From: Ralph Forsythe (rforsythe@5280tech.com)
Date: Thu Jul 27 2006 - 23:03:39 EDT
On Thu, 27 Jul 2006, Matt Burnett wrote:
> Wouldnt it just be a lot easier for you or your boss to disconnect the
> microphone cable than going though some elaborate scheme to prove it
> could possibly be done? If they can "ruled" any laptop at will then
> couldnt they also get into your mail servers? Wouldnt anything that
> would be discussed in your meeting generate followups in a email?
How are you going to disconnect the microphone cable when there isn't one?
The mic is built into the laptop - you'd have to take the thing apart. As
an alternative, ram a bunch of epoxy in the mic hole(s); that would pretty
much muffle any noise it might record, IMO.
As for the task at hand, very easy as others have pointed out. Lots of
ways to get into the system, especially in a corporate environment where
remote access is often enabled for tech support purposes. Bear in mind
you not only have to worry about people gaining access from the outside
(which hopefully your network is secured against), but also an employee
looking to do something bad - particularly one with privileges for remote
access or ability to physically access the machine. Given that this *is*
a conference room, uncontrolled physical access at some point is likely
unless this laptop always travels with someone.
There isn't a real good way to secure the network connection itself that
wouldn't be easily bypassed by anyone with physical access to the laptop,
and given that pretty much any modern laptop will have a microphone on it,
I think epoxy or fun with a set of screwdrivers is the only sure bet - of
course, this assumes someone doesn't bring their own machine into the room
for a meeting, as people very often do (even more often if you have wi-fi
access in there).
I just don't see any unequivocal method of making sure you're secure
against this, unless you switch it to a desktop PC with no microphone port
and ban laptops from entering the room. And then we get to the risk
assessment and threat/vulnerability vs cost determination, which is really
what will define how far you're willing to go with this. Of course
someone can always stick a mic into the celing, or rig up any number of
other eavesdropping methods, so short of conducting meetings in a secured
underground bunker, you will have to live with the potential. However
you're most definitely going to get a new laptop out of the deal, so run
with it!
Someone else remarked that we can't assume this system is even connected
at all. Actually it's a pretty logical step, since the original statement
said "shiny new internet laptop". If it can surf the web, it's connected
at least some of the time. Not a huge leap of faith on that one...
- Ralph
On Thu, 27 Jul 2006, Matt Burnett wrote:
> Wouldnt it just be a lot easier for you or your boss to disconnect the
> microphone cable than going though some elaborate scheme to prove it could
> possibly be done? If they can "ruled" any laptop at will then couldnt they
> also get into your mail servers? Wouldnt anything that would be discussed in
> your meeting generate followups in a email?
>
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:26 EDT