Schneier on Security
A blog covering security and security technology.
« Another Interview |
| My New PGP/GPG and OTR Keys »
September 6, 2013
Friday Squid Blogging: Giant Squid Found Off the Coast of Spain
The incomplete specimen weighs over 160 lbs. And here's a map of squid spottings.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Posted on September 6, 2013 at 4:50 PM
• 52 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
A very early practitioner of chemical warfare. What's the government's position to rid the world of this scourge?
Squid ink is about the color of the fonts in Microsoft's OWA (Outlook Web App.)
Both help you hide from bad guys. Unfortunately, someone told the Syrians that OWA's ink bleeds. That is, they can craft a link that will harvest credentials.
The best thing to do is to hover over the link so that you know where it will take you, except that OWA doesn't work that way.
Microsoft obfuscates the links in OWA. If you hover over a link in OWA, you will see meaningless HTML.
Microsoft does this because once, not now but once, the links could expose the directory structure of the Exchange server.
My god and so on. I had to squid three overlayed symmetrical ciphers through my unbreakable Enigma Hagelin device and the thing totally went Purple. All the time its rotors stayed hard. Nobody believes anything, except what the fellow with the gender identity disorder told the old man in the clouds - "Think for yourself, schmuck!"
Godel, that's "rubber tentacle cryptanalysis" :)
With the NSA lying about everything else, why would anyone believe this?
It seems more fit-to-order for pumping up additional weapon systems sales by the military industrial complex.
Is this the equivalent of the Irag "yellowcake" story? Or, the weapons of mass destruction story?
As NSA obviously have no idea on what Snowden got his hands on and Greenwald et al. are increasing the size of the powder keg for each publication of news.
What kind of information are there left to release?
Names of all the systems, hardware and software and state partners and for how long and how they have participated?
Complete information of the countries, organisations and state heads - both friends and foes - they have been screwing behind their backs?
Lists of all financial deals and monetary systems they have been undercutting to reap the benefit from?
Was this the end of the horror or just the beginning of a never ending trust nightmare?
I decided to write-up how I would do what the NSA are alleged to be doing if I had their mission, budget, ethics, and resources. Read it here. It's considerably simpler, more robust, and easier to have kept secret than the other theories of how which I have read recently.
Considering that you've had access to some Snowden docs, would you care to deny that you've received an NSL or any other secret warrant? Or perhaps you just can't say?
Thinking of BitMessage, the initial address generation and broadcast seems a little risky.
If you assume full cooperation from ISPs, they could have BM running at each exchange which would be a peer for most customer IPs connected there. (similar approach for other inhouse networks ..)
This would see the new address broadcast and be able to associate it to the IP removing BM address anonymity...
Of course you can mitigate this via public wifi, vpn etc and I'm sure this has already been covered somewhere!
Of course by the time it is passed it will have suitable exemptions for national security...
I spent a lot of time going back to read comments on this blog made a few years ago. They all seem so stupid now. So many "experts" and so much nonsense.. now I wonder what another year will bring.
> A hopeful sign:
Yes, something of that kind is necessary, a clear signal that restores trust.
I guess it is natural that US citizens criticize especially the observation of US citizens (given the 4th amendment and the general mission of the NSA), but it should also be noted that internationally - especially since Facebook and Google - it is no longer just spies or terrorists and "geeks" who use the internet, its Grandma's, kids, anybody, and often for completely local things like which movie to go see or which party to go to, etc.
This makes it definitely not OK to scan everything and possibly to store a lot of it. (By the way, CERN stores 15 petabytes per year; assuming a similar storage capacity by the NSA, that would be 2BM per person on earth, but I am deviating...)
What I can do and gradually will do if a certain level of trust is not restored, is reduce contact with anything from the USA. Buying less stuff from US companies or visiting US sites less (thus reducing income from ads) is probably the strongest measure I can personally take.
No intention at all to jump through loops for the NSA or whoever by using encryption or tor or whatever, that is just also not OK, and definitely not an option for Grandma etc. anyway.
I feel that the ones who caused this mess should also clean it up :)
@Bruce: you previously mentioned not to trust ECC curves with constants originating from dubious sources, such as NIST or NSA. (Which I agree with.)
But most if not all of the NIST ECC curves originate from the SEC2 specification from Certicom Research in 2000, if not earlier:
Certicom is a Canadian company, that was founded in 1985 by Canadians (Gordon Agnew, Ron Mullin, & Scott Vanstone) and still remains in Canadian hands.
These SEC2 curve constants have not changed, so it would seem that that the American based NSA/NIST agencies did not have a hand in weakening them for their own nefarious purposes.
I would very much value your opinion on this. PKI is needed (especially in a global world) and ECC has a lot of advantages, if we have some trusted curves.
Are there any ECC curves you trust or at least trust more than others?
A while back Bruce "doghoused" PMC Ciphers. They had a "polymorphic" cipher that generated a custom cipher per key (in a nutshell). And it had a huge key, was immune to all existing attacks, made black hats suicidal and was desired by militaries all over. In short, they were full of shit. I slammed them too and said they could make a similar claim with *some* real security if they cascaded real ciphers:
1. A set of ciphers that were all proven pretty secure in use.
2. A set of hash functions for mixing the keys or multiple/mixed digests.
3. Use the shared secret to drive both the keying, mixing, and algorithm selection process.
4. Use ordering, tiny tweaks to hash input, and nonces to make the process have many possibilities.
5. They could even claim a "512-1,024" bit encryption process because it might take that much input for independent keys, nonces, etc.
That was years ago. I decided to check up on the doghoused companies. (Vadium is mostly gone, btw.) I found this on PMC's still active product site:
Maybe I'm misreading this. It does look like they took a few ideas in my mockery of their product, dressed them up PMC style with their trademarked pseudocryptography and... turned that into a product! Their marketing team really listens for product improvements, if I can say nothing else for them. ;) They've even embraced extra openness by including a detailed whitepaper and a link to source code. The comparison table on that site is where the real humor is at.
I wonder what their actual sales are. I hope the owner's salary is competitive with fast food worker pay. He's earned it.
@ Bruce Schneier
John Gilmore speculates on ways that NSA might have weakened IPSEC. References one of your papers too.
Your thoughts on this?
Reading some commentary on the trustworthiness of OpenSSL ( http://blog.cryptographyengineering.com/2013/09/... ), and John Gilmore's remarks about NSA throwing sand in the gears of other standards efforts ( http://www.mail-archive.com/... ) reminded me of my frustrations that one can't get TLS 1.2 (the latest version of SSL) in web browsers, thus websites wanting to disable vulnerable non-TLS-1.2 can't really do so either without failing to support the majority of their customers: http://en.wikipedia.org/wiki/...
Is the NSA behind this slowness to implement TLS 1.2 in browsers? Or is it just standard chicken-and-egg issues vendor-side? Who knows? How can one know?
FYI, a small Washington Post article: "Obama administration had restrictions on NSA reversed in 2011":
“The [surveillance] Court documents declassified recently show that in late 2011 the court authorized the NSA to conduct warrantless searches of individual Americans’ communications using an authority intended to target only foreigners,” [Senator Ron] Wyden said in a statement to The Washington Post.
NSA works on commission. The more bad guys the find, the bigger their budget next year.
@ Nick P,
John Gilmore speculates on ways that NSA might have weakened IPSEC
I don't doubt it as John also mentions they got at mobile phones as well which I've mentioned a couple of times in the past.
Also it's not just the NSA or GCHQ it's representatives from all the "Five Eyes" countries and knowing that you can see the represetatives acting as a "tag team", all behind the backs of the elected politicians and the ministries directed aims and objectives.
If you look through the "standards" for phones you will find oddities that will cause you to think "why?" If you make enquires you will find the given reasoning as being "for safety" or some such, but it still feels odd. However if you view them as "hooks" or "stubs" for intel gathering then you get that strange short hair lifting feeling at the back of your neck which gives rise to the 100% definate feeling.
But much of it is hidden by layers of standards going back to the early post war years in the 1950s & 60s and originate from the old British Post Office labs. Back then the General Post Office (later to become BT) like the British Broadcasting Company had strong links to the UK intel services (MI6 & MI5, MI6 & DWS respectivly). The GPO and POlabs were at the leading edge of communications design and were largly responsible for the digitisation of telephone communications through the "System X" design that gave rise to the Integrated Switched Digital Network (ISDN) and Signaling System 7 (SS7) standards which are used world wide, chunks of which appear in the Group Special Mobile (GSM) standards (GSM makes more sense in French and many European commities and standards are named in French, this does not mean the French have much technical input, if they did we'd still be "out to lunch", no it's because as the old joke has it "If you let the French name it they will not look at what's inside").
One oddity of note is the ability to turn the microphone in a handset on to line without ringing or the subscriber operating the hook switch. The supposed "safety requirment" for this is the "fallen old lady"...
But it's not just standards the intel services stuck their noses into to manipulate things their own way. It included getting the design of a phone changed. Back in 1959 the design of the next generation of GPO phone came up it was the 700 series and the model of note was the Trimphone  which was angular and very "space age" and came to prominence in the TV series UFO. The handset of which looks very much like that seen in movies for military radios, and the first production run had MOD "drab" grey/green colouring.
If you look at the handset it's clear that it could not hold the standard mic used in the 600 series and earlier phones. So the design called for a new smaller inductance based mic not the old style "carbon granule" mic. This was a disaster for the intel services and they tried quite hard to get it killed off. But the then Post Master General Tony Benn MP was a fan of the design and pushed it through.
Why was it a disaster, well if you read Peter Wright's  "Spycatcher" book you will read about a "flooding" device which "jumped the hook switch" and thus did not require the "secret squirels" to make a line fault as an excuse to goto the subscriber premises and fit the equivalent of an "infinity bug" for them.
As I've mentiond before on this blog  the Trimphone was seen as a disaster by the intel/security services so they pushed for a design change which would put a different microphone up by the ear piece. This also ment that it had another advantage, the Trimphone like it's predcessors did not have a mute button fitted, most people therefor coverd the mouthpiece grill with their hand which was quite effective in the older phones. However with the moved mic in the Trimphone it was realy quite ineffective which ment that a conversation in the room still went to the line...
But also the shape of the phone when the handset was on hook acted as a reflector and increased the level of room audio that reached the mic so made the "infinity" mod more effective.
Due to the "designer looks" the Trimphone attracted higher rental than the type 600 series phones and thus it initialy went into executive offices, high end hotel rooms and executive and diplomatic homes which was a bonus for the intel services. Of the million and a half installed few of them ended up in everyday homes.
 Peter Wright's book "Spy Catcher" recieved much free publicity at the expense of Maggie Thatcher PM who tried unsuccessfully to ban it. One of Peter's work associates was Tony Sale of "Bletchly Park" fame, who kindly provided me with some of the back ground over the Trimphone saga and Tony Benn as well as a few other tit bits. He is sadly missed by those who knew him.
Just remember that the NSA isn't the only-one capable of subverting your systems; there are off-the-shelf tools available for any government or law enforcement agency. Your local government has probably procured some.
Via F-Secure's Mikko Hyponnen, here are some leaked slides on law-enforcement capabilities in taking over your PC via Gamma's FinFisher tool,
FinFly "can even infect switched off target systems when the hard disk is fully encrypted with TrueCrypt"
FinFly Web exploit can be used to do drive-by-infections and can be integrated by a local ISP to inject the module into Gmail or YouTube when the victim accesses those "trusted" sites.
Gamma hired the (at-the-time) main developer of Backtrack Linux (Martin Johannes Münch) to build attack tools for Gamma.
This leak may be part of a larger Wikileaks disclosure of 249 documents from 92 global intelligence contractors this past week:
"Can even infect switched off target systems (...)"
Being a gamer, it made me think of my mainboard, which allows the owner to update the mainboard bios with an USB stick inserted into the computer (an added usb port made for the mainboard, one has to press a button as well iirc). The computer can be in a powered down status (PSU has to be connected and turned on).
Obviously a system that is "fully" disconnected from power is not going to be "modifiable", but by far the majority of desktop systems are not "fully" disconnected.
If you hunt through a modern "business desktop" BIOS you will usually find an option for powering up the system on LAN activity. The usuall reason for having such a security weakness is for "Ease of administration".
Once you have a machine that does not fully power down and can power up from an I/O operation you have to start asking one heck of a lot of questions about "other I/O" being actually powered up. And then if it's hardware is capable of giving an interupt etc which could also bring the system up. After all from an enginering perspective it's the same cost to do two or more as it is just one. And Marketing would probably want to "advertise" it as a series of "extras" to up the profit margin. Which probably means that it's only a "software change" to implement it...
It's why some of my private systems are actually turned off at the power source (ie for home use get one of those power strips with a switch on it). It also saves you money, one system I measured which was Computer/monitor/printer/speakers was drawing just over 50watts when "supposadly" off which is about 440 units of electrcity every year, which in the UK is around 1GBP/week. Which from my perspective is one heck of an expensive price for easier administration...
Bruce in Wired. The wave repeats, now Apple can get your fingerprint[s] and sell them to gov't or the contractor doing background investigations. How long til the reader gets filled w/ dust?
@ Vas Pup,
DON'T USE THIS DRILL METHOD
The reason is the fine dust some of which will become air bourn, and even if not carcnogenic it could cause significant respiritory problems in later life (teachers who have breathed in"chalk dust" have been known to get the equivalent of silicosis).
The problem has been discussed before and unfortnatly it's problematicle.
Running a higherthan "operating voltage" on the pins will probably only damage the protection circuit or cause the bond wires inside the chip to act like fuses. Microwaving likewise is only going to damage part of the chip.
So if a well resoursed adversary removes the encapsulation they can in theory probe out the chip and recover data...
One option is heat, in that heating the chip up to a suitably high temprature will destroy both the chip packaging and chip, but the fumes will almost certainly be noctious and harmfull to human healt.
Blowing the device up realy won't work either unless you are using a cutting charge that produces plasma, the G rating of the chip in the packaging is so high you could fairly safely fire it out of any gun you could get your hands on.
Conc acid is an option but trust me any acid capable of destroying both the chip and it's packaging is not going to be something that can be handled without specialised equipment.
One method you could try is with a strip of mild steel and forge. Get the chip off the PCB, fold the steel to make a clip or pocket into which you put the chip, cold hammer the steel around it and chuck it on the forge untill it glows orange, pull it out and first welt the edges and then hammer it out flat heating back to orange as required. When you've got it tight to the chip stick it back in the forge for a while untill it's glowing bright orange and the steal is getting soft, then chuck it in a bucket of water the total thermal shock should (if my back of a napkin figures are correct) cause the chip to become un recoverable. When fully cold take it down to a scrap merchants and lob it in the scrap iron (amongst the stolen manhole covers).
Alternativly only ever use AES-256 encryption on every single file at the application level and then use an appropriate file system encryption container to store them in and use random number/char names for the encrypted files.
Those pesky little flash chips may be cheap and easy to use but they are without doubt an OP-Sec nightmare for a whole host of reasons. Which is why I don't use them for anything sensitive at any time. I use QIC or DAT tapes they are quick to degause and their curie point is down in the "yard fire" range but melt into a usless blob long before that. Write once CD/DVD work almost as well but you cann't degause them just cook em off in a microwave prior to the yard file. Also I've been told that cooking them is not as effective as once thought, the fireworks don't destroy all the pits reliably, so theoreticaly...
As Nick P and Figureitout will apreciate I've looked into ceramic sleaves lined with thermite and electricaly ignited for both individual tapes and CD/DVD. The problem is they "gas out" which can be dangerous so need a coregated surface on the thermite pressing. I've found "copper"thermite to perform better than "iron".
--Just for paper (rolled up), what about a simple spring pushing on a V-coil cigarette lighter that has an inner layer of metal screening and pops open when activated for O2. All OTPs made in differing secret areas, pre and post wipe on glass, single sheets, meeting commands transmitted in the clear for ease of use, or even just use hotmail lol. Not talking about moving books either, just a few slivers of paper.
You forgot the used 'nappy' too. :)
OFF Topic :
Many see NSA director Keith Alexander as a criminal without concience of any kind.
However his predescor Michael Hayden had significant misgivings about him and in effect viewd him as not just some one who would bend laws past breaking point but do it recklessly as well,
I guess it would be negligent of me to say to use open radio comms and "hotmail"(!) w/o trusted OTP's. Of course I would prefer someone competent enough to learn a unique form of morse aka my binary OTP; and...my mode. These initial meetings would be used to gauge a potential communicator. From there the protocols would get goddamn disgusting and original...and some background checking would take place...Been doing this for too long, so simple so if you want to play let's play and I will find you.
@ Nick P
Re John Gilmore's post I was confused by the point where he says use a different IV for each packet instead of each session. Sounds like overkill and a real drain on the RNG..
Dear Mr. Schneier,
you have worked with the NSA and several other government agencies in the past. What kind of security clearances do YOU have? And how do they affect your reporting, and about what you may speak publicly?
Looking forward to your reply.
What kind of security clearances do YOU have?
You do not seem to be familiar with the process or requirements of obtaining and retaining a security clearance. In short: you only tell on a clearly defined need-to-know basis, and you definitely don't talk about it in public. The simple reason for this requirement is that advertising your clearance may make you a target for people interested in what you know or what you have access to. That's neither in your best interest or that of your employer/customer.
I have mentioned on this blog on one or two occasions that at some point I held some security clearance, which at that time had already expired for quite a while. Rest assured that I wouldn't be telling you squat about any others I may or may not hold today because revealing this information serves no public interest whatsoever and as such is really none of your business.
I'm pretty sure Bruce sees it the same way.
"Re John Gilmore's post I was confused by the point where he says use a different IV for each packet instead of each session. Sounds like overkill and a real drain on the RNG.."
Funny you say that because I thought the same thing. The numbers could come from a stream-cipher style CRNG. They spit out numbers like a firehose. Issues like these are why I prefer military-style link encryption with stream encryption where possible. You worry less about these things.
Honestly, though, I can't shed much light on what he was getting at as I'm not a cryptographer. I remember when I worked with crypto systems we kept keys and changed IV's for different pieces of data. He seems to imply they recommended the same IV across many pieces of data (ie packets). That weakens the security for sure. But how practical an attack does it make? Was it made practical by combining it with other things such as RNG or fallbacks to weak algorithms? I'm not sure.
It looks like nothing is safe. Encryption beaten in just 30 secs. I have disabled http compression on firefox.
I am surprised this isnt on the main page.
So if a US President (because of one "emergency" or another) declares martial law and what-else, the government will by that time have considerable power. But perhaps it wont happen until they have first gotten rid of paper currency. People's lifes are so much easier to destroy when all their money is on the web too - and security no longer exists.
NSA = National Socialistic Administration
OFF Topic :
More on the personality "quirks" of NSA's Alexander,
Whilst the "Patric Stewart" bit is amusing what I can not get out of my head is the "Evil Genius & Mad Prof sidekick" image...
I now mentaly think of "Dispicable Me" and all those NSA workers as the yellow "minions" with squeaky voices and school humour and behaviour...
OFF Topic :
I've been told in the distant past that when trying to asses a political issue you have to look not just at the merits or not of the argument but also the personalities, motivations and affiliations of those involved in the argument.
I've since realised this is because in politics the actual policy or point being argued is not the war or battle but at best a side scirmish.
In that light over in the corner we have Stewart Baker and various postings on his "skating on stilts" blog about the Ed Snowden and the journalists involved.
But before reading what he says first read about the man,
So hopefully fore warned, onto his "publicaly expressed" personal view from his dug out,
OFF Topic :
The German Government is getting quite upset over the USUK interception of their communications.
The latest upset from the Ed Snowden releases is about Blackberry smart phones. We know that the personal use of a Blackberry is by no means confidential. But many had assumed the Busines version was confidential, and the German Government has awarded a contract on the strength of that assumption.
It turns out the assumption is false as De Spiegel has published (in english),
@Clive about Stewart Baker
thank you for that interesting information. Would not surprise me if Stewart Baker is culpable, considering that he served in an influential role under Bush administration.
Noticed a nice DOS attack on my dumb phone the other night. Nice whoever did it, keep showing me more attacks; guess you won't find mine but enjoy it. I just adapt.
Wow, a great example of disassociative thinking. Stewart's primary concern rests with the "ágency". He's not worried about the damage to the public, it is the Gaurdian's unfair treatment of MI5/6. This is the best example to date of what Orwell described as newspeak.
He's a danger to thr public and he is providing congressional testimony. He also mentioned treating hackers to summary judgement. So, to paraphrase the way government sees the public--to hell with due process. Guess this is the canary for the 5th amendment.
I guess it is time to don the moccasins, need to brush the dirt behind me and cross a few stream beds. Now where am I to get war paint?
OFF Topic :
A couple of items of interest,
Another perspective on the NSA 'fist within a glove' mentality,
Do you rememberr Obam's promise to set up a committy to look into the goings on at the NSA?
Well it's becoming clear it's purpose is to simply delay and deflect and achieve nothing that US citizens might want, in fact almost exactly the opposit.
Basicaly it's been split into two groups, first the tech industries (legal/accounts?) Representatives nice and close to the center of the action. And the privacy groups two miles away in a box room where the government related representatives were a no show.
Apparently all the first group were talking about was improving their bottom line and not becoming subject to litigation.
So rather than curtail the NSA's activities they want more money and less risk for more of the same...
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.