Questions tagged [physical]
The use of physical measures (such as locks and tamper-proofing) or policies (such as Clean Desk) in order to protect sensitive information from unauthorized access.
401 questions
43
votes
4
answers
11k
views
How are all public computers (libraries, etc.) not full of malware?
How are all public computers (libraries, etc.) not full of malware? Are they protected in a specific way that makes them safe to utilize?
- 523
1
vote
1
answer
72
views
Since JTAG can be authenticated and encrypted, which key is used? I read that Secure Boot is used, but what is the key?
Since JTAG can be authenticated and encrypted, which key is used? I read that Secure Boot is used, but what is the key? Me, owner of this laptop, how can I know the key to use to access my own laptop ...
- 197
-1
votes
2
answers
240
views
Laptop Repair vs. Evil Maid
Suppose you need a laptop repair, so you bring it to
A big box store where you have some sort of coverage (who will have the computer for 2-3 weeks)
A small chain of repair shops
a small independent ...
0
votes
0
answers
88
views
compatability of Desfire EV1/2 readers and cards with a Doorking access control system
I am getting the idea that Doorking's ProxPlus cards and reader have a pre-defined encryption key in their reader. As these readers are wiegand devices and the software for the Doorking Access systems ...
0
votes
2
answers
203
views
Mitigating vulnerabilities in audio libraries that cause physical damage
As I pointed out here in February 2022, people who gained brief direct or remote access to a machine can change the volume step or other things regarding sudden large changes to the sound volume (for ...
- 393
16
votes
5
answers
11k
views
Can fingerprint readers be trusted?
I've recently obtained a new notebook, specifically a Thinkpad. Now I found out that it has a fingerprint reader integrated into the power button. I am skeptical about biometrics as a security ...
- 270
1
vote
1
answer
368
views
Rowhammer mitigations in current hardware and software
I've been looking into rowhammer attacks and mitigations and there are two (what seem to be) mitigations that I've seen that are actually implemented in currently available hardware and software, but ...
- 11
0
votes
3
answers
529
views
What can an attacker do with physical access to a Linux server?
I have physical access to a Linux computer (Ubuntu 20.04). My colleague asked me what an attacker could do if he had physical access to this computer?
I would like to know if, by default (after a ...
54
votes
11
answers
12k
views
Why did they stop adding physical "write protect" mechanism?
Floppy disks used to have a physical means of preventing writing to them. No software could bypass that, no matter what. It had to be flicked physically and manually by a human being.
Modern SD cards ...
- 549
1
vote
1
answer
250
views
As a private individual, cleanly destroy a large number of paper documents. Are there alternatives to the consumer shredder?
I need to safely dispose of about 30 federal folders. That means 95% of the documents will be shredded and the rest stored. I bought a small shredder for private people (professional shredders are too ...
- 1,491
2
votes
2
answers
302
views
What is the name of the box that hackers connect to a router in order to spy on all your traffic?
I watched a documentary where hackers entered a victim's house by pretending to be from the ISP and then connected a box to a router in order to spy on all of the victim's traffic. Later, the hackers ...
- 23
0
votes
1
answer
134
views
What type of attacks can be carried against an OS with FDE, if we assume OS and FDE are implemented correctly?
The question is mainly stated in the title. I was wondering what kind of attacks can be launched on such a setup, where someone has access to a running OS with locked screen (needs password for the ...
- 101
3
votes
0
answers
251
views
Does Windows 10 read/run/care about USB devices plugged in "Lock Screen" mode?
Whenever I leave my computer for the bathroom or anything inside the living space, I press WinKey + L to enter the "Lock Screen" mode. (If I go outside, I turn it off completely.)
Let's say ...
- 31
4
votes
1
answer
612
views
Detecting BIOS changes on PC
I've seen this question: Is it possible to determine if the BIOS has been modified between two points in time?
On my Linux PC, I've made a script that checks the MD5 hash of the boot partition to ...
- 41
2
votes
0
answers
193
views
Allow the use of camera phones in the manufacturing facilities; but then how do I maintain the security of the premises
What are the best practices to be followed to maintain security in the manufacturing site where camera phones are allowed?
I'm working on one of the largest manufacturing facility where few of the R&...
0
votes
0
answers
113
views
Windows 10 Cybersecurity on Stand-Alone Computer
I have been asked to investigate what capabilities exist within Windows 10 where the environment for this system is isolated. I believe it would not be able to benefit from an enterprise security ...
- 255
0
votes
1
answer
155
views
Has there ever been a case of dangerous industrial malware, which would destroy motherboards and similar PC components and how to protect [duplicate]
I heard many years ago from word of mouth that this kind of malware exists, which could for example blow up capacitors in your PC.
Has such malware or something even remotely similar ever existed?
...
- 1,675
0
votes
0
answers
892
views
Remotely disable a laptop's ability to power on or charge?
If I loan out laptops to my employees to work remotely, such as Dr's, Nurses and other healthcare workers that generate sensitive information on patients, how can I remotely disable the laptop's ...
- 109
0
votes
1
answer
218
views
After EOL, can safety-critical systems be secured when connected to internet-connected components? [Automotive]
NOTE: This was originally asked on the main StackOverflow site, but now moved here because of the security nature of the question.
Since internet-connected Infotainment Systems are now connected with ...
- 113
0
votes
0
answers
259
views
Feasibility of CPU Backdoors
Recently I was thinking of the feasibility of hardware backdoors in the CPU introduced by manufacturers at the behest of three letter agencies. I can think of two potential backdoors that seem ...
0
votes
1
answer
505
views
How to prevent copying of digtal (handwritten) signatures? [duplicate]
Assuming that you are not given any other choice than to implement digital handwritten signatures. That is, a signature pad (or even a computer mouse) is used to generate a digital signature which is ...
5
votes
1
answer
330
views
In a physical pen test, is there a way to figure out FOV of a tinted dome camera?
With bullet cameras, this is easy. You look which way they are pointing and then either guess their FOV, or even look them up based on how the model they appear to be.
Most dome cameras are behind ...
- 1,152
0
votes
1
answer
185
views
Prove someone entered and exited a room at specific times without any biometric authentication [closed]
There is a room. There is a lot of incentive for people to enter this room. This room allows you to enter and exit whenever you want, but for each minute you stay in the room, you get a dollar. ...
- 103
0
votes
1
answer
311
views
Block file and data transfer out of a device
I was reading a documentation that suggests blocking the computer from transferring files to an external device, such as a HD, Camera or Pen Drive, allowing only reading.
Is this type of protection ...
- 174
0
votes
0
answers
132
views
Options for Integrating or developing a physical security solution (physical access control via in-house mobile apps [NFC/Bluetooh])
Our team is looking to either integrate or develop a physical security solution for a rather large campus.
Requirements:
Ability to either integrate (with reader/electronic lock hardware) from our ...
- 113
1
vote
1
answer
312
views
Use of SoftHSM2 in commercial products
I came across SoftHSM2 from OpenDNSSec(BSD license) which is a drop-in replacement for HSM except that SoftHSM2 only lacks physical security. Also, being the fact that PKCS#11 is the standard ...
0
votes
0
answers
156
views
Thoughts on Vaccine Security
Are there any recommendations for the physical security of COVID-19 vaccine?
I recently watched this video https://www.youtube.com/watch?v=uoqMA9vAOrQ on covid-19 vaccine distribution. At the 0:40 ...
- 1,600
0
votes
0
answers
299
views
Is there a better method that this for storing a physical password? [duplicate]
This may be a little unnecessary, but taking into consideration:
There are many ways to hack a computer
There are many ways to hack a network
There is always a possibility of an undetected malware on ...
3
votes
0
answers
246
views
Can the glue of glitter-hot-glue sticks be used to provide evidence of electronics-hardware tampering?
I've been researching low-cost, yet strong, tamper-evident mechanisms, and purchased some low-cost glitter-hot-glue sticks as part of this research. The Amazon page advertising the sticks, seems to ...
-1
votes
2
answers
175
views
Election security is considered one of the most difficult problems in computer security [closed]
Not just electronic voting, but in election security general.
I think it part is because there are many components to it, and it has many components that could be compromised.
What are some of the top ...
- 7
-1
votes
1
answer
229
views
Why do people, even programmers and geeks, seem to almost feel the urge to "give hackers a fair chance" at stealing their data? [closed]
I once heard that the author of the early NES emulator "Nesticle", clearly a very intelligent person, baffingly used some kind of exploitable "Samba" or "SMB" server ...
- 1
9
votes
5
answers
2k
views
How to share passwords *only* after death?
I am looking for a modern, password manager-based way to share my passwords with certain parties (partner, executor of my will) within a week or so of my death, but no sooner.
The scenario I wish to ...
- 199
0
votes
1
answer
617
views
Is there any write-once USB stick/pendrive? [closed]
Is there any Write-once USB stick/Pendrive?
I need to submit some files to Authorities and I don't want them to modify on whatsoever.
Any suggestion?
- 101
62
votes
15
answers
20k
views
Emergency method to erase all data off a machine within seconds
Imagine you are carrying highly sensitive information with you, maybe on a mission in a war zone. You get in an ambush and quickly need to erase all the files before they fall in the wrong hands. This ...
user238815
0
votes
0
answers
123
views
Security standard that requires network cables to be visible for inspection
I recently worked for a customer that showed me that all their network cables are visible. Indeed, cables were never drawn inside walls, conduits or trunks. Instead, they were "hung" on poles close to ...
- 595
0
votes
1
answer
166
views
Remote monitoring of key strokes — is an RF retro reflector required?
Is it possible to remotely monitor key strokes on a laptop or is an RF retro reflector required?
If so, where would be the most likely location such a device would be placed?
- 1
5
votes
2
answers
390
views
Why did I never see those "spy signal jammers" for sale?
I recently watched a 1980s computer television programme about the problems of spying. Basically, they showed how anyone could buy relatively cheap and common hardware and then be able to sit outside ...
- 51
0
votes
1
answer
2k
views
Can the photos/videos I deleted a year ago can still be on my iPhone or on the Internet?
I have been getting paranoid lately and decided to ask for your insight on this issue. A year ago, I took photos of some personal information (cc, passport, etc), and deleted them a month later, along ...
- 1
15
votes
8
answers
4k
views
Document security - how to find who's leaked a confidential document?
I am legally obliged to distribute a document (probably by email, probably saved as MS word, or a PDF) to several hundred recipients.
The recipients are legally obliged to keep it confidential. ...
- 251
-4
votes
1
answer
233
views
How can any intelligent person believe that PGP, HTTPS or anything else we have today is secure, given history and logic? [closed]
It truly feels like we are living in an "afterworld", long past the era when smart, intelligent, real men and women worked on things that really did matter. I'm talking about Enigma, Lorenz, Collossus,...
3
votes
1
answer
775
views
"Digital" signatures on real life objects
Although this question may be out of scope, I'm wondering if there's a reliable way to apply a "digital signature" to real life objects in order to prove your ownership of them to a degree.
As an ...
- 283
1
vote
1
answer
1k
views
Can I safely sell a used keyboard without risk of new owner recovering previous inputs?
As far as of my knowledge goes, keyboard don't store keystrokes in their memory by default (excluding those bundled with keyloggers). The thing that comes to my mind though is that some keyboards do ...
- 45
4
votes
2
answers
413
views
Physical mechanical examples of "M-of-N" locks?
Arbitrary "M-of-N" secret-sharing protocols are a well-studied topic in cryptography, and are apparently so useful that Bitcoin Script devoted a whole opcode to them.
In this blog post, I ...
- 160
0
votes
0
answers
51
views
When they make physical locks, do they really just make a few variations of the keys and then mix them together and sell? [duplicate]
I always assumed that each lock is unique and can only be opened with the keys it was sold with (or any copies made later from those originals). But the truth seems to be that they just make "a few" ...
0
votes
2
answers
249
views
Recreating the Half Coins of Jin-Qua [closed]
In the Asian Saga series by James Clavell, the Struan family gave away the half-coins of Jin-qua: in exchange for a desperately needed loan, the pirate Dirk Struan received 4 halves of 4 coins. The ...
2
votes
1
answer
162
views
Strategies to protect SANs in branch offices in risky places
A company has several remote branch offices located in relatively dangerous places, such as Iraq, and I'm looking into strategies to secure the SAN in the event of theft or looting. The data is ...
3
votes
2
answers
1k
views
What is the physical security (Evil Maid) threat model of a modern hardened laptop?
Why I believe this question is not a duplicate:
There are multiple questions dealing with the exploitation of a locked computer on this site, but most of the answers are focused on exploiting a non-...
- 61
0
votes
1
answer
258
views
Household attack vectors and mitigations [closed]
Hopefully this question won't come across too closely to a which product is best as that is not my intention.
I am moving into a larger property and I would like to setup some home security now i'm ...
- 47
-2
votes
1
answer
182
views
Do large companies keep a detailed "company log" book/database? [closed]
In my life, I have spent a lot of time thinking and wondering about many things related to larger businesses, even though I have no direct connection to that world. By "larger", I mean "not just a ...
- 1
3
votes
1
answer
331
views
What do I do if I catch someone doing a physical pentest? [duplicate]
This question was primarily inspired by this (related) question, but is about the other side of the equation.
I'm a security engineer at Medium Sized Company, Inc. We recently hired John for a ...
- 382