Not.Really.Me September 13, 2013 4:19 PM

Following the news that the NSA copies all its secrets to Israel.
We don’t compete with US defense/oil/aerospace companies, or any other part of the military-industrial complex, but we do compete with a number of Israeli outfits.

Pretty much all Israeli high tech companies have a defense role, it’s the only way to get government funding or bureaucratic assistance – and the government seems to regard any company with any defense role, however insignificant, as strategically vital.

So if you are BAe or Petrobas you knew your emails were being copied to Boeing and Exxon – but even if you are a little software house it seems you now have to worry.

kashmarek September 13, 2013 4:22 PM

And the beat goes one…

New York City is tracking RFID toll collection tags all over the city

So, it appears that some are justified in the call for shielding such devices to prevent “abuse” by agencies that have no business with this data. EZ-Pass and other toll booth devices have long been thought to be opportunities for tracking vehicle traffic, though such unannounced use could be considered an invasion of privacy or even illegal since it was not documented.

Yet, this seems in line with other unpopular programs (ie, stop and frisk) undertaken by NYC.

bruce September 13, 2013 4:58 PM

You posted:

Not the most eloquent I’ve been recently. Clearly I need to relax.

Do not relax for this reason:
“Far and away the best prize that life offers is the chance to work hard at work worth doing.”
– Theodore Roosevelt

Fnord September 13, 2013 5:01 PM

“major investments to research unknown pathogens”

Sounds to me like pushing the ridiculous non-risk-aware anti-terrorism resources into stuff that might be dual use in case of (for example) a naturally occurring pandemic.

unimportant September 13, 2013 5:25 PM

Traffic taxation is not the main reason behind toll collect. The real reason is to increase the aggressive surveillance grid at every level of society’s interactions. The system needs this kind of surveillance to prevent the people/slaves from bartering outside the system or to protest. And every interaction will be taxed because nothing is free for slaves — even breathing.

Godel September 13, 2013 5:32 PM

Australian Four Corners TV program reveals Sydney city car numberplate ID camera information is retained for 5 years.

New South Wales authorities refuse to explain what they’re using it for.

Robert Mayo September 13, 2013 8:12 PM

Mr Schneier,

In the context of email delivery, even basic mass surveillance measures, like using SMTP over TLS, are not universally employed even though they have be standardized for years. In your opinion, why is this?

concerned September 13, 2013 8:41 PM

Bruce, will you be summing up the security implications – in regards to the Snowden revelations – of any material that you may have had access to that is not be publicly available?

Also, I’m a computer engineer and was employed at one of the largest tech companies in the world but have recently moved on. I know you’re looking for people interested in blowing the whistle from the private-sector side of things and I can offer some tidbits which may help you in piecing together the larger puzzle.

Bauke Jan Douma September 13, 2013 9:08 PM

Any news yet on when subpoena’s will be issued to government
personnel engaged in massive borkage of the US Constitution.

Or is September the month of apathy over there too?



rosco September 13, 2013 9:19 PM

Bruce, you wrote somewhere recently about feudalism and how people these days pretty much have to place their trust in large companies to do the right thing with regards to security. The reality is that we can’t audit their systems.

I often ask questions of companies about their security. They seldom reply, but I got a classic reply this morning from my domain name registrar to an email I sent them about why there was no HTTPS (or padlock icon) in the address bar of my browser while using their site.

“As per our Development team who made the website. They can confirmed that the Member account does have a security https:// (in the back end) it is just invisible or can’t be seen in the GUI. IT will only show http but in reality it is under https.”

Naturally I have begun the process of transferring all of my domain names to another registrar.

So these are the feudal lords that we are expected to place our blind trust in? The internet is still a few hundred years behind the Middle Ages.

Reciprocate September 13, 2013 9:32 PM

Representatives must be threatened with their jobs. That’s the only leverage you have short of armed insurrection.

What will you tell your grandchildren when they ask you how many letters you’ve sent to Congress concerning these creeps?

Fear trumps money – if enough citizens are involved.

AC2 September 13, 2013 10:32 PM

NIST strongly recommends against using EC-DRNG. Don’t know if this is enough for them to regain trust.

@ Michael Ellsberg

Intetesting post. In fact one very popular way for people to get free signed certs is via an Israeli CA called StartCom. Maybe this is used to enable MITM attacks?


Well at least they’re not sending passwords by email like one hosting company I knew!

what was the name again? September 13, 2013 11:15 PM

Google’s Eric Schmidt says government spying is ‘the nature of our society’
Tech giant’s executive chairman calls for greater transparency but declines to ‘pass judgment’ on spying operations

Schmidt wants more transparency for one reason: to normalize the current situation, i.e. to leave the surveillances apparatus going while people have the mentality that its all ok folks

Sort of like with the nazis: the fact that killing became sufficiently institutionalized and commonplace helped contribute toward everyone taking it as a normal part of (an effective) society.

Jack N. September 13, 2013 11:43 PM


Someone took up what Linus said and looked at the random.c code with some interesting results.

a question for anyone:
Let’s say that that CPU random number generator feeds a stream that is predictable and repeated (e.g. a Fibonacci pattern every 2 seconds). If that is used as a source value in the cryptography, would it not be visible in the end result, ie. would it not be possible to use the known pattern to determine some segments in the resultant keys?

Brian K September 14, 2013 12:05 AM

Very interesting paper on some possible ways for a malicious ASIC foundry to subvert security chips:

They figured out how to get Intel’s Crypto-RNG to be arbitrarily weakened from 128-bit keys to any shorter key length they want. They also introduced key leakages into an AES S-Box design intended to prevent power analysis. In both cases, they’ve avoided all the tests used to detect tampered designs.

So, just how much of the design/supply chain do we have to trust now?

Winter September 14, 2013 5:20 AM

@Jack N
“Let’s say that that CPU random number generator feeds a stream that is predictable and repeated … would it not be possible to use the known pattern to determine some segments in the resultant keys?”

As fab wrote here (in German):

Random number + 1 => Random number

The point of Linus was that if you add a RNG to your pool that has been subverted, e.g, to 32 bit, then you are still adding randomness, e.g., 32 bit, to your pool.

If you want intractable randomness added, point a microphone at your fan, hash the signal, and feed it into your pool.

AC2 September 14, 2013 8:40 AM


Unless the malicious generator is aware of the first random number and generates the second such that the result is predictable…

Clive Robinson September 14, 2013 11:22 AM

@ Jack N.,

Adding two signals together is a complex process and has all sorts of complications.

As you might know the adding of two simple sin waves produces a complex and changing signal if they are independant of each other, or a repeating waveform if they are not independant of each other. In poth cases the instantanious value of the wave form is the phase difference between the two waves, and this can range from zero amplitude through to a negative or positive value that is the the sum of both waveforms peak amplitude.

You also get a mixing effect where the resulting complex waveform can be shown to have more than the two original sin waves (ie f1,f2,f1+f2,f1-f2) which are in effect amplitude modulated by each other.

Further you get other interesting effects when you are talking about digital wave forms an non-linear addition due to limiting etc, as well as sampling effects.

To see this think of two serial streams one going into the data input of a latch the other going into the clock. For simplicity assume that the data signal is a 1Mhz square wave and the clock signal is a 1.1Mhz signal close in the signal looks chaotic to the human eye, however turn the time base down and this chaotic signal can be seen to bunch up and open out very reqularly at 100Khz. If you put it through an integrator which acts as a lowpass filter with a cut off point above 200Khz you will get a very nice sin wave (like wise if you feed it into a counter acting as an integrator and feed the count value to a D2A converter). This result is what you would expect if you think of the “waggon wheel” visual effect where when filmed sometimes the wheel appears to be turning very slowly or in the wrong direction. Likewise the Vernier effect you can see from trains or cars where there are two parrellel picket fences, you see a shadow that is not realy there.

Now if the two signals are realy independant then you can use their difference to produce a random signal from what is sometimes called the “roulet wheel” effect, but you need to carefully filter out the equivalent of the primary frequencies and mixing products. If you don’t you end up with a “known signal” modulated by the random signal. You can see this on a frequency meter where the least significant digits change value unless the frequency being measured and the counter time base are derived from the same master refrence. Many Ham opperators are used to this from listening to the base band hetrodyne signal and hearing a warble on the tone as it changes frequency, and collage students from using an oscilloscope to display Lissajous figure that slowly rotates but with slight jerkyness. The warble or jerkyness is the random component as is the least significant digit flutter.

Whilst getting this random signal out for two independant sin waves with minimal contamination is possible, doing it for two complex wave forms is not due to multiple frequency components and sampling fold back effects.

Thus what looks like real randomness is actually faux randomness and with appropriate FFT & DFT analysis can make it very predictable.

So for two truely independant signals you do get just that little extra randomness but it’s way to easy to kid yourself that the signal ten or a hundred times greater is real randoness when infact it’s faux randomness. Unfortunatly this faux randomness will pass most of the standard randomness tests…

The result is your “entropy estimator” is way off base and you end up pulling determanistic but complex data from your entropy pool not random data.

winter September 14, 2013 12:05 PM

“Unless the malicious generator is aware of the first random number and generates the second such that the result is predictable…”

The question now is whether the HW rrand instruction can perform these calculations without leaking information about its operation in side channels.

AlanT September 14, 2013 3:16 PM

Bruce, many many thanks for your input on the NSA revelations. One hypothetical question – I wonder if the US Security and anti-virus vendors have been “leaned on” to, for example, allow backdoors for NSA use?

Keep up the good work.

kashmarek September 14, 2013 6:48 PM

In all likelihood, our own vendors have had their products compromised for government snooping (read: Cisco & others that we use). Perhaps this is why Cisco at one time tried to circumvent control of home/small business routers by attempting to force that to be handled by Cisco (which they backed away from).

Maybe the reason that communications equipment from China is not allowed to be used here is because they would not provide back doors for use by the Feds (implying that other vendors may be providing back doors for the Feds). Or, maybe that providing such back doors would have precluded China from using them to their advantage (alleged back doors, mind you; that may have all been propaganda).

Whoever Itis September 14, 2013 8:08 PM

@Robert Mayo:…using SMTP over TLS, are not universally employed even though they have be standardized for years…

Recently I enabled TLS negotiation on my mail servers. To my amazement, almost no connections attempted to negotiate TLS except for Google and AOL. Even those exceptions don’t make me feel much safer if once at the destination it’s all given up anyway.

Did you notice in the Google statement of supposed denial, it seemed to be carefully worded. Phrases like, ‘ways to circumvent our security systems, we have no evidence’ and ‘in accordance with the law’ were used but no outright denials. What if they aren’t circumventing but are within the security system? What if the evidence has been destroyed. What if someone else has the evidence?

Also, the law or its application is the problem here. So saying that you did something in accordance with the law isn’t helpful. This statement could really mean anything depending on what the words mean. This is the kind of thing where many legal hours can produce a statement that says something but means nothing.

The calls for transparency are totally off the mark. Why not call for it to stop rather than just call for transparency? If I’m getting beat to death with a hood over my head, the problem is stopping the beating not trying to cut a hole in it so I can see out with one eye while it continues.

Call to action. Besides complaining and all that, what would also be helpful is if someone or some trusted group (not the compromised groups) could come up with a list of things that can be done practically for security. For example, if you generated your cert by allowing the CA to generate your private key, do it over the right way. Which SSL cipher sets should we set and what order of preference? Use 4096 bit, SHA256, perfect forward secrecy, etc. Maybe even some tutorials would be of benefit because doing some of these things is hard to do especially with common Linux distributions.

Nick P September 14, 2013 11:57 PM

@ Whoever Itis

“Besides complaining and all that, what would also be helpful is if someone or some trusted group (not the compromised groups) could come up with a list of things that can be done practically for security. ”

Not to be a wise guy but that’s kind of what happened before. And they subverted it. 😉 Just one of those things that are easier to say than to understand how to make work.

What can be made to work is basing it on mutually distrusting, esp. ideological, entities. Might be countries, ethnic groups, individuals, etc. MUST be ideological, detail-oriented, and invite only. Strange enough, you can get more trust out of distrusting cooperation than those that are trustworthy b/c they appear to be.

Curious September 15, 2013 7:23 AM

It looks to me that this blog can’t be viewed with TLS 1.2 enabled in my browser (I tried it out today, disabling the other versions), has it always been like this? According to wikipedia on TLS only a small fraction of the websites on the internet supports 1.2.

My apologies, if someone else have already pointed out something similar on some other occasion.

Curious September 15, 2013 7:28 AM

Oh, hold on. Sorry, I should rephrase myself here, I can in fact view this blog in some way.

I can view this blog with TLS 1.2 enabled and the other versions disabled, but the blog ends up looking different.

Curious September 15, 2013 7:33 AM

I would like to add that with TLS 1.2 enabled and the other versions disabled in my browser, I can view this website, but not consistently. Sometimes a page will load, other times it doesn’t want to load. And as I mentioned, when a page loads, it looks different, as if the formatting and style of the page has been stripped.

I realize now that I have a torrent client running in the background, maybe that was interfering somehow as well. shrugs

Curious September 15, 2013 7:36 AM

So this is what happens when I don’t think things through and when I don’t take a few moments to reflect on things before posting a comment. Ending up writing more than one comment here correcting myself 😐 Sorry about that.

kashmarek September 15, 2013 7:43 AM

Privacy reform panel meets, but primarily discusses concerns of the technical firms involved…

From the posting…

Director of National Intelligence James Clapper said that Snowden’s information leaks started conversations that should have happened a long time ago. Also, the privacy reform panel created by President Obama met for the first time earlier this week. It did not discuss the NSA’s surveillance activities. [Two attendees of the Monday meeting said the discussion was dominated by the interests of major technology firms, and the session did not address making any substantive changes to the controversial mass collection of Americans’ phone data and foreigners’ internet communications, which can include conversations with Americans.”

Alice and Bob September 15, 2013 2:29 PM

Today a lot of cell phones and tablets use the USB port for both charging the phone and for loading data to the phone.

Are there any studies about using the power grid as an attack vector into these devices?

Natanael L September 15, 2013 3:09 PM

Alice and Bob: Why would there be? There’s no phone chargers that supports power line communication. They don’t have any data communication capabilities. USB’s charging wires are separate from it’s data link wires. There’s no way to manipulate the electric grid to send signals to the smartphones, and even if it were, how would you achieve the two way communication between ONLY the target phone and the device you hooked in to the grid when there could be dozens of connected devices?

Clive Robinson September 15, 2013 4:03 PM

@ Alice & Bob,

    Are there any studies about using the power grid as an attack vector into these devices

Hmm do you mean using just the current “off the shelf” chargers or can it be done with a bit of kit that looks like an off the shelf charger?

If you mean standard off the shelf then as Natanael indicates no.

If you mean via a special bit of kit then yes it can be done and part of it was done at a well known hackers convention where they provided USB “charge points” and slurped data off of the devices any one was daft enough to connect.

You can by “home wiring network” “wallwarts” that connect to a computer via the USB port. So it would only be a matter of re-flashing the microcontroler memory inside the device with a new program to do this.

You can also buy USB-2-Go devices designed to be pluged into cameras etc to fairly quickly copy the directory structure onto another memory card. I believe there is a proffesional version that also provides power/charge to the camera as well. As far as I’m aware they will also copy the contents of phone directory structure as well and presumably tablets/pads etc. likewise.

So the technology to do it is definatly there, all it needs is someone to put it together. And to be quite honest I would be surprised if somebody had not already done it for corporate/industrial espionage purposes. And if not I suspect with the numbers and range of readers of this blog it will be coming into somebodies product catalog within a month or two at the most…

Afterall if you go to the likes of the Microchip web site most of the software pieces are there to do USB-2-Go, TCP/IP stack and FAT32 directory handeling. And and a quick hunt on the Internet shows how to make a PIC micro connect safely to the mains network to control home appliances. So it’s at an undergrad project level.

kashmarek September 15, 2013 6:46 PM

NSA antics…

and good grief, you’re in charge of stuff at the NSA…you DON’T tell people about it and expect to keep your job!

name.withheld.for.obvious.reasons September 15, 2013 7:36 PM

If it has not been mention, the new shield law for journalists seems to eviserate the first amendment by narrowing free speech. The first amendment provides for the freedom of speech AND of the press.

“or abridging the freedom of speech, or of the press…”

This would not of proved useful for Thomas Paine in drafting and publishing on his own the most relevant document as the precursor to the revolution. To quote from the Christian Science Monitor article ( Dianne Finestein said; “17-year-old blogger” doesn’t deserve a legal shield.”

So I take the lack of outrage to the inherint timidity of the U.S. citizenry as intractable. I can not believe a U.S. senator believes the first amendment is irrelevant and that ONLY journalists are to be recognized–how does the attack on speech square this circle?

Thank you horse’s arse citizenry–way to freakin’ go–keep on watching America’s biggest loser…you.

Godel September 15, 2013 8:18 PM

@ Jamie

Yes, that article you referred to is an eye-opener.

Quote “Google knows where you’ve been and they might be holding your encryption keys. June 21, 2011 by Donovan Colbert for TechRepublic. This is the first article I was able to find on the subject. Colbert was not happy, writing:

 ... my corporate office has a public, protected wireless access point. The idea that every Android device that connects with that access point shares our private corporate access key with Google is pretty unacceptable ... This isn't just a trivial concern. The fact that my company can easily lose control of their own proprietary WPA2 encryption keys just by allowing a user with an Android device to use our wireless network is significant. It illustrates a basic lack of understanding on the ethics of dealing with sensitive corporate and personal data on the behalf of the engineers, programmers and leadership at Google. Honestly, if there is any data that shouldn't be harvested, stored and synched automatically between devices, it is encryption keys, passcodes and passwords."

That link again:

Dirk Praet September 16, 2013 4:26 AM

Another minor setback for our friends at NSA/GCHQ: Belgium’s federal prosecutor is looking into a claim by biggest telco/isp Belgacom that its systems were hacked into and infected with a “virus”. Reports say the complexity of the malware suggests an intelligence agency was to blame. The perpetrators hacked into at least two years of international phone traffic and apparently were also very interested in Belgacom International Carrier Services (BICS), the firm’s joint venture with Swisscom and South Africa’s MTN. .

Figureitout September 16, 2013 10:20 PM

Hmm it appears as if someone in the Navy w/ PTSD just shot up a bunch of random civilians…And then gives the SWATs a chance to turn a portion of a city into a literal police state. I’m surprised he wasn’t a copper too.

“You ain’t see nothing yet”, these f*ckers are crazy, just wait.

Figureitout September 16, 2013 10:32 PM

NSA and the police state apparatus failed yet again to stop another terrorist attack, let’s give them more money and power since they can’t even control their own employees/officers.

Look at the fcking military in the United States, it’s a military state. Fck the future.

Clive Robinson September 17, 2013 4:35 PM

OFF Topic :

Only tangentaly related to security, but unless you are a patent troll it might make you smile or at least glad for the guy. Basicaly he is an independent app developer and gives his transport app away for free and makes a tiny amount on bundeled advertising. A patent troll comes along and hits him with infringment notification, and the guy stands up to him and the patent troll takes him to court in an inappropriate manner and the guys lawyer chalenges and succeeds. The patent troll is now asked for money but has so far not stumped so is now wrong footed… and others are now sueing the troll as wel 🙂

Clive Robinson September 18, 2013 5:09 AM

ON Topic 🙂

@ Bruce,

Apparantly there is a book with “Dimondback Squid Recipies” which has 53 different ways of cooking it. It’s also eaten raw in Japan and other places due to it’s delicate taste and is quite popular,

But… apparently unlike other squid that are fished for food, the diamondback squid “pairs for life” and thus is more sensitive to fishing.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.