Schneier on Security
A blog covering security and security technology.
« Liars and Outliers: Book Excerpt |
| Jamming Speech with Recorded Speech »
March 9, 2012
Friday Squid Blogging: Humboldt Squid Can Dive to 1.5 km
Yet another impressive Humboldt squid feat:
"We've seen them make really impressive dives up to a kilometre and a half deep, swimming straight through a zone where there's really low oxygen," the Hopkins Marine Station researcher said.
"They're able to spend several hours at this kilometre-and-a-half-deep, and then they go back up and continue their normal daily swimming behaviour. It's just a really impressive, really fast, deep dive through what is quite a harsh environment."
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Posted on March 9, 2012 at 4:01 PM
• 44 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Sperm whales dive up to 3 km deep, can remain submerged for 90 minutes, and they love to mack squid.
I loved seeing this penguin 'outlier.'
Yeah? Well James Cameron can dive to 8 km.
In Britain, a man drowned in 3ft (0.91m) of water after entering the water and suffering an epileptic seizure. Among other factors, emergency responders may have been held back by official regulations and may also have been uncertain as to whether the victim was actually dead. On trying to provide maximal benefit and value to society, one could question as to whether better emergency responder training in actions such as water rescues could provide more benefit and value than things such as more militaristic law enforcement (though the former might be more mundane.)
Richard Stallman mentioned an article that touches upon the question of what a PC user should do if they unexpectedly encounter child abuse/pornographic images. Though reporting the images to the police might be one's first though, problems might arise if reporting the images leads to suspicion and/or seizure of the user's system (would silent deletion be better?) Then again, is it all that likely for a user to unexpectedly encounter such images?
In the US, the FCC is seeking comments about the ability of government agencies to shut down mobile phone service in specific areas.
Back in 1997, Wired News did an article about "50 Ways to Crash the Net"...
Linux Trojan: Linux/Bckdr-RKC 02-2012
It's definitely interesting and although not unexpected, you get the feeling of why was this not detected in a different form a some time ago.
That is the code shows that the person who wrote the code is very far from being inexperianced. Such experiance comes in only two ways,
1, Trial and error
2, Highly specific education
And if the second the "ability" of the teachers works it's way back to the trial and error aproach, which all mankinds "hard" knowledge in science and engineering is ultimatly derived from (even theoretical physics is based on the work of experimental physicists as Newton knew well).
Now this raises the question of where and when the learning experiments were carried out...
This could have only been in one of two places,
1, In Public.
2, In Private.
If in public you would expect such experiments to have kicked one or two tripewires and set off other alarms. Such events generaly produce "noise" in one form or another which would have attracted a crowd who would "spread the news" in one form or another. Thus if there is no noise recognisably linked to it, it raises questions as to why not.
But what if the experiments were "in private" what are the implications of this?
Well there are many but one is large well funded resources which has implications as to the size and nature of the backing organisation.
Which is where we have to tread very carefully on the analysis. Ken appears to have made a jump off of the deep end and that has coloured his thinking.
The finding of the Chinese language tag does not mean anything more that somebody set it at some point for some reason.
Ken has chosen to believe that it means the person speaks Chinese. Whilst this may be true it might also be there for other reasons including those of "false flag" operations.
The following on to the "China Town owend cleaning business" again does not of necesity mean anything (it's nebulous at best) but then again it could well be a smoking gun to a foreign intel operation or a false flag operation...
Which brings us around to the response of the AV companies. Is it simply that they have set it at a low priority for economic reasons or have they been "warned off" in some way...
And if it is "warned off" (unlikely but not impossible) is it by an intel organisation to stop their false flag op being blown or by an LEA trying to stop it's investigation into foreign espionage or organised crime activity being blown... and how do you tell the difference?
When you enter into a world of shadows, smoke and mirrors you have to tread with care lest your mind deceives you and sets your feet upon the wrong path.
One of the reasons investigating human activity is difficult is they often chose to veil their activities either to stop discovery or such that others will be blaimed.
Another is arguing back from effect to cause is at best problemetical, the clasic example being a positive swab for nitrates from your hand, does it mean you've been handeling explosives or does it mean you cooked bacon for breakfast or played cards with an old pack of cards the night before (an innocent man died in jail in the UK because of this very issue)?
It's why forensic activities although involving science are not science just the art of making threads that investigators and prosecuters can weave into a tapestry to hold up before a collection of lay persons to decide another persons fate...
And at the moment I'm treating the Chinese language tag as not even circumstantial evidence because importantly we have no knowledge of what it relates to.
As the hunt goes on that knowledge may become known and it may be indicative of Chinese Backers state or criminal or it may be indicative of somebody using somebody elses code or false flag activities.
Perhaps not unexpectedly Googless Chrom browesr did succumb to some quite serious security attacks (make the prize money big enough then people will look for you and importantly tell you),
Cory Doctorrow has an item up about plans to get rid of SOPA's proginator Texas Repub Lamar Smith out of Congress and onto the scrap heap of history,
If you are a voter in that area please go and help Smith is a 25year incumberant and appears to have heleped himself more than the voters so give him some people power where it counts.
KONY2012 is an outlier
Not sure of your drift there.
Anyway the KONY2012 "slick video" (there might be an unwanted L in there) by "Invisable Children" looks increasingly like a "self enrichment program" more than 60% of the income currently goes into the organisation not into aid, but importantly it actually may well be counter productive.
The aim appears to get and keep "American Military Boots on the ground there".
Now not wishing to appear unkind to the US Military in recent times where ever their foot prints are they stir up not just dust but significant conflict as well. If you want to bring civil war blood shed and wholesale civilian death to an area then send in the Americans.
The reason this happens is that the US has this quaint idea of the "lone ranger figure riding in to save the day" what actually happens is it provides a significant oportunity for others who hate the US to recruit local people into terrorism etc against the US.
One UK politician put it quite well with Iraq with the statment "Before we went in there were no terrorists in Iraq"...
So rather than respond to the "tear jerk marketing" campaign get to know a little about the area the conflict and the protaganists.
Joseph Kony and the Lords Resistance Army are thoroughly replent people for various reasons. However they are only marginaly worse than the official military in the area who carry out almost similar activities with apparently the full knowledge of both the local and central Government.
Importantly other people (mainly those who have been abused by the LRA or Government forces) are campaigning and getting to grips with the situation and the LRA are now down to as little as a couple of hundred members and rapidly diminishing by the day. Thus it is unlikely the Kony and the LRA will survive the year anyway without an US intervention be it "Christian" charity or Military. In fact such intervention is almost guaranteed to prolong the issue possibly for a decade or more.
So ask yourself in who's interest does the KONY2012 video best serve?
Dady Penguin trows the toys out the pram...
An interesting little spat with regards patching and backwards compatability in the Linux Kernel has arisen and quite rightly Linus makes the point about not breaking binaries.
However there is also a question of how long backwards capacity should be maintained?
Many exploits and their attack vectors are due to maintaining "backwards compatability" and this is a growing security issue.
Part of the problem is lack of foresight...
That is when you design a system you cannot know except in a few trivial cases what the future holds. Code by it's very nature is buggy for this reason. But it goes deeper to poor protocol design and likewise poor standards design.
I can easily say retrospectivly after the event that a certain design choice was poor, and I can extrapolate my experiances forward to sound a note of caution, but I cann't nor as far as I'm aware can anyone else actually see into the future.
Thus we have to accept that at some point backwards compatability will have to be broken in order for systems to remain secure.
Now Linus may think that others "don't get it" but likewise based only his posting above others could make the same accusation in return, and more toys and fur will fly (great entertainment for the onlookers)
However I hope others won't for a couple of reasons firstly hurt feelings tend to be divisive and thus non productive, secondly both view points are correct and represent opposit ends of a spectrum. Where a particular point in the spectrum applies should be on a case by case bassis.
Oh and as a general point a leader sets the direction of travel be it right or wrong, others may advise but it's the leaders choice at the end of the day. If they get it wrong then people leave the party and set up their own to follow a different path. This does not make them wrong or right only different.
HUGE Security Resource
- version 5000 - 03/06/12
As previously featured on Cryptome.org's front page for security resources.
@clive i am actually Ugandan, and we here are in general agreement with most of your observarions above, particularly the self enrichment ruse. We also have american government suddenly willing to 'help' after over 20 years, and coincidentally, when oil exploration has yielded bacon. This was demostrated recently when the top IMF official in the country attended the NRM(ruling party) caucus retreat. We are left wondering what business he had being partisan.
In the end, we sincerely hope that Kony will be caught or KIA. This is one situation where 'its not the thought that counts', as long as you scratch my back.
There exist other extreme arguments that do not fit here, and I leave that for the BBC and others. I actually enjoyed the documentary in itself, but am wary of the implications, for example, it has made the Kony brand so popular, that terrorist groups might now find it feasible to offer him support, and literaly have a shot at American soldiers. As you observed, this might actually prolong conflict, rather than stop it. In whose interest does it serve? I don't know, but i know its not the children. Bruce should consider restoring the 'dishonest minority' in the second edition of L&O. Some groups are not simply defectors.
@Jimbo and @Clive - Hey guys, glad to see people are paying attention and noticing my writeups on Linux/Bckdr-RKC.
Clive is 100% correct that there is no true way of determining the origins of the malware, all we can do is follow the clues which are in the malware. After looking at the decompiled source for hours upon hours, I am determined that this malware was programmed by multiple authors - at least one of these authors had a firm grasp of English, and at least one did not. I'm going to be writing a post on this soon.
The Chinese markers within Linux/Bckdr-RKC, while interesting, will most likely not be touched upon again. Why? Because it doesn't help with the bigger and more important mystery of "What does this thing actually do?" However, I will point out, that the Chinese language marker within the code was not the only Chinese reference. I have found at least one Chinese "phonetic" word.
I've been looking at the decompiled source code, and feel I've barely scratched the surface. Unfortunately, I'm not an expert at analyzing malware, and I'm still learning.
As always, if you think I got something wrong, please comment on my blog post and tell me! And if you want to try and help figure out what this malware does, by all means, start digging through the decompiled source and see what you can find.
If you're wondering what else the interested layman is reading about security these days, it's this book, The New Jim Crow. The title suggests a vast conspiracy, but the author is looking more at psychology:
“The main thrust,” she said, “is to show how historically both our conscious and unconscious biases and anxieties have played out over and over again to birth these vast new systems of social control.”
For readers outside the US, here's what "Jim Crow" means.
i am actually Ugandan, and we here are in general agreement with most of your observarions
I'm British and old enough to remember when the Ugandan Asian's were kicked out of Uganda and many came to Britain (where unfortunatly many were subject to racial abuse and other crimes). It was a shock to me then that such things could happen, and as I got older I learned there was a great deal more behind the "News Headlines" than ever made it into the newspaper storiesd. With much detail withheld for a whole number of reasons many of which were for political reasons.
Later during my time in the petro-chem industries I had occasion to visit various parts of Africa and became very aware of what had and was happening to children by the LRA and quite a few other organisations and governments. It became clear to me that much of these "rebel groups" were and still are most active where there are mineral resources to be exploited especialy when Western Companies and Governments of super powers have been involved.
It brings into question just where the money for these organisations originates from, why and under what conditions.
Whilst the West (may) have cleaned up it's behaviour it is becoming increasingly obvious that China is using "aid" to buy influance and control not just over the mineral resources but food production education and much of the infrastructure in African and south American Nations.
It appears just as one set of despots is disposed of, another set arise backed by yet another super power or large conglomerate.
All I know for certain is that political stability cannot be imposed on any area or region from outside, it's been tried many times in history and almost without exception it fails. It is the people inside that have to want it sufficiently to deal with the despots themselves even if they still need external support to achieve the removal of the despot and their support structure.
But even that determination is not enough, just recently we have had Arab spring where some despots have been deposed by the people with minimal loss however as we see with Syria some are determined to stay till they are ass you put it arrested or KIA.
But even for those countries that have deposed of their "rulers" peacfully, they still have the problem of a "power vacuum" and if we are not carefull then new despots will quickly arise and the countries could take a downward spiral. Which in part is what has happened to Somalia.
However those nations with reources are likely to get (faux) friends fairly quickly from industrialised countries and super powers. And worse as we saw with Iraq in some cases some super powers have "governments in waiting" who are parachuted in, who are very probably not what the people of those countries want or need.
I don't know what the best routes are to stability and fair government ( and arguably even the West are not there yet), but I would hope (as the Dalai lama does) there are peacfull ones.
I've been looking at the decompiled source code and feel I've barely scratched the surface. Unfortunately, I'm not an expert at analyzing malware, and I'm still learning.
Like writing malware there are only two ways to become proficient in analysing it, firstly be taught in some way or secondly learn by hypothesis, trial and error.
Of the two the first is faster than the second but the second gives more fundemental insight which in the end makes you more proficient.
As for being "expert" the better people get at something generaly the less expert they feel as they better understand that there is always much more to learn and their experiance thus encorages them to be cautious.
Good luck on the analysis and I hope to read much more about it as I suspect it is going to turn into another "eyes open wide with surprise" moment for many people in the security industry in general.
But be carefull with the non code analysis don't multiply hypotheses, what I have seen of some analysis done on Stuxnet is not analysis but trying to make findings match preconcieved expectations. Thus the chance of them being close let alone right is very very small.
[Disclosure of Interest : as some will know I have my own hunches about Stuxnet in that I have given reasoning to indicate the actual target was not Iran but North Korea, as Iran was the only route in. And I now know subsiquent to making statments to that effect North Korea certainly reacted in a way that showed that they believed they may well have been the target. But others disagree with my reasoning, which is fair enough, I actually don't mind and would encorage them to do so provided they provide their own reasoned argument. Because at the end of the day it advancess the knowledge base.]
@ Petréa Mitchell,
If you're wondering what else the interested layman is reading about security these days, it's this book, The New Jim Crow.
I'm actually not that surprised.
The reason is the republican "tea baggers" (or whatever they are called today). They profess admiration for Ayn Rand and her "philosophical view point" (Objectivism).
I won't go into much depth about Ayn Rand other than to say her philosophical writings are very very suspect and boarder on beying the work of a sociopath. Put simply her take on what many would regard as "gordon geeko" style "greed is good" would have been it was two socialist in outlook. Further she would have portraied the bankers, traders and their political stooges as being "oppressed"
Some argue she is a hero and without her "libertarianism" would not have existed, which is a very silly thing to say.
Where her philosophy fails is when it comes to "common good" it rejects the idea outright thus it throws the baby of "raising all boats" out with the bath water.
In Bruces current book definitions she would have been a defector. But the reality is that the reality is she was not a defector but an apologist for defectors.
But to be honest I suspect her philosophy was not sincere but a way to get a large amount of money. Basicaly "pandering to the hedonism of the wealthy whilst also removing any feelings of guilt by making out they wealthy are an oppressed minority predated by the taxation of democratic socialism" is the same sort of behaviour as the fawning waiter in a restaurant, it has an expectation of a large gratuity.
@ Petréa Mitchel,
This story suggests a genuine initial drop in crime, followed by increasingly artificial targets
Again I'm not surprised.
You can break the story into several parts a technical measure, which produces data for both payment/reward and political posturing.
With regards the technical measure, if you have a hunt far enough back in this blog and Cryptogram I've been going on about exactly this "initial success long term fail" trend with CCTV systems in the UK.
That is "initial success" is because unluky and unwary criminals get caught easily, then "natural selection" takes over and the smarter criminals out evolve a static technical security measure. But sometimes the initial susccess can be shown as being actually due to just a movment of officers into the area at the same time the technical measure is launched (thus apparently verifying the "feet on the beat" hypothesis).
Then as the whole bureaucratic world is "target driven" these days because Politicos can have "pissing contests" with numbers in sound bites.
The numbers from the back end of the technical solution become the "measure of success" by which both the politicians and police performance pay promotion and bonuses are assessed. Thus there is a significant incentive to manipulate the figures in one way or another and as the front end of the reporting system alows "discretion" it can be easily done.
And without a reliable front end audit process, there is little risk in doing so, unless of course there is "an honest person" who becomes a whistleblower.
Which is a problem for both the police authorities and their political masters because it is in both their interest for any front end manipulation to be kept hidden. Thus rather than act as they should, it is easier to "shoot the messenger".
Which is generaly quite easy, because even if the whistleblowers identity is supposedly kept "anonymous" it generaly takes little effort to work out who it is most likely to be.
The solutions to these problems are difficult at best for various reasons, the first step is to decouple "pay/promotion/rewards" from the inputing of data the second is to only use systems where full auditing is possible. Neither is going to happen in the current political climate so "rug lifting" has to be expected as normal....
@clive. While there are variations on the quotation the theme remains the same and it remains as true today as it was then.
"public agencies are very keen on amassing statistics - they collect them, add them, raise them to the nth power, take the cube root and prepare wonderful diagrams. But what you must never forget is that every one of those figures comes in the first instance from the village watchman, who just puts down what he damn well pleases." - Sir Josiah Stamp
While there are variations on the quotation the theme remains the same and it remains as true today as it was then
I wonder if there was a quoteable statment on the subject given to the Norman invader (William) at his 1085 Christmas get together in Gloucester that gave rise to the Doomsday Book...
This is fun and helpful (for those wanting to know more about Linux and OS's in general or doing linux development),
But sadly the best time for me to browse such things is whilst away from the "fixed resources" of my "dead tree cave" and this does not run well on my mobile browser (seems like an excuse for an upgrade ;-)
Got an article about world peace/wars. He tends to say that this is one of the most peaceful and secure tiems, and that creating fear to justify more security is not good/right/true.
Well the March 8 Internet catastrophe seems to have passed without problems or indeed much comment. What did happen?
the hacking was deferred, pending availabilty of funds i guess....
Yet another tale of schools over steping their authority over minors and there first amendment rights giving rise to a law suit by the parents,
The story is a 12 year old was placed under significant duress by the school with the assistance of an LEO, without the parents knowledge consent or pressence, and forced to give up passwords for Email and Facebook accounts.
The Telegram, a newspaper in Worcester, MA, recently tested Massachusetts' Public Records Law by having ordinary citizens ask police departments for a copy of the police log. In several cases, the requester was background checked before the logs were provided. In one case, when the requester did not identify himself, his license plate was checked against motor vehicle records to obtain his identity. All of these violated Massachusetts State law. It is important that we regularly test Public Records Laws to maintain open and transparent government.
@Bobby and @Clive
If we cast our minds back to the 1960s then we have the Katanga Crisis with the "rebels" doing just what Unione Miniere and Lonrho wanted - getting independence for the province of Katanga which is the only area of Congo with mineral resources. Then the war for independence of Bafra would have left a major oil producing area in western hands. The civil war in Angola had the rebels supportered by the South Africans; of course Angola has extensive diamond deposits. Panama got its independence from Columbia when the US wanted the Panama Canal. The list goes on and on. Before we waste energy psychologising the LRA and its repulsive leaders, let's ask ourselves "cui bono" or "follow the money" or something like that.
The Atlantic has a piece on "Frictionless sharing" (what Facebook and to some extent Google are doing with your personal data) and how it might effect the fourth amendment rights ie "your expectation of privacy" (with the weasel word being "expectation" as seen against societal norms guessed at by judges)
ON Topic :-)
Whilst I find what squid do quite fascinating, they are both similar (eyes) and different (brain structure) to us and esspecialy in the "Red Devils" case like hostile alien invaders from a B-Movie.
I find the technology in use even more fascinating when you consider just what it has to do,
Tags that the team attached to the squid record temperature and depth, and stay on the animal for just under a month before popping off and floating to the surface. When in sight of a satellite, the tags then relay their data back to the researchers
But also I find the researchers bravery quite astounding as well just saying "Tags that the team attached" makes it sound as trivial and normal as putting your keys in your pocket. The reality however is very different, the "Red Devil" has the name for a reason and it's not just that it can change colour, it's a voracious preditor that in many cases is as long as the researchers are tall, and it has the reputation amongst Mexican fishermen and US sports divers of being a "Man eater".
The intelligence of the Red Devil is estimated on brain size to be atleast that of a wild cat, but it's no cute and cuddly ball of fur, it's an all out killing and eating machine with canabalistic tendencies and is armed with an impressive array of natural weapons not least of which is it's beak which is quite capable biting through protective chain mail of "shark diving" suits.
Another reason not to do trade in China,
Put simply an engineer (Dr. Zhicheng Hu, born in China but now fully naturalised US citizen) with valuable IP he owned has gone to China on business to licence the IP and been arrested for stealing trade secrets but releassed from jail apparently without charge.
But every time he tried to leave China he was stopped by the authorities without explanation.
On pushing the issue he was told ever changing vague things most of which were the results of "closed door meetimgs" between the authorities and a well connected Chinese business man (Dou Shuhua) with whom he had once a business relationship.
Finaly a case against him is comming to trial but it seems likely his real crime was to have been born in China and then to have gone up against a Chinese Bussiness man with significant connections.
I suspect that if it runs the way other cases have gone he will be found guilty in what will be in effect a show trial, and recieve a very harsh sentance (possibly death) and if and when he gives up his rights he will be deported.
It is after all a "way of doing business" that is fairly well known in China, Russia and many other parts of the world but not one westerners generally get to hear about or take note of.
Since the TSA scanner misses things on a person's side, it should be trivial to just scan twice, turning 90 degrees in between, so what is on the side is now in front or behind.
And yet again, the sweet, innocent little squid cannot have even ONE thread to itself.
Pay $100 to skip security line...
Please debunk this load of horse manure.
Found a great commentary on security vendors, buyers, and border collies.
Thoughts. It made me want to buy a dog and I don't even like dogs. good explanation of boredom too. And some really good questions to ask security vendors......
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.