Friday Squid Blogging: Giant Squid Lore

Legends of giant squid go back centuries:

In his book “The Search for the Giant Squid” marine biologist Richard Ellis notes that “There is probably no apparition more terrifying than a gigantic, saucer-eyed creature of the depths… Even the man-eating shark pales by comparison to such a horror… An animal that can reach a length of 60 feet is already intimidating, and if it happens to have eight squirmy arms, two feeding tentacles, gigantic unblinking eyes, and a gnashing beak, it becomes the stuff of nightmares.”

[…]

It’s a Lovecraftian horror that resonates in the human psyche, though the giant squid are not aggressive against humans and typically feed on other squid and deep-sea fish.

It’s likely that the giant squid served as the basis for centuries of sea monster reports. Ancient sea stories told of the fearsome Kraken, a huge many-tentacled beast, said to attack ships and sailors on the high seas (known to modern audiences in Liam Neeson’s “Clash of the Titans” command to “Release the Kraken!”).

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Tags:

Posted on June 5, 2015 at 4:51 PM174 Comments

Comments

Jacob June 5, 2015 5:02 PM

The Intercept ran a story and a Q/A session with Microsoft regarding their disk encryption product. The MS spokesperson was fairly cooperative and responsive, but one worrisome response caught my eye:

“I asked Microsoft if the company would be able to comply with unlocking a BitLocker disk, given a legitimate legal request to do so. The spokesperson told me they could not answer that question.”

https://firstlook.org/theintercept/2015/06/04/microsoft-disk-encryption/

Shakes June 5, 2015 5:12 PM

Inquiry Into Amtrak Derailment Is Slowed by a Maze of Cellphone Data
http://www.nytimes.com/2015/06/06/us/inquiry-into-amtrak-derailment-is-slowed-by-a-maze-of-cellphone-data.html

The engineer, Brandon Bostian, has given regulators the password to the phone and the agency has access to its data from his carrier, Mr. Hart said. But the investigation has been slowed because of the way the phone carrier stores that data. For example, the voice calls on Mr. Bostian’s phone were in one time zone, while the texts were in another, he said.

Apparently NTSA and mobile service providers don’t comprehend UTC. Holy, holy crap.

Alfred Pennyworth June 5, 2015 5:12 PM

SourceForge has come under fire for their policies. The wonderful product Password Safe is among the projects on SourceForge. Can Bruce rescue Password Safe from this horrible fate? Turn in next week, same Bat Time, same Bat Channel.

HoweLong June 5, 2015 5:23 PM

How long until this squid post gets taken overwith by long winded many worded low content spam like the last did?

WTF is going on on this blog anymore?

Is this someones backchannel code comms system? SpamBot refinement tests?

name.withheld.for.obvious.reasons June 5, 2015 5:27 PM

With the use of Executive Orders (EO) from the office of the President of the United States of America, the question of jurist prudence arises. Executive Orders and other non-statutory rules and regulations define the scope and extent of action that can be taken within the government in support of government activities.

Where an EO affects public policy, that a citizen becomes impacted directly or indirectly by EO based actions it becomes apparent that there is a “statutory” relationship established by that action binding the federal government to the citizen in law. As an action affects the citizenry, the ability to seek redress stands as an action a citizen shall exercise seeking justice for injury. EO-based actions that affect the citizenry makes implicit (I would consider darn near explicit) the proviso under the First amendment to the United States of America Constitution.

Under EO 12333, where electronic data is captured in bulk and without restriction, the policy effectively renders my private property, public. It is as if I live on a military base, where what I do, say, write, communicate, or transmit is subject to military law/justice. WELCOME TO THE RESERVATION, PILGRIM…

Clive Robinson June 5, 2015 5:51 PM

@ Jacob,

It’s a worry for sure, because it’s a “meaningless answer”.

However what is of more concern to me is why they ditches the Elephant Diffuser in the crypto.

The argument is that due to AES moving into hardware and with increasing use of Solid State Drives the “software” overhead of the Elephant Diffuser was to great…

It’s a “cop out” because if MS had left it in, it’s an almost certain bet that both Intel and AMD would have added hardware support for it.

Which begs the question of why MS went with a known significant weakening of the crypto?

Michael June 5, 2015 5:54 PM

@Jacob:
I can understand Microsoft not wanting to answer that question, as there is no answer which will please everyone.
If the answer is yes, then the security and privacy communities will be up in arms, saying that it is no better than no encryption at all.
If the answer is no, the FBI, NSA and the White-house will cry wolf, claiming that Microsoft is acting irresponsibly, providing protection to terrorists and paedophiles.

anon June 5, 2015 5:54 PM

https://wikileaks.org/tisa-financial/

I hate to say it, but I think it’s becoming clear that democracy has become a giant failure for most of the first world countries. Laws and policies now are almost entirely driven by corporate greed.

“In a significant anti-transparency manoeuvre by the parties, the draft has been classified to keep it secret not just during the negotiations but for five years after the TISA enters into force.”

How on earth is keeping international trade regulations and negotiations secret in the best interests of the general population?

“The leaked draft also shows that the US is particularly keen on boosting cross-border data flow, which would allow uninhibited exchange of personal and financial data.”

Marcos El Malo June 5, 2015 5:59 PM

@name.withheld.for.obvious.reasons

Remember EO 9066? It only took 46 years for my family members (that were interned and didn’t die in the intervening years) to receive redress for that little thing, so nothing to worry about.

Clive Robinson June 5, 2015 6:47 PM

@ anon,

It’s rather more worrying than it appears at first.

I’ve commented on TTP etc here a couple of times in the past, but it’s always been over shadowed by other security concerns.

Whilst not directly ICT security related what it does enable is unelected corporates to force legislation in other sovereign nations to be favourable to them. The cases are usually secret but the Australian Healthcare issue should give people major cause for concern. Also more recently the EU dropping planed regulation against “proven harmfull” to stratigic wildlife agricultural chemicals due to grumblings from US based Agro-Chem companies wanting to dump their lucrative toxic products on EU soil. It reminds me of the plee in the Jodie Mitchell song asking the farmer to put away the DDT so we could have the birds and the bees…

The fact that the UK Prime Minister signed without a qualm suggests he’s most definatly not looking after UK Citizens interests.

Personaly I think it’s time we dumped “The World Bank” and GAT etc and go for a totaly open process.

Jacob June 5, 2015 7:01 PM

@Clive,

The decision to discontinue the diffuser in Windows 8 is indeed enigmatic. The code is still there, since I think you can still decrypt disks encrypted under WIN7 with the diffuser on.

If the discontinuation was done for nefarious purposes, one would expect a more subtle approach from a company that also controls the related closed-source OS, where security changes and subversion could go unnoticed without any professional uproar or PR strenuous explanations (e.g. gaming the RNG used in the encryption process).

Benni June 5, 2015 7:26 PM

News from BND again:

german company names in the selector lists?
“Well we have found this. Thinks like that happened sometime…”

http://www.spiegel.de/politik/deutschland/bnd-affaere-verdacht-auf-wirtschaftsspionage-erhaertet-a-1037370.html

https://magazin.spiegel.de/digital/?utm_source=spon&utm_campaign=centerpage#SP/2015/24/135322467

and there is the news that BND collects much more undersea cables than presently known.

For now BND admits only 2 operations which are closed, but it turns out there are at least 10 more which are blacked out in the documents that BND sends to parliament: https://netzpolitik.org/2015/angezapfte-glasfasern-bnd-und-kanzleramt-verschweigen-zehn-weitere-internet-abschnorchel-aktionen/

The german government claims that active operations, operations in foreign countries, operations of BND alone, and operations with other agencies than the 5 eyes are not subject of the NSA investigation comission. But this is wrong, since BND shared everything with NSA, these operations appear to fall under the NSA investigation comission too.

Interesting are BND’s partners:

For example spain where BND monitors nodes from middle east and africa. Spiegel claims in this article from 1996 that BND’s own mass surveillance capability is ranked third, directly after NSA and GCHQ. And interestingly, es early as in 1996, spiegel wrote that american and french services openly do industrial espionage. http://www.spiegel.de/spiegel/spiegelspecial/d-8870237.html

Another interesting partner of BND is: China. and the Russian FSB who operate common surveillance stations.

This spiegel article says:

http://www.spiegel.de/politik/deutschland/neue-vorwuerfe-bnd-soll-russland-im-kaukasuskrieg-geholfen-haben-a-72841.html

During the first days in the Chechien war, BND worked intensively with the FSB. “It was an intensive information exchange, and the partners always found a common language”….

Where BND’s surveillance station is?

Well BND observes Asia, Afghanistan and the russian Caucasus from its surveillance station in the Pamir mountains, whose data it gives to FSB. But FSB is not BND’s only partner.

In fact it BND is operating the listening station together with the Chinese secret service!

The construction of the station was finished at first in 1985 and has cost 26 million D-Mark at that time. It was financed by the german government.

So, one has to assume that all this BND data from asia is searched through with an NSA selector list, and a copy of the results gets to NSA, FSB and the Chinese who operate the station together with BND……

So this is where this all leads to:

A “partnership” where authoritarian regimes like China, Russia, the americans, and europeans work together to aquire bulk data from everyone on the planet and exchange all this happily…..

Benni June 5, 2015 7:32 PM

Probably, the chinese like it, when NSA searches for terms like “mercedes”, BND puts this into the surveillance station for asia, and the chinese services who operate the station with BND then get all the results for “mercedes” in china….

Benni June 5, 2015 7:38 PM

In the NSA investigation panel, BND repeatedly claim that it would not be worrying when BND agents search communications from Afghanistan after german companies. Indeed, most german companies probably don’t work there.

But according to the spiegel article above, BND’s monitoring station sits on the Pamir mountains and gets communications not only from Afghanistan, but also from Russia, and China, and it is the Chinese who are doing the work in the station together with BND…….

So if NSA gives its selectors to BND, they are not only tapping communications from Afghanistan but the selectors are applied on large part of Asia and they are analyzed with Chinese partners….

name.withheld.for.obvious.reasons June 5, 2015 8:12 PM

A new hypothesis is forming, with recent network activity I have seen a change in network traffic that suggests an aggressive form of state-based cyber activity. An external firewall, a proxy, and another network layer (firewall and logger), connects clients to the interwebs. The external firewall is logging a whole host of port scans from sites hosted by what I can only summarize as “government” related. The port scans vary in aggressive (100’s of ports in a second) and stealth (1 port every 10 seconds, but in parallel) and looks logically or serially across port numbers.

So, for example, a node from twitter space does a port scan (tcp, udp) 22, 23, 25, 80, 137-138, 443, 445, 808, 1900, 3389, 8080 and others. Another scan also emanates from amazon space that scans client addresses (typically between 32768 and 65535) as though it is looking for an open router port translation on a running client. Other addresses include those in Microsoft space and even various ISP blocks. Is anyone else seeing this?

My suspicion is a scan back trying to penetrate my network due to my own LEGAL activities. I have to admit that I am sure my “browsing” activities may be triggering automated “hack-back” tools that has been discussed but never disclosed. I have been keeping paper logs of the “hack-back” as evidence, if necessary, to refute whatever BS is associated with this activity.

Justin June 5, 2015 8:50 PM

@name.withheld

I’ve seen similar in the past. Your network just ended up on some botnet’s hit list. I don’t think it is any indication that the operators of such botnets would be aware or interested in your “activities.” If anything, somebody gained an inkling that you are running a system that would be valuable to recruit for a botnet.

So, if you run SSH, run it on a non-standard port and use good passwords, or better yet, disable passwords and use public keys. Then block those ports you don’t need in stealth mode, i.e. don’t even bother returning RST packets. Use the most secure up-to-date operating system, software, and settings you can for any services you do run.

The only reason to collect evidence is to be able to say, in the event attacks and/or spam should emanate from your system, “I was hacked.”

Thoth June 5, 2015 8:59 PM

@Figureitout
From the previous Squid section, regarding the HSM, it’s one thing to make security of the HSM secure enough and it’s another thing to make it more secure enough with little less user changes and problems if it can still can be done with a little more cost on the HSM maker’s side. What I am referring to is to mandate HSM to have a secure PIN entry method from the front panel of a HSM whenever a token is being used but the convenience of
keyboard entry from the plain PC in front of the operator is too easy to forget security which could have been easily implemented on all rack mounted HSMs but only a few went that direction.

Regarding the disturbing symptoms of OPSEC in HSM security and in general ITSEC environments, the fact is most users dont know what is going on and most ITSEC only understand Anti-viruses, Firewalls, DLP solutions, SIEM solutions and the commercial usual stuff. Once they enter into the domain of Crypto like the HSM, it becomes esoteric and OPSEC diminishes quickly.

The plain answer is most people are not schooled in Crypto, neither do they attempt to find out on their own and try to ask nor are they even remotely bothered to do so until the management asks and they try to rat around their words, paint some pictures of Powerpoint slides and slip pass the radar of the unknowingly blinded management.

I have seen some people who do not know about SSL/TLS nor Crypto trying to piece a picture and getting the picture all wrong and somehow everyone’s engrossed in the faulty SSL/TLS explanation in my customer’s workplace and all I could do is shake my head because they are not part of my scope of work and neither are they involved in my projects whatsoever.

I am not sure if we are still in sync on the topic anymore 🙂 .

Let’s put it this way, if you put a process too complex, the OPSEC diminishes more. The users must have awareness at a basic level before he can see the reason of his OPSEC-based actions otherwise he finds it meaningless. In the case of a customer hording all the HSM tokens, he might think that it will be very convenient to control all the tokens in a single point but failed to realize the use of a quorum based HSM token system is to require mutliple factor control to control the HSM’s functionalities. That is one good example a basic knowledge of ITSEC and Crypto is required for operating a HSM instead of asking random IT guys to hold a token.

tyr June 5, 2015 9:25 PM

@Benni

You seem to be saying that no national government
has oversight or control over the intelligence
agencies. On one hand you have USA trying to get
a leg up on the Rus and accusing the Chinese of
stealing their employee data and you say they are
all in bed swapping data behind the backs of any
oversight possibility. It sounds like the crooked
arms dealers who fomented WW1 in collusion with
the leaders of the countries involved.

So what happens next ?

Jacob June 5, 2015 9:28 PM

FROM CNBC:

“The Chinese draft law also asks foreign and domestic tech companies to hand over encryption keys and install “backdoors” for China’s central government, under the stated rationale that such protections will help combat “terrorist” activities. “

At least the Chinese doesn’t claim the “what about the children” rationale as western governments do.

Now we can hope(?) that a western equipment maker would have a separate production line for the chinese market, but a corollary of that new law is that all chinese-made equipment, e.g. my switch or modem or notebook, will have a backdoor in it by law.

Nick P June 5, 2015 10:15 PM

@ Clive
re TPP

It actually is security-related because of the data provenance provision. Getting data into intelligence agencies territory helps them grab it. Commercial entities can leverage same power through Discovery process. Hence, this passing is a direct threat to the security of governments or companies trying to leverage jurisdictional requirements for security.

@ Jacob, Clive
re Intercept’s Bitlocker Story

I commented over there and on Hacker News. On Hacker News, I got these replies:

apbsd mentioned the change was closer to Windows 8 where Microsoft was aiming at tablets and ARM chips. That poster also said Elephant dropped performance down from 10-20 cycles per byte to 5-10. Not sure how much impact that of overall throughput but it’s significant at microbenchmark level.

Matasano’s Ptacek said: “I’m not interested in debating Microsoft’s motives, because the engineering issues here are straightforward. The Bitlocker “diffuser” code attempts to make it harder to make targeted changes to plaintext, without making it Hard to do so, because making it Hard is prohibitively expensive. No mainstream full-disk encryption scheme makes it Hard to tamper with on-disk plaintext. The best anyone does is allowing attackers to randomize a wide-ish block at an attacker-chosen offset. It is hard to use that primitive to pop calc.exe on boot, but it remains a powerful primitive: attackers can replace integers in trusted code or data files with very very large integers, and then exploit the resulting memory corruption. ”

Your thoughts?

@ name.withheld

Justin’s explanation seems possible. Likewise, we know the NSA’s people are stealth masters and would look like the Internet’s background radiation. Just be sure you’re using proper app-layer security and guards (esp custom) to protect anything secure. Make sure your monitoring system is data-dioded. Protect the logs and whatever analyzes them. These principles with your existing practices should spot any advanced intrusion.

And it goes without saying these days to make sure nothing you use has chips with wireless or radio built-in. Preferrably with open, verified firmware too. They hit all of these things with pre-made kits now.

Jacob June 5, 2015 11:11 PM

@ Nick P

Re Bitlocker:

I believe that Microsoft ditched the diffuser for performance reasons. During Vista time, Ferguson explained why the diffuser was necessary, he talked from a position of a cryptographer – one who never knowingly accepts anything less than 100% secure.

But when engineers and programmers have their say, they just deal with “good enough”. When Win8 was in development, Snowden was unknown, 5-10% performance improvement by ditching the diffuser was tangible, nobody has demonstarted a real attack on AES-encrypted disk, and theory said that breaking it was Hard. So they took that belt away, leaving Bitlocker only with suspenders. I also bet that their corporate focus group did not care much about this at the time.

P.S. I don’t know if Win 10 has the diffuser returned or not, although according to http://mywindows8.org/how-to-choose-bitlocker-drive-encryption-method-and-cipher-strength-in-windows-10/ it has.

P.P.S. I am off to read the HN piece.

Thoth June 5, 2015 11:20 PM

@Nick P
Good to know Microsoft seems to be listening abit more and bringing back the diffuser. A good amount of ITSEC enterprises are using Bitlocker for their auditing compliance purposes in relations to data at rest security (some of my clients do that). They seem to be less concerned with backdoors in Bitlocker than just fulfilling data security compliance audit since audits are more problematic and the setup for their defense are not
to prevent Government entry but to prevent minor annoyances of script kiddies and the likes (includes the annoyances of auditors).

Figureitout June 6, 2015 12:25 AM

Thoth
–I mean realistically, so many things come into play developing a “HSM”, especially considering competitors which may not be strangers to individuals who could make some rather nasty targeted malware (maybe an “extension” or a “necessary update” w/ your toolchain…). So bugs in firmware, which no individual can rigously actually evaluate and trace the logic w/o maybe 1-2 years. That’s just firmware, now what about hardware issues causing software failure, what if even redesigns still don’t solve an issue? Is there a clear path to touch the gooey underside of the HSM from the factory/lab?

What’s a secure PIN? I’d do a hex keyboard or dip switch for an “electromechanical” way trying to force a physical attack only, got an arduino thing to base a rapid/quick/easy prototype off of. It takes some input, how’s that filtered to only take input from only the buttons and not get touched from the interface it uses to send off a signal of a legal login? Does this mean getting into Master/Slave protocol stuff (making it a permanent master and the receiver a permanent slave)?

If people don’t know what they’re talking about w/ crypto, that’s really sad they’d spread false info. Some personal places (staying vague for ID-ing reasons), I think budget cuts have a part to do w/ it, there’s some really shtty practices that I can just see so few people can only do so much they’re just like “fck it” and it looks really bad and weak…

if you put a process too complex
–This is the pessimism RobertT was getting at that our efforts will be in vain (I personally don’t care and will try anyway) and I can already see why he thinks that after just months at my job. We’ve made some huge jumps to some of these SoCs (there’s no other words, they’re simply complete systems w/in a small coin size, truly insane and they keep making it smaller and security industry needs to say NO! No smaller! It’s not innovation to make same thing smaller, or it’s boring innovation, not new components or discovered phenomena.) from some more truer embedded products. Being brutally honest like I usually am, there is simply NO WAY we (or anyone you hire, they will simply lie to you if they say they can) can truly evaluate the amount of things we need to to eliminate all known bugs passed down to us from chip designers and startup firmware, others sprouting from our logic and fun toolchain shenanigans to make me feel “assured”.

Doing everything over w/ an assurance-stance and not “hack it to make it work” would take too long and I don’t see anyone that has done it yet; you’re fighting known physics many times. Even OpenBSD has some nasty-ass hacks, every hardware chip will have some nasty ass hacks. I discovered something that seems to solve a problem much better than what I’ve been fearing I’d have to do (write a custom algorithm that hasn’t been done before) or even seemingly stopping an issue mentioned in datasheet (maybe, need more tests), it’s a nasty ass hack.

RE: lost syncronization
–Maybe, probably Clive Robinson injecting locking our clock sources w/ a resistor in his tea cup, that british c*nt. 🙂

Justin June 6, 2015 1:34 AM

@ HoweLong • June 5, 2015 5:23 PM

“How long until this squid post gets taken overwith by long winded many worded low content spam like the last did?

“WTF is going on on this blog anymore?

“Is this someones backchannel code comms system? SpamBot refinement tests?”

Last Friday, Bruce linked to some crazy psychopathic dude’s blog.

Petrov S June 6, 2015 2:06 AM

@Benni

You Germans need to just keep following that trail. Those selectors are all about industrial espionage. The US is very busy with Russia right now. And ISIS. Get them while they are distracted. Follow the money trail. Bastards say their gross European selectors list is about “terrorism”, when clearly it is all about industrial espionage.

@HoweLong

How long until this squid post gets taken overwith by long winded many worded low content spam like the last did?WTF is going on on this blog anymore?Is this someones backchannel code comms system? SpamBot refinement tests?

Hurts my thumb when I read in android skipping through all of his idiotic, insane ramblings. Spambot refinement test, or some idiot crazy blathering about lost in his/her paranoid delusions about russsian/chinese/american spies. Reads the comments fields and gets an episode from the brilliance.

@Nick P

Word of advice. Thomas Ptacek is just a troll.

Trollshame his sorry ass and ask for HNN to ban him, if he continues to cause you problems. Feed his narcissism, use it as a weapon against him. You will be successful. Compare your resume against his. What an idiot.

keiner June 6, 2015 2:19 AM

@Petrov

To be true: NOBODY cares in Germany about NSA etc. Even the NSU Nazi killings bother noone, but a little group of people still clear in mind.

The trruth is: Democracy goes, if nobody cares for it any longer. The so-called West is no longer a democracy. Neither the USA, nor Europe. Let’S face the truth.

Petrov S June 6, 2015 2:22 AM

@Justin

Last Friday, Bruce linked to some crazy psychopathic dude’s blog.

Same guy, I can tell. Same disordered thought process. Same lack of sourcing of his “material”. Just a regular crazy. Put on ignore.

Somehow, he worked those keys together in a sequence to actually find the reference to his site.

FYI, telltale clue: no advertisements adorning his site. One man soapbox. Most of these UFO/conspiracy theory/hate US sites are chock full of them as much of a porn site.

Ahem don’t, uhm, ask me how I know that.

And thank you, Justin, for your continued patriotism. It is good folks like you that keep lady liberty alive.

I am just a lurker here, but your strong defense against these enemies of the state did not escape my notice. If you ever want to work for government, just post here your email, and I will put you in touch with the right people.

Next? World domination! U.S.A!

Clive Robinson June 6, 2015 2:31 AM

@ Figureitout,

This is the pessimism RobertT was getting at that our efforts will be in vain (I personally don’t care and will try anyway) and I can already see why he thinks that after just months at my job.

There are only two ways to proceed on this issue, the first is “be like Alice” and follow the white rabbit down an endless hole where nothing is as it seems, or secondly “float your boat” and ride out the tempest.

If you look back you will see that both RobertT and myself were looking at the second method.

The reason for this is the “lesser flea” issue as you strive to gain security at any level you find you can not because of the “bubbling up” of layers below the one you are striving at, and you end up chasing the white rabbit downwards looking for the next “lesser flea and so ad infinitum”.

The English (not British) are supposadly a “seafaring nation” and one of the most belligerent English kings (Henry VIII) is sometimes credited with the first formation of what could be considered a modern Navy. What he realised was that security is fickle or ephemeral no matter how many castles you build on rocky mountains you will not get security with them. The wisdom of the time in continental europe was that a castle was a strong point from which your knights rode out from. Henry knew better he knew that the reality history had taught was they were fixed points in the wrong place that could either be ignored or “stoppered up” in a siege and be starved out.

However Henry realised that a mobile castle could attack from any direction and could not be laid siege to, importantly it could destroy a defenders supply line thus in effect lay siege to many rocky outcrop castles at the same time. Hence Henry made his castles easily manoverable by giving them foundations not on rock or shifting sands but on water.

Thus he solved many of the basic problems of castles by building war ships instead. His solution was not to chase the rabbit but mitigate the issues.

Thus both RobertT and I were looking at ways to mitigate the layers below, by what in part was seen by many as a discredited method “Security by Obscurity”.

The thing is most people “just repeat the mantra” not actually think about the issue. Obscurity is a very valid method of security you just have to understand how it works, why it works and thus how to avoid it’s limitations and play to it’s strengths.

I’m not going to say “don’t chase the white rabbit”, I’m saying “don’t follow it to far, for that only leads to madness”. The trick is to find the “sweet spot” where drilling down becomes less effective than mitigation.

As for the “Douglas Adams improbability generator”, who said it was a resistor for following Bob Brown’s motions?

Petrov S June 6, 2015 2:34 AM

@keiner

To be true: NOBODY cares in Germany about NSA etc. Even the NSU Nazi killings bother noone, but a little group of people still clear in mind.The trruth is: Democracy goes, if nobody cares for it any longer. The so-called West is no longer a democracy. Neither the USA, nor Europe. Let’S face the truth.

What is… NSU? Only German I have [anonymized] known [anonymized] a hacker with a wandering eye, and two hackers who did some cell phone work early on. One was dreadfully ugly. But incredibly brilliant. Short. Bulging eyes. [I am actually as good with names and faces as if I had a woman brain. But, anonymizing. And we did smoke pot together in las vegas. We were both speakers.]

The guy with the wandering eye, I am actually good friends with now for, like, fifteen years. (We hacked switzerland together for another country.) Crazy fuck, would take all sorts of bad risks.

I am not surprised about your stories about Germany. Me, I am pro-China. Mao was a true genius. That is the future. China. Not, uhm, Mexico or India, or anywhere. I am very deeply concerned that Belgium will not put more important resources on the nefarious NSA hacking they did clearly for industrial espionage.

This was not some massive counterintelligence raping of China behind it all.

No wonder they sic their rabid dog, North Korea, against the US….

No hope, no hope. MAD all over the place.

Petrov S June 6, 2015 2:39 AM

@keiner

Oh, I forgot. While not a german, the german police somehow came and arrested another friend of mine. Years ago. He ran a site and they were confused, they thought he “created” the “I love you” virus. (He hosted a proof of concept copy or something. Legitimate security site, very big at the time.)

Not sure about jurisdiction issues. He was luxembourg. But they put him up.

I was very impressed by BND capabilities ever since then. Geniuses. Incapable of manipulation.

CCC always has cutting edge stuff, but, again, not a woman, so faces and names not my strong suit. Spatial recognition is. I can pack and unpack trucks better then my gfs.

Curious June 6, 2015 3:48 AM

Windows 10 related, me being a PC gamer:

I think I understand that closed source software isn’t the most interesting to discuss for the lot of security professionals (too many unknowns I would think), but I wanted to write this anyway.

Being a mere gamer on PC, I recall being somewhat puzzled and probably a little unnerved when learning that the “Tech Preview” for ‘Windows 10’ previously, had an official keylogger in it. Iirc it was official in the sense of the keylogging capability being somehow mentioned in the end user agreement or something, or so what what I read.

Windows 10 is rumoured to be launched at the end of July this year, for PC, tablets and as I understand it, also for mobile phones. Windows 10 is said to come in a consumer’ish variant, and an ‘enterprise’ variant. The enterprise variant is touted to keep corporate data saved separately (unsure how this differes from Win7).

I can understand that any single keylogger from Microsoft might seem trivial, given how it is afaik all closed source, and how Microsoft can push updates on a whime to ones computer and/or possibly do stuff to the OS remotely, however this has me wondering, just how novel is this keylogger said to exist in the Tech Preview of Windows 10 (how does it work)?

Should I sort of expect the final Windows 10 to simply have a keylogger installed, or at least, expect that a tested keylogging feature can be injected into Windows 10 on a whim (if so, sounds to me as being a special vulnerability that others can make use of).

What I thought was interesting, was that, given how Windows now is to be used on multiple platforms, it would as I imagine be very convenient for governments around the world to spy on a Windows user on demand. I can also start imagining that spying on the pc user on his own machine might perhaps be convenient for pushing advertisement onto the user. I can also imagine how a keylogger could be used by the management of a corporation, to put employees under surveillance, maybe with special tools or with cooperation with Microsoft as some kind of security feature.

I just can’t wrap my mind around this keylogging feature mentioned with the Tech Preview, just how big of a security and privacy and personal privacy issue can this be?

I mean, would a keylogger in the final release of Windows 10, be a big deal for Microsoft, as if offering easy and unparalleled access to the activities of a PC user for law enforcement and government agencies, or was the keylogger in the tech preview just a small thing that say law enforcement and other government agencies could have put there themselves anyway?

At least, this in turn have me wondering if it matters just how a keylogger would work, can it run on its own, or would it be something special if it had to be integrated into how Windows work as a whole?

Curious June 6, 2015 4:09 AM

About Microsofts Bitlocker and a recent article from ‘The Intercept’ about it:

The Intercept seem to have paraphrased someone or some people at Microsoft in their article, and though I don’t know how accurate it is, I think what was written is really interesting if being true:

“Asked about instances in which Microsoft built methods to bypass its security and about backdoors generally, a company spokesperson told me that Microsoft doesn’t consider complying with legitimate legal requests backdoors.” (From the Bitlocker article)

https://firstlook.org/theintercept/2015/06/04/microsoft-disk-encryption

If this is true, as if being as true as any quotation, I think this makes it obvious that discussions about backdooring or there being “front doors” instead, are quickly becoming disingenuous, if not being so already.

What would be interesting for me to learn, is just how many different things can a company do to backdoor their own products, without it all depend on some simple password phrase to log into someones computer.

I guess the obvious ones might be: known bugs (known but undisclosed “zero day” bugs), hardcoded passphrases, software updates, secret functions/features, keylogging, and storage/recording of passphrases as a copy. Are there perhaps other other blatantly obvious things worth mentioning as well?

Thoth June 6, 2015 6:11 AM

@Figureitout, Clive Robinson, Nick P
I might want to add to what Clive said or maybe I am just parroting Clive, who knows. Instead of simply riding forward to charge an enemy line, you would first understand his formation and decide your plans to move fluidly (as per the Sun Tsu and Sun Bin classics). You dont attack the strong points but go for the weak gaps in the armour.

Similarly, you dont simply jump at a HSM design and figure something should be placed here or something to be added there. You get the business requirements and protection levels it needs and visualize it’s operating methods before you “ride out” and start building something.

There is a difference between “Just Enough” with the lower order being really “Just Enough And No More” efforts even when there is actually room to add something crucial. The higher order of “Just Enough” would be a complete protection profile for the particular category with the do-able rooms covered.

Now back to the Secure PIN entry requirement I laid out after observing a good amount of deployments I have made, we have to assume the user login the token via an ordinary laptop or desktop and a malware would have captured the PIN and abuse the token’s access rights and the user wouldn’t even know it unless the user specified a counter to count usage for the keys and audited them (highly unlikely in normal deployments). It is really about where you shift the risk and for now the risk resides at the user’s normal workstation when he/she keys in the PIN. There are occassions where softwares obsfucate or so-called encrypt the token’s PIN with their own “proprietary algorithm” and this is even worse. Much worse as the token would simply be sitting in the token slot in the HSM and the malware would have the entire time it needs to abuse the PIN.

What I would propose is every access would create a Job ID hash and the user has to walk to the HSM and tally the Job ID hash and authenticate in front of the HSM albeit the need to carry out Data Center clearance but now the risk is being shifted back to how secure the HSM can handle which is what it was built for.

You were asking about protecting Web Servers with HSMs. Those are very common scenarios for Corporate CAs or actual CAs themselves like GlobalSign, Verisign and so on. Their CA software requires HSMs for KMS functions.

The local banking and financial security in Singapore requires Financial Institutions by the MAS to encrypt banking and financial login data end-to-end and the usage of HSMs to perform hardware based end-to-end password encryption and checking have increased as well (another business and Government mandated use case).

I would agree HSMs aren’t so simple to develop. It needs a set of structure design and use case requirements including security requirements for specific protection profiles instead of charging in and make something.

Curious June 6, 2015 7:50 AM

I don’t know what to make of the following, but it looks important (from ‘TechSnap’ on Reddit):

“The Memory Sinkhole – Unleashing an x86 Design Flaw Allowing Universal Privilege”
https://www.mail-archive.com/misc@openbsd.org/msg138687.html

Didn’t find an explanation for this other than some discussion thread linked in the article above, but there seem to be an upcoming talk for this, for a “Blackhat USA 2015” conference at the start of August.

Benni June 6, 2015 8:27 AM

Now BND claims that now, “western allies are not anymore on BND’s target list”, but in 1968, US and France were ranked fourth on BND’s interest profile and later US, France and UK were even ranked second. Among them was information about trade negotiations (free trade agreement efta) or the US foreign minister…

http://www.spiegel.de/politik/deutschland/kanzleramt-beauftragte-bnd-mit-spionage-bei-verbuendeten-a-1037389.html

And because this is all over since a very very long time, BND monitored Hillary Clinton recently

http://www.spiegel.de/politik/deutschland/bnd-soll-us-aussenministerin-clinton-abgehoert-haben-a-986412.html

Martin June 6, 2015 9:30 AM

@ howelong

Well said, you’re exactly right. Too many long posts have diminished the interesting value of this site. Too many “repeat customers” grinding the same “old ax” over and over.

Clive Robinson June 6, 2015 9:57 AM

@ Curious,

I don’t know what to make of the following, but it looks important

It may be, but then again maybe not…

It’s perhaps not as widely known as it should be but the insides of iAx86 processors is a real nasty mess…

You have to consider a CPU in it’s many many constituent parts from logic gates upwards. A simple CPU consists of an ALU, register file, and several state machines controled by an overriding state machine that does “instruction decode”. Often the instruction decode is done at a couple or more levels with higher level code often called “microcode” being the closest to the user, in between that and the basic ROM state machines that do the actual logic line flipping is something called RTL for Register Transfer Language. RTL can be looked on as a kind of macro language for logic.

One reason for having lots of minimal functionality state machines is it makes various asspects of Pipelining easier and let’s them run in parallel. A simple state machine would be one that moves data from one of the register files to the output register for the address bus whilst also updating the contents of the register file by a simple increment or add/subtract of an offset for branching etc in the next phase of execution.

One of the problems and it’s a humungus elephant in the room is if such state machines are “turing compleat” or not or quasi compleate…

It has been shown that you can have a “single instruction turing compleate engine” with just a couple of register files. Such an instruction is common in memory control.

Somebody recently demostrated that the IaX86 MMU although not designed to be “turing compleate” can be made to be so.

The problem is this is several layers down the computing stack bellow the CPU, thus the CPU can not see it or any effects it might induce (think root kit that can only be detected by another CPU specifically looking at the actual CPU “signature”).

I’ve mentioned before that it can be proven that no CPU can actually prove it’s own reliability and freedom from rootkit type malware which is why several years ago I looked at ways to mitigate this sort of problem.

If you want to know a bit more you can search back on this blog and see the sometimes quite indepth conversations.

BoppingAround June 6, 2015 10:29 AM

Curious,

I can also start imagining that spying on the pc user on his own machine might perhaps
be convenient for pushing advertisement onto the user.

It seems to be in-place since 8.1: http://www.forbes.com/sites/roberthof/2013/07/02/microsoft-to-add-bing-ads-to-windows-8-1-search/

http://www.infoworld.com/article/2612837/microsoft-windows/windows-8-1-s–hero–ads—-brought-to-you-by-stealthy-snooping.html

In one line:

“We want to get advertisers one click closer to consumers,”

Clive Robinson June 6, 2015 10:32 AM

@ Curious,

I forgot to mention that these single instruction turing engines that appear due to the issues of cascading state machines etc have been given a –rather unscientiffic– name of “weird machines” you can look them up via google.

There is a paper you can read about the IaX86 MMU weird machine,

http://www.cs.dartmouth.edu/~sws/pubs/bbss13.pdf

keiner June 6, 2015 12:28 PM

@Petrov

http://www.spiegel.de/international/topic/national_socialist_underground/

NSU is a NAzi terror cell killing people all over Germany over YEARS withot beeing caught. Police did not find them, they had close ties to German secret service, in one murder (in Kassel) a secret service man was present at the site while the murder happend.

A telephone call by the boss of this agent was released (don’t aske me who had it. NSA?) where he said:”If somebody knows that something like this will happen: Don’t go there!”

Currently there is a trial going on in Munich against the only member of the group that has survived, three others died (shot and burned…), nobody kowns how many others were involved and what was the role of the secret service.

One of the most wierd stories ever. But I could tell you other from the Gladio/Stay-behind complex, also involving Mr. Juncker, now president of the EU commission, which had to leave the gouvernment in Luxembourg, due to his role in some of these investigations…

tyr June 6, 2015 12:48 PM

@Clive, Curious, Figureitout

Eduardo Cruz has a good talk (translated) on reverse engineering
at Rooted 2015 up on their Youtube channel.

The set of slides he’s using give you a good idea of the state
of modern CPUs. The amount of work he did to crack a relatively
simple encryption modified Z80 will show you the tip of the
iceberg. When they started to encapsulate mainframe methods in
a single package the chances of human verified sudits became
miniscule. But like society itself you have to trust something
or descend into paranoid madness.

sixlar June 6, 2015 12:53 PM

http://www.phoronix.com/scan.php?page=news_item&px=Intel-SKL-BXT-Firmware-Blobs
Intel’s upcoming Skylake and Broxton hardware will require some binary-only firmware blobs by the i915 DRM kernel graphics driver.

No reason to listen to what the BND/NSA/GHCQ or the goverments says about any of it, just use whatever is leaked as the only source and assume whatever the goverments release is to work against you.

On western democracy and TPP/Tisa/Whatever.
At what point do you think that you personally with a good job ( nothing extreme ) will be more free living in a poorer country where you can bribe yourself free from regular silly things. Or more free living in a first world country where the laws are arbitrarily enforced but your chances of getting away if targeted are a lot smaller?

“You can beat the charge but not the ride”.

I don’t want an answer, just think about it for yourself.

Meir June 6, 2015 1:41 PM

The 2014 underhanded c code contest results are in. And the winning entry is impressive. This contest just shows how well a clever programmer can hide a security flaw while maintaining plausible deniability. It seems obvious to me this must be happening in popular software (both open and closed source). It is unclear how we can combat such a threat. Normally the answer is code reviews but this is to supply only limited protection against a suffisticated attacker.

Justin June 6, 2015 2:21 PM

@ Petrov S • June 6, 2015 2:22 AM

I am just a lurker here, but your strong defense against these enemies of the state did not escape my notice. If you ever want to work for government, just post here your email, and I will put you in touch with the right people.Next? World domination! U.S.A!

Thank you for the kind regards. I am employed (part time) right now, and I have to tell you that there are issues from my past (mental health etc.) that would probably preclude my working for the government, but I’m not averse to being contacted, and I certainly don’t have any personal reservations about working for government. Feel free to contact me at jnl9868@gmail.com.

People who aren’t happy with what the government does should instead feel free to take it up directly with their elected officials.

Justin June 6, 2015 4:28 PM

The fact that TSA has a blog, just my opinion, but it’s way too heavy on the P.R. and theater. If only we could focus on actual threats and actual security issues based on actual intelligence, and travelers’ dignity and rights, rather than all this fluff, hassle, and ado.

65535 June 6, 2015 5:20 PM

From the previous thread

Here is the purported photo that allowed US AF targeting of an ISIS “HQ”

[picture of generator shed beside a road sign with grinning Jihad and not much else.]

Added: 2 days ago
By: ebolism
In: Syria, WTF
Tags: Terrorist, moron, reveals, ISIS HQ, online, ISIS selfie, U.S. Air Force, IS selfie, ISIL, PHOTO, BOOM!, terror, targets,
Location: Kobane, Aleppo Governorate, Syria (load item map)

http://www.liveleak.com/view?i=ecb_1433433911

Experts in photo EXIF files take a look at the geo-map and tell me if the photo is the correct location.

Justin June 6, 2015 6:51 PM

@65535

I’m certainly no expert, but as far as I can tell, the photo you linked doesn’t have any location data in the EXIF. Various utilites let you see this information. See this.

Markus Ottela June 6, 2015 6:53 PM

@Bruce Schneier:

Finally got the Data and Goliath from my local library. Can’t wait to open it tomorrow!

65535 June 6, 2015 8:17 PM

@ Justin

I was searching through reddit and the original photo link was removed [possibly to remove any clues]. Liveleak had the photo image and a link to the google map.

Does the coordinates correlate to the google map? You can click on “load item map” to see the location – which may be correct [See previous link].

At N36.88774 E38.35082 I get a place in Kobane, Syria but I am unable to determine if it has been bombed.

Bruce may be right. The story may not be accurate.

Justin June 6, 2015 9:25 PM

@ 65535

Those coordinates would be right in the center of town, according to Google Maps. So a lot of collateral damage if that were in fact the place bombed. Probably not likely. Also the photo shows an open field extending for a ways (just to the left of the guy’s head. That is inconsistent with the center of town. My theory is that those coordinates are just generic coordinates for the generic location “Kobane” which somebody at the news agency tagged.

There is a place right on the outskirts of town that looks like it might be bombed out at N 36.893310, E 38.369011, unless it’s a quarry or something; I can’t really tell, but some trees look like they suffered a blast. Only a guess on my part, and again, I’m no expert, so take it for what it’s worth.

cheesey mouse June 7, 2015 2:14 AM

@ 65535, Justin

At the risk of being called a troll, I must ask, bit reckless to bomb a building based on a selfie on FB or off the wire? Knowing that metadata could’ve been manipulated at start, en route, and post arrival? It’s bad journalism.

@ Clive
Re:
“Thus he solved many of the basic problems of castles by building war ships instead. His solution was not to chase the rabbit but mitigate the issues.”

Not sure if this was part of your analogy, but by then placed his fate at the mercy of sea an unpredictable terrain. The castle and rock is also more comfy and better fed. 😀

bouncing gorilla June 7, 2015 2:53 AM

@ howelong

I doubt it. Most likely just spam. The posts I agree are long and miss the key points, on purpose or not, dont care. They are easy to spot because I read MSM on a daily basis.

name.withheld.for.obvious.reasons June 7, 2015 4:54 AM

During a house committee hearing, the Homeland Security Committee, held this week in Washington D.C., had the deputy director of the FBI Counter-terrorism division disparaging, indirectly, companies like apple as their products made it difficult for their purposes. Not only did the FBI deputy director of CT incriminate encryption, not the people passing secured messages, but they were frustrated by “technology”. Seems the government wants it both ways, employ the tools of technology to suit their purposes but deny others from accessing technology as it is a threat. This suggests that the government’s strategy is completely ineffectual. The same process of organizational communications can be achieved with carrier pigeon, courier, pagers, and smoke signals.

The effort now is directed at a new CALEA, this is what the deputy director suggested congress take up. The suggestion that CALEA be updated was accompanied by the improper characterization of the environment and the issues before the nation. That there needs to be a front door provided by CALEA for the LEA’s. This is more about the department, its objectives, and not the charter of the U.S. citizenry. It is obvious from the hearing that congressional members and the departments charged with CT are fearful, to the point of hysterical, about the possibility that some, or any, “technological” advantage could be had by anyone but themselves…this is the core of the problem.

When government departments’ see their role as greater than the whole, we have lost. The people that are clamoring the loudest about THEIR issue fail to understand the direct and indirect costs–their pay checks come from an activity that feeds no one. The expansion of the surveillance state reduces total resources that include education, training, community outreach, and solutions-based approaches. Instead, the symptomatic response is consider the answer, solution, and drives the actions and energy dedicated to addressing the perceived threat(s).

Side Note:
Based on the activity I have witnessed only, companies that may provide messaging services are monitoring their own customers (mapping and probing) and others that are on-line. I can assume they’re fingerprinting hardware, probing and scanning for services, and analyzing the customer’s system(s). There are probes that include windowed, various TTL’s, payload/data sizes, flags, and other IP packet variances. Some of these probes are aggressive whilst others are stealth. The variation in packet port, flags, types, and parameters is sufficient to perform some vulnerability (undiscovered) scanning.

65535 June 7, 2015 9:00 AM

@ Justin

I looked at your coordinates and they are logical because a lot of fighting occurred on the north part of the city towards the boarder. But, the map resolution is not good enough to determine if that is the site.

I looked at the southern part of the city which is sparsely populated – it was one of the first hits on google earth which indicated a road called Termik east of the Koane Aleppo Way. But, again the resolution is not accurate enough to determine a fresh bombing [N 36° 53′ 2.6065″ E 38° 20′ 54.0876″ a suburb of Kobane].

When zooming in on the original coordinates google just shows the center of Kobane and is of little help. There has been an extensive battle in that area – including US air attacks. It is hard to tell if the damage is new or old.

https://en.wikipedia.org/wiki/Siege_of_Koban%C3%AE

[or]

https://en.wikipedia.org/wiki/Siege_of_Koban%C3%AA

@ cheesey mouse

“I must ask, bit reckless to bomb a building based on a selfie on FB or off the wire?”

I would think so. 22 hours after the posting of the jihad photo, kids could have been in the area and hit.

Squidfree June 7, 2015 9:34 AM

Off-squidic : is PgpDisk (old) still secure ?

For reasons which do not quite belong here, I’ve
been pushed lately to interest myself in
the old open-source “ckt” version of Pgp 6.5.8 for MS-Windows, especially its local storage encryption component, PgpDisk.

Praytell whether Pgpdisk is still deemed safe/secure (in 2015 on Windows XP, as it goes) ?

Searching back did not reveal reported weaknesses or vulnerabilities, but, this piece of software is rather old & abandoned, and my search might’ve missed bad things.

Humbly asking for comments from the highly knowledgeable troop at Schneier’s den

MS win 10 and 7 keylogger June 7, 2015 10:53 AM

@curious

MS pushed the keylogger to WIN 7 thru auto update. But you can remove it rather easy. NOTE: On WIN 10, disable it and several functions stop such as Cortana, search, find..etc

https://support.microsoft.com/en-us/kb/3022345

Thats the win 7 update, you can uninstall, and hide. But please see that it is actually been gone.

http://thepcwhisperer.blogspot.com/2014/10/microsofts-windows-10-preview-has-built.html

Above is list how to be removing. Should do both above.

Finally, it should be noted that certain auto windows updaters such as DISM and KUC will IGNORE WIN 7 hidden updates and install them anyway!!!

Clive Robinson June 7, 2015 11:47 AM

@ Name.Witheld…,

During a house committee hearing, the Homeland Security Committee, held this week in Washington D.C., had the deputy director of the FBI Counter-terrorism division disparaging, ndirectly, companies like apple as their products made it difficult for their purposes.

Yes I posted a link to a story on this on another thread earlier this week.

My take on it is the FBI are at best being lazy and inefficient, and thus effectivly not telling the truth to those who hold the purse strings. At worst they are empire building in an exceedingly dangerous way for US citizens.

It’s been known since WWII that more information is obtained long term from traffic analysis than via breaking encryption. Further traffic analysis shows up all sorts of information under anslyais that you don’t get from just the message contents, which also could be meaningles to the FBI with or without encryption being used.

Further, encryption at various levels has been used by criminals for hundreds of years, it’s seldom stopped the authorities investigating them and in the past couple of centuries prosecuting and imprisoning them rather than just “shoot on sight” (which the US appears to be going back to if the international news is to be believed).

There is also the other issue, a lack of strong encryption would not just make the FBI more lazy, it would cause a significant increase in on line crimes, way beyond that, that the likes of the FBI could ever hope to deal with.

Also the likes of the Mafia and other crime syndicates don’t realy have a need for encryption, they are well practiced in other arts of fieldcraft. Such skills would only increase and thus a ban on encryption would realy make the FBI’s job considerably harder not easier…

So my guess is it’s an excercise in malicious empire building, by deliberately misleading elected representatives to gain pecuniary advantage –what you and I would call fraud– which one way or another is bordering on malfeasance in public office.

Figureitout June 7, 2015 12:59 PM

Clive Robinson
–Point taken, haven’t found my “sweet spot” yet though. Agree on “security by obscurity”, just another mindless sound bite people say w/o thinking about actual work to reverse it (and how it can be a trap for spotting those trying).

Thoth
–I don’t ever advocate “just riding out” like Leeeeroy Jenkins and building something w/ no thought. I just like to keep designs “close to reality” by seeing how it can/will be done IRL.

RE: secure PIN
–Yeah, that’s a huge risk on the input though. Like some kind of ethernet connection via an internet-connected laptop? Keylogger would get that PIN right? Yikes, I meant much smaller and less “connected” personally; I just was unsure where/how to store where to do comparison of correct PIN and to “bottleneck” the PC to only login (it’d turn on w/ reviewed startup code (would need some “debounce” and LCD init functions unless just a dip-switch, which is kinda annoying) and halt on PIN input; then initialize what else the chip has or user wants). Integrating some crypto in that would be nice.

And I didn’t ask about webserver HSM’s lol, just that I wouldn’t want to be in charge securing it and looking thru giant logs of crap (assuming logs aren’t tampered w/; which is a bad assumption). Partly why I haven’t set up a server yet, b/c I know it’d be hacked w/in days like a new internet connection/modem was and my smartphone received an update w/in a day and then started getting it’s clock screwed up, and sensors malfunctioning, and get spam text messages.

tyr RE: Cruz talk
–Just listened, was good. Impressive, wish he did it in english lol, but the translator did ok. That’s about as good as it’d get for a personal machine for me, some sort of integrated crypto on a small micro and lots of obfuscations (which he got into but ultimately succeeded in reversing the programming protocol).

https://www.youtube.com/watch?v=OSI2161Z_L0

Clive Robinson June 7, 2015 1:03 PM

@ 65535, justin,

Take a look at the photo again, we know the camera was pointing in roughly a north direction. And that there is a lot of flat barren land befor any signs of buildings in the distance. Which a glance at a map of the area would enable you to easily establish an artificial horizon to take a sextant type measurment. Which a yachtsman or surveyor could tell you exactly how to use.

We also see a post with a shadow, which is acting like a sundial, you don’t need to know the actual lengths just the ratio between the hight of the sign and it’s shadow. Knowing the aproximate lat and long of the town you can calculate not just the time of day but get a more accurate fix on the direction of the camera by interpolation. This will with carefull measurment give you a position circle to within 500m or so. To make life a bit easier there is an overhead cable above, with care the direction it’s running in can be calculated giving you two bearings, a reasonable guess on the direction of the road can give you a third and basic triangulation will give a “cocked hat” for the location

A simple map or google earth will enable you to look quickly for the rather odd building and it’s adjacent building in or close to that cocked hat.

As most of us don’t have photo recon / interpretation tools it will take us a while to get the bearings and sun hight etc. However those doing the looking would have the tools and experiance so could have had a location within 20mins to an hour tops.

So you don’t need the exif data with this particular photo.

Ryan June 7, 2015 3:41 PM

I want to talk about the squid.

Why would a squid attack a wooden ship? I would think they wouldn’t need the fiber.

65535 June 7, 2015 4:15 PM

@ Clive Robinson

I tried looking for the odd building but the resolution is not good enough. I tried to looking for the power cables – again the resolution doesn’t show that level of detail.

Further, a number of buildings are concrete skeletons which I assume is from battle damage during mid 2014 to early 2015. My eyes glazed over after an hour of searching. Give it a go yourself.

Justin June 7, 2015 5:30 PM

Maybe still on topic of “security” 😉 How did these two guys manage to escape from a maximum-security prison in New York?

http://www.usatoday.com/story/news/nation/2015/06/07/cuomo-inmates-heard-escape-effort/28642109/

http://www.cnn.com/2015/06/07/us/new-york-escapees/

They were apparently accounted for Friday night and gone Saturday morning, but they must have taken days to cut their way through steel walls and pipes with power tools, and people must have heard them. But all the contractors’ tools were accounted for. The stuffed dummies they left in their cells supposedly fooled the guards when they did their rounds. It doesn’t really seem to add up unless they had inside help, but of course no one’s admitting a thing.

My suspicion is that those Mexican criminal cartels may have infiltrated the prison-industrial complex in the U.S.

Stefan June 7, 2015 5:48 PM

@Justin
“Maybe still on topic of “security” 😉 How did these two guys manage to escape from a maximum-security prison in New York?”

Just as you are saying, IMHO most likely they were helped by someone inside.

TheGuildsman June 7, 2015 8:34 PM

@65535

I think I may have found it at : 36.874408, 38.372927

Since it’s a “Welcome to Kobane” sign it should be on the right side of a road entering the town, probably not too far from the town. The sign would be quite close to the roadway.

The building behind him appears to be set back from the road. It appears that the 2nd floor has been destroyed so only some main posts remain. There is another building to the right of this building.

There aren’t that many “main” roads going into Kobane. So I scanned the right side of the roads and found a bombed out building that looks like it on the road from Ghasaniyeh.

What do you think?

Godel June 7, 2015 8:49 PM

@ Justin re breakout, from your first link.

“David Sweat, 34, was serving a sentence of life without parole for the 2002 killing of a sheriff’s deputy. Richard Matt, 48, had been sentenced to 25 years to life for kidnapping, killing and dismembering his former boss in 1997.”

Funny, it doesn’t sound Mexican drug related. I wonder where they got the money to implement it?

Scott Arciszewski June 7, 2015 10:14 PM

Does anyone have any great cryptography and/or application security learning resources they recommend? I’m putting together a list on Github (link is my name) with help from the rest of the community.

Justin June 7, 2015 11:52 PM

@ TheGuildsman

You must be absolutely right, regarding where the photo was taken. That building with the tall spikes is unmistakably the same building when you look close. The buildings nearby (partially obscured by the sign in the photo) fit, too. And it does look like a smallish building was bombed out across the street from where the guy was standing. (But surely that wouldn’t have taken three munitions??)

One would think that’s just a generic photo shoot opportunity, by a “Welcome to Kobane” sign, on a road coming into Kobane. EXIF or no, by itself it would seem to have zero intelligence value regarding the location of any ISIL headquarters, unless the U.S. had no idea at all they were in Kobane. Any intelligence would have to have been gleaned from the text or caption posted with that photo on whatever social media site it was posted to.

I suppose they probably did have at least a roadblock there that was bombed; who knows? it might be a bit of an exaggeration to call it an ISIL “headquarters”. But I do admit that the fact that the man had time to stand around and take a picture of himself was a giveaway that they likely had a position there, and that’s where the real intelligence would have come in.

@ Godel

Richard Matt apparently does have a “Mexico Forever” tattoo on his back, and “kidnapping, killing and dismembering his former boss” is consistent the M.O. of those Mexican cartels. I don’t know; maybe we are getting cartels like that here in the U.S. I would guess in any event that these men were deeply involved in serious organized crime while in prison in order to gain the cooperation and resources they needed to escape.

Bryan June 8, 2015 1:34 AM

@ Clive, 65535
“So you don’t need the exif data with this particular”

Looking at the image alone, what makes one conclude this building is IS HQ?

Its got Arabic markings, kobane confined, and the FB poster said so, so this must be it, right…? A bulk of guess work was obviously done beyond what could be concluded from the selfie or I haven’t read the whole new article.

@ Justin
Re: the mob

That’s the thing. The unscrupulous insider.

The mob has no nationality and is entirely self serving. History has shown that governments may use the mob as an extension of LE. As all things are relative, the mob can also exploit LE by infiltration or bribery.

It remains to be seen how best to maintain a level of integrity required of individuals. It erodes with every generation.

Clive Robinson June 8, 2015 1:43 AM

@ tyr,

Thanks for that, I think the rule about children should be tattooed on their foreheads so parents can read it, a bit like pausing “to count to ten” but a little more instructive 😉

@ 65535,

I could have a hunt around, but to be honest it’s not something that is going to get me anything other than a point on a map. I very much doubt there are currently photographs of the bombed out site up on the web, otherwise others would have posted them by now and they would be in search engines caches and you would have found them.

Ryan,

Giant / Colosal squid don’t have much in the way of predators and tend to be deep water denizens.

Thus you have to ask the question “what brings them to the surface”. Whilst modern fishing vessels do have deep water nets that do go down to the upper range of the depths where these squid might be found older wooden vessels would not.

Therefore something else such as a whale or other squid who do act as predators might have attacked and in the process of escaping come towards the surface and being in the equivalent of “fight or flight” mode seen a wooden vessel as a predator and just attacked. Thus the vessels it would most likely have been would be Whalers, and it might be a case that the sailors did attack the squid with harpoons etc as it came close to the surface thinking it was a whale or a sea devil of some kind…

That said we know that even quite small cephalapods are as inteligent and curious as cats, there is no reason to suppose that the giant and colossal squid are any different. Thus like dolphins they may be just currious and playfull rather than attacking. This appears to be born out by a racing yacht, which had a giant squid attach it’s self to the rudder. The skipper brought the yacht to a stop at which point the squid apparently lost interest and left.

Thus whilst the legion of old stories of Kraken attacks are many the actual number of credible reports of actuall attacks is close to zero, which kind of puts them in the same category as “preditory wolf attacks” in the west.

Clive Robinson June 8, 2015 2:47 AM

@ Bryan,

Looking at the image alone, what makes one conclude this building is IS HQ?

With regard to the building I was not interested in determining “what it is” only “where it is” which is the same information you might have got from the photo meta data if it was present.

And it looks like @TheGuildsman may well have found the location, proving the point that the actual image contains sufficient information to do so.

As for it being the local HQ, on the assumption it is a military post of some kind, it depends on several things. Firstly the type of HQ, for instance a company HQ can and has at times been just a convenient “hole in the ground” which would also apply to any CP. Secondly the type of traffic it attracts via footfall, tyre tracks, and other communications would give some indication to how high it is in the command chain. As would how and by whom it is guarded. Such information would be partialy or fully visable to simple photo recon. Further more advanced recon using IR would give an indication of energy used and radiated by heat, and presumably some of these — supposed– “Find, Fix and Finish” tools for radio equipment fitted to drones.

But what if the assumption is wrong and he was “just bigging it up” for ego etc, then would the above recon techniques jibe or not with what he says?

That’s the job of an analyst to decide based –I’m assuming– on further information they have aquired by recon which we are not privy to.

If you are asking is it possible to tell the difference between different levels of military post, the answer is a limited yes based on what is known of the enemy procceadures and habits, which with irregular forces may vary significantly from place to place and group to group. So whilst photographic recon identifiers will give strong evidence of military occupation with irregular forces it will give only weak evidence as to specific function.

As for it being civilian only occupation the absence of certain identifiers and addition of other identifiers in photo recon usually gives reasonable confidence even when the enemy are irregular forces.

The big problem for analysts is mixed civilian and military occupation. With irregular troops they will often encamp in an existing civilian habitation by force or invitation, such billiting just like impromptu prison camps cause analysts problems and always have done. Which is why they tend to rely more on non photo recon for deciding, which as has been demonstrated in the past leads to problems when the enemy forces avail themselves of deception tactics. The level of deception possible is usualy related to the fluidity of action, thus the more fluid the movment of forces the less deception is generaly possible. As was once remarked in a lecture “It’s not easy to convince the enemy a tank is just a bush when it’s traveling at 40Kph across rough open ground”.

Winter June 8, 2015 5:17 AM

Call me naive, but I had not yet anticipated this:

With a series of major hacks, China builds a database on Americans
http://www.washingtonpost.com/world/national-security/in-a-series-of-hacks-china-appears-to-building-a-database-on-americans/2015/06/05/d2af51fa-0ba3-11e5-95fd-d580f1c5d44e_story.html

It sounds logical. And I think the IC in major countries are already hard at work to make databases of every human being (that is online or has a phone number).

But it also brings home the message of Bruce: Every backdoor and insecurity will be available to all.

Because the NSA et al do not want to secure the internet, the Chinese can spy on USA citizens.

Thoth June 8, 2015 7:59 AM

Higher GUI Assurance with ARM Trusted Path

About:
Making use of ARM’s TrustZone for Trusted Path have already been known, researched and deployed in the wild. While the use of Trusted Path[1] and TrustZone have been implemented and are mandatory in critical sensitive systems to be executed on mobile devices with ARM chipset on-board, there are still particular problems with phishing attacks[2].

To bring the TrustZone into it’s fullest capacity, I would propose a few additional features on top of the Trusted Path setup to better cope with phishing attacks on mobile devices.

Disclaimer:
The features to be introduced and to be solved is not in relations to extremely high assurance as it does not touch the physical electronics level and assumes complete trust on the ARM chip’s implementation of the ARM TrustZone and the Trusted Path within the TEE environment of ARM’s TrustZone. For higher mobile computing assurances that would sweep away HSA type attacks, this will not work. The protection level of this method is up to MSA type attacks.

Problem:
Even when a critical application have been ported over into the TEE environment of the ARM TrustZone, users can still be tricked into spilling their login credentials by rather simple spear-phishing attacks. From the article[2] , it is clear that a bogus login portal that looks extremely similar to a legitimate application would be more than enough to trick unknowing users into logging in with their actual credentials which at the point, these credentials would have been compromised. It would not be surprising that users might take a while to realize that their credentials have been compromised and by then damage might have been done.

Proposals to outline application windows in red (untrusted zone) or green (trusted zone) borders are one of the ways to differentiate between trusted applications or not. Swapping between trusted world and untrusted world meant that you can only view a single world at a time and thus limits productivity (but improves security). Full screen applications are another headache to manage as outlining the full screen application with a colour code would look rather unsightly despite a necessity to colour code the level of trust per application.

Suggestion:
To improve the look and feel of the application window (without needing a ring of colour code), TEE environments would require that a fix portion of the window’s title bar have a colour coded lock icon representing the level of trust in the TEE world. This lock icon would be part of the trusted client segment of every application so that the untrusted codebase would not be able to spoof the lock icon or overlay it with a fake icon. No additional icons could be rendered above the lock icon in a strict sense unless it is an overlaying window. The lock icon must be fully controlled by the TEE environment and not by the client codes. When a signed codebase is introduced to the TEE environment, the single codebase would be given a certain level of trust level (indicated by the lock icon) which the trusted portion of the client code does not have the power to manipulate except for the root trusted zone in the TEE environment.

To add to the assurance of identifying trust levels of applications, the Process/Resource Manager of a mobile device should be given a place in the TEE environment or in some cases a third non-interactive profile called Process World. The Process World should be run as a slave to the root trusted zone so that no codebase (not even trusted codebase except the root trust) is capable of modifying the processes in the Process World. All the processes and resource list inside the Process World can then be safely marked according to their trust levels.

Whenever a user decides to check the Process / Resource list, they will be brought into a limited viewing window of all the processes and resources and their trust levels by swapping into the Process World in a limited view point. Users can issue terminate commands to processes that misbehave from this level of trust and have it take effect.

In short, a user with a trusted lock icon can use it as a first level of verification of trust and swapping into a limited Process World as the second layer of verification of trust of running applications.

Links:
[1] http://www.liwenhaosuper.com/blog/wp-content/uploads/2014/06/trust-ui.pdf
[2] http://arstechnica.com/security/2015/06/evil-wifi-captive-portal-could-fool-users-into-giving-up-apple-pay-data/

Stefan June 8, 2015 8:20 AM

Re: Microsoft and backdoors and the like…although, considering the URL to the “Underhanded C” contest that Clive Robinson posted above, I am not sure if just having “a look” (what-ever that may mean exactly) at the MS source code will be sufficient…

Microsoft opens site to let governments check out its source code
http://www.zdnet.com/article/no-back-doors-here-microsoft-opens-site-to-let-governments-check-out-its-source-code/

Microsoft has opened a Transparency Center in the Belgian capital, offering European governments a look at its source code.

The center, opened in Brussels last week, will “enable governments to review and assess the source code of Microsoft products and to access important security information in a secure environment,” Microsoft said.

The center is the second such facility the company has built – the first was opened in Redmond last year – and will be open to governments that have signed up to the company’s Government Security Program, which lets officials take a look at technical documentation, get Microsoft’s intelligence data including details on future patches, and get more details on its cloud services.

However, the chief attraction for governments is likely to be the offer to check out the source code for a number of enterprise products and run their own analysis against it to, as Microsoft says, “help reassure customers that Microsoft products do not contain any hidden ‘back doors’.”

Winter June 8, 2015 8:42 AM

@Stefan
“However, the chief attraction for governments is likely to be the offer to check out the source code for a number of enterprise products and run their own analysis against it to, as Microsoft says, “help reassure customers that Microsoft products do not contain any hidden ‘back doors’.” ”

I do not understand the value of this.

Why should the binary delivered by MS correspond to the source you see? Certainly, the security people of these governments know that?

BoppingAround June 8, 2015 9:29 AM

Winter,
PR stunt then?
Besides, how large are the sources and is it even possible to analyse it in reasonable time?

Curious June 8, 2015 9:30 AM

@Stefan

I read about that on Slashdot the other day, and I think simply reviewing some piece of code outside ones own computer is a joke, auditing wise. Not only because I do not trust Microsoft to care about my privacy and security, but also because I do not trust any European (or other) government with my privacy and security needs.

I mean, the only interesting thing, as I see it with my limited tech knowledge, is to at least be able to always audit, or perhaps more importantly as I can’t audit code myself, to oversee and control the workings on the software on my computer in a meaningful way, the stuff running on ones own computer. With Microsoft basicly being a US entity, that is concerning as well, being a European.

As I said earlier at some point, I feel like I don’t even own my own computer, running Windows on it. More dramatically, it is as if Microsoft has a big grabby hand on my entire PC, and I don’t like it. Sigh, I want directx 12 though, so im up for Windows 10. 😐

David Hawthorne June 8, 2015 10:28 AM

@’Microsoft letting governments see source and perform analysis on it’

Hi, I have audited systems for major US corporations and the US Government.

Typically, when MS gives countries access to source code, it is permanent. So, they can months, even years to look at it. This “look see” part of the story, I do not understand. Never heard of that before. In previous years, MS has sent source code to US, Russia, and China. Probably some other nations.

All MS code has been sent to the NSA and is sent, on a regular basis, as DoD buys a lot of MS products and it is NSA’s domain to analyze for security issues. I am not sure if MS has similar arrangements as close with other nations, but likely so. It is a very reasonable request. You want that country’s government as your buyer, let us have access to your source code.

Checking binaries to source is a good question, but that is part of the auditing process, anywhere. Problems can happen when source code is updated, as I am pointing out. There could also be an issue with not receiving the entire source code. With cloud based systems and web applications, when the binaries are not able to be inspected, how can anyone know. If the system is given complete admin access for “all the time”, then they can know. If only for a “look see”, obviously not.

The other major problem is performing the audit. Massive source code does mean a massive audit. A surprisingly huge amount of source code can be audited today in a surprisingly short period of time. But absolutely ensuring every potentially vulnerable api is perfectly validated from every stream of data coming possibly from the user requires enormous effort and expertise. Further, many areas which may have security issues may not be found by modern source code analysis systems. This is why, for instance, even Microsoft continues to have critical vulnerabilities found in their products. Despite their very large security teams, large consultancy budget, and surely the very many bugs the countries auditing the code send to them.

However, it very well could be MS is unaware that they are compromised. The NSA does not have much reason to specifically work with them directly on such a sensitive matter. They could, but that would be horrible tradecraft. (Something they have shown to practice in the past.) It is not at all difficult for a nation state of the sizes of US, China, Russia, and plenty of others to get a mole developer somewhere functional into the company. It is also not difficult for them to find security vulnerabilities with source code access, and simply hold on to them, while reporting far more minor issues.

I could definitely see China or Russia reporting nothing, with no need for explanation. While NSA probably provides some vulnerability reporting to pretend they are on the up and up. (I have no idea if they are not. They very well could report everything.)

Unfortunately, no manner of accurate details matter, post-Snowden. But, the real clincher for a nation is: is the US really and truly on my threat landscape? Will Belgium discover the US stole trade secrets from their corporations? Did the US probe in areas of their nation which indicate potential malicious purpose?

A lot of the nation state hacking going on, contrary to popular misconception, and even misconception in security circles is simply about watching data. Russia hacks energy infrastructure, for instance, because their economy is deeply tied up in energy. China hacks financials, to ensure they are not going to get defrauded or screwed by just relying on US news sources. America wants to know the specifics about what major players they have investments with are really thinking.

It is diplomatically dangerous work, to be sure, with significant potential for blowback. But, they all engage in it.

tyr June 8, 2015 5:09 PM

I’d say that Microsoft is feeling the bite of the
misguided IC attempts to wreck everything. Their
business is directly impacted if the world decides
to avoid them because they are perceived as a tool
of NSA.

rms has been quite specific on the subject of MS
trustworthiness, so the tech community has had the
information about them for years. Microsoft is not
your friend, their products may be marginally
useful but their entire history is of selling you
broken stuff which the next upgrade will fix.
it has been successful as a business model but
set the course of computer use back decades.

I heard an instructor at Intel say that a decisive
test of microprocessor function was impossible,
in 1976 when the state of the art was an 8080.
( I. E. no one has solved the Halting Problem).

So understand that this opening of their source is
to make others feel that they can be trusted and
that way sales will continue. A nice token to play
with emotions. On the bright side maybe someone
will fix some of their broken code and we’ll all
be better off for it.

Clive Robinson June 8, 2015 5:41 PM

@ tyr,

I heard an instructor at Intel say that a decisive test of microprocessor function was impossible, n 1976 when the state of the art was an 8080( I. E. no one has solved the Halting Problem).

They were correct, solving the halting problem is not possible under our current understanding via mathmatics, the implication would be that there could be no infinite sequences thus numbers.

But what that instructor may not have realised that long ago is that the halting problem has an implication for security. You can with a little thought show that the halting problem is also talking about security. You can only demonstrate 100% security in a non trivial system if you can solve the halting problem.

Thus whilst 100% is not possible getting to some point that is close is not impossible, however the “law of diminishing returns” applies, in that the closer you bring that point to 100% the more rapidly the cost rises.

Thus you have to make reasonable trade offs. One way is to mitigate an insecure system by looking for abnormal behaviour with another more secure system. The less frequently you check the insecure system the higher the probability that it is nolonger performing it’s asigned task normally. Thus you have a probabalistic mitigation to insecurity, the choice is yours as to how much monitoring you apply and thus it’s cost.

Needling June 8, 2015 5:51 PM

@Benni, Yes because they can. Pop Quiz: Who said this about the humiliating subjection of the Western bloc satellite states?

“It’s hard to speak with people who whisper at home, afraid of US surveillance.”

“Many Western countries have voluntarily relinquished a large part of their sovereignty. That is, among other things, the result of bloc policy. It’s sometimes really difficult to negotiate with them on geopolitical issues,” he said.

“It’s difficult to talk to people who whisper even at home, afraid of Americans eavesdropping on them. It’s not a figure of speech, not a joke, I’m serious.”

(ɥɔıןɹǝnʇɐu uıʇnd)

Clive Robinson June 8, 2015 6:38 PM

@ Benni,

judging from this photo (and they probably talk about NSA there, since it is by far the only topic where Merkel would get that angry and Obama only smiling)

Err there is something else that rubs “mummy” up the wrong way, that’s incompetency due to idleness.

Mummy has a very solid technical and scientific background and works extraordinarily hard, it’s fairly clear she thinks Pres BO is a lightweight who’s only talent is sophistry. And thus she considers him to be incompetent by dint of being idle, and without charecter or substance. It’s something that a lot of Europeans have noted about Pres BO, he talks a good game but lounges on the benches letting others do the work and deciding the plays, thus he is the worst of team players, that has to be carried by the rest of the team.

SoWhatDidYouExpect June 8, 2015 7:13 PM

It has been noted, by Bruce and others, that TSA brings little to the table with regard to security, except a PR team and arrogance.

Now, more than ever, it has been proven (from SlashDot):

TSA Fails To Find Links To Terrorism of Airport Workers

http://yro.slashdot.org/story/15/06/08/2145219/tsa-fails-to-find-links-to-terrorism-of-airport-workers

The feuding agencies are still failing to talk to each other when it comes to our safety. Start with the top person of each and tell them their replacements WILL DO BETTER.

65535 June 8, 2015 7:22 PM

@ TheGuildsman

Good going. That looks like it.

I thought it was on the south side of the city so I checked Termik road around that latitude just to the west – nothing. Then I gave up.

The question now is the damage new?

Commandante Grupopolvo June 8, 2015 8:15 PM

More Boston death-squad action (did Aaron McFarlane kill this one too?) with secret charges evidently based on unlawful surveillance, https://privacysos.org/node/1752

The murder victim’s trial by media is underway with McFarlanesque fantasy leaks (Todashev had a sword, then a table, then a chair, then a stick, then his fists of fury; this one brandished a, a knife… where do they go from here, ‘no, he really had a big stick of gum?’)

The fusion center is trying not to look like idiots. They scared some exurban goobers who ran around screaming, ISIS is coming, ISIS is coming! So as not to waste the mass hysteria before it failed the laugh test, they had to bag an ISIS killer ASAP. So they capped one of the 318 million Americans who hate pigs.

Thoth June 8, 2015 9:52 PM

@Clive Robinson
Thanks for the paper. It is a really good read.

End conclusion for side-channel protection is to either make a lot of unwanted noises (indistinguishable from actual crypto operations) or to level out the noise by trying to match the noise and clean it out.

I remembered I previously asked you about using redundant lookups, timings and computations at random and also suggested mixing the crypto operations steps with the redundant dummy steps in random too (does not require strong randomness) so that it create simply more than the noise the attacker is expected to get out of it and you affirmed that my suggestions could seriously mess with attackers… that is if resources are available at hand to do so many redundant operations and resources.

Trying to bake all these into high level languages are difficult so the target location to bake them in is into the bare bone chip layers (create circuits that actually perform all these redundancy and noisy operations on the metal layers) or put them into as low level as possible (favourably into the OS level).

Other interesting stuff that the paper you mentioned offers include cache and page locking, colouring of memory (kind of like using Memory Protection or Management which you and @Nick P love to do) or exclusive processor core usage for the particular functions.

I have been trying to get some more information on Infineon’s Integrity Guard’s methods which involves self-encrypting dual CPU core and error checking to detect intrusions and modifications on the secure processor. Pulling one page out of the books of Infineon’s Integrtiy Guard would also be including a quick self-encrypting core process which you have mentioned (using the XOR operations to split and randomized data in the core).

If all these could be augmented into my messy and noisy suggestions, it might really put the hurt on attackers considering the fact that adding more physical sensors and hardware traps to deter attackers are in your term, building castles on cliff edges or solid ground and you recently referred to moving castles to the sea or to a sort of mobile defense. That seems to be the future approach of security IC chip defense by making data very noisy, messy and too much for the attacker to distinguish and digest.

TheGuildsman June 8, 2015 11:49 PM

@65535, @Justin

“The question now is the damage new?”

Actually I don’t think that building with the vertical posts is damaged after all.
I was looking at some other photos of Kobani and there are quite a few buildings like that in the town. It looks like they never got to finish the construction of the 2nd storey. I guess they were interrupted by something.

There are other buildings in the immediate vicinity, visible on Google, which don’t appear in the selfie photo that could be the alleged ISIS HQ as well.

Also, the Google satellite images, while from 2015, are probably not recent enough to show the damaged building(s) anyway. I have taken some screenshots of the area and I think I will bookmark the coordinates and check back in a few months to see if the imagery has been updated.

We will be able to tell if it’s the right place if we see bomb craters where buildings used to be.

Hopefully the 20+? hours it took them to drop their bombs was because of the due diligence they were doing on the ground, since it really didn’t take very long to find the location. (Assuming it is the right location.)

Justin June 9, 2015 1:26 AM

@ TheGuildsman

“Actually I don’t think that building with the vertical posts is damaged after all.”

That building (36.875067, 38.373182) doesn’t look damaged in Google Earth to me, either. I was referring to the location across the street and a little to the south from that building, that looks to me like it could be a couple of walls standing and a pile of rubble (36.874384, 38.372678). What is it, really?

What about those buildings partially obscured by the sign in the selfie photo (36.875754, 38.372967) and (36.875788, 38.372691), clearly visible in Google Earth?

“(Assuming it is the right location.)”

Oh, you have the right location. That is unmistakable. Even the signpost that guy was standing next to (36.874390, 38.372911) is visible in Google Earth. Also the stone marker standing at (36.874479, 38.372965).

Marcos El Malo June 9, 2015 2:41 AM

@TheGuildsman

Good catch on the possibility that the building was incomplete rather than destroyed. Many possible reasons for a building interruption. In the part of the world where I live, I see many houses and buildings in various stages of completion. Some of this is due to economic development: people add rooms and floors when they can afford More bricks (or as needed, because extended families are common). Another reason I have been told is for tax purposes. A completed structure is taxed at one rate, while an incomplete structure is taxed at a lesser rate. My apartment’s roof has rebar sprouting from its surrounding wall at various points, meaning it is still under construction, although the landlord hasn’t added anything to the structure in years.

hotdogs on the grill June 9, 2015 6:12 AM

@ Clive
Re:”With regard to the building I was not interested in determining “what it is” only “where it is” ”

Should the question of what predate the where?

Without knowing what it is how do you determine whether it needs some bombing?

Clive Robinson June 9, 2015 10:06 AM

@ Hotdogs on the grill,

Without knowing what it is how do you determin if weather it needs some bombing?

Your kind of jumping the gun, you can not take any kind of action against the supposed target untill you know where it is.

Only when you know where it is can you find independent evidence of what the target actualy is, till then you are just blowing smoke. Try going to your commanding officer and say “the enemy has an HQ that needs bombing” almost the first question will be “where is it?” The second is “what does your analysis show?”.

Look at it this way I could say “I’ve a photo of the largest most valuable diamond in the world, let’s steal it” what’s the first question you are going to get asked… yup “where is it”. In our tangible world knowing where you are in relationship to another point in space is so important that we forget just how important it is. To get from A to B you have to know the relationship between A and B and if not already there how to get to A. As the old saying has it, “the journy begins with the first step”, if it’s in the wrong direction it’s not realy a step you want to take, to ensure it is in the right direction you need to know where you are going, otherwise you are just wandering aimlessly which might be a great way to waste time, but generally unproductive.

SoWhatDidYouExpect June 9, 2015 10:08 AM

So, apparently the spy agencies have a death grip on the businesses involved that control this fiasco (from SlashDot)…

US Tech Companies Expected To Lose More Than $35 Billion Over NSA Spying

yro.slashdot.org/story/15/06/09/1235221/us-tech-companies-expected-to-lose-more-than-35-billion-over-nsa-spying

From the post:

Citing significant sales hits taken by big American firms like Apple, Intel, Microsoft, Cisco, Salesforce, Qualcomm, IBM, and Hewlett-Packard, a new report says losses by U.S. tech companies as a result of NSA spying and Snowden’s whistleblowing “will likely far exceed” $35 billion. Previously, the Information Technology and Innovation Foundation put the estimate lower when it predicted the losses would be felt mostly in the cloud industry. The consequences are being felt more widely and deeply than previously thought, however, so the number keeps rising.

Clive Robinson June 9, 2015 10:42 AM

@ Thoth,

End conclusion for side-channel protection is to either make a lot of unwanted noises (indistinguishable from actual crypto operations) or to level out the noise by trying to match the noise and clean it out.

You need to still consider how an opponent is going to attack the system.

From their point of view it’s a signal in noise issue, where the aim is to recover the signal by removing or cancelling the noise.

Noise is funny stuff, the main problem is the assumption it’s random, often it’s not at some level. This has consequences if your opponent can find the determanistic part and synchronise to it as they can then use a correlation technique to remove it thus making the signal more visable.

It’s counter intuative to many people and it can work against you. The classic example of this as I’ve mentioned in the past is “meeting the EMC mask” spread spectrum techniques used in PC’s. The oft quoted and incorrect advice to stop Wim Van Eck attacks is to put the sensitive computer in the midst of computers that do not get used for sensitive information. The theory being that they will mask the signals from the sensitive computer. Unfortunatly the EMC SS gives a reliable sync signal to the other functions of the PC as there is only a single clock in each PC. Thus you can sync up to each computer and either correlate it out of the signal or sync up to the wanted signals from the sensitive computer. Worse you can actually do both which makes the “hide in the crowd” advice pointless as any one who has worked on multiple access CDMA systems can tell you.

Thus two important points arise about the synthetic noise signal you generate, firstly it has to be as asynchronus to the computer determanistic signals as possible. The second is make sure that the process you use to generate the synthetic noise signal is “secure for the task”, not all crypto functions are suitable for generating noise.

The other issue is the determanistic signal, even if you chop it up, you can still leak sufficient information from the chopped parts to enable the signal to be determined by a guessing technique. Look at it this way you have ten numbered balls in a bag, each time you pull one out the number of balls goes down and so does the probability of which one gets picked next, when eight are drawn you are down to 50:50 odds, after nine you know 100% what comes next. There are only so many ways you can perform certain functions and with some crypto they have to be performed in order, thus you can end up with a “Granny’s teeth” problm. That is when Granny smiles after eating you know which order her teeth are in even if the gaps between are filled with random food…

There are a whole load of similar issues, and when I have time I’ll take a close look at the paper to see if they have missed any.

That said one of the authors is a “known to be smart” cookie so “the pickings might be slim” 😉

David Hawthorne June 9, 2015 11:44 AM

@SoWhatDidYouExpect

US Tech Companies Expected To Lose More Than $35 Billion Over NSA Spying

If and when this is proven *(and I believe something like it, and maybe even worse will be — maybe already has, I did not dig that deeply).. then, this is exactly what people who are concerned they are ‘out of control’ need. This is teeth. This pisses off the people with the cash strings. This pisses off the American people. Just think of all of the American developers these companies could have kept or hired with that money, instead of going foreign.

This kind of evidence would help clean up intelligence practices, clean up the industry, and get the intel/leo execs heads out of the toilet.

My skepticism it already has been proven is an estimate already came out a few years ago, and the next year it went nowhere. It was triple this estimate, if I recall.

22… to… 180 billion…

http://blogs.wsj.com/cio/2013/08/16/nsas-prism-could-cost-it-service-market-180-billion/

I doubt anyone is against spying, for good reasons; and probably everyone is not very bothered by spying they disagree with but is not ultimately harmful in motive. But the plans the US has been putting into operation have been extremely dangerous for the global economy and does not show much over reaching foresight.

Problem is… if the numbers are difficult to prove, then no change may happen.

Still, we are seeing and should expect to continue to see considerable resistance to dumb ideas to undermine the security of individuals and nations online. They lost the crypto propaganda war before and the benefit was a vibrant American and global online economy. And we can expect vibrant proceeds if they lose it again.

65535 June 9, 2015 3:46 PM

“This pisses off the people with the cash strings. This pisses off the American people. Just think of all of the American developers these companies could have kept or hired with that money, instead of going foreign.”

I agree. The NSA is starting to do more damage that good. That’s bad policy!

“…Short term, a greater understanding of this surveillance picture could have a chilling effect on all hosting and outsourcing services (not just cloud computing) in many countries. If it is to be believed, as ITIF estimates, that half the cloud market will be fulfilled by non-US providers, then assuming this factor has just as much impact as the PRISM leak will have on US providers, then non-US cloud providers would take a hit of another $35 billion by 2016. Add in the rest of the hosting and outsourcing market, which, according to Forrester estimates is three times the size of the cloud market in this timeframe, and you now have a net $100 billion loss for non-US based service providers.

“Add it all up and you have a net loss for the service provider space of about $180 billion by 2016 which would be roughly a 25% decline in the overall IT services market by that final year, using Forrester market estimates. All from the unveiling of a single kangaroo-court action called PRISM.”-Forrester

http://blogs.forrester.com/james_staten/13-08-14-the_cost_of_prism_will_be_larger_than_itif_projects

We are all ready seeing Microsoft supposedly showing their source code to foreign governments to dampen fears of NSA back-doors. I think this is just the tip of the iceberg. Huge financial damage could be done to these companies because of the NSA.

George June 9, 2015 4:25 PM

@ 65535

Yes, but what are the alternatives? Vast majority of digital pioneering and compliance shaping is done from the USA. Most countries in the world know the risks already but are unable to develope their own alternatives. The stanglehold is in standards, compliance, and certifications, or else go the way of isolated regimes.

Looking at their stock performances post Snowden, I doubt our tech firms lost significant businesses, atleast the financial sector doesn’t think so.

BoppingAround June 9, 2015 4:49 PM

David Hawthorne,
On the other hand, is it of any good? What is to gain? Things get moved out of US, allegedly to somewhere outside the US IC grip, to someone’s else grip. It’s not like the US are the only guilty here. BND seem to be in some shady business; the French will join soon if they haven’t already, thanks to that timely January accident. And hell knows who else is there — anyone who hasn’t been caught yet could be.

Perhaps it’ll help. If it hits someone’s wallet and this someone is able to pull the IC strings and curb them a little. At the end of the day the same foul system will persist, even if a little curbed. Not much good to us, if any.

Nick P June 9, 2015 8:49 PM

@ Clive Robinson

That guy trips me out. Especially the NSFW vid and clearance Q&A he posted. I agree with Cringely that he’s the 90’s version of a hippie prankster. He plays his niche audience well. He’s also a selfish, scheming sell-out. Not much different from his opponents in some ways.

His product also shows he’s not well-versed in security: quite subject to endpoint attacks and subversion. Especially if one of his 7 vixens were a Mata Hara. I doubt he’d even spend the money for something close to real, though. Another publicity stunt.

@ David, 65535

“Just think of all of the American developers these companies could have kept or hired with that money, instead of going foreign”

Now we went from possibly real (financial loss) to fantasy. American companies known to work hard to pretend there’s few Americans to hire to import cheap, foreign labor. There’s all kinds of talented people with good resumes who can’t get most IT jobs right now. To think that such money translates to American jobs is funny given all the foreign labor and investments many of these companies use. The real and uncommon losers in this situation are the owners and executives of the businesses. Their huge rates of return on others’ work might decrease significantly.

Benni June 9, 2015 11:32 PM

@Needling

Why are you posting this propaganda nonsense. (Unfortunately, these putin trolls spam each and every forum. I would even pay for a forum free of russian trolls)

It is russia, who installs proxies in Crimea, Ukraine, Moldova, Georgia, which have no souvereignty.

In contrast to russia, the united states do NOT create satellite states which they then ruin, blackmail or threat by force.

When the US went into Iraq or libya then this was because these countries have collected bio and chemical weapons and the US acted preventively before an arab spring would get thease things. The rest that happened with these countries did not matter to the united states. Serbia was destroyed by the US, because it tried to expand its borders into europe.

And now we have russia, which tries to annex parts of countries and sends terrorists to other countries and starts an information war on every internet forum on the planet. And russia secretly tries to develop forbidden missiles.

The result of this clever policy is as if russia would have drawn the sign “target, please attack us” on its country. And that is now considered:

http://hosted.ap.org/dynamic/stories/U/US_UNITED_STATES_RUSSIA_NUCLEAR_TREATY?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT

“One of Carter’s nuclear policy aides, Robert Scher, testified in April that “counterforce” means “we could go about and actually attack that missile where it is in Russia.” Another Pentagon official, Brian McKeon, testified in December that this option involved potential deployment in Europe of ground-launched cruise missiles.”

So yes, the world is now as close to a nuclear war as it was during the Kuba crisis.

Stationing missiles in Kaliningrad, or threatening that you could go to Riga, Warshaw, Kiew in one week, as putin did, is a model that does not work in todays world. Russia has one last chance now. Go out of ukraine, put your missiles in Kaliningrad away, go public about what this newly developed missile is for (probably nato does not care a rats tail if russia convinces them that this is for targeting syria, which also develops nukes), go out of Crimea, stop your information warfare, stop your flights of airplanes equipped with nuclear missiles towards europe….

And then russia is NOT getting attacked and it is not wiped out from this earth.

Markus Ottela June 9, 2015 11:48 PM

@ Figureitout:

RE: https://www.schneier.com/blog/archives/2015/05/friday_squid_bl_481.html#c6697362

Initially I tried the alternative of showing how to add components on HWRNG one by one, but it felt more practical to use one high-res picture and label all the components on it. There is no order in which components are plugged in either so as long as everything is as in the reference picture, it should work. The adjustment of HWRNG voltage was more complicated so it felt more logical to add step-by-step instructions for that phase. I agree many people will feel intimidated about the instructions:

The CEV version is very probably secure even with /dev/urandom spawned keys as long as the TxM keys are generated on isn’t a liveCD / liveUSB session. Thus, implementation of CEV version without HWRNG isn’t impossible. Since any file with entropy in format that looks like /dev/urandom output can be used as KF for OTP-version, using better documented HWRNGs is also an option. If the device feeds into /dev/random, outputting from that file makes keyfile-generation simple with genKey.py. Last but not least, without the technical know-how can also hire someone they trust to build the HWRNG.

Clive Robinson June 10, 2015 1:25 AM

@ Figureitout, Markus Ottela, Nick P, Thoth, Wael,

Last but not least, [those] without the technical know-how can also hire someone they trust to build the HWRNG.

Once again coincidental timing…

A personal observation about the availability of low cost HWRHGs.

Over the years, quite a few people have tried to sell low cost HWRNGs either as kits or finished PCBs and occasionally as “boxed and finished” items. In all cases I know of they have either ceased to trade or nolonger sell HWRNGs. This includes those who’s product was equal to if not superior to that of very high cost “professional” HWRNGs. Which when you come to think of it as I recently have raises the question of “Why?” I had just assumed that it was simply a niche for which there was insufficient market, and still do but to a more limited extent due to a recent event that started me thinking, hence the coincidental timing..

The reason is I recently met up with some one I had not seen for a while as they were now living abroad in Southern Europe and I jokingly asked them why they moved out of the UK and expected the “sun and sangria” answer, and was thus quite suprised by what they told me. They had some years ago gone out on their own and started a small “security product” company in the UK. Things had been ticking along nicely and had taken on a couple of employees and thus developed new products. One of which was a low cost HWRNG, then shortly there after they got one or two odd visits followed by all sorts of officialdom doing audits etc etc. So much so it was crippling the business as they was being tied to the office dealing with the overly perdantic officials rather than chasing business and manufacturing product. Well he was forced to cut back on staff and thus the number of products and one was the HWRNG, and low and behold officialdom stopped taking an interest in him and his now “one man” business. He does not know if the two were related, but he decided enough was enough and moved his business out of the UK to Spain (where he already had a home etc).

So I’ve been thinking about various ways around the issue of HWRNGs and one thought is coincidental with the comment about CDROM OS’s and the issue of /dev/random and the seed file.

Obviously with a CDROM the seed file is imutable which renders it effectivly usless for it’s intended purpose, so my thoughts went to how to use the likes of dice to set a random initial seed at startup.

Whilst it is relativly easy to do with a simple program, it’s downside is that you need to throw the dice about fourty times to get 100 bits of entropy.

Perhaps for TFC you might want to provide such a program in the guide.

Wael June 10, 2015 2:09 AM

@Clive Robinson, @Figureitout, @Markus Ottela, @Nick P, @Thoth,

Once again coincidental timing

Ahaaa! Use that for RNG 🙂

It’s not really as difficult as many make it sound. There Is more than one way to implement a low cost “TRNG”. One can use a Zener diode. One can also cascade two or more different types of devices; forward biased and reverse biased (Avalanche and Zener breakdowns.) Or compose a network of them for the desired random “characteristics”. And given that no two devices are identical, then the output is (I think) unpredictable — I wouldn’t call it “random” because, as you may or may not remember, I don’t believe in “randomness”…

they got one or two odd visits followed by all sorts of officialdom doing audits etc etc

I have mixed feelings! Not sure whether to be surprised or “ho-hum’ed” I’ve been desensitized …

so my thoughts went to how to use the likes of dice to set a random initial seed at startup.

What if the dice are unbalanced on purpose, I.e. “Subverted”? Can’t be too careful now 😉 lol

it’s downside is that you need to throw the dice about fourty times to get 100 bits of entropy.

Or get a camera feed from a casino watching a Craps[1] game. Just make sure you follow a good shooter, or your TRNG will crap out 🙂

[1] Did you hear about the dimwit that took a roll of toilet paper to the Craps game?

Figureitout June 10, 2015 3:00 AM

Markus Ottela
–The picture helps immensely compared to source material, it took me like an hour or 2 and took up entire breadboard as it was easier to see and check connections w/ more jumper wire. Yeah, it would be like…50 pictures for a “play-by-play”. I haven’t tried the way w/ a multimeter b/c I don’t have that 200 ohm pot or whatever it was. But people are going to have to look up the pin outs of the transistors and opamps so that’d be a quick/easy thing to add to manual so manual would be literally all someone needs to build. I know you’ve stated on /r/netsec you didn’t really want to do step-by-step; but if you want TFC to really take off it’s needs to be super easy (think all the software devs who haven’t touched a circuit since school). It’s kind of awkward to ask someone to build an RNG for them too eh? Maybe not, I don’t know.

Haven’t built up TFC b/c not enough RPi’s, so haven’t tried using yet which I’d really like to. But good news so far I haven’t been able to clearly affect the HWRNG w/ a 100 watt CW transmitter (I can’t get the bands I want, limited w/ my radio and I’d need a large antenna for some of those lower bands). Even doing ridiculous things like having a 1.3 meter wire (for band I’m testing) coming into sampling device (been using arduino, I need another HDMI screen for the Pi). The “attack” may still be hiding in the data and I won’t be doing a super rigorous analysis whatsoever; there is a very clear effect w/ a wire of any length off sampling device so that’s where the real problem area is going to be. Which, the Pi or sampling device simply needs a better interface for that (like coax connectors that shield signal); but definitely at least shielded wires to sampling device b/c I’m worried about powersupplies corrupting values as they leave RNG and head to sampling device.

While doing my tests it’s odd all the noise that happens plugging in a USB device…

Clive Robinson RE: business shutdowns
–Huh, maybe that’s an indictment that they work? I don’t get what you mean by the program, you mean one to take in a seed from user?

Wael
–Yeah but I’m wondering what other ways besides avalanche breakdowns and ring oscillators there are for HWRNG’s…

GregW June 10, 2015 6:38 AM

Interesting article on the reverse engineering of a cryptographic-type function in the MS Windows kernel used for creating short 8.3-character filenames from longer filenames back in the FAT/Win95 days.

https://usn.pw/blog/gen/2015/06/09/filenames/

I found myself wondering whether the kernel programmers built the described function purely for this purpose or whether it was “leveraged” from other more significant cryptographic internals of Windows.

There is an interesting combination of magic numbers involved.

Benni June 10, 2015 7:16 AM

Duqu seems to be a malware from israel. And it now was found at:

Kapersky employees….

But also on members of the P5+1 talks with Iran, Iranian nuclear scientists, and participants of the conference on the liberation of Ausschwitz (among the guests where the french and german presidents…)

Since the p5+1 talks involve the US, they accused Israel for attacking the group with this malware….

Additionally, the program’s control servers seem to be rather inactive on friday and stop on saturday (in israel, the sabath begins on friday). Also the activity seems to fit to a country in the timezone gmt+2…..

But in all cases, duqu seems to get on the computers by using exploits on windows http://www.spiegel.de/netzwelt/netzpolitik/kaspersky-virenjaeger-entdeckt-virus-bei-sich-selbst-a-1037898.htmls

Russian and British authorities were notified by Kapersky….

Clive Robinson June 10, 2015 10:01 AM

@ GregW,

I found myself wondering whether the [MS] kernel programmers built the described function purely for this purpose or whether it was “leveraged” from other more significant cryptographic internals of Windows.

The long to short name conversion is at the higher POV in effect just another hash function, the same overall idea has been used in software that long pre-dates MS. In fact have a look at ACM journals in 1962 and earlier, where the cost of a byte of RAM was a substantial fraction of a weeks wages for the average person, and a byte of fast magnetic storage was only fractionaly less expensive. It was also one of the major reasons which were the foundations of the Y2K problem (for those readers old enough at the time 😉

MS also had a problem they allowed both FAT12 and FAT16 to become public property thus had lost a potential revenue stream. The New Technology File System (NTFS) which they had not released was overly complicated and at that time was being shuned quite extensivly.

However Hard Disk drives were getting larger and importantly their low level interface was changing, again without MS getting a grip on the income stream. FAT16 was getting silly block sizes (16K for some HDs) and was not scaling at all well. So MS came up with FAT32, which had all sorts of extra goodies like long file names, but was still compatable with FAT16. Thus MS decided to make such things as long to short file name convertion not just propriatory but sufficiently complex that reverse engineering and duplicating would be a no no legaly, thus establishing a licencing revenue stream, which they persued quite vigourously at one point.

Thus MS were looking for a hashing algorithm that was in effect “poor mans crypto” not for information security but revenue stream security.

There is however an issue, which I found out about when having a chat with some lab techs I know back when FAT32 was thought up HDs were not just mechanical, but oh so slow, thus the filename conversion had little or no effect on overhead. Not so with modern battery backed RAM and Flash SSDs, with lots of very small files (one or two blocks) the overhead of name conversion can be seen, admittedly nowhere as badly as certain software based FDE Crypto elements (Elephant Diffuser) but it’s there…

gordo June 10, 2015 10:10 AM

Congress
CJS funding bill would limit high-tech surveillance
Adam Mazmanian | Federal Computer Week | Jun 04, 2015

The House passed a $51.4 billion Commerce, Justice and Science funding bill for fiscal 2016 on June 3 that would pare back the government’s authority to conduct surveillance on communications.

Taken together, they constitute something of a follow-on to the USA Freedom Act, just signed into law, which put new rules on the bulk collection and searching of telephone metadata by spy agencies.

As passed, the bill includes amendments that would:

• prohibit funding for government to require technology companies to build in support for tapping encrypted communications

• bar funding of efforts by federal law enforcement to use “stingray” devices

• ban the Drug Enforcement Administration from collecting phone records in bulk

• bar the National Institute of Standards and Technology from coordinating on encryption or computer security standards with the CIA and the National Security Agency, except for the purposes of improving information security

The bill also touches on supply chain, census, and other IT measures.

The White House issued a veto threat before the bill went up for a vote.

http://fcw.com/articles/2015/06/04/cjs-funding-bill.aspx

Thoth June 10, 2015 10:30 AM

@Clive Robinson, Wael, Nick P, Figureitout, Markus Ottela
I wonder if the sales of standalone HWRNG without supporting cryptographic functions as Clive mentioned being a nitch business could have been the cause of a good amount of HWRNG business going down.

Crypto and HWRNG are needed hand in hand and selling one without the other is like selling half the pie. Not sure if that’s even sustainable because the expectations of anyone buying the HWRNG would be to expect Crypto as part of it so that they could conveniently call both the Crypto and HWRNG together ?

Clive mentioned official visits. Hmmm … not sounds like trouble ? I don’t trust “official visits” as they always bring bad news.

Instead of just using dice to load a CSPRNG, might allow something more flexible like multiple sources including drawing of random poker cards, flipping coins, clock timings, running a stream cipher at high speed … or use @Bruce Schneier’s Fortuna or the modified Fortuna PRNG system which allows multiple entropy pools that deplete at different rates which Windows supposedly use Fortuna for it’s PRNG.

Clive, would it be hard to simply make cheaply available IC chips for HWRNG that provides good entropy ?

Benni June 10, 2015 12:35 PM

Here is the report of Kapersky about the attack on its own networks in english

https://blog.kaspersky.com/kaspersky-statement-duqu-attack/

Probably that means one should buy this antivirus software if one uses windows
1) They could detect advanced threats like this
2) Their software is apparently good enough to generate high interest that they attack Kapersky with software like this

Lone Stranger June 10, 2015 12:50 PM

@Benni , @all on Duqu II

Duqu II.

I was thinking American. But much speculation everywhere at this stage.

I noticed in the commentary at wired or ars they sent messages using an identifier “ugly.gorilla”. A nick of a primary PLA hacker. Why would Israel do that? They were not getting hacked by that team. Were they trying to make it look America?

Duqu is tied to Stuxnet, Duqu II tied to Duqu I. We have basically confirmation the US did Stuxnet, there may have been some Israeli cooperation, but not sure why anyone would think they would be needed for the coding. For getting it into Iran and on the users usb cards, yeah, I think Israel would have been needed for that.

There are several dumb moves with the system. 1. It uses code from a previous identified system, tying it into a whole family of virii. Trillions and trillions of dollars and they have to reuse their code for their most sensitive operations? I believe it. And really sorry thing is? They keep doing it. Operation after operation they refuse to just write new attack code from scratch so they keep identifying themselves.

The target was a bad choice for such an attack. Targeting the APT analysis team makes them look like they are further tied to recent and major APT investigations. Like the two ‘probably American’ ones of late, and now this one. Nevermind that the chance for destroying all of the other operations across the world were extremely high by targeting a company specifically geared to look for and find this exact kind of attack. And, snap, like that, Kaspersky sent out the signatures and boom, boom, boom, these guys were caught globally in current use.

Those are very major mistakes, and one of them they keep repeating.

I think the researchers are hesitant to point out major mistakes because playing up the ‘level of sophistication’ angle is one of two major components of evidence they have it is a major nation state. The other is the target.

So pointing that out here.

I am sure there are other major flaws. I do think it was a highly sophisticated attack and nation state level. But the flaws are curious to me.

Benni June 10, 2015 2:08 PM

@Lone Stranger:
I noticed in the commentary at wired or ars they sent messages using an identifier “ugly.gorilla”. A nick of a primary PLA hacker. Why would Israel do that?

That can be assumed that all their malware does that. And probably some of their control servers are in China. It may be that many of these “Chinese hackers” are actually from someone else. If it gets discovered, the blame is then on Chinese hackers…

Spiegel says that the malware is controlled in a way that is consistent with israel working hours (gmt+2) and a weekend that begins on friday…..

Probably these agencies share their codebases often… It would not be a surprise if some operations of Duqu are controlled by the US, and some by the GCHQ… It may even be that they broke into chinese networks, saw the malware, and stole the code. Or (given that BND and China operates a common surveillance station), that they even share this malware with China, which is also haunted by terrorism at their Pakistan border and has states developing nukes next to it…

But the 5 eyes have definitely no interest to spy on participants of conference in honor of the 70′ liberation of Ausschwitz…

tyr June 10, 2015 4:26 PM

I see that the US government plans to go to HTTPS
on its websites by 2016.

This should please Cameron immensely.

Jacob June 10, 2015 4:56 PM

Mcafee reports about seeing HDD/SSD firmware malware, possibly created by the Equation Group, for the first time in the wild.

Starts at Page 7:

http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2015.pdf

Noteworthy: On Page 9 (bottom half) Mcafee claims that for the firmware reprogramming code to do its job, it must use some undocumented ATA commands that are common to many HDD lines, and that are used by LEA. Another nail in the coffin of disk-based FDE and OPAL standards.

It will be a short time now for the criminals to pick up on this.

uglymagilla June 10, 2015 6:09 PM

@Benni re 12:35, yes, use their software, or they’ve provided rulefiles for yara (in a pdf that requires a bit of tweaking.) So people will probably start catching infestions right away.

Nick P June 10, 2015 6:11 PM

@ Thoth

The simple mechanism is user input. Past that, the sources that generate that input can be diverse. Here is my method. Just learn to shuffle the cards pretty well. One can also have a dedicated device for generating random numbers and other secrets. The CRNG (i.e. ISAAC) takes a few minutes to seed using this method. It does the rest for the rest of the devices with periodic reseeding.

@ Jacob

Yes, the software or hardware Inline-Media-Encryptors (IME’s) we discussed here long ago are sounding more and more like a good idea.

name.withheld.for.obvious.reasons June 10, 2015 7:36 PM

Washington D.C, Capital Building, Congressional session of the 114th Congress, 10 June 2015, 1750 EDT

Defense Appropriations Vote under an open rule.

Repeatedly Congressperson Nadler, New York, offered language to strike support for GITMO. Time in opposition, republican member, offered that the risk that releasing individuals from GITMO would put U.S. soldiers in danger of potential death. The first amendment, offered by Nadler, sought to strike funds for operational support of GITMO and was turned down using the aforementioned rational. Nadler, after having his amendment postponed for a later vote, asked for a recorded vote and then offered a second amendment again striking language from an additional section under the NDAA that would see the release of an innocent person held at GITMO (two calls for release, one from GW Bush and the other from Barack Obama), eligible for release to England (as petitioned by David Cameron). Again, the time in opposition to the second amendment offered the same rhetoric regarding the risk to U.S. soldiers on the field.

It was obvious that congress cannot resolve its own issues…not only are the facts ignored but the logic or rational applied to the decision process is thoroughly flawed.

First, members of congress that are concerned about the risk to U.S. soldiers evidently feel that only the release of prisoners from GITMO represent a risk to U.S. soldiers. The congress members ignore the fact that GITMO is the poster child for recruiting jihadists, ‘See, the infidels hold our people without providing basic rights!’ Where is the right to be charged and tried in court–irrespective of the crime or circumstances? Legal action taken under the hubris of the congress might as well include summary execution.

Secondly, the United States of America, specifically the house of representatives, is an embarrassment–not just because of the indifference to our own processes, but our inability to see multiple components of an issue, or resolve a basic problem that serves no one–we, the U.S., are some ugly idiots.

F- June 10, 2015 10:43 PM

@nwfor, right, the clock is ticking down to the plenary session of the ICCPR treaty body, when the US gets graded on its response to the grave emergency of Guantanamo. The house has 10 more days in session in June, then six days in session in July. Guantanamo along with the other US death camps are now officially described in the legal terms of crimes against humanity, exposing US officials abroad to criminal liability in universal jurisdiction. An assessment by the special rapporteur of no action, no cooperation, or contrary results would risk a juridical precedent or resolution that sets customary international law, with the US making history like the Nazis did, as a famous bad example.

Democrats want to have something, anything, to say for themselves when a Democrat administration gets called on the carpet in front of the world. Republicans just want to wreck the UN. The net effect will be to cement the US regime’s reputation as a bunch of uggabugga cave men. More and more, when the US tries to horn in on multinational dipomacy it will be, Hush, the grownups are talking.

Figureitout June 10, 2015 11:23 PM

Thoth
–I think one benefit of not having a simple IC (though really nice no doubt) is where is it going to be manufactured w/ trust and how much visibility are you going to have in it being made? W/ discrete components you really would have to work b/c it better do what it’s supposed to do. The ATtiny has the same size and dip-encapulation as an 8-pin opamp and it’s frickin’ ridiculous what all it can do w/ such a small chip and there’s better chips too.

OnHWRNGs
–Seems slightly dangerous exposing yourself to that radiation for some “random” bits (do you believe the process is truly random (whatever the f*ck that means, it’s undefined) or just not understood well enough so it “looks random”?).

Nick P // Jacob RE: undocumented ATA commands
–Don’t think IME’s help w/ backdoored undocumented commands, if they get in your current PC’s, and spread to memory sticks and the rest of your network; and still they get out in the wild so LEA’s again fail at keeping a backdoor secret so we’re going to see more of this insidious malware that can’t be easily removed and more and more looks very familiar to symptoms I’m seeing when you use your PC how it should be used (using an HDD/SSD).

Thoth June 10, 2015 11:42 PM

@Figureitout
It really depends on the requirements regarding IC based HWRNG or not. If those are for commerical applications where they want quick, fast and good (not sure if it really exists) and don’t want to make their own modules and circuits, that would be a nice business model (Note: business … not security model).

If it’s a security model, it is best to make your own circuits (with as little IC chips) as you can. I guess the alternative to HWRNG being the CSPRNG is a much more viable and also good method to explore. The methods @Clive Robinson and @Nick P gave and also @Bruce Schneier’s Fortuna or modified Fortuna CSPRNG would also work very nicely if people actually bothered to implement them in their codes.

Nick P June 10, 2015 11:48 PM

@ Figureitout

“Don’t think IME’s help w/ backdoored undocumented commands, ”

The IME controls what happens on the HD. The PC side can only use approved commands with acceptable values. The undocumented commands are never used because the IME doesn’t use them. Further, anything weird can be logged so we’d see the undocumented commands in action. IME’s are the guard concept applied to HD’s combined with hard disk crypto. That’s why it stops undocumented functions among other things.

name.withheld.for.obvious.reasons June 11, 2015 12:04 AM

11 Jun 2015, 0045 EDT, Washington D.C., Capital Building, the house of representatives in session to vote on the NDAA of 2016 and amendments thereof.

Grayson, congressperson from Florida, proffered an amendment to the NDAA that would make illegal the subversion or weakening of NIST encryption standards. House republicans and democrats (chair and ranking member of the Armed Services Committee), vaunted defenders of the U.S. Constitution[1], stood against the amendment as they claimed there was a question to its’ effect(s)? What of the of KNOWINGLY VOTING FOR LAWS WHERE THE EFFECTS ARE NOT UNDERSTOOD BUT BECOME LAW?

THAT’S HILARIOUS, THEY’RE NOT EVEN CAPABLE OF ASSESSING THE ISSUE LET ALONE CAST A VOTE ON THE MATTER. The hubris of these people cannot be overstated, their believe in their position (we are not represented, the members don’t even see the original wellspring of the citizenry as relevant to their enterprise) and its validity–irrespective of the facts or public pleadings. Based on what I’ve witnessed, congress persons could be held criminally negligent (especially under the NDAA where the outcome includes the use of deadly force), decisions that make vulnerable the citizenry to the ravages of war–are a crime.

[1] Democrats will defend the first amendment–until it requires the second, and, republicans believe the constitution has only one amendment–the second amendment.

name.withheld.for.obvious.reasons June 11, 2015 12:39 AM

11 Jun 2015, 0125 EDT, Washington D.C., Capital Building, the house of representatives in session to vote on the NDAA of 2016 and amendments thereof.

Lofgren and Amash introduce an amendment to end the section 702 of the FAA (FISA Amendments Act) to the Patriot Act. Again, the traitors to the U.S. Constitution stood firmly to malign and disparage those interested in maintaining their fidelity to the text and spirit of the Bill of Rights. Never mind that ever one of the members swore an oath to protect the same.

Again, those claiming respect and adherence to the U.S. Constitution continuously fail to support their statements with the commensurate action. Members of the congress are capable of cognitive dissidence of the first order…reality only gets in the way of their fantastic ethos and pathos.

Petter June 11, 2015 6:59 AM

Clear new laws are needed to cover security services’ powers to monitor online activity, the UK’s terror watchdog has said.
David Anderson QC, the independent reviewer of terrorism legislation, said the UK needed “comprehensive and comprehensible” intrusive powers rules.

Critics have dubbed government proposals a “snooper’s charter” because they predict the plans will infringe privacy.

http://www.bbc.com/news/uk-33092894

Lone Stranger June 11, 2015 12:06 PM

@Benni

Yes, it does sound like you are correct. Though, I am doubtful America has had much to do with any of this, at all. It stinks of a smaller nation with some strong, highly patriotic (and so secretive) teams, who are also very good at human intelligence (but in very limited supply). [America has many more people, but they don’t want to waste their whole lives in places like Iraq or Iran. And their threat is so much more distant and theoretical.]

I had to refresh my mind on where stuxnet attribution was at.

http://en.wikipedia.org/wiki/Stuxnet#United_States

I have known two people at Siemens. One was a next door neighbor who was a program manager, another was a woman I dated who did technical writing for them. The technical manager told me they sandboxed some of his workers so they ‘could not do any damage’. The one he mentioned was in “Argentina”.

This attribution you offer explains the inconsistencies. America does not need to reuse code like that, and does not need to take such risks.

  1. Running a successful international technical espionage program… is like a very successful thief. What successful thief would be crazy enough or desperate enough to threaten his operations by going and trying to burglarize the police station? America has too many resources for such risky operations.
  2. The code reuse connects all the dots of all previous programs. There is no reason for that sort of behavior from a nation with as many resources as America. They have hundreds of thousands, millions really, in intelligence who are spinning their wheels. Producing duplicate reports. Providing mountains of analysis no one reads. (America has enough such resources to keep on staff – without the staff even knowing it – in corporate top level programmers who each could provide pieces of jigsaw puzzles.)
  3. The command and control structure is highly dangerous for such projects. It provides chokepoints for information. When the American “spider-man” at Sandia Labs tracked back Chinese hackers, he was able to provide substantial evidence of that attribution because it all led to their country. They used these sorts of chokepoints. His name was Carpenter. Looking him up on my online “rolodex”…Shawn Carpenter.
  4. Auschwitz, yes, just does not fit. Americans tend to not think of such things in “it is relevant today” terms. Israel thinks very much in terms. Why, if they felt there was still Nazi gold in Switzerland banks, they would hack it. (Even if they do not know who, exactly, they are really hiring.)

  5. America doesn’t need to run such programs to get intelligence. They control the supply side of much of the equipment. They can easily get people into the equipment at the manufacturer. They could do it at the design level of the boards. A number of the American companies which put together common, mass produced boards for consumers also have side business of putting together missile boards.

All of this increases the budgets for technical and human intelligence. Notice how few of these programs are producing people or organizations who are saying they were hacked. And, I mean here, for China, Russia, Israel, the US, Iran. So, they all have to run about and figure out “who dun it” and “what did they get”. And that produces disinformation. They hold on to detected systems and have to run elaborate disinformation programs. And there are streams of people coming in, much more money for funding for information acquisition, and much more money for funding to handle all of the new information defense networks and systems.

It vastly elevates the value of information. It creates mysteries. “We did not do it, so who did”. And, “is this America doing this, or Israel, or someone else”. And, “is this all really an elaborate American disinformation program. Surely that is too vast.” On and on.

Hyperinflation of what is, ultimately, worthless. It becomes increasingly valued, just because of the mystery angle and the increasing programs involved which only raise even more questions. Top management can’t get answers to basic questions. That is the heart of it. That is the beating heart of it.

Mysterious mysteries… anyone can be prone to that itch on their peripheral vision, on their brain. Hard to go about even a very busy, very productive day when you have nagging questions on such major operations that remain unanswered.

Besides, there is a real problem possible: even if people’s external interface to the outside world appears quite stupid and does not understand directly the layers and layers of technical details; their internal system would be running overtime, and does.

And there is a real possible problem there. That attribution for nation state cyber attacks has such vague criteria: level of sophistication, target of value for that actor, and, all to often, where the information leads to or ends up at. All which can be too easily faked. Any one of them could wake up tomorrow morning to discover a program they had no knowledge about, because it was not even theirs, or was so vastly stovepiped, ‘maybe they did’ ‘do it’.

Gerbil wheel, speed up, make that money more valuable for the more work put into it.

I am sure it is all going somewhere. It all ultimately must mean something.

Ezekiel Lovecraft Daedulus June 11, 2015 12:42 PM

It’s a Lovecraftian horror that resonates in the human psyche, though the giant squid are not aggressive against humans and typically feed on other squid and deep-sea fish.

There are strange wars, deep, deep under the ocean waves between giant squid and giant whales. Nowadays, we have explorers and video and diving technology that can pry into these matters. It is all very fascinating.

And even today, we do not know exactly what all might lurk in the deepest reaches of the ocean. We have cover a tiny, tiny part of the vast unexplored depths of the darkest parts of the furthest down ocean. But, that is it. We continue to find new species of animals, strange creatures, even in the most remote parts of the earth, above ground. We continue to find unusual archaeological finds there. Like the “hobbit” bones found a few years ago, and how they startling tied into local legends.

When we are children, we have to figure out how our arms and legs can reach out and do things. We have to figure out how our eyes and ears can perceive things. When some get older they find different sorts of arms and legs. They run organizations. There are many arms and many legs. It is their responsibility and their power. Consciously, they work their way up, until they find they have many tentacles in their power. Soon, it becomes as unconscious as the processes for moving their arms about. You can notice this if you play any video game where you control such tentacles your own self. You get to be very automatic about sensing the tentacles. It becomes personalized.

Even with those who simply come above shore, by producing works that have wide or small audiences, you get to feel those put out there are kind of like tentacles. Of infuence. Of potential threat. Of power or potential power.

Siblings, children, extended family, and so many other processes — same thing.

Online, we can have countless of these emanations. They are not us, but we feel as if they are somehow extensions to our selves. Ghost limbs, ghost tentacles.

Where do you store your important data? Your throwaway data? Who is on your network of friends on facebook, and what do you say to them? Where might your emails have gone, and who might have read them? Where is privileged data, misleading data, mundane data? Did you remember to lock your doors, and your windows? How many cars do you have, and are they all secured? All tentacles.

MRI studies have shown that while we are consciously focused on one thing, unconsciously, we very well may be focused on something else. We have many vague matters we are aware of, and strong matters. We will may never learn what is really hidden, deep down, maybe we need to know, maybe we do not. If it is godzilla, we probably will need to know. So much public source data on the secrets of the goings ons of the nations, and yet, so very, very much secret, deep underwater activity.

Jeff Who Has Anxiety Problems June 11, 2015 1:09 PM

This is interesting from, at least, the electronic surveillance angle.

MAJOR QUESTIONS REMAIN UNANSWERED IN BOSTON KILLING OF ALLEGED ISIS BEHEADING PLOTTER
https://firstlook.org/theintercept/2015/06/10/major-questions-remain-unanswered-killing-alleged-boston-isis-beheading-plotter/

So, the FBI had this guy undersurveillance 24 hours a day, 7 days a week, for years. Why did they not just pick him up for questioning? They claimed to have evidence under legal wiretaps that the man who was killed plotted to behead police officers where he also had two cohorts. Why are they not charging the other two cohorts? Why did they claim that they had very clear “speaks for its’ self” video of the attempt to question the man?

They knew he was armed with a knife, or that is their claim, that he had a knife, but if this was a “more safe arrest for questioning”… why did they not prepare for him possibly producing that knife? Surely a taser could have easily taken him out. He had cohorts, right? Contacts? He was dangerous, right? He probably had extensive information and could have served as a witness, much moreso, as a convicted person against whom they had strong evidence, right?

Why did they not want to show a good example of their surveillance programs and skills at stopping potential terrorists? After all, the major cases over the past few years domestically have involved retards who were entrapped. It looks like bad cases. To everyone. And that hardly does much to defer good cases.

For instance, I just heard about a case where some men came into a store, indicated they were from Dubai, and bought some gun practicing tools which would not make much sound or require anything for outside training. They paid in cash, 8000 dollars. Several thousand under the asking price. Two thousand below the amount required for federal flags on money transfer. They have credit cards in Dubai, right? So, there may be really scary threats out there, but when even people from overseas see such cases and no scary domestic cases… they see the domestic powers as being inept.

I do find some evidence presented in the “knife wielder” case very weak for the suspect. Ordinary people do not get alarmed at being asked to explain away some allegations. They answer. They do not express extraordinary hatred. They can understand. They do not have really worked out terms for investigators like “monkey boy”. That requires deep deliberation. Emotion, thought.

Now that he is dead and no major charges are filed against anyone, however, we can probably assume that the guy was just another retard. There was emotional reaction against his “threat” against cops, and the cops acted emotionally. They were local and probably very worked up by being on such an important case. They were underexperienced, so it was a very big deal to them. They also were very emotional because of the local Boston Bombing case.

But, how many others are under such surveillance? Why waste years of resource extensive work which apparently was successfully stealth? Was there a cover up? Was those resources wasted? Now that he is dead, and no one else charged, it all remains secret.

Clive Robinson June 11, 2015 4:46 PM

Stingrays sighted in London

It appears that London’s Met Police are prempting David Cameron’s Snoopers Charter, by setting up several Harris Corp Singray faux mobile phone sites in and around London,

http://www.bbc.com/news/business-33076527

I’ve detected some in the past in some of the less pleasant parts of West London with a very either a high Afro-Caribbean or Russian population. The area is “rent land” where most people live in homes they don’t own and their landlords tend to take a dim view on allowing tenants installing land lines or even satellite dishes for Sky television for a variety of reasons.

Thus most phone calls and Internet connectivity go via the mobile phone network.

Anyone who finds that mobile broadband suddenly “not working” should consider it an indicator that the mobile service has been “down graded” and excercise caution. If you can get hold of an “engineering SIM” and appropriate phone then it’s fairly easy to scan for the cell identity information. Which would confirm that unexpected cells have appeared.

Clive Robinson June 11, 2015 5:25 PM

@ Bruce,

This might raise a wry smile and “what did you expect” thoughts,

As expected North Korea has trotted out the standard “we are not amused” response to the public publication about Stuxnet,

http://www.computerworld.com/article/2933102/cyberwarfare/north-korea-threatens-the-us-with-cyberattacks.html

All very expected.

The simple fact is that NKs are just “thumbing the nose” at the US for internal consuption by NK citizens, as they have already “flicked the finger” at the US and the West over Stuxnet ages ago (when they unexpectedly invited UN weapons inspectors in to show them their type 2 centrifuge casscades shortly after Stuxnet became public).

Based on previous internal consumption rant pieces they are unlikely to do anything any time soon if at all to the US. It’s not as though they don’t have the capability, we can reasonably be certain that they do for various reasons, it’s just that they like playing the Proxie game. So if any attacks happen it’s likely to be on US Favourd nations around the South China Seas, which would get considerable support from the Chinese, if the Chinese do not use the NK rant as an excuse to do their own attacking in that region.

If attacks do –supposedly– happen then I guess we will hear the US executive aids etc rabidly talking it up, irrespective of any evidence one way or the other. Which will only be to the NK regime’s advantage with their citizens…

Ho hum, draw up the Lazyboy, get out the popcorn relax and watch the entertainment commence 😉

Thoth June 11, 2015 7:28 PM

@Clive Robinson
Partly the fault is with the fear and war mongering contractors which are the weakest link in the entire security chain. As we all know, the contractors don’t adhere to Govt rules and are the entry point for nasty stuff into any Govt “Secure Systems” thus the insecurity.

One weak link breaks the entire chain ….

Lone Stranger June 11, 2015 7:34 PM

I am confident North Korea will do something bad. If they were bothered by “The Interview”, they will be especially be bothered by this. This was an attempted aggressive attack on their soil, and that against their most sensitive systems.

They have decades of false threats, but then, it is hard for them to launch nuclear missiles at the US, or to even engage in long term undercover missions in the US. (Vietnam did this well, China does it well, but in both cases their operatives have had plausible reason to be there, and in every case their operatives were deeply exposed to American culture and had significant capability to fit in and stay in the game.)

It is easy for North Korea to launch devastating cyber attacks. They show a reluctance to take credit for the Sony hack and used some embarrassingly bad cover to do so. But, they did it and they did it well.

I could see them going the “doxing” route. What if the OPM or IRS hack was related to North Korea? Sabu and Lulzsec did some highly destructive doxing. A determined nation state adversary might decide to do something really crazy like OPM or IRS doxing. (Not to give them ideas, but I doubt they are reading this forum. They have a high probability to use exactly that sort of tactic because it was done in the Sony hacked and did terrific damage and got terrific momentum because it was done. That probably taught them a lesson in a bad way for everyone else.)

I had to read up on the Sony Hack’s challenges to attribution that this was NK.

http://en.wikipedia.org/wiki/Sony_Pictures_Entertainment_hack#Doubts_about_accusations_against_North_Korea

Cybersecurity expert Lucas Zaichkowsky said, “State-sponsored attackers don’t create cool names for themselves like ‘Guardians of Peace’ and promote their activity to the public.”

Lucas claims to have 15 years experience in computer security, but that is as an administrator, support representative, and a sales engineer. Not to slam the guy, it is the Associated Press at fault there for doing such poor sourcing. He has apparently never heard of the “Syrian Electronic Army”, nor been privy to the fact that very often China does use the cover of hacker groups and hackers with monikers doing stuff like changing the page of the White House to “hacked by China”.

“Sabu” is listed as a source on the wiki page. I followed to the cbsnews article, and believe, from his comments, he has some smart, good insights. I disagree, however, with his thesis “North Korea could not have handled the bandwidth”. They used a proxy country to work from, and from the recent BBC article, are training and operating currently in the proxy country of China.

It is also not “all about money”.

I bring him up, however, because he hacked embassies around the world, and Stratfor (probably a disinformation project) while working for the FBI.

He was not paid for that, and the people asking him to do it were not doing it for the pay. If FBI agents wanted to work for the pay, they would not work for the FBI. [But, hey, maybe all the lulzsec work was ‘for pay’, all along. Not the free, political work he claimed it to be.]

And his Russian buddies posing as Peruvians and Indians, very well may not have been the Russian “criminals for money” he thought they were.

[It is actually a real bitch to keep accent right and keep to some legend, consistently, online or off, when that legend is extremely divergent from your real background. The Russians probably bolstered their cover by having either been to Peru or India, so they could answer basic questions.]

[What non-governmental, criminal hacker was likely to have visited Peru or India and taken care to keep a cover from such a visit, having the foresight to understand that they would need to be able to answer basic questions about the locale.]

[(Do not know that they did this, but that cover would have lasted two seconds if they had not. And if it lasted long enough to impress Sabu, it probably lasted with him for quite some time.)]

Nick P June 11, 2015 8:30 PM

@ All
re clean slate stuff

Creating a language using only assembly language

It’s actually a cheat title as he only uses assembler for first stage. However, it’s similar to my proposals of stacking several abstraction layers to implement a full language (or platform) from scratch. The use of LISP was smart: notice how easy the full language was bolted onto the core using syntax extensions and macros. Combining this with generative programming that targeted different architectures might make for one hell of a portable design, too.

Anyway, if someone wants the title for real, it might be easiest to prototype the system in High Level Assembler with minimal use of fancy stuff. Decompose the requirements using Cleanroom-style functions of functions that you do by hand. Use HLA to implement and glue the tiny functions together. Pass to assembler to get a platform written in assembler. Then, replace the high level constructs with hand-written assembler along with plenty of comments. Now, you have a language implemented totally in assembler without cheating by doing it in a high level language.

Or mega-cheat by implementing a language in the assembly language of… a LISP machine. It’s still assembly then. Mwahahaha!

Lone Stranger June 11, 2015 9:31 PM

@Nick P

For what purpose, code security? If for code security, I would disagree. Consider memory related overwrite bugs tend to be relatively rare these days. They are much harder to find and exploit in modern code. Plenty of legacy code is out there, however.

If you write an application where an intended user has functionality, there will continue to be security problems involving unintended users usurping privileges of that intended user. Does not matter what language it is.

The more complicated a system, the more likely it will have errors. And the more errors it has, the more likely at least some of those errors will have security ramifications.

Thoth June 11, 2015 9:50 PM

@Nick P
How about adding Haskell-like maths proven languages to be natively supported in systems ?

The idea is to bake Haskell on top of assembly as the system’s language instead of C (due to all the problems of C) and from Haskell, you have your system codes and then above your system codes you have your userland codes. Maybe someone already done such a system and it would be interesting if you can point in the direction.

If system and userland designs were to move into provable domains with less cappy codes / crapware, we would have lesser problems with illegal code executions and lesser zero days to worry about.

(DISCLAIMER: lesser problems does not mean full elimination as @Clive Robinson pointed out on the hardness of simply eradicating all issues.)

Thoth June 11, 2015 10:11 PM

@Lone Stranger, Nick P

“If you write an application where an intended user has functionality, there will continue to be security problems involving unintended users usurping privileges of that intended user. Does not matter what language it is.”

What are the mechanics for “usurping privileges” of a user ?

A few basic methods to do so in my opinion which you may add on…

1.) You either use problematic (non-assured) codes and glitch the system into giving you the access. These are not unheard of and surprisingly common in real life scenarios.

2.) You trick the user into giving you their accounts/rights.

3.) Combination of 1.) and 2.).

Proper codes done with security in mind will have negated 1.) for most of the cases and 2.) really depends on the user if the user would detect an attempt at phishing but other security codes can be added in to proven phishing attacks and if these security codes are not done in an assured manner, it is back to a huge bunch of 1.) problems.

Security systems do not need to be overly complex. In fact, highly assured codes needs to be rather clean and small to be easily proven and verified by hand. One example are TCB microkernels like the seL4 with just 10k + LOCs.

Nick P’s pointing out is probably at verifiable TCB codebases so it lessens 1.) problems and this would also indirectly aid in reducing 2.) problems by having less complexity and higher visibility.

Nick P June 11, 2015 11:03 PM

@ Lone Stranger

The purpose was fun, learning, and proof of concept for original author. That’s in presentation. My concept was described here. Layering the abstractions on top of each other lets us use what functions and assurance we’ve developed at each layer in the next. This also increases comprehensibility. If desired, it can increase security by building the security checks into the language or tools (eg compiler). Ada with all compile-time and run-time checks on is a great example of that. My scheme is simpler, though.

Complexity is addressed with good interfaces and abstractions. That the core language can be type- and memory-safe by default deals with those memory attacks you’re worried about. Building abstractions on abstractions with safe metaprogramming from highest level to the assembler itself gives you source to object code traceability. Along with assurance that traditional compilation doesn’t screw anything up. The use of a typed, high-level assembler lets one implement performance-critical or low-level routines without using a different programming model (eg C’s). All together, a vertically integrated stack eliminates all sorts of complexity, performance, and security issues present in common stacks.

The article was similar at least in how it built up the language piece by piece in a way that maximized comprehension and productivity.

@ Thoth

Funny you mention it because I said that here on the Hacker News version of the article. The inspiration were A1-class systems with security kernels and tagged processors for running real-time, secure Ada applications. Too ahead of their time to succeed or get adoption, respectively. For Haskell, one project did a G machine to Forth compiler. G machine is part of the Haskell compilation process, IIRC. Forth is easy to target to anything. So, that was a clever piece of work. BootSafe likewise made a certified Java to Forth checker and translator for more assurance in firmware.

Outside security, the old LISP machines showed that one could do a type-safe, memory-safe language with hardware. I’m sure we can do something similar with the modern designs. I’m hesitant to do anything radical because I’d be violating one of my own rules: don’t trust anything unless it’s had around 10 years of evaluation. So, an imperative, safe language supported by hardware should do until we know more about the other stuff’s security.

Wael June 12, 2015 2:07 AM

@Nick P,

The purpose was fun, learning, and proof of concept for original author. That’s in presentation. My concept was described here

That link reminds me of the days when I had something meaningful to say 🙂 I miss these days …

Thoth June 12, 2015 3:20 AM

@Nick P
Maybe it’s about time these type of provably assured ML/HLL to be embedded in the lowest layers (just above assembly) so as to bake high assurance right close to the heart.

Hey NICTA/General Dynamics/Thales and other Security/Military/Intel Industry contractors, if you are spying (or reading), you need to do something awesome using the above suggested ideas and open source it like seL4 !!!

Ooohhh….. I forget they work for the Warhawks … doubt if they would share their special sauces with us …

Maybe we are on our own …

Jacob June 12, 2015 5:42 AM

From http://www.wired.com/2015/06/feds-restrict-3d-printed-gun-files/

“in a separate filing to the federal register last week, the State Department also wrote that it intends to require prior approval for the online publication of any “technical data” that, vaguely defined, would allow for the creation of weapons (i.e. 3D printed gun parts – J.), an even broader swathe of files. The agency’s statement warns that publishing those weapon files to the Internet, with its global connections, could amount to violating the International Trade in Arms Regulations (ITAR) by exporting controlled weapons data to a foreign country—hardly different, by its definition, from sending missile schematics to Iran.

“Before posting information to the Internet, you should determine whether the information is ‘technical data.’ You should review the [United State Munitions List], and if there is doubt about whether the information is ‘technical data,’ you may request a commodity jurisdiction determination from the Department,” reads the State Department’s filing. “Posting ‘technical data’ to the Internet without a Department or other authorization is a violation of the ITAR even absent specific knowledge that a foreign national will read the ‘technical data.’”

Lone Stranger June 12, 2015 6:59 AM

Holy shit, this is nuts.

Why The OPM Breach Is Such a Security and Privacy Debacle
http://www.wired.com/2015/06/opm-breach-security-privacy-debacle/

At first, the government said the breach exposed the personal information of approximately four million people—information such as Social Security numbers, birthdates and addresses of current and former federal workers. Wrong.

It turns out the hackers, who are believed to be from China, also accessed so-called SF-86 forms, documents used for conducting background checks for worker security clearances. The forms can contain a wealth of sensitive data not only about workers seeking security clearance, but also about their friends, spouses and other family members. They can also include potentially sensitive information about the applicant’s interactions with foreign nationals—information that could be used against those nationals in their own country.

What’s more, in initial media stories about the breach, the Department of Homeland Security had touted the government’s EINSTEIN detection program, suggesting it was responsible for uncovering the hack. Nope, also wrong.

The repercussions could be much graver than anyone thought.
Although reports are conflicting about how the OPM discovered the breach, it took investigators four months to uncover it, which means the EINSTEIN system failed. According to a statement from the OPM, the breach was found after administrators made upgrades to unspecified systems. But the Wall Street Journal reported today that the breach was actually discovered during a sales demonstration by a security company named CyTech Services (paywall), showing the OPM its forensic product.

Thoth June 12, 2015 7:13 AM

@Jacob
They really need to reconsider their stance on “banning” a technology. It is just like encryption, you can’t ban them all.

Next thing people will do to distribute these files is massive low assurance security file sharing and Darknet/forums.

They might as well ban the use of computers totally ?

Will they subjugate/coerce/bribe 3D printing companies into backdooring their system so it can be monitored in real-time ?

Lone Stranger June 12, 2015 7:59 AM

@Thoth

“If you write an application where an intended user has functionality, there will continue to be security problems involving unintended users usurping privileges of that intended user. Does not matter what language it is.”What are the mechanics for “usurping privileges” of a user ?

Even more concise:
“If you write an application where intended user has functionality, an unintended user can get functionality too.”

This describes any type of security issue.

So, anything from XSS to arbitrary file execution [X-A]. Client, server, non-internet application. User could be system or root or down to users on a web application the system is hosting. Automated process or process only initiated by a real human being.

Since around 2005, most security issues found have fit neatly in a pre-existing category already well defined (eg, see “CWE”, etc). There surely will be new ones in the future.

I do not think there is a fully safe language possible, because if you allow the user to do anything, an unintended user might be able to do it, too.

So you allow an user to post to their account on your social media web application? So might an unintended user get in there and do the same the intended user did.

So you have an application which allows an user to download files and execute them? So might the application allow this for an unintended user.

I can argue any of that, and get into details into it. 1) There are ever expanding ‘data validation’ routines, getting slicker and better all the time. Very slowly. 2) And there are security code analysis tools in the modern IDE’s, Microsoft and Eclipse, anyway.

There is a ton of work to do in any category. Those are the two main categories where improvement is needed and where it is being done.

Almost literally any api that takes in or puts out user data is potentially vulnerable, just as it has been with any api that writes data to disk or to a database. Or with any api that handles memory access directly.

But, you guys may be more concerned about the language in terms of an intelligence agency sabotaging it…

Thoth June 12, 2015 8:33 AM

@Lone Stranger, Nick P, Clive Robinson
As I said:

“(DISCLAIMER: lesser problems does not mean full elimination as @Clive Robinson pointed out on the hardness of simply eradicating all issues.)”

and

“Proper codes done with security in mind will have negated 1.) for most of the cases”

A very clear disclaimer that it does not fully eradicate every problem. It simply lessens the more obvious issues and substantially makes the codebase much more stable and secure.

Lone Stranger June 12, 2015 8:50 AM

Comments on the new information about the OPM hack.

Elaboration on the above post.

http://www.wired.com/2015/06/opm-breach-security-privacy-debacle/
https://www.schneier.com/blog/archives/2015/06/friday_squid_bl_482.html#c6698268

Okay, initially, this seemed to be a much more minor deal then the last one. This news makes it ‘not so’. In fact, it is ironic I was talking about ‘NOC list’ doxing, practically, considering these new details.

(Read: they can cross check via mere credit checks anyone who has a file there and has not had a living presence in some years. Yet who is not MIA, not KIA, not filed missing, and not ordinarily deceased. Which means they can get US undercovers who live under an assumed name, whether they work abroad or domestically, for mil, for le, for intel, for anyone. Really. Lol. Holy shit.)

-> looks like only 4 million records have gone missing. I recall reading this went to 1986. There are over 5 million with active clearance today. So, unless they are wrong, they did not get anywhere near the full swathe. However, considering how dramatically they were wrong already… I would not put this past them. Maybe they got everyone. Since 1986.

-> I have never looked into the EINSTEIN system. Sounds like a case where too far understood a system, and too many put too much trust in it. I have seen that many times before. I have had it happen to myself, where I would have to clarify limitations of a system. This was at a company where we had a lot of security bug finders. They never looked at their own software products unless tasked to. Not as exciting.

NSA should have audited the hell out of it. But, that does not mean NSA could have defined the limitations of it.

But in fact, the data accessed by the intruders may be far broader. The 127-page SF-86 forms believed to have been accessed by the hackers also includes financial information, detailed employment histories—with reasons for past terminations included—as well as criminal history, psychological records and information about past drug use.

-> It is actually what they mentioned first, which is especially scary. The elaboration on contact with foreign nationals. That would include any suspicions or details on any investigation on that foreign national. Or lack of investigation.

That is a colossal fuck up. (They elaborate on it later and say the same thing, I see, from Chris Eng.)

-> The blackmail angle, however, is real, that is a list of potential vulnerabilities right there.

If the breached background check information goes beyond the SF-86 form, it could even include detailed personal profiles obtained through polygraph tests, in which employees are asked to confess law breaking and sexual history. ”They write it all down and it goes into your file.

Speculation at this juncture.

The OPM had no IT security staff until 2013, and it showed.

Holy shit. Wow.

The FAQ does admit, however, that the OPM still isn’t certain it’s even discovered the full extent of the intrusion. “It is important to note that this is an ongoing investigation that could reveal additional exposure,” the statement reads. “If that occurs, OPM will conduct additional notifications as necessary.”

Counterintelligence forces investigations secret. So, they can not make this a promise.

Okay, so, this behavior is worse then what I have seen at any major retailer hacks of recent years:

  1. The announcement came months after the discovery, and even then it was premature.
  2. The announcement erroneously claimed they discovered it with their super jazzy security tool. But they discovered it via a demonstration by a vendor. I suppose a proof of concept level analysis. Because otherwise you don’t test vendor code on production systems, lol!

So. Here are these guys sitting around, big screen up on the wall. Bunch of paywall folks and OPM folks in the room. They are showing how the forensic tool can, say, look into the hidden recesses of memory. And they see the marks of a hack, lol! Maybe ‘madebychina.exe /admin’, lol!

Okay, how can one of the most sensitive systems in the entire US defense/intel/le infrastructure possibly not have had an IT Security team “until 2013”?

It takes that long for new people just to ramp up.

That is outrageous.

You expect this kind of behavior from a mom & pop store.

And this is the second time they have been hacked in almost just as many years.

Someone else pointed this out: maybe they should stop hacking everyone else so much and start defending their own networks. Just a little.

Strongly doubt if they were that poorly guarded that they only got four million records. Especially considering the willingness to throw out false information even after months of investigation.

Not to blame the everyday workers there. They just got there. There appears to be zero meaningful oversight there.

Way worse then what has happened at the major corporation hacks. Some were hacked for a longer period of time, but they got their facts straight quickly, and they had sizable IT Security teams. It sounds like, in this case, they are not letting seasoned law enforcement investigators take on the job. (The same people who led those very same investigations .)

“Secrecy”. Aka, “we reeeaaally do not want to know how bad it is, okay, so you guys just can’t do this, we will handle it. You know, secrecy. Compartmentalization.”.

Lone Stranger June 12, 2015 9:02 AM

@Thoth

A very clear disclaimer that it does not fully eradicate every problem. It simply lessens the more obvious issues and substantially makes the codebase much more stable and secure.

My concern is just that the specific problems are well defined. I mean, if you severely limit the scope of what the language is going to be able to do, if you can or even want to do that… much easier task. Maybe you want it to be a relatively low level language suitable for simply creating low level applications like drivers. But, wouldn’t it be better to just rewrite C’s dangerous calls, improving the safe versions, and maybe mandating them at the same time. Still, seems like an awesome task, considering the body of people that work on that and have over the years. (OTOH, committees can slow progress and be unwilling to change well known problems, this is very clear.)

Sometimes, for instance, they don’t want to do enforced memory validation. A “for instance” is where there is no chance of user data touching the call and there are many iterations. Removing the forced data validation greatly improves speed. Sounds really, really bad, but when you are doing that a ton of times every millisecond, every additional process can add up. I mention this from real world scenarios.

Lone Stranger June 12, 2015 9:33 AM

@Nick P, Thoth

The purpose was fun, learning, and proof of concept for original author. That’s in presentation. My concept was described here.

I was just mentioning the higher level functionality that comprises so many security vulnerabilities these days. eg, about everything but memory access issues.

I was curious as to what you guy’s thinking was that. Maybe you do not even wish to attempt to cover it.

Not entirely sure where the state of the art is on lower level languages today and memory access problems.

Nick P June 12, 2015 1:12 PM

@ Lone Stranger

You basically said very little with a lot of words. Elaborations on the following.

“If you write an application where intended user has functionality, an unintended user can get functionality too.”

This is true… with MS-DOS. Security has progressed quite a bit since then. Anyone reading your post would assume a digital apocalypse happens once a day. In the real world, there’s security measures for all sorts of things, some resist breaches, others don’t, and many issues are detected and recovered from regardless. The breaches and hacks always represent a small portion of computers in general. They’re, with rare exceptions, usually at companies or on products with weak security. Extrapolating that to computing in general isn’t scientific.

If you want to see real security, then here’s a few things for you to look at that have it in various forms: Burroughs architecture; KeyKOS and other Capability Systems; a a network/app guard TCB; a network guard/firewall TCB; a Java-based least-privilege scheme; a language for security; a machine + VM; a browser; a filesystem.

Just a sampling of many things using strong, security engineering. I’m sure they look like nothing you’ve ever encountered because market and FOSS almost exclusively does weak stuff. Read through enough of that and you might be designing/using strong stuff yourself one day.

Note: a similar sampling of security tech for web applications is here.

Nick P June 12, 2015 1:35 PM

@ Wael

“That link reminds me of the days when I had something meaningful to say 🙂 I miss these days …”

Those were great days. So, come up with meaningful things to say so we can have more. You’re a bright guy. I’m sure you can do it. 😛

@ Thoth

Yeah… there’s a lot of foundational work to do. Just look at how long it took to understand most issues with imperative languages. Essentially, we need to take our invariants (eg isolation, control flow) in one hand and every aspect of functional language source-to-object flow in the other. We have to look to see any risk area in any part. We need to find the right model’s, designs, exception handling, and so on. Then, we must implement them robustly in software, hardware, or both. It took quite a while (and many geniuses) for our von Neuman model. I expect the lambda calculus, etc models might take more work.

Shapiro already did a security kernel in one, though. The LISP machines show the hardware part can be done. Bluespec etc even design hardware using a Haskell extension. So, I’m sure we can build it if we know what to build. That’s the tricky part.

I have an interim solution. A team can start with the FLINT certifying compiler for ML. It’s broken into stages with types and information about each. It will be modified to produce assertions about structures it manipulates that can form rules about pointer use, access control on objects, control flow, and so on. (Think Frama-C with more properties.) Each transformation makes both the code and those assertions more concrete. By the end, we essentially have a typed assembler language with a bunch of invariants. These are compiled into assembler for a tagged or capability processor in such as way as to enforce the properties on each chunk of code. The resulting executable should follow the security policy implied by the original code.

“Hey NICTA/General Dynamics/Thales and other Security/Military/Intel Industry contractors, if you are spying (or reading), you need to do something awesome using the above suggested ideas and open source it like seL4 !!!”

Good news is much of what DARPA funds is published openly or available commercially. They seem to give the NSA the double middle in how they work. NSA, if they even have influence, seems to depend on fact people will (a) not use the tech or (b) not use it correctly. Their bet is right most of the time. Meanwhile, academics and companies can still get DARPA funds to try to develop real security. Galois even open-sources some of their best tools. Then there’s those that commercialize it like Atcorp.

Nick P June 12, 2015 5:51 PM

re languages discussion

A HN commenter replied to me on my claim that it wasn’t a real language done in assembler. The commenter gave an example of one that was: Amiga-E. It was a c-like language for Amiga with plenty of features whose compiler was written in M68K assembler. So, challenge accepted in early 90’s and done. 🙂

Also, anyone grabbing an old Amiga for use as non-subverted hardware or doing clean-slate work might find a use for Amiga-E. It’s GPL and also unlikely to be subverted because who’s heard of it… The toolchain being written in M68K eliminates the source to object code verification requirement for using it.

Lone Stranger June 12, 2015 5:52 PM

@NickP

You basically said very little with a lot of words. Elaborations on the following.

LS wrote:
“If you write an application where intended user has functionality, an unintended user can get functionality too.”

This is true… with MS-DOS. Security has progressed quite a bit since then. Anyone reading your post would assume a digital apocalypse happens once a day. In *the real world*, there’s security measures for all sorts of things, some resist breaches, others don’t, and many issues are detected and recovered from regardless.

Yes, it is true for all systems including MS-DOS, or a language that had no capacity for any sort of memory access errors

I could have simply asked, “How do you propose to create a language with what appears to be only a memory access strategy, so that it prevents any of the other security vulnerabilities from forming”?

I did not get much sleep, and your post you linked to do not make much sense to me. I was too lazy to look it all up. LISP was talked about by some friends in the 90s, I found the idea interesting, but no idea where it is now. HLA, I have not screwed with in like fifteen years. My take away from a brief glance was you were focused on primarily memory access errors, but I could have been wrong. Could not get, at all, how “abstraction layering” fit into anything. But, I barely know the subject, if at all.

No, it does not say a “digital apocalypse” happens everyday… I am not sure how you came out with that. I was speaking of “code density” “security vulnerability” ratios, etc. (Though from your next statement, it appears you are well aware of this issue. I would be surprised if not).

eg, code density/vulnerabilities, etc
https://www.owasp.org/index.php/Code_Review_Metrics

Just a sampling of many things using strong, security engineering. I’m sure they look like nothing you’ve ever encountered because market *and FOSS* almost exclusively does weak stuff. Read through enough of that and you might be designing/using strong stuff yourself one day.

Yes, so you are aware that “FOSS” (“Free Open Source Software”) *I had to look that up, and “market” has very high code vulnerability density levels.

I read that in a Wired article once.

I do not work as a coder, not interested in “military grade” stuff, and not interested in designing software.

I have ADHD, so these sorts of statements are hard for me to parse.

I work in a different area entirely, not in computers. And yes, I am sure you can tell.

But I do not envy people who do, if that is what you mean. I like my job and the stuff I do and I am paid well for it. I am glad you take pride in your work, that is good for people to do.

GeorgeL June 12, 2015 6:48 PM

@ Lone Stranger

I think what they are speaking of is in adherence to the EAL mindset of formal verification. A secure programming language, theoretically, protects itself from insecure programmers and the malicious programming insider thru formal verification process. What you are getting it is, I think, what they would call “fieldcraft”. I’m also an untechnical stranger like yourself, but found this blog very interesting to read.

Lone Stranger June 12, 2015 7:23 PM

@GeorgeL

okay, okay. i c. so something completely else. looks like some kind of government standard. I was wondeRng what they were talking about. yes, very nice fowum. i had to look at this, because I love squiRd. not surprise what it has to do with anything. it tasts good though.
Gawdm frickn cellphone keyboard. you now what i mean. my sister turned off the spellchcker somehw. thank you

Nick P June 12, 2015 10:59 PM

@ Lone Stranger

Ah, not a coder or IT guy. I appreciate your honesty. Make next try a bit easier.

The essence of designing robust software is that you have good requirements, a good design that will accomplish those requirements, knowledge of where it might fail, code to implement these, and evidence that it does (eg review, testing). Security adds a bunch of extra requirements, failure states, and even esoteric stuff most people don’t think about. A properly designed language + toolkit can let programmers express their design in a way that prevents or contains various problems (including attacks) by letting the underlying toolkit take care of them. What types of problems are dealt with varies with the toolset. We’d usually combine many methods for a highly secure design.

For layering languages, the idea is that you have languages for different things: low-level stuff on the machine (assembler); system programming which is a step above that with plenty low-level control (C++); application programming which might automate memory management and many other things (Java). In today’s systems, the languages that do these things are as different can be with very complex tools to convert between them. My proposal for an integrated stack building from the machine up to applications let’s use keep everything more integrated and inherently safe with better design decisions at each layer. Prevents many specific mistakes in a given layer along with problems caused by strange interactions between layers caused by language designers who weren’t working together or aiming for safe/secure systems.

Hope that makes more sense.

@ GeorgeL

The EAL’s aren’t strictly necessary but give good guidance on the process. The idea is that each assurance activity adds to the level of confidence we have that what’s produced does what is says it does. So, given my above comment to Lone Stranger, an EAL6-7 version of the compiler or mitigation techniques would inspire high confidence while EAL2-4 (typical commercial) should be expected to become quick fodder for the news.

name.withheld.for.obvious.reasons June 13, 2015 12:58 AM

@ Nick P

A team can start with the FLINT certifying compiler for ML. It’s broken into stages with types and information about each. It will be modified to produce assertions about structures it manipulates that can form rules about pointer use, access control on objects, control flow, and so on. (Think Frama-C with more properties.) Each transformation makes both the code and those assertions more concrete. By the end, we essentially have a typed assembler language with a bunch of invariants. These are compiled into assembler for a tagged or capability processor in such as way as to enforce the properties on each chunk of code.

Interesting…I drafted a “formalized” MASM language; a tokenized verb/noun cpp/sgml syntax and a lexical mid-layer (yak) that provides strong typing (could easily adapt labels) in which grammar analysis of transforms/transformed. Code functions (non-programmatically) are, in simplex form, expressed as a “unit” and scales to enumerated entity and architecture. Thinking of posting some samples…just an example of fun with compilers and lexical analyzers. Auditing the toolchain can be robust and complete.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.