• Keyboard sniffers
• TEMPEST
• Memory snooping
• Disk Cache snooping
• Packet sniffers
• Trojan horses
• Bad passwords

Keyboard sniffers

There are programs which read keys when pressed. An attacker could install this kind of software on your system, hence he could read your pass phrase when you are using it during encryption of your documents. There are several methods to do that. For example, there are a lot of keyboard sniffing tools on the net (I don't want to suggest you any link to download such software, as the purpose of these pages is just to show you possible hazards on the net) such as Dos based tools. I'm talking about Dos based keyboard sniffers, because it's a bit more complicated to install programs on Unix systems, as root access is needed (of course, unless you are using an X-Window interface, as there are a lot of tools to read key pressing from an X-Window session). But how can an attacker install this kind of software on your system? Well, for example by means of a virus. Notice that loading of TSR viruses isn't needed for this purpose. In fact a boot virus can without problems do this work.

TEMPEST

In 1985, a Dutch scientist Wim van Eck published a paper talking about eavesdropping risks due to video display units' electromagnetic radiations emissions. His work proved that video display units (CRT's) CPU and/or peripheral equipment, emitted electromagnetic radiation similar to radio waves which could be intercepted from a remote location at quite distance and with little efforts. The U.S. government's answer to this kind of monitoring was TEMPEST. TEMPEST stands for Transient ElectroMagnetic PulsE STandard and it is a standard for electromagnetic shielding for computer equipment. So the U.S. government created this standard to measure electromagnetic computer emissions and detail what is safe from monitoring. The standards are detailed in NACSIM 5100A document (classified by the NSA - National Security Agency). It isn't so much expensive to set up a device for TEMPEST monitoring. For example, someone could set up a monitoring van outside your home, aim an antenna and read all you are typing - and seeing - on your computer. So, to avoid this problem, your computer equipment should be TEMPEST certified, in other words, it should be actually shielded.

Memory snooping

In a multi-user system such as Unix, it is possible to read the physical memory of the machine by anyone with the proper privileges (usually root privileges). If you have root privileges for example, you can open the virtual memory of system (/dev/kmem) and read an user's page.

Disk cache snooping

In a multitasking operating system such as Windows, data are swapped from memory to disk and vice versa. This happen on system which use virtual memory. In fact operating systems simulate a bigger RAM (Random Access Memory) by dividing data into pages which are swapped in/out from/to disks. More used pages are inside of RAM, but others are stored inside of an hard disk. When a program need a particular page which isn't inside the RAM, the operating system load it. In other words, disk are a kind of 'fake' extension of RAM. For this reason you can often see the hard disk activity led lighted. You can't understand why your hard disk is working even you aren't handling files: well, the virtual memory system is working. Usually data swapped out are stored inside of a swapping file. Well, in a networked environment, anyone who has access to the machine, could read that swapping file or even stole it.

Packet sniffers

If you aren't using some sort of session encrypting utility or a secure network protocol, you are sending your pass phrase on the net as a clear text. So, a packet sniffer sitting between your terminal and the host where you are sending the pass phrase(and you should notice that from you and the recipient host there are several nodes where packet sniffers could be installed), can easily capture this information. For example, packet sniffers may be sensitive to some words like Visa, MasterCard and so on. For this reason you should avoid sending credit cards numbers without using a secure protocol. In addition, to avoid this problem, first of all, you shouldn't send any password via e-mail without using a some kind of encryption tool (such as PGP for example)! Then, you could use a one-time password (i.e., a password which is useless just one time, then it has to be changed), so, even a packet sniffer catch your password, never mind, in fact the guy who 'sniffed' it can't use it, because it has already used one time!

Trojan horses

What's a trojan horse? It's an apparently harmful program. Well, that program do just all things you expect of it. But like the Ulisse's trojan horse, in a similar way, a malicious code is written inside of that program. That code can record your secret-key passphrase and, if it finds a modem, send it to a specified host. Unfortunately, you can't detect a trojan horse before it can act. Antiviruses can't detect trojan horses, because they seem just like harmful, normal programs.

Bad passwords

Well, now let me talk about a big trouble widespread on the net: bad passwords. What I mean is that often people choose bad passwords, like names of people, dates, common words and so on. The problem is that some programs - called password cracker - can break easily this kind of password. Password crackers use dictionaries to attempt all words on and on until they find out the right password. If you try a good password cracker on a medium power machine, say a Pentium machine, you could find out bad passwords in hours! For this reason you should avoid choosing your first name or second name, your birth date, names of people, common words, names of countries, animals and so on as a password! Too much often I saw bad passwords. For example the user John who choose his name - John - as a password. Yeah, user John and password John (don't worry, these user-id and password are invented...)! So you should use a some kind of phrase (don't use proverbs! Some advanced password crackers know proverbs...) which you can remember, then take the first letter of each word of the phrase and gather them to form your password. For example a phrase like this: 'My Dog Eat 2 Sausages Every Weeks!' is a right phrase. The password is: MDE2SEW! In addition you should use punctuation-marks, numbers and special characters. In the previous example, in fact, there are five letters one number and one punctuation-mark.