Reply From: "John Kozubik" <john_kozubikat_private> Here is the problem I see with the new IBM 'smart' ID tags for laptops: I was at a conference a few months ago for investment bankers in the security industry, and IBM did a nice dog and pony for us concerning the asset tracking ID stuff ... pretty interesting, but I brought up some questions that IBM did not really have an answer to. 1. The signal traveling from the threshold of the building that will turn off wayward laptops on their way out of the building is _not_ encrypted, therefore, if you intercept that signal and re-apply it elsewhere to machines in the field, you now have the ability to apply a DoS attack to these laptops in the field. The IBM representative verfified that this is indeed 'theoretically' possible. 2. There is 256 bytes of user definable data in the laptop itself, which, depending on the implementation of IBMs product you use, _can_ be broadcast out from the laptop. The point of this is so that as the laptop leaves the building, it can tell the threshold "hi, I am this laptop, I am leaving now". This is all fine and good, but this data is not encrypted either - which means that in potentially hostile situations (heads of state, high powered execs who have a danger of being kidnapped for ransom, etc.) the laptop is now sending out a "hey, over here, it's me!" message to all who might be listening, in clear format (not encrypted). These are two major drawbacks I saw to the system. #2 might be a little nit-picky, but number one (DoS) is definitely a problem. kozubik - John Kozubik - john_kozubikat_private PGP DSS: 0EB8 4D07 D4D5 0C28 63FE AD87 520F 57BE 850B E4C4 -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:17:42 PDT