Friday Squid Blogging: Giant Squid Caught by Japanese Fisherman

It’s big: 13 feet long.

The fisherman was stunned to discover the giant squid trapped in his net, having been caught at a depth of around 70m, about two-thirds of a mile from the coast.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Posted on January 24, 2014 at 4:15 PM86 Comments


Saul Tannenbaum January 24, 2014 5:44 PM

For readers of this blog in the Boston/Cambridge area, there is an event of note this coming week:


Harvard Law School, WCC 2019, Milstein West
Tuesday, January 28, 2014 12:00 PM – 1:00 PM

Report and Recommendations of The President’s Review Group on Intelligence and Communications Technologies

Featuring Professor Cass Sunstein, Robert Walmsley University Professor. Professor Sunstein is a member of the President’s Review Group on Intelligence and Communications Technologies

c January 24, 2014 8:37 PM

Has anyone any thoughts on how to solve the Cicada 3301 puzzle?

There are currently 3 2048 bit strings which were posted as well as a 5×5 magic square and an image which reads “The primes are sacred. The totient function is sacred. All things should be encrypted.”
The 3 strings appear to be random. It is thought they might be used in RSA but their purpose is unknown. All three strings are composite. Two of them are even. A previous step in the puzzle was to factor a 443 bit RSA public key to decrypt a message. There has been much more to the puzzle but this is the part that remains unsolved. What are the three strings and how are they used?

Buck January 24, 2014 11:15 PM

I still don’t seem to be able to get over the lack of a date posted on documents reported by the Washington Post in the story “NSA seeks to build quantum computer that could crack most types of encryption (January 2, 2014)

Though based on other document dumps input thus far, I’d imagine the described item is dated approximately 2006-2008..?

If the spooks aren’t seeing any seriously spooky action (at a distance?) by now, then it might not be any wonder why they spy on everyone… Cheating in a losing game can’t be considered much worse than not playing at all, once you know you’re busted! Or perhaps (as with all the “leaks” we’ve seen so far), they’re just under-playing their hand…

Here are some corporate press releases and university research results since then… Certainly, advancements made in military applications would not be published like these have been…

But first, let’s start off with a wonderful POC from 2001! I suppose there’s probably not much reason to take this work any further than confirmation in the academic world… (atleast not when taking into account bits vs. bucks provided by opportunities in the ‘intelligence’ world 😉

Experimental realization of Shor’s quantum factoring algorithm using nuclear magnetic resonance (December 20, 2001 – IBM)

Quantum computers, however, could factor integers in only polynomial time, using Shor’s quantum factoring algorithm. Although important for the study of quantum computers, experimental demonstration of this algorithm has proved elusive. Here we report an implementation of the simplest instance of Shor’s algorithm: factorization of N=15 (whose prime factors are 3 and 5). We use seven spin-1/2 nuclei in a molecule as quantum bits, which can be manipulated with room temperature liquid state nuclear magnetic resonance techniques. This method of using nuclei to store quantum information is in principle scalable to many quantum bit systems, but such scalability is not implied by the present work. The significance of our work lies in the demonstration of experimental and theoretical techniques for precise control and modelling of complex quantum computers. In particular, we present a simple, parameter-free but predictive model of decoherence effects in our system.

First universal programmable quantum computer unveiled (November 15, 2009 – NIST)

The experimental device uses beryllium ions to store qubits in the way they spin while the laser-pulse quantum gates perform simple logic operations on the qubits. The trick to making a quantum logic gate is in designing a series of laser pulses that manipulate the beryllium ions in a way that processes information. Another laser then reads off the results of the calculations.
“Once we had demonstrated we could successfully combine lots of components in this way, we ask: what can you do with that?” says Hanneke.
They found their answer in quantum computational theory. “One of the more interesting results to come out of the early years of quantum information was that you can do any quantum operation on any number of qubits using only single and two-qubit logic gates,” says Hanneke. Although one and two-qubit gates have already been built and used to perform specific algorithms, no one had yet built a device capable of all possible quantum routines. Until now.

Quantum Computer Simulates Hydrogen Molecule Just Right (January 28, 2010 – Harvard University)

“Every time you add an electron or other object to a quantum problem, the complexity of the problem doubles,” says James Whitfield, a graduate student at Harvard and second author on the paper. “The great thing,” he added, “is that every time you add a qubit to the computer, its power doubles too.” In formal language, the power of a quantum computer scales exponentially with its size (as in number of qubits) in exact step with the size of quantum problems. In fact, says his professor, Aspuru-Guzik, a computer of “only” 150 qubits or so would have more computing power than all the supercomputers in the world today, combined.

D-Wave Systems sells its first Quantum Computing System to Lockheed Martin Corporation (May 25, 2011 – plus plenty more pretty interesting press releases from D-Wave)

“D-Wave is thrilled to establish a strategic relationship with Lockheed Martin Corporation,” said Vern Brownell, D-Wave’s President and Chief Executive Officer. “Our combined strength will provide capacity for innovation needed to tackle important unresolved computational problems of today and tomorrow. Our relationship will allow us to significantly advance the potential of quantum computing.”

Computer architecture recreated on quantum device (September, 1 2011 – University of California, Santa Barbara)

Another important feature of the system is that the quantum memory can retain quantum information for much longer than the qubits. Such long “coherence times” are another practical requirement of a quantum computer. While the fidelity of the qubit states dropped below 20% after about 400 ns, the fidelity of the memories stayed above 40% for at least 1.5 µs.

Digital quantum simulator realized (September 1, 2011 – IQOQI)

The Innsbruck physicists use the building blocks of a quantum computer for the simulation. The mathematical description of the phenomenon to be investigated is programmed by using a series of laser pulses to perform a quantum calculation with atoms. Laser-cooled and electrically trapped calcium atoms are used as carriers of quantum bits (qubits). “We encode the desired initial state of the system to be investigated in these qubits and implement the operation sets by laser pulses,” explains Christian Roos. He and his colleagues have demonstrated this method in two experiments at the IQOQI and the University of Innsbruck using up to 100 gates and 6 qubits. “One of the new scientific results is that interactions and dynamics can be simulated that are not even present in the quantum computer,” says the enthused Benjamin Lanyon.

IBM Research Advances Device Performance for Quantum Computing (February 28, 2012 – IBM)

Core device technology and performance metrics at IBM have undergone a series of amazing advancements by a factor of 100 to 1,000 times since the middle of 2009, culminating in the recent results that are very close to the minimum requirements for a full-scale quantum computing system as determined by the world-wide research community. In these advances, IBM stresses the importance and value of the ongoing exchange of information and learning with the quantum computing research community as well as direct university and industrial collaborations.

In this latest progress in device performance for quantum computing IBM acknowledges support from IARPA through the Army Research Office contract W911NF-10-1-0324.

300 atom quantum simulator smashes qubit record (May 1, 2012 – NIST)

“The projected performance of this new experimental quantum simulator eclipses the current maximum capacity of any known computer by an astonishing 10 to the power of 80. That is 1 followed by 80 zeros, in other words 80 orders of magnitude, a truly mind-boggling scale,” Dr Michael Biercuk, at the University of Sydney, said. “[It] has the potential to perform calculations that would require a supercomputer larger than the size of the known universe – and it does it all in a diameter of less than a millimetre.”

Launching the Quantum Artificial Intelligence Lab (May 16, 2012 – Google)

We’ve already developed some quantum machine learning algorithms. One produces very compact, efficient recognizers — very useful when you’re short on power, as on a mobile device. Another can handle highly polluted training data, where a high percentage of the examples are mislabeled, as they often are in the real world. And we’ve learned some useful principles: e.g., you get the best results not with pure quantum computing, but by mixing quantum and classical computing. (link seems a little unreliable… try refreshing or maybe?)

New qubit control bodes well for future of quantum computing (January 11, 2013 – Yale University)

The Yale physicists successfully devised a new, non-destructive measurement system for observing, tracking and documenting all changes in a qubit’s state, thus preserving the qubit’s informational value. In principle, the scientists said, this should allow them to monitor the qubit’s state in order to correct for random errors.

Los Alamos reveals it’s been running quantum network for two and a half years (May 7, 2013 – Los Alamos National Laboratory)

In a recent paper available on arXiv, a team of researchers at New Mexico’s Los Alamos National Laboratory has revealed they’ve been running a quantum network for 2 1/2 years. The network is hub-and-spoke based, the team reports, and allows for perfectly secure messaging except at the hub.

Researchers smash through quantum computer storage record (November 14, 2013 – Simon Fraser University)

The research was led by a team at Canada’s Simon Fraser University, and is described in a paper published today in Science. Researchers say they were able to bring the bits of quantum data – what are known as qubits – from their frozen state at -452.2 degrees Fahrenheit up to a warm 77 degrees Fahrenheit without destroying all of them. The qubits could even be read later on.

Though surviving for 39 minutes may not sound like very long, it only requires one-hundred-thousandth of a second to perform an operation on a single qubit. So theoretically, over 20 million operations could be performed before the qubits’ data decayed by 1 percent. “Having such robust, as well as long-lived, qubits could prove very helpful for anyone trying to build a quantum computer,” Stephanie Simmons, a co-author of the paper, says in a statement.

Quantum Artificial Intelligence Laboratory (December 6, 2013 – NASA)

Quantum Artificial Intelligence Laboratory (QuAIL) is NASA’s hub for an experiment to assess the potential of quantum computers to perform calculations that are difficult or impossible using conventional supercomputers. They welcome researchers at other institutions who are interested in collaborating with the QuAIL team in these areas to contact the QuAIL team.

Peeking into Schrödinger’s Box (January 20, 2014 – University of Rochester)

Direct measurements consists of two types of measurements performed one after the other, first a “weak” measurement followed by a “strong” measurement. In quantum mechanics the act of measuring a quantum state disturbs it irreversibly, a phenomenon referred to as collapse of the wavefunction. The trick lies with the first measurement being so gentle that it only slightly disturbs the system and does not cause the wavefunction to collapse.
“It is sort of like peeking into the box to see if Schrödinger’s cat is alive, without fully opening the box,” said lead author Dr. Mehul Malik, currently a post-doctoral research fellow at the University of Vienna and who was a Ph.D. student in Boyd’s group when the work was performed. “The weak measurement is essentially a bad measurement, which leaves you mostly uncertain about whether the cat is alive or dead. It does, however, give partial information on the health of the cat, which when repeated many times can lead to near certain information as to whether the cat is alive or dead.” Malik adds that the beauty of the weak measurement is that it does not destroy the system, unlike most standard measurements of a quantum system, allowing a subsequent measurement – the “strong” measurement of the other variable.
This sequence of weak and strong measurements is then repeated for multiple identically prepared quantum systems, until the wave function is known with the required precision.

Can’t help but wonder if the “weak” measurements in that last experiment don’t actually drive the experimenters towards their desired “strong” solutions…

A great jumping off point also exists at (though many of the linked articles are behind a paywall).

Like the little gem of a nugget of a bombshell dropped in the last paragraph of Der Spiegel’s three page report on TAO operations …

Take, for example, when they intercept shipping deliveries. If a target person, agency or company orders a new computer or related accessories, for example, TAO can divert the shipping delivery to its own secret workshops. The NSA calls this method interdiction. At these so-called “load stations,” agents carefully open the package in order to load malware onto the electronics, or even install hardware components that can provide backdoor access for the intelligence agencies. All subsequent steps can then be conducted from the comfort of a remote computer.

… As so, it may be more telling: the fact that it was felt necessary to circulate an internal memo in 2011 regarding the classification status of quantum advancements; rather than the fact that at some point of time in the last decade, some amount of non-clandestine monies were wired to support such an endeavour…





ChristianO January 25, 2014 5:14 AM

Biometrics for identifying people in a distance using microwaves and checking their cardiac signals.

And if you speak some German. In the article a phd of law argues that it may be legal for Germans to fire weapons at the US embassy in self defense, as the German government fails to protect them from the NSA. This seems bollocks, still if a phd in law argues for it. This could become a security problem if someone believes into the argument and is frustrated on spying by foreign powers.

Evan January 25, 2014 8:17 AM

ChristianO: I’m no lawyer, but if the meanings of words in German legalese (Rechtisch?) is anything resembling those of the vernacular language, that reasoning can’t even be remotely cogent. “Spies in another country are reading my webmail so I’m shooting that country’s diplomats” wouldn’t even fly in Texas.

Clive Robinson January 25, 2014 8:28 AM

@ ChristianO,

    Biometrics for identifying people in a distance using microwaves and checking their cardiac signals

Yes I’d heard about this some time ago and like you thought “creepy” and likewise as @ Mike The Goat indicates it’s got privacy issues…

It also has medical issues, the NRPB issued guied lines on EM exposure in some of the lower microwave bands. Where as they once were thought of as “safe limits” many people regard them as “only safe for very short term exposure”. This is because the NRPB figures were based on “heating effect of EM energy – cooling effect of blood circulation” current thinking indicates there are celular division and other biological issues even though the EM energy is non-ionising.

That said I’ve not thought about protection or subversion techniques untill today after a quick scan through the patent.

Here is a sugestion a “body warmer” style garment with an inner heat+RF reflector conducting layer, with a middle layer of “carbon loaded foam” which will act as both a heating element and RF absorber and an outer wiring mesh layer it should also have some nonlinear component which has a square or higher power function. This conducts current to all parts of the foam with a return via the inner conducting reflector, the heating current is “modulated” with a generic “heart waveform”.

Thus when “illuminated” by a microwave source the current in the mesh will reflect the microwave signal with the generic waveform, however the residual beam not reflected will be absorbed by the foam on the way in and a second time having been reflected by the inner layer.

yeah January 25, 2014 9:04 AM

@ clive

would that wire mesh also short out the taser electrodes too? the heat signature would be low and easily made ir camera camoflage with just a few more old cardboard boxes to kill that lit up spot.

BlackAngel January 25, 2014 11:46 AM

Because of Cameron’s superior moral understanding and intelligence, he realized he could become a crusader to guide everyone and protect them from hurting themselves — it is well known that terrorists are not the only threat to people, but above all their own selves… for they lack moral understanding of deducing right from wrong… and the interwebz often ninja attacks them, getting them internet addicted and worse they do not know how to evade porn.

And so you have this manner of lunacy come about:

Who thought a man in the free world would look to cults and totalitarian countries as role models for leadership?

Maybe he can use his superior thinking skillz next for fighting those pesky chairs and low tables that keep attacking people, banging their feet and knees…

Is this the hubris of leadership, they wonder, “I get paid more to do less, and boss people around more… the better I can boss people around, the higher in society I rise and the more I make… therefore I must protect people for they do not know their left hand from their right”?

What is next, Morality Police?

Oh wait.

Skeptical January 25, 2014 12:16 PM

Last week the US Government declassified and released an additional 24 FISC orders and memoranda relating to the telephone metadata program.

Among other things, the safety procedures required in those orders include the logging of every access of the database, the destruction of the results of any queries made after 5 years (probably less than the length of time some telecom providers keep business records), and numerous particularized reports and checks.

Contrary to the claims of some, there is no permanent record being kept, and not any analyst can simply tap into the database (much less do so without being logged and included on reporting).

Clive Robinson January 25, 2014 12:23 PM

@ BlackAngel,

    Because of Cameron’s superior moral understanding and intelligence, he realized he could become a crusader to guide everyone and protect them from hurting themselves

First off you forgot to mention who this numpty called “Cameron” is, because contrary to what his ego and yes men advisors view point he’s not universaly recognised even in his own back yard…

For those that have the luck to not have been effected by the moronic twerp who could not hack it as an assistant PR person, David Cameron is a buffon from the Bullingdon club who is currently the UK Prime Minister. And he was not actually elected into the post the Conservative Party of which he is part of actually got less votes than the other major UK party (Labour). But what scares Cameron more than anything else is another Bullingdon Club member who you might of heard of, one Boris Jhonston AKA BoJo who is the Mayor of London (not the Lord Mayor of London who technicaly out ranks BoJo who is appointed by the very secretive Corporation of London).

Any way, back to Cameron’s “No Sex Please We’re British” firewall it’s not as though this “naughty word within a word” problem is unknown in England. Just ask the council workers in the town of Scunthorpe who stoped geting emails after their “naughty word” firewall was installed some years ago…

BlackAngel January 25, 2014 1:01 PM

Among other things, the safety procedures required in those orders include the logging of every access of the database, the destruction of the results of any queries made after 5 years (probably less than the length of time some telecom providers keep business records), and numerous particularized reports and checks.
Contrary to the claims of some, there is no permanent record being kept, and not any analyst can simply tap into the database (much less do so without being logged and included on reporting).

Ah, then, Everyone go home. We are perfectly fine & dandy! Everything is on the up and up and we double pinky swear there is no way for abuse, never ever!

Now, then, you can also give us all your money, as well, because the more money you give us, the more you show you love Jesus! Makes sense, right!

Trust Us.

Because you know — we trust you!

That is what good spies do. Trust everyone.

Corruption does not exist, everyone is perfect and full of brilliant competence and love.

BlackAngel January 25, 2014 1:10 PM

@Clive Robinson

Any way, back to Cameron’s “No Sex Please We’re British” firewall

Lol! 🙂

Actually, Clive, not being from Britain, though I guess I read quite a bit from there and have some angelphile – I mean anglophile – relatives… what on earth is the reasoning behind such a thing? I have read “politics”, but why would anyone want this?

Or how does this prop up Cameron? I am sooo confused.

What else can we do to copy totalitarian countries? They should lead the way into the future! Look at how well their 1% live, perhaps??

Speaking of:

(Not to slam China and the Chinese… but I do believe they should follow us, and not us follow them. If there is still an “us”, a “Free World” at all — or if there ever was. Maybe just some clever PR stunt? Lol.)

Clive Robinson January 25, 2014 1:20 PM

OFF Topic :

An informant frames a shop owner, but the evidence to clear him is on his shop security system that the police have taken and the DA refuses to release and tells a court the footage is irelavant. Turns out it’s not as can be clearly seen when the footage is finaly released…

The moral is two fold, firstly security footage can clear your name, but only if you can get at it… so secondly make sure you have a double recording system where the second unit is well out of the Police and DA’s reach otherwise they might just lose the first, damage it or erase it…

name.withheld.for.obvious.reasons January 25, 2014 2:12 PM

@ Skeptical
Contrary to the claims of some, there is no permanent record being kept, and not any analyst can simply tap into the database (much less do so without being logged and included on reporting).</>
And why would there be such a record? I don’t know why you keep defending the indefenseable.

Clive Robinson January 25, 2014 2:23 PM

OFF Topic :

As some of you know I’ve a bit of a downer on many of the ways software is written, and complain that the process lacks egineering or science in the main, and refere to the process as either Artisanal or Code Cutting.

Well part of my viewpoint comes from having worked on Safety Critical and Intrinsicaly Safe systems using both hardware and software designed from the ground up, as well as having worked on medical electronics that could kill you very very easily if designed only to work correctly not work safely.

Well now the Space Transport System (STS) aka the Space Shutle is nolonger with us it’s interesting to look back at how they did their software,

Now I know such development is impractical for the majority of end user programs, but I feel there is one area that we should consider this sort of design, not for reliability (that’s “designed to be correct”) but for security (which is “designed to be safe”).

So for those talking about designing and writing their own secure OS for their own design of hardware give a thought to “design safe”.

Clive Robinson January 25, 2014 3:20 PM

@ BlackAngel,

British politics like British sex is something best not asked about unless you are suitbly prepared. Whilst in theory it’s simple (compared to the US way of electoral colleges etc etc which I suspect even Americans don’t get oh and gerrymandering only alowed every ten years…) it has subtelties that make life interesting trying to explain them.

David Cameron is shall we say a bit “image concious” and wants to appear “right on” but lets be honest is a “right turn off” for most. He has been trying to appeal to the “Silver Surfers” who actualy vote (unlike the dienfranchised Ouff). Now one thing that gets conservative voting grannies and grandads going is sex… no not the way you think.

Apparently the “feckless youth” are at it all the time spreading desease and coruption all over the place and getting pregnant to get a leg up on social housing which obviously takes resources away from looking after the bowling greens in the public parks etc etc.

Now the Heroin of the old fuddies is the saintly “Mary Woodhouse” who in the 1960’s and 70’s stood up to the BBC and all that “not nice” things they were broadcasting.

So Smarmy Dave in order to get votes and to distract people from what “Gidiot” the chancelor is doing to the economy is slurping up to the fuddies by way of “Think of the Grandchildren”. But it’s not just about votes I think even Smarmy Dave realises that his ego and yes men are probably not going to swing the next election in his favor. So even though he has a very large trust fund and wealthy wife etc he still has a sense of entitlement to more not just now but in the future. So he’s looking for a few nice directorships paying 20,000USD/hour etc oh and a few nice millions dropping into party coffers just so he has something to blow come election time. So the idea of handing out usless contracts for unwanted IT infrustructure is just the wheeze to do it. After all if the banks can create faux markets and cream a nice fat percentage of the top then so can Smarmy Dave…

That said the link to China and the hazardus product and the unpalatable fish diet…

Well it’s been going on for years in the UK after WWII we had significant food shortages, and research went into intensive farming. And guess what it was found that feeding ‘poo’ to animals made them grow faster… This I guess was based on the observation of rabbits and their natural eating habits… The science behind it is basicaly large herbivours don’t take much nutrition out of what they eat so feed them food that is in effect “pre-digested”…

But if you go back getting on for a thousand years or so you will bump into the Holy See ordinance about “fish on fridays” well unless you lived on the coast you would not be getting fresh seafood. So what we now call “fresh water aquiculture” started with “fish ponds” and it was known back then that carp grew quickly and fatly on horse muck and to this day thats what they shovel into carp ponds…

Similar things have been discovered such as chickens and chicken poo mixed with egg shells, Pigs need for nitrogen means some of their “wee” gets recycled etc etc…

As has been said of humans “you are what you eat” which is probably the reason much of our food tastes like 541T and is missing much in the way of essential nutrition for the development of the brain and nervous system but not for the production of lipid stores…

Benni January 25, 2014 4:58 PM

Actually this german phd is about the spy antenna on the rooftop of the german embassy. The station on top of that embassy emits radar waves and collects phone conversations. According to this phd candidate, if a german, who feels threatened by that spy station on the rooftop, could first ask the police to do something about this. And when they finally say that they can’t, it could perhaps be lawful that the german, in self defense, takes a rifle, and shoots on these illegal antennas. This is, of course very theoretical. I think the walls are thin enough that radar and other emissions pass them, but they maybe thick enough to stop a bullet.

This is very theoretical because according to laws, “acting on self defense” requires that the victim must have a clear situation from which she must defend hermself. Unfortunately, it is not clear at all, who the persons are, whose phone calls get recorded by the antenna of the US Berlin embassy on the rooftop. The only phone number we currently know is angela merkel’s.

If the US had not told her that they would stop their surveilance, then indeed, it could perhaps be that merkel would have had a right to shoot on the spy antennas in self defense.
However, the germans have also an obligation to protect the embassy against attacks, even lawful attacks. For lawyers, this may indeed be an interesting problem.

I personally would find it more interesting, if some hacker would make detailed measurements of radar and other emissions from that embassy rooftop. Then we would have confirmation that the US has depoyed radar bugs in berlin.

Benni January 25, 2014 5:02 PM

Oh i see this Zeit article was not from a phd candidate, it was from a law professor at a university.

name.withheld.for.obviuos.reasons January 25, 2014 5:55 PM

@ Clive Robinson
As some of you know I’ve a bit of a downer on many of the ways software is written, and complain that the process lacks egineering or science in the main, and refere to the process as either Artisanal or Code Cutting.

The way I see it, you are the necessary protagonist. I’ve written a white paper covering contemporary engineering and R/D and suggest that many lessons from the past are forgotten or ignored. So you just keep slinging it Clive.

Oh, and I thank both you and Iain for the info.

Clive Robinson January 25, 2014 7:07 PM

With regards the US embasy in Germany and the right of self defence (of ones privacy), I suspect the Law Prof is right as far as the letter of the law is concerned.

The reson I say this is because of the way legislation is generaly written to get maximum coverage with minimum actual laws. You get these strange edge cases poping up.

However I suspect that in the unlikely event it ever happened and got to court a judge would take a less edge case view and consider other aspects such as public safety when it would be expected that a certain percentage of bullets would either not hit the target or pass through.

So a less leathal form of self defence might well be treated differently to firing a gun, and potentialy be exceptable.

However it’s not just privacy that needs to be considered…

Purposly aiming a source of EM radiation at people at a sufficient level could be regarded as “intention to harm” members of a civilian population of a foreign nation. Which is an “initial act of war” and very much against international treaties that the US is signitories to. Initiating acts of war are one of the few crimes diplomatic immunity does not cover, and a tribunal could pass the death sentance on…

From a technical aspect there is another issue, what is the tolerance of the embasy roof equipment to HERF.

It’s actually not that difficult to take a 1KW microwave oven appart and fabricate a suitable length of wave guide and horn antenna to illuminate a large SatTV dish or other high gain antenna structure mounted on a roof adjacent to or overlooking the US roof top. I know from practical experiment you can easily fry CCTV cameras with a quater the power and one tenth the antenna gain at fifty to one hundred feet and IR alarm sensors at double that. So this expensive covert equipment could be even more vulnerable as the frequency microwave ovens use is more or less in the middle of the equipments pass band.

Benni January 25, 2014 7:44 PM

The german self defense laws are these: and these
According to the first link $227 “Notwehr”, self defense is what it takes to defend against attack.

For this, it must of course be proven that someone wants to do an attack. And the defender may only do “what is necessary” to prevent the attack. Shooting is perhaps not necessary.

However, according to the last link § 228 “Notstand”, one is allowed to destroy things that belong to others if the destruction is necessary to prevent danger and if the destruction is in relation to the danger.

As I read it it would perhaps be lawful indeed, to overclock their instruments with a horn antenna.

Adjuvant January 25, 2014 9:44 PM

One further wrinkle I’m surprised nobody has yet touched upon: how would Article 22 of the Vienna Convention on Diplomatic Relations of 1963. apply here? I imagine German law must make some relevant provisions as part of German ratification of that treaty.

Article 22

1. The premises of the mission shall be inviolable. The agents of the receiving State may not enter them, except with the consent of the head of the mission.

2. The receiving State is under a special duty to take all appropriate steps to protect the premises of the mission against any intrusion or damage and to prevent any disturbance of the peace of the mission or impairment of its dignity.

So, are there specific provisions in German civil or criminal law that would apply to the violation of the premises of a foreign diplomatic mission?

Fred January 25, 2014 10:53 PM

Spoiled Onions: Exposing Malicious Tor Exit Relays



What the “Spoiled Onions” paper means for Tor users


Scientists detect “spoiled onions” trying to sabotage Tor privacy network
Rogue Tor volunteers perform attacks that try to degrade encrypted connections.

Vatos January 26, 2014 12:06 AM

In the light of the Target breach, are there any organisations pushing for changes to the law regard breach notifications? Do they have evidence that their claimed improvements will actually accomplish anything?

Clive Robinson January 26, 2014 2:17 AM

@ Fred,

The thing to remember about TOR is that it’s limited guarentees of security only apply to traffic inside it’s network not outside it.

So all the usuall attacks will still work between you and the TOR entry point you are using and between the TOR exit point and the server you are connecting to.

As was pointed out many years ago TOR does not stop traffic analysis so anyone who can see both the entry and exit nodes can cross correlate trafic and identify the sender and receiver. Whilst this can be fixed by well known techniques it’s currently not, because it’s perceived by the designers that users preffer low latency connections in preffrence to the added security adding latency would provide. Partly the reason for this is a somewhat misguided belief that seeing both ends is beyond the abilities of all attackers. As Ed snowden has shown the NSA certainly has enough network connectivity to do this for traffic within their monitoring area which with other 5eyes is a very sizeable fraction of the Internet due to the network virtual topology not physical geography.

As for the paper the researchers only identified gates that were doing things that could be clearly identified such as blocking traffic or presenting bogus certs. As we know there are many more attacks that don’t give the clearly identified signs the researchers were looking for.

Thus as an analagy they were only looking for “low hanging fruit” “script kiddy” type attacks not proffessional or state level actor attacks.

And if you think back it was not so long ago that several CAs got hit and fake Certs with genuine signitures from CAs were being stolen and used. Further we know that the likes of the USA and Israel are not above getting access to signing keys from Stuxnet et al worms, and also appear to have ways of finding collisions in some hashes.

So the research was not setup to find state level actors just “home experimenters” and it found some. But that leaves the question of how many other TOR exits are compromised that they did not detect?

That is they found the “low water mark” not the “high water mark” and it’s high water events that do the damage that you should be worrying about.

Now I know it sounds like I’m running TOR down, but you have to consider what you are trying to do and the threats you are trying to avoid.

One threat is “drawing attention to your self” the problem with TOR and other similar systems is that in the sum of things they only have a very very tiny fraction of the Internet users who either have something to hide or are ideologicaly opposed to the likes of the NSA et al, so as far as the NSA are concerned all TOR users are “persons of interest”.

If people can remember back far enough when PGP first appeared one of Phil Zimmerman’s points was that PGP had to be used as standard by everyone to get over this “sore thumb” issue. It is only now after the Ed Snowden revelations that people are finaly taking note, with more and more sites switching to HTTPS by default and some others actually using encryption for mail transport.

But the reality is it’s still to little and in some cases to late. Further there’s the issue of capacity TOR is way way to little in capacity if just one percent of Internet users decided tomorow to switch over it would be swamped and probably break. This would give almost instantly give it a poor reputation.

The way to put the NSA et al back in their box is by changing Internet Standards to do the required level of security without having to involve the users so it happens automaticaly in the background. The problem is the NSA et al know this which is why they have been weakening standards since the 1950’s or using preventative legislation. Acording to some people CALEA (US) RIPA (UK) and much other similar legislation can be read in such a way that it applies to the equipment that “you touch” not that belonging to your service provider.

The logic is basicaly that applied by telco approvals bodies where a PABX is defined as any device capable of switching a call, so a simple cordless phone with one handset is not a PABX but one with two or more handsets be they corded or cordless is a PABX…

Thus any computer is capable (by design) of switching calls etc so it’s switching equipment which means it’s equivalent to exchange equipment and thus subject to the provisions of the legislation.

TOR is without doubt “switching equipment” and sooner or later somebody is going to get a knock on the door with a CALEA or similar order wrapped in an NSL or equivalent, shortly after someone has quite deliberatly pushed some kind of IP telephony through that TOR point…

Ben January 26, 2014 2:47 AM

@Clive Robinson: ” the Conservative Party of which he is part of actually got less votes than the other major UK party (Labour). ”

That’s not so: Tories 36.1%, Labour 29.0%, LD 23.0%

This was insufficient to get a majority. (Although of course in coalition with the LDs they have 59% of the popular vote).

Compare the 2005 election, where Labour got a landslide victory a smaller percentage:
Labour: 35.2%, Tories 32.4%, LD 22.0%.

The Tories “managed to win the popular vote in England while still ending up with 91 fewer MPs in England than Labour” so gerrymandered is our system.

Clive Robinson January 26, 2014 4:30 AM

@ Adjuvant,

    One further wrinkle I’m surprised nobody has yet touched upon: how would Article 22 of the Vienna Convention on Diplomatic Relations of 1963.

It does not always apply, missions and the protected persons (Diplomatic status) are not alowed to carry out certain activities involving espionage, acts of war and genocide and the host nation is alowed to act accordingly to defend it’s self against such activities.

That is if a person has reasonable grounds to consider an act of war or genocide [1] is being or is about to be committer then the niceties of the Vienna Convention are mute.

There is also the question of commiting war like acts under the cover of a protected status, known as perfidy, whilst the normal example is using the cover of a red cross/cresent/crystal or white flag to prosecute war the use of a diplomatic mission by either diplomaticaly protected on non diplomaticaly protected staff is likewise perfidy and the senior rank (ie the ambasador) is legaly liable for the war crime for which there is no immunity, as there is no immunity for the “sovreign” (executive) of the nation or it’s leaders. Perfidy also covers knowingly using false acusations of being under or imenantly under attack to justify the initiation of hostilities (arguably both George W. Bush and Tony Blair are war criminals under this consideration but getting them into a court to prove it is another matter).

So if you had good reason to believe the US mission was being used as a platform for the deployment of weapons of mass destruction and there was an iminent threat or one was in progress then you have the right to stop it in any manner that would reduce or prevent loss of life. As it’s also from an “invading force” technicaly you can do this autonomously under the auspices of “urgent need”.

Likewise to prevent war, by international treaty it is a crime to take any act that will initiate a war [2], and if such action is taken then the threatend state is alowed to retaliate to defend it’s sovreign state or territory. It’s why the US and UK cooked up “yellow cake” and other evidence to build the “dodgy dossier” with it’s 45 minutes to doom prediction as the pretext to invasion of Iraq as the best method of defence…

So if you have good reason to beleive that the US mission is being used to launch a HERF attack against the territory and citizens of Germany as either a weapon of mass destruction or as initiation of war then you can take steps to prevent the potential genocide or a German citizen can take steps to defend the integrity of the German State it’s territory and it’s citizens.

However the ancient constraints of necesity and proportionality still apply along with the slightly more modern requirment for reasonable justification by proof (which unfortunatly was lacking with the war on Iraq and still remains lacking to this day, and I suspect will always remain so).

Proportianality was why I indicated above that the use of a traditional weapon might not be accepted but a HERF unit might. That is there is no real danger of further loss of life –unlike the US mission you would be aiming at the roof not people– and as the US mission is using HERF already then you would be fighting fire with fire and not escalating the conflict into kinetic warfare.

It seems odd to many people that there are codified “rules of war” and “rules of engagment” but they go back atleast as far as the early Roman empire and have carried on through amongst others the Holy Roman Empire through to treaties back in the 17th century through to the present day with the conventions of the UN and it’s Security Council.

It started with the notion of a “just war” and repected moral religeious and philisophical principles and it’s fundemental tennants are clear in the writings of Cicero [3].

However the idea of genocide like the subsiquent ideas on ethnic cleansing are realy quite modern and came to the fore as a response to WWII.

The thing about genocide is like that of weapons of mass destruction the bar is actually very low for it to be said to apply and actions and intent are the arguable provisos not the actual outcome of the actions.

Which is why talks of “Cyber-weapons” and “Cyber-warfare” are so dangerous because they show “intent” irespective of any outcome. So the US military swaggering around talking about “Cyber-weapons” automaticaly makes them weapons by intent, thus if it can be shown that somebody has died or been injured as a consiquence of the use of one, then the burden of proof for murder has shifted from having to be proved to having to be disproved beyond reasonable doubt… Likewise talking about Cyber-warfare turns the use from simple criminal intent to initiating a war…

[1] Convention on the Prevention and Punishment of the Crime of Genocide (1948).



Clive Robinson January 26, 2014 5:23 AM

An Opps moment…

I forgot to include refrence two in my above post,

It’s articles I & II of Convention III of the Hague Convention of 1907,

Article 1

    The Contracting Powers recognize that hostilities between themselves must not commence without previous and explicit warning, in the form either of a reasoned declaration of war or of an ultimatum with conditional declaration of war

Article 2

    The existence of a state of war must be notified to the neutral Powers without delay, and shall not take effect in regard to them until after the receipt of a notification, which may, however, be given by telegraph. Neutral Powers, nevertheless, cannot rely on the absence of notification if it is clearly established that they were in fact aware of the existence of a state of war


Clive Robinson January 26, 2014 5:57 AM

@ Ben,

Yup you are right, why I remember it the other way around I’m not sure. Mind you there was a lot of talk about “Gordon Brown, desperatly cling onto power” etc immediatly after the election so I must admit I zoned much of it out. Partly I suspect that I could not see a difference between red and blue which is why I refere to it as “purple politics”, in the same way many Americans can not see the difference between an Elephant and an Ass (or is it a donky/mule?).

Technicaly we don’t gerrymander in the UK because the electrol boundaries are –supposadly– decided independantly by the national boundaries commisions. However the practicalities are another matter, the bounderies are based unfortunatly not on census data but the number of registered voters ( ).

In the US however it appears to be an entirely political process carried out as and when the current elected members feel they can get away with it as well as after any census. I could be wrong but my view is based on the reported behaviour of the Republican “fixer” Tom DeLay who tried to have other elected officials arrested because they would not do what he wanted.

ChristianO January 26, 2014 6:17 AM


The self defance shooting at the embassy does not mean as in this case its ok to shoot at people.
The prospect here shot at a transformer that lend power to a rooftop that was highly suspected in media to be used for spying. Mesurements showed enormous energy output and the way its built strongly indicated surveillance equipment.

I really meant shooting at the embassy not shooting at people of the embassy. As this would be way over the top for self defense.

Clive Robinson January 26, 2014 1:04 PM

OFF Topic :

This one is likely to hurt…

As some will know the UK Government has chose to adopt a “head in the sand” position over GCHQ and it’s very extensive suvaillence of UK (and other nations) citizens. This is nothing unusuall the UK Gov frequently sticks it’s butt into the “full moon” position and waits for things to blow over, then it’s back to businesse as usuall.

As the UK does not have a written constitution or bill of rights it has frequently got away with quite unacceptable behaviour (illegal internment etc etc). But it does have surveilance legislation (RIPA2000) brought in by David Blunket (who should have known better) which may just bring the house of cards of Mass surveillance tumbling down.

Well a group of UK citizens that have almost certainly been spyed upon (not uncomon it’s happened to me) have approached the European Court of Human Right’s to look at the legality of UK surveillance under section 8 of the European Convention on Human Right’s (which the UK Gov hates because of the number of times they have been found wanting by the court when ministers knee jerk for publicity reasons and the civil service do outlandish or stupid things to comply without taking the time to do it legaly).

But interestingly the Court has decided unusually to “fast track” this case and the UK Gov has only been given three and a half months to come up with their defence. Potentialy this has the ability to blow GCHQ and other UK Gov agencies with RIPA surveillance powers out of their cosy little assumptions about mass sureveillance.

Figureitout January 26, 2014 1:47 PM

Clive Robinson
RE: Inception
–Damn. I’ve been messing around w/ a few LiveCD’s lately, they are incredible hacks. This particular computer I’m messing w/ now seems like an ideal target for this tool as it has Firewire and way less than 4GB RAM (I may use it though to see what’s going on). How can these PW programs get bypassed so easily? Someone on wrote an ASM program that would either read/write the PW on Windows XP w/ just a graphing calculator. This tool I’m using now says there’s a virus in the RAM, and scanning found an error at 00010dbd010. The motherboard is too advanced for the assurance I want anyway, but it’s nice having some functionality, lots of ports, and some speed to do something besides bit bang my brains out…

–It’s too bloated. You need a core group of trusted engineers that won’t sell out to make a functional secure standard; and if they get threatened then let people know and arrest the criminals. Better than the crap that is GSM.

Simon January 26, 2014 2:03 PM

Last year there were several huge successes in QC. The pop news article you read is disinformation.

Iain Moffat January 26, 2014 2:22 PM

@Clive: Thanks for the inception link. I think I became a convert to instruction set randomisation after reading the article. I guess the evil maids will be carrying firewire cables instead of USB sticks until this is fixed …

@Figureitout: Because Inception has full read/write access to RAM it can find and patch the running copy of any well known password validation code – to properly fix it needs changes to the Firewire specification to remove the trust that enables this exploit, and ideally a departure from current PC architectures to allow physically distinct program and data memory (so DMA based peripherals can’t access program memory). Full protection needs some form of encryption, restructuring, or randomisation of memory resident code so that precalculated signatures and offsets no longer work because every running copy of the same program will then have a different memory image, but this can only be efficient if supported by processor hardware. In existing architectures the best that can be done would be a smart loader for binaries that can rewrite code and constant data on its way from disc to memory enough to prevent matches to 4 or 6 byte strings when the memory is searched.


Nick P January 26, 2014 3:36 PM

@ Clive and name.witheld

re NASA process
re: low defect software approaches

I did enjoy the NASA story. I think the environment of the place should be copied to a degree by most organizations. Getting women in alone would probably boost innovation or some metric with the extra perspective. However, I gotta play devil’s advocate a bit and say the software process is specifically designed for one, narrow application. Of course it can deliver good results. Would it work across a wide variety of domains? Would it work in business with economic constraints? I doubt it. However, there are other approaches that proved themselves already.

Summary of Low Defect Software Approaches

Praxis’s Correct by Construction methodology achieves similar results in safety & security across many problem domains at far less cost. It’s my main recommendation for organizations that want to invest plenty up front to assure a system that won’t change too much. It was one of the only methodologies recommended by US govt for secure software. It was also used in NSA’s Tokeener demonstrator for EAL5 software whose code and docs are available for free online for educational purposes.

Another was PSP/TSP, which NSA’s Brian Snow also recommends. It’s more a process driven way to increase quality that doesn’t force one to ditch existing tools. The article I linked indicates they were combined with Praxis CbyC method in another study with even better results. Great to know two solid approaches can be combined. In any case, PSP/TSP have empirical evidence backing their ability to keep quality high and sometimes cost low due to preventing later stage fixes. A more recent project combined PSP/TSP with Agile methods with more claimed benefits.

Cleanroom is an oldie that I’ve mentioned here plenty. The sheer concept of it was refreshing in that I could readily see how it would result in predictable quality or reduce user-visible errors. Empirical studies on Cleanroom showed it greatly improved quality, often on first try without experienced users. Productivity and cost benefits sometimes happened. It’s been combined with formal methods, agile, Python, etc. in various experiments. CASE tools exist.

Meyer’s Design by Contract also deserves a mention. It’s probably the oldest concept with variants promoted by Turing, Hoare, and Dijkstra. Pre-conditions, post-conditions, and invariants are seeing more use in diverse communities. Previously, these were most common with formal methods in safety-critical and academic projects. Eiffel, Microsoft’s Spec#, Escher Tech’s Perfect, SPARK Ada, Ada 2012, and extensions to more common tools all use this approach as either the main assurance tool or one of them. Unfortunately, I still don’t have a strong empirical study on its claimed quality benefits.

So, anyone wanting high quality software delivered on time and budget should use one of these methodologies with supporting tools. You don’t need NASA team’s tens of millions of dollars or even several hundred pages of analysis per change to accomplish it. Just use one of the methodologies I mentioned with high quality tools and committed developers. The users will see the difference.

Quick clarification: NASA’s use of their expensive, high labor methodology is justified because it’s what they’re used to and a mistake might cost a billion dollars + kill astronauts. That’s the kind of failure scenario that most developers will never have to worry about. It justifies the labor intensive effort they expend. Yet, even so, I think the next effort will be much cheaper if they use a combination such as Praxis CbyC and SPARK High Integrity toolkit in combination with their strong people-driven development cycles.

Clive Robinson January 26, 2014 3:49 PM

@ Simon,

    Last year there were several huge successes in QC. The pop news article you read is disinformation

If you have any links to papers on these “huge successes” please don’t be shy about posting them.

Nick P January 26, 2014 3:56 PM

@ Benni

“He also says that in the us government, there would be persons who would like to see him death.”

That’s the kind of BS Snowden says that made Bill Maher call him batshit. He needs to stop pushing dramatic fiction. US govt has an established MO dealing with people like Snowden: they try to publicly destroy their credibility and put them in prison. Manning should have taught him US would rather throw him in solitary, interrogate him repeatedly, deny him use of critical evidence in trial, and aim for a long prison sentence. Death is something to be feared, but also an escape. Harsh prosecutions with media smears are worse for a whistleblower. Every indication says Snowden would live to endure this if US govt got its hands on him. There’s no evidence at all that they’d kill him.

@ Clive

re Inception

Thanks for the link! I remember when we discussed the famous Firewire attack that I found the tools weren’t released. The hackers released a library for Firewire manipulation and a general description of what they did. They specifically didn’t publish their attack tool so as to not make it easy for script kiddie black hats. Now, there’s a tool available. Gotta love “progress.” 🙂

I’ll probably find some use for it in another project, too. I remember doing TCP/IP over Firewire DMA. It had benefits in certain scenarios where you wanted high speed, maybe privileged networking without using a networking port. This isn’t always for covert or esoteric use: one use I came up with was for maintenance on a network appliance without disrupting performance/operations of its only Ethernet interface. There’s debugging value in DMA connections too.

DMA remains one of those few things I love and hate equally. Like ice: good in the tea, not so much on the roads/windshield.

@ people who like innovative attack tools (maybe Figureitout)

One of the most clever, insidious tools I posted here in past was BootJacker (link below). This tool combined a bootkit, memory remenance, and kernel subversion. The brilliant part of it is that it brings the system back up, albeit infected, in its previously running state. It’s the kind of tool that makes NSA BIOS implants look boring in comparison.

Clive Robinson January 26, 2014 4:15 PM

@ Figureitout,

DMA has always been a tripple edged tool.

It enables fast fairly heavy movment of data from one device to another through what is a hardware equivalent of an IPC mechanism, without putting a proportianate load on the CPU.

Further as DMA is usually “access all areas” it can be used as a tool for testing and debugging.

Unfortunatly as I’ve noted on the odd occasion test harneses and tools are agnostic to their use, which means they are also a significant security threat.

I’m aware of one embedded development team modifing the GNU Debugger to work with a DMA controller to act effectivly as an In Circuit – On The Fly Debugger when developing communications systems. So in some respects it complements JTAG systems.

However if you think back to C-v-P one of the aspects of the Prison was the ability of the hypervisor to examin the memory and registers the use of DMA & JTAG will enable this to be done on Castle style systems.

Benni January 26, 2014 4:50 PM

@Nick P:
“That’s the kind of BS Snowden says that made Bill Maher call him batshit. He needs to stop pushing dramatic fiction.”

I think snowden says this to a german TV reporter for getting better chances for asylum in germany when his russian asylum status ends.

However, i believe that his asylum status simply gets renewed in russia in half a year. Perhaps Snowden thinks the winter in russia is too cold and he therefore wants to come to germany.

For an application of asylum in germany, it would be important if he could get his hands again on the documents that he gave to journalists. Then he can give the documents to the migration department in germany. This should not be too complicated as the spiegel might have them. A copy of the death threads from that american site which snowden mentioned may also be helpful. Then it would be important if the general attorney of germany wants snowden as a wittness in the case against NSA and merkel’s phone tapping. This is something that could well happen in a few months.

Clive Robinson January 26, 2014 5:20 PM

@ Nick P,

The issue with Ed Snowden’s “want me dead claim” is that a number of politico’s etc did indeed call for him to be silenced with prejudice. So in that respect it’s true, however they may well have been “spouting off” rather than actually calling for his head.

The problem with “spouting off” when you are in high office is that your juniors may well take you seriously. Historicaly there is quite a few examples of this including perhaps the most well known of King Henry II of England who –supposadly– said “Will no one rid me of this turbulant priest” about Thomas a Becket who was archbishop of Cantabury. The result four knights went out to do his bidding and cut Thomas to the ground eventually spilling his brains on the cathedral pavement. Within two years the pope made him St Thomas, Henry was forced into public humiliation by doing penance at Thomas’s grave and the four nights were ordered by the pope to spend 14 years fighting in the Holy lands.

Though it is unlikely that Ed Snowden would be obviously killed as it would currently create more problems than it would solve by making him a martyr, I don’t doubt that some hill dwellers would not shed a tear if he was to suffer an unfortunate accident at some future time, in fact the very opposit I could easily see some of them celebrating long into the night.

Further it’s not been unknown for publicity seaking vigilanties to go out and kidnap celebraty criminals and repatriate them.

So yes I think Ed Snowden is going to spend the rest of his life looking over his shoulder unless a deal is done which currently seems most unlikely.

Clive Robinson January 26, 2014 5:43 PM

@ Nick P,

I was unaware of co-pilot, I’ve had a quick skim through it, because it’s midnight here and I’ve been up since 4AM the brain is not at it’s best by a long way.

When I’ve had a few hours kip I’ll give it a more indepth read.

Nick P January 26, 2014 6:26 PM

@ Clive

re Snowden

Spouting off at the mouth was my interpretation. The last thing they want to do is create a martyr while simultaneously escalating force. So, knowing my countrymen, I figured they were just “talking s***” as we call it.

“Further it’s not been unknown for publicity seaking vigilanties to go out and kidnap celebraty criminals and repatriate them.”

Funny you say that as I got an offer from a black hat to do exactly that… to Kim Dotcom. I can’t remember if there was an official reward or it was under the table. Supposedly, if he turned up in the US and we proved we did it, we’d get paid quite a bit of money. He wanted me on planning, OPSEC, etc and he’d do more hands-on stuff. I told him I’ve had a white hat for a long time now and don’t care to swap it out anytime soon. Not committing felonies on a regular basis is a better sleeping aid than anything advertised on TV. 😉

Plus, I absolutely hate the corrupt entertainment industry and its destruction of free speech. I wouldn’t loose sleep over grabbing a scheming prick like Kim for a bounty. However, I’ve always been principle driven and won’t take money from certain types for about any reason. Entertainment industry needs government overseers, not mercenaries.

re copilot

It’s not really that big a deal as I haven’t even thoroughly read it. I just linked to it to show your claim was backed by a few projects. Here’s another like that.

Anyway, I think if you reviewed any papers the best use of your brain would be to look at SAFE or CHERI architecture descriptions to find flaws software would bypass. These are currently at forefront of secure by design hardware/software architectures. They’re both DARPA funded with old and new school people working on them. They both make software assurance easy compared to existing methods, with different goals/traits.

The questions I posed to you and others knowledgeable of low-level stuff are:

  1. Do you see any flaws in their design that prevent it from operating securely (from attacks on software)?
  2. Any improvements that meet usability/performance/simplicity requirements while boosting security?
  3. As their specs are available for free, do you think these would be a nice start to an openly designed hardware aimed at securing layers above hardware?

If 1 is No and 3 is Yes, then I might start trying to integrate orthogonal projects into them. For instance, I’m pretty sure a tagged architecture (SAFE) would map to Ada/SPARK tools as a few previous tagged architectures were programmed in Ada. Transparent memory crypto, IOMMU’s, firmware protection, etc. should also be easy to safely integrate with such designs. Just don’t want to put most of my energy into anything until more capable people have reviewed the basic architecture for problems.

(Note: Peer review on any other papers in my big release a while back is also appreciated as with anything else. I put SAFE and CHERI as highest priorities due to the money & talent behind them, along with fact that FPGA prototypes exist.)

Figureitout January 26, 2014 10:54 PM

–Thanks for reply. Oh boy, more standards to fix. Do they all suck? I’m a little skeptical about encrypted memory too…high potential to be used against you, if you lose control you got encrypted crap on your machine.

Nick P
–Thanks I am, always (I don’t “like” them, just want to be protected from them). Kind of sort of really relevant for me right now because I really want see if I can recover this computer; but I was pissed when I found out it was x86. Kind of funny it has hardware acceleration for crypto too, pfft yeah right so it can be bypassed.

I see they use essentially LiveCD/USB’s…

I’ll post some important parts of the paper, not much since the material is here to read (still haven’t started on your paper-orgasm b/c it’s advanced for me now and school is getting in the way, grrr. And I want to make a compiler for Aspie.).

    Our experiments indicate that machines which use ECC memory do not retain software-accessible memory contents after a restart. All reads from ECC memory after a reset always return 0 because ECC memory has parity bits that must be initialized by the BIOS at boot time [19]. Thus, computers that use ECC memory are not vulnerable to reboot-based attacks. We observed that disabling ECC functionality on ECC memory modules using BIOS settings makes these modules behave like non-ECC memory modules.

–Neat random fun theory/fact on DRAM; apparently unwanted bit-flips occur as a result of background radiation from neutrons from “cosmic ray secondaries”, which may change the contents of memory cells or interfere w/ the circuits that r/w them. Kind of “duh”, but still neat yet scary to think about; there’s no shield big/hard enough for these particles. ECC is one of used solutions for this problem. Hopefully I come across these types of errors on my older PC’s, but it’s really frustrating to not be 100% sure.

    Like BootJacker, this payload is non-persistent and does not leave any trace in the system; however, the effective stealthiness of this payload also depends on the operations that the attacker performs using the shell. This is because RootShell does not provide any support for roll-backs of persistent operations performed by the attacker. It is up to the attacker to ensure that malicious actions do not leave any persistent traces such as shell command histories on the victim machine

–Now THAT would be funny.

    On all evaluation machines, we were able to execute this attack in less than one minute, and on many of them were able to open a superuser shell in less than 30 seconds. Most of this time is consumed by the BIOS boot sequence.

–At least a BIOS PW would slow them down maybe.

    There are several other mitigation techniques that can significantly impede and deter an attacker. One option is to require password authentication in the BIOS before booting the system. The preboot authentication supported by some machines with a TPM chip also provides similar protection

–Ok, that’s what I thought. I kind of wanted to see (and still do) the windows configuration at my school, not to attack, but to implement it on my windows PC’s. The BIOS PW was a big stopping point for me.

    An alternative to requiring boot time authentication is to ensure that the boot path is completely protected from possible redirection by requiring authentication at the BIOS and boot loader level for any changes to the boot configuration. This approach is only effective if the configured boot order first attempts to boot the operating system from a trusted disk

–Ok, seems not too hard. May take a little research.

    The Aegis [2] system ensures the security of the boot path and therefore prevents unauthenticated booting. An alternate option is to zero out memory at boot time before loading the OS. This ensures that all secrets in volatile memory are erased and consequently prevents BootJacker from reviving the system. To impede Terminator, the operating system can also attempt to respawn the screensaver or security applications if they are improperly terminated. Finally, the use of ECC memory starves BootJacker of the requisite remenance property

–I know you’ve ragged on about Aegis a lot before. Maybe you’re protected from this.

My main takeaway, is it’s essentially a LiveCD and that you could delay this attack maybe by a PW on the BIOS (8 char lol) and then set the device to boot to HDD first and nothing else. Just adds time, which means (cross fingers) victim walks in on attacker and kicks his/her ass. I guess it’s a win (lol) that my craptop and PC I’m currently working on would’ve delayed the attack for like 5 minutes, however I don’t like how my craptop opens it’s CDROM almost immediately the hardware recognizes what it is.

Clive Robinson
–Well it sounds like this problem is never going to go away. Having a reliable deep debugging device is really useful, especially when you get a virus. And otherwise, a lot of hardware would go to the trash when it gets bricked. And maybe it allows citizens a reliable way to inspect for assurance. This is where security gets really tricky.

Nate January 27, 2014 2:26 AM

@NickP: Snowden’s reference to ‘the NSA would like me dead’ and dying in the shower did not come out of the blue – he’s referring to this Jan 16 Buzzfeed story which has the following choice quotes:

“In a world where I would not be restricted from killing an American, I personally would go and kill him myself,” a current NSA analyst told BuzzFeed. “A lot of people share this sentiment.”

“I would love to put a bullet in his head,” one Pentagon official, a former special forces officer, said bluntly. “I do not take pleasure in taking another human beings life, having to do it in uniform, but he is single-handedly the greatest traitor in American history.”

One Army intelligence officer even offered BuzzFeed a chillingly detailed fantasy.

“I think if we had the chance, we would end it very quickly,” he said. “Just casually walking on the streets of Moscow, coming back from buying his groceries. Going back to his flat and he is casually poked by a passerby. He thinks nothing of it at the time starts to feel a little woozy and thinks it’s a parasite from the local water. He goes home very innocently and next thing you know he dies in the shower.”

Possibly “Benny Johnson, BuzzFeed staff”, under whose byline this story ran, was making these quotes up. But they didn’t come from Snowden himself. It’s natural that he should respond to a story that’s been circulating in the tech press for a fortnight.

ExternalPortableScreen January 27, 2014 2:47 AM

@Clive Robinson about Inception: “You might find this of interest”

Thanks for the link. Inception is open-source !

So it may be patched to transform any victim laptop in an additionnal external screen for the attacking computer.

Useful is the attacking computer is a smartphone and you want a working external screen for that smartphone. The target computer (yours) transforms in a nice keyboard and 17″ screen to you smartphone (existing alternatives: ht tp:// padfone1 netdock lapdock ht tp:// ht tp://–product–23.html but they are barely as ergonomic as laptops …)

Also useful if your smartphone is replaced by a hardware auditable computer you trust.

Wesley Parish January 27, 2014 3:53 AM

@Clive Robinson

About Thomas a Becket – my thoughts exactly. Plausible deniability …


Wise turning that contract on Kim Dotcom down. The US Dept of Justice apparently issued a general warrant on him, and the NZ police acted on it. General warrants, as i understand US law, are illegal in the US, being one of the initiating causes of the American Revolution, and if my memory serves me right, they’re not legal in New Zealand either.

As far as I can see, the US Dept of Justice is the bigger offender in this case, and should be brought to trial ASAP.

Committing a felony (kidnapping) in support of a crime (issuing the general warrant) is compounding a crime with a felony. Sleep well and wake in peace.

Wael January 27, 2014 5:09 AM

@Clive Robinson,
Thanks for the link! Gotta checkit out, although several attacks are mitigated already. Perhaps I’ll learn something…

Clive Robinson January 27, 2014 5:53 AM

@ Nate, Nick P,

On reading the article, if I hadn’t been around the block once or twice I would assume it was made up.

Now I know this is going to sound nasty but in past contact with US special forces I found way to many “sunday coaches/line backers” with a view on the world that kind of started and finished with how they would right the world with their fists, without having the inherant ability to work out how they could actually get within fist range in the first place.

Unfortunatly they have compleate emotional and psycological “buy-in” to the authority structure they are at the bottom of. They would never ask the equivalent of “My country right or wrong” because they are incapable of comprehending the implications of what they are doing.

But when you also look at the intel weenies it gets worse, they believe they are “super heros” for doing what they do, which is basicaly not a lot these days. The rot started prior to WWII with isolationism it was the instigator of a mind set, that put faith in the purity of technological solutions and the perfidity of human contact. A succession of events post WWII caused an even greater belife in technical solutions because the Russian’s were winning the Human Intel game hands down. There was also the problem of “media” with Gary Powers, Vietnam etc etc it brought a viscerality to American front rooms that conflicted badly in the self beliefe of “Mum and Apple Pie and the greatness of the American Way”. The end result was that US intel became hooked ireversably on ElInt SigInt and all technical solutions and HumInt was effectivly dropped.

This was despite the lessons of the Berlin Telephone Tunnel where the British dug through to tap telephone cables of the Russian western and East German forces with technical support and heavy lift from the CIA and US Military. The Russians through HumInt (British double agent George Blake) knew before the first shovelfull of dirt had been turned that it was going to happen, so after a little thought they realised the best thing to do was to deceive their own forward forces and East Germans so that even they believed a false image (and Blake was protected). The British found that the intel they were getting from their limited HumInt was broadly the same as that coming of the taped telephone cables, and they regarded the source as “golden” which it was not. What the US&UK ended up with was low level intel on deployed forces etc and some misleading order of battle plans and misleading intel on high level atomic secrets.

The problem with Elint/Sigint as your only/major source of intel as US has now discovered is what happens when the plug is pulled. All of those expensive intel weenies and the databases they use suddenly “wake up blind” and suffer the sort of angst you would expect with going from hero to zero over night in a time of budget cutting.

However this plug pulling only effects at worst the few weenies that are actually tracking those with something to hide and the sense to act. As for the rest of the weenies checking up on Joe Average and his potential radicalisation it’s busines as usuall. But even though they are not affected they obviously “feel the pain of the few” in their imaginations.

The funny thing though is what the CIA has been upto with Humint, as we have seen with Iraq and the middle East. Those who spend large amounts of money usually attract the sort of people who like lots of money, and quite often these people will say what ever gets them their next dollar fix. It’s kind of like those ladies who work in “hostess bars” they know what to say and do to get the next payment or trinket, most of those with the dollars know that it’s all phony but a few well they realy believe the hostess likes them…

Mike the goat January 27, 2014 6:34 AM

Wesley: agreed on all counts re dot com and the unethical and probably criminal actions of the ironically named “justice department” (that uncorruptable bastion of truth and fairness!).

Slightly off topic but a friend gave me an interesting analogy to refute those “piracy is theft” advertisments that the MPAA are running before the trailers on DVDs and BD’s…. He said “Piracy isn’t theft. Copying something isn’t stealing it. It would be like me ‘stealing’ your car but you waking up in the morning with the original car untouched”.

Thought it was an interesting way of looking at it.

Now for an even bigger digression – as most will know if you have been following the news net neutrality, at least in the United States is dead in the water thanks to a court ruling. This is a very sad day for the Internet.

In the 2013 Internet most traffic that was not destined for the United States was routed via the US or on US owned assets (e.g. links owned by Verizon Business or Level3 for example) simply due to convenience. In countries like, say New Zealand and Australia which lack a multitude of effective peering strategies with other nations due to their geographical location often traffic going anywhere outside the host country would traverse via the US or US owned fiber. There’s a few exceptions with Australia having a link to Asia but this is the exception to the rule and not really a statistically massive amount of overall traffic.

Why did this happen? It is an attitude of “the Americans are our friends, they have great peering arrangements and can handle our traffic quickly and efficiently”. Given the vast number of websites and more importantly web service companies like Google and Facebook are based in the US, it made perfect sense.

In the post Snowden internet we are probably going to see significant changes both at a structural level (new undersea fibers laid, existing links and peering arrangements re-evaluated) and at a transport level. More and more software will encrypt connections. The internet will be less trusted and transmitting even slightly sensitive data in cleartext will become not just a bad idea but network security anathema. Major websites will rush to implement perfect forward secrecy and RC4 will be disabled and relegated to the dustbin of history. 1024 bit asymm. keys will be looked at with the same disgust as when you hear of an enterprise wireless secured with WEP. 2048 will become the mandated minimum (and already is, really) with browsers and CAs working toward supporting key sizes of 4096 and above. EC crypro will be subject to continued scrutiny but may be the only way “out” of the race. Alternatively given the processing power of modern client PCs it may be considered prudent (even when increased server burden is considered) to use very high key sizes for sensitive tasks like internet banking, of course this predepends on browser support.

In the US the loss of “net neutrality” may have little effect or it may result in ISPs bartering with content providers to assure them a higher priority on their quality of service. I say “little effect” because those of us in the industry know that peer to peer and other “bulk” traffic was always deprioritized in favor of “interactive” sessions like http,streaming video,ssh,etc.

My 2c and a quick look through my crystal ball.

BlackAngel January 27, 2014 8:55 AM

@Clive Robinson

Thank you for that explanation of “why” this british firewall was made. Excellent writing.


Thank you for posting these chilling excerpts, I was wondering why Snowden was saying there were Americans who wanted to kill him… but have not seen a write up of “who” and “what they said”.

..a current NSA analyst…one Pentagon official, a former special forces officer…Army intelligence officer… all foaming at the mouth wanting to kill Snowden.

“His name is cursed every day over here,” a defense contractor told BuzzFeed, speaking from an overseas intelligence collections base. “Most everyone I talk to says he needs to be tried and hung, forget the trial and just hang him.”

I wonder if these statements are not genuine. It seems very likely, to myself.

Reality is Snowden, like Manning before him, had absolutely unnecessary access to these documents. If this happened in a corporation, the heads who were responsible would have been fired. If this had happened in a Democracy which upholds a liberating Constitution, the outrages against the Constitution would be soundly condemned and the tresspassers at the very least fired, if not arrested.

I think what makes these people so angry is that they realize they are being exposed for what they have become. They are the exact opposite of how they pose. This is the exact kind of hypocrisy you find in any tyrannical, savage system.

Ironically, their drooling, spitting hatred speaks of exactly who they are.

Change their words they use to define themselves and you would find them exactly at home in any manner of tyrannical and savage system.
Words like “democracy”, “liberty”, “justice”, “freedom”, “human rights”, “Christian”, “peacekeeping”, “patriotic”… change them to their opposite, and you have them, spot on.

Nobody likes to be undressed before the global audience when they look that bad, naked.

Wael January 27, 2014 12:37 PM

@ Clive Robinson,

Those who spend large amounts of money usually attract the sort of people who like lots of money, and quite often these people will say what ever gets them their next dollar fix.

How true! Just like James Wormold did! I guess you’ve read “Our Man in Havana” 😉

BlackAngel January 27, 2014 1:13 PM


BlackAngel posted a good example of forum manipulation, see document about that program.

I think that paper well describes just about any poster, and could well feed divisive paranoia by doing so.

If you think I am a secret US agent because of my post – lol – I can only assure you, I am not. If anything, making such a post would potentially put me on Their List. 🙂

My reasoning and argumentation was sound — if you have any particular issue with what I stated, please stick to the facts, and not the person.

And explain what your issue is with what I stated. Not with your considerations on my potential super secret employee, please.

Clive Robinson January 27, 2014 4:10 PM

@ Wael,

I never read the book, though I did see the film with Alec Guniess playing Wormold when I was in my early teens and laughed like the proverbial drain.

More recently I read a biography of “Garbo” –who Graham Green modled Wormold on– and he was a truely fascinating person, and a real hero of WWII.

KnightofBob January 27, 2014 5:49 PM

A while back I noted the story about the nearly invisible camo using light-bending technology from a canadian company. I recently went back to their site and noticed this update about invisible aircraft flight tests.

the last entry here about drone flights is very worrisome, especially with the FAA allowing flights over the US in 2015. (They already do in the 100 mile deep border interdiction zone)

DoWhatIsayNotWhatIdo January 28, 2014 1:17 PM


In the U.S. the lesser major party is fully active with “moral police” that are out propagandizing about what everyone else should be doing but finding no wrong in their own violations of the same creed. In fact, you would probably be “outed” for violating their moral code when you point out that they violate the same moral code, except when you consider that the moral code they want for everyone else is not the same moral code they use for themselves. Hypocrites.

BlackAngel January 28, 2014 2:27 PM

In the U.S. the lesser major party is fully active with “moral police” that are out propagandizing about what everyone else should be doing but finding no wrong in their own violations of the same creed. In fact, you would probably be “outed” for violating their moral code when you point out that they violate the same moral code, except when you consider that the moral code they want for everyone else is not the same moral code they use for themselves. Hypocrites.

Yep. And we have seen this exact same scenario time and time again in history…

Blog Reader One January 29, 2014 2:06 AM

In the US, Major League Baseball will require metal detector screening (either handheld or walk through) at ballparks by 2015:

In the Los Angeles Times, there was a lament about security measures at the Olympic Games. (It may be worth noting that Schneier commented on security at the 2004 Olympics in Athens.),0,6972282.column

Meanwhile, at the Awesome Games Done Quick (AGDQ) fundraiser, there was a demonstration of running arbitrary code on a 16-bit game console without any hardware modifications by exploiting glitches in a game and robotically entering sequences of button presses via the console’s controller ports.

Anura January 29, 2014 11:34 AM

More details about how attackers breached target:

Apparently there was performance monitoring software installed that allowed support agents from the vendor to log in remotely, provided they knew the super-secret password, which was likely hardcoded into the software (I assume it’s compiled, which is basically the same thing as encrypted).

Seriously, I think this is one major reason why open source is more secure: programmers don’t have the illusion that you need the source code to figure out what the program does. No trivial backdoors, no debugging text that can be accessed by setting a flag; you actually have to consider real security.

Clive Robinson January 31, 2014 4:47 AM

OFF Topic :

@ Bruce,

You know Cory Doctorow, have you seen this posting of his,

Basicaly it appears that the UK Prime Minister has lost contact with reality, and believes fictional TV Crime Dramas should provide the reason for 24×7 second by second monitoring of every person in the UK for their location and all their communications and electronic data.

If it’s true, you pulled out of the UK just in time…

Clive Robinson January 31, 2014 6:40 AM

OFF Topic :

Is public Cloud To Expensive? MOZ think so

Seattl’s MOZ think Amazon Web Services (AWS) are to expensive by far and just don’t perform,

It’s not exactly surprising AWS cost to much and offer to little in this case but the difference MOZ have achived has serious implications for other big data users. Also coupled with the NSA issues I can see AWS loosing big cudtomers.

Is the Cloud dead or dying? Probably not but the two serious issues I identified (security and indepth support) have now made themselves painfully obvious to many and compliance organisations are due to the NSA now likely to take a much dimer view on “public” Cloud solutions.

Skeptical January 31, 2014 1:11 PM

Nate Snowden’s reference to ‘the NSA would like me dead’ and dying in the shower did not come out of the blue – he’s referring to this Jan 16 Buzzfeed story

Remember Snowden’s worry that the CIA would contract criminal organizations in Hong Kong to kill him? That one appeared in the very first interview.

Clive – I disagree with your assessment of US special operations forces. They generally need to be a little smarter, and they absolutely need the ability to think critically. It’s interesting, moreover, to read your view of them in conjunction with your view that the US regards HUMINT as “perfidy”, since much of what many of those in special operations do is work rather closely with other people.

In that same vein, while I agree that the US aggressively pursued technological solutions during the Cold War (as did the Soviets) and continue to do so today (as are the Chinese and Russians), and that their (CIA) case officer program likely went through some up and down periods, I’m skeptical of the idea that the US ever gave up on humint collection. Declassified intelligence reviews of everything from the IC’s missed call (though the INR, I believe, were closest to the mark) on the Iranian Revolution to the IC’s warnings/lack before the Polish Crisis in 80-81 to various important but less dramatic incidents stretching back through the decades indicate that the US was a heavy player in the game. Sometimes they lost, but that’s the nature of the business, and everyone has to lose a few hands. And of course, on the outside, those are the hands we’re most likely to know about.

Also, I’d very cautiously venture from a very uninformed vantage that, even today, many intelligence collection operations rely upon the coordination of different sources and methods to achieve objectives. Certainly, with the same caution and lack of information, I’d say that intelligence analysis relies on a variety of intelligence types.

As to the idea that anyone in the spec ops or intel community would go rogue and mount an operation to kill Snowden, based on everything I know (not much, I’ll grant) that’s deeply, deeply unlikely.

Look, the Snowden affair is going to have a fairly prosaic ending. Perhaps he’ll work with the US, establish good faith on his part by minimizing harm, earn good will, and in that spirit (not an explicit quid pro quo) negotiate a reasonable plea deal; perhaps he’ll do the same, but will instead take advantage of reduced US resources tasked to having him deported to move to a friendlier country; or perhaps he’ll continue to shun working with the US, and the result will be that at some point he’ll find himself on a plane back to the US with no good will, no plea deal, and facing an almost certain life sentence.

I’d lay good odds on one of those three. If Snowden has good advisors, and at least one or two of those journalists is willing to help Snowden (at his request) work with the US to minimize harm, then I think he has a good shot at a reasonable sentence in a comfortable facility. He’ll be able to read books, write, communicate, take classes, etc. until release.

When he talks about the Triads being contracted to kill him, though, or other things like that, I do wonder whether he has enough clarity on the US Government to recognize the best strategy and execute it here. No doubt that he has the mind and will to do so if he is able to recognize the right moves, though.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.