If I connect my Vista laptop to a power outlet in public, such as an airport 
terminal, library, or coffee shop, how viable is the threat from someone 
gaining access to my computer via a power-line network? If the threat is 
viable today, what is the best method of stopping it?

I know many people will say this is too unlikely and that other security 
threats are of much more concern to the average computer user, but with the 
increasing sophistication of ripoff artists either trying to steal your 
identity or pilfer your financial data I wouldn't assume the threat is not 
viable and not likely to increase in the future. After all, the federal 
government and the defense industry utilize TEMPEST, outlining the need for 
classified "Red Power" systems to protect computers from power-line 
monitoring and Van Eyck monitoring as well, versus "Black Power" systems that 
are connected to the public grid. In fact, not too long ago the French were 
caught conducting industrial espionage by tapping into a local power grid and 
accessing information via power lines.

Any thoughts would be welcome. Thanks.

There is no way really to prevent someone from accessing your computer. Id 
say you wouldnt. I'd say dont enter any personal information.
"FYIGMO"  wrote in message 
news:9B634E76-2334-458D-8C2B-D68F3BAB691C@microsoft.com...
> If I connect my Vista laptop to a power outlet in public, such as an 
> airport
> terminal, library, or coffee shop, how viable is the threat from someone
> gaining access to my computer via a power-line network? If the threat is
> viable today, what is the best method of stopping it?
>
> I know many people will say this is too unlikely and that other security
> threats are of much more concern to the average computer user, but with 
> the
> increasing sophistication of ripoff artists either trying to steal your
> identity or pilfer your financial data I wouldn't assume the threat is not
> viable and not likely to increase in the future. After all, the federal
> government and the defense industry utilize TEMPEST, outlining the need 
> for
> classified "Red Power" systems to protect computers from power-line
> monitoring and Van Eyck monitoring as well, versus "Black Power" systems 
> that
> are connected to the public grid. In fact, not too long ago the French 
> were
> caught conducting industrial espionage by tapping into a local power grid 
> and
> accessing information via power lines.
>
> Any thoughts would be welcome. Thanks.

"FYIGMO"  wrote in message 
news:9B634E76-2334-458D-8C2B-D68F3BAB691C@microsoft.com...
> If I connect my Vista laptop to a power outlet in public, such as an 
> airport
> terminal, library, or coffee shop, how viable is the threat from someone
> gaining access to my computer via a power-line network? If the threat is
> viable today, what is the best method of stopping it?

Be realistic.

If you are concerned about the kind of highly-motivated, well-funded and 
overly-technical attacker that would be able to deduce anything from 
monitoring your power usage (let alone inject anything through the power 
cable), you already work for an institution that can give you advice (such 
as "don't use your laptop... anywhere but in the office").

Yes, Van Eyck phreaking allows an observer with a large truckful of 
expensive equipment to get something of an idea of what's on your screen 
(with varying degrees of success and/or resolution) - provided there isn't a 
lot of interference. There are some interesting results with reading light 
levels from a CRT in a darkened room, but your laptop doesn't have a CRT.

Your laptop power supply takes 50-60Hz alternating current, applies 
rectifiers (diodes) and smoothers (capacitors) to it, plus probably a 
significant level of other solid-state electronics, to create a more 
smoothed direct current signal. I've not heard of any attacks that can use 
fluctuating power drain to determine the activity on your system - that 
doesn't mean they don't exist or aren't possible, but if you truly fear 
that, carry a battery charger, and plug _that_ into the outlet; always work 
off battery.

I'm pretty certain that there are no good attacks that allow any measure of 
control over your system through fluctuating the power supply, short of the 
obvious overloading, or de-powering.

The short answer - if you think your opponents are smarter and richer than 
you, and they're interested in your information, stop using the information 
in places they can get to.

Alun.
~~~~

Get a good antivirus program such as Kaspersky and a free firewall like ZoneAlarm. Kaspersky has auto detect and will cut your chances of getting penetrated by 90%.


Post Originated from http://www.VistaForums.com Vista Support Forums

I understand realism, which is why anyone would simply use battery power if 
they were that afraid of a power-line intrusion.  The question is more 
theoretical at this time, but for how long?  If there's two things I've 
learned over the years it's never underestimate the cunning and tenacity of 
criminals, and second is that computer software and hardware continues to 
increase in capability while dropping in price, resulting in home computers 
or laptops today that two or three decades ago would have taken "national" 
means to have owned and operated.

Also, you wrote: "If you are concerned about the kind of highly-motivated, 
well-funded and overly-technical attacker that would be able to deduce 
anything from monitoring your power usage...."

I clearly said in my original posting that power-line intrusions are used to 
collect data, not monitor your power usage.  I suggest you read about the 
NSA's TEMPEST program and security requirements regarding it.  Computer data 
can be just as easily collected via power lines as through a broadband 
connection, only it's much more covert.  If governments and corporations can 
use it and are concerned with protection against it, then there's no reason 
to believe criminals have not, or will not soon, be using it.

You also said: "The short answer - if you think your opponents are smarter 
and richer than you, and they're interested in your information, stop using 
the information in places they can get to."

For now, you still have that option, but as companies and/or their products 
are increasingly connected to the web and cell networks, it won't be long 
before you don't have any choice.  Have you ever tried operating a computer 
that's not connected to the internet?  It's amazing how many programs won't 
function because the program can't communicate to the internet for reasons 
such as product verification, and when you try to communicate with the 
company they go into vapor lock (as though regular mail doesn't exist or is 
not an option anymore for communications) and fail or refuse to pass along 
authorization numbers, etc., for your legally owned software to function.

I don't think it's a dumb question to be asking about criminals and 
power-line intrusions.  As we all become more connected to the web for 
everyday needs and services, it's just another possible vulnerability to be 
concerned about.

FYIGMO


"Alun Jones" wrote:

> Be realistic.
> 
> If you are concerned about the kind of highly-motivated, well-funded and 
> overly-technical attacker that would be able to deduce anything from 
> monitoring your power usage (let alone inject anything through the power 
> cable), you already work for an institution that can give you advice (such 
> as "don't use your laptop... anywhere but in the office").
> 
> Yes, Van Eyck phreaking allows an observer with a large truckful of 
> expensive equipment to get something of an idea of what's on your screen 
> (with varying degrees of success and/or resolution) - provided there isn't a 
> lot of interference. There are some interesting results with reading light 
> levels from a CRT in a darkened room, but your laptop doesn't have a CRT.
> 
> Your laptop power supply takes 50-60Hz alternating current, applies 
> rectifiers (diodes) and smoothers (capacitors) to it, plus probably a 
> significant level of other solid-state electronics, to create a more 
> smoothed direct current signal. I've not heard of any attacks that can use 
> fluctuating power drain to determine the activity on your system - that 
> doesn't mean they don't exist or aren't possible, but if you truly fear 
> that, carry a battery charger, and plug _that_ into the outlet; always work 
> off battery.
> 
> I'm pretty certain that there are no good attacks that allow any measure of 
> control over your system through fluctuating the power supply, short of the 
> obvious overloading, or de-powering.
> 
> The short answer - if you think your opponents are smarter and richer than 
> you, and they're interested in your information, stop using the information 
> in places they can get to.
> 
> Alun.
> ~~~~ 
> 
> 
>

"FYIGMO"  wrote in message 
news:9B634E76-2334-458D-8C2B-D68F3BAB691C@microsoft.com...
> If I connect my Vista laptop to a power outlet in public, such as an 
> airport
> terminal, library, or coffee shop, how viable is the threat from someone
> gaining access to my computer via a power-line network? If the threat is
> viable today, what is the best method of stopping it?
>
> I know many people will say this is too unlikely and that other security
> threats are of much more concern to the average computer user, but with 
> the
> increasing sophistication of ripoff artists either trying to steal your
> identity or pilfer your financial data I wouldn't assume the threat is not
> viable and not likely to increase in the future. After all, the federal
> government and the defense industry utilize TEMPEST, outlining the need 
> for
> classified "Red Power" systems to protect computers from power-line
> monitoring and Van Eyck monitoring as well, versus "Black Power" systems 
> that
> are connected to the public grid. In fact, not too long ago the French 
> were
> caught conducting industrial espionage by tapping into a local power grid 
> and
> accessing information via power lines.
>
> Any thoughts would be welcome. Thanks.

Well engineered laptops would have good filtering of the AC to DC conversion
inbound as well as RF decoupling outbound. Nothing is perfect though, so 
there
will be some leakage. This is not the same as 'access to my computer' in any
command and control sense. It is data leakage only, and not very much at 
that.

Back when I was more familiar with TEMPEST, laptops didn't exist. However,
I'm reasonably sure the guidelines for sensitive data on laptops include not 
doing
as you suggest. :o)

That's why the threat is potentially so great.  For example, some businessman 
is waiting to board his flight and using his computer in the terminal.  The 
battery dies, and he's forced to plug-in (good luck finding a plug!).  
Anyway, he may be doing something as simple as his home finances with Quicken 
and, BAM!, some thief who's accessed his laptop via the power lines has just 
tapped into his financial data.  For people who are prudent with security 
that will never be a problem, but the scenario above describes the vast 
majority of computer users who innocently operate their computers yet are 
totally vulnerable to intrusion.  Just more food for thought.

FYIGMO

"FromTheRafters" wrote:

> Back when I was more familiar with TEMPEST, laptops didn't exist. However,
> I'm reasonably sure the guidelines for sensitive data on laptops include not 
> doing
> as you suggest. :o) 
> 
>

No, it's not that simple. It would take much time to
gather enough information from the data leakage
to allow penetration of your system. The bad guy
would have to invest much time gathering and then
analyzing - just to get the merest crumbs.

I'm reasonably sure there won't be enough time in the
case of your businessman.

Governments have to worry about such things because
the bad guys know that the end result may prove worth
the time and effort.

"FYIGMO"  wrote in message 
news:6E46E558-4C0A-4B96-A9A3-C7F8C441C08E@microsoft.com...
> That's why the threat is potentially so great.  For example, some 
> businessman
> is waiting to board his flight and using his computer in the terminal. 
> The
> battery dies, and he's forced to plug-in (good luck finding a plug!).
> Anyway, he may be doing something as simple as his home finances with 
> Quicken
> and, BAM!, some thief who's accessed his laptop via the power lines has 
> just
> tapped into his financial data.  For people who are prudent with security
> that will never be a problem, but the scenario above describes the vast
> majority of computer users who innocently operate their computers yet are
> totally vulnerable to intrusion.  Just more food for thought.
>
> FYIGMO
>
> "FromTheRafters" wrote:
>
>> Back when I was more familiar with TEMPEST, laptops didn't exist. 
>> However,
>> I'm reasonably sure the guidelines for sensitive data on laptops include 
>> not
>> doing
>> as you suggest. :o)
>>
>>

I can see your point, but I'll still remain a bit paranoid when it comes to 
the tenacity of thieves.  I read in the Wall Street Journal yesterday about a 
grocery chain's fiber optic network (thought to be secure) which was 
penetrated by malware, allowing the thieves to intercept customer's credit 
card numbers as they swiped them at the checkout counter.  I figure that at 
some point these guys will resort to power-line intrusions of banks, etc., 
because, as you mentioned, the financial gain is such that it is worth the 
time and effort of sifting through the data.  In summary, I don't trust 
anyone these days....

FYIGMO

"FromTheRafters" wrote:

> No, it's not that simple. It would take much time to
> gather enough information from the data leakage
> to allow penetration of your system. The bad guy
> would have to invest much time gathering and then
> analyzing - just to get the merest crumbs.
> 
> I'm reasonably sure there won't be enough time in the
> case of your businessman.
> 
> Governments have to worry about such things because
> the bad guys know that the end result may prove worth
> the time and effort.
> 
> "FYIGMO"  wrote in message 
> news:6E46E558-4C0A-4B96-A9A3-C7F8C441C08E@microsoft.com...
> > That's why the threat is potentially so great.  For example, some 
> > businessman
> > is waiting to board his flight and using his computer in the terminal. 
> > The
> > battery dies, and he's forced to plug-in (good luck finding a plug!).
> > Anyway, he may be doing something as simple as his home finances with 
> > Quicken
> > and, BAM!, some thief who's accessed his laptop via the power lines has 
> > just
> > tapped into his financial data.  For people who are prudent with security
> > that will never be a problem, but the scenario above describes the vast
> > majority of computer users who innocently operate their computers yet are
> > totally vulnerable to intrusion.  Just more food for thought.
> >
> > FYIGMO
> >
> > "FromTheRafters" wrote:
> >
> >> Back when I was more familiar with TEMPEST, laptops didn't exist. 
> >> However,
> >> I'm reasonably sure the guidelines for sensitive data on laptops include 
> >> not
> >> doing
> >> as you suggest. :o)
> >>
> >> 
> 
>

"FYIGMO"  wrote in message 
news:0FACF03C-3F61-471B-9A95-655A2E4C1A33@microsoft.com...
>I can see your point, but I'll still remain a bit paranoid when it comes to
> the tenacity of thieves.

A healthy paranoia is a good thing. :o)

> I read in the Wall Street Journal yesterday about a
> grocery chain's fiber optic network (thought to be secure) which was
> penetrated by malware, allowing the thieves to intercept customer's credit
> card numbers as they swiped them at the checkout counter.

I believe that that is my employer. I hadn't heard about
the fiber optic angle though. Man in the middle attack
is all I heard. I was wondering how the man got in the
middle.

> I figure that at
> some point these guys will resort to power-line intrusions of banks, etc.,
> because, as you mentioned, the financial gain is such that it is worth the
> time and effort of sifting through the data.  In summary, I don't trust
> anyone these days....
[snip]

You can read more about this story at the following URL:

http://www.newser.com/story/23007.html

It would be interesting to see if it is where you work.  On a related 
subject, I just read a piece about a guy who encountered a network on his 
Apple in 2005 -- accessed through the power plug and the apartment's 
electrical wiring. After discovering the network (via OS X's Network 
Monitor), he disconnected the internet line. This had no effect on the 
exchange of information between his computer and the other system. The 
computer had no wireless capacity. The only option was the powerline.

The Perpheral Monitor detected a second "Display" attached to his computer. 
After a while, he plugged more and more devices into vacant outlets on the 
power strip. After adding a TV, clock radio and cordless phone to the strip, 
the network vanished. About twenty-minutes later, it was reestablished, using 
a process called "Python." He also discovered a user, named "Wheeler" who had 
"root user" access. Apparently, it turned out to be local police (Roseville, 
California) in the upstairs apartment conducting warrantless surveillance, 
which I assume immediately ceased as the above-mentioned computer user was an 
attorney.

Comments?

"FromTheRafters" wrote:

> A healthy paranoia is a good thing. :o)
> 
> I believe that that is my employer. I hadn't heard about
> the fiber optic angle though. Man in the middle attack
> is all I heard. I was wondering how the man got in the
> middle.
> 
> > I figure that at
> > some point these guys will resort to power-line intrusions of banks, etc.,
> > because, as you mentioned, the financial gain is such that it is worth the
> > time and effort of sifting through the data.  In summary, I don't trust
> > anyone these days....
> [snip] 
> 
>

"FYIGMO"  wrote in message 
news:AEBE099A-7BFB-4DA4-9CFB-8E1ADE1998C3@microsoft.com...
> Also, you wrote: "If you are concerned about the kind of highly-motivated,
> well-funded and overly-technical attacker that would be able to deduce
> anything from monitoring your power usage...."
>
> I clearly said in my original posting that power-line intrusions are used 
> to
> collect data, not monitor your power usage.

And how would you collect data over the power line, if not by monitoring the 
power usage?

> I suggest you read about the
> NSA's TEMPEST program and security requirements regarding it.  Computer 
> data
> can be just as easily collected via power lines as through a broadband
> connection, only it's much more covert.  If governments and corporations 
> can
> use it and are concerned with protection against it, then there's no 
> reason
> to believe criminals have not, or will not soon, be using it.

Sure there is - if they can get credit card numbers, say, by paying someone, 
or indulging in a little light hacking of a badly-secured web-site, why on 
earth would they try and sink thousands of dollars into a truckful of 
electronics that they then would need to spend a few months learning how to 
use?

It's different if you think someone is targeting you, of course. Then you 
have to theorise that there is no "easier target", because you're the one 
they want - is your data really so interesting? If it is, may I suggest not 
using an airport lounge or other public area to fetch your data?

> I don't think it's a dumb question to be asking about criminals and
> power-line intrusions.  As we all become more connected to the web for
> everyday needs and services, it's just another possible vulnerability to 
> be
> concerned about.

Power-line intrusions have nothing to do with "as we all become more 
connected to the web". You're needlessly expanding the discussion.

If you have data that valuable and that secret, you stay off the web, and 
you use places you know to be safe. No compromise.

Alun.
~~~~

"FYIGMO"  wrote in message 
news:55B70B89-AEEB-431A-B547-40DB07EB73EC@microsoft.com...
> It would be interesting to see if it is where you work.  On a related
> subject, I just read a piece about a guy who encountered a network on his
> Apple in 2005 -- accessed through the power plug and the apartment's
> electrical wiring. After discovering the network (via OS X's Network
> Monitor), he disconnected the internet line. This had no effect on the
> exchange of information between his computer and the other system. The
> computer had no wireless capacity. The only option was the powerline.
>
> The Perpheral Monitor detected a second "Display" attached to his 
> computer.
> After a while, he plugged more and more devices into vacant outlets on the
> power strip. After adding a TV, clock radio and cordless phone to the 
> strip,
> the network vanished. About twenty-minutes later, it was reestablished, 
> using
> a process called "Python." He also discovered a user, named "Wheeler" who 
> had
> "root user" access. Apparently, it turned out to be local police 
> (Roseville,
> California) in the upstairs apartment conducting warrantless surveillance,
> which I assume immediately ceased as the above-mentioned computer user was 
> an
> attorney.
>
> Comments?

While there are some network protocols that piggy-back on the electrical 
wiring, I've not heard of any that are included by default in a system's 
power connection. For it to show up in his own Network Monitor, it would 
have to be a legitimate network, and not simply one made by looking for 
patterns in power usage, such as you're describing.

So, your clever attorney must have bought himself an "ethernet over power 
lines" network adaptor, plugged into it, and then forgotten that he'd done 
so.

As for the dual display, my Mac is so crap at detecting displays plugged in 
or unplugged, that I wouldn't be at all surprised.

More likely is that his system was acting strangely, and it was easier to 
blame outside influences than his own inability to use the computer. I've 
seen that _far_ more often than I've seen examples of security breaches that 
verge on the fantastic, if not the entirely impossible.

Alun.
~~~~

The primary issue is not hiding secret data, but being able to make purchases 
via the web and not have your credit card info intercepted.  At any rate, 
what you said is correct, one must use common sense whenever accessing the 
web and never compromise regarding personal/financial data and its security.  
Quite frankly, I'm more concerned about giving my credit card to a waiter or 
waitress (which I haven't done for years) than I am using it over the web.  
Later....

FYIGMO

"Alun Jones" wrote:

> 
> If you have data that valuable and that secret, you stay off the web, and 
> you use places you know to be safe. No compromise.
> 
> Alun.
> ~~~~ 
> 
> 
>

Black Hat recently had a conference boasting that they can now hack through 
the power outlet. How late! The U.S. and Canadian governments (maybe the 
other 3 of the N.S.A. partnership - U.K., Australia and New Zealand - as 
well) have been able to do this since, at least, 2005. I know this from my 
own experiences. Not only that! The Canadian criminals on behalf of the 
criminal Harper government in Ottawa, control all electrical appliances, 
whether AC or DC, in my home and the Hydro utility have no remedy for this 
as they don't know how it's done. My phones, of whatever type, are all 
wiretapped. If I call on one of my 3 cellular phones, they call me back on 
another, so I've stopped using any. I have only 1 of a 3-unit Uniden 
cordless phone set now working. When they worked before, they only let me 
use 2. The other 1 they reserved for their own use (listening, of course). 
Now they've ruined 2. All of my phone calls are listened into. My home is a 
prison unlike other prisons for I pay the mortgage and other expenses. They 
steal whatever they want by teleportation. Impossible, you say? Then check 
out D-Wave Systems who have had a quantum computer since 2007. Quantum 
computing facilitates teleportation. Others have a hard time hearing me on 
the phone because of the wiretapping and noise. I, too, often have 
difficulty hearing others. They decide who I can call or who can call me. I 
pay the phone bill, of course! Why have I been subjected to all this? 
Because I wanted to port a database of financial information to the Internet 
to help the retail investor, who is the base of the financial industry 
pyramid, for a small fee to enable me to hire others to perform the tiresome 
task of data input, avoid the scams and manipulations of crooked brokers on 
the Toronto and Vancouver Stock Exchanges. But these brokers contribute to 
both the Liberal and Conservative parties. So their friends in government 
reciprocate by harassing me however they can, and preventing the database 
from ever getting off the ground.

url:http://www.ureader.com/msg/1696948.aspx

Use encryption.

"lloyd dettering"  wrote in message 
news:e6bc1471f73346519abef02f2b34f75f@newspe.com...
> Black Hat recently had a conference boasting that they can now hack 
> through
> the power outlet. How late! The U.S. and Canadian governments (maybe 
> the
> other 3 of the N.S.A. partnership - U.K., Australia and New Zealand - 
> as
> well) have been able to do this since, at least, 2005. I know this 
> from my
> own experiences. Not only that! The Canadian criminals on behalf of 
> the
> criminal Harper government in Ottawa, control all electrical 
> appliances,
> whether AC or DC, in my home and the Hydro utility have no remedy for 
> this
> as they don't know how it's done. My phones, of whatever type, are all
> wiretapped. If I call on one of my 3 cellular phones, they call me 
> back on
> another, so I've stopped using any. I have only 1 of a 3-unit Uniden
> cordless phone set now working. When they worked before, they only let 
> me
> use 2. The other 1 they reserved for their own use (listening, of 
> course).
> Now they've ruined 2. All of my phone calls are listened into. My home 
> is a
> prison unlike other prisons for I pay the mortgage and other expenses. 
> They
> steal whatever they want by teleportation. Impossible, you say? Then 
> check
> out D-Wave Systems who have had a quantum computer since 2007. Quantum
> computing facilitates teleportation. Others have a hard time hearing 
> me on
> the phone because of the wiretapping and noise. I, too, often have
> difficulty hearing others. They decide who I can call or who can call 
> me. I
> pay the phone bill, of course! Why have I been subjected to all this?
> Because I wanted to port a database of financial information to the 
> Internet
> to help the retail investor, who is the base of the financial industry
> pyramid, for a small fee to enable me to hire others to perform the 
> tiresome
> task of data input, avoid the scams and manipulations of crooked 
> brokers on
> the Toronto and Vancouver Stock Exchanges. But these brokers 
> contribute to
> both the Liberal and Conservative parties. So their friends in 
> government
> reciprocate by harassing me however they can, and preventing the 
> database
> from ever getting off the ground.
>
> url:http://www.ureader.com/msg/1696948.aspx

On Wed, 16 Sep 2009 04:58:14 +0800, lloyd dettering wrote:

> So their friends in government 
> reciprocate by harassing me however they can, and preventing the database 
> from ever getting off the ground.

Time to double up on your medications Lloyd.

-- 
Paul Adare
MVP - Identity Lifecycle Manager
http://www.identit.ca

AC, DC? Doesn't matter! The government can access either and even turn off 
or power surge your equipment. Even make some parts - power supply, keyboard,
 mouse, monitor - seem dead. Big brother is watching you! (with your tax 
dollars, of course!). What do the politicians know about computing or, worse,
 quantum computing (which includes teleportation)?

url:http://www.ureader.com/msg/1696948.aspx