Schneier on Security
A blog covering security and security technology.
« xkcd on a Bad Threat Model |
| More Links on the Boston Terrorist Attacks »
April 26, 2013
Friday Squid Blogging: Lego Giant Squid Model
This is a fantastic Lego model of a space kraken attacking a Star Wars Super Star Destroyer.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Posted on April 26, 2013 at 4:05 PM
• 35 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
hate to recycle slashdot, but: http://yro.slashdot.org/story/13/04/26/1456231/...
"An anonymous reader writes
"New York City Police Commissioner Ray Kelly thinks that now is a great time to install even more surveillance cameras hither and yon around the Big Apple. After the Boston Marathon bombing, the Tsarnaev brothers were famously captured on security camera footage and thereby identified. That just may soften up Americans to the idea of the all-seeing glass eye. 'I think the privacy issue has really been taken off the table,' Kelly gloats.""
Prison hands out booklets to prisoners with a picture of the master key on the front. Inmate jeweller (who had jewelery-making equipment in his cell) manufactures a copy.
Have you seen any webs1tes like this for data extraction via LEDs?
LEDs have a very fast response time (some in the nano sec range are almost standard), if an engineer makes the mistake of connecting one to a data line via a resistor or other non reactive component such as a current mirror then the data will be converted to pulses of light.
I'm aware of atleast one piece of TEMPEST approved crypto equipment in use back in the 1980's that did just this to the output of the cipher stream generator...
So the problem has been known about for some time.
More importantly the UK's Cambridge University Computer labs demonstrated that by the use of a photodetector and a telescope it was possible to read serialised data signals by reflection of a wall (in their case the signal was from a CRT display).
There are three basic solutions,
1, Don't have indicators.
2, Don't have fast indicators or put a leaky integrator with a TC greater than ten times the lowest data rate.
3, Only operate secure equipment with indicators in a "Known to be Secure" to latest EmSec standards environment.
With regards the lowest data rate this can be hard to work out for various reasons so unless you know what the risks are then don't do it.
One solution you see is a doubly clocked dual latch circuit where the data line drives the set line and a clock circuit drives the reset line every half second or so. But even this leaks data either below a submultiple of the clock rate or where the designer does not also clock the set line to the output latch...
@ A glass eye
This little sentence explains it all me thinks: "Chavez Security is owned by former city councilor Peso (sic) Chavez and has made millions of dollars over the past decade providing security to the city. "
SantaFe's own Security-Industrial Complex ? :-)
Planned terror attack foiled after year long surveillance in Canada with help from US authorities:
(This isn't the original story but a sub-story about the collaboration between Canada and US officials).
Photo of a car key used to 3D print a copy that can start the car; see photos & video at the link.
Wow, way more spam than I usually see here.
Who is the customer base for this?
Imagine, up to 2880 pictures per day from this little puppy, with all photos GPS and date/time stamped. Photos get uploaded to cloud storage. Want to bet who get access to all of that (probably government, marketers, law enforcement, insurance. Yeah, they say private to you now, but future...? Free storage for one year, and the cost later...should be enough to get most people to quit. Cost is $279, which is way to much. I can get a cheaper camera with the same (or better) features and no loss of privacy, no exposure to cloud storage, and only my own costs for disk space (no internet issues).
The Adventures of Bucking Fastard...
Today's information assurance and security pundits extoll the virtue and
security of "isolated" computing and data services like those found in "the
cloud." For years, when the first mini-computers and mainframes went into production, access to data and resources could "only" be access from a
terminal-often from off-site. At least that was what the audit reports and
senior management said-what do I know. Probably more than the administrators of these systems--more often than not a POTS line hung to a 300, 1200, or 2400-baud modem off one of the internal computing resources.
Having control of the management systems may not seem like much of problem-remote printing was often used to scrap data from mini's and mainframes. If you were smart, issue a P.O. on their e-mail system or order a copy of a report or tapes to be delivered to "this address" by courier with instructions to drop the package at the door if no answers. Make sure it's a neighbor you DON'T like. Couriers would not question the destination as they had little knowledge of the product or
source destination relationship.
There was a time during the early 80's,
General Dynamics Nuclear Systems Division in Pomona, California was directly accessible from any number of Radio Shack stores. Many Radio Shacks had a TRS Model 12 on the floor but if you were in an upscale area, they would
have a Model 16 (thank you Xenix), a modem attached, and more importantly--DIALTONE. It was possible to access communications, management, and data systems located on the secured GD plant. If you knew what you were
doing, either load your own serial communications program (I call them apps) or take about 5 minutes to build your own private UUCP network. Less than two minutes from the time you tell the sales rep, more points if it's the
manager, "Oh, I'm just looking at this-what do ya call um-Pong -where do I
put the quarter?" As he, it was never a she-well maybe once, walked away
shaking their head, game over. All your 8 inch hard-sector formatted media are belong to me.
With this part of the exercise complete, systems could be configured and
controlled from anywhere in the world (Yes, GD used POTS lines to bring in
connections from the outside world). So yes, before the movie war games came
out it was possible to access a number of highly prized national security assets. None of these stories have seen the light of day-and for now it's just a story. Right Vladimir? The Russians did not need to develop elaborate networks of spies or legions of techie-KBG agents, nyet, "Just wait until American's plug in comrade, it will be mother Russia's!" Funny thing, GD thought they were impervious to external threats or actors. Believing that a PHONE NUMBER served as a password and authentication token was extremely naïve. However, what makes this "story" dating back to the 1980's relevant is how similar situations can be found today-I most own 65,536 (right shift one) t-shirts that say "told you, but no..."
All my other t-shirts say I will
f(x) * u - UP
and on the back of the shirt
Compute this; U + 10^100
Some call me...Tim...the enchanter?
kashmarek: I am also pretty curious, since as far as I know no protocol details or source code have been (or are planned to be) disclosed. Personally, until at least the protocol spec has been public and available for review for a while, I wouldn't count BitTorrent Sync any more secure than any other cloud service...
Shaun: The question that story makes me ask is, why did the other escapee (Shane Baker) have jewelers' equipment in his cell? Was it smuggled in, or was it allowed for some reason?
Bit Torrent Sync advertises itself as NOT a cloud service (peer to peer). Your comment "I wouldn't count BitTorrent Sync any more secure than any other cloud service...", does not appear to apply. Yet, if one were discover it actually did go through a "cloud service", that would make the tool disingenuous at best.
Meanwhile, back at the squid
Interesting beast—obviously evolved in a denser medium, since the suckers won't do a damn' thing for it in vacuum.
I've just heard another news report on the ricin-containing letters that describes this as "biological warfare". This seems like ridiculous scare-mongering. Ricin is a poison obtained from a plant, which makes it similar to nicotine, digitalis, strychnine, atropine, morphine, etc. Are cigarettes "weapons of mass destruction"?
Biological warfare, if it means anything, should mean use of a biological agent, like anthrax, smallpox, or plague.
Not so much a security story but it resonates strongly with the "Liars and Outliers" content and has personal resonance (Christchurch has been my "home town" for the last 15 years) - http://gropingtobethlehem.wordpress.com/2013/03/...
An economist's view of a security (against fraud) trade-off.
A bit late to the party but there is an interesting article on click fraud and the denial of the advertising industry to see the problem.
"If TV viewing were to drop 1% we would hear all kinds of wailing. But fraud of 25 to 40% in online advertising? No problem, we'll appoint a committee or something.
When you take a gullible industry that has acted in an irresponsible and foolhardy manner to sell snake oil to its clients, add to that some very sophisticated crooks who are way ahead of the naive buyers and sellers of ads, and top it off with indecipherable metrics that are intentionally designed to confuse and mislead, you have yourself a very toxic blend.
Try not to be there when it explodes.
OFF Topic :
Just when you thought there could not be a new market angle on ITsec quals...
They bring one out for Cloud Security, I wonder how long it will be befor we see it appearing on job specs put there by managers and HR droids who are trying to look on the pulse (but in reality...),
With regard to an earlier comment about BitTorrent Sync:
The devices in sync are connected directly. Connection is established by use of UDP, NAT traversal, UPnP port mapping, and relay server. If your devices are on a local network, BitTorrent Sync will synchronize them without the Internet connection."
There is a relay server, and the implication that the relay server is used for connection when synchronization is done on the internet.
OFF Topic :
It appears that US banks are hacked off by the US Governments lack of responst to contiuing attacks alleged to have come from Iran.
It would appear the Government position is to do nothing other than prevaricate on the issue and say to banks "did you test for this?" And similar "blaim the victim" type activities that have becom common not just with US Federal organisations but in other WASP nations as well.
Thus the question becomes apart from making placatory worded statments to their own press, what are WASP Nation Governments actually going to do to protect organisations within their nations?
Argueably it's a "National Security" issue based on what is an economic attack on a soverign nation.
OFF Topic :
Another 50 Million user credentials are stolen this time from Living Social.
With that amount of data being involved you have to wonder why it was not detected and stopped...
ON Topic :-)
I showed my son who is a bit of a Lego-holic the page and he went very thoughtful over it.
It might not be to long befor there is a "mini-me" of the squid hanging around...
OFF Topic :
The Curse of the Dog House
Jim McCormack who earnt an estimated 75million USD from sales of his absolutly fake bomb detector called the ADE-651, has been given the maximum sentance possible (10years) for what he was prosecuted for.
You can read more on the sentancing at,
Bruce original posted about the ADE-651 back in Nov 2009,
Hopefully now Mr McCormack will be further prosecuted and have his ill gotton gains taken away from him and hopefully set back to those he conned.
I know Bruce has linked to Stratfor pages before. Here's a little gem I found when I checked up on Wikileaks today. They're putting together presentations of Stratfor's whole operation. Should make for interesting reading.
A few highlights (without spoiling too much):
""Do not think of StratCap as an outside organisation. It will be integral... It will be useful to you if, for the sake of convenience, you think of it as another aspect of Stratfor and Shea as another executive in Stratfor... we are already working on mock portfolios and trades". StratCap is due to launch in 2012. "
""[Y]ou have to take control of him. Control means financial, sexual or psychological control... This is intended to start our conversation on your next phase" – CEO George Friedman to Stratfor analyst Reva Bhalla on 6 December 2011, on how to exploit an Israeli intelligence informant providing information on the medical condition of the President of Venezuala, Hugo Chavez. "
There was one intelligent observation I noticed. At one point, they're trying to determine if they can get on Wikileaks' "leak gravy train" maybe by using their counterintelligence and surveillance experience to develop leak preventing security products. Then, they say:
"Could we develop some ideas and procedures on the idea of ´leak-focused’ network security that focuses on preventing one’s own employees from leaking sensitive information... In fact, I’m not so sure this is an IT problem that requires an IT solution."
Exactly. It's a personnel problem. The only solution to preventing leaks is to have employees that are zealots. This usually happens in religious or political organizations, like Church of Scientology. Steve Jobs also took this approach with Apple.
@ Nick P,
With regards the IBM library release of code for the BGV homomorphic encryption, I don't know how much of it you have dug into.
But an observation for you, the BGV "" system works on a bit by bit basis to provide addition and multiplication. In essence the bit by bit addition is the XOR logic function and bit by bit multiplication is the AND logic function. Further the XOR of a bit with logic 1 provides the inversion function so the two input NAND function could be constructed.
Now I don't know if your memory stretches back to my occasional mention of Serial ADDERS and CPU's that I've designed in the long distant past? But one thing you might remember from Boolian logic is that either the NAND or NOR gates are considered the basic gates from which all other standard logic gates can be made. Further all parrellel logic circuits can be reduced and replaced by serial logic circuits.
The upshot is that the fundemental blocks are there to make a CPU that can do all logical and arithmetic functions on data without ever seeing the data in plain text....
Obviously it's by no means "fully secure" because the program that the CPU runs is still visable to anyone observing the CPU but it's a step closer to that thought to be mythical idea of being able to use a hostile adversaries computing resources securely.
Sadly though I suspect the first serious use will not be in the likes of "Cloud Computing" but in "HiSec Malware" used for "Cyber-weapons"...
Now how about a small sweep stake or bet as to how long before it's seen in the wild. My guess is two years to deployment and another two to three years for the AV companies to get a payload with it in.
@ Clive Robinson
"The upshot is that the fundemental blocks are there to make a CPU that can do all logical and arithmetic functions on data without ever seeing the data in plain text...."
This is possible. It might even be a good idea that my mind just doesn't appreciate yet. My focus in these areas is still on tamper-detecting, secret-erasing enclosures. I think more work should go into designing enclosures (1U, 2U, 4U, safes) that can protect arbitrary electronics. Attack vectors include electricity manipulation, penetration of outside container, radiation, electromagnetic injection attacks, TEMPEST-style monitoring of EM to detect tamper circuit states, ultrasound, etc. I'd like many proven solutions to each of these problems and a way to create a different configuration per deployment. The main idea is that some things would be prevented entirely and others would be detected due to the benefit of site-specific obfuscation.
Thinking ahead, though. Let's say we design a kit for someone to produce a rackable, tamperproof system. Let's say it's tamperproof in that there's no known way to disable it once its operating. The attacks most likely to succeed will be MITM on supply chain or shipping; attacks before tamper circuitry establishes a baseline. The latter is more interesting. I was thinking that the defender will setup the system in an environment they control. It will then move through another set of environmental variables on the way to deployment and then enter yet another set once deployed. Any configuration of tamper circuitry that tries not to nuke the system during these phases might be an exploitable weakness. Just as an intruder has best IDS bypass opportunity during its training period, an attack on these systems during their pre-production phase might work.
I'm not sure of a technical solution to this problem. My solution so far to such things was trusted courier who (a) can fry it at first sign of trouble and (b) activates tamper software during installation, is present during a training period, and then activates higher security level upon leaving. Seems like it's good enough in the event that a trusted person is allowed onsite in the untrusted area.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.