Comments

BoppingAround September 4, 2015 4:30 PM

Mozilla have disclosed the information regarding the Bugzilla hack:

https://blog.mozilla.org/security/2015/09/04/improving-security-for-bugzilla/
https://ffp4g1ylyit3jdyti1hqcvtb-wpengine.netdna-ssl.com/security/files/2015/09/BugzillaFAQ.pdf

In short, the earliest confirmed instance of unauthorised access dates to September 2014. There are some indications that the attacker may have had access since September 2013.

The attacker acquired the password of a privileged Bugzilla user who had access to security-sensitive information. ‘Information uncovered in our investigation suggests that the
user re­used their Bugzilla password with another website, and the password was revealed
through a data breach at that site.’

Overall, the attacker accessed 185 non-public bugs, 53 of those being severe vulnerabilities.

Of these 53 sec­high or sec­critical bugs, 43 had already been fixed in the released version
of Firefox at the time the attacker found out about them. The information in those bugs likely could not have been used to attack Firefox users.

name.withheld.for.obvious.reasons September 4, 2015 5:29 PM

A quick analysis leads me to believe that the new browser in Windows 10 does several things that might seem problematic. One of them appears to provide what I would term a PEN TRAP and TRACE facility. The hook, seems to be through Cortana driver services, through the text layer, when in core is processed by Cortana, can be passed out Windows 10 in other layers thus defeating any end-to-end encryption that is part of the browser TLS session(s). Anything that can be rendered in a textframe in the new product seems to be part of “shared” interface.

Microsoft must be working for the FBI now, thanks Comey, now the FBI can take responsibility for the CSO position at Microsoft.

Peanuts September 4, 2015 6:36 PM

Windows 10 Surveillance Platform weaponized into and back ported Implants delivered seamlessly to Windows 7 and 8 via Windows Update

You may or may not have noticed shenanigans in your windows based 7 and * machines.

Microsoft likes the data they stream from windows 10 machines soo much that they decided to back port functionaly and carve out impants resulting in a of push 4 optional and 2 important windows updates

They will appear in control panel installed updates as

Optional
“Update for Microsoft Windows (KB3068708)”
“Update for Microsoft Windows (KB3075249)”
“Update for Microsoft Windows (KB3080149)”
“Update for Microsoft Windows (KB3022345)”

Important
“Update for Microsoft Windows (KB2952664)”
“Update for Microsoft Windows (KB3021917)”

If you have better things to do than hand eye troll through the list of installed updates then here are two approached to detect the SurveillanceWare Implants.

The referenced KB’s are specific to the surveillance implants which target Windows 7 only. If your running windows 8, 8.1 or 10 your more than likely fighting much more of a loosing battle. So this section is specific so where it may be temporarily possible to remove the Implants.

Detection – Open an elevated command prompt
wmic QFE list full /format:texttablewsys | find “KB3068708”
wmic QFE list full /format:texttablewsys | find “KB3022345”
wmic QFE list full /format:texttablewsys | find “KB3075249”
wmic QFE list full /format:texttablewsys | find “KB3080149”
wmic QFE list full /format:texttablewsys | find “KB3021917”
wmic QFE list full /format:texttablewsys | find “KB2952664”

or alternatively detect with an update to the systeminfo command

systeminfo | findstr “KB3068708 KB3022345 KB3075249 KB3080149 KB3021917 KB2952664”

To start removal after optionally taking an evidence image or a system backup
wusa /uninstall /kb:3068708 /quiet /norestart
wusa /uninstall /kb:3022345 /quiet /norestart

Then reboot seems required then continue
wusa /uninstall /kb:3075249 /quiet /norestart
wusa /uninstall /kb:3080149 /quiet /norestart
wusa /uninstall /kb:3021917 /quiet /norestart
wusa /uninstall /kb:2952664 /quiet /norestart

———- Windows 7, 8, 8.1 script to detect implants——-

Here is a list and updated DIY detection ready scripting for all 14 (currently known) Surveillance implants. Including Implants for windows 8 and later.

I guess they thought they could catch more fish with 14 baited lines.

Here are two batch files . run the larger script to see whats detected.

Open an elevated command prompt

create a batch file
Name: check-kb.bat

Add the batch script content

@echo off
echo ‘ Only the first parameter is used in the search, the rest display context.
echo ‘
echo ‘
echo Checking for %1 %2 %3 %4 %5 %6 %7 %8 %9 %10
@echo on
wmic QFE list full /format:texttablewsys | find “%1”
@echo off

Create a batch file, purpose is to check for currently known Implants.
Name: checkfor_NPI_patches.bat

Add the batch script content

@echo off
SetLocal
REM — (as of 2015-08-26):
cls
call Check-kb KB3012973 – Opt in payload – Upgrade to Windows 10 Pro
call Check-kb KB3021917 – Opt in payload – Update to benchmark Windows 7 SP1
call Check-kb KB3035583 – Opt in payload – delivers reminder “Get Windows 10” for Windows 8.1 and Windows 7 SP1
call Check-kb KB2952664 – Opt in payload – Pre launch day push of payload for compatibility update for upgrading Windows 7
call Check-kb KB2976978 – Opt in payload – Pre launch day push of payload for Compatibility update for Windows 8.1 and Windows 8
call Check-kb KB3022345 – Opt in payload – surveillance Telemetry [Replaced by KB3068708]
call Check-kb KB3068708 – Opt in payload – Update for surveillance customer experience and diagnostic telemetry
call Check-kb KB2990214 – Opt in payload – Update that prepares payload to Windows 7 to add surveillance in later installed versions of Windows
call Check-kb KB3075249 – Opt in payload – Update that adds surveillance telemetry to Windows 8.1 and Windows 7
call Check-kb KB3080149 – Opt in payload – Update for CIP and surveillance with diagnostic exfil leveraging telemetry
call Check-kb KB3044374 – Opt in payload – Marketing Windows 10 surveillance payload to windows 8,8.1 devices
call Check-kb KB2977759 – Opt in payload – Windows 10 surveillance Diagnostics Compatibility Telemetry HTTP request response
call Check-kb KB3050265 – Opt in payload – Marking via Windows Update services opting in to Windows 10 surveillance Implant
call Check-kb KB3068707 – Opt in payload – CIP telemetry request response check in for Windows 7,8,8.1

Whatever Surveillance implants revealed in your machine, it can be removed with a customization of the wusa command, just replace the ??????? with the kb numbers reported.

wusa /uninstall /kb:??????? /quiet /norestart

——-Housekeeping QA

Housekeeping checks post removal additional steps. I can foresee someone will prophetically conclude a recommended step 5) Uninstall windows and install a secure *nix variant. Obligatorily mentioned in advance. Thanks.

An eye on post removal Hinkyness had some hits after removals and reboots.

1) Only two of the four uninstalled KB’s reappeared as available optional “Update for Windows 7 for x64 based Systems (KB3075249) and (KB3080149), another reappeared as

Important “Update for Windows 7 for x64 based Systems (KB3068708)”

The important one was the “Update for customer experience and diagnostic telemetry” Important to who, NSA?

The “KB3068708″ Update for customer experience and diagnostic telemetry” did not reappear as an available patch. It may be dependent on one of the other three removed bits

2) Before the uninstall, I had foresight to search the infected file system
for .manifest with a common namespace string called assemblyIdentity which is set to a string value “Microsoft-Windows-Authentication-AuthUI.Resources”

The before removal search listing files which matched the above search constraint yielded 62 matches in 52 manifest files.

The after removal search listing of files which match the above search constraint yields 74 matches in 64 manifest files.
Conclusion, the removal did not remove the manifest files pushed in the original infection.

3) In a read of KB 3080149, it indicated it installed and updates / requires maintenance of a file named utc.app.json

Before removal, the file file was found in 6 places on the infected filesystem
After “removal” the file exists in the same 6 locations, same filesize just waiting for re-use and reinfection.

discovered and removed using the disribed method 22 additional implants
Found all 6 utc.app.json were removed and it had left two backup copies under the name utc.app.json.bk
in
C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings
C:\Users\All Users\Microsoft\Diagnosis\DownloadedSettings
in the same directory, found a backed up file telemetry.ASM-WindowsDefault.json.bk

In order to see the hidden system directory, you must elevate to admin
dir wont show the rest of the telemetry files unless you clear the files attributes
An Elevated file explorer will show the files
Files wont be readable until you change owner permissions or change your running user principal context to that which does allow access to the file.

telemetry file content
{
“settings”: {
“Microsoft-ApplicationInsights:::sampleRate”: “100”,
“Microsoft-ApplicationInsights-Dev:::sampleRate”: “100”,
“Microsoft-ApplicationInsights-Dev:::latency”: “Realtime”,
“xbox.xsapi:::sampleRate”: “100”,
“Office:::sampleRate”: “100”,
“Skype:::sampleRate”: “100”,
“Census:::sampleRate”: “100”,
“Microsoft.Windows.Appraiser.General::ms.CriticalData:sampleRate”: “100”,
“Microsoft.Windows.Appraiser.Instrumentation::ms.Telemetry:sampleRate”: “100”,
“Microsoft.Windows.Compatibility.Asl::ms.Telemetry:sampleRate”: “5”,
“Microsoft.Windows.Inventory.General::ms.CriticalData:sampleRate”: “100”,
“MicrosoftTelemetry::ms.CriticalData:sampleRate”: “0”,
“MicrosoftTelemetry::ms.Measures:sampleRate”: “0”,
“MicrosoftTelemetry::ms.Telemetry:sampleRate”: “0”,
“Setup360Telemetry::ms.CriticalData:sampleRate”: “100”,
“SetupPlatformTel::ms.CriticalData:sampleRate”: “100”,
“TelClientSynthetic:HeartBeat_5::sampleRate”: “100”
}}
content file of utc.app.json
{
“settings”: {
“UTC:::GroupDefinition.MicrosoftTelemetry”: “f4-Redacted data-6aa”,
“UTC:::CategoryDefinition.ms.CriticalData”: “140-Redacted data-318”,
“UTC:::CategoryDefinition.ms.Measures”: “71-Redacted data-63”,
“UTC:::CategoryDefinition.ms.Telemetry”: “321-Redacted data-32”,
“UTC:::GroupDefinition.Microsoft-ApplicationInsights”: “0d-Redacted data-d0b”,
“UTC:::GroupDefinition.Microsoft-ApplicationInsights-Dev”: “ba-Redacted data-3d”,
“UTC:::GroupDefinition.xbox.xsapi”: “53b-Redacted data-af3”,
“UTC:::GroupDefinition.Office”: “8DB-Redacted data-155”,
“UTC:::GroupDefinition.Skype”: “9df-Redacted data-a89”,
“UTC:::DownloadScenariosFromOneSettings”: “1”
}

To mitigate future infection, am considering removal alteration or perform a revocation of file permissions to utc.app.json and the hinky manifest files.

4)Re the connections the malware opened, which may or may not have Mitm certificate pinning mitigation. My personal opinion is to mitigate by locking access to the data ex filtration end points.

Firewall now blocks outbound access from your network to
vortex-win.data.microsoft.com
Name: VORTEX-cy2.metron.live.com.nsatc.net
Address: 64.4.54.254
Aliases: vortex-win.data.microsoft.com
vortex-win.data.metron.live.com.nsatc.net
vortex.data.glbdns2.microsoft.com

settings-win.data.microsoft.com
Non-authoritative answer:
Name: OneSettings-bn2.metron.live.com.nsatc.net
Address: 65.55.44.108
Aliases: settings-win.data.microsoft.com
settings.data.glbdns2.microsoft.com

Chances are that anything outbound to “.data.microsoft” should likely be blackholed if you opt out of the “Idiots Do Opt Having Pervasive Surveillance Patches” IDOH-PSP program for short.

Hope this helps to bring most of the malware workflow, as is early info on this new day of vendor sponsored in your face implants, info will likely be incomplete.

Regards
Peanuts

Paul Suhler September 4, 2015 6:42 PM

A friend sent me the following extract from the Windows 10 privacy info:

“we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have good faith belief that doing so is necessary.”

Apparently the definition of “necessary” is as broad as needed by whomever.

Curious Onlooker September 4, 2015 6:48 PM

Here’s an interesting feature introduced in VeraCrypt, one of the successors of TrueCrypt. It’s called the “Personal Iterations Multiplier” – in other words the number of iterations required for its key derivation function.

You can either use the default where the software will pre-determine it or you can input your own – for system encryption this is PIM x 2048 and for non-system encryption/file containers: Iterations = 15000 + (PIM x 1000).

What makes it interesting is that upon decryption it will require two variables: your password AND your PIM. If you enter either variable incorrectly the decryption will fail. It seems to me to be a novel way to render exhaustive key search unfeasible.

Having given it some thought, and the developer makes no comment on this, it would appear to render nugatory any advancements in quantum computing (Shor’s Algorithm etc.) If implemented properly it would mean that brute force attacks are orders of magnitude more difficult.

It’d be good to hear if anybody has come across anything similar? I’m especially intrigued in its potential role in mitigating the risk of developments of quantum cryptography. (VeraCrypt also supports cascading algorithms).

Thoth September 4, 2015 8:34 PM

@Curious Onlooker
Passwords are already a complex beast to handle and most people are simply bad at some form of password defense, now they add another layer of complexity where a user must remember the amount of iterations of passwords they had need to use ….

I wonder how it will improve usability for non-security people….

Not to forget, software-based encryption is a bad idea due to the feasibility of software attacks on the system. A Inline Media Encryptors would be better placed for data security despite it’s origins in the Defense sectors although no workng civilian copies can be found yet.

Another way is to use a smartcard to encrypt files or a hardware crypto USB stick (which of course have it’s own problems like backdoors).

Peanuts September 4, 2015 8:56 PM

@Paul

From the same agreement you quoted from https://www.microsoft.com/en-us/privacystatement/

“Rather than residing as a static software program on your device, key components of Windows are cloud-based, and both cloud and local elements of Windows are updated regularly, providing you with the latest improvements and features.”

This apparently now or always did include all versions of windows not just Windows 10

“In order to provide this computing experience, we collect data about you, your device, and the way you use Windows.

And because Windows is personal to you, we give you choices about the personal data we collect and how we use it. For more information about data collection and privacy in Windows, go to http://go.microsoft.com/fwlink/?LinkId=529552.”

From the link, They define 3 levels of the Surveillance platform

Note the dont mince word with a hint that you can opt out of the next paragraph.

Peanuts

“As you use Windows, we collect performance and usage information that helps us identify and troubleshoot problems as well as improve our products and services. We recommend that you select Full for this setting.”

"Basic information is data that is vital to the operation of Windows. This data helps keep Windows and apps running properly by letting Microsoft know the capabilities of your device, what is installed, and whether Windows is operating correctly. This option also turns on basic error reporting back to Microsoft. If you select this option, we’ll be able to provide updates to Windows (through Windows Update, including malicious software protection by the Malicious Software Removal Tool), but some apps and features may not work correctly or at all."

"Enhanced data includes all Basic data plus data about how you use Windows, such as how frequently or how long you use certain features or apps and which apps you use most often. This option also lets us collect enhanced diagnostic information, such as the memory state of your device when a system or app crash occurs, as well as measure reliability of devices, the operating system, and apps. If you select this option, we’ll be able to provide you with an enhanced and personalized Windows experience."

"Full data includes all Basic and Enhanced data, and also turns on advanced diagnostic features that collect additional data from your device, such as system files or memory snapshots, which may unintentionally include parts of a document you were working on when a problem occurred. This information helps us further troubleshoot and fix problems. If an error report contains personal data, we won’t use that information to identify, contact, or target advertising to you. This is the recommended option for the best Windows experience and the most effective troubleshooting."

Memory Snapshots, parts of documents up to and including whatever is “full data”. Any document, link, search, metadata related to you, or content have loaded.

Bleach bit before during and after every program on a 10 second schedule. Might as well just script or schedule bleach bit into a continuous cleaning endless loop if you use windows, or some unhanded exception is by the terms of service a probable cause to invade your past with or without or consent to access any particular data.

So they are telling us they are inventorying files, loading ones they intend to target, can make any excuse to exfiltrate data for their own fishing expeditions or allow anyone with a legal premise and valid process use them to conduct covert witch hunts.

Nice
They make Hack team look like alter boys and amateurs.

Bob S. September 4, 2015 9:05 PM

@Peanuts

Re: Windows 10 Surveillance Platform weaponized

I agree. That 64.4.x.x address you mention is especially nasty. An important service to disable is “Diagnostic Tracking”…very creepy little beast.

The, almost, passage of CISPA and rushed beta-like intro of W10 was not coincidental in my opinion. We can avoid google, fb and twitter. But how do you avoid an OS? Is collusion a possibility?

My experiment with a dual boot Linux Mint/W8.1 system is going swimmingly well. I would encourage migration to anyone who has ever worked under the hood of Windows. You can do it and I think will like it. I hope to leave MS behind completely fairly soon and no later than the passage date of CISPA which is the final nail in the coffin of electronic security and privacy for US targets formerly known as citizens with rights.

Meanwhile, just today, the windows machine came up with an offer for an optional update …to update ….windows update. hmmmmmm. I figure it might be the one that makes it impossible to NOT update. It was sent into hiding.

For many years I was an xl MS fan and supporter. Not any more.

name.withheld.for.obvious.reasons September 4, 2015 9:48 PM

CALEA, Windows telemetry, status, metric, and other info comes with an additional layer of data access that serves exactly what the FBI complained about in “going dark”. And, as this is cross platform (gaming, telephony, computing) CALEA support is given common cause as an “embedded” backdoor. It also allows access to various application layer translations that would permit “APPS” to be instrumented when installed. It is ironic given the current state of Visual Studio components at the moment…maybe some at MSDN knows what is going on.

Telemetry is not about “Location” or static data–there is a real-time component to this feature that by way of inference would allow a propaganda tool or an ultimate “Manchurian Candidate” device.

If you track the CIA convolution from agency to “Enterprise” it suggests an “internal” organization that is “compartmentalized” from government. This is scary…the CIA has effectively gone underground.

There are five now directorates; Analysis, Digital Innovation, Operations, Science and Technology, and Support

name.withheld.for.obvious.reasons September 4, 2015 10:06 PM

@ Peanuts

This apparently now or always did include all versions of windows not just Windows 10

I have severe issues with the unilateral modification of contractual terms that are not mutually agreed upon–or given the chance to (stealth updates in operational maintenance of a proper Windows 7 environment). As a Windows 7 licensee, I am concerned that Microsoft has reneged on their obligation to provide a product/service in exchange for payment.

Circumstances and environments in which Windows products had normally operated could not have informed me of the change of and to the nature of the operational behavior of the Windows 7 product as it existed and behavior to date. In no way could I have exercised the necessary due diligence as “buyer” respecting both the seller’s motives, incentives, and/or competing interests when considering business decisions impacting near and long term operational integrity.

Microsoft, as seller, has taken an adversarial stance respecting myself, business, and/or personal well being in denying me disclosure(s) that may have informed decisions made on my part respecting the relationship to the “seller” irrespective of the terms of service or licensing. It is the spirit in which the “seller” unilaterally sees its obligation(s) to the buyer.

lurker_10293 September 4, 2015 10:52 PM

Interesting insight into the mess of information systems in a central European government, from the point of view of a 27 year old software developer hired as a government cabinet advisor.
He says he is trying to allow quicker access to citizen data by government departments while maintaining privacy for the citizen and transparency for the government as much as possible.
https://dzone.com/articles/a-software-engineer-as-a-high-level-government-adv

So there you go, Bruce, the latest lab rat in e-Government is Bulgaria.

Clive Robinson September 5, 2015 12:33 AM

@ Name.withheld…,

Microsoft, as seller, has taken an adversarial stance respecting myself, business, and/or personal well being in denying me disclosure(s) that may have informed decisions made on my part respecting the relationship to the “seller” irrespective of the terms of service or licensing. It is the spirit in which the “seller” unilaterally sees its obligation(s) to the buyer.

I suspect as a legal argument it will not stand in a US court and certainly not with “Corporate Friendly” SCOTUS, because it’s a licence for an ephemeral “service” not “goods” product with existing clauses alowing service modification and revocation.

Further in many countries they have –rather stupidly in my opinion– recently signed Obama inspired US Trade deals with the nasty little dispute resolution clause that allows Corps to get judgment and significant damages against Sovereign States in US backed Courts if the state has legislation or regulation that the Corp can present as “restrictive”. As Australia has found sensible Health Care policy and attendant legislation is seen as “restrictive”… (the thought occures that now certain “drugs are legal” in the US but not in other countries how long it will be before some legal US organisation decides it’s time to “push” into other countries for easy profit, via that clause…).

The area of law where you might succeed is with “Privilage”, that is information pertaining to communications and actions between a Lawyer, Doctor, Religious Minister or Journalist and a client, have existing protection not just in civil but criminal cases. Likewise you may have existing contracts with enforcable non disclosure clauses.

In effect as a person handling privileged information, you now can nolonger use “any” Microsoft Products, that require the use of any MS supported OS… That is a US corp by change in it’s policy is knowingly bringing you and other organisations into a position of breach of duty/contract with criminal and civil legislation etc.

One thing I suspect MS is reliant on is US IP legislation that in effect says “if you collect the information you own it”, it works the other way around in the EU and quite a few other jurisdictions due to Privacy, Data Protection and Computer Crime legislation. Oh and then there is he effect it has on trade secret and Patent legislation and of course theft and espionage legislation, South Korea takes an extrodinarily dim view on all forms of espionage.

Oh and don’t forget Russian Espionage and other legislation, that allows them to carry out what they regard as judicial execution anywhere, even though the target may be in and a citizen of a state that regards it as murder or even first strike act of war… they have allready started raising questions at ministerial level as to if MS has allready broken Russian law with Win10…

As the old Chinese curse of “may you live in interesting times” appears to have come true for MS and it’s users, I guess it’s also time some are going to start digging a couple of graves…

65535 September 5, 2015 1:09 AM

@ BoppingAround

“…the earliest confirmed instance of unauthorised access dates to September 2014. There are some indications that the attacker may have had access since September 2013.”

That is unnerving. Firefox is one of few mainstream browsers to keep the search bar separated from the address bar.

With combined “Search and Address bar” browsers, I find it hard to believe that your key strokes are not AJAX’d and sent home to the mother ship for monetization.

@ name.withheld.for.obvious.reasons

“…I would term a PEN TRAP and TRACE facility. The hook, seems to be through Cortana driver services, through the text layer, when in core is processed by Cortana, can be passed out Windows 10 in other layers thus defeating any end-to-end encryption that is part of the browser TLS session(s)… Microsoft must be working for the FBI now, thanks Comey, now the FBI can take responsibility for the CSO position at Microsoft.”

Yes, Win 10 leaks data like the Titanic. Even if you carefully disable 30 some spy components I would gather there are other several hidden spy modules that have yet to be discovered. I will not be using Win 10 anytime soon.

@ Paul Suhler

“we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have good faith belief that doing so is necessary.” – MS

Ha. They are giving you fair warning that Win 10 is a spy ware platform.

@ tyr

“Here’s a peach about 0 day disclosures.”

I looked at the “VEP” doc that the EFF shows and it is heavily redacted. I hope the EFF publishes the un-redacted document – if they have it.

@ Peanuts

“Windows 10 Surveillance Platform weaponized into and back ported Implants delivered seamlessly to Windows 7 and 8 via Windows Update”

Good list. I will book mark you post and use it. I hope you got all of them.

[And]

“They make Hack team look like alter boys and amateurs.”

I have to agree.

@ Clive Robinson

“I suspect as a legal argument it will not stand in a US court…”

Let’s hope so. Remember that Bill Gate’s father is a lawyer – a successful lawyer. He and various ‘Gate’s Foundations’ [read tax havens] own a considerable amount of M$ stock.

https://en.wikipedia.org/wiki/William_H._Gates,_Sr.

Gerard van Vooren September 5, 2015 1:56 AM

@ all: Windows 10 Surveillance Platform weaponized

Well, one thing is for sure: It is happening and it is happening right now!

For many years I was an xl MS fan and supporter. Not any more.

I have never been a MS admirer. They have played way too many dirty games. As bystanders most people just don’t give a damn, until it affects them. MS plays a really sneaky game here with W10 and I am not even exaggerating.

Clive showed ~2 weeks ago interesting documents about how MS influences British politics. They have clearly influenced TTIP and TTP. They harassed the Munich LiMux project, threatened Linux with the SCO crap, they are extorting Android mobile phone manufacturers with software patents and the list goes on and on.

At the Vista/W7 time I did have quite a lot of faith in the EU. Neelie Kroes, European Commissioner for Competition (2004 – 2010) fined MS for being anti competitive. Today however, the EU itself is being questioned.

To me it looks like MS has reached the status of too big to fail, which means they can do whatever they want and only their own utter arrogance could put them out of business.

Nice company.

Curious September 5, 2015 4:12 AM

Arstechnica on the Red Hat paper mentioned the other day:

“Serious bug causes “quite a few” HTTPS sites to reveal their private keys”
http://arstechnica.com/security/2015/09/serious-bug-causes-quite-a-few-https-sites-to-reveal-their-private-keys/

“Much like the odds of winning a lottery, the chances of witnessing an RSA signature fault are astonishingly small, and there’s no way an attacker can produce key leaks for a given site at will. Still, Weimer’s nine-month experiment demonstrates that patient adversaries who are interested in impersonating a wide range of sites will eventually succeed, and success will only grow with time and with the number of simultaneous scans that are carried out. The obvious beneficiary of this technique would be the National Security Agency and other state-sponsored spy groups that are in a position to monitor huge amounts of Internet traffic.”

https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/

Jacob September 5, 2015 4:25 AM

@ Peanuts – good list and I appreciate the listing of the CLI tests. Thanks.

@ Curious Onlooker
Adding a KDF iteration number (i.e. “streching” the PW) entry to Veracrypt has nothing to do with trying to resist quantum decryption efforts.

PBKDF (Password Based Key Derivation Function) iterates through the PW hashing in order to “stretch” the PW and to force the attacker to spend more time while trying to brute force his way. In the original Truecrypt, IIRC the iteration number was 2000 (hard coded) – thus “adding” 11 bits of resistance to any PW. Mounir, Veracrypt’s developer, felt this this was too short a number and increased it to an insanely high value (hard coded). Consequently, it took a lot of time to mount volumes to the point of impracticality on many systems. People complained and asked to be allowed to define their own iteration value. Mounir felt that this might reduce the security for the uninitiated – who might enter very short iteration count in order to have an instantenuous volume mounting, and came up with an algorithm that will adjust the iteration count based on PW length.
This is what the current program does.

Curious September 5, 2015 6:04 AM

I am reading that two major banks in norway allows customers to log into their online bank using the fingerprint reader on their mobile phones, via an ‘app’ (probably two different apps). One bank started in the spring of 2015 and the other is said to have a full launch in a few weeks.

One article points out how this supposedly replaces the existing soution with typing in (personal id number + token code + private code) on login, but the article doesn’t explain how using this new technology is supposed to work security wise.

I was left with the impression that his kind of novelty was allowed because of how this solution is convenient, and not because of maintaining or improving security in general.

Curious September 5, 2015 6:12 AM

To add to my previous comment:

I guess this fingerprint solution is based on some kind of surveillance scheme of the customer (at least to some degree). Might perhaps be interesting just how complicated that kind of cross referencing would be if security is based on ways of profiling the users, if being more than looking out for suspicious transactions and logins based on time and location data.

Thomas_H September 5, 2015 7:07 AM

(continuing from other thread)
@ Jonathan Wilson:

The Windows 10 installer is certainly downloaded even if you uninstalled and disabled previous updates related to the Windows 10 nagware, as I was able to confirm on a relative’s Win7 machine. We had removed the offending updates and set Windows Update to only install updates after review by the user in July, yet the installer file was still downloaded near the end of August without any notification. Microsoft is also bringing out the same updates under new KB-numbers in an apparent attempt to sneak them past attentive users – it’s like a game of whack-a-mole.

Unfortunately, many normal users and also IT people don’t seem to understand why this behaviour of massive spying is a dangerous slippery slope (which is why I cheer for every article showing how much of people’s lives can be reconstructed using only metadata).

Other topic: Chrome seems to be the new Internet Explorer for bad web developers: the one and only browser in which they test their website, and when users complain that things break in Firefox etc. they tell people to use Chrome. Had one such developer tell me he needed to add specific code to his website to get it to work on every other browser than Chrome, by version and supported OS to boot!

Winter September 5, 2015 8:01 AM

The FCC is working on running your own OS impossible if your computer has on-board WiFi.

http://hackaday.com/2015/09/02/save-wifi-act-now-to-save-wifi-from-the-fcc/

Under the rule proposed by the FCC, devices with radios may be required to prevent modifications to firmware. All devices operating in the 5GHz WiFi spectrum will be forced to implement security features to ensure the radios cannot be modified. While prohibiting the modification of transmitters has been a mainstay of FCC regulation for 80 years, the law of unintended consequences will inevitably show up in full force: because of the incredible integration of electronic devices, this proposed regulation may apply to everything from WiFi routers to cell phones. The proposed regulation would specifically ban router firmwares such as DD-WRT, and may go so far as to include custom firmware on your Android smartphone.

With current hardware integration, this would include Raspberry Pies and laptops.

BoppingAround September 5, 2015 9:39 AM

65535,
Your searches are, at least, sent somewhere (I suspect the search providers) to facilitate search suggestions. Unless you’ve disabled that through the about:config browser.search.suggest.enabled setting.

Gerard,

To me it looks like MS has reached the status of too big to fail, which means they can do
whatever they want and only their own utter arrogance could put them out of bu> siness.

That’s probably the case with all of these companies (Google, FB and others).

Thomas_H,

which is why I cheer for every article showing how much of people’s lives can be
reconstructed using only metadata

The problem is that articles aren’t even near enough. Almost useless for those who know about this stuff and just as useless for those who don’t — for they do not care until it happens to them and sometimes even then.

Winter September 5, 2015 9:45 AM

There are other options for search.

DuckDuckGo can be reached as a Tor Onion service. Startpage is located in the Netherlands ans claims to not track searches.

On Windows, nothing helps, though. That platform is simply a spy’s wet dream.

Leonhart231 September 5, 2015 9:58 AM

@ all: Windows 10 Surveillance Platform weaponized

There’s an interesting GitHub repo with some scripts designed to block the “telemetry” on 7/8/8.1 here:
https://github.com/WindowsLies/BlockWindows
I’d be curious to hear people’s thoughts on it. I’ve run a couple older versions on my own computer running 7 that I don’t really care about, and haven’t had any issues. But…

@ Thomas_H: “Microsoft is also bringing out the same updates under new KB-numbers in an apparent attempt to sneak them past attentive users”

…this caught me. I had disabled automatic updates after running the above script, installed a couple “important” updates, and now I’m being bugged about Windows 10 again.

Coming back to the scripts, they seem to me to be suffering from some feature-creep. They began very small, and seem to be taking in more and more things to change. But, with Thomas’ comment above, perhaps it’s necessary?

name.withheld.for.obvious.reasons September 5, 2015 11:23 AM

@ Peanuts
From the Privacy statement you noted regarding the three levels of surveillance…

“Full data includes all Basic and Enhanced data, and also turns on advanced diagnostic features that collect additional data from your device, such as system files or memory snapshots, which may unintentionally include parts of a document you were working on when a problem occurred.

Reminds me of the DNI, Clapper, lying to congress with the least false statement, that the NSA was not intentionally collecting metadata of 100’s of millions of U.S. citizens. The dots that are connected to this disclosure by Microsoft is that a device such as a tablet, laptop, computer, cellular telephone, or Xbox system are potential targets for real-time manipulation with requiring something like FOXACID and/or BULLRUN to subvert a running system.

My concern is that the statement includes enough vagueness to provide for real-time counter-intelligence, propaganda, and information level subversion that it will be long time before ANYONE can attest or assure with any level of confidence the fidelity and integrity of data and information garnered while using a platform containing a Microsoft product.

I see this a similar to the Lenovo and Sony hacks that “rooted” the hardware. It is such that at this point it doesn’t matter the level of diligence exercised to catalog, inventory, audit, or perform exhaustive supply chain verification…use a Microsoft product and the platform below becomes an operational liability regarding trade secrets, business practices, confidential data and communications, or intellectual property. I see organizations in the NEAR future having to perform SEC filings stating that due diligence has been exercised in maintaining proprietary company or organizational data–including organizations that provide for example “protected services” to battered women at shelters–like the United Way.

As I said before, I believe there is both the motive and means to produce the 21st century form of the “Manchurian Candidate” using a cellphone or a computer. Assassins unknowingly identified, trained, brain-washed, and triggered to kill using a pretty new Windows-based platform–human killer drones. I can suggest we are well beyond Orwell at this point.

Contemporary “Dystonia”, met your new brother, “crypto-anarchy” and your new sister “crypto-fascism”. Welcome to the “family”.

Alien Jerky September 5, 2015 4:33 PM

From ZDNet:

http://www.zdnet.com/article/why-microsoft-data-case-could-unravel-the-us-tech-industry/

In a little under a week, Microsoft will again head to a Manhattan court in an effort to try to quash a search warrant, sought by the US Justice Department, in an international drugs-related case.

The warrant itself isn’t out of the ordinary, but it does contain a crucial facet: It is demanding data on an email account stored by Microsoft in a datacenter in Ireland.

Microsoft argued the search warrant goes way beyond the means of a traditional search warrant because it forces the company to hand over data it stores in another country, which in itself is subject to different laws and regulations.

This one case will determine — effectively — how far the US can use its own legal system to compel companies doing business within its borders to hand over data it stores overseas.

The case will determine whether data has a nationality

Figureitout September 5, 2015 8:24 PM

Clive Robinson
–You have mentioned in the past, for IoT-like products to have a secure re-programming capability (it’s becoming more common, but mostly plaintext upgrades), I would urge caution as that’s what we have w/ routers right now; remote update that is too trivial and can be automated is asking for malware to do that on a whim. Do you have any thoughts on this AES-bootloader implementation? I’ve only read this application note and of course haven’t “seen it to believe it” yet. At least for a few Atmel-based designs, I’d like to have the firmware encrypted, data mostly “at rest”. Maybe skip to the 1-page summary since you’ve probably read this a million times yatta yatta…I did like that they encrypted EEPROM as well, and I’d want to make sure as much memory as possible is encrypted.

http://www.atmel.com/Images/doc2589.pdf

I don’t know if I’m biased b/c I’ve been working w/ Atmel quite a bit lately, but I feel like they have the most “friendly” datasheets and a few more good secure options to choose from. They mentioned some tamper-resistance which seems more obvious working embedded; either taking some kind of analog measurement of a peripheral missing (say attacker is taking apart board to glitch chip to barf up clues etc.).

Good mini refresher on AES. Also, main protection of bootloader (and keys!–well it’s not exactly clear how they’re protected) is lock bits. Physically, they won’t stop the kinds of attackers I want but that’s mentioned as a big impediment to BIOS-chip attackers which have some additional channels I believe to programming pins.

Making the Public More Security Aware, an idea
–Been doing rudimentary bluetooth sniffing on my campus as a personal research project. Every time I’ve gotten at least 7 devices that are on while owner is walking around in public. W/o even knowing who you are I can perhaps get a name and a clue of the device in your pocket. W/ that bluetooth mac address one can launch more “touchy” attacks. As a sort of joke, which I will make sure to not reveal way too personal info, just 1st names, I want to have like a table setup on a busy part of campus and a megaphone and a group of people dressed up like spooks or something lol, something funny. As they go by I want to say their name then maybe make a call (probably illegal) really loud in the megaphone and try to embarrass them and get them to think about turning off bluetooth while they’re walking around (this is NOT interrogating “hidden” bluetooth devices which there’s tools for, simply acknowledging “public” ones that aren’t hidden).

I know security people would laugh, but a university administration? Would they allow it? Ha! Nevermind they probably got too much a carrot up the a$$. :p

ActuallySkeptical September 5, 2015 10:06 PM

@Winter

I’m befuddled as to how the raspberri pi qualifies as having ‘on board wifi’. In general it would be pretty neat I think if every wifi enabled device had an offboard transciever about the size of a microsd card, and as easily physically removable.

Figureitout September 5, 2015 10:44 PM

Winter RE: ‘save the wifi’
–I made my comments on FCC website (you might as well try as a “nederlander” since one could just connect via someone’s PC and authentication is a big joke today). Used real name and no trolling, hoping for some official ARRL comment on what they’re trying to do (I’ve blogged here actually about how some hams sent video over 10 miles via little WRT54G routers and of course a dish-like radar antenna and it was running openWRT). They couldn’t send video of a run thru mountains w/ this proposal now. It’d be nice to have a confirmed number of comments and those for/against but someone would actually have to read the comments so…(sorry for cynicism).

That’s how gov’t should work these days anyway, way more public input directly. Since everyone has all messed up schedules and there’s a bunch of sh*t the public doesn’t know about how things “really work” especially in public life (people would phone in their “vote” for a policy and the “vote tally” could be simply a “historical record” and not actually used in any way whatsoever as affecting any decisions). And that’s why I left “public life” b/c it’s not actually serving public and too much feeling “stuck” in a failing system.

Leonhart231
–That’s a really long f*ckin’ script lol…behind each of those commands is probably an average of 5 lines of C code (MS C lol). Lots of nice random garbage msn sounding websites and their associated garbage traffic to investigate for the truth etc…

At some point it’s not worth it and let things get owned to point we actually have to shift the market to have a functioning society.

Keep your Windows machines offline as much as possible, and only do updates occasionally (and if you need a dedicated work Windows/Apple machine that’s guaranteed to have malware from a coworker who brought malware in the building). Assume the Windows machine is owned, there’s basically no practical way to know otherwise….Go Linux/BSD otherwise for personal security w/ an eye to modified versions or new OS’s.

Thoth September 5, 2015 10:47 PM

@Figureitout, Clive Robinson, Nick P
Re: Secure Chips
Most smartcard and TPM chips have the feature of ROM/EEPROM encryption. They are becoming a very very common sight. In fact, smartcard chips already have these encrypted instructions long before TPM and other areas got to play the catch up according to my observation.

In the end, if we see it from the angle of everything just being IC chips, the chips used for smartcards are designed with much more security in my opinion due to the years of research and effort but as we know, the smartcard security contain junk as well which @Clive Robinson had pointed out … mainly side-channels which they use NDA, patent acquisitions and trolling and Whitebox crypto in combination to mitigate the issue and recent papers have shown Whitebox crypto methods doesn’t bring the promise of side-channel power analysis mitigation or protection and can be attacked.

You can search for some EAL 6+ smartcard chips and they do reveal an abstract architecture on their technology. One of the more interesting smartcard design and I still like it is the Infineon’s SLE78 and above design. In simply, the technology of Infineon’s revolves around something called Integrity Guard which is a pair of 16 bit RISC cores working independently but together. The two cores each holds a crypto key and will encrypt everything (data buses and CPU cores and the processes are carried out via self-encrypting logic). I am not sure how they self-encrypt the two cores and executed encrypted logic which @Clive Robinson might want to chime in abit on it. The two self-encrypting cores will perform the same operation and check each other and if any of the result were wrong, they do detect a tamper event and raise an alarm or self-correct.

Most smartcard IC chips do encrypt their EEPROM/ROM either fully or partially due to known risks of someone physically reading bits from the chips itself with probes.

The GlobalPlatform requirement is to have an ISD domain and you need to have 3 keys for MAC, Encrypt and KEK. With the ISD keys, you can upload a new applet onto the smartcard. More on smartcard security is found in the link below.

In fact, my preference is to use the somewhat more mature status of smartcards to implement a Secure Execution Environment and somewhat more tamper resistant keystore as it is cheaply available in many form factors and the rich abundance of choice out there.

From the Atmel perspective, I think lock bits might either be blown eFuses (something like what the Samsung Exynos does to implement the KNOX mode or in some ARM TrustZone designs). The blown eFuses can be used as a hardware bit checker or status flag that cannot be undone from a code cutting perspective unless you gain physical access and feel it’s worthwhile to spend so much effort to somehow reverse the blown eFuse. A better way is to simply clone the chip (if you can bypass the tamper mechanisms). The advent of the use of Physically Uncloneable Functions (PUFs) from chip manufacturing inconsistencies shown in the AEGIS chip in the link below to derive keys makes it harder to clone.

Encrypted firmware and hardware data have already been out there for a long time but it’s simply taking too long to propagate it partly due to political pressure.

Link:
http://www.infineon.com/cms/en/product/promopages/CCS/integrityGuard/
https://randomoracle.wordpress.com/2013/07/23/javacard-global-platform-and-sim-vulnerabilities/
http://people.csail.mit.edu/devadas/pubs/aegis-istr-august6-2005.pdf

Re: Sniffing to educate security
Take very cautious approach and be aware of the law. You might want to start migrating to @Clive Robinson’s Prison approach for hardware crypto in case you get captured and the true aim is to not just silence you but to impersonate you. You need a one touch self-destruct/zerorize device or something if you have any sensitive signing/encrypting keymats. I am currently writing on something to do with a portable data security device during my free time which I hope I can finish them and put them here for scrutiny and hopefully someone walks in and decides to build something out of a piece of writing.

Clive Robinson September 6, 2015 1:57 AM

@ DaveK,

Yes it’s possible to exploit it, that much is clear from what people have said on the c’punks mail list. Which means it can be used for a MitM attack in some cases, even if in practice the method is seldom/never used in normal usage, thus ditching it all together may be the way to go as a quick fix, and fixing the standard if anybody moans it’s “essential” to stop their patch of sky falling in.

My main concern is it’s ended up in quater century or more expected lifetime embedded products (yet another excuse to bang on about NIST et al extracting their lower sphincter lodged digits and get working on “crypto frameworks” 😉

Obviously to some, the route by which this standards issue came about is of more importance than fixing it. And I have a degree of sympathy for this viewpoint. The reason is simple, back in the 90’s when this standard and the ones it is based on, next to nobody was looking for “NSA et al Finessing” (even I only started talking about it publicaly this century 😉 though I’ve been aware of it with telephone standards since the mid 80’s, I’d just assumed it was common knowledge in engineering. But more importantly nobody including the spooks knew in advance which technology was going to win out in the popularity game. Thus they may well have finessed everyting they could get away with on the assumption of covering all bases.

Thus it’s playing a game of catch up, and “knowing your enemies MO” as one way to find other crimes they have commited, a technique that is common/standard in certain LE activities.

So charecterising all possible standards attacks irrespective of if they are real or not will over time improve the standards process at the very least, and make the task of the likes of the NSA, GCHQ et al much harder in the future, or make them way more noticeable.

65535 September 6, 2015 2:20 AM

@ BoppingAround

“Your searches are, at least, sent somewhere (I suspect the search providers) to facilitate search suggestions. Unless you’ve disabled that through the about:config browser.search.suggest.enabled setting.”

I have done a considerable amount of customization in about:config but that will not stop browser finger printing.

I do make copies of book marks on a random machine with useful and random book marks them import them into an html file to avoid repetitive searches [I just click the links in the html file to get to known sites]. I have not used Google in months.

@ Winter

I have used startpage but now just use Ixquick https. But, I am sure that Ixquick is not a charity and does disclose some data on searches for monetary purposes.

@ Leonhart231

Thomas_H [notes]: “Microsoft is also bringing out the same updates under new KB-numbers in an apparent attempt to sneak them past attentive users”

“…this caught me. I had disabled automatic updates after running the above script, installed a couple “important” updates, and now I’m being bugged about Windows 10 again.” -Leonhart231

This is dirty underhanded behavior by M$. It’s just going to drive their core business customers to other products. It’s nasty just to screw the home users but changing KB numbers mucks business users.

Thoth September 6, 2015 3:28 AM

@all

***** A Security Practitioner’s Horror Story Of Using A Crypto Program called RetroShare *****

I wonder how people actually setup Retroshare amongst non-geek friends. No wonder cryptography never took off. I tried setting up Retroshare to test between two devices and it slapped me with the problem of transporting public keys between 2 computers …. PGP full public key chunks.

So how do you setup PKIKEX (Public Key Infra Key Exchange) ?

Well … for simplicity and it’s for test environment, I had my two PCs next to me for the benefit of simplicity. One PC was connected to LAN and the other was using a Mobile network to simulate 2 different network segments trying to secure everything in a low assurance manner…. simulating what if me and one of you guys were to need to execute PKIKEX.

I opened up Cryptocat group chat for both machines (Mobile network segment is via mobile phone tethering so I can’t do much about it). Crypto cat failed to create a common chatroom properly.

I opened another encrypted chatroom called chatcrypt.com and it worked. I assume it’s HTML5. Now I have to do the dreaded PGP’s KEX over no assurance public “encrypted” chat. It’s all good and fine since it’s just Public Keys right ? And the 2 PCs were next to me so for the benefit of doubt, we assume network all green and no spies which is technically unrealistic in a daily hostile environment we face.

Copied and pasted pubkeys for both side and click add ….. It said unknown certificate format for my older client’s pubkey (v0.5) on the newer client (v0.6). It good … because we assume the network is all green, I click on the “Convert Public Key to new format” on the older version Retroshare client and it converted. I re-copied and pasted on the “encrypted” chat and re-do the process (if you fail the process kicks you out). This time it says “Certificate Load Failed ! Missing checksum.”

My mood: ” W** W** W** ???”

I apologize if it’s abit vulgar but … helllooooo ??? This is suppose to be easy to use by simply copying Public Keys ? You feel me ??????

I remembered I done that once and succeeded with one of the founders of Retroshare a couple of years ago (but I lost contact and lost my keyring by wiping my old laptop). It was abit messy but still OK. It was more fault tolerant.

But no more … no more as robust as the old versions.

I decided to re-install my older client to a new client and it wiped my existing Retroshare keypair …. I opened my GnuPG client and confirmed my keypair was wiped. I really scratch my brains hard when I was taken by surprise at the lost of my keypair without any warning notifying me that the keys will be deleted upion re-installation.

I guess I won’t recommend using Retroshare anymore to anyone trying to securely communicate. It packs too much surprises and is just not usable enough to make a user feel comfortable. Even myself whom have been working in the security industry for a little while had to be subjected to such surprises and rant :S ….

I can imagine Laura Poitras and Glenn Greenwald’s first attempts to setup PGP/GPG with Edward Snowden and the great difficulties in something secure to a lower assurance degree …

Requiring the manually copying of pubkey mats from one place to another (good thing the 2 PCs are next to each other during the experiment) via a web-based one-time-use chat eased the situation of dumping PGP pubkeys but could have been improved by simply getting both parties to establish a shared KEX session and transfer pubkey mats while at the same time display some sort of shared session 16 ASCII character (which is 16 bytes / 128 bits) session authentication code where the session code would be split into 8 byte halves which each side must key in the 8 bytes of their side to confirm the PKIKEX session.

In short, this left a bad taste after experimenting with attempting to setup a secure channel between 2 PCs next to myself. How hard can it be ????

Thoth September 6, 2015 4:39 AM

@all
Observations Of An Object’s Transitional Security Level.

1.) A security object created at a low security level is highly unlikely to increase into a high security level.

2.) A security object created at a high security level can be decreased to a lower security level.

3.) A security object created at a higher security level that was decreased to a lower security level can be increased to it’s original security level if the security object’s creation can be testified and no modifications are made at a lower security level than it’s original level.

The main considerations for the above is object data side-channels that are very hard to prevent.

ping September 6, 2015 5:36 AM

Tor-enabled Debian mirrors

“Richard Hartmann, Peter Palfrader, and Jonathan McDowell have set up the first official onion service mirrors[1] of the Debian operating system’s software package infrastructure. This means that it is now possible to update your Debian system without the update information or downloaded packages leaving the Tor network at all, preventing a network adversary from discovering information about your system. A follow-up post[2] by Richard includes guidance on using apt-transport-tor[3] with the new mirrors.

These services are only the first in what should hopefully become a fully Tor-enabled system mirroring “the complete package lifecycle, package information, and the website”. “This service is not redundant, it uses a key which is stored on the local drive, the .onion will change, and things are expected to break”, wrote Richard, but if you are interested in trying out the new infrastructure, see the write-ups for further information.”

[1] http://richardhartmann.de/blog/posts/2015/08/24-Tor-enabled_Debian_mirror/
[2] http://richardhartmann.de/blog/posts/2015/08/25-Tor-enabled_Debian_mirror_part_2/
[3] https://retout.co.uk/blog/2014/07/21/apt-transport-tor

Source: https://blog.torproject.org/blog/tor-weekly-news-%E2%80%94-august-30th-2015

ianf September 6, 2015 5:42 AM

@ Alien Jerky This court case will determine whether data has a nationality.

Perhaps not nationality, but built-in, OR ACQUIRED, geo-fencing. We already know that, due to XVIII & XIXc copyright laws, XXc ebooks—virtual content whose authors have sold rights to publishers—are subject to sales geo-fencing, digital distribution only within preset geographical borders. So, if mail held in a foreign datacenter is to be considered as essentially above borders, why would ebooks not be treated the same?

name.withheld.for.obvious.reasons September 6, 2015 6:19 AM

Last month in Risk Digest there was a post about several TOR admins forbid Windows 10 platforms…the post can be found in the usually spot.

http://seclists.org/risks/2015/q3/18

I am nearly certain that Microsoft is a proxy for CALEA compliance–pushed down to the “computer” and there are commercial interests that have wed MS in this enterprise.

Trade Treaty vs. Privacy September 6, 2015 6:47 AM

The ulterior purpose of the new trade agreement is to invalidate data privacy laws, as treaties supersede national laws. The corporate sponsored puppets in Congress work in absolute secrecy to pass it without even reading it. The quality EU data privacy protections will be declared invalid. Soulless corporations will rule the world – not people.
As proven Windows 10 is pure psychopathic spyware where files and keystrokes are monitored – ten times worse than even G**gle. However you guys omit discussing the
1) evil Trusted Installer taking away system administrator rights
2) or restricting eavesdropping with the Group Policy Editor
3) or only connecting to the Internet (read VPN Kill Switch) when YOU use it

The trade agreement will remove HIPAA privacy protections so profit minded non-medical corporations will exploit our most personal conditions. Even now corporations are creating Big-data for every prescription every doctor ever wrote for every one of us. Be extremely careful with what your family signs at the new doctor’s office especially electronically when no paper copy given!
Even then, the terms are vague unless you research them. Research ‘Rcopia’ and test your power of deduction to determine ulterior motives. Big Data collection is VERY sophisticated today and not to be underestimated. They will use every technique to obscure their real motive.

Thoth September 6, 2015 6:59 AM

@name.withheld.for.obvious.reasons
I don’t think it is a theory of backdoors. M$ history proves it is in collusion with Warhawk Govts. I remember they gave out tools to LEA to intrude into M$ instead of patching them promptly. No one could properly audit their source codes either except the agencies. Just assume it’s backdoored already as the safest measures.

Thoth September 6, 2015 8:07 AM

@all
Hacking the CryptDB by M$ Security Researchers with the oldest trick in the crytanalyst arsenal … frequency analysis.

In fact, any database and database processing must be done in a Trusted and Secure Execution Environment. The moment an encrypted database is being worked on, it starts to leak and the side-channels can be used against it. If it is encased in an environment that prevents logical analysis (no observation of CPU and RAM), physical analysis would be the only way left (power analysis and EM emission). This will remove more side-channels but not all.

In fact, databases are rather insecure in architecture and very hard to implement security correctly especially encryption in commercial environment due to the many architectures of databases where a security module must adapt to each database setup.

Link: http://arstechnica.com/security/2015/09/ms-researchers-claim-to-crack-encrypted-database-with-old-simple-trick/

Tõnis September 6, 2015 8:15 AM

@Trade Treaty vs. Privacy, though I’m generally with you when it comes to the sinister behavior of government and corporations, I must point out that treaties do not supersede national laws. Yes, treaties are law, but like our other “national” laws they must be in accordance with the Constitution, the supreme law of the land. For example, slavery is prohibited by our Constitution, and no treaty made with a foreign power can reinstate slavery. Furthermore, treaties apply to foreigners here at home and citizens abroad; the United States agrees to treat foreigners from a country it has a treaty with the same as that country agrees to treat Americans.

Tõnis September 6, 2015 8:19 AM

Further clarification re treaties —

Even if treaties are provided for in the Constitution, the Constitution cannot conflict with itself. No treaty can lawfully be entered into that somehow negates any other aspect of our Constitution.

No Practical Effect September 6, 2015 8:36 AM

Wikipedia:
“The Supreme Court ruled in the Head Money Cases that “treaties” do not have a privileged position over Acts of Congress and can be repealed or modified (for the purposes of U.S. law) by any subsequent Act of Congress, just like with any other regular law. The Supreme Court also ruled in Reid v. Covert that any treaty provision that conflicts with the Constitution are null and void under U.S. law.”

The practical facts are even if something was not right, powerfull corporate interests will stall issues for DECADES before being decided in the USA court system.
From their rulings, the USA Supereme Court is in the pocket of multinational corporations. Just look at the Hedge Fund laughngstock they’ve made of the presidential elections. Or trying to prove the NSA spyied on everyone. This is why the trade treaty is being kept so secret until after it passes. We are no longer a gov’t of the people, but one of revolving-door between corporations and gov’t.

Thomas_H September 6, 2015 8:56 AM

I have a question to the experts about cryptographically secure open hardware. It has been (and is) discussed on this blog how creating such hardware is quite a challenge, especially in the light of the pervasive availability of hardware that is not secure by accident or design. So my question is as follows:

Instead of creating a whole new system, wouldn’t it be possible to create a network adapter that secures a potentially backdoored or otherwise insecure system from the equally insecure internet? What I have in mind is a ethernet network interface (by preference an internal card) that replaces the on-board NIC of many modern computers, with a completely open and auditable design right down to the components. The firmware can be updated, but only by physically changing a jumper on the card itself and reflashing the chip (like on old BIOSes). Associated to this card is an advanced firewall application, perhaps one that is OS independent (i.e. it is accessed by pressing a key during boot). It likely still would need a way to interact with the OS. The primary objective here would be to have a fairly easy to use option for less technical users.

Please keep in mind that I am only an individual with an interest in risk mitigation and related subjects and some other IT stuff, and therefore have no idea whether all of the above is actually feasible.

Thomas_H September 6, 2015 9:10 AM

As an addition to my post above, I guess the whole solution would fail if it were possible to subvert the card’s firmware. So perhaps an additional question: Would it be possible to somehow separate the system that allows you to check whether the card is functioning normally from the rest of the card? I guess I should phrase that as “Can the system’s physical characteristics/state be checked without actually interacting with the things the firmware actually does?” or “Is it possible to make a recording (imaging?) of a system’s actual functioning to use for comparison purposes, without a subversion of the system itself also subverting the integrity of the image used for control?”. I think it should be possible to physically limit such an event in case of a static system, but am not sure whether it is possible for a dynamic system…

Just throwing up ideas here.

Gerard van Vooren September 6, 2015 12:21 PM

@ name.withheld.for.obvious.reasons

Last month in Risk Digest there was a post about several TOR admins forbid Windows 10
platforms…

Does TOR on W10 make sense? IMO it doesn’t.

On that mailing list, Henry Baker wrote:

We certainly don’t believe Microsoft is going to commit reputational suicide
by messing with user files, may them be pirated or not. Let’s not forget
Windows 10 is an operating system, not our parents, and there’s always Linux
or Mac around the corner.

MS has built the infrastructure to store everything you do. But the real problem, again IMO, is that they are sneaky about it. Why don’t they just say they do this to make money? Why does it has to be legal talk? If they are open to it, it isn’t sneaky any more and people can make proper choices. So they have built the infrastructure and are sneaky. Can such a company be trusted?

rgaff September 6, 2015 1:10 PM

Has anyone slapped that Win10 EULA down in front of a real lawyer and asked them if it’s compatible with a given NDA? I mean, if I’ve signed a Non Disclosure Agreement with some company about their company secrets, and then install Windows 10, and the Win 10 agreement specifically says all private files (including those covered by that NDA) are sent to Microsoft, aren’t I in breach of that NDA by using Win10? How can ANY corporations (other than Microsoft itself) EVER use Win10 in this kind of climate? Shouldn’t all companies be banning their employees from using Win10?

tyr September 6, 2015 1:51 PM

@rgaff

Maybe Bruce can ask Eben Moglen that question ?
He’s the only one I think of as a ‘real’ lawyer.

I’d love to see M$ fighting a lawsuit for illegal
wiretapping in a criminal court over Win10.

Too many of the big corps have the attitude, “Panama
is ours we stole it fair and square” about users
materials entrusted to them.

name.withheld.for.obvious.reasons September 6, 2015 2:20 PM

Don’t worry, SEC filings are going to take a big hit this next quarter. Since the information is “publicly” available proving negligence against corporate boards is a snap…

A senate finance committee hearing in the near future…

Senator Leahey:
“Mr. Grape-Sphincter, when did you become aware that your companies proprietary systems and data might be at risk based on disclosure by Microsoft, wherein the plain language specifying MS may, and shall, access private data stored on a system,any system, running Windows 10 as enumerated in the Windows 10 End User License Agreement?”

Mr. Grape-Sphincter:
“Senator Leahey, we became aware of the language during our beta evaluation of the Microsoft product but were unaware of any intent to actually go through with such actions. Our council and board ascertained that MS would not likely abrogate their relationship with us as a customer.”

Senator Leahey:
“Did you inform board, manager, and stock holders of your decision to move forward ignoring the potential liability to all company intellectual and other in-tangible asset? And, did the risk analysis show that the risk could completely destroy the value and viability of the company?”

RajR September 6, 2015 4:25 PM

Yeah, come to think of it, I wonder if Microsoft’s contracts with NatWest and SocGen will indemnify them from data-exfiltration liability under 15 U.S. Code § 78u–1?

Daniel September 6, 2015 5:06 PM

We certainly don’t believe Microsoft is going to commit reputational suicide by messing with user files, may them be pirated or not. Let’s not forget Windows 10 is an operating system, not our parents, and there’s always Linux or Mac around the corner.

http://news.softpedia.com/news/microsoft-wants-to-block-pirated-content-pirate-sites-ban-windows-10-instead-489827.shtml

Windows 10 is the end for me. For more than a fifteen years I have avoided switching to Linux because in my view Linux is an OS designed by a troll to make its users lives as miserable as possible. But no more. It is not just Windows 10 as such but more importantly the whole idea of an OS as the provision of a service. I simply cannot abide by an agreement that says a third party can access my computer and refuse to tell me what they are doing with that access. No, sir. No way.

rgaff September 6, 2015 6:26 PM

I suppose next all Cars, Refrigerators, and Vacuum Cleaners will be monitoring everyone’s activities to make sure they are not used for anything illegal, and auto-report to their manufacturers and the police everything that is happening? And nobody will care because “they’re not doing anything wrong, so they have nothing to hide” right? I mean, we’ve got to do something to crack down on all this crime happening everywhere, and fill up those prisons we’ve built in every tiny po-dunk town across America. Those stockholders gotta get a return on their investment too in the growing privatized prison system, so it must grow grow grow at all costs…

Dirk Praet September 6, 2015 8:11 PM

@ Tõnis

I must point out that treaties do not supersede national laws.

Err, no. The entire point of supra-national law is that a signatory to a treaty makes a formal pledge to adapt national law where applicable and to refrain from passing legislation that is in violation of said treaty. Over here in the EU, for example, it is mandatory for member states to either translate or incorporate EU Directives into national law, and there’s stiff penalties for those that don’t.

If a treaty is found to be incompatible with a country’s constitution or national laws, the only logical move is to either retreat from it or not sign it in the first place. If post ratification constitutional or “national security” reasons are given for non-compliance, then what you’re actually saying is that you only want the benefits but not the obligations. Which for all practical purposes on the international stage makes you a hypocrite.

@ Trade Treaty vs. Privacy

The ulterior purpose of the new trade agreement is to invalidate data privacy laws,

Too narrow a view, I think. The ulterior purpose of the secret TTP, TTIP and TISA negociations is to work around ANY laws and regulations, national and international, that stand in the way of US and other multinational corporatism. And to isolate China as much as possible in the APAC region.

@ Toth

Re. Retroshare

Jeez. Have you tried I2P or Freenet ?

@ Figureitout

Been doing rudimentary bluetooth sniffing on my campus as a personal research project

We used to have quite some fun with the Firefox Firesheep add-on a couple of years ago. Too bad (nearly) everybody is doing https by default nowadays. Because of that pesky Snowden character.

@ Alien Jerky

This one case will determine — effectively — how far the US can use its own legal system to compel companies doing business within its borders to hand over data it stores overseas.

If the government gets what it wants, Microsoft will most probably be in breach of Irish Data Protection Acts, Safe Harbor Principles and the EU Data Protection Directive. It will also boost further resistance against TTIP in the European Parliament. For once, I actually hope the judge sides with the USG because it would force a lot of European politicians to choose whose side they’re really on.

@ Leonhart231

There’s an interesting GitHub repo with some scripts designed to block the “telemetry” on 7/8/8.1 here: https://github.com/WindowsLies/BlockWindows

Props to the person who took the time for this. I’ve tested his work on a number of Windows 7 and Windows 8.x machines/VM’s and they’re all running just fine, even Windows Update. Just a few remarks:

  • If for some obscure reason you are using Bing, Outlook.com, Hotmail, Skype and the like, you may wish to comment out a number of entries before executing the .bat script as it will make these inaccessible.
  • I’m not sure if adding persistent routes to 127.0.0.1 for all offending ip addresses is a good idea. Better to do this at the proxy/router/firewall level. Same thing for the hosts-file entries.
  • Set your Windows Update settings to something different than automatic downloads and installs. After script execution and reboot on Windows 7, about 5 removed KB’s re-appear. You can then manually hide them (right click).

It’s quite likely that MSFT will sneak in additional stuff, so you’ll have to stay vigilant. My best advice at this time for anyone concerned about Windows 10 data collection and its backports to Windows 7/8 is to either downgrade to Vista or move to OS X, Linux or PC-BSD. For those worried about Apple privacy/security settings, check out Dr. Duh’s fine OS X Yosemite privacy/security guide on Github.

Thoth September 6, 2015 8:21 PM

@Daniel
I am not sure what you meant by Linux was designed by a troll making users’ life miserable. I think you are referring to usability and Linux came a long way despite huge difficulties with having to work as UNIX system and also havig to improve on itself. It has come a long way with many inner and outer battles it had to fight and painful decisions to make which are not always wise decisions.

It had to reverse engineer or make agreements with companies for driver softwares and get them to recognise Linux userbase which is not easy in itself. The huge improvements on the GUI like the LinuxMint flavour is a huge leap in terms of usability. If you have not tried it, you should use a VM and give it a run. Btw, LinuxMint is resource hungry so do allocate 2GB RAM and enable 3D acceleration on Virtualbox VM. That said, I use Windows 7 and LinuxMint frequently and the comfort of using both next to each other makes you forget of the painful path computing was in the past.

Not to forget, Linux Foundation sponsoring the development of Linux kernels is a non-profit organisatiin that relies on donations and gives the source codes freely whereas M$ Windows is a profit earning organisation that have huge marketing capabilities and connections with Govts and agencies.

rgaff September 6, 2015 8:37 PM

@Dirk Praet

If a treaty is above national law, then it is NOT compatible for a democratic or free nation to EVER conduct such a treaty in secret from its own people. Doing so is giving up all democracy and freedom, and signing up for dictatorship instead, by whoever’s in charge of the treaty. Heil Hitler!

Thoth September 6, 2015 9:10 PM

@Dirk Praet
I have not tried I2P but I have tried Freenet when it was new and many years ago. Didn’t really fancy them as Freenet was basically a Java Server running the protocol above Toncat at that time in it’s infancy. I have lost touch with it these days. Mostly stuck with TAILS since all you need was a live CD that gets the job done albeit the CD could have been an OpenBSD instead of a Linux distro and it had it’s shares of problems.

The setup for the two Retroshare is to simulate a Bittorrent Sync scenario where you use a device to upload files in encrypted form across firewalled networks in a distributed style to a portable DMZ file server and I thought Retroshare fitted the bill (old Retroshare would be able to do that) but it seems to not be able to handle a simple PKIKEX to move to next step. I avoided the use of Bittorrent Sync due to their unproven and closed source nature.

Another thought might have been to leverage GNUnet though but I have motbsat down to read about it.

Buck September 6, 2015 10:20 PM

RE: Freenet, I2P, RetroShare, Tor, etc…

If sharing among a close group of friends, why bother with any of these…? Why not just use HTTPS like most of us do to protect our bank accounts and dick pics!?

If you use a privacy oriented software product, won’t you just stand out more to those who are looking for that sort of thing?? The encryption part has already been worked out pretty well; sort the metadata issue out in-person when possible.

Thoth September 6, 2015 11:03 PM

@Buck, Dirk Praet
It’s an experiment as I have stated. HTTPS is useful to obfuscate and in the previous Squid blog, I did post a scheme using HTML to establish a secure channel which @name.withheld.for.obvious.reasons told me about “Blue Light” which @name.withheld.for.obvious.reasons have not replied me yet.

The main thing is how fast can you put together all the items and in easy manner. Think COTS (Commercial Off The Shelves) products or FOTS (Free Off The Shelf) vs. custom developed.

Apparently most secure protocols are not plausibly deniable and would make you stand out. HTTPS may also attract attention (that’s in the past when it is less common) but due to the mass adoption of HTTPS, it becomes more common sight and raise lesser alarms but again, any state actors seeing HTTPS might be tempted to do something to it.

HTTPS connections are not immune to metadata leakage anyway and becomes much more obvious than things like TOR although TOR is not all too immune from it’s own leakage either but someone not properly equipped (a Medium Strength Attacker threat modelling) would assume incomplete vantage point of TOR network and would take the lower hanging fruits of HTTPS channels and SSL/VPNs and what not since they do not take effort to confuse and route. If you are talking about High Strength Attacker threat modelling, that is to assume full vantage points of all networks, then the TOR will not survive it either.

In fact, most transmissions would leak in a way or another just to what extend you want to be protected against in your threat modelling.

Links:
https://www.schneier.com/blog/archives/2015/08/friday_squid_bl_1.html#c6704724
https://www.schneier.com/blog/archives/2015/08/friday_squid_bl_1.html#c6704728
https://www.schneier.com/blog/archives/2015/08/friday_squid_bl_1.html#c6704729

Nick P September 6, 2015 11:04 PM

@ Buck

I think, if it’s dick pics, we should be doing HTTPS with port knocking at a minimum. You can’t go too far, though. Implementations such as OTR have perfect forward secrecy. That would mean they get my dick pic in a session then forget about its existence from that moment forward. That’s not the kind of results I expect to get for the data I’m delivering. So, HTTPS with some additional security layers is reasonable.

Figureitout September 7, 2015 12:31 AM

Thoth RE: ROM/EEPROM encryption
–Is it more AES-256 or is it some of the newer algorithms? Looks like most DES or TDES for javacard. Does one have rudimentary ability to verify the implementation in a small/mid-sized workbench or need the $100,000 tools? What debugging ports are there that are easy to get at on a smartcard? It’s very touchy since any mistake will be a nice hint and there’s all kinds of weird bugs when you put power at lower boundaries.

RE: Infineon SLE78
–I’m seeing a 2 page datasheet for it w/ a phone number to call, do you have a copy of it? In my initial research of the TI AM335x and how coreboot works I’m blown away by simply the amount of features available (on the chip, coreboot just has to as they said, deal w/ lots of history)…The need for an open workhorse is for me trumping something like an array of 8bit micros w/ better isolation and checking (I do like the ATtiny, it’s a surprisingly powerful yet small chip).

I want to see more w/ the actual implementation of the encryption, file system & file encryption are 2 more magical areas to me still (mainly keeping track of the file or an address is the biggest mystery to me). Need more info on the chip and ability to dig around to feel more comfortable.

RE: bt sniff
–I like to be aware of my surroundings too and aside from a personal security measure it’s meant to help my colleagues walking around from continuously exposing themselves to trivial recon. I’m willing to argue in court over if need be (and maybe help the judge up his/her OPSEC lol). Literally attacks can be launched from anywhere today. Based off some of the research going into detecting stingrays, that’d be a nice thing to map out as well for public protection since I want to connect to actual real/legal phone networks too and make sure warrants and the legal system is used how it should be; and again will be happy to go to court and argue over it (sounds like lots of people get their cases dropped when asking about stingrays lol).

Dirk Praet RE: firesheep
–Were you going to let the people know or were you just having fun lol? I don’t like using the public wifi on campus but you have to install some programs to use the “secure” wifi.

65535 September 7, 2015 12:32 AM

@ Winter

“Startpage…”

Yes, I know startpage is by ixquick. Ixquick https is just my preference.

@ rgaff

“Has anyone slapped that Win10 EULA down in front of a real lawyer…”

That is a good question.

We know that Bill Gates’ father was a lawyer. I would guess he may have read it – but possibly not.

I wonder how the TLA’s and the US government are handling Win 10 and the back ports to Win 7/8.

The next question: How Russia, China and Iran are handling Win 10 and the back ports to Win 7/8. One would think they would be concerned [Maybe China has adjusted their Great Firewall to block communications – but maybe not].

Clive Robinson September 7, 2015 2:03 AM

@ Thoth, Buck, Dirk Praet, Nick P, and others,

HTTPS connections are not immune to metadata leakage anyway and becomes much more obvious than things like TOR although TOR is not all too immune from it’s own leakage either

To limit meta data leakage you first have to think from the lowest layer your enemy can observe upwards not top down as many protocols are designed. To work top down is a guarantee of failure.

For the sake of argument –about Win10 etc– let’s assume the only thing your enemy can see is data you put onto an external network and only from where it enters that network onwards. Further let’s also assume they can only passively observe to avoid issues of error/fault injection attacks opening time based and other side channels. Also they have no past knowledge in any form of you or those you wish to communicate with that they can use as possible plaintexts etc etc.

What can they see if it’s unprotected, well the data, the recipient, the rate and tempo it is sent at, the time it is sent, and the length of the data. All of which can be used to enumerate you and the recipient of the data.

We know that we can use encryption to hide the content data, but the network has to be crypto aware to hide the metadata. Further the network has to be crypto aware in a way that enables anonymous routing of the data as well.

And that is about as far as TOR goes. Because the end users are not part of the TOR network, the entry and exit points can be observed thus traffic can be cross correlated by the rate, tempo, time and length of the messages sent and received.

Thus firstly the client must become part of the network, not just connected to the network and thus carry others traffic as well as their own, such that correlation becomes much more difficult.

The tempo issue can be fairly easily removed by changing the network from packet switching to circuit switching, but has the down side as in a voice channel of significant inefficiency. Thus the client needs to generate padding traffic to keep the data rate constant as well.

To claw back some of the inefficiency one way is to increase latency in the network at a node by making it not just a switching node but a store and forward node. This enables you to go back to the more efficient packet switching at a higher level that the enemy observer can not see at the lower circuit switched level (providing they cannot observe the difference between data and padding traffic). This also helps in hiding both the length and time, because individual data messages can be fragmented and mixed together, thus reducing the need for non data padding traffic.

However there is still another issue with client nodes that can occur which is how many circuits they have open at any one time. For efficiency they need to be as few as possible, for data hiding they need to be as many as possible. Obviously the two are not directly compatible and a compromise has to be reached some how. Well one way is to decimate in time, that is you have the efficiency of a minimum number of channels but you switch circuits fairly rapidly for fixed time durations.

Adding these additions below what ToR currently does is not going to be easy, for one because traffic will need to be switched from TCP to UDP and have different ways of ensuring the same results as TCP, because simple tunneling won’t work. Whilst this is fairly trivial for non interactive traffic it’s actually quite difficult for interactive streaming traffic such as voice and video comms.

But there is still a lower issue in the design that has to be considered. ToR assumes that the network is fairly uniform in design and thus the physical layer is like a “net” not a “hierarchical star” which is more accurate currently. Thus a major problem is that nearly all ToR traffic ends up going through just a handfull of Internet nodes, that just happen to be in FiveEye country. This means that interactive streaming traffic is going to be even more difficult to hide from FiveEye monitoring due to having minimal latency. This means that, not only does a traffic hiding network need to be activly aware of the underlying physical layer networks, there is also some traffic –low latency high bandwidth– it should not carry in certain areas or at all.

Thoth September 7, 2015 2:47 AM

@Figureitout

RE: ROM/EEPROM encryption
I am not sure if it’s AES or DES-based encryption. I doubt my smartcard vendors know but I can try asking them.

RE: Infineon SLE78
I am also seeing a 2 page document that I posted. Again, I am pretty sure that’s another NDA stuff which I hate because I don’t know what’s in it.

RE: bt sniff
All I can say is a Good Luck. Laws are very grey around the world and it really depends. If you have anything secretive or sensitive, you better make sure you can nuke them nice and clean at an instance. You know they will not leave any stones untouched when they decide something.

@Nick P
Are there any materials on converting Haskell verified stuff to C codes ? I heard the GHC is really bloating ? How can Haskell be verifiable ?

A little update on Genode. It’s really messy and one moment you can be doing something in a directory like doing a make and next moment in another. Not a lot of straight answers and mailing lists always is busy. Turaya requires TPM modules in place to run and that is a hindrance. Imagine if you want to test it out in a VM, you have to find a way to get it boot with a TPM which is a Perseus design but it’s not convenient.

ianf September 7, 2015 3:49 AM

@ Daniel … for more than 15 years has avoided switching to Linux because in his view Linux is an OS designed by a troll to make its users lives as miserable as possible. But no more. It is not just Windows 10 as such but more importantly the whole idea of an OS as the provision of a service.

Out of curiosity, you speak out as if there only was one alternative OS, the troll-offspring Linux (or its many flavors). What about the OSX – while I’m sure Apple isn’t exactly blameless in the surreptitious “reporting back to  Mothership” department, somehow we don’t hear about its (haven’t read closely) up-in-our-faces potentially user-hostile EULA provisions. Plus, it’s a bona-fide *nix under the hood if one desires it.

Perhaps my outlook is different because my first microcomputer was for the time vastly advanced BBC Micro (followed by Compact—both BBC Basic with inline 6502 assembler), which gave me enough of an experience to bypass the then emerging (cheaper hardware) Windows & go straight to a Macintosh – which, imperfect though it was, worked more or less out of the box. 25+ years ago I taught “computer literacy” classes for a time… my pupils, older than me, newly downsized technicians, engineers etc, never got the hang of MS Windows… they went around shlepping BINDERS FULL OF COMMANDS written down in follow-the-teacher fashion:

REPLACE TEXT ON SCREEN
1. Click with the left mouse button inside a window
2. Find the cursor
3. Click (still with the left mouse button) in the spot you want to insert new text
4. Click AND drag the cursor over the word or words you want to replace
5. Let go of the mouse DO NOT CLICK IT
6. Type in the replacement over the selection
7. Or hit DELETE on the keyboard

I kid you not.

(Instructions on how to set up a scanner usually took ~5 pages).

BTW. As late as last year I made a lasting impression on a highly-paid international bank’s executive by off-handedly showing him how to reply to email without laborious manual removal of automatically pasted-in inclusions (which could not be unset in preferences): by Selecting-All in the reply field, then typing OVER it (I dared not confuse him with triple or quadruple clicks ;-))

MS Windows – latest among Satan’s gifts to Mankind.

Curious September 7, 2015 4:12 AM

Btw, if Bruce ever wanted to make a comic novel about the internet and computer security, I suggest looking at the stuff that Scott McCloud has done to get an idea of how that stuff looks like in book form. He did a thing for the Google Chrome browser some time ago, but is probably known for his comic novels/books on comic art: Understanding Comics (1993), Reinventing Comics (2000), and Making Comics (2006). 🙂

Curious September 7, 2015 4:37 AM

Off topic:

Too add to my previous comment:
Here’s a Ted talk with Scott McCloud from 2005:
http://www.ted.com/talks/scott_mccloud_on_comics

One interesting thing with comics that this guy already pointed out in Reinventing Comics (2000), is that, with computers and the internet, you can get to have a new format and new flow to comics (“infinite canvas”), no longer restricted to going from page to page with the classic paper format setup. Presumably, you could update the comic this way as well and make corrections. Having said that, I suspect that reading comics in general on a computer probably isn’t too appealing, unless, the content is somehow something of personal interest (that you really want to read), or being something new (as in weird/strange).

Clive Robinson September 7, 2015 4:56 AM

@ ianf,

… by off-handedly showing him how to reply to email without laborious manua removal of automatically pasted-in inclusions (which could not be unset in preferences):

Knowing that that is one of the biggest security weaknesses in Email for several reasons, and also it’s both a real anoyance to many users and an impediment to efficient working, I was left with the thought “Why did they not make it easier/configurable?”

My thought has thus been over many years, because it makes the use of “known plaintext” so easy. That is for automated tools as well as forensics and the likes of the FiveEyes with weak crypto such as bad modes and improper stream cipher usage.

However if I had said the “FiveEyes” prior to the Ed Snowden Revelations I would have been attacked on this blog. Just as I had over my comments that under BRUSA –later UKUSA– the UK spied on US Citizens for the US whilst they spyed on UK citizens for the UK all so Politico’s could claim “We do not spy on our citizens”. Likewise when I said that “plaintext, standards and implementations” would be the routes that the NSA and GCHQ would opperate, hence my suspicion of why MS putting large amounts of known or easily guessable plaintext at the front of their propriortrey file formats.

I guess since the MS recent changes to the EULA for Win10 and the obvious spy ware, few readers here are going to argue MS is innocent of the historical charges of being helpfull beyond accident to both the IC and LEOs, especialy the old NSAkey as well…

name.withheld.for.obvious.reasons September 7, 2015 5:09 AM

@ Toth
Before I explain some things about “Blue Light”, I thought others would do a little research and determine the nature, history, and operation of the original system(s). In lieu of informative data, let me subsidize the conversation with additional data….

A little background on how “Blue Light” works:

1.) Protocol for network management is present at the application layer on the client side (think of it is 802.1q or even 802.3) run from within the client browser and the server side process space.
2.) Network sessions/sockets/connections are virtualized above this layer, the creation, tear down, and reuse of connections is a process within the browser setup during the initial call to the server. Think of it as the TCP/UDP stack for the network.
3.) Servers, and this is where they got it right, had exec loaders modified to decrypt server side process binaries/stubs (in this case DLL’s, it could be shared libraries or a.out/coff formats) that were invoked by requests from the clients. This protected the application that serves as the network management layer from MITM attacks or subversion.
4.) Summary of client network connection operations:
a. The initial network connection, made by the client using a broswer, connects to a remote connection server via HTTP (server side OS modifications to the loader/exec stub interface/system call functions.) to establish the first OSI layer (2) of abstraction.

b. The client side browser having bound socket(s) to the remote server starts pushing network management, protocol, and status data over HTTP to the server on a continuous basis to create, extend, or constrain the virtual network fabric. Newer browser network protocols (stateful connections and support for UDP in/over HTTP(s)) could improve performance significantly. It is at this point network binding is performed

c. The client can encapsulate packet/frame data using a number of different methods and could achieve significant improvement in network integrity and security with support for vary large encryption keys. Using the newly establish “network fabric” the client and server can begin transiting data.

NOTE: recently I thought of using PGP/GPG as a packet encapsulation encryption method. Use the process space of the client to encrypt the data portion of the packet/frame (calling in/out from the browser). Of course session establishment requires a more complex and expensive connection (binding) cost.

d. Other process spawned by the browser form a kind of vproc interface to the abstract network fabric and can be run out of the browsers process space of, depending on the implementation, separate from the browser using an IPC interface.

Believe me, this is a quick 30,000 ft view of the inner workings…let the question portion of the conversation begin. Try to respond when I have time off from working…

Winter September 7, 2015 5:24 AM

@ianf
“25+ years ago I taught “computer literacy” classes for a time… my pupils, older than me, newly downsized technicians, engineers etc, never got the hang of MS Windows… they went around shlepping BINDERS FULL OF COMMANDS written down in follow-the-teacher fashion: ”

I think you must be careful about discriminating against the next generation.

Here is a story about 10-11 yo doing things I could not even dream about at that age.

The Raspberry Pi is succeeding in ways its makers almost imagined
Kids don’t want to code. They want to solve problems us oldies can’t perceive
http://www.theregister.co.uk/2015/08/27/the_raspberry_pi_is_succeeding_in_ways_its_makers_ialmosti_imagined/

“Grandpa is getting pretty old. Out there all alone on that farm, he has no one to look in on him, just to see if he’s ok. He’ll use the landline, but he’s beyond of the range of mobile, and he’s never been really great with computers. No Skype or emails. Grandpa does have internet. So I built this for him.”

The girl points down to a small box with a few wires coming out.

“I can bring up a web browser, and take photos inside grandpa’s house. Has he moved his coffee cup today? Is the telly on? At least then we’ll know he’s okay. And I can even type messages” – she changes focus to a textbox inside a web form – “that show up on top. We used ImageMagick for that part…here, you can see it in our code.”

Fingers fly across the keyboard, and now I’m reading the source code for an index.php page, another marriage of convenience between HTML and PHP. How’d this girl – all of eleven years old – learn to do this?

Clive Robinson September 7, 2015 7:44 AM

@ Winter,

How’d this girl – all of eleven years old – learn to do this?

Never underestimate the powers of a bright pre-teen girl, they can be very very single minded and determined, when they want to be, especialy if they are not as “girly” as the others in her class/year at school.

I’ve mentioned before that years ago (83ish) I was involved with running a computer club. Well we held a competition to make a computer game and demonstrate it. The girl who won was 11 or 12 and wrote her game to run on the Jupiter Ace which was effectivly a ZX80 clone running forth… And yes it was all her own work, her dad who worked for Amhdal doing “systems stuff” could not understand her code, but she could explain it well, as we found out when we had a guest speaker who was a Forth aficionado most of us sat there looking interested but dazed she sat there in the front row on the edge of her seat eyes wide with interest and determination. She asked all sorts of questions afterwards that even stuned the speaker. From what I heard she went on to get her PhD in mathmatics well before she was thirty and became a wizz kid analyst in the city of London.

So yeah when such a young lady comes along if you’ve got any sense you’ll get out of her way before you become “road kill”. And if you are smart and the right age as well get tucked into her slip stream and hang in there, the journy is probably going to be more fun than surfing in a Hawaian storm surge 😉

Winter September 7, 2015 8:29 AM

@Clive
“Never underestimate the powers of a bright pre-teen girl,”

I never do. Experience have made me wiser. It is a pity that boys of that age can get demotivated from being around such girls. It would be nice if we found ways to convince the boys that if they persevere, they can eventually get at the same level. 😉

@Clive
“From what I heard she went on to get her PhD in mathmatics well before she was thirty and became a wizz kid analyst in the city of London.”

That sounds like a waste of good talent.

sena kavote September 7, 2015 9:06 AM

re: Microsoft storing emails in different country

Seems to me that an email company could encrypt emails on storage and rent space on it’s datacenter to a different company registered in that country for storing the encryption keys.

User’s web browser gets the encrypted data and the key directly from those companies, and then decrypts with javascript or html5 script running in browser. No change in user experience necessary, except maybe longer password. One possibility is that login screen sends only one part of the password and uses other part for decrypting the key locally. Encrypted encryption key (with possibly a salt) is fetched every time when logging into the email site.

Googles gmail etc. could still extract keywords from emails for marketing purposes before encrypting.

Users would like to adjust the local password hashing difficulty depending on security requirements and computing power of the machines used. Is it currently possible to use GPU’s general purpose computing power for speeding up day-to-day use of encryption, whether key hashing before booting, before email decrypting or during running decryption after getting the actual key? I mean openCL or what is with the new Vulkan API for so called videocards. Users would also like to hide the security level, if possible.

Other thing about Email encryption

When unencrypted / plain text email is sent for example from Yandex.ru to gmail.com, that email could be encrypted from yandex-to-end with a symmetric key that is sent to yandex by using a public key. The gmail user would have to send a public key encrypted email to some special yandex address. No action needed from the other party of communication. User could choose if metadata is visible or if all messages from a given period are sent as one encrypted blob of data from a special address.

The GPG program coming with every Linux distro that I have tested, can include a symmetric key in command line or bash script for more convenient decryption. Difficult to find that option in gpg man page.

Disk encryption

One solution to inconvenience caused by long password hashing would be to boot less secure system partition while in parallel hashing keys for data partition. Especially with spinning disks the bottleneck in normal booting is on data transfer from disk, not on computing. (With encrypted SSD on low-end computer, the bottleneck is on computing.)

I imagine this parellel booting while hashing would be practical only with Linux or some BSD, not with Windows or mac. Linux may also need systemD since it enabled doing things in parallel during boot.

From system partition at least /tmp , /etc and /var/log should be encrypted.

BoppingAround September 7, 2015 9:15 AM

rgaff,

I suppose next all Cars, Refrigerators, and Vacuum Cleaners will be monitoring
everyone’s activities to make sure they are not used for anything illegal, and auto-
report to their manufacturers and the police everything that is happening?
[…]
and fill up those prisons we’ve built in every tiny po-dunk town across America

I doubt there will be any need for prisons besides, maybe, isolating the most dangerous criminals. That whole half-sentient environment you imagine, environment that is monitoring and grassing on you, is just one global prison [with virtual geofencing].

Dirk Praet September 7, 2015 9:59 AM

@ Figureitout

Were you going to let the people know or were you just having fun lol?

Add a bar, open wifi and a projector. Quite some people totally freaked out watching their messages and pictures being posted on the wall.

@ Buck, @ Thoth

If sharing among a close group of friends, why bother with any of these…?

Because it’s exactly what Freenet and I2P (peer to peer networks) were made for. For Freenet, exchange node names, set to darknet mode and you’ll be connecting only to and through people you both trust.

I2P supports Tahoe LAFS and has been added to TAILS, by the way. Just boot it with additional argument “I2P”. Downside is that they’re both Java based – meaning unavailable on mobile Apple platforms – and need some router/firewall fiddling when running different nodes on the same NAT’ed network segment.

@ rgaff

If a treaty is above national law, then it is NOT compatible for a democratic or free nation to EVER conduct such a treaty in secret from its own people.

You’re stating the obvious. However much I appreciate your indignation, may I cordially invite you to become a signatory to the Godwin Treaty? Regular nazi comparisons are one thing, but shouting out “Heil H*tler” on a public forum really is a bit disturbing. Whatever the context.

@ Sena Kavote

One possibility is that login screen sends only one part of the password and uses other part for decrypting the key locally.

That’s kinda how Protonmail and the likes work. A user has two passwords: one for authentication, and one for en/decryption. All email storage and transmission is encrypted, and the company only has the authentication hash so can’t decrypt message content, even if asked for by authorities.

I’m not sure about your approach of the metadata, though. The only email solution I know of that approximately tackles this are type I/type II remailers, but they suffer from different problems.

CallMeLateForSupper September 7, 2015 10:21 AM

Phil Zimmermann doesn’t use PGP, because there is no PGP app. for any of his i-devices.

http://motherboard.vice.com/read/even-the-inventor-of-pgp-doesnt-use-pgp

The article repeats the now thread-bare and dog-eared contention that learning and using PGP is painful for non-techies as well as prone to fatal user error(s). My personal experience has shown that that stance is a gross overstatement, on par with the position that SIGINT is going dark because of strong encryption. But that is another story.

It seems to me that a dearth of PGP apps. for i[device] actually is not crimping Phil’s style. First, Phil no longer controls PGP and is, in fact, off to other pursuits (hopefully not a re-think of Bass-o-matic). Second, he still advertises his -> 1024-bit <- PGP key.

Nick P September 7, 2015 11:49 AM

@ Thoth

“I heard the GHC is really bloating ? How can Haskell be verifiable ?”

I wouldn’t call it bloated as much as complex. The language, its type-system, and the compiler all do a lot to ensure both correctness and performance. They also don’t write them in a way for verification. So, it’s not going to have source-to-object verification past informal review or testing. ML, on other hand, has a certified compiler called FLINT. The Ocaml compiler is apparently modular enough that it was used to build a DO-178B-certified, code generator (Esterel SCADE). So, using those would be easier. Perhaps a subset of Haskell that can be translated to them for certified compilation.

“Are there any materials on converting Haskell verified stuff to C codes ? ”

That’s probably going to be too much for you. 😉 The team that did that was the NICTA seL4 team. They essentially used Haskell as a specification and modelling language for the system with a corresponding implementation in C. This took a way to represent both the Haskell and C code in Isabelle Higher-Order Logic. They also had to connect them. I believe they also built a tool to generate Isabelle/HOL from C and/or Haskell to save typing. It was all several man-years worth of work for a mere separation kernel.

The results of that appear to be available in the “specs” folder of seL4’s Git. So, you can look at that to see what it looks like, esp assessing how a visual correspondence might be done. I think this is the fundamentals behind how they developed their tools. The references in this paper have most of the details. It might be easier than I thought or harder. Not sure.

Chlipala’s Dependent Types research seems to be getting a lot done with a bit less difficulty. He also has a book on how to do it. All of that is here. He’s more focused on correctness than security but correctness of a secure design is pretty good in itself.

re nCipher OpenBSD

Smart choice. I’m pleasantly surprised. I mean, I could imagine better solutions. However, IBM’s had a shitty RTOS in it so this is an improvement. Combining OpenBSD with control flow integrity and some memory leak protection would go a long way.

Figureitout September 7, 2015 12:34 PM

Thoth
–Yeah that’d be hilarious if the vendors don’t even know what encryption algorithm, I’d say that’s a “red flag” on that vendor.

RE: infineon sle78 documentation
–I mean, that’s what I don’t like about that industry too, I don’t believe it if I can’t see it. This is why I like vendors and chips w/ much easier to access to documentation that actually tells me something (sometimes you need to consult FAE’s (get in contact w/ the real engineers, not the sales people that’ll just contact the engineers) for tricky bugs and even still for some IP that is leading the market they won’t let you see that code, only calling a compiled function…but it would have minimal “security” application, only some insane potential bugs/holes like code injection or data leakage via an LED lol).

Found a 4161 page(goddamn, long!) document on TI AM335x chip, was getting pissed b/c the datasheet wasn’t helping much. Example initialization code is very nice too but I hope to get to where I don’t need that.

RE: legal concerns
–Appreciate it, but I’m fine. I like to push weird situations sometimes to see the legal system contort in awkwardness lol. I’ve had things I care about tucked away for quite some time and operate on an “open basis” now w/ a drive towards knowledge (I don’t care if someone wants to watch me read or work lol, it’d be a compliment (or sign of mental illness) if someone was that obsessed w/ me lol) and an assumption of compromise. I’ve got lots of TTL chips which I can use for simpler interfaces and maybe some “logical guards” when I’m ready for that (in school we’re getting into FPGA’s right away which is sweet). If I have an actual new idea/design in computing realm which I want credit for and can see a path to implementation that’ll change, but I doubt it; quite happy w/ what we have now.

Dirk Praet
–Lol, I keep getting these urges to change TV channels/volume in bars (some “Americano’s” will have a ragefest if say on “football sunday” the channel keeps changing lol) b/c now some android phones come w/ this app and IR LED that can control just about every TV manufactured today. There’s only been 1 TV that it didn’t work and I think it was ignoring IR, think I’ve seen that setting before.

Also, MIT can do hacking stuff and not get in trouble for fun and it’s a tradition; why not other places?

sena kavote September 7, 2015 3:50 PM

Some security limitations

Does any bank have a security feature that allows to define places where a card is usable at what time for what amount of money?

For example, bank customer might list the exact cash dispensers where the card works to a limit of 1000 euros, but only at 7-20 i.e not at night, and at 5-7 and 20-23 ie morning and evening it works to a limit of only 150 euros. Or draw limits on a map to define where the card works. Or put a point in map and define that card works on any ATM within 120 kilometers from that point.

Similar rules could work with internet banking and email providers by using ip geolocation or triangulating pings (using millisecond measurements of signal delays). Customer / user might define that some activities are possible also via a tor-exit node or some specific VPN.

Customer / user could limit email to read-only at certain times or require a longer password for reading email older than 9 days…

If the ruleset gets complex enough it might be easier to handle by editing text files instead of using GUI of interactive web site.

It could be like managing sudo in unix.

Heli drones

I remember hearing about signal lamps meant to warn aircraft about power lines, that could take energy from the power line they are attached to. I wonder if battery powered rotary wing drones could also take energy from similar lines either by hovering above while hanging something or by attaching. If so, how to handle the proper billing for electricity consumed? Delivery and surveillance drones could use those lines on longer trips.

BoppingAround September 7, 2015 4:23 PM

CallMeLateForSupper,
Doubly ironic, taking into account his use of ‘i-devices’. Which do not have a stellar record when it comes to privacy and security.

kxUFV September 7, 2015 5:45 PM

More proof that the mayor of Boston is CIA.

http://www.paulcraigroberts.org/2015/08/17/fbi-evidence-proves-innocence-accused-boston-marathon-bomber-dzhokhar-tsarnaev/

Crack FBI evidence-fabricators combed the “digital evidence,” http://www.justice.gov/sites/default/files/usao-ma/pages/attachments/2015/03/25/exh_1387.pdf

“i wanna bring justice for my people.” Well, then, that proves it, open and shut.

MIT did their patriotic duty of fake terrorism, http://whowhatwhy.org/2013/05/23/officer-collier-shooting-rosebud-moment-of-the-boston-bombing/

Dirk Praet September 7, 2015 7:11 PM

@ CallMeLateForSupper

Phil Zimmermann doesn’t use PGP, because there is no PGP app. for any of his i-devices.

Which is felgerkarb. There’s oPenGP and iPGMail for iOS and GPGTools for OS X.

I think the simple truth is that Phil – just like a musician who has grown tired of his greatest hits – moved on years ago and finally called it quits when Symantec acquired PGP Corporation in 2010. On top of that, Werner Koch in Germany has been developing and supporting GPG since 1997, so why bother anyway. Despite all of its shortcomings, PGP/GPG to date remains a valuable tool in the arsenal.

Thoth September 7, 2015 7:46 PM

@Dirk Praet, Clive Robinson, Buck, secure comms et. al.

“you’ll be connecting only to and through people you both trust.”

Ouch … that means an observer knows who are your trusted friends and can narrow down themselves much more easier. I would say randomly jumping between nodes would be fine.

@Clive Robinson’s description of secure comms are by far the most interesting and I feel it has the best ability to hide as much leaks but may not be so enthusiastically adopted by everyone who wants to do a whole lot more things than just surfing the web, emails and chatting.

@Nick P
re: Haskell to C
I guess it’s just back to C codes to do code cutting to create system level stuff. Just need to be more careful when cutting codes.

re: nCipher HSM
Thales nCipher HSM uses tons of COTS. Freescale PPC crypto-chips, OpenBSD, secure channel via modified SSL …

HSMs (non-EMSEC protected) weren’t all too strange and hard. Someone just gotta do something.

That was also me dumping a reminder to myself to pick up the document on different network segments 🙂 .

@Figureitout
re: Unknown memory crypto algo

Yea, it’s quite ashamed most vendors couldn’t answer a lot of deeper questions and simply throw me standards manual and ask me to read. It works the same way that as a HSM distributor, most of them have little clue what’s in that metal box doing and selling in a generic “Oh … so secure device” mode. Seen it for years and it’s yucky but hey … they want a few bucks.

re: SLE78 chip
Agreed. I think I wrote about distributed keystore in previous post for the sake that there’s just that too many blackbox crypto chips to store a key. They are nice to be used for storing key shares (not direct keys) and your CPU processor can be a normal unprotected open source core or something along that line albeit the risk someone taps
the CPU but using ORAM methods, it might work to make operations oblivious.

re: Legal Concerns
Just make sure your keys and secrets on the safer side. One touch nuke’em kind.

CallMeLateForSupper September 7, 2015 7:51 PM

@Dirk Praet

Yeah, Zimmerman moved on quite a while ago. I think he’s dropped email/file encryption and taken up secure messaging and VOIP; he’s really into those iDevices. Another thing that struck me as telling was his saying that he has been wanting to try Linux and do GPG on it but hasn’t “had the time”. Maybe he thinks Linux still has a steep learning curve. Oh well…. his problem, not mine.

Thoth September 7, 2015 8:22 PM

@sena kavote
Banks do allow limits set on their bank and credit cards. I have been seeing tonnes of latest security feature notifications (as account customer) advertising location based security on cards.

You could technically set Tor activity limiters but again, it is not all too hard to bypass those limits by routing to a badly configured node (suicidal) or something along that line.

Boston Photo - A Sight to Behold September 7, 2015 9:31 PM

More proof that the mayor of Boston is CIA…

Someone with a high-rez Sony NEX camera was in the right place at the right time.

Within a few hours after the Boston incident i was able to quickly copy this smoking gun photo of military and contractors on phones with backpacks. The American press ignored it!

https://www.sendspace.com/file/4przso

Buck September 7, 2015 10:20 PM

What I said yesterday was mostly in jest, but there is a hint of an idea hidden in there somewhere… 😉

Tor’s number of daily users is measured in the hundreds of thousands. The number of visitors to the biggest websites is millions to ten million. Almost all of these allow user posted content.

Malware writers are starting to get hip to the idea of hiding C&C traffic in plain sight. A clever privacy advocate could possibly leverage such techniques for private comms. Similar traffic correlation attacks could be used as they are to unmask Tor users, but that would only be done if suspicious activity is suspected (i.e.: the use of privacy-oriented software). The trick is to really blend in with the mundane crowd. Privacy advocates do at least have one advantage over the malware writers: they’re not actively trying to disperse malicious code…

Trendmicro has a nice three part writeup, ending with:
Steganography and Malware: Final Thoughts
ACM also has a nice paper:
Trends in Steganography (paywall, but you can read in Google’s cache)

It’s no good for voice or video, but I can think of quite a few methods for hidden encrypted text channels.
“Blue Light” sounds pretty interesting though, I’ll have to think about that some more…

Nick P September 7, 2015 10:58 PM

@ Thoth

re Haskell to C

Not necessarily. You can always use DSL’s like Ivory, variants like Cyclone, subsets like MISRA-C to use with tools like Frama-C, safer languages that compile to C, or even a subset of a Scheme that compiles to C. Many possibilities. Vanilla C being the most boring and dangerous.

re nCipher HSM

It’s a computer hardware business like any other. They just need some extra features (eg tamper detection) in there and whatever minimal amount of assurance activities lead to a certification. 🙂

re Failure to Learn From The Past meme

Seeing it again with Debian team worried about reproducible builds in terms of NSA subversion, etc. I point out that this is a long-solved problem using certifying compilation with several examples whose code and docs are avaiable. Got one comment noting some issues and learning from the solution. Overall, problem will remain because they won’t use tools that will solve it. Despite one (CompCert) made specifically for their favorite language. 😉

Bout to add to that with a few examples of my layered method. Debian will remain easily subverted because you have to be able to understand the code to protect it from subversion. No user is going to understand a pile of GCC code lol. They might understand CompCert, FLINT, or Oberon, though. I bet $20 they don’t get used.

Curious September 8, 2015 1:37 AM

Off topic:

There might be an opportunity for me to go buy a new montitor soon (replacing a 5 y.o. flawless Eizo monitor), but I am horrified to even think that a new screen might have a flawed pixel somewhere. I don’t want to pay lots of money to maybe end up having 2-3-4-5 unruly pixels. The terror.

Curious September 8, 2015 2:20 AM

About privacy: Having glanced at a headline in an article somewhere, I wonder what UN’s “first privacy chief” Joseph Cannataci has to say about search engines (and others I guess) indexing people’s more private information.

I would think that the monitoring, gathering or collecting of information about people on the internet (an maybe other sources) should be considered to be a much larger issue than simply being some testament to people’s lack of will, or a lack of need, to secure their privacy, as if it was then argued that “people don’t care about their privacy, so therefore they have none, deserve none, or ought not have any”; because I can very well imagine that there would/might/will be complications and developments for the worse, if corporations get away with practices, that I think will then come to (if it hasn’t already) undermine privacy needs on the basis of the internet of things being a cultural phenomenon, in which personal data just so happens to get recycled for one reason or another (not really important just how that works in this context).

Ah, there’s the rub, in addition to the common notions of surveillance, monitoring and collection of data, I think the UN privacy chief should also consider the problem of recycled data. This aspect would be explained as something to do with how the procurement of, soliciting for, the and storage of data as such isn’t technical (security related), nor social issues(privacy related), but might instead be thought of as blatant disregard of proper information handling. Then, it should be obvious if entertaining that notion of mishandling data, any claim to data about people as being property, would imo be totally incompatible with initiatives that seek to secure people’s privacy needs. In other words, working for “best practicies” and alone wouldn’t suffice, because information handling is probably sure to be mishandled. To be honest, my personal notion of mishandling data is a little unclear, the best reference I have, is local laws/rules that prohibit/licence collecting and handling personal information.

I am reminded of what I saw by a road crossing yesterday, it looked like there was a small spheric camera pointing to the place where cars stop just in front of the traffic lights. I thought perhaps this camera might read licence plates, but I migth very well be wrong about that. I think I’d like to see a local accountability project about just what all those cameras might be and what they might do (several cameras at the road crossing). Nowadays bus transports even have ceiling cameras in them.

Curious September 8, 2015 2:22 AM

I think I read about removing http cookies from the internet, or somesuch. I think I’d like that, ofc as long as something worse isn’t replacing cookies.

Gerard van Vooren September 8, 2015 3:51 AM

@ Thoth,

By choosing C over Haskell or any other functional language you are missing the point. Here is a funny link that points out the reasons for “not” using functional languages. Btw, if you want to understand functional languages, maybe it is wise to follow a (free online) course such as this. There are also videos of Erik Meijers online course on Youtube.

FP makes more sense today than it did 10 years ago and 10 years from now it will probably make even more sense. Clive points out quite regularly that multi core is gonna be the norm (it already is) because Moore’s law will end, and with multi core processors race free thread safety is gonna be important and with networking memory safety is also very important. Not having side effects (immutability) is a very big thing when it comes to unit testing and formal verification. But, as always, unlearning things is much harder than learning things.

Gerard van Vooren September 8, 2015 4:26 AM

@ Clive,

About todays politics. One month ago it was Greece. Today it is the refugees. One month ago it wasn’t. Now France wants to bomb IS in Syria. Only the “real” terrorists of course. The US probably also wants to “give an extra hand”. Merkel knows what she is doing, but the rest is not really confident. It’s symptom fighting. The politicians are now standing in front to help the refugees. A month ago nobody gave a damn. When it comes to politics is there one person qualified to think even 10 years ahead? The big problems aren’t solved. Over population, income inequality, the climate change. Still the cars are getting bigger and the traffic jams keep growing. The inconvenient truth is a subject that no politician, from left to right, dares to even mention.

It wouldn’t surprise me that within 2 months “we” are fighting in Syria, on the ground, and we will make it an even bigger mess.

The fundamental issues will be put away by then. North Africa for instance and the over population of Africa.

Thoth September 8, 2015 4:38 AM

@Gerard van Vooren, Nick P
Just to put some context into why I asked Nick P about the Haskell and C code stuff.

Take a look at L4Re environment (the Runtime Environment above the Fiasco.OC microkernel). It states that the entry point is Lua scripting and C/C++.

Any ideas to develop a mission-specific based mini OS above the Fiasco.OC/L4Re platform ?

I don’t think I want to wad a long way to try and glue other languages when it already has a platform for use …. for now ….

Links:
https://os.inf.tu-dresden.de/L4Re/doc/index.html
https://os.inf.tu-dresden.de/L4Re/overview.html
https://os.inf.tu-dresden.de/fiasco/

Gerard van Vooren September 8, 2015 5:46 AM

@ Thoth,

Any ideas to develop a mission-specific based mini OS above the Fiasco.OC/L4Re
platform ?

What support do you have? Is that university or corporate support? Crowd funding maybe? Development cost money. Lots of money and time.

Thoth September 8, 2015 8:09 AM

@Gerard van Vooren, Nick P
re: Mission Specific mini OS

I don’t have any sponsors expect my free time like what I usually do. Research on security and report on any findings here. That stuff would be as minimalistic as possible. No WiFi, no network, no floppies, no Bluetooth, no high-end graphics (use plain text terminal) … goes against the modern notion of an OS to keep it as small as possible while leveraging Fiasco.OC, L4Re, Rump and L4Re’s DDE.

sena kavote September 8, 2015 10:58 AM

Should privacy projects like tor abandon Windows?

I think tor project should make Windows version of tor browser bundle tell users that Windows is not really compatible with the idea of tor and warn that Windows support will end in 6 to 12 months. Time to install Ubuntu, Mint, ElementaryOS or Debian, possibly pcBSD or OpenSUSE, or burn Tails DVD. I would not recommend trying to install the current openSUSE 13.2 to non-technical long time Windows users, but the upcoming version may be better, we will see. If someone else installs openSUSE for a user, it’s ok for anyone. I m unclear about pcBSD because my last use was too long ago. PcBSD also may have the problem that setting Linux software to run on a BSD may be tricky. There is a compatibility layer for that, but still. Might be easiest to run Tails on Virtualbox when using pcBSD (or any other BSD). PcBSD and other FreeBSD may get it’s own version of tor browser.

What other software besides tor have as good reason to abandon Windows?

re:PGP on apple hardware

I imagine app store has app for some interpreter where users can put software source code and run it interpreted. PGP is so low resource and system independent that running on interpreter would not be a problem.

re: Microsoft storing emails in different country

More on separating email data and it’s encryption key to different companies:

In that kind of setting, I think it would be best if the key holding company generates a public key pair (in the math sense) , encrypts it with user’s passphrase and erases the private key part of the public key from RAM. Then on daily use, the email data holding company (in this example, Microsoft) encrypts coming emails with user’s public key before erasing plain text from ram. Then user’s browser downloads and decrypts the private key at every log-in for decrypting the emails sent from the email data holding company.

With this, technical and legal means are meant to support the other. Would it be silly useless legal trickery to call one part of a data center “owned by different company”? On the other hand, it is said that in some circumstances judges would not believe assertions that “math does not allow decrypting” and therefore would punish innocent parties for not doing what they can not do.

One option is to split data and keys to even more companies and countries.

A dedicated email program would have better performance and security than html5 or javascript in a browser. For Linux users it would be easy to install from a repo(sitory), but Windows users would end up searching it from who knows where.

Curious September 8, 2015 11:21 AM

Debian devs about reproducible builds:

“How Debian Is Trying to Shut Down the CIA and Make Software Trustworthy Again”
http://motherboard.vice.com/read/how-debian-is-trying-to-shut-down-the-cia-and-make-software-trustworthy-again

“Reproducible builds, as the name suggests, make it possible for others to reproduce the build process. “The idea is to get reasonable confidence that a given binary was indeed produced by the source,” Lunar said. “We want anyone to be able to produce identical binaries from a given source.””

Nick P September 8, 2015 12:36 PM

@ Curious

I responded to that with the solution here. Part of the solution in in responses to jeffreyrogers.

@ All loving hardware mods or custom work

Ganssle’s Embedded Muse 290 is out. I encourage anyone doing embedded work to subscribe to EM and look at his back issues. Tons of good stuff in there. One topic is working with components so small they break when you use traditional methods like soldering. A reader submitted this video of a WLCSP Rework Station. It’s cool as hell to watch. Another pointed out that pcbway.com does prototyping at costs as little as $8.90 a board in 5 days. Wow.

Plenty good stuff.

Clive Robinson September 8, 2015 1:56 PM

@ Nick P,

For my sins I still do SM PCB rework with,

1, A steel hat pin.
2, A pair of stainless steel “key hole surgery” locking tweezers.
3, A small nozzle “paint striper” hot air gun.
4, A selection of hand made nozzele covers and PCB shields
5, Blue-Tac to hold the shields on the PCB.
6, Canister of “dry air” spray to cool things quickly, but not to quickly.

One problem is “lead free” solder, is not of any use on reworking older PCBs as it does not “play well”. Another deficiency “Pb Free solder” has other than it’s higher temprature is it disolves copper off of the PCB traces into the molten solder, so you get a maximum of about five reworks per joint on small contact number components on light copper weight boards and sometimes “one if you are lucky” on 40 contact pluss components.

The method I use is by no means fast and you have to work with some care, but the old dogs and new tricks rule applies 😉 Mind you I’m getting to the point where it’s my eyes not my hands that are letting me down these days, and me and opticians do not get on well…

Markus Ottela September 8, 2015 2:44 PM

@ Nick P:

While searching TFC online I came across a discussion on Hacker News.

I very much appreciate the feedback and the fact you’re recommending TFC. The system could really benefit from a peer review. I understand you have a lot going on in your personal life and there’s no hurry. But at some point, would you be willing to write a review about the concept (TCB split on two additional computers) and/or python implementation of crypto/security functions?

Also, in the HN thread you mention your designs and essays; would you share the link here or over email?

tyr September 8, 2015 3:43 PM

@Gerard van Vooren

I think the latest episodes may make things even more interesting.
Apparently the Turks are chasing the PKK Kurds in Iraq. Since the
Kurds are SOF allies against ISIS and Turkey is not at war with
Iraq the hairball is getting bigger and messier every day. Unless
you have a daily update to the scorecard figuring out who is busy
shooting at each other looks more like every man for himself and
the devil take the hindmost.

@ all

Is it remotely possible that Win 10 is the exit strategy from ICs
all too visible since Snowden programs. By suckering M$ into doing
the bulk collection on a substantial segment of the comp world.
They get deniability, M$ gets any bad publicity first and they
can just loop it through Canada from Redmond to avoid any legal
entanglements. All the IC would have to do is set up an internal
group in M$ to do the actively exfiltration, get it patched into
the EULA and start actively pushing it into previous versions by
default. Since government is a huge market share for M$ their
leverage is enormous on the boys in Redmond and that makes them
easily threatened into compliance.

Maybe we need a whistleblower in the bowels of Microsoft.

Nick P September 8, 2015 4:15 PM

@ Clive Robinson

That’s pretty cool. I had no clue people were having to go through all this trouble. I knew the transition away from plug and play components had to increase difficulty. But people using micro-scopes, surgical gear, and custom ovens to work on boards? I underestimated difficulty lol.

Curious, of the methods in Ganssle’s newsletter, which do you think is best for the homebrew crowd in terms of effectiveness (esp not breaking stuff) and cost? There were a lot of good ideas in a small space but I could only evaluate them so much doing no PCB work. I did like the part about buying a cheap oven and modifying it with Arduino’s, etc to get the job done. Makes for more fun work week, eh? 😉

@ Markus Ottela

“While searching TFC online”

The narcissism is already taking root… Just kidding haha

“I very much appreciate the feedback and the fact you’re recommending TFC. ”

Thought you might spot that. You earned it. My only concern is that Python is used for production rather than a reference for understanding how it works. Makes it unevaluatable for actual security. Possibly.

” But at some point, would you be willing to write a review about the concept (TCB split on two additional computers) and/or python implementation of crypto/security functions?”

I plan to. I was going to do an analysis of the high-level design, the interfaces, and individual modules. Unfortunately, the complexity of Python and how it obscures the actual running code means I’d have to reimplement the whole thing in a more low-level language. I need to see exactly how the software handles the crypto and serial interfacing, including in weird circumstances. What it does with key material in memory after a session is also important. Languages that keep memory-management away from programmer have less risk for integrity but more for confidentiality. So, there are those issues.

“Also, in the HN thread you mention your designs and essays; would you share the link here or over email?”

I don’t post them publicly as it’s been counter-productive in the past. I just share them directly with people I think will put them to good use. Processing and editing them into a web site slowly but surely. So, I have local copies (in text) of some and rest in a text file that links to them on Schneier’s web site. I just emailed them to you.

Nick P September 8, 2015 4:57 PM

@ TrustingTrust

Correct, Subversion-resistant, Compilation: My approach vs Wheeler’s DDC

Wheeler, as usual, wrote an interesting paper and proposal. His is specific to countering Thompson’s problem. The paper itself explains:

“We’ll begin by defining the threat. The threat considered in this paper is that n attacker may have modified one or more binaries so that the compilation process inserts different code than would be expected from examining the compiler source code, sufficient so that re-compilation of the compiler will cause the re-insertion of the malicious code. As a result, humans can examine the original source code without finding the attack, and they can recompile the compiler without removing the attack.”

This is actually a different, lesser threat model than what I address in response to Debian teams worries about NSA subversion of source or compilers. He focuses on a modified binary. My threat model includes malicious developers, their source, the binary, and what produces them. His is about a compiler introducing a specific thing in compiled software, including the compiler. Mine covers any compiler modification that can be used to violate software’s security. This includes transformations of security-critical functionality. My model must either address all of these issues or provide a foundation for doing so.

So, I further elaborated on what subversion-resistant development takes. The toolchain must be very modular so it’s a series of pieces that can each be understood in isolation. The language must be easy to read for human verification with preferrably memory and interface protections. The pieces should be easy to implement using locally-available, trusted toolchain. The result of that first implementation should give a usable, if not ideal, toolchain that does exactly what user expects. Any optimizations can be implemented similarly and selectively used depending on risk. The resulting toolchain can compile the user’s own system or tools from trusted source to provide higher, initial assurance for host system.

The next issue was the local toolchain: what if you don’t trust it? This led to my old proposal, inspired by LISP/Scheme and Wirth’s work, to build a system from the hardware primitives up in layers until you reach desired abstraction level. So, you start with an assembler. Then, you use it to build a higher-level assembler (esp macro assembler) that has primitive versions of high-level constructs for data typing, control, interfaces, parsing, and anything else. Then, you use that to implement a simple compiler for a simple language (eg Scheme, Oberon) following existing documentation and code to know you understood it. Then, you can use that to build itself and/or the certified compiler. Now, your trust in your personal toolchain goes from assembler all the way to the certified compiler. And, if you kept it on paper for verification, you don’t even need to remember how it works unless you change it and only for what you change if good API’s.

So, the certifying compiler approach makes the compilers easy to understand, assess, auto-analyze, transform, and port. My approach to building it lets you build trust in, as a whole or piece-by-piece, into your implementation of them. You can build this on whatever air-gapped, hardware you can source while entering everything in by hand if desired. As paranoid as you want with full understanding of the software, diverse hardware, and many suspicious parties checking the results against each other to spot problems. Once everyone trusts the HLL compiler, especially one like Ocaml, then we can build further tools with mere code reviews, coding styles, and analysis given the language and compiler do most of the hardest work for us. And we know we can trust it. 🙂

Note: Wheeler actually did a nice article on Software Configuration Management (SCM) security with write-up, great references, and example software. There’s some overlap in the concepts of where the risk is in the lifecycle. His SCM security page became the basis for my work on the subject.

References

VLISP: Verified Scheme interpreter and PreScheme compiler for x86, PPC, and ARM

FLINT certifying compiler for Standard ML

CompCert: Formally verified compiler for C language

Oberon Language and System as example of keeping every component simple enough to understand

Note: Original Lilith system built an idealized, P-code like assembler on hardware. Then, Modula-2 was built to compile to that. Then, whole OS and utilities were written in that. Oberon is the successor but Lilith used incremental construction method.

A High-Level Assembler (HLA) with huge library to draw on

Wirth’s simpler, portable assembler with many existing implementations & compilers

Wirth’s compiler construction book teaching you to get from point A to B in this

Modern example of going from assembler to scripting language layer-by-layer

Nick P September 8, 2015 7:09 PM

Was recently reading about a new 8-bit GUI when I suggested people make resources on all the tricks for 8 and 16-bit programming. Might help with security through diversity approaches if it can be built into compilers. I suggested maybe we should get the current 8-bit champs to work on 4-bit systems for a challenge. Out of curiosity, I decided to Google on that. This page was interesting, esp seeing they’re invite only at one firm. Didn’t know they were in Gillettes.

Wonder what the upper bound is on useful applications for a 4-bit CPU. Hell, I still wonder the same for 8- and 16-bit CPU’s.

Nick P September 8, 2015 7:33 PM

@ Clive, Figureitout

Digging through the comments of 4-bit land I just found… a 1-bit processor. Someone uploaded the manual. The guide tells how you implement various control and data processing with it. I’m bookmarking it for now but might be some good wisdom in there. More interesting, the VHDL is available on the same page from user “hannoix.” I think this is as low as we can probably go before hitting custom hardware. 😉

Dirk Praet September 8, 2015 8:15 PM

@ Thoth

I would say randomly jumping between nodes would be fine.

Which you can do too with Freenet by choosing open mode. Darknet – providing you’re going full throttle on your bandwidth – is fine when you are reasonably sure that the nodes you know and are communicating with have not been identified as such and traced back to their owners (who also have to reveal which node you are). You go open when either you don’t know enough trusted nodes (and their owners) or are feeling confident enough that the majority of those you don’t know haven’t been compromised.

Markus Ottela September 8, 2015 9:11 PM

@ Nick P:

“The narcissism is already taking root”

Hah, you might be on to something here. Positive feedback can really make one’s day. It’s also helpful, as occasionally I find constructive critisism, other times I get to help someone else.

Another major thing is, in some discussions people have had trouble grasping the concept and they draw false conclusions. I do my best to participate in discussion, sort of like Nadim Kobeissi does.

RE: [Python] makes [TFC] unevaluatable for actual security.

Good to know. I still consider myself a novice programmer, it’s going to take a good while before I have confidence to write TFC with a system programming language. I’m looking forward to contributing to your C(?) version when I’m able to. Have you given any thought on how it’s going to be licensed?

RE: I plan to.
Great! Thank you for taking the time.

Markus

Thoth September 8, 2015 9:24 PM

@sena kavote

“Tails on Virtualbox”

Not a good idea. The VM would assign a cache of memory from the underlying OS to the VM which who knows what the underlying OS might be doing. VMs might even cache the memories. Just run a TAILS on bare hardware.

@Curious, Nick P
re: Reproducible builds

That’s not enough. I think Nick P already ranted a whole ton about TCB. You may have 22000 packages that are reproducible but that’s way too many for people to “reproduce”. The huge amount of trusted codes in the kernel is just too much and we all know Linus Torvalds hate the idea of moving drivers and stuff away from the kernel calling it a bad idea and with his personality, Linux wouldn’t be anymore easier to vet through. Don’t forget all these stuff are open source and free (good ton of unpaid jobs). If you have followed me closely, you would notice my struggle of setting up a minimally secure and somewhat more trusted OS. I tried Genode and it’s simply too complex, too many distractions on the mailing list and simply just not user friendly or even made in a friendly manner. The instructions are jumping all over and they really need to look into cleaning up their documentations. What options have I approached recently ? I am looking into building my own micro-OS via using Fiasco.OC as the microkernel, L4re as the Runtime Environment interfacing with Fiasco.OC and my own mission-specific scripts to form the interactive and mission-specific capabilities on top of the L4Re. My applications would of course run as isolated untrusted servers on top of the trusted Fiasco.OC mircokernel. I noticed their APIs include virtualization (VM option) and that would be useful for running multiple OSes on top of Fiasco.OC like what Genode’s doing but Genode’s doing a whole bunch of stuff (supporting different microkernels or microhypervisors below near the processor with a whole ton of architectures and OSes on top … simply too many to be focused).

Nick P September 8, 2015 9:32 PM

@ Markus Ottela

“I do my best to participate in discussion”

Smart move.

” I still consider myself a novice programmer, it’s going to take a good while before I have confidence to write TFC with a system programming language.”

That’s fine. You can just keep writing Python in a straight-forward way to test and improve on its features. Becomes an “executable specification” that systems programmers might implement. Better start than a paper without an implementation, eh? 😉

“Have you given any thought on how it’s going to be licensed?”

Uhh. You got me there. Anything I made in the past was proprietary and affordable with descriptions eventually posted here for free. Right now, I’m investigating proprietary, open-source models to balance need for upkeep vs assessment. Much GPL software ends up freeloaded but I’m still considering dual-licensing for future work: use it free if you give stuff for free (GPL); pay back in if you benefit from it (proprietary). I also considered making the software free but charging for a hardware build or security enhancements on individual components.

Regardless, I’d contribute back to your work somehow even if it was just review and bugfixes. I’m just not a GPL or Free Software fan given realities of market. Most GPL stuff just rots and volunteers virtually never work on high assurance stuff. Proprietary, closed-source has its known issues. So, some model acquiring revenue for software development plus allowing review seems best to me. Foundations are a common choice but licensing is a bit easier. Again, specifics I’m still working out.

Btw, Googling your project usually gives me the older paper and details. You’ve posted updates here regularly which a HN commenter was interested in. Is there a place where you have all of those together so people can see the progress and justifications?

@ Thoth

They do have a focus problem. You might just subset their own work while improving the components you use and sending those improvements back upstream. Easier than rolling a whole OS. However, the other L4 project and L4Linux are interesting route. They were already used in Mikro-SINA etc. So, you’d probably be able to turn them into something with work. If clean-slate, might be worth looking into reviving EROS kernel. They had a GUI and networking stack, too.

Nick P September 8, 2015 9:56 PM

@ Markus Ottela

Btw, the NSA Away video was interesting. I like the usability and such. The thing that worries me is the crypto is done with an Android-based device. That fails so much of my security framework on TCB protection that it isn’t even funny. That’s really bad for a product with NSA in threat model because a good chunk of my framework comes right from NSA’s criteria on what’s easy to hack and what isn’t. That was prophecy given the Snowden leaks showed NSA had 0-days in Android and toolkits to make attacking it easier. The next worry was interface protection when connected to main system and that’s an unknown to me with a brief review. Usually a trouble area along with the protocol logic.

Your design is superior because it greatly reduces those risks. It also avoids using a platform NSA is known to have 0-days in. People are screwing up so much on these two that it’s a powerful differentiator. Like theirs, yours can be built in any number of ways with any number of tradeoffs. I was even toying with synthesizing it onto a FPGA or ASIC at one point.

Good news is theirs can similarly be improved. The fact that multiple components, trusted and untrusted, share one device mean it will need tactics like my old work I posted here. In other words, securing it will be time consuming along lines of what Thoth just talked about. 😉

Thoth September 8, 2015 10:56 PM

@Nick P
The stack I need would be the VGA screen*, keyboard*, USB/UART? and FAT32 filesystem?.

    • already there.
      ? – need to check.

WiFi, Ethernet, Bluetooth … any other form of explicit radio communications are not acceptable. I might consider ripping them out if necessary (if there are no disabling configs).

It should be fully “radio-isolated” and only USB and maybe CD/DVD allowed which would be handled via isolated driver servers by Fiasco.OC. Hopefully it doesn’t require much glue-ing for the drivers and mostly plug-and play 🙂 .

Also, it should best be deployed in LiveCD form and forgets upon powering down and this lessens the job of writing a permanent filesystem implementation making life so much easier. The acceptance of FAT32 filesystem as the only filesystem might be the best idea to make it even leaner and it is only used for reading USB sticks formatted in FAT32 and probably optical disk format.

I don’t think EROS would be something along the lines of what I described ?

L4Linux and Genode would definitely be used as a reference point otherwise the mailing lists and asking them for a bulk of tutorials to read before hand. My design is very tight and seeks to be as simplistic as possible due to the requirements that necessitates all that features at the most minimal level.

Figureitout September 9, 2015 12:11 AM

Nick P RE: hidden embedded page
These last two revelations strengthen my claim in “How low can 32-bit processors go” that smaller sized processors will reach lower price and energy thresholds years before the larger processors can feasibly support those same thresholds – and that time advantage is huge.
–That was 2010, well basically 2011, but in 2015…Really f*ckin’ low it doesn’t make sense (don’t know what keeps getting optimized) and it’s getting lower; we may be talking nanoamps eventually as resting currents for 32-bit MCU’s (WTF!? No! The bugs…). W/ 32-bit I can basically write almost normal C (w/ bugs in toolchain, naturally), and will have plenty of space to implement bunches of interesting algorithms, just operating the chip it’s still really low power, driving an RF transmitter is where the power goes “bye-bye”. So damn low it makes my life a bit of a pain b/c it causes just unexplainable things to happen in the MCU. If I only had AC power life is easy…Security-wise this can of course be twisted either way for attack/defense: either way it’s going to be both sides can’t detect each other (our future is 24/7 attacks happening in all spheres that no PC could ever be clean ever). There’s going to be ubiquitous powerful low-power chips, but it’s the sensing/RF part that sucks up power so to really be not easily seen they need to shape batteries in these weird shapes lol and they need to be quickly snapped in to be replaced.

Actually this may drive “energy harvesting” tech. which generates recycled power from humans (say you run over this metal plate that slaps up and down, that’s plenty of force for like 50 of these little switches I saw to generate enough power to maybe turn on, write something, then turn off or just transmit a presence; and they don’t need a battery so could operate as long as it mechanically holds up. What if we could power a wifi-enabled MCU (ESP8266, and if that can be pitched anywhere to very likely find an entry point into your network, and there’s a wifi chunk in each CPU…)).

Hell, I still wonder the same for 8- and 16-bit CPU’s.
–Seriously? A lot, just look at them and try them. Some of them are well supported and pack quite a punch, like the small scrappy dude in school who people respect lol.

RE: 1 bit processor
–Neat, basically just for switching stuff on and off. May act as a learning bridge for me b/c I have a hard time thinking how to get stone-cold simple logic up to something as useable as say a RasPi (OK, that’s too far, even just…interacting w/ modern electronics say…ie: I want a guard that can parse some modernish files in a secure way, and I don’t know how to do it b/c I don’t know where the logic begins…). Anyway, was watching a video today on “XNOR” gate, and how it could be used to check for “equal states” which just seems like an important check to do (eventually some form of authentication). Struck me as an important gate for security, though I suppose they could all be contorted to do the same thing…I like XNOR though.

Curious September 9, 2015 1:08 AM

Could it be possible to assemble a makeshift “cpu” out of a modern ‘gpu’? Totally omitting a traditional “cpu”.

I could sort of imagine a big graphics card, that was connected to a FPGA card, or two.

I am no expert, but I guess I would otherwise like to see some kind of FPGA revolution, in which things are simply made to be secure and run properly, without fluff, acting as a cpu. How about nesting a bunch of FPGA modules, that in total make up a “cpu” of sorts? Then, I foolishly imagine that you could have some kind of modular cpu, with parts that could be upgraded on demand.

Thoth September 9, 2015 2:33 AM

@Nick P
I thought the era of SunRay thin clients were over and was rather surprise that it still is kicking alive after I helped an organisation did some thin client research many years ago which I spoke about. Here, General Dynamics took the Intel NUC box and packaged and re-brand it as GD Solar Thin Clients. I say they ripped the name from Sun Ray thin clients. What a nice marketing move.

GD came in and claim the security the specs says embedded security and my guess is Intel / ARM’s trusted boot enabled and some editing. Nothing way too fanciful like what they tried to market. They are smart to choose open or market proven stuff like the Sun Ray software suite and Spice protocol instead of reinventing the wheel. I guess it took very little time for them to push that out of the doors for sales.

I actually had the idea to load secure thin client computing onto RPis or Intel’s Compute Stick as I told you some months before but I couldn’t find a way to secure the PXE boot required in most thin clients to securely boot. One way is to custom build a hardened version of SSL/TLS network encryptor at each end and route the PXE traffic through the end-point network encryptor before loading into the thin clients to boot. That poses issues with trusted boot since you only encrypted the traffic but the CPUs are not trusted boot enabled by default unless some modifications are done to turn on the trusted boot on the Intel / ARM trusted boot modes.

Interestingly, the original SunRay uses MIPS 🙂 .

They could combine it with secure separation by doing PXE boot over SSL encryptor network to secure boot the trusted microkernel and then from there using a trusted path GUI, they can select the applications and client OSes they want. The trusted microkernel could go the extra mile of encrypting the RAM.

Links:
http://gdmissionsystems.com/cyber/products/trusted-computing-cross-domain/solar-thin-clients/
http://us.hardware.info/reviews/4494/intel-nuc-dc53427hye-review-mini-means-business
http://www.intel.com/content/www/us/en/nuc/overview.html

Curious September 9, 2015 5:54 AM

Btw, for Windows 7 users like me, there’s now several updates showing up in Windows update:

KB 3083324 article seem to make a point of how that update updates the updater itself, but without describing anything other than calling it an “improvement”. The article also have a list of OS files that indicated as being affected by the update.
https://support.microsoft.com/en-us/kb/3083324

How is this an improvement? Surely it couldn’t hurt offer some explanation?

KB3083992 seem to be about “AppLocker certificate handling”.

Some other updates as well.

Thoth September 9, 2015 7:49 AM

@Curious

Tip: Do not update 🙂 .

Start migrating more important and security sensitive stuff onto LinuxMint, FreeBSD or OpenBSD but I would recommend LinuxMint for the sheer usability where you will definitely not get lost (a Windows 7-like GUI and desktop). Leave the Windows 7 as a compromised Internet access PC. Anything trying to harden a M$ Windows is purely a waste of time and resources as we can see it’s purely hopeless beyond cure anyway.

Gerard van Vooren September 9, 2015 7:49 AM

@ tyr,

I think the latest episodes may make things even more interesting. Apparently the Turks
are chasing the PKK Kurds in Iraq. Since the Kurds are SOF allies against ISIS and
Turkey is not at war with Iraq the hairball is getting bigger and messier every day.
Unless you have a daily update to the scorecard figuring out who is busy shooting at
each other looks more like every man for himself and the devil take the hindmost.

The Aussies are now gonna bomb / murder IS as well, thanks to a conversation with Obama. The real worrying part is the lawlessness of going to war without declaring war, to do the US a favour. A new proxy war, or should I say proxy conflict, has been born. What the “Great Western Leaders” are ignoring is that there are more parties (incl. Turkey) at war in the Syria / Northern Iraq territory. But the fact that the Aussies are doing the US dirty work (far away from home) and that they can do this without any consequences is freaking me out. Skeptical likes to talk about “moral high”, well the ethics and the “doing it right” part, such as involving the UN, are all being bypassed, again.

The only “good” part of this all is that capturing the “terrorists” is not gonna happen so Australia doesn’t have to create its own Gitmo. For now.

Clive Robinson September 9, 2015 11:01 AM

@ Nick p, Figureitout,

Digging through the comments of 4-bit land I just found… a 1- bit processor. Someone uploaded the manual.

Perhaps you should also ask me about “1 bit” processors, as back in the late 1970’s and later I was building such beasts. The first was a school project using relays and bits and bobs from telephones.

It effect a 1 bit computer is a “serial computer” and I subsequently designed and built several others some of which are still in use.

Apart from the fact serial is obviously slower than 4 or 8 bit parallel the use of ECL made it’s performance quit acceptable when compared to either CMOS or TTL, and because there were so few gates the power consumption was less than 4 or 8 bit “bit slice” designs –see 74181 ALU for a seventy five gate 4 bit design– and could be made small enough to fit in the nose cone of a rocket/ missile etc.

Oh and if you have a hunt around you will find that the original Zilog Z80 CPU was actually 4bit not 8bit in the ALU, again to get around gate count and area issues. Also the computer ALU in the Apollo Command Capsule was built out of NOR gates and used “rope memory” for the program store and “core memory” for the variable storage.

1bit also simplifies the design as you don’t have to make all sorts of compromises on “arithmetic” –ie carry– instructions. It also alows the software to decide how wide data types can be, to suit algorithm need not CPU architecture. Another odd thing is if you look at Multipliers, they are arrays of NAND gates followed by adders. Making the adder serial in nature and just using a string of NAND gates can make a reasonable performance multiplier, compared to a software implementation of the way they uaed to teach kids to multiply at school.

In theory, with the right support around it a NAND or NOR gate can be the ALU of a Turing machine. As the XOR and XNOR gates are compound gates usually using four NAND or NOR gates you can synthesize them with just the singke gate and serial operations and the “hidden registers” that are two gate SR latches.

In many way’s a “1 bit” ALU is just like those odd “single instruction” weird computers you occasionaly hear of when people show that the likes of the x86 Memory Managment can become hidden Turing machines.

The problem with all narrow width ALU’s is what you gain in one area you lose in another which in this case is not just some speed but “RTL instruction store” and “hidden register store” as well.

Though reading the article you pointed at I was initially suprised at the loaning of the 10,000USD tool chain. The first thought was “that’s a compleat load of bovine fertilizer”. Then I realised what the CPU is doing is not running the “assembler” the tool chain presents to the programer but a whole bunch of much lower and simpler RTL type instructions. That is the “Assembler” in reality is a whole bunch of propriatory “macros” that do the same job as the Microcode unit in a regular CPU does.

I hope you have fun with the manual, I suspect it will give you quite a bit of insight into the low level functioning of computers that few ever get to think about.

jdgalt September 9, 2015 1:16 PM

Speaking of TrueCrypt and its successors — has anyone written one of these that will function as the client end of a cloud service (thus encrypting all data stored there)? I don’t know what policies the cloud services themselves may have about such a practice, but if it works it would actually make them safe to use.

tyr September 9, 2015 5:25 PM

@Gerard van Vooren

I’d be a lot less cynical about the whole middle east
clusterf–k if the bombs were actually falling on the
announced targets. The zoomie have a nasty habit of
spattering targets at random because they might be
something of value to the population. The only thing
that changes that behavior is an active air defense.
At that point the heroic sky pilots tend to drop their
load into the ocean and circle around until it’s time
to go home. Oz already has plenty of camps set up and
repurposing is easy under Abbot who is not one of the
sharpest spoons in the drawer. If the chinese economy
keeps falling he might be out soon since Australia
is tied to China very tightly economically.

In the meantime he makes a perfect frontclown for the
would be machiavellis of fiveys.

Check out Kaminsky on Youtube Defcon 23 talk it’s a
fun watch.

Thoth September 9, 2015 7:33 PM

@jdgalt
Do you mean encrypting data in files and folders format or a huge Truecrypt volume dumped into the cloud to store cloud data ?

Dirk Praet September 9, 2015 8:06 PM

@ Gerard van Vooren, @ tyr

The real worrying part is the lawlessness of going to war without declaring war, to do the US a favour.

The question being: who do you declare war on? As far as I know, the so-called Islamic Caliphate is not an internationally recognized nation you can officially go to war with. Both Syria and Iraq are failed states. The official governments only control parts of their respective countries and the rest is one big hornets nest of all kinds of factions waging war on each other. Same thing in Libya, Somalia, Eritrea and now also Yemen with US-backed Saudi’s engaged in yet another catastrophic campaign.

So what’s to be done? Bomb Assad, like Hillary Clinton and US neo-con hawks are proposing? The only possible outcome for that scenario is either a proxy war with Russia or the IS black flag over Damascus. How can anyone be that stupid? Have these people really learned nothing from what they have done in Iraq and Libya?

Four years into the Syrian civil war and as many years after the US retreat from Iraq, the situation has gone from bad to worse. Millions of refugees are on the run and pouring into Turkey, Lebanon, Jordan, Egypt and now Europe. All diplomatic efforts have failed miserably. So have US military actions to push back Da’esh. The strategy of targeted bombing and droning has amounted to zip, and the CIA-trained Division 30 is about as big a fiasco as the Bay of Pigs was.

The real drama here is that once again the UN and the Security Council have proven themselves completely impotent to counter or contain the disastrous US foreign policy of “regime change” that has caused a human catastrophe in the entire Middle East and North Africa. What makes it even more outrageous is that the parties ultimately responsible for what is now going on, i.e. the US, its lapdogs and the Sunni Gulf States, are dodging any and all responsibility and even have the audacity to cite “national security reasons” for not taking in any refugees. It is, by all means, sickening.

ianf September 9, 2015 8:23 PM

Forgive my late & compound
reply… tardy to the party,
as usual.

@ Clive

[Discussion of email practices, fallacies & misbehavior falls outside the scope of this limited offhand exchange. Alas. Big topic, another time.]

@ Winterbe careful about discriminating against the next generation

@ CliveNever underestimate the powers of a bright pre-teen girl

I wasn’t aware I was discriminating against any later born, nor coding prowess of “pre-teen girls.” Still, much as I admire the novelty, fresh approaches, often the daring of pre-adolescent problem solving, I am acutely aware that many of their solutions are of the quick-and-dirty type, not safeguarded against edge cases, nor thought through outside the immediate implications of self-defined problems (the cited RaspberryPi gizmo for friendly surveillance of Grandpa is both an overkill & not enough, esp. as there exist less intrusive off-the-shelf units for that v. purpose… if-the-stove-or-toilet-NOT-engaged within preset # of hours; even such with feedback sent through mains to remote socket/relay in the building). For each 12-yo @Aaron Swartz systems-analyst-wizard type, there are 5000 like-talented ‘uns whose ambitions, alas, do not stretch beyond making a better StarWars light-saber/ game. It’s not their fault, they simply lack the experience & the routines necessary, and the enviros they grow up in are seldom nourishing to that kind of stepped-up development. All too often (that I had observed) the way-youthful enthusiasm ends belly up—as best exemplified by that teen Scrabble Master in the BBC sitcom “Nelson’s Column” playing against a grown-up, who cried aloud “I know ‘ORGASMIC’ is a word, but WHAT DOES IT MEAN?

[Also, sad as it sounds, relatively few women continue with their technical functions, esp. if they’re offered managerial rôles—where they excel as well.]

@ Curious … is horrified to even think that a new monitor screen might have a flawed pixel somewhere… doesn’t want to pay lots of money to maybe end up having 2-3-4-5 unruly pixels. The terror.

I feel your stress. If buying over the counter, arrange with the salesperson beforehand to hook up THE ACTUAL MONITOR to your own laptop “to see how fast it refreshes,” etc., but in reality to run a short script to blank the entire screen in black/ red/ white/ blue/ yellow (cycled with space). Don’t be in a hurry, check the screen from a few angles. The monitor may be cheaper online, but probably not enough to justify your worry.

Figureitout September 9, 2015 11:44 PM

Nick P
–My tone got a little “testy” again, it was aimed at market developments (got to point this out since can’t be obvious in text form).

RE: your “solution” to reproducible builds
–It doesn’t solve the problem I’m afraid, nor does D. Wheeler’s proposal. It’s stands mostly “unsolvable” right now b/c it’s too much to hand-check. Sad b/c this may mean in some ways electronics could eventually be completely ruined if I can’t even trust an op-amp is in fact just an op-amp. Once there is no way to have a clean build anymore then software is ruined.

RE: ganssle.com
–It’s a good site, stumbled on it crawling around for a solution to a problem. Didn’t solve it there, but helps.

RE: pcbway.com
–Sounds too good to be true, where’s the catch? Looks like really simple relay/LED boards advertised, wonder what their “mistake” ratio is?

Clive Robinson
Perhaps you should also ask me
–You want me to ask more questions? You sure about that? I thought I was annoying enough as is…You forgot the one about the implementation of encrypting a firmware upgrade since so few can do it “properly”, it’s ok I’ll put it on my list of things you haven’t done. 🙂

Since I’m a noob when it comes to design, can’t say anything. 🙁 (maybe that’s a good thing lol) Here’s a cool core rope memory project on HaD though lol: https://hackaday.io/project/7375-8-bit-core-rope-rom

And stumbled across a high level “serial data transmission”..not even a circuit, just block diagram in a book and my mind immediately thought “guard”. So typically you have a transmitter/receiver, and a clock and data line. Well, another design has just a data line from TX and a “clock recovery circuit” that branches off from the serial line and “regenerates the clock signal at RX”. This is the digital phase locked loop (DPLL) I read about so much in data sheets (now there’s a DPFLL…lol). Is that a good path towards a guard?

Thoth
–My threat model doesn’t matter when attacks happen anyway.

And yes of course inter-chip comms but they’re generally synchronous and/or rely on some kind of “reference” or clock signal that keeps everything on the same page. Well, there’s the target. Also unless you can just copy reference design verbatim even “simple” protocols can get very non trivial…b/c you have to deal w/ differences in chips and the protocol looks less and less what the real algorithm is…

I’d definitely be interested in a guard-like device based around an Atmel chip since I’ve been using their toolchains for a while and learning curve is tiny (compared to getting into FPGA’s, the curve is huge again and I’m trying to wrap my head around toolchain and being able to find bugs).

OT: “good OPSEC bro”
http://arstechnica.com/security/2015/09/how-highly-advanced-hackers-abused-satellites-to-stay-under-the-radar/

Thoth September 10, 2015 12:17 AM

@Figureitout
Re: Exflitration via SATCOM

Good for masking recipient to a degree. Something a well funde or atate involved would be able to do due to involvement of SATCOM which most malware writers wouldn’t use as it is uncommon.

Clive Robinson September 10, 2015 12:29 AM

@ ianf, Figureitout,

Yup, the time to answer questions is one of lifes little scarcities, sometimes I can’t even keep up with reading the last hundred posts on the newcomments page 🙁

@ Figureitout,

I have suspected for some time that many of the regulars here suffer from insomnia based on the times they post… which reminds me @Wael, if you are reading this, I hope you are well.

@ ianf,

Sometimes those “edge cases” are the reason, not an “undersight”…

I can not remember who twisted the common phrase about successful men to,

    Remember behind every successful man is a woman, who sees him as a puppet

Pre-tean girl’s are not born as string pullers, but some sure learn quick how to pull them once they find them, and put “The Prince” in the shade 😉

Clive Robinson September 10, 2015 12:52 AM

@ Figureitout,

Clock recovery is a bad idea security wise, as it makes the system susceptible to various types of timing attacks. The worst of which is “transparancy” where secret data like an encryption key is encoded in timing jitter, that the following stages let through transparently to an eavesdropper.

The earliest case of this I’m aware of is with the early versions of the British Diplomatic Wireless Serveces automatic One Time Tape “Line Super Encryptor” later called “Rockex”. It used an XOR function made with “Post Office type 600 relays”. Unfortunately the “pull-in and release” times were not symetrical, and the following stages did not rectify this deficiency so it was possible using an oscilloscope to see the differences made by the One Time Tape and thus strip off the super encipherment.

I’ve been told that some of the early Crypto AG electro mechanical systems suffered from this “known” problem, and it was only fixed for some customers, not others.

It’s one reason for the TEMPEST rule of “Clock the inputs and clock the outputs”. If done properly edge jitter can not get through the system.

Clive Robinson September 10, 2015 1:46 AM

@ Thoth,

I am looking into building my own micro- OS…

Been there, done that, don’t recomend it as it’s kind of “Catch 22” work.

@Nick P’s comment on 4/8bit CPU capabilities, and my reply about 1bit ALUs kicked off a set of bad memories.

The smaller the data width the more often a counter or pointer will either over or under carry. So for larger ranges you need two or more data widths to get the range required. So when the least significant nibble or byte count is exceeded it goes to zero and the next significant nibble or byte gets incremented. It sounds simple and it should be, but it’s not for the simple reason the carry function is not “atomic” and the two data items get updated not simultaneously but sequentialy, which means there is a time gap in which the CPU can get an interupt…

Unless dealt with correctly this can cause strange and unexplainable errors in code which can be difficult to find and fix.

The thing is few programers ever have to deal with this because the OS or driver code hides the issue away and holds the everyday programers hand via “abstraction”.

The problem is that there is only so far an OS can go at design time. For instance Unix assumed a data width of 32bits, which was fine in the late 60’s through 80’s. In the 90’s files got big and 32bit’s wether signed or unsigned is not big enough for either file pointers or time keeping… do you remember Y2K well Unix has it’s own heading to a box near you real soon now.

Whilst the fix in the OS of going to 64bits might be thought of as trivial, it will break older 32bit apps, which may not be fixable for various reasons…

Having “done the OS thing” I can tell you it’s not easy seeing into the future and getting it right.

The pain of meeting “There must be no edge cases in an OS” is not something you want to have to go through, thus modifying parts of an existing OS with a good track record may be less painfull in the long run.

Thoth September 10, 2015 2:35 AM

@Clive Robinson

re: Micro-OS

I do not like the idea of doing a Micro-OS on my own either. It’s time consuming even with the very minimal feature list I have for it and also the modern convenience of copy-and-paste codes or plug-and-play codes that many libraries out there have already.

Since my design revolves around code cutting (not of the actual microkernel) that leverages the L4’s Fiasco.OC microkernel (FOC) and FOC’s L4Re runtime environment to load applications which I am seeking to cut some applications above the microkernel and microkernel’s runtime level, I think I might be in a slightly more advantageous position for copying existing libraries from the L4Linux (Linux ported to work above the FOC and L4Re built by the same guys) and simply move crypto codes and driver codes from the L4Linux into my own setup since it’s the same stuff just more purpose-orientated. I will leave the low level drivers and microkernel stuff for the FOC and L4Re and lift some of the L4Linux stuff as I did expect that if I were to go to the very low levels, I might hit problems and thus the use of FOC and L4Re due to it’s current status being rather matured and widely played with by those who are exploring TCB.

Genode’s focus is too scattered and that is one reason although they made lots of progress, their progress were simply on a general level and not on a specific platform to create a secure OS. Only recently did it’s NOVA platform got publicly promoted as a usable TCB based virtualized environment which while I was playing with the latest NOVA build from Genode, it tripped over because I ran the build in a VM and caused some stuff to break (they didn’t expect that somehow). Rather than just waiting for someone to fix something, might as well get down to create my own flavour from existing and more matured codebases … unless … any of you have a recommended more secure OS in mind ?

Gerard van Vooren September 10, 2015 4:46 AM

@ Thoth,

I think Clive is right. Doing things on your own is too much of a hassle. It is also much more rewarding to fix bugs in other projects or even introduce new functionality. If you can stand criticism from certain known persons (most of the time they are right btw), I think OpenBSD is a good place. Another project is MINIX. As you mentioned, Genode can also need a bit of help in making it more user friendly, maybe even documentation writing. When it comes to non-unix, I think the recent GPL licensed Plan-9 variants (Harvey or Akaros), with some sort of mini-kernels, are quite interesting. They solved real issues of UNIX. And of course Ethos-OS, which runs on top of XEN.

Just do a bit of research and find a project that you like and want to contribute to. That’s the nice thing of Open Source.

ianf September 10, 2015 6:19 AM

@ Dirk Praet… the parties ultimately responsible for what is now going on, i.e. the US, its lapdogs and the Sunni Gulf States, are dodging any and all responsibility and even have the audacity to cite “national security reasons” for not taking in any refugees. It is, by all means, sickening.

What sickens me the most is the bottomless stupidity of the evangelical CAN-DO fervor with which successive USGovts tend to combat forces of secularism in the Middle East, i.e. native nominal progress towards representative regional/ tribal equilibria, if not Western-style democracy. When such actors are undercut or gone, they leave vacuums for religious fundamentalists to creep in (and, when US backed a secular modernizer like the Shah of Iran for a change, they allowed his inner megalomaniac to wreck havoc to such a degree, that Persians—a culture far older than most around—en masse believed that a Kerensky-style [Russian bourgeois, followed by Lenin-style populistic] revolution would set them free… a perfect storm that the scheming Ayatollah from a Paris suburb hijacked with gusto).

And yet, it’s not like nobody warned the warhawks of what’s going to happen… only those Not-Invented-Here voices went unheard in favor of various “Yankee Realpoliticks.” For a sample, read this with the storyline of Charlie Wilson’s War movie in mind:

“… Ahmad was able to identify currents of modern history that few perceived. To mention only one distressingly timely illustration, he recognized at once that Washington and its allies were creating a terrorist monster when they exploited Afghan resistance to Soviet invasion by organizing and training Islamic fundamentalist extremists for their own cynical purposes. He warned that these initiatives were reviving a form of violent jihadism that had disappeared from the Muslim world centuries earlier … [from Noam Chomsky’s 2006 foreword to “Selected Writings by Eqbal Ahmad”]

It’s like the best and brightest of the USG never learnt from their own history of the need for ironclad separation of church & state…

Clive Robinson September 10, 2015 9:11 AM

@ ianf,

It’s like the best and brightest of the USG never learnt from their own history of the need for ironclad separation of church& state…

Don’t make the mistake of thinking that, “Them Confederate Republicans they learned the real lesson of that real good”, and they are doing very nicely out of it. The wealth of the industrial north for some reason ends up in the south way more often than it should. Likewise ask yourself who’s picking up the tab on the refuge crisis they masterminded.

The history of US & South Korean War Hawk behaviour ever since the US defeat and subsiquent cease fire back in the 50’s should tell you a lot about what is going on.

Few people anywhere want the War Hawks, they think they are at best paranoid always looking for enemies to fight.

The real War Hawks are not paranoid, it’s a business plan, and an enemy is a way to make profit and political gain which gives more profit. The only problem they have is nations that don’t buy into their “funnel the wealth to the “good old state of Texas and it’s environs” plan and don’t spend vast amounts of money on their over priced, badly functioning and backdoored weapons and companies. So on the old idea of “where there’s no market, create one” that is what they have been doing not only via the likes of NATO but by also “creating enemies”.

Most people who could think about it who had access to the right information could see that the Iraq war was a compleate sham as one UK politician later put it “There were no terrorists in Iraq, before we invaded…” he knew that for certain as did just about anybody else who knew anything about Sadam. He also knew there were no WMD, there as did the UN Weapons Inspector and he also knew that the UK Priminister knew there were no WMD or any kind of threat from Sadam or Iraq at that time. It’s why he resigned as a UK Cabinet Minister over it. Oh and ask yourself a couple of questions, 1) Why is the Chilcot Report continuously not being published? 2) Why Tony Blair is so virulently opposed to the point of appearing mad over an MP who was anti Iraq War becoming leader of the party Tony Blair used to run? And if you can not see why have a closer look at Tony Blair’s income and thus loyalty is aligned.

From the War Hawks perspective, Continental Europe is not playing their game and “rendering unto Ceaser” since the end of the Cold War. They have continuously said these countries are not spending what they should on defence and specificaly NATO.

Thus the War Hawks need a new enemy on Continental Europes door step. So between the US and Russian War Hawks Europe now has enemies along it’s north to east border, it’s eastern border and much of it’s Southern border. Which can only be a win profit wise for the US War Hawks.

But better still is the game of “begger thy neighbor” the War Hawks knew would result from the mess they greated in the Middle East. Southern Continental Europe is being swamped by “refugees” many of whom are actually “economic migrants”, but in amongst those there are some who represent what the US loves to call “A clear and pressent danger” who will be recruiting or in time becoming a new crop of terrorists in the heart of continental Europe…

But even if those “undesirables” could be found and removed, the US War Hawks still win, not just by “beggering thy neighbour” but because those left behind in the war torn Middle Eastern countries will become more politicaly polarised and thus more susceptible to radical or terrorist overtures. So either way thanks to the US War Hawks, Continental Europe is going to have radicalised terrorists on their door stop for probably the next six to ten generations. Importantly during that time they will need to waste GDP on weapons and other paramilitary equipment the US War Hawks can profit by.

I’m sure there will be some who will take a skeptical view on the above, but to be belivable they will have to come up with a rational alternative, and they may find that a bit difficult all things give due consideration.

Fascist Nation September 10, 2015 5:48 PM

Returned from a one week trip to Virginia. Embassy Suites (Hilton) was fabulous. BUT, the free wifi (via AT&T) was unsecured, and blocked the use of a VPN. Nice. The $13/day Ethernet line didn’t work but it charged your room just fine. The CIA is in Langley, the NSA? I wonder how much the taxpayers are paying to keep WPA2 encryption off the wifi at my hotel? (Kidding, I hope.)

Dirk Praet September 10, 2015 8:18 PM

@ Clive

I have suspected for some time that many of the regulars here suffer from insomnia based on the times they post …

ACK

Figureitout September 10, 2015 8:37 PM

Thoth
–Actually this method while tough to maintain securely for 8+ years (just a claim based on a timestamp that can’t be faked right? lol) wouldn’t be that difficult for experienced ham’s and other inclined individuals. Some hams do remote-desktop w/ a PC connected to a radio, pretty easy to see some useful OPSEC potential w/ something like that. I think the rootkit is more impressive.

RE: micro-os & security projects in general
–I just want to speed things up but you can’t do that where you need every bug you can think of to be mitigated, especially where fixing one bug creates another. Main thing is these are all things I do after work/school for free. Getting more money into developing digital security will mean more people could work on it while they’re freshest (early morning is where I take on new bugs but later in day I don’t want to start a new quest) and while getting paid.

Clive Robinson RE: time to post
–Yeah I figured I caught you during tea break and you were scarfing down a biscuit w/ haggis or whatever the hell you Brits do. 😛

RE: insomnia
–A little bit here, why I generally have to work out everyday to get tired. Sure Wael is just busy, won’t speculate.

RE: clock input/output
–So do you mean having a separate crystal for in and out? If so how do they synchonize? Or done by same one? I want to do it w/ a micro, 1 micro suffice or minimum of 2? Ah, and how can you be sure you’ve done it properly?

My idea of an “implementation” looks something like this: https://www.xmos.com/published/xc-clocked-input-and-output Is this on the right track or not? I would use unsigned ints of course (I get a little cringy now w/ just ints) and I’m not sure I like the toggle function.

Wael September 10, 2015 8:49 PM

@Clive Robinson,

if you are reading this, I hope you are well.

Thank you, so long as the sentiment is no attached to the condition that I’m reading this 😉 But since you spelled “if” with only one “f”, then that’s not the case 🙂

name.withheld.for.obvious.reasons September 11, 2015 2:57 AM

@ Clive Robinson

I have suspected for some time that many of the regulars here suffer from insomnia based on the times they post…

Are you kidding Clive, I don’t know about you but this forum must be full of “type A” personalities. People that are puzzle masters, mathematicians, physicist, engineers, and others that are probably running on a continuum, the infinite line of curiosity, where institutional bias, in the form of the USG, forces one as witness to the/a “existential” threat to the future.

By the way, the topic I brought up earlier, where’s the CIA, is taking shape and it is much as I suspected but I need to flush some facts out before providing a follow-on.

Clive Robinson September 11, 2015 3:46 AM

@ John Gaut IV,

this seems to simple to be robust

Going only by what it says in the article you link to, “it is and it isn’t” sufficiently robust depending on your view point and the scope of view of an attacker.

Basicaly the method is a simple hand substitution cipher based on a grid, usually used to make a simple substitution table [1], and a “faux random walk”. Such hand ciphers have been around for hundreds of years and are fairly easily broken by hand if,

1, The ciphertext is sufficient in length,
2, You have several messages under the same key to give you sufficient length,
3, You have sufficient plaintext at a known position in the ciphertext.

In the case of this “system” the resulting ciphertext is going to be short, and thus well below the unicity distance(1). However the corespondence in length between the ciphertext and the service name would be a bit of a give away(3). And finally if someone can see what you type in for several services then they may get sufficient length(2).

For the system as described in the article the bit about the top row of the Linotype printing press keyboard is more padding than meat [2].

Further as given the system has the same flaw as bio-metrics, in that you can not change the password… Which may or may not be a problem for many people.

[1] Such alphabet grids are usually formed with a pass phrase from a poem or saying that is easily remembered or selected from a book both the sender and receiver have. Often all you do is write the numbers in first in a fixed pattern, then remove the duplicate letters from the phrase, then write in the “a sin to err” letters in the order they appear in the phrase, then the rest of the letters in the order they appear in the phrase, finally followed by the remaining unused letters of the alphabet in alphabetical order. Importantly you then “reorder” the table by two digits one for vertical one for horizontal and write the result down underneath the alphabet and numbers to make your substitution table [3][4].

[2] The reason for pulling the EATOIN to the top of the grid and top row of on a Linotype keyboard is the same as the reason those same letters are the shortest to send in Morse code… they are the most frequently used in English at the time. You can remember the order these days with “eat on irish” then remove the duplicate ‘i’ for “eatonirsh” then –depending on who’s frequency table you use– swap the second and third letters in from the ends for ETAONISRH. You could then remember to add “lid” to the phrase to get ETAONISRHLD for the frequency order for the majority of the most used letters in English.

[3] The last stage of transposing the rows and columns of the grid is more usefully applied to the plain text of a message. That is you write out the message in grids and then read it out in a secret way, thus transposing the plaintext making many “known plaintext” attacks at best difficult.

[4] If you write the table out verticaly twice it’s sometimes called a “rod” if you make four rods and put them in a “slide” frame you can make a paper analog of the Enigma cipher machine. Such a slide frame and pre-made rods were used extensivly by the allied maritime forces during WWII, unfortunately they did not use them in a sufficiently secure manner.

Clive Robinson September 11, 2015 4:51 AM

@ Figureitout,

I figured I caught you during tea break and you were scarfing down a biscuit w/ haggis or whatever the hell you Brits do. 😛

There was me figuring that you would have dropped in to “The land that is the cradle of engineering” when you did your “Grand Tour” of Europe when younger…

Just so you know Haggis is a Scotish dish, of a sheeps stomach, filled with oatmeal, pepper and the choped lungs etc of the sheep. That arguably is an import from Northern Europe that also gives us “sausages” as opposed to Southern European “Salamis”, that is they contain less fat which is replaced with grain based products and water and thus need to be cooked and eaten fairly quickly unlike the salamis that can last more than a year and be eaten raw. The reason for the grains and water is the fat is to valuable to waste in what is otherwise a “scrap meat” dish, and could be used for candles and lamps, and the predominant method of cooking was by heating in a cauldron, which is why those in the north of europe were variously called sausage or pudding eaters.

As for “biscuits” in the Southern US that is what the English call “scones” and the Scots amongst other things call “drop cakes”. English biscuits are an all together different thing, and a later invention when sugar became less of a luxury item.

I happen to like haggis in a large soft bread roll (bap) and unlike many Scots I like it with a runny yolk “sunny side up” fried egg, or if I’m feeling “up market” with a poached egg and hollandaise sauce in one of the Scotish variations of “Eggs Hollandaise”.

Clive Robinson September 11, 2015 9:13 AM

@ Figureitout,

First a bit of background.

The first rule of TEMPEST is to “reduce emissions” this is primarily done by reducing both power and bandwidth to any unintended signals that might be “emitted” from the system. However you also need to “break synchronicity” such that signals that are emitted carry little or no information that can be cross correlated with other signals that might be emitted by the system to reveal information.

The rules of EmSec include all of the TEMPEST emission rules and a whole bunch of rules to reduce “susceptance” to signals that might be targeted against the system either inadvertantly (proximity in use) or directly (illumination) by an attacker. Many of the susceptance rules are effectivly the same as the emission rules, which is not that suprising when you consider the majority of transducers are bidirectional. However some rules are due to the nature of the attacks. TEMPEST attacks are all “pasive” in nature and the attacker effectivly has no influance on the system they are “listening” to. EmSec attacks however include the TEMPEST listening attacks, active disruption attacks, and the more subtal attacks that alter the functioning of a system whilst it is in use.

Whilst there are many formal “hard” rules –such as how far cables are to be appart– these are generaly aimed at technicians and operators not design engineers. Those designing equipment have more general “soft” rules that can be better expressed in even more general “informal” rules. The hard and soft rules are usually “classified” or considered secret the informal rules in general are not. All the rules wether clasified or not can be derived from basic principles, much of which will be found in the open literature. The reason for keeping rules classified can be seen in a couple of books Peter Wright’s “Spy Catcher” and Gordon Welchman’s “Hut Six Story”. Essentialy the idea is the “genie in the bottle” principle, Spy Catcher tells you about “Theremins Thing” or “The Great Seal Bug”, the use of LF/MF to “jump the hook switch” in old style telephones and the coresponding “audio side channels” whereby listening to the sound made by mechanical devices like the old cipher machines leaked keying information, thus if the genie escapes from the bottle fairly easy preventative steps can be taken by potential surveillance targets. Likewise Gordon Welchman talked about the principles of “traffic analysis” and it does not take much serious thought in that direction to see the deficiencies of many communications systems including quite modern ones like ToR.

That said, back to your question,

So do you mean having a separate crystal for in and out? If so how do they synchonize? Or done by same one? I want to do it w/ a micro, 1 micro suffice or minimum of 2? Ah, and how can you be sure you’ve done it properly?

All things in engineering are “trade-offs” the trick is to find the right “sweetspot” for what you are doing, and obviously one input into this matrix is your “security threat” risks considerations.

The problem with risks is you neither know them all or give them the nor give them the correct weighting. So you can never be sure you’ve don it properly… Get over it smile and get on with what you can do and quit worring about what you can’t do, otherwise you will end up like a bird in a Swiss clock 🙂

The general informal rule for clocks in EmSec is “one or none” when you look at individual blocks within a system or groups of blocks that make up a system. If you feel your brain has just started to turn into a corkscrew on reading that don’t worry that’s normal with the rules and why there are rather less EmSec engineers than there might otherwise be. Don’t worry I’ll explain more in a way that should hopefully straighten things out in a soothing manner.

You gave a link to a web page and I’ve quoted the first couple of sentances,

    Many protocols require data to be sampled and driven on specific edges of a clock. Ports can be configured to use either an internally generated clock or an externally sourced clock, and the processor can record and control on which edges each input and output operation occurs.

Whilst this is a “communications engineer’s” view of the world it’s not an “EmSec enigineer’s” view of the world, they would stop at “sampled”.

In EmSec you don’t want to be working with edges of signals at an input because that makes you open to “Synchronization Attacks” and “Jitter Attacks” which not only make your system transparent to data leakage, they also alow an attacker to improve “Power Analaysis” and “Fault Injection” attacks, all of which you are trying to avoid.

Further in EmSec you also would like two often opposing things in input signals,

1, The signal to be “asynchronous”.
2, The signal should be “free of DC components”.

The problem is that the in most cases eliminating DC components means putting it on some kind of synchronous AC signal…

The classic example of this is to generate an RS232 data signal and phase reverse key it with a clock signal where the baud rate is the same as the clock rate (ie one full cycle for each bit period for RS232). Whilst there are other signaling methods that don’t have the same clocking issue, they are usually grossly inefficient in some other respect (“You nary get ‘ought f’ nought”).

But let’s stick with RS232 asynch signaling for the moment and not worry about DC offsets. Very clearly the waveform has “edges” and likewise in a non asynchronous connection the pulse width is a little indeterminate. If you look up “bit banging software” the way it works is an edge triggers a timer and after a period of time that is aproximately half the baud duration the level on the line is sampled. Provided the length of the message is short –usually 10baud or less for RS232– you only need trigger the timer once and sample after half a baud period, then at every full baud interval there after for the duration of the message. So if the timer runs around 10baud you sample at every odd multiple of 5baud (5,15,25,35…).

The thing about such sampling is you can extend the length of the message by making the sampling quasi synchronus but with ditther to break the synchronisity further into the system block where it does most harm from the EmSec perspective.

To make the clock quasi synchronus you “measure and average” that is you adjust your next sample point by the corrected average of the preceading baud periods. To break the down stream synchronisity you add a “ditther signal” to move each actual sample point upto plus or minus a quater of the baud period on a random basis.

You also use “store and forward” / buffering techniques as this vastly reduces the bandwidth available to tricks involving moving the asynchronus messages in time. Obviously storing messages before processing them adds latency to the signal proportional to how much you have stopped down the message bandwidth.

With regards the informal TEMPEST/EmSec rule of “one or none” on system clocks you can see that the above sampling techniques breaks any clock dependence from the signal transmitting block to the receiving block. So each system level block can have “one” independently clocked input block used to “re-time” it’s onward message transmission. If you have several “trusted” blocks in succession within one trusted system then provided the first block decouples the data and untrusted data clock at it’s input the successive stages within that trusted part of the system block can use the same clock.

I hope that gives you enough to productivly think about for now.

Oh one last informal TEMPEST / EmSec rule “Fail hard and long on error”, it’s another way of shutting time based side channel leakage down, as well as stoping some fault injection attacks. If done correctly an attacker will find their bandwidth reduced even further, which is part of the aim of the TEMPEST/EmSec game.

Curious September 11, 2015 9:39 AM

Self destructing computer “chips”:

“Xerox PARC’s new chip will self destruct in 10 seconds”
http://www.pcworld.com/article/2983015/hardware/xerox-parcs-new-chip-will-self-destruct-in-10-seconds.html

“Engineers at Xerox PARC have developed a chip that will self-destruct upon command, providing a potentially revolutionary tool for high-security applications.

The chip, developed as part of DARPA’s vanishing programmable resources project, could be used to store data such as encryption keys and, on command, shatter into thousands of pieces so small, reconstruction is impossible.”

Thoth September 11, 2015 10:33 AM

@Curious
re: Self-Destruct Glass Chip

If you look at encryption, the important parts are the encryption keys. Of course the program memory in volatile and non-volatile non-crypto key memories are the next most important to destroy.

There are two general triggers to self-destruct. One is a manual input and the other is upon a pre-defined security parameter. A manual self-destruct is quite straight forward an obvious but the fact is how fast can you reach for the kill switch ?

Let’s put in a combat scenario. What if a comms set on a KIA personnel still running were to be picked up (and still working) ? The other one is being captured by hostile forces. These may present a difficulty or impossibility of hitting the button.

The other scenario is picking up a comms set that has been locked and OPFOR (Opposition Force a.k.a Enemies) decides to decap the chip carefully to inspect it for the keys. This falls to hoping the OPFOR engineers making mistakes and tripping the pre-defined security parameters (tamper switches / parameters) on a running but locked or off-line chip. We know that tamper protection only have that many tricks up it’s sleeves. Let’s give the tamper parameters a quick rundown of the common stuff.

Passive shielding, messy glue logic (messy circuits to confuse intruders), voltage and frequency detectors, light spectrum detectors, armed with internal clocks to detect clock glitches, radioactive detectors and combo of passive shielding baked into messy glue logic that includes storing data all over the chip and finally one that Infineon introduced is multiple-core self-checking CPUs.

There’s always a chance of what-if those smart guys in the OPFOR doesn’t fall for the tricks and manages to bypass all the tamper circuits and grab the data. Because the tamper switches were not triggered, the chip would not self-destruct.

Self-destructive glass chips are obviously a nice to have feature but we still have to remember that there are still no known way to fully protect a chip if captured.

Thoth September 11, 2015 10:36 AM

@Clive Robinson
re: Side-Channel Influencing of Chips

You mentioned in the past that backdoors on chips can be made passive just like the Great Seal Bug and only wake up when a particular waveform hits the chip.

What if the chip is a multi-core chip running active noise generation to prevent side-channels. Will the backdoor inside the chip not trigger if hit by a pre-defined secret waveform while the chip is running active noise generation to try and dampen any noises coming in or going out of the chip ?

meanwhile September 11, 2015 11:03 AM

hopefully this will not be a problem for server admins in enterprise environments, where they may have a need to run a specific version of Windoze

Microsoft forcibly downloads Windows 10 whether you want it or not
http://betanews.com/2015/09/10/microsoft-forcibly-downloads-windows-10-whether-you-want-it-or-not/

Microsoft is downloading Windows 10 to your machine ‘just in case’
http://www.theinquirer.net/inquirer/news/2425381/microsoft-is-downloading-windows-10-to-your-machine-just-in-case

Ed September 11, 2015 11:12 AM

another DARPA project…behold, the dielets

Teeny Tiny Guardians of Our Chips
http://www.darpa.mil/news-events/2015-09-04

Lilliputian electronic tamper-watching sentinels affixed to virtually every chip built into commercial and military systems. Their future job? To safeguard against an expanding arena of 21st century crime that could threaten the trustworthiness of just about anything with a chip in it—from smart credit cards to engine- controlling automotive computers to F-16 fighter-jet radar systems. Counterfeit, cloned, and otherwise doctored electronic chips already are circulating in markets and the problem is only likely to grow in the coming years

…each of these dielets will host up to 100,000 transistors and have features and functions remarkable for their scale, among them two-way radio communication, on-board encryption, an energy harvesting function that casts away the need for a battery, and passive sensors for tamper-detection—all the while consuming less than 50 microwatts and costing the equivalent of the portion of a penny occupied by Lincoln’s head, that is, a fraction of a cent.

Nick P September 11, 2015 12:12 PM

@ Ed

There’s no way that will accomplish what they’re saying. Or slim possibility. The problem with subversion is of hardware is that the design or implementation might be modified to compromise it. That means you somehow have to look at the chip’s interface or nanometer insides to spot the modification. Most reliable method right now is a company like ChipWorks tearing it down and imaging it with cutting-edge equipment. Putting a chip in a chip in a situation where chips might get manufactured wrong doesn’t address the actual problem.

I think what they describe is an RFID replacement with optional tamper-detection. That overall program, though, will probably produce some interesting stuff that is useful for real. Their others have all contributed something interesting.

@ All

Hacker News reported on a page about the Borland Turbo Pascal compiler and how to build it with code. This isn’t the original compiler everyone loved. Might be a good lesson. However, the comments on HN are the real value here. They show why the real one was great but more importantly why people should’ve chosen it over C. They also point out that this type-safe, memory-safe, high-level language was also used on various 8-bit machines. I knew it was ported to them but not that it was a common way to do apps. The video game scene also used Pascal.

Unfortunately, Worse is Better, so development shifted to building on C and C++ instead of Pascal. Tons of interface and implementation flaws resulted along with unreadable code and huge, compile cycles. It took mainstream two decades to go back to Pascal’s style in the form of Go. Many benefits people ascribe to go applied to good ole Turbo Pascal. Shows a few modifications could’ve improved it dramatically had people invested effort in right place.

The lesson: identify the stuff with the best attributes and build on that. There’s tech right now that’s best at solving all kinds of problems. Use it, fix its problems, and integrate it with similarly superior tech. Result is that we’ll have better stuff to work with.

Wael September 11, 2015 5:25 PM

@Figureitout,

… is just busy, won’t speculate

Being busy never stopped me from posting here. The reasons are personal, and I can’t share them. Thanks for not speculating, you are an officer and a gentleman 🙂

Thoth September 11, 2015 6:23 PM

@Ed, Nick P
SHIELD or not, this is another blackbox chip. The future of any chips might be multiple boxes in more boxes that are eventually almost all blackboxes. Not gonna be nice… If it is used as backdoors, it would be a rather obvious one though.

Figureitout September 12, 2015 2:59 AM

Clive Robinson
Just so you know Haggis is a Scotish dish
–Yep we used to tease (jokingly) a Scottish man about that at an international school. And I remember seeing it at a London hotel breakfast buffet and knew better than to try it…I’m a bit Irish though and think I eat a bag of potatoes a month (having a “frituur” down the street in belgie was not good for me lol)…

However you also need to “break synchronicity”
–I don’t understand how connections are made then, have quite a bit to study in this area…

All things in engineering are “trade-offs”
–Yep seeing this first hand thankfully right away, feels like sometimes finding the “sweet spot” is basic brute force…

I hope that gives you enough to productivly think about for now.
–Yep, thanks, stuff to chew on. Can’t add much that isn’t regurgitated public info or repeating common sense. Something a circuit class focused on first out of nowhere was mutual inductance which is current getting coupled from one inductor to another so EMSEC related (inductors close to each other, they also vibrate audio noise). None of my first designs will be EMSEC-safe so I’ll probably lean towards shielding low battery-powered MCU’s when I may make something commercial…

Wael
–Even though you’re making me curious please don’t share them. Hope it works out whatever it is. 🙂

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.