <petro@playboy.com>
> Subject: Re: Stego-empty hard drives... (fwd)

> 	If you do (1), and simply have _no_ prompt, just a small space in
> time AFTER the POST (say, immediately after) to type in your passkey, and
> things are
> set up that if you type the wrong keys, it goes straight into hidden space
> mode, then there would be no suspicion, other than a slightly long boot
> sequence (and if the wait time were only 2 or 3 seconds, it might not even
> be noticable.)

If we are discussing only the customs inspector doing a visual inspection
this will certainly work. It won't hold up to TEMPEST analysis where they 
fingerprint a known un-mod'ed unit and then compare that to yours. The
POST shouldn't change from laptop to laptop, irrespective of the filesystem
or OS that is actualy installed.

The point is that this is a weak approach with a variety of attacks open.
When one considers the amount of work required to collect BIOS'ed , reverse
engineer them (unless you got lots of mullah), develop the crypto,
develop the camouflage code, distribute the code, burn the ROM's, distribute
the ROM's, cost of suitable TEMPEST monitors, etc. the benefit seems
questionable at best.

Even if they can't crack it in may places (eg France) such actions would
be prosecutable in and of themselves.


                            The seeker is a finder.

                                     Ancient Persian Proverb

       The Armadillo Group       ,::////;::-.          James Choate
       Austin, Tx               /:'///// ``::>/|/      ravage@ssz.com
       www.ssz.com            .',  ||||    `/( e\      512-451-7087
                           -====~~mm-'`-```-mm --'-