Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] V-E scanning & legality
From: David Alexander <dalexander () TRISKELE CO UK>
Date: Fri, 10 Nov 2000 09:41:24 -0000

I don't think the legality issue is going to bother someone who is already
intent on an illegal act I.E. stealing information from another
organisation.

On a separate note, does anyone know if the new LCD/plasma flat screens are
vulnerable to this ?

David Alexander
Project Manager & Information Security Consultant
Qualified BS7799 Lead Auditor
Triskele Ltd.

Office  01491 833280
Mobile 0780 308 3130



-----Original Message-----
From: Rob Shein [mailto:rshein () MAIL WASH AVERSTAR COM]
Sent: 08 November 2000 16:08
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Penetration Testing and Van Eck Scanning


If I understand the laws correctly (and I am NOT a lawyer, thank god),
construction of a Van Eck device is illegal in the U.S.  The
concept behind
the law is similar to the law regarding ownership or
construction of bugging
devices.  Frankly, I don't see how viable it really is for a typical
commercial enterprise to go sufficiently TEMPEST-compliant to
thwart this
form of surveillance.  If they're a small business, it's too
expensive for
their budget, and if it's a large business, it's too
difficult to cast the
net that wide and be sure that some high-level manager
doesn't circumvent
the controls because he doesn't want to deal with the
inconvenience or cost.

-----Original Message-----
From: Penetration Testers
[mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Johann van Duyn
Sent: Wednesday, November 08, 2000 10:45 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Penetration Testing and Van Eck Scanning


Just a thought I had while on a nicotine-and-caffeine break:

Has anyone ever done a bit of Van Eck (aka TEMPEST) surveillance
as part of
a penetration test, just to show people what can be seen
from a van in the
corporate parking lot when the security attendant is on his
lunch break?
That could provide a few hot debates in boardrooms,
especially if one were
to tune in to the Internet browsing habits of a few senior
directors...

Has anyone done it, or had/seen it done (esp. outside of a military
environment)? Are there any good references around re.
proposed civilian
standards for 'safety' from Van Eck scanning? And where
would one look
around either for people who do that type of surveillance, or the
equipment
to do that with.

And, finally, if this is not the right forum for such
discussions, could
anyone in the know point me to such?

Very ta,


David Alexander
Project Manager & Information Security Consultant
Qualified BS7799 Lead Auditor
Triskele Ltd.

Office  01491 833280
Mobile 0780 308 3130

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]