Friday Squid Blogging: Squid Proteins and the Brain-Computer Interface

There's a protein in squid that might be useful in getting biological circuits to talk to computer circuits.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on August 8, 2014 at 4:28 PM • 154 Comments

Comments

BenniAugust 8, 2014 4:46 PM

Now germany has sent a note to all foreign embassies in germany:

http://www.spiegel.de/politik/deutschland/spionage-bundesregierung-aufdeckung-aller-agenten-in-deutschland-a-985199.html

this comes after SPIEGEl revealed that there are 200 NSA spies working undercover in germany. germanys domestic secret service has asked for a list of all NSA spies in germany before, and he did not get any answer from the US.

Now the foreign ministry of germany send an official note to all foreign embassies that they should give a list of all secret service personnel to the german foreign ministry.

That is typically german. In future, before a spy will be allowed to deploy his radar bugs in germany, he will have to sign some paper, getting accredited as an official NSA spy in germany. Just that everything is in order.....

German authorities are typically painfully slow. But one should not laugh at this. It may be that they will consider embassies who do not return a credible list of spies as hostile nations. It could be that they then will simply extradite many of the diplomats from these countries....

NovaAugust 8, 2014 5:35 PM

@Benni

Interesting insights.

"German authorities are typically painfully slow. But one should not laugh at this. It may be that they will consider embassies who do not return a credible list of spies as hostile nations. It could be that they then will simply extradite many of the diplomats from these countries...."

It does sound like they plan to perform a comprehensive cross checking between what embassies are willing to report, what they already know for certain, and what they have evidence to suggest may be incorrect.

I can see this being politically motivated, but it is not unreasonable, and is a good call for them to make.

I do not find it reasonable that "allies spy on allies", as some suggest. The reasoning there appears to be "everyone does it". Which is poor reasoning. I do believe Merkel was very correct in pointing out that if she has anything to say, she will say it.

Such expenditures are obviously a complete waste of money and do little other then to misinform those who perform the spying, as well as deeply sour relations.

(If anyone has any sound reasoning on "why countries should spy on clear ally countries", I would *love* to hear it. But, I do not think anyone is so eager to embarrass themselves on such an indefensible point of view. Though, they feel they can get away with throwing out the old canard, "Everyone else is doing it!")


NovaAugust 8, 2014 6:22 PM

@Daniel

I noticed the Yahoo headline, but was unaware of the Google headline. I use PGP my own self, rolling by hand when I use it with webmail, though I do keep hushmail on the standby. But merely for the nyms. :-)

Hushmail implements public-private key cryptography in such a way that they do have the capability to decode messages in the plaintext.

It will be interesting to see if Google and Yahoo have the cajones to try and implement this in a way that can relieve them of the burden of having to provide to district authorities decrypted data of their users. This would be great, if they do this, of course. It would set a precedent for smaller companies.

Quite a distance from the "old days" (last year was it?) when the authority of the DoJ of the US wanted to fine any website for not providing them such access on a metered level.

I do have to wonder, "if this is the case", do they believe they can implement these measures by providing those authorities the capability to compromise the end users systems connecting to webmail?

While difficult, it would not be at all impossible, because both companies are able to push executable content to their webmail clients.

I wonder if this might not be a "secret" deal all parties involved worked out.

As for the legitimacy of such an effort, of course, Yahoo and Google would provide the very same solution for any other authorities. China, Russia. Whomever.

Global, unified totalitarianism. Prism 2.0.

Perhaps.


NovaAugust 8, 2014 7:36 PM

http://it.slashdot.org/story/14/08/08/1617254/cornering-the-market-on-zero-day-exploits

My favorite issue of the week. ARS carried it: http://arstechnica.com/security/2014/08/cias-venture-firm-security-chief-us-should-buy-zero-days-reveal-them/?comments=1#comments-bar

Some good discussion on the topic, as well.

(Biased, as I joined in on that as unknown.soldier, another comic book character name.)


My conclusion, so far is, well, a question. Why is Geer making this statement? What is he getting at? What is his strategy in this? After all, the US Government is very heavily invested in defense contractor vulnerability finding mills these days. He well would know they would never be willing to give that up to actually secure "the internet".

Nick PAugust 8, 2014 8:30 PM

@ Nova

Who knows why he thinks it. It's idiotic. It assumes that they vulnerabilities are all on the market available to the highest bidder. Many are sold to specific organizations. Others are produced for the users by groups dedicated to combing through software for bugs. So, his solution would utterly fail.

On the other hand, his proposal on liability and abandonware are similar to my own. I think they're good ideas. Good luck getting them implemented. Meanwhile, there are at least groups like NSF and DARPA funding stuff that might work.

Nick PAugust 8, 2014 8:51 PM

The Latest European Security Research Initiative

This paper shows the current lineup including participants and descriptions. There's a large number of projects and domains. The MILS efforts are 5-10 years behind the existing work in the U.S. We've moved onto hardware, though, because MILS wasn't good enough alone. Some of the other projects are clever and interesting, such as the secure microcontroller architecture. Those focusing on service- and privacy-oriented architectures have some potential. There was also at least one with some irony: PRISM, "a privacy-preserving network
monitoring system."

The projects will make for interesting reading (or useful capabilities). Those reading here that are European and want to contribute to INFOSEC should look at the organizations mentioned in the paper. They're spread out over many countries. The TECOM and Verisoft efforts, too. Whichever organizations are doing the R&D are the natural places to work. And those delivering the funding are the natural places to ask if you have a company in the market.

NovaAugust 8, 2014 9:02 PM

@Nick P

(reading Wired version and selections from the text file (had previously only read the ARS version))

- oh he is the guy who got fired from @stake, I recall that paper after all these years, he did have a good point, if not a bit unrealistic -

Hah, he mentions Bruce:

"In a May article in The Atlantic,[BS] Bruce Schneier asked a cogent
first-principles question: Are vulnerabilities in software dense
or sparse? If they are sparse, then every one you find and fix
meaningfully lowers the number of avenues of attack that are extant.
If they are dense, then finding and fixing one more is essentially
irrelevant to security and a waste of the resources spent finding
it. Six-take-away-one is a 15% improvement. Six-thousand-take-
away-one has no detectable value."

Not sure of what quote he is responding to, but I have looked at large and small systems manually and with various automated tools. VeraCode, InQTel's baby, I might add actually has a very useful matrix on their reports which highlights bugs on quadrants of "easy to fix" and "severity of bug".

(Almost all of these systems, unfortunately, have number problems. They have tended to go for "more is better", at the expense of quality. *Almost. To avoid identifying myself, I will not say the exception to that rule.)

But, yes, I would agree, there are too many conduits. NSA has their factories, CIA has theirs, FBI has theirs, probably DoD has theirs and so on.

There are also free bug finders, of sorts, as you are noting, and yes, that would tend to make them far more reclusive. Why continue scouring open source software for free security vulnerabilities, when you could get mega cash with a totally clear conscience by simply selling to the government?

Still, I do not think Geer is an idiot. But, whatever. Maybe he simply wants to have competition for InQTel's next big venture capital investment: another bug finding defense contractor. More competition for them means better choices. And they would, realistically, sell all the bugs to various agencies.

... on abandonware... interesting term... I would have to agree that idea is a solid one. And it is, of course, a major and disturbing problem.

But, another entirely unrealistic idea. Microsoft, et al, is firmly aware of the liability problems this puts on them, and the very real dangers their policies are creating for - not the market, but - the whole of global information security. And they clearly do not give a damned.

Their monetary reasons there are obvious.

Though, if there are found worms which do exploit these older vulnerabilities (and Microsoft is not the firm that runs in and mops up all the evidence), I would like to see them get hit hard in the gut with at the least a massive lawsuit.

Another unrealistic idea.

Unrealistic ideas are good for "the little people" (the magic winged people of the woods), and not so good for sociopathic assholes in business suits.


Nick PAugust 8, 2014 9:45 PM

Formal Verification of Hardware Synthesis (2013) Braibant & Chlipala

http://hal.archives-ouvertes.fr/docs/00/77/68/76/PDF/main.pdf

Abstract: "We report on the implementation of a certified compiler for a high-level hardware description language (HDL) called Fe-Si (FEatherweight SynthesIs). Fe-Si is a simplified version of Bluespec, an HDL based on a notion of guarded atomic actions. Fe-Si is defined as a dependently typed deep embedding in Coq. The target language of the compiler corresponds to a synthesisable subset of Verilog or VHDL. A key aspect of our approach is that input programs to the compiler can
be defined and proved correct inside Coq. Then, we use extraction and a Verilog back-end (written in OCaml) to get a certified version of a hardware design."

INRIA and Clipala drop more bombs in the verification community. :)

AlexAugust 9, 2014 12:13 AM

There is no "end" of market vulnerabilities, like buying them all. Kaspersky revealed that there were used at least 4 zero-days of Windows in Stuxnet, I doubt any of them was "bought" on market. Vulnerabilities can be added whenever is necessary.

gordoAugust 9, 2014 12:40 AM

@Nova

Geer's reference, in his Black Hat keynote, to Bruce Schneier's question about whether vulnerabilities in software are dense or sparse, is in this essay:

Should U.S. Hackers Fix Cybersecurity Holes or Exploit Them?
Bruce Schneier
The Atlantic
May 19, 2014
https://www.schneier.com/essays/archives/2014/05/should_us_hackers_fi.html

Geer's Cybersecurity Keynote at Black Hat 2014:
Cybersecurity as Realpolitik
Dan Geer
Video: http://www.lawfareblog.com/2014/08/dan-geer-cybersecurity-keynote-at-black-hat/
Text: http://geer.tinho.net/geer.blackhat.6viii14.txt

2072August 9, 2014 1:40 AM

Three days ago Google took its (cold) revenge over the NSA for tapping their internal network: They announced that from now on they will use HTTPS as a new ranking signal thus encouraging every webmaster to use HTTPS instead of plain HTTP:

http://googlewebmastercentral.blogspot.co.uk/2014/08/https-as-ranking-signal.html

"[...] over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."

If this approach works (and I really can't imagine why not) it will render bulk internet traffic collection largely inefficient and impractical and thus, soon obsolete.

GeorgeAugust 9, 2014 4:11 AM

The recent concerns for security and privacy of Google, Yahoo, Microsoft and Facebook are overwhelming. Finally they want to make the world a better place!

"If this approach works (and I really can't imagine why not) it will render bulk internet traffic collection largely inefficient and impractical and thus, soon obsolete."
Hi, NSA guy!

nemmoAugust 9, 2014 4:19 AM

@2072 That is unlikely to bother the NSA excessively. The NSA works very "closely" with the certificate authorities, so most SSL is effectively decoded on the fly. GCHQ does it too (Flying Pig) and, according to statements made during the NSA spying hearing in the German parliament, the BND does it too.

nemmoAugust 9, 2014 4:22 AM

@George I'm not sure Google, Yahoo, Microsoft and Facebook (I have to stop myself from grimacing as I type their names) really want to make the world a better place. I would imagine it is a case of convincing their customer base that they're OK whilst remaining firmly in bed with the authorities that, as far as they are concerned, really matter. Maybe I'm being too cynical.

CzernoAugust 9, 2014 4:40 AM

Re: forcing HTTPS ? While I agree heartily with increased use of "secure" HTTP for sensitive contents, and depreciating mixed contents (secure + non secure on the same web page), still I do not like the perspective of FORCING "HTTPS everywhere" - a user should be able to get non-encrypted (and non-scripted, for that matter) contents, using (e.g.) plain HTML 3.2 only browsers.

Isn't "HTTPS only" both ineffective as a protection - since we know agencies find ways around the encryption - and a huge waste of resources if applied to each of trillions of connections to mainly static text and images ?

GeorgeAugust 9, 2014 7:35 AM

@nemmo it was a joke, of course
The whole paradigm about internet communication and electronic devices changed, and maybe forever. There is one single word to describe it: UNSAFE.

Mike the goat (horn equipped)August 9, 2014 7:41 AM

Czerno: I agree with you. Often what seems like a sensible stop gap solution for a problem turns out to cause a whole plethora of other issues. Encrypting run of the mill pages just to discourage interception also unfortunately breaks caching proxy servers like squid and friends. And of course now Google is SSLized by default webmasters can't see the query that brought them to their site within their referer logs.

Wael, Nick, Clive and others: I apologize for being away from Schneier.com for a while. Things have been pretty out of control. A death in the family immediately followed by the news that our landlord has neglected to pay their loan and the bank is now foreclosing. I'm only short term renting the property so it doesn't really affect me. Hell, I really want to return to the United States and settle down in San Francisco - hence why I didn't want to sign a massive rental agreement. Fortunately our estate agent is pretty good. I will be updating the warrant canary and doing a 'catch up' post on my blog shortly, summarizing things that I neglected to comment on throughout the past week or so. Fortunately it has been a pretty slow news week so I don't think anyone missed out on anything too critical. :)

I have a working browser plugin for blogsig which is running under firefox 24.6.0 as a test platform. Works pretty much how I would expect it to... will rush out some screenshots and when stable enough to not cause me embarrasment full source and binaries.

ObviousAugust 9, 2014 7:54 AM

To Daniel

"http://www.rawstory.com/rs/2014/08/07/report-yahoo-and-google-teaming-up-to-develop-email-that-can-beat-government-spying/

Google and Yahoo team up to create encryption system to defeat government spying, headline says. Note to self: government syping is not the same thing as a government subpeona or National Security Letter. I doubt that are building a system to defeat those actions. "


I agree with you. It's just public relations for the mass. Besides, since when google and yahoo have the best cryptographers? The best cryptographers are found in the academia. But we know how they are treated in usa. Take for example the visa story of Adi Shamir in 2013. He was given the visa 4 months after he applied and the conference was in August.

And which letters Google, Yahoo, Facebook, Microsoft, released after Snowden reveal of PRISM?

In such cases, I would say, they better shut their mouth and not feed us with their crap. It's not worth their time, paper, work to release such letters, news.

Bob S.August 9, 2014 9:10 AM

Whatever happened with the TrueCrypt audit?

Anyone know?

Some people say the code is good, some not.

Apparently a lot of people are still using it.

Seems as of April 14, 2014 the subject has been dropped by the whole world.

Nick PAugust 9, 2014 9:40 AM

@ Bob S

I'm guessing you missed the whole Truecrypt shutdown situation and debate. They left a notice essentially saying it can't be trusted because it's not going to be maintained anymore. One guy talked to them and they indicated they were shutting down for personal reasons. Others think they were pressured. They're gone, now, though.

My advice was that people use the wayback machine to pull all their documentation. There were third party hosts for their source. Plenty of useful stuff in both for the next project. Might be worthwhile to copy their forum, as well. Not sure as I wasn't on it much.

@ Mike the goat

I hear you. I myself ran into similarly harsh circumstances with almost the same effect. I might email you about it. For me, though, I figured I'd just stay on here and just cut back on reading/posting if needed.

Nick PAugust 9, 2014 9:44 AM

@ 2072, Obvious

Neat developments that both suffer from the same problem: the NSA spokesperson (and Yahoo CEO) statements indicate that they had no choice but to comply with certain programs. That means the NSA has some legal (or illegal) way of forcing the information out of them. They can put as much crypto in as they want, but so long as they have to turn over the keys or backdoor the software it's all smoke and mirrors.

If it's to be secure from interception, it can't be in the U.S. End of story.

65535August 9, 2014 9:53 AM

@ Nick P

That’s good stuff on securing compilers. We will need more of that.

[To Geer's comments]

@ Nova, Nick P and others

I agree that Geer is not making sense.

As others have pointed out selling zero day exploits can be lucrative – they can be sold to an affluent government – and sold a second time to a third party [with minor changes].

“Others are produced for the users by groups dedicated to combing through software for bugs. So, his solution would utterly fail.” –Nick P

Yes.

I would guess the net effect of “cornering the market” with NSA purchases of zero days exploits would lead to a bubble market for said exploits [which at some point would probably collapse].

I notice that Geer goes under a rock at the end:

“Until such people are available, I will busy myself with reducing my
dependence on, and thus my risk exposure to, the digital world even
though that will be mistaken for curmudgeonly nostalgia. Call that
misrepresentation, if you like.” – Geer

See 90% down text:
http://geer.tinho.net/geer.blackhat.6viii14.txt

[Next to SSL/TLS decryption by the NSA]

“…The NSA works very "closely" with the certificate authorities, so most SSL is effectively decoded on the fly. GCHQ does it too (Flying Pig) and, according to statements made during the NSA spying hearing in the German parliament, the BND does it too.” - nemmo

That does appear to be the case. Last week’s 'NSA Patent' post touched upon an NSA patent [US 5631961A, a device for and method of cryptography that allows third party access to encrypted messages between a first and second party], the “Galois Field” in a x.509 certificate and on the fly decryption.

See, Benni, Anura, and 65535 [Aprox. This area of the thread] [https://www.schneier.com/blog/archives/2014/08/the_nsas_patent.html#c6675739

It’s not clear how NSA's decryption works but I suspect the “Galois” field is used to identify the two parties to an SSL/TLS communication. Bullrun and Edgehill contact the CA’s of the two users and somehow get the certificate keys and then decrypt the message via a MITM attack - but the timing has to be correct.

I notice in the Bullrun slide that the “Turmoil” box has arrows pointing to two “CA Service Requiests” boxes and then eventually lead to a “Longhaul attack orchestration” box and to other data bases.

See left bottom corner of Bullrun slide [Wikipedia]:
https://en.wikipedia.org/wiki/File:NSA-diagram-001.jpg

The Electronic Frontier Foundation’s ‘Crucial Unanswered question about the NSA’s BULLRUN Program’ foot note indicates that Perfect forward Secrecy may be vulnerable:

“Companies that use Perfect Forward Secrecy (PFS) by default enjoy some protection against widespread passive surveillance, and companies should enable this technology right away in light of these revelations. However, though PFS helps to protect against passive surveillance, if the NSA has access to the long-term private key of a service provider, then the agency is still able to read any user's communications by launching a "man in the middle" attack against the ephemeral key exchange that occurs within a cipher that supports PFS. Right now, there is no obvious way that the service provider or an end user could detect such an attack.”

See EFF’s Crucial Unanswered question about the NSA’s BULLRUN Program:
https://www.eff.org/deeplinks/2013/09/crucial-unanswered-questions-about-nsa-bullrun-program

I am not sure exactly how much PFS will help in this situation.

[To Giggle and yarhoo’s use of PGP]

“I'm not sure Google, Yahoo, Microsoft and Facebook… really want to make the world a better place. I would imagine it is a case of convincing their customer base that they're OK whilst remaining firmly in bed with the authorities” – nemmo

That is a reasonable statement.

If Giggle and Yarhoo were NSL’d or CALEA’d I would assume they would have some trick to reveal private PGP keys and decrypt the message [say a key logger or some other hack]. But, that is just a guess. PGP is fairly strong and it may work for Giggle and Yarhoo.

nemmoAugust 9, 2014 10:20 AM

@65535, Nick P, Obvious, George: In fact, now that half the developed world has tapped into the internet's main arteries (some more discretely than others), I would imagine the NSA is rubbing its hands with glee at the prospect of an internet full of Digicerts, Verisigns and GoDaddies. If anything, Google, Yahoo and MS are helping the NSA make a NOBUS out of mass surveillance (and pretending to be doing us a favor while they're at it).

AnuraAugust 9, 2014 10:24 AM

@Mike the goat

Personally, I agree that everything should be SSL, regardless of whether it is important or not, and especially for search engines. If whatever you visit isn't encrypted, and there is a link that points to HTTPS a man in the middle can strip the HTTPS off the link and prevent you from ever visiting the encrypted site, while they communicate with HTTPS and anyone who isn't paying close attention is none the wiser.

This is the biggest fundamental problem with SSL today: the fact that it's optional and you can't tell what sites are supposed to by HTTPS. Having the certificates be issued by CAs instead of stored in DNSSEC is another issue; it should be both tied to the domain and free for it to actually be practical to make 100% of sites fully HTTPS.

pyloveAugust 9, 2014 10:29 AM

If they really wanted to give the NSA the finger the answer is simple: serverless, encrypted, trustless peer to peer. Go on Google, you don't really have the marbles!

timbusAugust 9, 2014 11:20 AM

@Bruce, have you considered running this blog (or a mirror) as a Tor hidden service? Remaining within the Tor network (by removing the need for an exit node) would make it much more difficult to identify readers and add them to a watch list. (And let's face it, if XKeyscore has been set up to actively target readers of the Linux journal, god knows what they make of schneier.com)

65535August 9, 2014 11:52 AM

@ nemmo

Yes.

As long as some organization like a CA has your keys they can be transferred to the NSA on the fly. The only way to find out if Certificate keys are be given to the NSA is to have a leak’r dox a major CA with evidence or other methods.

I don't know what the capacity of Bullrun is but if every transmission is SSL/TLS encrypted there probably is limit to the number of decrypts per second the NSA can do - that is just a guess - and doesn't include copy, storage and decryption at their own pace.

On the PGP side, it’s maybe possible to store your keys in a secure location and side-step the NSA – assuming your machine has not been pwnd [finfisher].


DanielAugust 9, 2014 1:01 PM

Several thoughts.

(1) Truecrypt is as safe as it was before the debacle. If you couldn't trust it before you shouldn't trust it now and if you trusted it before there is no reason to stop trusting it now.

(2) I don't think the USA has anything to do with the security of the internet, as strange as it sounds. What I mean is that even if Google moved all its data centers offshore then the USA would just put pressure on those governments to turn over the data. And if those governments refused there are other means of getting the data. Perhaps not as easy, but possible. Moving data centers around is as much PR as encryption itself, at this point in time. It might make a difference at the margin but not any huge difference.

(3) Forcing SSL I agree is a problematic policy. To me the question becomes if the world wants to go down that route why not go with a system that is built up from the bottom for security, like one of the various "darknets" or even a system like the neglected OFF? One of the things I have never liked about Tor is the fact that it is shoehorning security on top on an insecure system. Forcing HTTPS is the same in that respect. At some point in time it becomes better to scrap the internet has we know it and start all over again rather than iterating ourselves into a even more insecure morass. In other words, we shouldn't confuse an advancement in complexity with progress in security.


Clive RobinsonAugust 9, 2014 1:53 PM

@ Daniel,

With regards your three points,

1, Using encryption without understanding it and it's side effects is often a way for a user to unknowingly open up attack vectors, especially with some types of encryption such as stream ciphers of older design.

2, Agreed, it's a case of "moving the deck chairs on the deck of the Titanic". It's one ofmy major objections to "cloud services".

3, I suspect that a secure Internet will not be allowed by legislation sanctions and or military action based on the FUD of terrorism.

Nick PAugust 9, 2014 3:03 PM

@ Daniel

I disagree on point 2. Here's a few factors to consider for location with a given actor interested in your data:

1. Can the actor order the data out of you via the courts?

2. Can the actor order the data out of you in secret for national security?

3. Can the actor (or its friends) seize all your stuff without recourse?

4. Can they remotely and easily monitor all your communications?

5. Can they order the provider of your software or hardware to backdoor it?

With these, if you're in the US, the US can do 1-4 with ease and apparently 5. In a country that's a pushover, a few of these risks are still lower. In a country likely to resist U.S. pressure, all of these are no longer a problem.

So, location and citizenship matters. It shifts the situation from easy, legal, and often secret attacks to more direct attacks you might be able to deal with. Of course, depending on your priority, you might still need quite extraordinary amounts of security to beat the TLA. It can also help to have the host government backing you by ensuring a serious benefit for them, such as their own security or national productivity.

JacobAugust 9, 2014 3:49 PM


I don't understand why you guys claim that if the NSA is in cahoots with CAs, then they can perform MITM without the user noticing it:

1. If you give a CA your CSR and get back a signed cert, the CA is never exposed to your private key. You are the only one who possess the private key to decrypt messages.
Therefore, the NSA can't get anything from the CA in order to decrypt your comm.

2. The only way the NSA can perform MITM based on certificates (and not by other tricks involving TLS timing or other ephemeral keys tricks of the trade) is to fraudulently prepare a cert with identical target server data, and have it signed by the participating CA - hoping that the user will not compare cert fingerprints or use pinning/browser addons like Perspectives.

But if the NSA does want to MITM people who do not check certs data of critical sites, then instead of dealing with CAs, which many of them are foreign entities, the NSA can just get a CA authority for himself and generates whatever it wants. To simplify the process of getting approved into the cert store of commom browsers and such, being an approved intermediary is the best.

Nick PAugust 9, 2014 4:35 PM

@ Jacob

No 2 on your list is the main risk with corrupt CA's. Personally, I'm concerned they can coerce the service providers into giving them the keys or using a flawed key generation method. That gets around SSL (or anything similar) in its entirety. We saw FBI ask for Lavabit's keys and NSA corrupt a CRNG. So, there's precedent for the attacks themselves if NSA has the ability to pressure the companies. And if the companies went along with it, they'd still on the outside look like they were doing it for real. And only a small percentage of their insiders, if any, would have a clue about what they're actually doing.

Hell, NSA could even have had their people tamper with Google's stuff when Google asked them for assistance during the Chinese hacks. It seems most have forgotten that many vendors have been giving source or systems over to NSA for "certification and accreditation." Like with Siemens, they could've been doing more than merely assessing its security for defense.

So, we have both legal and technical risk on many of these products before we even consider their hacking or backdooring possibilities.

mj12August 9, 2014 5:28 PM

@65535


I notice that Geer goes under a rock at the end:

He has been stating things like that for quite a while, with the apex being, loosely, "I am old enough to not give a damn about all this new shiny (in)secure stuff, these are your problems now"

@Dave
re: Hushmail pwned legally

This is not the first time, is it?

SkepticalAugust 9, 2014 7:58 PM


@Nick: legal restraints are often greater in the US than elsewhere. And if you're in a country both hostile to the US and powerful enough to resist US pressure, then you have much more dangerous adversaries to worry about than the NSA.

Separately,

Re: Geer's proposal to "corner the market" on zero-day vulnerabilities

Not a new idea, given US efforts to purchase various weapons and material from the market.

There is the winner's curse to consider (namely that, for certain types of auctions, the winner of the auction will likely have overpaid for the item purchased) of course, particularly given certain aspects of what I would imagine the market for zero-day vulnerabilities to be. Outbidding the market for every zero-day vulnerability may not be a good deal for the US, even leaving aside the manner in which adversaries might game this to their advantage.

But I also don't think he goes far enough.

The US should additionally be actively trying to poison the market for zero-day vulnerabilities as well. One can imagine means of doing so, even given the greater challenges of doing so in the zero-day market than in less transparent markets (such as for nuclear material).

Essentially, a strategy of removing products from the market (some problems with this assumption as well, of course) should be combined with a strategy of reducing the price others are willing to pay by exacerbating an asymmetric information problem, i.e. transform the zero-day market into a market rife with lemons.

AlexAugust 9, 2014 10:34 PM

@timbus "And let's face it, if XKeyscore has been set up to actively target readers of the Linux journal, god knows what they make of schneier.com"

You need to assume that once you have posted here, your identity is already added to some NSA lists. They have spent resources to survey online games (see World of Warcraft, Second Life) and less important boards (cryptography, linux). This board is by far the most interesting for them.
Don't be fooled about the "terrorists" thing, terrorists have other things to do, they usually terrorize people and don't really have time to posts on blogs. They are not a NSA priority, games and blogs are more interesting ("let the CIA guys do this dirty job, let us take care of fun stuff").
Also, Skeptical posting above is a known NSA PR guy sent here for damage control, not doing a great job anyway. He's more and more on Stockholm Syndrome and soon he might get fired.

FigureitoutAugust 9, 2014 10:54 PM

Mike the goat
--Glad to hear you're ok. I expect to hear about my last living grandparent soon...she's likely got less than a year. Hope she goes in her sleep like her husband...

RE: blogsig
--I'll say I won't review the code as I'm just too busy. Also, that when some assclown eventually masquerades as me, is when I'll be really interested (if said assclown doesn't get me banned). Won't there be some issues if the plugin isn't compatible w/ Chrome?

Not to tell you what to do (seriously, just passing suggestion), I'd like to see some sort of sick Perl encryption script, and then a guide for "Grandma Betsy" to do it too.

Bruce RE: EFF
--NSA apparently tried to delete a public legal transcript from a court in the Jewel v. NSA case. I expect some sort of legal update from AlanS on this. I know you've got history and trust w/ the legal system (your dad was a judge), I don't, and this is making my case. More precedents that will make mine and everyone else in my generation's future a police state hell.

https://www.eff.org/deeplinks/2014/08/unsealed-us-sought-permission-change-historical-record-public-court-proceeding

/***** Simplified USB Wiping Via Linux Command-Line *****/

This simple procedure isn't intended for the neckbeards of security; for the noobs. For more true OPSEC, you do not re-use USB-sticks, you destroy them and scatter them in multiple places. For those of us that hate to waste something that can still be useful (and no need to install some other program, and if you can't get linux running on a PC then LEARN, it's easy, get w/ the program).

There are many peripheral drivers already pre-loaded and loaded on your computer and devices. That is where truer security will come from. When I eventually drift towards that code (and feel I'm really programming it), I'll simplify it too for those that can't otherwise.

Method taken straight from: [ http://www.pendrivelinux.com/restoring-your-usb-key-partition/ ]

They have a universal live USB-stick program that works in windows very easy and consistent (which means there's code bloat that you don't need, but it's OK to get to simpler OS's)

1. Note any drives you have plugged in.
2. Plug in stick and note drive letter (sdx) x being some letter.
3. Open terminal and type "fdisk -l", that's a lowercase "L".
4. Type "fdisk /dev/sdx" (replace x w/ drive letter, don't add the number if there is one)
5. Type "d" to delete partition.
6. Type "1" to select 1st partition (and go thru typing "d" and deleting all partitions)
7. Type "n" to make new partition.
8. Type "p" to make partition primary.
9. Type "1" to make it first partition.
10. Press "enter" to accept default first cylinder. If there's a virus in those 2000+ blocks, you can't solve that yet if you're doing this. Start somewhere, practice, research, learn, and kill the malware eventually; but not yet. Press "enter" again to accept default last cylinder.
11. Type "w" to write new partition to USB-stick.
12. Type "umount /dev/sdx1" (again replace 'x' w/ drive letter).
13. Type "mkfs.vfat -F 32 /dev/sdx1" (again replace the 'x'). Had a little hiccup on my end when messing around, doing "mkfs.vfat -t /dev/sdx1" got me back to reading the USB stick again for unknown reasons.

You can load the drive w/ whatever massive file[s] and then delete again if it makes you feel better. If you're up to it, try to learn the actual (likely C) code and corresponding Assembly code (you can keep going deeper if you want) and find compilers/assemblers you trust or make one yourself if you're truly badass.

/***** Flashing Your Router W/ DD-WRT *****/

Did this recently, if you haven't tried it yet, live a little and do it. You'll hear a lot of screamers telling you to be careful, heed their warnings and read some before you try (on a router you don't care much about). You can set up a VPN by yourself too (reliant on OpenSSL, so again heed warning and do it if it raises the attacker profile). The wiki pages are very good, and are again all you need, I'm just another confirmation that it works if you follow them. The router used was a Linksys E2500. Obviously make sure on dd-wrt.com that it is supported for your router before-hand. And yes, it's a Cisco router, the kind that had encryption that couldn't beat a 2-year old and a huge company that undoubtedly has backdoors. So wipe that firmware then.

/***** WARNING *****/

This is a potentially very dangerous operation (danger is my middle name :P ) because if you don't strictly follow the procedures you could either write the wrong file size or begin writing to the NVRAM in the wrong place, thus "bricking" your router. Which usually means you now have a new plastic box and a scrap-board to get some spare parts off of... While it's not 100% gone if you do this (there's some recovery procedures given, you would have to make or buy a JTAG connector), you really don't want to be messing around with all the frustrating errors and potentially permanent damage to flash chips, unless you enjoy learning and hacking it (I kind of do), then by all means brick your router and try to fix it! Speaking of which, that would be a good tutorial to do...

So for the list of materials, you need:
--Linksys E2500 router
--12V power supply for the router
--A standard Ethernet cable
--Stopwatch
--A computer with an Ethernet port and web browser
--Software (firmware .bin files from online)
--Saved HTML webpages for offline use
--Thin button pusher for the router reset button (could be many things, so get creative)

1) First, check to see if your router has been ported with DD-WRT. Initially I was going to flash Open-WRT but they didn't support the E2500, I was glad to see DD-WRT did though. Odds are, you can flash some open firmware on your router.

2) Start off firstly by reading up on how to do this. Once you do it, it's really not that bad; actually quite easy. The firmware writing and porting is the real hard work. Keep reading until you feel comfortable. All it took for me was these pages:

http://dd-wrt.com/wiki/index.php/Linksys_E2500
http://www.dd-wrt.com/wiki/index.php/Installation
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=51486

Download and save all these pages and of course the binary firmware files to a thumb-drive or your hard-drive for off-line viewing, you can keep a separate device to still look things up online too.

3) Now the most annoying part of flashing router firmware, in my opinion, is the "30/30/30" reset. I've never heard of it nor seen it in my limited embedded development experience. You have the router plugged in, and while plugged in, you need to hold the reset button (not the one on front, but on bottom of the device) for 30 seconds, then still holding the reset button, unplug the router for 30 seconds, then still holding the reset button, plug the router back in for 30 more seconds; totally 90 seconds of holding the reset button.

Make sure you have a little thin solid object to hold down the reset button and that you situate the router and your hands such that you can easily unplug and plug in the router while holding the button down. This is the hardest part of flashing, in my opinion, so not that hard.

4) Next connect your ethernet cable to the computer and your router. Since you shouldn't be connected to the internet, disable as many plug-ins and add-ons, virus protection, and clear caches; just to avoid some funny errors. Log into the web interface (type 192.168.1.1 into your browser). Now, they recommend to strictly use Internet Explorer (the default Microsoft browser) but I was able to flash the router just fine with the open-source Iceweasel browser, which is very much like Firefox. If you already have IE and you're on Windows, then go ahead and use that first.

Anyway, the default User name for the E2500 (with Cisco firmware) is "root" and the default password is "admin". Now click on "Administration" tab, then "Firmware Upgrade". You should already have the firmware file.

/***** WARNING *****/

Make sure the firmware file is the "mini" one, read the file name used in the picture. DO NOT FLASH ANY OTHER FILE BESIDES THIS ONE FIRST. Another part here where you could really brick the router. This file is needed before you can flash some other custom DD-WRT firmware.

5) So browse and find the file where you downloaded it, and click "Start Upgrade". Now, here's why I said you need a stopwatch. Wait for 5 minutes after you flash, to "insure integrity" as they say. Then after that, unplug the router for 10 seconds to power cycle and wait for 3 minutes after plugging back in. Then do yet another 30/30/30 reset. Then wait for 3 minutes to plug in the ethernet cable and log into the web interface.

And that's it! Congrats you flashed the firmware! Now you can download and flash other custom DD-WRT firmware. Just make sure it's no bigger than 8MB and is specifically for the E2500! Follow the same procedure above to reflash. I honestly didn't see that many more new features in the "big" firmware than in the "mini", so I may try another one.

Depending on your knowledge of the internet and networking, you can customize a lot of settings in the router. Like port settings, MAC-addresses allowed on, IP-logs, VPN settings, and on and on...I would leave most of the settings as default if you don't know them, and add the highest encryption (WPA2/AES) with a large key (63 chars), like you would make a secure password that's hard to crack. You could also disable WDS as there's a tool to hack into routers using this PIN number...

More "schneier-ified" tutorials to come in the future.

ThothAugust 9, 2014 11:16 PM

- Compromised computers (checked)
- Compromised services (checked)
- Compromised algorithms (checked)
- Compromised people (checked)
- Compromised providers (checked)

Hmmm.... we don't have enough knowledge nor enough wide spread general use of trusted computing nor codes. We dont have trusted algorithms. Our people, processes, providers ... all in the chain are not trusted. Computers, algorithms, code structures, protocols we are currently using are considered very old and should be outdated but somehow we are still using them happily. The odds are stacked against us (most of the time).

The only way out is simply overhaul everything. New wide spread use of latest trusted computing platform, trusted codes with trusted structures and the latest algorithms and protocols that are trusted and provable. People, politics and laws have to be replaced as well. This is the only way out - complete overhaul. The main focus wouldn't be business productivity and quick pushing out of products for cash and conning buyers as a goal but the new paradigm should be security from the very root.

The one big hindrance is whether the powers that be would sit quietly and accept the change or would they stir around in their lairs feeling the discomfort (they know everyone's gonna be more secure and that's for their businesses) and do something to it and the whole cycle resets itself like an endless loop.

As Nick P has pointed out, it's both the people and the technology instead of just technology that's the pain. It's gonna be a 270 degree slope to climb up the hill (climbing inverted).

ThothAugust 9, 2014 11:20 PM

@Figureitout
It would be much preferable to buy smaller capacity USB drives (if anyone accepts the risk of using USB) and after use, throw it out. Of cost this is not as efficient as using read-only CD/DVD which Nick P brought up in the USB post.

FigureitoutAugust 9, 2014 11:34 PM

Thoth
- Compromised computers (checked)...
--Yes. All of this. All compromised. We need to go back to computing roots and start again. A "Computing Renaissance", if you will. "Computing" encompassing everything you do on a computer and the fundamentals of putting the control of a TOOL that you (supposedly) OWN back into your control. My viewpoint is RF-shields and extreme power filtering, which after you receive an OS and hardware unsecured, there should be a reasonable cut-off of comms; but it's not practical really and there's ways around it. I'm at a loss, really.

RE: Low-capacity USB-sticks
--Yes, if you don't mind just one-time use and putting more metals into trash, that's fine. CD/DVD's aren't perfect either and decay eventually so you have to put them back into a computer eventually (opening up reading and external comms) and make another copy. Long-term they will decay and the data is lost forever.

Also, who's to say there isn't a way to overwrite a "CD-R" read-only disk, there are CD's that can be rewritten to...If we're going to take a dive, let's take a belly-flop, why don't we...?

Nick PAugust 10, 2014 12:01 AM

@ Skeptical

"legal restraints are often greater in the US than elsewhere"

This is true for the public police. I'm talking about the secret police, err "intelligence community's domestic powers." Those powers are stronger here than many other democracies and republics. That there are countries that are worse on this point doesn't negate that (a) there are countries' whose situation is better on this point and (b) it's better to be in them if one is developing these technologies.

Here, a decision by secret groups in executive branch can get you kidnapped, held indefinitely without trial, tortured, and/or executed. Believe it or not, there are a number of countries that would rarely do something like this except perhaps very extreme circumstances. They do trials and other boring stuff like that. A number of countries even have laws enforcing certain privacy rights and data protections. I know: crazy stuff to people in a country that steadily passes laws undermining such things. ;)

@ Figureitout

"Also, who's to say there isn't a way to overwrite a "CD-R" read-only disk, there are CD's that can be rewritten to...If we're going to take a dive, let's take a belly-flop, why don't we...?"

Last time I looked into it the material was made differently for CD-RW's to give them that property. Even then, their re-writes were limited. It's unimportant, though, in that you use a new CD-R for each transfer. Who cares if malware could write the incoming CD-R if it's going in the trash afterward. I could imagine DOS-style attacks done that way but that's a weak win compared to two-way communications with a rootkit.

Possibly the greatest benefit of CD's was brought up by Terry Ritter in a Kreb's Security discussion on Puppy Linux. It had a CD-RW update feature. I pointed out the risks and that targeted attacks would be straightforward. One of his counters cleverly pointed out that CD writes are very noisy. You *know* when the CD is being used. If all data goes in RAM at the start, seeing the CD running could be a clue to being compromised. Good a point as it was I still only recommend CD's for one-way communication or backups.

FigureitoutAugust 10, 2014 12:16 AM

Nick P
--So how do you verify this material yourself besides the label...? And the "noise" claim, peripheral drivers could cause a fan to turn on and the controller for the disk driver is an embedded chip...Oh hey hello hardware security problems...

I'm saying there's f*ckers out there stupid and evil enough that they don't care if they write a malware to your CD and infect your offline PC. For no reason as there won't be comms back, just a waste.

FigureitoutAugust 10, 2014 12:26 AM

Nick P
--Not to mention, if you aren't consciously listening for the CD-drive and don't have headphones on while you're working on something; you'll miss it unless you set up something else. Newer CD-drives are getting less noisy...

Nick PAugust 10, 2014 12:47 AM

@ Figureitout

It's why I advocate guards based on rather simple, some say crude, technology. Plenty of issues can be dealt with. Takes work, though. The CD-R method came up because Thoth wanted a solution a novice could throw together. Naturally, that entails some risk. ;)

Remember, though, that most attackers aren't the NSA. Defenses that stop those that cause the majority of damage are still worthwhile for most users. The way I look at it is that NSA, China, Russia, Israel, etc. can totally own them right now. They might own their next solution that stops the vast majority of attackers. In each case they own them, but there are fewer attackers that have a shot (and can do resulting damage). See how that works?

FigureitoutAugust 10, 2014 12:54 AM

Nick P
--Yeah don't winky-smiley face at me. I don't trust the guards yet, haven't set one up yet and don't believe true one-way comms. Especially when you're already infected to the brim; that's my challenge now. People watching me, f*ck off!

My non-electrical methods can defeat all TLA's, I don't care who you are, you simply won't crack them. Try and I get your identity as you fall for pre-made traps; it's what all attackers should know by now; pre-set traps to capture you and your methods. The game ends when they kill me, in which I prove my point we live in a police state world.

WaelAugust 10, 2014 1:15 AM

@Mike the goat (horn equipped),

I apologize for being away from Schneier.com for a while.
I've been guilty of the same...

WaelAugust 10, 2014 1:27 AM

@Figureitout,

Hope she goes in her sleep like her husband...
Sure beats the alternative:
"I want to die peacefully in my sleep, like my father. Not screaming and terrified like his passengers." -- Bob Monkhouse

some assclown eventually masquerades as me
I often think about that. What's to stop someone from masquerading as another, blog control-wise?

Nick PAugust 10, 2014 1:56 AM

@ Wael

"I often think about that. What's to stop someone from masquerading as another, blog control-wise?"

What's in the email and IP fields for starters. If you make it consistent, it provides an authentication method. Then, there's writing style, private message's one sent, etc. There's always the face-to-face visit with driver's license and plenty explanation in worst case.

@ Figureitout

You don't trust guards but NSA (and Five Eyes) does. Seeing as they're at the top of this food chain that's worth taking note of. I wouldn't trust specific products they advocate to defend against them, but their internal [yet public] requirements were always educational. All a basic guard does is pull outside data into memory, interpret it with many checks, accept/deny certain flows according to a security policy, log all issues, and typically add rigorous assurance activities to lifecycle. Would you toss any of these requirements when designing a middle node?

@ Daniel

I can't overstate enough that it's just a start to me. I still maintain my years of pushing for security component by component, layer by layer, and interaction by interaction. One should avoid a location that nullifies all his or her work with ease. Yet, outside that location, there's still a ton of attacks to defend against. The relocation just cancels (or reduces) certain risks.

WaelAugust 10, 2014 2:26 AM

@Nick P,

All are weak controls. IP: I posted from several countries and states, used over a dozen computers and smart phones, several browsers (various fingerprints). Writing style: Can be imitated. Then I can post something with my name, say something I want to deny later by putting the wrong email address, and then claim to the moderator that it wasn't me (repudiation).

private message's one sent
Not sure what that means!

There's always the face-to-face visit with driver's license and plenty explanation in worst case.
Ditto...

WaelAugust 10, 2014 2:30 AM

@Nick P,
An easy (and standard) way is to add another field with a shared secret or a signed hash of the post (PKI). Adds more overhead to the server, but nothing is free. It could be automated on the client side... Another feature to add to the "blog smart phone application" I mentioned a while back...

FigureitoutAugust 10, 2014 2:44 AM

Wael
I often think about that. What's to stop someone from masquerading as another, blog control-wise?
--Hmm, let me try it real quick after this. Being absolutely transparent about it and using my same infected path.

Nick P
--Yeah, all of that sounds nice. How does it actually translate to reality, as in which chips, languages, code, flashing methods, etc...? I don't follow NSA PSA's, rather not waste my time w/ obvious lies. And I don't think they're at the top of the food chain either, they just sit there like fat pigs benefiting from a corrupt system, hiring weak pussified "hackers". Other hackers could own them easy head on w/out their lazy systems that involve gun barrels to the head or metal bars.

Daniel
--If you had linked to the actual article, it was badass.

http://arstechnica.com/tech-policy/2014/08/father-of-pgp-encryption-says-telcos-need-to-get-out-of-bed-with-government/

WaelAugust 10, 2014 2:50 AM

Hey guys! :)

Do you like C v P? Castles and Prisons! OMG I love the TPM! @Clive Robinson, do you like Earl Gray tea?! @Nick P, Hi! How are you?! I love you!

Hey, a limerick for you guys, which I know you will hate! :)

Everyone here, shedding tears.
Don't know what they want, nor know the years.
Know they can't make it, beat their fears.

:) Look another smiley face! OMG!

[ Fabricated by Figureitout ]

Clive RobinsonAugust 10, 2014 3:54 AM

@ Wael,

Did you note the above comment about impersonation involving style?

If you'd left out the rhyme --or the aproximation there of ;-) -- you might have got away with it :-)

Whilst you are not as bad as "Nancy Millstone-Jennings of Sussex" some would at least rate you as geting into the leg chewing off catagory of galactic poetry [1] =80

[1] For those of either young and tender age or not familiar with humorous English literature, look up "Ode to a small lump of green putty...".

WaelAugust 10, 2014 4:29 AM

@Clive Robinson, realizing that you know you are talking to a transparent impostor

I don't use the expression OMG either. When I talk about drinks there is a significance to it ;) I do use smilies and emoticons just so I am not taken as an "aggressive" poster, and I often question my use of them. As for the limerick, it's not one. limericks have an AABBA (not the Swedish band) format and typically have a lewd theme. I used to call them "area code 11221" earlier.

@ Wael [ Fabricated by Figureitout ],
Good try... I have a sock with your name on it, I just might "sockpoppet" you one of these days (and a smiley, of course) :)

Seriously, though! You posted with my name and the blog filter allowed it! I never tried, and you showed my suspicions to be true. At least it gives a vector of deniability should one of my posts become problematic in the future...

Clive RobinsonAugust 10, 2014 5:00 AM

@ Figureitout,

As for guards they work or don't work according to the design objectives.

You can with a pair of wire cutters snip the RX channel in a comms cable, providing the comms you are using can genuinely work "half duplex" then you have the start of a data diode.

The problem is two fold, firstly there are few genuinely half duplex protocols. The second is simple data diodes don't check content of messages passed.

For the data diodes I've made and still make I use either good old fashioned 24V serial data comms --which many incorrectly call RS232-- or ten meg ethernet in full duplex mode (contrary to what you might expect this tells some chips to not expect return signals or keep alive pulses).

There are other things involved by necessity like ASCII armouring by using 8bit to 6bit coding with short data packets of 64chars and a 4char checksum. This is then further wrapped in a Forward Error Correction system. To reduce the likelyhood of errors happening thus removing a back channel for error correction. To help this the cable is effectivly spliced, such that it goes from the diode transmitter to the targets RX port and then continues to an error correction monitor RX port. It is this monitor being furthest down the cable that transmission errors would be expected to be picked up and it is the monitor not the target that provides comms error correction signals back to the transmitter. The target will flag up a transmission error if it detects one, but does nothing about it other than "mark the file" and alert the human operator such that they have to take corrective steps manually.

Such "serial comms diodes" can be easily made with very low cost PIC microcontroler development boards. The cheaper and smaller the PIC the less likely it is that the hardware has been "backdoored". I would expect any under graduate or keen hobbyist to be able to build such a system with little difficulty.

If you want to do it with ethernet then hunt out a book called "TCP/IP Lean" by Jeremy Bentham, which shows you how to build a simple but working IP stack on both old PC hardware and PIC microcontrolers.

To turn a simple diode into a guard requires quite a bit more effort on the software side and quite a bit more knowledge, much of which is not freely available and changes with various attack surfaces. Put simply you are looking at the message not as a container as for the simple data diode but inside the container for malicious or prohibited by policy content, that needs to be expunged before forwarding to the data diode.

I won't go into this further other than to say have a policy of only human readable plain 7bit ASCII text files to make life easy for yourself. One trick is to have aplications "print to file" in Postscript form then use ps2ascii or equivalent printer filter. I often do this not for security but to then put in a source control repository and by further converting to an inverted list form put it in a database for searching (this habit goes back to the early 90's). However such a DB does make quite a good "security log" if done correctly.

Clive RobinsonAugust 10, 2014 6:37 AM

@ Wael (the real one),

And there was me thinking you'ld have realised that as your rhymes are longer and of more complex style I was having a dig at the imposter by yet again sending him on a Douglas Adams quote hunt....

To save @ Figureitout a little of the pain, of finding out the fate of the worst poet in the universe,

http://m.youtube.com/watch%3Fv%3DmrIrcV9Bgmc

And for those looking watch out for the putrefying swan refrence to see why ;-)

Iain MoffatAugust 10, 2014 7:02 AM

@Clive: The TCP Lean Book is advertised at http://www.iosoft.co.uk/tcp2ed.php

Another relatively old but free source of an IP stack for small hardware (I first ran it on an 8086 in 1989) is KA9Q NOS for which C source is still to be found at http://www.ka9q.net/code/ka9qnos/ - KA9Q supports both SLIP and Ethernet as well as ham radio protocols.

I think I would probably go down the unidirectional ethernet route to implement a data diode from "outside" to "inside" if large files need to be shifted and I appreciate your idea of an "error correction monitor" (in this case it could be an FTP server used to receive data but not use the received files). With the error correction monitor in place you can implement the unidirectional link as a passive tap on the cable between the "outside" computer and the "error correction monitor" pc in which case existing tools to reassemble files on the "inside" PC from a monitored tcp session can be used e.g. http://tcpxtract.sourceforge.net/ . A minimal tap is described at: http://www.ossmann.com/5-in-1.html#throwingstar

Personally I am happy that the attack surface of a real physical (16550 or similar) UART is small enough compared with USB or disc media to use bidirectional serial file transfer manually initiated from the "clean" end to shift data between "clean" and "dirty" computers unless defending against targeted attacks and certainly enough to keep any common or garden malware from jumping to the clean side. I do agree with you that sticking to 7 or 6 bit clean file formats (which should be non-executable on arrival at the clean side) is a very good precaution.

The major risk, as you have identified, is that incoming data files which support embedded payloads that are not guaranteed visible to an end user need to be examined robustly before they are opened. Most (all?) of the classic MS Office file formats with OLE support fit that description as does PDF - Postscript should be safer but is still essentially a FORTH program - page description languages such as pure 1990s HTML free of scripts is probably safest of all (and it is relatively easy to write a filter to strip incoming HTML of all but a known set of safe tags). I actually like using a "print file as one .png per page" utility to create safe archival or shareable copies of PDF and Office files that still look like the original,

Iain

Nick PAugust 10, 2014 10:38 AM

@ Wael

The I.P. trick won't work for you for the reasons you gave. People like myself who post from one or two devices whose I.P. doesn't change often are more identifiable. PKI isn't happening because they're not changing the blog at all. That discussion has long been settled. Writing style just worked (see below). Private messages mean Bruce knows two of my email accounts, one stateside and one in Switzerland, allowing me to send him out of band authentication. So, if blog owner prefers ease of use over authentication and I'm kind of lazy, the methods I propose work in practice despite not being ideal.

@ Figureitout

"I don't follow NSA PSA's, rather not waste my time w/ obvious lies. And I don't think they're at the top of the food chain either, they just sit there like fat pigs benefiting from a corrupt system, hiring weak pussified "hackers". "

Don't forget the military, NSA, and a few colleges invented the INFOSEC field plus its better standards. The field's early work (incl NSA) showed how to correctly handle design, analysis, pen testing, and so on. Plenty to learn. Specifically, you can take old mail (SMG) or network (SNS) guard papers' designs as is. Still will be very secure if you do the implementation right. Just inspect each piece of code for the known code injection methods, use safe coding conventions, put I/O in user-mode, and use PIO hardware. Result is quite secure to this day.

Today, NSA's INFOSEC work has been exceeded by academia, NSF funded programs, and DARPA funded programs. This is true even in crypto. (Everyone point at NSA and laugh.) Old stuff is still good, though, if you can't do custom chips and are using dated hardware. Sounds like someone I know. ;)

"[ Fabricated by Figureitout ]"

I knew who it was on the first sentence. So, my identifier paid off. :P

Btw, you should avoid doing that again. We did a few rounds of that stuff back in the day, with me playing Clive. The Mod didn't like such games. We stick to our own identifiers here for a productive discussion.

Clive RobinsonAugust 10, 2014 10:41 AM

@ Iain, Figureitout and others that fancy building a data diode / guard,

Microchip has moved on a pace since the TCP/IP Lean book was published, the PIC18F it uses is awkward to program and requires you to buy a C compiler as well as a dev board which, is not good value for money when compared to more upto date Microchip offerings.

Although it's getting old the PIC24 or PIC33 chips are way more powerfull and come with a free C compiler based on GCC. The Explore 16 development board takes any one of a whole variety of PIC chips mounted on header cards, and has three "PICtail" expansion ports, for which Microchip make available a large range of peripheral chips including Ethernet and Memory Cards.

Microchip also have royalty free software for these boards including a TCP/IP stack, Memory card and file system and USB stack for it's USB parts (for which I developed a prototype PICtail card to interface to a Motorola G24 GSM mobile phone module, for a project that I've mentioned before that did not go as I would have liked).

To save a lot of time and effort puting it all together for an ethernet device have a look at this page,

http://www.ljcv.net/projects/exp16/index.html

Iain I had fogoton to remember KA9Q, that takes me back into the 90's where a friend of mine hacked the code to be used by one of the first reasonably priced ISPs in the UK which was "Demon", they kind of upset Demon by developing a NAT backend so that you could turn a Windows box into a bastion firewall gateway and NAT router for your local LAN whilst still paying the single computer connection tariff... happy days ;-)

Nick PAugust 10, 2014 11:03 AM

@ Clive, Iain

re TCP/IP

Let's not forget about the well-known TCP/IP stacks: Foxnet in Standard ML, IwIP for embedded, FNET for 32-bit microcontrollers, or KAME for BSD. Ok, Foxnet isn't well-known but a whole stack in concise ML is pretty cool. :)

EDIT: Clive beat me to the Microchip stack before I could finish typing this haha.

re guards

Let's not forget the strategy of the Network Pump. It allowed TCP (reliable/ordered) while still being one-way. It just had to handle the acknowledgements. That design is pretty simple with essentially a trusted component in the middle that buffered the data and checked/processed the ACK's. A person can build this with microkernel address space separation, several cheap physical devices, and so on.

This leads to the next possibility: a software guard. Combining an isolation kernel with message passing, user-mode PIO drivers, full control-flow integrity (static design), state machines, and an assured pipeline-style security policy. The result has small amounts of simple code. The advantage of this design is it can be retargeted to new uses. The retargeting might be done by swapping out the storage, issuing a command to point at different code, and so on. I've favored these despite difficulty in development because the difficult parts are typically reusable in future designs. My old discussions with Clive leveraged the same separation kernel tactics repeatedly in slightly different ways to solve very different problems. Shows benefit of reusable solution.

" Most (all?) of the classic MS Office file formats with OLE support fit that description as does PDF - Postscript should be safer but is still essentially a FORTH program - page description languages such as pure 1990s HTML free of scripts is probably safest of all"

I used to favor HTML 3.2 and RTF for that reason. People said I was crazy. Well, my box wasn't getting hacked all the time by mere documents. :O RTF loaded crazy fast, too! Btw, PDF-A format is a nice tradeoff I've recommended if one wants to use PDF and reduce risk simultaneously. Best if that's combined with a method of scanning the PDF to ensure it's (a) PDF-A and (b) doesn't have odd constructions. PDF is a security risk by design with the format both being Turing complete and having DOS attacks built-in. Postscript is also Turing complete.

Clive RobinsonAugust 10, 2014 11:04 AM

@ Iain, Nick P,

With regards your idea of using a "snoop" on the link to an FTP server that in reality is the error correction monitor, I would suggest using either TFTP because it's a much simpler protocol or perhaps using a UDP version of syslog which again is a very simple and robust protocol.

But also as you said a lean version of HTTP using a striped down server as the monitor and a modifed version of wget to push the data might be another option.

The choice I suspect will fall to the ease of catching and using the error correction from the monitor on the "snoop" that is the diode / guard output.

Perhaps Nick P has experience of this --from his experiments he has mentioned-- he might care to share.

Personaly I think designing and releasing the design of a data diode with extensible guard would be a valuable first step which would be not only well within a home constructors abilities but also fairly easy to CAD up as a PCB to turn into a comercial product for those that just want a turn key system.

As a start point the cheapest boards for the data source and monitor are probably the Raspberry Pi which leaves the design of the snoop system to act as the diode output.

65535August 10, 2014 11:36 AM

@ Jacob

Your two posts show the problem with the NSA and CA’s. We don’t know what is going on between them because it is “secret.”

We do not know the extent of “full service SSL certificate providers” providing both the private key in addition with the CRS generator and then the full SSL certificate [you linked an example of a producer of both the private key and crs for SSL Certificate - both keys are know outside of the owner's control].

The point is the NSA has said it has no problem breaking encryption and their Bullrun slide indicates that the “Turmoil” box has arrows pointing to two “CA Service Requiests” boxes and then eventually to “Longhaul attack Orchestration.” It looks like NSA accessing CA’s on the fly - but that is only a guess.

See left bottom corner of Bullrun slide [Wikipedia]:
https://en.wikipedia.org/wiki/File:NSA-diagram-001.jpg

We don’t know if the NSA is getting forged certificates or getting the private keys from the CA's when intercepting encrypted communications. Both ways are distasteful.

[I agree with Nick P]

“No 2 on your list is the main risk with corrupt CA's. Personally, I'm concerned they can coerce the service providers into giving them the keys or using a flawed key generation method. That gets around SSL (or anything similar) in its entirety. We saw FBI ask for Lavabit's keys...” Nick P

That is a fair statement. There are plenty of easily coerced service providers. And, we know there are plenty of holes in Certificate chain system – but that beyond the scope of this post.

[Now to full service SSL certificate providers and hosting companies]:

Take Godaddy who requires you to use their crs and their SSL certificates on their sites - they provide SSL certificates from start to finish. You don’t really know if your private is key “escrow-ed” or otherwise copied – it’s a one stop shopping arraignment.

[Godaddy]

“NOTE: If you want to install an SSL certificate on our shared hosting, Website Builder or Quick Shopping… you must purchase one of our SSL certificates. We do not install SSL certificates from other providers on our shared hosting accounts.”

http://support.godaddy.com/help/article/542/what-are-ssl-certificates

"Requesting a Standard or Wildcard SSL Certificate"

"1. Log in to your Account Manager… [their web console]..."

"8] Click Request Certificate next to the certificate credit you want to activate…"

"12] Verify the accuracy certificate request, and then click Next."

“After you submit your request, we must verify your application… If you selected Web Hosting, Grid Hosting, Website Builder... or Dream Web Site when you requested your certificate, we automatically update the IP address for your website when your SSL is approved.” -Godaddy

http://support.godaddy.com/help/article/562/requesting-a-standard-or-wildcard-ssl-certificate

That is all the information you are going to get on exactly how secure your keys are. This is a common practice.

Even thought there are built in safety mechanisms, Godaddy is subject to the jurisdiction of the NSA and must adhere to their NSL’s, gag orders, and hand over has much information as legally required – probably on the fly. There could be some method of CA's helping the NSA decrypt your SSL communications via Bullrun.

@ mj12

I am just observing the ethical problem of Geer making a lush career out of collecting zero-day exploits for the CIA, back-door’g a wide swath of electronic equipment and dramatically increasing dragnet spying, and now confronting the monster on his doorstep - which he helped to create. It’s no wonder why he wants to keep a low profile in digital world.

papersAugust 10, 2014 12:10 PM

@nemmo:

"That is unlikely to bother the NSA excessively. The NSA works very "closely" with the certificate authorities, so most SSL is effectively decoded on the fly. GCHQ does it too (Flying Pig) and, according to statements made during the NSA spying hearing in the German parliament, the BND does it too."

Any sources in this would be extremely valuable.

Sancho_PAugust 10, 2014 12:14 PM

@Jacob, @Nick P (9th, 3:49 PM)
@65535

Certificates, CA’s and MITM:

There is a very interesting explanation and suggestion how to detect MITM attacks, at least to detect a company's proxy:

https://www.grc.com/fingerprints.htm
I think it’s nice because even I seem to understand most of it ...

However, I have three concerns with that kind of detection:

1) Quote from their box in the middle of the page:
“Since the SSL Proxy Appliance does not have the private key of the remote server—because only the remote server has it—the fake & fraudulent certificate the SSL Proxy provides to the user's web browser is forced to use a different public key for which it does have a matching private key.”

—> I’m afraid if the “SSL Proxy Appliance” (= your country’s National Security Agency) by any means got that private key (which is very likely for the huge “international” services) you can stop reading now. The fingerprint will be the same, it would be not detectable by the fingerprint.


2) Further down the page they talk about their privileged position:
YOUR web browser's Internet connection MAY be intercepted by your employer, school, church, ISP or whatever organization is providing the Internet connection. But GRC's connection is NOT being intercepted by anyone. We use the “Tier 1” provider “Level 3” to connect directly to the Internet Backbone with no third-party between us and any remote website. So, with this page, WE can obtain any website's authentic HTTPS fingerprint to show you what it SHOULD BE.”

—> There is a long way from my browser to the targeted server.
What if the attacker / proxy is between GRC and my target, wouldn’t we both receive the same faked certificate?


3) How can I trust THEM (GRC?)? Whatever “they” write could be from (any) NSA.

Basically, I might trust Bruce when he’d display the hash and state that no one has his private key, just for his nice mugshot ;-)

However, I’d never trust Mr. Google or Mr. Microsoft or … because they simply do not know enough about their own organization, everything above a one man show is extremely dangerous, everybody could have the company’s private key without his knowledge. Supposedly there are spies between us.
Skeptical people may not have seen any evidence, though …

(I guess the big ones will not use a “full service SSL certificate provider”, but errors may occur anyway)


And, last not least, there is the “wonderful, completely spoof prove EV certificate”. From the above linked page I’m not sure why that will not invoke other issues, an embedded list, transparent to invisibility?
Probably someone could explain that, please?

Also, Bruce’s page does not have the EV certificate:
So it is dubious - err, the first or the latter? ;-)

nemmoAugust 10, 2014 1:39 PM

@papers

Sure, I'll do a FOIA request for you. Alternatively, just ask your superiors for a printout.

versierraAugust 10, 2014 2:02 PM

Papers: haven't they got a copy of the Snowden leaks in your office? Would you like us to send you a link?

Nick PAugust 10, 2014 2:13 PM

@ Sancho_P

1. True. We must assume that.

2. Use of Tier 1 provider doesn't mean crap. It means they *might* have correct visibility and no tampering. Yet, we know NSA (and many companies) integrate tightly into the backbone. NSA's integration is tight enough that they can respond to a request before the legitimate server. (!) Not to mention Tier 1 operations are a black box running on complex black boxes, a number of which are made by U.S. companies with defense contracts.

3. Gibson has plenty of history. His behavior over time seems to indicate that he's putting forth honest attempts at various problems and quite knowledgeable of system/Internet issues. However, he's a small fish in US TLA's territory. He can't be trusted due to coercion possibilities. Instead, like I advocate for every proposal, we should just assess what he puts forth and accept/reject *that* rather than *him*.

re EV certificates

The protocol and verification may be better. I haven't extensively studied it as I don't rely on that. Their faith in EV certificates to stop spoofing due to what's in the browser ignores the fact that, just as malware can add CA's, it might modify EV handling or the EV list. There's probably some attack in that area. If nothing else, just modify the executable to activate the EV display upon seeing a specific site. That site *would* be HTTPS, but surely *would not* be the site you think.

Sancho_PAugust 10, 2014 3:48 PM

@Nick P:

Thanks.

at 2) “they *might* have …” - OK, I see.

re EV certificates:
To me it doesn’t sound to be much different from other certs stored in the browser.
Those in that invisible (?) list for sure are the big ones.
Tampering a browser or system update would be fatal anyway.

65535August 10, 2014 4:14 PM

@ Nick P

“2. Use of Tier 1 provider doesn't mean crap. It means they *might* have correct visibility and no tampering. Yet, we know NSA (and many companies) integrate tightly into the backbone. NSA's integration is tight enough that they can respond to a request before the legitimate server. (!) Not to mention Tier 1 operations are a black box running on complex black boxes, a number of which are made by U.S. companies with defense contracts.” – Nick P

I agree. The NSA has the advantage of a race condition and probably other advantages.

@ Sancho_P

Your post brings up more vectors of attack [and more questions].

“I’m afraid if the “SSL Proxy Appliance” (= your country’s National Security Agency) by any means got that private key (which is very likely for the huge “international” services) you can stop reading now. The fingerprint will be the same, it would be not detectable by the fingerprint.” –Sancho_P

This is the problem with “one-stop shopping” Certificate vendors who not only issue the crs [with the public key] plus they generate the private key and could record it [or transfer it to the NSA]. As Jacob brings up with his link https://www.gogetssl.com/online-csr-generator/

[Note the above service just generates the crs, the private key and sends it to known CA for their signature of approval]

“Machine-Resident Interception: At least two anti-malware products — BitDefender and Kaspersky A/V — operate as local HTTPS intercepting proxies… Note that since extended validation (EV) certificates cannot be spoofed, any use of these machine-resident connection intercepting systems will disable all extended validation certificate display.” –Gibson Research

https://www.grc.com/fingerprints.htm

I would like to know more about the built in https interception proxy/SSL stripping and its capabilities in BitDefender [Now superseded by M$ Security Essentials, which doesn’t have an option to shut off the SSL interception proxy/] and Kaspersky AV. This would seem to be yet another vector of attack on SSL/TLS. Both of these products call home and could reveal clear text of SSL/TLS sessions on a users computer.

Speaking of Anti-virus vendors, what happen with that survey of AV vendors and their answer as to their cooperation with the NSA?

https://www.schneier.com/blog/archives/2013/12/how_antivirus_c.html

JacobAugust 10, 2014 5:53 PM

From

http://www.propublica.org/article/leaked-docs-show-spyware-used-to-snoop-on-u.s.-computers

-------------------------------------
"Documents also reveal that Gamma had been working to bypass encryption tools including a mobile phone encryption app, Silent Circle, and were able to bypass the protection given by hard-drive encryption products TrueCrypt and Microsoft's Bitlocker."
-------------------------------------------
If this is true (re TC and BL), and if they do not mean malware contamination, cold-boot attack or FireWire injection - meaning machine in an OFF state - then this is A Big Deal.

I personally doubt that they can do that.

JacobAugust 10, 2014 6:00 PM

Edit:

OK, this is a boot-loader contamination. From a linked doc in the above news article:
------------------
"FinFly USB can now be converted to a
bootable USB that is able to infect Target
Systems during the boot process. This can now also be done using a CD-Rom.

Important:
This infection technique works even when the Target System is switched off and full hard-disk encryption software like TrueCrypt or Bitlocker
is used."
---------------------

Sancho_PAugust 10, 2014 6:20 PM

@ 65535

The question was for malware.
NSAware is not malware !!!
There is a difference between national security and criminals, you should know that :-()

Nick PAugust 10, 2014 7:16 PM

This Week's Paper Release

Here are some papers I dug up today as I looked into microprogramming and network processing. Accidentally found a new software protection, data flow integrity, that's somewhere between control flow integrity and full information flow control. Got a paper on an old capability scheme that might be mixed with an updated version of capability-based hardware or operating systems that I've already posted. Grossman's technique is dated 1999, meaning potential patents might be gone before the product is even done.

Software Papers

Securing Software by Enforcing Data-flow Integrity (2006) Castro

Abstract: "Software attacks often subvert the intended data-flow in a vulnerable program. For example, attackers exploit buffer overflows and format string vulnerabilities to write data to unintended locations. We present a simple technique that prevents these attacks by enforcing data-flow integrity. It computes a data-flow graph using static analysis, and it instruments the program to ensure that the flow of data at runtime is allowed by the data-flow graph. We describe an efficient implementation of data-flow integrity enforcement that uses static analysis to reduce instrumentation overhead. This implementation can be used in practice to detect a broad class of attacks and errors because it can be applied automatically to C and C++ programs without modifications, it does not have false positives, and it has low overhead. "

Nick's note: Excellent work because it catches stuff control flow analysis can't, has no false positives, doesn't kill performance, and is useful for legacy code.

An Implementation of Guarded Pointers with Tight Bounds on Segment Size (1999) Grossman et al

Nick's note: Capability- and segment-based architectures have proven security value. Segments are fast, but there's often tables to manage. Capabilities are very powerful, but most old architectures had to pull whole lists of them in along with pointers and data. This older paper introduced guarded pointers that encode permissions and segment information in the pointers. (CHERI takes this approach.) Total pointer size is 128 bits, with 64 bits being for the address. Supports safe pointer arithmetic, hardware bounds checking, public/private object members, more effecient use of garbage collectors, selective chopping of permissions off derived pointers, and of course unforgeable pointers. Would make a nice piece of hardware to implement object descripter architectures like Intel i432 APX or hardware interpreters (eg JVM).

Hardware Papers

I was working on easy routes to add microprogramming to RISC cores. That's when I stumbled upon this nice paper on the subject that focuses on MIPS:

Microprogramming by Arvind at MIT CSAIL

Just now stumbled on a DLX version from same author. Plenty of good detail on the subject and specific implementations.

Web Extension I: Survey of RISC Architectures Patterson and Hennessy

Nick's Note: This paper goes into detail about the similarities and differences between a large number of RISC processors. This include desktop systems such as PowerPC & Alpha, along with embedded such as ARM Thumb & SuperH. It shows how the various processors handle instruction encoding, addressing, procedure calls, multithreading, etc. People evaluating what chip their secure stuff should be built on might find this information valuable. So will anyone wanting to understand assembler more.

Instruction set extensions for cryptographic applications 2008 Barolini

Nick's Note: This paper covers *many* different ways people are trying to accelerate cryptography with hardware. This ranges from full implementations of the algorithms to instructions representing operations common to all of them. The paper gives lot of numbers, too.

Run-time reconfigurable processors Dr. Campi (STMicroelectronics)

Nick's note: This paper first surveys the various methods the field is using. That was interesting by itself. The paper looks at coarse- and fine-grained reconfigurability. They present the DREAM architecture that combines a RISC core and a reconfigurable fabric. Main processor handles generic stuff. The fabric is essentially used as a dataflow architecture for computation similar to DSP's. It's supposed to run data crunching "kernels" for encryption, telecom, and multimedia. It's programmed in a single-assignment C that's converted to a data flow program, which is mapped to the fabric. The fabric can reconfigure in only 2 cycles and there's a cache of configurations so they can be alternated super-fast. Claimed that trained users got a 10-100x speed-up on various algorithms in one week. Nice.

A novel network processor for security applications in high-speed data networks Vlachos

Abstract: "This paper describes the programmable protocol processor (PRO3)
architecture, which is capable of supporting advanced security services over high-speed networks. Security services include such things as a firewall, packet and flow classification, connection-state handling (i.e., stateful inspection), higher-layer protocol data unit (PDU) reassembly (i.e.,
application-level firewalls), and packet encryption and decryption. The PRO3, which is integrated with a high-speed line card, attempts to accelerate the performance of the firewall by implementing key functionality in hardware and by optimizing the balance between hardware and software functions. In this way, significant performance enhancements can be achieved, such as making transport control protocol (TCP) and Internet protocol (IP) data transactions secure, and protecting and separating virtual private networks (VPNs) from the external public network. The PRO3 incorporates an innovative scheme—a reduced instruction set computing (RISC)-based pipelined module with line-rate throughput—that makes it possible to process high- and low-level streaming operations efficiently. Using microcode profiling and simulation, we give performance results for a stateful-inspection firewall application with network address translation"

Nick's note: They combine dedicated hardware circuits, a RISC core, a reconfigurable module, and microprogramming to create a processor capable of line-speed network security processing. The classifier uses programmable logic and content-addressable memory for high speed matching. Dedicated functional units combined with the RISC core increase flexibility. The reconfigurable module handles the most performance-critical parts of the protocol engine. The thing can be retargeted to many protocols. Performance for IP networks showed 2.5Gbps average throughput on stateful packet inspection firewall with NAT. Classification, queuing, and scheduling engines were able to hit 2.5Gbps in *worst case*. Chip was fabbed on 0.18-micron at 200Mhz clock rate. This is commercial: Lucent Technologies.

A Case for Asynchronous Microengines for Network Processing 2014 Madan & Brunvand

Abstract: "We present a network processor architecture which is based on synchronous microcoded controller hardware (a.k.a asynchronous microengine). The focus of this work is not on the processor architecture, but rather on the asynchronous microcoded style used to build such an architecture. This circuit style tries to fill the performance gap between a specialized ASIC and a more eneral network processor implementation. It does this by providing a microcoded framework which is close in performance to ASICs and is also programmable at the finer granularity of microcode. Our approach exploits the inherent advantages of asynchronous design techniques to exhibit modularity, lower power consumption and low EMI. We have evaluated our circuit style by demonstrating fast-path IP routing as the packet processing application. For shorter design cycle time, we have implemented our design using Xilinx SpartanII FPGA board. However, we are extrapolating our results for a best-guess ASIC implementation."

Nick's note: This is more like the PISC processor I linked to previously. The design is interesting because it's a dataflow style processor that uses asynchronous, microprogramming for its operation. They also implemented a stateless firewall using the microcode. It was evaluated against the Click modular router. Processing an IP packet takes a total of 17 micro instructions. Performance was extrapolated to be over five times that of Click on similar process node technology.

SkepticalAugust 10, 2014 7:33 PM

@Nick - I'm talking about the secret police, err "intelligence community's domestic powers." Those powers are stronger here than many other democracies and republics. That there are countries that are worse on this point doesn't negate that (a) there are countries' whose situation is better on this point and (b) it's better to be in them if one is developing these technologies.

I actually don't know of any developed countries where intelligence services have less legal authority than the United States. The US, domestically, is actually quite restrained in many ways, especially compared to other nations. Outside the US, it's another matter.

Here, a decision by secret groups in executive branch can get you kidnapped, held indefinitely without trial, tortured, and/or executed.

Yeah, that happens all the time in the US. It's a serious concern. People are afraid to speak out against the government, mock the President, allege all kinds of things against him. Political opposition, politically unpopular businesses and causes - these are all impossible in the US because of the threat of being disappeared by the executive branch.

Ah, wait a second. I'm sorry. In the US the only case remotely close to that scenario would be Padilla, a highly unusual case in many respects, who was transferred to civilian custody.

Perhaps you're thinking of Russia?

Believe it or not, there are a number of countries that would rarely do something like this except perhaps very extreme circumstances.

Please describe the frequency with which the executive branch kidnaps and executes persons in the United States, and why this should be a serious concern for anyone thinking of becoming a resident or a citizen of the US.

papersAugust 10, 2014 7:48 PM

@nemmo
@versierra

No I'm legitimately asking for all sources you have on CA and NSA co-op since I'm writing a paper on surveillance
and am having hard time proving this is exactly what's going on. I'm not trying to be a douche but academic.

Nick PAugust 10, 2014 8:45 PM

@ Skeptical

"I actually don't know of any developed countries where intelligence services have less legal authority than the United States. "

You're saying that all developed countries are massively spying on their citizens to get information that will result in harm for some and without a trial? I'm aware most have SIGINT capabilities. It might surprise you, though, that many aren't pouring massive amounts of money into treating their own citizens like criminals. A number are also not running black sites and drone strikes that I can tell.

"People are afraid to speak out against the government, mock the President, allege all kinds of things against him. Political opposition, politically unpopular businesses and causes - these are all impossible in the US because of the threat of being disappeared by the executive branch."

I like how you mention the least likely things they'd act on. We know some specific groups that are targeted for things like rendition. It's not used on everybody. The more threatening you are to their interests, the more likely it is to happen. With publishing, only Assange, Manning, and Snowden have caused what they consider grave damage. Assange stays surrounded and is denied diplomatic flight. Manning was thrown into solitary confinement for a considerable amount of time *before being tried in court.* For Snowden, they started intercepting planes and even had a rendition flight ready while asking him to show up for court. They only do this kind of thing to a narrow subset of people that seriously threaten their interests or that belong to a group that they have approval to target.

They don't care if you gripe about them, run a business they don't prefer, etc. It has no effect on their capabilities. If you do have an effect, they consider you an adversary. From there, there's a chance they'll decide to take special measures to deal with you.

"Please describe the frequency with which the executive branch kidnaps and executes persons in the United States, and why this should be a serious concern for anyone thinking of becoming a resident or a citizen of the US."

Let me reword what you said: "Please steal and leak Top Secret information to prove a point on this blog." I'd rather not be charged under the Espionage Act. Nice try, though.

Note: it certainly *is* convenient for them that all this information is so secret that its merit or risks can't even be debated without risking prison time.

philAugust 10, 2014 9:01 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

RE ptorection against impersonation:

why not just use PGP signatures? Not the most streamlined / easy to use solution, but if you're really concerned it allows a degree of verification. Establishing trust of a particular key could be difficult against a persistent attacker, but it should guard against casual impersonation to a degree (as long as some one here is bothered verifying signatures)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBAgAGBQJT6CLfAAoJECO7KYUkdlwWot4QAJykFwXqjxahJWKOkE7VNpry
QDa8DwxWQX/AHaCbNq/uXJk/F4pCx/ZkjLhnKy4PoOxiKpRks/MJ74ytoFEPOX23
KkEG74mtz1ato4D/wIXOFMI8hUgfW6Ikf+/+lRjplrJMJstn8CwJjSPBzUkXQsWH
HRggiczq53PL+WzxdA2PdVNJSpKNQcSB6BLBqg9C8pOO+RJ0pn2Ih5IczAeza08+
pcnmXCWu9KdnG6eydlvm8ElfTPLbE3BHVfOiGJg69m8wJbzlyIIlCLq40DWMtn9C
sIUUqquVBJ5WzUveoayk6vNr+lHEl1x2QUpxQ5BNeSFlCx1nngcc3p71Gc5ELuW7
YtjcUj9HhmGkxByCF3JPnNdLSCt0tphuoGZ6AwK425TaCYu7YV5LE5ozVkbkeme1
y4v2GSfyprxZ8L1i3vftRPswoe0L+nw266+G8q6iFYoJf5ufq7WKL2e4mvQkcTj4
9VkTe2dlwod9/iH0hkDHGEvHx2eqjY8KqfRfzkB9w8PV3dWjY9BLAeieR3vQ0h/T
vzk4EvBcY9pHqBOhbBnbNuY07Al/khiQcfLjTDNGIsYaRpS4wWXSIl01IWbKnnmt
DYshntX3E2+vpFpAJy/XWXsjMGv7iEwoqUvP970g/CnF03f2E+R/sE/QpvT6tVLE
J/OVG3kzkwXM/JKv5I8Q
=Ft+N
-----END PGP SIGNATURE-----

Luege des TagesAugust 10, 2014 9:12 PM

Re Skeptical's latest Big Lie, Why don't we ask one of the two federal organizations responsible for extra-judicial killings illegal under jus cogens and therefore crimes in universal jurisdiction with no statute of limitations:

"Let’s start with the first box: Authority to Act under U.S. Law.

"First, we would confirm that the contemplated activity is authorized by the President in the exercise of his powers under Article II of the U.S. Constitution, for example, the President’s responsibility as Chief Executive and Commander-in-Chief to protect the country from an imminent threat of violent attack. This would not be just a one-time check for legal authority at the outset. Our hypothetical program would be engineered so as to ensure that, through careful review and senior-level decision-making, each individual action is linked to the imminent threat justification.

"A specific congressional authorization might also provide an independent basis for the use of force under U.S. law.

"In addition, we would make sure that the contemplated activity is authorized by the President in accordance with the covert action procedures of the National Security Act of 1947, such that Congress is properly notified by means of a Presidential Finding."

That's right, CIA asserts the right to kill you on authority of the president's decree. As a constitutional prerogative of Article II.

Skeptical is understandably confident that he can suck up enough and kiss enough ass to stay off the mafia state's hit list. However, he errs in thinking that migrants from free countries will be equally willing to come to America and crawl to save their skins.

WaelAugust 10, 2014 10:49 PM

@phil,

why not just use PGP signatures?
Too much work and the signature looks distracting.

Nick PAugust 10, 2014 10:50 PM

@ phil

It's always a possibility. I was doing it but... look at the size of your post. Too much clutter. It's why Mike the Goat and I worked on a concept for short signatures for blog comments and the like. His prototype is called Blogsig. Here is what mine would look like. It would link back to my own site with the comment, metadata, the signature, and a link to my signature resources (public key, tools used, etc.). The cool thing about my concept is you can use whatever method you want, even huge McEliece keys, and it still doesn't clutter the place you post on.

Of course, I'd have to be maintaining a site, write/sign my posts on a secure PC with the credentials, move it out using a safe method, link every critical comment, and so on. That's... a lot of work...

@ Luege

Yeah it's kind of funny, isn't it? There's a number of laws like that. The current President even casually admitted to torturing suspects. NDAA allows indefinite detention without trial and even reduces ability to challenge unlawful harms. There's ongoing rendition and assassination programs that courts can't touch. Then, Skeptical shows up to act like the stuff doesn't happen, they only do it for righteous reasons, or that we shouldn't worry because we're not likely to be on The List. I'm glad he has confidence in the integrity of secret government activity.

Given US government's track record, I think it's safe that *we* to take a distrustful stance by default. I mean, if we could trust them, we wouldn't need a Constitution negotiating a right to be alive and have basic freedoms. And there'd be no checks and balances. And we'd all live in a happy utopia. Back to reality...

DBAugust 10, 2014 10:57 PM

Feeding the NSA trolls here just gives them a more ravenous appetite, be sure that's what you really want first.

Gerard van VoorenAugust 11, 2014 2:37 AM

@ Nick P

"The current President even casually admitted to torturing suspects."

Yes he does.

Then I think back some 15 years ago. The republicans wanted to impeach a president because he did some funny things with a cigar.

It is a sliding scale, isn't it?

Thinking that the current president was elected because he promised changes. Yet he is more busy killing people with drone attacks.

LuegeAugust 11, 2014 4:46 AM

Right, Nick P. Skeptical is content to submit to an oriental potentate with the power of life and death, as long as he is merciful and kind. (His pasha is, after all, a onetime citizen of Indonesia - you could look it up, except that Brennan purged the records - raised in Suharto's killing fields by spooks, groomed from youth to rule, greased into Harvard by Saudi princeling Khalid al-Mansour.)

Skeptical is safe - he will never fail to knock his head three times. It's different for a man with integrity and physical courage, or balls, like veteran Scott Olsen, who exercised his right to freedom of expression until state executioner Robert Roche shot him in the head and attempted to administer a public coup de grace with a flash-bang grenade - with complete impunity in domestic law. For the botched execution the government assassin received no criminal or administrative sanction.

Yes, DB, it's a troll, but its DoD persona faithfully represents US government policy that is criminal in universal-jurisdiction law, so it wouldn't do to let it slide.

sena kavoteAugust 11, 2014 5:31 AM

RE: getting private keys from certificate authorities

How that happens physically if stolen by TLAs? What kind of offices/facilities the CA:s have? I imagine that this offers some movie-worthy moments.

Maybe they come up with some flimsy or fake reason to conduct a raid. If the key is only in RAM on plain text form, reading that memory location from firewire port could work. If not, what kind of wording they might use to threaten the employees and CEO in to giving the private key?

"We have found that the females in these 20 porn images are 17,9 years old, which make these child porn. Punishment per picture is year in prison, so you would get 20 years in prison, repeatedly ass raped. Unless you give us the key. Did I mention that you would get ass raped in prison?"

Or would they just put a gun on head?

Or would they plant drugs, and then offer to drop charges if keys are given?

Maybe they stop some low level employee's car with their black suvs, in some random remote area, force the employee out on gunpoint and punch until key/ passphrase is given?

Cryptography with javascript

If web hoster wont allow own keys for web page owners, maybe some public key features could be implemented in javascript instead? It's like using a sharp stone to cut something when knife is not within reach.

Encryption for easy understanding

I guess we need different symmetric encryption algorithms that are optimized for these:

1.x86 processors
2.RISC processors
3.OpenCL GPU aided
4.ASICs
5.hand-used
6.mechanical device
7.microcontrollers

And 8. for easy explanation in english / natural language so that it is quick to implement in any programming language. Trade execution speed and shortness of key for easy understanding and long recall (not forgetting details in short time). Any magic constants should be derived from common sources. Even though Im atheist, I might accept constants derived from some bible translation. Hopefully some more neutral source is as accessible.

But, it should not be one time pad.

Even if it is too slow for a real time video call, a key stream could be pre-computed before the call, put on RAM taking gigabytes of space and then used during the call while freeing blocks of memory as they get used.

Clive RobinsonAugust 11, 2014 5:32 AM

@ Gerard van Vooren, Nick P,

How about an "across the pond" old world view that is quite prevelant, but I will try to portray it with a little humor, just like the "Cheese Eating Surrender Monkeys" line that was popular on the new colonies side a few years ago,

The thing is what Billy bob did was --as portrayed by the reptiles-- an abuse of office. For base personal sins by the defiling of a "young maiden" --even though it was apparently consensual-- which offends "their espoused" ultra conservative 17thC witch finder morals --even though we know it's the usual front the likes of the Catholic Church et el use whilst physicaly, sexualy and mentaly abusing those not in a position to defend themselves,-- as the "work of the devil incarnate".

Now Dubya of the reptile brain, at one point or another was guilty of all that Billy Bob did and more, but like all good siners he very publicaly showed contrition and then ferver, then zeal, to smite "Gods enemies" as seen by the ultra conservative witch finders. Unlike Billy Bob he was not portraid by the reptiles as abusing his position for the base human needs --just those of his funders and handlers-- who found mentally deviant legal types. Who put otherwise quite clear legislation through a mangler to twist it beyond all recognition by changing the dictionary to suit their masters purpose of making the unsuportable blood lust choice appear legal. Just to keep cheap gas in US SUVs that pollute the atmosphere and rot brains via TEL and other poisons that have a causal relationship to the more significant forms of social crime whilst making inordinate untaxed profits for the handlers.

Then because of the more loopy lou behaviour of a splinter sect of reptiles, the in fighting that resulted in witch hunts in their own ranks, culling any credible candidates from consideration. The handlers realised they would have to find a pupet on the other side. But not content to be a pupet, he found after being "first bloodied" he had not a taste but lust for blood and went on to prove that he could be worse, much worse, sanctioning death, destruction and torture for the mearest whim, then pass it off with a joke or three.

The only real question over this quaint old side of the pond boils down to how come those in the US fall for it not once but over and over and over and still not get what's going on. As your social status drops year by year, your wages fall, your homes get reposed, yet untaxed profits rise and rise and the status of the "fortunate few" rises and rises at your expense. But worse the way the "fortunate few" chose to invest what they have stolen destroys the US economy even more...

Some over in the old world joke that the real job of the TSA is to lower the average IQ of the US by keeping out those bright enough to see through the Emperors delusion of finery and alert the crowd to the fact his 455 is hanging out bare for all to see...

anonAugust 11, 2014 6:21 AM

@Sancho_P

"There is a difference between national security and criminals, you should know that :-()"

Apologies on 65535's behalf. I'm sure he did not intend to give criminals a bad name.

The NSA is not just criminal, it is anti-constitutional.

You know you can be proud of your contribution to your countrymen when a federal judge refers to your job as "Orwellian."

sena kavoteAugust 11, 2014 6:32 AM

Machine code spotter

Just like the WW2 Colossus decrypter needed to spot german language from millions of plain-text candidates when trying to break enigma encrypted text, there is need to spot x86 and ARM machine code. This is for attack and defense.

When software gets encrypted with full disk encryption, in many cases it offers the biggest known-plaintext. Even if the OS is compiled from source with some light obfuscation that makes the binaries unique*, the format of data may be very spottable. I just compressed some random executables in Linux /usr/bin to 50% size, and that should be one sign of the ease of spotting.

For defense, spotting x86 code from a PDF or video file should be red alert and sign of attempted buffer overflow attack.

This kind of anti-virus should be in every Linux and BSD.

*What compiler ,if any, in common Linux repositories do that kind of obfuscation, and without causing slowness? Would you recommend compiling OS with light randomized obfuscation when using disk encryption?

65535August 11, 2014 10:37 AM

@ anon and Sancho_P

Ha!

Vupen sell’s its base code for FinFisher to Gamma who then mark-it-up and sell it to the NSA for ~ 4 million dollars per license – then Gamma resells Finfisher to brutal regimes in the Middle East for a few dollars less. It’s quite a nice scam – the tax payer and average citizen get the shaft.

the Roadrunner Beep BeepAugust 11, 2014 4:48 PM

Getting Targeted by Authorities of Any Nation, or even non-authorities:

My only note here is to point out, it is a far more powerful position to be in the role of a Roadrunner or Bugs Bunny... then to be in a role of a Wile E Coyote or Yosemite Sam.

People who know have people who want to know after them. The inertia is on the side of those who investigate, it is not difficult to use their own inertia against them.

Identity Security:

There is no identity security.

People do not even know their own selves, much less anyone else. Memories are flawed, perception is flawed. People always seek equilibrium.

Considerations:

- how many people fudge minorly or massively on their resume and get away with it.
- how hard is it to get realistic ID, driver's licenses or whatever form of identity you want
- how many people have references who are friends, where they will back up your background story?
- how many closed societies are out there, where people stay friends and even spouses with each other they grew up with?
- is it really impossible to have really good disguises that can handle close up inspection? Is it impossible to have long term disguises, short term disguises, quick change disguises?
- how hard is it to manage secrecy when you know you could be bugged by your employer or society?
- decades ago, how did governments handle letting go sensitive intel, law enforcement, technical people? Nuclear engineers? Defense contractors? Could that have been a problem that was solved?
- for all the leakers, for all the moles, for all the memoirs, what about everyone else?
- how many people and companies fudge their finances? How many companies and organizations have black box funding and finances?
- how hard would perimeter security be for closed circle societies? If no one says anything but a few people, might not those few people say something so they can manage perimeter security? After all, no one is going to investigate what they do not know about, and who they do not know?
- how many people out there have ongoing affairs for years and are never caught?
- how many people have had double lives and gotten away with it, or who have erased their past from everyone they know now because they wanted to erase it? Maybe they were ashamed of it. Maybe they just felt they were different people now.
- how many in witness protection have grandchildren and children who have no idea who they really are?
- how hard would it really be to get into ID infrastructure and vetting infrastructure? Maybe Dan Geer's argument about the problem of monopolization and security also applies there?
- how many work in confidential jobs and deal with secret data are very much people who ask questions if something looks secret?
- why would anyone ever say anything then? That is what the analysts ask when vetting investigations, right? Maybe it is a tripwire full trap? Maybe it is a honeypot or honeynetwork situation? Because that is what their concern is. Or maybe they are leakers. Maybe they are cracking under the stress of secrets. Or maybe they are working on a team project for a future plan? Hop right on board, that plane is going to take off momentarily.
- how many secret societies are out there that actually stay secret in the wild? How many people are secretive at work about their religion and politics merely to avoid problems?
- remember the "catch me if you can" guy, how many confidence people like that are out there? How many confidence societies? His dad was a confidence man. If he could do that by himself, what could a more organized and funded society do with the capability to take governmental level resources? And if you can take governmental resources, can you more easily take corporate or private resources?
What if that guy or the countless numbers like him were professionally trained, instead of just getting training from their boss or parents, or being a natural?
- foreign operations are often considered daunting, why would anyone want to live in an alien country for years? Maybe because they can have fun draining resources and controlling it? Ever read "black like me"? White guy makes himself into a black guy temporarily back in the fifties to explore racism in the south. What could an organization do in that way?

SkepticalAugust 11, 2014 5:07 PM

@Nick -

What I said: "I actually don't know of any developed countries where intelligence services have less legal authority than the United States. "

Your response: You're saying that all developed countries are massively spying on their citizens to get information that will result in harm for some and without a trial?

I'm saying that you have greater legal protection inside the United States than you do outside the United States. If you're living in an area of Yemen acting on behalf of AQAP, while being wanted by the US, and while refusing to turn yourself in, then you should probably be worried about being harmed without a trial.

Otherwise, though, if you're really concerned about being harmed, your best defense is a good lawyer.

We know some specific groups that are targeted for things like rendition.

Legal extradition from the United States? Extraordinary rendition from one foreign state to another? Rendition TO the United States? Which do you mean?

It's not used on everybody. The more threatening you are to their interests, the more likely it is to happen. With publishing, only Assange, Manning, and Snowden have caused what they consider grave damage.

Legitimate criminal charges have been "used" against two of those people. What is your point here? Yes, if you intend to commit serious felonies under US law, such as disclosing massive amounts of classified information, then the US may not be the best place for you. Outside of that category, though, the US is more secure than anywhere else.

Assange stays surrounded and is denied diplomatic flight.

And this has what exactly to do with your legal rights in the United States? He was indicted for rape in Sweden and was then in the process of being legally extradited from Britain. He's currently a fugitive within a foreign embassy.

They only do this kind of thing to a narrow subset of people that seriously threaten their interests or that belong to a group that they have approval to target.

They arrested Manning, and certainly desire to arrest Snowden, for committing serious felonies - not for simply "seriously threaten[ing] their interests."

They don't care if you gripe about them, run a business they don't prefer, etc. It has no effect on their capabilities. If you do have an effect, they consider you an adversary. From there, there's a chance they'll decide to take special measures to deal with you.

Yet somehow organizations like The Washington Post, the EFF, the Tor Project, and others are not subjected to "special measures." It's almost as though the Department of Justice investigates and prosecutes people on the basis of suspicion and evidence of criminal activity, not having "an effect on their capabilities."

I wrote: "Please describe the frequency with which the executive branch kidnaps and executes persons in the United States, and why this should be a serious concern for anyone thinking of becoming a resident or a citizen of the US."

You respond: Let me reword what you said: "Please steal and leak Top Secret information to prove a point on this blog." I'd rather not be charged under the Espionage Act. Nice try, though.

:) Forgot you were read into Operation Treadstone. Definitely don't try to steal and leak that kind of information. I'll just take your word for it. Or maybe see the movie.

**********************************

@Luge - Re Skeptical's latest Big Lie, Why don't we ask one of the two federal organizations responsible for extra-judicial killings illegal under jus cogens and therefore crimes in universal jurisdiction with no statute of limitations:

You then proceed to selectively quote (I'll get to that in a moment) a speech by the then General Counsel of the CIA in 2012 concerning procedures CIA takes to comply with the law before undertaking a Presidential order to engage in covert action.

You conclude: That's right, CIA asserts the right to kill you on authority of the president's decree. As a constitutional prerogative of Article II.

Except the portions of the speech which you omit contradict you. For example, you forgot:

Beyond Presidential directives, the National Security Act of 1947 provides, quote, “[a] Finding may not authorize any action that would violate the Constitution or any statute of the United States.” This crucial provision would be strictly applied in carrying out our hypothetical program.

Lawfare Blog - Remarks of Stephen Preston

In other words, if the Presidential directive violates the law, then the CIA is not authorized to carry it out. This would include unlawful homicide.

Tellingly, you go on to claim (regarding me):

(His pasha is, after all, a onetime citizen of Indonesia - you could look it up, except that Brennan purged the records - raised in Suharto's killing fields by spooks, groomed from youth to rule, greased into Harvard by Saudi princeling Khalid al-Mansour.)

Let's agree to disagree on this one.

Gerard van VoorenAugust 11, 2014 5:27 PM

@ Skeptical

What do you consider a serious crime?

Is torturing a serious crime?
Is invading two countries based on lies a serious crime?
Is drone strikes a serious crime?
Is (before it was "legal") massive wiretapping a serious crime?
Is lying about it all, even in court, a serious crime?

Gerard van VoorenAugust 11, 2014 5:29 PM

@ Skeptical

Sorry, I didn't mean it harsh (although it look like it) but I am just curious.

LuegeubriousAugust 11, 2014 6:25 PM

Skep, this is not like where you live, there are smart people here. The CIA death squad directorate has stated that Article II authorizes extrajudicial killings. Surely even you are not taken in by the third-rate government lawyer's gambit of robotically asserting, "We do not break the law" as he wipes his ass with it.

And so like Skep, to 'agree to disagree' on dual-sourced documented facts he does not like! Stasi wannabes don't like admitting that Safari Club heathens run their country, install their figureheads, and revoke their laws. Saudi princeling Khalid al-Mansour himself explained how a snot-nosed mediocrity, Columbia's invisible man, gets into Harvard with no credentials except his CIA Mom and Dad - and, under John Brennan's treasonous wing, rises to become the House of Saud's info-mercial spokesmodel.

You're starting to sound like you've never been read into anything. If you are in reality some kind of prodigiously gullible flack, I'm sorry I called you a pathological liar.

Sancho_PAugust 11, 2014 6:35 PM

@ Sceptical

I actually don't know of any developed countries where intelligence services have less legal authority than the United States. The US, domestically, is actually quite restrained in many ways, especially compared to other nations.

You seem to have deep insight into to the legal restrictions of other developed countries regarding their IS. That’s interesting, because it would be evidence that other developed countries do not have any secrets in their “legal small print”.

On the other hand it indicates that you have more insight into US fine print than the Congress.

Yet - I’m sceptical on both.

@ Nick P
Just to add the story of James Risen, the Senate Intelligence Committee and more, but it doesn’t matter in this case.

***

I understand that there must be secrets (e.g. national defense).
But law and it’s interpretation can not be secret.
Whistleblowers have morals, otherwise they’d not blow the whistle.
Morals **should** differentiate us from machines.
Morals do not need any law, morals stand for their own, above the law.
(mind you: Laws are man made, morals not)
Morals are international, morals do not have borders.

To fulfill your human duty it’s not sufficient to obey the law.

Secrets are often used to hide amoral actions.

There is no crime, no ruse, no trick, no fraud, no vice which does not live by secrecy. Bring this secrets to light, unveil and ridicule them to everybody. Sooner or later the public opinion will sweep them out.
Publication may not be enough - but it is the only means without which all other attempts will fail.


(Joseph Pulitzer 1847-1911)
[Apologize my attempt to translate, didn’t find that in English]

(Just my opinion: Skeptical is neither a troll nor a spy. He is a well informed American. Probably similar to 0.1% out of the 67% majority. Unfortunately.)

FigureitoutAugust 11, 2014 10:24 PM

Wael
Good try... I have a sock with your name on it
--You think you're the only one..? If you do, you better do me good (not like that.. :p ). How would anyone know due to a highly spoofable insecure internet if you aren't just playing this game by yourself? What if you are me and I am you?

Welp, looks like I broke down again, and I cringe at what I'm saying. I'm pissed at myself actually. Ban-worthy posts, somehow I'm still here...I have a mental illness now, I really hate to admit it and be honest w/ myself, and there's nothing to really "fix" it. I can't even date a girl anymore w/o thinking the worst...I instantly assume the worst in any new person I meet, and somehow they will attack me in some way...Terrible mindset, I wish it on no one.

Thankfully, I've found my niche; and I'm happy again when I'm working on something. Got my opportunity at last, found what I love to do. Like when I used to wake up early to build legos. If I can just get this negative energy out in a better way like I used to...

So if you plan on spoofing me, keep that in mind.

Clive Robinson RE: guards
--I'm slightly familiar w/ cutting and rearranging ethernet cables and "light" web systems. One part of my work involves working w/ a crossover ethernet cable. It'd be neat to build that "throwing star" Iain Moffat linked, but I'm sure it'd look like shhhhh w/ my rudimentary craftsman skills.

My dad gets all kinds of proto-boards and such from sales people, so cool. Like really good stuff too. Something I just got (I've made a large amount of hardware acquistions lately) is a c8051f930 wireless SDK. Neat stuff! Can make around 2-3 km range w/ 5000 packets. But have a PIC board too (w/ a PICtail connector) but I don't think I can do ethernet on it (it would be a big hack). I'll probably just get a highly functional dev. board, but also a Z80-based one too. I may bend and just use a PIC or Atmel chip for my first computer, then just use a Z80 based peripheral or side computer for extra assurance b/c I've been spoiled on quad-cores and GHz of RAM...I want some usuable features from the get-go...and it's a major security risk...Just got a new Freescale board too, very powerful chip on board and ethernet...

I need skills today that help me get a job, and the Z80 may not so much as a new board/chip...Meh, I'll probably end up doing it.

But, I already have stuff I need to put to use still, which is my RasPi (either a server or VPN) and 1 or 2 BBB (a spectrum analyzer and a firewall to save another computer). Ugh, so much to do! This will take 2-3 years before I get it all neat and working properly...

BTW, the "TCP/IP Lean" book is again free on google, just google the name if interested.

RE: some stupid douglas adams quote
--Lol, quit doing that to me! I refuse to look any further! Hey your link is crap BTW too, forgot to shutdown your google-botnet I suppose...

Nick P
Btw, you should avoid doing that again. We did a few rounds of that stuff back in the day, with me playing Clive. The Mod didn't like such games. We stick to our own identifiers here for a productive discussion.
--I will, just showed how easy it is if I were seriously trying to impersonate (I'd have to get a little deeper...). Wanted to post this too lol...Moderator's leaving it being like: http://i.imgur.com/tjNLpzS.jpg

WaelAugust 12, 2014 12:43 AM

@Figureitout,

If you do, you better do me good
No, it's not my cup of tea. I don't plan on spoofing you b/c it can lead to one of us being banned, and I don't want that. If I spoofed you or anyone else, it'll be close to indistinguishable from the real person, I am good at detecting patterns and have a good memory -- used to be much better, but... time has done it's thing to it... I never used a sockpuppet[1], there is no point to it. I don't even use a pseudonym. Long time ago, I used to play video games for hours (Doom, Quake, Unreal), and I did use some handles, but that was expected. Some players had really funny names, the one I like was "A_Taste_Of_Ear_Wax". Like I said before, if I have something to say, I say it under my name, otherwise I don't say anything.

I need skills today that help me get a job
Seems Android and iOS are hot these days. pick one and learn it. There are so many tutorials on the net. you can start by developing the "Schneier blog application" and putting it on the GooglePlay or AppStore. Build a portfolio of applications, and you're set. It's just a suggestion. When you work on a project and complete it, you'll learn a lot more than you think because you'll be faced with problems, challenges, and ways of making your project different than other projects.

[1] To be completely transparent, a while back I asked a colleague to check out a thread after I disengaged from it, and asked him what he thought. I told him I should have replied by saying such and such. He said "sounds reasonable". I told him I can't -- I already disengaged from the thread in a final way. He later posted what I wanted to say under another name, then told me about it. That's the closest I came to "Sockpuppetrydom".

ThothAugust 12, 2014 3:04 AM

Definition of MALWARE: Any program that executes commands that it is NOT SUPPOSE to do (i.e. a notepad program injects malicious scripts or a word doc that executes scripts that compromises a computer's security) REGARDLESS OF INTENTION (used by National Security or Criminals).

Be it Government agencies or criminal gangs, as long as such a script is used to compromise security for any reason (legitimate or not), it is --> MALWARE.

The problem comes inherently when Nationalism and Science gets mixed up just as religion mixes with science (no offense to any nationalistic or religious people here). The reason is nationalism and religious notions mixed in a scientific context (computer science, commsec, intsec and any other sciences like biology) can be detrimental.

If anyone remembered, Secusmart was approved to be used in ministral cabinets of Germany including Angela Merkel whom herself is using the Blackberry + Secusmart setup despite NATO rating Secusmart not suitable for diplomat secrets. It is most likely that Secusmart received the approval of being used in ministral and state secret level data protection in Germany due to nationalistic ideology (Made in Germany thinking) and can be fatal as Secusmart was not rated to that level of secrecy clearance.

sena kavoteAugust 12, 2014 5:43 AM

Most important Live distribution has new version

About once per year Knoppix Linux releases new version. Now version 7.4 has come.

Knoppix should be the common user's way to open files and web sites that may be dangerous. More advanced user may want to use a virtual machine and then revert to last snapshot after use. Or even use virtualbox in knoppix to do that.

Tails has advantages, but tor does not work with every website, and the file types it can open in it's default form are much more limited.

Here is the sha512 hash of default english DVD .iso:

1ece7fdeec1f5b73b0c9c8fb136d96e06998ef72048aa23273216e45c55799ba755231e3d4682de7146c731396b1024c1c0a1903e773bd78a10adeaa40fb1078

and sha1 hash:

c8fbd534902bc408479161f0dfa2f627e816cb41

We should have a habit of posting hashes in random places.

At least in Linux command line, programs named shasum and sha512sum compute hashes from the file whose name is put on as command line parameter. gtkhash is GUI version but not in default linux.

Bit more security for .iso files, maybe with former bitcoin mining hardware

This won't give much security, but could it give enough to make it worthy?

User forms .iso from hashes arranged in sequence. Distro maintainer spends some computing resources to search for sequences of bits to be hashed that produce the .iso file. Block size to search and hash is chosen so that the burden of computing is low enough for distro maintainer, but too much for attacker who wants to insert something on the .iso file. Attacker may have only one target computer's computing resources.

Maybe bitcoin mining asics would be especially useful for distro maintainers to repurpose for this use? I have not heard of any other way to repurpose that hardware, but I haven't looked hard.

SkepticalAugust 12, 2014 6:06 AM


@Sancho: You seem to have deep insight into to the legal restrictions of other developed countries regarding their IS. That’s interesting, because it would be evidence that other developed countries do not have any secrets in their “legal small print”.

I suppose some of this depends on what you consider fine print. But, I also don't think the extent of legal powers is as hidden as some might think.

On the other hand it indicates that you have more insight into US fine print than the Congress.

The most legally unexpected part of the Snowden documents concerned the Section 215 metadata program; and that program was already known to Congress.

Yet - I’m sceptical on both.

As you should be.

Just to add the story of James Risen, the Senate Intelligence Committee and more, but it doesn’t matter in this case.

This is comparing apples to oranges to carrots.

Whistleblowers have morals, otherwise they’d not blow the whistle.
Morals **should** differentiate us from machines.
Morals do not need any law, morals stand for their own, above the law.
(mind you: Laws are man made, morals not)
Morals are international, morals do not have borders.

Yes, and every true believer thinks that he has access to the one true Truth. While in extreme cases it can be justified to break the law, objections to government actions rarely rise to that level. Snowden and Manning released massive amounts of intelligence largely on the basis of policy objections (at best). These weren't acts compelled by ethics.

(Just my opinion: Skeptical is neither a troll nor a spy.

I agree.

momoAugust 12, 2014 9:32 AM

@jackel

"Snowden critic resigns Naval War College after online penis photo flap"

Loving his choice of words: "Sorry to say I'm severing my affiliation."

Clive RobinsonAugust 12, 2014 9:42 AM

@ Figureitout,


I can't even date a girl anymore w/o thinking the worst...I instantly assume the worst in any new person I meet, and somehow they will attack me in some way...Terrible mindset, I wish it on no one.

Well if you think the worst then you will only be pleasently surprised / delighted when you find out she is not.

Assuming the worst in new people is actualy a survival mechanism, much though some in society want you to trust everybody it leaves you open to abuse. So stick with what nature has programed in not what some proto con artist is trying to convince you otherwise.

Look at it this way would you walk up to a wild tiger and tickkel it's ears just because somebody tells you, you've got the wrong lifestyle image....

Take it from me trust comes out of respect, and respect takes time to establish, those who demand respect or trust are the ones most likely to abuse it and you....

Finally remember being cautious and staying unhurt and most of all with life and liberty is worth the price of a little healthy paranoia.

Sancho_PAugust 12, 2014 10:33 AM

@ Thoth

Now I have to use my “fine” comb ;-)

NSAware consists of two parts,

a) The original program (e.g. to write documents).
b) The legal & hidden NSA part (e.g. to reveal the private keys from your keychain).

Both parts execute commands that are supposed to, so the sum of both parts does exactly what it should do.
I’m afraid whatever humans try to cast into law can and will be worked around by droids.
I don’t see any evidence for that, though (/skepticism)

@ Skeptical

This is comparing apples to oranges to carrots

Yes, because the untouchables trample on our fruits and veggies without any respect and fear of conviction.

ThothAugust 12, 2014 10:43 AM

@Sancho_P
Programs are simply programs. On one term, you can argue that programs are neutral which is correct. Programs have no feeling.

The difference is when it stings you and you are on the receiving end if you are the unfortunate target :D .

There technically nothing wrong with malwares or original programs because they are just codes. The difference is when you get pwned and owned.

Nick PAugust 12, 2014 11:39 AM

@ Skeptical

" If you're living in an area of Yemen acting on behalf of AQAP"

Why do you keep bringing up countries like Yemen? I've been mentioning First World countries like Denmark, Finland, Switzerland, etc. They have fair legal systems and don't routinely kidnap/murder people. These comparisons you bring to some of the world's worst places to live serve only as strawmen.

"Legal extradition from the United States? Extraordinary rendition from one foreign state to another? Rendition TO the United States? Which do you mean?"

You're confusing extradition and CIA rendition. That I mention kidnapping and torture means I'm clearly referring to CIA rendition. This program can grab people anywhere, put them on a plane, ship them to a place with looser restrictions on torture, and they get no trial/defense. This is all on a mere *accusation* by our legal system's standards. The number of innocent people wrongfully put into Guantanamo shows their standard for accusation is prone to abuse: transcribed the name wrong, a few known bad guys made a number of phone calls to the person, and so on. All shows that these programs, if they are to exist, need much more accountability and higher standards of evidence. A defense as mandated by Constitution for U.S. citizens would be nice too...

"Legitimate criminal charges have been "used" against two of those people. What is your point here? Yes, if you intend to commit serious felonies under US law, such as disclosing massive amounts of classified information, then the US may not be the best place for you."

I see the trouble you're having: you've never read about due process. Our country's legal system (per Constitution) says executive branch makes an accusation (charge), the person is to be tried in a court (judicial), the person can request a jury, and the person is innocent until proven guilty. The Constitution doesn't say: "this agreement is entirely void if some parties in it use the phrase 'national security' or the word 'terrorist'." And this despite that the Framers knew about insurgents: they were called similar names themselves.

So, let's get to Manning and Snowden. Manning was treated worse *pre-trial* than most *convicted* violent offenders are treated. Many psychologists have testified that people being in solitary for long periods can drive them nuts and is cruel. We also have a Constitutional protection against cruel and unusual punishment. So, the guy was subjected to cruel/unusual treatment, severely punished before conviction, and likely on vendetta which is typically considered illegal as well. On top of it, he wasn't allowed his Constitutional rights just because he was in the military: they have special courts and rules to dodge accountability to the people.

Snowden would've been similarly charged under Espionage Act. As I mentioned with Manning, these kinds of prosecutions are special. The classification laws of the United States mean the defence often can't present evidence critical to their case. (Despite it being illegal to classify the illegal.) The Constitution's position is pretty clear here: a person being accused can present evidence of their innocence. The U.S. government's position is clear: the trial is mostly the prosecution's evidence, they can selectively use classified evidence, and the evidence contains a lot of "take our word for it." This is so rigged and so clearly violates due process that anyone taking extreme measures to avoid such a prosecution is justified.

Such things happen in a number of other countries. They also *don't* happen in a number of countries. Hence, my argument that people worrying about such things (esp if US is threat profile) should be in one of those more lawful countries.

"They arrested Manning, and certainly desire to arrest Snowden, for committing serious felonies - not for simply "seriously threaten[ing] their interests.""

So, they treated them the same as everyone else that's committed a felony? No? Then you're doing another strawman to make it seem like just another legal accusation. It isn't.

"Yet somehow organizations like The Washington Post, the EFF, the Tor Project, and others are not subjected to "special measures." "

Their targeting is limited to a small subset of the population. It's classified, so I can't know or discuss it. The average person or organization seems unlikely to be targeted, *especially* a major media organization. You're smart enough to know big media is handled in a special way by politicians due to their influence, so I wonder why you brought them up. What I do know is NSA BULLRUN documents indicate *they* target anyone that develops tech that undermines their mission. They straight up consider them adversaries. One document mentioned "HUMINT" methods for resisting groups. After seeing decades worth unclassified and declassified material on "HUMINT" methods, I can definitely say that might lead to all kinds of covert pressure or attacks given that's what HUMINT is.

Given that the internal documents consider such people opponents and the U.S.'s position is that it can take "extra-judicial" (i.e. illegal) action against "enemy combatants"... I'll let you connect the dots. The targeting criteria isn't the issue. That they can do it and you have no recourse is the issue.

" Forgot you were read into Operation Treadstone. "

Haha. Skip the movie and read the Ludlum books instead. I'm a big fan of his work. I actually learned a few things from it that came in handy in the field. Clever author with plenty of depth who also draws on lots of non-fiction for his characters and tactics. For instance, he largely based tactics/experiences of "Janson" in Janson Directive on Richard Marcinko, the "Rogue Warrior." One I recommend to you is Matarese Circle. It's ending reveal is the closest thing to what's actually going on in the world, in fiction at least.

DBAugust 12, 2014 1:37 PM

@nick p, and all others arguing with skeptical:

Keep in mind that you are mainly setting the record straight for the rest of us readers who might be led astray (thanks, appreciated!), not convincing him. You'd have a better chance at convincing a tree stump than him, regardless of the soundness of your logic. He just looks for one crack in your logic and tries to pick on it. He is a parasite and unable to change.

QohelethAugust 12, 2014 6:00 PM

@DB
I figure it's pretty vital to have someone competent arguing for the opposite of a particular forum's "prevailing view", if only to keep its premises honest and prevent echo-chambers.

@Clive
The problem with assuming the worst in everybody is that it's costly at scale. Not even just economically, but emotionally too in a lot of cases. And I don't know how to go about comparing those costs to the potential for betrayal (which, as we have recently seen, is a spectre that can strike from anywhere).

Really need to get around to reading Liars and Outliers.

FigureitoutAugust 12, 2014 6:27 PM

Wael
--Ok. Yeah I got scoffed at when I said I wanted to make an app for a 10+ year old cassiopeia (hard to even find a decent start) instead of like a Raspi/android program. I got all the family's old smart phones and will probably try to root them or something eventually. And yeah I know all to well about hidden problems, my dumb little "robot" lol, only consists of a 3V battery power source, a 3V DC motor, and a switch; testing it worked ok (some weird like current leaks, but was consistent), but glueing everything and finalizing it now the batteries are melting/sizzling...Hilarious though, just spins a face really fast now before it dies, I would guesstimate ~5-10,000 RPM's lol. And a project at work, just hitting some snags like usual, shouldn't be too bad though just have to hurry before school to get first version done (can put at least pretty big part of product development). Oh and that $10 laptop, having issues getting in BIOS and issues w/ another old PC that I want at least an old *nix on it, stuck w/ a crappy 1998-era DOS prompt... Read that parts or most of BIOS used to be on the HDD...so..grr as usual.

Clive Robinson
--Yeah, except that just means I haven't found how said person is attacking me (in my mind)...It's served me well sometimes, but I get things done when I ignore it; otherwise I'm just frozen.

Oh and the tiger ear tickling, you really set this up lol, what about this guy?! :p http://i.imgur.com/SGznp.gif

Clive RobinsonAugust 12, 2014 7:35 PM

@ Qoheleth,

I think you are muddling up assume and believe as a precursor to a course of action.

It's sensible situational awareness to "assume the worst" as you can then move forwards in ways that are more favourable to you (see "art of war"). If however you "believe the worst" then your only choice is avoidance and thus you have defeated yourself and handed victory to whosoever decides to take it from your hand.

Look at it this way, I assume the worst on crossing a road is death or severe mutilation, which I think most will agree is a reasonable assumption based on road accident reportsreports. Thus I find a favourable point to cross and do it with care looking and listening, thus avoiding the worst (so far ;). If however I believed the worst will happen then I simply won't cross the road to my possible detriment.

It is the difference between healty reasoned and unhealthy unreasoned paranoia.

As for the cost, we have as I noted mechanisms of mittigation based on respect. At a first "blind" meeting we know nothing about the other person we watch their behaviour and ask questions and as a process build up a level of respect from which trust can but does not need to follow, as it is more than possible to interact with out direct or even indirect trust.

This is because as a society we also have institutional mechanisms such as the FAA certification and monitoring process. It means I can make a reasonable assumption about the state of an FAA certified aircraft before I get on it. There is no reason for me to blindly believe it is safe to board. Unfortunatly it's not a guarantee thus I am selective about which airlines I chose to fly, their historical record is a part of the organisational respect process, I can use to make a trust decision about if I will use them or not.

There are so many of these mechanisms in place that we rarely think of them directly, you would probably book a flight with your nations flag carrier without any further thought, unless you lived in a country you considered overly corrupt or generaly incificient at governance.

That is because you have made a probabalistic choice, which is actually divorced from a believe the worst / best all or nothing blind faith trust. As the former is to some extent evidence based the other most assuredly not.

JacobAugust 13, 2014 6:07 AM

The WP reported yesterday that the DEA has paid, for many years, an employee of AMTRAK to get a detailed confidential passenger list (although they could get it for free (*)).
Apparently this was an illegal DEA act, but it appears that only the employee is penalized because "he acted without approval"

http://www.washingtonpost.com/blogs/federal-eye/wp/2014/08/12/dea-paid-an-amtrak-secretary-for-confidential-passenger-information/

I guess we will see some day the emergence of a no-train /no-bus list.

-----------------------------------
(*) And a bit on the economics of surveillance:

"Under an agreement with the DEA, the Amtrak Police Department provides such information for free in exchange for receiving a share of funds seized through resulting investigations. The report said DEA’s purchase of the records deprived Amtrak police of money the department could have received by supplying the data."

crepusculeAugust 13, 2014 6:53 AM

@Winter

A move in the right direction IMO, but it seems to be reinventing the wheel: owncloud, pydio, cozy, kolab, sparkleshare... In fact, anyone with a spare Raspberry Pi, a USB external drive and half decent IT skills could create private file hosting with relatively little effort. Or am I missing something?

SelocReimAugust 13, 2014 7:02 AM

Is there a way of checking the number of active Tor nodes by country historically? E.g. how many active Tor nodes registered in Russia were there last week, 2 weeks ago, 3 weeks ago...?

WinterAugust 13, 2014 7:08 AM

@crepuscule
"Or am I missing something?"

End-to-end encryption and secure clients? Scaling?

I assume they want to offer large scale hosting, at least for official business. I know hospitals are also experimenting with such services.

DBAugust 13, 2014 8:02 AM

@Qoheleth

You make a good point about having someone with the opposite view to speak to sometimes. However I would prefer that person to be honest with himself and others, otherwise it's only calculated disruption. Skeptical goes to great lengths to appear open and honest at first glance, but if you happen to make a good point he can't argue against he will be evasive or just silent for a bit rather than concede the point. Then later on he'll argue the same thing again, hoping you won't notice and the same counter will be forgotten. He is as dishonest with himself and with others as our government leaders are. This broken record of lies and deception all around us gets tiring, frankly.

Gerard van VoorenAugust 13, 2014 10:55 AM

About Localbox (open source dropbox replacement)

@ crepuscule

"A move in the right direction IMO, but it seems to be reinventing the wheel: owncloud, pydio, cozy, kolab, sparkleshare... In fact, anyone with a spare Raspberry Pi, a USB external drive and half decent IT skills could create private file hosting with relatively little effort. Or am I missing something?"

I think you are missing something. That something is called "user friendly", which requires lots of complexity. Although I haven't yet looked at the code I assume it is HTML/JS based. So you need a GUI, server code and lots more.

It could have been simple on for instance plan-9 where accessing another computer is a matter of 2 lines in the command terminal... But Bill Gates and Steve Jobs successfully ruined that kind of simplicity.

@ Winter

I like the comments at the computerworld story. Especially the remark about the commodity and about the "wide open cloud".

But I will certainly take a look at it and probably test it.

crepusculeAugust 13, 2014 11:30 AM

@Gerard van Vooren

"I think you are missing something. That something is called "user friendly""

Anyone who finds the interface of owncloud or kolab challenging should probably require 24 hour supervision and might be better suited to a LeapFrog Clickstart than a private file hosting solution. Anyway, if one already has a bunch of coders on the payroll (as I Imagine the Dutch government does) and you've got nothing better for them to do, I guess there are worse ways of keeping them entertained.

crepusculeAugust 13, 2014 11:38 AM

@winter
"End-to-end encryption and secure clients? Scaling?"

Tahoe-lfs would tick the box. Anyway, I don't want to give the impression that I am against the project. I think this is clearly a step in the right direction. In fact, I love to see European governments and businesses wise up and move our data away from American data-hogging services. I just had the impression that there is a fair amount of code out there that seems to be doing very similar things.

asynchAugust 13, 2014 12:36 PM

They keep selling this to us as a feature instead of a bug.

Bruce has talked about it before, but new BH feature this year.

Absolute Computrace Lojack hiding in the BIOS.

http://www.freakyacres.com/remove_computrace_lojack?page=1

I run it from: (line in registry)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Agremove"="C:\\Windows\\agremove.exe"


And i still like the optical generator idea for sending info as graphics.
Maybe use Lock The Page, and send as non-machine readable, but un-encrypted to avoid having it saved.

http://securitynirvana.blogspot.com/2014_01_01_archive.html

WinterAugust 13, 2014 12:59 PM

@crepuscule
"Anyway, if one already has a bunch of coders on the payroll (as I Imagine the Dutch government does) and you've got nothing better for them to do, I guess there are worse ways of keeping them entertained."

They outsource it. I understand that Fox-IT is a capable security outfit.
https://en.wikipedia.org/wiki/Fox-IT

There are more.

@Gerard van Vooren
"Although I haven't yet looked at the code I assume it is HTML/JS based. So you need a GUI, server code and lots more."

End2End encryption with HTML/JS at the client end for the cryptography sounds like a very bad idea. They actually say somewhere that there won't be a browser client.


PS: I am no relation of the "De Winter" mentioned in the computerworld story

crepusculeAugust 13, 2014 1:11 PM

@Gerard van Vooren

"Although I haven't yet looked at the code I assume it is HTML/JS based."

I had a quick look. It's written mostly in PHP.

BenniAugust 13, 2014 2:08 PM

News from Snowden:

" “It’s no secret that we hack China very aggressively,” he says. “But we’ve crossed lines. We’re hacking universities and hospitals and wholly civilian infrastructure rather than actual government targets and military targets. And that’s a real concern.”"

"By the time he went to work for Booz Allen in the spring of 2013, Snowden was thoroughly disillusioned, yet he had not lost his capacity for shock. One day an intelligence officer told him that TAO—a division of NSA hackers—had attempted in 2012 to remotely install an exploit in one of the core routers at a major Internet service provider in Syria, which was in the midst of a prolonged civil war. This would have given the NSA access to email and other Internet traffic from much of the country. But something went wrong, and the router was bricked instead—rendered totally inoperable. The failure of this router caused Syria to suddenly lose all connection to the Internet—although the public didn’t know that the US government was responsible. (This is the first time the claim has been revealed.)"


"The massive surveillance effort was bad enough, but Snowden was even more disturbed to discover a new, Strangelovian cyberwarfare program in the works, codenamed MonsterMind. The program, disclosed here for the first time, would automate the process of hunting for the beginnings of a foreign cyberattack. Software would constantly be on the lookout for traffic patterns indicating known or suspected attacks. When it detected an attack, MonsterMind would automatically block it from entering the country—a “kill” in cyber terminology.

Programs like this had existed for decades, but MonsterMind software would add a unique new capability: Instead of simply detecting and killing the malware at the point of entry, MonsterMind would automatically fire back, with no human involvement. That’s a problem, Snowden says, because the initial attacks are often routed through computers in innocent third countries. “These attacks can be spoofed,” he says. “You could have someone sitting in China, for example, making it appear that one of these attacks is originating in Russia. And then we end up shooting back at a Russian hospital. What happens next?”

In addition to the possibility of accidentally starting a war, Snowden views MonsterMind as the ultimate threat to privacy because, in order for the system to work, the NSA first would have to secretly get access to virtually all private communications coming in from overseas to people in the US. “The argument is that the only way we can identify these malicious traffic flows and respond to them is if we’re analyzing all traffic flows,” he says. “And if we’re analyzing all traffic flows, that means we have to be intercepting all traffic flows. That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing. For everyone, all the time.” (A spokesperson for the NSA declined to comment on MonsterMind, the malware in Syria, or on the specifics of other aspects of this article.)"


I am the only one who notices that this "MonsterMind" software is similar to these plans of the german secret service BND?

http://www.bnd.bund.de/DE/Themen/Reden%20der%20Leitung/Redetexte/Rede_BfV-Symposium2014.html

the BND president said here on a project for which the service wants additionally 300 mio euros:

"In detail, this can look like this: With our foreign signals intelligence, we recognize a Cyper Attack on french companies or institutions with a new, and unknown malware. We then give this information to the office for security in information technology and to the german service for the protection of the constitution. They then can take measures that appropriate firewall settings are used in germany"

The question is just: What does the BND have to sniff in data packets of french companies?
And in order to prevent the malware from entering germany, the BND application would have to sniff on every datapacket that gets on german ground, similar to this NSA MonsterMind program....

SkepticalAugust 13, 2014 2:36 PM

@Nick: Why do you keep bringing up countries like Yemen? I've been mentioning First World countries like Denmark, Finland, Switzerland, etc. They have fair legal systems and don't routinely kidnap/murder people.

routinely kidnap/murder people

That wasn't a reference to Yemen? The US is routinely murdering persons inside the United States? Examples should be easy to provide if this is routine. Please feel free to name some.

Otherwise, let's focus back on realistic concerns. Being murdered by the government isn't something anyone needs to worry about in Denmark OR the US.

You also bring up extraordinary rendition, which I'll address next. However, before even beginning, understand that this is also something one need not worry about inside the United States.

Remember what the issue is: whether intelligence agencies more legally restrained within the United States than the intelligence agencies of other democratic governments.

You wrote: We know some specific groups that are targeted for things like rendition.

I asked: "Legal extradition from the United States? Extraordinary rendition from one foreign state to another? Rendition TO the United States? Which do you mean?"

You replied: You're confusing extradition and CIA rendition. That I mention kidnapping and torture means I'm clearly referring to CIA rendition.

"Rendition" (read the first thing you wrote, which I quote above) refers to any transfer of an individual from one jurisdiction to another. It encompasses the transfer resulting from legal extradition proceedings as well as forms of what is called extraordinary rendition. So when you say that "specific groups are targeted for things like rendition", you could be referring to any of the different actions I mentioned.

"Extraordinary rendition" (also known as irregular rendition) refers to an extrajudicial rendition. It can involve government A grabbing a person in country B and transferring them to country C; it can involve government A grabbing a person in country B and transferring them to country A. It does not, by itself, mean that a person is to be tortured.

But in any case, you indicate that you refer to the capture of persons by the US in one foreign nation and the transfer of those persons to another foreign nation.

This program can grab people anywhere, put them on a plane, ship them to a place with looser restrictions on torture, and they get no trial/defense.

Since we're talking about restrictions on US intelligence agencies within the United States, this is false. You cannot legally be simply "grabbed" inside the United States and shipped anywhere. The closest case would be Padilla.

Outside the United States, an order by the President to undertake such an action would be legal only within narrow and unusual sets of circumstances - generally the same sets of circumstances any government would invoke when undertaking such actions.

This isn't to imply I agree with all instances in which extraordinary rendition has been used. Quite the contrary.

This is all on a mere *accusation* by our legal system's standards.

I'm not sure what you think the "legal standard for an accusation" is. Your point though, I'm guessing, from this line and the paragraph which followed it, is that there should be some legal burden of proof before the US undertakes an act of extraordinary rendition?

I wrote: "Legitimate criminal charges have been "used" against two of those people. What is your point here? Yes, if you intend to commit serious felonies under US law, such as disclosing massive amounts of classified information, then the US may not be the best place for you."

You responded: I see the trouble you're having: you've never read about due process. Our country's legal system (per Constitution) says executive branch makes an accusation (charge), the person is to be tried in a court (judicial), the person can request a jury, and the person is innocent until proven guilty. The Constitution doesn't say: "this agreement is entirely void if some parties in it use the phrase 'national security' or the word 'terrorist'." And this despite that the Framers knew about insurgents: they were called similar names themselves.

No one has made the argument you're refuting. I'll clap with approval for this speech along with everyone else.

So, let's get to Manning and Snowden. Manning was treated worse *pre-trial* than most *convicted* violent offenders are treated. Many psychologists have testified that people being in solitary for long periods can drive them nuts and is cruel. We also have a Constitutional protection against cruel and unusual punishment. So, the guy was subjected to cruel/unusual treatment, severely punished before conviction, and likely on vendetta which is typically considered illegal as well.

There's certainly a good argument that Manning was placed and/or kept on suicide watch inappropriately. The responsibility for that falls with the brig's commanding officer. If in fact she was, then she was abused by persons who acted illegally. This is no different than the case of a police officer who decides to needlessly beat an individual he has just arrested. It's not an action condoned by the law.

There are some errors in your analysis of how the 8th Amendment applies, and solitary confinement, but these aren't relevant to the point. I'd be happy to discuss though, if you'd like.

On top of it, he wasn't allowed his Constitutional rights just because he was in the military: they have special courts and rules to dodge accountability to the people.

:) I'm going to go out on a limb here and say that you don't actually believe that, and are simply trying to goad me into a response. But if I'm wrong about this, then I apologize, and I'd start by pointing you to Article I, section 8, of the US Constitution.

Snowden would've been similarly charged under Espionage Act.

Snowden has been charged.

As I mentioned with Manning, these kinds of prosecutions are special. The classification laws of the United States mean the defence often can't present evidence critical to their case.

This is false. The defense must give notice of classified information that they intend to present at trial (obviously, after they have had opportunity to review such information). The prosecution can object to it and/or propose various substitutes (unclassified summaries of relevant facts, stipulations of relevant facts, or redacted versions, for example). Ultimately the judge determines what evidence is allowed and in what form. If the prosecution, or more specifically the Attorney General, wishes, he can file to prevent the evidence in question from being presented even if a judge rules it admissable; and at that point, the judge may sanction the prosecution as he sees fit, including by dismissing the case entirely if necessary.

The Constitution's position is pretty clear here: a person being accused can present evidence of their innocence. The U.S. government's position is clear: the trial is mostly the prosecution's evidence, they can selectively use classified evidence, and the evidence contains a lot of "take our word for it." This is so rigged and so clearly violates due process that anyone taking extreme measures to avoid such a prosecution is justified.

Also false. The law you're thinking of is the Classified Information Procedures Act.

Such things happen in a number of other countries. They also *don't* happen in a number of countries. Hence, my argument that people worrying about such things (esp if US is threat profile) should be in one of those more lawful countries.

Then, with all due respect, your advice is based on a misunderstanding of US law.

I wrote: "They arrested Manning, and certainly desire to arrest Snowden, for committing serious felonies - not for simply "seriously threaten[ing] their interests.""

You responded: So, they treated them the same as everyone else that's committed a felony? No? Then you're doing another strawman to make it seem like just another legal accusation. It isn't.

Outside of the possible abuse of authority by the brig commander in Manning's case, she was treated by the book.

Their targeting is limited to a small subset of the population. It's classified, so I can't know or discuss it.

"Targeting" meaning what? Investigation and prosecution?

The average person or organization seems unlikely to be targeted, *especially* a major media organization. You're smart enough to know big media is handled in a special way by politicians due to their influence, so I wonder why you brought them up.

Again, targeted how and for what? Manning had representation and aid from several major organizations, including some that I mentioned. He was investigated and prosecuted after having stolen and leaked hundreds of thousands of classified documents to Wikileaks. His trial and cause were given great publicity, as were the issues raised in his case. This is the "classified" targeting you're speaking of?

What I do know is NSA BULLRUN documents indicate *they* target anyone that develops tech that undermines their mission.

Are you really trying to connect BULLRUN with drone strikes, extraordinary rendition, the criminal indictment of Snowden and the prosecution and conviction of Manning?

They straight up consider them adversaries. One document mentioned "HUMINT" methods for resisting groups. After seeing decades worth unclassified and declassified material on "HUMINT" methods, I can definitely say that might lead to all kinds of covert pressure or attacks given that's what HUMINT is.

All HUMINT involves "covert pressure or attacks"? By this logic, The Washington Post, Glenn Greenwald, and others must be subjecting Snowden to covert pressure or attacks.

Given that the internal documents consider such people opponents and the U.S.'s position is that it can take "extra-judicial" (i.e. illegal) action against "enemy combatants"... I'll let you connect the dots. The targeting criteria isn't the issue. That they can do it and you have no recourse is the issue.

I'll be blunt: it is absurd to conclude from the BULLRUN documents that simply "anyone that develops tech that undermines their mission" could be considered to be an enemy combatant by the US Government.

... For instance, he largely based tactics/experiences of "Janson" in Janson Directive on Richard Marcinko, the "Rogue Warrior." One I recommend to you is Matarese Circle. It's ending reveal is the closest thing to what's actually going on in the world, in fiction at least.

How so?

BenniAugust 13, 2014 5:13 PM

http://en.wikipedia.org/wiki/Skynet_(Terminator)

"Skynet was first built as a "Global Digital Defense Network" and given command over all computerized military hardware and systems, including the B-2 stealth bomber fleet and America's entire nuclear weapons arsenal. The strategy behind Skynet's creation was to remove the possibility of human error and slow reaction time to guarantee a fast, efficient response to enemy attack.

Skynet was originally activated by the military to control the national arsenal on August 12, 1997, and it began to learn at a geometric rate. On August 29, it gained self-awareness, and the panicking operators, realizing the extent of its abilities, tried to deactivate it. "

I think one should change the synchro of the terminator movies. They should change every mentioning of skynet into "MonsterMind" and Cyberdyne into NSA. But perhaps "Monstermind" is just the NSA codename for skynet...

It maybe that MonsterMind resolves some of the questions what general Alexander is selling to US companies.

Snowden writes:

"In addition to the possibility of accidentally starting a war, Snowden views MonsterMind as the ultimate threat to privacy because, in order for the system to work, the NSA first would have to secretly get access to virtually all private communications coming in from overseas to people in the US. “The argument is that the only way we can identify these malicious traffic flows and respond to them is if we’re analyzing all traffic flows,” he says. “And if we’re analyzing all traffic flows, that means we have to be intercepting all traffic flows. That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing. For everyone, all the time.”

In the posting on Alexander selling his spyware, it is noted that US companies refused to have their traffic checked by NSA spyware. But in order to work, Monstermind has to be deployed not only on government sites. They somehow have to get a foothold into companies, making them install their spyware on company systems. Perhaps Alexander's move into the consulting world is just the NSA's way to install monstermind at more servers....

mensonge extraordinaire!August 13, 2014 7:03 PM

There's so much glassy-eyed delusional brainwashing on parade in Skep's latest post that we could be here exploding it all night, but this is perhaps the most priceless bald-faced dishonorable lie:

"Ultimately the judge determines what evidence is allowed and in what form."

Tell that to Gladys Kessler, who got yanked off the Palfrey honey-trap trial for admitting exculpatory evidence on CIA kompromat ops. Tell that to Brownback, who got yanked off the Omar Khadr trial for requiring evidence of any kind. Tell that to Alito, who gets personally surveilled by NSA's top-echelon peeping toms.

The US judicial system has no independent courts. Anyone like Skep who denies that is a Big, Big Liar.

Gerard van VoorenAugust 14, 2014 3:48 AM

About Localbox (Open source Dropbox replacement):

Call me an old fart, but a very brief look at the code structure tells me that I was right about what I said before.

"I think you are missing something. That something is called "user friendly"

We are talking about 205 MB, in 24.066 files, including tons of PHP and JS code. It depends on Apache, PHP and MySQL. It also needs to be installed with sudo rights.

Wirth was right a long time ago when he said: "Software is decelerating faster than hardware is accelerating."

Today it is impossible to create simple code for a large client such as a government or other ordinary end-users. It just has to be "user friendly", which requires lots of code.

I would like to repeat what I said before. In plan-9 mounting a remote shared drive is a matter of 2 lines in a terminal. No root access, but with TLS and ACL.

This rant is not against this project itself but against web2.0 / word processors / Windows / OSX in general.

ThothAugust 14, 2014 9:06 PM

Snapchat has yet another incarnate claiming to "self-destruct" documents but this time it's in a commercial packaging:

http://www.digify.com/

Yet another failed product trying to market itself with futile efforts.

Security via obscurity wins the day yet again.

ThothAugust 14, 2014 9:15 PM

It there were ever a Hall of Shame, a lot of "security" products (about ~99.8%) would be up there including well known HSMs and "trusted" platforms.

FigureitoutAugust 14, 2014 11:23 PM

/***** Shout out to Clive Robinson *****/

2 Questions (sorry...in case you didn't notice, I'll ask until you stop answering...figured what's the harm in asking).

1) Know you like PIC's, been messing around w/ the PICkit 2 and a little demo board today for a little bit, and if I could fix a broken one I could probably have it. Have a few chips I could get and try to whip up Aspie's neat mini Forth computer while I get my grips and mind set back on an opensource EMSEC computer design. The one that actually worked, it was pretty nice, I liked it. But it may be needed later and I heard they aren't selling PICkits anymore.

On the "broken" one, whenever I try to do anything the PICkit2.exe freezes (in good ole WinXP) and I have to close it, can't reflash a new OS. In my little research, I tried holding the program button while plugging in to USB, and it flashes the "busy" LED which means it should have a bootloader...Now I haven't tried the next thing, which was to connect a working PICkit to the broken one and thru there I should be able to program a new OS. Well, I've learned real quick, be very cautious when you're about to break something in embedded programming, and I don't want to somehow break the working one too.

Have any ideas what this may be? Haven't been able to quickly find much which means the problem may not even be worth getting into if it's just some random hardware failure...

BTW, while looking I found some funny videos, it's a rant about the new "feechurs" in the PICkit 3 and how they screwed up a decent product for the sake of making a new product to sell...Never see that in the engineering world, eh..? But what was funnier was the response by Microchip, w/ the MBA manager "D. Head" and his Dilbert-tie lol...pretty funny.

EEVBLOG:
http://www.youtube.com/watch?v=LjfIS65mwn8

Microchip Response:
http://www.youtube.com/watch?v=3YUvlrVlNao

/* 2nd Question */

2) On this old Compaq Presario 5190 I'm trying to get working again b/c it's a big tower w/ a bunch of hardware I'd rather not either let collect dust or get in and pilfer it. Got a RAM-card error, but it was off just a little, may mean new RAM cards or some other worse error...Pissing me off, and these older computers don't have much documentation at all on the internet b/c they were pre-internet (!) in some cases...Meaning no BIOS or drivers to download (besides a CD that doesn't work) which I'm not trying to firstly write one that works but then be able to flash it... When I do the "Compaq QuickRestore Utility v3.09a", goes pretty normally until the end after it formats and I restart. Get this error, then it shutsdown:

"Invalid VxD dynamic link call to device number 3, service B. Your Windows configuration is invalid. Run the Windows Setup program"

Quick search leads here: http://forums.techguy.org/earlier-versions-windows/150984-invalid-vxd-dynamic-link-windows.html

Where some guy says it could be due to a RAM problem, and I'm pretty sure I have either bad RAM cards or something less fixable...

Any clues? Have 2 other towers I'm working on now and RasPI/BBB and of course my Z80 project, so not trying to waste time, just hate wasting a computer. I really want to get a new computer (tiny netbook, like $300) and set it up right from the start and have one more designated "internet computer", which turns out to be usually the most used and "where all the problems come from"...

/* OT */

Oh BTW, found an easier "TCP/IP Throwing Star" while just looking at the HackRF:

https://greatscottgadgets.com/throwingstar/

Be forewarned, that yes, everything can go wrong, so those connectors could fail (they can physically break from the PCB) and may be a nightmare to solve what's wrong w/ your net taps...

Clive RobinsonAugust 15, 2014 4:36 AM

@ Figureitout,

Early "Comp-cack" computers are non standard in many ways, not just in hardware but also because they modified DOS in various ways.

If you look up the original IBM PC you will see it only went to 640K of RAM and the rest of the 1MByte memory space was used to do memory mapped I/O including the early displays.

Well even though 640K was ten times that available to the majority of 8bit systems, it was quickly not enough... So various hardware manufacturers came up with compeating ways --the blessing of efficient "free markets"-- to add extra memory. The problem was you needed not just the hardware but also drivers for DOS.

I'm away from my dead tree cave at the moment --illness strikes again-- so I can not look up the info on extended or expanded RAM cards, but if memory serves right Compaq went their own way initialy and then went with an industry group that included Intel (to which Billy Boy listend to and thus had official support).

Compaq did have a habit of not using the ISA bus standard for it's I/O cards --tied market rip off etc-- so when you crack the case you may not see what you expect to see. Thuss you might have to look at chips to work out which card is in fact the memory extension / expansion. When you find it hopefully the chips will be socketed, and you need to pull them out and reseat the chips as the first step as old age brings both oxide and creep, neither of which is good for conductivity.

The next trick is to make a minimal MS-DOS boot floppy with DOS 5 or earlier, remove the memory card and boot from the floppy to see if you can atleast get a prompt and can get a floppy directory listing.

Unfortunatly Compaq also went their own way with other things including "beep code" and "Boot IO diagnostics" so I'm not sure if they will help you or not.

As for PICkit-2 it's far from the only game in town, Maplin, Radio Spares and similar electronics shops sell build your own PIC programers and more than one book came with bare bones PCBs and a disk of MicroChip software. There is also various Linux projects for schools and colleges etc that have the minimum required to get up and running with the smaller PICs.

I've not had probs with my PICkit and Explorer 16 boards so I'm at about the same starting point on fault finding it as you are. If Microchip are being "Dilberts" over this then it's comming from the "Marketing Droids" not the engineers, because they are aware that for several years the sales to amature constructors are what kept their pay checks ariving each month...

However I can understand MicroChip wanting to move Dev Kits forwards, many of the chips they now make, are at best on the high end of small business construction and above allbut a few home constructors (try soldering in a 144pin QFP by hand to see why).

However there are plans on the Internet about making your own IR solder station with a toaster (and yes it does work). For many years I've used a hot air gun and home made aluminium shields held in place with Blu-tac to do re-work, and a limited bit of construction.

name.withheld.for.obvious.reasonsAugust 15, 2014 7:33 AM

@ Clive Robinson

However I can understand MicroChip wanting to move Dev Kits forwards, many of the chips they now make, are at best on the high end of small business construction and above allbut a few home constructors (try soldering in a 144pin QFP by hand to see why?

That's funny Clive, a few years back I built a modular prototype platform (VME bus, multi I/O breakout, and scalar micro-controller/processor that are bus attached. It was helpful to demonstrate various performance achievements in designs using uproc slicies and asynchronous I/O processing. The prototype of the prototype was constructed using a wire wrapped backplane and two PC104 boards Vector) for the uprocs, 100 pin TQFP. After four hours of aligning the device onto the board and getting the .5mm pads and the PCB traces aligned I was exhausted. It was when I was doing the wire wrap work that I realized that I needed to fire myself or lose 30lbs.

It was in the late 70's and in 80 that I'd last touched wire wrap, mostly S-100 as discrete I/O boards.

Clive RobinsonAugust 15, 2014 7:41 AM

With regards GCHQ's HACIENDA, what they are doing is a simple script kiddy attack.

And as I've noted in the past there is a lot more you can do with it than this rather banal program.

If you regard the PC using NMap as the transmitter of a radar, the echo that comes back from the distant end can be received by more than just the NMap PC. For instance you could put on a passive tap at some point up stream of the NMap PC that logs very accurately not just the out and back packets but the packet delays along with the TCP/IP timestamps.

By correlating the time data a lot of further information can be derived, including spotting Honeypots/nets and services shareing the same hardware but using different IP addresses. Which will help with all sorts of tricks and unmasking of hidden services etc.

With regards the articles stelth port knocker, sorry but it is not that stealthy and without other dynamic elements will not provide much of a defence.

That said I was thinking of using the little problem with OpenSSL highlighted recently to do something similar except using an encrypted payload which uses PubKey and large nonces to get around many of the problems. The thing is that the problem with OpenSSL that made it a vulnerability can be fixed, but as it alows upto 64Kbytes of totaly random payload, anything you send is in spec and fully expected and thus not odd in usage.

BenniAugust 15, 2014 5:27 PM

https://firstlook.org/theintercept/2014/08/15/cat-video-hack/


One way that Hacking Team accomplishes this is by taking advantage of unencrypted YouTube video streams to compromise users. The Hacking Team device targets a user, waits for that user to watch a YouTube clip like the one above, and intercepts that traffic and replaces it with malicious code that gives the operator total control over the target’s computer without his or her knowledge. The machine also exploits Microsoft’s login.live.com web site in the same manner.

Scott "SFITCS" FergusonAugust 16, 2014 1:08 AM

@Benni

https://firstlook.org/theintercept/2014/08/15/cat-video-hack/


One way that Hacking Team accomplishes this is by taking advantage of unencrypted YouTube video streams to compromise users. The Hacking Team device targets a user, waits for that user to watch a YouTube clip like the one above, and intercepts that traffic and replaces it with malicious code that gives the operator total control over the target’s computer without his or her knowledge. The machine also exploits Microsoft’s login.live.com web site in the same manner.

  1. Solution 1. Don't run Fffflash. Seriously - you're not just shooting yourself in the foot you're also lowering the standard. Hint: if you really need to watch cat videos on YouTube try:- using HTML5 instead of proprietary closed-source rubbish (with a long history of insecuritities[*1]) for no good reason.
  2. (Partial) Solution 2. Verify anything you install as actually (authenticate) coming from a trusted source (plug for use of DNSSEC).
    Or...
    Outsource the resposibility (use Debian?) e.g.
    # apt-get install flashplugin-nonfree
    # update-flashplugin-nonfree --install






[*1] Fffflash and Java use for web browsing - the triumph of optimism (and ignorance) over experience?

FigureitoutAugust 17, 2014 2:43 PM

Clive Robinson
--Thanks for the hints and that's interesting on Compaq design decisions (I'm still stumped on the PICkit2 and looks like I won't have time to solve (if even solvable)). Quit staying up so damn late too and stay out the hospital.

Finally got this damn computer booting up Win98 (LOL), (f*cking YES! Finally!) can't wait to wipe this, unless maybe I could install some old z80 assemblers on it and use it to program. Also has some old modems and I may try to connect it to a radio or hear that old 56K dial-up noise again lol. So I'll just leave it for now.

Did plenty googling, these 2 sites were helpful if anyone has similar problems (you need another functioning floppy disk drive and of course floppies too...):

http://www.bootdisk.com/ (I don't know why there's a girl looking suggestive in bikini, doesn't make sense, but first link on DOS is good and site is too. Just ignore it lol)

http://rosshaynes.com/windowsos.html (codes as I lost the product key but you could probably type in anything)

Bad RAM card, after me scrambling crazy for the better part of the weekend, I just now removed 1 RAM card (kept giving memory errors so that was a huge hint) and it finally booted up to safe mode and then normal boot. Didn't realize RAM was so important for booting up or if booting hits that bad spot (I should've written down that address as I kind of want to make a custom RAM card reader and go to that address). That's weird, found a link that explains that pretty well:

http://scottiestech.info/2010/04/25/bad-ram-recognizing-defective-memory-problems-in-your-computer/

The 'click' moment in my head was him mentioning ASLR (address space layout randomization).--Note from that link that OpenBSD was the first mainstream OS to support partial ASLR and enable it by default, good.

But, in my research (and hurriedly trying to get a damn boot disk working as I was getting address errors on my old-ass floppy disks!! Grr!) it said that it would put some of the files in the RAM on start-up too as it was all too big for a 1.44MB floppy. As I was still having problems w/ the boot floppy. It must've been an important address, but it looked like the end-ish (01000000 and like 7******F, forget the letters).

So this sucks, just have 64MB of RAM again on another PC! It still had lots of file names w/ this symbol in it: "~" and text files w/ pure garbage in them in Safe Mode, assuming that's a leftover symptom of bad RAM but I've seen it in newer computers too....I also saw a similar thing on that old laptop I got, when I put "Full" start up, you can see a count up to 65536, I get that on the laptop, just couldn't get in the BIOS yet nor does it display the OEM logo or anything...

But on the RAM card, here's the datasheet (I was able to find by googling what's written on the chips)

http://www.datasheetarchive.com/dlmain/Datasheets-16/DSA-316158.pdf

--Have you done anything w/ old RAM cards/chips? Like make a custom reader? The protocols of it look a little to complex for me now. But could you still use those RAM chips (I'd have to screw up the compaq PC again to find that address) for a homebrew PC? Have other things I'm doing, but I just wonder as I have some other RAM cards laying around. As it looks like I could get a whole $1.99 (!) for selling them, so almost worthless.

http://www.ebay.ca/itm/Compaq-128MB-DIMM-Memory-Kit-2-x-64MB-Modules-168-pin-/281347992778

Random Quips on Win98 and Compaq Presario

Alright, so this is ridiculous the starting of this OS. First of course the CRAPWARE like quicken loan/tax sh*t, seriously? I bet the graphics made people go nuts back in the day lol.

But then this registration is so ridiculous too, wants all this info, names/addresses...then things like "What are your computer skillz like?"--WTH? "How will you use you Presario?" "How'd you find the Presario?" "When and where did you purchase the Presario?" "What PC publications do you read?"

And on and on and on...then when I finally got to the end where I'm like "I don't want to F'n register!"--They left a message at the end, "We'll remind you to register in 2 weeks."--WTF, NO! Damn so annoying lol.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.