Friday Squid Blogging: Calamari Ripieni Recipe

Nice and easy Calamari Ripieni recipe, along with general instructions on cooking squid:

Tenderizing squid is as simple as pounding it flat—if you’re going to turn it into a steak. Otherwise, depending on the size of the squid, you can simply trim off the tentacles and slice the squid body, or mantle, into rings that can be grilled, sautéed, breaded and fried, added to soup, added to salad or pasta, or marinated. You can also ­ as chef Accursio Lota of Solare does—stuff the squid with bread crumbs and aromatics and quickly bake it or grill it to serve with salad.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Tags:

Posted on August 21, 2015 at 4:07 PM208 Comments

Comments

GeoD August 21, 2015 6:47 PM

Here’s a tip my Nonna taught me.
Clean and trim the squid fully and place it in a bowl of white vinegar the night before use. Refrigerate.
At least 4 hours before cooking rinse thoroughly and place in a bowl of lightly salted water. Rinse thoroughly and prepare as usual.
works best on squid 3 to 6 inches body length.
~GeoD

Marquita August 21, 2015 8:45 PM

bcs, while that seems like a silly mistake, anyone with a “TSA lock” could reverse-engineer the bitting. Having 7 in one image makes it easier/cheaper, but presumably an enterprise that involves breaking into luggage will pay well enough to just buy all the “hot” luggage styles.

If you really want your checked luggage to be secure, pack a gun (starter pistol) in each suitcase. TSA agents are not allowed to open such baggage, and they’re more careful not to lose it.

Smirk August 21, 2015 11:50 PM

Did anyone see the ashley madison leak? And all the people who used their .gov and .mil email? Also, maybe funny, an information technology administrator in the Executive Office of the President.

Also i am curious about why Brian Krebs is jumping in on downplaying the whole thing and doesn’t update or correct the article now everybody now knows it is real.

A personal side note: i don’t care about why the people may or may not be on that site or their marriage. But i think that Ashley madison is a shady business, they charged to delete everything and in the end apparently they didn’t (people who only paid for complete removal, years ago, still found their data). Also as with a lot of companies who got breached should tell their costumers what happened, what info is out their,etc and as we all know they rather choose to say “nothing happened, don’t worry”

Curious August 22, 2015 2:44 AM

“California bill aims to warn consumers about recording TVs”

http://bigstory.ap.org/article/030a162114c849dd8f39c1de28ef2c0b/california-bill-aims-warn-consumers-about-recording-tvs

“After taking a lashing in the media and online, the company changed its user manuals in February to make it clear that its smart TVs do not record or store conversations. Samsung says it will only record voice commands if a user clicks an activation button and talks into the remote or a microphone.

Still, Orwellian anxieties have already taken hold, and Gatto’s Committee on Privacy and Consumer Protection is pushing a bill to rein in spying TVs before the problem becomes worse.

His AB1116 is the first legislation of its kind in the United States, according to the National Conference of State Legislatures. After unanimous passage in the Assembly, the bill now goes before the full Senate before the Legislature finishes on Sept. 11.

It would require that users be explicitly informed when their smart TVs are installed that the devices could start collecting conversations.

It also forbids TV manufacturers and related third parties from using or selling stored conversations for advertising purposes, and would allow manufacturers to reject law enforcement efforts to use the feature to monitor conversations.”

Curious August 22, 2015 3:11 AM

I wouldn’t know (I build plastic kits and goof around on the internet), but I can’t help but wonder, is there any relation between the six variants of SHA-3/SHAKE and what is called “fuzzy hashing” in the linked article below?

“What is a Data Fingerprint?”
https://terbiumlabs.com/lab-notes.html#/post/what-is-a-data-fingerprint

There is a link to a pdf file near the bottom (hyperlink via “fuzzy hashing”):
http://dfrws.org/2006/proceedings/12-Kornblum.pdf

Titled: “Identifying almost identical files using context triggered
piecewise hashing”

Could it perhaps be said that SHA-3/SHAKE is meant to be a “fingerprint protocol”?

Curious August 22, 2015 3:25 AM

Off topic: (LED lighting and electromagnetic distrubance)
I am amused by this local article that points out a problem with how LED lighting in the bathroom had interfered with the functioning of a DAB radio (stopped working as intended). Something about a problem with electromagnetic compatibility, with some LED products.

According to this local article, it also adds that (I’ll attempt a translation):
“An LED board made with 13.000 lights on top of the museum ‘Rockheim’ in Trondheim interfered with communication frequencies for air traffic passing above the museum, and was closed for a period to remedy the issue.”

Curious August 22, 2015 3:47 AM

‘The Register’ has a problem with how Microsoft doesn’t/won’t explain the recent cumulative update KB 3081438 for Windows 10 (Aug 14.).

Unsure if this is a new thing or not, with articles about patches relating to Windows update.

http://www.theregister.co.uk/2015/08/21/microsoft_will_explain_only_significant_windows_10_updates/
https://support.microsoft.com/en-us/kb/3081438

I see that there are several ‘keywords’ listed at the very bottom of the kb 3081438 article that seemingly imply that the update relates to security and vulnerability issues, not having thought about this before until now, I guess the keywords might perhaps be superfluous if they also appear in most if not all the webpages made for each individual patch for Windows update.

SoWhatDidYouExpect August 22, 2015 4:10 AM

NSA preps quantum-resistant algorithms to head off crypto-apocalypse

http://arstechnica.com/security/2015/08/nsa-preps-quantum-resistant-algorithms-to-head-off-crypto-apocolypse/

So, while the spook agencies and their minions everywhere complain that cryptography endangers their work, they continue to develop cryptography to protect…who…what…why? It is bad for citizens to use crypto but it seems okay for the spooks to protect themselves from those same citizens. Yeah, apparently Top Secret labeling doesn’t do the job anymore.

Curious August 22, 2015 4:40 AM

I never intended to spam this thread with articles, but I have been saving it up for the last few days:

“NSA Finds New Snowden Emails — But They’re Not About His ‘Concerns’ With Surveillance”

https://news.vice.com/article/nsa-finds-new-snowden-emails-but-theyre-not-about-his-concerns-with-surveillance

“The NSA is seeking dismissal of the FOIA lawsuit because the agency has not found any emails in which Snowden “raised concerns.” But attorney Jeffrey Light, who is representing VICE News in the lawsuit, argued that the agency was construing too narrowly the phrase “raised concerns” when it conducted its search of the emails.

Jack August 22, 2015 6:59 AM

Anyone knows Adguard 5?
It seems to be the only Adblocker working with Microsoft Edge in Windows 10. So 8 million users and fast increasing.
My concern, except that it’s Russian, it can filter also HTTPS. This could be done on all traffic, so not only browsers?
I guess it can do funny stuf as MITM with the encryption keys en certificates.
Even with the option disabled in the userinterface I have no confidence it’s still sniffing.
Any ideas or experience?

Gerard van Vooren August 22, 2015 7:13 AM

@ Curious,

“Former Salt Lake City mayor sues Bush administration, NSA for spying”

That’s how you do it. Remember that they caught Al Capone with tax fraud, not with murder.

Clive Robinson August 22, 2015 7:33 AM

@ Curious,

LED lighting and electromagnetic distrubance

Yup it’s easy to do…

The problem is the mains supply is one or two hundred volts alternating current and LEDs are one or two volts direct current.

So you have to convert 220Vac to 2Vdc very efficiently to meet various energy ratings requirments. This means using some tricksy electronics that very often involve high or very high frequency switching. If you don’t get the circuit layout, filtering components and screening right then this will get radiated. Even if it’s a milliwatt or less if it gets into a suitable antenna –mains wiring– then your house is not going to be “broadcast signal” friendly.

As for the aircraft, for historical reasons VHF Air-Band comms and navigation systems use modulation with a significant amplitude component. The receiver is thus quite a bit more sensitive to “switching noise” than those looking mainly for frequency or phase modulation components. Thus problems with voice comms and older areo beacons for navigation are to be expected.

Clive Robinson August 22, 2015 8:10 AM

@ GeoD,

You can replace the vinegar with another “acid” such as lemon juice.

In effect you are “cold cooking” or “pickling” the proteins which reduces the shrinkage caused when what is basicaly muscle gets heated over 40C.

Though with your way I would add a little sugar to the salt solution.

It also helps if you “blunt score” the surface of the squid with the likes of a butter knife, as when the squid cooks it produces a nice diamond pattern and spirals that the sauce clings to, as well as reducing the effect of the shrinking, it looks realy good in salads and pasta dishes.

As for the articles “three copper pots” or “wine corks” hmm a table spoon of white wine vinegar or lemon juice and a good pinch or three of salt and sugar in the water would probably work as well.

Which is kind of what happens when you cook it with tomatoes or other fruits (not bananas or plantains though).

Benni August 22, 2015 10:29 AM

For some time now, NSA is trolling russia. They created a “hacker group” that publishes the content of putin’s speeches before he makes them, or they sell the content of the mobiles of Medvedev to the highest bidder or they publish which porn sites russian law makers use.

Now they write here an open letter to the russian FSB:

What NSA publishes here is actually a must read for every company. Since they just tell how they acquire secret technology blueprints. And they can tell this, since apparently the russian sites are so bugged that they can change what they want, and they still are completely owned…

https://translate.googleusercontent.com/translate_c?depth=1&hl=de&rurl=translate.google.de&sl=ru&tl=en&u=http://b0ltai.org/2015/08/07/%25D0%25BE%25D1%2582%25D0%25BA%25D1%2580%25D1%258B%25D1%2582%25D0%25BE%25D0%25B5-%25D0%25BF%25D0%25B8%25D1%2581%25D1%258C%25D0%25BC%25D0%25BE-%25D0%25B2-%25D0%25B2%25D0%25BE%25D0%25B5%25D0%25BD%25D0%25BD%25D1%2583%25D1%258E-%25D0%25BA%25D0%25BE%25D0%25BD%25D1%2582%25D1%2580%25D1%2580%25D0%25B0%25D0%25B7%25D0%25B2%25D0%25B5/&usg=ALkJrhjOkV6avljSGq4ljAt_UpcvT2FpKQ

“We liked the genre of “open letters” 🙂
Today we write an open letter to the Department of Military Counterintelligence FSB.
Forced to take this step after careful study of the material of the former head of the Construction Department of Defense of the Russian Federation Roman Filimonov.”

Some time ago, we received access to the email and the devices of Xenia Bolshakovoj, Assistant Secretary and Mr. Filimonov, the former head of the Construction Department of the Ministry of Defence. Currently, this data set is sold on the Exchange of Information at https://joker.buzz/item/23

Accompanied to this letter is a file about military units with the placement of “Iskander” and part of the retouched image for the home base of nuclear submarines of the fourth generation at 12 facilities.

We also want to note that the publicly traded Information of Mr. Filimonov can be sold to members of the military counter-intelligence with 50% discount.

After careful consideration, we regret to see the incompetence of the staff of the Ministry of Defense of the Russian Federation in the field of information security, and more specifically – of criminal negligence.

Through the free email services such as yandex.ru, mail.ru and gmail.com they transmitted unencrypted official documents, which often contain sensitive information related to the defense of the Russian Federation. In particular reports and information on the issues discussed at the meeting with the Minister of Defence and his deputies. This information in unsecured e-mail channels in the clear is easily accessible to most.

Also, employees of Mr Filimonov and related persons passed secret information on devices made by Apple. In addition, in the device records of the Secretary Xenia Filimonov Bolshakovoj there appeared passwords and access to service mail servers of the Ministry of Defense.

They are actually forcing the russians to buy the blueprints of their submarines back, thereby financing the NSA…

And this is not all. Probably, the russians then switched off their computers….
and NSA goes to their audio bugs and can hear the employees “shouting”:

https://translate.googleusercontent.com/translate_c?depth=1&hl=de&rurl=translate.google.de&sl=ru&tl=en&u=http://b0ltai.org/2015/08/21/%25D0%25BA%25D0%25B0%25D0%25BA-%25D1%2581%25D0%25BC%25D0%25B5%25D1%258E%25D1%2582%25D1%2581%25D1%258F-%25D0%25B8%25D1%2581%25D0%25BA%25D0%25B0%25D0%25BD%25D0%25B4%25D0%25B5%25D1%2580%25D1%258B-%25D0%25B8%25D0%25BB%25D0%25B8-%25D1%2582%25D0%25B0%25D0%25BD%25D1%2586%25D1%2583%25D1%258E%25D1%2582-%25D0%25B2%25D1%2581%25D0%25B5/&usg=ALkJrhhQD53JiAtJvhYWbNsB3ZoJvtUWUg

Dear friends!
We continue our little investigations of activities related to the work of Roman Filimonov and his staff in the field of secrets of the Ministry of Defense of the Motherland.

After the publication of our certificate of Iskander, which was unprotected for employees of Roman Filimonov, these same employees, representing injured innocence, angrily shouted that this information is in the “public domain.”

We are not lazy and decided to check out what is and what is not in the public domain.

Unfortunately, we were not able to find an open discussion of these objects on the Internet in addition to procurement site. But even there, there are orders for all objects in the document, and only 4 of 8 and only 1 of these 4 sites referred to “Iskander”.

The object, which is mentioned in the description as Iskander, was in the village of Totskoe ISC-2. It is safe to assume that the order forms on the issue were filled by a secretary with very blond hair and a lot of other advantages.

We will publish a few more examples of data from the correspondence assistant Roman Filimonov, which is replete with confidential official documents explicitly. Here is a report from the conference call in the Ministry of Defense of the problems with the creation of the Angara missile.

Or a draft master plan for the reconstruction of the Black Sea Fleet base (wall thickness, grade of concrete, detailed plans). What’s funny, project organization also enjoys the free service mail.ru

Always with you, even when you do not suspect about it

Your Anonymous International.

They even know the wall thickness and the grade of concrete of their facilities…

Carolin Ewalt August 22, 2015 10:52 AM

@Benni

If the NSA is truly behind this, it’s got to be one of the most stupid strategies I’ve seen for ages. I mean, what easier way to get the Russian population on Putin’s side than to act like a douchebag online, troll their forums, compromise their infrastructure and then admit that you are a foreign power attacking Russian interests? Unless I’m missing something obvious, it plays right into Russia’s hands.

Benni August 22, 2015 11:11 AM

@Carolin Ewait:
No, this is not stupid at all. This is a clever demoralization attempt to make the russian government nervous.

if you look at their blog, then you will see that they publish information about corruption of russian officials, documents about how the propaganda campaigns in the russian media are financed, and so on… So this wont assemble the russian population more close to their government. Quite the contrary. In some sense they do a service to the russians. I mean which government is so stupid to send blueprints on nuclear submarines and planned bases per unencrypted e-mail… That way, every other state wanting to attack russia just has to hack their mail.ru account…

And yes, this is almost certainly the nsa. Since they manipulate medvedevs twitter account, have access to apple mobiles of russian government employees, have access to most emails of russian lawmakers and so on.

When they say that they have so easily access to google mail and yandex.ru, mail.ru or the entire russian defense ministry it definitely looks like nsa, and is similar to their hacking into the chinese government.

Furthermore these hackers even publish photos of internal russian government documents, so they must not only have sigint but well placed human intelligence on site. Also, some time ago, they published that Putin told Berlusconi that he was judged by KGB to be psychologically unstable so that he was not allowed to conduct foreign espionage… (no this is not a hacker group that monitors both Berlusconi and Putin)

http://joinfo.com/world/1002301_hackers-publish-table-revelations-of-putin.html

unknown hackers from the group calling itself Shaltay Boltay published the records of conversations of Russian President Vladimir Putin with the leaders of other countries made in the course of a lunch with the chief cook of the Kremlin Yevgeny Prigozhin, German magazine Focus informs.

There are hackers that are equipped with microphones…..

Basil Quasney August 22, 2015 11:23 AM

@Benni & Carolin Ewalt:

It makes you wonder, what is the point of bugging someone when they know they’re being bugged and they know that you know that they know?

x78954621 August 22, 2015 11:38 AM

@Benni

that http://joinfo.com… page that you link to does not say anything about Putin having been judged as “psychologically unstable”…where do you get that from?

The page says that

According to published materials, Putin spoke of his “reduced sense of danger”, which did not let him to build the career of the KGB spy

That reduced sense of danger could just mean that he has tendencies to be overconfident.

Ironically IMHO this information on that page also contradicts the impression given by some earlier conclusions presented on the same page.

Benni August 22, 2015 11:46 AM

@Basil Quasney:
Seems that they dont know. Otherwise they would have encrypted their submarine blueprints…

And if they know that they are bugged, just install more bugs, at unexpected places….

This here also seems to be an NSA twitter account that publishes almost live imaginary data from syria and russia and ukraine. https://twitter.com/finriswolf/status/633125042075754496

Apparently, the russians took notice that their work is published in the open, and this is their reaction:

https://twitter.com/finriswolf/status/630609496671285249/photo/1

At the beginning they really thought they could hide under trees…

(I think the US really should sponsor public spy sattelites, where, like with the hubble telescope, you can place observation requests on zones with potential war crimes or environmental destruction, which then broadcasts live images. That way, these guys could not hide anymore…)

John Galt III August 22, 2015 12:13 PM

@x78954621 a reduced sense of danger is both a valuable trait and a weakness. it is classic sociopath trait. if I haven’t said it before, I never imagined in the cold war that I would want to send a thank you note to a kgb assassin, but I’m glad that putin gave safe harbor to snowden, and I’m glad that putin kept the US out of Syria, at least temporarily. not that putin is any better than any of the other liars, thieves and murderers who run countries around the world. or that he did these things out of an enlightened worldview.

Clive Robinson August 22, 2015 12:35 PM

@ John Gault III and the usuall suspects,

Of more interest to many from the website you link to is,

http://www.nakedcapitalism.com/2015/08/picking-apart-one-of-the-biggest-lies-in-american-politics-free-trade.html

It is without doubt destroying national economies and their governments and handing it over to the 1% non tax paying elite.

For instance Apple has so much of it’s non taxed profit off shore, it’s actually starting to limit what it can do with the capital to keep Apple in existance…

Likewise Starbucks has so much faux debt to off shore entities to avoid tax it likewise is starting to run into real issues.

tyr August 22, 2015 3:44 PM

@Clive

Nice catch on that link. I was particularly impressed with
Hamiltons vocabulary. I’ll bet most Americans can’t read
and understand his 11 points without a dictionary. Now
that’s American exceptionalism in the moderne age.

I hear Teddy Cruz thinks EMP will kill many millions of
Americans. That flies in the face of the Air Force officers
who stood under a nuclear airburst at the Nevada test
site and survived the EMP. I think Teddy needs to go back
to high school and stay awake in his physics classes this
time.

I was watching “Bitter Lake” an Adam curtis documentary
which had an interesting narrative causal thread from the
cold war all the way to ISIL. He blames the framing of
complexity into good versus evil for most of the current
mess.

It reminds me of Heinleins “Sound of His Wings” in his
future history that he found too depressing to write for
publication.

The Ashley Madison hack is getting more interesting every
day. If they don’t fold their tent and slink off they are
going to have an epic circus of lawsuits to keep them busy.

x of y August 22, 2015 5:57 PM

We will probably not see many IT luminaries like Linus Torvalds or Bruce in this kind of scandal ever. I think the intellectuals are too busy keeping their mind out of the gutter?

New Details Emerge In Josh Duggar Ashley Madison Scandal; Former ’19 Kids And Counting’ Star Paid For ‘Affair Guarantee’
http://www.ibtimes.com/new-details-emerge-josh-duggar-ashley-madison-scandal-former-19-kids-counting-star-2063562?rel=rel1

According to new information posted on People, a portion of the $986.76 Josh paid for his two subscriptions went toward an “affair guarantee.” The site claims the eldest Duggar child paid $249 for the feature.

Anura August 22, 2015 6:10 PM

@x of y

“I think the intellectuals are too busy keeping their mind out of the gutter?”

Ever hear of Erwin Schrödinger? There’s no reason whatsoever to think that might be true.

RST August 22, 2015 6:29 PM

@BQ

The point would seem to be classic area denial. Deny your enemy any place to enjoy any form of traditional privacy. Of course it probably ends up in a morass of well-poisoning and other trolling. But if denying an opponent the ability to operate in any way (think long term containment, ‘boxing’)…

x of y August 22, 2015 7:24 PM

@Anura

I read of Edwin (of the Schrödinger’s cat fame) years ago, although those writings focused solely on his work in QM. So because of what you said I decided to look up the Wikipedia article on him, and I think you are referring to him “sharing his living quarters with two women”.

In any case so it is best to admit, I stand corrected.

Anura August 22, 2015 7:55 PM

There’s a more complete biography here:

http://www.nndb.com/people/308/000072092/

Schrödinger had a long, happy, and very open marriage with Annemarie Bertel, daughter of a respected chemist. He kept a detailed log of his numerous sexual escapades, included a teen-aged girl he seduced and impregnated while acting as her math tutor. He had children by at least three of his mistresses, including a daughter by Hilde March, the wife of his colleague Arthur March, who was himself a lover of Schrödinger’s wife.

me August 22, 2015 9:39 PM

“You cannot buy a modern Intel CPU that doesn’t come with a backdoor anymore.”

Jacob Appelbaum at Debconf15

Nick P August 22, 2015 10:37 PM

@ me

We used to call them backdoors. Then Intel reintroduced it as “Advanced Management Technology.” And there’s still some security professionals that claim there’s no evidence for Intel backdooring chips. Lol…

Smirk August 23, 2015 12:13 AM

@Benni and others.

I saw this site Joker.buzz , it is in Russian and they sell information ( Also supposedly info about MH-17 for 35000 bit coin ). But i am more interested what this site overall is all about, battling corruption?, making a quick buck? And if it has a political orientation and if so in what way?

If anyone knows more about it or speaks Russian, i would be thankfull.

Wesley Parish August 23, 2015 3:17 AM

Just a coupla MS Windows 10 articles. Interesting how Microsoft can still fail to inspire …

http://www.prisonplanet.com/the-surveillance-state-goes-mainstream-windows-10-is-watching-logging-everything.html

http://www.stuff.co.nz/business/70732877/windows-10-uses-customers-computers-to-distribute-updates?cid=outbrain:starter

It seems they’ve been following the discussion on this blog about escaping the TCPIP gridlock into peer2peer freedom, and are doing it without so much as informing their customers …

schneier.com August 23, 2015 3:34 AM

So if Cisco uses Intel chips in their routers then their routers would also be vulnerable due to this “Advanced Management Technology”…?

…which would explain the Nasty Cisco Attack that Bruce just blogged about?

Jacob August 23, 2015 4:27 AM

@me, Nick P,

Interesting work by Intel: an open-source program to assess the security of computers’ firmware

https://github.com/chipsec/chipsec

Among other things, it includes a module to assess the exposure to keyboard buffers that may be used to steal pre-boot authentication passwords (based on DEFCON 16 presentation).

That, coupled with Copernicus by MITRE – a tool to compare BIOS versions – may go a long way to detect PC firmware subversion.

Note:Copernicus was freely available for download in the past, but now it appears to require some kind of an interaction with MITRE.

Curious August 23, 2015 6:28 AM

Fyi, that prisonplanet.com link above links to an ‘Alex Jones’ show, not exactly the Washington Post so to speak. Heh, had to look it up, url looked a little suspicious to me.

Sidney Maslik August 23, 2015 7:37 AM

@Jacob

That’s right, sadly Copernicus has quietly transitioned to a proprietary pay-ware model. (God only knows what’s happened behind the scenes in the last couple of months.) As we move towards widespread UEFI use, the bulk of malware developers will catch up with the current strategies of nation state actors and target the firmware interface level. The rewards are massive: undetectability by the host OS, easy persistence, and control over the entire system regardless of OS or software version.

We desperately need open source tools for UEFI analysis and integrity checks.

ethereal bass August 23, 2015 7:46 AM

@ Jacob , Sidney Maslik

We also desperately need open source hardware/firmware development, like Novena etc.

BoppingAround August 23, 2015 9:15 AM

Wesley Parish,
Now imagine all that shite everywhere, from local government to banks and hospitals. That’s where it becomes really sinister.

Some MS apologists I know have been rather annoyed by the recent turn of events. No, not the fact that W10 spies but the fact that people point that out.

Gerard van Vooren August 23, 2015 9:54 AM

@ BoppingAround,

Some MS apologists I know have been rather annoyed by the recent turn of events.
No, not the fact that W10 spies but the fact that people point that out.

Links?

John Galt III August 23, 2015 9:59 AM

@Anura, et al.

Beware of ageing scientists; some people say that this is urban legend, but I like it. Einstein was quite brawny from sailing, so it is plausible that he was physically energetic.

Did Albert Einstein have any hobbies?
http://wiki.answers.com/Q/Did_Albert_Einstein_have_any_hobbies

Einstein was also a bit of a ‘player’. His most famous affair was being Marilyn Monroe’s lover although there was a 47-year age difference! “He was the most energetic man I’ve ever been with.” There are letters between the two preserved at the Einstein Museum in Israel.

Did Marilyn Monroe and Albert Einstein ever meet?
http://www.funtrivia.com/askft/Question24153.html
Yes they did. Just like Marilyn and the Kennedy Brothers Marilyn and Einstien not only met but had affairs and were actually quite fond of eachother. Here is one of many links:

http://starrsecrets.blogspot.com/2006/05/here-lies-marilyn-monroe-38-23-36_04.html

They lived together on Fantasy Island for awhile. The sex was hot between The Genius & The Sexpot of the 20th Century. He joined the legion of lovers who ignored her fatal flaws and their own humanity to bed a legend. Even Einstein autographed his photo: “To Marilyn, I am forever grateful!” At a dinner party, Einstein and Marilyn sat next to each other. After a few flutes of champagne, she cooed in his attentive ear: “I want to have your child. With my looks and your brains, it will be a perfect child!” Einstein replied: “But what if it has my looks and your brains?”

John Galt III August 23, 2015 10:32 AM

I’ll skip the link to Ron Paul saying much the same thing as Einstein. It’s not rocket science to figure out that I have a libertarian bent, whatever shortcomings there are in Ayn Rand’s models of reality.

Andy and his cohorts Yonatan Zunger, Jordan Peacock, Leah Kissner, and others, at The Deep State (otherwise known as Google, where he is a privacy lawyer) have a remarkable sense of nuance and are happy to grapple interesting questions on a wide range of topics:

https://plus.google.com/+AndreasSchou/posts/LuDoarKjakA
Shared publicly – Aug 17, 2015

After trying to reread this mess several times in a row, and reading +Lea Kissner’s very lucid eye-rolling about it, I think there’s some very basic epistemic confusion at the bottom of TechCrunch’s dumb attack on one-time pads. To explain:

(1) Presume a pad of a given length, where every pad configuration is as likely as any other. As in: we know that it’s a good one-time pad.

Lashell Fluri August 23, 2015 10:54 AM

@ albert
“http://rhombus-tech.net/community_ideas/laptop_15in/news/”

If it was commercially available I’d buy it.

Maybe the rhombus-tech people should contact Eben Upton, one of the brains behind raspberry pi, for useful tips on how to go from drawing board to mass production.

Disclaimer: I have no connection with Upton and have never spoken to him.

Patrice Bowery August 23, 2015 11:16 AM

@ albert, Lashell Fluri, Stevenson, ikopi:

You may want to check out libreboot (https://en.wikipedia.org/wiki/Libreboot). It is not vapor-ware, it is fully developed, implemented and commercially available. They\’re enforsed by the FSF. If you\’re in the UK, you can buy a fully working libreboot laptop from as little as £278 (minifree.org). It definitely beats an intel chip with UEFI!

Lopsided Pancake August 23, 2015 11:35 AM

@ albert, Lashell Fluri, Stevenson, ikopi, Patrice Bowery:

Just a thought — if the folks at Purism are so keen on embracing open source as a guarantee of privacy (which, in my view, is spot on), why don’t they adopt libreboot (GPLv2) instead of waiting to get the proprietary blobs from intel, which according to the coreboot folks (as linked by ikopi above), is never going to happen? I’m kind of concerned about the claim that 99% of the Librem system is libre, when the 1% that is “almost” libre (coreboot) is in fact the business end, potentially allowing an attacker complete control over the remaining 99% of the system.

Lopsided Pancake August 23, 2015 11:39 AM

Let me rephrase that. Where it says “guarantee of privacy” it should say “step forward towards privacy.”

Nick P August 23, 2015 12:27 PM

@ lopsided

A system that protects users’ freedom and privacy built on a CPU that’s always moving in the opposite direction. Lmao. I agree that it’s a step forward in direction of a more free box. It’s not a free or trustworthy box, though. I keep reminding people with this goal that Gaisler has CPU’s and I.P. that are dual-licensed under proprietary and GPL with low power usage. The SPARC ISA and generic firmware are open, as well. Much support from Linux/BSD thanks to Sun/Oracle/Fujitsu.

Could start by straight up buying the chips from Gaisler while running black-box tests on them. If sales were good enough, could have a design company of your choosing (reduce risk) implement the source (customized however) on a dedicated ASIC. Can be cheap if a MPW is used. Hardware, firmware, and software will be open with users’ choice of fabs. Later on, replace it with a Rocket RISC-V ASIC once those projects have enough practical I.P. available to support it.

A Free Laptop that “discourages” Windows and leverages Intel is… hypocritical at best. Not doing a custom CPU is understandable. However, they should at least leverage SOC’s that exist on market with easier verification and for which open alternatives are in development. Then, their code-bases can leverage those once they’re in.

Right to be Forgotten August 23, 2015 12:58 PM

As Google faces additional scrutiny about its right-to-be-forgotten policies, The Onion provides a brief history of the company

http://www.theonion.com/article/timeline-googles-history-51066

1995: Larry Page and Sergey Brin meet at Stanford University, where they become fast friends after discovering a common interest in owning and selling the personal information of millions of people

1998: Google abandons attempt to organize internet with Dewey Decimal System

2001: Google first cited in high school research paper bibliography

2004: Gmail launched, forever changing the way people attempt to trigger the release of dopamine by repeatedly clicking the refresh button

2006: Google acquires YouTube for $1.6 billion in effort to gain access to trove of “Master Of Puppets” drum tutorial videos

2007: Google campus Wi-Fi enabled

2008: 4,000 servers quietly dropped off at CIA headquarters

2009: Opening of Googleplex’s first prison

2012: First time person with Google Glass is silently flipped off behind their back

2015: Executives create new parent company Alphabet to answer criticisms that Google could stand to be more ominous and opaque

2045: Supreme Omnicommander Larry Page grants amnesty to deserters of Google Drone Army

Persistent Perspirator August 23, 2015 2:01 PM

@Right to be Forgotten

haha lol, great history of Google.

Meanwhile, in other news, here is about a nice $1.9 million unified-real-time-surveillance-feed that has been implemented in Corona, California. In my opinion this could use some AI to scan the hundreds of cameras, though (it probably has not been installed due to some delays at Google’s software department…)

CORONA: Surveillance cameras boost safety – and ire
http://www.pe.com/articles/cameras-777642-city-nelson.html

The Corona police dispatcher was toggling through hundreds of surveillance cameras, teaching a volunteer how to use the city’s new Unified Camera System, when she noticed two men who appeared to be making a drug deal at a local park.

The dispatcher alerted a deputy, who was on the scene within minutes to investigate and ultimately arrest the suspects that day in mid-June, Sgt. Brent Nelson said. Both men are awaiting trial on drug charges.

The $1.9 million project creates a centralized surveillance hub that’s helped police net several arrests since the first cameras were added a year ago, Nelson said. It’s also fast-tracked vital information to first-responders during major crashes.

Alien Jerky August 23, 2015 3:10 PM

@Persistent Perspirator

The UK already does that. Pretty soon we will have digital stool samplers to make sure we complied with NY laws trying to micro-nanny the public eating habits.

tyr August 23, 2015 3:17 PM

@ Right to be forgotten

2015 Addedum This time we need something Larry can spell
for our name instead of what happened last time.
How about ABC ?

BoppingAround August 23, 2015 4:18 PM

Gerard,
No links. Those people are from the meatspace. Perhaps I’ll provide the links somewhere in the future, when that IoT fancy will be around :-#

It’s nothing novel anyway, mostly ‘why do they bash MS? Google have been doing this for ages’ kind of chatter. You’ve probably seen it a hundred times already.

Right to be Forgotten,

1995: Larry Page and Sergey Brin meet at Stanford University, where they become fast
friends after discovering a common interest in owning and selling the personal
information of millions of people

Made me smile. Nice.

Persistent Perspirator,

who appeared to be making a drug deal at a local park

Interesting. How did she know? Did the two wear hoodies and were they trading some white powder packed in translucent bags? Did the simple exchange of some stuff between the two men raise too many red flags to her?

earsplitting pheasant August 23, 2015 4:20 PM

@Sidney Maslik
“We desperately need open source tools for UEFI analysis and integrity checks.”

The challenge is going to be creating a dumb-proof tool that can be connected to an infected box so it can check the integrity of its UEFI, compare it against a library of kosher hashes and display a simple, clear result without interacting with the infected box in any way. Anything that gets booted by the infected firmware is not trustworthy. This rules out Live CDs or USBs running from the infected box (let alone the host OS). Things are not looking rosy. The only half decent tool we had (Copernicus) has gone dark.

Bernardine Kubelka August 23, 2015 4:50 PM

All this talk of firmware malware made me curious so, not knowing much about the subject, I decided to do a bit of reading on it. I rapidly came across Intel’s ATM. For those who, like me, weren’t aware of the extent of the problem, here is a list of the features enabled by default:

-AMT allows external administrators to access your system logs and alerts remotely (via LAN or WAN).
-AMT proactively detects which software is running (or not running) on your system
-AMT can take control of your Keyboard, Video and Mouse.
-AMT allows third-party software to store version numbers or policy data in non-volatile memory for off-hours retrieval or updates (N.B. this means dialing home without you knowing).
-AMT can force your system to reboot into any image (either one that is already present in the system or one that has been injected remotely by AMT via the WAN or LAN).
-AMT can run ad-hoc Windows PowerShell scripts in the system, to cover any functionality that the external administrator may need that’s not included in AMT by default.
-AMT can re-flash your BIOS.
-AMT can do all this even while platforms are powered off. (You think you’ve switched your system off, but it’s not really off.)
-Yes, AMT works in servers too.

N.B. This is NOT a compromised system. This is what is enabled by default in all systems with an Intel chip bought within the last 5 years or so.

JackL August 23, 2015 4:53 PM

Some countries seem to have had more women than men on that AshleyMadison site

30 million AshleyMadison users mapped onto an interactive world map
http://mashable.com/2015/08/22/ashleymadison-users-map/

Direct URL to the map, in case you don’t care to read the Mashable article about it:
https://tecnilogica.cartodb.com/viz/56e702fe-4693-11e5-8f79-0e853d047bba/public_map

A red dot indicates that more than 85% of the users in the particular locality (city) are men.

wiggly puffin August 23, 2015 5:07 PM

Re. Intel\’s AMT and Windows 10 EULA

Where does this leave safe harbor, etc? So much for protecting our (EU citizens) privacy.

Figureitout August 23, 2015 5:08 PM

TO: all regarding open hardware/firmware (too many names lol, you know who you are) & the “US”
–We have to keep the movement alive and kicking. No one person will be able to have meaningful influence on every chip so you just have to choose your few areas you’d “work for free”. In a PC today, main chips that aren’t opensource but there’s a few drivers that are:
–CDROM controller
–HDD controller (WD, Seagate)
–Audio chip (Realtek)
–Ethernet controller (Realtek)
–SD card(?)
–USB controller (FTDI)
–VGA/HDMI
–Keyboard/mouse controller (small chips, probably most doable, wireless logitech mice have greatest risk IMO even though no wires is nice (I suspect but can’t conclusively prove a persistent infection that got on one of mine))
–BIOS (American Megatrends)
–Powersupply (another doable area, shouldn’t require extreme knowledge like most others)
–Wifi chip (we’ve got one open source driver for some atheros(?) chip now)

It’s a big list and I’m leaving out CPU chips (kinda important I know, but if we can’t get these open source then CPU is out of question), and there’s no way one person could verify all that, but computers w/ all those features are so much better to use. Kind of hit me when I suggested using a Z80 for a PC (that’d I’d hate using) and a Cambridge hardware security researcher scoffed at it.

Another sad thing is it takes a lot of time(!) and just not possible to get stability (even stable use w/ malware is better than malware destroying it), not this post on /r/ReverseEngineering: https://www.reddit.com/r/ReverseEngineering/comments/1g8kzc/hdd_firmware_where_to_start It was a highschooler looking to get into HDD controllers and he needed a little dose of reality…from top comment
“Hard drive firmware contains extremely complex, finely tuned digital control software for controlling the head position. It takes multiple PhDs to write this stuff and make it work. This has little to do with computer science, by the way. It is entirely controls theory and digital signal processing. Many physical characteristics of the platters motor, heads, actuator, vibration modes, etc. must be precisely characterized before the control system can be built and tuned.”

Each of these chips will have these areas that will require support from people who’ve been working w/ them for 20+ years. So best thing we can do scattered across world on internet (as long as it doesn’t turn to sh*t too like “china-net”) is to extract most useful info, compact it, and document it.

I think my areas would be Coreboot for beaglebone (I don’t care as much if I brick that board compared to a working motherboard) and some wireless chips (my goal is an extension of 2FA likely targeting either large campuses (drug companies that absolutely need an isolated network for research labs) or urban areas that doesn’t just use SMS and even 4G, dedicated device and you can on a schedule go around modifying protocol so even if reverse engineered you’d have to predict changes to still capture traffic).

Wish some of the coreboot devs and some of the other people working in these companies would slip in a word or two (Gujin bootloader author for HDD’s stopped by and was pretty nice).

As far as BIOS main thing was the R/W (forget which ones) lock bits to be set, just that little thing was the main thing that stuck out to me; think still were able to get around that but more work.

On the actual hardware front, looks like the projects like lowRISC crew are really leading the charge and Hesham ALMatary working on porting the seL4 kernel to RISCV seems to be one of the most open and secure setups today but it’s mostly emulated still in QEMU.

Heriberto Finuf August 23, 2015 5:15 PM

@wiggly puffin:

The priority of the EU is not to fight mass surveillance. Sadly, their priority as nation states is to ensure that they are not left behind and that they too get a piece of the pie.

Clive Robinson August 23, 2015 6:01 PM

@ John Gault III,

With regards the One Time Pad and a “true random key” sequence, I’ve explained this on this blog several times in the past. There are quite a few practical issues you have to deal with as the theoretical argument has deficiencies.

The first thing to note when people discuss the theoretical side of the OTp is the length of the message is effectivly ignored… Thus ask yourself the question of how many “one bit messages” you can send before you have to reuse key material.

But there is a more subtle issue with short messages, if I ask you a question to which a one bit answer is required you might send “yes” or you might send “no” the length of your message will tell an observer the answer without having to “break the key”. This message length issue becomes quite critical if you are “talking to a computer menu” because if the observer “knows the system” they have a good probability of working out exactly what you are doing by looking at the lengths of the messages.

Thus the real entropy of the plaintext must be above a certain amount. Judging this can be difficult after all what’s the entropy of this message “Congratulations Mister Gault it’s a baby boy”?

The actual answer is two bits, one bit for the fact the baby is born alive, and a second to tell you it’s sex. With formulaic or stock statments/answers both bits can be determined without breaking the message. Thus practical implementations of OTPs like stream ciphers leak information unless you take precautions. The obvious one is to always send messages that are of a given length. The best length to use is actually a multiple of the most commonly used block cipher size which is currently likely to be 128bits.

There is also issues as to what “random” means not just for the key stream but for the plain text as well. In the case of the OTP it’s best to say “how determanistic” either the plain text or key stream is.

Most of us on this blog know that the ASCII alphabet is 127 charecters in size, but is usually sent in 8bit transmission unit where the 8th bit is either zero or set to the parity of the other seven bits. This means the entropy of ASCII based messages is actually very low and is actually problematical with the key stream selection…

Ask yourself a question, if you have a random bit generator how do you decide it’s output is not determanistic, or has not become determanistic during use?

The answer is unless it’s trivialy obvious you can not…

One of the OTP requirments is the key stream is as long as the plain text message. However that means for any message of N bits there are 2^N possible key streams, of which most have issues.

Firstly half the messages are inverses of each other, secondly many have easily determind sequences such as runs of “all zero’s”, it’s inverse of “all one’s” or a regular pattern. That is only a subset of keys have sufficient entropy to be considered sufficiently non determanistic for use.

However the amount of bit by bit entropy required in the key stream is dependent on the amount of entropy in the plain text. To see this think about the ASCII in byte sized transmission units, how long a run of zeros will leak information?

The usuall answer is the arbitary “A maximum of five letters in a twenty six member alphabet” or ~23bits, but with the ASCII’s fixed bit patterns this drops to ~18bits. Which means you need to keep run lengths down below this. With non character aligned ~10bits considered the maximum in some circles (ie no 3 successive digits the same in a number pad)…

However there is a further issue with “stock messages” from automated systems, run lengths that reveal one or two letters can over very many repeated sendings of the plaintext leak the entire plain text…

Which is why you have to think very carefully about how you would implement an OTP system for non “paper and pencil” usage, and why the standard advice is usualy “avoid them”. However similar reasoning also applies to stream ciphers generated by block ciphers, which is just one of many reasons stream ciphers are far less popular than block ciphers.

Nick P August 23, 2015 6:02 PM

@ Bernardine

Exactly what I’m saying. This stuff, if existing at all, should be a management coprocessor that can be physically disabled. Instead, it’s a default feature. Probably there even when unlisted due to fact that SOC product families often share underlying hardware with switches to determine what user sees. Depending on their nature, might be activated by someone with physical access.

Buck August 23, 2015 7:08 PM

@Figureitout

Atheros I’ve known about for a while now… Are you really telling me that American Megatrends, FTDI, Realtek, Seagate, and WD have opened up to the public in the recent past — how have I missed this!? You got any links? They would all be greatly appreciated by me! 😀

Grauhut August 23, 2015 7:11 PM

@Figureitout: “Coreboot for beaglebone”? WTF? 🙂

Try Netbsd on Arm. duckduckgo.com/?q=Netbsd+sunxi

John Galt III August 23, 2015 8:05 PM

@Clive – Thanks for the helpful comments and excellent discussion. I realized in the last week or two that a machine intelligence would be pretty handy for cataloguing the crowd-sourced information/wisdom in the comments here. I think that AI is going to be a big deal. It already is a big deal at spookwerks east and spookwerks west. Some combination of parameter space searching and filtering of the instructions reaching any given processor should make it possible to secure a platform. The backdoors still would be there, but they couldn’t be opened by any allowed sequence. The complexity of verifying this is going to have be provided by some combination of academic math wizards and implementations of AI based on their work.

Thoth August 23, 2015 8:18 PM

@Figureitout
The list of device controllers you pointed out that are blackbox/doubtful nearly list an entire conventional computer’s worth of controllers. What it means is:

1.) No PXE boot
2.) No CD/DVD boot
3.) No harddisk including SDD boot.
4.) No USB boot.
5.) No SD card or memory card boot.

You forget to include tape drive controller 🙂 .

So we are nearly out of boot options or any form of trusted device controller options. What else do we have left ?

That would also rule the TFC by @Markus’s TFC with RPi insecure to boot.

Hmmm…. not much choices left…

Dirk Praet August 23, 2015 8:22 PM

@ John Galt III

After a few flutes of champagne, she cooed in his attentive ear: “I want to have your child. With my looks and your brains, it will be a perfect child!” Einstein replied: “But what if it has my looks and your brains?”

I think that quote originally came from George Bernard Shaw. It’s also attributed to Einstein with some unknown chorus girl and Arthur Miller to Marilyn Monroe.

sena kavote August 23, 2015 8:30 PM

“Historian’s backdoor” in encryption

Could it be possible to have encryption cipher with relatively accurate estimate of time needed for breaking it? Current cipher break times depend on parallel computing power and luck. Could the break time depend mostly on computer’s clock frequency in a way that parallel computing would not give much speed-up? Parallel processing price and power is much more difficult to predict than clock speed. 3 to 4 Ghz has been maximum speed for 10 years without some very special cooling. With liquid helium or nitrogen, maybe 5 to 9 Ghz.

In some cases a user might want to make sure that an encrypted text can be opened even without a key in 10 to 40 years. That could be called historian’s backdoor. In some other uses, 1 to 4 week break time may be wanted.

Homomorphic encryption needs similarly carefully calculated complexity because it is so inefficient. Company publishing that way obfuscated software may be satisfied to know that the competitor would need 1 to 1000 years for breaking it, depending how much processing power they rent and 1 year break time would cost just enough to not be worth it. That is assuming there would be public software or service for breaking homomorphic encryption. Would there be academic interest or market for that even if homomorphic encryption gets popular?

Currently, it is difficult to use even decompilers for converting non-obfuscated executable binaries to some kind of c or c++ or other higher level language. There is need for decompilers that make better c++.

Figureitout August 23, 2015 8:32 PM

Grauhut
–Yeah lol http://www.coreboot.org/ARM or I’d like that main chip on a dev-board but it’d take me forever to go thru all its features… http://www.coreboot.org/Supported_Motherboards#Single-Board_computer , fourth one down (it’s a red link 🙁 ). Man I haven’t gotten into BSD that much on ARM, Raspbian and Kali suit me for now.

Buck
–This would be something the employees would have to bring up and some of the employees I bet could make some custom firmware images and they probably have a little more space on the chip.

I mean…Yeah they have, take a look! http://i.imgur.com/MXwyjDs.png Want more links? Got some “full-moons” you may enjoy. 🙂

Thoth
What else do we have left ?
–Pencil and paper, and even then not really if you don’t have a lighter handy, morse code blinking your eyes lol. It’s the same for everyone though. I just do it for the fun of it mostly now, the RPi is fun! I don’t really take it super seriously. Getting owned where you basically have to trash the PC doesn’t matter as much then.

Thoth August 23, 2015 9:14 PM

@Figureitout

“Pencil and paper, and even then not really if you don’t have a lighter handy, morse code blinking your eyes lol. It’s the same for everyone though. I just do it for the fun of it mostly now, the RPi is fun! I don’t really take it super seriously. Getting owned where you basically have to trash the PC doesn’t matter as much then.”

It is one thing you don’t mind being owned but when it comes to critical infrastructure deployments (if you see them daily like I do), it’s a whole different story. There is a demand for assured security but they don’t have knowledge or understanding (like those we discuss here). Businesses and privacy centric individuals and groups cannot simply “throw away their PC” and they need to know when and how they get pwned.

Leonhart231 August 23, 2015 9:31 PM

@Thoth, Figureitout, Bernardine Kubelka
I’ve been lurking on this blog for quite a while wondering when to ask this, and I figure the time has come since you have started the conversation already.

It seems to me that UEFI, and by extension x86 based CPUs, are becoming increasingly tied into Windows (for example, see Microsoft’s new UEFI lockdown on OEM computers), and also increasingly insecure with all these new features. Do you think we need a new primary CPU architecture to remain secure and “free” to screw around with our systems? Because it seems to me that it’s no longer safe to run any new computers based on x86. Is there another solution? Assuming that it is necessary, how do you convince the average people at home that Microsoft and x86 are no longer safe, and break the Microsoft monopoly?

65535 August 23, 2015 9:34 PM

@ Bernardine Kubelka

“-AMT can re-flash your BIOS.
“-AMT can do all this even while platforms are powered off. (You think you’ve switched your system off, but it’s not really off.)”

I agree. It is a real problem.

Further, the AMT problem more than 5 years old. Amt version 1.0 in the Desktop Board D975XBX2 was released around 2006 and AMT 2.0 in the Intel vPro was released around 2008.

“AMT is designed to help sys-admins remotely manage and secure PCs out-of-band when PC power is off, the operating system (OS) is unavailable (hung, crashed, corrupted, missing), software management agents are missing, or hardware (such as a hard disk drive or memory) has failed. The AMT is a controversial proprietary backdoor technology that allows remote access to a machine even when it is powered off.” – Wikipedia

See foot notes for dates:
https://en.wikipedia.org/wiki/Intel_AMT_versions

“You think you’ve switched your system off, but it’s not really off” is the real problem.

Which begs the question of when is device such as a laptop with Win 10 or a modern iPhone really “off”.

“@ Bernardine… Exactly what I’m saying. This stuff, if existing at all, should be a management coprocessor that can be physically disabled. Instead, it’s a default feature.” –Nick P.

Good observation. When is a “default feature” a backdoor?

“@Figureitout… The list of device controllers you pointed out that are blackbox/doubtful nearly list an entire conventional computer’s worth of controllers. What it means is:
“1.) No PXE boot
“2.) No CD/DVD boot
“3.) No harddisk including SDD boot.
“4.) No USB boot.
“5.) No SD card or memory card boot.
“You forget to include tape drive controller 🙂 . So we are nearly out of boot options or any form of trusted device controller options. What else do we have left ?” –Thoth

Very good question.

When one uses “Full Disk Encryption” exactly, how much of the disk is encrypted [Boot sector and other drive information on the chips let the Mobo know some details]. How much does FDE help when your device is “on” or can be turned at will by another partly?

This bring me to the Phone and laptop encryption advice by Andrew Cunningham of Arstechnica

http://arstechnica.com/gadgets/2015/08/phone-and-laptop-encryption-guide-protect-your-stuff-and-yourself/

Exactly, how useful is FDE [or quasi FDE] on modern cell phones – when they can be turned on by the telephone carrier and other third parties [say, the NSA down to Private investigators and probably certain hackers who spoof updates]?

The same goes for laptops and other devices that can be booted remotely or are on connected most of the time.

I am wondering if the Arstechnia writer is mixing real full disk encryption with some sort of partition encryption or file level encryption.

Further, he seems to waffling on windows products when it comes to crypto security. For example the writer gets into TPM and versions of Windows which could have all sorts of information leaks and the ability to be remotely booted.

How good is FDE on devices that can be turned on automatically or need network connectivity to operate?

Thoth August 23, 2015 11:03 PM

@Leonhart231

“It seems to me that UEFI, and by extension x86 based CPUs, are becoming increasingly tied into Windows (for example, see Microsoft’s new UEFI lockdown on OEM computers), and also increasingly insecure with all these new features. Do you think we need a new primary CPU architecture to remain secure and “free” to screw around with our systems?”

No matter what CPU architecture anyone can come up with, once the industry decides to clamp down on it (blackbox chips and firmwares/drivers + patents + court orders + intel agencies), it is a brew for anything that can be insecure in-between.

What needs to be changed is perspective of everyone. How do you know the blackbox chips are trustworthy in the first place ?

“Because it seems to me that it’s no longer safe to run any new computers based on x86. Is there another solution? Assuming that it is necessary, how do you convince the average people at home that Microsoft and x86 are no longer safe, and break the Microsoft monopoly?”

Microsoft’s monopoly is a disease that has rooted itself deep within the consciousness of this society. An architecture can be “safe” but it’s implementations can be “unsafe” and this is what’s going on with Qualcomm’s version of ARM’s TrustZone which is supposedly secure but turns out to be holes here and there.

Just to summarize, we have hit some kind of dead end of the road. The reason isn’t technology. We have the technology to build highly trusted and secure systems but the problem is with the people behind them. Human’s lower emotions and desires get in the way of putting the good stuff on the table and making everyone secure.

Politics, greed, emotions, jealousy, cash, power ….

It’s mostly the lower human factors ….

Thoth August 23, 2015 11:19 PM

@65535
If you look at FDE as a whole, a conventional FDE requires you to key in a PIN/Password or even accompanying keypairs/certificates. The bootloader must have an instruction set just for you to enter credentials and they must verify the credentials and decrypt the FDE volume.

In order for a conventional FDE volume to boot, the modified bootloader must have plaintext instruction sets that can be executed. What if …. I replace the security bootloader with a backdoor that exflitrates stuff or injects stuff while decrypting ?

There is the TPM style bootloader where the keys are “stupidly” stored on the TPM chip as a co-processor and the CPU during boot will query the TPM for the keys. I call it “stupid” boot because the CPU chip can still be fooled (repalce bootloader instructions or some form of hijacking).

A “secure boot” bootloader would preferably (something like the ARM or higher EAL certified Smartcards with secure boot) contains a tamper resistant security feature within the CPU so it’s now a secure CPU. The booting ROM is loaded (and maybe encrypted and signed) with the keystore containing the essential crypto keys in the tamper resistant secure CPU. The initial boot phases would be done within the secure boundaries of the secure CPU and then it boots the externally loaded main images (which can be encrypted + signed) which the “measurements” (or simply signed hashes of the main images) are held securely within the secure CPU’s confines. This form of secure CPU booting is much more preferable and make secure booting and FDE more favourable.

Other forms of FDE is just not going to cut it compared to the secure CPU stuff. I believe the ARM TrustZone / Apple iOS 8 / Samsung KNOX is using something along this line although I wouldn’t endorse them at all since I don’t really know how they work in fine details.

Leonhart231 August 23, 2015 11:25 PM

@Thoth
“How do you know the blackbox chips are trustworthy in the first place ?”

That’s the trick, isn’t it? This has been solved with software for the most part, but hardware throws in new difficulties. I don’t see a good way of making trustworthy hardware at a normal person’s home, so there must be trust of a manufacturer at some point in the chain. But, we’ve also shown that doesn’t really work. As you said, a bit of a dead end…

“Just to summarize, we have hit some kind of dead end of the road. The reason isn’t technology. We have the technology to build highly trusted and secure systems but the problem is with the people behind them. Human’s lower emotions and desires get in the way of putting the good stuff on the table and making everyone secure.”

I’m a recent electrical engineering graduate, and despite all the stuff that’s been going on in recent years with computer security, I’m still optimistic that a solution can be found. I’ve been trying to figure out what I can do that would help with situations like this the most, but it’s difficult due to the above.

Nick P August 24, 2015 12:34 AM

@ Leonhart231

Build open, easily-inspected alternatives to existing MCU’s, CPU’s, and SOC’s. Rocket RISC-V core is a nice start. Add stuff to them like I/O blocks or other features. Make sure it can be synthesized to at least 350nm-180nm given it’s most practical. Check out Qflow toolset and methodology for open source synthesis. Maybe improve on that. Each person contributing to stuff like this can make for solutions implemented on FPGA’s, S-ASIC’s (see eASIC, Triad Semi), and/or ASIC’s on MPW’s.

There’s also an open-source FPGA architecture called Archipelago you could put on ASIC, too. A FPGA with synthesizable RTL for arbitrary processes and open-source tools for software end of using it could go a long way. Make one version SRAM, then an anti-fuse version, and then a Via-Programmable ASIC. Many possibilities but SOC option is best.

Grauhut August 24, 2015 12:44 AM

@Figureitout OK, using uboot as a coreboot payload makes sense on x86, but using coreboot as a replacement for uboot on arm, what should it bring to wait for that? 🙂

Thoth August 24, 2015 1:09 AM

@Leonhart231

“I’m a recent electrical engineering graduate, and despite all the stuff that’s been going on in recent years with computer security, I’m still optimistic that a solution can be found. I’ve been trying to figure out what I can do that would help with situations like this the most, but it’s difficult due to the above.”

Start to look into technologies like smartcards, TPM modules, ARM TrustZone, HSM, Data diodes and the security discussions inside these comments that me, @Nick P, @Clive Robinson, @Figureitout, @RobertT and others have commented. It will give you a head start somewhere. If you can lay your hands on some smartcards, dev boards like Xilinx and so on, you can try to evaluate them and test them.

Figureitout August 24, 2015 1:41 AM

Thoth RE: options
–Actually you can do an UART via a keyboard and have LCD support, that’s what I’m trying to do w/ an RF chip (actually normal 8051 pretty much). Something like ATtiny (atmel) is a small chip w/ massive debugging support. What’s cool is also programming even some larger chips via commandline (avr-dude w/ gcc and stuff like that, pretty cool when it works), newer toolchains are too massive to analyze for security and don’t do straight forward things to deal w/ all the hardware they packed in a chip. But the massive toolchain saved me as, and here’s what I love about embedded stuff. I’ve done nothing to this toolchain and the files at all. I built about 3 months ago perfectly fine and no errors. I go to build again and I get an error of some object file not getting created…I’m not good enough yet to debug compiler issues. I thought I’d try my usual sneaky trick of throwing the file name I need in the directory but didn’t (I think this is b/c of the “limited” keil toolchain support I was getting as I upgraded to latest IDE w/ a free keil license and get a good hex file; so I have to continuously keep learning new toolchains otherwise things start breaking).

It is one thing you don’t mind being owned
–Lol, not quite. It’s become a bit of an unhealthy obsession. Just saying that you can better spend your time learning something productive (you can eventually get to a point where hacking can be minimalized…not for long though) than obsessing over finding some ridiculous infection like I spent a few years on and I get close but there’s still something (probably what they want you to do).

There is a demand for assured security
–I know, I think there’s a huge upcoming market for secure computers (from all attackers) that a lot of the big companies are going to miss out on w/ their head up their ass and this may be an opportunity for a new “google” where whoever implements this could be so rich…Except it’s not just search algorithms…global production operations that need to be physically secured…

Oh hey if you watch U-tube videos (just use on ‘net machine w/ adblock and no script), this commericial nearly made me spit up lol, “definitely won’t have to worry about security on Windows 10!” lol wow https://www.youtube.com/watch?v=AFJ1a1D4hdo

Leonhart231
–The more people we get to understand the huge problem, and start bringing up and contributing to a bigger market for secure PC’s, the better. Then we’ll start seeing it.

I just bought my first UEFI PC (small one) and wow, “hell no!”. Veracrypt won’t work, can only do encrypted containers (not even partitions!). Only good thing so far is setting a longer password in the BIOS (30 char I think). Comes pre-encrypted w/ bitlocker and of course now every bitlocker key is in the cloud! Goddamnit, and it’s sounding like we need to break this to actually locally encrypt the entire HDD. Already a few bugs on this (it changed over a picture from another account “automagically”). I’m not sure what’s going on (I assumed compromise on this and haven’t even removed wifi/bluetooth yet lol b/c I’ll probably have to remove rubber pads to get to screws) but I’m just waiting on first signs of obvious malware. Here’s something similar to my situation: http://www.eightforums.com/tablet-touch/60592-why-would-asus-encrypt-c-partition-2.html

There isn’t really a mature reliable solution to turn to besides WINTEL x86…we’re trapped. It’s so cheap too so in this economy few can turn down those prices of decent PC (that’ll be part of a botnet sucking your bandwidth and framing you in crimes).

You mentioned EE, where in EE if you don’t mind me asking? You could go lots of places w/ it. From EE’s we need something reliable on the level of old school ammeters/voltmeters, so trustable electrical measurement devices (newer cheap-ass multimeters have a chip and oscilloscopes are putting USB controllers on them so easy infection route to falsify measurements…) and to “control the memory” so we can fully dump it 100% and malware can’t hide. JTAG is main thing but still, I’m not convinced. Biggest problems right there, and compromising tools to get at this malware and frickin’ exploitable hardware bugs!

I’ve been trying to figure out what I can do
–We can talk out what you like and probably find an open security project to join. There’s so much to do, really too much.

Grauhut
–Man it’s personal reasons, I’m not like Moses and can declare what we should do. I don’t have a banana (or orange or snozzberrie lol) pi, I have 2 beaglebones and I’m setting one up for a PC and I didn’t get the PC’s I needed for coreboot support so I want it on that! What’s wrong w/ more options? For you though, maybe it’ll bring you all the wiener schnitzel and bier you can eat/drink while driving your super efficient BMW on ze autobahn listening to techno, you want that? :p

Leonhart231 August 24, 2015 1:42 AM

@Nick P, Thoth

Thank you both very much for the suggestions! I’ll also be sure to read the other comments. I’ve tried various projects in the past, but was never sure if they’d be of any use. Fortunately, I see a few of them among your suggestions, so that gives me some hope!

Leonhart231 August 24, 2015 1:49 AM

@Figureitout

“You mentioned EE, where in EE if you don’t mind me asking?”

I’m mostly in AI and embedded systems programming, with some control systems and robotics thrown in. I’ve always had an interest in CS though, hence the emphasis on programming.

“You could go lots of places w/ it. From EE’s we need something reliable on the level of old school ammeters/voltmeters, so trustable electrical measurement devices (newer cheap-ass multimeters have a chip and oscilloscopes are putting USB controllers on them so easy infection route to falsify measurements…) and to “control the memory” so we can fully dump it 100% and malware can’t hide. JTAG is main thing but still, I’m not convinced. Biggest problems right there, and compromising tools to get at this malware and frickin’ exploitable hardware bugs!”

Interesting ideas! I hadn’t really considered projects like that.

“We can talk out what you like and probably find an open security project to join. There’s so much to do, really too much.”

That’s why I’ve been overwhelmed by things. I’ll definitely keep that in mind. Thank you!

Alien Jerky August 24, 2015 2:30 AM

This push to make everything digital is a problem. I have an old school Tektronics 2465B oscilloscope. Analog tube with some digital features. Got called into a job to fix a design. they had the latest greatest digital scopes. Too much aliasing with the digital sampling. I bring in my analog scope, the first thing I see is a little wiggle on the signal due to noise. Their expensive digital scopes just showed it flat. That wiggle was enough to cause a problem. A few measurements, and a couple quick calculations on my HP-15C calculator, and I turned a surplus ferrite bead into a suppressor. Problem solved.

Reminds me of the old story from back in the days of steam pipes. Engineer comes in to solve a problem with the steam pipes. Looks for a moment, then walks over to a pipe and hits it with a hammer and everything started working. He hands a bill for $100 to the customer. The customer asks, you where only here for a minute, why is the bill $100? Well, he replied, the bill is $5 for hitting the pipe with the hammer, and $95 for knowing where to hit the pipe with the hammer.

The systems today are becoming too complex. What I see is a trend that complexity builds on complexity. Remember when an entire system consisted of a 32Kx8 eprom with 32k of ram. That held everything, the CPM operating system, your program, scratch memory, and no gigabyte hard drives. 128k 8 inch floppy if you were lucky. Or in the case of my IMSAI 8080, a tape recorder from Radio Shack that uploaded the operating system at 1200 baud. Let alone the 50 baud teletype with the paper tape 7 bit ASCII for uploading your program.

Some of the new ARM processors from Atmel look interesting. I designed a couple of boards using them. Once you figure it out its pretty simple. The problem is when you get to graphics. To accomplish the graphics on a PC requires using either the Nvidia or Radeon graphics chips. Those are designed for working with the Wintel architecture.

Just a late night ramble. probably shouldn’t philosophize after 18 hours of working.

Figureitout August 24, 2015 2:32 AM

Leonhart231
I’m mostly in
–Good stuff, I like to program too (well, like solving problems w/ it, not just programming for programming’s sake), just when I know the toolchain has been setup to work correctly w/ hardware and I don’t deal w/ other people’s bugs they passed down to whoever’s the lucky soul to deal w/ it next…(uhh, so never eh? lol).

That’s why I’ve been overwhelmed by things
–Hope you’ve enjoyed sleeping peacefully lol, it took me years for a lot of these things to finally settle and make coherent plans for action, others on here have mentioned insomniac issues, but hey you made it thru EE degree you’ll be fine. Ease into it if you want, hope you can help!

Bigfishinnet August 24, 2015 2:43 AM

TRUST your supermarket? This is concerning…

“High street pharmacies such as Boots, Tesco and Superdrug will be given access to NHS medical records, under a national scheme which privacy campaigners fear could expose patients to “hard sell” tactics.

Health officials have drawn up plans to send sensitive data from GP surgeries to pharmacies across the country, starting this autumn, without considering the views of patients.”

This is madness…

“Officials have now ordered the national rollout of the scheme, on the basis of an evaluation of pilots in 140 pharmacies which they say showed “significant benefits”.

But the official report, seen by The Daily Telegraph, shows that the research garnered responses from just 15 patients – a sample so small that their views were discarded from the research.

The scheme got the green light, after the pharmacists involved in the pilots gave it their backing.”

Telegraph Article

Grauhut August 24, 2015 2:54 AM

@Leonhart231 “It seems to me that UEFI, and by extension x86 based CPUs, are becoming increasingly tied into Windows”

Its worse, Intels Clear Linux Project doesnt even boot without UEFI enabled and you need at least a haswell system to boot it.

https://clearlinux.org/

Curious August 24, 2015 3:24 AM

US Transportation Security Administration (TSA)/FOIA related:

As I understand it, a 2013 FOIA request on documents, compared to some already known material from 2009, show there to be a change to the ‘TSA management directive’ between 2009 and 2012

http://tsanewsblog.com/16188/news/sai-receives-tsa-documents-through-foia/

“The TSA is also now claiming the right to search your reading materials. Yep, books, pamphlets, personal documents — no matter how personal those documents are — you name it, the TSA now claims the right to conduct a warrantless search on your personal, private information. This claim is new. Up to this point, though many TSA agents have gone through people’s personal documents, it’s been illegal for them to do so (see Steven Bierfeldt). Now, it would appear, by magic, it’s suddenly okay.”

Clive Robinson August 24, 2015 3:26 AM

@ LeonHart231,

Where to go is actually a “career choice” as much as it is anything else.

The reason for this is most people spend their day in rough thirds, 8hours for sleep, 8hours for work and 8hours for everything else in life, including hobbies and social activities. To get to any sensible proficiency at something takes atleast 10,000 hours from cold down to 500 hours for a minor skill change.

You work approximately 2000 hours a year which is why degrees are pitched at 2-5years, Masters at 1year and PhDs take 2-5years.

Thus the best use of your “contribution” is in the area you work in or intend to work in as you are getting two pay offs for the price of one set of learning, giving you time to also have home/social life to work life balance which most people need to stop themselves going somewhat around the twist.

So you need to be thinking the long game not the short game, that is where the best place to be in 10 years time is.

Two things to bear in mind when thinking long in the technology game, “people want to communicate” and “the future is parallel”.

If you get a solid grounding in the fundementals of communications then you will find moving with the relativly slow changes in that area will keep you gainfully employed for the rest of your life. Perhaps oddly most communications these days is “software based” with the likes of SDR and this will become an ever increasing trend, as we move further from the tangible physical product economy into the intangible information product economy.

However as others have noted Charles Moore’s doubling observation is starting to hit the buffers big time as far as Computing goes. Clock speed effects distance via the speed of light and component density raises thermal energy dissipated faster than area or volume saved. Thus there is only so far a single computing core can go. Which is why the future is parallel.

The important thing to note about parallel computing is communications, the computing cores need to talk to each other. This brings us back up against the speed of light limitation again, thus to expand either asynchronous clock speeds need to come down or other methods have to be employed, which is by and large the way we do wide area networking currently.

The upshot of this is distributed computing on all levels of parallel hardware is where we are going to have to go, including Operating Systems and applications. Thus micro kernels and light weight processes that don’t share process memory are where things are going to go. Thus efficient or low overhead comms with smart scheduling and synchronization are going to be key, with “distance”, “priority” and “security” being major resource considerations.

Curious August 24, 2015 3:29 AM

I also think I read something about US Transportation Security Administration (TSA) allowing photographers to take photos off what I believe were pointed out to be master keys for different kinds of luggage.

ianf August 24, 2015 4:21 AM

@Patrick Bowery

… a fully working libreboot laptop from as little as £278 (minifree.org). It definitely beats an intel chip with UEFI!

Late to the party, but… how can such an Intel-insidious Thinkpad 200 hardware be considered secure from privacy point of view when its libreboot will be running on top of proprietary closed-source low-level firmware? Is absence of UEFI in its prev-gen processor all that it takes?

Laptop specifications

  1. Think X200
  2. Core 2 Duo P8400 2.26GHz processor or higher
  3. Graphics: Intel GMA 4500MHD

Tam Mariner August 24, 2015 8:57 AM

@ianf

The idea with libreboot is that it replaces the default BIOS/UEFI, which is where most of the nefarious activities (AMT, etc.) take place. It certainly is not all it takes and it’s clearly a compromise, but short of knocking together our own CPUs in a garage, it’s the best we’ve got at the moment.

I agree with the majority of the comments above: there is a huge world-wide demand for libre, verifiable hardware/firmware and developers seem to be missing a trick. The governments of EU countries, Latin America and Asia alone would bend over backwards to buy hardware that doesn’t dial home to the NSA by default (not to mention the folks that run large-scale critical infrastructure, content-sensitive businesses and privacy-conscious private users).

SJ August 24, 2015 9:25 AM

@Smirk,

While I was thinking about the Ashley Madison hack, I realized something odd.

The behavior of the company didn’t quite make sense. Even if they thought the hackers were bluffing, the potential for loss (in a business sense) was high enough that they ought to have purged their internal data after the hackers went public.

Then I began to wonder.

What if Ashley Madison was started as some sort of honey-trap/espionage sort of thing? And it became more successful than its creators thought it would?

JackL August 24, 2015 9:29 AM

@SJ

Even if they thought the hackers were bluffing, the potential for loss (in a business sense) was high enough that they ought to have purged their internal data after the hackers went public.

How would purging their data have helped them at that point?

Who? August 24, 2015 9:37 AM

@Patrick Bowery, ianf, Tam Mariner.

I see technologies like UEFI and AMT more like an annoyance than an unsolvable problem themselves. We can filter AMT ports on the edge of our networks:

amt-soap-http 16992/tcp # Intel AMT SOAP/HTTP
amt-soap-http 16992/udp # Intel AMT SOAP/HTTP
amt-soap-https 16993/tcp # Intel AMT SOAP/HTTPS
amt-soap-https 16993/udp # Intel AMT SOAP/HTTPS
amt-redir-tcp 16994/tcp # Intel AMT Redirection/TCP
amt-redir-tcp 16994/udp # Intel AMT Redirection/TCP
amt-redir-tls 16995/tcp # Intel AMT Redirection/TLS
amt-redir-tls 16995/udp # Intel AMT Redirection/TLS

The real enemy lies on other —less visible— firmware features; let us say, being able to send a WoL-like packets to a hidden firmware backdoor that permanently disables a computer. Lack of support on firmware upgrades from hardware manufacturers is a serious issue too. However people chooses running Windows, OS X, iOS, IOS (the original one from Cisco), Android, poorly coded Linux distributions, and so on yet… so who cares then about security? It is a lost war for most people.

Who? August 24, 2015 9:40 AM

@Patrick Bowery, ianf, Tam Mariner.

Sorry, bad formatted listing of ports to be filtered:

amt-soap-http   16992/tcp       # Intel AMT SOAP/HTTP
amt-soap-http   16992/udp       # Intel AMT SOAP/HTTP
amt-soap-https  16993/tcp       # Intel AMT SOAP/HTTPS
amt-soap-https  16993/udp       # Intel AMT SOAP/HTTPS
amt-redir-tcp   16994/tcp       # Intel AMT Redirection/TCP
amt-redir-tcp   16994/udp       # Intel AMT Redirection/TCP
amt-redir-tls   16995/tcp       # Intel AMT Redirection/TLS
amt-redir-tls   16995/udp       # Intel AMT Redirection/TLS

Who? August 24, 2015 9:44 AM

As said, these hidden backdoors on firmware and microcode are the real evil and may be true. An alternative BIOS means worse hardware support, but will not avoid a security vulnerability open by poorly written firmware or, even worse, a backdoor written by a government.

Is intellectual property the only reason reverse engineering firmware is prohibited?

ianf August 24, 2015 10:39 AM

@Tam Mariner

[…] libreboot replaces the default BIOS/UEFI, which is where most of the nefarious activities (AMT, etc.) take place. It certainly is not all it takes and it’s clearly a compromise, but short of knocking together our own CPUs in a garage, it’s the best we’ve got at the moment.

I get it, but then wonder… how do Ed Snowden, Laura Poitras, the Intercept “gang,” et al ENSURE that their (well configured, etc., but still more or less off-the-shelf) laptops DO NOT PHONE “HOME” to $MSFT, NSA, when they’re not looking? They can’t all be relying on security by obscurity; must have taken other hardware-proactive steps to stay ahead of the bounty hunters.

Tam Mariner August 24, 2015 10:57 AM

@ianf
“how do Ed Snowden, Laura Poitras, the Intercept “gang,” et al ENSURE that their (well configured, etc., but still more or less off-the-shelf) laptops DO NOT PHONE “HOME” to $MSFT, NSA, when they’re not looking?”

That’s a good question. I know that there are people in this blog that are / have been in charge of systems hosting critical infrastructure and / or content-sensitive businesses (@Thoth? 🙂 ). How do you guys mitigate this when it really matters? Or do you shrug it off as a lost cause?

wholesale snowflake August 24, 2015 11:06 AM

@ianf:

That’s got me wondering: how many stock markets, government buildings, traffic management systems, energy processing plants, etc. around the world are currently running their systems on Intel chips? Has anyone figured out how often these systems have dialed home since they were started? How many times have these systems been forced to boot into an image injected remotely via WAN / LAN? How many times have their BIOSes been remotely re-flashed? Would the sysadmins be able to tell or even distinguish the traffic from routine automated updates? What percentage of Tor nodes is currently running on systems that have this AMT remote “administration” feature enabled by default?

ianf August 24, 2015 11:38 AM

@wholesale snowflake

Your questions of enumerative variety are basically unanswerable, ergo rhetorical.

@Tam Mariner

The Intercept’s Technology Analyst Micah Lee has written a primer on establishing trust and communicating anonymously (under the radar of state-level watchers, etc), but it deals mainly with the OS & application software layer. I also remember reading, or was it watching?, a lecture by Laura Poitras on procuring a run-off-the-mill laptop for cash, mechanically disabling certain hardware “data leakage or potential compromise points,” then using it from public, preferably not CCTV:d, WiFi spots to establish first contact with the respondent. If you know of other such primers, do post them here!

[I tagged this Micah Lee’s article with: secure anonymous connections via Tor/ Tails/ OTR [off-the-record messaging]/ Jabber chats (Snowden/ SecureDrop)]

Nick P August 24, 2015 11:53 AM

@ Leonhart231

Another idea, complementary or replacement, is checking out open-source EDA tools. You might use them to build stuff, improve them, and so on. Unlike synthesis, which is NP-Hard, I imagine many features of these are just a matter of people putting some time in. Here’s a cut-and-paste of links I gave to an engineer who was suffering with commercial tools that sounded worse. 😉

gEDA’s 10+ tools to assist the process
https://en.wikipedia.org/wiki/GEDA

KiCad is similar w/ bill of materials and artwork
https://en.wikipedia.org/wiki/KiCad

QUICS for simplified usage in schematic capture & simulation
https://en.wikipedia.org/wiki/Quite_Universal_Circuit_Simula

Magic for those wanting old school (a recent SOC used it)
https://en.wikipedia.org/wiki/Magic_%28software%29

@ Alien Jerky

“This push to make everything digital is a problem. ”

It’s a side effect of digital being better than analog in almost everything and excellent tool support for digital design. Much of digital can be automatically synthesized, verified, optimized, DRC’d, etc. Analog is still custom with just an occasional synthesis win, an inability to do general-purpose computation outside limited applications, and little education for the next generation. That’s despite the benefits for the things analog is good at. We’re seeing a resurgence among the elites in ASIC development where mixed-signal is increasing and so are tools to support it. Otherwise, it and its labor pool are on decline in both academia and industry.

Pity, given interesting stuff I’ve been finding like the links. One more example is a math coprocessor that offloads heavy lifting to analog. Quite the result. Plus mind-blowing stuff like Empty Space Computes that I have to hold off buying into without professional validation.

“The systems today are becoming too complex. ”

Maybe, maybe not. I think it varies on a case by case basis. The systems overall increased in complexity because they had to in order to obtain a result. That might be lower cost, increased speed, increased storage, less delay, and even more security/reliability. The Tandem NonStop architecture was much more complex than MIPS servers but linear scaling of CPU’s/memory + five 9’s is a decent reason, eh? Nobody is getting shit done in modern industry with CP/M and 32k of RAM. Maybe KolibriOS and 8MB of RAM but I digress…

What we need isn’t caveman-era, low complexity. We just need to apply lessons wise people devised in 60’s-80’s of keeping complexity manageable and system features justifiable. Price/performance/compatibility went rampant from there to screw everything up but the market demanded it. Everyone that didn’t deliver died, were acquired, or took billion plus losses (see Intel’s i432 & BiiN). However, fairly well-architected systems like IBM System/38 and NEXT Computer’s NextStep offered a lot of functionality with relatively little code compared to what people are used to. Plus, made it in market. Scheme machines, Oberon, & GEC’s Nucleus + OS used modularity with good interfaces to ensure you could understand the whole thing, even stripping or customizing features. Recent advances in Design-by-Contract and more concise languages show we could do even better.

So, that’s what I push toward. That on open hardware like Gaisler’s SPARC or the RISC-V projects. Graphics will be a problem as all those efforts failed. Might be easier to use PowerVR GPU with interface restrictions to keep it from screwing with things and with hardware accelerators for things like video encoding. The Octeon III design is what most projects should copy: strong NOC, multi-core RISC, plenty I/O, onboard virtualization/security, and as many accelerators as one can cram. We’re not doing 28nm so naturally way fewer cores, I/O, and accelerators. 😉

Leonhart231 August 24, 2015 11:55 AM

@Figureitout

“Hope you’ve enjoyed sleeping peacefully lol, it took me years for a lot of these things to finally settle and make coherent plans for action, others on here have mentioned insomniac issues, but hey you made it thru EE degree you’ll be fine. Ease into it if you want, hope you can help!”

I’m sure I can! And since everyone here has been so helpful, I think I’ll be able to figure out where to start too.

@tyr

Wow, that was incredible actually. It also gives me food for thought on secure ISAs. Thanks!

@Grauhut

“Its worse, Intels Clear Linux Project doesnt even boot without UEFI enabled and you need at least a haswell system to boot it.”

Yeah, that doesn’t sound good. Especially with the new UEFI “features” I’ve heard about on here. Locking people into newer and newer systems seems to be Intel’s new strategy. But because of the vulnerability @tyr mentioned, we need to move forward some. Intel vulnerabilities are pushing us on one side, and UEFI stuff on the other.

@Clive Robinson

“Where to go is actually a “career choice” as much as it is anything else.”

Thanks for all that information about life planning, I’ll certainly keep it in mind moving forward in everything.

“Two things to bear in mind when thinking long in the technology game, “people want to communicate” and “the future is parallel”.”

I’ve tried in the past to figure out the needs/wants of the future, so this is something to add to my list. I’ve been thinking more about the “distant” future though. With the current state of computing (and its trends) however, I’m worried about our ability to keep computers secure and running long enough to complete any of these futuristic megaprojects, which is I guess why I’ve been dialing back towards the present. We don’t have a secure foundation, but still we’re doing construction at a faster and faster rate. It’s a tough position. I’ve gone wide of your comment though, so I’ll stop babbling now. Thanks!

Leonhart231 August 24, 2015 11:58 AM

@Nick P

“Another idea, complementary or replacement, is checking out open-source EDA tools. You might use them to build stuff, improve them, and so on. Unlike synthesis, which is NP-Hard, I imagine many features of these are just a matter of people putting some time in. Here’s a cut-and-paste of links I gave to an engineer who was suffering with commercial tools that sounded worse. ;)”

Thanks again! I’ve use a few of these (gEDA and KiCAD), but I’ll check out the others.

Nick P August 24, 2015 12:21 PM

@ Alien Jerky

I was looking up best fabs for analog development. Found this nice article that gives that plus incentives to get on bandwagon. Although talent & R&D steadily drop, use of analog IC’s steadily rises because of their benefits. I expected TI to have a few thousand analog IC’s but finding that they’re at 40,000 surprised even me. So much analog shit out there it might be impossible to mentally track. So, high demand plus low supply & interesting challenges = prime field for smart people to get into.

@ all

For those interested, this article describes techniques they’re using to get them working on advanced process nodes. The nature of analog means that whatever nodes are great for digital totally suck for analog and tax the engineers. Article gives several abstract and specific strategies for making most of it. Will be useful for anyone contemplating working on improvements to 45nm RISC-V, etc.

Clive Robinson August 24, 2015 1:25 PM

@ Tam Mariner,

How do you guys mitigate this when it really matters? Or do you shrug it off as a lost cause?

You can not shrug it off unless you are a very short term viewing CEO, who’s going to jump ship before the shareholders start a class action etc.

I’ve mentioned before what I do, but I will give the basic rules,

1, Total Isolation.
2, Minimal internal functionality (ie CLI not GUI).
3, Custom Apps
4, Mediate and check all data transfers.
5, “Paper Paper, never data” to transfer outwards.

Most people can not do “total issolation” it’s actually very difficult to achive even with the likes of SCIFs and hardened equipment. I’ve previously described how to build your own “shield room” and “clean supplies” to limit EM side channels. However the design did not stop acoustic, mechanical or thermal side channels. You can add these relativly easily. Which is why I further described a quick DIY house/hotel way for optical, thermal, mechanical and acoustic side channel reduction.

I also use old hardware (1990s) running minimal command line OS’s and apps. For instance DOS 3 and Mirror combined comms and limited WordStar style text editor to talk to custom hardware via RS232 serial ports through microcontroler based custom “guards”. I also write code in C compiled in a compiler I wrote (based on SmallC). I’ve a bad habit of using “debug” on floppy disks to check for any “oddities”. If I have to import information it goes in via text only files which can be generated and checked in various ways.

Not many people will stretch to doing this sort of thing, but then they don’t have the KeyMat generation requirments some people have. Which can include letter or number OTP generation for emergency EOW comms occasionaly needed with ComCen bug outs.

SJ August 24, 2015 1:26 PM

@Jack,

I’m not sure what game plan the hackers were playing.

Once they stated, in public, that they had Ashley Madison’s private data, they demanded that AM scrub their DataBase.

AM could scrub the data…But AM has a hard level of “proof of scrubbing”. (Sure, they claimed to have done a “shred” on that section of the DB…but it’s rather hard to prove that the data wasn’t backed up on DVD-R somewhere.)

The hackers weren’t simply engaged in data-theft. They were engaged in something that was more like a kidnapping. The hackers had possession of data, and demanded that Ashley Madison pay by scrubbing the data from their internal servers. (How did Ashley Madison know that meeting this “ransom” demand would result in the hackers not sharing the data anyway? This was a negotiation in which neither side could guarantee that the other party would cooperate…which makes all actions by Ashley Madison into actions which could result in loss. This looks like the best explanation for the behavior shown by AM. With no winning move available, they decided not to play.)

My thread of thought wasn’t well-formed, but it goes something like this:
(A) If Ashley Madison claimed to “forget” users who paid, what benefit was there for AM if they didn’t actually remove the data?
Biggest benefit I can think of is selling the customer list. Which goes counter to AM’s business image of not sharing data, and removing user-data from people who pay extra for that removal.
(B) If AM saw any benefit of retaining a customer list, who would they want to sell that list to?
Competitors, investigators who want to blackmail the users, or investigators wanting to deny security clearance to users.
(C) Why would Ashley Madison provide customer data to competitors? Such an action would likely hurt Ashley Madison’s business. And competitors can advertise themselves as better than AM in some way…so they could directly advertise to Ashley Madison customers, and would likely not see a benefit in paying money for customers who would sign up for free.
If the selling of the list somehow became public knowledge, Ashley Madison suffers harm to their business reputation.
(D) Why would Ashley Madison provide customer data to investigators, whether of background-check variety or of looking-for-blackmailable-targets variety? It would hurt their business image if this became public knowldge.

It’s fully possible that the Tech team at Ashley Madison convinced Management that “delete” meant “remove the name from our searchable list of clients, but keep all data in our DB.” It’s also possible that Management told Tech to do it that way.

However, the reasons for that decision look to be one of these two:
(1) the person making the decision was really short-sighted, and didn’t see the potential harm from a hacker gaining access to a list full of “supposed to be deleted” clients
(2) the business actually saw some benefit in maintaining a list that could be sold, or had been sold already

Possibility (1) isn’t impossible, but it does look mind-numbingly stupid. Especially after the public knowledge about the Sony Pictures hack, and the amount of inside documentation that was aired from that attack.

Possibility (2) looks really weird, and doesn’t make sense. Unless Ashley Madison was actually in the business of creating lists of potential-victims-of-blackmail, rather than in the business of connecting clients with members of the World’s Oldest Profession.

Bob Paddock August 24, 2015 2:07 PM

I wrote about Ashley Madison in by blog in 2010:

Are Embedded System Engineers more adulterous than other Engineers?

You are undoubtedly asking why I would even ask such a question as “Are Embedded System Engineers more Adulterous than other Engineers?” right?

On the drive into the office the Talk Radio DJ brought up a survey done by the controversial dating website AshleyMadison.com. Apparently this dating site is intended for married people. That is just wrong on so many different levels.

What caught my attention was that “Engineer” was listed in the survey of people most likely to have an affair. Out in the vast wasteland of Government Pork there probably really is someone willing to fund a study to answer the question we posed above.
Normally when I hear such things on radio or Internet I do my best to find the original source of the information. In this case we know that the source is Ashley Madison. However to actually see the survey you must register with the site. “Honey, I only signed up to that site to do research for my software safety blog”. No I don’t think I’ll go do that road…

Yes, an engineer will pursue an affair so that the wife and the mistress will think he is with the other woman so he could sneak to the office to catch up on work.”

“The president and founder of AshleyMadison.com Noel Biderman notes these top professions are often high stress and require many to work long hours.”

Tam Mariner August 24, 2015 2:09 PM

@Clive Robinson

Thanks Clive, that’s useful. It sounds like a pretty draconian set of measures (paper as the default “outgoing protocol,” self-generated compilers, 1990s hardware…). I’d imagine some of those solutions will have a very direct impact on usability. How do you deal with the “why can’t I play my Flash game on my browser” complaints?

Grauhut August 24, 2015 3:03 PM

@tyr “You’ll never look at an X86 the same way again after reading it.”

Funny APIC2SMM stuff! We need some fine squid oil antivir for that SMM! 🙂

McApee to the front!

Clive Robinson August 24, 2015 3:36 PM

@ Tam Mariner,

How do you deal with the “why can’t I play my Flash game on my browser” complaints

Easy, I don’t let that sort of person in the door…

Some engineers understand quite easily what makes certain types of security work, as do some maths and physics, grads. Computer security grads however seldom get it in comparison.

To be honest I have a bit of a downer on quite a few institutions that teach computer science, because they take more of a “liberal arts” approach rather than an engineering approach.

It’s difficult to find CS grads that “get security” unless they’ve spent 5K-10K hours doing “hard realtime embedded” design at the assembler or lower level. It’s the sort of thing physics grads and higher get used to when doing research, so often have a 2K hours head start, and a way way better understanding of realtime process risk. The reason is their experiments can if they go wrong burn a 100,000USD, whilst an application “code cutter” just burns a few cents of electricity doing an edit, compile and retest cycle…

tyr August 24, 2015 3:41 PM

@Grauhut

All we need is a suitable label, an endorsement from
Bruce and enough squid oil to do an IPO during the
stock market crash. That should shake out enough
venture capital to allow the scam to work nicely.

Grauhut August 24, 2015 5:20 PM

@tyr

We should learn from the best of the best of the best, Sir!

At least when it comes to security marketing: Intel, best security buzzword b…..t bingo ever!

“Intel® Security Controller enables software-defined security by providing an abstraction layer between the security infrastructure and virtualization management of software-defined infrastructure (SDI) in the data center.

It is designed to broker between orchestrators, software-defined networking (SDN) controllers, security solutions, and management applications for dynamic and automated security provisioning, policy management, protection, and remediation.”

That sounds so incredible geeky elegant, made me a true believer!

Clive Robinson August 24, 2015 5:48 PM

@ Grauhut,

…and sex sells! Even squid oil sex! 🙂

Please do not bring up “sex and squid” together, it’s been mentioned befor in connection with the Japanese and tentacles and goes back a couple of hundred years, and it’s creepy just how popular it appears to have become,

https://en.m.wikipedia.org/wiki/Tentacle_erotica

Nick P August 24, 2015 6:16 PM

@ Bob

Answer: yes because they’re more “hands on” types of people. 😉

@ Clive Robinson

Contrary to pop belief, it started in USA with a woman getting raped by a space maggot with tentacles in Planet Terror. Scene still on YouTube. Eventually the stuff got to Japan and the anime scene.

Dirk Praet August 24, 2015 6:48 PM

@ Tam Mariner, @ianf

How do you guys mitigate this when it really matters? Or do you shrug it off as a lost cause?

It depends on your business impact analysis and risk management model. For most corporate environments (especially small businesses), exploitation by malicious actors through BIOS/processor OOB management and other hardware attack surfaces is not yet part of their threat model. Snowden is however slowly changing that.

What you can expect in the years to come is that all over the world a growing number of government institutions and other organisations where data confidentiality is of the essence will start issuing RFI’s/RFQ’s with entire chapters pertaining to mandatory security controls on hardware, software and other equipment. With heavy penalties and other liabilities for those vendors and service providers in breach thereof. Last year, China banned Windows 8 for government use. In the Russian Duma, similar voices are being heard about Windows 10. And this is only the beginning. The USG may still try to mitigate the impact thereof through TT(I)P, but the ghost is out of the bottle. With a government spying policy that any foreign target is fair game and an impressive collusion – voluntary or coerced – between said government and its tech/telco sector, it will be very hard to put back.

That said, it would be foolish to assume that other nations are not doing the exact same thing. In essence, what it boils down to is that corporations need to evaluate what breaches can cost them and try to mitigate as best as budgets are permitting. Although it is virtually impossible to defend against a motivated and resourceful attacker like a state actor, companies can still significantly raise the bar by applying industry standard best practices, selecting the least known vulnerable/backdoored technologies and preparing for breaches that sooner or later inevitably will occur and by means of sustained threat analysis, risk management and data classification.

Absent stringent digital privacy legislation and regulation, the average individual, however, is pretty much f*cked. Even for security professionals like this blog’s audience, it is hard and time-consuming to keep up with everything that’s going on, let alone adequately mitigate against backdoored hardware. The setup described by @Clive is probably the least insecure solution available, but I can hardly see that work for Joe Average.

Without going into much detail of my personal home network and related devices, it can be best described as a combination of best practices based on personal experience, guidelines freely available on the internet (check out stuff by EFF, @thegrugq , to name just a few) as well as tips, technologies and techniques picked up from the usual suspects on this forum like @Clive and @Nick P.

Grauhut August 24, 2015 6:59 PM

@lulz 🙂

McAfee Customer Service – SR-180893xxxx
Сегодня, 1:55
Thank you for contacting McAfee Consumer Support.

We have recently opened a Service Request for support based on the information you provided us at our support website. Below you will find the details of this request for your reference.

  • Order #:
  • Service Request #: 180893xxxx
  • Created Date: 08/24/2015 18:55:30
  • Description: Found out that the SMM subsystem of my pc is vulnerable, see http://ubm.io/1K7f0Qs (Blackhat 2015 pres.). I want to buy an antivirus program running in SMM in order to protect it. Need your article number. Can you help me?

Please feel free to visit us at http://service.mcafee.com for all of your McAfee related support needs.

Sincerely,
McAfee Consumer Support

Thoth August 24, 2015 7:04 PM

@Tam Mariner

“That’s a good question. I know that there are people in this blog that are / have been in charge of systems hosting critical infrastructure and / or content-sensitive businesses (@Thoth? 🙂 ). How do you guys mitigate this when it really matters? Or do you shrug it off as a lost cause?”

Quite the contrary, many of my business clients do use M$ because it’s business. How they usually control that wild beast in a low assurance manner is to configure firewalls to approved packets. If they are worried about certain content, they put it on other OSes but in general M$ in many sensitive businesses (including defense department clients I have) do still use M$ for convenience but the use of network constriction (or in simple, data flow constriction techniques) are in place. Most non-defense clients wouldn’t care if their data leaks to M$ as long as they have the convenience and audits done (friends of M$ you know 🙂 ). The defense side would isolate their environments and control data flow in a more strict manner.

I think @Nick P did mention about Data Diodes and @Markus Ottela (hope I didn’t get the name wrong) have built the TFC setup and these are the means to constrict data flow. In fact, most modern sensitive military systems still uses Windows CE / Windows XP and recently Windows 7 for their OSes in their products. The difference is how you control the data flow and I would suspect a TCB underneath to control the process functions of these M$ systems in these security systems.

@Clive Robinson already mentioned in a rather extensive manner on the problems with certain side-channels that constricting data (i.e. Data Diodes and Firewalls) have.

Thoth August 24, 2015 7:07 PM

@Clive Robinson
Do you happen to still have the link containing you wrote on setting up the RF clean room with thick blankets and funny stacked tables ? I forgot to bookmark it down.

Grauhut August 24, 2015 7:16 PM

@Tam Mariner @ianf @Dirk

Tell a SIEM to say something if it sees something, NBAD.

On other channels i am relatively blind.

Nick P August 24, 2015 9:35 PM

@ Clive

Well, looking at your link, I was wrong about the origin and it was Galaxy of Terror I was referring to. Mixing it up with the much more fun zombie film: Planet Terror. 🙂

Curious August 25, 2015 1:48 AM

“FTC has power to police cyber security: appeals court”

http://www.reuters.com/article/2015/08/24/us-wyndham-ftc-cybersecurity-idUSKCN0QT1UP20150824?feedType=RSS&feedName=technologyNews

“A U.S. appeals court said the Federal Trade Commission has authority to regulate corporate cyber security, and may pursue a lawsuit accusing hotel operator Wyndham Worldwide Corp of failing to properly safeguard consumers’ information.”

“The FTC wants to hold Wyndham accountable for three breaches in 2008 and 2009 in which hackers broke into its computer system and stole credit card and other details from more than 619,000 consumers, leading to over $10.6 million in fraudulent charges.”

tyr August 25, 2015 1:53 AM

squid related

What I found a lot more disturbing than the Japanese
tentacle stuff was their soldiers wearing dried squid
amulets to bulletproof themselves.

That’s what a quick rush to industrialize a feudal
society accomplishes. Some get it but the rest are
still in the dark ages methods of thinking. The high
morale of bulletproof soldiers is only useful before
it turns out to be a myth.

Thoth August 25, 2015 2:58 AM

@all
Hiding hacking toolkits and lock picks into female high heel shoes (printed with 3D printers) and using a … female to get it pass. The idea is interesting (and has already been done before) to use human desires to social engineer and sneak contraband pass security checkpoints. What it shows is the ease of making the items needed for such an exploit.

WARNING: The contents are Not Safe For Work (NSFW) due to the possible explicit images (if you are browsing from work). For married male readers, please make sure to read this post from a safe location where your spouse would not walk in on you.

Links:
http://www.theregister.co.uk/2015/08/24/heeled_hacker_turns_wedges_into_concealed_pwn_weapons/

ianf August 25, 2015 3:28 AM

… Hiding lock picks inside high heels…

OVERKILL In “Bound” (1996) the Wachowskis had lesbian ex-con Gina Gershon wear lock picks in the form of an earring.

ianf August 25, 2015 5:06 AM

Sez Dirk Praet: the setup described by @Clive is probably the least insecure solution available, but I can hardly see that work for Joe Average.

Goes without saying… above everything else & much due of its default low paper-only output, it flies in the face of MBA buzzwords “raised office productivity” & periodical “performance appraisals.” Interestingly enough, Clive employs even more ancient, less prone to be invaded, hardware & software combo than Richard Stallman, whose setup I already thought way past the extreme. His ultra-orthodox approach to no-traces web browsing is quoted below:

RMS […] “I generally do not connect to web sites from my own machine, aside from a few sites I have some special relationship with. I usually fetch web pages from other sites by sending mail to a program (see git://git.gnu.org/womb/hacks.git) that fetches them, much like wget, and then mails them back to me. Then I look at them using a web browser, unless it is easy to see the text in the HTML page directly. I usually try lynx first, then a graphical browser if the page needs it (using konqueror, which won’t fetch from other sites in such a situation).

I occasionally also browse using IceCat via Tor. I think that is enough to prevent my browsing from being connected with me, since I don’t identify myself to the sites I visit. […]”

John Galt III August 25, 2015 5:49 AM

as noted previously, Karl is a bit rabid, but he is very self-consistent

The New Security Game
http://market-ticker.org/akcs-www?post=230571

Do you run some sort of online enterprise?

You’ve probably heard of a Sql Injection attack then.

Lately I have seen a rather disturbing pattern both here and on other sites I monitor, which implies that there is a new “cookbook” or “kit” out that is in heavy use by the various malefactors around the net.

…more on the web

ianf August 25, 2015 7:34 AM

I wondered what did Lavaboom have that made it immune to pressures of assorted intelligence services. Apparently being housed outside formal jurisdiction of the UNSA wasn’t all it took. No doubt we’ll learn in due time what really happened.

With that, I salute the two Felixes & Christine from Lavaboom for their engagement. Your terse announcement today almost sounded like a paraphrase of this prescient (2005) Clive James’ poem.

Clive Robinson August 25, 2015 8:23 AM

@ ianf,

Yes the system I use “when it matters” is extreme, but the next step back is a manual typewriter which I also use occasionaly “when it matters”. And as I’ve said before a glass table top is not just easy to clean, it also does not take an impression from writing implements, thus “when it matters” you hand write on a single sheet of paper at a time on the glass surface using a soft tip such as a 4B pencil or non ball tip pen (Rotoring technical drawing pens are still around). Oh and as I’ve indicated various nitrates and permanganates are fairly easily available, thus paper soaked and dried in a solution of them will burn not just quickly but eftectivly, and some permanganates will ignite if cooking glycerine is wiped on them, you can find the safe recipes on various magician pages on the web. Large “hand rolling” cigarette ( Rizzler etc) are known to not just burn but fold up into incredibly small easily concealable volumes that unlike Micro SD cards are not easily reveiled by metel detectors and similar.

The important point is understanding “when it matters” is actually saying “make a risk assesment and act accordingly”. That is you have to use a solution that matches the risk level you are working at, and this can cause problems due to “roles”.

The technology push these days is “one device does all” Swiss Army Knife solutions as exemplified by “smart phones” and in a similar way by “web browsers”. They unfortunatly disencourage “role seperation” hence they are a very real OpSec problem.

That’s not to say I don’t use them, I do, but I seperate out what I do on them, it’s why I’m typing this on an ageing smart phone, I’m finally geting around to replacing, whilst having a spot of lunch away from sensitive things.

Thus “when it matters” I have alternative –and yes more extream in some peoples eyes– systems I use. Importantly these “when it matters” activities are occasional and mainly “stand alone” thus the tightened restrictions are not that onerous.

When you read RMS’s page and filter out the “must be free” message, there is actually very little there that “the usual suspects” on this site would disagree with.

RMS has correctly identified that like many other “public figures” he is at a higher level of risk than many others so his base / starting point of “when it matters” is higher than it is for many others.

Something I suspect other “public figures” probably wish they had given consideration to before their personal selfies and confidential messages became public news fodder…

Thus the real problem is people taking to many unwarented / unconsidered risks and not setting their “when it matters” point high enough for certain roles they carry out.

If you look back you will find we used to quite frequently warn that if you are doing a higher risk activity such as your online banking you should take certain precautions. Such as a cold boot of your computer from a DVD/CDROM based OS that has been “hardened” in several ways, do only the banking activity the cold reboot before doing anything else. Whilst the talk is now more about doing it via a VM the likes of Tails still gets talked about here (even if it’s only because of it’s failings).

However as the “usual suspects” were all to aware and discussed here on and off long pre-Snowden there were other realy serious issues in PCs and had been for a very long time.

One of which is ever since the first Apple ][ was released “IO Cards” with ROM were a security threat which was way back in the 1970’s. The saving grace then was a ROM realy ment “Read only”, thus “physical access” was required by an attacker. So the traditional well understood “physical access controls” very much limited it as an attack vector, and made it more theoretical than practical. But the need for a “real time clock” brought batteries into computers and thus Static RAM could be “battery backed up” with the same battery to store the likes of configuration data. Which made a variation on attacking ROMs a new theoretical consideration.

Then much later we were warned of the very real dangers of the use of “battery backed RAM”, when someone managed to put malware in the IBM PC, but of the few that heard the warning back then most forgot about it fairly quickly.

Thus the real message that “Any remotely mutable persistant memory in a computer was an attack vector” was lost to most.

As the AV Industry history shows most only considered boot floppies and hard drives, but forgot or did not realise that Flash ROM was not “Read Only” just persistant like Battery backed up RAM… Thus BadBIOS and other realy nasty and very persistant malware went unnoticed untill shortly before the disclosure of the TAO catalogue made it painfully obvious. Even those of us who knew how to or had done it experimentaly up to that point just occasionaly warned it was an issue. I guess because firstly few were interested in listening and further we kind of assumed criminals would stick to the “low hanging fruit” route they were following and that those that likewise knew how to do it would be not criminaly inclined. Thus the “folly of security by obscurity” won out… and the State Level attackers must have secretly rejoiced in our folly.

Now we know real ROM is a thing of the past as it’s all EEROM / Flash ROM, thus reloading the OS to get rid of malware does not work with such Flash resident malware. Hopefully the AV industry will come up with a new set of ROM memory checking. But will they… probably not for a whole variety of reasons. One of which is,

HEADS UP it’s happening to RAM… DRAM in it’s many forms is on it’s way out, there are new soon to be low cost SRAM look alike alternatives based on magnetic bubbles –in a Fe layer in the transistor control gate– hitting the market. This FeRAM does not lose it’s contents when powered down… The oportunity to use this for extending battery life by clever switching, or “instant on” booting etc is going to make it a “must have” in new designs in the fairly near future.

The OpSec issues of this are mind achingly bad. For instance, the forensic boys won’t have to lug their cryostats of liquid nitrogen around with them to “freeze RAM” any longer, because the OpSec emergancy proceadure stalwart of “yank the battery” will nolonger work… Thus Full Disk Encryption will become pointless without major OS changes. But it’s not just KeyMat for traditionaly persistant memory such as hard drived we are going to have to protect, it’s now the main system memory as well…

But along the same time line there were other serious vulnerability warnings that came up and were forgoton by most which you will see occasionaly mentioned in these pages.

As Apple demonstrated when it was found that an employee of a sub-contractor was putting PC malware on their media players befor they left the factory back in the 90’s. Thus “Supply Chain Poisoning” was very briefly brought to peoples attention and almost as quickly forgoton. It poped up again in the UK when it was found that “Point of Sale” credit card readers had had a tiny GSM module added that stored the details for criminal card skimming activities. Now again through the TAO catalog and other sources we know it’s a major governmental activity…

As with several other things there had been warnings but they were largely ignored except by a few.

That is untill the Ed Snowden trove and other leaks, made them headlines again, but how long are people going to listen, before collective amnesia sets in and most sleep walk into other security nightmares because they don’t take the time or effort to “seperate their roles” and lift their “when it matters” point.

If you look back in this blog, you will see that our host has raised his “when it matters” point as he became more of a public figure and thus more cautious in how he does things. I think the readers hear should take it on board and for good reason, we know that the NSA, GCHQ et al target system admins and those with a security interest. Thus it’s not unreasonable to assume possibly belatedly, we are now all persons of interest to them…

Crabby Coffee August 25, 2015 9:16 AM

@ianf:
“I occasionally also browse using IceCat via Tor. I think that is enough to prevent my browsing from being connected with me”

It sounds to me like you could be easily fingerprinted with that setup. You might want to check just how vulnerable to profiling you really are with an off-the-shelf IceCat over Tor:

https://panopticlick.eff.org/

It’s been a while now since Google anounced that they will evetually ditch cookies and IP tracking in favor of alternative methods, including automated browser fingerprinting.

Also, are you protecting yourself against HTML5 canvasing?

Thoth August 25, 2015 10:26 AM

@Clive Robinson

“That’s not to say I don’t use them, I do, but I seperate out what I do on them, it’s why I’m typing this on an ageing smart phone, I’m finally geting around to replacing, whilst having a spot of lunch away from sensitive things.”

How do we separate our smartphones from our computer equipments at home ? I had to change my old smartphone to a new smartphone recently as the batteries in the old phone could not last more than 30 minutes on WiFi or probably 12 minutes on 3G (4 years old smartphone) and the batteries are not sold anymore neither in the main supplier nor anywhere else.

The latest smartphones (i.e. Samsung Galaxy and iPhone) have their batteries glued into their phones and that is a worrying trend too.

“I think the readers hear should take it on board and for good reason, we know that the NSA, GCHQ et al target system admins and those with a security interest.”

They don’t simply target the people they want (the Warhawk Agencies and Govts). They target the 6 degree separation thus the whole trove of Facebook, Twitter, WhatsApp, Snapchat, Youtube, Google, Googlt+, Instagram and all that social media stuff (their mass collection campaigns). If they can’t get the target person (IT Syst Admins, Security people …etc…) they will and have gotten at the people around them.

I personally have a lot of friends (including close friends) telling me I am paranoid for using old technology (yes I do stick to old phones whenever possible unless it recently died and there are no more replacements due to it’s age) and not hang out too much on social media. Even my employers (HSM reseller company) and clients told me I am way too paranoid (which is something I am very happy of) as I am contactable only through SMS and normal phone calls !!

The 6 degree of separation is a scary thing. If you take a Graph Database like Neo4J or OrientDB and run it with a BotNet that does web-scraping (I have a half built web-scrapper net that I have not completed for ages), you can do so amount of deep web searches and SIGINT and it would be even better if you can feed it credentials using dummy emails and accounts.

Nation states have no problem tapping cables and issuing NSLs or gag orders to companies and force them to spill their data to these agencies (or even backdoor/hack) just for the trove of social data and using Graph Databases with customized analytics usually sold as Fraud Detection, Incident Respond Analytics, Defense Analytics or Human Behaviour Analytics COTS tools, you can load these databases and have the relationships all mapped out and for your 19 year old or newly graduated and hot-blooded analysts come in to map data and call down your Hellfire missile armed drone strikes.

Clive Robinson August 25, 2015 2:57 PM

@ Thoth,

How do we separate our smartphones from our computer equipments at home ?

The simple answer is do not use them for the same things ever.

I don’t download videos or other entertainment media from the Internet to use at home, or for that matter with rare exception the smart phone either. The smart phone gets used for texting and limited web browsing but no email etc and as I’ve now got hearing issues –due to wearing the green,– phone calls can be at best difficult and can rapidly descend into farce…

The increasing “museum” of home machines are used for doing “learning/skills updating”, places to put things on and legacy support of applications and such like I developed years ago. Thus are not connected to the Internet or in some cases a network at all. And yes as I’ve said in the past I still support an app on the Apple ][ and CP/M (on a MicroSoft Z80 card in the Apple..) a couple of apps runing on Mess Dros 3 and a whole load of stuff for rmicrocontrolers where the tool chain and ICE’s won’t run on anything past Dos 5 (though oddly they will run under Unix with DOS Merge and an eight port serial card and network based serial port box, and perhaps more suprisingly Gnu-Linux / DOSEMU and USB-serial converters).

One of the realy anoying things about “code cutter” developers is their desperate need to have their development machine connected to the internet “to research” or as an old work colleague once put it “To cut-n- paste there way to the next pay cheque”.

I now have a new toy which is a pad and keyboard dock running android, I’ve still got to sort out a google account for it (@Nick P, yup I know, I promised but I’m pleading backlog due to illness). It’s mainly for reading pdfs and writing text docs, and “social email” but I’ll need to “liberate it” at some point to do sideways loads and get a root terminal etc but that can wait a while. Oh and a USB extension to use a freebi phone SIM in an old USB mobile dongle for occasionally getting SMS from the likes of Giigle etc for their silly ideas of 2FA etc.

The main point to remember is different things have different roles, and you don’t share across devices ever, thus never repurpose mobiles etc. Especialy don’t make the mistake of using SIMs in different phones as the electronic serial number on the device would cross contaminate and give people a “zero degree of seperation” and a way to link your roles in life…

As for being “paranoid” that depends on where your “base point” is, from what you’ve said I guess it’s higher than most of your customers, so just smile politely. Or if you want to unerve them give’m a “thousand mile stare” and say ernestly “you can never be certain can you?” then give an obviously forced smile and change the subject before they can reply 😉

Oh and where you can “use cash”, if you have to use cards only use them close to the address the card is registered to for buying household items and taking it away only on holiday as an emergancy. I don’t know what the rules/laws are where you live but anonymous “pre-pay cards” which you can top up with cash can be a real bonus, if anyone ever asks say it’s for “internet shopping” thus you only put small amounts on it to avoid getting hit by fraud etc. As always with such things it’s not having it that causes questions, but what other people think you might use it for, if you have a sensible answer for the question, pluss can show that’s mainly what you use it for, they frequently lose interest at that point.

Curious August 25, 2015 3:30 PM

“Samsung smart fridge exposes Gmail login details to attackers”

http://www.digitaljournal.com/technology/hackers-steal-gmail-credentials-by-hijacking-samsung-smart-fridge/article/441913

“Hackers have successfully extracted login details for Google’s Gmail email service from a Samsung smart fridge. The details were unveiled at the recent DEFCON hacking conference, fuelling concerns about the privacy of Internet of Things devices.”

“Unfortunately, the fridge fails to validate the SSL security certificates sent by the Google servers at login.”

Thoth August 25, 2015 7:46 PM

@Clive Robinson
What I meant is EM security. We know that the latest research shows that a malware infecting a home computer can instruct it’s CPU to communicate with the RAM in such a way an EM side-channel opens up and mimics the 3G/4G and other smartphone RF signals thus turning into an EM side-channel. For that matter, how do we ‘Faraday’s cage’ the smartphone at home ? Leave it in the living room while PC runs in personal room ? What is the effective distance for the EM side-channel via 3G/4G between PC and smartphone ?

“I’ve now got hearing issues –due to wearing the green”

Me too. Firing heavy weapons next to my platoon mates and platoon mates firing heavy weapons next to me. My hearing is a little weaker these days compared to the days before conscripted enlistment all thanks to the military. I still have about 5 years more in green for a couple of weeks per year (reserve forces) and I wonder what will happen to my hearing after my mandatory conscripted reserve service officially ends. I doubt the military or Govt would even be willing to pay a single cent to help degraded hearing due to service.

“One of the realy anoying things about “code cutter” developers is their desperate need to have their development machine connected to the internet “to research” or as an old work colleague once put it “To cut-n- paste there way to the next pay cheque””

I wish it was easier to lookup code samples. I don’t have that many computers to run separated environment so I would just leave things like Key Management and those more important stuff running on a Linux. It seems my L4Linux/Genode?Fiasco.OC TCB experiment hit a glass ceiling where the support in Genode is random and not as expected so I am going to switch to using NOVA hypervisor + Genode modded VirtualBox as a TCB to see if it can run multiple Linuxes and Windows but now I am hitting a build error and probably would need some time to feedback to Genode.

“I don’t know what the rules/laws are where you live but anonymous “pre-pay cards” which you can top up with cash can be a real bonus”

Singapore’s pre-paid card laws requires registration of a human to a card regardless of pre-paid or post-paid. Everyone’s tracked. If you are a foreigner (if you ever visit here), your passport number will serve as your ID number for everything you do.

“Oh and where you can “use cash”, if you have to use cards only use them close to the address the card is registered to for buying household items and taking it away only on holiday as an emergancy.”

I prefer to use cash whenever possible. For Chip-and-PIN, it’s a hassle and the bulk of paper trails (bank statements) I have to destroy by using a marker to blank my own name and then use a scissors to finely chop up the blanked out name from my letters. People call me crazy whenever they see me hard at work destroying my names and ID numbers from my bank statement letters or any letters or parcels I receive.

“if anyone ever asks say it’s for “internet shopping” thus you only put small amounts on it to avoid getting hit by fraud etc”

I do have a habit of separating my cash in smaller “regions”. Leave abit here and abit there so it is the “one basket with all eggs” issues doesn’t occur since I “split them into different baskets”.

Clive Robinson August 25, 2015 10:21 PM

@ Thoth,

What I meant is EM security.

Ahh hah OK, the answers are not going to be easy, due to lots and lots of unknown factors.

Firstly a little bit of information about antennas and free space.

The theoretical model is an isotropic radiator (call it point source for ease of understanding) coupling energy into freespace which has various dialectric effects giving an aproximate impedance of ~377 ohms. The space around the antenna is usually divded into two spaces, the “near field” and the “far field”. Objects in the near field will noticably effect the freespace impedence the antenna sees, those in the far field unless acting to reflect energy back should not. The energy drop in the near field is assumed to drop linearly with distance (1/r) and with the square of distance (1/r^2) in the far field.

For electricaly short antennas (half a wavelength or less of the radiated signal) the near and far field are measured by freespace wavelength. Thus the far field starts at the two wavelength distance and extends to infinate distance. The near field is upto one wavelength from the antenna and the distance of one wavelength between the near and far field is called the transition zone.

The near field is subdivided into the reactive and radiative zones with the reactive zone extending from the antenna to ~0.159 wavelengths. Objects inside the reactive zone couple to the antenna capacitivly or an inductivly depending on their field orientation (which is both complex and distance related). Objects in the radiative zone distort the way the near field is shaped and can focus the radiation in one direction in effect forming a beam.

The power at the begining edge of the far field has dropped to ~1/50th of that put into the antenna and halves each time the distance doubles.

Antennes that have dimensions greater than half a wavelength act differently and can in some cases be regarded more as lossy transmission lines (see hf rhombus as an example). Likewise objects of sufficient dimension can be considered as transmission lines as well, which are capacitivly or inductivly coupled to the antenna.

However most antennes are not isotropic and thus have gain or loss as well as differing radiation resistance all of which effects how efficiently the antenna couples energy into freespace.

In effect a recive antenna works the same way but in reverse, coupling energy from freespace into a transmission line or load.

Thus the energy coupled into the receiver load is defined by the combined antenna gains and path loss between them.

Whilst the transmitted signal is assumed to spread out to infinity it can only be received if the power level at the receiver load exceeds the thermal and other noise floors.

Further a receiver has it’s own internal noise sources and detector thresholds that the signal must exceed if it is to be detected in a meaningful way.

Understanding the above will give you an idea of why it’s difficult to make preditions about signal levels in a domestic or office environment.

Which is why security rules tend to be “hard” actions such as “turn all mobile devices off.

Thoth August 25, 2015 10:48 PM

@Clive Robinson
How about simply keeping the smartphone inside an EM resistant wallet whenever you don’t want the smartphone to phone home something sensitive you are about to execute ?

You did mention before that pressing the On/Off button puts the smartphone in a software switched off state (not hardware switched off state) and phones like iPhones and Samsung Galazy S6 and above have no way to remove batteries (unless you really want to hack the phone cover to yank out the batteries).

Probably not the best EM resistant wallet (from the link) with all the breathing holes but it still can be modified to make it air-tight and a couple more aluminum foil layers with some plastic to prevent the foil from tearing too easily.

Link: http://www.instructables.com/id/RFID-Secure-Wallet/?ALLSTEPS

Curious August 26, 2015 4:07 AM

“Major Android remote-access vulnerability is now being exploited [Updated]”

http://arstechnica.com/security/2015/08/major-android-remote-access-vulnerability-is-now-being-exploited/

“Based on anonymized data collected from users of an app designed to check for a newly revealed vulnerability in many Android devices, Check Point discovered that one application in the Google Play store is exploiting the vulnerability to gain a high level of access to the Android OS, bypassing user permissions—and bypassing Google’s security scans of Play applications to do so. Update: A Google spokesperson told Ars that the offending app has been suspended in the Play store.”

fluffy shirt August 26, 2015 4:54 AM

@ Thoth
“it’s a hassle and the bulk of paper trails (bank statements) I have to destroy by using a marker to blank my own name and then use a scissors to finely chop up the blanked out name from my letters.”

You need to get yourself a pair of these bad boys:

http://www.usefulthings.com/shop/images/D/shredding-scissors-2-lg.jpg

They’re fast and easy to use for small things like credit card receipts or envelope labels. If you cut in a criss-cross pattern you’ll shred your paper into 2mm squares in no time.

Clive Robinson August 26, 2015 4:54 AM

@ Thoth,

Sorry it was 4:20AM in the UK when I posted, and for some strange reason the harder I tried to concentrate the harder it was to compleate the post, so I cut out early and went to bed, before i’d erfinished.

The problem with “tin foil” shields wrapped around a phone is that they are quite likely to be in the near field reactive zone, and thus only be an “electrostatic screen” not a magnetic screen. The reason they are in this zone is a “little secret” the phone industry does not realy talk about. Most phone antennas are not realy antennas in the traditional sense, they are partly designed to couple energy into you and use you as the antenna…

If you look at transformer design, electrostatic screens do not stop them very efficiently transfering power from one side of the screen to the other by “magnetic coupling”.

So wraping a phone in “tin foil” that close is not going to prevent an appropriate coupling coil coupling the magnetic field into a transmission line or antenna.

I’ve not tried it as an experiment, but a hair pin loop would look like a coupling loop on the end of a transmission line, and an appropriate bit of wire with a bend in the middle would look like an antenna driven by a coupling loop. Thus having a metal plated pen, keys, comb or other metal object in the same pocket could couple the magnetic component and thus re-radiate a signal.

A shield room / cage, would be well outside the reactive zone of the near field. In the far field the E field is effectivly on the surface of an expanding surface thus per unit of mesurment the field drops as the square of distance, the magnetic field however drops proportionatly to volume so per unit of measure it drops as the cube of the distance, so is negligable very much more quickly.

Which means putting your phone in a “family” size/selection metal biscuit tin, spaced away from the bottom of the tin by a book or similar to get it aproximatly in the middle of the tin volume, is likely to be more effective. Even more so if you have lined the tin with ferrite / carbon loaded foam used in RF anechoic chambers, though the black antistatic “hundred ohm foam” used for storing DIL and similar IC’s/chips on works quite well for a much lower price (often free when buying chips).

Another problem to remember, is “slot antennas” thus a gap in the shield such as the open edges of such a wallet will act as an antenna being quite efficient at some frequencies.

Also no shielding is “perfect” and phones will “ramp up” their power in weak signal conditions, and could thus “kill the battery” much faster than otherwise.

Clive Robinson August 26, 2015 5:14 AM

@ Curious,

“Major Android remote-access vulnerability is now being exploited [Updated]”

You missed quoting the bit about phone suppliers and telco providers “pre-installing” the offending app for “customer support” reasons.

Thus this is yet another “CarrierIQ” problem [1] where the suppliers “backdoor” phones. Last time a congressman got upset and threatened to sponsor legislation. And as I pointed out at the time it would have been “manner from heaven” for the likes of the NSA.

[1] http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/

ianf August 26, 2015 5:16 AM

@ Crabby Coffee

This was second ¶ of my [cited] Stallman’s quote, which Bruce’s eminent posting agent terminated after the first ¶, and I failed to spot it in preview (lesson learned). Apparently RMS only uses IceCat occasionally, which per chance might not ladle out enough data to ensure usable, unequivocal fingerprinting.

(Tell us more about HTML5 canvassing… I presume it involves client-side retention of data for offline use?)

@ Clive Robinson, Thoth, Dirk Praet

Lots of food for thought, too much really (but I’m not complaining). Of course security measures should be tailored to combat perceived REALISTIC exposure… I wasn’t the least critical of either your or RMS’ setup, quite the contrary, mostly amazed at the level of task-partitioning that you endure in order to prevent ANY data spillage & block entry points for cumulative “outside party” snooping.

BTW. @thegrugq’s blog hasn’t been updated since 2014 http://grugq.github.io/blog/2013/11/06/required-reading/

but his Tumblr is going strong.
http://grugq.tumblr.com/

Thoth August 26, 2015 5:43 AM

@fluffy shirt
That was a nice scissors. Definitely makes shredding papers easier.

@ianf
You just need to think in terms of protection domains, what you want to protect and your defined levels of protection before planning your personal security routines.

Crabby Coffee August 26, 2015 6:11 AM

@ianf
“(Tell us more about HTML5 canvassing… I presume it involves client-side retention of data for offline use?)”

It involves surreptitiously obtaining uniquely identifying data from a user’s system in an automated manner by forcing the browser to render an image (often invisible or too small to physically detect) through HTML5 when loading a website. Here’s a summary: https://www.browserleaks.com/canvas

HTML5 is one of those technologies developed in the last decade or so that includes “functionality” which (purely coincidentally, I’m sure) happens to be extremely helpful to those who undertake mass surveillance.

Unfortunately, the bottom line is that most off-the-shelf browsers will leak sufficient uniquely identifying information to tag you (even if you wipe all cookies from session to session and attempt to mask your IP). Ironically, some privacy-oriented addons only worsen the problem, by making your setup stand out even more against other users.

Tor-browser goes a long way to try to mitigate this problem.

seq_awk August 26, 2015 6:50 AM

I’ve been following with interest the discussion about controlling and managing traffic in secure network environments “when it matters”. I’m a curious tinkerer, managing a small home LAN for fun, so this is probably a silly question, but how can you guys possibly control traffic in networks with, say, 500+ terminals? When I run netstat or tcpdump in my home router I can barely keep up with the browsing / dropbox / e-mail use of a mere 3 PCs and a couple of smatphones connected to the network (let alone if someone opens a bittorrent client: all hell breaks loose with the number of connections!). How can one possibly keep track of such a volume of connections in a large commercial or production-centered network?

Ianf August 26, 2015 10:24 AM

@ Thoth
think in terms of protection domains, what you want to protect and your defined levels of protection

Sounds v. scientific; assumes that I—anyone—first be able to identify, name & correctly analyze the realistic (as opposed to paranoidal) threat levels of such [non | overlapping?] domains. OK, I’ll give it a try & post a summary of steps taken thus far for you to opine what I’ve missed in one of the next Friday Squid threads.

BTW. these scissors may be cool, but if carried around for immediate shredding duty, waved around in public, security footpads will see them as a “multi-bladed weapon.” You Have Been Warned.

Nick P August 26, 2015 2:46 PM

@ Clive

” (@Nick P, yup I know, I promised but I’m pleading backlog due to illness”

I saw. Get well, dude. Then, get back in the game. 😉

tyr August 26, 2015 3:01 PM

@ ianf

A few quick screwdriver moves could build a couple of
nasty shuriken from those scissors.

The trouble with paranoia is everything becomes a danger
to the owner when the real source of danger is in their
own head. Seeing a river next to a prison invokes images
of ragheaded hordes in a submarine right in the heartland.

He was planning to cut his victims into 2 MM squares your
honor, here’s the terrible weapon he had concealed in his
bag. He was also planning to clip their nails with this !

When you let fear define you, you have lost your life
already.

Benni August 26, 2015 3:51 PM

BND, Germany’s domestic intelligence service, BfS, got Xkeyscore from NSA in exchange for german data:

http://www.zeit.de/digital/datenschutz/2015-08/xkeyscore-nsa-domestic-intelligence-agency

this is the contract. Most important is point 5)

http://www.zeit.de/digital/datenschutz/2015-08/xks-xkeyscore-vertrag

A (S/SI) This Terms of Reference (TOR) is entered into between the Bundesnachrichtendienst (BND) and the Bundesamt für Verfassungsschutz (BfV) of the Federal Republic of Germany and the National Security Agency (NSA) of the United States of America

III. (U) Responsibilities

A (U) NSA will:

  1. (S/SI) Provide the BND with XKeyscore software with the understanding that this software will be transferred to the BfV.
  2. (S/SI) Collaborate with the BND and the BfV on analytic methodologies and provide support for complex problems with the software.

B (U) BND will:

  1. (U/FOUO) Provide system installation, operations, maintenance and training support to the BfV.

  2. (U/FOUO) Agree that, absent the prior written authorization of the NSA, it will not export, re-export, or transfer any technical information or equipment regarding XKeyscore.

C (U) BfV will:

  1. (S/REL) Be responsible for all costs

  2. (U/FOUO) Agree that, absent the prior written authorization of the NSA, it will not export, re-export, or transfer any technical information or equipment regarding XKeyscore.

  3. (U/FOUO) Utilize XKeyscore in a manner consistent with German law and in a manner reasonably likely not to result in the targeting of U.S. persons. The term U.S. persons includes U.S. citizens, an alien lawfully admitted for permanent residence in the U.S., unincorporated groups and associations a substantial number of the members of which are U.S. citizens or resident aliens, or corporations incorporated in the U.S., including U.S. flag nongovernmental aircraft or vessels, but not including those entities which are openly acknowledged by a foreign government or governments to be directed and controlled by them.

  4. (S/SI) Ensure that the information processed via XKeyscore will not be used in a judical or administrative proceeding that is based solely on activities that if conducted by a United States person would be protected by the United States Constitution and Amendments thereto and is in accordance with German law.

  5. (U/FOUO) To the maximum extent possible share all data relevant to NSA’s mission.

The fact that the BfV recognized the problems with its NSA cooperation can be seen elsewhere in the files as well. During the negotiations over the XKeyscore deal, the BfV noted: “Certain NSA requests … cannot be met insofar as German law prevents it.” But the Americans insisted that the software finally be “used productively.” The NSA wants “working results,” the German agents noted. There is, they wrote, apparently “high internal pressure” to receive information from the Germans.

Ultimately, the BfV arrived at the conclusion that transferring information obtained with the help of XKeyscore to the NSA was consistent with German law. Insights gathered by way of G-10 operations were already being “regularly” shared with “foreign partner agencies.” That, at least, is what the BfV declared to the German Interior Ministry in January 2014. Furthermore, the agency declared, a special legal expert would approve each data transfer.

Dirk Praet August 26, 2015 7:21 PM

This is REALLY bad news: “Due to continued violations by several companies in the embedded industry of grsecurity’s trademark and registered copyrights, effective September 9th 2015 stable patches of grsecurity will be permanently unavailable to the general public.” More details here.

It’s just horribly outrageous that people who have made so many valuable contributions to Linux for so long have been completely f*cked over by at least one multi billion dollar corporation that has consistently refused to sponsor them with even one single dime. Everybody loses here.

Ricky August 26, 2015 7:56 PM

First State Legalizes Taser Drones for Cops, Thanks to a Lobbyist
http://www.thedailybeast.com/articles/2015/08/26/first-state-legalizes-armed-drones-for-cops-thanks-to-a-lobbyist.html

North Dakota police will be free to fire ‘less than lethal’ weapons from the air thanks to the influence of Big Drone.

It is now legal for law enforcement in North Dakota to fly drones armed with everything from Tasers to tear gas thanks to a last-minute push by a pro-police lobbyist.

Kevin August 26, 2015 8:54 PM

Police reportedly used the cell phone network (possible the Stingray dragnet) to locate Bryce Williams travelling on I-66 prior to their confrontation. During this tragic event let’s not overlook that the ends can never justify the means.

Thoth August 27, 2015 12:48 AM

@Clive Robinson
Unmanned objects are getting too easily available and many have hih assurance software and hardware on-board. A soft kill might be the best option before a hard kill is needed.

In regards to radio jamming technology, can you give a run down ? What are the best electronic measures to soft kill unmanned objects like remote control cars and planes ?

I can think of jamming the signals between ground stations and unmanned objects but that would kick the system into auto-pilot mode and still considered active. What I am thinking is if there are ways to also disrupt the circuits to glitch them (using side-channels and EM attcks) ?

Thoth August 27, 2015 12:54 AM

@Nick P, Clive Robinson, Figureitout, Kevin, anti-Stingray et. al.
I am thinking if a device can be made to emulate multiple cellphone instances. It needs to run a hypervisor with a SDR module to emulate 3G/4G signals but tbe problem us the Ki key in SIM cards. I think the Stingray would not care about the Ki keys in SIM cards and may not know them and so any dummy instance could potentially be registered.

Thoughts ?

Apokrif August 27, 2015 2:35 AM

@Clive Robinson (emphasis added):

Firstly half the messages are inverses of each other, secondly many have easily determind sequences such as runs of “all zero’s”, it’s inverse of “all one’s” or a regular pattern. That is only a subset of keys have sufficient entropy to be considered sufficiently non determanistic for use.

Are you talking about keys, or messages (or both) here?

However the amount of bit by bit entropy required in the key stream is dependent on the amount of entropy in the plain text. To see this think about the ASCII in byte sized transmission units, how long a run of zeros will leak information?

The usuall answer is the arbitary “A maximum of five letters in a twenty six member alphabet” or ~23bits, but with the ASCII’s fixed bit patterns this drops to ~18bits.

Why are we particularly interested in runs of zeros? If one notices parts of (not too long) some “plain” text in the cryptogram, how can one be sure that it’s really a part of plaintext whis is unobfuscated due to a sequence of zeros, not an actually encrypted part of the text which, by chance, looks like English words (or any other sort of plaintext)?

Is it due to the fact that sequences of zeroes are the most frequent type of anomaly in key generation (e.g. when a machine if switched off)?

Which means you need to keep run lengths down below this.

If I understand well, some (possible) keys should be discarded for use in an OTP system, so this is not really an OTP (with all keys, and plaintexts, equiprobable) after all?

Clive Robinson August 27, 2015 6:44 AM

@ DrillGrind,

interesting article about destruction of information

If you look back on this blog, you will see I said exactly what the article was about the day the Guardian published the pictures.

I even indicated that I would expect academics to pick up on it and teach it as part of security courses.

@ Bruce,

What surprises me is how long it’s taken for the analysis to happen.

So I wonder if a conclusion can be drawn as to the “apathy” level of people to security in general and secure data destruction in particular. Which is kind of worrying when you remember there are legal implications to not securely destroying data…

Kramer August 27, 2015 11:26 AM

Associated Press sued the U.S. Department of Justice over FBI ploy involving tricking a kid with a fake news story

http://www.foxnews.com/politics/2015/08/27/ap-sues-over-fbi-ploy-involving-fake-news-story/

At issue is the FBI’s decision to send a web link to a fake article to a 15-year-old boy suspected of making bomb threats to a high school near Olympia, Washington. The link enabled the FBI to infect the suspect’s computer with surveillance software.

AP says that

“The FBI both misappropriated the trusted name of The Associated Press and created a situation where our credibility could have been undermined on a large scale,”

Clive Robinson August 27, 2015 11:49 AM

@ Thoth,

In regards to radio jamming technology, can you give a run down ? What are the best electronic measures to soft kil unmanned objects like remote control cars and planes ?

First off like “indiscriminate or negligent” discharging of a firearm, there are usually laws preventing you from jamming in most jurisdictions. The problem is that what the legislation actualy says and how it gets interpreted on any given day often don’t coincide in ways the non “legal brethrin” can understand.

Put briefly “jamming” is a battle of who gets more energy at a given target. In most cases the designer / defender of the system has the signals advantage, and the attacker of the system only has the distance advantage when they are closer to the receiving end point. The distance advantage being due to the normal “1/r^2” decresse in signal strength with range.

There are various ways to win the energy battle and for the attacker of the system they consist of more power up the antenna, more gain in the antenna, using a very narrow band –CW– jaming signal, or a pulsed jaming signal –like radar– to get very high peak power but low mean power. For the defender of the system the same applies as for the attacker, but also frequency agility and other jam proof methods, that the attacker would find negates any stratagy they might use other than reducing distance.

Because of the 1/r^2 issue of EM signals and 1/r^3 of magnetic signals the prefered method of attacking is to use kinetic delivery systems. However kinetic systems ability to hit a target with any accuracy decresses at over 1/r^2 so you get a slight advantage with minimising distance over that of reducing EM distance which is one reason why proximity fuses gave such a stratigic advantage (see battle of the bulge and later conflicts).

From a system attackers perspective one big advantage is they select the manner by which they attack the overall system.

For instance consider so called smart weapons, they are only smart because of the information they receive from the environment they are in, thus the sensors they use are generaly more vulnerable.

So take a laser guided bomb, the “target is painted” by a laser mounted in the release aircraft or from another point where the reflection from the target will be seen by the sensor in the bombs guidence system. Energy wise it will be easier to jam the sensor than the electronics further down the system. Obviously the designers of the “smarts” of the bomb know this so they take a number of preventative measures (which readers here can work out for themselves). However each preventative measure added by the designer defending the system adds cost, complexity and importantly weight to the smarts unit on the nose of the bomb. Thus there are limits to what the preventative measures can be.

So as with all systems the designer of the smart system for the bomb can not add prevention / defence for every thing, thus there are always openings for an attacker they just have to be able to find them and develop a way to exploit them, usually in a very short time window.

However drone designer / defenders are at a real disadvantage, in that drones are not a kinetic weapon but a delivery system of kinetic weapons, flying towards potential attackers of the drone. Which means they have way more sensors and systems than the smart bombs they deliver, thus the drones are more vulnerable than the smart weapons they carry. Further the fight time of a smart bomb is generaly measured in seconds or less and the smart system needs only to be enabled for much less than this. A drone however has flight times of hours, and needs it’s sensors enabled for most if not more than that time, thus their vulnerability window is vast in comparison to that of the bombs it carries.

Further most of the stuff said about “stealth technology” is valid only in very limited circumstances, as the rapier missile system designers demonstrated. Thus knowing what these limited circumstances are allows an attacker to design around them, usually way more effectivly than the stealth tech designers will care to admit. A simple example is radar generally uses the same transmit antenna as it does for receive, one reason for this is the radio equivalent of the optical “red eye” issue, thus “tri-corner reflectors” work well on small sail craft when tankers etc are around. The stealth designer makes the starting assumption that the radars in use will all be of this type, and thus ensures there are no 180degree reflections in the design. However you have to have reflections some where, you can not avoid them entirely, thus radar systems that use pulse transmittions with multiple transmitters and receivers will get some reflections even if moderatly fleatingly. Thus the person designing a system to attack stealth tech starts in a very different place to the designer of the stealth system. It’s this sort of “cat-n-mouse” game that gave rise to ECM, ECCM and ECCCM arms race with each added “C” costing several times the one before, and the “even Cs” usually being more expensive than the “odd Cs”.

So as a first guess you would look to detecting the drone, then blinding it’s sensors in some way. Small drones don’t have the capability to carry sufficient smarts or different sensors to prosecute action against a target without feedback thus just blinding them would be an effective option. Thus a multi spectral laser system covering near IR through visable that is randomly pulsed to get around iris gating would probably suffice.

Thoth August 27, 2015 6:30 PM

@Clive Robinson

“multi spectral laser system covering near IR through visable that is randomly pulsed to get around iris gating would probably suffice.”

So if I am reading it correctly, the better methods instead of EM jamming would be to falsify light spectrums for infrared and those of visible lights ?

Since a remote object can be built with SATCOM and line-of-sight mesh or single network, EM jamming might become irrelevant and the need for stepping up the game by introducing higher energy to attempt to jam signals. That leaves the option with cloaking and deception left I guess ?

The IR lights can be falsified by IR generators but not sure about sending fake visible light images to normal daytime camera sensors. What I am looking at probably is cloaking techniques rather than jamming techniques since if you attempt to actively jam a system, the other side might detect your presence and step up their game.

I am thinking along the line of the PL-01 tank that Poland recently created with the help of … BAE Systems (smells fishy why the British wants a hand in it).

Some know cloaking (including EM cloaks) albeit the high cost and currently still experimental statuses are available.

Links:
http://www.techeblog.com/index.php/tech-gadget/scientists-develop-light-bending-invisibility-cloak-that-works-across-several-frequencies
http://www.dailymail.co.uk/sciencetech/article-2660273/Cloak-Invisibility-lets-hide-Google-Padded-coat-blocks-radio-waves-stop-firms-accessing-phones-data.html

Clive Robinson August 27, 2015 6:57 PM

@ Apokrif,

Yes the “messages are inverses” should have been “keys are inverses”.

Why are we particularly interested in runs of *zeros*? If one notices parts of (not too long) some “plain” text in the cryptogram, how can one be sure that it’s really a part of plaintext whis is unobfuscated due to a sequence of zeros, not an actually encrypted part of the text which, by chance, looks like English words (or any other sort of plaintext)?

First off it should have been “zero bits” lest it be confused with any other type of “zeros”.

The reason for zero bits is it’s the regenerate case, in that yes it’s more likely to happen and it leaves plaintext as “eye catching” plain text.

With regards the certainty of the revealed plaintext being real or chance, you have to think above just the cryptogram. Messages are not sent in a vacuum, the likes of traffic analysis, message cataloging, “gardening” and other databases provide a lot of “relevant” background information. Thus any run of plaintext can be given a probability score, whilst mainly usless at or below three or four characters, five and above characters when matching crossrefrenced data can be given very much higher probability scores when compared to just random occurances of apparent plaintext. Thus a small amount of data leeks. However if it happens against “known plaintext” from say a computer menue even one or two characters can give away which menu item it is.

Which is why using OTPs with “standard messages” is realy not a good idea even if the sent block is of fixed length.

With regards,

If I understand well, some (possible) keys should be discarded for use in an OTP system, so this is not really an OTP (with all keys, and plaintexts, equiprobable) after all?

It’s a bit more subtal than that, and you need to realise the difference between a “practical OTP” and a “theoretical OTP” and importantly when the difference can not be distinguished.

Not having all keys equiprobable does not make the next key bit any more determinable to an evesdropper than it would otherwise have been. With the exception of the specific “known to the eavesdropper” limiting case of a fixed maximum run length of say twenty five bits. Thus the evesdropper would know that twenty five successive zeros “will” be followed by a one, or twenty five ones “will” be followed by a zero etc. However this limiting case can easily be dealt with by randomly deciding the run length between say five and twenty five bits on a case by case basis (the distrubution of the length the random selection is made should not be flat).

Which means from a practical view point, if the evesdropper can not determin the probability of the next key bit by anything other than chance then for practical consideration all ciphertexts will remain undistiguishable from equiprobable as will the plaintexts that make them, even though not all keys are genuinely equiprobable.

Clive Robinson August 27, 2015 7:28 PM

@ Thoth,

… but not sure about sending fake visible light images…

It’s not fake images you are sending, you are “blinding” or “desensitising” the sensor (camera) so it can not determine any information about the environment other than it is being blinded.

Imagine you are walking around after dark, usually your eyes adjust to the low light and you can see where you are going. If however I flash a bright light in your eyes even from the side your iris rapidly shuts to protect the retina and you will not be able to see anything for several minutes and will thus stumble around or have to stop moving. If you get flashed again befor your iris has opened, it will close further or remain closed. If you shut your eyes your night sight might or might not return depending on the brightness of the flashes. That is a very bright flash will still overload the eye and stop your night vision returning even though your eyes are closed.

I’ve got a five million candle power white light flash light, a 10mW green laser or 50mW near IR laser if you inadvisably want to try it out. At night both the flashlight and green laser can be seen reflecting off of objects over three miles away… and close too when focused they both quite happily set fire to safety match heads and paper as well as bursting dark coloured party balloons…

Figureitout August 27, 2015 10:32 PM

Link straight to destroying hardware video when GCHQ stopped by the Guardian. Pretty good intro. TLDW: destroy the computer like you would the Terminator (molten lava).
https://www.youtube.com/watch?v=PFsC1puqhA4

hardening hardware: https://www.youtube.com/watch?v=2VvR-vsdMlQ

Only 5000 views on youtube, this was a good video on hardening a thinkpad and guaranteed general methods will apply to other boards, if you’re short on time skip to 36min for actual hardening procedure. Think he’s a coreboot dev, which is good to hear they value security (planning on helping out w/ it). You honestly don’t need tv w/ all these CCC talks.

Thoth
It needs to run
–Phew, got any more features up your ass that need to run securely on a known highly surveilled network? Kidding BTW, but seriously. I would say that network is tainted beyond hope or repair, internet is getting there but there’s so much money at stake so change is slow. I’ve got too much going on to dig in “the good stuff” (aka outlining fully a technical solution, unfortunately they all usually require at least 1000 pages of info on top of “the basics”; not that I could anyway b/c there’s too much to verify).

If it matters enough, a stingray shouldn’t even matter w/ obvious OPSEC. You know any vehicle you own and all the major entrances/exits will be visually surveilled when the stakes are high enough (say a pissing match b/w a surveillor and a surveillee). There would have to be a gun pulled on you during the OTP exchange and 24/7/365 surveillance on you all times (which could get quite boring & pointless pretty quickly if you know about it :p).

A simple system to implement (that requires out of band contact and exchange of info) if you need to use phones is to just encrypt a message, use a free and public SMS-texting program over internet, just search out free SMS and test on your phone. Can buy throwaway phone, service, computers and memory cards for offline encrypting etc. and send pre-encrypted texts. Set aside ~$3000 (convert to your money I guess..) for an operation exchanging large amounts of key info w/ which you set up the next exchange. Main risk is bringing in a prior infection (which compromises everything, which you can’t know fully anyway hence turning to paper and pencil (unless the ‘graphite’ on pencil can be illuminated remotely somehow, but I assume that anyway for paper documents and fold and cover then w/ sheets of paper scribbled like having an exorcism and cover up other papers)) and not having secure programs to load (so turning to a public AP and risking a MITM on binaries of any type you’ll be downloading, yes even a compiler to build binaries, can’t just spawn a compiler on your PC from no where; that chain it was built from may be carrying a logic infection vector from the 1960’s or even earlier) and if computer sucks so bad it needs network access to even run.

Clive Robinson
I’ve got a…10mW green laser
–Lucky, mines less than 5mW (you know that whole legal/weakened/watered down products that can be sold to public). Still can get pretty far and can see it thru the air somewhat at night (like to see the laser beam).

name.withheld.for.obvious.reasons August 28, 2015 12:16 AM

Just a quick reference to an article appearing in Security Week, and as typical, the headline speaks for itself (find the term most assuredly “couched” and sanitized).

The article is the first example of the DoD’s policy classifying “hackers” as “Enemy Combatants” in which strikes may include those delivered by drones. You have to love how ambiguously the term hacker, including their motives, are connoted…essentially if you know something about computational systems and express any interest related to their application or use in various environments, you are a hacker. And since you are a hacker, you are the enemy.

Summary executions, what’s not to love.

We don’t need no stinking 1st, 3rd, 4th, 5th, or 6th amendments to no damn constitution–cuse we got Jesus on our side here in Merica. Do you here me you savages and heathens?

Thoth August 28, 2015 2:03 AM

@all
I was watching some videos on military advances and one thing that caught my eye was the inevitable upgrade of remote controlled objects releasing or discharging lethal and non-lethal payloads to the point that the remote controlled objects is also the lethal / non-lethal payload and also possible to carry in itself or attached additional lethal / non-lethal payloads.

In essence, envision the remote controlled object upon seeking a suitable target during it’s time loitering around could either choose to a.) directly engage target itself b.) unload additional payload to engage target c.) directly engage target itself while also unloading additional payload to target. You can imagine the versatility and how cheap these remote controlled objects are in the near future or already existing.

@Nick P
Can you post some papers on verification schemes and proof of correctness for Ada, OCaml and Haskell which touches on how these programs can help to proof and verify correctness ?

OCAPIC is close to … smartcard programming ? Just that smartcards have specialized crypto and non-crypto processors, VMs, functionalities that are matured and all that and OCAPIC is new on the block but if OCamL.

Ada or Haskell can be used as the software high assurance VM cores in microchips of smartcards, it would have provided much high assurance.

Most smartcard OSes probably are native binaries. I have wondered if a smartcard framework like JavaCard can be built as a generic High Assurance OS framework that is vendor agnostics and the vendors would simply put their own binaries under the high assurance Card OS and that will always give the same experience. Maybe the Card OS can be GlobalPlatform Card Compliant which chip vendors have to be compliant towards and that would turn into a high assurance OS and language for smartcards.

UFOsAreReal,MyAltersHaveToldMeSo August 28, 2015 9:40 AM

my first thought was why they did not task this job to the aliens working at Area 51, but then it dawned on me that those aliens must have left for higher paying jobs at Apple. It makes all sense now.

Pentagon Teams up With Apple, Boeing to Develop Wearable Tech
http://www.nbcnews.com/tech/tech-news/pentagon-teams-apple-develop-wearable-tech-n417646

The Pentagon is teaming up with Apple, Boeing, Harvard and others to develop high-tech sensory gear flexible enough to be worn by people or molded onto the outside of a jet.

The rapid development of new technologies is forcing the Pentagon to seek partnerships with the private sector rather than developing its technology itself, defense officials say.

Nick P August 28, 2015 1:13 PM

Excellent read on analog vs digital issues especially for CAD and synthesis. Gives detailed comparison of tools and results. Note that this is all old. However, I study old stuff partly because (a) it’s proven and (b) patents will probably expire by time it’s built. These two are essentially the same presentation with some differing details that combine to aid understanding.

http://rutenbar.cs.illinois.edu/wp-content/uploads/2012/10/rutenbar-esscirc00.pdf

http://rutenbar.cs.illinois.edu/wp-content/uploads/2012/10/rutenbar-hotchips01.pdf

Came from the site below. Group seems to have invented practical, analog synthesis.

http://rutenbar.cs.illinois.edu/research/circuit-and-layout-synthesis-for-custom-analog/

Buck August 29, 2015 2:25 PM

@Figureitout

Full moon is tonight 😉 Here’s what I’ve found since last we spoke…

Seagate has open-sourced an Ethernet interface to traditional hard disks, but not any of their HDD controller code as far as I can tell…

While Western Digital is apparently also partnered with The Linux Foundation, their visible footprint in the open source community seems pretty small so far.

Realtek does have open source drivers for some of their wireless chips (provided by both Realtek and the reverse engineering community), but I was unable to find any code they offer for their popular audio chips. I did find this little doozey though:
Flaw in Realtek SDK for wireless chipsets exposes routers to hacking

The open source FTDI driver looks very mature and stable. Nice! Not sure if FTDI themselves helped out, or if it was entirely reverse engineered…

A couple years ago, some of American Megatrends‘ BIOS code was liberated from a third party’s FTP server. Torrents are available for anyone so inclined. There’s also some cool reverse engineering work that’s been done.

So the situation looks a bit better than I thought, but not quite as nice as I’d hoped after reading your post…
With the right marketing campaign, some of these companies could increase their market shares by releasing more source code. The others will then have to follow as customers come to expect it. Oh well, someday… Back to reverse engineering in the meantime I suppose!

Figureitout August 30, 2015 11:53 AM

Buck
Full moon is tonight 😉
–<a href=”http://images.sodahead.com/polls/001399047/1113670286blackwolf_logo_xlarge.png>Ahoooooooooooo I had another picture but I got in trouble w/ the last one :p

Sure Seagate open sources something very risky and not used a lot like an ethernet to HDD driver, we want SATA comms coming from CPU to disk! So it’s a start, but not good enough at all.

At least WD is a part of Linux Foundation, haven’t heard of anything in terms of how the controller writes to the disk. So either of these would be huge, having at least an open source driver to these chips (and a flashing program/procedure!) is a start as hardware dev. takes much more $$$ and expertise.

Realtek drivers are going to be a tough nut to crack too, I know a guy named Larry Finger maintains a driver I need (RTL8712u) for a wireless-to-USB dongle, so it’s a USB driver that I guess goes to the RTL ethernet chip? I’m not even sure! https://wireless.wiki.kernel.org/en/users/drivers/rtl819x

Like the FTDI driver (that FT232H chip looks familiar coughNick Pcough) just so long as we remove the mechanism for remote upgrades where they changed the PID # as that’s a frickin’ attack!

As for AMI BIOS, I say build on what Coreboot and other libre-BIOS’s and then modify the BIOS chip (snipping some pins) to make it basically impossible to reflash BIOS w/o removing chip from board.

Well I did a little googling too, I personally don’t plan on getting involved w/ all these since it’d be too much.

Open Source Keyboard controller work
https://geekhack.org/index.php?topic=7260.0
https://github.com/rhomann/kbupgrade

Open source mouse controller work
http://cutemouse.sourceforge.net/ (DOS-based)

Open source USB controller work
https://www.obdev.at/products/vusb/index.html (licensed)
http://www.signal11.us/oss/m-stack/

Open source CDROM controller work
http://singlevalve.web.fc2.com/Atapiduino/atapiduino.htm
http://www.diyaudio.com/forums/digital-source/214871-open-source-cdrom-controller-soft-stuff.html

Open source graphics controller work
https://en.wikipedia.org/wiki/Free_and_open-source_graphics_device_driver

Nick P August 30, 2015 2:01 PM

@ Thoth

Haskell is probably pushing it lol unless we’re talking DSL’s for synthesized code. Galois’ Ivory language already does that. Using Ada w/ zero runtime or Ocaml similar to OCAPIC are more likely candidates. It would likely be abstracts of low-level operations with checks on individual use and design-by-contract across models. Maybe some compiler tricks, too. Could help a bit but not high assurance, really. That seems to need formal verification in this case.

Far as JavaCard, it pretty much is the standard for smartcards. It won’t get more standardized than that. Gemalto has EAL7 JavaCard VM’s, there’s the MULTOS stack at ITSEC E6, and Karger at IBM led Caernarvon’s EAL7 implementation. Many of the chips are similarly hardened often with simple MPU’s that are much more trustworthy than complex MMU’s. Any case, we’re more likely to get success out of something like Chlipala’s Bedrock verification system that models the imperative program and is easily converted to arbitrary targets.

This kind of thinking is why most effort is going into LLVM right now. There’s even an effort to formalize that so the verification and translation communities can get on it.

@ Buck

“The open source FTDI driver looks very mature and stable. Nice! Not sure if FTDI themselves helped out, or if it was entirely reverse engineered…”

Possibly. They originally hardwired the driver to look for the ID on the chip to ensure people were using their chips. Caused the machines to brick when using (a) counterfeits and (b) legitimate ones where people changed the ID. Caused quite a controversy. They admitted it was I.P. protection and removed the restriction on the software. So, locking their drivers to their devices for anti-counterfeit isn’t the most worrying scheme.

Do they have others? (shrugs) I’d be more worried about those implemented partly in software as they can be attacked. That’s what we’ve been seeing with NSA, etc. right?

@ Figureitout

” just so long as we remove the mechanism for remote upgrades where they changed the PID # as that’s a frickin’ attack!”

What are you talking about? The chip’s page indicates it implements the whole protocol in hardware with an EEPROM just determining what mode/config it operates in and the ID number. A USB can reprogram that. However, rest is silicon. The ability for the trusted host to configure its USB device isn’t an attack: it’s a step in using USB and about every other device on a computer.

Neat projects. Maybe they can be diversified to support hard to predict MCU’s or FPGA’s. Then, one can get by with a bit of board design and knowledge of coding a few MCU’s.

My recommendation stands, though, of creating an I/O MMU chip that mediates arbitrary PCI devices and decides where pass-through happens to host. The host has to be configured to support this. However, it gives you device firewall and monitoring even for CPU’s/MCU’s that have no such protection. The first incarnations can be cheap FPGA’s with open toolchains (eg Lattice and IceStorm software). What works for enough applications can be converted to ASIC later. Way more trustworthy than trying to R.E. and harden firmware on each device.

Figureitout August 30, 2015 8:12 PM

Nick P
What are you talking about?
–What you described to Buck, that chip needs to be configured in the EEPROM otherwise I don’t know the defaults it’ll probably not do what you want. And is that remotely touchable/changeable, well if there was ever a case for a small chunk of OTP-ROM for these config settings, why not? I don’t need some little USB chip to be reconfigurable all that much. Too expensive?

Also needs a driver from FTDI unless you want to whip up your own.

And you’re OK w/ me messing w/ those settings?

They originally hardwired the driver to look for the ID on the chip to ensure
–No it was included in a Windows update, so people keeping up w/ their updates were the first to get hit if they bought cheap hardware (the fakes are getting so good at copying) they were caught red-handed when they pissed off the right people to RE the driver and it had a comment to the effect of “here’s where we brick the chips”. It was a “soft brick” too that could be reset, but still I wonder how much otherwise good hardware was pitched b/c of it. Can empathize w/ being pissed at copiers when USB chips are your bread-n-butter but that was the wrong way to solve it, could’ve warned end users first instead of going straight to bricking (could’ve been very dangerous since so much things need a USB-serial chip, like medical and industrial devices).

My recommendation stands
–Requires more trust of larger toolchains and larger chips (where other stuff could be running in parallel, I don’t know, how do you monitor this stuff?).

And I haven’t seen many actual implementations of this which means there’s only a few working ones or it’s mostly “a dream”.

Buck August 30, 2015 10:45 PM

@Figureitout

Great stuff! Thanks for that!! 😀

My next mainboard purchasing decision is definitely gonna be for something off of the coreboot compatibility list… Probably not a laptop because I still enjoy my freedom to choose each component separately, rather than a big bundle picked by somebody else trying to maximize their profit margins. In fact, I’m going to start a little research project to uncover the hardware manufacturers who seem to contribute most to the free-software/open-source movement! Then I’ll actually be able to effectively vote with my wallet in addition to my voice!! Will share more when I have something to show there 😉

@Nick P

Are you meaning to imply that the work done on the open-source driver is somehow related to the intentional sabotage of said chips..? I mean, that would be pretty messed up, but I still wouldn’t be too surprised…

Look, I know the hardware backdoors are going to be the next day’s hacker tools. (That some people may have thought me to be overly paranoid about this line of thinking a few years back; that probably put me off from the current academic scene to a certain degree, but that’s a story for another day…) But here’s the thing – I can’t build my own hardware. I just can’t. I also don’t have the resources to properly vet my chips, even if I knew exactly what I was looking for! I can and will use antique chips or general purpose controllers to add my own layers of guards and obfuscation, but I will still have to use modern mass-produced hardware. If I don’t end up resorting to pen & pamphlet, I just will need a GB+ hard disk… Hopefully I can isolate the untrustworthy pieces, but I can also make sure to give my money to the most open of all manufacturers! The others will eventually get the picture, I bet! 😉

Nick P August 30, 2015 11:03 PM

@ Figureitout

“well if there was ever a case for a small chunk of OTP-ROM for these config settings, why not? I don’t need some little USB chip to be reconfigurable all that much. Too expensive?”

I doubt anyone [who pays] has asked for that. Likely, they needed a single, cheap chip that could run in various USB modes. They used the EEPROM to configure it. It’s a business decision far as I can tell.

“Also needs a driver from FTDI unless you want to whip up your own.”

You can R.E. it, do a deal to get the source, or roll your own. Most paranoid, DIY types getting a USB chip would try one of these anyway. The necessity of a driver hasn’t stopped you from using your boxes.

“And you’re OK w/ me messing w/ those settings?”

If they’re in control of the driver, then I’m pretty screwed in that case already. I doubt OTP-ROM will help then because the system might be theirs already.

Got an alternative that (a) supports USB, (b) small form factor, (c) is cheap, and (d) has no code/config that can be modified after setting it?

” Can empathize w/ being pissed at copiers when USB chips are your bread-n-butter but that was the wrong way to solve it”

Oh, I wasn’t agreeing with them. Just saying it’s the kind of bullshit I expect in HW industry that worries me less than more scheming bullshit (eg subversion).

“Requires more trust of larger toolchains and larger chips”

Actually requires the same tooling that’s necessary to create a working USB chip with features you desire. Haven’t done PCI vs USB protocol implementation in hardware so can’t say what effort is there. Far as product effort, a generic PCI I/O MMU that interfaces to arbitrary devices is much less work than building + securing every type or individual device. So, you’re way off on my proposal (one device) being harder than yours (every device).

“And I haven’t seen many actual implementations of this which means there’s only a few working ones or it’s mostly “a dream”.”

And I haven’t any implementations of secure USB chips which means there’s zero working ones and/or it’s mostly a dream. Works both ways. Fallacy anyway, though.

Nick P August 30, 2015 11:18 PM

@ Buck

Oh I get what you’re saying. It’s something more along the lines of my old essay on open vs closed source: you’re still trusting the reviewer, really. You vetting how mice work, the I/O mechanisms, the driver code handling it, and so on can certainly improve things. Otherwise, you’re just taking something from someone else hoping it does what they say it does. OSS is proven to usually have fewer obvious backdoors or sneaky functions [aside from games hidden in OpenOffice]. It’s had no shortage of security vulnerabilities that were backdoors in practice. And that our opponents knew about for years in some cases.

So, let’s say you have two options: a non-profit group implements a cheap, open USB controller in hardware and sells it to you; another offers OSS drivers for a specific piece of general-purpose hardware. In both cases, you must trust the hardware to not be subverted and resist hacking. In both cases, you will need to physically inspect that the software and hardware are behaving as you expect. In one case, it appears that you know what’s running and you might be able to inspect that greater. To me, it looks like some black boxes with a similar level of trust in practice. You’re trusting that the people delivering the hardware and software didn’t screw you. OSS on driver reduces the risk there but you have plenty more in that setup. Including popular, high-targeting-value microcontroller.

” I can and will use antique chips or general purpose controllers to add my own layers of guards and obfuscation, but I will still have to use modern mass-produced hardware. ”

“Hopefully I can isolate the untrustworthy pieces, but I can also make sure to give my money to the most open of all manufacturers! ”

I hear you. It’s my method, too. My main modification is diversity: make the specific components unpredictable and interface in odd (but easily analyzed) ways. Will work until I can do hardware or vet someone who can. Getting closer to one of these every day. Meanwhile, let’s remember that we’re trusting the OSS software, OSS drivers, and black-box hardware.

Buck August 30, 2015 11:48 PM

@Nick P

Hear hear for diversity! I totally agree, and will continue with my own reverse engineering projects even after my favorites are open-sourced… For diversity’s sake! Admittedly, I do translate code a lot faster than gates (I know it’s not complete ’till I get down to the metal though)…

You’re trusting that the people delivering the hardware and software didn’t screw you.

Well, yes and no… I’m trusting that those people have to feed themselves and their families. What I feel I can do is to better support those who appear to have similar interests aligned with me… I recognize that this can be faked or wrenched though, so it’s obviously not a simple undertaking. Can’t say too much more without giving up potential countermeasures before I’ve finished! 😉

Buck August 30, 2015 11:57 PM

@Nick P

Oh, and regarding the software and drivers… Making my own version of a MenuetOS analogue seems like a good idea to me at the moment! 😀

Nick P August 31, 2015 12:52 PM

@ Buck

” Can’t say too much more without giving up potential countermeasures before I’ve finished! ;-)”

I understand. It comes down to the same thing with me. People don’t like to hear it but they won’t come up with anything easier than obfuscation if they try. Outside large investments of time and money, that is.

“Oh, and regarding the software and drivers… Making my own version of a MenuetOS analogue seems like a good idea to me at the moment! :-D”

It is really neat project. However, back when Snowden leaked, I already determined what had low subversion probability, ease of use, open source, safer language, easy compiler, and so on. You should look into Oberon as you just need to port a System module (IIRC), compiler backend, and drivers. Already supports quite a few architectures, even embedded these days. Excellent documentation and justification for everything. Low level enough that your understanding of C or assembly will help you spot same vulnerabilities where language doesn’t prevent them.

He also built a custom processor (Spartan-3 FPGA target) for running the simpler version of it. Being Wirth, he went ahead and made a “better” hardware description language while he was at it lol. That toolkit took up a few kilobytes (!). Anyway, the cool thing about Oberon imho is that it simplifies the trust issue down to “Do you trust Niklaus Wirth and his students to not screw you for an intelligence service in their documented, open code?” I trust Wirth to be Wirth and his students to have put in best efforts for degrees. Hence, the worst that it will have are bad design decisions (security perspective) or implementation flaws. So, it’s a good start. I have A2 Bluebottle and Oberon for use in future, air-gapped systems among other things.

Note 1: I was reading his paper as I wrote this and noticed he’s finally started to argue the same thing. In his conclusion, he mentions that the terseness and comprehension of his tools reduce odds of backdoors.

Note 2: Downloads here which may or may not have source. I had to do some Googling plus deal with ridiculously, long, download times. It’s out there, though. Leads to main risk of things being MITM’d. Doesn’t seem to happen and they’ll have to have their own Oberon Source/Binary ready. Low risk if you move now. 🙂

Nick P August 31, 2015 1:19 PM

On top of it, I just accidentally found this paper where a student built a high-level synthesis tool that uses an Oberon-like language to convert algorithms to hardware with interesting results against Xilinx ISE. It only supports a model similar to general-purpose processors with other limitations. However, the model is what PC’s used for a decade plus and it’s exploratory so limitations are expected. Looks [relatively] simple enough to understand and implement.

Figureitout August 31, 2015 10:09 PM

Buck
–Sounds like a fun project, would like to hear results (good or bad). Good point on choosing components in a desktop, they’re certainly much easier to go thru and remove crap you don’t want that laptop vendors assume you do. 🙂

Nick P
The necessity of a driver hasn’t stopped you from using your boxes.
–Nope, and my boxes are still way too weak w/o actual locks from remote reflashing (and I’ll just live w/ still being able to touch that memory w/ those locks on from normal programming algorithm, means the chips are insecurable).

If they’re in control of the driver, then I’m pretty screwed in that case already.
–True, but at least that was a nice trap to detect someone’s playing in your box (I default to every bug is an attack until assured otherwise lol). And in an ideal world, if all your IC’s w/in PC were all locked and there was no way to store anything further in them, only HDD or attached external memory sticks/SD cards; then a simple reboot (well, cold shutdown, let it sit for a day or 2 to be safe(r)) and either cleanse HDD w/ dedicated cleaning machine (or destroy it if they managed to get in and password lock it) and you’re still good to go.

Main thing I see is of course attackers have mapped your network and schedule, so they know when you’ll come online to try to reinfect (or get some chip ID #’s like MAC addresses or something else in network cards (I’m not sure what) to search out if you still want to use your name elsewhere or login to your accounts elsewhere).

Just saying it’s the kind of bullshit I expect
–Yeah but it displayed a very nonprofessional way of going about something and that may go into other areas that raises flags doing business w/ them (I’ll still use a few of them but their name is tainted). I shoot the sh*t here quite a bit but I’m professional at work, maybe too stiff and professional sometimes…

So, you’re way off on my proposal (one device) being harder than yours (every device).
–You haven’t really been very concrete on what your proposal actually is (and if it’s feasible w/ existing physics/people). I don’t feel confident enough w/ the tools available to fully describe mine (only a few people who practice daily OPSEC just as good or better than mine would even entertain it…whatever I want to blare MC Hammer’s “can’t touch this” when I finally get it lol). Problem w/ being open is anything you eventually settle on, attackers go to work finding holes as you go to doing actual productive work…they’re worthless leeches…whilst they leave their systems unprotected or just use your work.

I suppose if you find a chip and toolchain you like so much and get to know very intimately that that could potentially work better than locking down each chip. What pisses me off is I get used to a chip and/or toolchain and w/in a year or so there’ll be 3 new chips (smaller, naturally, algorithms in hardware so it’s very hard to verify it and search for bugs in their implementation and SMD only w/ pads underneath only) and 2 upgrades to the toolchain that you didn’t think was possible to add more crap but they did and it’s NOT backwards compatible even though they reassure you it is so your old projects can’t be opened in it (and DON’T do it either as it’ll automatically somehow add more data to the file and it won’t open in old toolchain). Then after 5-10 years that computer’s hardware will begin reaching its limits and you’ll eventually be forced to upgrade to something that isn’t much better, just more crap to learn (not actual science/engineering, just using the damn tools).

Nick P September 1, 2015 1:28 PM

@ Figureitout

Seeing this all started with BitBabbler’s chip, what’s your proposed alternative for the next company meeting the following interface requirements:

  1. Plug-and-play on an extra PC port.
  2. At least 2-3Mbps throughput.
  3. Chip implementing this on device end is tiny, low power, and cost a few bucks tops.
  4. Small form-factor (no larger than hand)

  5. Open-source drivers and/or no DMA risk.

Which product should they have used?

Figureitout September 1, 2015 9:07 PM

Nick P
–Well first I would say politely that I don’t work for free but I’m a college student and would work for guaranteed 10X cheaper than the cheapest “expert” and set you up pretty nicely and give good support (if a problem doesn’t take me longer than hour to solve it’s free). I would sit them down in a quiet room (“Do you mind leaving cell phones in the lobby please? Thank you”) and ask them if they have a security application so important they want a HWPRNG and why would they have plug-n-play as a requirement? Disable that sh*t now!(I would word that a bit more diplomatically). And I’m not sure about your 2-3 Mbps requirement, is that an arbitrary number you just came up w/ or is there an actual reason for it?

Then I would say ok so you want a black box HWPRNG instead of this open source one where there’s very little to no research on non-EMSEC attacks and I can seek out surface mount components and have a decent board whipped up and the main risk is the 2 op-amp IC’s. I can set your organization up right now w/ a RasPi or Arduino (or the Arduino chip next to the PRNG) solution but I can also describe something else I’d have to work on that may be of interest and I can “see” it working since secure electronics is a hobby I’d almost do for free.

What I’m thinking is that I may introduce a slight risk w/ an isolated microcontroller (if I can’t use a MCU then it’ll take me much longer and I’ll probably need help) that does A/D conversion and fills up an isolated EEPROM, when MCU reads EEPROM is full based off some counter (writes are organized according to space of EEPROM) or simple method it turns on an LED after going thru another diode. You then flip a switch which the MCU is again looking for and sends a copy of the data via opto-isolated lines to another EEPROM and MCU powered by a separate supply, then reflip the switch to kill the connection to old EEPROM. Using a serial connection we read and organize the original data to a terminal and use that to check it after it has been sent to 2nd EEPROM and eventually on the computer and w/in the filesystem. We then send that via the FT232R which has a new FTDIChip-ID feature which is just a unique number for authentication. If we could somehow hash the data before it gets sent thru the chip would be great, but if not then we need to manually check it (“I know I know, calm the F down, I’ll try to think of another way to check it securely that isn’t manual”).

And there you go, still needs the damn driver and quite a few implementation details to work out but I think it quite feasible. We still need the FTDI driver but I’m being way more open w/ my implementation than Bitbabble guys.

What’s you scheme and how would it be implemented?

Nick P September 1, 2015 10:10 PM

@ Figureitout

“Well first I would say politely that I don’t work for free but I’m a college student”

“ask them if they have a security application so important they want a HWPRNG and why would they have plug-n-play as a requirement?”

Just a college student taking on a project experts call risky? Didn’t know difference between an analog TRNG and a hardware-implemented PRNG? Already disqualified before I got to read the rest.

Figureitout September 1, 2015 11:18 PM

Nick P
–And the “experts” don’t even know what they’re talking about calling something truly random when random isn’t defined and “by definition” can’t lol. The entire field is bullsh*t. And I know you would walk in w/ a shoebox full of dice lol.

Clive Robinson September 2, 2015 4:02 AM

@ Figureitout,

–And the “experts” don’t even know what they’re talking about calling something truly random when random isn’t defined and”by definition” can’t lol.

We’ve had this conversation befor… … and as I said at the time convention rules when it comes to this argument.

Even Einstein lost this argument, and most grad and above “natural philosophy” students/scientists have long since become fully paid up members of the “Shut t’f*ck up and calculate!” club to the point it’s in effect a “Union”, and history should tell you what happens to those who run against a Union…

No, nobody can say if “random” is a physical possibility or a philosophical position, but the reality of the human condition is we work with what we’ve got, for “bread today” and a hope of a sniff of jam tommorow.

If it’s found to only be a “philosophical position” then Einstein gets the last laugh…

However I suspect it will never be resolved one way or another, because the universe is assumed to be a finite size (put we will never know because you can not go back before the big bang…).

But hey “human striving” is “why we banged the rocks together” and eventually got to make knives as a result…

Figureitout September 2, 2015 7:27 PM

Clive Robinson
–Ok I’ll STFU and I’ll definitely just flip off the union and walk away but Mr. P pisses me off sometimes…And it’s not a problem I want to work on b/c it gets almost “religious”…

Nick P September 2, 2015 7:54 PM

@ Clive Robinson

“and as I said at the time convention rules when it comes to this argument.”

Basically what said last night albeit I put it as empiricism: practical rather than absolute belief is what engineers work with. Including random. Comment was during site maintenance and disappeared. So I just said whatever lol.

@ Figureitout

I also admitted I’d walk in with a shoebox of dice (good call), a deck of cards, a program to convert them into bits, and a CRNG algorithm. Then, I’d give them a series of progressively easier and riskier options. I’d profile their likely attackers or fault conditions. I’d match one to the other in the portfolio of options. I’d let them choose. That’s what my broke ass would do right now.

If I was in better financial shape, I’d simply walk in with a device that did the job (commercial or homebrew). It would have already been vetted by engineers I trusted to do the job while coming with automated and manual tests that can be used for re-inspection. I’d offer to deliver one per system or create a distribution method from an entropy appliance that’s basically a HA cluster in a box. I’d put in unique seeds for each one while I was at it.

Those would be my two approaches. Far as being a vendor, I’d probably just use the dumbest USB chip on the market like they did. Only thing guaranteed to plug into about anything while meeting the other requirements. If income was good, could eventually fund an open one at extra cost for those that wanted it. Otherwise, it wouldn’t be justified.

@ all

Unrelated topic: Mission Impossible Rogue Nation is worth the theatre price. I’ve been worried we’d get a dud by No 5 but it was pretty good. Really liked the woman in it, too. Had more of the “who’s really playing who” aspect that made real spies a fan of the first one.

Clive Robinson September 3, 2015 8:29 AM

@ Figureitout,

Ok I’ll STFU and I’ll definitely just flip off the union and walk away b

No don’t STFU, that’s censorship even if it is “self” censorship. The trick is to “go wih the flow” but as an edge case not main stream.

There is one argument the “union” can not get away from which is the impossibility of proving a negative. Thus flip the argument by inverting one of the inputs. Thus instead of random –the opposite of which is arguably determanistic– use “non determanistic”, so for any given sequence ask not the question “is this random” phrase it as “is this non-determanistic?”. As I was arguing –back in the early 90’s– the argument can only be true if you have sufficient (read compleate) knowledge of the system as an observer.

Without going through the boring proofs (that have bad assumptions anyway) you arive at the conclusion that the important point is that “random” is not the important thing when it comes to the use of “random generators. It’s what an observer of the generator output can do with incompleate knowledge of the internals of the generator. From both the observer and generator designer/users perspective there are three times that are important, the present, future and past So if the observer can not predict the next bit from the generator with anything greater than pure chance no matter how many previous bits they have observed then they can not make predictions in the present, and likewise the future. But for secrecy more important is determaning bits in the past, so if the observer can not determine all past unseen bits from any present and all future bits then their observations give them nothing. It therefore does not matter if the process is determanistic or not, because the observer can not reproduce it except by chance, which is the same for a physical or true random generator.

So the opposite argument arises, can you show that a physical / true random generator is not determanistic to which the answer is likewise no as well. But further because for all such generators every one without exception is an observer you start getting into the “hidden variables” domain that is attracting more attention currently so it will be interesting times for the “paid up members”.

A thought experiment for you, if physical processes are truly unpredictable, why do we have a half life with radioactive atoms? That is what causes the next decay event and the one after etc that keeps so accurately to the half life curve?

But think a bit further, we can in theory model all systems mathmaticaly if we have all information about them. Most systems are either linear or in some otherway readily predictable under observation of their output. This is mainly because that’s the way we humans design them, or the ones we chose to observe in research. However we know of systems that are extreamly sensitive to their starting conditions, such that although we can model them, we can not make past present or future predictions about the output of any practical implementation. We tend to call these systems “chaotic” and you may remember not so long ago somebody suggested using chaotic systems as generators for One Time Pad crypto…

Nearly all algorithms we use for random generators are very far from chaotic, because it’s generaly the only way we can make predictions about performance. And after you strip things away you end up with a storage of state. Thus all algorithmic random generators can be modeled as a counter feeding some kind of mapping process. Which alows us to say certain things about such generators. The first of which is that either the counter will stop or it will overflow to zero and count up in known length cycles. This means that at some point no matter how complex the mapping function the output state will become known in past present and future.

We can thus generalise that all random generators have internal but hidden from the observer state (hence the interest in “hidden variables”). We also know that as far as we can tell in our universe the amount of matter we can store state on/with is finite… the implication of this is that if state were the only thing of interest all physical generators would at some point either stop or start repeating themselves, of which –thermal– entropy suggests that all physical generators would have two sequences, the initial rundown phase from organised to disorganised followed by a very much longer period of chaotic behaviour…

Thus arguably all thermal noise is the result of multiple chaotic generators interacting with each other, to an extent that an external observer can not make predictions…

However there is another issue to consider, and that is “what an observer can measure”, measurment is the process of quantertization which means it has limits. Thus there is a limit on what we can know from observation…

But further even with a quite moderate amount of state, we know that there are practical limits on what we can know about observing the output of even fully determanistic systems…

And no matter how much it may hurt our egos, that is the way of not just this world but the universe we inhabit. And these limitations have advantages, if we can show that any system has more individual states than it is possible to go through in any period of time then even though theoreticaly bounded in practice we can not approach anywhere close to those bounds, thus they are not a consideration we need concern ourselves with. Thus suitibly complex mapping processes will keep the value of the counter hidden to all but chance. Further we can design systems where the value of that chance is reduced to the point where it can not be determined it has actually be guessed correctly in a practical time period.

So at the end of the day an algorithm with proper design criteria is as good as if not better than an ill defined and understood physical process. But more importantly you can with care combine both and get the best of both.

But this leaves open another question, can you combine a crypto algorithm with a chaotic algorithm and get the same result. That is the inability to be able to sufficiently measure the interaction of chaotic processes keeps the ability to determine if an observers “guess” is correct or not, hidden in a practical system? If it is then “entropy pools” are going to be secure…

Nick P September 3, 2015 10:21 AM

@ Clive

” Thus all algorithmic random generators can be modeled as a counter feeding some kind of mapping process. ”

That’s not true. Many let the randomness affect a storage variable that’s put into an entropy pool. Long as its output is random, the pool mixing can be a simple xor if it’s producing more than they’re using.

Clive Robinson September 3, 2015 2:40 PM

@ Nick P,

That’s not true. Many let the randomness affect a storage variable that’s put into an entropy pool

Did you type that before your first coffee of the day?

An “algorithmic random generator” is a PRNG not a TRNG.

What you are describing is an algorithm to take one or more TRNG sources and “spread their entropy” across all the variables in the entropy pool.

It’s like droping a couple of crystals of potassium permanganate into clear water, their purple dark enough to be almost brown, spreads through the water giving it that pale pink to light purple colouration we remember from school science lessons showing heated water rises and cold water sinks.

Clive Robinson September 3, 2015 3:50 PM

@ Bruce, Nick P, and others,

You’ve expressed an interest in “interesting web sites” in the past.

Well the UK’s Bristol Uni has a web site for it’s crypto people, and they are coming towards the end of their “52 Things you should know” for First Year PhD students.

It might be of interest,

http://bristolcrypto.blogspot.co.uk/

Nick P September 3, 2015 10:43 PM

@ Clive

Actually, there were two built into in my comment: first version of that is a TRNG because the randomness comes directly from the samples; second is an option to process it into entropy pool which has PRNG component. I still usually call a basic xor of TRNG input a TRNG in practice because it still has its properties. Plus, that’s what buyers would probably call it since it does minimal processing on a truly random source.

re site

That’s neat. Bookmarked it to give to amateur crypto researchers I encounter. Will read it myself eventually.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.