English 
Français
Deutsch
Español
Italiano
Português
日本語
한국어
Русский
Glitter nail
At a talk at the 30C3 in Hamburg, Ryan Lackey proposed an ingenious solution to detecting tampering with your computer, phone or tablet: paint the seams and screw-tops with glitter nail-polish and snap a photo of the random pattern formed by the glitter after it dries.
Security-conscious travelers have long used tamper-evident seals over their devices' screws and seams, but as Lackey points out, those seals are easy for spies, customs officials and other snoops to reproduce, especially if they can work in private (as happens when your laptop is taken away for a border inspection). But reproducing the random pattern of glitter polish is substantially more expensive that replicating a security seal — it also takes longer, and there are no set procedures for doing so.
Lackey also recommends using stickers as an alternative seal; it's unlikely that a spy agency or a customs official has access to your favorite vintage Wacky Package sticker.
The idea is to create a seal that is impossible to copy. Glitter nail polish, once applied, has what effectively is a random pattern. Once painted over screws or onto stickers placed over ports, it is difficult to replicate once broken. However, reapplication of a similar-looking blob (or paint stripe, or crappy sticker) might be enough to fool the human eye. To be sure, the experts recommend taking a picture of the laptop with the seals applied before leaving it alone, taking another photo upon returning and using a software program to shift rapidly between the two images to compare them. Even very small differences – a screw that is in a very slightly different position, or glitter nail polish that has a very slightly different pattern of sparkle – will be evident. Astronomers use this technique to detect small changes in the night sky.
By taking the picture with a cellphone that is kept with you at all times, you can be reasonably sure the original picture hasn't been tampered with or replaced. In order to guard against typical user forgetfulness, the experts recommend using a two-stage remote verification system. Such a tool would require that two pictures match exactly, for example, before allowing the user to log in to a potentially vulnerable system such as a VPN.
"This makes it non-skippable by users," said Michaud, CEO of Rift Recon. "If the user doesn't do the check, it doesn't work."
Don't Want Your Laptop Tampered With? Just Add Glitter Nail Polish [John Borland/Wired]
(Image: Feather effect nail polish, a Creative Commons Attribution (2.0) image from berenicedecados's photostream)
Process X's video of pencils mass-produced at a Japanese factory is so perfectly satisfying I suspected the audio was foleyed, until they got to the part of the factory where… READ THE REST
Noelle Dunphy, who is suing Rudy Giuliani for sexual assault, harassment, and wage theft, has just released audio transcripts that reveal the disgraced former Trump attorney to be an antisemitic… READ THE REST
Life in plastic is fantastic, so they say. For the rest of us, however, made of decomposable organic compounds, we're left to live with the landfills piled high with all… READ THE REST
We thank our sponsor for making this content possible; it is not written by the editorial staff nor does it necessarily reflect its views. TL;DR: Get permanent access to up… READ THE REST
We thank our sponsor for making this content possible; it is not written by the editorial staff nor does it necessarily reflect its views. TL;DR: Beat the heat and give yourself… READ THE REST
We thank our sponsor for making this content possible; it is not written by the editorial staff nor does it necessarily reflect its views. TL;DR: This brand new Apple Mac mini (2018) is… READ THE REST