Friday Squid Blogging: Tentacle Utensils


As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on February 13, 2015 at 4:38 PM • 159 Comments


AnuraFebruary 13, 2015 4:58 PM

Is that $240 for one fork, one knife, and one spoon? It does look nice, but seems a little on the not-for-me end of the price spectrum; you're better off just buying hallucinogens and watching your regular utensils change into interesting shapes.

gordoFebruary 13, 2015 5:58 PM

“Security-Cleared Population Drops by 10%”
Steven Aftergood, Secrecy News Blog,, Feb.04, 2015

The number of people who hold security clearances for access to classified information has been reduced by ten percent, the White House said in budget request documents released this week.


The new ten percent reduction in clearances “will allow agencies to better deploy resources to priority activities, such as completing periodic investigations for the most sensitive populations,” the White House said.

GrauhutFebruary 13, 2015 6:49 PM

Obama high on cyber these days...

"Obama to encourage companies to share cyber threat data
By Joseph Menn and Roberta Rampton

SoWhatDidYouExpectFebruary 13, 2015 7:51 PM

From Slashdot:

Trans-Pacific Partnership Enables Harsh Penalties For Filesharing

This sort of thing is the most underhanded type of activity that can be imagined. It makes no sense for the present administration too put U.S. citizens at risk with these back door arrangements.

From the post:

"The TPP's copyright provisions even require countries to enable judges to unilaterally order the seizure, destruction, or forfeiture of anything that can be 'traceable to infringing activity,' has been used in the 'creation of pirated copyright goods,' or is 'documentary evidence relevant to the alleged offense.' Under such obligations, law enforcement could become ever more empowered to seize laptops, servers, or even domain names."

This just becomes another way for businesses located here to influence, intimidate, or control people in the participating countries and I will bet that many existing members of Congress here are being paid well to vote in favor of such arraangements.

LessThanObviousFebruary 13, 2015 8:42 PM

I have recently become much more concerned and frustrated with the state of privacy rights in the US. We've all spent a lot of time on the issues of government surveillance and overreach, but the private corporations may actually be doing much more harm to the population. When it comes to data brokers and such businesses I don't and I doubt most in the public do either, have much of a sense of what they are up to and how little legal ability we have to stop them. I recently became aware that my home address is published online and the site offers no actual method to opt-out of that feature. We are at a point in our society where the average person cannot live a normal life and engage in normal online activities and commerce without exposing far more than they would ever agree to if they were asked for consent.

Even if you go out of your way to protect your privacy and are willing to spend say 25 hours a year managing opt-outs and such, you may still not be able to provide a reasonable level of privacy because many times companies are not obligated to allow full and complete opt-out. In my view beyond violating the rights many of us think we have that the legal system doesn't seem to support, good security and a complete lack of privacy are mutually exclusive. Harm to privacy is harm to security, harm both to physical security and to information security. It’s time we make clear that individuals should have an indisputable right to privacy and security that trumps any and all business interests in its deprivation.

Much like we have a national do-not-call list, it's time we had a do national do-not-track list.

Data Brokers and Your Privacy

Currently displaying 270 Data Brokers

RonaldleesFebruary 13, 2015 8:56 PM

The average American does not know (and because of that) does not care (for long) about these things. Sure, people read the headlines, but after a few moments of shock, they usually ignore them because it's all part of a giant wave they perceive as unstoppable. I wonder if a small group of citizens (et. al, Mr. Schneier and colleages) can do much in the face of such apathy. Maybe that apathy is the reason that a significant part of the web blacks out when I turn off RC4.

Nick PFebruary 13, 2015 9:46 PM

@ gordo

Maybe. More likely, they'll reinvent the wheel or develop a ton of bad approaches that take off in the market. Standard fare.

Nick PFebruary 13, 2015 10:53 PM

This Friday's present for INFOSEC fans:

Code-pointer integrity

Abstract: "Systems code is often written in low-level languages like C/C++, which offer many benefits but also delegate memory management to programmers. This invites memory safety bugs that attackers can exploit to divert control flow and compromise the system. Deployed defense mechanisms (e.g., ASLR, DEP) are incomplete, and stronger defense mechanisms (e.g., CFI) often have high overhead and limited guarantees [19, 15, 9].

We introduce code-pointer integrity (CPI), a new design point that guarantees the integrity of all code pointers in a program (e.g., function pointers, saved return addresses) and thereby prevents all control-flow hijack attacks, including return-oriented programming. We also introduce code-pointer separation (CPS), a relaxation of CPI with better performance properties. CPI and CPS offer substantially better security-to-overhead ratios than
the state of the art, they are practical (we protect a complete FreeBSD system and over 100 packages like apache and postgresql), effective (prevent all attacks in the RIPE benchmark), and efficient: on SPEC CPU2006, CPS averages 1.2% overhead for C and 1.9% for C/C++, while CPI’s overhead is 2.9% for C and 8.4% for C/C++.

A prototype implementation of CPI and CPS can be
obtained from"

Nick's note: a very powerful addition to the security engineering arsenal. The simplification, greater security invariant, and performance overhead are great. Inherently safer languages can also be mapped to this while disabling the safety checks for what it counters. Dealing with kernel code might necessitate choosing an easy RTOS to make the conversion more straightforward. Or, once again, the Oberon System(s) as only a small part of it runs unsafe. Very much worth peer reviewing and thinking on. Also, future innovators should think on how it could be implemented on the CHERI processor which natively supports capabilities.


WaveScript: A Case-study in applying a distributed, stream-processing language

Abstract: "Applications that combine live data streams with embedded, parallel, and distributed processing are becoming more commonplace. WaveScript is a domain-specific language that brings high-level, type-safe, garbage-collected programming to these domains. This is made possible by three primary implementation techniques. First, we employ a novel evaluation strategy that uses a combination of interpretation and reification to partially evaluate programs into stream dataflow graphs. Second, we use profile-driven compilation to enable many optimizations that are normally only available in the synchronous (rather than asynchronous) dataflow domain. Finally, we incorporate an extensible system for rewrite
rules to capture algebraic properties in specific domains (such as signal processing).

We have used our language to build and deploy a sensor network for the acoustic localization of wild animals, in particular, the Yellow-Bellied marmot. We evaluate WaveScript’s performance on this application, showing that it yields good performance on both embedded and desktop-class machines, including distributed execution and substantial parallel speedups. Our language allowed us to implement the application rapidly, while outperforming a previous C implementation by over 35%, using fewer than half the lines of code. We evaluate the contribution of our optimizations to this success."

SurfNoC: A Low Latency and Provably Non-Interfering Approach to Secure Networks-On-Chip

Abstract: "As multicore processors find increasing adoption in domains such as aerospace and medical devices where failures have the potential to be catastrophic, strong performance isolation and security become first-class design constraints. When cores are used to run separate pieces of the system, strong time and space partitioning can help provide such guarantees. However, as the number of partitions or the asymmetry in partition bandwidth allocations grows, the additional latency incurred by time multiplexing the network can significantly impact performance.

In this paper, we introduce SurfNoC, an on-chip network that significantly reduces the latency incurred by temporal partitioning. By carefully scheduling the network into waves that flow across the interconnect, data from different domains carried by these waves are strictly non-interfering while avoiding the significant overheads associated with cycle-by-cycle time multiplexing. We describe the scheduling policy and router microarchitecture changes required, and evaluate the information-flow security of a synthesizable implementation through gate-level information flow analysis. When comparing our approach for varying numbers of domains and network sizes, we find that in many cases SurfNoC can reduce the latency overhead of implementing cycle-level non-interference by up to 85%."

SoWhatDidYouExpectFebruary 14, 2015 2:48 AM

'Google Search On Steroids' Brings Dark Web To Light

From the post:

"Memex, which is being developed by 17 different contractor teams, aims to build a better map of Internet content and uncover patterns in online data that could help law enforcement officers and others. While early trials have focused on mapping the movements of human traffickers, the technology could one day be applied to investigative efforts such as counterterrorism, missing persons, disease response, and disaster relief."

Duh, I thought this was already being done by the vast data collection of the 3 letter agencies?

BoppingAroundFebruary 14, 2015 9:34 AM

Do they actually abide to that list? I am curious as I am not a US citizen.

As for data *cough*-rapists-*cough* brokers (and other things) I have this transcript:

MORGAN (voice-over): After dozens of phone calls and plenty of rejections by data companies, I've pretty much given up on getting my data. BUT I got a call from Steve who said he had one last surprise for me.


RAMBAM: I've got all your data with me?

MORGAN: What do you mean you got it all?

RAMBAM: Well, I mean after a while I ran out of space in the file so I stopped printing but --


RAMBAM: I mean, it is about the size of the Milwaukee phone book.


MORGAN: So why would no companies give this to me?

RAMBAM: Two reasons. First, they don't want to establish a precedent. If they give it to you, trust me, 300 million Americans would want it. And frankly, there would be a revolution against the ad entities. If you knew the information they had on you, you would go nuts. There would be a second American revolution. Look through it. Be paranoid. Have a good day.

mike~ackerFebruary 14, 2015 9:43 AM

Secure Computing in a Compromised World

It's not a State Secret: much of our Personally Identifiable Information ("PII") has been leaked, hacked, sold, or otherwise distributed to most anyone interested, including disreputable re-sellers.

See Krebs on Security: How much is your identity worth?

If we accept that as an existing condition ,-- what sort of response might we make now?

The answer lies in the proper authentication of transactions.

Any miscreant may have my PII -- or yours -- or -- untold thousands of files. This is the reality we must all live with today. “That Said”,-- it becomes apparent that we need an identification mechanism such that an individual can provide his or her identification credentials in a public venue and at the same time retain control of the use of said credentials.

A nasty task it would seem.

Fortunately some very splendid gentlemen, highly talented in mathematics have already done this work for us.

The solution is known as Public Key Encryption. Martin Hellman together with Whitfield Diffie and Ralph Merkle are credited with the development of the mathematics required for Public Key Encryption.

I refer you now to a key sentence in the testimony of Whitfield Diffie in behalf of the NewEgg Supply Co v TQP Holdings: *reference(1)

In Part:

“There was one other big need: proving authenticity.
"The receiver of the document can come into court with the signed document and prove to a judge that the document is legitimate," he said. "That person can recognize the signature but could not have created the signature."

The CRITICAL POINT is well stated by Mr. Diffie here: a signature must be such that it can be authenticated -- but not forged. The signature must be valid on the original document only – not transferable to another or altered document.

PGP signatures -- are one answer. A miscreant might have your Social Security number, your date of birth and your dog's name -- but he would not be able to file a 1040 with the IRS or make charges to your credit card or log into your Credit Union -- if proper use of PGP -- including trust models -- were common practice. *note(2)

Proper use of PGP should be taught in school. and especially the procedures for establishing trust models for keys -- and protecting public keys from tampering. all of which is covered beautifully in Phil Zimmerman's original essay. *reference(3)

all of us should have PGP installed, and have our own public/private key pair, and maintain a Trust Model in our keyring.

this represents a significant change in computing practices. Many of us see the need for change while many are unfortunately resigned to thinking hacking is inevitable.

Change is in the wind though,-- *reference(4)
*reference(1): Whitfield Diffie
*note(2): secure operating software required. like PGP this is available but not commonly used.
*reference(3): Phil Zimmerman
*reference(4) power of FTC to sue companies for poor security practice:


gordoFebruary 14, 2015 9:44 AM

@ Nick P,

"Standard fare."

Yes, that's how things tend to go. Given the social, economic, and technological upheavals or disruptions of our day and age, however, the opportunities, for yet a few more outliers to further define the era, may still be ripe. Alternatively, this may have already passed, and the die's been cast.

CallMeLateForSupperFebruary 14, 2015 10:59 AM

"Maybe that apathy is the reason that a significant part of the web blacks out when I turn off RC4."

Don't stop there; continue your experiment: rip out Java; rip out Flash; DISable JavaScript. Then surf again and marvel at how much smaller your Web has become.

IMHO, site administrators who passively push Flash by populating their pages with videos, instead of simply making the point with text or a photo, should be forced to stand for fifty lashes about the head and fin with a sock full of flash drives. Ye gads! the hell of the tele sound byte has become fully entrenched in cyber space too. Flash: the gift that keeps on taking.

SkepticalFebruary 14, 2015 1:20 PM

@Nick P: " [Transparent Computing] sounds like an oxymoron to me of course, but I've heard that various folks have an interest in it, and given the name, I wondered whether it might not be at least tangentially related to this issue."

Never heard of it. There are plenty of tech and research centered on mutually distrusting parties trying to work together on something. Most computing relies on overpriveleged, black boxes at many layers of the system.

Didn't get the chance to respond to your comment last week in last Friday's squid thread.

Re transparent computing, see:

Here's a quote: Because modern computing systems are opaque, APTs can remain undetected for years if their individual activities can blend with the background “noise” inherent in any large, complex environment. Beyond the APT problem, a lack of understanding of complex system interactions interferes with (and sometimes completely inhibits) efforts to diagnose and troubleshoot less sophisticated attacks or non-malicious faulty behavior that spans multiple applications and systems.

The Transparent Computing (TC) program aims to make currently opaque computing systems transparent by providing high-fidelity visibility into component interactions during system operation across all layers of software abstraction, while imposing minimal performance overhead.

"wouldn't certain Red Hat flavours offer equal if not greater reliability and desktop experience? "

The "enterprise" distribution aims at high reliability. The Fedora desktop distribution aims to be cutting edge. That counters reliability a bit. The most important metric is "easy enough to use that you will keep using it." Fedora falls behind a bit there, I've heard SUSE does a bit better on that, and Ubuntu-based distros lead in that category.

Well, there's RHEL and Fedora as you said, but there's also CentOS, which I'm told can be highly reliable.

Your Mint comment is strange because it's designed to look a lot like Windows: a "Menu" button in bottom left simulating Start menu, quick launch icons to the right of it, tabs of running apps to the right of that, and far right is app + configuration icons like in Windows.

Poor attempt at humour on my part. I'm told Mint excels in ease of use.

VincentFebruary 14, 2015 1:38 PM

When Jeb Bush released e-mails from his tenure as governor, his staff inadvertently also released personal details of his constituents contained in those e-mails such as names, addresses, e-mails, and Social Security numbers. Full article here.

Nick PFebruary 14, 2015 3:05 PM

@ Skeptical

Ahh, an ongoing research program. There were systems in the past that achieved this goal to varying degrees. This advertisement for Genera LISP OS points out the advantage that, upon an error/exception being raised, the developer can load up the running state of that process, the source code for it, and fix the error in the running system. This includes the OS or any tool in it, which came with source integrated into debugger & profiler. So, their goal was already done to a large degree in the early 80's with a productivity focus. It should be even easier to do on a simplified, typed, imperative language + modular OS in 2015+.

A more consistent system such as Oberon is better for this, though. Almost all OS, tool, and app code are written in the same language using the same compiler. Makes whole system instrumentation, analysis, and/or monitoring a breeze compared to how eg UNIX/Linux systems are built.

re CentOS

Yes, it's reliable. It's also a server-oriented distribution. You can make it work as a desktop with a bit of manual labor. There's guides on the Internet. You also have the benefit of leveraging Red Hat's investment in both virtualization and containment mechanisms (eg SELinux). There's tools and guides online to using these for a variety of goals. Any of the big Linux's have this benefit in the form of a big community of both developers and supporters.

Download VMWare Player with a CentOS VM image or VirtualBox with a custom install. Use one of them to try out your top candidates. Customize it, try to do day to day activities, etc. If you like one, try a LiveCD or dual boot (Win + Linux) first to ensure it works well on your real hardware (esp wireless). If that goes well, then do a full install.

albertFebruary 14, 2015 3:07 PM

@CallMeLateForSupper, et. al.
Flash, Java and JavaScript are cancers that need to be cut out completely; no drugs or radiation, just the knife.
I've seen complete websites done with Flash. It's insane. If you use NoScript and Flashblock, you already know how many websites won't work without 'em. There are commercial sites with 20 to 30 separate scripts, and hundreds of elements. Sometimes, a friend sends me a link to such a site, and it just isn't worth the trouble to make it work. Reading text is way faster and more efficient than watching a video.

I wish someone had a metric for the Webs signal-to-noise ratio. I know there are a lot of good things on YouTube, but man, there's a lot of junk, too. I'm fairly certain that more than 50% is garbage, more if you include Facebook and Twitter.

The web is godsend for manufacturers. You can get product manuals, specs, and s/w updates. There are videos for repairing just about anything, and hobbyist blogs, sites, and videos for almost every avocation imaginable. That's all good.

The downside is the super-commercial stuff. TV network websites are some of the worst. IF folks stopped visiting those sites, they would become loss-leaders, and gradually disappear. Aggregators are the worst form of blood-sucking parasites. Most of the information they provide can be had for free elsewhere.
Greed permeates everything.
I gotta go...

Nick PFebruary 14, 2015 3:22 PM

@ albert

Flash websites were the coolest ones back in the HTML 3.2 days. People still do cool things with it. Rather than ditching it, we could've done something like the Juice project did to increase performance while maintaining safety properties. Plus, better browser architecture in general (eg OP2).

albertFebruary 14, 2015 3:34 PM

One of my favorite sites, ( It's too good be called a 'blog'. All the news, plus all the CRS reports. Steven Aftergood rules! Highly recommended.
A 10% reduction in security cleared people. From 5.1 million to 4.6 million. That should help, especially if all future Snowdens are in that 10%. :)
Are these people silly, stupid, or just stumbling around in the dark?

albertFebruary 14, 2015 3:51 PM

@Nick P

Even with 'perfect security', being proprietary and controlled by one company are serious issues for me. A free, open Juice-like product sounds good. What happened to Juice?

Re: Java..."Write once, run anywhere" is a great idea. It loses something when it is swiss cheese, proprietary, and controlled by one company.


Nick PFebruary 14, 2015 4:01 PM

@ albert

Like most Wirth tech, it was a one-off bit of work by college students to build a resume and prove a point. Then, it wasn't maintained and site disappeared. Given its description, a modern tech like that could easily be build. Doesn't have to be Oberon, either: Go + Chrome Plugin + Juice tech might work. Language just has to be safe, high performance, and very fast compilation.

GrauhutFebruary 14, 2015 4:47 PM

@Skep: "...there's RHEL and Fedora as you said, but there's also CentOS"

CentOS = (RHEL - (proprietary stuff + certifications))

If you need a stable os for grandpa XUbuntu 14.04 is a good choice if security is not the primary focus. Will remind him of Win2k, just pull the menu bar to te bottom of the screen.

65535February 14, 2015 4:55 PM

The 'Public Relations' Show by the Industrial Spy Complex [and the media] continues:

1] “…Edward J. Snowden’s revelations shattered that. Now, the Obama administration’s efforts to prevent companies from greatly strengthening encryption in commercial products like Apple’s iPhone and Google’s Android phones has set off a new battle, as the companies resist government efforts to make sure police and intelligence agencies can crack the systems. … there is continuing tension over the government’s desire to stockpile flaws in software — known as zero days — to develop weapons that the United States can reserve for future use against adversaries. “In some cases that is driving them to resistance to Washington,” Mr. Daniel said in an interview. “But it’s not that simple… tension — between companies’ insistence that they cannot install “back doors” or provide “keys” giving access to law enforcement or intelligence agencies and their desire for Washington’s protection from foreign nations seeking to exploit those same products — will be the subtext of the meeting.” –New York Times


2] “…Friday, the president issued a cybersecurity executive order that creates a new framework for “expanded information sharing designed to help companies work together, and work with the federal government, to quickly identify and protect against cyber threats,” according to an … fact sheet from the White House…So far, Apple, Intel, Bank of America, US Bank, Pacific Gas & Electric, AIG, QVC, Walgreens, and Kaiser Permanente [medical records] have all signed up to use a new cybersecurity framework that could facilitate future information sharing [mass spying]... according to the White House... some groups are signing on for full information sharing, starting now. They include the Cyber Threat Alliance, which includes Palo Alto Networks, Symantec, Intel Security and Fortinet; the Entertainment Software Association, which represents Sony and Microsoft’s video game divisions, as well as many more of the largest video game companies in the country; Crowdstrike, a security firm; Box, a cloud storage company; and FireEye, a cybersecurity firm.” – motherboard.vice

It’s a Dog-and-Pony show in the “media” and nothing more. The collusion between the big Data Aggregators and Government continues – much to the destruction of Fourth and First Amendment rights of American citizens.

The profits to Big Data Firms are too tempting and the addiction to “Bulk collection programs” by the government is too strong.

I expect more of the PR dog-and-Pony show to advance day-by-day at the President’s prodding – despite his campaign promise to reduce said collusion and spy programs with industry.

ThothFebruary 14, 2015 5:06 PM

@Nick P
Wouldn't it be better if people got "un-addicted" by all those nice but dangerous Flash, JS, Java, HTML5, Silverlight and so forth ? Use a plain HTML 3.2 and that's about it but it's something so hard to get people "un-addicted" to it.

Next route if you can't "un-addict" people, high assurance provable browser and browser components in a limited environment. Haskell for the browser core, the VM built in Haskell, JS, Flash and all in some highly assured form.

If it all fails, use sandboxing with high assurance (kinda like Qubes, Genode and all that high assurance OS thingy you always mention about).

The last option of sandboxing and high assurance OS would be the best fit choice. Of course for those who wants to drill down to the details of hardware assurance, you can build your own CPU and board from whatever you can find :) .

SoWhatDidYouExpectFebruary 14, 2015 5:58 PM

Vint Cerf Warns Against 'Digital Dark Age'


From the post:

"The solution is to take an X-ray snapshot of the content and the application and the operating system together, with a description of the machine that it runs on, and preserve that for long periods of time. And that digital snapshot will recreate the past in the future." Cerf is also pushing for better data preservation standards: "The key here is when you move those bits from one place to another, that you still know how to unpack them to correctly interpret the different parts. That is all achievable if we standardize the descriptions."

Isn't everything already being snarfed off by the 3 letter agencies and preserved for eternity, or until we are all convicted of being terrorists, or parked in a sanitarium somewhere, or sent off to the gulag?

"Digital Dark Age" seems like fear mongering. Anybody with enlightment is welcome to comment. I don't see it but am willing to learn if my eyes can be opened.

fda09afFebruary 14, 2015 8:30 PM

@SoWhatDidYouExpect "Digital Dark Age" seems like fear mongering.

The "Digital Dark Age" meme has been around for a while. There's a whole display on it at the end of the tour at the Computer History Museum in Silicon Valley.

I've always understood it to be a strategic information shaping operation for the benefit of the NSA. The more copies of data there are around the easier it is for them to steal it.

Clive RobinsonFebruary 14, 2015 9:00 PM

@ Daniel, SoWhatDidYouExpect,

With regards Vint Cerf...

I heard him going on about this on BBC Radio 4 the other morning, and from certain view points what he is saying is correct, and it's not all about nutty historians, though that's the way it comes across.

Firstly data retention is an old issue and goes back in history to times that well preced "The Grand Charter" (Magna Carta) and is a requirment of law it's self, such that the law can be seen to be clear and just. As for the issues of privacy long ago they were thought about and resolved to a certain extent into the various "court sealings" and "year rules" that the various national archives have. For instance in the UK we have amongst others the "100 year rule" which means certain official documents of quite some historic importance are only now comming into the public domain, which is why children bourn from this time onwards will be taught the history of the First World War differently to that which you and I were taught. Whilst at first glance many people will say "yeh so what" you have to remember that we live our history today in a way it will not be possible to do tomorrow or any day there after, but what we do tomorrow is based on the foundations of what we have done today, in the same way as what we did to day was based on yesterday and the days before that. Importantly we can learn from past mistakes and success and thus make todays decisions and those of the future in better and more timely ways, it's why we have the old saw of "Those who fail to learn from the past are condemed to relive it".

But a lot of what we do makes no sense when taken out of it's place in time, because so much information is missing, hence the desire to record and analyse it. But further this need for information has to be balanced against the harms it could cause to the living and their relatives. The locked time rules made sense for the style of living they had when they implemented them, but as with all things technological, our lives have been changed by technology for both good and bad, and the technology is agnostic to both, it's those who use it for good or bad who are the "Saints or Siners". More often than not it's both as we see with the likes of Manning and Snowden, but likewise Bush and Blair, and as Shakespeare so aptly noted "the good that men do is oft interned with their bones, the bad lives after them...", it's why we know more about siners than we do saints, and also why people get the fealing technology is evil, just as in earlier times the written word was likewise considered evil as it ensnared mens words and so had a hold on their souls forever, and to a similar extent photographs. We look back on such people and regard them as being at best as "quaint in their notions", but here we are today with the Internet and the storage of people's "words, deeds and actions" causing fear in the hearts of some. What is our "scare or cause of concern" and what makes it so different of those with a fear of the written word or picture? Well historical context, or the lack of it which makes the past views look quaint, we don't know, only guess at the causes of their fears, which means we can not learn from them, so here today we are unfortunately reliving the past, in ways we might not have done if the historical context was available to us.

Secondly we have an issue which many call "bit rot" and it comes about to us in two ways, the first is the natural law of "entropy" of organised moving to disorganised in the materials we use to store information. The second is the human failing to record how things work in detail such that the invisable to the human eye impression of information on physical objects can be made not just visable but coherent. Thus we need not just the data on the physical objects and how they are impressed with information, but we also need the data on the way the information is encoded for impressing. Which gets us back the data, but that is likewise usless with out the data meta data that enables us to turn it into something humans can impress onto other physicsl objects that the human can sense and thus make a start on trying to interpret. It is why the history of a lump of rock found by a Napolionic soldier is so important to historians (look up "Rosetta Stone" on wiki) because it had three recognisable by eye languages impressed upon it's surface, only one of which was then known to scholars in a readable way. What sense do you think future historians would make of a modern "BlueRay Disc" if they found it? How about reading today data off of a twelve inch video disk? Or maybe a compressed archive on a "Zip Drive" cartridge, that might also have been DES encrypted...

So Vint Cerf is not wrong in what he is trying to achieve, it is important if those in the future are not to relive our mistakes.

However it may well be a doomed project, and the reason is assumptions. The most important thing to historians is the "mundane" that sets context in which the "headlines" and other "official" records can be viewed. We know from the fact that they were banned in an official proclomation that various "Pub Games" used to exist, but because the games are now nolonger played they are "lost history" and we can not know what it was about them which caused them to be banned in the first place. To the people of the time the games were known so were not written down as "common knowledge" is mundane. Thus the assumption of unimportance or common knowledge, will be the undoing of such a projects future utility, the only way to avoid it is to "record everything" and that is what scares us currently. We talk glibly about "Chilling Actions" causing people not to put their thoughts into words, but we don't realise that what we consider "good" will "thus be interned with our bones" whilst "the bad" of the NSA et al "lives on" and we will not just "appear quaint" to our decendents we also "condem them to relive" our mistakes, which is exactly what the "elite" hope for because they "will write the history" by which they will be judged...

BuckFebruary 14, 2015 9:53 PM

For a more recent example... Where do you think we would be today, if, say - all of WWII Germany's holocaust records had been destroyed & the former camps eliminated before arrival of the Allies (with only first-hand accounts of the survivors too pass on to future generations through folklore)..?

If I'm gonna compare apples with peaches, I'd say Cerf is tasting much more sweet than Cook

If those of us in positions of responsibility fail to do everything in our power to protect the right to privacy we risk something far more valuable than money -- we risk our way of life
Uhhh... That depends on what your definition of 'our' is! ;-)

Clive RobinsonFebruary 14, 2015 10:23 PM

Not being "states side" sometimes has it's disadvantages...

Any one know what's going on behind the fact that the US Navy has put it's two most senior uniformed Intel Officers on "gardening leave" on friday as well as revoking all their access to classified information?

The two officers concerned are,

Vice Adm. Ted Branch and Rear Adm. Bruce F. Loveless.

All I've seen is it's to do with a "historic bribery case" involving a defence contractor, which sounds a little odd considering the revoked clearances, suggests it is more likely to be about treason.

Fool's ErrandFebruary 14, 2015 10:32 PM

@Clive "So Vint Cerf is not wrong in what he is trying to achieve, it is important if those in the future are not to relive our mistakes."

It may well be that this is actually a battle in the individualism vs collectivism culture war being fought on the plain of data retention.

Whether data retention for future generations is of value depends on whether a person owns themselves or is merely a cell in the greater organism of society.
If the value of data is judged relative to the good it can do within the scope of the owner's life, then that would be an individualist standard of value.

But if data is construed to be the life's blood of a historical entity larger than one person, then a collectivist standard applies.

So flying the "Digital Dark Age" banner is a way to advance collectivism without actually revealing that goal.

BuckFebruary 14, 2015 10:53 PM


Definitely not in the national 'headlines' but this is the latest I could find:

Navy officials said Tuesday that at least two other admirals -- Vice Adm. Ted Branch, the chief of naval intelligence, and Rear Adm. Bruce Loveless, the director of intelligence operations -- remain under scrutiny in the case.
Neither has been charged, but their access to classified information was suspended in late 2013, severely curtailing their ability to carry out their sensitive duties as intelligence officers.
Navy censures 3 admirals in far-reaching bribery investigation (February 10, 2015)

Seems like they've been on 'secret' leave for a tad longer than a week...

tyrFebruary 14, 2015 11:08 PM

@ Clive Robinson

The US Navy has always been a problem to the powers
that be, it goes with the job. regardless of the
illusions of the US culture any officer at the
senior command level has to be aware of what is
real. Most of those who get to Admiral rank haven't
got any flies on them and I'll bet any that feel
their oath to defend the constitution against all
enemies foreign and domestic are very uncomfortable
these days. Being in intel only makes it worse.
The ocean has a nasty habit of killing those who
are order following robots without imaginations.
The other armed forces have decided that is their
role model with the expected results. The other
possibility is dirty internal politics, since
the collusion with defense contractors has been
going on for generations. I'd read any official
news with a very cynical eye looking for the CYA

subject change

Any historian is aware that the fabric of the past
is a dirty and torn lace doily with holes burned
in it. We get presented a nice narrative of whole
cloth in school but that is as fake as a dinosaur
without his feathers. Comp media has changed so
fast in the last few decades that a lot of it has
also already disappeared, not too mention DRM
schemes that seemed like a good idea until the
tech that could interpret them disappeared into
the scrap yard. We already live in a digital
dark age because of the cursed extensions to the
copyright laws, the majority of the 20th century
is crumbling away unarchived because the media it
is on is deteriorating away and if you make a
copy you're automagically a criminal because
Mickey Mouse. Ask yourself why the works in the
public domain virtually stop at 1923.

How sane is it to teach the next generation ,history
ended in 1915, we don't know what happened in the
hole beween then and now?

Wesley ParishFebruary 14, 2015 11:58 PM


The Cyber Defense Review by the Army Cyber Institute and U.S. Marine Corps Forces Cyberspace Command (MARFORCYBER).

I'm bemused. Is it likely to be a disinformation outlet or a genuine effort? Will they be shuttered the instant they trepass on "privileged" information such as the depth of NSA crippling of the Internet? Etc. Inquiring minds wants to know.

Clive RobinsonFebruary 15, 2015 12:06 AM

@ tyr,

How sane is it to teach the next generation ,history ended in 1915, we don't know what happened in the hole beween then and now?

From one aspect it is most definitely not sane as that is where the best examples of actions and reactions appear. The lessons that are normaly most important to us are those that make us "street wise" and thus armour us to survive in our society.

However there is a flip side, often the most memorable lessons involve the harm to an individual we see this not just in "revenge porn" but also in the photos in newspapers and video on news programs. When we see the face of a person bruised cut and damaged, it is visceral and thus memorable. But do we consider the harm this further inflicts on the individual? It's like a "mark of cain" it differentiates you from others and draws sympathy from some approbation from others, neither is welcome as it brings back the hurt and pain afresh each time.

Thus the rules rightly protecting a few inflict a loss on the rest of society, and this is a difficult balancing act.

What makes it worse is where some use the protective rules to their own advantage, in effect hiding their crimes behind them thus avoiding the transparency that would otherwise stop their at best questionable activities.

Currently we are in a "silent war" over information, there are those in power and those behind them that say there should be no secrets no hiding place for "the common clay". We have heard this from the mouths of the US President and from the UK Prime Minister. However the organisations and agencies of these politicals and those behind them insist that they are somehow different, they must have their secrets for the sake of some supposed good such as the "National or Corporate security". They demand that there be no balance, their right to privacy is prime, yours none existant, because "they are good and you are presumed bad"...

What history has shown us is the balance swings like a pendulum backwards and forwards, but often driven against it's current direction with a force that is frequently violent and very partisan in direction.

The majority of people are currently not "actively engaged" in the war which is why it is silent, unfortunatly those who seek to harm us are using the calm to put their forces into place to try and ensure "total domination". If history is correct then the outcome is not going to be pleasant one way or the other, "enslavement or bloodshed" are not democratic processes.

gordoFebruary 15, 2015 6:49 AM

@ Albert

Re: 10% reduction in security cleared people…
It would be interesting to see how that was accomplished, i.e., who accounted for most of the reduction, e.g., agency; sys admins; contractors; retirements (no pun intended); etc.

I wasn't previously aware of Aftergood/Secrecy Blog, but of the quality of docs on the FAS site, yes. I've added the Secrecy News page to my visit list. Thanks!

CallMeLateForSupperFebruary 15, 2015 9:10 AM

@Clive Robinson
"Any one know what's going on[...]"

I, also, scratched my head. Very lean on details, that. Eventually the word "bribery" claimed my interest. It niggled me. Why was it so familiar? Ah! There was a case last year (I think it was) centered on a young Navy officer who was nailed to the cross for taking bribes from a foreign national. The foreigner had connections with certain Asian governments and also with the U.S. Dept. of the Navy; he arranged all port facilities - onload/offload; provisions - which any ship needs while docked. Docking just one war ship costs millions. Very lucrative for the foreign country; very lucrative for the "broker". And so the money flowed to the person in the U.S. Navy whose job it was to determine where Pacific Fleet vessals would dock.

As I said, that operation was duly rolled up. The case which we now ponder might - I emphasize "might" - be fruit of the investigation into the dock mess.

Your mileage may vary. Void where prohibited.

Clive RobinsonFebruary 15, 2015 9:58 AM

@ Petter,

You would think that with all the fuss about "Big America Tech" cozying up to the US Feds and DoD's NSA and handing over all user data one way or another that one of the Biggest organisations with something like 90% of their customers outside the US would have a little more sense than to field badly backdoored SpyWare like this...

For those daft enough to thing that the copying of data for a little while via some form of "double encryption" is OK, just remember that that's only between the client and the cloud service front door. As Google found out the NSA et al will just tap the networks internal to the cloud...

Realy the NSA and FBI behaviour with the rubber stamp FISA courts should put huge flashing lights and loud wailing sirens on any "copy data" mention in a programs spec, and will if organisations are being "duely diligent" as the law requires kill off BYOD access to corporate networks, especialy if share holders get a "burr under their saddle over it".

As for the app stealing user credentials if the UK Banking Industry has it's way [1] then that will be sufficient to have any fraud on your account become your loss not the banks no mater how negligent they might have been...

[1] The first formal sign of this externalisation of risk by the banks started just over a couple of years ago with Santander, ( ) which as history now shows was not a good bank to be with for various reasons, not that most other banks were any better, just more criminal in their behaviour Barckley's and HSBC being two among many.

WaelFebruary 15, 2015 11:29 AM

@Nick P,

Gangstaz music

"So called highly trained security personnel" -- these were Patsies not reporters... Where is the music? I almost believed it :)

Clive RobinsonFebruary 15, 2015 11:48 AM

@ Nick P, Wael,

Warning this will put you of your breakfast...

As you know motherboard.vice is a techi site, and appears here quite regularly... well early this morning not having slept well I decided on getting up and doing usefull things. Finally on making breki I decided to do a quick trundel through the "usuall suspect" techi websites and being not fully concious, I clicked on this without realising,

Needless to say I did not finish breki... You have been warned.

WaelFebruary 15, 2015 12:05 PM

@Clive Robinson, @Nick P,

I decided to do a quick trundel through the "usuall suspect" techi websites and being not fully concious, I clicked on this without realising,

Out with it Clive Robinson... What else do you book mark? :)
I had blueberry yoghurt this morning (early morning, like at 2:45AM.) luckily I read this informational article close to 10:00AM. Not sure which is worse, your article or this pus article! Come to think of it, there some "initial" similarity :). Now where is @Figureitout to put some color on this!

Nick PFebruary 15, 2015 12:16 PM

@ Wael, Clive

I'm not clicking... any... of those links. The title alone on the first one was all the shock value I needed.

x47February 15, 2015 12:28 PM

Over 100 banks hit by sophisticated cyberattack

Citing a soon to be released report from computer security company Kaspersky Lab, the newspaper said the attack involved malicious software that gave hackers long-term access to banking systems.

A group of Russians, Chinese and Europeans was able to siphon off around $300 million in one of the world's largest bank robberies, the report said.

The money was transferred to bank accounts around the world in small-value amounts to avoid detection.

Hackers largely focused on banks in Russia, but millions of dollars were also taken from banks in Japan, the Netherlands, Switzerland and the United States as well, the Times said.

Hackers had such advanced access to the banks' systems that they could force ATM machines to dispense cash at specific times and locations where hackers could pick it up.

x47February 15, 2015 12:38 PM

@Clive Robinson

as to the yogurt that the woman in the article (Cecilia Westbrook , a MD/PhD student at the University of Wisconsin, Madison) made from her vaginal secretions, the article states:

This is not, it turns out, a very good idea at all.

According to Forney, "When you take vaginal secretions, you're not just taking the lactobacilli. You're taking everything.” And it’s possible that, from day to day, or woman to woman, “what you're using in your yogurt is no longer dominated by lactobacilli but other bacteria, some of which could be pathogenic,” he explained.

I guess it might as well be possible to make yogurt from the "secretions" of the "other end" of the alimentary canal as well. After all bacteria galore, and there should likely be some lactobacilli among all of that.

But this would likely receive even less publicity;-P

FigureitoutFebruary 15, 2015 2:58 PM

--Lol, I'm busy (too damn busy, overextended as usual), got too many projects that need to be done now. One future one, found some good links on OS dev (on x86 mind you...) whereby we can make a super minimal start *there* for all the x86-64 computers that aren't going anywhere for a long time. Then the concept of "cross-compiling" which has obvious security applications (and I do it all the time but wasn't specifically aware of it). Eventually I want to get to a custom Coreboot BIOS but right now it's too much for me, too much code. Custom Coreboot, on physically hardened older laptop or dev board or mini-ITX board (IBM thinkpad or an HP-compaq) by removing wifi/BT (if it's encapsulated and soldered in some chip then I'm not using it), then insert shielding and tack on protection at the air vent as it's a "copper highway to your CPU" and metal plugs to shield port holes (I've mentioned I believe there's a security risk in audio ports due to acoustical noise I can hear and it's been used for "headphone antennas" in other research, and when I get a proper test for it and capture the data, I kinda want to try it on an ATM, it's the only I/O there and sadly to exploit that would mean people that are blind can't use it if the risk is too big), then probably either a Minix, FreeBSD, or OpenBSD OS; but critically...I need USB I/O so that needs to be isolated (that's a problem that really stops me cold), as in no external file can touch the core, at all, never.

From there cross-compile to other architectures I want to try (not frickin' x86-64) bearing in mind that a) my hardware is still not secure and b) I can't account for software dev upstream and what malware they brought in and thus can't claim it secure and c) I don't understand how modern compilers work and will probably never truly grasp it (modern ones that have all the built-up warnings for compiling stupid code that will crash and burn).

RE: "pussy for breakfast" I can't eat yogurt for a little. I sometimes dig out that white stuff in eggs which my dad told me it's *ahem* just to f*ck w/ me but thankfully it's not. Apparently it's "sex-ed" week there. I prefer mine "tasteless" w/ a little stubble. I've had a girl's scent on my fingers for over a week (no amount of scrubbing would remove it) and then there was one...grossest damn thing I've ever...she would make some "good yogurt" lol...

And incase that wasn't stupid/worthless enough I f*cking clicked on the "dick-sucking robot" that's I've said before, I thought I had no what point do these people think "what am I doing w/ my life?". Do they honestly put that on their resume? Here it is, in all it's glory:

I'm blaming you if I get banned.

tyrFebruary 15, 2015 3:22 PM

I share the fictional Holmes view of Yogurt.
As he departed on the Saucer to immortality
(Watson had kept trying to get him to eat it
for his health), his parting words were, "heh
heh yogurt!"

On a brighter note.

There is something in this that seems to be
connected to security in computers, something
about the modular nature of discreet building
blocks for complicated tasks. Whatever it is
it'll take a lot more churning in the darkness
to come clear. On the other hand I can't think
of a greater horror for the control freaks than
the planetwide proliferation of individuals
empowered with their own shop to fabricate any
thing. They are already crapping in their diapers
over the script kiddy generation and their L33t
Hax0R skillset. Wait til the youngsters can make
artificial lifeforms in the basement. I wonder
how Bill Gibson feels living in his handcrafted

WaelFebruary 15, 2015 4:58 PM


I'm busy (too damn busy, overextended as usual), got too many projects that need to be done now. One future one, found some good links on OS dev (on x86 mind you...) whereby we can make a super minimal start *there* for all the x86-64 computers that aren't going anywhere for a long time. Then the concept of "cross-compiling" which has obvious security applications [...] get to a custom Coreboot [...] removing wifi/BT [...] then insert shielding [...] probably either a Minix, FreeBSD, or OpenBSD OS; but critically...I need USB I/O so that needs to be isolated (that's a problem that really stops me cold), as in no external file can touch the core, at all, never.

Suppose you get your rig built, what would you do with it?

I'm blaming you if I get banned.

And I'll blame @Clive Robinson if I get banned for getting you banned :)

Clive RobinsonFebruary 15, 2015 5:23 PM

@ Figureitout, Wael,

And I'll blame @Clive Robinson if I get banned for getting you banned :)

Hmm a thought and a question for you both...

There are a couple of saws out there that are relevant, the first is "The only difference between men and boys is the size of their toys". And the second is "Taking responsability for your actions is the adult thing to do". So if you are going to play with the "big boys toys" do you think you should do it in an adult way? ;-)

Clive RobinsonFebruary 15, 2015 6:26 PM

@ tyr,

He might sound like a "whack job" but surprisingly he is historicaly correct.

The problem artisans had was a lack of what we would now call science and standards, and thus when they found something that worked well it was more by accident than design, followed by a long period of incremental improvments using feed stock of variable quality.

The artisans did not communicate the knowledge they had gained from the trial and error process for a number of reasons. The main one being the Holy Roman Church, which discouraged the passing of information. The second was because the reaction of the artisans to the church and nobles was to set up guilds for collective protection. And it was in the self interest of the members to maintain guild secrets, because this gave them additional power against the church and nobles. This is a lesson the FOSS community has had to relearn via the likes of Red Hat et al, who can take on the likes of patent trolls and monopolistic or cartel organised companies.

It is difficult to determin which realy came first the science or the standards, basic standards came about for selling commodities by weight (pound) or volume (fluid ounce) [1]. Which then became the first measures to be used by natural philosophers. Which in turn gave rise to new or improved measures, which allowed for the quality of raw materials that formed the feed stock to be quantified, and so on.

However standards in mechanical items we know came about through the faild efforts of Chares Babbage. Because of all the identical parts he needed the man Babbage contracted to be his machine maker realised that there needed to be standard threads on screws, hence he came up with the "Whitworth thread" standard.

It was this standard more than any other thing that made the work of the artisan be replaced by manufactured goods in factories and gave birth to engineering by design.

There are one or two catches to this "digitized tangible economy" due in part to feed stock issues. But these pale in comparison to the basic greed not of engineers and scientists, but those who wish to apply control to a market for their own advantage. Thus these people have in effect replaced the malign interest of the Holy Roman Empire, with their own maligne corporate self interest.

[1] As far as I can tell the first standard measure came not from artisans but cooks recipies where the standard measure was the "egg" which eventually became two fluid ounces for a large hens egg. Hence the otherwise very strange unit of the "fluid ounce" that with a simple balance could be used to measure both dry and wet goods in a way that produced reliable results from the recipies.

DanielFebruary 15, 2015 6:41 PM

@Clive et al.

The reason I am not worried about future historians is because I think that all talk about the future of history is arrogant puffery. There is no way to know what tools and resources future historians will have at their disposal--but there is no good reason to assume it will be limited to the present day bag of tricks. 200 hundred years ago the discipline of anthropology didn't even exist. Who knows what scientific tools historians 200 years from now will have at their disposal to ferret out what we think today are secrets? Who knows what disciplines will spring up in the wake? Future historians don't need us to worry about their jobs.

Mike AmlingFebruary 15, 2015 7:39 PM

The New York Times magazine for Sunday, 2015-02-15, has an article about the assassination Rafik Hariri, with a long section on the metadata of several implicated groups of cell phones.

WaelFebruary 15, 2015 8:05 PM

@Clive Robinson,

So if you are going to play with the "big boys toys" do you think you should do it in an adult way?

Absolutely correct! You got me there! Good lesson :(

FigureitoutFebruary 15, 2015 8:12 PM

--Use it for malware testing (what snuck thru to the next phase and what got in after) and building the next "secure" system I can. Another idea is a large amount of RAM like I do now but running live but w/ more RAM (core is still vulnerable and I've seen enough to know something f*cky is happening even running live and no HDD). RAM bootkits that move when wiping begins or carve out a chunk of memory and survive beyond a powercycle is beyond me right now. Boot w/ CD and have a startup script I always run which configures my settings how I want (it'd be better to do this in "the ROM" but "things change").

Clive Robinson
--Hmm, don't get the question, maybe some self inner-soul-seeking is good for you too? Do you always behave like an adult too? Or do you abuse tools like every other hypocritical human being?

FigureitoutFebruary 15, 2015 8:50 PM

--I wouldn't be unshielded and "w/ my peeps". I like the click of an ethernet cord (w/ plastic around the flimsy "clicker") and when I remove it...gone. Traffic logged easier rather than wifi where it's flaky or subject to RF attacks that need a 24/7 active defense. It's a non-decision for me, I only use wifi when I have to or for devices that are goners anyway. RF attacks outside of wifi/BT/GSM/LTE concern me a lot more...

For routers that can be as simple as detaching antennas w/ a soldering iron and then shielding the case as there'll still be a little antenna on board probably able to receive signals (have a wifi card w/ no external antenna attached that still receives low wifi from ~10ft away). Shielded connectors for ethernet cables is more tricky...I don't have any. This would likely require active RF attacks in your vicinity so they should be detected w/ other means before they're a problem, or you discover after the fact (and then freak out).

65535February 15, 2015 8:56 PM

“The order sets the stage for new private-sector led "information sharing and analysis organizations" (ISAOs) - hubs where companies share cyber threat data with each other and with the Department of Homeland Security… one step in a long effort to make companies as well as privacy and consumer advocates more comfortable with proposed legislation that would offer participating companies liability protection, the White House said.” –Reuters

I would like a legal opinion on the legality of “Big Data” Companies abridging the Fourth Amendment [and possibly the First Amendment] of the Constitution under a “Presidential Order” style of law. Is this legal?

For example, could a Big Data Company spear, or cause certain Americans to be put on “list” at the “ISAO/DHS” or worse without any legal redress – like Bruce and his new book which is critical of certain large Big Data companies.

For example, a Big Data Company purposely smeared or blacklisted and caused and key individuals damage in Company that competes against said Big Data Company - could this vindictive Big Data Company get off without any legal repercussions?

gordoFebruary 16, 2015 1:08 AM

I happened to see Miley Cyrus perform Paul Simon’s
“50 Ways To Leave Your Lover” on the Saturday Night
Live 40th Anniversary Special last night. While watching
the performance I started playing with the title line’s lyrics
replacing the word “leave” with “control” and “lover” with “data”
which changes the song's name to "50 Ways to Control Your Data"
It kinda works! YMMV!

Lyrics, with replacements made to the first verse...

      “The problem is all inside your head”
      She said to me
      “The answer is easy if you
      Take it logically
      I’d like to help you in your struggle
      To be free
      There must be fifty ways
      To control your data”

She said, “It’s really not my habit to intrude ...

Song and lyrics:
[make replacements as you karaoke along...!]
Uploaded on Jun 2, 2010
Paul Simon - 50 Ways to Leave Your Lover [3:07]

Official Paul Simon website:

Off topic:
Yes...the classic three-minute pop song format!

Bruce SchneierFebruary 16, 2015 6:50 AM

"The number of people who hold security clearances for access to classified information has been reduced by ten percent, the White House said in budget request documents released this week."

Is this good or bad? If the number of classified documents was reduced 10%, that would definitely be good. But if the number of people who has access to the larger number of documents is reduced, that feels like a bad thing to me.

Bruce SchneierFebruary 16, 2015 6:55 AM

"When Jeb Bush released e-mails from his tenure as governor, his staff inadvertently also released personal details of his constituents contained in those e-mails such as names, addresses, e-mails, and Social Security numbers."

Does this make sense to anybody? The e-mails are redacted, which means that someone went through them. How it is even conceivably possible that they would leave in names, addresses, and SSNs?

Clive RobinsonFebruary 16, 2015 8:24 AM

@ Bruce,

Does this make sense to anybody? The e-mails are redacted, which means that someone went through them. How it is even conceivably possible that they would leave in names addresses, and SSNs?

Although I've not looked I've been told that the redaction process / depth appears different for some documents than it does others.

Thus it is possible the redaction process was carried out by several people, and as such some may have "missed" the "full process" via accident or design.

I'll let others make their minds up which.

But if I was one of the "unfortunates" I realy would want an investigation and explination, especially if I felt I had been singled out for some reason.

gordoFebruary 16, 2015 11:20 AM

@ Bruce

Is this good or bad? If the number of classified documents was reduced 10%, that would definitely be good. But if the number of people who has [sic] access to the larger number of documents is reduced, that feels like a bad thing to me.

Fewer people with access to larger universes of secret documents would be bad, just in terms of people being able to do their jobs. I don’t know if it’s already been tried, or whether it’s fallen by the talk-is-cheap wayside, more than a few times, but would using access-to-secrets reduction as a driver for reducing over-classification be a reasonable approach? Fewer eyes on fewer docs potentially improves congressional and other oversight capabilities/responsibilities?

albertFebruary 16, 2015 12:36 PM

@Nick P,
The video Onion is much funnier than the print version, if that's even possible. Unless there's a ton of folks out there messin' with me, some of those comments are _truly_ scary. I'm worried that there are some idiots who take those videos seriously. That's an advantage of free speech here; all the wackos and nutters can speak their minds without fear of censorship. The downside is opening your front door and finding two FBI agents standing there, with their right hands inside their jackets...

@History Buffs,
Don't worry too much about preserving digital history, as most of it is total BS. The real, classified history of what's actually going on now will likely never be released. There are too many secrets to be kept. Regarding 'learning from history', can someone point out examples of how 'we' 'learned' from history? What did we 'learn' from Vietnam, the Civil rights movement, The Korean "police action", the last TWO World Wars,....?
'Learning from history' is a theoretical concept used to promote efforts to preserve it. There's really no point in worrying; history will fall on deaf ears, or blind eyes, anyway. True history make you feel like you're living in a mental institution; Lie history makes you feel good about your country.

The signal-to-noise ratio of the Digital Age is very low, and appears to be decreasing by the year. With a little more censorship, it'll go negative.

@Microsoft fait Acompli,
ROFL (I need softer carpeting under my chair). Is it now corporate policy for MS to parallel US foreign policy in terms of total insanity? I thought Ballmer would sink MS, but it looks like they found his 'ideal' replacement. It appears that Nadella spent less that 2 years at Sun, and the rest of his career at MS. It's been a long road down, but it's an inevitable decline. Yay!

frankFebruary 16, 2015 12:49 PM

"I need softer carpeting under my chair"

roger that, albert.

the pizza is in the oven,
the pizza is in the oven.

SkepticalFebruary 16, 2015 1:24 PM

@65535: It’s a Dog-and-Pony show in the “media” and nothing more. The collusion between the big Data Aggregators and Government continues – much to the destruction of Fourth and First Amendment rights of American citizens.

Two different issues really in what you quoted.

(A) To what extent, if any, should private companies facilitate lawful access by the government to information stored or communicated by their products?

(B) To what extent, if any, should private companies and government agencies cooperate in sharing information about threats, vulnerabilities, etc.?

It's possible to believe that such sharing should occur to a great extent in (B), and to a zero extent in (A).

Ultimately disagreements on (A) seem to revolve around two further issues: (i) what is the best way to prevent government abuse of power while simultaneously enabling government to be effective in the proper use of its power, and (ii) what are the consequences of different levels of cooperation.

My personal view is that cooperation in both cases should be significant.

Nick PFebruary 16, 2015 1:26 PM

@ albert

Funny you mention Microsoft dominance. I just found this old list of the companies they acquired, invested in, and/or destroyed on their path to dominance. I knew they gobbled up a bunch of companies but DAMN that's a lot of companies. And that ends at 1999.

I bet IBM's list would fill volumes.

albertFebruary 16, 2015 2:09 PM

@Nick P
(Ballmer took over in 2000; just sayin')

And that list doesn't include all the companies MS destroyed by infringing their patents and daring them to sue. MS has has been forced into a position of buying new technology. I'm not sure there's only one reason; it could be a combination of:

1. New tech is too complicated; MS could never innovate anything that wasn't already obvious.
2. All the good new ideas are quickly patented and VC'd, which makes lawsuits expensive (at their legal expenses peak year, they spent ~1.2 Billion USD)
3. They've yet to face a serious challenge to their captive corporate dominance.
4. They've never been able gain traction on their new ventures, leaving them to die on the vine, or stumble along. I attribute this to Karma.

It's a shame. MS used to have excellent support for corporate developers; not cheap, but good. (I spent most of my 20-year career in MS environments) If Visual Basic had come out before sliced bread....

Corporate guys just want something that works, and cost be damned. Nowadays, they want security as well.

albertFebruary 16, 2015 2:43 PM


"...How it is even conceivably possible that they would leave in names, addresses, and SSNs?..."
More to the point, how would SSNs be included in "constituents emails"? Did Bush _require_ an SSN from each person? Names and addresses I can understand, but why SSNs? And who would be stupid enough to supply them. said they were Jeb Bush constituents.....were they perhaps, supporters?


albertFebruary 16, 2015 3:16 PM

"...a Microsoft-friendly Android fork..."

Guess I need to update my oxymoron list...

Name suggestion: CyanideGen ?


Nick PFebruary 16, 2015 4:32 PM

@ sidd

You have to hand it to them: they have mad skillz at being elusive. This is despite their operation being all over the Internet.

SkepticalFebruary 16, 2015 5:43 PM

Regarding Kaspersky's recently disclosed research and the Reuters article on the subject:

From Reuters:

Though the leaders of the still-active espionage campaign could have taken control of thousands of PCs, giving them the ability to steal files or eavesdrop on anything they wanted, the spies were selective and only established full remote control over machines belonging to the most desirable foreign targets, according to Raiu. He said Kaspersky found only a few especially high-value computers with the hard-drive infections.

From Ars Technica:

Equation Group exploits are notable for the surgical precision exercised to ensure that only an intended target was infected.

So this is not a case of bulk surveillance. It's not a case of every product purchased or used being infected.

Instead it's a case of what appear to be some very expensive and well crafted tools used in conjunction with a larger program and infrastructure to glean intelligence on special selected targets.

Nick PFebruary 16, 2015 5:43 PM

I checked on the Cornell research group behind Jif to see what they've been up to. There's been some good work over there. Clive might find the hardware work interesting because it covers timing issues he often talks about.

Defining and Enforcing Referential Security

Abstract: "Referential integrity, which guarantees that named resources can be accessed when referenced, is an important property for reliability and security. In distributed systems, however, the attempt to provide referential integrity can itself lead to security vulnerabilities that are not currently well understood. This paper identifies three kinds of referential security vulnerabilities related to the referential integrity of distributed, persistent information. Security conditions corresponding to the absence of these vulnerabilities are formalized. A language model is used to capture the key aspects of programming distributed systems with named, persistent resources in the presence of an adversary. The referential security of distributed systems is proved to be enforced by a new type system."

A Language-Based Approach to Secure Quorum Replication

Abstract: " Quorum replication is an important technique for building distributed systems because it can simultaneously improve both the integrity and availability of computation and storage. Information flow control is a well-known method for enforcing the confidentiality and integrity of information. This paper demonstrates that these two techniques can be integrated to simultaneously enforce all three major security properties: confidentiality, integrity and availability. It presents a security-typed language with explicit language constructs for supporting secure quorum replication. The dependency analysis performed by the type system of the language provides a way to formally verify the end-to-end security assurance of complex replication schemes. We also contribute a new multilevel timestamp mechanism for synchronizing code and data replicas while controlling the side channels such mechanisms introduce."

A Hardware Design Language for Timing-Sensitive Information-Flow Security

Abstract: "Information security can be compromised by leakage via low-level hardware features. For example, hardware features can create timing channels such as cache probing attacks, which constitute a real security risk. We introduce a hardware design language, SecVerilog, which makes it possible to statically analyze information flow at the hardware level and thus to build systems in which timing channels and other information channels are verifiably controlled. SecVerilog is Verilog, extended with expressive type annotations that enable precise reasoning about information flow. SecVerilog also comes with rigorous formal assurance: we prove that it enforces timing-sensitive noninterference, ensuring secure information flow. By building a secure MIPS processor and its caches, we demonstrate that SecVerilog makes it possible to build complex hardware designs with verified security, yet with low overhead in time, space, and programmer effort."

Repost of two older ones in case people missed them:

Fabric: A Platform for Secure Distributed Computation and Storage

Abstract: "Fabric is a new system and language for building secure distributed information systems. It is a decentralized system that allows heterogeneous network nodes to securely share both information and computation resources despite mutual distrust. Its high-level programming language makes distribution and persistence largely transparent to programmers. Fabric supports data-shipping and function-shipping styles of computation: both computation and information can move between nodes, to meet security requirements or to improve performance. Fabric provides a rich, Java-like object model, but data resources are labeled with confidentiality and integrity policies that are enforced through a combination of compile-time and run-time mechanisms. Optimistic, nested transactions ensure consistency across all objects and nodes. A peer-to-peer dissemination layer helps to increase availability and to balance load. Results from applications built using Fabric suggest that Fabric has a clean, concise programming model, offers good performance, and enforces security."

Sharing Mobile Code Securely With Information Flow Control

" Mobile code is now a nearly inescapable component of modern computing, thanks to client-side code that runs within web browsers. The usual tension between security and functionality is particularly acute in this setting, and current mobile code platforms disappoint on both dimensions.

We introduce a new architecture for secure mobile code, with which developers can securely use, publish, and share mobile code across trust domains. This architecture enables new kinds of distributed applications, and makes it easier to securely reuse and evolve code from untrusted providers. The architecture gives mobile code considerable expressive power: it can securely access distributed, persistent, shared information from multiple trust domains, unlike web applications bound by the same-origin policy. The core of our approach is analyzing how flows of information within mobile code affect confidentiality and integrity. Because mobile code is untrusted, this analysis requires novel constraints on information flow and authority.

We show that these constraints offer principled enforcement of strong security while avoiding the limitations of current mobile-code security mechanisms. We evaluate our approach by demonstrating a variety of mobile code applications, showing that new functionality can be offered along with strong security."

Dirk PraetFebruary 16, 2015 6:28 PM

@ Nick P, @ sidd

You have to hand it to them: they have mad skillz at being elusive. This is despite their operation being all over the Internet.

Mad skils indeed, but not at being elusive. Over the years, they seem to have been making quite some mistakes too - like letting C&C domains expire - , but for something as big as this to stay hidden for 14 years or more, that requires industry complicity. Full stop. I mean, none of these hard drive vendors have *ever* noticed anything ? Outfits like Symantec that have *never* seen any of this stuff ? I'm not buying it. Probably not even a coincidence that of all people a Russian company is bringing this out in the open.

Clive RobinsonFebruary 16, 2015 6:58 PM

@ Nick P, Sidd,

You have to hand it to them: they have mad skillz at being elusive. This is despite their operation being all over the Internet.

They've been found and now the information has been widely broadcast I expect the trail to hot up a bit...

However the one thing it does show without doubt is "Opsec is impossibly hard over time", or to put it another way "to err is human" and errors like lose threads tend to run with time...

The other thing we can tell is that either the group is large --over a hundred-- or their "ego food" threshold is way way off the norm.

We know from various information sources that well over 90% of serious crime that is solved is down to "OpSec failure" or "ego food". That is something unplaned happens and "somebody sees and says" or a participents need to have their ego stroked becomes to great and "somebody flaps their gums" to look big and this gets reported back. The former is "chance" related thus the probability increases with time, likewise the ego issue gets worse with time.

There is also another issue which the police etc talk about which is "MO", and this is what gets other operations unearthed.

For instance the 300 odd control heads, there is only so many ways you can register machines, the chances are there is sufficient commonality to show the "ways and means" used, thus provide a trail to follow. But this commonality will almost certainly give up other "targets of interest" that can be monitored.

Likewise the type or form of the traffic flowing to these control heads.

The odd thing is that all these ways of covert servers controling such zombie clients that are given are "known ways" that have been known in the public domain for getting on for a similar period of time. We know there are other more covert ways to do this sort of thing...

Which raises a question of why have they not been seen. I can think of several reasons ranging from the fact that the TAO are actually not that smart and are copying others, through they are copying others to hide in the noise, through to the fact that those hunting the TAO are very very few in number and only seeing them as a side effect of other more financialy important but "bread and butter" work. I suspect that it's probably a case of a bit of all three.

However personaly I don't think the TAO are as smart as some are making them out to be. Take the business of overwrighting the firm ware in hard drives. If you assume they have somehow "reverse engineered" a dozen or so drives then yes it makes them look special. But we also know that the TAO are good at using agents for interdiction and black bag jobs. It's therefore much more likely that they stole the code from those who wrote it, rather than reverse engineered it. They might also have had other "human access" such as having people in or close to the original coding teams.

Which gives rise to another issue, those that originally wrote the HD code almost certainly would not have done it on their own. They almost certainly would have had help from the chip manufactures second or third line support staff, or used example code from them. As has often been noted "people don't reinvent the wheel" they just modify the design. The chances are that whilst it may be twelve individual drive manufactures it may be only one or two original pieces of code that have been modified over time.

There is of course a dirty little secret underlying all PC's not just those that use Intel and IBM designs, they have a very limited range of IO choices. That is "standard buses" use "standard chips" and thus the BIOS side of things is so similar that you don't have to be at 20,000ft to see comonalitied, even a 50ft view of different systems is going to look very much the same. As has been indicated before the AC97 audio is about as standard as it gets --as the DC97 is built into the southbridge-- with IDE and USB comming in fractionaly behind.

With the NSA resources it would be quite easily possible for them to set up a front organisation to "contract out" the design of a faux motherboard to get those who wrote the code for other systems to in effect give them the working code...

Yes the TAO has shown some originality but what has been shown so far is something most bright engineers could come up with after a few minutes thoughts. For instance using a repeated hash of an unknown string for a cipher key is just a minor change to what is done in many password systems. Thus the question is, is this a limitation of the TAO or those examining their potential work.

What we do know is that the TAO is probably getting help from other areas of the NSA where the NSA traditionaly excels. That is they used a publicaly-unknown method of finding hash collisions. The finding of this method was a major OpSec fail for TAO and has probably caused internal friction within the NSA...

Which still leaves one area uncovered that of "ego food" and how it's being kept under control for so long...

Back to lying through his teethFebruary 16, 2015 7:12 PM

Here's how skeptical is lying to you today. He whimsically makes up the term bulk surveillance and defines it as every disk drive manufactured. There is no bulk surveillance. There is surveillance. And the US government has committed to prohibiting surveillance of correspondence. In bad faith - so Rogers can check out your preteen daughters' smokin selfies if he wants.

Only "special selected targets." Tens of thousands of them, spreading by uncontrollable contagion. That's how full of shit skeptical is willing to be, for his beloved Stasi.

Wired, "Kaspersky has found 500 victims in some 30 countries infected with EquationLaser, EquationDrug and GrayFish components. But having been active for more than a decade, it’s likely the spy tools have infected tens of thousands of systems. Each time a machine is infected, the malware places a timestamp in the victim’s registry along with a counter that increases with each victim. Based on counters found on victim machines, the victims appear to increase at a rate of about 2,000 a month."

Every single clandestine infection furthering not just surveillance but sabotage of legal nuclear programs at the risk of humanitarian catastrophe. NSA scumbags do not give a shit if civilians die. Indiscriminate, illegal warfare, undeclared under US law. That's the kind of swine they give our taxes to.

Dirk PraetFebruary 16, 2015 7:43 PM

@ hth

End of the m0n0wall project

Sad, but not entirely unexpected. Check out pfSense or OPNsense if you're looking for an alternative. I like both.

Nick PFebruary 16, 2015 7:55 PM

@ Dirk, Clive

I agree the manufacturers and AV companies were complicit. Probably helped. The elusive part is about the defense side. There's been a lot more than some Five Eyes AV companies investigating security breaches or monitoring systems. Yet, NSA's malware were the only one's that didn't seem to show up. The details in the Kaspersky report show how much care they put into that happening. Further, the report reminds us that overlooking the tiniest things is still a major risk for even the most cautious and resourceful attackers. I recall such things being the undoing of many clever, criminals.

gordoFebruary 16, 2015 8:00 PM

Re: Equation Group; a link to the report that was released today is below.

A couple of things that caught my eye, in the report (@ Skeptical, I see that you've already referenced the first one; agree with your conclusion, as well).

Equation Group: Questions and Answers
Version 1.5 | February 2015
GReAT [Global Research and Analysis Team] | Kaspersky Lab

The EQUATION group’s HDD firmware reprogramming module is extremely rare. During our research, we’ve only identified a few victims who were targeted by this module. This indicates that it is probably only kept for the most valuable victims or for some very unusual circumstances. (p. 18, last paragraph)

Looking at the "victims map" (p. 20), I noticed that the victim-type icon, "Islamic Scholar," shows up only in the US and UK [the full description of the icon is "Islamic activists and scholars" (p. 21)]. Information sharing?

Lastly, from page 21: "Combining statistics from KSN [Kaspersky Security Network] and our sinkhole, we counted more than 500 victims worldwide."

From what Kaspersky's reported, i.e., the victim numbers, it appears that the EQUATION campaign is/was a collection or series of narrowly focused, targeted operations.

JacobFebruary 16, 2015 9:27 PM

On hard drive firmware story. Meh from me. I am very unsurprised. Hiding in firmware harkens to writing and optimizing code when you had very little memory to work with. Some may remember in the old days of computers, 80s for me, tracking code as it went through registers and gates. Assembly back when programs were fairly small. Today it is a much different animal. But there are still fairly low numbers of registers, etc. Take from that what you will. Keep in mind that the navigation computer for Apollo had only 75k of memory and that was core rope memory no less. Modern intrusions can be very lean in memory requirements then add in an ability to download more for full functionality.

Interesting is that some reports state that this went dark in 2014. Now from pure curiosity I wonder where they went. I said quite a while back about microcode and the CPUs. Mapping CPUs would be fun. :/

I would look at the hiding in the silicon itself. Just a thought, I don't decap chips. :)

Old adage I have said for years. Follow the signal, follow the wire. Nothing can be hidden. Practicality and knowledge is the limiter. I really want to know what is at the real bleeding edge of tech. I can guess a little. Sorry if a little rambling.

Nick PFebruary 16, 2015 9:35 PM

@ Jacob

"Nothing can be hidden. Practicality and knowledge is the limiter."

The trick to your clever statement is that the latter ensures the former. Reverse engineering micron and nanometer chips to determine their function got prohibitively expensive for the majority a long time ago. Those that can afford to find the hidden are fewer with each process node. Even they can only test a very tiny subset of chips.

So, with silicon, it's often impractical to find the problems post-production. They must be somehow prevented or detected within the pre-production lifecycle.

Back to lying through his teethFebruary 16, 2015 9:37 PM

That's 500 victims counted by Kaspersky, out of tens of thousands, with 2,000 more a month spreading exponentially by uncontrolled contagion. If this were an illegal biological weapon, it would be much more virulent than anthrax. And anthrax didn't destroy legal nuclear facilities, poisoning civilians indiscriminately in an unpredictable path.

Time for ICJ to assess restitution including reparations, compensation, and satisfaction with interest from the inception of illegal warfare against critical shared infrastructure and property of noncombatants. US government officials responsible for this espionage or sabotage may be exempted from certain Geneva Convention protections.

JacobFebruary 16, 2015 10:21 PM

Lol nick. I was certainly not trying to be clever. Just initial thoughts. To quote Mr Universe, "there is only the truth of the signal." And with that and previous posts I show just how geeky I may be. Although in my defense I didn't marry a fembot. :)

I would mildly disagree. Mapping or decapping a cpu is certainly beyond most. But on the level of smart card chips or similiar? It has been done by amateurs. There are many chips that could be "redone" by replace with altered programming and even use larger capacity to accommodate requirements. That is where I would look. And I would bet very heavily that state players are actively decaping, programming, and otherwise seeking Advantage.

I believe Honeypots have different flavors. I would be laying out some traps to analyze. Every signal, every bit. A great deal of effort. Some countries get our stuff, engineer, then build up their own industries. Why would anyone believe computer espionage is any different. And I think why they are careful to keep away from innocents and immediately bail and analyse if they find evidence of pushback. They find some types of software and immediately pull back from infiltration. Why? If you are a security analyst, I would recommend less security, proper geotags, etc. Honeypots would need to start from a known state if you have any hope of beating the encryption used by these infiltrations. Thoughts?

ThothFebruary 16, 2015 10:37 PM

@Back to lying through his teeth
It would be nice if World Leaders and politicians can be held accountable for their actions in the Geneva Convention and UN but who are the big boys doing their pay checks ? This is Global Corruption beyond the scale of UN, Geneva Convention, ICJ or what not. The powerful becomes more powerful and the powerless becomes more pathetic. In part, we allow this to spiral out of hand by our ignorance voting these people into power and in part these people are too powerful to be simply removed.

It is in fact a global cancerous tumour that is going to be hard to remove.

As Nick P has noted, high assurance security researches are always targeted and even silently put out so that our computer systems would always be in a state of low/none assurance which gives them the ease of entry and exit.

The only thing left on the table is to pick up your own breadboard, make your own circuit boards, solder your own transistors and stuff and be as much self sufficient which is very very very hard to do so in countries that monitor such activities and labeling it as building illegal "electronic firearms".

siddFebruary 16, 2015 11:13 PM

From Reuters: WD denies :

"Western Digital spokesman Steve Shattuck said the company "has not provided its source code to government agencies." The other hard drive makers would not say if they had shared their source code with the NSA.

Seagate spokesman Clive Over said it has "secure measures to prevent tampering or reverse engineering of its firmware and other technologies." Micron spokesman Daniel Francisco said the company took the security of its products seriously and "we are not aware of any instances of foreign code."

According to former intelligence operatives, the NSA has multiple ways of obtaining source code from tech companies, including asking directly and posing as a software developer. If a company wants to sell products to the Pentagon or another sensitive U.S. agency, the government can request a security audit to make sure the source code is safe."

Boldly GoFebruary 16, 2015 11:27 PM

@Thoth "The only thing left on the table is to pick up your own breadboard, make your own circuit boards, solder your own transistors and stuff..."

Kirk: I take it the odds are against us and the situation is grim?

Picard: You could say that.

Kirk: Sounds like fun!

FigureitoutFebruary 16, 2015 11:29 PM

RE: equation group
--So nice to finally have a company like Kaspersky getting to dig thru and make sense of some of this malware...I'm seeing (and been seeing, for a long time...) these *exact* symptoms and it makes me really nervous. Virtual filesystem in USB sticks (I found the best evidence plugging in to OpenBSD which read both filesystems, FYI) and encrypted partitions on HDD's that don't get wiped, for instance the standard Windows OS reinstall disk was complete crap and the I just rebooted to an infected OS *immediately*. There was so much malware on this laptop, it'd be a treasure trove for a malware researcher. Of course there's other malware and known exploits and techniques that are really devastating, but if this is coming straight from factory what chance do we have, honestly? Such bullsh*t.

Now, there's still more. I'm running w/ no HDD (can use via USB but not regular SATA) and still there has been changes between boots (it's internet PC so...). It means all the chips on the board, meaning what Clive's getting at, BIOS level or audio chips (my laptop had it's speakers turned off except for headphones, and sometimes it works for like a second then turns off). And now the boot screens would even get messed up, but have returned more normal on my laptop suggesting they're trying to wipe it away as I'm running more and more tests on it to get a true picture of the memory.

From Wired article ( ):

It was using “some nasty techniques to hook into Windows,” says Vitaly Kamluk, principal security researcher for Kaspersky. The techniques, in fact, had been described years before in a 2005 book titled Subverting the Windows Kernel. “[The attackers] were following the instructions that were uncovered in the book,” Kamluk says.

Kind of lame lol, the book's free here: Pretty interesting, of course it's years old and rootkits have gotten so nasty (even just w/ frickin' integer overflows in UEFI code, man f*ck this needs to be high quality code!) now we could all have at least one. It's device drivers, these are major points of risk now (they've always been I think). And understanding each driver for each hardware piece is *time consuming* to say the least (you gotta understand the chip too!) and hard to understand each to an extent you can see something's off...

sidd RE: WD denies...
--You really can't know w/ insider attacks and if you don't have some severe lock-down procedures for dev environment (I'd personally welcome it so long as they're away it takes much longer to get things done in such an environment). It's on them though, if they don't take a more aggressive stance against this attack on their products, we're going to blame them and the engineers working there. It's on you guys. Can't even trust a HDD anyway today as it's too persistent anyway, it's like a prime target for a rootkit.

SkepticalFebruary 16, 2015 11:46 PM

@Lying: Here's how skeptical is lying to you today. He whimsically makes up the term bulk surveillance

Yes, I just made up that term. Your knowledge here is clearly as profound as your knowledge of the markets.

Only "special selected targets." Tens of thousands of them, spreading by uncontrollable contagion. That's how full of shit skeptical is willing to be, for his beloved Stasi.

Actually it's made quite clear that whoever is behind this operation is extremely careful about controlling the spread. Which is what you would expect given the amount of time that must have been invested here.

"Kaspersky has found 500 victims in some 30 countries infected with EquationLaser, EquationDrug and GrayFish components. But having been active for more than a decade, it’s likely the spy tools have infected tens of thousands of systems. Each time a machine is infected, the malware places a timestamp in the victim’s registry along with a counter that increases with each victim. Based on counters found on victim machines, the victims appear to increase at a rate of about 2,000 a month."

You don't understand what targeted means. If you're targeting an Iranian nuclear program, there may be thousands of relevant systems, ranging from those used in government agencies involved to those used by research scientists involved to those used by foreign contractors involved to those used to actually control the equipment to those used to just maintain other networks within the same facilities. Targeted doesn't mean "one person."

The "tens of thousands" number you quote is entirely speculation - in fact it seems to be almost baseless extrapolation.

Stuxnet revealed several things to us. It revealed that the US and allies are willing to invest enormous resources to crack the hardest targets; it revealed that they're extremely concerned about controlling the weapons they release; and it revealed that ordinarily they are risk-averse to using the most valuable tools precisely because of the chance of compromise. And indeed, this risk-aversion is further confirmed by documents from Snowden's leaks.

It's not difficult to apply those lessons to this report. Of course if your practically incoherent anti-American bigotry prevents you from doing so, there's not much reality can do to change your mind.

Every single clandestine infection furthering not just surveillance but sabotage of legal nuclear programs at the risk of humanitarian catastrophe. NSA scumbags do not give a shit if civilians die. Indiscriminate, illegal warfare, undeclared under US law. That's the kind of swine they give our taxes to.

Swine who do things like target ISIL, keep a watchful eye on brutal criminal regimes like North Korea, and anti-democratic countries. Swine that nations across Europe have thanked for helping thwart attacks. Swine that actually help prevent wars by giving policymakers good intelligence when the belligerence of another nation is just a bluff, and when a peaceful overture will be more successful than a hard threat.

Listen, if you want to contribute to a real discussion about this, then great. But for the most part you pollute threads with barely intelligible anti-American drivel that sounds like a mixture of Bobby Fischer in his later years and Pravda circa 1950.

Bottom line: so long as this is a carefully deployed program, and used against legitimate targets (and let's be clear and let's live in the real world for a moment: there are legitimate targets), there is no problem with it, other than it apparently was caught.

The alternative to gathering intelligence like this is making policy decisions based on less knowledge and with greater uncertainty. I assure you that this is not a state of affairs that would result in less violence. It would almost certainly result in far more.

GrauhutFebruary 17, 2015 1:52 AM

@sidd: Thats why i love booting from simple SPI SD Devices! :)

"Say I remember when we used to sit
In a military yard in Fort Meade
Observing the hypocrites
As they would mingle with the good people we meet

Good friends we have
Oh, good friends we lost along the way
In this great future
You can't forget your past
So dry your tears, I say

No firmware, no cry
No firmware, no cry"

(Bob Badbios)

Wesley ParishFebruary 17, 2015 3:06 AM


LOL! I bought that book Subverting the Windows Kernel about 2006: at the time I was doing voluntary work as a techie for a non-profit and it struck me that our systems, meagre though they were, were a prime target for infiltration. One of the other techies was shocked that I'd bought the book and asked acidly if I expected to _do_ anything with it, ie maliciously. After that, I couldn't do anything constructive with it and it's sat idle in my private library for the past decade or so.

I should dig it out and find some sort of info on the Windows 7-plus set and see if any of that is still relevant, and to what extent. Might be the best use for a superannuated Win7 box I've got.

Gerard van VoorenFebruary 17, 2015 3:23 AM

About the 'equation group' malware:

From what I read the malware is targeting Windows. Nowadays with the iOS and Android phones / tablets they are probably developing malware for these platforms as well.

AFAIK Linux overrides BIOS as soon as it starts up. I have two questions about that:

1) Does this eliminate NSA (or others) implemented BIOS firmware?
2) Talks the Linux kernel with the HD controller firmware or does it also override these instructions?

Z.LozinskiFebruary 17, 2015 4:17 AM

> Which still leaves one area uncovered that of "ego food" and how it's being kept under control for so long...

Not so surprising, I think. A sense of duty and very high levels of motiviation.

Consider that between the end of WW2, and Gp. Capt. F.W. Winterbotham's 1975 book, no-one had any idea that the Polish had broken Enigma, and the British and Americans had then industrialised machine cryptanalysis. At least 10,000 people knew about Enigma, and Bletchley Park, and none of them talked publicly. When historians talked to people involved at Bletchley Park, they said of course we kept mum, it was important.

If you watch the "World at War" episode on the Battle of the Atlantic (broadcast in 1973-74), there is a interview with a senior Royal Navy officer on detecting U-Boats. From what we now know, he was not being entirely accurate. But I'm sure he believed he was doing his duty in continuing with a 30-year old cover story. Of course the historian in me laments the fact that we don't have the post-1975 interviews.

That sense of duty is far more powerful than any classification system. And of course it can be used both for good and ill.

JacobFebruary 17, 2015 9:07 AM

@boldly. Lol very good reference. I actually heard Shatners delivery of that scene.
@gerard. I am very curious about the technical aspects of this group. By definition state players have more resources than individuals and most groups. However, repeatability can level the playing field considerably. I suspect to find bad guys, the surveillance will be used for psychological analysis. This would move away from cat and mouse to analysis. Interaction and analysis.

I have said for years that if you are willing to commit crimes like IS or Al Qeada, it will show up in other ways. Humans are capable of compartmentalization but I do think there are limits to it. Think of dictators and their private practices.

@gerard you touched something I am curious about other than the technical aspects of infiltration. How could an organization or individual prevent these types of attack? Boxes between network or devices from outside? IPAs and such can be used now. Encryption would complicate analysis if they they can sneak info out. Criminals will use these infiltration methods. I am thinking of what happened when cryptography door was cracked open. Hmm, wondering. Makes me want to trust the cloud. Joking, not a chance. Although a custom OS and network might give them fits, but then again the obscurity angle. :( security and defense while some digital displays are still blinking 12:00 in way too many rooms of the general public.

ASVAB waivers try harderFebruary 17, 2015 9:28 AM

Burnin' the midnight oil 11:46! They dumber they are, the later they work.

Bulk surveillance. Cubicle jargon from bullshit municipal law rigged by beltway hacks and their groveling judges in contempt of the supreme law of the land.

"It's made quite clear." Note the passive voice, deskbound liar's trick 1A. It's made quite clear by skeptical's cherry-picked quotes in secondary sources including the abject stenographers of Reuters.

Skeptical explains that you can carefully target anybody you want, all over the place, in droves. See, this is how they brainwash beltway drones. Because they carefully nuked Nagasaki, and then Baghdad Airport. What do you mean, that's illegal? It's targeted!

Next skeptical poo-poos Kaspersky's estimate of >10K NSA victims, proving that the precisely-quantified rate of contagion exceeds 20% per month. Illegal US government anthrax bioweapons are more targeted than that. But then they do not hire you for your brains.

Anti-American bigotry. Like all Animal Farm government swine, skep calls the government America. Because he's trained to genuflect when he hears the word. He thinks everybody's brainwashed the same way.

Next, a trademark soaring peroration. Not a dry eye in the house. We get all kinds of evocative Soo-EEE buzzwords that make the swine come running. Target, again. Anti-democratic, from the guys who blew up Lebanon when the election came out wrong. Brutal, from the guys who pick the weddings and funerals and civilian settlements for wilful killing and torture and dog-rape. Then some made-up hypothetical shit proving that NSA stops aggression and coercive intervention, except of course in Afghanistan, Pakistan, Iraq, Syria, Libya, Somalia, Iraq again, Afghanistan some more, etc., etc., etc. Then some nyaa-nyaa-nyaa. Of course it's unintelligible to you, you're brainwashed and not too smart to begin with.

Then Doug Neidermeyer assures you. He assures you it would be even worse for you if we RIFed these parasites, if they all had to become TV repairmen like in the Seventies when you lost that war. He learned that in ROTC hup-2-3-4 class.

BoppingAroundFebruary 17, 2015 10:11 AM

> Think of dictators and their private practices.
Can you provide some examples?

Clive RobinsonFebruary 17, 2015 10:22 AM

@ Jacob,

How could an organization or individual prevent these types of attack?

Well the only way I can think of to stop the HD rewrite attack is a properly designed "Inline Media Encryptor" or an equivalent inline forensics device.

The overwriting is only happening because the TAO can make arbitary writes to the on drive controler that has the equivalent of three or more ARM cores and common flash memory. Thus they can use the manufactures "test and update" functions to do the overwrite, or use the equivalent subroutines via some kind of malware attack on the controler software (thus bypassing code signing and other protection mechanisms the manufacture has put in place).

Thus a propperly designed inline device would only accept a limited subset of available input commands and data commensurate with both good operation and the minimal functions required for storing and retreving data from allowable areas and properly setup partitions etc.

The problem with this however is that it will work for a while before the TAO et al "but up against it" then they will expend resources to break it.

Which might mean if you are states side the developers or directors get an NSL, black bag visit or worse... after all you would not want to be arrested and held in "Special Administrative Measures" in one of those special and secluded prison blocks where even your legal team are not alowed to know where you are let alone visit and legal privilege is revoked.

If you are not state side and a black bag job proved ineffective, and you had your own special measures in place to protect the design, you might not want your nearest and dearest attending an inquest that finds you threw yourself out of a window after having had a mental break down involving self harm and running away from your normal life a week or month before your "defenistrating swan dive"... If you think that might be a bit far fetched have a look at the very odd inquest of Dr David kelly in the UK, and why a UK Member of Parliament has been looking into it and mysteriously having his reputation rubbished. Oh and then there are also the unexplained disappearances and suicides of engineers and programers working for various Far East manufacturing facilities that are involved with the making of PC and mobile phones and their parts... all most odd.

Oh and it's not a new phenomenon back in Maggie Thatchers era Marconi Space and Defence had a team working on a very secret project that started turning up dead having driven off of cliffs or sitting in a car with the engine running and the exhaust fews piped into the vehicle etc. At the time I knew a couple of people who worked there, one of whom worked in a related team on the same project and he was getting very scared about it and he was not the only one...

Clive RobinsonFebruary 17, 2015 10:51 AM

@ Jacob,

I forgot to add the list of 25 Marconi and related deaths,

Wikipedia has a page, but they call it a "conspiracy theory", however even on coroner complained of a "james bond" style connection... and MI5 amongst other government services did investigate but publicaly did not say what their findings were and they are apparently not responding to FOI requests... make of it what you will.

πFebruary 17, 2015 11:05 AM

Investor-State Dispute Settlement is generally a raw deal, but it has the potential to exterminate the NSA vermin once and for all. Corporations can sue the state for lost profits, which is hard under current law. So when NSA destroys disk-drive makers' business by tampering with their products, they can demand compensation from a tribunal that's not subject to appeal. Manufacturers can also demand compensation for the cost of repairing and preventing NSA sabotage. Juniper can sue the NSA for ruining them with FEEDTROUGH, Cisco too. Industrial process control suppliers can get their pound of flesh. NSA sabotage bleeds the US white and the Stasi get purged. So let's get those trade pacts done!

Clive RobinsonFebruary 17, 2015 11:47 AM

@ π,

The problem with the Investor-State Dispute Settlement in the TTP etc is generally it's a raw deal because the arbitration is via the World Bank or UK Courts where decisions are even more secret than the FISA Court decisions.

It's notable that the US Gov body responsible for the TTP and other international treaties does not consult either the US or other Governments elected officials. As part of the negotiations is the requirment that the proceadings are "secret". However.... not to US corporations who are directly driving the US Gov body...

Thus as many suspect and it has been confirmed with Australia, the likes of grossly inefficient US corporate organisations can use it to overturn the wishes of the votes and their elected officials sovereign legislation...

I can not see on past poor performance from the US judiciary over amongst other things IP US legal types supporting foreign companies against "US National Security / Interest". After all turkeys don't vote for Xmass and vultures are supposed to be a lot more vicious in defending their life styles than turkeys including pecking their victims to death to ensure they get the victims life blood in a faster fashion...

GrauhutFebruary 17, 2015 12:13 PM

@Gerard van Vooren: "Linux overrides BIOS"

This will not save your day. Such attacks are about injections or replacements in the the datastream loaded from a disk.

You think you load a manufacturers driver from your disk? Think again...

πFebruary 17, 2015 1:34 PM

@clive, exactly right. ISDS means corporations run the world. Any more of it would bring on the dark ages. We're stuck with it in NAFTA Ch. 11, so foreign investors might as well use it to raze NSA.

Nick PFebruary 17, 2015 1:43 PM

@ Jacob

" I was certainly not trying to be clever. Just initial thoughts. To quote Mr Universe, "there is only the truth of the signal." And with that and previous posts I show just how geeky I may be. "

Haha I hear you. Too bad he was killed by the operative. Actually, that operative was one of the best acting jobs I've ever seen depicting an intelligent, casual, true believer/warrior. Friends and I rewatch that movie every now and then. Has plenty of replay value.

"Although in my defense I didn't marry a fembot. :)"

I hear they're very loyal, give constantly, never ask, keep learning, and get regular "upgrades." One with military and espionage background was even employed by the ISIS spy agency. So, if you went that route, I wouldn't judge you. I'm still holding out for a virgin, porn star with experience in MMA and Metasploit. Probably be worth keeping.

" Mapping or decapping a cpu is certainly beyond most. But on the level of smart card chips or similiar? It has been done by amateurs."

You actually have a good point: I temporarily overlooked the successes in smart card hacking. Investments in hardware R&D and COTS tooling mean there's actually enough of them that a black market could've easily developed over the past few years. Especially students or labs making money on the side. That's on top of the firms like ChipWorks that do it openly.

Note: Excellent HOWTO from Black Hat 2011 I discovered doing research for this discussion.

"There are many chips that could be "redone" by replace with altered programming and even use larger capacity to accommodate requirements."

It can happen but is actually quite difficult as RobertT explained. They have to design it in a way where it's obvious what the circuits are doing. Then the clone must have the same measurements as what it replaces. On top of this, if it changes the masks, there can be issues such as parasitic behavior they have to deal with. So, it can happen, but I'm not sure how much a risk this is. RobertT said what we really need to watch for, other than malicious insiders & undocumented I.P. features, is the handoff of the design to the mask or chip fabricators. That's best manipulation point.

" believe Honeypots have different flavors. I would be laying out some traps to analyze. Every signal, every bit. A great deal of effort. "

Absolutely. At this point, if I was big players, I'd be doing decoy systems that outwardly mimick mainstream stuff while inwardly recording every unusual behavior. Think along the lines of the inline-reference monitors that instrument vanilla software, recording attack attempts or info flow violations. That sort of thing at CPU, peripheral, firmware, OS, and so on layers. All integrated with a custom, software-secure, physically-protected device that's watches all of it. Managed security services across the world could share what's found and react quickly using the global intelligence networks they already use for malware. Nothing short will keep up with modern nation state attacks.

@ Thoth

You can always buy old hardware. You have my list of options. At that point, the custom boards just secure the interface to software running on that hardware. This is a temporary solution as the old hardware will eventually dry up. Yet, like using PPC Macs to avoid malware, I think the lack of takeup of my solution means more determined defenders will have plenty of hardware to use for a *long* time. Even easier if you can physically protect (guard or hide) the systems for years at a time. If so, then just buy an entire lot of old RISC workstations from a business, store them in a way that reduces environmental effects on hardware, and now you're covered for years to a decade. Plenty of time to work out your next strategy.

You can also do repair work for various individuals or businesses on the cheap with the condition you get their hardware. Just tell them you don't like all this modern stuff: simple, command line stuff instead. They'll laugh, let you have the "worthless" machine, and take the new machine you built them cheaply. They'll be hacked repeatedly, while you will have a diverse array of components to avoid this. Especially if you keep switching harware and avoid Wintel, the mass surveillance won't have a hope of keeping up with you. Even TAO moves too slowly for that from what I can tell.

@ sidd

" the NSA has multiple ways of obtaining source code from tech companies, including asking directly and posing as a software developer"


@ Figureitout

Be sure to read Windows Internals if you're into that stuff. That's how a lot of security companies and black hats got started. One of its writter is Mark Russinovich: an interesting guy that seems to wear both hats.

@ Skeptical

We have to take it with a grain of salt. You're conclusion seems correct based on the available data and should calm people on the defense side a bit. Yet, we had similar data from leaks in the past that seemed to indicate they could only do X or were only attempting Y. Subsequent leaks showed that their capabilities greatly exceeded that, while plainly showing prior info (even classified) was disinformation to hide real capabilities. That FBI compels backdoors in software (esp crypto) while publicly complaining about how much difficulty they have with those same devices is a good example.

The Equation Group is probably TAO's offensive teams. The leaks indicate they're a mix of R&D and offense. Also, as I predicted in a post to you, many of the capabilities are initially developed in SAP's that are walled off from even people with Snowden level access. Summaries or tools are released to a select few. Over time, the audience might expand for a given tool. So, combining that with domestic and foreign subversion, people are right to still be paranoid about how much access they really have. I imagine the Equation Groups' attacks either (a) focus on what they haven't subverted partly or thoroughly, (b) hit machines they have subverted to hide that capability, or (c) both.

@ Wesley Parish

Why let them get to you like that? Best to just not share such information with weaker minds. Instead, figure it out yourself, find the problems, develop solutions, and try to deploy them in day-to-day work. If you do bring up the topic, say you read a report from firms that deal with breaches that said attackers have been reading combing through books on Windows Kernel to find exploitable weaknesses. The security experts recommended defenders do the same to plug as many weaknesses as possible before enemies find them. You're merely doing your part in finding the problems Microsoft's half-assed development team left your company with and mitigating as many as you can within reason (i.e. constraints).

They always get uneasy if hacking or bug hunting comes up. Yet, it can greatly calm their perspective of you if they see you as working hard to reduce their liabilities caused by greedy, software developers. Also remind them that breaches of all kinds, even temporary downtime, costs big $$$.

@ Gerard van Vooren

The Equation Group's malware targeted Windows, Mac OS, and iOS. The leaked NSA slides show they can hit all major mobile OS's and Windows/NIX distro's with plenty market share. Far as BIOS stuff, they can infect Linux systems and BIOS's that I'm aware of. So, we should assume the answer is no. Any privileged component can subvert another later on in the boot chain if it's compromised. That's the reason for TPM's chain of checks approach.

@ Clive Robinson

I've posted that here before too. There were investigations of corruption and such that might have motivated some suicides. Yet, so many scientists doing it in so many ways all at once is unheard of. The common method for clean teams is to space it out over time. That so many died in 1987 means that covert ops threw a large amount of resources at the problem. That they'd go this far on this program but not other similar risks raises questions.

1. Were their efforts a front for a deep black program whose results couldn't leak under any circumstances?

2. Why was so much effort put into killing these people but not others in similar work (successful or failed)?

3. Was the effort a practice run of their house cleaning capability? Both doing it and damage control in press/parliament.

4. Was the operation made obvious intentionally to send a message to future parties who are disloyal or uncooperative? All they'd need to do is reference the event in a personal conversation with recipient's Googling doing the rest.

This isn't the first time people who were a threat to covert ops community died in suspicious circumstances, esp with their evidence "missing." That the pattern repeats and often similarly means there's one or more organized groups that handle this sort of thing. Anyone trying to resist nation state activity or threatening the power of U.S./U.K. might get their attention. Hence, the only people that can resist these groups must have both excellent defensive *and offensive* security. The U.S./U.K. only hold off if the politicians think the blowback to them would be too great. That's dead bodies and ended careers.

Most can't handle all that. This is why we see them surround the embassy of Ecuador and intercept diplomatic flights but not attempt anything in Russia. They don't dare because the consequences would be both unpredictable and damaging. Only likely route to success is partnering with such powerful groups while having to give them concessions in return (esp backdoors). One is likely to become their pawn along the way.

Nick PFebruary 17, 2015 2:03 PM

Darnit: submited instead of previewed to do edits. Here's one.

@ Wesley Parish

I was going to revise it to add:

"Cite examples of six digit losses for small businesses in ACH attacks and eight digit losses for big companies in breaches. Exec's like having numbers to chew on and your loss plus likelihood numbers should exceed the cost of whatever you're proposing. That part gets easier all the time."

Nick PFebruary 17, 2015 6:23 PM

Good to see the problems of modern software projects are getting into mainstream consciousness a little bit. I posted plenty of comments which I hope a few find mind-opening. Reinforce the conclusions of Worse is Better essay, which mostly write despite author backtracking later on.

FigureitoutFebruary 17, 2015 11:57 PM

Wesley Parish
--Lol, that's's mildly interesting, I just want to be able to a) interrogate and clean my hardware (if it's possible which I'm doubting), b) prevent future infections, and c) potentially infecting my own hardware just for sh*ts and gigs (some rootkits actually have good security in keeping other rootkits out, and I tried to get another rootkit to overtake this rootkit, and I got a lot of malware but didn't overtake it). There's some other things I want to try w/ x86 (making a minimal OS, and by minimal I mean executing a program that'll write some hex-code to an area) before eventually trying something else. A lot of my work relies on it though, and will continue for a long time...I mean, if x86-64/32 WINTEL just disappeared tomorrow, how many computers would be gone? A damn lot. Entire companies would shut down (not to mention...Intel and Windows lol).

I don't really like surfing the web w/ windows, prefer at least live and no HDD attached. Here's another paper on HDD backdoors, found from /r/netsec:

Gerard van Vooren
--Dual-booting my infected machine w/ Ubuntu resulted in an *almost* immediate yanking of root from me. I can't recall what other clear signs something was wrong (should've documented) but it was so conclusive I stopped using it...If an OS boots after infected firmware, it doesn't matter what OS...That's why this sh*t sucks, b/c I can't enjoy programming on an infected machine.

Nick P
--Doesn't really interest me, just want to see what's happening and wipe or prevent it, *that's it*. Smaller OS's, I/O control (IOMMU-like stuff), stripping data flows down and setting a controlled rate of flow of data interests me more...I like data flow and how it changes states and forms (RF to sampled digital data and vice versa eg.).

Basically, if I can use a device that *can't* be touched even interacting w/ malicious code, that's what I want, that's a powerful thing. Means I can get what I want from highly untrusted places and have some I/O w/ my "secure" PC's...

gordoFebruary 18, 2015 2:09 AM

@ Nick P, et al.,

I agree the manufacturers and AV companies were complicit.

Here's a somewhat alternate take on the AV from a brief RT Q&A with CloudFare's Marc Rogers on Kaspersky Lab's Equation Group report:

RT: How come this spying operation was discovered after 14 years?

MR: I think, unfortunately it is kind of a testament to the fact that we only just started to get good at capturing some of this more advanced threats. Traditionally our anti-spy systems work based on signatures. Both signatures are taken from the malware that we caught. So it is kind of a chicken and egg scenario. You have to have it in order to create a signature for it and without that signature, you can't catch it. But these days the anti-virus companies are getting better at scanning these new threats and coming up with techniques at catching things, they don't have signatures for. And this led us to catching this. (last of the Q&A's)

[I mean it has been said that AV is dead]

Is Antivirus Dead?

SoWhatDidYouExpectFebruary 18, 2015 10:29 AM

US May Sell Armed Drones

From the post:

"Armed and other advanced UAS are to be used in operations involving the use of force only when there is a lawful basis for use of force under international law, such as national self-defense."

But why would we sell armed drones to others?

Well, those drones would also tell us when they are being used, where they fly, and allow us to control them. Most certainly, if they attempt to fly "here", then we could turn them back or disable them. In other words, from the perspective of outside buyers, the drones come already compromised. Further, if the compromise is overridden, a very low level (read: hidden) compromise will tell us that and perhaps the drone will self destruct.

Read the post as it also talks about "requirements" that we don't meet.

JacobFebruary 18, 2015 11:55 AM

@nick I agree on the operative character. It was chilling. The entire interplay of motivation, willful ignorance, knowing there is no place for him in society, the horror of seeing the pain of innocents. There is a very good dense article on IS. Well worth the read.

@clive and @nick. Yes if going against big organizations it is a dangerous game if you are actually a threat. Very few are. Most look for or will accept being bought out. I wonder how many would accept a job offer from the NSA? Some quote along the lines of if you are going to strike the king, you better kill others would settle for the crumbs of faint praise from defcon, Blackhat or the FBI giving them a business card.

Most of what I have seen is clever. But I really really want to see something truly revolutionary, unique. Something in OS or security that impacts everything like Einstein did with relativity. Hopefully I will see it in my lifetime. Instead we seem stuck trying to get Dragonfly to work on a Motorola 68000 or Sparc chip. ;) or watch Sneakers again....lolol

Markus OttelaFebruary 18, 2015 8:25 PM

@ Thoth:

I've been very busy lately so I've yet to dive deep into the castle vs prison allegory. But initially I'm thinking both have necessary attributes for secure systems. The prison side seems to have lower assurance features the main aim of which is to prevent accidental errors and make the job of attacker harder. Nick's castle model seems to rely more on trustworthy axioms that completely block some attack vectors. In a way, TxM is a castle, RxM is a prison with life sentence for everything that enters it.

@ All:
I've been playing around with ethernet to fiber optic converters and it looks like a medium / high assurance data diode can be created with COTS devices for less than á $80. Main benefits are speed and convenience at the cost of increased risks of interdiction and hidden storage. The idea of using converters was my own but Robert Gabriel beat me to it with implementation. I'm not familiar with the handshakes that occurs on device's OSI layer 1, but the LEDs that indicate bidirectional connection do not light up by connecting just two adapters with single fiber. It would appear that depending on the manufacturer, user must either use three or four converters per data diode. The fibers connect the devices in series: 1>2>3 for three device or 1>2>3>4 for four device configuration.

For three manufacturers there is a dummy adapter 1 that makes adapter 2 think it's receiving from 3, thus it reports to 3 that it's properly connected and 3 thinks it's ready to receive data. For four adapters it's more complicated: 1 fools 2 to think it's bidirectionally connected so 2 tries to report 1 it's ready to receive but this is actually forwarded to 3. 3 then thinks it can safely send and receive data and passes this information to 4, that then also thinks it's connected bidirectionally: the Tx of last one in chain must not be looped back to 1 although the 4 devices requiring models appear to work with three devices that way. There is simply no way to guarantee data can not loop from NH to TxM or RxM to NH that way.

The data diode additionally requires users to set static static IPs and ARP setting (arp -s IP | NH/RxM network card MAC) for sender interfaces. The best tool for file transmission was udpcast as it provides forward error correction with asynchronous UDP multicastings:

TxM: udp-sender --async --max-bitrate 20m --fec 16x16/128 -f filename
RxM: udp-receiver -f filename

I'm thinking this could easily speed up TFC, especially file transfer and OTP key transmission from TxM to personal RxM (or even contact's RxM in carry). Since there's added risk of covert storage in converters, OTP key data should be encrypted with symmetric algorithm while it's transmitted to RxM. I'll have to see if I can find the time to implement this as a setting for packet transmission and how API of Pidgin allows file transmission: This would greatly speed up file transmission.

Nick PFebruary 18, 2015 11:37 PM

@ Jacob

re operative

My favorite quotes that resonated a bit for me as a high assurance security engineer and guardian of democracy:

About the security failure: "Secrets are not my concern. Keeping them is."

On better world he's building: "I'm not going to live there. There's no place for me there... any more than there is for you. Malcolm... I'm a monster.What I do is evil. I have no illusions about it, but it must be done."

My resonance with the second quote needs a bit of elaboration. I think the Bourne Legacy writer made the best depiction of the concept. (Also great choice of actor to deliver the lines.) War with black hats, the nation states, and so on requires people going through more hell and paranoia than most can fathom. No telling how much evil might have gone into that war on both sides. Hard to imagine, if I helped create an ideal democracy, if I could even live in it like the rest could. So, both those statements hit me hard enough to pause and have some serious, introspection.

re unique or revolutionary

I'd like to see that, too. Thing is, security isn't actually that difficult at the fundamental levels. The cleverness goes into the implementation of existing concepts and to a degree development of new ones. So, judging by that, I'd define revolutionary as something that's incredibly different from COTS with holistic (eg not one attack vector) effect on security. There's two that I thought met that criteria and might be the enjoyable read you're looking for. Or at least closer to it.

The first is the SAFE architecture. I often reference its tagged processor. Yet, that wasn't the whole thing. Their architecture was a tagged processor enforing arbitrary safety/security policies at the word level, a programming language designed for systems programming + easy formal verification, a functional programming language for application development with information flow policy support, a formally verified runtime, and certifying compilers for their languages to the platform. As opposed to legacy-enabling CHERI team, I actually critiqued them for being *too* radical in their design: trying to solve every problem at once with risk of project team being overwhelmed or running out of funding before finishing.

The other is from a long time ago: FLEX and Ten15. Compared to mainframes and minicomputers, the FLEX machine was quite radical in its design. More importantly, the Ten15 VM was the first to try to emulate an idealized high level language rather than portable assembler. That it could integrate typed imperative languages with functional languages smoothly was pretty cool. That it integrated with tagged hardware for strong enforcement and acceleration of functionality was even better. Too bad market forces killed it off before strongly typed languages and application VM's went mainstream.

There's also a few possibilities in the Capability-based Computer Systems ebook. Burrough's architecture set the baseline for how safe and manageable a system should be at a minimum. Hydra hardware and software innovated in quite a few ways. Intel's i432 was so radical (and unsuccessful in market) that nobody has attempted to put that much power into a CPU since. System/38 actually survived the market (eg AS/400, IBM i) albeit shedding its hardware-enforced security. Lots of neat systems in that book along with analysis of strengths and weaknesses.

Hope you find some surprises in these. :)

Note: If you want truly radical, check out this exascale, computing proposal. It's not security focused. Yet, it uses continuation style and Shapiro built a Scheme security kernel. So, in theory, the two could be merged so long as the exascale proposal can even be built.

@ Markus

"In a way, TxM is a castle, RxM is a prison with life sentence for everything that enters it."

Awesome application of the metaphor! Lol.

re diode

There's also one-way ethernet and infrared ports. Clive originally suggested infrared as an alternative to physical connections and omnidirectional wireless. Worth considering.

Wesley ParishFebruary 19, 2015 1:12 AM

Some news of interest, referenced via Slashdot (or course :)

FreeBSD random number generator broken for last 4 months which is grim.

An array of articles about various TLAs looking for cyberwarriors:
US army and British intelligence launch new drives for cyber-warriors
Army Reserve launches private-public partnership for cyber warriors
GCHQ launches Cyber Insiders Summer School

Also known as "putting lipstick on the pig" and "teaching a pig to sing". With the Internet so carefully hobbled and crippled security-wise, it's pushing shit uphill in a monsoon.

Dirk PraetFebruary 19, 2015 9:33 AM

Lenovo with their pre-installed Superfish adware seem to be a serious contender for the "Security Bastard of the Week" award. MITM attack on user's SSL-sessions to injects ads, including persistant bogus root CA certificate even after software removal. This is downright criminal behaviour.

Clive RobinsonFebruary 19, 2015 10:11 AM

@ Nick P,

With regards the "one way" network cable link page, it's mostly dead or usless links these days, due to changes in the ethernet standards from half (hub) to full (switch) duplex and auto-negotiation, and many of the sites being re-aranged or bit rotted away.

Whilst you can still find some links via the google search do not use any that use capacitors, it's unreliable for various reasons thus not secure in usage. Further just cutting the TX wires from the sniffer on 10/100 does not work due to auto-negotiation requiring them which means you need to fake a few things to fool the interfaces into working. Further passive TAPs don't work on GigEth because the four twisted pairs are used bi-directionaly that is both ends transmit and receive on all four twisted pairs at the same time.

One method that used to work with Cat5 wiring with some hubs was,

But as I've not had to use it with anything other than old kit I'm not sure how it works with newer switches etc. My active tap is made with old 10BaseT AUI's where I've cross wired the relevent signals out of the D-Types and faked the signals (ie IN-tx goes to OUT-rx, and OUT-tx goes to IN-rx as you would expect, IN-tx also goes to TAP1-rx and OUT-tx goes to TAP2-rx the tap tx's go to load resistors as do all the collision connections and heartbeat etc is turned off).

This document is based on kit from a decade ago but explains quite a bit of what you need to know when working with 10/100BaseT Cat5 UTP cables,

And Hackaday has an instructables and other articles on making a UTP TAP for 10/100 cables,

The original "throwing star TAP" got an upgrade, and also will work in some GigEth simply by breaking it back down to 100BaseT,

The thing to remember about passive TAPs is they not only change the characteristic impedence of the twisted pairs they will also introduce reflections that will cause time domain distortions to the signals so you need to use total cable lengths down below 1m.

Active UTP taps use PHY chips with the wires carefully sorted out on the PCB to prevent issues in a similar way to the way I did using AUI adapters.

Optical taps can be active or pasive, but passive degrade the signal. You can use 80/20 taps on most modest or less runs, but don't expect things to work if you have runs longer than around 30% of the max recommended length.

NateFebruary 19, 2015 6:04 PM

A new Snowden on the Intercept. This one's a biggie. GCHQ pwned the entire corporate network of Gemalto, a Dutch-based multinational (with offices in the USA as well) that makes SIM cards and high-assurance security devices sold to the US DoD. They did it explicitly to steal master encryption keys. It reveals again just what 'targeted' attacks mean: If you work in crypto, you are a target. Combine that with EquationGroup tools and I find it very hard to find any reason to support these agencies in any form.

AnuraFebruary 19, 2015 7:18 PM


Not in the least bit surprised. This is exactly why you should try to use PFS for any protocol with online communication. Of course, ideally, the ephemeral key exchange should be end-to-end, but one step at a time.

SoWhatDidYouExpectFebruary 19, 2015 7:38 PM

How NSA Spies Stole the Keys To the Encryption Castle

From the Slashdot post:

"AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden. The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world's cellular communications, including both voice and data."

Nick PFebruary 19, 2015 8:47 PM

@ Clive Robinson

Appreciate the thorough reply. I've been super-busy at work and too tired to think much on it tonight. Hopefully, tomorrow or next few days. :)

@ Nate

Thanks for the link. Much as their chips should hinder NSA, I knew there had to be *some* reason they were favorable with the U.S. government. Subversion was the likely explanation. Now we know for sure. Now, Thoth can see why I've been dodgy about smartcards and HSM's unless they're homebrew or checked by other hardware.

There is some potential good news in the hack. Like Skeptical pointed out, attacks like this might indicate they don't have as much cooperation as people might worry about. If Gemalto wasn't backdooring anything, they'd need to hit them offensively. So, the leak *might* imply that the company in the Netherlands wasn't cooperating on backdoors. Alternatively, they were cooperating with deniable weaknesses and they let it happen on purpose. There's a few other possibilities but these are two significant ones with precedent.

JacobFebruary 19, 2015 9:22 PM

Thanks! I will look at them.

I wonder sometimes if we are going to have to find a modulated signal from aliens for the next real revolutionary jump in technology or physics. Nod to physicist KAku on that one. I do think eavesdropping is our best hope. Given signal strength degradation over distance versus background noise I am not holding my breath. Nice to find someone who can digest and consider what movies or series can offer.

Leaks seem to back up my thinking that state players can look at anything and just might be doing that. The problem is human nature has not changed. Secrets unfortunately are necessary even in the Star Trek world, let alone when we find ourselves fighting reavers. ;) I'll leave the discussion concerning who created them for another forum......

WaelFebruary 19, 2015 11:16 PM

@Dirk Praet,

"Security Bastard of the Week" award

If only the Moderator could add another section of "Security Theatre" -- Movie of the week, starring the security bastards :)

Clive RobinsonFebruary 20, 2015 1:10 AM

@ Dirk Praet,

From a security perspective Lenovo puting such "spyware" software on their hardware is not realy any different than putting on "AV"company trash, they both spy on the user's activities.

It's the user perception that is the real problem in that preloaded "AV spyware" is seen as OK, "Search spyware" is NOT.

Personally I do not want either, at best I regard such "freebies" like all those trash inserts in magazines I buy, junk mail I get sent and the neighbours cat that craps in my garden, ie it's sombody elses 5h1t I have to clean up. At worst it's a violation that is guaranteed to be a security flaw that also steals my property, just like a thief that breaks into your home.

Back in better times you used to get OS CDs etc, so you could just scrub the HD and reinstall what you want. These days you get a hidden partition --if you are lucky-- that you might be able to write out to CD if the manufacture --as HP did-- has not screwed it up. Howevere the hidden partition useless as it is, now also comes with all that spyware built in so scrub/reinstall is nolonger an option, you have to go through a lengthy de-install and find all the crap that somehow gets missed by the unwanted spyware deinstallation routiens...

It's often actually easier to just scrub the whole "MS OS/Windows" experience and install an Open Source OS instead...

The problem of course is the warranty flies out the window when you do either option, oh and it's not something the average user can do.

WaelFebruary 20, 2015 1:42 AM

@Clive Robinson, @Dirk Praet,

It's often actually easier to just scrub the whole "MS OS/Windows" experience and install an Open Source OS instead...

That's not guaranteed to work either! Some BIOSes contain crapware that will consistenlty reinstall said crapware if removed. You'll need to flash your firmware instead, if you can. Then you may clean your drive. Other stealthy firmware images (HW, Net cards, Sound cards "Bad BIOS thread discussions") will be more challenging. I wonder if a Hard Drive firmware caused the Bad BIOS sound infection vector of air-gapped machines. Maybe that's what caused @Figureitout's disk problems as well. There was another person who complained about such problems last year, but his name escapes me (I am thinking it was @name.withheld.for.obvious.reasons)

Gerard van VoorenFebruary 20, 2015 5:12 AM

@ Jacob

gerard you touched something I am curious about other than the technical aspects of infiltration. How could an organization or individual prevent these types of attack? Boxes between network or devices from outside?

Of course it is purely hypothetical, but why not extend that idea?

What if there is a central software storage point on your computer of all HW control software instead of storing the software on the device itself? So that when you attach a new device that device sends some info to the central storage point and the latter checks whether it is a known device. If not (and we are still talking about a layer below the OS) it will pop-up with the question of the software install. The benefits are two sided:

1) Simple and uniform maintenance. There is only one storage point. Manipulating data is straightforward and convenient, for *all* HW control software.
2) Since the software is *not* on the device, the security can be simple and can improve isolation and compartmentalization. Also the software could be stored on / backup-ed (?) to an USB storage device.

Challenge: How do you activate a device when it doesn't touch the control software at all? I can think of that the software is downloaded to the device each time it reboots or otherwise that it only communicates with the central software storage point without having the software at all (think microkernel approach).

Dirk PraetFebruary 20, 2015 6:09 AM

@Clive Robinson, @Wael,

That's not guaranteed to work either! Some BIOSes contain crapware that will consistenlty reinstall said crapware if removed.

Fortunately, it doesn't seem to be the case here. Meanwhile, Lenovo's CTO has formally apologised for this clusterf*ck after an initial support statement that "there was no season for concern". They have made full removal instructions available, and quite some folks have put up pages to check whether or not a machine is infected.

Alas, it doesn't stop here. Security researcher Mark Rogers has found out that these poisonous Komodia certificates and the redirector technology behind it are present in quite some other products too. The company, founded by a former Israeli IC guy, currently has a placeholder on their frontpage claiming they are under DDOS. Incredibly lame. I hope they go bankrupt. Worst case scenario, they can still do contractor work for the likes of NSA and GCHQ.

All by all a very dazzling week in infosec: Equation Group, Lenovo/Komodia, Gemalto, Carnabak and Babar Elephant. It doesn't look like we're gonna be out of a job anywhere soon.

Leia OrganaFebruary 20, 2015 3:44 PM

@ Wael:

"I wonder if a Hard Drive firmware caused the Bad BIOS sound infection vector of air-gapped machines."

Wireshark should, but probably won't, add an audio recording feature for the area around suspect devices. (maybe using Audacity?)

Tune in to:

for a virtual war of words and information galore!

WaelFebruary 20, 2015 6:58 PM

@Leia Organa,

Wireshark should, but probably won't, add an audio recording feature...

That maybe a good start. What if the audio is encrypted or encoded in a proprietry format? All you can tell is the existance of some audio communication channel.

WaelFebruary 20, 2015 10:26 PM


I'll read this thread carefully later tonight. I can't easily read between the lines like @Clive Robinson once said ;)

FigureitoutFebruary 20, 2015 10:44 PM

Wael RE: "my disk problems"
--That's not it, my problem that kills me is all the rather large chips on a motherboard that I don't have the time to verify using even standard tools and the circuit's too large. Initial infection vector I'm almost 100% sure was not sound, it was internet (while I was being a dumbass and practicing terrible security, then I got fed up and "broke down" and starting going nuts trying to get as much malware as I could on my PC's to a) get the previous malware out in the open and b) mess w/ operation of original malware) and physical implants which is a threat that will destroy you, plain and simple; you won't accomplish anything whatsoever constantly fretting about it, it's a "2-way" threat, that any attacker is just as vulnerable to (perhaps they gave up their novel attack due to it).

I'm managing my other PC's too (decided I'm not going to be a dumbass and keep using a PC w/ blown caps and keep playing my luck b/c I don't want it to die via some unsafe circuit created due to a frickin' failed capacitor bank) and projects, work, school...too little time. Due to money issues I'm actually using this computer that one day a SATA controller on-board ceased working so a regular HDD does not work at all, it has the most RAM of any PC I own, and I like me RAM.

You know my situation, physical access to a PC can reflash chips right there or just infect OS or plant bugs in all the electronics in my room. We can privately discuss sometime b/c I'm not going to go on about the hell that never seems to go away w/ me. As you can see at /r/badBIOS, it's not a pretty picture when the paranoia gets you and the attacks are real and get into practically every aspect of your life due to bad security and OPSEC not separating them. Only people who've been attacked will understand, until then, keep making fun of something you haven't experienced yourself (not directed at you, but others). I don't shield my computers (accoustically and otherwise) and my house and have an enclosed shielded room w/in my shielded house b/c...well money firstly...and b/c I'm not going to keep retaking the casing off until I flash all the chips I can w/o taking them off the board (so like 1 or 2 eh? lol) and install new HDD's w/ my custom OS (leveraging other code of course as I can't do it all myself, but I must be able to follow it).

Off that /r/badBIOS page, there was a blogger who called out badBIOS as bullsh*t, he may be right, and I agree so much w/ this post:

He's too dismissive though like your typical engineer any argument begins and ends w/ "I'm right, you're wrong". And doesn't seem to understand why people can't trust anything, (yeah sure, let me just get a basic tool off ebay b/c my mail has never been tampered w/ before and ebay is always a trustworthy source of components).

B/c of the BIOS updates we have VIA THE OS, WINDOWS OS that we have now. I don't trust that sh*t at all. And now UEFI "standard" making an exploit at that level have a much higher reward if it succeeds. And something that no one seems to bring up (a massive gorilla in the room), is firmware updates to routers VIA ETHERNET, how goddamn dumb is that?! Give me a f*cking jumper it's not that bad and electrically block those programming pins, as it stands I'd have to make my own router and still using the frickin' modem provided which I don't trust from service providers. Bah, anyway it's all bullsh*t trying to do security on the internet unless you encase a file in encryption and compression w/ a machine you no longer care about.

To end on a good note though, had a good day today (how was yours?), found out this bug which I was working on for day and a half and man it's so simple once you find it! Every f*cking bug is easy when you find it! Debugger was useless, just needed to use my head! Gah! Anyway, it's the best feeling, want more lol. Close to field-testing on my first professional product! Been working on it for months.

Markus Ottela
--Cool, be sure to send him a pic of your setup as he may help you out. In near future (meaning probably summer) I'll be doing a homebrew cross-cable or ethernet tap (Ossman's "throwing star" is a nice hack that may just work w/ my regular internet).

BuckFebruary 21, 2015 12:48 AM


Wow! Perfect connections! ;-)
Still re-absorbing, but that thread is certainly info-rich... I can still recall my state of mind on that particular holiday, and it was definitely a good one!! Is it just me, or does all of this reminiscing make you wish you had a full record of everything you were reading/saying and the places you traveled to at the time...?

Safe travels! Hope you remembered to charge all of your batteries... :-D

WaelFebruary 21, 2015 3:28 AM


Is it just me, or does all of this reminiscing make you wish you had a full record of everything you were reading/saying and the places you traveled to at the time...?

Not just you. I remember a lot of it :) I'll read that other thread later on... Kinda tired!

Apparently I arrived safely, and my batteries are still charged!

Clive RobinsonFebruary 21, 2015 4:25 AM

@ Figureitout,

... had a good day today found this bug which I was working on for day and a half and man it's so simple once you find it...

Yup it's a good feeling, I tend to view "mistakes" as anything that takes less than 90% of the total resolve time to find, "bugs" are those that take 95% or more of the time to find and less than 5% of the time to fix.

I've had some nasties in my time that have taught me things, one was my very own version of a bug your dad might have mentioned "Oscillators that don't and amplifiers that do!"... the story of finding it is long the resolution was pull out two pin compatible OpAmps but with different cut of frequencies that were in effect in series and put them in the opposit order.

Another one that took days to find was on a CPU card, it would just lockup occasionaly and if reset or power cycled the problem would go away for days at a time. The problem was it was using an electrolytic cap in a reset circuit, the person who built it had put the dam thing in the wrong way around... you could not see it because it was surounded by other larger caps that were all orientated the other way to the reset cap. The lesson from that was when you design PCBs make sure all the components that are sensitive to polarity face the same way when grouped together.

Then there was a microcontroler with inbuilt keyboard interupts that would wake it from a sleep mode, and the key debounce software that ran in interupts... very very occasionaly it would lockup, the solution after much head scratching was to move a single line of assembler code up three positions, to break a race condition caused by improperly documented CPU behaviour in the data sheet.

As has been said "these things have been sent to try us", and the success is no less sweet, because nobody else understands the problem or the chase it caused.

Oh and on getting your first professional product out to trial, I hope it works well and is a success, and may you have many more.

FigureitoutFebruary 21, 2015 11:14 AM

Clive Robinson
--Yeah the thing is (being honest), I'm making the (application) C code better to read (as Nick P posted an article from NASA about functions no larger than a page, I like to stare at it w/o scrolling & scrolling and open up another file...I've gotten better at just focusing on a particular bug instead of getting off track trying to do too much), but I may look into somethings in future to remove all spaces in C code for flash, as well as removing comments for production code so in the event some random external attacker (I've heard some shady things from competitors, everyone does it, buy 1 product and check out what competition is doing; Apple/MS/Amazon/Google etc. being big examples w/ long histories of stealing each others IP and if they aren't first then release a crappy knockoff cheap to try and get some of the marketshare) tries to dump code and then either reflash w/ dumb code and place back or just locate where they could fill up memory w/ garbage (via RF) or jam device will have a fun time w/ that obfuscated turd (someone in my PC at dev time, I can't concern myself w/ that it's too much of a threat, almost every single security proposition begins w/ "in the event of physical access all bets are off"). It'd be a spectacularly evil thing to do, but not beyond the realm of some degenerates out there.

At a certain point you know, I compare it to just walking up and stabbing someone on the street, I can't approach every single individual as that kind of threat like I can't actually vouch for every single bit of code in my tool chain (but if someone pulls a gun first you're generally at their mercy until they either cap you or turn away after nabbing your wallet, keys and phone). If our society (metaphor being our technology tool chain) is that degenerated then the robber will get robbed too and a general decline will continue until there's no value left.

Anyway, that's all a given I know you know but it really drags me down. Just want to direct that meanness to the people that deserve it.

Moving on, yeah thanks (I'm sure you could've shipped the same thing (improved/optimised/safer code and design of course) in a couple weeks to a month at most lol..) I'm trying to be ready in advance for fails in the field or new features to add on, I saw it before and it'd be really nerve-wracking, you have like a week to find a bug and get it back to customer or you lose customer...

It would've been cool to work w/ you back in the '80s or 90's or 00's when you either see a problem before or after shipping, to see how you approach it. Haven't talked w/ my dad about oscillators and opamps b/c I'm not qualified lol, he'd just laugh at me. He can't code though so I got that on him (turbo pascal is the last code he wrote). I'm still in basic circuits class and I just bombed an easy test I didn't study enough for. I don't think I can do school/work/projects and extracuriculars as well. And yeah we had a board problem w/ a backwards component (that makes me really mad, "you had one job...", it's a damn pain to debug such a dumb problem w/ surface mount parts). As my dad replied when I asked what could go wrong, "Everything can go wrong".

WaelFebruary 21, 2015 4:58 PM


To end on a good note though, had a good day today (how was yours?)

Always nice to end on a good note. My day was fine, thanks! Hopefully the products you work on will make us more secure :)

Me and my "e"s...

FigureitoutFebruary 21, 2015 6:09 PM

My day was fine, thanks!
--All you're gonna say? Boring! :p Where'd you fly to?

Hopefully the products[...]
--Well there's numerous issues right out the gate that are practically unsolvable "on a budget" and w/ a need for sleep.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.