Dark State Canary August 28, 2015 7:12 PM

Cell phone spyware is everywhere –

So what’s the best way to identify the source and type of that pesky, sneaky spyware some troll stuck on your cell phone? NYC Private Investigators say it’s very unusual to be able to positively confirm the presence of spyware on a cell phone. Is this true? Why?

P.I.s often use Cellibrite systems for cell phone data recovery fitted with a BitDefender module for malware. Is this the best approach? Is there a better way?

Here are cell phone symptoms, sure looks like cell phone spyware to me:

What’s the best way to confirm and identify the presence of spyware on a mobile device?

Bob S, August 28, 2015 7:34 PM

A friend impulsively installed FREE! Windows 10 on his computer apparently because it was FREE! then wondered why it was acting stupid and slow. Would I look at it?

OMG! The privacy option pages were very scary in person. MS wants to Mass Surveillance everything. Literally. Unless you opt out of course.

My fingers got sore working about a hundred sliders.

Anyway that prompted me to make the plunge to Linux Mint 17 on a bootable USB stick and must say I am very pleased so far. Anyone who has worked under the hood of Windows can certainly be up and running with Mint in less than 10 minutes once the USB is ready. Mint is quick and there are a great many installed packages like LibreOffice not to mention Firefox, media apps and so on. There is also built in encryption.

One tip: Of course you must change the boot order to boot from the USB. On mine all that was necessary was to choose “Legacy” BIOS as opposed to the default “UEFI” on the boot order screen.

I am beginning to think LINUX is finally ready for prime time. BTW, it’s free, too.

Steve August 28, 2015 7:50 PM

Bulk collection – No Standing to sue.

Ok so It is known (FOIA) that bulk collection of untold millions of phone records have taken place for a long time, but no one individual can penetrate to gain proof that they were swept up in it.

My question is can a class action suit with a very large group of N plaintiffs prove with statistics that some percentage of them were swept up with probability 1.0, in which case would the plaintiffs as a group have standing? Who could do the math here? Or would the gov still say you can’t prove which ones…

Clive Robinson August 28, 2015 8:34 PM

@ Bob S.,

I am beginning to think LINUX is finally ready for prime time. BTW, it’s free, too.

If you pick the right distribution it’s probably going to be FREE of spyware* as well 😉

  • I can’t say that for the apps though, but the likes of Debian in the past has been fairly good on this score. As for Googles Android… what can I say, let’s just say that they’ve had to pull quite a few “nasties” recently from their store…

65535 August 29, 2015 1:08 AM

@ Dark State Canary

I have a relative who is an attorney. He advises PI’s on some of the legal issues with this cell phone spyware. He tells me it is astounding the type of smart phone interception devices marketed to PI’s globally. He basically says if a PI wants your voice, text and location he can get it.

I just wonder how large this Smartphone spyware industry is. The next question is when Drug Cartels will start to buy the stuff. It’s a world wide market.

As for determining if your iPhone or Android is infected, you might ask Clive or Nick P.

Wesley Parish August 29, 2015 2:25 AM


I’ve just been reading Data & Goliat6h, and when I got to

Unlike in the EU, in the US personal data about you is not your property; it is owned by the collector.

I had to take a walk to digest this.

What an incentive for fraud! What a boon for fraudsters! It disconnects data from reality. If data collector X “owns” my data, data collector X is not under any obligation to see that it is in any way correct. Nor is there any sunset provisions on a company’s own data, except of course when it’s under scrutiny by the authorities … so much like the fraudulent “derivatives” market …

I hope Chinese investors take note. The Chinese authorities are much, much stricter on fraud than we are in the West. I think the Chinese authorities should put the United States under watch, and discourage investors from investing in the US until this incentive to fraud is eliminated.

rgaff August 29, 2015 3:16 AM

@Wesley Parish

I completely agree… and it is why figuring out ways of denying collectors from collecting the data in the first place is really paramount in backwards nazi-like countries like the usa! Not that this is always possible, but it is much much more than “default” if you get creative…

Curious August 29, 2015 4:11 AM

Edward Snowden related

There was one story of 27. July by national broadcasting corporation’s online news site (NRK), with a couple of articles for two languages about there being undisclosed documents that showed US pressure to solicit an extradition of Snowden from norway, and it is pointed out in the article that other European countries have likely received such notices as well.

NRK has put up two similar articles, one in norwegian and one in English, however they are somewhat different, and the one in norwegian also has more text and an additional document linked. I haven’t checked to see if there are more recent articles.

The norwegian version has 7 hyperlinks to faximiles of documents/email in pdf format at the bottom, and the English one has 6. Comparing the content of the document files in the links, they seem to show the same content, with a couple of exceptions. One document has been doubled in length to add an English translation to the latter half. The other document seem to be omitted in the English article.

The omitted and brief document dated 5. July 2013, from the norway’s “Ministry of Justice and Public Security” to the state attorney is afaik not linked to in the English article. This letter start by referring to a phone conversation between the two parties and has the title “Anmodning om eventuell pågripelse – Edward Snowden”/”Request for possible apprehension – Edward Snowden”(my attempt at translation). It refers to an enclosed copy of diplomatic note no.54 from the US embassy and to an extradition treaty of 9. June 1977, and asks of the state attorney to take this request into consideration in the case that “Snowden should come to norway”. Finally, the letter makes a point about how they believe there is no warrant for Edward Snowden in Interpol at present time. Letter indicates that a copy of the letter was sent to ‘Kripos’ (norway’s version of FBI I guess) at Interpol. (Important?)

Note, I see that the wording/language of this letter to the ‘state attorney’ from the ministry of ‘justice and public security’ is somewhat different than the letter from the ‘state departement’ to the ‘ministry of justice and public security’, which may or may not be of importance. First it is made a point of how Snowden should be ‘arrested’ if ‘arriving’ at ‘norwegian territory’, but in the letter to the state attorney, the wording is about “should Snowden come to norway”.

I would say that the letter having made a point with the precise wording of “should Snowden come to norway” might come to mean more than being about someone arriving to norway. The NRK story as I understand it, alleges that US embassy hasn’t received a reply to their request in any way, so I am inclined to think that norway has both seemingly not responded to the request of USA, while also, effectively by wording, possibly kept having a pending case against Edwards Snowden up to present time, because the words “should come to norway” imo could mean any hypothetical case for which it is believed that Snowden, even as a remote chance, might end up in norway somehow, thus being more of a proactive concern than a mere concern as if after the fact of Snowden having arrived to norwegian territory.

In the NRK story, it is pointed out that Snowden’s legal advisor knows of similar documents from Germany. Afaik the article doesn’t say anything about how these documents came about. There are some graphics that indicate some of it is being classified as (U//FOUO//REL TO USA, DNK, NOR, SWE, FIN)

“What is troubling to me is the suggestion that if Mr. Snowden showed up in one of these countries, he should be promptly extradited – before he would have a chance to raise his humanitarian rights under international law, he says.” Snowden’s legal advisor Ben Wizner.

The norwegian version makes a point that the police has a case file number on Snowden (English) (norwegian)

Note, I’d claim that norwegian media isnt’ good at quoting people, so one can’t trust a quotation to be a direct quote, or if it might effectively be a paraphrase.

Also, whatever a country like norway were to eventually decide in any case, it probably isn’t anti-USA in any case. Fyi norway is a country that have on the record as having no issue at all having lent out war material to USA in its warfare against other countries.

Having read the recent news about how US’ FBI is to have previously solicited for the extradition of Edward Snowden from some Scandinavian countries, I incidentally looked up “political crime” on Wikipedia and I think I might have learned a few things. I know very well that Wikipedia isn’t the final place to go for any kind of hard fact checking as such, but this will do for now.

I have no idea what defense lawyers around the world think of this, but according to the Wikipedia text, crimes of “treason” is thought of as being political crimes, as opposed to “state crimes”, because of how treason is deemed to be threatening or directly challenging the state/government.

This looks almost too easy to me. With the government of USA being antipathetic to Edward Snowden as a person and likely thinking of him as a criminal , it never occurred to me before that crimes in general could be considered ‘political crimes’ in “criminology” as is pointed out on Wikepedia.

It would not surprise that if Snowden got on a plane, the plane would be intercepted and diverted to some pro-USA country, if not flying straight to some area deemed USA territory, but ofc, I am no expert in such matters. Heh, a commenter in an article somewhere suggested that such people should instead be moved by train. Not sure what would be more complicated, a flight perhaps across the airspace of multiple countries, or by train, across multiple countries.

Curious August 29, 2015 5:59 AM

NRK (norwegian national broadcasting) had another article about Snowden I see now, but the article is in norwegian. Looking at this now it seems as if this explains something about how they found the documents mentioned in my earlier comment here. (not in English)

Here it is alleged that the department documents had been kept out of view for over two years. Department documents is by law required to be posted to a journal that the public can read, or at least get to know about. It is unclear to me how undisclosed stuff should be handled with regard to secrecy rules, if simply to be omitted in its entirely, or simply referenced in some limited way in the public and open system that provide online document files to the public.

The authors write that they found “the documents’ existence” when trying to retrace how the bureaucracy handled Snowden’s asylum request.

I am not aware of norway having some kind of FOIA law. I would think that you have to go search and find stuff for yourself online, search tool provided by the government. I guess they simply solicited the departments and ministries directly.

On the reporter’s receiving a list of documents about Snowden’s asylum request, and asking for the documents from the US embassy, they were denied. It appears then that they were kept hidden from the public, as I remember reading about that practice some time ago, by some generic secrecy rule, by the state department implying that exchange of sensitive information between countries require such sensitive information to not be disclosed to the public.

Ofc, I think these reporters should have known about the government’s publication rules from the start. As mentioned, it is to me unclear by the story, if there might have been an issue with documents being wrongfully kept hidden as per rules, or on the contrary if having been kept hidden in some approved way, or if being partially hidden and partially referenced.

Four months after filing a complaint with an ombudsman, the reporters was given access to documents, seemingly because of how there was also an extradition warrant (my translation here) about this case that came up when reviewed.

The article make a point early on in the article, about how one might wonder how many documents are kept hidden this way. Apparently, the departments and ministries decided to keep the lot of the documents surrounding Snowden hidden from the public.

Thomas August 29, 2015 6:04 AM


I am beginning to think LINUX is finally ready for prime time.

As a long-time Linux user I often wonder if/when Windows will be ready for prime time 🙂

I used to be dismissive of people who claimed Linux was too hard to use.
Then I had to use Windows after a long hiatus. It was rather humbling to realise just how difficult it is to use a system you’re not used to. Everything was in the wrong place, all the useful stuff was missing and a bunch of useless junk kept leaping out at me.

The exact same reaction a Windows user would have on Linux…

So… I suggest that Linux is ready for prime time, and has been for some time.
However, like any complex system, it takes some getting used to.
I suspect that it’s no more jarring than taking a Mac or XP user and unleashing them on Windows 10 (Windows 9? Windows Nine? Windows? NEIN!).

Czerno August 29, 2015 7:24 AM

@Curious, @Not surprised :

It’s been reported – even on to his blog, iirc –
that defeated Germany has been bound by secret provisions of treaties which in effect make her a vassal state /in aeternam/, at least limiting her ‘sovereignty’ wrt the USA and allies.

Curious August 29, 2015 8:23 AM

Off topic, of sorts:

I am fascinated by the obscure meaning in this one message on Twitter:
“Practical quantum crypto without a non-quantum channel to distribute conjugate basis? I want to see this.”

Even more fun for me (not a scientist, nor a mathematician) is to ignore the apparent context, which was an article from ‘Scientific American’ linked above here.

I’ve always wondered if the math behind quantum mechanics could be used to subvert crypto, as if designing an encryption scheme with some very clever and obscure backdoor of sorts.

Please indulge me, the following is highly idiotic and intended to be very imaginative, the following isn’t supposed to make strict sense, it is the best I could do atm. A lot of name dropping going on here off things I vaguely recall from Youtube videos:

I won’t pretend to really understand quantum mechanics in physics or the relevant math, but what if every bit value processed for some cryptographic scheme, for encrypting something, could be represented by overlapping ‘parity transformations’, with each square matrix of real and imaginary numbers ALL being the complex conjugates of each other, either yielding a positive or a negative (effectively 1’s or 0’s), as if a “quantum-math-analysis” of some backdoored crypto algorithm worked by extrapolating each bit from a string of bit numbers to be encrypted into some kind of overlapping structures (permutations) of matrices, a structure that was self sustaining through permutations until the very end, for which an encrypted message somehow was produced. Then, as some kind of wishful thinking, you could reverse/inverse it all back into plaintext, simply because the algorithm was crafted that way (or maybe simply because future quantum crypto turns out to be a disaster math wise some years from now). 😀

Btw, anything ‘complex conjugate’ seem imo eerily sort of similar to how all points for an elliptic curve is plotted in a coordinate system, specifically when I imagine how both are mirrored across the X axis in a cartesian coordinate system. What if parity transformations (point inversion/reflection) could be used for some kind of “backdoor math” for ECC crypto?

Also, probably entirely unrelated, I just noticed the following looking over a Wikipedia article; I am wondering, if “Complex conjugates are important for finding roots of polynomials” (from Wikipedia), maybe you could use “complex conjugates” to build a backdoored encryption algorithms/schemes?

Curious August 29, 2015 8:30 AM

Btw, it is ofc not my intention to lower the quality of comments on his blog, so if the ppl. running this blog think this is too much, pls, give consider sending me an email and I’ll refrain from sharing my vague ideas in the future. 😛

ianf August 29, 2015 8:45 AM

Sometimes corroboration for the lingering suspicion that we already live in Orwellian times can be found in the most unlikely quarters. As in the Vulture/ New York Magazine’s review of Jonathan Franzen’s literary output to date:

The Big Idea in Purity belongs to [Franzen’s protagonist] Andreas: his theory that Google and Facebook constitute the new Stasi. So anti-communism has morphed into technophobia, and the internet is the new totalitarianism. […]

sena kavote August 29, 2015 9:22 AM

How diversity of operating systems could help against BIOS malware

This is my assumption here:
BIOS malware has to replace something from the operating system. Most likely a part of kernel would be replaced. That replacing part needs to be customized for a particular kernel. So it seems to me that if the BIOS malware needs to prepare for more operating systems, the sizes of the replacing parts have to be smaller in order for all of them to fit in BIOS. If the BIOS malware has to work with Linux, FreeBSD/PCBSD, netBSD, Minix3, OpenBSD, dragonflyBSD and Windows, then the space for the replacing parts is divided by 7. If our example BIOS chip has 8 megabytes of space, of which 1 megabyte is needed for normal things and for some generic functionality of the BIOS malware, then there is 7 megabytes for payloads to different operating systems. Having 7 possibilities for operating systems means that, on average, every one of those listed OS could get 1 megabyte instead of 7 megabytes replaced by malicious code. Then there are all the different versions of one operating system’s kernel. For example, Linux kernel could be newest 4.0 line or long term support version like 3.13.0. Also, the software that installs OS on a hard disk could use some randomized light obfuscation when compiling.

Is this right? If so, what could be the actual numbers with some common BIOS chips? How much the reduced payload sizes could actually help?

ianf August 29, 2015 10:40 AM

There are several potentially interesting books among the 25+ recently reviewed by Geoff Manaugh of the BLDGBLOG (tagline: “architectural conjecture :: urban speculation :: landscape futures”). Here but 3 of them:

#3) Ghost Fleet: A Novel of the Next World War by Peter Singer and August Cole

#4) Future Crimes by Marc Goodman (previously already mentioned here by nym).

#11) War Plan Red: The United States’ Secret Plan to Invade Canada and Canada’s Secret Plan to Invade the United States by Kevin Lippert

BTW. I found 2 title variants of #4 above:

    Future Crimes: A journey to the dark side of technology – and how to survive it Bantam Books Feb 2015 (paperback & hardcover), and
    Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do about It (Doubleday – presumably a hardback)

Are they the same book for different markets, or two somehow differing editions?

Meta August 29, 2015 12:46 PM

Great news for Portugal.

The Constitutional court did not approved a law that would give the Secret Services (SIRP) access to metadata regarding financial and telecommunication records.

This law has been proposed by the 2 major parties in Portugal. The social democrates (PSD)
and the socialists (PS). There is a long tradition of political combat between these
two parties, nevertheless when it comes to setting up legal frameworks for increasing
the power of the secret services they all seem to agree.

An interesting fact is that from a total of 7 judges of the Constitutional Court,
6 voted against the law and 1 in favor. The one who voted in favor was a former director
of the Information Security Services (SIS) named Jose Teles Pereira.

Parties comments about the ruling follow the lines of “This is only metadata we are talking about….blah blah blah .. and we need to convince the judges…”

me August 29, 2015 1:17 PM

@sena kavote

BIOS installs keylogger via SMM mode (ring -2). Keylogger is not OS specific (it interacts with the keyboard controller directly). Information is squirreled away in writable firmware for later retrieval by either physical extraction or other targeted attack.

John Galt IV August 29, 2015 2:13 PM

I’m OK with vague, rambling speculations as to the nature of reality. That’s what this is. I had been thinking that a system monitor could provide some assurance that undocumented features of a CPU/chipset/motherboard, etc. aren’t being utilized. The observer must run on trusted hardware, not the backdoored system under observation. In previous iterations I had suggested FPGA-based models could be built from chipset data sheets, but that introduces any weaknesses in the FPGA and toolchain into the composite system. I assume that people much smarter than I am, who not entirely coincidentally have a lot more resources, already have ploughed this field. The spookwerks output won’t be in the public domain, but there is a lot of good scientific literature from universities. The fatal (or nearly fatal) weakness of the FPGA approach is that it will almost certainly run slower than dedicated hardware. It might be acceptable to slow the clock on the commercial hardware so that the FPGA can keep up for 100% comparison. Or it may be acceptable to verify only some subset of instructions. Previously, I realized that any sequence of instructions can be treated as a trajectory in an arbitrary dimensionality n-space. There will be some data visualization method that could convert the trajectories to graphs that can be viewed, and automatically monitored by a neural network. This probably overlaps pretty well with what commercial antivirus/antimalware does, except that runs on the suspect system. This line of thinking also applies to natural language (conversation is a sequence of trajectories in n-space) and there should be plenty of literature on natural language processing that applies to interpretation of trajectories and use of neural networks. Dimensions can be added as needed to address other aspects of the instruction sequences, such as the memory locations accessed, and the values in those locations, and the values resulting from the calculations. The trajectories can be thought of as fingerprints, in that bad trajectories (unwanted code/undocumented features) are different from the desired system operation. The sticking point is training the observer by getting known bad sets of instruction sequences and recognizing novel bad behavior. This is another point where crowd-sourcing can come into the picture in that statistics from large numbers of users would be valuable. If these general approaches were add-ons to an open-hardware project, enough people might run them to be able to see the differences between good behavor and bad behavior. An alternative to software monitoring of the CPU/system state trajectory is to monitor the CPU through a powerful side channel. For example, an array of ferrite rods with small coils on them can be mounted in close proximity to the bare silicon (ignoring the difficulty of accommodating the heat sink/ball grid array) to pick up the electromagnetic signature across the chip. The signals of the coils can be treated as trajectories and correlated to processor behavior. I assume that if I look in the scientific and patent literature, I will find out that people much smarter than I am already have ploughed this field. You’d think that someone could make a lot of money by offering tools that provide assurance that business intellectual property was safe from various bad actors.

Slime Mold with Mustard August 29, 2015 2:14 PM

@ Steve

The “no standing” ruling really pisses me off. For our non-US readers “no standing” means that the person filing the lawsuit cannot show that they were harmed our that their rights were violated.

The plaintiff in this case could not prove standing because the records are secret. Effectively, the government can legally avoid justice.

I am willing to believe that the NSA has no intention of ending or even reducing its bulk collection programs. You might recall that when the USA Freedom Act was first being discussed, we were informed that the NSA had already been considering ending the program, which, “for technical reasons, consisted mostly of landline records”. That’s what they said . What they meant was “no reason to snoop around this topic anymore”.

We do know that the two largest carriers were targeted. We know others were. It is impossibly naïve to believe nearly all were/are not.

Xelandre August 29, 2015 2:16 PM


I am not aware of norway having some kind of FOIA law. I would think that you have to go search and find stuff for yourself online, search tool provided by the government. I guess they simply solicited the departments and ministries directly.

It does, and I would bet it dates back at least from when Norway was still part of the kingdom of Sweden, home of the world’s first FOIA statute.

They have a nice online site with a catalog full of documents with promising titles, and an interface for ordering.

That’s the theory.

But in practice…

My experience with that system was humbling.

I request from a certain govt. department 8 or 9 different documents related to a topic in which I have a keen interest. The language is sufficiently close to ones I’m familiar with so that I could still decipher it with some effort.

Only a couple of the stuff which I actually requested made it to me, but it was in fact irrelevant cover letters I could have dispensed with.

Some other “wrong” stuff was sent, without any direct connection with what I asked, but with a “positive” decision. Probably because it made the authority look better.

Strangely, a real gem of a document connected to my query was sent, but which I had never ordered, together with a negative decision stating it couldn’t be released.

The online catalog did show that all the documents I was interested in were releasable without restriction. I’d have to see whether the classification changed.

I pointed out to the authority the mess the made in the handling my request, and demanded a fully reasoned decision, in view of making an appeal with the national Ombudsman’s office, but after almost a year and several reminders, I finally got a reply meekly asking me whether I was still interested.

So much for that hallowed Scandinavian transparency.

I have experience with FOIA under 8 different statutes, if I count correctly, and nearly as many countries, has been rather mixed up to now. You must be patient, determined, and show that you’re ready to take them to court.

Some techniques are:

  • Excessive and arbitrary search and reproduction fees
  • A deliberately literal and narrow interpretation of your request
  • Acute passive-aggressive behaviour
  • Incomprehensible delays
  • Just plain stupid, clueless, answers.

My best experiences were in obtaining previously released information. Big deal.

FOI most certainly costs a minute fraction of what states spend to know everything about you. Yet in places like GB, the politicks are talking about “abuse” and are floating ideas abut restricting FOIA access by slapping high fees.

Slime Mold with Mustard August 29, 2015 2:41 PM

Re: Future Crimes

The Bantam edition is UK, the Doubleday US. We Yanks find that colourful lingo a sticky wicket.

thevoid August 29, 2015 4:09 PM

@David Henderson

Wonder why none of the Russian or Chinese hackers have been droned.

because bullies always pick on the weaker ones.

Jacob August 29, 2015 5:48 PM

Extend and extinguish. But no “embrace” here.

  1. Yesterday it was reported that the British Library refused to accept a donation of rare collection of Taliban writings from the 80’s or so, including newspaper clips, poetry(!) and essays, on the fear of being held in violation of some terrorist acts that criminalize possession of terrorism-related material and Jihadist literature. They have received some legal advice not to touch it.
  2. Retweeting supportive comments on Jihadi stuff or in support of ISIS leadership will land you in jail. The same if you make a false statement about your twitter activity to a FBI agent.

No constitutional provision will stand in the way of a federal agent when he is tasked with saving his glorious country.

Comodo August 29, 2015 6:46 PM

@David Henderson, thevoid, Jacob:

I would imagine not many of us will shed a tear over the loss of murderous machete-wielding fundamentalists or their propagandists and recruiters. The legality of the strikes is for the UN and American lawyers to assess (assuming they really had the balls to even check). I am, however, curious as to specifically how the NSA identified and geolocated an accomplished hacker who was operating from within a hostile territory with sufficient certainty as to send in the big RF toys.

Comodo August 29, 2015 6:50 PM

(I mean, we\’ve all read the ANT catalogue, but the guy wouldn\’t have been stupid enough to, say, tweet from a Windows 10 laptop and share his Candy Crush score with his jihadi friends from his stock Android phone, would he?)

Thoth August 29, 2015 7:24 PM

@Curious, all
Re: Snowden’s survival

Would it mean that Snowden has to be protected in countries that he had not leaked about and those countries must have a grudge against the 5Eyes like South America (Venezuela, Argentine …) and the Pro-Russian blocs ?

I can imagine if Snowden were to leave Russia via the Baltic Seas or over 5Eyes friendly airspace, Warhawk Big Boss (UKUSA) friendly nations might scramble jet fighters to intercept planes suspected to carrying him to a 5Eyes friendly airbase…. and I believe I saw some news somewhere a while ago that it already happened ?

Oscar Ahlbrand August 29, 2015 8:08 PM

“and I believe I saw some news somewhere a while ago that it already happened ?”

As far as I know, no jet fighters have been scrambled over Snowden. In 2013, the private plane of Bolivia’s president, Evo Morales, had to be rerouted after Spain, France and Italy denied it access to their airspace, following order… er, advice from the USA. The plane landed in Austria, where officials requested to search the aircraft (probably because they suspected that Snowden was hiding on board, which was not the case). Stupid and insulting as it was, it’s still a far cry from scrambling jet fighters.

rgaff August 29, 2015 9:40 PM

@Oscar Ahlbrand

It was still an act of war against Bolivia… It also proved that Spain, France, Italy, etc, are USA puppet governments, not truly independent nations.

LMN August 29, 2015 9:41 PM


Good stuff. Hope you aren’t sincerely confused, cuz you certainly ran the important bases. “You’d think that someone could make a lot of money by offering tools that provide assurance that business intellectual property was safe from various bad actors.”. People do of course. The problem is that the customers are just the richest bad actors, ones that have the means, motive, and opportunity to prevent things like “general approaches [as] add-ons to an open-hardware project” from being accessible to the ordinary human citizen. All of your talk about FPGAs seems to knowingly dance around the fact that we know that Xilinx is as much in the pocket of the neo-stasi as Google and Mozilla and the EFF. All of your talk about trajectories just sounds like obfuscation of ‘pattern matching’ which we all know would be a key part of real solutions built on real foundations, if such real foundations were ever allowed to exist by the propagandizing disinformation loving NSA and CIA. The bottom line is yes, we are all not retarded, at least in our visions of what is conceivable. But what we can get transcended from the conceived, to the actualized, is clearly completely being retarded at the point of guns by the NSA and CIA. They don’t bat an eye at collateral murder, and collateral torture. They won’t let people who think like us actually succeed in lessening their dominance and ability to instill a well calibrated sense of learned helplessness in anyone who might dissent knowing what Cheney can do to an old man’s face with a shotgun and get away with it without calling the police.

rgaff August 29, 2015 9:50 PM


I can’t quite find the article about it now, but it was shown that a CIA “rendition” plane was scrambled to fly into Europe near Russia, when Snowden was on his way there… This was shown immediately after Stupid Obama said he “wouldn’t scramble jets” to capture Snowden… only… he did… just not fighter jets… made him look like his usual stupid lying self.

FireWiretapped August 29, 2015 9:51 PM

Hello all, I need some advice on an issue involving FireWire and sharing files.

I recently made the mistake of letting a new business client plug his Mac computer into mine with a FireWire 800 cable to transfer about 50GB of files. Only after the fact did I learn how FireWire is extremely unsafe due to its read/write direct memory access (DMA), potentially exposing everything including my disk encryption password. However, it turns out my processor supports Intel’s VT-d system, which blocks DMA attacks, so maybe it wasn’t such a serious incident after all. I have no evidence that my computer was tampered with, but it still makes me nervous; I’ll never be using FireWire again and I’ve changed my disk encryption password.

My main question is how could I have done that file transfer in a safer way? What are some methods for transferring large amounts of data (such as 50GB) with an untrusted party while staying safe from risks like DMA, BadUSB, and the like? I’m fine with sharing small files on cloud storage, but the upload/download times are unreasonable for 50GB of data. I’d also rather not have to buy and give away a new external drive each time I need to give someone a file; I’d be willing to spend some money on a solution, but not on an ongoing basis like that. Any suggestions/ideas?

Thanks for any advice you can share.

FireWiretapped August 29, 2015 10:24 PM

(Adding to my last post…)

I just found that companies like IronKey and Kanguru sell USB disks with signed firmware to prevent BadUSB attacks. So this is a possible solution to my problem. But I’d still like to know if you folks have other ideas too.


tyr August 30, 2015 12:01 AM

@rgaff, Thoth

The documentary covering the great escape (Snowden)
is available at

From browse it is right above Citizen Four in the menu.

It is worth watching but StarFleet Hayden has given
better performances. If you spent your life in a chain
of command your view on independence and freedom is
tainted to say the least. Once you dig that rut deep
enough you can’t see out of it.

The idea that a democracy has to have an informed
polity doesn’t seem to penetrate the blockheads who
are in the IC.

Of course their mad scheme to create an unaccountable
shadow government for most of the world has been some-
what apparent for years. The fact that collusion with
foreign nations is treasonable no matter what high
sounding excuses you present is no deterrent to those
who feel no laws should apply to them.

cinical August 30, 2015 12:18 AM

Sometimes the antagonist is the safer choise.

Sometimes, somewheres… in a land far far away, goes the lone stranger…

The trove he left, buried in a legend, to be told and tbd…

The man who walked away is known as Snowden…

Thoth August 30, 2015 12:39 AM

Regarding IronKey and the likes, if you search the older posts, many of us did caution about backdoor and poor implementations if security as one of the problems with these so-called “secure” USB sticks. It is just marketing and they do not meet high quality standards. Their FIPS 140-2 Level 2 certification or Level 3 certification can be easily obtained.

There are cases where security products have fatal bugs and weaknesses that should not have existed and also somehow were missed during closed doors evaluations by standards labs which makes them much worse. The worst part is they are a blackbox where you can’t easily audit them and the manufacturers and vendors may turn hostile to researchers which they deem are threats to their survival in the business of snake oil peddling.

Regarding the firewire incident, you can prepare to throw your system out if it’s critical to you. It is considered tainted in the strictest sense. But …. not everyone can afford such a waste of elctronics so you can relegate that machine as an Internet facing or Gaming PC and not capable of doing mission critical stuff.

The best way to transfer files is to use concepts of Guards and Data Diodes. You would usually network transfer files to a Secure Network File Server running on a TCB from a Black Zone and then either do a one way file transfer across a Data Diode network (Red Zone) and from with the Red Zone use another Secure Network File Server tonretroeve files. You can open the Black Zone to clients to upload files.

If those are too irritating to setup, you can simplify it by removing the Data Diodes and simply use a Black Zone Guard for file upload into Red Zone Guard and you use a clean and restricted laptop running off a TCB OS to download from the Red Zone Guard. The Guards are simply OSes running trusted OSes which are harder to infect. The received files on the Guards should be strongly hashed and compared to ensure those files are what you intend to receive only as a low assurance means to mitigate malware.

Before you go about your personal protection, evaluate your life style and setup a personal safety and protection domain and policy to live your life and set your own security standards.

Cryptography has already met it’s limits in the sense encryption will not protect you in anyway. It js a combinationoff personal habits, corporate policies, TCB, crypto, knowledge, practical experience and maany other operational amd technical means to poise yourself to somewhat more assured in safety, privacy and security.

ianf August 30, 2015 12:57 AM

@ SlimeMoldWithMustard

If sales maximization was the cause for that title adaptation, shouldn’t Doubleday have gone the whole hog & called it “Future Crimes: How Everything Being Connected Spells S.O.C.I.A.L.I.S.M For America,” with the cover picture of Russki-types wielding smartphones with visible emission patterns entangling a golfer in HelloKitty pants?

[& doesn’t it look like I have a future in the book retitling business rhetorical Q]

Wesley Parish August 30, 2015 1:14 AM

@Bob S, Clive Robinson, Gerard van Vooren et alii

re: Linux and MS Windows

I’d been using MS Windows alongside Linux for quite some years before an unfortunate set of circumstances forced me to rely on MS Windows 7 (the PC crapped out: it was old) and onto an HP MS Windows 8.1 box. (I intend upgrading it to Linux: I’m currently undecided on whether or not to wipe the MS Windows installation … 🙂

I regard any OS that allows a periodic switch from any window in focus to the root window and then any other window it likes, as being fundamentally flawed: it’s standard MS Windows behaviour. I don’t understand Microsoft Corp’s logic in releasing this behaviour onto the world – I don’t recall it happening in MS Windows 7 or previous releases/iterations, though I am open to correction there. I think that harassment factor outweighs MS Windows’ “familiarity”; I think Microsoft customers need their heads read.

In short, Microsoft Windows 8.1 is NOT ready for the market.

Not surprised August 30, 2015 1:17 AM

Re: Snowden


How is a phoned-in no-fly zone along the established flightpath of in the air plane not an equivalent and paraphrase of fighter jets? It’s just establishing the legality to be landed by fighter jets in some manner.

Or they could have created an allowed downward corridor to the ground and called it a suicide – the official speak is a joke.


I linked the incident in my first post –

Snowden still in Moscow despite Bolivian plane drama

Holding a grudge or being aligned with somebody is not a guarantee of safety.

The compulsion to go after highly desired target is contained by the risk of adverse consequences brought by oppositions ability and willingness to respond to escalation, raise the stakes and use sufficient force. And in this case being U.S. backyard or Russian favoring is not a substitute for being in Russia.

An example of Russia acting to protect its interests –

Russia sends missile cruiser to Mediterranean – Interfax

“Russia is sending a missile cruiser to the east Mediterranean to take over the navy’s operations in the region, state agency Interfax quoted a military source as saying on Wednesday, as the United States prepares for a possible military strike in Syria.”

Of course, Snowden is only as valuable to Russia as his publicity and the eventual destination of his escape is annoying to the U.S. This will pass with time.

rgaff August 30, 2015 1:49 AM

@Not surprised

That’s why I called it an “act of war” regardless of whether fighter jets were technically used or not to force down a head of state’s plane…. and then on top of that to board it and search it[1], which is a sovereign plane and cannot be forced down that way let alone searched. If they’ll commit acts of war against other heads of state, you better believe they’ll use fighter jets on passenger aircraft, which is equally very reprehensible behavior.

[1]well, they didn’t look “under the seats” so they claimed they didn’t go so far as to search it, wink wink… though it took them hours and hours to re-establish a flight plan cause the USA and their puppets wanted an official search at gunpoint first, until they fiiiiinally got the whole “wink wink” part and let them go…

Curious August 30, 2015 2:14 AM

“FBI Agent Pretended To Be An AP Reporter. Now AP Is Suing” (AP story)

“At issue is a 2014 Freedom of Information request seeking documents related to the FBI’s decision to send a web link to the fake article to a 15-year-old boy suspected of making bomb threats to a high school near Olympia, Washington. The link enabled the FBI to infect the suspect’s computer with software that revealed its location and Internet address.”

Curious August 30, 2015 2:26 AM

“Raspberry PI hang instruction”

“So, according to this documentation, that instruction is decoded as UDF, which is a variety of instructions that are undefined by definition and are used by debuggers to set breakpoints.

But, why only that specific construction hangs the board? Digging a bit in Google looks like this sequence is used by the Angel Debugger, which is a hardware debugger that is attached to the board using the JTAG connector and that specific core seems to enforce that exception to wait for reply.”

“This bug only affects all the models of the first Raspberry PI. The RPI2 is not affected, as well as other ARM devices (phones and tablets) I tried… but maybe, other instructions provoke similar behavior :)”

ianf August 30, 2015 2:33 AM

Speaking of Snowden, has anyone come across some intel regarding his analysis where to reveal his data trove & thence to seek shelter after that. He’s too intelligent not to have figured out in advance that ending up in Russia—secure for the mo that it may be—will effectively undermine his righteous whistleblower status among fellow Americans—those, whose freedom from encroaching fascist blanket invigilation state he set out to protect. Instead he ends up being called a coward & a traitor who bought his “freedom in Russia” by spilling US secrets to the KGB. Surely, he must’ve known that he’d fare much better in the eyes of public opinion had he gone to, say, Caracas, Venezuela, said his pitch & stayed put there? (also better food incl. his beloved Hot Pockets.)

rgaff August 30, 2015 2:45 AM

@ ianf

Naturally being in Russia undermines his “righteous” status among American Russia-haters, he knows that. He was not intending to go to Russia, he was intending to go from Hong Kong to South America via Russia and Cuba, but his Passport was revoked in the air to Russia, so he got marooned there. Then the USA made it clear they’s stop at NO ACT OF WAR against smaller less defended countries to get him (see previous discussion about “scrambling jets” and the Bolivian plane), so if he values his life he’s kinda stuck there.

He claims he didn’t bring anything with him to Russia, he left everything with journalists in Hong King, and brought NOTHING WITH HIM… no documents, no files, nothing… nothing that Putin or Castro or anyone else could coerce from him en route… So people can accuse all they want, but lacking evidence, I think I trust more what he says than other speculation.

ianf August 30, 2015 4:18 AM

@ rgaff

It doesn’t take “Russia-haters” to undermine Ed Snowden’s moral standing in the public opinion, his mere seeking shelter there reeks of a Lee Harvey Oswald-manqué & worse. But let us not speculate about his intentions, but cooly analyze the outcome.

Take a look at the map, err… the globe. Surely going from (his last deployment) Hawaii to South America by way of Hong Kong, China, Russia & Cuba seems like a hell of a route, filled with obstacles, “security potholes.” Snowden must have known that. I know that his initial electronic reaching out to Glenn Greenwald failed, which made him establish contact with security-aware Laura Poitras—on whose shoulders, and physical presence in Brazil, it then fell to educate GG in the arts of maintaining ironclad security[*]. Surely Snowden, who, unlike Chelsea Manning, kept his personal indignation in check, and knew what he was doing, could’ve just as well first gone to South America, and only then spilled the guts^H^H^H^Hcrown jewels?

Or could he have known that the ground is shaking under his feet, the ferrets are closing in, and thus his window of opportunity is rapidly shrinking? (ha! Snowden spying on the counterintelligence spying on NSA subcontractors! ;-)) That could have explained his stopover in Hong Kong.

I know that he arrived in Russia sans any data, no less so to prevent becoming a KGB-owned hostage, but that’s not how it sounds like to rank-and-file (also, were I him, I’d have devised a fail-safe nuclear option in case I fell under a bus or something).

It’s only this little detail, of Snowden ending up in the next-worst place (worst: North Korea, which does house a few US defectors of non-Korean ethnicity) as a result of his flying in to H-K, that I find inexplicable. Could Ed know something more about what seems logic[k]al to me, that’s not as clear-cut as I imagine?

[^*] I’ve seen at least two TV interviews in which the journos made a big point of that initial Greenwald’s inability to grasp the importance of using a paranoidally-secure communication channel. Those journos have never heard of TOR etc prior to researching the questions, yet sounded like they had it daily for breakfast. I hope GG challenged them on it, though it was edited out.

Grauhut August 30, 2015 5:21 AM

@me “Information is squirreled away in writable firmware for later retrieval”

Information is sent out by uefis own ip network stack, as encrypted icmp payload for instance, camouflaged as watrchdog function or similar.

Clive Robinson August 30, 2015 5:24 AM

@ John Galt IV,

You’d think that someone could make a lot of money by offering tools that provide assurance that business intellectual property was safe from various bad actors.

You would like to think so, likewise you would think the shareholders would insist on it to protect their interests… But history shows otherwise, directors and shareholders realy don’t want to spend on that “halfpence of tar”, thus the “ship is lost” and they then clean up on the “insurance payout”, this is irespective of the human cost (see history of slaver ships that were sunk in sight of land).

With regards,

I assume that if I look in the scientific and patent literature, I will find out that people much smarter than I am already have ploughed this field.

You could look back on this blog to discusions “the usual suspects” have had over hypervisors that monitor the behaviour of CPU’s in “prisons”, in essence it looks for the signiture of the “prison CPU” behaviour and halts it’s operation if it goes out of bounds.

The real issue is making the behaviour of the prison CPU sufficiently “well known” that the hypervisor can easily detect it and do something before significant harm is done.

I chose to go down the “reduce behaviour complexity” route spliting a task into multiple well defined sub tasks that run on individual prison CPUs. Thus you use the strengths of parallel programing across an array of prison CPUs.

Furthr the hypervisor not only has tha ability to halt the prison CPU it can also –read only– “inspect” the prison CPU working memory and registers, looking for “out of bounds” behaviour. It also alowed the hypervisor to pass what is a “core dump” up to a process above the hypervisor for other inspection.

To get around the issue of “code cutting” behaviour, application programers would not write the sub task code, this would be written by those very few people with proven low level security coding experience. Applications would thus be written in a similar way to “*nix shell programing” plumbing together the sub tasks that in effect become a very high level language. Those with the low level security coding experiance, would not only write the sub task, but the coresponding hypervisor code to check it’s correct operation.

One problem you’ve noted is,

The observer must run on trusted hardware, not the backdoored system under observation

But did not follow it through to the point of “What do I do if there is no trusted hardware?”… which is the current state of affairs with high end consumer CPUs, if not all high end CPUs.

The answer is you have to mitigate that lack of trust in some way.

The way I chose to deal with the possible subversion of the hardware was to use voting protocols, that is you get three prison CPUs to use three differently coded sub tasks, if the results differ then you have a failure either by hardware fault or system subversion.

With regards the “pick up coil” side channel, it’s an idea that in effect is the equivalent of Differential Power Analysis (DPA) on steroids. Back in the 1980’s I investigated another more powerfull way to do the same thing, which was to mount the chip in a microwave wave guide and illuminate it with low level microwaves, which became “cross modulated” with the activity of the chip. I was looking at the RF cross modulation as a way to examine the internals of a tamper evident devices. Amoungst others apocket gambling device that would enable casino patrons to “play the bandits” in their hotel rooms and other places. It in turn led me on to how to do what I now term “active fault injection by EM carrier”. Basically you use a stronger RF source and you modulate it with a “fault injection” waveform to cause execution of code to take an incorect path or process incorrect data. I made the mistake of reporting my findings to part of the UK IC I had involvment with at the time, and they did the usuall bumbling “not very interesting but keep it quiet” routine. In the 90’s all the issues with “smart cards” came up and manufactures were lying through their teeth over the security issues, and each attempt they made to hide power analysis became thwarted. The Cambridge Computer Labs came up with Optical Fault Analyis (now injection) and Ross J Anderson was looking at non synchronous logic as a way to get around power analysis. I contacted Ross and told him about using an RF carrier to ‘injection lock” the logic as well as carry the cross modulation out. He mentioned a Belgium researcher who had also contacted him who was starting on fault injection by using high energy brief duration pulses in pico sized inductors above chips. Needless to say the non synchronous logic idea died the death.

However DPA became a thorn in researchers sides at the turn of the century because of broad reach pattents obtained by Paul Coker, which effectivly stifled further research. It was only much later two students at Cambridges Labs showed what a disastrous effect unmodulated microwave signals injected into a TRNG had on it’s entropy, that interest in EM attacks became of interest to researchers again.

So you have to consider if an array of pickup coils above a CPU could be attacked by a modulated EM carrier to render them ineffective, or worse even reversed in function to become a new attack vector…

Nobody who has ever “got upto their elbows” in security has ever said “Oh that’s easy” but somebody almost always finds a practical way to subvert technology directly or indirectly…

ianf August 30, 2015 6:15 AM

Incidentally, can anyone recommend an iOS/ iPhone web browser with either/ or

(a) privacy (no-cookie) window,
(b) selected cookie deleting function,
(c) default text-only view in preset font,
(d) view/search HTML SOURCE function?

I know that Apple isn’t keen on alternative browsers to MobileSafari, but there are quite a few of them in the AppStore that do various ornamentally-pretty things that they approved. So maybe there’s also one with either or more of these things? (too many to research them willy-nilly).

Clive Robinson August 30, 2015 6:21 AM

@ FireWireTapped,

I’ll never be using FireWire again and I’ve changed my disk encryption password.

What do you mean by “changed my disk encryption password”?

With Firewire, it’s not access to the password/phrase that is the main worry, it’s the fact that via poorly implemented DMA it can get access to the actual encryption key, or the encryption rounds keys.

Depending on how your system works, changing the password may not change the encryption key. This is because “decrypting under the old key” and “encrypting under the new key” can be quite a long process, especially with tens or hundreds of gigabytes of data, and thus the risk of extensive data loss due to fault is high…

Spellucci August 30, 2015 6:28 AM

Yes, having standing means you need to name a specific person who has been harmed.

@Steve, Slime Mold with Mustard
The good news is it is only a matter of time until a whistleblower leaks a record of NSA bulk data collection of a specific US citizen’s data, which will resolve the no standing issue. I am sure if someone brought records like this to the EFF, no matter how they were uncovered, the EFF would find a way of getting it introduced as evidence.

Clive Robinson August 30, 2015 9:42 AM

@ Grauhut,

Wifi router lockdown coming…

I’m realy surprised it’s taken the FCC this long.

The argument from LEO’s in the EU has been effectivly “software defined radio is evil” for some time now, and the regulatory bodies backed by some parts of the industry as well as other Government agencies have made similar panicky noises.

Basically from the regulatory bodies and EU industry it’s about quasi legal market protectionism. From industry bodies it’s a failed attempt to keeping engineering alive in Europe that has “backfired”. That is less and less people are opting to do engineering as a career. In the UK it’s even viewed as a worse prospect career wise than “blue collar” or “Trade work”, which currently pays as much to twice as much as higher level –non managment– engineering. UK Unis have closed or eviscerated engineering departments and more and more communications and electronics design houses are closing down.

But it’s the US LEO’s we need to fear, as I pointed out long ago the US requirment for GPS in mobiles for faux “safty reasons” would effect the rest of the world due to Far East “inventory cost reduction”.

They have finaly awoken to the fact that mesh and similar radio networks are not “going dark” but to expensive to monitor. Originaly I was expecting them to “Big Boots” using CALEA, but I suspect they realised they are not going to get away with that as US business would stick the boot in as it has occasionaly done in the past. So the other option is the old fall back of “dangerous operation” that will get chicken little type FUD such as “Aircraft will fall from the skies” or “Drug dealers will use it to trade to minors” –both of which are old favourits of the UKs OfCom– and if that does not work go for terrorists and kiddy fiddlers to trade information.

For them the “aircraft dropping out of the sky” or equivalent will be the argument raised if people object to the LEO “lockdown requirment” however as engineers will know, if people want to ork out of band it’s quite trivial to do with even locked down equipment. Further if over power or out of band working realy was a problem, then the FCC would have done something about it years ago. The fact they have not speaks volumes about the fact this is a “put up job” by the FCC on somebody else’s prompting, agitation and direct preasure.

So as always look for the real motivation behind such things.

Thoth August 30, 2015 10:12 AM

It’s the same with crypto and personal security. Everything that makes the citizens feel more secure would make the agencies rolling in bed at night and making deals with politicians and kicking up those good old FUDs like sex offenders and terrorists. Somehow, most people still naively play into the same trick again and again and the “oversight” departments and committees are useless against keeping these agencies in check.

Moderator August 30, 2015 10:26 AM

@Michael And Ingrid Heroux

You have your own blog. Please refrain from spamming this one. Please also refrain from using all-caps; it’s the equivalent of shouting, and is very rude.

Lively Lyocell August 30, 2015 11:16 AM

“forced firmware lockdown”

I’ve been running OpenWRT for years, since I discovered that all commercial routers provided by ISPs ship with pre-installed backdoors, allowing any knuckle head at AT&T or any of the 5 million drones with security clearance in the US (let alone their 5-eye chums) to sniff, intercept and inject code into my home network traffic. If American routers lock down their firmware, I’ll stick to old models or buy foreign hardware. I’m even willing to go down the Huawei route if necessary to avoid joining the NSA’s personal bot net.

Solomon Komisar August 30, 2015 11:26 AM

Openwrt rocks: it provides huge freedom in an otherwise barren and dreary landscape. We should fight back any attempts to stop us from installing open source software in our hardware. This is definitely one for the EFF and FSF guys to take on.

Figureitout August 30, 2015 12:03 PM

–I specifically buy routers today based on if they have OpenWRT/DD-WRT support. So if vendors want some of my dollars they need to be supported by those codebases.

And who wants to make bets how utterly useless the lockdown will be? I’m thinking someone like Craig over at and even the wider OpenWRT community could break open the devices in due time. Maybe an “inside agent” inside the companies implementing this feels similar and releases some nice intel lol.

Or…just don’t buy the routers lol. Simple. The vendor firmware usually sucks anyway and open ones have much more useful features.

Yasuko Tortola August 30, 2015 12:28 PM

Re wifi firmware locking:

I’m not sure the FCC have thought this one through (or, even more worryingly, maybe they have).

Locking down firmware in all commercial routers would kill all mesh network projects right away. There are massive areas of Africa and South America that rely on mesh networking for their communications due to their remoteness. Without mesh networking, they will be deprived of a connection with the rest of the world.

Another worrying implication of locking down firmware is that, as home users, we rely on our ISPs or router vendors to update us with the latest security patches and keep well ahead of the 0-day game. Unfortunately, anyone who has attended Defcon or BlackHat in the last 5 years knows how unrealistic this assumption is. Vendors release their stock in bulk and have an incentive to spend as little as possible on maintenance. Many hardware vendors do not even reply to vulnerability disclosures and cannot be bothered to apply patches when these are made available by third parties. A world full of locked down, outdated, vulnerable firmwares is a hacker’s wet dream.

FireWiretapped August 30, 2015 1:16 PM


Regarding IronKey and the likes, if you search the older posts, many of us did caution about backdoor and poor implementations if security as one of the problems with these so-called “secure” USB sticks. It is just marketing and they do not meet high quality standards. Their FIPS 140-2 Level 2 certification or Level 3 certification can be easily obtained.

Thanks for your input. I wondered about those things. The features I’d care about are the drives’ signed firmware and being able to flip the readonly switch when sharing files, I don’t need the encryption. Something like these drives. Signed firmware still leaves a backdoor for malicious signed firmware. But I suppose these are at least little bit harder to attack than regular USBs.

Regarding the firewire incident, you can prepare to throw your system out if it’s critical to you. It is considered tainted in the strictest sense. But …. not everyone can afford such a waste of elctronics so you can relegate that machine as an Internet facing or Gaming PC and not capable of doing mission critical stuff.

Yeah, it’s tainted. If the system does support Intel’s VT-d (I think so, but can’t test to know for sure), then there would’ve been protection from DMA and none of this would’ve been an issue. Even so, I’m thinking of wiping the drive and reinstalling everything clean. It’s also a Mac and I’ve been losing trust in Apple every day (they’re now partnering with the Pentagon to build war tech).

Regarding your explanation of Guards, Data Diodes, TCB, Red and Black Zones… I’ll admit most of it went over my head. I got how you were saying to use a clean, restricted machine with a hard-to-infect OS (assuming Qubes, Whonix or Tails here) as a middleman for network file transfers, and to hash files on the machines for comparison.

Before you go about your personal protection, evaluate your life style and setup a personal safety and protection domain and policy to live your life and set your own security standards.

This is what I should’ve done before letting anyone plug their stuff into my computer. I’ll be thinking more about this.

@Clive Robinson,

With Firewire, it’s not access to the password/phrase that is the main worry, it’s the fact that via poorly implemented DMA it can get access to the actual encryption key, or the encryption rounds keys. […] Depending on how your system works, changing the password may not change the encryption key.

Thanks, I hadn’t considered that. The machine is running OS X with FileVault 2 and when the the password was changed, it happened instantly with no long decryption/re-encryption process. While I could just turn FileVault off then back on again to encrypt the drive under a new key, I’m thinking more of wiping the drive entirely and installing everything new and clean, which would also involve enabling FileVault with a new key.

Grauhut August 30, 2015 1:29 PM

From a technical perspective a lockdown will change nothing. I use selfmade sbc based ap’s for well over a decade now and most of the time of cause i virtually life in BO, you need to talk a little louder than the neigbours for perfect video streaming… 😉

Get a rpi or sunxi sbc and a ralink based alfa hp stick, flash openwrt on it and you are ready.

The problem is that it will make many community driven foss mesh networks illegal, since all these mostly homebrewed solutions lack FCC approval. But hey, your openwrt flashed box lacks it to.

Grauhut August 30, 2015 1:40 PM

@Lively Lyocell “…all commercial routers provided by ISPs ship with pre-installed backdoors, allowing any knuckle head at AT&T or any of the 5 million drones with security clearance in the US (let alone their 5-eye chums) to sniff, intercept and inject code into my home network traffic.”

Of cause, if you want privacy you need a security concept.

If they look on my router they see the devices i want them to see. For instance my amazpy video stick. And a locked nat gw. 🙂

Nick P August 30, 2015 2:14 PM

re OpenWRT

Not sure of OpenWRT’s inner workings, but couldn’t a company just create a fork of it that isolates the channel management into something unmodifiable? The code would be open and inspectable albeit with the specifics set at the factory by hardware programming (eg simple antifuses). This provides an interface that software above can use. It might provide basic restrictions such as power levels. From there, the software can be arbitrary.

Thoughts on this meeting FCC’s requirements, being quite extensible, and still being easy to protect in a number of ways?

Second concept: use the old model. What’s the old model? Offload transport onto dedicated chips or devices with I/O mediation because you don’t trust them. This seems, for business rather than INFOSEC reasons, to be common in industry with wireless support even in smartphones that try to minimize chips. Quite a few are pretty cheap, too. So, it’s not the end of the world. People might just have to spend a bit more or follow some tutorials on the Internet. Will hit the freeloaders and OpenWRT-lovers the most from what I see.

Grauhut August 30, 2015 2:34 PM

@Nick P: Openwrt is a fat reduced linux system (dropbear, uClibc, …) optimized for routing. Real routing, up to bird based bgp on ixgb 10G adapters running x86_64 boards, not only wifi.

This would mean to kick all those linux efforts to open up 802.11. They try to kick all those intransparent firmware blobs. Now comes the FCC and says nogo…

Nick P August 30, 2015 3:01 PM

@ Grauhut

Do we really need to open them up if we can make them cheap, untrusted peripherals? I know why we want them open. I question the absolute need, though. Far as cost, TI has a 802.11g card that’s $10 in 1,000 units up (thinking OEM’s here) and there’s a Chinese one that’s $5. Doesn’t count all the USB sticks, etc. So, while this a bitch, it doesn’t seem to be on the level of disaster of UEFI (given Windows/x86 dominance) or a crypto ban. Easy to work around even on the cheap.

Only thing that might be missing is ability to mediate the hardware. However, that’s been a necessity people have ignored for some time, eh? Would just make cheap one’s more marketable.

Note: The only high assurance solutions I know for WiFi were a Type 1 device and HAWCS which used separation kernels. The thing they had in common is designers didn’t believe onboard WiFi was possible to secure. So, they offloaded it onto a custom device with all kinds of security measures. User just plugged it up, configured it with a trusted client, and was off to using it. Point being my second model is what smart people were doing anyway. This regulation might, as unintentional effect, force people into more secure directions. And lets not forget malware would be less likely to use your RF against you. 😉

Marty Basin August 30, 2015 3:01 PM

@FireWiretapped – How many of these mfr’s have taken money from the gov’t in one way or another? That mfr that you link to – map the address on their website, then drop in on Google to see the shell. Even the sign on the front of the building is relatively new. A couple years ago I contacted their sales dep’t and asked where they were located. She repeated the same address from their website. I said “I’m sitting in my car right there, and you do not have any office at this location. Are you in the back of the machine shop nearby, or the ice cream place down the road”? Weird. I still don’t know what’s going on with the shell. I couldn’t pry a straight answer out of them. If you find out what their story is, let me know.

Daniel August 30, 2015 3:07 PM

Qubes seems to be mentioned here a lot recently and I find that strange because it remains experimental software. It not even at alpha stage yet–it has many serious bugs, the hardware comparability list is limited, and the help provided is almost nonexistent (one user group that gets maybe ten posts a day). Equally as problematic there remains debate as to whether it will go FOSS or not–one of the major code plug-ins is currently being released as commercial software (the Windows VM tools).

Don’t misunderstand. I like the IDEA behind Qubes. But the actual state of the implementation right now is not where the average person would be using it.

FireWiretapped August 30, 2015 3:37 PM

@Marty Basin

Are you talking about IronKey or Kanguru? I mentioned both companies.

Google Street View has images of the office building where IronKey is located going back to February 2008. Street View has images of Kanguru’s building, with sign in front, going back to September 2008. So I don’t believe you.

FireWiretapped August 30, 2015 4:02 PM

@ Gen275

No, because @Marty Basin’s statements don’t add up. Check for yourself. He claims the company (I think he’s referring to Kanguru) is a shell that didn’t physically exist a couple years ago, but Google street view proves it did.

Regardless, I came here only to discuss a recent incident with my computer and how to do it safer next time, not to get into corporate conspiracy theories.

Marty Basin August 30, 2015 4:18 PM

Yeah, and I only wanted to know why someone would cast doubt on secure flash drives such as, specifically, IronKey. And if that wasn’t enough, trash FIPS. But then recommend Kangaru drives since, they’re really firmware secure. Everyone knows IronKey doesn’t even make USB flash drives and sold that business to Imation years ago. Now where are they made? Finally, your knee-jerk defense nailed it for me. You really stepped in it.

So I don’t believe you.

ritzy custard August 30, 2015 4:20 PM


Qubes is not even at alpha stage yet
That is incorrect. Qubes is on its third release by now. Qubes provides downloads of alpha stage previews for testers before the main releases, but that’s a different story.

it has many serious bugs
Yes, it has a few bugs, but I’ve been using it for over a year without any major dramas.

the hardware comparability list is limited
That is true (although they claim they’ve recently received a substantial donation to address that).

the help provided is almost nonexistent
That’s unfair. Have you visited the Qubes IRC channel?

one of the major code plug-ins is currently being released as commercial software (the Windows VM tools).
That is inaccurate. Windows VM tools are referred to as non-FOSS by the Qubes website because, by definition, they are intended to run Windows proprietary code (unlike the default Fedora VM template used by Qubes, which is, of course, open source). You need to understand the Template-VM vs. App-VM model to see what they mean here. I have downloaded the Windows VM tools code (straight from a Qubes terminal, without paying a cent) and then deleted it after playing with it for a while and deciding that I did not even want a virtual Windows in my box.

the actual state of the implementation right now is not where the average person would be using it.
I agree. Qubes was never intended for the average person. It is very much a security-oriented OS.

Disclaimer: I have no connection with the Qubes OS project. I am just a happy user.

Jacob August 30, 2015 6:23 PM


You should know that some guys here do not consider anything secure unless they actually mine the silicon themselves, design all the chips and then fabricate them in a hidden cave using off-grid power.

To be practical, I would say that reasonable choices would be:

1.The Kanguru USB sticks

or, much better,

  1. A portable DVD burner (USB interface) with 15 or so Rewritable discs (4.5GB usable each).

The Kanguru solution, if the vendor did correctly what it claimed it did, namely signed the firmware, and has not share it with LEA, will protect you against BadUSB but not against malicious files like the Stuxnet .LNK files (this specific flaw was fixed by MS, but you get my drift…)

With the DVD, there is no controller one can contaminate, and the file system is much more immune to tampering. In addition, this technology is kind of deprecated so I doubt that hackers or LEA invest their time to subvert it wholesale.

After you done with the transfer, you can re-format and reuse the DVD discs. Total cost would be cheaper than Kanguru signed sticks.
The only negative of this DVD approach is that it would take an hour or so to burn 50 GB data.

Satanic Panic August 30, 2015 6:28 PM

When Artificial intelligence becomes smart enough to know who, what, and where everything is will 90 percent of the internet traffic be from AIBots?

John Galt IV August 30, 2015 6:42 PM

@Clive and LMN and folks in general

Thanks for your helpful comments. I realized in recent months that the game is about full spectrum dominance. I probably said before I wouldn’t have a problem with that if full spectrum dominance were administered ethically and in conformance with the rules. The fact that it isn’t precisely is what makes it necessary to hide most intellectual property that you want to use for profit.

fred August 30, 2015 8:57 PM

@ SP
“When Artificial intelligence becomes smart enough to know who, what, and where everything is will 90 percent of the internet traffic be from AIBots?”

Very probable, as all things are relative, offense can be used as defense. The analysis, or prognosis, can be altered to game itself, thru paranoia. Thus the watched, and watching, both grew to be paranoid of their own shadows.

Thoth August 30, 2015 9:13 PM


“You should know that some guys here do not consider anything secure unless they actually mine the silicon themselves, design all the chips and then fabricate them in a hidden cave using off-grid power. ”

I wish I could do that but in all honesty, it’s totally impractical.

“The Kanguru solution, if the vendor did correctly what it claimed it did, namely signed the firmware, and has not share it with LEA”

It is like hoping no viruses or malware were transmitted when FireWiretapped accidentally allowed clients to access his computer. Not very assuring at the very very least at all or saying the least you trust a blackbox with something very sensitive ?

That is the problem with most peddling of product XYZ is secure because it’s a blackbox and I have sadly had to facilitate in such sales as part of my daily job pushing blackbox “security” solutions and a good ton simply are too fragile or too complex to work.

“With the DVD, there is no controller one can contaminate, and the file system is much more immune to tampering.”

This is a rather fatal assumption you are proposing. @Figureitout have been warning me about blackbox chip firmware that are untrusted in the controller of CD/DVD devices but the convenience it brings and the shifting of focus to USB devices might allow a little compromise which I too had to make in some of my security designs.

“Rewritable discs”

How is this going to be tamper resistant if it can be rewritable ? I would opt for CD-R or DVD-R. If it is done wrongly, just throw since those are really cheap these days and you can buy them in bulk.

Put it simply, your scheme proposed is not sound enough to proceed with any security assurance at all.

Daniel August 30, 2015 9:30 PM

@ritzy custard

(1) I meant Qubes is in alpha compared to other software. The Qubes development team can release whatever they want and call it what they want but sane minds know that it isn’t up to alpha standards by ordinary software development standards.

(2) The fact that you have been using the software without any drama only means that you have beaten the curve, not that the software is in a good place right now.

(3) “Qubes was never intended for the average person. It is very much a security-oriented OS.”

You lose all credibility with a stupid statement like that. The average user actually needs security software more than the expert.

Thoth August 30, 2015 10:33 PM

A less complicated way is thin client access methods but again there is too much assumptions in-between. You have to rate the security level of protection you want in a realistic manner.

If the computer does not belong to you (office laptop or desktop), there are nothing much you can do about securing the portable endpoint.

If you are the owner of the endpoint, you may want to look into using Trusted Computing Base (TCB) platforms like Turaya (, LynxSecure ( and Green Hills ( These are secure kernels that run instances of tasks in secure compartments so that a FireWire or USB transfer carrying infection would be isolated. I would go for Turaya first since Lynx and Green Hills are partnered with the agencies and feels a little uncomfortable.

If you have security and programming background, you might want to look into the L4 kernel family (Fiasco/Fiasco.OC/seL4 microkernels) and the Genode project (

Do note that you will need a clean machine to install these stuff on top. They are not bullet-proof as a well designed malware would still be able to infect a portion of the system (e.g. Network Card) but they will mostly be isolated for most cases.

Part Two to the setup is to have a RaspberryPi or some dev board and load them with security kernels I mentioned above as well. They will be used as your thin client access point and file transfer server where you will remote from your laptop/desktop into the portable board which will finally remote into your more restrictive environment.

The remote access point in the dev board should have two channels. One is remote cursor and keyboard control with remote display and the other one is remote file transfer channel. The dev board will act as a Guard to scan the cursor movements, file transfer commands, keyboard inputs and screen displays.

Do note that the remote file transfer between the laptop/desktop and the dev-board is not for your clients to plug directly to the dev-board to SFTP in. All the unsafe files are to be isolated on the laptop/desktop and encrypted on disk individually until needed (those transferred from your clients to your laptop/desktop). The remote channels is for you to remote into restrictive environments for your work and transfer properly vetted files between your restrictive environment and your laptop/desktop.

Your restrictive environment could be set to enforce one way traffic to accept only downloads or only uploads thus serving as a Data Diode of sorts if yoou need that additional security.

name.withheld.for.obvious.reasons August 30, 2015 11:41 PM

In May of this year, my post articulated to a limited degree a “new” conceptual warfare framework enumerated in a Friday Squid titled “Mastering the Human Domain” and there was little formal data/info available on the topic–that has changed. This last week a release (FOIA request) from Public Intelligence provides a glimpse into the theoretical (I suggest an abhorrent/abnormal hypothesis that is backed by kinetic energy capable of destroying lifes) treaties. The article posted last week can be found here,

I fail to understand how inane and asinine “thought” can stand if even given the slightest scrutiny. Forces that profit from failed thinking–shouldn’t. What fool proclaims that the local sun (the orb 8 light mins away) must be extinguished as it causes cancer…

Most may be capable of extending this framework, by logical inference, what the military is doing is making “civilization” the battlespace–that all civilian assets are military assets. This is the global, perpetual, and disrespectful treatment of all peoples and means a departure from models that include “peaceful” or “articulated” problem resolution. This is the bully making bullying a permanent feature of the school yard.

65535 August 31, 2015 1:43 AM

I have used the EFF’s “Privacy Badger” for 3 + weeks and no major problems [it is on a non-Windows 10 machine].

It reads 0 trackers on Bruce’s site and about 23 trackers on Youtube vids. I don’t know exactly what it has blocked but knowing the number of trackers is somewhat interesting.

Andrew August 31, 2015 3:49 AM


Funny a lot of producers claim they protect against Badusb but they dont add a readonly physical switch…
I’m not sure either the Blackphone or the magical security solutions have simple things like camera on/off switches.

Michael And Ingrid Heroux August 31, 2015 5:00 AM

Yeah, Sorry Bruce, I was thinking about what you said and you are right I guess I was spamming, I never thought about it as spamming, I thought spamming was making money by posting ads everywhere, I was just trying to get the word out but I didn’t mean to make you look bad. Sorry.

Curious August 31, 2015 5:12 AM

I am reading somewhere that 10 car companies in US is being sued, sort of because of how they have implemented a key-less ignition system for turning the car on and off as I understand it.

The article pointed out, that there are problems whereby, if a driver leaves the car without remembering to push the ignition button for turning the car off, the car electronics is left on, and when the battery power is used up, the car turns its engine on supposedly. The article I read is a little unclear but appear to point out that a lot of people have died or became injured because of such an issue.

Jacob August 31, 2015 5:35 AM


I want to clarity 2 things about the DVD method:

  1. No controller – I meant no controller on the transfer medium. If you use a USB stick or an external drive when you go from the dirty system to the clean one, you also carry, in addition to files, some controller electronics with the load. In the DVD system, you carry just files.
    True, the files can be subverted during the write phase if the DVD write subsystem is tainted, but you eventually deal only with files at the clean end – not with some bits that surreptitiously jump from the transfer medium electronics to the clean system.
  2. Rewritable DVD medium

From security point of view, it is hardly make any difference if you use RO or RW discs: The dirty system must write to the disc regardless if it is RO or RW, and when you transfer the disc to the clean system, nothing will write to it again (since it is a clean system afterall..)
I offered RW over RO since it is a cheaper solution if transfers are done many times.

BTW, your idea of using RaspPi intermediary is an interesting one.

Kanguru has physical write-disable switch on their sticks.

Thoth August 31, 2015 6:18 AM

@Nick P, all
Genode updates to version 15.08 while declaring it’s first usable day-to-day secure Operating System via the NOVA/Virtualbox or Noux framework. The Genode’s team were also using the NOVA based OS setup daily which enabled them to iron out shortcomings and eventually allowed them to reach a conclusion that the NOVA based OS is ready for public use for daily operations.

I have not personally tested the usability of the NOVA based OS as a somewhat secure TCB desktop option which I would be doing shortly.

It also includes integration with the Muen microkernel (5K LOC) written in a high assurance capable programming language called SPARK on 64 bit Intel.

Read the release notes for more information.


CallMeLateForSupper August 31, 2015 8:45 AM

@65535 Re: Privacy Badger

To find out what PV has determined about trackers on a site, surf to that site and then click on the PV icon on your browser bar.

Dirk Praet August 31, 2015 9:55 AM

@ Daniel, @ Ritzy Custard

You lose all credibility with a stupid statement like that. The average user actually needs security software more than the expert.

Why the negative approach ? Qubes OS is works in progress with a steady release cycle, and going in the right direction. Linux started out in pretty much the same way. Dissing valuable open source projects with a focus on security is not helping anyone. Early adoption, test driving, reporting bugs, writing and auditing code is.

And then maybe, with some appropriate funding, it will eventually become usable for non-experts too. If you want security, you’ll have to take an actively lead instead of just shouting from the sideline. Nobody is going to hand it to you on a golden platter, especially because every mainstream platform is evolving in the exact opposite direction, data mining your every move (M/S, Apple, Google).

So instead of whining, get to work on exploring TCB platforms, micro kernels, Genode and the like. Don’t ever expect things to work out of the box. They won’t. There’s plenty of folks on this forum willing and able to help out (@Clive, @Nick P., @Thoth, @Figureitout and all the other usual suspects). If that sort of stuff is way over your head, start with RBAC, MAC, AppArmor, grecurity, SELinux, Tor, I2P, Freenet, VPN’s etc. Get familiar with distributions like TAILS and Whonix. Dump Gmail, Apple, and your own ISP for Germany, Switzerland or Iceland based mail solutions. Use end-to-end encrypted IM’s only. I could go on, but just take it from there.

Security and privacy in the digital age is an uphill battle, fought both on legal and technical fronts, but every time you raise the bar by embracing less insecure or less legally encumbered technologies – however imperfect – is raising your middle finger to all criminals, corporations and governments that think they can freely collect your private data and – to your own detriment – do whatever they please with them. And yes, sometimes you’ll have to sacrifice convenience and curse alpha and beta stuff, but from where I’m sitting, it’s a price worth paying. Your mileage may vary.

Daniel August 31, 2015 11:14 AM


“Why the negative approach?”

Because as I said in my OP I am concerned about Qubes being oversold in its present state. Other than that single difference in perception I agree with everything you say.

Believe it or not there are real people with real security needs. For some people following inept security advice, no matter how well meaning, can lead to a life sentence in prison or worse. Posters on this board should never forget that when they hand around security advice.

AJWM August 31, 2015 11:56 AM

@ FireWiretapped

Not saying you’re wrong, but how hard would it be for certain parties to tweak Google street view? This would probably require Google’s cooperation, but perhaps not.

Tweaks could involve changing the dates on the images or photoshopping the original old images. A sloppy job of the former might be detected by closer examination of context (any post-2008 model year cars in the image? etc). It depends on how thoroughly somebody wanted to cover something up. Remember Winston Smith’s job?

Or, the street view pics could be totally legit. But once you start down the rabbit hole, there’s no easy way to know when you’ve reached the bottom.

Nick P August 31, 2015 12:20 PM

@ Thoth

Appreciate the update. Good to know it’s day-to-day ready and supports Muen. My main concern with Muen is the compiler: the IRONSIDES DNS, a SPARK project, had a security failure related to a compiler transform. AdaCore has commercial tools to verify object code but I’m not sure if it’s in GPL verison. Anyway, the new Genode release brings it closer to production mode.

Interesting part was that they depreciated the DDE tool for drivers claiming it didn’t deliver on promises and created new issues. Coincidentally, I was just talking to the inventor of Rump Kernels about prior art, including DDE doing similar stuff. Anti’s work is definitely original and advantageous but the reuse aspect was done in OKL4 & Dresden work with DDE. So, I wonder why they found it useful and Genode found it a total failure. Worth looking into at some point given it’s one of only three, driver-reuse techs that I know of.

Question, help August 31, 2015 1:26 PM

I am kind of sick of the methods that Gmail and Outlook are doing
“for my own security”, can you recommend a free good email with POP3?
Thank you.

Curious August 31, 2015 2:02 PM

“China and Russia are using hacked data to target U.S. spies, officials say”

I balked at this one sentence:
“Asked whether adversaries had used this information against U.S. operatives, Evanina said, “Absolutely.”

I recommend never trusting anyone that uses the word “absolutely” in a context, and I don’t care who said it. 🙂 Because the word probably have the equivalent meaning of “lets assume that to be a fact”.

Also, somewhat related, don’t trust anyone using the word “categorically” in a context.

Milo M. August 31, 2015 6:27 PM

@Slime Mold with Mustard

Agree wholeheartedly on the irritation with “standing” excuses.

One of the classic uses was the Supreme Court refusing (5-4) to hear the suit of William Richardson demanding to know the total dollar amount of CIA expenditures per year.

Justice William O. Douglas, dissenting:

“History shows that the curse of government is not always venality; secrecy is one of the most tempting coverups to save regimes from criticism.”

“The sovereign in this Nation is the people, not the bureaucracy. The statement of accounts of public expenditures goes to the heart of the problem of sovereignty. If taxpayers may not ask that rudimentary question, their sovereignty becomes an empty symbol and a secret bureaucracy is allowed to run our affairs.”

“In his legal brief, Richardson claimed: ‘Never in the history of this country has so much money been spent without the traditional safeguard of openness and in direct defiance of constitutional provisions…. Billions are spent each year by unknown entities and this amount is spread throughout the Treasury’s reporting system to confuse the public and belittle the Constitution.’ ”

That was over 40 years ago, and the trajectory has been downhill ever since.

Discussion of the “standing” principle in the US and elsewhere (some apparently more enlightened):

Dirk Praet August 31, 2015 6:31 PM

@ Daniel

For some people following inept security advice, no matter how well meaning, can lead to a life sentence in prison or worse.

Absolutely true. But the point in fact is that the concepts behind Qubes and the likes both in their current and future incarnations are probably way too complicated for the average user anyway, even if they succeed in getting everything to install (correctly) in the first place. I can imagine Snowden having had a bit of an awkward time explaining to Greenwald how to use PGP, but I can’t even think of him talking the man through a secure Qubes setup.

65535 August 31, 2015 7:18 PM

@ CallMeLateForSupper

To find out what PV has determined about trackers on a site, surf to that site and then click on the PV icon on your browser bar.

Thanks. I have done that.

Oddly, say when viewing Youtube I see some sliders that are yellow and I move them to the block [red] position. I then get red with blue stripe style of slider icon. What does that combination of colors mean? I know the red, yellow and green colors – but I am unsure of the mixed or striped color indicators.

Dirk Praet August 31, 2015 7:59 PM

@ Question

Can you recommend a free good email with POP3?

Depends on what your requirements are. If you’re just looking for a service that doesn’t mine your email contents and metadata, ask your ISP for their policy on the matter or get your own domain and mail server from a traditional hosting or cloud provider, cost of which is pretty much negligible these days (like in a couple of beers a month). Create a new PGP key pair for secure communications, post the public key to the key servers, get the appropriate add-on for your MUA and off you go.

You can also look into more out-of-the-box solutions that offer (varying) degrees of privacy and security by default. Rules of thumb:

1) Avoid any service/company under 5Eyes jurisdiction or its tier 2/3 partners. Same goes for other countries that have intrusive surveillance legislation in place (e.g. France). If a company has its headquarters in the US, data held in other countries may still be at risk of US courts subpoenas.

2) There is no such thing as a free lunch.

That being said, there are a couple of convenient (free) solutions you may wish to check out, like Tutanota and Protonmail. Tutanota is based in Germany (and hence not entirely safe from NSA prying), offers a number of interesting features and is easy to register with. Protonmail – recently on the “Mr. Robot” show – is Switzerland based and hence outside US/EU jurisdiction. Their team are all young people with impressive academic backgrounds (CERN, MIT, CalTech). Downside is that you first have to request an invitation and that this can take quite a while.

So if you’re interested in an email address that’s hard to trace back to you, you could do the following:

  • Put the latest version of TAILS on a USB stick. Take an aging laptop, go to some bar or shop with wifi, fire up TAILS and connect to Tutanota over Tor. Register a new email address. They don’t ask any private data.
  • Switch your Tor ID, connect to Protonmail and sign up for a new account. You have to choose a and an existing email address to send the invitation to. For which you use the Tutanota address. Wait until you receive the invite, then proceed with your new Protonmail account. Optional: delete the Tutanota account.
  • Never use the new email address on your day-to-day machine/OS. Use it with TAILS, Whonix or a trusted VPN only.

Needless to say that all the usual Tor and other restrictions apply.

Nick P August 31, 2015 8:16 PM

@ Jacob

“You should know that some guys here do not consider anything secure unless they actually mine the silicon themselves, design all the chips and then fabricate them in a hidden cave using off-grid power. ”

I was just writing up a guide on that… how the hell did you know? (eyes darting around) It must be the sand. Shit! I forgot to check it for these CIA-funded, bad boys. Now I gotta throw it all out, invent some new methods, and start all over with fresh sand. Gotta work on the supply chain while I’m at it. Maybe go to some really unpopular beaches at night to get it myself…

@ Dirk Praet

“convenient solutions”

I’ve been using MyKolab and w/ PGP if I need confidentiality. Not sure about POP but I use IMAP for extra features/reliability anyway. Price is $5 a month for email only. That they have a U.S. server concerns me but I expect a small, email provider to be hacked by Five Eye’s anyway. Mainly avoiding other threats, esp willing snooping and questionable U.S. litigation.

“recently on Mr Robot show”

My favorite show on hackers with potential to redefine how it’s done forever. Too bad the finale got delayed over that BS.

65535 August 31, 2015 9:41 PM

Google’s “Onhub” a Trojan?

I don’t know but it has a speaker-mic setup routine which is somewhat close to the speaker-mic airgap jumping technique that has been discussed on this blog.

“…the phone and router need to pair with each other to continue. Rather than tapping on the router, connecting, and entering a password, OnHub and your phone connect through sound. A message during setup will tell you to “Get close to OnHub” and the router will start playing a little tune. The audio sounds like a ringtone, both in composition and loudness. I was expecting something like the ultrasonic “nearby” setup in a Google Chromecast, but this was shockingly loud. The OnHub rings like a cell phone and your phone listens for the audio. If everything goes well, you’ll be brought to the Wi-Fi setup screen… The audio setup is a lot of work on Google’s part—both hardware and software—for a one-time setup process. Did Google really include a speaker in the OnHub just for it to only ever be used once?” –Arstechnica


“On the top of the OnHub are a bunch of ventilation holes, but one of the holes is not a hole. It’s plugged up with what Google tells us is an ambient light sensor that will someday adjust the ring light based on the amount of lighting in the room. Right now it’s not active.”

Other notes:

Arstechnica says its got a relatively powerful dual core Qualcomm IPQ8064 processor with 1 GB of memory and 4 GB of storage.

“the only interface—is a smartphone app. Try to access OnHub the traditional way, by typing the IP address into a browser, and you’ll get the first screen in the gallery. There’s nothing you can do here other than maybe click on the iTunes or Play Store link to install the app. SSH isn’t available…” Arstechnica

Arstechnica’s nmap readout [for what it is worth]:

It uses:

“Google’s “Thread” network protocol and “Weave” communication standard… Thread is a mesh network that runs IPv6 over IEEE 802.15.4, the same basis as the low-power smarthome protocol “ZigBee,” which is found in many devices. 802.15.4 has a 30ft (10m) range with a transfer speed of around 20-250kbps. At best that’s about 8000 times slower than the Wi-Fi on the OnHub… We’re only ever going to send a tiny signal that says “lights turn on” or “door unlock” or something like that, and the low speed will allow our devices to sip power for months. While Wi-Fi runs on the 2.4 or 5GHz spectrum, 802.15.4 runs on 868MHz, 915MHz, or 2450MHz depending on the speed… the big differences between ZigBee and Thread is that Thread pushes IP (Internet Protocol) over IEEE 802.15.4, so if you want to stop using IEEE 802.15.4 and jump on over to Wi-Fi or even over the Internet… not a big deal. ZigBee is stuck in its own little world, but by wrapping the signal in an IP packet, Thread can hop from protocol to protocol and use whatever is appropriate… We usually understand the need to keep future plans private, but not when you’re asking $200 for a mystery box.” –Arstechnica

“Thread/Weave” sounds like a rather large attack surface – but it is fairly slow and limited in range – who knows. Given Google’s past association with certain “Agencies” and Samsung’s Internet Enabled refrigerator MITM security hole [plus, Google’s mystery router tying it all together in an opaque package] I will not be buying it any time soon.

Figureitout August 31, 2015 11:00 PM

Thoth RE: blackbox chip firmware
–I’m just relaying my personal observations. One of my internet boxes, I always run live on it but there’s plenty of firmware allowing me to use a USB-CDROM converter, wifi, audio, and even a CF card. I don’t even know how to setup a good experiment to catch and isolate some of these symptoms so I don’t sound crazy saying them. When booting off of USB there was changes to what was booting up and of course saving any files to the stick means malware could persist on it. On a dual-boot prior infected machine (most infected machine I’ve ever seen), I quickly lost root about 3 days after install lol (it’s encrypted now and no more windows except the little hidden partition). In all these cases I did connect the computers to the internet; ones I keep off do much better, but I still have used memory sticks on them that I shouldn’t have b/c there’s no other way to transfer the damn data I need to do anything (anything touching my router I assume infected, quite a handicap).

But only the vendors and maybe some people that wrote some ISO CD burning programs and OS writers that need to interact w/ CDROM’s have seen some of this firmware and how it works. I haven’t done anything near it in my small career, so it’s a blackbox…but I still recommend using a CDROM and use a ISO burning program that says it can overwrite remaining space, then check if there’s still space via multiple OS’s and try to write to it b/c the equivalent is a USB stick that is much more rewriteable than a CD/DVD.

Dirk (Dick?) Praet
Put the latest version of TAILS on a USB stick
–Good OPSEC, but please PLEASE use CD/DVD’s people if you have a choice over USB, especially using TAILS. You can get laptops w/ a CDROM off ebay for $50, if you have a mailbox you can mail it to, just use a cash paid giftcard.

Thoth August 31, 2015 11:10 PM

@Nick P
I remembered I posted regarding dissolving sensors and electronics sometime ago here. Quite an interesting concept of “self-destructing” sensors after use.

Regarding emails, metadata over who sent to who is a difficult thing (unless you own the servers and have them over Tor) otherwise even GMail might be acceptable (using a dummy account) and the only thing left is your PGP Key’s security. If you don’t like GMail tracking you, host your own servers or use Tor and then access Anonymouse ( to setup a fire-and-forget email with probably a short-lived random address (using those short-live pseudo-nonymous emailing platforms) so all your concerns are that your keypair and it’s usage. Even better if you use fire-and-forget tactic as people re-use the random short-lived mailboxes and it makes metadata much harder.

Thoth September 1, 2015 1:34 AM

@Down Under Is Over
Hopefully that would have came as a sound wakeup call for the World to review their stance on privacy and make preparations for a total Orwellian future.

@Nick P
Reinventing the wheel is always a nice thing. OpenBSD funded work to create a native hypervisor from scratch for OpenBSD. It is nice to be able to get a native hypervisor that talks well to OpenBSD but the whole offering that Genode have supported … not sure if he missed it.


65535 September 1, 2015 2:41 AM

@ Down Under Is Over

“Haven’t some or all of the other 4-eyes countries already done this without informing anyone yet?”

Yes, to various degrees.

Currently we in the USA are stuck in the infamous 180 window of two mass surveillance programs at the same time. Both the Patriot Act and it successor the USA Freedom Act are going full ahead capturing all data [phone, internet, and mail cover imaging].

Worse, we are saddled with the horrible “PRISM” program and possibly targets of the drastic XKEYSCORE program via the routing of USA based packets around the globe.

[Emptywheel on the overlap of the two programs]

“The phone dragnet will continue for another six months even under USA F-ReDux
“As I pointed out here, even if USA F-ReDux passed tomorrow, the phone dragnet would continue for another 6 months. That’s because the bill gives the government 180 days — two dragnet periods — to set up the new system.


“…Supporters of the bill said that the House Intelligence Committee and House leadership would insist on reauthorizing all Patriot Act powers except bulk collection under Section 215 of the Patriot Act. Critics assert that mass surveillance of the content of Americans’ communication will continue under Section 702 of FISA which does not expire until 2017 and Executive Order 12333 due to the “unstoppable surveillance-industrial complex” despite the fact that a bipartisan majority of the House had previously voted to close backdoor mass surveillance…”

“David Segal, executive director of Demand Progress, wants Section 215 to expire. “This bill purports to ban certain acts under narrow authorities, but it doesn’t ban those behaviors outright. Nor does it increase meaningful oversight of the NSA” he stated. The group said “a vote for a bill that does not end mass surveillance is a vote in support of mass surveillance.” In a statement posted to Demand Progress’ website, Segal writes, “The Senate just voted to reinstitute certain lapsed surveillance authorities – and that means that USA Freedom actually made Americans less free.” However, he notes the group “[takes] some solace” in the fact that “Section 215 was – ever so briefly – allowed to sunset.”

EFF withdraws support for USA Freedom Act:

“[The] EFF is withdrawing our support of the bill. We’re urging Congress to roll the draft back to the stronger and meaningful reforms included in the 2013 version of USA Freedom and affirmatively embrace the Second Circuit’s opinion on the limits of Section 215.”

“…the “super minimization” procedures, which were key privacy procedures that mandated the deletion of any information obtained about a person not connected to the investigation, should be reintroduced. Key provisions establishing a higher legal standard and compliance assessment for the use of pen register/trap-and-trace devices, legal standing to sue the government over surveillance practices, and the original transparency provisions allowing government and corporate disclosure of surveillance orders should also be resuscitated.” -EFF

Background on USA Freedom ACT:

“According to supporters of the USA Freedom Act, the USA Freedom Act was meant to end the bulk collection of Americans’ metadata by the NSA, end the secret laws created by the FISA court, and introduce a “Special Advocate” to represent public and privacy matters. However, opponents to the bill cite that the USA Freedom Act does allow the bulk collection of Americans’ metadata by phone companies, which is then accessible by the NSA; it also does not address other laws which have purportedly challenged Americans’ Fourth Amendment rights. Other proposed changes included limits to programs like PRISM, which retains Americans’ Internet data, and greater transparency by allowing companies such as Google and Facebook to disclose information about government requests for information.

PRISM still in use:

“…PRISM program collects stored internet communications based on demands made to internet companies such as Google Inc. under Section 702 of the FISA Amendments Act of 2008 to turn over any data that match court-approved search terms. The NSA can use these PRISM requests to target communications that were encrypted when they traveled across the internet backbone…”

Background on XKEYSCORE:

“XKeyscore or XKEYSCORE (abbreviated as XKS) is a formerly secret computer system first used by the United States National Security Agency for searching and analyzing global Internet data, which it collects on a daily basis. The program has been shared with other spy agencies including the Australian Signals Directorate, Communications Security Establishment Canada, New Zealand’s Government Communications Security Bureau and the German Bundesnachrichtendienst.”

Between the Patriot Act and the USA Freedom Act we probably are in the same digital coffin as Australians.

Curious September 1, 2015 3:12 AM

I have no idea what this is about.

“iPhones and iPads to get special love at work as Apple and Cisco partner”

“Apple announced a partnership Monday designed to make the mobile gadgets work better on corporate computer networks running on Cisco products. The Silicon Valley networking equipment company sells routers, video systems, conferencing software and other tools and apps to businesses.”

Clive Robinson September 1, 2015 3:17 AM

@ Dirk Praet, Figureitout, and all interested others,

Put the latest version of TAILS on a USB stick…

Don’t use USB or any other “requires bi-directional write” protocol across security domains without a guard / sluice / pump. Which unfortunatly covers all modern interfaces, thus needing rather more precautions and duplication of hardware than once used to be the case. And worse may soon nolonger be possible with low traceability consumer cost computers.

Several years ago I saw malware specificaly designed to infect shared printers, so that any computer subsequently connecting to the printer gets infected. Back in the days of the parallel port this would not have been an issue, nor for that matter the majority of serial port printers, because they had no “write back” ability.

Times move on and “the need for speed” and “ease of use” at “the lowest prices” has consistantly driven us to increasingly insecure solutions.

The joke of it is we don’t get much choice… who remembers buying CRT displays for their computer? Chances are you could not buy a new one very easily or at all, it’s all L*D pannel these days. Worse the old “one way” video feed such as VGA and later are long gone, the display talks to the computer these days… But even the CRT replacment pannel displays are on their way out. USB / docking port connected “pads” are the way things are going, in a kind of swing back to “thin client computing”.

I’ve recently purchased a transformer pad / netbook format system just to play around with, that cost me less than a desktop L*D display did two years ago and was sufficiently low cost I had cash in my wallet to just buy it when I saw it. Whilst I can use it via WiFi to connect to a network, support for a more secure “wired” network connection via USB is just not there (in stock Android). Thus an ordinary user is forced to use an insecure connection, or invest in more hardware and acquiring some quite technical knowledge directly or through others, which also costs in both time and money.

This move to the insecure is going to be relentless, and soon trying to get more secure kit is going to mark you out as a person of interest…

sena kavote September 1, 2015 4:26 AM

re: Wifi / Wlan lockdown

Seems reasonable to prevent any random people from using any radio frequency they please, because radio bandwidth is a limited resource. I hope the lockdown stays at that and allows freedom in other aspects of wifi routing.

How phase array antennas that enable direction focusing without moving parts fit into this? Consumers have use for phase array antennas even if they are one meter in size.

Some of the unregulated radio bands are chosen to be on absorbtion bands of Earth’s atmospheric gases. 2.4Ghz wifi and oven is water vapor’s band.

Mesh networks

When it comes to mesh networking, it needs free space optical data transmission. Having unregulated radio transmissions with 2 kilometers range would mean chaos even if trying to focus the beams, but shining a lamp to kilometers away will not interfere with other peoples optical transmissions.

I hear that even the GPIO pins in raspberry pi can switch fast enough to allow ten megabits per second speeds for LED transmitters. One LED for a color / wavelength range: blue, green, yellow, red, near-infrared. Maybe more colors are possible.

re: Prison CPUs

@Clive Robinson

First we should have a virtual network of virtual machines in something like virtualbox, KVM or FreeBSD’s bhyve to implement the functionality of some version of this. One option might be using FreeBSD jails… VMs can be halted and the memory space then inspected by some custom program separate from the virtualizing tools. I believe there is at least one already, and it can do it live, but don’t know if it does what is meant here. It is “virtual machine introspection”. Guest OSs could be unikernels or netBSD rump kernels instead of stripping down some Linux distro.

It is not realistic to start from scratch in making the sub-parts. Parts of existing software need to be copy pasted to separate programs with some changes and additions that enable piping them together. For example, I imagine that a video decoder VM would get mp4 data from other VM, then move pixel data of frames to host OS, while moving compressed audio to be decompressed in another VM, that then sends raw audio to host OS. Or are these parts too big?

Firewire port with it’s controversial direct memory access could be used for having introspection / continual live inspection of the whole computer from a separate machine. Has it been done in any form?

Also, we could have something that could be called a “Qubes machine”, where some or all of the Qubes OS VMs are separated to different physical computers connected with ethernet, usb or firewire. Some of those component computers could be raspberry pi, some could be intel NUC or similar, some could be small servers similar in size to intel NUC but without graphics. Some could have msata SSD for storage, some could be booted by sticking usb stick just for boot then removing it after everything got to RAM.

re: BIOS malware


“BIOS installs keylogger via SMM mode (ring -2). Keylogger is not OS specific (it interacts with the keyboard controller directly).”

To make keyboard handling OS specific, keyboard could be connected to a raspberry pi that encrypts keystrokes before sending them to the actual main computer. Key button signals could be just another network traffic decrypted by some random userspace program before sending them to applications. The amount of data transmitted and computed could be needlessy high to force the BIOS malware to use more complexity for the keylogger. If using remote server via something like SSH, button signals do not need to be decrypted at the local machine at that time.

What other malicious things BIOS malwares are speculated to do? Given tight space in BIOS chips, the list of malicious things any one BIOS malware is able to do can be kept shorter if obfuscation can force them to be more complex.

Could introspection via firewire port reveal BIOS malware’s activity?

ianf September 1, 2015 4:30 AM

@ Dirk Praet can imagine Snowden having had a bit of an awkward time explaining to Greenwald how to use PGP, but I can’t even think of him talking the man through a secure Qubes setup.

Wouldn’t have to be Qubes. Here’s what BBC Click programme imagines would be within its viewers’ capacity to set up a Raspberry Pi-based home VPN (no hardware hacking involved, seat-of-the-pants typing only ASSUMED to work right out of the box). Who exactly were they kidding?

(Related ProxyHam Canceled)

Curious September 1, 2015 6:24 AM

Someone might already have linked the following article:
(“Digital surveillance ‘worse than Orwell’, says new UN privacy chief”)

“Although Cannataci admits his job is a complex one that is not going to be solved with a magic bullet, he says he is far from starting from scratch and believes there are at least four main areas – including a universal law on surveillance, tackling the business models of the big tech corporations, defining privacy and raising awareness among the public.”

It occurred to me as I read this part, that wanting to define ‘privacy’ as such probably wouldn’t make good sense, the same way it wouldn’t make sense to define ‘happiness’, because ultimately, I’d say that the interesting thing about “privacy” is the relationships between people as such as real phenomena, and not between law and people as a pure abstract as if ‘privacy’ was a qualitative statement of ‘property’ in some real or abstract sense. From that, the very idea of say selling ones ‘privacy’, or giving away ones ‘privacy’, or even loosing ‘privacy’ wouldn’t be meaningful notions from the point of view of the people that demand or express a need for “privacy”. So I’d argue that ‘privacy’ concerns is a cultural phenomenon that has to be treated as such. From that, omission, denial, or prohibition of ‘privacy’ must be disallowed. Conversely, omission, denial and prohibition of ‘privacy’, must be allowed only on terms in agreement, but never as an inconvenience (as if by exploitation and not by real needs). That in turn, would rule out any unwarranted needs of others for encroaching on the ‘privacy’ needs of people. I think, ideally, working with ‘privacy’ regulation should turn out to be as universal as possible, or risk encroachment and debasement of real ‘privacy’ needs. In addition to trying to work with ‘privacy’ as a set of ideas, for some regulatory stuff, I think an ideal would be needed as well, for example working out ‘best practices’. Ofc, “best practices” shouldn’t end up being, “the least worst thing”.

TLDR: (re my opinions just above) ‘Privacy’ is about the relationship of single individuals and the world, and a state/corporation/organization/group) must not expect to exploit, or get to exploit other people’s unfulfilled needs for privacy, and must be denied the exploitation of other people’s unfulfilled needs for ‘privacy’. What would be foremost interesting to discuss I think, is “privacy needs” as such, and not the validity of some self reflexive privacy policy that would be forced onto an individual.

Maybe the best tactic for achieving sensible privacy regulations, is to build upon known basic privacy needs for sake of universality, instead of ending up having shoehorned in a technical/legal solution that is merely a compromise to the needs and powers of state/security/business.

I didn’t sleep on this, but I like to think this made good sense to me.

Dirk Praet September 1, 2015 7:34 AM

@ ianf

Here’s what BBC Click program imagines would be within its viewers’ capacity to set up a Raspberry Pi-based home VPN

Looks like the author of the article had some deadline to meet. Nice for RP enthusiasts, but beyond the average user and pointless in the sense that achieving the same is both easier and cheaper flashing an old home router with dd-wrt.

@ Figureitout, @ Clive

Good OPSEC, but please PLEASE use CD/DVD’s people if you have a choice over USB

I know, and I use both. I just like the persistent (encrypted) volume feature for my account and configuration settings as well as some custom packages, which you can’t have with CD/DVD. It’s an, err, convenience thing 😎

@ Nick P

I’ve been using MyKolab and w/ PGP

Excellent choice. Kolab Now these days is under Swiss jurisdiction too, which is good. I agree that outfits like Proton and Kolab are probably interesting targets for NSA/GCHQ but I do like an approach of encrypted storage and transmission of communications by default. Proton also doesn’t keep logs and you need different passwords for authentication and encryption. Plus you can still do PGP on top. Which means that you’re reasonably safe from criminals, data miners and bulk dragnets all while even our spying friends need to work just a little bit harder if for whatever reason you become a person of interest.

Nick P September 1, 2015 1:18 PM

@ Thoth

They tell me they’re doing it to be competitive with other OS’s mainly. Theo looked more stressed and defeated than I’d ever seen in the interview someone gave me. Maybe it’s his normal look but he was confident/arrogant in old ones I saw. Anyway, I’ve been busting their balls over it at Hacker News here.

@ Dirk

I liked what I read on Proton except (a) they weren’t experts so it has to be run as untrusted anyway and (b) they’re Americans, not Swiss, so very easy to leverage our TLA’s against them. Could be wrong about (a) but even most knowledgeable people are building on what everyone hacks. For (b), the Kolab people are actually located in Europe and Switzerland with a team that looks good along a number of metrics.

So, who knows which is best. I like Proton’s design decisions but am concerned about their legal security and longevity.

ianf September 1, 2015 1:41 PM

@ Dirk Praet [BBC Click’s DIY project] beyond the average user and pointless in the sense that achieving the same is both easier and cheaper flashing an old home router with dd-wrt.

Your logic[k] is unassailable, except it has nothing to do with BBC Click’s objective. I’ve been watching this by and large consumer electronics novelty half hour program since it launched >10? 20? years ago & it’s obvious to me they’re fighting for their survival, lately by remaking it into a more “we’re all hackers” (wink, wink) format. So as not to have to repeat the same latest biggest Phablet, X-Box Tamaguchi, etc. week after week, season after season.

Thus the dedicated Raspberry Pi home VPN was presented as a means of preventing ad trackers from spying on our buying patterns… but in so sketchy a manner that it stands no chance of being made to work—unless one already possesses the necessary know-how, thus has no need for @KateRussell’s tech-advice. Basically, it was done to impress the easily impressable, rather that to educate the knowledge-thirsty. Your reflashing “any old router” wouldn’t have sounded quite as sexy on camera, also would have required countless exceptions for different makes etc. Whereas Raspberry Pi is like BRITISH! FIRST!!! ZX-81 with Pizzas for our time. You, Dirk, may know how to dd-wrt any old router, but you know dick about how primetime television programs are made.

Nick P September 1, 2015 2:49 PM

I’ve often posted on the great things some old hardware and software did. I’ve pushed using some of it for security/diversity/learning. I’ve even pushed certain clean-slate designs of OS’s, languages, and compilers. I’ve also posted before on how it can go wrong, with eg Minuteman program running on VAXen. However, this story is probably the worst, legacy deployment ever. I feel for that poor soul. The comments section is interesting as usual in these types of topics.

Dirk Praet September 1, 2015 6:52 PM

@ ianf

You, Dirk, may know how to dd-wrt any old router, but you know dick about how primetime television programs are made.

Guilty as charged 😎 Back in the days, I even managed to torpedo an emerging acting career when at an audition I accidentally broke the arm of the lead actress, and production had to be postponed for several weeks.

@ Nick P

… (a) they weren’t experts so it has to be run as untrusted anyway and (b) they’re Americans, not Swiss, so very easy to leverage our TLA’s against them.

Both are quite valid points. (a) reminds me a bit of the folks behind Telegram, whereas (b) is equally of concern. It’s a sad state of affairs when young and talented minds draw caution just because they’re Americans. And which they have their government and IC to thank for.

Thoth September 1, 2015 7:49 PM

@Nick P

“They tell me they’re doing it to be competitive with other OS’s mainly”

OpenBSD might simply go down in history as the OS that attempted to adapt …

Making hypervisors from scratch is absurd. They need to not just code it but verify it as we Genode and related projects have talked about. The one easy way out for them is to work with Genode and get OpenBSD not just running but fully integrated into the Genode subsystems with full usage capabilities.

Good job for keeping them on their heels moving 🙂 . Complacency breeds disasters.

Dirk Praet September 1, 2015 8:17 PM

@ Thoth, @ Nick P

The one easy way out for them is to work with Genode and get OpenBSD not just running but fully integrated into the Genode subsystems with full usage capabilities.

A splendid idea in itself, but given Theo’s reputation, what are the chances that the Genode guys would even consider working with him?

Nick P September 1, 2015 10:36 PM

@ Thoth

That would be nice. I suggested copying Nizza at least least after Ted (of Signify) tried trolling me here. Managed to shut him up and ended with a recommendation they could probably pull off.

@ Dirk Praet

“but given Theo’s reputation, what are the chances that the Genode guys would even consider working with him? ”

ZERO! I was hoping he’d knock off them. 😉

Nick P September 1, 2015 11:18 PM

@ Dirk Praet

Telegram? Just looked it up. That feature list would be hard for a professional to secure. And delivered for free by a company that can pay $300,000 for an encryption flaw? Huh? Situations like that make me follow the money and learn the Who of the situation. Here’s Who. These customers are trusting their privacy to “Russia’s Zuckerberg,” their king of social networking. He at least looks good in photos. That talk might be interesting.

Talk is talk, though. His Digital Fortress fund created this thing. People like him are rarely straight up about their intentions when lots of money is on the line. It might be as simple as integrating this into his social network later on. Might be more insidious given that people in his position in Russia are usually cooperating with others in equally privileged positions.

To be honest, Telegram’s pedigree makes it more worrisome to me than ProtonMail.

“It’s a sad state of affairs when young and talented minds draw caution just because they’re Americans. And which they have their government and IC to thank for. ”

Even more sad when I’m an American having to think that way. And people over here still don’t give a shit across the board. I talk to many members of the public about it all the time. Hopefully the other countries do more in response to Snowden leaks. The German situation has been hilarious in particular. Especially the computers.

Thoth September 1, 2015 11:49 PM

@Dirk Praet, Nick P

“but given Theo’s reputation, what are the chances that the Genode guys would even consider working with him?”

Either Theo adapts or sees his stuff shelved into some computing history museum. It is nice to talk about the old stuff but the fact is events move forward in time.

In Security, we are simply at a relative security state at a given moment in time until someone comes with a “hammer”. Same goes for everything else in life thus I said complacency breeds disasters.

Most problems are actually man-made … because we do not learn lessons and do not advance ourselves and seek to blame others for our own faults.

The hypervisor / separation microkernel techniques are shown to be rather advanced and somewhat much more capable at handling threats.

Do note that such same techniques of separation are used rather frequently in things as small as a smartcard (they call it SC Firewalls) to things like ARM/MIPS with nice names of ARM TrustZone and MIPS Omnishield …

I would still prefer isolating sensitive programs in SEE environments of Smartcards or dedicated hardware (HSMs, TPMs and the likes) over wired copper not just because I work with them daily but the lack of additional external peripherals, WiFi, BLE and the likes.

Curious September 2, 2015 3:17 AM

Black Hat 2015 video about the Rowhammer exploit/vulnerability/bug.

I don’t understand why they call this a “bug”, seems like calling it a ‘bug’ would be glossing over the vulnerability aspect of it all.

Lots of stuff mentioned in this near 50 min long video.

Btw, where does the name “Rowhammer” come from in all the articles of late? I thought that “Rowhammer” was a NSA codename (guess I might remember it wrong).

In the video, they also show links to a few academic papers from some years ago.

As interesting as the presenters in the this video are, I think would prefer the industry at large to address this issue.
(“Exploiting the DRAM Rowhammer Bug to Gain Kernel Privileges”)

Curious September 2, 2015 4:04 AM

I just noticed that the software ‘Memtest86’ has a row hammering test, as long as you use version 6 with the uefi option. Else, it might load an older version, without that rowhammer test, and which iirc also has a rounding error flaw on one of the other tests that was fixed in later versions.

I have no idea, what good that test is for, or if the software/download is trustworthy security wise.

Curious September 2, 2015 4:12 AM

To add to my previous comment:

This troubleshoot section of Memtest86 mentions the row hammering test:

I am no expert so take the following with a grain of salt so to speak. In the video I linked above from Black Hat 2015, the speakers claim that ECC won’t really mitigate rowhammering entirely, something about because if there are 3 bitflips, then they aren’t noticed by ECC supposedly. They did point out that it was likely that rowhammering would cause 2 bitflips before it would cause 3 bitflips, which would cause the pc/server to reboot as I understood it.

Curious September 2, 2015 4:22 AM

There seem to be some more information on the forums of Memtest86 re. their row hammering test:

“The work by the Project Zero team from Google (as well as the implementation of row hammer test in MemTest86 v6) was actually based on the research and findings of Flipping Bits in Memory Without Accessing Them: An Experimental Study of DRAM Disturbance Errors by Yoongu Kim et al. We have seen many users (as well as our own systems) report multiple 1-bit errors after running Test 13 (row hammer test) in MemTest86 v6.”

“Having said that, however, our algorithm could probably be optimized further by taking into account the addressing scheme of each CPU, the channels in use and ram timings, etc. Also, “double-sided hammering” could be used to induce more errors. Our current algorithm is fairly general and not targeted at any particular RAM setup or CPU.”

Curious September 2, 2015 4:26 AM

A commenter somewhere seem to point out that simply having DDR4 ram didn’t stop row hammering, and that lowering the refresh rate on the ram seemed to help.

Dirk Praet September 2, 2015 6:45 AM

@ Nick P

To be honest, Telegram’s pedigree makes it more worrisome to me than ProtonMail.

Most definitely so, and that’s why I’m consistently recommending against it. I compared them to Protonmail just for the fact that the crew working on the technology appear to be all mathematicians, not cryptographers. Apart of the person of Mr. Dubrov, there is also their home-brew crypto (MTProto) that does not seem to be following a number of industry standard best practices, and they have recently been reported to comply with Iranian government censoring requests.

In the field of mobile IM these days, I’m going with Signal on iOS (preferably on iPod) and Text Secure on Android. Threema seems to be a good pick too (caveat: proprietary). For interoperability purposes, there is ChatSecure (XMPP/OTR/Tor), which is compatible with Pidgin/Adium, Jitsi and the like. Also worth noting is that several interesting projects have recently been canned (Submeet) or reported compromised by the USG (Surespot).

ianf September 2, 2015 7:42 AM

Regarding the Signal app on iOS… I’ve read their AppStore memo (parts below), but can not understand how such a scalable, obviously huge, enterprise as that can be funded by

‣ Pay Nothing – Signal is supported by a team of dedicated developers, community donations, and grants.

… I really don’t know how big are their monthly bills, but they can hardly be pocket change, thus they must extend some effort on continuing funding for the jig. So where is it conducted/ how open is that underwriting drive (no bad word about the Whisper Systems team).

… There are no advertisements, and it doesn’t cost anything to use.
‣ View Source – All of our code is free, open, and available on GitHub.
‣ Join Movements – Technology developed by Open Whisper Systems is trusted and used by millions of people around the world every day.

BoppingAround September 2, 2015 9:49 AM

Nick P,
Former king. He got dismissed from VK. Some folks say it happened due to his refusals to cooperate with the Russian FSS and hand out users’ data.

I have a hard time believing that.

Thoth September 2, 2015 10:16 AM

@Nick P, Clive Robinson, all
Here’s a quick Smartcard-based Guard design I am writing now (while feeling sleep). It’s a draft afterall. This Guard design wouldn’t be very high in assurance though but can be rather affordable in certain circumstances at a pinch. I had to barely keep myself awake just to write this thing out.

The idea is to use the security of a Smartcard (SC) as a TCB (and yes, codes in SC are very compact thus fitting of a tiny TCB) for a Guard design where the host of the Guard can be a some-what semi-trusted computer. The somewhat tamper-resistant nature of SC make them suitable for hosting a SEE environment within themselves. Applets must be signed before being allowed to load into any SC (via the ISD signing key a.k.a applet loading key). It is assumed that the S

The SC would hold within itself a HMAC secret key or RSA keypair for signing an unencrypted protocol language whitelist residing in the Guard’s host computer. It is assumed that the Guard only processes rather simple protocol languages like HTTP and FTP languages so that the SC’s tiny RAM (4K to 8K RAM) could handle the protocol format.

An example of a simplistic protocol:

Binary protocols that are simple would be more than welcomed as a SC handles at most data types of “short” or “bytes” (JavaCard 2 and above format cards).

A Guard client would be assumed to know the Secure Channel Public Key of the Guard’s SC assuming the Public Key was shared before hand to have an anchor of trust. Under the SC’s Public Key, a Diffie-Hellman Ephemeral Key Exchange (DHEKEX) of sufficient size would be signed and encrypted by the SC’s Public Key which the SC would continue the DHEKEX. It is also assumed that the SC has a copy of a symmetric or asymmetric key to establish a secure channel with the backend sensitive server.

Once a secure channel is opened between the Guard client and the target server with the Guard as the middle-man, protocol commands would be sent to and from the Guard client and the server which the Guard’s SC would inspect the communication. Assuming that the protocol data is not a “Jack-in-the-box” where it contains layered enciphered data which prevents the Guard’s inspection (within the tiny SC chip), the Guard’s SC would look at the protocol headers, length and checksums where applicable. The Guard’s SC would request the Guard hosting computer for protocol header keywords in the whitelist with the matching HMAC/RSA signature to proof that the keywords are allowed which the secret key for the signing of whitelist keywords would only exist in the Guard’s SC.

Protocol packets that do not match certain criteria would automatically be discarded and not forwarded to the target sensitive server. This would allow general purpose computers equipped with SCs to be used as lower assurance Guards.

Nick P September 2, 2015 10:33 AM

@ Thoth

Very much a possibility. One of middle ground recommendations I gave to Ted was to modify the source code of as many modules as possible to facilitate analysis by tools such as Astree. That would prove it immune to many critical errors. Then, OpenBSD team could focus on modules with less analysis and look at Astree-proven stuff for the remaining type of defects it can’t catch. Additionally, I could’ve mentioned Design-by-Contract (eg Frama-C), dynamic analysis that catches errors via simulations/fuzzing, tools such as SVA-OS that wrap hardware in a safer interface., and hardware/software control flow integrity techniques that prevent hijacking.

The quality of their code and configuration are actually good enough that CFI might be all that’s necessary unless we’re talking data leaks. I’d have to think on it to be sure. Still need covert channel analysis for that. Kemmerer’s Shared Resource Matrix should be easy to automate and sort of map the whole system based on user input. However, there’s already a Ph.D. or something in my collection where a student created a runtime to automatically find the storage and timing channels. My concept was automatic extraction from C code of such a model, run the model, and then pretty-print the results for developer to see the flows.

@ Dirk Praet

Yeah, those are some bad signs. Especially Surespot. My recommendation for people wanting to do crypto is to get used to living in Iceland. Switzerland is the next best thing although they might mandate a backdoor themselves. At least they’re more likely to agree on something like I’ve proposed, less likely to abuse it in a destructive way, and not likely to act like terrorists as FBI/CIA do toward own citizens. 😉 Their intelligence service I suspect is similarly scheming, though, as they’ve built the Onyx collection system for who knows what. Seems, though, that their legal system is keeping it in check and their democracy at least looks after itself a bit.

re your chat clients

All decent options. I’d like to see more verification on Threema as it’s hopeful. Ottela’s Tinfoil Chat is still only configuration that can be made NSA proof or close to it. Props to him for listening and adapting to everything we told him. He’s literally 1 in a 1,000 or something on that. GenodeOS is another that, although unevaluated architecture, at least attempts to keep foundation strong and use best components (eg Nitpicker GUI, NOVA, Muen) from other projects. I’ll test them soon enough. 😉

@ BoppingAround

“He got dismissed from VK. Some folks say it happened due to his refusals to cooperate with the Russian FSS and hand out users’ data. I have a hard time believing that.”

A relative of mine loves Anthony Bourdain. We were watching a show of his in Russia where he interviewed Alexander Lebedev at his potato farm. Got to be a potato farmer, many times investigated, and life threatened by running the last newspaper critical of Putin. All the pressure, a sense of defeat, and worries for his children made him drop it. So, with this happening to Putin opponents, I tend to wonder about people like Pavel Durov or Yuri Milner whose businesses (including encryption) are booming without such things happening to them. Each one also tends to incidentally be awesome for an intelligence service known for long-term, patient espionage.

Like Dirk said, sad that a person merely coming from or operating in a certain country should be a reason to suspect them of betrayal. Yet, these Russian billionaires always keep me wondering.

Petter September 2, 2015 4:20 PM

Somehow the HDCP 2.2 got worked around and a release group have stated they did a “HDMI cap of the UHD Netflix with a lossless capture card, encoded with x264” when they captured and released the first Netflix 4K stream of Breaking Bad.

Wonder if they used the old HD trick of only “one output from a HDMI-splitter” to strip it from the HDCP to feed into a 4K HDMI capture card?

Thoth September 2, 2015 8:29 PM

Sad news regarding further demonization of Crypto leading to VICE investigation journalists captured by Turkish Govt and charged to be in collusion with ISIS because they use Crypto just as ISIS did.


Crypto rarely seems to move beyond most of it’s play toy formulaes and paper theories.

Most crypto protocols leak some form of metadata or flags indicating it’s use and some require special ports to be used.

What if flags, metadata and indicators can be removed. Example is the “STARTTLS” flag or “—– BEGIN PGP MESSAGE —–” flag ?

What if key exchanges can be done in a plausible deniable way from the syrface unless you captured the long term keys ?

What if plausible deniable protocols can be embedded into common protocols looking as FTP uploads or HTTP messages over more common protocols like SSL or SSH ?

Combine the above points with multicasr based Fleet Messaging style that @Clive Robinson promotes. The deniability would be higher and so would be the security assurances of the protocol. Of course there are much.more fine grain details to consider but those are the first steps.

name.withheld.for.obvious.reasons September 2, 2015 11:08 PM

U.S. trade policy and multi-national corporations have by policy subverted both our domestic defense posture and the domestic U.S. tax structure. How does trade and tax policy undermine domestic tranquility? Good question, the answer is nearly simple, the nature of both trade and corporate tax liabilities share a common characteristic–that is the scope and breadth of “protection” of “national security interests” go from natural borders to more vacuous legal borders. The problem is that the U.S. domestic taxpayer is asked to provide subsidies to entities that are not held to borders that define the term “domestic tranquility“.

Our natural borders give the general population, those without access to tax shelters and investments outside the these boundaries, an obligation to the general federal tax funds that are redistributed to the more opaque legal boundaries that are defined as “national interest/security“. As in the case of two trillion dollars U.S. held in overseas accounts can survive tax policy while you or I cannot refuse payment and negotiate a deal or we keep our money off-shore. And, when Israel for example is allocated funds from the general tax base, we, the domestic taxpayer are required to provide for our “national interest/security” (not sharing a natural or legal boundary) using funds primarily derived from the U.S. domestic tax base.

These two examples show how liabilities and payments from domestic tax structure fails to restrain manipulation by actors that use natural boundaries for nothing more than a mailing address. My thinking is that all U.S. protection (legal and corporate) be stripped from entities that engage in holding tax payments or using tax revenues outside of natural borders and be stripped of any U.S. domestic enumeration/instruments including contributing or lobbying members of congress.

What I see here is a problem that when the Congressional Budget Office (CBO) scores a bill it makes judgements/calculations about the nature of a bill such as revenue and tax liabilities. What CBO doesn’t do is score whether the bill represents a “natural” constituency or does it proffer advantages to “globally” scoped entities.

name.withheld.for.obvious.reasons September 2, 2015 11:17 PM

@ Thoth

What if plausible deniable protocols can be embedded into common protocols looking as FTP uploads or HTTP messages over more common protocols like SSL or SSH ?

This has been done, to quite a degree of success. Those familiar with “Blue Light” may know that whole network layers have been encapsulated within HTTP protocol layers (a OSI layer 2 network on top of layer 5). Some pretty cool stuff…the people that did the original work back in the mid/late 90’s knew what they were doing. One of the few times I’ve been impressed. The other was a real-time DAQ deployed on a satellite system that did what would not have been considered achievable. In fact, the contemporary replacement for the space platform has failed to achieve success.

Thoth September 3, 2015 12:31 AM

Do you have papers on Blue Light ? I am interested in it as I have envisioned such a protocol without realizing it existed since a couple years back.

Some problems that are hard to solve includes setting up plausible middle-men that they themselves (like a TOR routing) would neither prove nor disprove in any manner of such communications.

Let’s say Google decides to host a plausible router and Google also records the routing. The thing is to get message pass a recording middle-man router between endpoints with plausibility so that any amount of state actors running their honeypot routers could not gain any certainty.

Curious September 3, 2015 2:43 AM

“Frustrated federal judge anxious to rule again on NSA program”

“Leon held in 2013 that the program was likely illegal but he put his ruling on hold pending review by an appeals court. That court did not rule until late last week when it threw out Leon’s original opinion and sent the case back down to him to resolve threshold issues.”

“The three-judge panel of the U.S. Court of Appeals for the D.C. Circuit vacated Leon’s opinion, but in doing so, it did not rule on the merits of the program. Instead, it questioned whether there was clear enough evidence that the plaintiffs had been harmed.”

Curious September 3, 2015 3:32 AM

To add to my previous comment, about the Red Hat Product Security paper:

Snippet from the paper:

“This report shows that it is still possible to use Lenstra’s attack to recover RSA private keys, almost two decades after the attack has been described first, and that fault-based side-channel attacks can be relevant even in scenarios where the attacker does not have physical access to the device.”

Curious September 3, 2015 3:56 AM

I am no security professional, but what I take from this paper, is that “perfect forward secrecy” probably isn’t implemented properly by those relying on it, because of known problems with the implementation.

The author sees a problem with “forward secrecy” being a name that is used to invoke confidence, at the cost of sound security considerations. My attempt at a paraphrase here.

John Galt IV September 3, 2015 7:19 AM

A couple of gems, I think from NakedCapitalism’s daily news compendium yesterday Their incisive and biting comments on the headlines are a great way to start the day.

They Cracked This 250-Year-Old Code, and Found a Secret Society Inside

I never imagined that I would be the one calling for regulation, but the problem of hidden/projected intent is going to lead to some spectacular crimes. I definitely said before that brain-scanning politicians and government employees is a good idea, starting with the executive branch and congress all the way down to every beat cop and streetsweep. It’s not enought to measure the intent of people – you have to measure the intent of machines.

A Roadmap for a World Without Drivers

I probably said before that guns project intent milliseconds to seconds over a range of centimeters to about a kilometer. Warhawk drones project intent over days and tens of thousands of kilometers. Machines are coming that can project intent over timescales of years to millenia. Humans already have projected intent a billion miles into space. The original Star Trek series did a good job of anticipating a lot of it, and what can happen if the original intent gets subverted.

I think that I’ve posted on the Baltimore blimps before as a method for putting in place full spectrum dominance of the airspace. An attempt to mitigate the drone threat. It also will allow for tracking of every surface vehicle within a 50-mile radius, except when shaded by buildings. The shadows may be illuminated by reflections that can be deconvolved.

The unpublicized side of the blimps is the addition of 100 kW lasers for taking down any airborne threats. Sure, they’re going to burn up a few Cessnas full of children, but we’ll be safer for it. You might want some sunblocker on if you’re within 50 miles.

I can’t offer any realistic libertarian alternative to giving the idiots, psychotics, criminals and sociopaths (aka liars, thieves and murderers) who run governments more power. You’re damned if you do and damned if you don’t.

John Galt IV September 3, 2015 7:37 AM

It’s a short conceptual step from projecting intent over tens, hundreds and thousands of kilometers of airspace via microwaves and lasers to agencies and companies projecting intent inside your boundaries by using backdoors to infiltrate spookware onto all of your machines and consumer appliances. I eventually will post some open-source powerline filters to defeat some of it.

I probably said before that with the right safeguards, all of the surveillance (and associated full-spectrum dominance) would be a good idea. Unfortunately, we are light-years from the right safeguards, as Snowden proved quite nicely by waltzing out the door with millions of files. In fact, every cell phone video of every cop who has shot a black person in the back (or in the head, while they are handcuffed on the ground) is further proof that the safeguards are inadequate. The difficulty is managing a distributed system of government where the power is wielded by liars, thieves and murderers. A nice analog to Programming Satan’s Computer. The link is easy to find and I may have seen it here.

I mentioned before a 6th class of exploits using smart power meters to exfiltrate data from inside your boundaries. There is a 7th, which is to toggle the mode of some other device to transmit on a separate channel like optical. Imagine for a moment that some inexpensive consumer appliance, an LED bulb, was built by the millions with hidden circuitry such that on command from theh smart meter, it could send audio bacl to the meter using the power connection (part of the 6th class), or the LED bulb could be toggled into a mode where it sends the audio on a high-frequency optical carrier (an additional class). The use of LED bulbs to transmit audio on optical carrier has been reported previously, probably here, as a way for law enforcement to eavesdrop on a location, but avoid detection by conventional bugsweepers. The previous examples didn’t use a powerline signal to toggle modes, as far as I know. In principle, the mode also could be toggled by an infrared signal. I don’t have the link handy, but it is a great example of distributed intent.

Nick P September 3, 2015 10:25 AM

@ Thoth

This is quite common for covert channels and malware. Just Google around for tunneling over HTTP(S). It works best if you have a proper-looking, Web server that the client can do traditional request-replies to. You can tunnel over any protocol so long as you can squeeze the data into it and best if traffic looks normal. Many don’t do traffic monitoring so you barely have to do that.

BoppingAround September 3, 2015 4:17 PM

Mildly off-topic. Make a decompressiom bomb out of a PNG image file:

What’s the biggest pixel size of a PNG image in the smallest number of bytes? I wanted to try to create an image that could be downloaded but whose pixel buffer would be too big to store in the RAM of a PC. Here is a bzip2 file of 420 bytes that uncompresses to a PNG image of 6,132,534 bytes (5.8 MB) and 225,000 × 225,000 pixels (50.625 gigapixels), which, if represented as a pixel buffer of 3 bytes per pixel, takes about 141.4 GB.

Dirk Praet September 3, 2015 6:35 PM

@ BoppingAround

Mildly off-topic. Make a decompressiom bomb out of a PNG image file

This is really neat 😎

Buck September 3, 2015 7:09 PM


That just me a billion dollar idea…

  1. Develop cryptographic algorithm designed for maximum practical ciphertext expansion.
  2. Promote said algorithm as a means to increase the cost of warrentless bulk surveillance
  3. Invest in novel and up-and-coming high-density storage technologies.
  4. Start sending all your daily emails to colleagues as 150GB encrypted blobs.
  5. PROFIT!!!

evil grin

Nick P September 3, 2015 10:39 PM

@ BoppingAround, Dirk

The PNG trick is cool. There used to be tricks like that with ZIP, etc. My favorite trick, though, was a RAR file that decompressed into an identical RAR file. Don’t have the link any more, unfortunately.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.