Schneier on Security
A blog covering security and security technology.
« Colbert Report on the Orangutan Cyberthreat |
| Op-ed Explaining Why Terrorism Doesn't Work »
June 22, 2012
Friday Squid Blogging: Giant Mutant Squid at the Queen's Jubilee
I think this is a parody, but you can never be sure.
Millions of Britons turned out for the Queen’s four-day celebrations, undaunted by the 500-foot mutant squid that was destroying London.
Huge crowds of well-wishers lined the banks of the Thames on Sunday to watch a spectacular flotilla, continuing to cheer and wave even as tentacles thicker than tree trunks emerged from the water, seizing boats and smashing them against each other.
The Queen and Prince Philip waved and smiled, undaunted as a vast gelatinous shape hauled itself from the belly of the river, tossing tenctaclefuls of screaming bystanders into its beaked maw.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Posted on June 22, 2012 at 4:03 PM
• 34 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
anyone out there know anything about scrypt and its key derivation method? the paper is here: http://www.bsdcan.org/2009/schedule/attachments/... and the slides are here: http://www.tarsnap.com/scrypt/scrypt-slides.pdf. the author is colin percival. the idea of making a password hasher expensive in both memory and silicon (for custom chip attacks) is interesting, but I haven't found jack for comments from people like our host who actually know something (not to disparage percival, I know zero about him). google didn't find anything useful for me.
Bruce, shhhhh. You'll get us a Transportation (of) Squid Agency if you're not careful!
I think this is a parody, but you can never be sure.
And this is why we think that you Yankees haven't got a clue about this planet. It's world wide news. We Brits are all living on a tiny rock in the North Atlantic. We're doomed, and you guys think that this is "your Briddish humor" (sic).
/pisstake: Go ogle Cameron & Clegg
I always thought travelling to europe was dangerous (especially with all the terrorists). Many thanks for exposing this danger, I definetly won't be going there soon now.
Googling for london squid I thought was an indirect ad for an umbrella's shop
A paper describing how the lethal H5N1 bird flu virus could be altered to spread more easily, which was originally withheld over fears that terrorists could use the information to create biological superweapons, has now been published.
"The paper’s publication, in the journal Science, ended an acrimonious debate over whether such results should ever be released. Critics said they could help a rogue scientist create a superweapon. Proponents said the world needed to identify dangerous mutations so countermeasures could be designed.
"'There is always a risk,' Dr. Anthony S. Fauci, the director of the National Institute for Allergy and Infectious Diseases, said in a telephone news conference held by Science. 'But I believe the benefits are greater than the risks.'"
Story of Maj. Harold Hering, who sacrificed his military career by asking a Forbidden Question about launching nuclear missiles : Who authenticates the authenticator?
anyone out there know anything about scrypt and its key derivation method
I know an incy-weeny bit about it. The principle of using memory to make ASIC based solutions expensive is sound. So are the ideas on Memory Hard (MH) and Sequential Memory Hard (SMH) assuming of course the theoretical model used as a proof is sound and that the implementation of MH or SMH algorithms have no short cuts in them that negate the memory requirments in some way.
However that being said there are a couple of non theoretical problems the first of which is a bit of a killer...
Firstly The idea of sending passwords over the wire from the client and storing them in some verifiable form on the server is outdated.
There are better standardised ways of doing it which put the onus for security almost entirely onto the client, which means it also reduces the cost in CPU use and file storage on the server immensely, as well as "externalising the risk" for the service operators (see discussions on this blog about LinkedIn's recent misfortunes)
Secondly is the assumption that the likes of the NSA, GCHQ et al, go about cracking individual passwords, as a rule they don't as it's very inefficient compared to other methods which use human failings on mass and design mistakes or short comings in implementations, protocols and standards.
For instance let's assume they want to know your secret pass phrase for a service in another country where they can not get an LEO to just subpoena access to the account. It is far far easier for them to do a man in the middle attack or hack the server to get access, than even think about cracking the password.
Look at it this way, they need to hack the server first to get at the password DB to crack it therefore why bother when they can just put the equivalent of a keyboard logger on the server and hoover up all the plaintext passwords as they come in...
So for online passwords scrypt() is way way to strong and likewise way way to expensive to use at the server end.
Likewise for file encryption it's simpler to put a keyboard logger onto the users machine than it would be to crack the password. Failing that if the user was cautious and always used the machine "off line" in an "air gapped" arrangement we know that crossing the air gap is possible simply by infecting the machine they do use online to infect the memory key etc they use for transfering the encrypted file.
Thus scrypt() is realy a solution looking for a problem (as was bcrypt) that is very unlikely to exist... and as our host has been noted to remark practical security is not about the strongest but "weakest link in the chain".
Which is why you've discovered,
I haven't found jack for comments from people like our host who actually know something
It's not in their interest to devote any real time to evaluating it let alone trying to break it etc.
I'm sorry if that seems harsh but the art of crypto has seen quite a few good ideas left at the wayside for similar reasons.
thanks. "...a solution looking for a problem...". heh. and of course there is always this solution: http://xkcd.com/538/ (amusingly, percival uses it in his slides).
I think this is a parody, but you can never be sure
I can confirm -- having stood on the south bank opposit Wapping Steps where Rupert Murdoch's News International started heading down the "crapper" to use his vernacular -- that the crowds were being driven away by a severe lashing from a monstrous and ominous presence. It was dark grey and had injested the tops of a number of tall buildings (especialy the Shard near London Bridge) and had indead driven away the military aircraft.
However a 500ft mutant squid it was not it was much much larger, totaly natural and in some respects even more frightening, and is the worst set of rain clouds I've seen at this time of year with significant lightening later on.
Whilst "Myth Busting" I can say that the belief in times past down south in the USA that amongst other things "firing a cannon across" or "ringing a bell over" water to "bring bodies of the drowned to the surface" did not appear to work. At one point or another during the flotila a cannon was fired across the water and the floatila was headed by a large barge with church bells mounted on it that were continuously rung down the whole passage of the floatila and that there were no reports of dead bodies surfacing in it's wake.
Whilst it might appear an odd notion to us these days there is however a small degree of truth in it, as bodies can and do sink shortly after death, but as they decompose start to bloat with gas and will rise again a few days or weeks later depending on various factors. So in still water the vibrations caused by the noise might just dislodge a body a short time before it might otherwise have risen from the continued "out gassing" of the bacteria from the human gut that are now eating the body.
However beliefs can be strange, stranger than normal thought and definatly in the "You couldn,t make it up" category... during the reign of the UK's previous queen (Victoria) their was a belief that blowing tobacco smoke up a drowned persons bottom would revive them... Apparently this was sufficiently believed that a special apparatus was designed for this very purpose (an example of which was on display in the Welcome collection) and was at the. time placed with other life preserving equipment at various places along the river Thames in London in areas like "Putney Reach" where people tended to wash up if they fell into the river...
And no, before anyone asks I've not tried it and further I've absolutly no idea how this strange idea came about (nor do I want to I suspect). However it is known that a persons rectum is very good at absorbing things like drugs and alcohol. So much so that in East Germany where the price of alcohol was made so expensive to stop drunken behaviour there was a practice of a group of people getting together to buy a half bottle of vodka and some cotton wool. They would soak small pieces of the wool in vodka and push them up their bottoms to get drunk much more quickly and cheaply than just drinking the stuff... Oh and as some of you might know vinegar is acid alcohol and is used for preserving vegetables such as the (in)famous British Pickled Onion, this I assume will likewise be as easily absorbed by the rectum which might explain the peculiar "initiation ceremony" that used to be performed on London Firemen on compleating their training where their colleagues would shove a pickled onion up their bottom... (again I've no idea how this got started nor do I realy want to).
@ Alan Kaminsky,
A paper describing how the lethal H5N1 bird flu virus could be altered to spread more easily which was originally withheld over fears that terrorists could use the information to create biological superweapons, has now been published
I'm glad it has been released, partly because keeping the paper secret after the idea became known was fairly pointless.
For those who may find this surprising it is a simple fact that one of the greatest impediments to man's knowledge is "not knowing if something can be done". Once you know something can be done it is usually fairly eassy to work out how from the technology currently available. It is why ground breaking research and design is known as "the bleeding edge" and that quaint saing "It's the second mouse that get's the chease" is in use.
The simple fact is however that "biological weapons" have been a bit of a wash out not just for very well funded terrorist organisations (Japanese death cult tried bio before chemical culminating in sarin attack on Tokyo underground transport system that finaly got them noticed by the authorities) but also well funded Governments as well. The problems in both cases is the delivery mechanism, for some reason whilst nature apparently manages it easily we humans find it very difficult bordering on impossible to effectivly deploy weaponised biological processes currently.
Of course the obvious question is if this mutation occured naturally would it cause a pandemic like that of 1918? Some how I suspect not in first world nations. The reason being our general health is better, we smoke less and we don't use coal for domestic heating any longer. Also we now have statins that are in widespread use and these apear to have a significant effect in reducing the infection. However there is bad news the "micro particulates" that reduce lung function may have gone down from smoking and coal use, but it's gone up significantly in the use of oil especialy diesel vehicles.
Would it be wise to create my own CA as opposed to being reliant upon commercial CAs? I'd rather not be reliant upon the CA I use just now; it isn't that I don't value it, nor that I don't trust their particular competency, it's just that I'd rather remain in control of my own CA and be able to do as I please. Whilst I realize that it would cause inconvenience, I think that Moxie Marlinspike has demonstrated that CAs in their current iteration aren't viable.
And no, before anyone asks I've not tried it and further I've absolutly no idea how this strange idea came about (nor do I want to I suspect)
@ Clive, re: the "arse puffer"
Well, nobody wanted to know the difference between herbivore and carnival do-do but you graced us all with that gem. (smiley?:)
Someone like yourself who seems to have done a lot of things needs this sort of disclaimer. I don't know where you find this stuff (lol), but in true "Clive" fashion you opened another can of worms (actually something much much worse).
A "tobacco smoke enema" was amazingly enough used for a variety of medical ailments; and was believed to work by pushing warmth up in a person, the nicotine stimulating the heart and promoting respiration. Skepticism over the device may have led to the creation of the idiom "blowing smoke up/out one's arse". There were even liquid tobacco ones (I know, I'm sorry); anyways I won't "dig" any deeper.
This is an example (like the holocaust) where you can barely stand learning about the past, but you do so, so hopefully it does not repeat itself...ever...again...
More a privacy than a security story, but certainly one with security implications: http://blog.gerv.net/2012/06/facebook-email-mitm/ Facebook is MITM-ing email addresses without notifying users - presumably if I look at a profile and then send an email to the facebook email address it can then (tentatively) associate the details in the email with my identity.
Ross J. Anderson over at Camb Labs is giving a paper on the costs of Cyber-Crime at WEIS
They came up with some interesting results, however the biggie as it were is the cost difference between traditional crime that has moved online to new types of crime that are effectivly the product of the Internet,
... we compared the direct costs of cybercrimes (the amount stolen) with the indirect costs (costs in anticipation such as countermeasures, and costs in consequence such as paying compensation). With traditional crimes that are now classed as “cyber” as they’re done online, such as welfare fraud, the indirect costs are much less than the direct ones; while for “pure”cybercrimes that didn’t exist before (such as fake antivirus software) the indirect costs are much greater. As a striking example, the botnet behind a third of the spam in 2010 earned its owner about $2.7m while the worldwide costs of fighting spam were around $1bn
You could easily conclude we are being "taken for a ride" based on FUD by the various interested parties. With the recent revelations about AV software failing for years with Flame & Stuxnet, some serious questions that need answering are going to get raised. Not least is if "Cyber-funding" should be given to civil Law Enforcment Organisations (my prefrence) or the "Oh so secret" organisations such as the NSA, GCHQ et al and the various military "Cyber-Comands".
As some of you are aware I occasionaly bang on about the "China APT" mob.
Well this article,
Is in that vein, put simply a major Chinese Telco provider has indicated that their equipment supplied to many places world wide has Deep Packet Inspection (DPI) capabilities.
From this the article talkes about DPI being a "restricted technology" and then gives scary stories about what it can be used for (which is fairly accurate).
What it fails to mention is that other manufactures who are not Chinese also make similar equipment that can likewise do DPI. And those nations have "National Intrests" including their "National Security" and will therefore likewise use DPI to protect or enhance those interests (The US already does just this as does the UK and several other nations).
Therefor a qucik "Managment level" cheat sheet on DPI with repect to information security,
Is DPI a risk? yes.
Can it be mitigated against? yes.
Are we mitigating against it? mainly no.
Should we mitigate? almost certainly.
You then move to the risk analysis where you consider what your actual "assets at risk" are. This ranges greatly depending on the nature of your business, but if it has any elements of "National Security" (manufacturing, finance etc) interest then you almost certainly should mitigate fairly quickly if you have not already done so for other reasons.
You then hand the issue over for technical discussion on the appropriate methods to use for the assets concerned.
The Washington Post has an article about Flame where they say it's definatly a US-Israeli project run in parellel with Stuxnet under a project called "Olympic Games". And that it was unilataral action by Israel that led to Flame being discovered by the Iranians and they intern passing it onto various AV organisation for examination,
Personaly I think there are two few facts that can be checked to make the claims the article does.
@ Leonard Smith,
Would it be wise to create my own CA as opposed to being reliant upon commercial CAs?
Yes and no depending on what your site does.
If you "roll your own" then you have a reasonable degree of control but visitors to your site may be confused annoyed or scared off by the warning thrown up by their browser.
There are a few gotchas on rolling your own primarily to do with the level of "randomness" and other asspects involved. There are "How-To's" up on the internet in various places to give you basic guidance (if you need it).
Do Not Install The Proprietary Ghostery FF Addon!
Ghostery's true background (Score:3, Interesting)
"Seems like a lot of people are praising Ghostery, which leads me to believe that you haven't heard the backstory.
Evidon, which makes Ghostery, is an advertising company. They were originally named Better Advertising, Inc., but changed their name for obvious PR reasons. Despite the name change, let's be clear on one thing: their goal still is building better advertising, not protecting consumer privacy. Evidon bought Ghostery, an independent privacy tool that had a good reputation. They took a tool that was originally for watching the trackers online, something people saw as a legitimate privacy tool, and users were understandably concerned. The company said they were just using Ghostery for research. Turns out they had relationships with a bunch of ad companies and were compiling data from which sites you visited when you were using Ghostery, what trackers were on those sites, what ads they were, etc., and building a database to monetize.
When confronted about it, they made their tracking opt-in and called it GhostRank, which is how it exists today. They took an open-source type tool, bought it, turned it from something that’s actually protecting people from the ad industry, to something where the users are actually providing data to the advertisers to make it easier to track them. This is a fundamental conflict of interest.
To sum up: Ghostery makes its money from selling supposedly de-indentified user data about sites visited and ads encountered to marketers and advertisers. You get less privacy, they get more money. That's an inverse relationship. Better Advertising/Evidon continually plays up the story that people should just download Ghostery to help them hide from advertisers. Their motivation to promote it, however, isn't for better privacy; it's because they hope that you'll opt in to GhostRank and send you a bunch of information. They named their company Better Advertising for a reason: their incentive is better advertising, not better privacy."
@ Dirk Praet,
And the latest TSA fiasco at JFK
Thanks for that, having read through it, it appears even the story writers don't get the full meaning of the idea of a "quarantined area" and thus the shocking extent of the snafu,
In scary twist, the source couldn’t be certain that every passenger who went through the powerless detector had been accounted for and hadn’t gotten on a flight
What about the real scary part (if this was not all theatricals) all the passengers who had got through but possibly left a weapon hiden "air side" or on the aircraft they had already got on and then decamped from?
Did the TSA et al do a full search of the aircraft, airside and any other persons / places / vehicles / equipment / etc, any one of those passengers could have had contact with and thus passed / hidden a weapon etc with / on?
I bet not, therefore it's still a compleat fail and thus re-screening the passengers total Security Theater. If the TSA were for real they would have totaly sanitized the entire quarantined area, which would probably take several days to do. As the journalists have not grasped this point they obviously don't "get it" with security either as,
Either your quarantine area is totaly clean or there is no security from that point on.
As was once remarked "It's like virginity either you have it or you don't, and there's realy no going back once it's gone".
The closest I've seen to this news is a story by Neil Gaiman called A Study in Emerald:
Alluding to both the Sherlock Holmes canon and the Old Ones of the Cthulhu Mythos, this Hugo Award-winning short story will delight fans of Sir Arthur Conan Doyle, H. P. Lovecraft, and of course, Neil Gaiman.
As some of you might know every year South West London get's badly disturbed by a bunch of persons playing "lawn tennis" (and a right bl**dy nuisance it is for those who live near by).
Well I just heard on the radio news that Wimbledon has it's very own "no fly zone"...
But apparently not for "security" but because a few people (at the lawn tennis association) have complained about aircraft noise...
Any way the Newspapers have just started putting the story up,
And they are labeling it "to prevent terror attacks" so I guess they don't belive the Met Police and Government, now why would that be I wonder ;)
With all of the criticisms of the Dual EC DRBG algorithm, one I have not seen, but which stands as a possible risk factor for differentiating the output from a random source, is the development of limit cycles in the use of the first EC.
In the Dual EC DRBG, the X coordinate of a seed-multiplied point on the first curve is used as the seed for that same curve in the next cycle. This is similar to the use of iterated Hash functions.
It is possible that a limit cycle will develop with considerably shorter period than that of the the point group on the curve. This will then produce long duplicate bit streams at rates much more frequently than would be expected from a random source.
Concrete example: Take a humanly tolerable situation based on GF(2^7). With curve parameters A = 1, B = 26, P = (9,3), this group has a period of 73.
So starting with a seed of 10, a very much shorter limit cycle is developed with period 12.
I'm not stating that existing implementations do show such behavior, only that it cannot be ruled out. I don't know how to predict when it will happen, and so I don't know what good curves and keys should be used, nor if careful choices can even prevent the formation of limit cycle behavior.
Over the past month or so, I've seen a few reports of something called SWATting.
That is, abusing the phone network to impersonate someone else, calling emergency services, and giving bomb threats, murder threats, etc.
The FBI posted information on the subject back in 2008.
Question for the commentariat: is it possible to revamp the phone system architecture to make spoofing the 'source number' for the call much harder?
>There are better standardised ways of doing it which put the onus for security almost entirely onto the client
So it is better to use something like SRP instead of storing HASH(password+salt), is my understanding correct?
Caller-ID is easily spoofed. Only the most foolhardy would rely on it.
On the other hand, most folks still have good old Bell-Phone copper wire to their home. An inexpensive handset from Home Depot will let anyone tie into that anywhere the copper runs. Easier in apartment buildings, but someone can just hit the junction box down the street. At that point, they are on your line. There is no possible means of detecting the impersonation.
For folks with fiber drops (FIOS) or getting their phone service through the cable company, there's always the old Hollywood solution: Enter their house, legally or otherwise, plug a wireless base station into their phone network, and operate from someplace within 200 feet (or whatever the range is).
Of course, all this is quite illegal. If they catch you, they'll throw the book at you. But it's quite hard to get caught.
It's also quite immaterial when you can just buy a "burn" [cell] phone for $15 at Walmart, untraceably with cash, and use that.
Jonathon Evans [head of MI5] gave a lecture on the 25th.
One comment piqued my interest;
"He revealed that one “major London listed company” estimated to have lost around £800 million following a hostile state cyber attack."
Anyone know anything more about this?
NB London listed doesn't imply a British company.
Anyone, anyone, Clive?
Just a guess on my part. Not the company, but for the amount. US groups pushing "cyber losses" in cases where high value intellectual property is stolen often mention an estimated worth of it as the loss. This is how we have huge numbers for the supposed annual cost of industrial espionage, APTs, etc. So, it's unlikely to be an actual cost & probably a high estimate of what the company would have made.
Another possibility is that defence contracters from different countries competed for a contract and one country used its military/intel resources for an advantage. For example, the US was once accused of using its Echelon spy system to get a US company an advantage. We probably do that stuff plenty, but i figure the methods arent so fancy in practice.
It would appear that there is yet more bad news for RSA / EMC over the security of their tokens.
ARS Technica have a piece claiming the researchers behind this paper,
Can get security keys out of various security tokens / devices including the RSA SecureID 800,
However RSA dispute the claims, this story looks like it will grow legs and run...
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.