New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Send your server to a colocation facility, with a good microphone inside the box, and then acoustically extract keys from all nearby servers.
Oh crap
Patched in Debian at least
http://www.debian.org/security/2013/dsa-2821
What worries me is that they are now making this public. Imagine what other new ways they know, to decide that this info is no longer secret and can be released to the public.
http://en.wikipedia.org/wiki/Side_channel_attack
There's quite a few ways
It would need to be a pretty good microphone though, given servers tend to have noisy fans, hard drives, etc. in them.
@Magiobiwan said:
Thats similar to saying you cant differentiate music and the wind.
They all work in differnt ranges and are easy to tell apart. The background load on the CPU is more of a factor the the fan noise
This is why NATO military equipment is compliant to TEMPEST directives: see wikipedia for a relevant list of the actual MIL specs. Acoustic cryptanalysis is a very old story. The only newsworty part is the application to this specific domain.
Servers are enclosed in a metal enclousure. This is a far cry from the NATO tempest specifications, but is effective against this attack. Notice that the paper authors extracted the key from a (plastic) laptop.
This news, comes in the The Hacker news a few weeks ago.
Just another reiteration of the "I got your password from listening to your keys" meme seen in a lot of spy movies, heh.
BRB writing GUI in Visual Basic to track down an IP and give me a location. Also to enhance an insanely blurry surveillance video frame into a crystal clear license plate.
Nothing beats good old thermorectal cryptanalysis. Very low tech, but cracks any encryption method known to mankind. Even one-way hashing algorithms become reversible with this method.
ROFLMAO!
Yeah, and the best part... Even a kid can do it with a $20 soldering iron (no soldering skills required!)