Armand Puccetti

Armand Puccetti is a research engineer and project manager at CEA-LIST (a department of the French Nuclear Energy Agency, http www-list.cea.fr) where he is working in the Software Safety Laboratory. He is involved in several European research projects belonging to the MEDEA+, EUCLID, ESSI, and FP6 programs. His research interests include formal methods for software and hardware description languages, semantics of programming languages, theorem provers, compilers, and event-based simulation...

Van Eck Phreaking

In 1985, Wim Van Eck, a Dutch researcher, published a paper in Computers & Security entitled Electromagnetic Radiation from Video Display Units An Eavesdropping Risk In this paper, he details how the electromagnetic emanations from a display device can be intercepted to give a representation of what is being displayed on the screen. Although the security issues of intentional radio frequency (RF) emissions are common knowledge, such as those from a wireless network, the unintended ones can...

Platter Locks and Circumvention

In the last couple of years, some computer manufacturers have introduced password-protected hard drives (or platter locks), particularly for use in laptops. The password is stored in the chipset on the drive and is accessed or modified by the drive CMOS. This technology requires users to enter a password before the hard drive can be activated. During a cold or warm boot, this occurs just after the POST (at the time the hard drive is accessed), and it arrests the machine at that state until the...

O Preventing TPM Reset Attacks

The TPM reset attack is technically very difficult to prevent using some of the oldest TPM technology, namely TPMs provided on daughterboards. The attack is more complicated to perform if the TPM is integrated to the motherboard, rendering access to the chip pins more difficult. On the other hand, the risk associated with this attack is very low due to the very high cost for the attacker She has to not only be present in front of the computer, but also open it, find the TPM and the correct pin,...

Computer Viruses and Other Malware

All the previously mentioned attack categories can also include some form of malware in the body of the email message. Malware generically refers to software that performs some form of action without the user's consent, meaning the software is hidden in some way or advertises a rather different purpose from its real one. This category includes computer viruses (which we'll describe in detail next), worms, Trojans, spyware and so on. Malware is commonly attached to SPAM and e-mail fraud...

Introduction To Trusted Computing

Trusted Computing was defined by the Trusted Computing Group (TCG, formerly known as Trusted Computing Platform Alliance or TCPA) as a set of industry standards revolving around the specification of a Trusted Platform (TP). The TCG was founded in 2003 and is, in its own words (see a not-for-profit organization formed to develop, define, and promote open standards for hardware-enabled trusted computing and security technologies, including hardware building blocks and software interfaces, across...

About the Project Managers Barcelo

Marta Barcelo is Director of Operations, co-founder of ISECOM, and is responsible for ISECOM business operations. In early 2003, she designed the process for the Hacker Highschool project, developing and designing teaching methods for the website and individual and multilingual lessons. Later that same year, she developed the financial and IT operations behind the ISESTORM conferences. In 2006, Marta was invited to join the EU-sponsored Open Trusted Computing consortium to manage ISECOM's...

Web Services Enumeration and Manipulation

In earlier implementations of web services, an organization would register their web service with a Universal Business Registry (UBR) so that third parties could search a master Universal Description, Discovery and Integration (UDDI) database of publicly available e-commerce web services. Attackers could also search these public databases to discover web services, and all of the information required to access them, via a Web Services Definition File (WSDL) file. The modern architecture of web...