Schneier on Security

Clive Robinson • June 28, 2015 12:17 AM

@ Robert Brown,

It does get to the bottom of things as it were…

The thing about a colonoscopy is it’s a choice between the lesser of two evils…

The presumption is you have some symptoms –that have already gone to far– that indicate that you need the attention of the medical community specificaly the surgeons (although Drs appear to be getting into the “hack-n-stich” game these days).

Thus the problem of further diagnostics prior to the assumed required “cut-n-shut” removal of various parts of your anatomy that nature saw fit to provide you with for good reason that have now become defective for some reason (implicit “defective patient life style choice issues”).

So the patient gets a sort of choice observational surgery or observation by some other method prior to getting surgery any way…

Now the surgeon already knows you can not make good choices in life, because that’s the underlying cause of your visit in most cases. So they make the choice and then talk you into it so you think it’s realy your choice…

So choice one, get a general anesthesia which probably has a 1 in 300 chance of killing you –due to your poor lifestyle choice–, get “sliced and diced” with several sets of hands and instruments rummaging around in your guts, with a high risk of cross contamination so the mortality risk is now about 1 in 200, then spend several days on a surgery ward with several nasty life threatening bugs so your risk is about 1 in 150 of not getting out the front door of the hospital, then spending several months regaining fitness before any further necessary surgery is done. Oh and all of this is quite expensive.

Choice two, the day before you take a concoction of laxatives and lots of clear fluids to “clean you out” via “the great white throne”. You turn up first thing in the morning get changed into a hospital gown, you then lay on your side as a nurse puts a small pipe up your bottom and pumps in more “cleaning fluid” which fizzles and buzzes away for a few moments before the rest of the world drops out of your bottom (or in your head it feels the other way around). Then somebody sticks a line in your hand an if you are lucky gives you enough valium to make you forget your troubles or atleast make the world a little rosey (falling asleep is a good option if you can manage it). Then it’s “lubricant time” as made famous in the film Evolution “there’s always time for lubrication”. Then what you’ve been dreading and they have kept out of sight up till now, what looks like nine foot of garden hose pipe with a box on one end with what looks like a joystick, and power supply leads disappearing of to another box and a plug in the wall and an air line. At the other end of the pipe is the business end with which you are about to become rather intimately aquainted… One of the reasons for the valium is that you might suffer very embarrassing side effects of having your prostate stimulated, and thus hopefully won’t remember it if you do get the side effect. Another reason for the valium is, if you are normall your lower G.I. tract is full of bends, and to aid in getting the business end around they pump in air to inflate you… and around it goes, or sometimes not… If you are in the unfortunate “not” catagory then the “attending” roll you around on the table and apply “constructive preasure”. Now depending on how modern the garden hose pipe is there may be several screens connected to a little CCTV camera in that box with the joystick, if you are unlucky enough to be awake and have a memory that won’t forget under drug inducement you too can watch yourself from a view you hope you will not see again, either in reality or your dreams… Well if the attending see something interesting they might decide it’s “sample time”. Have you seen how the break cables on a push bike work? Well guess what the probe that runs down inside that garden hose pipe works a similar way. Only instead of break calipers at the end, there is what looks like a miniture set of jaws with teeth, which “snip off a sample”. A process which can also produce what looks like a lot of blood. Any way after a good look around it comes to “extraction time” where what went up comes down again. And remember that air that got pumped in, well…. as you will find out shortly and for the next day or so, they don’t get it all out at extraction time. Having got the nine foot of garden hose pipe out of your bottom it goes of to be sterilized and you get dumped on a gurney and wheeled off to “come around” where you eventually attempt to clean yourself up and prepare to go home again… unfortunatly, at what will feal like every step either your guts will gurgle or you will break wind as your autonomous systems try to re-establish an aproximation to normality in your GI tract. Abusive as all this sounds, the risk of death is less than 1 in 1000 and you can be sent home fairly quickly to recover. Thus it’s comparitivly low cost for the hospital…

Now if you think about it either choice would enable them to put a tracking device inside you as well as a smart phone and half a brick or atleast that’s what it will feel like…

My advice if you want to avoid making the choice between hands rummaging in your guts or hose pipe up your bottom… eat plenty of green vegtables and some bran, cut back a bit on the meat and fat and drink half a gallon or so of water every day and get up and walk around for atleast half an hour every day as well.

Oh and that threat of “I’ll tear you a new 455 hole” that pops up in some US movies… well surgeons do it for real every day to those who make poor lifestyle choices, only they more politely call it “a three sixty resection”.

Clive Robinson • June 28, 2015 7:28 AM

@ Gerard van Vooren,

C was designed to be a layer on top of assembly to work for the PDP-10 which did have very limited resources.

C was originaly an experement to take the dog slow BCPL interpreter that had been thought up in Cambridge, and make it faster by building it as a “fast” compiler (the aim was to make it one pass but it eneded up being two pass for various reasons). It became enhanced later when they modified it to compile an OS. So it moved from pure research experiment to applied work horse almost overnight some three years after the first twiddling.

Pointers were a bolt on and it shows, the simple fact is you can not write an OS or other system code without getting down and dirty with diect access to memory and IO addresses. Thus in other high level languages you have to include assembler either in line or by linking…

C was sort of hoped to be an almost machine independant high level assembler, which is why type checking etc was not thought as necessary as the programer should know how to deal with such. As a well practiced assembler level coder few had any problems with C it made them considerably more productive. The problems came when people came from the opposit side of some high level hand holding language, or type safe training language.

Even Brian K admits with hindsight he got a fair chunk of things wrong in C and would do things differently today to make it more effective.

Unfortunatly…. some of those “wrongs” appear to have become embedded in the minds of programers, and new languages treat them as tradition to be taken on board…

I admit to being a happy assembler programer and use both C and bash script. As for m4 and the other little shop of horrors lurking in the *nix tool box I’ve managed to mostly avoid them.

Clive Robinson • June 28, 2015 11:03 AM

@ BoppingAround,

What are your thoughts regarding systemd, if any? It seems to be quite controversial topic these days.

Controversial appears to be a tad understated. Some of the arguments have a touch of religious zeal about them, and tempers hot enough not just to raise a head of steam but flames as well…

Of more interest is the security concerns at the very least, “it’s new” and thus not time tested but also it’s got a much larger surface than previous methods and it’s also monolithic in nature. Three terms that tend to make the security cautious concerned, and reach for “the barge pole” to prod it cautiously.

But there is also the “why?” Question or as some have put it “It’s a solution looking for a problem”…

Currently I’m keeping it off my systems for the simple reasons it’s overkill and new and I see no reason to trust it.

I’m sure others will have differing opinions due to different points of view, that’s there choice and ultimately it should be yours as well, but there does appear to be a fair amount of “throat stuffing” going on, which in of it’s self should raise warning flags.

Clive Robinson • June 28, 2015 6:42 PM

@ BoppingAround,

I also think it has not been ‘finished’ yet. Perhaps the surface will grow even more.

It’s almost guaranteed to, both the lead developers have indicated it will in perpetuaty be a work in progress. That is they appear to view it as being a life long meal ticket. They both have undesirable charecteristics identified by well known and well respected Linux developers of a form which strongly indicates that the Dunning Kruger effect is alive and well. Especially as alienating the community by ignoring security critical bugs and calling others 455holes in public appears to be their “stock in trade”.

The big problem with it is that is way way way to Linux, GNUlib and Gnome specific, which means you are not going to find it on any other *nix varieties such as BSD or Mac OS X etc. Further it’s assumptiond are highly focused on an area Linux is weak in, which is desktops, and effectivly rules out it’s use in the areas Linux is strong in (embedded, smart devices and servers). It also grates badly against “Unix Philosophy” of small applications doing one function and doing it well, their work gives the “Jack of all trades master of none” saying a fine example.

So why is it popular with “Desktop Distributions”, one argument is it saves distro maintainers a lot of work… If this is the reason then Linux is heading for a major “road crash”.

Oh it’s not just the two distro’s you mentioned, most “specialty distros” like Puppy Linux are having nothing what so ever to do with it, because it takes “bloat” to new levels.

Hopefully RedHat will see the dark clouds building on the horizon and take steps to stop Linux getting washed out to sea by it…

Clive Robinson • June 29, 2015 3:41 AM

@ Figureitout,

, but it’s not *that* bad considering every computer needs something like a time reference to make sense of anything … … it needs it until we discover another fundamentally different way to compute b/c I don’t buy “this is it”. If it needs a time reference for every single thing (or some kind of way of spacing time), it needs to be coddled w/ some init stuff that isn’t good on the eye, just isn’t.

There are several “times” computers need to know and it can get very complicated when relativity gets involved. The basic classes of time a computer uses are,

1) Firstly it’s “clocking rate” that is usually defined by it’s external XTAL. Usually used to control internal state changes and keep signals synchronized.
2) The Second is it’s local time reference that is how it sees local time passing so it can communicate localy.
3) Third and often not considerd by many is it’s relative time to other points it communicates to that are not in it’s local time refrence.

The underlying issue is one of communication even if it’s to just another logic cell on the same chip. The faster information can be transfered the smaller the local time reference is. There are two types of communication we talk about Synchronous and Asynchronous. And people get confused about them and time. They both need a time refrence to communicate, the difference is in synchronous communication the transmitter at one end of the Shannon Channel provides a time refrence to the receiver at the other end of the channel, in the case of asynchronous communication there is an assumption that both the transmitter and receiver share a common passage of time ie that it is local to them, thus the time duration of symbols can be reasonably estimated.

As anyone who has designed communications systems for systems where the transmitter and receiver are non local and move in different speeds and directions and thus don’t have a common passage of time can tell you finding a way to establish a common refrence of time is vital. The simplest way to see this is to think of doppler effects then move up to the consequences of Einstein’s thinking which effects GPS systems and mobile phones.

Whilst for single communications paths it can be fairly easily dealt with, not so multi point/channel systems, they realy need to be spacially aware with respect to a common fixed refrence point. Then use this awareness when communicating with the other points in the system by adjusting both it’s TX and RX timings accordingly.

People have tried to design logic systems that lacked an external clock reference but even these are “self timed” due to the gate delays and other implicit time refrences. You can get away with it with chain, ladder or cascade logic that has no storage, feed forward or feed back and transition noise can be ignored. That is the logic systems are stateless but such systems are very limited in functionality and thus utility. One of the founding definitions of Turing engines is that they move from state to state, thus they must have an implicit time refrence, thus all computers do.

One of the rules of our physical universe as we see it is that everything physical is constrained by time and forces, so we can not get away from the issues of time, Einstein saw time as the fundemental measure of the universe and it’s a view that still predominates even when we don’t realise it.

Clive Robinson • June 29, 2015 6:40 AM

@ Curious,

… had me wondering; can network traffic be intentionally delayed by some party in the middle, by simply manipulating the notion of the time somehow?

Yes fairly easily by increasing the “path length” also known as a “delay line”.

Whilst it would at first glance appear fairly pointless, there are some places where it’s a major billion dollar attack strategy.

In High Frequency Trading (HFT) time is critical and shaving a few nano seconds –1nS is about 1foot at the speed of light– can make a real difference. So much so people have tunneled through mountains rather than go around or over them.

I can outline an attack for you which is rumored to has happened. Imagine you have a competitor who has a pathlength 1mS longer –three hundred meters or a drum of coax equivalent– than you do. With modern computing and networking you could get their trade, make a counter trade and have it at the exchange before them. Do this ten or twenty times a second and make a thousand dollars per trade and you are looking at around a million dollars a day profit you would not otherwise have made…

However the same sort of trick could be carried out by the NSA or other FEYE nations, your web page request gets seen and sent along a long path route in the mean time they send what they want you to see on the short path route, due to the way the network protocols work, you see the first packet to arive which is there’s, and the real packet gets dropped silently by your computer. Now imagine that the pages they do this to are for the likes of pubkey certificates, you get the NSA fake one and then they do a standard MITM attack on your traffic…

It’s just one of the reasons the PKI of the CA model is broken beyond what you would expect. Thus you should always use a secure second or out of band communications channel for KeyMat, and the only way to get it to work that we know of is “initial hand delivery” to a trusted recipient. Of course the NSA et al could intercept the courier or the recipient is untrustworthy in some way from just being careless through to being a paid agent running a sting on you to frame you in some way (a not unknown tactic by the politicaly inspired arm of the FBI etc).

Clive Robinson • June 29, 2015 9:22 AM

@ Nick P,

You might like this story,

http://www.dailymail.co.uk/news/article-3142221/CNN-confuses-black-white-flag-covered-sex-toy-symbols-ISIS-London-gay-pride-parade.html

Put simply a Female CNN “journalist” covering the London Gay Pride march, she spotted a black flag carried by a man dressed in black and white. She then had an OMG moment and called it an ISIS flag…

Now I don’t know who her optometrist is but she might want to pay a visit to get her perscription checked…

Turns out that the “white arabic writing” she could not make out was actually “shadow images” of sex toys, and it was part of a satirical protest….

As trainee journous are repeatedly told “don’t belive your eyes, and check your sources”….

Clive Robinson • June 30, 2015 2:14 PM

@ J on the the river Lieth,

With regards “poo on a stick” yes it’s fairly low risk unless you try to collect the sample “contortionist style”. A colonoscopy has about a 1 in 1000 risk of death, and obviously much greater risk of injury due to perforation or rupture… You can blaim the advance in chemical marker anylsis technology (should be called “poo on a chip” 😉 for the reduction in “nine foot garden hose upssies”.

As for “black tea” it’s all teas including nettle and one or two others (pine needle tea can give you CJD as well). The reason why it’s more prevalent with black tea is partly to do with the fermentation process breaking down cell walks, but mainly due to the fact we mostly use tea bags… Basicaly to get the “tea quick” each bag if steeped properly for 3-5mins will make around two liters of tea, but will make about 250ml if steeped for only 10-20secs. But the tea is what is known as “dust” which has effectivly been mechanically cut and milled, the result is the bad parts of the tea come out way faster than the good bits, and worse they tend to float to the top hence that funny blue glint brown scum on top of a “bag in mug” cupper but not when poured from the bottom of a pot. It’s why using a proper tea pot, proper tea leaves and proper steeping is so important (oh and a lot less expensive).

As for Kale… why oh why do people hear something is health and then go compleatly over board and do stupid things???

First of eating 3lb of kale a day is ridiculous especially if your mad vegie smoothy diet also includes effectivly cutting back on iodine and selenium…

Anything more than 6onces of any one raw veg at any one time is not a good idea due to dietry leaching effects, likewise 20onces of any one cooked veg.

To get the iodine and selenium up add about a half inch of dulce stem and an almond to the smoothy. Oh and make sure you still eat a balanced diet. Oh and watch out for harrico beans and similar pulses and soya they have the same kidney harming properties.

As the old saying goes “A little bit of what you fancy does you good” but a lot of anything will kill you including to much water. Fad diets from “A list Stars” does not equal common sense or sound nutritional advice.

Clive Robinson • July 2, 2015 8:43 AM

@ All,

It would appear that “ex-service” personnel are not a good fit in large commercial organisations.

Further they suffer not just from the expected bailiwick issues, but also as I’ve mentioned befor seeing all significant attacks through red tinted glasses and incorrectly assuming China/Russia state level attacks, not what they are more likely to be which is “criminal” attacks routed through computers in the aforementioned states…

http://www.bloomberg.com/news/articles/2015-06-30/jpmorgan-reassigns-security-team-leader-a-year-after-data-breach

@ Bruce,

It might be worth looking into the mis identification of criminal for state level attacks, especially as “gung ho” senior service members want the independence of “going hot” from the executive, IC and LEOs.

The last thing we want is a cruise missile or drone launched weapon blowing up a school full of children simply because the computers got hacked and used as a relay….

Clive Robinson • July 3, 2015 3:36 AM

@ Wael,

Some of us won’t have a long weekend.

True, it’s a “US only” and not all get to enjoy it for various reasons such as rescuing and patching up those that do enjoy a little to flamboyantly. Or providing those essential services and support for all forms of infrastructure etc we tend to forget about, without which our lives would be a lot less enjoyable.

However there are also those who’s bosses think that sending employees abroad on business to countries where it’s not a public holiday is a good wheeze, especially where they don’t give either “Time of in lieu” or overtime rates… To those that find themselves in that position I have considerable sympathy. I worked for two companies that thought it was a profitable wheeze, the solution I found was, to book an expensive holiday with a fixed departure / return date that covered the public holiday period. For some reason in both companies the contract had only “for week” notification periods for holiday etc. As some will know there are ways of giving notification to the company admin / Human Remains Dept, such that the “bad boss” tends not to hear about it for a week or two… I gave the “bad boss” the option reimburse me in total or send somebody else, he didn’t pay so I played, and the other engineer –who I disliked– had to disapoint his girl friend and her parents. From that point on I used to start talking about visiting foreign parts over public holiday periods two or three months before hand, and the “bad boss” stoped trying his little wheeze…

At the other company when the Managing Director tried it on and pushed it I got shirty, and said I quit, which was in the middle of an important stratigic project funded by the UK Govt. Funnily my actual boss dragged me in his office for what I thought would be either a dressing down, or horse trading… It was neither, he told me he was sending me home till the end of the week, and the rest of my “notice” was acumalated holiday time, all of which would be paid. So I thought, oh no the “cold shoulder deal”, and to my supprise, he then smiled and said that I was to go the following day to speak to somebody at an address he gave me and said dress smart they’ve got a job for you. I got the job at the equiv of a 45% pay increase, and when I started a couple of weeks later, I found my “new boss” was my “old boss” and the reason he’d sent me home was to give the MD the bad news he was leaving as well… As for the old company I heard a few weeks after that that the MD had “taken early retirment” and that the Chairman of the parent company had taken over. I got it direct from the Chairman, as he contacted me about tidying up the “stratigic project” which I did. So I ended up working all hours for several well paid weeks… Some times life takes a funny turn of advents as the dice roll and click.