A motivated attacker will use any method to get at sensitive data, and not always in ways organisations might expect.
While you may encrypt all your information to the highest level while it sits in systems or flows over networks, it still has to be decrypted when in use, and that is when it is at the greatest risk.
The person standing behind you at the ATM might peer over your shoulder to get your PIN. The intruder in your office might photograph your screen contents with a mobile phone. More advanced hackers may even be able to detect transactions by picking up the electronic signals coming off your systems, or decipher useful information from the sounds of your keystrokes.
This often overlooked area of security -- compromising electronic emanations -- is the subject of a new thesis by Richard Frankland, an MSc student at Royal Holloway University of London (RHUL) and Prof. Keith Martin, a university lecturer.
In an article based on the thesis, and published exclusively on SearchSecuirty.co.UK, they explain the various dangers that may apply to plaintext, and the various methods that attackers could potentially use to steal it.
While admitting that some of the threats are still quite rare, the authors assert that, as cryptography becomes stronger, plaintext could become a more attractive target for attackers over the years to come.
The feature is one of five SearchSecurity.co.UK is publishing this year in collaboration with RHUL.
This was first published in May 2011