Re: Stego-empty hard drives... (fwd)

[Jim Choate <ravage@einstein.ssz.com>]

Forwarded message:

> Date: Tue, 22 Sep 1998 09:38:18 -0500
> From: Petro <petro@playboy.com>
> Subject: Re: Stego-empty hard drives... (fwd)

> 	If you do (1), and simply have _no_ prompt, just a small space in
> time AFTER the POST (say, immediately after) to type in your passkey, and
> things are
> set up that if you type the wrong keys, it goes straight into hidden space
> mode, then there would be no suspicion, other than a slightly long boot
> sequence (and if the wait time were only 2 or 3 seconds, it might not even
> be noticable.)

If we are discussing only the customs inspector doing a visual inspection
this will certainly work. It won't hold up to TEMPEST analysis where they 
fingerprint a known un-mod'ed unit and then compare that to yours. The
POST shouldn't change from laptop to laptop, irrespective of the filesystem
or OS that is actualy installed.

The point is that this is a weak approach with a variety of attacks open.
When one considers the amount of work required to collect BIOS'ed , reverse
engineer them (unless you got lots of mullah), develop the crypto,
develop the camouflage code, distribute the code, burn the ROM's, distribute
the ROM's, cost of suitable TEMPEST monitors, etc. the benefit seems
questionable at best.

Even if they can't crack it in may places (eg France) such actions would
be prosecutable in and of themselves.


    ____________________________________________________________________

                            The seeker is a finder.

                                     Ancient Persian Proverb

       The Armadillo Group       ,::////;::-.          James Choate
       Austin, Tx               /:'///// ``::>/|/      ravage@ssz.com
       www.ssz.com            .',  ||||    `/( e\      512-451-7087
                           -====~~mm-'`-```-mm --'-
    --------------------------------------------------------------------