chris l July 10, 2015 6:13 PM

OPM breach is expanded to include all SF-85, SF-85P, and SF-86 applicants since 2000. Including, apparently, most investigative data including fingerprints, and for upward of 1M applicants, passwords used to access the system (are they storing them in plaintext or something reversible?!? I guess I wouldn’t be surprised at this point.) Official OPM notice is here: OPM Security Notice

On a slightly related note, I was just interviewed for someone else’s clearance and the guy showed up with just a crummy paper ID. They fold in half to make them look fancy, but I could make one at home relatively easily. I’d noticed that before, but this time I pointed it out along with suggesting the investigators should have a PIV-II ID, too. When he gave me the privacy act statement: unless I request confidentiality it gets distributed all over the place and stored at OPM, I then finished with “…and then sent off to China”, which I think he didn’t quite get.

tyr July 10, 2015 9:39 PM

@chris I

I’m not sure that is what Obama meant when he promised a
transparent administration. At this point dumping the
entire government archives to Brewster Kahle will save
us a lot of internal squabbles.


Comey is waiting for Mikasa Mikoto to perfect the AIM
dispersion field for perfect LEO access without any of
that pesky science stuff…LOL

Jack l July 11, 2015 1:56 AM

@chris l

According to Reuters…

The critical information, which was not encrypted, involves a complete rundown of the personal lives of some 90 percent of applicants for security clearances, mainly excepting most undercover CIA agents.

“Most” a keyword there. Which is doubtful. And this leaves out everyone else they may work with, and other agencies. Which could tie them together. And expose undercover agents overseas in other agencies besides the CIA.

You have 4.5 million people now with active clearance. So, the 90% percentage is not unreasonable. This definitely, then, includes people not just from the military, or contracting agencies (many of whom, including as Snowden was, are, in fact, ‘undercover’).

There are various ways they could use this data to get some actually valuable information. For instance, from this WP article…

Even so, some U.S. officials have said that a foreign spy service might be able to identify U.S. intelligence operatives by scrutinizing the OPM files. Names that appear on rosters of U.S. embassies but are missing from the OPM records might, through a process of elimination, reveal the identities of CIA operatives serving under diplomatic cover.

“That’s not conclusive that the person might be undercover CIA,” said one U.S. official, who spoke on the condition of anonymity to discuss the sensitive topic. “But it’s certainly worth taking a look at.”

Probably what China is really interested in is evidence of intelligence groups that operate more like their own, which would include deep cover CIA agents. And, probably, the USG is very aware of this, so that release of information was very much pointed at them according to their perceived intentions.

There are a lot of obvious and easy ways they could use this information to track back operations aimed at them, beyond the WP one noted. Their grabbing Embassy employees who have clearance but have it not noted is laughable. They want, I am sure, considerably more devious systems then that.

@Alan S

I did not even hear of such stories, but glad I did not. ISIS is a non-entity in any palpable terms but to scare China with. Who so sorely depend on Iraq even still for oil.

Nasty bunch, hope they end it, but the problems in the ME are not going away anytime soon.

A Nonny Bunny July 11, 2015 2:03 AM


Mikasa Mikoto

You mean Misaka. (Typo? Or mixing up the name with Mikasa from “Attack on Titan”?)

Mr. Robot July 11, 2015 2:35 AM

Excellent article, here, btw, which, incidentally, gives a decimating argument against the USG and their pets screaming about getting in backdoors mandated in all software:

In all, the federal agency that oversees the courts reported to Congress that there were 3,554 wiretaps in 2014, about 1 percent less than the year prior. Of the total, only four were thwarted via encryption.

Sadly, do not expect this very simple, plain, and very powerful argument to ever accompany the sources quoted by major mainstream media — even if they surely rely on the controversy of those public facing pundits as part of their draw.

In fact, this is one of those ‘hard facts’ which even probably every defender pundit here will their own self promptly forget, yet it will stay there, gnawing at them, ever increasing their assurance of the rightness of their stand.

Still, as Nietzsche said, what is a story without a good villain, “Everything in proximity to the hero becomes tragedy; everything in proximity to the demigod becomes satyr-play; and everything in proximity to God becomes…what? ‘world’ perhaps?”

They make a really good villain.

Lorenzo July 11, 2015 5:01 AM

There is an interesting e-mail from the Hacking Team leak that mentions how there was “full support” from “some parts of the Italian government” for Hacking Team and how they were considered a “model company”.

If true, this is quite disturbing overall as it would demonstrate that the Italian government was not only aware of Hacking Team business and customers and approved of it, but also tried to protect it. Of course it could be one of Vincenzetti’s preposterous claims with no basis in reality.

There have been requests for explanations:

Here’s the e-mail:

Rough translation:

“[…] yesterday I went to Rome to meet several governmental bodies to discuss some of the articles […] The meeting took place at the MISE – the Ministry for Economical Development and sitting at the table were representative of several Italian organizations, some of which are our customers. Take note that when I say representatives I mean the actual head of those organizations.

First thing is – the journalist who wrote them […] is well known and nobody actually pays much attention to her. One of the representative said in front of everyone she should not even be a journalist.

Furthermore, and that’s the most important thing – we are considered “their national champion” and a model company which employs 50 people and develops a very advanced technology, extremely useful and unique worldwide.

Their objective is to protect us from other attacks either from media or other kinds (e.g. DoS) and there’s really nothing worth worrying about what those [Italian newspapers] write.

For what it concerns Privacy International [one of the questions I was asked was] “Here’s another NGO, dear Vincenzetti; could you tell me which of their companies are they trying to protect?” [implying Privacy International is trying to protect a UK-based company]


Given the date of the e-mail, the news pieces referenced were likely to be this piece by Italian media:

which referenced this Citizenlab’s report:

The author, Stefania Maurizi, is an investigative journalist that covers Wikileaks and Snowden’s revelations on Italian media:

Thoth July 11, 2015 7:38 AM

@st37, Nick P
In short, UEFI have always been a rather dubious “security feature”. Best to keep it disabled if possible or not have it.

Maybe an integrity checker via a security oriented TCB might prevent a hardware running rogue and also a software trying to infect a hardware vice versa ?

Bob S. July 11, 2015 8:30 AM


Re: “lifetime identity theft protection”

Something else to be hacked, cracked and attacked.

I read up on one of them: 1. Expensive. 2.Intrusive/creepy. 3. Another NO-trust corporation.

I am working on lowering my ID profile. It’s very, very hard to do anymore. The data bases are talking to each other.

Thomas July 11, 2015 9:01 AM

Bob S. • July 11, 2015 8:30 AM


Re: “lifetime identity theft protection”

Something else to be hacked, cracked and attacked.

I was just thinking the same thing.

More and more people seem to be under ‘data protection’.
Not sure how valuable the information these companies hold is, but it’s got to be at least an amusing target.
What happens when one of them gets breached? Do victims get data-protection-protection?

terence July 11, 2015 9:51 AM

Something that caught my eye about the Hacking Team clients list is that it includes guys like the US Department of Defense (who, one would assume, have fairly direct access to the NSA and by extension ANT, TAO, etc.) and Spain’s CNI (credited with developing Careto, one of the most sophisticated pieces of malware seen in decades). Are these guys paying for HT’s software in order to reverse-engineer it and save time and money on their own in-house R&D, or is it a case of layering out the operations, using HT’s shitty stuff for low-down pedos and crack mules whilst saving the good code for more important missions?

Curious July 11, 2015 10:08 AM

Somewhat off topic: (Torture related)

Something is apparently happening at APA (American Psychological Association)
“Press Release and Recommended Actions: Independent Review Cites Collusion Among APA Individuals and Defense Department Officials in Policy on Interrogation Techniques”

“The actions come as the APA released a 542-page report produced by attorney David Hoffman, of the Sidley Austin law firm, detailing the relationship between various activities of the APA and Bush Administration policies on interrogation techniques.”

Too little and too late I would think.
I’d be more poignant here if I readily knew what was happening. Presumably someone got fired or have otherwise left APA.

It is likely more interesting to read what other have to say about all of this, than this APA press release in particular.

Benni July 11, 2015 10:15 AM

Because retroshare was attacked by network profilers, who impersonated friends and acted as man in the middle to relay the encrypted content data and collect metadata, version 06 of retroshare has now an automatic blocklist where every participant of the network gets listed if he has the same dht but two ip’s . These network profilers are probably from government, since retroshare did not get answers from the providers they asked.

Running retroshare 06 for 6 hours I got two of such ip’s automatically added to my blocklist.

I am publishing them here, because their locations are interesting: (St. Petersburg, also home of the famous russian troll fabric, and the city where Putin was major. Sorry Vladimir, you are on my blocklist now..) (Kaspiysk, Dagestan, Russia, could be FSB hunting terrorists communicating with retroshare there. Im no terrorist, so you are blocked too)

Perhaps other people using retroshare can post their blacklisted IP’s too. If we have many of them collected, we can perhaps create a location graph of hostile government computers.

Bob S. July 11, 2015 10:16 AM

Don’t throw away the long underwear just yet.

Seems esteemed UK Prof Valentina Zharkova says a mini ICE AGE is on the way beginning in less than 15 years, similar to the one that started in 1645 and lasted 80 years.

It has to do with sun cycles, of course.

Take THAT global warming!!!

rotu July 11, 2015 10:24 AM


I would not put this kind of thing past Russia, but I very much doubt that those IP addresses will tell us who the original perpetrator is. It is much more likely that the GCHQ or NSA are trying to pin their shenanigans on to Russia.

CallMeLateForSupper July 11, 2015 10:26 AM

A former fed. employee whose PII was exposed by OPM breach wrote in Ars Technica.

“OPM got hacked and all I got was this stupid e-mail”
(Delete the initial “h” in this URL)

[That e-mail] “ended with this lovely reassurance:
Following this incident, OPM took immediate action to implement additional security measures in order to protect the sensitive personnel data it manages. I would like to take the opportunity to remind you of the seriousness of cyber threats and of the importance of vigilance in protecting our systems and data.”

The crown jewels are gone; what remains to be protected?
“I would like to take the opportunity…”
What prevented your following through?
“…to remind you of the seriousness of cyber threats…”
Your clients do not need a reminder; as victims, they know. It was OPM that screwed the pooch here; it is OPM that needs to be reminded of the seriousness of cyber threats… and actual breaches.

Benni July 11, 2015 10:33 AM

A new IP: (Prague..)

I dont think that NSA is buying a server in dagestan, a region full of terrorists, to put the blame on russia. Any government monitoring the internet in dagestan, Chechnya, Afghanistan has very simple goals in mind that have to do with the local population there….

Perhaps one can see more, if we get a graph made of hundreds of these ip adresses. At least we would then learn which countries are hosting the most of these hostile government ip’s…

Nick P July 11, 2015 10:43 AM

@ Lorenzo

“There is an interesting e-mail from the Hacking Team leak that mentions how there was “full support” from “some parts of the Italian government” for Hacking Team and how they were considered a “model company”.”

Like I said. And that’s why the whole criminal charges thing was a laugh. Wouldn’t surprise me if it was backdoored on behalf of Italian intelligence or organized crime.

@ Benni

I told you Retroshare was hugely vulnerable. Some people try to build a complex, P2P application with many untrusted parties and achieve privacy/security at the same time. Similar kinds of people can’t build a SSL library without problems. Expect Retroshare to have more and don’t trust it for anything against a strong attacker.

Like Tor, even using it at this point might get your system targeted by QUANTUM etc.

@ Thoth

Best just to avoid them. As st37 posted (interesting article), there’s so much privileged and buggy black box code in x86 architecture that it’s dangerous. A VIA with custom firmware or emulation on a Loongson might be a better idea. SPARC is currently the best in terms of open-ness.

My strategy for dealing with firmware of devices was an I/O MMU & PCI system combined into a FPGA. Requires a custom board, maybe custom drivers. Sounds like a lot of work. So next idea was microcontrollers per device with security code on microcontrollers. Still thinking on it. Rather have embedded guys or hardware pro’s doing it. Lot of potential risk areas for amateurs doing it.

Benni July 11, 2015 11:00 AM

@Nick P:

I actually have looked a bit at some parts of the code of retroshare. Seems to be quite stable. Not that kind of code you see in openssl. As far as i have seen, it merely uses the encryption algorithms of that library. As long as NSA can not crack pgp, it seems to be quite safe.

The fact that governments try to map the network seems not to indicate that they can decrypt its content. Retroshare 05 never tried to hide the metadata of the participants. It only encrypted the content. So it is not a security hole if NSA tried to map the metadata of retroshare 05. It is only since retroshareversion 06 that the network uses tor, hides its metadata and has a blacklist to automatically block man in the middle from governments. That retoshare enables you to publish the ip’s of government attackers in the open is perhaps not a thing that the spooks like very much…

Here is, by the way, a tutorial how you configure tor to run with retroshare 06:

rotu July 11, 2015 11:20 AM


The GCHQ and NSA don’t need to physically own a server in Cechnya to make a connection appear to originate from there. You might get interesting results with your IP gathering experiment (so long as you don’t take the data at face value!).

Benni July 11, 2015 11:28 AM

“The GCHQ and NSA don’t need to physically own a server in Cechnya to make a connection appear to originate from there”. Sure, they could hack some computers there but then they own them too…

As for the experiment: Well, in order to get hundreds of such ip’s, I think one would need more people who are distributed around the world, participate and put the ips here….

chris l July 11, 2015 1:12 PM

@Bob S, Thomas

The impression I got last time is that the “ID theft protection companies” are as much an extension of the credit bureaus that they use to help make sure their data is clean so they can sell you for higher prices. It adds some apparent convenience to a few things, but the reports you get on credit being applied for are so delayed as to be useless (I got a car loan while mine was being monitored, and it took months for them to let me know.)

I didn’t get the email yet, since I’m an SF-85, but I do have a “No HSPD-12” T-shirt from when they imposed all this on contractors in the first place. Were it not for that, OPM wouldn’t have had my data to lose.

I’m hoping that this results in a rethinking of what they collect (as little as necessary) and how they store it (or how they don’t, e.g. like for gun buyers– the fingerprint check returns a yes/no and the data are discarded in 24 hours) more than what firewalls they think they can put on the computer systems. This is what I was getting at a few squid posts ago when I asked if anybody knew of any actual research on the effectiveness of the security clearance background check process. I’ve successfully avoided needing a clearance for long enough that I’m never likely to get one, but I’m still bothered at what I see people going through when they get them. It really seems to be residual effects of J. Edgar’s “I need to have the best blackmail files in the country so I can coerce whatever I want” policy, and since we’ve always done it that way we still do it that way.

Grauhut July 11, 2015 1:15 PM

“Sure, they could hack some computers there but then they own them too…”

Benni, they dont need to hack someone. If you have an ip space usage map (just nmap the planet, yes, they scan) and sit on the transit fiber with your boxes, you can simply reroute traffic for an unused ip address to your blackboxes and answer from them with that fake address. No problem. This way its easy to impersonate a “real russian” server. The missing hops and latencies are easy to spoof too. Have a decent docker server and you can do such tricks on demand. Imagine it as some kind of dark honey net.

Nei Huem July 11, 2015 1:30 PM

Turning leaked emails from bad companies into useful community knowledge, here is

HackingTeam’s assessment of Tails, as of April 2014.

(Relevant excerpts, in own translation. Find the Italian original at

“The basic idea is very good and unassailable, especially if it is used correctly: the most effective way to attack it is exploiting incorrect usage, or vulnerabilities in preloaded software. There were a couple of quite significant bugs last year that rendered the system attackable, and it was rumored that the NSA knew and would use them to spy on suspects.”

“Obviously it can not resist a targeted physical attack, but remote it is very stable.”

“Even worse, if you use it only for certain things, such as sending an email: surfaces of attack very small, virtually guaranteed integrity.”

“So, in a nutshell, it escapes all generic attacks, but can yield to targeted ones if one has specific conditions that are not really commonplace, such as physical access or the use of specific exploits that are not widely distributed.”

e-waterboarding July 11, 2015 3:10 PM

My 2c worth. A few Hacked Team e-mail highlights:

-They struggle to get their RCS malware to work smoothly in Linux distros. In public they claim that they support the 5 main Linux distros as listed in distrowatch, but in practice they need to tinker a lot to even get their demo to work in a fresh install of Ubuntu 14.04 32bit(Email-ID 66341; Email-ID 228591)

-They seem to make somewhat complimentary noises about by the effectiveness of sandboxing techniques, such as Bromium and Qubes, albeit with a chauvinist comment about “Mr. Rutkowska” thrown in (Email-ID 821085)

-The Hacked Team website was DDoSed in 2014. This e-mail gives us an idea of the financial cost of fighting back a DDoS. “To stay on 20M: €2,200 plus a €1,800 a one-off fee; to switch to 50M: €2,800 plus a €2,200 one-off fee” (Email-ID 88100)

-The main techniques used by Hacked Team to infect a target are: “the Silent Installer, Melted application, Network Injector INJECT-EXE attack, and Offline CD.” Out of these, the one that is most frequently mentioned in the e-mails is melted application / “meltato” (embedding a binary inside another) (e.g. Email-ID 495478). It would seem that simple integrity checks would go a long way to protecting against some of these.

Anony July 11, 2015 3:13 PM


It’d be interesting to see if they could attack a system such as Whonix where two operating systems run within each other (to isolate access to hardware, MAC addresses etc.)

网警巡查执法 July 11, 2015 3:25 PM

@terence, HT has unwittingly been an NSA cutout for sabotage of common infrastructure. Take the clandestine CNE insertion of

if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
retval = -EINVAL;

into the CVS copy of wait4.

No direct reference to this sabotage exists in the emails,

but elsewhere in the dump, consulting links point to the principal saboteur (loose lips sink Ships, ace!) This kind of dirty work will pick up when Mr. Comey’s back-door push gets laughed out of court.

dabb July 11, 2015 4:28 PM

HT software developer brags about how much easier their lives will be once UEFI is widely deployed:

“Indeed, None of these operating systems provides mature EFI/UEFI support, during the launch time of DEITYBOUNCE, EFI/UEFI support in the market is still immature.(UEFI installation is far a better solution ;)” (Email-ID: 109810)

Ballista July 11, 2015 4:51 PM

Bolivia(?!) is interested in developing offensive IT infrastructure (if HT scumbag is to be believed):

“Tsang told me he is working with some partners in Bolivia. They are supporting them to build their first IT intelligence and forensics center. Country is in a kind of middle age computer science status, but they have build [sic] a technologically advanced city in the south of the country (where they have mining industry) and they want to have their intelligence well equipped there, including offensive security technology.” (Email-ID:437733)

641A July 11, 2015 5:18 PM

Slightly old blog post, but still interesting: ranking of the ISPs with the most backdoored routers (we’re not talking compromised kits — they mean hardware that ships from the fabric with an inbuilt backdoor).


1st place: Telecom Italia
2nd place: BT UK.

You may want to do an nmap on your router’s port 32764!

netbios July 11, 2015 5:31 PM


…and once you’re done scanning your own router, do the logical thing and scan your neighbors’ 32764 ports. Hey, that’s what backdoors are for! 🙂

Thoth July 11, 2015 6:57 PM

@Nick P

“I told you Retroshare was hugely vulnerable. Some people try to build a complex, P2P application with many untrusted parties and achieve privacy/security at the same time. Similar kinds of people can’t build a SSL library without problems. Expect Retroshare to have more and don’t trust it for anything against a strong attacker.”

Best to use TLS to blend into the crowd since most network connections would be using one of those and then tunnel your protocols below TLS. Using a custom looking web server which is actually the RPC server might be useful in case APTs decides to poke further and all it spills is an innocent looking webpage in HTTPS.

“A VIA with custom firmware or emulation on a Loongson might be a better idea. SPARC is currently the best in terms of open-ness.”

How about OpenRISC cores ?


J on the river Lethe July 11, 2015 8:12 PM

This is interesting.

Short story, most VPNs leak. I thought it tilts story back to how the Internet, software, computers, all leak and are vulnerable. The other side is calls for back doors, and good and bad actors if you are inclined to separate them.

  1. Vulnerabilities in equipment or software.
  2. Business wants info.
  3. Spies/governments wants access, control, info.
  4. Criminals want info for themselves.
  5. Government security defeated with a dropped flash drive. No joke, I had a security vender for a very big name give me a free gift of a flash drive. Cough, g really? Really. I asked if their company has ever ever tested their chips in the Chinese sourced servers. Response? shake of head no. Before you jump. Singapore is ok for sale, but chips still Chinese. Just saying. I threw the flashdrive away of course.

Everybody wants money, power. Few are purely motivated.

Meanwhile, the average consumer is taking security advice from best buy, brother in law, or talking head. Blinking 12:01. Depending on others. But who do we trust? Should we. In Sparc we trust…… 😉 a little. Transformers ho!

Thoth July 11, 2015 8:51 PM

@J on the river Lethe

“Before you jump. Singapore is ok for sale, but chips still Chinese.”

What do you mean SG is ok ? Maybe you could elaborate on that one ?

If you meant trusting SG, I would say trust no country at all least one’s hopes be dashed.

Thoth July 11, 2015 9:06 PM

@J on the river Lethe, all
VPN or other security devices, they are designed with very low assurance or no assurance levels at all. They run vanilla OSes (probably embedded variants but still vulnerable as ever) and looking at the heavy use of OpenSSL and how bad OpenSSL’s codes are, I would say the commercial VPNs are as good as insecured.

Their keys are not stored in tamper resistant cryptographic modules and if they made use of a HSM or a TPM, their raw codes are still running off a vulnerable hardware and software stack regardless.

It is about time that the industry looks hard into running their critical codes with medium assurances via T/SEE environment (Trusted/Secure Execution Environment) where their codes are kept within the secure confines of security processors like smartcard chips, TPMs, security FPGA/ASIC cores and so on. Running TCBs on top of the hardware security processors to increase the level of security assurance is a must in modern digital electronics.

Of course the current insecurity is due to the consistent sabotaging of security done by the Global Warhawk Govts trying to undermine civilian usage of secure technologies but this has and must be changed if we want to prevent at least medium level assaults on digital assets.

Genode has successfully ported itself to be used on the ARM TrustZone environment which adds an open source TCB on top of the secure chip stack and this will do more good. It’s about time companies should use open source methods and move their efforts into open source security. Sure, their proprietary magic dust would protect their IPs but when a breach comes due to negligence in their stack, they have nowhere to hide although I wouldn’t say open source is a 100% magic bullet for security issues but it makes codebases and architectures much easier to audit and navigate.


Endpoints must also be secure to fully utilize the security functions of anything in between or at other ends.

What I would encourage is more people to attempt to help port seL4 microkernels onto Genode if possible and make some sort of secure OS that is usable for the lay man on top of their framework. They have a secure GUI called nitpicker albeit the somewhat less professionally made GUI look and feel but it has a lot of room for improvement.

Grauhut July 11, 2015 10:58 PM

@Thoth,all: Has someone here some code quality info on the softether(.org) vpn daemon?

Need to setup a vpn gw with M$ click and in support to an intranet and i really don’t like internet accessible glasshouse boxes, imho they always need some filter in front of them, so i thought of softether on BSDRP or a similar os.

Ok, i know, the clients and servers are M$ boxes in this use case, so even an unencrypted tunnel should be no security degradation, but it makes me sleep better if i keep some illusions. 🙂

J on the river Lethe July 12, 2015 12:05 AM

@thoth thanks for info and link. I will chew into that but will take time. Interesting. Glancing through I like the idea of not relying on the default setup most commonly seen.

Refer was to Singapore, Taiwan as being “preferred” trading partner. It had to do with sales to government and who could be source. China, no. Sing. Or Taiwan ok. Keep in mind it’s been years since I had to deal with this, let alone the new fast track treaty stuff. Point being if you buy some security appliances, I gaurandamnT it is rebadged Far East stuff. Maybe assembled in Singapore. Another thing I just thought of. Made in USA may mean parts bought from China, assembled in U.S.

The chips need to be looked at in my opinion. I have heard of absolutely no one checking security cameras, dvrs, readers, motions, etc. maybe some have looked at routers, switches though. Now, POE? Not that I know of. Things are being put into networks, Ugggg. Security needs to be on its very own network never connected to anything else, period. Instead it is flowing over backbones connected to everything. I am unconvinced by sandbox type arguments. Now you can get free apps to look at you access control, cameras etc. has that been tested? It gets put on smart phone, keep stepping.

There is a reason why real secure sites rely more on analog infrastructure. But I can think of a couple ways to get in on coax or cat. I am sure Clive could too. Kind of like Andromeda AI being mad type.

I know of no addressing for HIPPA for anything else on network other than security and encryption and storage. Devices have chips memory, OS, and some have an SD interface for your hacking convenience or CAt connector.

I do know your and grauhut’s point of no assumption and very valid point. But security professionals need to explain this to the people making decisions before the sales and marketing types get to them. Some are very good, business.model but some are unscrupulous or just stupid.

I am temped to roll my own OS. Not really. I am not that OCD. I would name it GLaDOS to remind me this bitch is out to get me. Maybe someone reading this will research this before we see headlines. If I see it they certainly can too. You unlike my old bones could. Well?

Wael July 12, 2015 2:20 AM


VPN or other security devices, they are designed with very low assurance or no assurance levels at all

I believe this is too broad a statement to make.

Curious July 12, 2015 2:51 AM

I find it a little odd that “Hacking Team” is a company name. 😐 Not sure what to think about it.

Wael July 12, 2015 3:15 AM


I find it a little odd that “Hacking Team” is a company name. 😐 Not sure what to think about it.

Rumor has it the original name was The Hacked Team, but their clever marketing guy replaced the “ed” with an “ing”.

Thoth July 12, 2015 5:46 AM

I have not reviewed any VPN software codes before so I can’t recommend any.

“Ok, i know, the clients and servers are M$ boxes in this use case, so even an unencrypted tunnel should be no security degradation, but it makes me sleep better if i keep some illusions. :)”

Ok … so it’s just to allow you to sleep at night. Just make a list of VPN software and roll a dice or use the Chinese yarrow stick divination (

@J on the river Lethe

“Singapore, Taiwan as being “preferred” trading partner. It had to do with sales to government and who could be source. China, no. Sing. Or Taiwan ok. Keep in mind it’s been years since I had to deal with this, let alone the new fast track treaty stuff. Point being if you buy some security appliances, I gaurandamnT it is rebadged Far East stuff. Maybe assembled in Singapore.”

Singapore -> Backdoor capabilities type -> Low to Low-Medium attack strength. Uses commercial attack vectors and rarely has capabilities to develop it’s own attack vectors. It’s attack vectors that are developed “in-house” are mostly from so-called “Defense Contractors” which means it’s still COTS/GOTS products and mostly ordered from the likes of Hacked Team, Thales, GD, BAE and so forth.

Taiwan -> Backdoor capabilities type -> Medium attack strength. Advanced scientific research and development in Asia just close to China, Korean and Japanese powerhouses. Maybe capable of delivery a modified version of TAO catalogue albeit the rough edges without the finesse of the Warhawk Israeli and American Stuxnet or the Duqu malwares that are the pinnacle of APTs and High Attack Vectors.

Low attack strength doesn’t mean NO ATTACK STRENGTH though.

“I am unconvinced by sandbox type arguments.”

I wouldn’t be convince on solely using TCBs and sandboxes. The endpoints must be from highly secured and well inspected hardware but the fact is most deployments are not done that way and will never be done that way due to the myopic sights of the Global ICs and Govts that actively prevents secure setups and most people have been very well educated by these Warhawk Govts and ICs to ignore high assurance setup and directed to only low/no assurance setup. The cost prices are also very high for stuff like CC EAL 6 and above standards for secure network products.

Will the mass majority be using proper secure networking hardwares to do their VPNs ? No. They will still go for the SOC chips with ARM cores or Intel cores which if you take a look at them. Some of them are likely to be modified HP/Dell server boxes which are simply re-branded.

The most practical way to tackle the most urgent issue is a highly verifiable codebase and one that is small and securely made from the ground up.

“But security professionals need to explain this to the people making decisions before the sales and marketing types get to them. ”

It has been a futile effort. I have been going on and on about security for my clients if they are willing to lend a ear. I can tell you 99% of my words hit a brick wall. It’s those kind of lunch time conversation over meals to catch up with latest corporate breaches and security info but the fact no one bothers. I work for a security company and I deploy and deal with security departments and staffs on a daily basis with incidents ranging from losing cryptographic tokens containing master keys to HSMs functioning in very weird manner. Nothing ever gets into their ears and these days I would just safe my breath. Not to mention the Sales Manager doesn’t like me talking because I have been told I “talk too much” for my own good.

The Sales people would always be the Sales people. The only thing in many of their minds are just their pocket money (sales commissions and margins). I have given up hope on these people.

“I am temped to roll my own OS.”

Look into Genode Framework first.


“I believe this is too broad a statement to make.”

The Qualcomm’s ARM TrustZone has been breached and a couple of phones have already been patched but many more out there might not have been patched yet.


Most COTS that a civilian can buy (non-Govt) and even the Govts are also getting not very high quality assurance. It is a little broad but mostly a fact for the scenario I listed and the scenario of most COTS/GOTS.

I wouldn’t be surprised. Most modern web technologies require a re-think to make them secure. Maybe it requires a total make-over as well.

RE: Secure VPN
One good example to do a secure codebase for VPN is a small library (libVPN) or something that doesn’t conflict in terms of library names. It should be tiny (easily vetted) with enough room for abstraction and customization but secure as well to prevent mistakes like mis-handling of Crypto, DNS, IPv6 and other critical components.

For a secure hardware VPN, a trusted FPGA with security functions would be the choice but that’s if the nasty Govt doesn’t act as a bully and step in to kick it off the table. Secure hardware is very unlikely to succeed in a civilian COTS environment. If the product allow export as a foreign GOTS, it might become a larger target for escrowed access.

tally July 12, 2015 6:47 AM

Re VPNS, an easy test to see just how badly they leak: If you’re on a BT connection in the UK, open up a VPN tunnel and try to access any of the numerous websites the government has censored, say the piratebay website for instance. BT doesn’t even pretend they’re not exploiting the vulnerability — they’ll block your connection right away (despite the fact that a VPN tunnel should be encrypted and anonymous as far as the ISP is concerned). VPN is broken. At the moment it should really be avoided.

Wael July 12, 2015 6:47 AM


Giving an example of a found / patched vulnerability (and I am aware of it and many more, by the way) isn’t sufficient to make that statement.

very high quality assurance

Define “very high quality assurance” for me. Then tell me if that guarantees the lack of security vulnerabilies after the “certification” (this is a leading question, just so you know.)

Dirk Praet July 12, 2015 7:06 AM

@ Wael, @ Curious

Rumor has it the original name was The Hacked Team

Actually, that’s the name the friendly neigbourhood anarchist who doxed them changed their Twitter account to. But I agree that “Dodgy Douchebags SRL” would have been a more fitting name.

On a related side note, I accidentally got into an interesting discussion with Jake Appelbaum, Chris Soghoian and some other people on Twitter yesterday on the morality of supplying 0-days to a company (HT) selling to human rights abusers. Which is what US based 0-day brokers Druidian and Grey Brimstone had been doing (through CICOM USA). The discussion came somewhat to a halt when Adriel Desautels, a spokesman for Grey Brimstone, pulled the “Save the Children”-card to justify sales and use of 0-days as in LEA’s busting kiddie pr0n.

@ Curious

“WebRTC being used now by embedded 3rd party on to report visitors’ local IP addresses.”

Check the uBlock Origin extension for Chrome and FireFox.

discus July 12, 2015 7:54 AM

In January this year, Hacked Team were planning to develop a project to undermine TLS / Tor. Project X, as they sycophants called it, would require the active participation of an ISP. The budget for Project X was between 4 and 8 million dollars. The principal client was expected to be the NIA (New Iraqi Army).

John Galt III July 12, 2015 8:55 AM

@Clive and others in a previous thread a couple/few weeks ago

You can compile a working copy of the Raspberry Pi in an FPGA and run in parallel as verification that undocumented features are not running..

Karl is a bit rabid, but he means well and is reasonably self-consistent in his views. Hopefully this is excerpt is covered under fair use:

My New Favorite Little Computer

Laying around in my drawer I have two RaspBerry Pi computers that I bought to use as “proof of concepts” for a project. One got turned into a very viable little media server running OpenELEC (which, incidentally, is the cat’s ass on that little fanless wonder for the power it sucks out of the wall; it plays FLAC files flawlessly in digital glory to my family room AV receiver among other things) and the other was still in its box.

So I grabbed it and did the unthinkable — I tossed FreeBSD on it.

Yes, really. On a little box the size of a pack of playing cards with a wee 700Mhz ARM v7 processor and 512MB of memory, booting and running from an SD card. And not the old FreeBSD (that I used to run all the time in a half-a-gig of RAM) either — no, this is 10.2-PRERELEASE, the current codebase. It’s pretty scary really to look at it and see it tell you that out of that 512MB of memory with the system running and compiling there’s over 350MB free!

As for power this little bastard draws one amp @ 5V (without anything else attached to it) and of course it’s fanless, thank you very much!

The ARM distribution has no packages available so you get to build everything you need from ports and it takes a long time to do that from source. This is a very small (and slow!) computer, after all and it’s biggest constraint is I/O bandwidth — SD cards, no matter “fast” they claim on the label, simply aren’t fast compared against anything else. Raspberry Pi has a newer model with 4x the processing speed and twice the memory but I don’t know that I’m going to buy the faster one, since operationally I don’t need much in terms of power and the new one does have double the draw out of the wall while still being tied to a MicroSD for boot storage — never mind that I’m sitting here compiling source code and it’s still got more than half of its memory unused.

The other cute part is that a cheap USB Ethernet adapter plugs right in and works, so I have two ports — the onboard and the external, both working just fine.

I wouldn’t try to do anything particularly demanding with this, although for a couple of users on a VPN I bet the newer version would work just fine. This one, no. But as a watchman it absolutely does the job, it draws nearly-zero power and while I’m not quite done compiling everything for it for under $50 with a 16Gb SD card it’s flat-out unbeatable. If you want a screen for it you can plug it into anything with an HDMI port — like your TV, for instance.

BoppingAround July 12, 2015 9:07 AM

re: HT backdoors in backdoors

This is mildly interesting:
I don’t remember what was happening in March 2013 but ‘misinterpretation’ seems to have turned out to be true.

Also looks like some of them are/were subscribed to Crypto-Gram.

02375 July 12, 2015 9:49 AM

HT discusses with its lawyers how to maximize sales without ruffling feathers in the wrong places:

“He has the knowledge and contacts to help us sell the product quickly and safely (e.g. ‘the solution [RMC] allowed to identify a rapist / dealer’ (GOOD) !!!!! By contrast, ‘the solution was used to discover a network of corrupt politicians’ (BAD)).”

(Email-ID: 7013)

Curious July 12, 2015 10:09 AM

Btw, after Adobe fixed a so called zero day vulnerability in their flash application from the HT leaks, another zero day vulnerability is said to have been found for Flash as well from the HT leaks as I understand it, one that afaik hasn’t been patched by Adobe yet. Last version of flash is still 203 when visiting Adobe’s website.

Malcolm Pell July 12, 2015 10:11 AM

I have been reading again my copies of Bruce’s 2 excellent books on Cryptography – “Applied Cryptography” and “Cryptography Engineering”, as I have started wondering whether the following might be a feasible method for certain Governments Security/Spy Agencies to attack Public Key Cryptography.

However, my Mathematics knowledge is NOT extensive enough to provide me with a reassuring answer myself. Possibly, Blog readers with better Maths skills can help ???

Euclid proved 2000+ years ago that there are an infinite number of Prime Numbers in an infinite number space. I am assuming that this also means that for a finite range of numbers as used in typical Public/Private Key sizes (512, 1024, 2048, 4096 bits, etc.), then there are only a finite number of Prime Numbers for each bit size number range ?

Most Public/Private Key Cryptography Algorithms use Prime Numbers to generate the Public and Private Keys.

Given the above, how feasible would it be for a well resourced (money and IT) Security/Spy Agency to pre-compute all Public and Private keys using the fixed number of Prime Numbers for each bit size number range ?

Then, assuming this can be done, the same Agency could then do a lookup using a ‘target of interest’ Published Public Key to get the matching Private Key and thus decrypt the ‘target of interest’ supposedly ‘secure’ messages !

Hopefully, I am being too paranoid and this scenario is impossible with today’s known technology ??

J on the river Lethe July 12, 2015 10:13 AM

@thoth thanks you made me feel better. I had many such discussions or tried years ago when I was in the sales conferences eating from the free buffet. I always looked for the tech types. I was also told I talk too much for sales. Too curious, too open. I like questions, puzzles.

Agreed, EAL is just a starting point.

@tally. Even a VPN connected to Tor? That would be interesting. Packet inspection and the various VPN vulnerabilities would be bad. The bad guys could break in anywhere. Simply use click bait, email, etc. Frown.

@john galt. Fascinating. I would love to set one up for all my DVDs, blue rais. It didn’t burst into flame under heavy load? I thought I would need a serious headend box.

@dick praet. Personally if I had a 0 day to sell it would not go to a company like HT. I am not sure what I would do with it. Probably give it a well known security researcher and ask for a cuupun for Starbucks. The problem is “rational players” in big boy arena have more to consider than our poor little black and white worlds. /s sorta

Security needs to be secure for everyone. Back doors, leaks, etc. threaten everyone. Buzz words, buzz buzz. More old fashioned detective work needed?

I am waiting for some poor bastard to get killed because he wore a British UK flag shirt.
Yup, betcha it happens. Someone or crowd is gonna mistake it for a rebel flag.

The public is generally, well. Special. Public and politicians reaching for easy solution. Kind hard to fix crazy. Some days I think I need a helmet before I get on the short bus but the general public? Thank god most people are harmless and don’t want to hurt anyone. I am just happy right now weather is good so I can get out a little, and I have someone now to help me during the day. It’s the little things in life after all.

name.withheld.for.obvious.reasons July 12, 2015 10:36 AM

As I listen to the senate intel committee hearing (10 Jul 2015), Comey’s testimony and the comments from committee members compels me to conduct an experiment.

  1. Develop a basic symmetric key text cipher
  2. Use a stenographic coding protocol (dissimilar/incompatible media format)
  3. Encoding/Decoding protocol for uniform transport of message on Postal cards
  4. Post cards to multiple addresses noting postal distribution routes/times
  5. Instruct recipients to log postal routing data upon receipt
  6. Include additional instructions within the encoded text for response/replies
  7. Accumulate log data over a period of two months (daily dispersal of cards, 2 dollars a day)
  8. Produce a report documenting results…

If the above experiment fails, will move to smoke signals, flags, or flashing lights/mirrors/windows.

Considering starting in August just before the start of the academic year (no consideration is made to produce TRIGGER messages)…

Denia July 12, 2015 11:12 AM

Smoking gun: Hacked Team included a backdoor in their RTC software, allowing them to surreptitiously monitor their clients’ systems and, in particular, their “collectors” (used by RTC to receive exfiltrated data from targets).

On Jul 2, 2015, at 2:12 PM, Marco Valleri wrote:
We did a small survey of the collector on our clients. Three naughty ones have somehow made their architecture vulnerable to attacks IP-ID. The clients in question are: · AZNS (Azerbaijan) · CSDN (Morocco) · SIO-PROD (Italy).
The first two could pose a problem considering that August is approaching, a time when CitizenLab loves to publish articles about us… To avoid disclosing to the clients that we test the network architecture without telling them, I thought that we should send these 3 a generic release as if it had been sent to all other customers, where we remind them of the importance of setting up the firewall properly, protecting the collector from any TCP, UDP or ICMP traffic (but not the anonymizer). What do you think?

On Thursday, July 02, 2015 03:10 PM, Giancarlo Russo wrote:
Excuse me but what is the problem in telling a customer that we periodically check the security on their systems?

On 02 Jul 2015, at 09:11, Marco Valleri wrote:
Ehm, I’ll call you on the phone…

(Original thread:

Nei Huem July 12, 2015 12:25 PM


Re: Kaspersky article on how TOR users can be uncovered

Interesting. And also kind of reassuring in that TOR seemingly isn’t broken (yet).

What is called “de-anonymized” in the article would translate to “fingerprinted by javascript per HTML5 canvas tag and/or font sizes, via MITM or XSS attack”:

“Following this approach, the attacker could, in theory, find out, for instance, sites on which topics are of interest to the user with the unique fingerprint ‘c2c91d5b3c4fecd9109afe0e’, and on which sites that user logs in. As a result, the attacker knows the user’s profile on a web resource, and the user’s surfing history.”

That’s not good, but for an article titled “Uncovering Tor users: where anonymity ends in the Darknet”, it’s not really meeting expectations.

On the other hand, the article lists a number of possible attacks that can’t be called a success:

Problems in Web Browsers – “However, as the NSA reports in its presentation, using vulnerability exploitation tools does not allow permanent surveillance over Darknet users.”

Flash – “However, Tor Browser’s developers reacted promptly to this problem by excluding Flash content handlers from their product.”

WebRTC – “However, this “shortcoming” was also promptly rectified by Tor Browser developers, so now the browser blocks WebRTC by default.”

Attacks on the communication channel – “So far most of the concepts were presented by researchers in laboratory conditions and no ‘in-the-field’ proofs of concept have been yet presented.”

Passive monitoring system – “does not enable us to de-anonymize a user in the full sense of the word, because the researcher can only analyze those data network packets that the users make available ‘of their own will’.”

Active monitoring system – “any activity at an exit node (such as traffic manipulation) is quickly and easily identified by automatic tools, and the node is promptly blacklisted by the Tor community.”

All in all, I would consider the article far more good than bad news.

John Galt III July 12, 2015 1:21 PM

@Clive, Nei Huem, J and others. I’ve been meaning to post these links about the NSA firmware/BIOS/hard drive hacks. I probably saw them here, so this is more coals to Newcastle. No matter how secure your implementation of TOR/TAILS is, if your machine is actively leaking/broadcasting information to the spook rat bastards, you’re not secure.

I’ve said before that you can’t have a secure system without secure hardware and secure firmware. You can’t control intellectual property when the spooks have hired outside contractors to manage the harvest. A good starting point would be non-volatile ROM for the hard drive microcontroller and BIOS. If you do anything interesting, from human rights advocacy to system administrator to intellectual property development, it’s a safe bet that your machine has been compromised more than the average chump’s.

When the spooks reflashed my BIOS and/or hard-drive microcontroller, it was because I was using an out-of-date copy of TAILS. I’m looking for a utility that will let me repair the damage. The fact that this is not discussed in the TAILS forums that I’ve seen makes me suspicious that TAILS (and the Snowden disclosures that drove the userbase) is the most amazing imperial psyops mindfuck ever conceived. I wouldn’t keep using TAILS if I weren’t squeaky clean, but that won’t stop any of the countless corrupt Federal prosecutors from jumping at the chance to improve their statistics.

The reason that the FBI are so diligent to investigate crime is to make sure that their masters in the Deep State are getting an adequate slice of all black market activity.

Hacking BIOS Chips Isn’t Just the NSA’s Domain Anymore

How the NSA’s Firmware Hacking Works and Why It’s So Unsettling

One of the most shocking parts of the recently discovered spying network Equation Group is its mysterious module designed to reprogram or reflash a computer hard drive’s firmware with malicious code.

even skilled hobbyists can do it

Figureitout July 12, 2015 1:33 PM

HWRNG Review and Test NotesHow Katy teh penguin of d00m raised her spork of randum

Before the beginning of the summer, pondered building Markus Ottela’s awesome TFC project and since I didn’t want to dedicate all my computers to trying out the system (yet), I wanted to try the HWRNG (which I’ve been wanting to build one for years, just wasn’t sure how to sample them before). M. Ottela used Giorgio Vazzana’s avalanche-noise based HWRNG[1] for TFC. As one can read on Vazzana’s page, he’s run fairly extensive testing. It seems to pass most standard tests to evaluate randomness today (whether these are sufficient is an entirely different debate…).

So I got the parts and built up the circuit in an afternoon (I caught myself a few times, double-checking connections) and “tuned” it using a digital scope I had access to, left the pot. where it was tuned correctly (I think this is to deal w/ the imperfections of resistors mostly) and brought it home. Tuning it is laid out nicely in TFC manual[2], it’s to ensure you don’t supply too much voltage to sampling pin, it shouldn’t go over 3.3V for the RasPi. Using the “analogRead()”[3] function on arduino, which can handle 0-5V, I almost didn’t need to change anything in the tiny example code, I did add a little wait time before taking a sample and outputing to the serial monitor. I don’t have a terminal program yet to just put the data in a file right away, but I can just copy/paste a large chunk of data. I also played around w/o a program like MS Excel, the Open Office equivalent just wasn’t cutting it for some reason. It’s very easy to set up a worksheet in Excel that can spot duplicates and graph the data. I quickly learned that graphing just ~50 samples was more or less worthless when evaluating RNG’s, barring some miracle or a really bad RNG you won’t spot any kind of pattern by sight (maybe little ones, but it’s not a strong analysis). So for anyone else looking into RNG research note that you need to have the means to store large amounts of samples, Diehard tests for example need 80 million bits, and you probably want to run these tests a few times for greater confidence. I have not done the Diehard tests, but intend to at another time.

There appeared to be a slight problem w/ the ADC in my knock-off arduino (looks like it didn’t even have a 16MHz crystal), for instance w/ nothing attached to the pin, it will start at some 2-3V value then linearly decline until around 0.57V and remain there (it should be 0V). I’m not sure if that means there’s some sort of signal-integrity issue, maybe effect of LED as a photo-voltaic solar panel w/ small amounts of current in reverse direction from visible light and affecting a reference somewhere, RF getting in the lines to the pin as I have lots of switching power supplies running during testing, or the ADC is terrible. I’m not sure why it does that, I do know that sampling in an ADC is not perfect by any means whatsoever, in fact there could be some entropy in the sampling process as well…

But attaching the HWRNG to the analog pin seemed to work how it should, checking w/ a powersupply and it read correct values; so I assumed it was good enough for testing. I started taking some samples and watching the serial monitor. However my main purpose was to try and affect the HWRNG via a sort of “fault injection”; not to ruin M. Ottela’s or Vazzana’s day, but to see if that’s a way someone could poison the entropy and ruin the crypto from the start…Also the only way to give more confidence in open-source projects is to probe and test claims.

For this experiment, I read thru most of the data sheets for 2n3904/3906 transistors, and the TL082 op-amps, in particular looking for the “switching noise” sections and any relevant frequencies assciated w/ noise. On page 3 of TL082 datasheet [4] I noted “Equivalent Input Noise Current” and a frequency value of 1KHz. That’s what I want to test next w/ a signal generator connected to an amplifier and antenna. In the 2N3904 datasheet [5] I noted on page 2 the “transistion frequency” of 100MHz and the “noise figure” of 10Hz-15.7kHz. I was shooting in the dark looking for a quick way to affect the circuit and these were my initial guesses of causing some bad effects (AKA I don’t know what I’m doing, and also am not very familiar w/ terms on these datasheets). Unfortunately I couldn’t test them as I was limited to my old radio, and I don’t think much will happen “injecting” say just CW waves at those frequencies at the circuit.

So to just try something quickly, I assumed 100W transmissions right next to circuit would emit enough EM radiation to change on the ADC (perhaps a more sensitive one would catch it). My setup includes an old radio (manufacturer held back), my vintage CW keyer, and a mobile antenna that I know works on HF (7MHz for instance). First though, I wanted to check I was in fact transmitting, so I quickly setup my RTLSDR and verified that on 28.5MHz I was transmitting. To be clear: there was no logical reason to try 28.5MHz, it was simply due to limitations of my equipment. Brought up the arduino serial monitor again, powered up HWRNG, then began transmitting. I thought I would see obviously changing values on transmit, but there didn’t appear to be so; and I have now at this time 4 switching power supplies running unshielded so I’d still have a hard time isolating these tests. Isolating my tests is a big concern for me, as it could lead to false conclusions very easily, getting a shield room would run me a few thousand $$$ so that’ll have to wait awhile…I even cut out a 1.3 meter wire and attached to arduino analog pin, which was like something like 5th-7th harmonic of 28.5MHz, and wasn’t likely to work. It didn’t (appear to, to me). Another test I should run is 3.5MHz, and another harmonic wirelength on the arduino, but I expect similar results. I also have some known noisy power supplies that will probably inject some garbage around 100kHz, but I’m not directly controlling that noise.

So, it seems that I need to do a few things to successfully alter HWRNG output: 1) Increase transmit power (amplify upwards to maybe 500W), 2) Use a different modulation mode, perhaps some type of radar directed right on circuit, 3) Find a different frequency to test, 4) Add more risky long wires to HWRNG circuit, or 5) Modify my antenna.

Other research into fault injection of RNG’s (ring oscillator-based ones, but I feel like there should be lots of overlap to avalanche-noise based ones) that interested me are this [6] and this [7]. [7] in particular uses my method of attack, fault-injection via harmonics, and has a test setup that I would like to have. Hackaday had a good article [8] on different ways to generate random numbers, I’m familiar w/ the method of using a free running counter and can confirm it’s “pretty good” and I can increase the odds of getting practically unpredictable values by increases the number of samples in a calculation (if I had 32-bit timers or even 64-bit ones[9], that could be very very unlikely to get same number no matter how hard you try; also could be mixed w/ this stream of avalanche noise). The method of using uninitialized RAM was a very clever method and appears to be what Intel uses in their chips, just lots of questions though concerning blackboxes and the CEO would not answer questions [10] concerning backdoors indicating possibly an NSL and him freaking out.

Conclusion: I’ve been unable to at this time obviously affect RNG output and am unsure how to attack this circuit in a way that won’t be obvious to the user (I also want to use as simple/cheap attack as possible, as it raises amount of attackers and decreases safe spaces you can run the HWRNG). I haven’t been able to find research on attacking specifically avalanche-noise based RNG’s either. However, shielding it and sanitizing power into it would be wise (even though fraught w/ sneaky spots of not totally shielding or filtering power). I encourage others if curious, to build an RNG circuit and run some tests; this was fun even though I failed.


name.withheld.for.obvious.reasons July 12, 2015 1:51 PM

In an attempt to secure our economic security political hopefuls espouse the virtue of the new economy and the need for a “revolution” in education. In essences the political class is blaming the unwitting underling–the educated class and the lower, blue colar, unwashed. In other words, transformation of economic systems that injury those at the bottom and reward those at the top can be blamed for their own misfortunes. Unless one has successfully launched a new social media/network app such as arse-book, there is no hope for you.

This false narrative of the “unskilled” workforce ignores the deliberate decisions to transform work wherein labor might benefit to some degree. Instead the underling is chastised for ignoring their decision and the consequences of the future. Shifting skilled and unskilled labor from place to place where individuals cannot assert a balanced trade in skill and compensation in a comparative market leverages disparities in infrastructure, governance, services, and general community health. Does the fire department in Bangladesh look much the same as it did twenty years ago? Do utility and communication services reach across the community (wealthy, modest, and poor)? Have the economies that have expanded appear stratified?

Blaming the individual for institutional and organizational decisions to maximize capital, at any cost, does not cede to reasoned methods to achieve progress and profits. It has been said that moving economic circumstances would float all boats…from my perspective it is more about floating more yachts. My argument is not a classic left/right neo-liberal view of markets. Mine is a criticism of less than thoughtful shareholders and board members, state assembly, and congressional caucus that seem incapable of deliberation beyond the immediate pay-check.

My take is that we, the socio-political irrespective of affliation, are the greatest risk to OUR economic future.

tyr July 12, 2015 3:11 PM

@ Malcolm Pell

I’d like to see some expert answers on that myself.

Off the top of my head it would be possible to generate
the full number range for any bitwise representation.
That does not isomorphically map to the matched one
you need for the keypair even though the match is
contained in the same number range.

You run into exponentiation and even though that is
finite (has limits imposed by the size you start with)
it rapidly becomes astronomical in terms of accessing
the lookup tables.

Say 500 numbers each of which can be matched to the
other 499. So your first number generates 499 possibles
your second number generates another 499 possibles. usw.

Now your only problem is how fast can you run the pair
match until you get a hit. Now all you have to do is
test the keypair against what you want to decode and
see if it works.

So what seems simple has eaten an enormous amount of
computer time and resources particularly if that key
pair is ephemeral and only re-used at random intervals.

Where you get a worse problem is tactical encryption.
Since the messages are useless unless you get them
immediately because the content has no historical
value except as a record of what was said in the past.
Decoding them days later accomplishes nothing for your

In military terms, we don’t want to know what they did
we want to know what they are doing, going to do before
it happens.

I’m sure you’ll get a better answer here.

Grauhut July 12, 2015 3:27 PM

@Gerard: Only 2 mentions of Netbsd! 😉

And they show: Daniele trusts in Bruce! 🙂

“Can not adopt systems like the various Free / Open / NetBSD, I am absolutely inefficient for desktop use, as rightly emphasizes, too.
As for the adoption of encrypted systems or airgapped, they have definitely sense. The satellite phones do not offer more security than GSM phones, then I would opt for systems that add an additional encryption, hardware or application.
Crypto-AG did not know her, curious that he did not know the owners. The products look attractive, but Schneier at the time raised doubts:


Grauhut July 12, 2015 3:32 PM

@John Galt III, Raspberry on FPGA?

Where do i find FPGA design sources of the RPi VC4 QPU? Thats the little proprietary copro in the Pi that needs this nasty litte binary driver blob… 😉

Thoth July 12, 2015 7:55 PM

@J on the river Lethe
RE: Secure VPN

“Agreed, EAL is just a starting point.”

EALs are good for the pen and paper phase where you sit down to draw your blueprints and schemes and talk a good ton of theory. Of course they do physical site inspections and probably probe the hardware a little. The real test is when it’s fielded.

Have you seen a HSM reporting it’s been running for 400 days when in fact it just got flashed and initialized ? Smells fishy ? 😀 . It’s this kind of fielded products that would eventually tell you if it’s really good or bad. It’s nice to have a solid EAL 7 grade plan with formal verifications until it’s actually fully implemented and tested and also fielded for years.

@John Galt III
If your hardware is actively doing things it’s not suppose to, it’s game over. Time to scrape it or probably decap the chips if you can and try to experiment and discover their backdoor technologies in that chip if possible 😀 .

John Galt III July 12, 2015 8:52 PM

@Grauhut – I was assuming that we have to build the FPGA implementation from the data sheet. I further assume that the Raspberry Pi community would be excited about that, if they haven’t already done it. It may be an opportunity for natural language processing to start converting data sheets to code.

@Thoth – The vast majority of people don’t know whether their hardware is acting against their interests. My working assumption is that it has been subverted. I’m using an airgapped machine for the intellectual property work and I should open-source some of the measures that are needed to produce an effective airgap.

In case anyone needs justification for the term “spook rat bastards,” a couple of bits of fascinating history should provide some insight, if not proof that the spooks need closer supervision. When Frank Church provided it, they poisoned him just like Jack Ruby.

French bread spiked with LSD in CIA experiment
only five people killed, formerly known as allies

The movie Jacob’s Ladder appears to have some basis in fact. I hope that the link isn’t stale or paywalled. Crazy stuff.

Operation Delirium
Decades after a risky Cold War experiment, a scientist lives with secrets.
By Raffi Khatchadourian

Colonel James S. Ketchum dreamed of war without killing. He joined the Army in 1956 and left it in 1976, and in that time he did not fight in Vietnam; he did not invade the Bay of Pigs; he did not guard Western Europe with tanks, or help build nuclear launch sites beneath the Arctic ice. Instead, he became the military’s leading expert in a secret Cold War experiment: to fight enemies with clouds of psychochemicals that temporarily incapacitate the mind—causing, in the words of one ranking officer, a “selective malfunctioning of the human machine.” For nearly a decade, Ketchum, a psychiatrist, went about his work in the belief that chemicals are more humane instruments of warfare than bullets and shrapnel—or, at least, he told himself such things. To achieve his dream, he worked tirelessly at a secluded Army research facility, testing chemical weapons on hundreds of healthy soldiers, and thinking all along that he was doing good.
…[a rather ironic statement]
[picture caption: At an Army research facility, a soldier given a powerful mind-altering drug said, “I feel like my life is not worth a nickel here.” Credit Photographs by Stills from “The Longest Weekend” / US Army Chemical Research & Development Laboratories / Courtesy James Ketchum] …

Thoth July 12, 2015 9:14 PM

@John Galt III
I will still push for the use of home made CPU boards like Mega-Processor ( whenever possible for very critical logic or even purpose it for critical cryptographic ALUs albeit the slow speed. It is hard to trade off speed for verifiable security in this age of mass poisoning within electronic components (IC chips especially).

If there are available supplies of very tiny transistors that can be manually soldered with the aid of a machine solder done with manual control and inspection rather than painstaking hand solder with a clunky soldering iron, it would be much more preferable as that means one can manually reduce the size and increase the precision thus adding more gate counts on a smaller critical board.

It can be used for the highly sensitive stuff like crypto and secure booting of sorts.

Clive Robinson July 12, 2015 10:11 PM

@ Figureitout,

So to just try something quickly, I assumed 100W transmissions right next to circuit would emit enough EM radiation to change on the ADC (perhaps a more sensitive one would catch it).

Maybe maybe not.

It depends on quite a few things and most are frequency and size dependent.

The easiest thing to do is take the output of the transmitter through a “Pi network” low pass filter to a dummy load (this protects the transmitter).

You then use the “inductor” in the lowpass as your “take off” point via inductive coupling. The simplist way to do this is make your inductor physically large and slide your test circuit into the coil field (you can look up on the Internet how by using two coils you can create a near linear field).

Basic testing is done with a scope in XY mode, where you use the EM signal to drive one input and the output of the RNG to drive the other visable patterns will catch the eye and give you a warning that there is correlations between the two. You can then switch to “triggered”mode and look for other patterns.

The think is though, if your TRNG is working down in the audio frequency range and is AC coupled an unmodulated EM signal is not going to show you very much, as all it will primarily do is cause a DC offset and effect the circuit gain to a certain extent.

To see effects easily you need to modulate the EM signal “in band” to the TRNG and asymmetrically (ie AM/pulse with 1/3 on 2/3 off etc).

When you hold a GSM phone near an audio amplifier, it’s not the RF you hear, that will be well above the ‘ft’ of the transistors. What you hear is the “on/off” energy or “keying noise” difference as the base-emitter junction acts as a diode that envelope demodulates the induced energy and trys to absorbed the rapid switching transition in the “low pass” filter of the passive components used for biasing and coupling.

As I’ve said before, energy induced / coupled into a wire has to go somewhere, either it gets re-radiated or it gets absorbed by the resistive components in any load on the wire.

What you are aiming to do is use the inherant diodes in all semiconductor junctions to rectify the EM signal and use the resulting signal to add into the TRNG signal, thus to get past any DC blocking coupling components the rectification has to have an AC component in the passband of not just the TRNG but any subsiquent amplification. Thus you need to modulate in that frequency range.

Thus when using the scope in XY or triggered mode, you use the modulating signal as the source to check correlation against (oh and don’t forget in “triggered” mode to use not just the trigger level, but timebase x10 to go hunting for correlations, thus sawtooth modulation can help identify “sweetspots” for further investigation).

What you are doing in effect, is like the old method of measuring a receiver’s bandwidth, where you turn of the AGC and AFC, connect the speaker wires to a scope or voltmeter and then slowly sweep a modulated signal across the frequency the radio is tuned to. You plot the recovered signal level against frequency as that gives you the modulated frequency response of the receiver. The EM carrier gets through the RF circuits, and the modulation through the audio circuits. Obviously for receiver spec’ing you repeate using several different modulation frequencies and levels depending on modulation type.

Grauhut July 12, 2015 10:58 PM

@John Galt III: “we have to build the FPGA implementation from the data sheet”

If you want MIPS on a FPGA have a look at MIPSfpga. If you need a movie player for your bedroom, Openelec on RPi II is nice. The broadcom chips are closed hard- and software, so trying this would imho be overkill.

If you want something simple and open for real private data today, have a look on netbsd on bananapi for instance. The sunxi community does good work in opening the allwinner mips platform.

And if TAO hacked your board, just send it to some russians like Kaspersky. Increases the costs if they have to do research on new malware. And this means more jobs in the public private insecurity biz. 😉

Curious July 13, 2015 1:14 AM

Btw, having read the current Windows 10 end user agreement, I think it is meaningless in some ways, and Microsoft should change it, because: The EULA loosely points out (among other things) how Microsoft can get at your voice, text and writing input; and application usage, which seem to benefit Microsoft; however the rest of the EULA doesn’t attempt to really explain or even defend such in concrete wording.

Instead of clear and direct language the EULA uses headlines like “Data we collect” instead of “The data we collect”, and “How we collect data” instead of “This is how we collect your data”, or “This is how we collect data from you.”, or even better “This i show we actually collect data from you”.

If NSA and Co were to use Microsoft’s products or assistance to snoop on people, Microsoft should have an EULA obviously would have Microsoft burned if Windows products were proven to be misused in such ways.

It doesn’t matter if someone on Twitter called the notion of there possibly being a keylogger a “myth”. The EULA should not be potentially ambivalent to people’s concerns and realities that relate to snooping and surveillance.

name.withheld.for.obvious.reasons July 13, 2015 1:35 AM

Anyone noticing increased, aggressive, and persistent scans from the LACNIC (Latin American and Caribbean NIC)? The scanning is indicative of a thorough precursor mapping/surveillance sweep prior to executing or deploying a wide-based malware component. Not unlike a aviation pre-flight check.

Wael July 13, 2015 1:42 AM

@Dirk Praet,

But I agree that “Dodgy Douchebags SRL” would have been a more fitting name.

Wait a second! Didn’t you refer to them as “scumbags” previously? [1]

Oh, well, maybe I should use: If every “scumbag, douchbag, and dirtbag” instead of every “Tom, Dick, and Harry” — gotta find the right subscripts, though 🙂

[1] Some of the more polite “definitions”:
Douchbag: Someone who looks down on you
Scumbag: Someone you look down on
Dirtbag: Several variants” 🙂

name.withheld.for.obvious.reasons July 13, 2015 2:04 AM

Why are NAP’s and telco’s moving from “switched” to “packet” networks?

1.) Virtual network, logical boundary, peering and interconnect agreements?
2.) Elimination of tax liability (data networks don’t pay fed and state utility taxes)?
3.) Avoidance of various fed and state compliance issues? (ADA, things like TTY/TTD)
4.) Enhanced reporting and management capabilities compatible with NS/IC requirements that pays (allowing external parties to reach further into the infrastructure)?
5.) All of the above?

Follow on question:

What will rate payers and third party services realize from the internal transition?

Wael July 13, 2015 4:10 AM


Why are NAP’s and telco’s moving from “switched” to “packet” networks?

‘1’, ‘4’ are direct reasons. ‘2’ could be an indirect reason in the form of “incentives”, but this is a speculation. Not sure about ‘3’.

What will rate payers and third party services realize from the internal transition?

Supposedly less downtime and better quality of service (I doubt voice will be better quality)

Curious July 13, 2015 4:50 AM

Found a reference to the following article on Twitter:
“Privacy talk at DEF CON canceled under questionable circumstances”

I am not the best to present this, but as I roughly understood it, something about having a setup with custom boxes costing about 200 USD each, that works as a radio transceiver for communication between two or more units with limited range, and also having a regular wifi antenna (on one end I guess), for a computer to stay connect to the internet while located away from the wifi unit itself. Or perhaps something more complicated, or a variant of this.

I guess it would perhaps be neat if both the computer and/or the proxy box was placed in a moving car while in use.

Curious July 13, 2015 4:54 AM

To add to what I wrote above:

Or I can imagine you could perhaps make a chain of boxes, to make a chain of communication nodes, or just have a bunch of boxes that acted as backups in the same areas, if one was incidentally found by say the police by some more or less predictable event.

Jacob July 13, 2015 5:47 AM


The cancelling of the ProxyHam and erasing any reference to it is a knee jerk reaction by the authorities. The idea is clear, the implementation is cheap, and any nefarious entity with half a year engineering investment can replicate such a device.

Who are the ones to lose? the people operating under repressive regime with limited engineering knowhow.

I wonder if suppressing such a DefCon presenation does not run afoul of the constitutional free speech rights of the presenter.

Clive Robinson July 13, 2015 6:19 AM

@ Curious,

“Privacy talk at DEF CON canceled under questionable circumstances”

The device described is very similar to discussions I’ve had on this blog in the past.

The idea is relativly simple, you turn a Raspberry Pi into a router between a WiFi point and some other communications system. At the other end you use another Raspberry Pi to provide the other end of the communications link and to forward packets to a computer.

The initial experiments I did used some PC104 cards and a couple of old fashioned POTS modems and a couple of “ham patch” telephone “two wire to four wire” interfaces and some X-band Microwave modules I had in the “junk box”. All designed to run of 12V DC initial tests showed reliable comms well over 10Km line of sight. The software was an old version of Linux with standard ethernet to the WiFi unit and initialy SLIP (Serial Line IP) later PPP to drive the serial modems. I updated and replaced several parts, one being an HF Radio Modem that only managed 2400baud but quite happily worked inter-continental. As I indicated in my comments her to RobertT and others, I ended up using Raspberry Pis and GSM modules / modems from Motorola and very cheap rate SIM cards that could be topped up by non tracable payment. I further included a VHF radio pager so that the unit could be turned off and on remotely thus not having the GSM units permanently connected to the network.

You can easily find on the internet HowTos of turning a Raspberry Pi I to a WiFi router, and converter boards for Adrino Shields and cheap GSM shield cards, so doing it yourself is probably a weekend hobby project. And from some reports, it appears North Koreans are using similar systems to get “service provision” out of China to avoid using the NK system which is very far from being the Internet except for a select few.

It needs to be noted that any Ham Radio gear using FM in the VHF or higher band, is usually upto POTS line performance, and the licencing requirments should have taught people enough electronics and testing to be able to build the “Ham Patch” required. You can often find old commercial two wire to four wire patches at Ham Rallies from taxi/towncar systems or old emergancy responder systems.

Designing the PCBs to do your own is fairly trivial provided you respect the safety regs for galvanic isolation on both sides.

You could also just go out and buy amature radio packet equipment and use that, the trick is “blending in with the crowd” and not stomping on somebody elses “licensed” frequencies, oh and don’t pirate satellites usind Spread Spectrum etc, the operators got wise to this prior to the turn of the century and will “hunt you down” where they can.

As a general rule the higher in frequency you go the easier it is to use directional antennas which is good for privacy. However the more line of sight it becomes the more obvious site locations become. The ways around the site location issues are somewhat limited such as “passive repeaters / reflectors” Which gives rise to an interesting possibility. If you can afford the plate power and equipment to support it troposcatter and EME working become possible. It’s a while since I did the latter and voice comms was not then realisticaly possible from a “backyard” using licenced equipment but slow data did work… I have however found reflecting signals off of man made structures such as tower blocks / highrise buildings works reasonably well even prominent “sign boards” have advantages.

Dirk Praet July 13, 2015 7:28 AM

@ Clive, @ Curious

Re. Proxyham

The plot thickens. Rhino Security Labs on Twitter announced that “Effective immediately, we are halting further dev on #proxyham and will not be releasing any further details or source for the device.” It would seem they are under gag order as they can’t make anything open source, publicly available or even comment on the cancellation of the DefCon talk. My best guess is that they either received an NSL or got into very serious trouble with the FCC.

You can easily find on the internet HowTos of turning a Raspberry Pi I to a WiFi router

Check out PORTALofPi. Then add 900Mhz. USB wifi adapter 😎

Thoth July 13, 2015 7:45 AM

@Clive Robinson, Figureitout, Nick P, Markus Ottela, Curious, Jacob, J on the river Lethe, Bruce Schneier, name.withheld.for.obvious.reasons, Grauhut

Security research of independent researchers and small research groups need to be robust to thwart Warhawk Govt’s efforts to continuously undermine privacy and personal security for their selfish interests.

What are the reliable ways for small security researches to reach the public and also survive Warhawk Govts’ assaults on a Global scale ?

It is about time we start thinking of secure and resistant research efforts that not only protect ourselves from liability but to protect our researches from gag orders or from our front doors being blasted opened with assault rifles and shotguns pointing at our heads to halt distribution of research materials and researches.

Here are some suggestions and anyone can correction or update it:

1.) Distribute signing public keys to as many trusted friends as possible and publish them on torrents.

2.) Sign research codes and distribute them to torrent sites, free upload sites and other researchers’ websites. The more widely spread the better. Avoid Google Drives, Spideroak, Dropbox or anything that will connect you with an account so that they cannot shutdown the account and put you out.

3.) Keep alive signals like blogsigs that Mike the Goat and Nick P have done are a great way to tell people if you are still alive.

4.) Distributed secret shared signing keys in tamper resistant smartcards with very high share rates required (3/5 key share quorum or so). Built in self-destruct and authentication PINs. A bunch of dummy signing key fragments to populate the EEPROM of all the cards until no more space for other data. If they managed to capture the cards and decap the cards successfully without tripping the tamper circuits, they would have to figure out which key fragments to attack and for a key share of something like 5/7 key share quorums and with the modern EEPROM allowing 144KB space, the amount of dummy keys you can store are going to be mind boggling. This method is not highly assured but will definitely make them run in circles rather frequently.

5.) Segregate computing equipments to ensure that medium strength attacks doesn’t get through to all your computing equipments easily.

6.) TCB as microkernels should be used for the most sensitive computers. Air-gap it and close the windows while you use it. It is not 100% foolproof but you will get some security out of it. You would be better off running a couple of computers around you spewing noises and also play noisy music while you use your computer in the middle of the noise storm.

7.) Use unconventional electronic designs (TFC as an example) with things like home made data diodes, guards, electronic PCB boards built by hand, RPis, Beagelboards and a whole load of others that you can find. The more variety, the more confusion you can create.

8.) Deliberately create messy data but with a condition that you must remember very carefully what you have done to your data. The more random looking the better. If you have bad memory like me, you need to store a very tiny note for reminder in a secure and easily get rid off manner. A very tiny encrypted volume that can be disguised into a normal data object would be the best.

9.) Don’t communicate anything sensitive over public lines directly. Assume all encryptions you have over a public line has been broken. Either use circumstances or indirect inferences to get the message across.

terry moll July 13, 2015 7:54 AM

@Clive Robinson – what is the source of atmospheric humming, earthquake like rumbling, loud booms heard around RI? It can’t be blamed on fracking. Then the explosion on the beach yesterday. Utterly baffling.

Similar events have occurred elsewhere and what really strikes me is, how officials from the Federal Gov’t will say dumb things or plain lie when pressed for an explanation. One such response is that there was an earthquake of 1.5 magnitude and that must be it. Everyone knows an earthquake of that magnitude is imperceptible. I experienced similar behavior from Gov’t officials at the scene of an emergency, they’ll say anything they want.

name.withheld.for.obvious.reasons July 13, 2015 8:54 AM

@ Wael

Supposedly less downtime and better quality of service (I doubt voice will be better quality)

I too am reticent about ANY improvements that will be realized by the rate payer (customer). Seems the last one in line is the one paying the bills. I’ve seen frame relay switches (99’s) run for a half dozen or more years–continuously. I’m curious as to the amount of up-time and the quality of service (support and technical resolution methods and “real-time” responsiveness). There are issues in control systems, yes, running on telco copper that needs the circuit construction that packet networks can fail to provide. I offer a personal experience or two in support of my hypothesis…

Modbus, Genius, Profi, or other control nets are packet capable but fabric/media sensitive. From a programmatic point of view, transport-based communications dependencies are not readily apparent. The EE is aware of the underlying physics and plant engineers see the logical and software control components. But all fail to see the interdependent nature of non-trivial control systems. Professionals translate transmission in these control systems from their analog (yes, DC is analog in this case) characteristics into discrete digital signalling and leveling often not knowing better.

Most physical control systems (water, gas, electric, or environmental) rely on current flows (4-20 mA) unlike serial transmissions (most serial interconnects are not fully standards compliant, IEEE IEEE-485 and RS-232) where TTL levels (min. 1.8 to 2.5 for signalling) can be difficult to make robust in physical control and infrastructure architectures.

Having a bit of experience with these types of systems, I’ve have had several close calls. One of my escapades involved a network surveillance effort (passive) nearly taking down a triple redundant distributed control system (DCS) running a power generation plant/site (4 generators, ~300 MWatt peak). Prior to that incident, I managed to find the ONLY (an unknown, unknown) way to bring down a similar triple redundant DCS system for a plant/site (3 generators, ~250 MWatt peak) using a method that instantly collapsed all of the site’s turbines and the associated generators….BOOM. It’s these moments that the value of physical interconnects and “software” control become most apparent.

Dirk Praet July 13, 2015 9:38 AM

@ Thoth

What are the reliable ways for small security researchers to reach the public and also survive Warhawk Govts’ assaults on a Global scale ?

You are forgetting what seems to have become the most important element of all: lawyer up, and as part of your personal DR/BC-strategy also have a legal contingency plan in place for when the sh*t hits the fan. Engineering, crypto and OPSEC skills alone will not protect you from DoJ & Co. when they decide to come after you.

Learn about applicable legislation and regulation (e.g. BIS-Wassenaar for security research). GPL your code/project if possible. Identify pitfalls in a timely manner and try to work around them, for example by hiding behind a front-end in Switzerland, Iceland or any other country that offers adequate protection for whatever it is you’re working on.

Thoth July 13, 2015 10:14 AM

@Dirk Praet, Clive Robinson, Figureitout, Nick P, Markus Ottela, Curious, Jacob, J on the river Lethe, Bruce Schneier, name.withheld.for.obvious.reasons, Grauhut

I forget to mentioned a 10th point which Dirt Praet pointed out was to host stuff in Iceland or Switzerland. Setup research data seeding servers for torrents and web servers in Iceland and Switzerland. The best would be Iceland (like what I did to my research web server by hosting them in Iceland 🙂 ).

The only thing is Iceland have no military to defend itself so the Warhawks could simply walk in and make them do what they want at gun point :S .

Suitable Open Source licenses are used to protect software and proper Creative Common licenses for research papers and documents.

winter July 13, 2015 1:03 PM

Your recommandations will decrease your productivity considerably. It might mean “they” win simply by the fact that you will not be able to do the work.

Alan Kaminsky July 13, 2015 1:06 PM

@Malcolm Pell Given the above, how feasible would it be for a well resourced (money and IT) Security/Spy Agency to pre-compute all Public and Private keys using the fixed number of Prime Numbers for each bit size number range ?

The number of primes less than a given number n is approximately n/ln n (do a search for “prime number theorem” for further information). For example, the approximate number of 2048-bit and smaller primes is found by substituting n = 22048 into this formula. The result is about 22037.5.

There’s no way any three-letter agency could generate and store that many prime numbers. Public-key crypto is plenty secure against this kind of attack.

Clive Robinson July 13, 2015 1:10 PM

@ Thoth,

Further to 6, there are some other things you need.

End run attacks work in many ways and pulling the blinds is not sufficient.

What you need is one of those “three gate” cloths drying racks (not the concerteena types) an angle poise light, a fan, a couple of old fashioned quilts, four old newspapers and one of those “lap trays” with the beadbag underneth designed for eating a TV dinner off on your lap, A couple of FM portable radios and a casset player with speakers.

Put the old newspapers under the table legs, one quilt across the top and down the sides of a table big enough to work on, put the three gate cloths drying rack up on the table with the sides adjusted appropriatly to form an open box. Put the lap tray, fan and angle poise lamp on the table and then cover the rack with the second quilt such that it touches by a foot (30cm) or more the table top (I tuck it under the drying rack legs or you can use moderatly heavy books) and hangs down quite a way over where you are going to sit. Turn on a couple of FM radios to an empty part of the band in the room near the door and windows and have a couple of speakers of sufficient power to play little known music that you can work with under the top quilt on the desk.

Turn on the light and fan, get under the quilt, and tuck it in around you, put your laptop on the lap-tray adjust the bean bag so it’s at a comfortable angle, and turn on the music only then turn on your laptop and start work.

This effectivly stops visable and near infra-red light based “end run” attacks, whilst also significantly antenuating sound of typing and typing vibration through the furniture.

It’s not perfect –but then what is– but unless “caught in the act” it’s stuff you would find in almost any home, thus does not stand out.

Oh those “spy shop” CCTV camera detectors probably won’t work with proffesional surveillance as they would use infra-red cameras with angled “black light” glass which only alows IR to pass not the visable light most of those cheap detectors use. There is a simple solution which is to make your own near IR detector using easily available parts.

Oh the angle poise should be of the old fashioned filiment bulbs, which generate a lot of thermal IR, when put near the keyboard and the fan is used as well it disrupts some thermal imaging cameras, thus your typing movments become masked and difficult to observe.

There are a few other things you can do that I’ve mentioned in the past, one of the most important is very thin easily burnt paper a very soft pencil and a glass covered picture or table top you can write on.

If you want to go all out wash the paper with a “potassium permanganate” wash or equivalent nitrate wash, thus the paper burns very very easily, and won’t stop easily. A visit to a home baking shop will get you icing glycerine which if dabed on potassium permanganate washed paper will set it’s self alight, and burn ather more vigorously.

Anura July 13, 2015 2:30 PM

@Alan Kaminsky

To demonstrate how infeasible that is, even if we somehow converted the entire universe into one gigantic storage device (which is impossible, because Einstein decided to make it so that nothing can travel faster than the speed of light), the theoretical limit on the amount of data we would be able to store is somewhere along the lines of 2400 bits.

Grauhut July 13, 2015 3:20 PM

@Thoth: Legally immune sec research needs incorporation (charity) in a free speech and research friendly legislation additionally offering legal use of artist names. (Means: no real chance i know of) 🙂

Grauhut July 13, 2015 3:46 PM

@Thoth: 10.) Have a well done dynamic honey net! Its research fun and some binary booby traps always buy you time. An Intruder should always look an sound like some good chinese firework… 😉

name.withheld.for.obvious.reasons July 13, 2015 5:45 PM

@ Grauhut, Thoth

Legally immune sec research needs incorporation (charity) in a free speech and research friendly legislation additionally offering legal use of artist names.

Two things; it might be worth considering the articles of incorporation as non-static with regards to say a 501C3. The flexibility and art available to the drafter could allow for a series of entity enumerations, characteristics, asset, liability, and operational behavior. A rough outline might look like this:

  1. Enumeration of organization as a private entity holding public property?
  2. Allocation of copyright, more specifically a creative commons model
  3. Forward, action oriented response to encroachment of the organization and the commons (kind of a combination of rights/privileges that have two components; public/private property and individual/organizational composition describing their relationships
  4. Operational Management Plan, something I have actively pursued in order to do in the light of “NSA day” for integrity/fidelity of assets.
  5. Hardware specific language that allows HW in a creative commons model beyond “publication” rights. For example, a license model that specifies constraints on subversion and deliberate provocation of manufacturers with overt/covert instruments

Secondly, there has been quite an effort to brow-beat a methodology for developing assurance level systems (demonstrated process control) by many whom frequent this blog. I can kind of see this as completing the circle if a reliable fabrication process can be developed. (I see an implementation that is step-wise. Building on prior robust designs to advance more complicated and powerful iterations. A sample enterprise is outlined below.

The Top Level View (formal engineering and design methods infused throughout):

  1. Legal Framework
  2. Organizational and Operational Framework
  3. Hardware Fabrication Group
  4. Tool Chain Systems Group
  5. Integration, Verification, and Performance Group
  6. Systems Engineering Group (OS level for example)
  7. Product Engineering Group (app level example)

All groups are inter-working groups, visibility and accountability cross at (n-1)^2 process tree (as an example).

Dirk Praet July 13, 2015 6:23 PM

@ Thoth et al

The best would be Iceland (like what I did to my research web server by hosting them in Iceland) …

Add to point 9: do not give away details of personal OPSEC on public fora, especially when there’s a fair chance that they are being monitored by possible adversaries.

Add to @Grauhut’s point 10: confuse the adversary by setting up honey pots/nets as well as sewing desinformation on public fora about methods used. I mean, does anyone actually believe that @Bruce’s super-secure, air-gapped machine holding his ultra-secret stuff is a mundane Windows PC with Bitlocker ? 😎

Thoth July 13, 2015 7:31 PM

@Secure Research et. al.

Ok, it’s too long to type everyone in and I am lazy so I am just gonna cut it down to Secure Research. Lol.

@Clive Robinson’s idea is good. That should be used only when doing very critical work like signing codes and documents, managing keys and sending sensitive emails to other fellow researchers. Thanks for the idea. Offensive parties could storm the door but before they do so, maybe adding a couple of reinforcement to the doors and windows with some physical surprises in disguise (not to hurt the physical intruder but to hinder movement) could be used.

@Dirt Praet
Mostly right about not telling publicly on personal OPSEC methods and operational information. I think point 10.) or 11.) should be to do security boundary segregation which I have mentioned abit to @Figureitout in the past recent post. Public facts (just like the NSA classification 😀 ) would be the outright facts. The public facing front-ends would be placed in the open (it must be robust when put into the open to a certain degree). The more intimate details would have to be filtered. I have not drilled into exact OPS stuff as I decided to segregate them further. Thanks for your concern 🙂 .


“Hardware specific language that allows HW in a creative commons model beyond “publication” rights. For example, a license model that specifies constraints on subversion and deliberate provocation of manufacturers with overt/covert instruments”

Good idea to make researches take a more “creative commons” form so that the use of free speech can be used as a protective measure.


“Have a well done dynamic honey net! Its research fun and some binary booby traps always buy you time. An Intruder should always look an sound like some good chinese firework… ;)”

That will require time to develop in a trusted fashion (in case the trap bites back). If it’s a lone wolf like a couple of us here tinkering with our stuff, I think the better option is strong defense not just technically but also procedures and a bit of legal protection by using things like community licensing and work to lessen the possible dangers of being the sole target.

“Legally immune sec research needs incorporation (charity) in a free speech and research friendly legislation additionally offering legal use of artist names. (Means: no real chance i know of) :)”

It is hard to have perfect legal immunity so the better way is to spread the possible risk to many other factors. Attracting a bigger community and giving more people different posts would actually reduce personal risk while keeping it open to the public and also setting up some guidelines to keep the projects focused.

Wael July 13, 2015 8:37 PM

@Dirk Praet,

On topic: I am never ever eating squid again.

You didn’t take @Bruce’s word the first time? Come on Dirk, tell me another one! Post a picture of your “inflated” [1] mouth 🙂


This story is so freaky I’m not even sure I want to post it. But if I don’t, you’ll all send me the links.

Even if you post it, someone’s bound to (verify and) send the link three years later 🙂

[1] Squid-Inseminated, that is:)

Dirk Praet July 13, 2015 9:13 PM

@ Wael

Darn, I must have missed @Bruce’s original post. I saw this passing by in my Twitter feed a couple of days ago and it totally freaked me out.

@ Thoth & others

No offense taken, but my name is Dirk, as in Dirk Bogarde (or Dirk Diggler ; I know, I get that all the time). Not Dick, Dirt, Dork or other fantasy variations.

Wael July 13, 2015 9:22 PM

@Dirk Praet,

re: names! Lol! I often catch the spellchecker when it suggests a word instead of your name. I have to be extra careful when I address you!

J on the river Lethe July 13, 2015 10:39 PM

The best setup are secured isolated. Think tempest, scif kinda stuff.

I am also convinced that the u.s. Is at least giving as well as it is getting. I am Sure they are up their shoulders reaching in cow ass so to speak, same with Israel and Iran. I don’t know, just an opinion based on no inside knowledge.

@clive I seem to remember the library of congress working on deacidify old books/docs. They testily canceled the project. The regent had to be completely removed. Otherwise, it really really wanted to burst into flame and it did. Repeatly.

@all. Curious. proxyham. Ww1 encrypted radio prohibition? The plans and The principle was already out. Hobbyists could do it, they had enough information. Selling them maybe. It would raise the numbers beyond a couple hobbyists. But then they freaked out a while back with a jacked up long distance reader, reading badges. Well the camera didn’t help.

But just to add a little perspective, kaspersky shows really low numbers for TAO types stuff and an immediate pull back if they think someone has measures in place. But security professionals and hobbyists like to play and ask why not? So we will carry on. The game of evading mass collection of data? Hmm. 😉 I still think the person that came up with NSA ourosboros name was an Andromeda fan.

Everyone has an angle. Kaspersky doesn’t seem to report much on rusian versions of TAO and China never says anything about incursions. We speak up all the time. Good or bad? I am not sure.

tyr July 14, 2015 12:52 AM


The typo police caught it when I called a Railgun
a Battleship. You can’t get much past these folk.

Clive Robinson July 14, 2015 1:19 AM

@ Dirk Praet,

With regards the “pregnant with squid” story, the title is a “load direct from the crock”…

As I’m sure you know, sexual reproduction requires both male and female sex cells with sufficiently similar DNA. The inside of her mouth would normally not have sex cells in it, and her DNA way way to disimilar to that of the squid.

Further around 40C most proteins cease to have biological function, so cooking should kill the potential problem dead.

Oh and we’ve had a similar story on the blog before and I remember it because Bruce gave a short apology about posting it, saying that it was at the time in the news and would end up being talked about on the blog anyway.

From the little information available –as real squid sexual behaviour has not been observed/documented– the risk of geting a male squid sex cells in your mouth is actually very low even with eating raw squid external flesh on a daily basis. As even basic prep skills like washing the squid flesh would remove the risk. As for eating the squid internal organs raw, let’s just say it’s an aquired taste that is not common even in the Far East these days and thus not likely to be on a susi restaurant menu.

As for eating squid, I consider it a duty 😉 to help keep the numbers down as they are out of balance in some areas and destroying the marine ecology. So pass me another bucket of pepper fried squid 🙂

Oh and a word of warning… be carefull what you search for, the words “Japanese, squid and sex” will bring up something entirely different and usually quite inappropriate in an office or home environment, so don’t do it.

Anura July 14, 2015 10:54 AM

The phrase “Our product is unhackable” roughly translates to “I’m full of shit.”

name.withheld.for.obvious.reasons July 14, 2015 11:32 AM

More acts of legal masturbation by the MIC…seems the DoD has been empowered (under the Executive) to suspend the first amendment to the U.S. Constitution. Carefully read the section quoted from the manual–in particular the inclusion/use of the word “State“.

From the “Department of Defense Law of War Manual” available as a PDF at the Public Intelligence site.

4.24.5 Security Precautions and Journalists. States may need to censor journalists’ work or take other security measures so that journalists do not reveal sensitive information to the enemy. Under the law of war, there is no special right for journalists to enter a State’s territory without its consent or to access areas of military operations without the consent of the State conducting those operations.

Malcolm Pell July 14, 2015 11:47 AM

@tyr, @Alan Kaminsky

Many thanks for your responses and I can better understand some of the technical challenges now.
I just wish David Cameron would see some reason on his recent attacks on the use of Cryptography by UK citizens and UK/US Companies.

Ah well – I can always dream that we may elect some sensible Politicians who live in the same universe as the rest of us !!!

Clive Robinson July 14, 2015 11:56 AM

@ Anura,

The phrase “Our product is unhackable” roughly translates to”I’m full of shit.”

Ahhh it’s all so magical…

Likewise the claim of “unbreakable” probably means that the product will only be sold to “fairies” with bottoms so small they will never sit on it as they flit from flower to flower with their magic pixie dust on gossamer wings.

I’m surprised they’ve not enrolled Tingerbell and Peter Pan to do the adverts.

Clive Robinson July 14, 2015 12:47 PM

@ Malcom Pell,

I just wish David Cameron would see some reason on his recent attacks on the use of Cryptography by UK citizens and UK/US Companies.

Why should he, he’s got the “hound of the Baskervill’s” chewing his ear about it and she makes a pit bull look cute.

And to be frank it’s a problem that is never going to worry him, he’s the worst kind of trust fund kid that married another trust fund. The closest he’s been to the real world was being an “airy fairy PR wonk” who’s then close collaborators and confidents have shown criminal behaviour, and in one case now has a criminal conviction and jail time to show for it.

If you listen/watch PMs Question Time you will find he’s so full of it it spills out of his mouth in an almost endless nauseating stream. So much so, that he can not answer the simplest of questions unless they are of the organ polishing kind from cronies, where he then basks in the reflected faux sunshine that shines out of where in a normal person that nauseating stream would emitt from.

What’s worse is Cameron has got Obama sniffing around like a mut behind a bitch in heat, polishing the Cameron ego and saying what a fine fellow he is in his “no place to hide” attitude to crypto.

You would have thought by now voters on both sides of the puddle would have wised up, and when a US President starts sniffing around a UK PM like that it can only mean trouble (think back to Blair and Bush and the invasion of Iraq which we are still hemorrhaging our economic life blood for).

Thoth July 14, 2015 8:02 PM

@Derek Peasah
That phone and the Silent Circle’s Blackphone ain’t gonna make the security mark of any assurance. I would say Samsung Knox which have been certified by US DoD Warhawks would minimally make a low security assurance level because it makes full use of the TPM module in the Qualcomm Snapdragon 810 (or whatever it is for the chipset) via the ARM TrustZone. Without TrustZone’s Knox, it will be as good as any other phone out there.

TO at least achieve a certain level of low security assurances, these so-called secure phones need to make use of the chipset’s ARM TrustZone (for ARM architectures) or some form of secure chip technology.

Note that the Samsung Knox is only generally rated in an overall security assurance. I doubt the ARM chip (Qualcomm Snapdragon 810) is rated in the CC EAL and FIPS certification to be secure.

In fact, don’t trust any of the ARM chips if they say they are secure unless they can pull out a CC EAL and FIPS 140-2 certification at CC EAL 5 and above and FIPS 140-2 Level 2 and above respectively as those are the base security requirements.

By the way, the ARM TrustZone for Qualcomm’s Snapdragon are known to have some bugs that compromise security and they have released patches but whether the phone makers pushed the bugfixes is another issue.

The very basic requirements Silent Circle and Turing Phone can do to achieve a very minimal security level is to enable the ARM TrustZone or some form of security environment in their chipset (if they have) and on kernels running in the TrustZone or security environments be a TCB environment like the Open Source Genode ( which Genode have managed to port their framework and TCB to run on ARM TrustZone for the Secure World and L4Android in the insecure world of the TrustZone architecture.

I wouldn’t recommend running Genode/L4Android on your ARM enabled TrustZone chipset as a production phone as it is still in development and improvement phases.

The more secure option would be to use something like a MicroSD card security element where you encase your sensitive applications in the MSC’s security chip (they are rated at EAL 5+ with FIPS 140-2 Level 2 and 3 in most products) but the down side is your MSC’s security PIN will need to be keyed from your phone’s keypad or touch screen (insecure PIN entry) and it eats up your SD card slot (but most MSC security cards come with at least 8GB additional storage space anticipating user needs for storage) as some of the downsides.

Maybe what can be done is to use the on-chip’s TrustZone’s secure GUI (Trusted Path) for PIN entry to communicate with your MSC card which is what some of the solutions in the Mobile Security market are doing recently according to my observations so you can combine a lower security ARM TrustZone with a higher security MSC card to do lower classification work on your handset.

Some of the MSC cards come with enabled JavaCard development or it’s own SDK where you can code and lock your own critical codes into the secure confines of the MSC card (includes crypto) secure boundaries.

If you are paranoid, you can try out Thales and General Dynamics secure mobile phones (beware those are only for diplomats and you must proof your identity and have your country’s authorization in some form) which can be rated up to TS/SCI level.

For the mere mortals of most of us, just use the Trusted Path with MSC (preferably allowing you to code your own applets into the MSC with proper EAL and FIPS rating).

JD July 14, 2015 8:51 PM

“What’s worse is Cameron has got Obama sniffing around like a mut behind a bitch in heat,”

For a sec I thought the trolls are back oh wait they are

Figureitout July 14, 2015 11:46 PM

Clive Robinson
–Thanks, I’ll save that w/ my notes and try it another day (preferably when I get a decent digital scope, signal generator; and say finish my degree). It’s a good sign if just running on my desk next to 100W transmitter and 4 switching power supplies (and another beacon upstairs) and all the other natural noise didn’t affect its output (well..I haven’t actually confirmed its output passed tests, which may be sufficient, not quite sure). Having to actually pick up the circuit and run it thru a coil goes beyond just transmitting and affecting its output, that’s a physical attack. Means that maybe that problem can be whisked away for the most part. More study needed on “avalanche effect” and how “unpredictable” it really is of course (statistics and analyzing huge chunks of data isn’t really my thing).

Thoth RE: security researchers keeping their freedom
–Follow the law for the most part (no matter how stupid or draconian; until it’s worse than banana republic and drop research and just leave), don’t make lots of waves/live a quiet life while researching, set up monitoring of research facilities (preferably not using wifi or GSM/SMS), cut it into chunks and tuck away the chunks so attackers must watch for a long time to steal it and take credit, etc. Keep important parts w/ you as much as possible (certain PC’s, memory sticks, papers/documents, etc..); leaving large equipment which can be tampered w/ and returning false data (no solution to that problem, ends w/ a spiral of checking checking checking that can’t check what you’re checking w/).

Now actually putting out interesting research and keeping trust of community?–Much of what you listed (it’s going to be personal and depend on how much researcher is willing to put up w/), lots of hacking and trying new things, as well as setting up “canaries” of types, and publicizing any potential advances via social media.

Clive Robinson July 15, 2015 8:31 AM

@ All,

Stewart Baker has given another command performance on raising straw men from the grave, misrepresenting facts on harms, and misrepresenting other peoples statments,

The bit I realy like is the comments about Mat Blaze and how journalists say things.

Mat Blaze did indead find a security hole in the clipper chip LEAF, it was to short and ill designed, such that it was possible to set up secure communications using clipper that the LEAF could not be used by law enforcment for it’s stated purpose of getting access to the encryption keys. Thus the whole clipper chip system failed it’s primary stated purpose that the LEAF was there for, nobody argued at the time it made the crypto less secure, in fact the opposit, it actually ment that a knowledgable user could be more secure from the perspective of law enforcment.

It was an interesting “bug” that could be exploited by a knowledgable user with the right resources. The simple fact that the NSA who have a great deal of experience in designing crypto systems (of a certain type) should / would have realised. You also need to remember that at the time the “Olli North & Fawn Hall” show was fresh in some peoples minds. Thus it was suggested that maybe the NSA had backdoored their own system to put “government comms” beyond Law Enforcment enquiry…

Thus it was considered fair to claim the “bug” as suspect and thus a probable back door by the Government.

Stewart Baker however is trying to make you belive that the probable backdoor by the NSA/Government in clipper was there to weaken the clipper chip security and make “secret government access” for spying possible (which it did not do). And thus he can claim people are using it to make false claims…. a 180 on the reality.

Now as Mr Baker points out he was in the thick of what is now called “Crypto Wars I” on the NSA/Government side. So unlike the journalists he is heaving mud at, who might have misunderstood what they were told, he’s got no excuse for his misrepresentations…

You might also note that in amongst his misrepresentations he mentions a “twitter” conversation but neglects to mention all that he said or provide a link. Might that be an oversight or the fact he does not come of as much more than a rude twerp who is way way to “self important” with his July 9th post (@stewartbaker),

@mattblaze has posted 20 tweets since I asked a simple question: is the NYT wrong or am I? Matt’s silence is the answer

Have a look for yourself,

I guess with self important twerps like that around, it’s not surprising that a number of researchers etc don’t have twitter accounts…

Winter July 15, 2015 9:43 AM

@Thoth RE: security researchers keeping their freedom

There is a lot of talk about trying to produce backdoor free hardware. I think this is not the right approach. There are just too many components and each one could be compromised, or not.

Think of the “Trusted Trust” attack where the basic compromised compiler introduced backdoors in new compilers:

There was no solution to the basic question: Can I trust my compiler.

But there was a solution to see whether there was a bugged compiler if you had several compilers of which at least one was “honest”. You did not have to know which one. (see link).

So, I was thinking along these lines. The idea is to perform a task: Input in, output out. Either input or could be a network link.

Create parallel computer setups (say, 3), preferably using different hardware (Intel/ARM/Power/FPGA, hard disks, network chips). They are all set up to perform the task bit-identical. Turing showed this is possible.

They all get the same input (e.g., from a keyboard/mouse). They channel their output and only one output is selected (at random). All outputs get monitored and a HMAC (hash) is calculated over all the bits in the output of every system.

After all setups completed the task, the hashes should be identical. If not, at least one of the set-ups did not perform the same task as the others. Which could be an indication that some systems were compromised.

Obviously, the hardware could be shielded to your hearts content.

Where did I go wrong? 😉

Nick P July 15, 2015 2:09 PM

@ Wael

It’s actually easy. You use assembler to bootstrap a macroassembler like HLA. You then code a basic LISP or Oberon compiler from one of the free books which often have source code & explanations. Bootstrap it on itself. You then implement CompCert C compiler’s passes in that language. Compile that. Now, re-write CompCert in C and compile it with the last compiler. Naturally, tests for each of these. Now, you have a fully-bootstrapped, formally verified, subversion-free compiler proven you trust the specs, proof and extracted ML. Those compiler passes and resulting ML should be a lot easier to analyze than a full C compiler in macro’d C, though. 😉

People really get hung up on the easiest problems, sometimes. Really just about turning it into a series of problems small enough to solve and linking them up. Might be a bit kludgey, but if it works it works.

Note: Before you say anything, I already know this immediately leads to the question Thompson was too busy to ask: “How can I trust my assembler, linker, loader, firmware, and CPU?” Unfortunately, I blew all my time for those on the MULTICS thread…

J on the river Lethe July 15, 2015 2:28 PM

@clive, et all
Here a story on u.k. Encryption kerfuffle

I read it differently than the headline. It says we don’t want to ban, but want to be able to go after bad guys. Hmm. Wait huh?

@thoth, @figureitout. Excellent points. Honest research by good people (like you guys from what I can tell) protects us all. Isolate, document, etc.
I am still curious why the pork ham talk was canceled. Seriously, a Pringles can, tagi antenna, etc. was it because it was ready made sold to potentially a lot of people? Think script kiddies? Don’t know but that cat was let out of bag years ago.

Something else I am looking at. New Horizon probe. 3000r play station type CPU. 1kb/s download speed, simply amazing. I can’t seem to find the O/S. I guess it would be VxWorks, but can’t seem to confirm? I am enjoying looking at what specs I can find. 🙂 🙂

MOMMYYYYY July 15, 2015 4:53 PM

Google accidentally reveals data on ‘right to be forgotten’ requests

Data shows 95% of Google privacy requests are from citizens out to protect personal and private information – not criminals, politicians and public figures

Less than 5% of nearly 220,000 individual requests made to Google to selectively remove links to online information concern criminals, politicians and high-profile public figures, the Guardian has learned, with more than 95% of requests coming from everyday members of the public.

name.withheld.for.obvious.reasons July 16, 2015 12:12 AM

@ Nick P

People really get hung up on the easiest problems, sometimes. Really just about turning it into a series of problems small enough to solve and linking them up. Might be a bit kludgey, but if it works it works.

This is my premise on the hardware side; FGPA’s are too complex/susceptible to subversion, tool chains not trustworthy. Start simply, a non-scalar component architecture that can be verified operationally (should be a formal hardware model, and I mean mathematically formal including the engineering methodology).

Thoth July 16, 2015 1:32 AM

Using multiple hardware to check the integrity of critical processes are a known way. @Clive Robinson uses them heavily in his voting schemes and many of us use them heavily too.

I wouldn’t say and did not mean you have to fully trust something. Trust should be relative to the circumstances and one’s realistic expectations.

@J on the river Lethe
Those are simple word plays. If you can’t attack from one direction, attack in another direction. That’s the idea behind word games.

@Gerard van Vooren
Interesting paper. It would be nice if the OS software has a plugin to allow tweak-able security so that the OS developer can code without the thorough need for encryption knowledge while the plugin allows the full integration and insertion of OS level security like the encryption feature which would be handled by the subject experts and the userland of course would benefit from having the OS level already installed with the OS level’s security tweaks. This way the work is split into their proper domains and are more assured and secure from the ground up.

Winter July 16, 2015 1:54 AM

“Using multiple hardware to check the integrity of critical processes are a known way.”

Do you, or anyone else, know whether that has been formalized?
Like the “”Countering Trusting Trust through Diverse Double-Compiling”?

name.withheld.for.obvious.reasons July 16, 2015 2:28 AM

Ars Technica article reports that AT&T has suspended around 200 employees for nothing more than exercising free speech. I say if AT&T executives believe they can punish employees for what is essentially a protected activity, then congress should repel protection of the AT&T board and executives for violations of law, unconstitutionally under a post-facto immunity provision, that was violated in complicity with the government in what is a criminal activity.

Wael July 16, 2015 2:28 AM

@Nick P,

It’s actually easy

It’s one way, but is it sufficient? Also you have effectively excluded the average person!

What vulnerabilities, besides possibly subversion, does this process mitigate?

Anura July 16, 2015 4:03 AM


If they were off the job or on strike, then I would be against the ruling, but companies are allowed to have dress codes. I don’t really have a problem with that.

Wesley Parish July 16, 2015 4:39 AM

@Bob S.

Nothing to be surprised at. Read up on the Younger Dryas when you get the chance. A temporary swing in warming or cooling the planet is just a temporary swing in an on-going trend.

In relation to security – well, everybody in the “security” forces so-named has written climate change and global warming into their plans of operation. So we the people will have to deal with the effects, either on their own or mediated through oppressive “security” regimes.

name.withheld.for.obvious.reasons July 16, 2015 4:57 AM

@ Anura
You’re are not incorrect respecting the law but I’d argue that there is a moral/ethically consideration. It is the neo-liberal idea that impinging on the market is less than meritorious act. My argument would be that the language of rights, especially for individuals, is under extreme stress and duress…allow me to summarize…

  1. Corporations have repeatedly used the law, and constitution, to protect themselves (Enron executives claiming 5th amendment rights in front of congress).
  2. Corporations have repeatedly argued against individual liberties for workers using “newspeak” as a form of castigating the working class.
  3. Because one is employed, the rights and liberties of individuals are not “magically” suspended and allowing the suspension of rights by employed individuals is a license to suspend liberties but demand that of all employees/workers.
  4. What about employment status confers a lessor status and standing as a citizen?

I will admit that this subject is not well covered, what are the limits of corporate edicts and the reach of constitutional liberalism. The framers knew during the second constitutional convention that a number of issues where outside the realm of realistic solutions, but, they were smart enough to structure a system where the future allowed for things to change–that society and the socio-political system could improve over time.

Improvements socially seem to no longer apply, the longer our congress is in session the less likely we are going to see the types of transformation of systems that improve things for those not part of the royal class. Thinking, and I mean at a level beyond the “weather”, is deemed to be a liability in the United States. Bifurcation in governance at multiple levels (federal, state, municipal) reflects the addiction to ignorance that society, the press/media, large institutions, and our ill informed public suffer from when it comes to cognitive and critical thinking. The illness is brought about by a kind of fog of the FUD, unable to see the FOREST OR THE TREES.

Clarity, multiplicity, and thoroughness of thought seems to be in such short supply that no one has managed to even diagnosis the malaise we appear to suffer from…

Clive Robinson July 16, 2015 5:30 AM

@ Name.Withheld…, Nick P, and others,

This is my premise on the hardware side; FGPA’s are too complex/susceptible to subversion, tool chains not trustworthy.

Just to add to the problem,

It has been assumed for some time that RAM, DRAM and similar were not good candidates for putting backdoors in, due to a number of reasons.

However I’ve been a cautious soul on this and mainly use byte wide SRAM in designs, not just because you usually have an effective write disable but they are older in design and thus follow an older well troden design path.

The exception was for certain –likely to be– Knockoff / Chinese chips that when decapped in the past have shown oddities which indicate they don’t match the package identity and have odd structures visable under an optical microscope of moderate magnification.

Now however we have a conundrum arrising,

Is this just precautionary, saber rattling or something more concerning?

Winter July 16, 2015 6:21 AM

“The exception was for certain –likely to be– Knockoff / Chinese chips that when decapped in the past have shown oddities which indicate they don’t match the package identity and have odd structures visable under an optical microscope of moderate magnification.
Now however we have a conundrum arrising,”

This is yet another example where the TLAs in the USA want the ability to add backdoors in HW and find out that what makes others insecure also makes the US insecure.

If instead, they had put some effort into making it possible to audit HW security, the USA would be more secure.

name.withheld.for.obvious.reasons July 16, 2015 7:34 AM

@ Clive Robinson
Two things about about RAM components, the first is this is a common application area for FPGA’s–mostly in MMU designs (some in digital systems, others in ADC platforms)–thus from servers to cell-phones. The second is, has anyone investigated the latest update to the microcode update to Intel I-x chipsets? My guess is that this is a CPLD update to the processor chipset for a less than Kosher reason.

In general Clive, I believe that the step-wise, simple, and verifiable formal design methodology that can be “audited” and survive subversion attempts is the most rational way forward. If the IC had spent more time in this direction at least we’d have platforms that could give us confidence irrespective of the need to serve government. That can be a decision made at the software level.

Oh, and what do we know about how to use Apache processes to perform TLS data inspection…I believe it is useful until you consider the concentration at the service level and how it will be an attack/surveillance vector (Lavabit servers would not have survived).

name.withheld.for.obvious.reasons July 16, 2015 7:53 AM

@ Clive Robinson

I apologise for not answering your specific question…

Is this just precautionary, saber rattling or something more concerning?

Probably a bit of all of that–it is possible that someone would leak/speculate that Micron technology had offers and that stirring the pot a bit might make for some political hay…ironic that you cited the Hill.Com source… ;^)

AlanS July 16, 2015 9:55 AM

There’s a lot of concern about Feds gaining access to private things via front doors and back doors but some Feds apparently also specialize in rooftop access.

Gerard van Vooren July 16, 2015 11:59 AM

@ Thoth

“It would be nice if the OS software has a plugin to allow tweak-able security…”

It is actually been done. Plan-9 did have Factotum. The only problem with Plan-9 was that encrypted networking was optional. With Ethos-OS it isn’t optional, but it still uses (a sort of) Factotum.

Sam July 16, 2015 12:48 PM

and in online “privacy” stuff there is this new product,

Keezel: Online Freedom for every device everywhere

It’s basically a wireless VPN box, that can be connected to a VPN service provider network with servers in different countries



Let nobody see what you are doing online (because they can and they do)

Visit blocked websites all over the world

See the TV shows, sports games and other programs you love, but can’t watch

Secure all your devices with just one keezel, no installation needed

Be part of the growth of the intelligent worldwide keezel network, provided by the best providers on the market

Nick P July 16, 2015 1:19 PM

@ Gerard

It’s nice to read it again. 🙂 Solworth is involved in plenty of interesting work. Smart guy. I agree with him that isolation of legacy code and interface protection will be the main solution to that. However, there is plenty of work in automatically transforming legacy source or binary to block code injection. We might have a combination of methods in the future.

Btw, I can’t remember if I shared this link with you on Go’s development history. I recall my old link claimed it was a knockoff of ALGOL68 and your experience was that it compared to the Wirth languages. Turns out, it was a consolidation of ALGOL60, C, and Wirth language features to try to cherry-pick best ones to create a modern, Oberon-like, development experience. You were closer than me. 😉 Interesting read.

@ name.withheld

“Start simply, a non-scalar component architecture that can be verified operationally (should be a formal hardware model, and I mean mathematically formal including the engineering methodology). ”

This might be one of those moments where you being a trained engineer and me being an approximation of one leads to my confusion. I have no idea what you mean by that lol. More likely, the statement is abstract and I’m not seeing how you concretely apply it. The problems with subversion in hardware show up in these layers (simplified):

Behavioral specification of what it does (eg visual, SystemC or functional language prototype) -> behavioral, standardized HDL matching it -> RTL HDL -> gates -> transistors -> OPC -> masks -> fabbed silicon -> packaged chip. Similar flow for analog and RF steps albeit more primitive. We’ll leave their verification as a manual step for now and focus on digital circuits (90+% of functions).

So, to do what I did with compiler trust, you’d have to bottom-up design the ASIC from rigorously verified and ASIC-proven gates up to macro-cells up to… list goes on… until full design is in place. Alternatively, as academics did, you have to build and verify tools for each step. That’s easier (focused) and harder (NP-hard problems) at same time. Tools will be the necessity because of the complexity of the activities as feature size get smaller and for the optimizations. One can only be so far behind the competition in price/performance/watts even for security-loving market. Anyone eliminating subverison across most of the ASIC flow looks to be reinventing EDA or using tiny ass designs that do almost nothing.

So, what layers and types of activities were you talking about given this mental model for ASIC design flow?

Note that much of the model also applies to S-ASIC, gate array, FPGA… name it. Still have to connect high level behavior to low level behavior to raw implementation details, independently verify each, and verify their collective operation.

@ Thoth

Aside from the link above, a lot of his work is on the Ethos OS project. You can look at it and his papers to see what he means.

@ Winter

“Like the “”Countering Trusting Trust through Diverse Double-Compiling”?”

NonStop architecture, transactions, voting protocols… these all do it to varying degrees. I believe the buzzwords that apply in security research are Byzantine Fault Tolerance and Recovery-oriented Computing. I know the latter has a number of papers covering systems doing same thing while looking for malicious participants.

@ Wael

“It’s one way, but is it sufficient? Also you have effectively excluded the average person!”

The average person is always excluded from these things. What I’ve done is simplify the project so that technologists the average person trusts can more easily verify the tools and produce a trustworthy, local implementation. If anything, I’ve democratized it. To their credit, the academic Scheme community did it first with all their students learning how to build interpreters, compilers, and so on. Simple enough that any of them could implement a Scheme which could easily implement… anything else they understand. So, with the scheme reference, I further put subversion-resistent compilers in the hands of many students.

“What vulnerabilities, besides possibly subversion, does this process mitigate?”

This was solely about subversion: justifying existence of and proving benign every aspect of the working tool. You know from previous posts that one must use a rigorous lifecycle to eliminate vulnerabilities across the board. Oberon and Scheme-style languages tend to be type- and memory-safe, though. So, if that aspect is implemented correctly, especially in compiler’s code generation, it knocks out many potential vulnerabilities and lets one mostly focus on validation of input & transformations. That’s where remaining risk will be. They can also knock out any remaining memory issues by implementing one of the published mark-and-sweep, verified GC’s.

Alternatively, they might notice that many ML languages and libraries make it easy to do stuff right. They might just make their next project a re-implementation of the FLINT certifying compiler. They’ll also similarly re-implement and test the various tools for producing parsers, input validation, concurrency without problems, and so on. They can build that into the language, compiler, their LISP macros… whatever. Having done FLINT and verified other aspects, they can now develop other tools using a toolchain that’s immune to vast majority of problems, is easy to verify by eye, is easy to maintain, and can be extended to deal with new problems. They can even go back and rewrite their old stuff in this all the way back to the original root of trust: the assembler implementing the macro assembler. Like one team did in Coq, they can write macro-assembler and assembler with the type checking + analysis power of ML languages.

With all of this, from my first post and this one, there will be a series of steps that are each small enough to understand. There will be individual problems, solutions, designs, implementations, and tests that are easy to understand. The initial mappings with primitive tools are done by hand in a non-optimized fashion to facilitate review. The later ones, developed in HLL tools, support more complex mappings because prior work means the translation can be trusted. The final tools support modern, state-of-the art development due to their instrinsic properties and easiest review against subversion with right coding guidelines. Every single thing and the whole can be traced and understood. Every evolution reduces subversion opportunities and some possibilities to introduce defects. A truthly breath-taking cathedral of toolchains.

In the next room, people are using GCC on Linux trying to find the vulnerabilities and potential subversions… trying very hard with little confidence… (evil grin)

@ Clive Robinson

I think the first thought we should have is what our hardware guy told us: Chinese knockoffs of others’ I.P.. He said they were usually equivalent on the surface with crappier, cheaper implementations underneath. Some were so good they copied down to transistor. A minority, though. The majority of subversions in his experience were companies hiding extra functionality to reuse in other products, keep costs down, and deliver less benefit to end users who didn’t know their stuff was crippled intentionally.

So, I’d look into that stuff first. Naturally, the more black box the systems (esp Intel and ARM SOC’s), the more room for sneaky stuff. It’s why I’ve been recommending Gaisler’s stuff for people trying to start new, open SOC’s. That I recall, his stuff comes with HDL source for review, can be customized easily, and is ASIC-proven many times. Much SPARC firmware, specs, etc are standardized and open to review. That’s a huge headstart on dealing with these issues should any companies care enough to buy and implement something.

Alternatively, people in the long-haul might contribute more I.P. to the open-source, Rocket core that implements RISC-V in 48nm SOI and 28nm. Looking at Gaisler’s stuff, even a microcontroller’s features, there’s plenty of I.P. needed to establish a baseline of functionality the market will tolerate. So, Gaisler is a good start for those wanting production stuff quickly and Rocket for the more altruistic who are fine with getting something in… 5-10 years. 😉

Gerard van Vooren July 16, 2015 3:14 PM

@ Nick P, Thoth

What I would like to say is that a secure OS alone isn’t enough. Today we do have good encryption software / protocols such as GPG, SSL/TLS, SSH, but it takes effort and knowledge to set it up correctly and also to use it. For mainstream security it should be easy and effortless to use, without knowledge and without the possibility that it could go wrong because if it could it will. That counts for both users and applications.

Plan-9 was a step in the right direction. It still is a lot better than todays *nix when it comes to the tool chain and its simplicity. Ethos-OS is, from what I know so far, the next step and they are one of a very few who really dare to take it full swing. I have discussed with various *nix maintainers about the need to break with UNIX history to go ahead and make it simpler and more secure and even more robust, but they regard compatibility higher. That is why we still have a root user, monolithic kernels with a massive TCB, C, Autotools, XML etc.. Btw, the Linux kernel just gained an extra one million LOC.

I like Go because it is a clear step in simplicity and it is highly productive, in the spirit of Plan-9. It is now clear that the main target is the cloud, userland tools, servers and they are starting with GUI. That is good but I only wished they took more effort into OS design with it. It’s also GC, not deterministic which means you don’t want it to be used in for instance flight control or the ABS system of your car.

In short, a good design, daring to break (deal with compatibility with VM’s or something), and make things simpler and more secure will bring us way more forward. It also simplifies maintenance.

I know, it sounds like a rant and it probably is 😉

Figureitout July 16, 2015 4:33 PM

j on the river lethe
–Opsec can grow so large and unwieldy, have to keep in check otherwise you don’t do any interesting work (that which can be copied/stolen). And yeah I’m a good person (now…past me was just an idiot who didn’t see much of a good future). C’mon now, you were the one trying to roofie me eh? Remember the boilermaker? 😉

And cool on whatever it is you’re looking into (I couldn’t follow lol). Document if you can (ie it could be built by others), I won’t for this other project b/c no one will have board but I’ll have a small RF authenticator w/ much more common open boards which could be deployed where you have buildings close to each other and you skip over potentially subverted networks for authentication or a slightly more secret comma network…takes a little more recon to spot and subvert a small RF network.

me July 16, 2015 10:40 PM

After doing some research into this topic (Extended Random, which was drafted by Eric Rescorla, and how it makes exploiting the native holes in dual elliptical curve easier) I think asking questions about their role and responsibilities within Mozilla are valid.
If this dude is in charge of anything non-crypto related then fine, whatever. But if he is responsible for TLS/SSL or similar, then I have “concerns” given their personal history with the NSA and pushing crypto backdoors. [1]

[1] Killed and buried conversation on HN regarding Mozilla’s “Eric Rescorla” and the “Extended Random” RFC…

Wael July 16, 2015 10:55 PM

@Nick P,

The average person is always excluded from these things

We want a solution for the average person (not that I have one.)

This was solely about subversion: justifying existence of and proving benign every aspect of the working tool.


With all of this, from my first post and this one, there will be a series of steps that are each small enough to understand.

You are building a chain of verifiable trust. A good proven method for building your castle 🙂

In the next room, people are using GCC on Linux trying to find the vulnerabilities and potential subversions… trying very hard with little confidence… (evil grin)

And the rooms next to it are full of people trying very hard to undermine and sabotage (subvert) their efforts 🙂

Good thing you didn’t exceed your absence time threshold! I was compiling a top 10 reasons why you were absent!

J on the river Lethe July 16, 2015 11:42 PM

I was just having some fun with the new horizons probe info. Hard to follow? Lol typing on iPad sucks. I am careful what points outward so to speak. Boilermaker? Yup still goes for defcon or a conference nearby. 🙂 nothing but the drink……

What I am actually working on is an idea. When I get it programmed like I want, I am going to let people chew on it.
It have been dancing like a hologram in my mind for a year now. Yea, I know it sounds mental. But Eidetic visual memory……..

The pork ham stuff doesn’t sound that interesting. Nothing really new. They just took existing and jacked up the signal so to speak. To me the more interesting stuff makes people go huh? Wha? How? And finally, how the f did you think of this? I like that kind of stuff.

Yes, they say one thing misdirect, etc. I think I am so jaded at times….
If they stood in front of the microphone wearing
1. Clown shoes
2. A sailor moon costume
3. Black and red sunglasses
4. Cat ears
5. Swinging a rubber chicken over their head
I would think they were just excited about the new deadpool movie as we all are and go back to my science shows.

Nick P July 16, 2015 11:44 PM

@ Wael

“We want a solution for the average person (not that I have one.)”

No we don’t. The societal security solution was the Bill of Rights. Look how well that’s worked out in the simplest case of “Avoid voting for politicians you know have already lied to you or accepted bribes.” See also #userssuckforcompsec meme’s. Like Oliver said in the Snowden skit: they don’t want to understand so much as you fix it or make it work. Hence, delegation is absolutely necessary and they must be able to decide based on who they trust w/ vetting mechanisms. They often suck at that, too, but get it right more often than INFOSEC. 😉

“Good thing you didn’t exceed your absence time threshold! I was compiling a top 10 reasons why you were absent!”

It could happen but more due to three, simulatenous car issues showing up without the money to handle that. Among a few other negative synchronicities. Budgeting and work are so extreme that I’m doing online things a bit less. Least I can cover the Internet bill so far.

Wael July 17, 2015 1:21 AM

@Nick P,

Least I can cover the Internet bill so far.

That’s sad for someone with your talents. I know how that feels. There was one particular year that my single meal every day was a 50 cent bagel and French Fries. Oh, and some mulberries for breakfast from trees 🙂 My suggestion is to move. I moved seven times to overcome such situations.

You can also develop a mobile security app and put it on Apple or Google stores! I’m sure you can do it, and you won’t write it in ‘C’ either! You can use Java or Swift 🙂

Clive Robinson July 17, 2015 5:25 AM

@ Wael, Nick P,

I know how that feels. There was one particular year that my single meal every day was a 50 cent bagel and French Fries. Oh, and some mulberries for breakfast from trees 🙂

I’ve done more than my fair share of “living of the land” both voluntarily and otherwise.

Those who know me, know I have my reasons for hating Christmas and the “festive season”. In my mid to late teens, I used to go and live off the land for a couple of weeks, initialy I took tent, axe, cook kit matches kinddling, emergancy rations and water, untill I got the confidence to just put a few things in my pocket and go.

It stood me in good sted when I “wore the green” and had to do “escape and evasion” excercises, when I did such things as sleep in “biffer bin” large refuse containers (safety tip, turn the dam things on their side such that the lid is held open by the ground and the wheels face in an impossible direction for automatic refuse emptying systems, you are after all using it as a shelter not a coffin).
During “training” I used to upset the trainers over “food”, they had this policy of “exchanging” what “fresh” you had scraped up / caught for “chemicaly enhanced cardboard” know to many as MRE’s (sometimes acurately called “Meals Rejected by Ethiopians). I’d bring back a bag of “natures fruits” including eggs, ducks, chickens, geese, rabbits[1] and the occasional hedgehog or snake, various herbs wild vegetables and other greens, berries and where I knew what they were mushrooms. In quantaties sufficient to satisfy a large “hyperactive fat bastard gland”. The instructors could not understand why I did not want to swap my “spoils of war” for what I told them was “a bag of chemical shite not fit for man nor beast”. Other course trainees did get some what demoralized when the best they had was “earth worms and berries”.

Much to my anoyance I failed one course because whilst I “escaped and evaded” I did not get captured, thus failed “interrogation” or what one who passed the course over a pint called a “bldy kicking” along with other commets about retribution. My OC was not amused by the “fail” but as even he ruefully admitted unlike those who had passed I would “still be at large upto my usual bldy minded tricks, which nobody friend or foe should have to put up with”… which probably accounts for why I got sent on a sniper / observer course and passed (on that course it’s the scope that “beats you up” and gives you black eyes, not the instructors). Life can be fun when you don’t have responsibilities to others, no matter what crock of mire society dishes you up, and I still enjoy the benifits of scrounging, roadkill and hedgrow as a cupboard full of preserves and potted meats shows 😉

Atleast when running around on a gut full of “squirrel” out of my teen years I was being paid to do it when “wearing the green”… which suggests a possibility. From what I’ve heard the US “weekend soldier” pay rate for “intel types” is not that bad, and atleast puts money in the bank (though the risk of getting a “full time upgrade” abroad is a major minus point as is the “secrecy requirments”).

[1] Technicaly “liberation of livestock” was allowed but frowned upon, whilst I did occasionaly help myself to “farmyard” I avoided –unlike others– kids rabbit hutches and the like. However the odd sheep, deer and one cow did make it into several pots and various peoples freezers on a number of occasions. This is most definatly frowned upon, not because of “rules” but the “paperwork” involved. However as a “civi” in the UK the “livestock theft” laws are more draconian than steeling cars, mugging and armed robbery… go figure.

Wael July 17, 2015 7:45 AM

@Clive Robinson,

I’ve done more than my fair share of “living of the land” both voluntarily and otherwise.

I can’t beat that. I have a very finicky stomach!

J on the river lethe July 17, 2015 10:39 AM

@nick, I hope things go better for you soon. Could you do some pen testing for someone? You can find templates for the reports, line up the software on a plan, finish in fairly short time. Get paid fairly shortly. Just a thought.

@clive, weal. I spent some time in a farm. You definitely don’t look at chicken the same afterward. Gotta say I admire you guys for living on the land. Guys who can live in pioneer style in Alaska? Hats off. It didn’t come up in my service as an opportunity. Having said it is pretty obvious I am not a apocalyptic prepper nor could I do it physically anyway. 😉

Clive, good grief man is there anything you haven’t done? Write a book, please. I would buy it. 🙂

@figureitout. After thinking about it, I was unnecessarily harsh on proxyham, plus made a slip on the name. Too much Jeff Dunham. Dunn Hamm. Lol Or another way to phrase it. My inner retard forced a rethink as Christopher Titus would say. 😉

gordo July 17, 2015 2:47 PM

@ Clive Robinson,

Over on the ‘Secure Chat’ thread, you wrote:

Thus PPT is rather more of a serious security risk than most people realise, I just wish they would wake up to what the US is doing with trade agreements, before the idiots sign on the dotted line.

That brought to mind a couple recent articles on TPP, Internet control, and sovereignty, respectively:

TPP: Think Pacific Peace
The potential benefits of the Trans-Pacific Partnership go beyond trade.
Marcus Loh | The Diplomat | June 25, 2015


Averting a Zero-Sum Game

“The Empire, long divided, must unite: long united, must divide.” This is the opening line of 14th century Chinese novel, The Romance of the Three Kingdoms. It describes a zero-sum game and a dynastic cycle that is perhaps reminiscent of the consolidation of power players beyond the auspices of “All Under Heaven” that have shaped the world order since. A Harvard study confirms this assertion, noting that “in 15 cases in history where a rising and an established power interacted, 10 ended in war.”

In today’s world order, Sino-U.S. relations take center stage. Peace and stability will require a balance of power within a partnership framework, and an agreement on norms reinforced by goodwill and cooperation. Given that, one might conclude that failing to bring the TPP into force might be bad, but failing to give China a meaningful stake in it would surely be worse.

This too, may be on the horizon:

A Fiber-Optic Silk Road
China’s Silk Road initiative has profound implications for cyberspace, as well as for physical infrastructure.
Nadège Rolland | The Diplomat | April 02, 2015

Together with planned roads, rail and pipelines, the fiber optic “Silk Road” will tie the Central Asian states more closely to China and Russia. These countries may also hope that the new cables will circumvent NSA attempts to eavesdrop on the data sent through U.S. IT companies. But they may well find themselves subjected to increased electronic surveillance by Beijing or Moscow, or both. Russia and China’s perceived security risks, reinforced by Edward Snowden’s revelations about the electronic surveillance carried out by the U.S. government through digital channels, will lead to more alternative routes provided by non-American companies, conceivably making it easier to seal off the global network if deemed necessary. Paradoxically, the emergence of alternative networks could eventually increase the digital balkanization of some parts of the world.

That said, I believe that here are some basic problems with TPP that would engender further downward spiraling, i.e., increasing sovereign submission to corporate interests, to wit:

Canada Claims It Will Back Out of TPP to Protect Its Sovereignty
Joe Wolverton, II, J.D. | The New American | 17 July 2015

In November 2013, portions of the TPP draft agreement published by WikiLeaks contained sketches of President Obama’s plans to surrender American sovereignty to international tribunals.

Another WikiLeaks disclosure in January 2014 revealed that the president was attempting to surrender sovereignty over U.S. environmental policy to international bureaucrats interested in lowering those standards to mirror those of our TPP partner nations.

U.S. copyright laws, Internet freedom, and web-based publishing would also be obliterated by the TPP, and, although it hasn’t been widely reported, the TPP would give the global government sweeping surveillance powers, as well.

Although the American people (and the people of all nations involved in the pact) are prevented from seeing or commenting on the treaty being ostensibly negotiated on their behalf, multinational corporations have seats at the trading table.

While the TPP grants corporate giants such as Walmart and Monsanto the power to bypass Congress and the courts, the elected representatives of the American people are kept from even seeing the draft version of the agreement.

As with the multitude of similar trade pacts the United States has formed, the ultimate aim of the TPP is the creation of a regional super government — thus the stonewalling of federal lawmakers who dare seek to assert some sort of oversight.

Taken together, none of this looks good.

tyr July 17, 2015 5:13 PM


Your take on Milspec rats brought tears of nostalgia to
my eyes. There are few things that can thrill like a
1934 packed can of chicken whose bones are black or
a nice can of half peanut dust and half oil. Country
boys and abos know the world is made of food just for
the taking. However do not try mudhens or gulls until
they are the last edibles around, toss the snake fat
before cooking. You can go a long way on weeds and
seeds. If you are unsure about anything use the old
method get someone else to try it first. Your line
did it that way that’s why you are here. Going really
hungry just guarantees you will live longer. That’s
the real secret of Okinawan and Mediterrean diets
the starvation levels they experienced in WW2. Eco
nuts thought it was the olive oils or seaweeds.

@et al

One strange effect of government overreach is that those
who don’t have a problem with them cleaning up the few
oddballs on the end of the bell curve, do have a problem
with LEO assumptions that everybody might be one of the
random nuts in the pudding. The FBI has a horrible record
in it’s dealings with people who wanted a better world.
Because they view any changists as the enemies of static
society. The inheritor of J Edgars Tutu and his secret
files on everybody politically active has a hard sell
for those who have read up on their behaviors. The IC
community seems to have tried to forge an invisible super
state outside the political process. When there is one,
conspiracy isn’t just a theory anymore.

LOL I hear Obama is going to round up brown folks, disarm
them and put them in camps. Is he going to be the first to
be incarcerated ?

Figureitout July 18, 2015 12:32 PM

j on the river lethe RE: pork ham stuff
–Yeah not interesting to people not interested in radio (however my ham stuff helps me TONS w/ electrical knowledge and also design (which I’m trying to get into, slowly) and is the next best thing to avoiding censorship and other kinds of shutdowns/emergencies). Not really “jacking” signal up much (still legal limits I believe), just having an appropriate antenna w/ a long skinny directional antenna pattern. I’ve got the “BOM” ready for people who want these adapters for attaching one to their routers (look up routers you can still unscrew the low gain omni-directional antennas), just going to have a better write-up for it.

This kind of stuff is good for mesh nets which will be useful once the internet turns into “china-net” worldwide or just a massive rate-limited adfest and totally unusable.

Nick P July 18, 2015 1:16 PM

@ Clive Robinson, Wael, Gerard

Why INTERCAL is better than PERL

Funny stuff. I suggested a true innovator would bring this level of clarity to the Web in the form of a web application framework. Then, a commenter sent me this. No words…

Note: I busted out laughing on the precedence, rules section of first article.

Wael July 18, 2015 3:01 PM

@Nick P,

Pretty good — Masterpice!

you just use the incomparably better COME FROM statement.

That’ll do it! Replace “goto” with “come from”! Ingenious!

3.4.3 Precedence

Precedence of operators is as follows

                                                     <cite> 1</cite>

(The remainder of this page is intentionally left blank)

1. Keep in mind that the aim in designing INTERCAL was to have no precedents.

I like the unprecedented precedence rules! He should have said something about recursion 😉

Nail clippings? Lol, this guy will absolutely hate Lisp.

It is always nice to see your name from place to place in your program listing. There was already the gcc implementation of the C language, which supports a -Wall option. With INTERCAL, you can regularly type your name in your program. Especially if your name is FORGET.

Starting a sentence with “especially” is not formally grammatically correct because “especially”, in this position, is a misplaced modifier that leads to confusion. I suspected you are the author (since you often use this construct), but I didn’t see the expression “I’s” used, so I’m not sure it’s you 😉 Don’t call out grammar errors in my reply 🙂

Nick P July 18, 2015 3:28 PM

@ Wael

“I like the unprecedented precedence rules! He should have said something about recursion ;)”

Yeah, recursion would’ve been fun. It’s also long past time to update INTERCAL with some functional programming constructs like other imperative languages are doing. Although, it’s going to be hard to top Unlambda’s implementation of lambda calculus without the lambda operator. 😉

“Nail clippings? Lol, this guy will absolutely hate Lisp.”

One could reimplement INTERCAL in Lisp. That will make it easier to parse and give it macros. INTERCAL designers could’ve made it a lot more interesting with macros.

” I suspected you are the author (since you often use this construct), but I didn’t see the expression “I’s” used, so I’m not sure it’s you ;)”

Bastard… Yes, your secondary suspicion’s were correct albeit for a different reason: I would not be seen writing for a PERL community given I have better write-once languages. I’ve recently added Verilog to that list via Scheme and C to Verilog compilers. 😉 Only a matter of time before I find some commercial use for it. Then, one day someone can write about the horrors of finding my product’s internal implementation rather than BSD/Linux’s.

Anura July 18, 2015 6:15 PM


Why not combined goto and come from?

a = 0
a = 1

print a

come from foo, go to bar;
#this program prints 0

Wael July 18, 2015 7:15 PM


Why not combined goto and come from?

Very good question! Give me some time.

Wael July 18, 2015 9:49 PM


At the surface, the answer may look something like this:

Because the “come from” is implicit and redundant (and therefore not needed.) It’s like someone asking you for directions: How do I go to point a? You say: Come from point B then goto point C, then A! The person will then say: Wait a minute! I already came from point D, what you’re asking me is an anachronism, it’s too late, I already took my path!

Thinking more about it:
The “goto” statement will transfer the execution sequence to a different path within the same process (or thread), whereas the “come from” statement will tell the invoking function to come from a different path. “Come from” is a command to a different process, unlike the goto!

“Come from” could also be a command to force an Initialization list of variables (state and context) instead of returning an error code or throwing an exception. For example, if the caller invokes a method that divides x by y, and y happens to be zero, the program will raise a divide by zero exception. If we use the hypothetical “come from” statement, we could ask the caller to “come from” a proper initialization path before calling us again.

Another example: Suppose you have a library that handles HTTPS requests, and a caller invokes the library on port 80! Instead of returning an error, the library would then issue the statement “come from” port 443 or “come from” a secure channel to the caller.

Maybe you can apply a more advanced usage in parallel programming for such a statement 🙂

J on the river Lethe July 19, 2015 11:02 AM

My advice would be to pick up new edition of The ARt of electronics. It was published in 1980 and had a reputation for decades as a standard. Working your way through is a really really solid footings. I pull it out from time to time. The old edition, I want the new one but I can’t buy everything I want at once. 🙁

If that is old hat for you, maybe it will point someone else to a good resource.

As far as ham. They are considered an important resource for emergency comms.

ASmith November 18, 2015 10:01 PM

@Benni I spotted two VPN’s in Ukraine, Russia being used to attack the KAD like customized DHT used by Retroshare 0.6.0x and got tired of the games the MITM was playing trying to transpose users IP’s and External Ports with those used by the attackers. In no case were they able to establish a actual connection, only mess with the DHT portion of locating a unknown Retroshare friend. Wanting to kick the Western PoliceState in the balls, I presented my findings to the lead Retroshare developer who then toasted the attackers by turning the tables back on them via a Blacklist of their IP’s, with automatic rangeing to deal with then two VPN’s. While we do have quite a number of Russians using Retroshare 0.6.0x and quite a few route now via Tor if possible, I strongly suspect the Goosestepping goons came from the USA Gov NSA who had rented multiple accounts in both of the original VPN’s I detected, charted and recorded over the span of several days and week.
Nick P, what a load of manure you spout about Retroshare vunerabilitys, Retroshare has one of the strongest TLS v1.2 encrypted connections that openssl provides with PFS protection further backed with 4096bit PGP keys that are armoured and only function with and by Retroshare 0.6.0x. I use a 8192bit PGP key on my main Retroshare account and 4096bit keys on my Tor and I2P Retroshare hidden services. No one has established any connection to any of my Retroshare instances by breaking any of my PGP keys guarding it. The Retroshare Channels and Forums use a sqlcipher database for even further encryption on posts, comments by users. Retroshare users have layers upon layers of security and encryption across the entire platform.
Retroshare 0.6.0x adds optional layers of anonymous, encrypted layers via Tor and I2P routed networks also, easily and quickly. I see actual Anonymous group folks using it daily, oh my.
@Benni, thanks for referencing my step-step setup for enabling a Hidden Node Retroshare routed through Tor as a Hidden Service. I’ve provided the steps, examples and a great many have applied them with good, stable results. Retroshare has moved over to github and in the process of updating many documents. Extensive documentation on configuring RetroShare for the Tor Network is found here
@Schneier I would love to include 3-Fish with Retroshare in any tool or area where that would be useful. If at any time you wish to give Retroshare 0.6.0x a install and test drive, please drop in and say hello. The application is secure and you’d be very welcome. Retroshare GitHub Main Website you can also reach me via the Freenode IRC #retroshare which I help new Retroshare Users and those interested and the general beta testing the main developers push out into the master branch.

Nick P November 19, 2015 8:28 AM

@ ASmith

“Nick P, what a load of manure you spout about Retroshare vunerabilitys”

RetroShare has…

“strongest TLS v1.2”

“4096bit PGP keys”

“8192bit PGP key”

“sqlcipher database”

“layers upon layers of security and encryption”

“optional layers of anonymous, encrypted layers”

“Anonymous group folks using it”

Wow. Lots of crypto, buzzwords, and security features. So, what assurance activities went into the design and evaluation of the protocols it builds, the implementations of all those, the client itself, and the endpoint? Our enemies don’t attack features so much as implementation problems of the aforementioned. Avoiding those usually takes elite designers and coders if not just tons of people finding flaws and fixing them over time. You can measure the latter by telling me how many severe bugs people have reported for it. There’s should’ve been many given your language, app complexity, and pace of development. If not, then it’s not getting any thorough review by 3rd parties.

So, the question is, have the above been carefully specified, reviewed by experienced security engineers (esp cryptographers), implemented by top people in secure coding, and on platforms immune to 0-days in OS or firmware? If so, I was probably wrong about it containing 0-days waiting to be found or being bypassable by platform 0-days. If it doesn’t have these traits, then you have a lot to learn about what makes something secure against the adversaries that are worth worrying about. Good luck with that. Here’s you a start.

Meanwhile, I might use eventually for slowing or stopping snoops without capabilities of police, intelligence, or high-end criminals. It might stop them. For High Strength Attackers, the best method is using tamper-evident, disposable boxes connected to WiFi points with wireless link back to user. Cool thing is you can often physically see the attackers hunting you if you pick your spot right. Traffic or covert channels should go over regular HTTP and HTTPS to blend in with rest of the web. Tor, I2P, RetroShare, and so on just tell their systems to focus on you instead of others. Really dumb idea given their capabilities. Tor has enough take-up and review that it’s probably safe enough to use for obfuscation. That endpoint will be watched and maybe attacked. So, should still be a disposable.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.