Friday Squid Blogging: Little Squid
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
QnJ1Y2U • October 31, 2014 4:47 PM
Police officers search phones of arrestees for nude photos, forward them to other cops: link, link, link.
None of the cases resulted in criminal charges for the officers.
Justin • October 31, 2014 5:08 PM
It’s part of their macho camaraderie.
LEakins • October 31, 2014 5:46 PM
How about this for a leak?
UFOs Are Real, Top Area 51 Scientist Reveals In Deathbed Video — 18 Aliens Work For U.S. Govt
parrot • October 31, 2014 6:41 PM
Facebook lifts ban on Tor access; get’s an .onion address.
Maybe I’ll have better thoughts on this in the morning, but my knee-jerk reaction is to be skeptical. What does everyone else think?
Vincent • October 31, 2014 6:53 PM
Verizon has been inserting a string of letters and numbers into users’ http requests. One computer scientist is calling it a supercookie. I wrote a summary of the issue yesterday.
Vincent • October 31, 2014 6:55 PM
Sorry, I forgot to mention in my previous post that the computer scientist was John Mayer. Here’s his post.
Casual Friday • October 31, 2014 8:18 PM
Android Encryption Fail: I just encrypted my Droid after updating to the latest Android code. No SD card installed, just local storage. After the process finished supposedly successfully, I connected my laptop to the phone which does have Media Device (MTP) enabled and to my surprise I can access the file system and read all the files. I can open and view photos just as before. Uhh, that’s not right. Turning off MTP does make the storage invisible in terms of my laptop seeing the storage as a drive, but it makes me wonder if that is enough to keep out tools designed to suck the data out of your phone.
Settings->Storage->USB Computer Connection–>Media device(MTP) Disable if you want encryption to have any value. I believe it’s disabled by default.
For myself I don’t really care I just tried because I’m bored and nerdy, but that is an issue if you were to actually rely on it and didn’t realize the implications of that feature.
Thoth • October 31, 2014 10:09 PM
Does the Android Encryption cover just the SD card or includes both SD and local storage ?
I wouldn’t go for Android’s native encryption mechanisms because who knows what they have done. Find an open source Android Encryption software, review it and use it if OK.
Figureitout • October 31, 2014 11:46 PM
Wael FROM: adobe thread RE: vacuum-gaps and other…gaps
–Well, I didn’t used to have any interest in vacuum chambers, but there appears to be quite a lot of homemade vacuum chambers; some of which are for hash oil lol…Google it, basic components of metal pot/pan, sticky tape, and plastic w/ tiny hole well-sealed. Sound-proofing is again easily found on google, you can do it if you put the time/money/effort into it. Personally, I was amazed at a tiny piece of foam (maybe 3-4mm) and how much force it absorbed. All screws on device need to be padded to minimize vibrations. What gets me is necessary holes like ventilation/power, those will always be problem areas.
But yeah, as far as Wifi is concerned, you CAN get full blown internet w/ wifi signals on just the TIP of an SMA connector if signals are close/powerful enough. In my case, it was just basic router plugged in, and about 10 ft. away (no power amplifiers or special antennas), router is in cabinet and connector facing away. Unbelievable, I’m led to think there may be path to chip on board acting as a better antenna. Cements in my mind that any exposed ports on an EMSEC PC is such a risk the PC shouldn’t be taken seriously. Must be shielded and lines shorted when not in use.
Also tried out a nice 12db 2.4GHz yagi antenna at my work today (which I’m holding right now, mmmm, sexy little thang lol, just has wrong connector on it 🙁 ), on the spectrum analyzer. Was able to see some wifi networks of course; but not some other devices. Devices that only transmit for 1ms; even the FCC can’t see these transmissions unless we make them transmit all the time lol…This is commercial tech. too, can be broken if a competent person tries. Meaning my idea of having an observing spectrum analyzer outside of secured area scanning for signals and relaying warnings to me via an opto-isolator took a hit there. Needs to be more sophisticated, or just need a better method.
Andrew_K FROM: adobe thread RE: a simple method for PDF’s
–That was simply a simple reference method, one that’s been done a million times yet is slightly practical. One can make it as convuluted and insane as one wants. After about a day of moving data around, you may think “Wasn’t I trying to just get a PDF to do some research on XYZ? What the hell am I doing?!” What would you do? Note another extremely simple method is again access via TOR via VPN via random wifi network w/ liveCD, and take a picture w/ digital camera (not smartphone) and simply save documents that way. Kali Linux has a nice “screen capture” program to further cut obfuscate data origins, you can then also boot up via a VM and do it again lol.
Wireless Security in the News
AirHopper: Data exfiltration via FM, I repeat FM radio. AFSK, this is not rocket science. There’s like 20 other modes that are common, even frequency hopping spread spectrum which makes it even harder to find. No wifi or bluetooth. These smart phones are kryptonite to any EMSEC practictioner.
Reversing D-Link’s WPS Pin Algorithm
Craig Heffner is at it again. Seriously, if I were a router company, I would pay this guy to stay away from my routers or go after my competitors. Showing why you should NOT have WPS enabled on your router, it’s a stupid feature that needs to die. Devices connected to pure internet w/ no opto-isolators need to be better, especially at some larger companies like D-Link and Cisco (another company he rags on), c’mon guys!
Eugene Goostman • November 1, 2014 2:35 AM
A Neuroscientist’s Radical Theory of How Networks Become Conscious
Koch: It’s difficult to say right now. But consider this. The internet contains about 10 billion computers, with each computer itself having a couple of billion transistors in its CPU. So the internet has at least 10^19 transistors, compared to the roughly 1000 trillion (or quadrillion) synapses in the human brain.
Eugene Goostman • November 1, 2014 2:39 AM
A subsequent inquiry by Quebec news website TVQC demonstrated the photos shown by “Boyd Bushman” were those of a plastic collectible figure produced by toy company HalloweenFX, something later confirmed by the San Antonio Express News. 
Curious • November 1, 2014 3:35 AM
I’ve read two articles in Swedish about how two ISP’s has/have backdoored consumer grade routers, for a few Zyzel routers models and then something from Netgear. Affecting hundreds of thousands of users.
The login name for the backdoor functionality for the first set of routers appear to be a swedish sounding word, with a very brief password. It was stated that the login account was not visible in the admin interface. This one ISP is said to now have simply shut down the administration interface for its users, pending a change to the software/firmware with no timeframe at all if I understood this correctly.
The other ISP was said to have a known backdoor functionality in their router product for the longest time, and that it is still there, not having been removed.
Afaik, it was never mentioned in the articles how they discovered this, something that annoyed me.
I guess as I think about this, I am sort of appalled at the thought that an ISP can simply reprogram a router they service at any time and possibly end up adding a very simple backdoor functionality that can be used by anyone.
One problem with having a backdoored router was said to be the possibility of highjacking the traffic, by redirecting it to malicious websites. I forgot the other thing that was mentioned, probably privacy related.
I am thinking that that every consumer grade router offered by an ISP probably has a hidden login account on them, everywhere in the world. Heh, for all I know, perhaps all of them have one, something which would make it impossible to rely on maintaining sovereign control of any router at all. Feel free to enlighten me with any nuggets of wisdom related to securely operating your own router. 🙂
I think I’ve read recently about open sourced routers, but I vaguely recall reading that they (or it) presently weren’t really all that “open”.
Clive Robinson • November 1, 2014 5:39 AM
That demo of using an FM receiver to exfiltrate data has been seen on this blog before but without the details. If you remember I tracked the prof down and found strong links to German IC money.
As it happens like many things from the early days of computers it’s been “rediscovered” and “updated”. Back in the 60s/70s when computers were still made with discrete transistors and CPU clock speeds were down at 1MHz or less, it was not unusual to find a speaker in the control area that could be connected to “bus lines” for debugging, and also an AM radio that would warble along in some not quite random way, unless the programe got stuck in a loop in which case a crude tone would be heared. Later in the mid 70s we had Van Eck who remonstrated that the high power unshielded signals around a CRT that got accidently broadcast, could be received by a VHF low band (ie 45Mhz) receiver and used to rebuild the image on a VDU screen from quite a distance away.
So nothing particulary unkown, just a new way of using the idea.
With regards the Wifi Yagi, as you have no doubt found they are a little large in size and stand out quite a way. Have a look for a “bow tie” or “figure of eight” loop antenna mounted on a “back fire” array reflector for a lower profile. Or my “covert” favorite the “coax collinear” omnidirectional that can be easily put into a plastic drain pipe used as the top of a flag pole. You can also put them infront of a large reflector an appropriate distance apart and get gains aproaching 30dB without too many problems. Back many years ago you would see “phasing stub” collinear designs in “corner refectors” for radar systems that would sit under the main dish used for IFF systems.
However for a simple design have a look first at low end UHF design,
To get an idea of what you are doing.
Then look at what you will do to squeaze every “dog biscuit” you can out of it at the low microwave band of 2.4Ghz where the mechanical details have to be a lot more exacting,
The thing to remember is that these antennas are around twice the length they could be due to the fact that every other length is not being used as a radiating element only for phasing. Thus you can with care make “hair pin” phasing stubs/ elements and fold a compleat collinear out of a length of stiffish copper wire you can then clamp between a couple of bits of plastic for support.
Jonathan Wilson • November 1, 2014 5:49 AM
Regarding Facebook and Tor, one suggested reason is so that all the people in countries where Facebook is banned can now have a way to get to it that’s harder to block (so that Facebook can expand their user base and make more money)
Regarding Verizon and data tampering, that is exactly the sort of thing that needs to be outlawed under net neutrality laws (more so than the throttling of Netflix etc). That said, if you are stuck with these scumbags (and you cant use any other carrier for some reason) you should use HTTPS as much as possible (and lobby the sites you visit to support it) since I doubt Verizon can insert their tracking cookie into a HTTPS request.
As for routers, the answer is to not use a router provided by your ISP if you can avoid it. In my case I am currently using a NetGear router purchased off the shelf to replace an older router that wasn’t working right. Its running the stock NetGear software since I haven’t been able to find an open source firmware for it but at least I know my ISP cant mess with it remotely.
Clive Robinson • November 1, 2014 6:01 AM
I happened to be in the Nat Hist Museum shop just a couple of days ago, and saw this image in the rather nice book of the 2014 photos, and I nearly purchased a copy of it to hang in the hall. However after some persuasion applied via my ear 😉 I went for a whale one to match the other five I have hanging on my dining room walls.
Jacob • November 1, 2014 7:11 AM
“according to the new details, GCHQ can request “unanalysed intercepted communications (and associated communications data)” from the NSA without an interception warrant if it “does not amount to a deliberate circumvention of RIPA,” such as if it is “not technically feasible” to get a warrant. ”
“In its analysis of the new information, Privacy International also suggested that data collected this way might not be subject to the same safeguards as that directly intercepted by GCHQ. The wording of the arrangement suggests section 16 of RIPA—which outlines safeguards on intercepted material—might not be applied, which would give GCHQ more power to analyse and store it.
“Critically, as s16 does not apply, GCHQ are able to search through raw, unanalyzed data from foreign agencies for people known to be in British Islands without restriction, sidestepping the few safeguards and protections that exist in RIPA protecting them,” Privacy International said.”
CallMeLateForSupper • November 1, 2014 8:09 AM
According to a current (31 OCT) ArsTechnica article, “Virginia judge: police can demand a suspect unlock a phone with a fingerprint”, everyone should consider the security ramifications of using the sexy, fingerprint modus to unlock that over-priced personal tracking device.
“The ruling … draws into relief the legal difference between a person’s identity and their knowledge.”
Short explanation: your passcode is something you know; revealing it would require your testimony, and testimony against yourself cannot be compelled (5th Amendment). A thumb- or fingerprint, on the other hand is not something you know, is not provided nor conveyed via testimony, so providing your print can be compelled.
(I tried to use HTML tag so line wrap would not destroy URL. Fingers crossed that I didn’t screw it up.)
CallMeLateForSupper • November 1, 2014 8:42 AM
“None of the cases resulted in criminal charges for the officers.”
But in case of a CA Highway Patrol officer, he resigned, and he has been charged.
Interestingly, two officers who received photos from the above miscreant have not been charged, and that’s got some folks’ panties in a twist. They contend: if there is a case for prosecuting someone for stealing/taking photos, then there must be cause to prosecute anyone who receives those photos. IANAL, but assuming the photos in question are considered property, in a legal sense, and were stolen, in a legal sense, then it seems logical to me that receiving those photos would be receiving stolen property. That is definitely a crime.
Would be interesting to compare the sentencing guidelines of the two sorts of crimes. Specifically, I wonder if the penalty for receiving stolen property is more harsh than the penalty for grabbing cellphone pix without the owner’s permission. :-O
I think we have not heard the end of this.
Clive Robinson • November 1, 2014 8:50 AM
RIPA due to its wording actually covers any network connected directly or indirectly to the UK, so is actually extrajudicial in scope.
As for the requesting of data from the US it’s the old game of you spy for me and I’ll spy for you. Because warrants cannot “time travel” you cannot get one for eavesdropping on the past, so RIPA does not apply. Now how far in the past does that mean, well as far as I can tell “anything prior to the issue of a warrant”. So if they don’t apply for a warrent then they are “golden”.
Issac Azimov once wrote a story about “chronoscopes” which could look back in time and present it like a “fly on the wall” TV reality program. In the story it was strictly under the control of the Government, as was any of the technology behind it even in only losely related fields. But a couple of scientists discovered a way to simply build one a different way that they then published in a “home build project” magazine. At the end of the story the authorities bust the door down to arrest them not knowing about the mag that had hit the news stands. The agent explains to them why chronoscopes make perfect spying tools and that’s why the government controls them. When one of the scientists tells the agent about the mag, the agent walks away in disgust with the line “Welcome to the Goldfish bowl”.
Although written in the fourties or fifties like the works of Orwell it is oddly uptodate in perspective…
CallMeLateForSupper • November 1, 2014 9:11 AM
@Jacob Re: GCHQ feeding from NSA’s trough.
If I understand the situation, England claims the same right as USA: we can spy, without a warrant, on our own citizens as long as we are not the party who snarfed the data in the first place.
Whatever happened to “spirit of the law”? Does any western law have spirit these days? Oh no, we do not collect the private data of our own citizens; we intercept and store the private data of our own citizens.
This dose of cognative dissonance was brought to you by….
Curious • November 1, 2014 9:28 AM
It seems to me (not having slept on this, nor having experience with security or law), simply having read your comment, that the distinction between “identity” and “knowledge” is obviously for the mere purpose of making a distinction, but then by using different denominations, words which otherwise might as well be known as “private knowledge” and “public knowledge”.
It have me sort of think that biometrical data used for anything to do with privacy and security, is blatantly overlooked, in the guise of legal authority that perhaps is only debated to the extent it pleases the court wanting to make use of the distinction betwee “identity” and “knowledge”.
NobodySpecial • November 1, 2014 10:47 AM
Verified by idiots.
Just been sent to the “verified by visa” site after a purchase
Except the site is listed as .xyzcommerce.com – surprisingly that is actually the correct site. Nice work guys, train your customers to expect bank links to some weird other address.
Enter the passwd. Can’t remember it because I hate Vf by Visa.
Fortunately all you need to create a new passwd is the card and your dob.
Use secure passwd. Refused – you have to have 8 characters. Interesting it is obviously ignoring symbol characters.
Swap them for upper/lower case – you have already used this passwd (damn it was probably the current one)
Change the case around – you have already used this passwd
Interesting. so it is rejecting symbols and collapsing case. I wonder if they are even hashing passwds?
bitstrong • November 1, 2014 11:34 AM
“Computers Could Talk Themselves into Giving Up Secrets”
“How to Break Cryptography With Your Bare Hands”
Herman • November 1, 2014 11:43 AM
My conclusion is that Verified by Visa is total trash. Its use by vendors is optional. So if someone steals the card, he can still use it almost anywhere.
QnJ1Y2U • November 1, 2014 12:27 PM
Thanks for the pointer on the CHP charges. It looks like they went for the <href=”http://politicaldictionary.com/words/friday-news-dump/”>Friday news dump for the story.
It’ll be interesting to see if the police investigation expands beyond the three identified officers – the officer who was caught talked about learning the ‘game’ at another office, and indicated it was common. It is very likely that many people knew this was occurring, but nothing surfaced until one woman had actual proof.
That proof came via a replicated record of texts on her iPad, even though the officer deleted them from the phone – it’s a case of something that could be described as a security leak being useful.
Wael • November 1, 2014 12:41 PM
Devices that only transmit for 1ms; even the FCC can’t see these transmissions unless we make them transmit all the time…
Hard to pick such burst signals out of a large population and other signals. That’s why a spying tactic often used is to collect the needed information, compress it and send it over a few short bursts from a mobile transmitter over different frequencies. But once the spy is targeted or tracked, this “spectrum analyzer” will also save the signals and correlate them to the location and other parameters for evidence of conviction.
That demo of using an FM receiver to exfiltrate data has been seen on this blog before but without the details
Here is one possibility with some theoretical details, although it was used for jamming 😉 You can use the FM receiver as a transmitter by modulating the IF frequency without physically manipulating the re I ever. I think that’s possible.
Clive Robinson • November 1, 2014 12:53 PM
The second MIT article you point to is not realy new, it’s the same as “Power Analysis” carried out on smart cards in the late 1980s through 90’s that eventually gave rise to Differential Power Analysis (DPA).
Thus all the things that were tried and failed on smart cards will fail to solve this attack, which includes the article sugestion of injecting random data.
The reason this side channel exists is fairly easy to understand depending on which way you look at it.
The First way is to consider the PC as an oscillator connected in series with a load across a battery. As the computer draws more current from the battery the PD across the load goes up. If the load is some kind of loop as you would expect with PCB traces then not only does it’s impedance increase with frequency, but it’s ability to radiate the signal likewise increases. If you also consider that the oscilator is effectivly in the middle of a dipole radiator formed by the network cable on one sideand the human on the other then it’s easy to see why the signal would radiate.
But secondly this gives rise to a second issue, in that any element that radiates energy is just as efficient at picking it up. As the PC is effectivly changing it’s impedence it’s acting as a data dependant variable load on the dipole. Thus if you illuminate the dipole with a signal some of the signal energy will be taken from the illuminating field and transfered to the variable load. If you have a second antenna in the field you can measure the change of energy in the field caused by the PC.
If you look back on this blog I’ve mentioned a few times in the past that I was performing this on vulnerable electronic gambling games and wallets back in the 1980s. You will also see from RobertT’s comments I was not alone in this.
I did more than just used the field to listen in to the devices I actually adjusted it to quite a high level and modulated it with signals to induce faults in the equipment that had I been a crook would have been most benificial.
However the academic field did not catch up untill just a few years ago when two researchers used an EM field to cause problems in a hardware random number generator taking it’s effective entropy from over four billion to around a hundred.
It’s interesting to note that the Israeli student had not mentiond the second effect and how you can also use it to induce faults, I guess they will have to do a bit more research to play catchup to get to the point I was at a third of a century ago…
What the student might also find is a rather angery man waving his over reaching DPA patents at him demanding royalties and the like, but hey the patents are not realy valid due to prior art. So wave all he likes the patents are not enforceable where the student is working…
Clive Robinson • November 1, 2014 1:17 PM
Yes two things can escape an unscreaned IF stage, the local oscilator and the IF output from the mixer.
In cheap VHF radios the local oscillator frequency would be about 450KHz away, in more expensive dual superhets it would be 10.7MHz away.
Back in the days of valve radios, I’ve used the local oscilator in one shortwave recever to act as a Beat Frequency Oscillator (BFO) in anothef shortwave radio to hear CW and SSB transmissions. Which is effectivly what you were doing but your LO signal was actually strong enough to over power the broadcast signal and capture the FM discriminator from it (hence the wonderfull “sound of silence”).
But… in old valve (tube) televisions the IF was often at 48MHz in the UK and the second harmonic could be picked up on a VHF reciver. My parents were for various reasons (ie punishment) would send me to my room and not let me watch “Thunderbirds” 🙁
However the kid next door did watch and I would carefully tune my radio in to the second harmonic of their black and white set so atleast I could hear it and still have something to talk about at school… (yeah I know sad, but hey no computers back then and certainly no video games, pong did not come along for several years).
Ink-jet • November 1, 2014 1:23 PM
If all else fails for a squid article on Friday, here’s one:
Rick • November 1, 2014 1:44 PM
I’d like to hear others’ opinions of FDE (full disk encryption) to protect unauthorized access to a computer.
In particular, what do you think of OPAL drives? Is the BIOS ATA password secure enough (assuming it is of sufficient length and that the password encrypts the authorization key, not just allows access to the key), or, should you make use of OPAL compliant software such as Wave Systems’ Embassy Security Center or Win Magic’s Secure Doc to protect the drive?
For what it’s worth, here are answers to some common questions about OPAL: http://www.trustedcomputinggroup.org/resources/commonly_asked_questions_and_answers_on_selfencrypting_drives
Win Magic, for example, was incubated by the NSA years ago. Perhaps there is still a backdoor because of this financial association. Ditto for Wave Systems’ products since they have a seat at the table of the TCG. Or maybe we can trust the TCG a bit more than a stone’s throw? I really don’t know for sure.
I realize the threat model is important when weighing this discussion: against the average individual, most FDE methods might work (even Bitlocker that uploads a “backup” key to the cloud) but against the NSA, OPAL-compliant FDE might not be effective. I’d like to know if the NSA (and other TLAs) indeed has access to OPAL drives.
BIOS passwords might work to secure an OPAL-compliant drive if they are long enough (up to 64 characters such as with late model Lenovo laptops), but, is the firmware in the drive safe? If not, then the password length matters not.
Another thought: the FBI has made public statements which object to Apple’s and Google’s latest initiatives to provide secure encryption for their phone operating systems. Ditto for Lavabit’s encryption policy just before the owner took the famous email service offline. If the FBI objects to such security measures, and yet, apparently do not object to OPAL-compliant drives and software, are we to assume that OPAL-compliant drives are backdoored?
Then, of course, there is TrueCrypt version 7.1a which is still available (GRC.com and others provide a download). The community seems to have reached (somewhat) of a consensus that TC is reliable and not backdoored. At least, it is trustworthy until it’s found to not be trustworthy. The problem with TC, though, is performance: OPAL-compliant drives are encrypted in the firmware, and indeed they operate much faster than drives encrypted by TC 7.1a, despite making use of Intel’s AES-NI instruction set. Is the trade-off for more (perceived) security of TC 7.1 vs. OPAL worth the performance hit? Of course this is a management decision, not a technical one, per se.
tyco bass • November 1, 2014 7:26 PM
FAZ journalist confesses signing articles written by CIA
Jacob • November 1, 2014 7:40 PM
This is a big subject, so I will just touch it briefly here.
Sophos makes OPAL management utilities – read some frank comments here:
I don’t see the connection between FBI objection to Apple and Google encryption initiatives and the lack of stance against OPAL. Unlike the smartphone market, I’d speculate that FDE is an esoteric subject that is not being used of most of the criminals that are targeted by the local police / FBI.
I would guess that high level criminals, if they do use windows-based PC/notebooks, use software-based file or FDE like truecrypt. And besides, if the FBI wants to subvert the FDE, it would talk to the implementors (i.e. HD vendors / management SW) and not to the framework-specifying body.
Also, the argumnet I’ve raised in the past against the possibility of a backdoor in BL is still valid: if you don’t trust MS on BL, why would you trust them for the OS or for the dotnet framework’s crypto primitives they use ?
Mr C • November 1, 2014 8:12 PM
The fundamental point that the police can make you unlock biometric security without violating the 5th Amendment is accurate.
As for the flip side of “OK, so when can you invoke the 5th Amendment?” in the context of passwords/decryption: From reading your post, one would think that passwords and decryption keys are always protected, and that’s not accurate. There’s quite a bit more complicated:
I had a rather lengthy post about it somewhere, but I cannot find it atm.
The most cogent treatment of the issues (and also the highest court that’s addressed the issues) that I’m aware of is In re Grand Jury Subpoena Duces Tecum, 670 F.3d 1335 (11th Cir. 2012) (google scholar link).
To summarize briefly, you can invoke the 5th Amendment if what the cops/prosecutor want you to do is (1) compelled, and (2) (potentially) incriminating, and (3) “testimonial” in nature.
The “compelled” prong is satisfied if you refuse to give up your key/password until ordered by the judge. (I.e., If you give in to threats and bullying during interrogation, they will argue that it was voluntary and you may lose 5th Amendment protection.)
The “(potentially) incriminating” prong is generally satisfied by virtue of the mere fact that the police want it.
Unsurprisingly, testimony is “testimonial” in nature. So is most speech generally. Actions, too, can be “testimonial” if they imply a statement of fact. For instance, pointing a finger at someone in response to “who shot him?” is plainly “testimonial.”
This is where the defendant in the Virginia case ran aground. Fingerprints aren’t “testimonial.” There’s no implied statement contained in them. The same result obtains for all biometric access measures — no 5th Amendment protection.
Passwords and decryption keys are another matter. Generally speaking, they are “testimonial” because the act of providing it necessarily implies certain factual statements, such as “these files exist,” “I know these files exists,” “these files are located on my machine,” “I know these files are located on my machine,” “I have the ability to access these files,” etc.
Now, however, there is a Mack-Truck-sized exception to that general rule called the “foregone conclusion doctrine.” Under the foregone conclusion doctrine, if the police can already prove the factual statements that would be implicit in the act of providing the password/key by using information from other sources, then the “testimonial” nature of providing the password/key evaporates, and so does the 5th Amendment privilege. To give an example: Defendant gets caught with his laptop on and agrees to let police inspect it; They find lots of kiddie porn; They shut it off; Disk encryption prevents them from getting to the files when they turn it back on. (These are the facts from In re Boucher, No. 2:06-mj-91, 2009 WL 424718 (D.Vt. Feb. 19, 2009).) In this case, the facts that the kiddie porn existed, was located on laptop, was accessible to the defendant, etc. were all foregone conclusions, so he was unable to invoke 5th Amendment to refuse to supply the password/key. To give a second example: The defendant is speaking to a friend on the phone and tells the friend that she is keeping the records for her criminal enterprise in her computer’s encrypted partition; the police are wire-tapping that call pursuant to a warrant. (These are the facts of U.S. v. Fricosu, No. 10-cr-00509-REB-02 (D.Colo. Jan. 23, 2012).) Again, the defendant was unable to invoke 5th Amendment to refuse to supply the password/key.
Skeptical persons (but probably not the person who goes by “Skeptical”) may notice that there’s a lot of room for the judge to fudge things in favor of finding a foregone conclusion. The prosecution can throw out some broad, vague claims about what you’ve got encrypted, and get that rubber stamped as a “foregone conclusion.” For example, see Commonwealth v. Gelfgatt, 468 Mass. 512 (2014), in which the defendant told the police a bullshit cover story and the prosecutor twisted it around to sort of sound like an admission of what was on his encrypted drives — aside from the fact that police hoped and expected to find something completely different from what he claimed — that got a “foregone conclusion” ruling.
The best way to protect your 5th Amendment right is to hew closely to what the defendant did in In re Grand Jury Subpoena (and avoid the mistakes of the defendants in the other cases): Use encryption that renders files indistinguishable from empty space (e.g. truecrypt); never tell anyone anything about the contents of the encrypted partition; don’t voluntarily let the police examine the device at all; take advance steps to minimize the fallout from a “computer is on at the moment of arrest” examination; refuse to answer if you are able to decrypt the encrypted partition; refuse to answer if any files at all exist in the encrypted partition; do not tell the police a bullshit cover story, simply remain silent.
(Disclaimer: I am a lawyer, but this ain’t legal advice for you. This is general information. If you have a specific legal problem, go hire your own lawyer.)
Wael • November 1, 2014 8:40 PM
Which is effectivly what you were doing but your LO signal was actually strong enough to over power the broadcast signal and capture the FM discriminator from it (hence the wonderfull “sound of silence”).
Hmm! Did I overpower the broadcast signal or did I interfere with the remote discriminator? I can’t imagine overpowering the broadcast station signal from over 20 feet? I always thought I caused the tank circuit to get detuned, because sometimes I noticed that I can actually get the remote radio to change the tuned station a bit before it went silent. But I could be wrong…
in old valve (tube) televisions the IF was often at 48MHz in the UK […] My parents were for various reasons (ie punishment) would send me to my room and not let me watch “Thunderbirds” 🙁
Good thing the second harmonic was in the 88 – 108MHz range.
Totentanz • November 1, 2014 9:30 PM
Thank you Mr. C. It is endlessly entertaining to learn what passes for your rights in this North-Central American banana republic. And it is awe-inspiring to see this government lose the trust of the highly-skilled people it needs to perpetuate itself. When the most intensively-indoctrinated technocratic elites take off the blinkers and break out of the compartments, this government is on its last legs.
Email • November 1, 2014 9:37 PM
Well a bit odd, but Facebook created their own hidden services onion domain now, only accessible via Tor.
One thing is it connects to the main infrastructure, and does not route through Tor relays. Bizarre…
Rick • November 1, 2014 9:45 PM
Regarding your first point that the ATA password does not encrypt the drive: this is true– it does not encrypt the drive– however, I think we were both talking past one another. What I mean to say is that the OPAL specification calls for the authorization key itself to be encrypted by the ATA password as opposed to the ATA password merely allowing access to the authorization key. The fact that the one key (authorization key) that permits access to the key that encrypts the drive is actually itself encrypted makes the whole process far more secure than if the ATA password merely provided access to said authorization key. Here is a better explanation than my own: http://vxlabs.com/2012/12/22/ssds-with-usable-built-in-hardware-based-full-disk-encryption/
The Sophos KB article was interesting and surprisingly frank in its findings. Essentially, I came away with the conclusion that caveat emptor applies to OPAL compliant drives.
As for the FBI subverting OPAL, I agree that the FBI would likely subvert the implementation more often than the specification. The latter is more like the NSA’s style. (One such example of the NSA’s nefarious technique: http://www.infosecurity-magazine.com/news/did-the-nsa-subvert-the-security-of-ipv6/ )
For what it’s worth, I’ve said it before on this forum: personally, I tend to be more of an idealist toward 4th amendment issues and the government overreach/mission creep that we all suffer. As such, I think anyone who violates my privacy is in my threat model, which, according to Nick and other contributors to this forum, this mindset puts me in the “unacceptably, impossibly paranoid” category of computer users in order to complete the mission to ensure privacy for myself. In other words, it’s not pragmatic to take that view. I agree. It’s not. But it is what it is.
So… despite all of the conjecture, theory, and brainstorming that can cultivate fascinating technical (and a few political) solutions to these privacy problems, we all still have to live day to day with our data. In this discussion, I consider how to best make use of FDE to protect data at rest. I suppose a well chosen and researched OPAL-compliant drive and software management solution, coupled with discrete TrueCrypt-protected volumes stored on the drive will offer reasonable protection for a consumer with limited resources. Oh, and don’t write down the passwords… just in case you need the 5th amendment. And make sure the passwords are sufficiently long with enough entropy to stop a truck-sized quantum computer humming away somewhere in Bluffdale, UT (someday).
As for Bitlocker, apparently the home users’ keys are escrowed automatically and by default (very scary thought for the average home user): https://randomoracle.wordpress.com/2013/09/16/all-your-keys-are-belong-to-us-windows-8-1-bitlocker-and-key-escrow/
I agree with you regarding the trust placed to MS. If you don’t trust Bitlocker, then why trust the OS? The practical answer is, “because there are so few alternatives”. Sure, Linux and its forks are available, but just try to issue 50 Linux Mint laptops to 50 average business users and see what happens. And imagine the horror surrounding the same situation if you were running the LPS distribution. Productivity grinds to a halt. In order to be practical, we need security AND availability (I mean that in all ways possible) for the average user. If security and availability conflict, availability will win the day because the pursuit of productivity is more important to most people (especially employers, owners, and stakeholders) than the pursuit of security.
Somewhere, Orwell is appalled at how fast all of this came about. I know I am.
Clive Robinson • November 1, 2014 11:05 PM
Hmm! Did I overpower the broadcast signal or did I interfere with the remote discriminator?
The operative word you use is “interfere” and I use “overpower”…
Now the tank circuit in the discriminator canbe regarded as an energy storage device just like a pendulum.
Now ask yourself the question,
If I have a pendulum swinging in sympathy with an external excitation signal, and I apply a second excitation signal, using vector analysis of the three components, how strong will the second excitation signal have to be to reduce the effect of the first excitation signal to negligible levels and over what period of time (expressed in turms of compleate swings of the pendulum).
Having worked it out would you say the second signal is less than or greater than the first and by how much?
On a side note did you know that during WWII the German forces could reliably radio direction find an SOE spy set from over five kilometers away when it was only receiving?
The local oscillator in early bipolar transistor radios used to be “re-transmitted” up the receivers antenna because they did not have any isolation between the antenna and the local oscillator. The reason for this is that transistors with an ft of 300MHz were considerably more expensive than those with an ft of 5MHz or less used in the IF amp discriminator and audio amp. Thus only the local oscilator and mixer transistors had suitable ft figures, there was no RF amplifier, that is the antenna fed a tuned circuit that provided some preselection but mainly matched the antenna into the base impedance of the mixer transistor, the local oscilator would also be matched into the base of the transistor, but to make the mixing process work the local oscilator needed sufficient amplitude to turn the transistor on and off which needed about 1 volt on the mixer transistor base and was thus often larger due to manufacturing tolerance, and could get close to twice the battery voltage peak to peak. Thus you could have due to matching more than 3 volts of LO actually on the antenna, because the LO would be well within the bandwidth of the preselector tank when the I.F. was around 450KHz…
It was not untill the FM bands got crowded and EMC specs were brought out in the 1980/90s that semiconductor radios started to get issolation by the use of front end RF amplifiers, dual conversion or HF IFs and the use of dual gate FETs. These days it’s cheaper to use compleate ICs than discrete transistors so providing LO to RF port issolation on the mixer is much easier using the likes of “long tailed pairs” and front end amplifers of two or more stages is fairly standard, often with AGC to ensure suitable levels out of the IF to drive a PLL FM demodulator. However even this is on the way out, with the transistors in ICs having ft figures above 6GHz digital processing is crawling up the chain towards the antenna, some car radios are now SDR designs as are most of those TV/DAB/FM USB dongles.
Nick P • November 1, 2014 11:05 PM
If it’s TCG or companies like Microsoft, it’s almost certainly subverted by NSA or has enough implementation flaws for well-funded TLA’s to find. Based on the recent CIA document on crypto policy, I predicted we’d see a number of escrow methods as that’s what was approved for clandestine cooperation between U.S. companies & U.S. TLA’s. The document shows a large number of companies approved it. And now we have Microsoft putting key escrow in an otherwise decent product. No surprise.
The best method is source available methods at software level that (a) aren’t made/located in high espionage countries and (b) are vetted by people you trust to not try to backdoor it. Truecrypt compiled from source was a decent option for a while till they just up and quit during an audit. Others are picking up where they left off. Personally, I cascade different products and Clive also recommended this (more than me). His version was a software encryption through an inline encryptor to a self-encrypting drive. I tended go for lower cost/trouble on desktops by combining a FDE for system (eg TrueCrypt) and a file encryption tool (varied) for important stuff. Still too inconvenient for most and risky in event of drive failures.
“As such, I think anyone who violates my privacy is in my threat model, which, according to Nick and other contributors to this forum, this mindset puts me in the “unacceptably, impossibly paranoid” category of computer users in order to complete the mission to ensure privacy for myself. In other words, it’s not pragmatic to take that view. I agree. It’s not. But it is what it is.”
Not pragmatic, but certainly principled and understandable. I won’t fault you for trying. It’s just that the nature of the game, from technical to legal, means it’s rigged for the house to win most of the time. I tell people to go no tech if our TLA’s are the opponent. They won’t win unless they didn’t matter enough to TLA’s in the first place. And how much risk was there in that case?
“Sure, Linux and its forks are available, but just try to issue 50 Linux Mint laptops to 50 average business users and see what happens.”
Funny that you referenced me and Mint at the same time. I’m typing this on Mint lol. Been trying it out. Pretty usable and closer to Windows than Ubuntu. I agree that, even this usable, most wouldn’t switch from Windows/Mac and I don’t blame them. Market’s decisions over time made for few good alternatives indeed. They killed off all the secure, cutting edge, top performance, most open, etc. systems. All they left were the cheap, compatible, and most convenient ones. I’d say “the rest is history” but it’s actually a present we’re stuck with.
And I’m appalled as well. Still trying to get the right kind of funding to build secure and usable stuff. (in that order) Meanwhile, I just have to endure the fact that there’s probably a keylogger & network tap getting this stuff before you do. Releasing a system where that can’t happen lands me penniless, in jail, at a black site, or dead. And most of America doesn’t give a shit about that or their “inalienable rights.” It’s fucked up…
Nick P • November 1, 2014 11:13 PM
re Facebook Tor address
I posted this quick assessment on the site:
“Facebook’s business is to get as much data as they can about everyone. They’re also known to run a ridiculous number of experiments on their live users any given moment. Their stance on privacy is also well known: undermine it wherever possible. Given these, the most likely explanation is that they’re going to apply their datamining techniques to Tor users. They’ll study them in isolation, try to correlate them with facebook users in many ways, possibly target ads/products/services directly toward this niche, and possibly work with NSA in attacking them. That’s my guess.”
Clive Robinson • November 1, 2014 11:42 PM
@ Nick P,
Ahh you make FaceCrook sound so “cute and cuddly”, just like the sort of person everyone should let near their little sister…
(Sarcasm mode off)
The reality I suspect is a lot worse than you portray, when considered in the light of how FaceCrook has a deliberatly planed policy to make security virtually impossible for ordinary mortals, such that those who are technicaly savy can charge large sums from employers and educators to spy on those who work or learn.
You only have to look at how FaceCrook started to realise just how few morals the people behind it have, and it would be of interest to see how they rate on socio/psycopath tests.
In effect they appear to be the online equivalent of dirty mac wearers offering sweets to children to get in their vehicle.
Clive Robinson • November 2, 2014 12:22 AM
OFF Topic :
More reporting on the scanner/printer air gap jumping,
Whilst this is not impossible it is highly improbable, and fairly easy to prevent ie don’t have a scanner/printer connected to your air gapped network, or if you need to put it out of range of windows etc.
I would be a lot more concerned about what “Intel ‘had put’ Inside” in the form of system monitoring and control that uses the RF part of the EM spectrum, which is much harder to screen.
Speaking of lasers and drones, many are aware that a laser can be used as a microphone, by measuring the vibrations of objects. But most are not thinking about the fact that a pulse modulated laser can make objects vibarate. The higher the frequency of vibration generaly the more efficient the conversion process. Now think about this in terms of the BadBIOS ultra sound air gap crossing. I suspect this would be more likely and practical than the scanner/printer method, if for no other reason the laser would work quite happily in the invisable to humans IR range of the EM spectrum, and the sound would travel down coridors and around corners unlike a blue light laser.
On a less improbable note, it would appear that the focus of APT vitriol is moving from China to Russia,
As I’ve said all along it’s not just China, it’s many other Nations as well including the Russians, Israelis, France and for that matter all other Western and First world nations, and with the “tools for sale” it’s also open to third world dictators as well just like military equipment.
However if power and communication utilities are under attack or are in fact “owned” it does align with Putin’s policy towards Russia’s immediate neighbors that we have seen in the past.
Wael • November 2, 2014 12:28 AM
Hmm! Did I overpower the broadcast signal or did I interfere with the remote discriminator? […] Having worked it out would you say the second signal is less than or greater than the first and by how much?
I am not sure the pendulum analogy applies in this situation. I am thinking parametric amplifiers. In particular, this quote:
A parametric amplifier is implemented as a mixer. The mixer’s gain shows up in the output as amplifier gain. The input weak signal is mixed with a strong local oscillator signal, and the resultant strong output is used in the ensuing receiver stages.
What I was thinking is the interference directly affects the local oscillator — not the broadcast signal. Interfering directly with the broadcast signal would require transmission at the same frequency, and total silence would not be achievable with a few militants of power. The effect is the mixer has three signals, not two. If you have two old FM radios in your safe, try it out. Maybe you can test it with a scope as well. I have a couple of scopes, but no radios 🙂 it’s true! (do you get the joke?)
But quite honestly, I am not sure. I’ll have to spend some time on it. Last time I played with this was quite a few years ago. Something tells me my reasoning is defective, especially since the remote local oscillator is the strong signal, and the broadcast signal is the weak one, so it makes sense (like you say) that the interference is with the weaker signal. I am still not sure…. Maybe one of these days.
On a side note did you know that during WWII the German forces could reliably radio direction find an SOE spy set from over five kilometers away when it was only receiving?
Nope, I didn’t know that. But now I do 🙂
 there is more than one way to move a pendulum; applying a force to it to push it at the right time, or varying a parameter at the right time (phase), such as the length of the thread to make the pendulum move. An example would be like kids that move their legs to keep the swing going — this is the parametric oscillation… In the case at hand, maybe we have two different methods of moving the pendulum and they are negating each other…
ekaj • November 2, 2014 12:29 AM
@parrot – Facebook for Tor seems REALLY odd.. Facebook is (generally) for private use, aka your own profile, and they have made it increasingly difficult to make new fake profiles. Would this not be an EXCELLENT way to track tor traffic back to a specific user, providing they used Facebook and an illegal service in the same session?
Clive Robinson • November 2, 2014 12:51 AM
OFF Topic :
More on the “Russian-APT”,
It’s important to note that when talking about a Cyber Pearl Harbor the actual economic realities of life. For a nation state to be able or want to commit a Cyber Pearl Harbor it has to have little or no economic dependance on the target nation, or be able to easily mitigate it. This is especialy true in the technological side of economic dependancy. Thus one of the first indicators that it might happen is that a sufficiently technologically advanced nation starts cutting economic ties and making them with other deemed to be hostile nations. As this takes “human scale time” to do there should be sufficient warning.
However when it comes to idiological groups, economic considerations are usually low or non existant on their list of priorities, however such groups are generaly self limiting in that as they get sufficient technological expertise those who posses it will want to keep it and not get thrown back into the middle ages.
Thus one way to prevent a Cyber Pearl Harbour is to develop strong economic ties with nations and regions where such an attack might come. Which is the opposite approach to sanctions and war.
Wael • November 2, 2014 12:54 AM
Whilst this is not impossible it is highly improbable…
I took it as an interesting academic excercise to demonstrate an idea. Useless in practice…
I would be a lot more concerned about what “Intel ‘had put’ Inside”
pretty funny 🙂
Clive Robinson • November 2, 2014 1:04 AM
Changing the length of the pendulum is part of the way a parametric amplifer works, but the gain tends to come from the frequancy difference between the two tank circuits.
Also changing the length of the pendulum alters it’s natural frequency, if you change that back to a tank circuit you would have to be changing it’s resonant frequency which would require a physical change, or an electrical change that would be equivalent (ie a varicap or variable reluctance mag amp).
I’ll need to dig out the parametric amplifier equations and have a think about them before I rule out any oddities.
Wael • November 2, 2014 1:08 AM
Speaking of jumping an air-gap using a scanner, I have a better and more nebulous idea than thiis laser thing. Encode paper with invisible code that is translated to executables at the target device. Paper can be subverted and pre-encoded, or one can encode a “picture of interest” with such malware. This would be analogous to a “chosen plain text attack” in the sense that the victim is fooled into scanning the picture, just as they would be fooled into encrypting a “known text”.
Clive Robinson • November 2, 2014 1:46 AM
OFF Topic :
Lest yea thought the clarion call of “China-APT” had stilled in the hallowed halls on the hill, worry yea not it’s still alive and squealing,
The claim is that rather than just being done by the “3rd Directorate” of the military, it’s now gone “corporate”.
Daniel • November 2, 2014 2:18 AM
What is most interesting to me about the Tor-Facebook connection is the issuing of the SSL cert. Typically, with Tor there is an assumption of dual anonymity. The end user doesn’t know who provides the hidden service and the hidden service doesn’t know who is browsing its contents. Facebook, however, is clearly aiming for a different model. It wants to its hidden service to be non-anonymous while allowing the user to control their degree of anonymity. What is says to me is that FB has made a calculated business decision that it is willing to forgo some data about its users (such as where they are connecting from) in order to retain or maintain access to the information those uses chose to share via FB. That seems correct to me.
Clive Robinson • November 2, 2014 2:38 AM
OFF Topic :
Of the 2.2million people in US jails, upto 176000 of them could be innocent, but plead guilty,
And this is from a person who has been a prosecutor, defence lawyer and judge so has seen all three first hand sides of the argument.
He also has an opinion as to why the “big financial fish” swim on by the net, that the small fry get caught in to rot away,
Thoth • November 2, 2014 2:57 AM
There is a saying that the good dies faster while the bad live a long and (un-deserving long life). Hopefully it is not always true.
I wonder if there are any numbers of how many exiled or self-exiled people in the US and UK ? We can consider Snowden and a few other as self-exiled.
Clive Robinson • November 2, 2014 4:34 AM
@ Nick P,
You mentioned you are trying “mint”…
Well time to strip it off the hardware and replace it with OpenBSD which came out today/yesterday depending in which time zone you are in,
I think you will find some of the changes acceptable.
Curious • November 2, 2014 4:41 AM
As someone that doesn’t know much about such things, I wonder, could there be any relation between any use of supercookies and anything to do with TOR, specifically if being some kind of thing with Facebook?
Could supercookies be altered to also include information that is learned?
Having said that, I am not sure what a supercookie is and how it might work. I guess I think of it as, a tag of sorts that stick to things. So what I sort of had in mind, was a tag that stick to things, but also record stuff along the way.
Czerno • November 2, 2014 5:15 AM
Re: Facebook’s hidden service.
there’s a something puzzling which I find needs some digging, it’s that FB appears to have controlled/chosen the “random” selector in its dot-onion address completely, up to the last bit, for the sake of getting a “meaningful” URL
– a /very/ unusual success – unheard of before AFAIK.
When you are establishing a new dot onion, so-called hidden, service address, the Tor application in principle yields a /randomly generated/, in principle meaningless, selector (base-64 or similar encoding of a 32-bit number, I think it’s 32 tho need to check the details. That would be 4 billion possible addresses).
Sure, by repeatingly generating Tor’s generation algorithm, you will be able to control a few digits if you are ready to try long enough. But to control the /whole/ selector like FB appears to have done it here would be a premiere. I’m curious if someone has done the maths and checked how computationally feasible it was, and what amount of computer resources must FB have used to get their “vanity” onion URL ?
Or did they find a short-circuit/possible vulernability in the process ?
Czerno • November 2, 2014 5:57 AM
Important correction to erratum in the above :
The .onion selector is an (encoded) 80-bit hash of the hidden service’s public key (shoud’ve checked before first posting, really,
Repeat : that’s eighty bits which the team from Facebook was able to force all or most of them !
Is brute force a possibility, with repect to the amount of computing resources they (or, respectively, a governmental TLA) have available for such (somewhat futile) task ?
Czerno • November 2, 2014 6:07 AM
Update – again ! My concern, re. Facebook’s
“vanity” onion URL, is answered at Tor blog :
(part 3: their vanity address doesn’t mean the world has ended)
In brief, FB bruteforced the first 40 bits,
to get a handful of selectors starting in the letters “facebook”, and then they tried and concocted a meaning for the remaining bits.
So, if this a all there is, the world hasn’t ended yet indeed :=)
Curious • November 2, 2014 6:08 AM
If someone wanted to (me trying to be speculative here) I wouldn’t be surprised if a governmental agency simply gave Facebook, both the tech and the means to surreptitiously do experiments on traffic and to do covert surveillance to some extent. So a point of mine could be, that perceived limitations to capabilities at any single corporation ultimately should not lull specptics into a false sense of security so to speak.
Wael • November 2, 2014 7:33 AM
@Clive Robinson, @Nick P,
Well time to strip it off the hardware and replace it with OpenBSD which came out today/yesterday depending in which time zone you are in…
In addition to the security enhancements they added, I particularly like this line of thinking:
No one wants to fork an open source project: it’s a huge amount of work and isn’t efficient in community time, but when you wake up one day and find that a hole in the SSL library you’re using made world-wide news, and that the library’s bad code style is hiding exploit mitigation countermeasures, then suddenly forking seems critically important. Two months of intense development later, LibreSSL was released.
The bigger questions remain for the open source development community to answer: why did this occur? Why is the OpenSSL code base so hard to understand? Complexity is the enemy of security, so for something whose raison d’être is security, why are secondary goals allowed to endanger the absolute #1 goal? Or has OpenSSL become a brand which allows companies to — on the cheap — meet security “requirements” like FIPS instead of actually being secure?
Benni • November 2, 2014 9:05 AM
There is another thing why facebook could want to provide tor access.
I guess that NSA folks do not want to reveal their ip when they are connecting to their facebook sockpuppet accounts. That tor option could be a means to ease NSA infiltration of facebook via tor….
Clive Robinson • November 2, 2014 9:35 AM
In answer to the OpenBSD question of “Why is the OpenSSL code base so hard to understand?” well if it was easy to read and understand the world and his dog would have dug into it and made their own modifications…
Now that’s not what the “three amegos” would have wanted because they were making money from it being impenetrable.
Oh and of course as others have already sugested, such rats nest code could hide all manner of evils and nobody would be any the wiser. Which others have suggested gave “plausable deniability” if any one did discover a nice jucie easy to exploit security flaw…
Maybe somebody should set up “coding standards” that are meaningfull for the FOSS community to follow as well as a charity etc to pay for competent eyes to actualy walk the line for code, especialy security or high use code.
Gerard van Vooren • November 2, 2014 10:03 AM
“In answer to the OpenBSD question of “Why is the OpenSSL code base so hard to understand?” well if it was easy to read and understand the world and his dog would have dug into it and made their own modifications…”
That is probably true and also the reason that LibreSSL gets outside code contributions.
“Maybe somebody should set up “coding standards” that are meaningfull for the FOSS community to follow as well as a charity etc to pay for competent eyes to actualy walk the line for code, especialy security or high use code.”
Like in the Linus kernel standards? I don’t know. It still leaves a lot of freedom for the developer to mess up, especially in large codebases. I talk from experience here. Personally I like tools more. The Go language has “go fmt” for automatic code reformatting and it works wonderful. I remember the LibreSSL guys struggling with KNF in the OpenSSL codebase. After 2 months they were still on a daily base reformatting the OpenSSL code. With “go fmt” it would be a matter of a key press.
A tool such as “go fmt” would of course only work with a language that has a relatively sane syntax, so C comes to mind (C++ does not). In Go repositories on github you usually see indicators that the code has been formatted and tested. It works rather well.
The problem is usually the installed base and the existing players that don’t want to change. A tool such as “go fmt” should be brought in by someone like Linus Torvalds himself in order to get attention.
But that all said, a tool such as “go fmt” would definitely clear up a lot of old pains of C.
BoppingAround • November 2, 2014 11:28 AM
On cascading various tools: inconvenient… perhaps. But it’s doable for me. For my users and associates?… not likely. I preach, but like the public, they mostly think I exaggerate the threat to privacy and dismiss the recommendations. I hear, “I don’t have anything to hide, so why worry,” far too often. I wish more cared for the right reasons.
Have you tried –lying–, telling half-truths, hitting where it hurts? Not some abstract threats that ‘may or not may be’ but something that is more palpable to those you ‘preach’ to?
Politicians do this all the time and they succeed frequently. Maybe we should try too.
Rick • November 2, 2014 11:51 AM
Starting November 5th, US Justice Dept. and the FBI demonstrate an appetite for more:
Simply brazen. And the US Congress still has no idea of the true scope of the surveillance:
It’s out of control and the public, even if they did care, doesn’t actually influence policy:
Meanwhile, the progenitor of one our best chances to get off the planet and fork a new society goes down in the desert:
On the positive side, Clive Robinson reveals a new version of BSD (a few posts up from here): http://www.openbsd.org/56.html
Rick • November 2, 2014 12:01 PM
“Politicians do this all the time and they succeed frequently. Maybe we should try too.”
Yes, they do. Miscreants, mystics, and Cro-Magnons, every one of them. However, 2 lefts don’t make a right, so I can’t agree with you on that point, despite the apparent effectiveness of lying:
“In a time of universal deceit – telling the truth is a revolutionary act.”
Nick P • November 2, 2014 12:04 PM
re air gap jumping via paper
That’s a good idea. Would depend on how the data was processed. It would seem a Harvard-style DSP or microcontroller doing the initial processing might knock that risk out. Plus be cheap.
Funny thing is that I posted the opposite scheme here a while back: store or transfer data via punch cards so the implementations could be about bulletproof. That is in terms of low exploitable vulnerabilities & ability to inspect the machines for subversion. Not sure how practical it is but we should probably keep punch cards in the back of our head for high assurance stuff. Sure there’s some use case waiting to be found.
re plea bargain
Thanks for sharing that! It’s probably the best damn essay I’ve read on the subject. Now all we need is one of the Dr Evil meme images with the caption “Due Process.”
Yeah, I find it quite favorable. As usual, they fix or extend all kinds of little things hardly anyone thinks about. The first, though, is LibreSSL. Their style is again evident as the “features” constantly use the phrase “no support for.” Most of industry brags about the crap they add while OpenBSD team bragged about what they removed. Might give the new version a go after my busy schedule slows a bit.
@ Wael, Clive
This report on their progress was quite a read. I particularly like how he intentionally reported a vulnerability in the wrong library, but they found one there anyway. Shouldn’t be that easy in a crypto library underpinning so much online activity in this country.
Of course, there was also some OpenVMS bashing that really seemed to reflect OpenSSL implementation, not the OS. That doesn’t bother me, though. I just have to compare OpenBSD & OpenVMS’s uptimes, vertical scalability, clustering support, & required administration. Going by the numbers, I wouldn’t be talking shit until I had at least matched the system from the mid 80’s. But we know how OSS developers love to talk shit, don’t we? 😉
(Meanwhile in another corner of the U.S… AS/400 admins are heard laughing about how they struggle to recall the day that they put in more than 30 minutes of administrative work in an 8 hr shift.)
I didn’t think of the covert, socialism angle. You’ve given me something to consider in the future. It does already affect me as I know that bringing a product to market means I will have to backdoor it. My principles say I have to limit potential damage even then. So, I have to spend a lot of effort in recent designs working on high assurance, covert backdoors with read but not write access. Systems that facilitate that. And so on. When I’d rather just put all that effort into the easier problem of a secure box that doesn’t expose its insides to outsiders. (rolls eyes)
“Onward then” I go…
Wael • November 2, 2014 12:59 PM
Not sure how practical it is but we should probably keep punch cards in the back of our head for high assurance stuff
Secure? Probably! Practical? Not sure it would be that practical for large amounts of data. Can you imagine encoding an HD movie on a stack of punch cards? I haven’t done the calculation, but I think you’ll need a sizable stack. And what would happen if you accidentally dropped a stack of 10,000 cards on the floor? You may want to think about how cards can be read out if sequence and rearranged at the receiving end — not a hard problem to solve. On the other hand (you have different fingers), I bet tree-huggers won’t endorse your idea 😉
Wael • November 2, 2014 1:08 PM
That’s a good idea. Would depend on how the data was processed. It would seem a Harvard-style DSP or microcontroller doing the initial processing might knock that risk out. Plus be cheap.
We don’t have control on the scanner’s hardware or Firmware design… We maybe able to put checks at the receiving end, though.
Czerno • November 2, 2014 1:33 PM
I still keep a couple old batches of punched cards from the sixties – programs and data – just for the nostalgia side. Unfortunately,
overtime moisture has rendered the cards unusable in regular reading/puncing equipment
– even if such equipment were still available !
If the data were any value other than sentimental and had to be retrieved, special
equipment would have to be procured (or built on purpose) in order to get it restored. Ah but, yes, punched paper cards COULD be read manually – in theory :=)
I’m afraid punched cards – nor paper tape –
aren’t a practical solution in this age !
Iain Moffat • November 2, 2014 3:10 PM
I think Paper Tape was a better deal than cards (having used both in my distant past) as you couldnt get it mixed up by dropping and a degree of cut&paste editing was possible – one large roll must have been enough for a small C compiler or minimal kernel source at least. I deeply regret scrapping an ASCII Teletype KSR33 about 10 years ago !
I think the problem with the SOE radios is that several of the sets – certainly the early Mark XV and Paraset and the later 53 Mk 1 – used regenerative receivers so they were prone to oscillation on the working frequency – a stage beyond local oscillator leakage in fact.
The book “Secret Warfare” by Pierre Lorain (first published in 1972 when more and better memories were available) has some of the circuits and a lot of cipher and Opsec data for the SOE radio links and is one of my favourites.
Adjuvant • November 2, 2014 3:16 PM
Sibel Edmonds & Gladio B Transcripts
Just as a heads-up: if you’ll recall, a few Squid Posts back I introduced and then decided to begin a bit of transcription of some critically important material from FBI whistleblower and National Security Whistleblowers’ Coalition head Sibel Edmonds. Perhaps predictably, given my nature, this venture has now spiraled entirely beyond the bounds of sanity, and I find myself 100 hours deep into what’s looking to be a 200-hour pro bono project. That should give some indication of the importance I assign to this information.
An index of the transcripts as they stand presently may be found here: Sibel Edmonds & Company on Operation Gladio B: Chronological A/V Media Transcript Collection [IN PROGRESS]
Also, James Corbett has graciously begun publishing the transcripts of the core interview series on his (admittedly uneven, yet very frequently enlightening) website at corbettreport.com. To date:
Part 1: An Introduction to “Gladio B”
Part 2: Gladio B: Protecting Terrorists and Stifling Investigations
Part 3: Gladio B: From Nationalist Terror to Islamic Terror.
Summaries, enhanced references, etc. are likely to follow in a week or two once I come up for air.
@Nick P: In case you missed it, see my response to your last post on that thread HERE.
Nick P • November 2, 2014 3:40 PM
Remember that I put most stuff on untrusted computers, including storage. A secure computer has keys. The paper cards would be for storing or moving key mat in a physically recoverable way. Far as moisture or dropping, we have 100+ years experience in protecting paper.
Figureitout • November 2, 2014 3:50 PM
Clive Robinson RE: AirHopper
–I’ll let the medical device thing go, I was meaning number of surgeries; insurance companies will probably have that info and hospitals. Didn’t want to joke anymore there too, but all your typos make sense now (the x key is also close to d on keyboards too); it’d be a good skill to learn how to type w/ your hands by now you know. ( ͡~ ͜ʖ ͡°)
On the Airhopper, fun paper to read, neat they used the headphones as an antenna…Damnit! I like my headphones.
Hmm, “back in ye olde days” they used speakers for debugging? Neat, but difficult debugging.
Yeah I’ll probably put together a better omni-antenna eventually, like the directional ones though. My fave, don’t care if someone sees me. Thanks though, good links.
Would say more but had a bad night last night though, mind’s in disarray, wasted my project time troubleshooting my dumbass mistake of putting a PCI card in a motherboard while power plugged in. Something (has to be some IC, no burn smell, checked the 24pins and don’t get 12V) happened to I believe the DC-DC converter which, can’t just be replaced by a spare ATX power supply, even though it made me happy to get life in the motherboard but was getting way too hot and was ignoring power down switch. I needed that motherboard! Damnit…now I need this dumb DC-DC converter which is not made anymore. Only reason was putting in PCI card was to try out this yagi antenna, as I found out my wrt54g router I was saving for a radio project, I have the frickin’ V.8 one w/ no removable antennas. Opened it up and I found I can add an antenna by doing some stuff we do at work, but I can’t mess it up soldering coax to the board, I don’t have the nice SMA connector w/ coax attached, and I’ll have to mod the case. Also, frickin’ losers at the FCC made this standard, “RP-SMA”, WTF guys? If you’re looking to add an antenna to a router, you’ll probably get tricked by this, looks very similar to SMA. It’s inverted SMA, bass-ackward, so stupid, it’s specifically made to be annoying to attach SMA antennas to routers. I can just get an adapter idiots. Feels more like they just did that and can be the company making adapters.
Blargle, anyway how was your weekend haha? At least was able to boot w/ CD on that Mobo before kaboom, which is good. And just got a wifi dongle working on linux, which all it needed was the ID # put in the driver file; and it gets a good bit rate. So phew, at least some success, too much fail and now got to do HW and crap… 🙁
RE: openBSD changes
–Damn that’s a lot of changes, assuming b/c they know the code base pretty well, really well, to make all those big changes. I noted one thing in particular…no bluetooth support! Woohoo! One thing I didn’t get w/ their install was requiring me to go to some FTP/HTTP site to get files and register or whatever. Uhh, I don’t know, didn’t like that. Probably going to buy their CD set sometime, as I like to reward good software.
–Yeah, not only very quick, but very low power. Very hard signals to capture w/o advanced knowledge. Need analyzer w/ very fast sampling rate, which I thought FCC would have. LOL on the jamming. Nice one.
AlanS • November 2, 2014 4:04 PM
Thanks for the links to the Rakoff articles.
The economic school that gave us the efficient-market hypothesis, ‘deregulation’, and the financial crisis, also provides an explanation for “why the ‘big financial fish’ swim on by the net, that the small fry get caught in to rot away”.
Richard Posner An Economic Theory of the Criminal Law
The major function of criminal law in a capitalist society is to prevent people from bypassing the system of voluntary, compensated exchange-the ‘market’.
In cases where tort remedies, including punitive damages, are an adequate deterrent because they do not strain the potential defendant’s ability to pay, there is no need to invoke criminal penalties…This means that the criminal law is designed primarily for the nonaffluent; the affluent are kept in line, for the most part, by tort law. This may seem to be a left-wing kind of suggestion (“criminal law keeps the lid on the lower classes”), but it is not. It is efficient to use different sanctions depending on an offender’s wealth.”
Wael • November 2, 2014 5:06 PM
@lain Moffat, @Clive Robinson,
The regenerative receiver idea came across my mind, but I know the radios I had (and others had) were built in the early 80’s — a time when super regenerative receivers were replaced with the more stable super heterodyne ones. However, from Wikipedia, this seems to be a plausible explanation as well:
A drawback of early vacuum tube designs was that, when the circuit was adjusted to oscillate, it could operate as a transmitter, radiating an RF signal from its antenna at power levels as high as one watt. So it often caused interference to nearby receivers. Modern circuits using semiconductors, or high-gain vacuum tubes with plate voltage as low as 12V, typically operate at milliwatt levels—one thousand times lower. So interference is far less of a problem today. In any case, adding a preamp stage (RF stage) between the antenna and the regenerative detector is often used to further lower the interference.
I’ll search for the book and give it a read — going to look for an eBook. I’ll forget about the complaints against “others” collecting my reading stats…
But now, knowing how much they know, what I fear is the following scenario taking place:
Me posting something here: Yea! Great book, I like the ideas there! Read it cover to cover!
Some TLA: Tell us another one, pal! You only read the first page, then jumped around and looked at pictures. And you had to lookup the word “radiating” because you didn’t know what it means! It also took you 27 minutes to read one page, it puts you in the lower 10 percentile of the rest. You then went shopping and bought…
Maybe I’ll stick to the hardcover at Amazon…
Sancho_P • November 2, 2014 6:30 PM
I really appreciate your excellent transcripts, being ESL I have to flip forth and back in text to comprehend, although the audio is good.
A horrible story, nearly unbelievable!
And we are paying for that shit …
Wael • November 2, 2014 9:28 PM
LOL on the jamming…
Jamming was one of my hobbies during my early teen years ( ͡~ ͜ʖ ͡°)
… How did you type that face, though?
Nick P • November 2, 2014 9:59 PM
“How did you type that face, though?”
He probably used Character Map. One of those is Latin and one Inherited font. Pretty awesome anyway. I’ll probably make a copy of it.
Wael • November 2, 2014 10:13 PM
Thanks! You wouldn’t suppose we can use such special characters in passwords, would you? ???? I didn’t use character map for the snake, though!
Nick P • November 2, 2014 10:49 PM
Actually, I didn’t think about it. That’s a good idea now that so much stuff has gone Unicode. Think it would depend on how the password fields represented characters. If ASCII, only so much benefit.
@ Clive Robinson
The first article was great. The second on Wall Street was way off the mark. The evidence of government corruption leading to, during, and after the crisis is quite strong (albeit circumstantial). The lack of prosecutions isn’t an accident happening because of distracted prosecutors. If they didn’t see it coming, that might have been true. After it happened and fraud was mentioned constantly, they still didn’t do a thing. That is telling.
I appreciate it. Will try to read and reply to it later. Winding down for now.
@ Iain Moffat
Thanks for the newest tip!
Not practical? Maybe the punch cards but not the paper. LiveDrive already turned that idea into a product for some customers. Another app is doing 200KB to 1MB per piece of paper. A more cutting edge solution claims to allow up to 256GB on a piece of paper with specialized equipment. That’s petabytes per encyclopedia set worth of paper.
Rock, paper, silicon: paper covers silicon. Paper wins. 😛
From the wilderness • November 2, 2014 11:58 PM
I’m using OpenBSD 5.6 here and it is great. The SMP stuff has been improved a great deal on amd64.
Tor seems to work well with libressl so far too.
Wael • November 3, 2014 12:00 AM
@Nick P, Iain Moffat,
A more cutting edge solution claims to allow up to 256GB on a piece of paper with specialized equipment.
I didn’t think it’s possible yet either. Could be cutting edge as “in a couple of decades”, but not today.
Andrew_K • November 3, 2014 3:48 AM
@ Tyco Bass
Regarding the confession of former FAZ journalist Udo Ulfkotte.
I would not trust that man.
German media journalist Stefan Niggemeier did some research on his claims. Unfortunately, none of Olfkottes’ stories checks out. Niggemeier’s Analysis. Niggemeier confesses openly that he writes regularly for the very newspaper involved in Ulfkotte’s story.
I once more got a friend to translate me some of it (I have to learn German, any recommendations?). In short: Ulfkotte did publish most of his stories earlier in German media. Tough printed in notable run, they did not raise a scandal back then — becaus they were just him confessing blind belief in what BND men told him. Now, he scandalizes his old stories to sex them up and sell them. Whilst the earlier version contains passages where editors in chief warn him not to believe blindly, they by now become acomplices of BND.
His story is inconsistent. To me inconsistency (not to be confused with missing links!) is a red flag leading to my initial statement.
Regarding the TOR-Facebook-thingy.
Sounds like an agency idea to me, too.
How do you reliably identify tor users? Let them enter their name. Heck, they do not need to enter their name, FB has everything needed to identify a person by behavior in their toolkit… Ok, even if it is not agency. It is probably also interesting for FB just to know who is capable of using TOR and who is not.
And, as always, there is an other answer: Money. FB must acquire new users to please the shareholders’ greed. They have acquired merely everyone so far. Time to target new markets. Those who avoided FB because they’re security-aware but not knowledgable enough to avoid this bait. Could work especially in Europe.
Clive Robinson • November 3, 2014 4:24 AM
@ Wael, and others interested in regen recivers,
There are quite a few designs out on the net for both regenerative and super-regenerative receivers using dual gate FETs.
There us this quite clever regen design, where the bipolar transistor is used as a grounded base RF amp to feed the FET as well as either an emitter folower or common emitter amplifier in the oposite direction for the audio,
Then of the “food for thought” variety there is this super-regen experiment with spectrum analyser displays that tell some of the horrors of such receivers,
One asspect alluded to is that these receivers are transmitters, or more correctly “on frequency repeaters”, it’s an effect that can be utilised to advantage when doing surveilance type activities.
Oh and one of the more useful patents on modern super-regens,
Adjuvant • November 3, 2014 7:46 AM
@Andrew_K I have to learn German, any recommendations?
Yes. Supposedly the best. I own it. Someday I may even read it!
Wael • November 3, 2014 8:02 AM
@Clive Robinson, @lain Moffat, et all,
Thanks for the links…
Tr2 the regenerative detector when used for CW and SSB reception has to oscillate at roughly one kilohertz away from the incoming receive frequency in order to demodulate the transmission. Without Tr1 stage this oscillation would be radiated by the antenna causing interference to other nearby receivers.
Sounds reasonable. Perhaps something similar happens with super-het receivers. Now I remember I had constructed a table listing one reciever’s frequency against the needed frequency on the other reciever to “silence” the other one (so I don’t waste time trying to shutdown annoying music nearby). I lost it and forgot the correlation, but I vaguely remember it was a bit more than 1KHz difference, but not sure now. It was also on FM recievers that this worked better. Maybe because FM recievers had telescopic or long wire antennas as opposed to the ferrite bar coil antennas AM recievers used (which may not be as efficient for radiation.)
vas pup • November 3, 2014 8:31 AM
@Clive Robinson • November 2, 2014 12:51 AM:
“Thus one way to prevent a Cyber Pearl Harbour is to develop strong economic ties with nations and regions where such an attack might come. Which is the opposite approach to sanctions and war.” Agree 100%. Drop zero-sum game digital mentality in foreign relations is productive to provide security.
Nick P • November 3, 2014 9:10 AM
Good peer review. So, the number goes down from 256GB to potentially 137MB with existing tech or 16GB+ with advanced tech. Even at 137MB, that’s still a lot of data for a sheet of paper. I did plenty with my old 100MB Zip Disks, esp combined with compression (2GB+ on some data).
Nick P • November 3, 2014 9:20 AM
I’m probably going to try a FreeBSD desktop again instead of OpenBSD. More features, including security, with great reliability. Also already ported to CHERI so getting used to it might pay off in future research. Might start with PC-BSD. I will test new OpenBSD on some servers and appliances like I used to. I also re-install Genode, OC.L4, QubesOS, etc to see how they’re progressing.
BoppingAround • November 3, 2014 9:20 AM
Wael, Nick P,
Nick P • November 3, 2014 9:33 AM
That great! Thanks!
Thoth • November 3, 2014 9:34 AM
Any links for secure kernels like OCL4 to try out ?
Nick P • November 3, 2014 11:25 AM
I’m not calling them secure necessarily as that’s in how you use them. Here’s a few to start with that focus on different things.
EROS capability OS (KeyKOS links are good too)
Fiasco.OC (still developed)
Genode Platform (based on L4)
seL4 (EAL7+ development assurance)
Muen Separation Kernel (prototype written in SPARK)
Turaya Platform (need to replace L4 with Fiasco.OC or seL4)
JX Operating System (needs good VM/microkernel or run on JOP processor)
Clone the Hydra Capability Kernel (gotta emulate hardware)
Clone good parts of GEMSOS (gotta emulate or update hardware side)
Clone good parts of PSOS (hardware considerations again)
Clone good parts of LOCK platform
Clone good parts of VAX Security Kernel for modern FOSS platform
Verve Operating System
Note: Verve is safe to assembler. Need to do a Fagan inspection for common security vulnerabilities at each layer & insert any needed checks/changes before it’s secure. A nice start, though.
There’s a start for you.
Wael • November 3, 2014 12:16 PM
Nick P • November 3, 2014 3:14 PM
Oh yeah there’s also the Thoth machine too. :O
Nick P • November 3, 2014 11:09 PM
The recent Bilderberg roll call is interesting:
So, we have the likes of Richard Perle, Henry Kissinger, and Keither Alexander along with private parties like Google’s CEO, oil companies, & top asset management firms. I bet the content of the meetings are even more interesting these days, esp after certain publications from 2013.
Thoth • November 3, 2014 11:24 PM
Thanks for the Thoth OS. Doesn’t seem to be some assured OS for security but the portability seems kind of useful.
Bilderberg with our fav, Keith Alexander, I wonder if he’s going in to talk everyone into loading key escrows, golden keys and backdoors again.
French • November 4, 2014 2:16 AM
Someone bought 50 euros banknotes with 80% “discount” on a .onion site on TOR, got busted at delivery at post office (warning, french link:) http://www.europe1.fr/faits-divers/il-se-fait-livrer-par-colis-des-faux-billets-commandes-sur-internet-2278761
Someone else claims that internet surveillance led to foil three terrorists on most important french media outlets http://www.thelocal.fr/20141103/terrorist-attacks-foiled-in-france (other links are in french)
CallMeLateForSupper • November 4, 2014 8:18 AM
“It also took you 27 minutes to read one page, it puts you in the lower 10 percentile of the rest.”
LOL! Let “them” leap to incorrect conclusions; one day “they” will take a Wily Coyote trip off a cliff.
It appears to “them” that you spent 27 minutes reading that one page, because the data is incomplete. Actually your Better Half preempted your reading to schlep groceries from the family bus. Definitely a non-maskable interrupt! 🙂
Nick P • November 4, 2014 10:56 AM
Including the Thoth machine was just a joke as it matches your name. I first saw that word here as your alias. Then, the second time I see Thoth is in an article I discover while looking up kernels for Thoth. Slightly amusing.
“Bilderberg with our fav, Keith Alexander, I wonder if he’s going in to talk everyone into loading key escrows, golden keys and backdoors again.”
Or relieve them by showing their plans/policies are still in effect and moving forward.
Skeptical • November 4, 2014 12:04 PM
An interesting essay in the Financial Times by Robert Hannigan, Director of GCHQ.
It’s worth reading, even if (perhaps especially if) one already knows that one will disagree with it. Two salient points from my perspective:
1 – he claims ISIL is highly adept at secure communications
2 – he welcomes a public discussion of privacy vs. security tradeoffs with greater participation from GCHQ
Hannigan ends on this note:
To those of us who have to tackle the depressing end of human behaviour on the internet, it can seem that some technology companies are in denial about its misuse. I suspect most ordinary users of the internet are ahead of them: they have strong views on the ethics of companies, whether on taxation, child protection or privacy; they do not want the media platforms they use with their friends and families to facilitate murder or child abuse. They know the internet grew out of the values of western democracy, not vice versa. I think those customers would be comfortable with a better, more sustainable relationship between the agencies and the technology companies. As we celebrate the 25th anniversary of the spectacular creation that is the world wide web, we need a new deal between democratic governments and the technology companies in the area of protecting our citizens. It should be a deal rooted in the democratic values we share. That means addressing some uncomfortable truths. Better to do it now than in the aftermath of greater violence.
The devil of course is in the details.
And while terrorism is a very low likelihood event, let’s face the reality: given the ever increasing technological capability of a small number of individuals to wreak massive destruction of lives and property, and given the continued existence of extremist organizations and alienated individuals, we will at some point sustain another large-scale terrorist attack.
Hannigan is entirely correct that it would be better to have this conversation now – and for everyone to strive for a moderate, reasonable discussion rather than seek to score points with partisan propaganda – than it would be after such an attack.
In other words… to ignore the legitimate concerns of law enforcement and intelligence agencies of free nations is ultimately not in the interests of anyone’s security. The perfectly secure system – secure against everyone – will be swept away the moment it is used to perpetrate an act sufficiently outrageous to the public. Snowden’s dreams of binding down humanity in encryption to prevent abuse of power are politically naive and unhinged from history.
Instead we need systems and designs that allow for both the interest of an individual’s secure privacy and the interest of a secure democratic community.
That is a much harder, more complex problem than simply designing a secure system, which – and I am of course woefully ignorant of all technical matters – is challenging in itself.
But in matters of humanity, complexity is not something that can be avoided.
Wael • November 4, 2014 1:23 PM
It appears to “them” that you spent 27 minutes reading that one page, because the data is incomplete.
Data is incomplete because they only used a limited set of the available sample space they collected. The question we should be asking now is not “How much do they know”, rather: How much (or little) don’t they know. Should be a shorter list that’s monotonically decreasing with time…
Savile flashbacks • November 4, 2014 1:36 PM
Skeptical wet the bed in fear at the scary stories of Rogers’ butler Hannigan, and now he wants to cuddle damply up with you because of all the scary monsters in his closet. Cowardly sniveling crap like this depends critically on imbeciles and legal ignoramuses like Comey and his fangrrlz like skep. Of course Hannigan is scared of his shadow, he grew up hiding from the wellborn pedophiles who run his country and rape the kids. Just sack up, you slavish limey sleeve, your vocational neuroses do not scare us.
Justin • November 4, 2014 1:43 PM
You want Apple and Google to provide a back door or a “front” door for the encryption on their cell phones?
Law enforcement and intelligence already has the capability to track location of cell phones, and intercept metadata for calls, texts, and e-mails. Isn’t this sufficient, especially without a warrant?
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
I think our founding fathers already had a discussion of the tradeoff between privacy and security. And Ben Franklin said,
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
The technology is already here to break into cell phones (Hacking Team, FinFisher, etc.) This is really a political question, when are searches and seizures reasonable?
BoppingAround • November 4, 2014 4:31 PM
2 – he welcomes a public discussion of privacy vs. security tradeoffs with greater participation from GCHQ
He welcomes a dicussion on non-existent trade-offs? Witty.
N.B. I admit that I haven’t read the interview.
Anura • November 4, 2014 7:00 PM
According to researchers at Newcastle University in the UK, the card system developed by VISA for use in the United Kingdom fails to recognize transactions made in non-UK foreign currencies and can therefore be tricked into approving any transaction up to 999,999.99.
What’s more, because the cards allow for contactless transactions, wherein consumers need only to have the card in the vicinity of a reader without swiping it, a thief carrying a card reader designed to read a card that’s stored in a wallet or purse could conduct fraudulent transactions without the victim ever removing their card.
But EMV cards don’t have to make contact with a reader to be used. They can also be used for contactless transactions for speed. The EMV system in the UK limits the maximum value for a contactless transaction to £20, requiring a PIN for anything more than this.
Wait, you’re telling me they have a card that can be charged while still in your wallet without the owner of the card having to do anything at all? Even if it was a limit of £1, someone can set up a merchant account with a stolen identity and easily make £1000+ a day. With a £20 limit, you can be pretty rich with just a few weeks work. The foreign currency thing is an oversight, but this is just plain stupid unless the article is incorrect.
Thoth • November 4, 2014 7:22 PM
I like the name of that Thoth kernel. I wonder if it can be overhauled as a secure kernel with the same name using SEL4 concepts. Still reading the SEL4 papers for now.
The problem for these agencies is a chain of abuses and misgovernance.
– Who is suppose to handle civilian comms and who is to do what ? Scope creep ?
– Dragnet surveillance of almost everyone. Are you comfortable with it ? Do you like people to know what you ate, what you did, what are your health status and so on ?
– Why are there no checks and bounds or weak checks in place to ensure intercepted or collected items would not be misuse ? How about the recent cases of the cops spreading pictures of a woman whom they got the pictures from her cellphone she surrendered ? How about the case where FBI took someone’s pictures from her cellphone and created fake accounts on Facebook ? Ethics ? Seems like they have no ethics in them left. How are these people different from those they claim to be protecting us against ? They are also doing the same thing with the same low ethics.
– The law has not caught up on proper investigative techniques and procedures thus allowing these agencies to overstep boundaries and use extrajudicial means (intercepting someone’s pictures and creating fake Facebook pages without permissions what so ever – probably if they ask politely, the person might consider ?).
– Put it in simple… our technologies are advancing very very rapidly and we are advancing to a highly empowered species on this planet due to our advanced technologies (which gives us lots of power over our life). But at the same time, possessing so much power yet without advanced ethics and mindsets makes us sink into primordial animal like behaviours. Probably some might argue humans are animals (mammals) afterall and it’s our nature but we have a human side to it which we keep violating.
In the light of the lack of proper procedures and assurances of the courts and agencies (and the Governments – run by some selfish bunch of people as we can observe from history), why should we trust them ?
They must prove their (agencies and Governments) worth to be “custodians” but would it be better if we ourselves are “custodians” of our own fate than to let it rest in the hands of others (agencies, Governments, companies, organisations) ?
Probably humanity at this advance level of advancement but without the lack of ethics might change for the better ? Or would we nuke ourselves into oblivion ?
Just a note: privacy and security are the same side of a coin. Pull any of them away and you lose both. It is like building a fence to protect oneself but the fence is made of …. tissue paper ?
Thoth • November 4, 2014 11:13 PM
Whatever the case is, I think mass adoption of Medium Assurance solutions would pick up speed and slowly open up to High Assurance adoption to combat TLAs.
Clive Robinson • November 5, 2014 1:44 AM
With regards the “no sign” feature on NFC bank cards, it’s real, and is being heavily pushed as a “user conveniance” in the “ad-land” utopian adverts…
Worse is the fact that people are already getting “double dipped” by the likes of Transport for London, people hold up their purse/wallet to travel by “Oyster Card” and get charged on their bank card for a single fare even though they have a valid ticket to travel on their Oyster Card… Apparently according to TfL and the banks it’s the users fault… TfL have previous on dodgy behaviour over Oyster Cards and the money on them where they ended up with tens if not hundreds of millions of peoples money because their technology was unreliable…
I expect to see a load more problems with NFC systems over the next few years as the difference between “ad-land fantasy” and “real world reality” is exploited by companies to individuals disadvantage.
And it’s not as though people have any choice, just as with Chip-n-Pin cards, NFC cards will not be optional they will be forced down your throat at some point.
The one I’m waiting for is, as more smart phones get NFC systems put in them, malware / games app writers to realise that many people carry their NFC bank cards in very very close proximity to their smart phone thus those little sums for “game upgrades” will become automatic…
Anura • November 5, 2014 2:26 AM
Sometimes I think every single problem in the developed world is due to advertising. Media? Advertising. Political campaigns? Just marketing campaigns. All of our policies, everything our society does is based on marketing. Facts and information? Boring as hell. [Latest scary thing]? Ratings central, advertising cash abound. It’s a Seldon Crisis where nobody provided us with the tools to solve it.
Sorry, started non-celebratory drinking in anticipation of election results, and haven’t stopped.
Clive Robinson • November 5, 2014 3:43 AM
With US turn out estimated to be a lot less than 20% the results are hardly going to be representative…
Something that’s been noted in the UK is that voter apathy hurts main stream views and aids extreamist, radical or “loony two tunes” parties.
That said as has been reported on UK and other non US television, the GOP has a party within a party and that inner clique is only unified by their irrational behaviour and personal vitriol against that which they cannot even enunciate coherently… presumably because they have not thought it out for themselves but have just “adopted a sound byte” from some one as equally unbalanced but possessing a little more sophistry and finances.
As for the rest of the world, it’s a toss up between the politics of a control freek or those of a “nuke the gay whale” fraternity  mentality, so the best we can hope for is a stalemate as hopefully that will keep the peace for the next couple of years.
 Originaly a tee shirt slogan thumbing the nose at various anti organisations, by being as “politicaly inccorect” as possible wilst just staying within the bounds of satire, it developed a life of it’s own, and is now used to describe those who have extream, unbalanced and often incoherent opinions and insist on demonstrating them in public, often draging their children along to hold banners and placards with equally meaningless messages.
mg4yk • November 5, 2014 4:37 AM
Have you seen EFF’s secure messaging scorecard?
The comments on Hacker News are very negative, especially around the audited, and ‘encrypted so provider can’t read it’ columns.
What is your opinion on the criterias they used and on the applications they featured?
Perhaps you could collaborate with them to make that table more accurate 🙂
thevoid • November 5, 2014 6:55 AM
@anura, @clive, @etal
to those who may want to understand some of what is driving politics, the
book ‘the authoritarians’ by bob altemeyer is VERY relevant… and not too
hopeful. it’s by a psychologist, who was encouraged to write it by a republican
who was looking for a reason for the ‘loony tunes’ takeover of the party, and
found altemeyer’s work. the book is mostly just various studies done, and is
a very easy read despite its technical nature (altemeyer has a good sense of
humor, which helps with the material involved).
as clive noted:
presumably because they have not thought it out for themselves
but have just “adopted a sound byte” from some one as equally unbalanced but
possessing a little more sophistry and finances.
this is very common of the ‘authoritarian (follower)’ type. in fact, this
psychological type (which altemeyer calls RWA) has problems with basic logic.
fish live in the ocean
sharks live in the ocean
therefore sharks are fish
these types tend to think this is LOGICAL. they agree with the result, so the
argument must be right…
the book is available free from the author at
this research has actually been going on for decades, and there is much to
support it, the RWA test and scales have been widely applied (technical
details of studies, etc are in the book). MANY nonsensical things (people)
begin to make sense…
Adjuvant • November 5, 2014 9:58 AM
Definitely +1 for Altemeyer. Very easy reading, and gives the impression of rather plodding, workmanlike scholarship at first glance: you won’t be intellectually dazzled on contact. Yet, it grows on you, and you find yourself appreciating it more and more in hindsight — especially since there is so little comparable work.
Nick P • November 5, 2014 10:03 AM
“Whatever the case is, I think mass adoption of Medium Assurance solutions would pick up speed and slowly open up to High Assurance adoption to combat TLAs.”
It didn’t before Snowden. It didn’t after Snowden. It probably won’t work that way. The market, even government, just refuses to make the tradeoffs in cost, features, performance, and compatibility that they need for that. It’s understandable and the cause of insecurity.
This is why I’m promoting development of platforms like SAFE & CHERI that preserve compatibility. In theory, you could put most of the security engineering into the OS, compilers, etc and the hardware would prevent most problems. If simple, it might be able to do this cheap & with acceptable performance as well.
The Ethics of Perfection essay by Steve Lipner (did VAX Security Kernel)
My own post regarding an EAL7 VPN that got canceled.
thevoid • November 5, 2014 4:10 PM
interesting review! sounds like you caught whatever it was bruce had a few
it may not be dazzling, but it is rock solid, and its explanatory power in
undeniable. anyone who wants to understand the ‘thinking’ of the extreme right
should read this. you will look at politics, especially current u.s. politics,
and go ‘oh, this make SO much sense.’ every characteristic of those on the
extreme right is PREDICTABLE AND CONSISTENT. their lack of reason, their faith
in their chosen authorities (no matter what, even if these authorities violate
EVERYTHING they stood for eg many of those big name ‘christian’ pastors), their
xenophobia, their agression, willingness to do anything for their authority…
where i quoted @clive above, he hit the nail on the head re these authoritarian
we can look into conspiracies and power, who’s doing what for what reason, but
the bedrock that allows much of this is still basic human psychology.
in sum, RWA stands for ‘right-wing authoritarian’, although the ‘right-wing’ is
somewhat redundant, as what constitutes the right-wing is their following of
the given authority. altemeyer jokes that he has still not found any ‘left-wing
authoritarians’, but notes that when his RWA scale was applied to former
soviet block coutries, the highest ‘right-wing authoritarians’ were the
communists (ie the given authority).
the findings are not hopeful either. let these RWAs (authoritarian followers)
meet SDOs (social dominators), and they WILL destroy the planet. all the
studies are detailed in the book, which is really a summary of the work done
on this over the decades.
i cannot emphasize enough the EXPLANATORY POWER of this, and i think everyone
here should read this book. this is also a major security issue, to quote
altemeyer (on the page i referenced above):
For example, take the following statement: ?Once our government leaders and the authorities condemn the dangerous elements in our society, it will be the duty of every patriotic citizen to help stomp out the rot that is poisoning our country from within.? Sounds like something Hitler would say, right? Want to guess how many politicians, how many lawmakers in the United States agreed with it? Want to guess what they had in common?
Or how about a government program that persecutes political parties, or minorities, or journalists the authorities do not like, by putting them in jail, even torturing and killing them. Nobody would approve of that, right? Guess again.
Don?t think for a minute this doesn?t concern you personally. Let me ask you, as we?re passing the time here, how many ordinary people do you think an evil authority would have to order to kill you before he found someone who would, unjustly, out of sheer obedience, just because the authority said to? What sort of person is most likely to follow such an order? What kind of official is most likely to give that order, if it suited his purposes? Look at what experiments tell us, as I did.
thevoid • November 5, 2014 4:29 PM
i should also add that this is not a partisan issue. altemeyer himself notes
he is middle-of-the-road politically, and that when his wife and her ‘liberal’
friends are around and discussing something, he is not entirely welcome.
Nick P • November 5, 2014 7:03 PM
Replacing the dated “TLA” attacker label
Anura brought up a decent point recently: many law enforcement and intelligence organizations don’t have 3 letters in their acronym. Referring to them collectively as a Three Letter Agency (TLA) is an old tradition. It doesn’t match reality, comes off a bit conspiracy nut to many lay people, and lacks the professional approach of other categorizations. So, let’s see if we can do better.
Security evaluation standards often rate the strength of the security tech as Low, Medium, or High. The idea is they protect against different levels of adversary sophistication. Examples in standards like Common Criteria include casual (incompetent), serious (vanilla black hat), and highly sophisticated (nation-state or top black hats). It got refined a bit over time with documents referencing “attackers of low/medium/high attack potential.” That’s both professional and sensible. So, let’s build on it.
LSA = Low Strength Attacker. These are script kiddies or people barely trying.
MSA = Medium Strength Attacker. These are your baseline black hats. Like Medium Robustness in most ratings, the capability this references will always be varying as it’s relative to Low & High.
HSA = High Strength Attacker. This is an attacker that has the brains, money and time to bypass well-thought protections. Elite/obsessive independents, criminal organizations, and nation-states dominate here.
So, we call them HSA’s instead of TLA’s. When explained, it makes sense without ringing any conspiracy bells. Also helps later on as evaluation standards are simplified: pick Low Assurance for LSA’s, at least Medium Assurance for MSA’s, and High Assurance for HSA’s. Better yet, don’t attract HSA’s attention at all wherever possible.
What you people think?
Thoth • November 5, 2014 7:28 PM
HLA sounds good. We shall adopt that.
So, we should not simply go into medium assurance and climb into high assurance but to jump directly into high assurance mechanism. These high assurance designs should be comfortable for mass adoption as well.
Wael • November 5, 2014 8:18 PM
So, we call them HSA’s instead of TLA’s […] What you people think?
Arrrgh! How could you! They are not attackers! It’s called the “Department of defense” — not “Department of offense”, Doncha Know? Anyway… If you classify attackers by strength, then they are freaking “invincible” (FIA: Freaking Invincible Attackers) — remember the rules of the game?
I personally like “Spook”… It gives the discussionnnnnn ummmm … a spooky atmosphere 🙂
OK… Joking aside, how about PTDH (Tom, Dick, and Harry minus the last DH to reduce redundancy.) 🙂
Thoth • November 5, 2014 8:35 PM
In regards to HSA’s not wanting so much high assurance in the common market (so that they can continue their fear and war mongering), I think the only way is for Community sector to have it’s own community standards untainted by Government FUDs and agendas.
Some suggestions to put the FUDs in the trash-can:
– Introduce Community Standards and Assurance Levels (CSAL).
– Introduce Community Assurance Suite of Algos, Methodologies and Functions.
– Introduce CSAL product testing and certification labs (Governments cannot participate).
– Introduce Community Standards Eudcation Initiative.
They should rename themselves to Department of People Offense ? 😀
@Nick P, Clive Robinson, et. al.
Is there any suggestions you can contribute to create a set of Community Standards and Assurance Levels (CSAL) e.g. what you think are the ways to create different assurance levels ?
Nick P • November 5, 2014 8:37 PM
HSA, not HLA. I’m fine with either really but “strength” has more impact than “level.”
“It’s called the “Department of defense” — not “Department of offense”,”
Lol. The Artist Formerly Named War Department.
” If you classify attackers by strength, then they are freaking “invincible” (FIA: Freaking Invincible Attackers) — remember the rules of the game?”
They’re far from invincible: they’re the school bullies nobody has challenged with a full on hit to the nose. A number of ways to take them down if majority wants to. Apathy prevails, though.
“I personally like “Spook”… It gives the discussionnnnnn ummmm … a spooky atmosphere :)”
Originally was going to suggest that. Then, I remembered it’s mainly intelligence types. Police have their own style and laws in countries like the U.S. So, I had to leave “spooks” for the spooks.
“OK… Joking aside, how about PTDH (Tom, Dick, and Harry minus the last DH to reduce redundancy.) :)”
It’s nice for the NSFW Internetz. Especially the subliminal subscripting. I just needed another one for more mundane official documents, textbooks, advertisements, etc.
Nick P • November 5, 2014 8:55 PM
I actually posted an essay on new evaluation standards here. The community driven part I’m not so sure about. I think professionals with a track record in high security development should be sponsored to create the criteria. I’ve done a lot of that work myself right here. Others contributed to it. So, a similar effort (even reusing ours) presented in a structured way for various audiences.
I at least posted my proprietary framework for assessing security to try to help industry out. It’s interesting to compare it to others and to products’ security claims.
Wael • November 5, 2014 9:12 PM
They should rename themselves to Department of People Offense ? 😀
🙂 This thread discussion reminds me of a similar proposal to replace cryptography’s Alice and Bob with Sita and Rama almost two years ago!
Clive Robinson • November 5, 2014 9:14 PM
@ Nick P,
With regards TLAs and naming conventions we have had this conversation before and Wael may remember his part in it.
As I originaly pointed out they are called Type 1, Type 2 and currently Type 3 organisations or entities (entity is prefered in Europe due to the legal definition of “any person legal or natural”).
So instead of entity you could use Attacker / Agency which curreltly would give you in the US T1A / T2A / T3A or in the EU T1E / T2E / T3E.
However it was Ross Anderson who came up with it originaly and he was talking in terms of “Capabilities” so perhaps T1C / T2C / T3C.
That said the original concept of a T3C as the top most level is perhaps a little out dated and we need T4C and T5C these days as well. With perhaps T0C for those who don’t have any real capabilities or resources. … The problem will I suspect be comming up with suitably clear explanations for each level that will remain “future proof”.
I suspect that the letter A, C or E may in reality get dropped as it would generaly be apparent from the context.
Any way my $0.02 on the issue (though we could ask Bruce to chat with Ross over it, they meet up around twice a year).
Wael • November 5, 2014 9:47 PM
@Clive Robinson, Nick P,
With regards TLAs and naming conventions we have had this conversation before and Wael may remember his part in it.
Here is your Types of attackers, and here is another one on the classes of attackers. Makes sense then they should be called class III, Type III, or C3 / T3…
The last link almost took us into the Castle, or freed us from the prison (prison! TLA! Hmmm — not good.
Wael • November 5, 2014 10:32 PM
@Clive Robinson, @Nick P,
However it was Ross Anderson who came up with it originaly and he was talking in terms of “Capabilities” so perhaps T1C / T2C / T3C.
It’ll have to go back to the definition of “Security” and levels of “Security”. I don’t believe a security level (or an attacker level) can be accurately represented by a scalar figure. At it’s simplest representation, it’ll be a vector or even a matrix — a Tensor would be an overkill and just as useless as a “Scalar” security level. Based on the “Security level”, one would then map the “Capabilities of the attacker” necessary to break a certain security level, which suggests “Attacker levels” are also not scalar quantities. One will also need to include “law” as a capability because “law” can be used to trump some security capabilities. The amount of computing power available, amount of “brain” power at hand, etc… have to be factored in as well (for an adversary.) As far as replacement names for a TLA, I think it’s a moot discussion (a matter of no importance), just like replacing Alice and Bob with other characters accomplishes nothing…
Adjuvant • November 5, 2014 10:37 PM
@thevoid: sounds like you caught whatever it was bruce had a few
months ago… Actually, I came across Altemeyer back in ’07. Poked my head in on him again in ’08 when I read he had added a postscript. Just sharing my impressions as I recall them: but, yes: very worthwhile reading. I’d meant to take a look at his HUP monograph as well, but that hasn’t happened yet.
Adjuvant • November 5, 2014 10:50 PM
@Wael: This thread discussion reminds me of a similar proposal to replace cryptography’s Alice and Bob with Sita and Rama almost two years ago! Hah! Nice one!
If I ever take another Sanskrit class, I’ll definitely have to make a project of fleshing that out in proper ślokas 😉
Figureitout • November 5, 2014 11:00 PM
Replacing the dated “TLA” attacker label…What you people think?
–I think there isn’t much a point to it. I don’t give a f*ck what grade attacker you are, so long as I have evidence of a breach, time stamps and various other “snapshots”, I don’t care who you are, you breached my perimeter. My systems I’m working on (on COTS grade hardware, on a below poverty level budget), I think I can create an almost useless minimal system that can’t be touched beyond infection from development (and believe me I will flame and push all who think they can like Braveheart mooning the enemy before battle, hopefully w/ a different ending…). That ranks as a high security problem in my view; developing using great and easy software/PC’s, but infections getting hooks in the final product.
If you classify attackers by strength, then they are freaking “invincible” (FIA: Freaking Invincible Attackers)
–Far from it as Nick P said. I’ve proved it to myself, can you? Completely separate example you may be familiar w/. Edward Snowden, so this guy was able to amass an unknown amount of documents and walk out the door of supposedly an “FIA” level attacker. The ultimate lesson is that the pure attacker is so blinded by attacking, they may leave holes trivially exploited and literally someone walk out the door. Also having “legally mandated” hacks and backdoors; they aren’t actually working for those, nor do they have to have a heightened sense of worry, thus making them lazy over time. Some little clever f*ck will come along since we can’t manufacture hardware or write software ideally yet, if ever.
Thoth RE: CSAL’s
–Absolutely, I agree. Unfortunately people have to be willing to identify themselves, and public background checks need to be conducted. Any ex-military are highly questionable, if no one’s ever heard of the person, questionable, etc. Keep pushing the idea, it’s going to be messy like open source and have big holes still w/o more money funding people (and hold those people if they’re getting paid accountable for quality!!).
Wael • November 5, 2014 11:43 PM
Your OTP encrypted string proves nothing — Sorry. I can just as easily encrypt a string with an AES or DES for that matter and post it here. Probably no one will be able to decrypt it. what your example amounts to is this: An adversary captured your OTP-encrypted text in transit. This is not the whole picture, see.
Edward Snowden, so this guy was able to amass an unknown amount of documents and walk out the door of supposedly an “FIA” level attacker.
I said nothing about their defense capabilities. An FIA can also be an FLD (Freaking Lousy Defender), although I am not saying that. Attacking and defending capabilities are two distinct characteristics. So you are right, I suspect, when you say:
the pure attacker is so blinded by attacking, they may leave holes trivially exploited and literally someone walk out the door
Well, to some extent…
Wael • November 6, 2014 12:09 AM
Yes. Supposedly the best. I own it. Someday I may even read it!
What a brave thing to say! I like that 😉 I, too, own many books that I have not read and will not read.
ślokas I’ll have to ask my Indian friends about this…
Figureitout • November 6, 2014 12:19 AM
–Yeah it does, it’s just a simple example of nearly no work for me turning into massive work for someone trying to find the message that has even unknown layers of encrypted meaning…F*cking it’s not worth wasting your time on these things. Just like people saying OTP can be cracked amounts to nothing, basically. At least AES or DES is following an actual algorithm, I can see visual patterns in other algo’s w/ my bare eyes if it’s just one time encryption which will reveal real quick the algo used.
Like you said, I REVEALED MY WEAK OTP ON A PUBLIC FORUM ON THE INTERNET, other channels used and the odds of cracking it in a timeframe that matters goes down quick.
People saying OTP’s are trivially cracked based on anecdotal to practically zero evidence is likewise quackery.
Proper OTP’s won’t follow any pattern, won’t be made anywhere specific (on a computer, instead perhaps inputed into a computer, if that); it’s essentially back to gradeschool note passing! The channels won’t be consistent; now one needs access to ALL written down info, lol…and that’s just one way of making one, exchanging one via sign language or verbal agreements, the possibilities get insane.
RE: attackers && defenders
–Defenders are superior, attacking is easy. Attackers just go around destroying and using typically pre-made tools. Defense involves more actual design; attacking involves using known weaknesses in technologies we need to communicate. Get too aggressive, there may be someone waiting to shoot you (literally) if you can’t get to the PC any other way…
Thoth • November 6, 2014 12:51 AM
We can start to shape the CSAL here and let me take a first stab at it as I have always done here. Since I am the one to propose CSAL, here’s the version 0 original.
|Document Information: |
|Author: Thoth. |
|Initiator: Thoth. |
|Version: 0 original. |
This is the first draft and also the original draft which would definitely be reworked multiple times. Open criticism of this draft submitting suggestions would be highly encouraged, best with probable solutions for flaws in the document standard.
Markus Ottela • November 6, 2014 6:52 AM
@ Nick P:
Just made the initial commit for TFC poly cipher version. There’s currently no exhausting list of session keys (as discussed earlier); perfect forward secrecy is obtained like I presented, by rehashing the key after every message: Messages contain information about how many rounds key needs to be re-hashed so even if messages are dropped, recipient is able to ‘catch up’.
In cases of physical key compromise is suspected, it also features the DH-key exchange, where the private key is shared over painstaking eighteen 13-char blocks from TxM to RxM, and shared 64-char secret is is typed directly on RxM. CRC-checksums should prevent some typos but there’s more work to be done on this. By typing in the private key, no third data diode is necessary. (I’ll add an option for this later)
From shared secret key, two session keys are derived by hashing shared secret key with section of public DH key, after users have over the phone, verified the hash of DH shared secret key (salted with dynamic secret agreed (but not spoken) over the phone). It sounds complex but the system guides the user.
The set is Keccak-Salsa20-Twofish(randomized CTR)-AES(GCM), so only the outermost layer provides authentication at this point.
Serpent would’ve been a nice choice but the only library for python I could find ( http://www.cl.cam.ac.uk/~fms27/serpent/serpent.py.html ) appears to be copyrighted and I’ve yet to hear from the author. Additionally, the library is said to be optimised for readability instead of speed and it shows: It takes 16 seconds for RPi (0.3 for my laptop) to encrypt single message in randomized CTR mode, so AES will have to do for now.
I reduced the HWRNG sampling speed 30x compared to OTP version, to further reduce auto-correlation; It is not a problem as only 1024 bits of randomness is generated in total.
Nick P • November 6, 2014 8:27 AM
It’s a nice write up. For the Level’s, I say stick to (maybe modify) what we have:
They’re good enough to show what effort is being put in. I’d add a mapping of Low, Medium, or High to make it easier for buyers.
“Security Parameters” and “Solution Parameters”
Solved by Common Criteria’s Protection Profiles. Best to improve them with less focus on paperwork and academic language. Example: SMG is a Mail Guard rated at EAL7 (high) with these features, security features, and assurance activities. There’d be a breakdown with lists of stuff. Each one might link to a wikipage describing its purpose. Like in CC, common types of applications might get a baseline set of protection profiles at Low, Medium, and High. Certain devices conceivably won’t get a High because they’re inherently insecure. The wiki will say so.
“Conduct of CSAL Assurance Level Certification”
We can take your model and make a simple implementation: widely recognized IT professionals/companies (or teams of them) do the evaluation. They do it privately if they want, but each review or verification of artifacts is posted publicly. The public can comment on the process. Moderator-approved posting might be used to limit incoming comments to stuff that’s knowledgeable and productive. Moderators would be voted in by community, with at least one permanently working for the foundation supporting it.
Addressing the subversion concerns, every feature must be vetted. This contrasts CC’s random sampling or looking at merely the process. This looks at process + products. The higher the assurance level, the more scrutiny on the specifics. The easy route, as the literature shows, is for the builders to design the systems/source for easy verification and incorporate the peer review into the development cycle. Every submission to the build system that gets accepted is forwarded for review. Optionally, the reviewers manage the build system themselves to ensure config mgmt, automated testing, and signed build requirements are met.
Thoth • November 6, 2014 8:59 AM
The most important is the Level 0 categories I defined I do say. It’s what keeps the community secure .. by being open about what is and what is not.
The above 4 levels I created were base on stuff I know at the back of my head (did a quick one) therefore it’s not too comprehensive as it should have been. My usual way of getting the ball rolling down in Schneier’s forum is to put one of my feet in it and the rest of you guys would soon chirp in 🙂 .
Do try to help shape the CSAL standards and let’s all hope one day a widely recognized community standards would appear to have impact on ITSec stuff and make the monster under the bed HSAs realize the people can make things happen without them around spoiling things up and making the world suffer with them.
Gonna spend more time reading the CC EAL link you posted and updating the CSAL with feedbacks from you guys.
Btw, any idea how I should host this CSAL ? Having it on Schenier’s comments won’t allow it to expand enough.
Should the EFF be approached to be given the custodian status and to host a community with a board of community selected counselors and representatives ?
How do we ensure that whoever posts the CSAL requirements are not from corrupted sources ?
For now I would be doing most of the editing of the CSAL here with Nick P’s feedback and some of your feedback so everyone pretty much know each other in a way (as regulars on the Schneier blog here).
SoWhatDidYouExpect • November 6, 2014 9:17 AM
New posting of interest from SlashDot:
Users Can’t Distinguish Scams From Facebook’s Features
The way I read this is as follows: Facebook is a scam.
Abandon all hope for those using Facebook.
Nick P • November 6, 2014 9:36 AM
@ Markus Ottela
“perfect forward secrecy is obtained like I presented, by rehashing the key after every message: Messages contain information about how many rounds key needs to be re-hashed so even if messages are dropped, recipient is able to ‘catch up’.”
Sounds simple. Nice.
” By typing in the private key, no third data diode is necessary. (I’ll add an option for this later)”
Least it has verification if not usability.
“From shared secret key, two session keys are derived by hashing shared secret key with section of public DH key, after users have over the phone, verified the hash of DH shared secret key (salted with dynamic secret agreed (but not spoken) over the phone). It sounds complex but the system guides the user.”
It does sound complex. Although some cryptographers do, I don’t like mixing the DH keys with the shared secret as it violates Red/Black model and might create risks we’re not aware of yet. My method for doing something like that is just generating a random session key to seed a CRNG, encrypting it with shared secret, and encrypting that with DH. If you can decrypt it all the way to session key, you know the sender has the DH keys and shared secret. A hash derived from the DH’d key might be used for out of band verification. Notice how the private DH is more isolated by never mixing into the cipher’s state. It just does what it’s designed (and formally proven) to do.
(Any cryptographers reading along see a mistake in my construction feel free to suggest it. It’s been a while since I’ve done this stuff so my memory is hazy.)
re cipher choices
Keccak-Salsa20-TwofishCTR-AES-GCM seems like a good choice. Doing the authentication on the outside with GCM is a clever choice for practical reasons. Serpent is unnecessary given the implementation diversity in your existing choice. No loss.
“I reduced the HWRNG sampling speed 30x compared to OTP version, to further reduce auto-correlation; It is not a problem as only 1024 bits of randomness is generated in total.”
Keep up the good work. I especially like your structured coding style. This is one of the few crypto libraries I can read easily. 🙂 Well, one exception to that suggests an immediate improvement: break the file into pieces as it’s too cluttered with detail. Put the crypto and related helper functions in their own file/module. Then, just call those functions from the file with the protocol engine. Maybe do the same for XMPP transport or command related stuff. This lets people look at your protocol description, then clearly understand the implementation with a glance at the main file. They can then ignore the crypto details or drill down into those files.
A future improvement to reduce system complexity is replacing all those external process calls with calls to a library (eg Python plugin). If the library is portable, then the overall system will be easy to port to a variety of architectures/OS’s with little effort & potentially lower TCB. You might also compile the crypto or helper functions using something like Cython.
Nick P • November 6, 2014 10:31 AM
I’ve been using Pastebin for huge stuff to prevent cluttering the comments.
Facebook has been a con since Zuckerberg told his fellow students he was building their Harvard Connection website, canned it, and launched a similar looking website of his own. 😉
BoppingAround • November 6, 2014 10:32 AM
[re: Advertising] Anura,
That’s an interesting thought.
I often wonder what would our life look like without ads.
[re: The Authoritarians] thevoid, Adjuvant,
Looks intriguing. I’ll check it out, thanks.
[re: three-letter conspiracy] Nick P,
Aren’t you reinforcing it with your own three-letter acronyms? 🙂
Nick P • November 6, 2014 1:10 PM
“Aren’t you reinforcing it with your own three-letter acronyms? :-)”
Um, uh (stammers) the whitespace is character too. So, mine are five. 😛
Benni • November 6, 2014 3:34 PM
Interrogation of two BND spooks at the NSA investigation comission of the german parliament:
For example, we learn that foreigners are, as the BND spook says, “free to be shot at” and for germans, there is the g10 law that should protect them mostly from BND surveillance. But actually, BND makes this distinction: If a german has some function in a company, an association, a club, or a government, then BND does not view this german as a person to be protected by g10 law, but as someone who has a “function” and thereby no protection from BND.
Basically this means that BND thinks he is allowed to monitor every german person who has a job in a company or government or who has a function in a club or association….
Furthermore, the second spook said that data from fibers were transferred to NSA automatically….
During the interrogation of the first spook, the government lawyer asks the parlamentarians not to “torture” the spook so much, since the interrogation would be stressfull.
After the interrogation of the second spook, the government lawyer asks for a doctor since the poor spook would not be fit enough to be questioned further….
The first spook mentioned that BND would compile only 20 reports with intercepted messages per day. The second spook said it was 8-10.000 per month instead, each report with intercepted data being up to 7 pages long.
The first spook said under oath that no de-cix data was given to NSA. But the parlamentarians had exactly that in their reports they were given to BND. So the parlamentarians were asking whether they should prosecute the poor spook for perjury…..
Scared • November 6, 2014 3:55 PM
Who wouldn’t want to have a “listening device” connected to the Internet in their home?
BoppingAround • November 6, 2014 5:19 PM
re: Amazon Echo
And what happened to their Fire TV?
thevoid • November 6, 2014 6:38 PM
re authoritarian spectre definitely would like to read that myself, but $70?
its been a few years since i read ‘authoritarians’ myself, but i think i need
to review it again, especially as the reason i brought it up was it was
relevant to people’s comments about the current situation.
something else by altemeyer you might be interested in if you haven’t read it
is a paper from 2003 titled ‘what happens when authoritarians inherit the
earth. a simulation’ which also discussed SDOs (social dominators), the
counterpart to RWAs (followers).
also, on behalf of transcript lovers everywhere, thanks! audio/video has its
benefits, but i can read much faster than it takes to listen.
Sancho_P • November 6, 2014 7:13 PM
I’d vote for HSA, it sounds completely neutral to me, not too complicated.
However, it must be clear in each and every discussion that it will only address the
Foreign Nation State Attacker (FNSA),
like Russian or Chinese Internet Aggressors (RCIA).
To make that understandable even to the skeptical people, the new term “HSA” must be supported by a classified document that identifies the offenders clearly by using a code name, e.g.:
(High Strength Attacker From China Or Russia Or Any Other Evil Foreign Nation State
God Bless America)
And we need an easy-to-pronounce version, too –
subtle, not offensive, not hyping of course –
Now everybody should know it means the bad hacker, not us !!!
Adjuvant • November 6, 2014 8:40 PM
@thevoid You bet. I’m also working on captions/subtitles via Amara.org, which is having the side effect of shaking out all the bugs in the transcripts. (I had no idea how long it takes to do really good subtitles! — looking like a >20:1 ratio in terms of hours so far, though with practice I project about 12 or 15:1 — this compared to 3 or 4:1 for an average transcript.) Just finished Part I here
Also, just as a tangent: I’m busy doing the audio/video –> text thing for my project, but for those interested in a project that goes the other way (i.e. important written documents (plus recorded interviews) –> podcasts, 2 hours/fortnight), I’d suggest taking a look at unwelcomeguests.net. Only ever listened to a few of their shows, but looking at the episode list, it seems they do a great job hitting the high notes with a good SNR.
thevoid • November 6, 2014 11:43 PM
have you tried to use a speech recognition system for the initial pass? i
haven’t used any myself, but maybe you could use it like an ocr, so instead
of typing the whole thing, you only need to correct/annotate it. a popular
free one is cmu-sphinx (http://cmusphinx.sourceforge.net/). hope that helps.
Silent Underground • November 7, 2014 12:10 AM
Well, I am pleased to see Skeptical only having made one post here. He makes us who actually work for “the government” look bad, though serves as a semi-useful devil’s advocate.
If anyone happens to be curious, as they very well may end up being before I finish this post, the nick “Silent Underground” comes from the last song played at the quite pivotal television show “Legends”.
Google Moon Taxi Silent Underground, if you have any sort of taste for music.
The reality is both Skeptical and his hyper focused troll both work for me and people like me. How sad is that? We play both sides of the game. But, who is the real target here?
While, of course, this is very controlled, and entirely plausibly deniable: here is what is really going on.
Number one, the NSA is not nearly as capable as they are effectively telling the world. They are just a fall guy. All of this Snowden and Manning nonsense was completely orchestrated. (Yes, your worst conspiracy theories are true, but you are not really even beginning to grasp it.)
The Message on that is quite simple: they are devious, diabolical bastards who are after everything wired and wireless. Somehow, they make sense of all of this, and are employing every means of extortion and other form of potential threat. They are the diversion. They are the point of making “everyone” paranoid.
For you “free worlder” pure hearts, they are the epitome of adultery to the causes of liberty and justice.
Contrary to seeing you as some sort of criminal, in reality, your purity of heart (though lack of vision) is appreciated. Being but mere human beings, your ignorance is negligible.
But it is good to keep you paranoid.
You think you know who the hell is running “your” government, and these first world governments. Believe me, plenty of FBI, CIA, NSA, DIA, and on and on folks thinking the very same thing. You guys are all in the same boat!
But are not open enough minded to realize it.
Put it this way: so they get a badge by their job and are quite confident they are now magically in the “in” club. And you guys get your cause by conscience and reasoning and think the same thing.
If this were a dating game, I would put you guys together. Romance. 😉
“Anonymous”? Guys, seriously. You think that was not totally started and controlled by the US Government from the first place? Wake up. WTF.
Just look at the Sabu story. HBGary “Federal”? Really? Stratfor? You know for Stratfor Sabu was working for the FBI. And when they gave lists of foreign consulates and embassies to hack, this causes you guys to have to suspicion at all? How stupid can you be?
I might add here, obviously, anyone can say they are “Anonymous”. That is besides the point. The Sabu-FBI-Controlled “Anonymous” were the guys that hacked all those US agencies and friendly agencies. Think. Bona-fides are hard work.
Here is how a Real cover company works: you keep up the horrible monotony and story on a daily basis.
911? Get real. Idiots who press that are either trying to make themselves look ludicrous, or really are ludicrous.
The reality is much more simple. Stupid people with shallow motives get nowhere.
Real conspiracies involve true believers with real merit.
The MIA club. Do you seriously think many people go MIA and KIA to only live a life a service just to be complete assholes? Duh. No.
There are genuine causes at work here and genuine purposes. This “Super Evil” crap only makes everything real, comical, impossible.
American foreign policy is the only FP you need to know, because it is the damned best any one can humanly do. The best of two not so good choices.
As for money, sure, we have money.
But, if you go and destroy your entire life to live a covert life, believe me, you do not buy into a bunch of bullshit. You are willing to make money for your cause. But, not something like 911 or intentionally creating some group like ISIS. Not exactly in your best benefit as a True Believer.
Which? We are.
FYI, as corrupt as the political system seems to be, well, guess what? It isn’t for the simple fact that they actually can not do anything substantial without a higher up OK.
Why is this? For one, the politicians have no system of disguise. That be it personal, where one can appear as anyone, or corporate, where one can create corporations which did not exist before but now do. Or governmental, where one can pose as anyone one wishes in government, as long as it is private. Like any general. Or G14 and above.
Put another way: there is no democracy. There is also no corruption.
Silent Underground • November 7, 2014 12:26 AM
Reading the above, I can see a few points where some posters might have conniption fits.
Their panties might get in a wad, and not in the good way.
For the 911 assholes:
There you are, shown up as the insincere, dishonest assholes which you are. By Cracked magazine.
Yes, I am in a conspiracy. Of the US Government. And way beyond your wildest dreams. But, 911, no. Don’t be a completely dishonest asshole.
If you are trying to buy into that, believing it may advance your career in some secret service — believe me, assholes are jettisoned. Quickly. Forcefully. Not that you would ever get anywhere anyway without being born into this.
But hey, instead of listening to somebody whose initial identity (the fucking one I was born with) went MIA in Laos in 68… listen to some dick head who doesn’t know anything and has zero experience with anything covert besides maybe one time getting a grade grunt level level of classified information.
FYI, guys, the Verizon office in Dallas served some very nice buffalo meat burgers last time I was there. Which was when we set up a huge infrastructure of surveillance intentionally designed to fuck with the heads of americans and euros and everyone else alike. Bottom floor. Right past the main doors. Go downstairs.
If you skip past all the diversions, the whole point is for middle east foreign policy.
Do you really want to know what anyone has planned for the Middle East? Guess what? Getting the Syrian militia taken over by ISIL was no totally unforeseeable thing. Duh.
The singular problem people have is: one, by being outsiders they are enemies. Number two, as outsiders and so enemies that are targets for one thing: to underestimate us.
Duh. What else do you do in a game of any kind?
Figureitout • November 7, 2014 12:49 AM
Former NSA Lawyer Says Reason Blackberry Failed Was ‘Too Much Encryption’ Warns Google/Apple Not To Make Same Mistake
Baker said encrypting user data had been a bad business model for Blackberry, which has had to dramatically downsize its business and refocus on business customers. “Blackberry pioneered the same business model that Google and Apple are doing now – that has not ended well for Blackberry,” said Baker.
Here’s to hoping the Google/Apple engineers have a good hearty laugh at this nonsense spewed by the ultimate ambulance chaser.
Developed on Hackaday: Mooltipass, OpenSource Offline Password Keeper
They have a deliverable and are running an indiegogo crowd-funding campaign. Shows what is possible w/ a bunch of random strangers and the internet (scattered mostly throughout US and EU here) and having some leadership keeping the project running and getting a final product (via Mathieu Stephan). Also “flashy” enough to actually gain some interest from even lightweight security people who want the fancy touch screens and almost plug-n-play functionality (stated no drivers, as it emulates a USB keyboard…which…I’ll wait on a hack on it but so far this would be more handy than what I’m doing w/ my passwords, which also need to be updated big time…ugh).
Random Factoid on an SD-card Reader
–In case anyone has this product (Dynex USB 3-in-1 Memory Card Reader), datasheets state one must use Windows or Apple. It’s nonsense now, device works fine on Kali Linux. Use the very handy lsusb command line script and you’ll see a GL827L device. There’s a little space in the 8051 chip at the heart of this interfacing chip, which I would prefer the manufacturers over-write all that space at least and there be a difficult re-flashing procedure. Last thing you want is a malware writing to every SD card inserted in the reader. Best resource that I found for hacking this is: http://hackingbtbusinesshub.wordpress.com/2012/10/25/reprogramming-the-2wire-nand-flash-ic/
Glad I decided to test this out one last time as I nearly relegated it to the “harvest pile” an get a nice USB port.
Markus Ottela • November 7, 2014 1:15 AM
@ Nick P
The problem is how users can agree on the shared secret when physical compromise is assumed. Of course some sort of long static passphrase can be agreed on earlier but I suspect users are too lazy to make it strong against brute-force attempts.
After that, only the DH shared secret key protects the session key. If the DH shared secret key is broken, I don’t see how it matters, if it’s used as key encryption key or part of original key fed into hash function.
Anyway, I agree the encryption functions should be separated. I’ll get down to it once I can spare some time.
Thoth • November 7, 2014 5:49 AM
Assuming compromised components, if it’s a two party computation, it is difficult to ensure integrity of sorts. Probably higher chances of success if it is done in a multi-party computation environment as some crypto protocol research into the multi-party computation problems have came out with researches that gives some survival chances as long as a quorum of parties still remain honest in a set.
This is not some direct solution but probably some ideas to look into different possible ideas for inspiration.
Imagine if the module is not a single monolithic module but made of some form of mini-modules, it might allow some kind of inter-module communication (includes multi-party computation with other people talking on the line). If each module can be strictly isolated with certain redundancy of sorts, it may allow such computations but the problem is complexity itself and the design needed to secure it.
If a device is compromise, it should be assumed insecure right away in a traditional sense.
CallMeLateForSupper • November 7, 2014 7:53 AM
@Scared “Who wouldn’t want to have a “listening device” connected to the Internet in their home?”
Oh yes! I’ll take one to go. In red, to match Bezos’ eyes.
@BoppingAround “And what happened to their Fire TV?”
And that other killer product, the Fire phone.
albert • November 8, 2014 12:52 PM
Is taking a fingerprint from a suspect legal? I though they needed to be arrested first. In other words, a 4th Amendment issue.
Adjuvant • November 8, 2014 1:22 PM
@thevoid have you tried to use a speech recognition system for the initial pass? I’ve though about it, and it sounds like a great idea in theory, but in practice, being familiar with the quality of output that can be expected with an untrained system and multiple speakers with different accents, I’m willing to bet it’s just like people say about bad code: faster to recreate from scratch than correct all the errors. Given 100 w.p.m. QWERTY and speech usually at < 150 w.p.m, it’s always correction and re-listening to unclear passages (which SR software would never pick up anyhow) that take up the majority of the time, not the initial lay-down.
@Silent Underground Thanks for the copypasta.
thevoid • November 8, 2014 3:27 PM
gotcha. i particularly didn’t think about accents… and i can definitely see
how that would be like coding.
Adjuvant • November 10, 2014 10:07 AM
Sorry, thoughlessly tried to use an inequality in my text and the comment form had a minor infarction. Was saying something to the effect that speech is usually under 150 w.p.m and so the original transcription takes less time than the subsequent correction and polishing, so it’s best to have the highest-quality original possible, etc., etc. Point made, though.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Leave a comment