http://www.cs.tau.ac.il/~tromer/acoustic/

including from secure "Tempest" servers. i find this hilarious. they're using power-fluctuation analysis using either a physical contact with the machine (skin-contact with the metal case is enough but an earth point on the VGA or USB cable is better), or, my favourite, is listening for the distinctive sound made by inductor-capacitor feedback loops in the power circuits. apparently some mobile phone microphones are just about good enough to hear the 20khz+ whine: that's enough to determine the power consumption during the RSA key calculations, and that's good enough to get any private key. takes a hell of a long time, but that's ok :)

all those "secure servers" out there? all you have to do is lease space to put in your own co-located server with an ultrasonic microphone and it's game over for neighbouring web server certificates. absolutely hilarious.

sorry i just had to share this with someone.

l.