Friday Squid Blogging: North Coast Squid

North Coast Squid is a local writing journal from Manzanita, Oregon. It's going to publish its fifth edition this year.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on January 22, 2016 at 4:19 PM • 140 Comments

Comments

albertJanuary 22, 2016 5:11 PM

Cooper is an idiot. What do you expect from a ex-cop.

It's gotta pass first. I don't imagine Google and Apple will allow it. Right in their own backyard! Imagine!

It would be fun watching Kalifornia collapse into economic oblivion. At least we could get some useful statistics...

. .. . .. --- ....

Alien JerkyJanuary 22, 2016 5:56 PM

I have an LG Android phone. rarely use it. It sits on my desk most of the time, and even if I take it with me, I rarely use it except for an occasional business purpose.

After T-Mobile sent out the previous Android update, I noticed that if I start to swipe to open the phone, but do not finish, or it just sits there, after a moment a message pops up saying facial recognition something. Apparently Android has added facial recognition something as part of, well being evil.

Here is the part that gets good. Since I rarely if ever use the camera, front or back, (I am not an insecure narcissist who takes selfies) I put a piece of black electrical tape over both camera lenses.

My battery now lasts two days longer! Even though I never use the camera function. Makes me wonder what is accessing the camera.

So as an experiment, for two weeks, I removed the tape. two days fewer life on the battery. Put the tape back on, two days longer on battery life. Repeatable. Hmmm....

Alien JerkyJanuary 22, 2016 8:09 PM

@Godel

LG Optimus L90. No apps installed, and every option for spying disabled in the setup menus.

Leonhart231January 22, 2016 9:47 PM

@Alien Jerky
I have a theory. Lots of phones have light sensors near their camera. Perhaps the tape is covering the sensor, making it believe that it is dark out, and dimming your screen accordingly. That'd certainly make your battery last longer. If you're up for some science, try putting tape around (not over) the cameras and see the effect that has. Then let us know the results next week, because that's quite interesting if I'm wrong.

65535January 22, 2016 9:58 PM

Cooper [D-Elk Grove] is a hypocrite. He is sworn to uphold the laws of the United States of America – including the Fourth Amendment. Yet, he says, “Human trafficking trumps privacy, no ifs, ands, or buts about it." This is sensational non-sense. It goes against the very laws Ex-sheriff Cooper has sworn to up-hold.

http://arstechnica.com/tech-policy/2016/01/yet-another-bill-seeks-to-weaken-encryption-by-default-on-smartphones/

Further, this same argument which 'Trumps Privacy, no ifs, ands, or buts about it' could be used for petty vice crimes – or any crime for that matter. Just had any word you want to the front of his sentence and you get to win. “Pot trafficking trumps privacy, no ifs, ands, or buts, about it.”

Further to compound his hypocrisy, he as a law enforcement officer, uses encrypted communications all the time - encryption for him but not for the average Joe.

He even has an iPhone which supports encryption at this moment. Ex-Sheriff Cooper should set and example for the rest of us and toss his personal iPhone in the toilet – eliminating its ability to send encrypted messages that cannot be broken.


WaelJanuary 22, 2016 10:45 PM

@Leonhart231, @Alien Jerky,

I have a theory. Lots of phones have light sensors near their camera.

Your theory is correct. It could be "wrong" if @Alien Jerky left the phone alone until the two days are over. In this case, the phone will go to sleep, and the screen will be turned off. The effect of covering light sensors will be negligible. Now supposing the phone isn't touched by a user for the two-day period, and the results are the same, it then means the phone is periodically "woken up". In this case, covering the sensors my account for the apparent savings in power consumption.

NobodyJanuary 23, 2016 12:44 AM

@California Encrypt Phones Bill...


"Human traffickers are using encrypted cell phones to run and conceal their criminal activities," Cooper said in a statement on Wednesday. "Full-disk encrypted operating systems provide criminals an invaluable tool to prey on women, children, and threaten our freedoms while making the legal process of judicial court orders useless."


Was this guy supposed to have been a cop? Because he sure does not understand basic concepts of evidence and the principles of logic which pillar it.

Cooper, who was a captain with the Sacramento County Sheriff's Department for 30 years

That is really sad. And he was promoted? What did he do to get promoted, I wonder.


So, of course, any reader understands that depicting some horrific situation and then coupling that without any strand of logic to something else will defy the mind of the very simple. But, it certainly does not work with those who consider evidence and weighing matters honestly as a critical principle to adhere to.

Glad he is no longer in "service".

("Service" in quotes, because obviously incompetents do nothing good for anyone other then their own self, and even for their own self, in the long haul -- they only are self-destructive.)

To be fair: a lot of people will listen to this kind of argument because they do not have any interest in matters like evidence, reasoning, or even logic.

Good, bad, weighty, light -- it is all the same to them.

What is taking a few dollars to 'look the other way', to these sorts of "cops".

They have no self-control.

Sermon aside, some hard facts, which everyone here knows:

a. smart phones are trivial to hack from many angles
b. at the telco level the routes of hacking the suspect are many and entirely powerful regardless of encryption provided by the phone vendor
c. phones of suspects may be pinpointed by their imsi so that their encryption is always downstepped/turned off
d. OTA "over the air" updates may be pushed covertly to supply complete root kernel of any user's phone, at any time
e. "imsi catcher's" are extremely cheap (to make, anyway), simple technology, and can be pointed at any suspect's location to force their phone to complete disregard any encryption
f. if you believe that phone traffic is encrypted end to end for the telco, you are nuts -- they have to decrypt that traffic for the very legitimate reason of ensuring no one abuses their networks, at the very least
g. like any embedded system, phones are not magic, despite their daunting specifications and performance, security absolutely was foregone in the making of these phones... and the government employs countless teams working day and night through out the country coming up with security vulnerabilities that can compromise handsets by a very wide variety of attack vectors highly unlikely to be found by the vendors or outside security researchers for ages to come


Some here may dispute some of these points. No one would dispute the general gist of it, however, that phones are exceedingly easy to hack -- even if they have never done this. Why? Because it takes about five minutes to perform such google searches, and about an hour of anyone's time to sit and watch some videos or read some files.


But, this is a reality. Society is progressing. And this means that there remains 'out with the old', 'in with the new'. Knuckle dragging savages who feast from their strength are discarded, and the wise and meek take their places. Will anyone mourn the past ages. I think not.

They are simply mocked by future generations, and worse, held up as objects of horror -- if they are not simply ignored entirely.


Apologies for the strong words, but I do believe all agree that such people have no place in law enforcement, and less place in elected or unelected positions.

What we have today, is a remaining zoo, of sorts. It is temporary, surely, is my ever optimistic opinion.

NobodyJanuary 23, 2016 12:59 AM

@Alien Jerky

One of the most hated phrases for privacy advocates is "if you have nothing to hide, you have nothing to fear". Or something like that. And that is fine. Because the reality is that if you speak what is true, or wield what is weighty, you have many reasons to be wary as an honest person who means no one else any harm. Because people envy those who have better lives then theirs, and they are capable of great crimes against them because they themselves have no future.

I believe the argument is good, that blacking out the light sensor would lower your display lighting, thereby saving lighting. But, the larger picture is -- if you did catch someone hacking your phone at such a level (governmental, likely)... what of it?

Your best course of action is to let them see you live your life, and know they feel horrible, because they watch you feast, while they go without.

Surveillance is a way to trap the surveillor in the case of those who have a good life. They can watch, but they can not have. There is no more suitable torment for them, then to provide them the evidence of their own lacking.

Is that "alien" enough logic for you? :-)

ThothJanuary 23, 2016 1:09 AM

@California Encrypt Phone Bill et. al.
Just a little nitpicking on the words used during the speech:

"Full-disk encrypted operating systems provide criminals an invaluable tool to prey on women, children, and threaten our freedoms while making the legal process of judicial court orders useless"

1.) How is FDE protected phones going to threaten the freedom of the people ? Isn't he ability to use strong encryption without backdoors and coercion the actual freedom that the bill is attempting to kill off ?

2.) How is a FDE protected phone going to be invaluable to child and woman molesters ? The FDE security model is somewhat weak and can be easily subverted with modest efforts and proper authorization from the courts to carry out single target subversion.

3.) A $5 wrench and some cheap rubber hose could make a person start talking and giving up his passwords. Of course runberhose cryptanalysis is suppose to be illegal but they are used in differing forms anyway. Shouldn't that make passwords meaningless to a bigger degree ?

Most of those speeches are done for political and personal gains rather than actual benefit for society. All it matters is which politico can capotalize from their actions.

NobodyJanuary 23, 2016 1:15 AM

@albert

Cooper is an idiot. What do you expect from a ex-cop.

To be fair, there actually are good cops. That is a problem. The bad cops who lead them astray and "get a head" in their careers by their tendency for 'greasing the palm'. You should feel sorry for his political backers as an "assembly man" (which is a ludicrously weak position in politics).

The sick reality of political fixers is they will literally put in political positions weak candidates who say really stupid things just so they can get their opposing candidates tenable ground.

This may mean we have to waste our time with "moral outrage" which is quite righteous, but the reality is that cynicism does not just work for the guilty.

Of course, however, I do understand your context, as we should understand Cooper's. Your context is probably only a bad "cop" would read your comment, and so feel outraged, because of their guilt. Likewise, however, Cooper was hoping that maybe there was enough of a political base in Sacramento and - laugh - California - to gain traction with his bill.

But he was just a strawman, a paid object of mockery, a professional clown not in on the joke... put in power by cynical people who are not as immoral as you may think, if only because that level of immorality does not serve their own best interests.


Unbenowst to Cooper, he went to Clown College in Sacramento. He graduated with full honors. And now, he is before the world, demonstrating his mastery of the concept of shame. We should all view him as the paradoxical zoo creature which he is. This, like you, is also human. Only cursed, and terribly ugly.

How, then, can you be otherwise? It is a shocking and fascinating paradox.

Same reason people like "reality" tv.

;-)


NobodyJanuary 23, 2016 1:36 AM

@Thoth

1.) How is FDE protected phones going to threaten the freedom of the people ? Isn't he ability to use strong encryption without backdoors and coercion the actual freedom that the bill is attempting to kill off ?

To be honest, Cooper has never had any manner of privacy. He sells his intimacy to maintain his job position. That is what he does for a living. This is clearly what he has always done for a living. Because no professional would ever get up on stage and make themselves out to be such a a naked fool unless they had no concept of shame.


But... enough of my larking. LARKing?

I probably meant lurking.


But, for corrupt California politics and cops, I would strongly suggest Season 2 of True Detectives... and this awesome opening song: https://www.youtube.com/watch?v=N3HbrfV0hJM

No Cthluhu mention, but not at all bad, for an old fart who is actually a real live Poet.


With a capital "P". :-) :-)

Joe KJanuary 23, 2016 3:19 AM

This looks interesting:

Bug 1232689 – Add Root Certification Authority of the Republic of Kazakhstan (root.gov.kz)
https://bugzilla.mozilla.org/show_bug.cgi?id=1232689

Some discussion can be read here:
http://www.metzdowd.com/pipermail/cryptography/2016-January/027842.html

Those in the self-styled Free World inclined to chortle "LOL,
Kazakhstan!" might first take a moment to ponder the lesson implicit
in Sacha Baron Cohen's illuminating demonstration, here:
https://www.youtube.com/watch?v=Vb3IMTJjzfo

CuriousJanuary 23, 2016 4:24 AM

"VICE News Investigation Finds Signs of Secret Phone Surveillance Across London"
https://news.vice.com/article/vice-news-investigation-finds-signs-of-secret-phone-surveillance-across-london

"Signs of IMSI catchers — also known as stingrays or cell-site simulators — were found at several locations in the British capital, including UK parliament, a peaceful anti-austerity protest, and the Ecuadorian embassy."

Somewhat related I guess: When I first heard about London having lots of surveillance cameras years ago I didn't think much of it, but now, I can't help but wonder if there are too many of them, as if this was some kind of mass surveillance.

CuriousJanuary 23, 2016 4:37 AM

HackAday with an post/article about Intel's management engine:
http://hackaday.com/2016/01/22/the-trouble-with-intels-management-engine/

As for this stuff, not being a security researcher, nothing I feel comfortable commenting on:

"The Intel ME has a few specific functions, and although most of these could be seen as the best tool you could give the IT guy in charge of deploying thousands of workstations in a corporate environment, there are some tools that would be very interesting avenues for an exploit. These functions include Active Managment Technology, with the ability for remote administration, provisioning, and repair, as well as functioning as a KVM. The System Defense function is the lowest-level firewall available on an Intel machine. IDE Redirection and Serial-Over-LAN allows a computer to boot over a remote drive or fix an infected OS, and the Identity Protection has an embedded one-time password for two-factor authentication. There are also functions for an ‘anti-theft’ function that disables a PC if it fails to check in to a server at some predetermined interval or if a ‘poison pill’ was delivered through the network. This anti-theft function can kill a computer, or notify the disk encryption to erase a drive’s encryption keys."

ThothJanuary 23, 2016 5:23 AM

@Curious
The usual excuse with the notion of backdoor for most vendors is remote management, emergency accounts or a forgotten access account by the developers. I wonder which one they will use this time ?

Clive RobinsonJanuary 23, 2016 5:41 AM

@ Curious,

When I first heard about London having lots of surveillance cameras years ago I didn't think much of it, but now, I can't help but wonder if there are too many of them, as if this was some kind of mass surveillance.

I read the article a while ago and one obvious implication is that they were doing "mass surveillance".

But the million dollar question is at what level...

The Met Police are known to be running their own equivalent of a Homeland Secret Service (think focus MI5) with agent provocateurs, spys and "black bag jobs" (they might even do "wet work" for all we know). They have certainly done an incredible amount of harm including illegitimately fathering children whilst doing under cover work.

The thing is that although they can get "phone records" they may not be of any use in identifing potential targets. It's why the TAO catalogue advertised "Find Fix & Finish" tools (think about some of the El Chapo questions like "is who they have the real El Chapo or a double").

Thus crossrefrencing phones via IMSI time logs and CCTV footage will potentialy reduce the number of candidates for identification.

Whist this may sound like the long and hard way to do this it has the advantage that involves few if any third parties outside of "the read in" group. Thus reduces information leakage to "tip off suspects", provide trails for defendent defence investigation or worse still give journalists leads, which would reveal more of their immoral / illicit / illegal activities, primarily in support of "big business", not to catch criminals or terrorists. That is ordinary law abiding people expressing their political rights through legitimate protest...

This of course leads on to the question of "coruption" in the Met Police at high levels... not the old fashioned cash in brown envelopes --though that does go on-- but the early retirment into very cushy well paid minimal work posts. In some cases with the very people they were involved with the investigation of...

Duck N. DodgeJanuary 23, 2016 7:04 AM

"Curious" mentions the home brewed ssh back door in Fortinet products, which the company "discovered" in old products, then "discovered" again in new products. A security device company that didn't know it's security devices have back doors, twice? Not inspiring, is it? The question becomes, is this due to incompetence, design or both?

Makes you wonder how much American security software and hardware has similar undiscovered code and secret administrative user access?

However, there is some progress being made at the state level.


Wired Magazine mentions "16 states.... with the advice and coordination of the American Civil Liberties Union, introduced bills designed to shore up Americans’ privacy" For example, stingrays may be outlawed or strictly controlled altogether.

The legislative proposals point out long lasting problems though. One, it is established fact the federal government is totally useless when it comes to electronic privacy and civil rights. If anything, Congress, the President and Supreme Court absolutely oppose a right to be 'let alone'.

Another problem, technology develops faster than law making. For example, stingrays may become obsolete when the new generation of self driving and "connected" automobiles roll out with multiple, inescapable mass surveillance baked into every inch of the vehicle.

I don't see an end to it in the near future. Do you?

It would be helpful if more coders came forward with information exposing secret surveillance code, however.

Lets Encrypt!January 23, 2016 7:51 AM

Quite amusing that the security experts at PC Mag, Arstechnica and a host of security forums insist on maintaining hopelessly insecure http URLs, instead of investing in a free & automated SSL/TLS certificate AT ZERO COST.

Actions, not words, ye defenders of the realm... need they be reminded that http injection is a favorite tactic of the U.S. shadow government agency that touts the mission to save our freedoms and way of life by destroying our freedoms and way of life?

https://letsencrypt.org/about/

Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG).


The key principles behind Let’s Encrypt are:

Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost.
Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal.
Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers.
Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect.
Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt.
Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization.

Re: Mass surveillance with cameras, the only question I have is how far along are they regarding automatic detection of the hoi polloi with their Big Brutha camera network?

The end goal is obvious - tracking the plebs from sunrise to sundown every time they leave their house. It is only a matter of time, so don't be shocked when the whistleblower comes forth in the coming years.

CAJanuary 23, 2016 9:06 AM

Cooper, poster child for law-enforcement IQ caps. Cooper is the classic law enforcement stooge - he's going to stop child abuse at all costs to your rights. Yeah right. Watch what happens when they've got real live child abusers right in front of their noses, like at the Presidio.

http://www.whale.to/b/pedophocracy.html

Cooper gonna sneak away like a little coward bitch, like they all do.

Here's how Comey gets his private stock:

https://twitter.com/bradheath/status/690267758467137536

BoppingAroundJanuary 23, 2016 9:19 AM

re: nothing to hide

I've just imagined taking a good dump somewhere in public and screaming, 'I am
an honest citizen! I have nothing to hide!' when the coppers would come and
take me to some secluded, less-than-comfy place. Forgive me my impure thoughts.

rJanuary 23, 2016 10:14 AM

@the cop in California,

He's just mad he can't find his favorite hooker anywherez.

Her and her pimp prolly had some bad mamajama info on him and now they've went dark.

NathanialJanuary 23, 2016 10:16 AM

Re: Assembly-member Jim Cooper [D-Elk Grove] and his California Encrypt Phone Bill. It's probably nothing more than “Bell Ringer” bill. So what's a “Bell Ringer”?

Assemblyman Dudley DoNothing proposes a piece of legislation that will restrict, regulate, or adversely affect a particular industry or manufacturer. He knows it doesn't have a snowflakes chance in Hell of making it out of Committee, much less becoming law, but that's not the point. He gives a rousing speech on the chamber floor (Think of the Children!) and submits the bill. The now alarmed target of the bill is forced to hire a couple of prominent and highly paid lobbying firms in the Assemblyman's district. The lobbyists know the drill, and extort as much money as possible from their new client. They take Dudley out, wine him and dine him, and who knows, there may be an all expense paid golfing trip to Scotland thrown in. A PAC is formed, and a very healthy “campaign contribution” is passed along to Dudley. Dudley then sends out a letter to his constituents proudly exclaiming that he proposed a bill to “Protect the Children”

Legalized extortion, American style. They all do it. Everyone involved knows the game. The only ones in the dark are Dudley's constituents, who naively believe that Dudley is working hard, for them.

TõnisJanuary 23, 2016 10:20 AM

@Leonhart231, @Wael, and @AlienJerky

There are of course sensors (light and other) on most smartphones, but @Alien Jerky also mentioned getting a glimpse of text mentioning "facial recognition."

rJanuary 23, 2016 10:23 AM

@tonis,

I get a message remotely similar about my face bring too close or covering the 'proximity' sensor, until he gets a better look at that message its going to be up in the air.


@alien jerky,

Thanks for one more thing to be nervous about, you sure your update came from T-Mobile?

Little GrasshopperJanuary 23, 2016 10:38 AM

"Installing the Let's Encrypt Client on CentOS 7.x
Code:
yum -y install git
cd /root
git clone https://github.com/letsencrypt/letsencrypt
cd /root/letsencrypt
./letsencrypt-auto --verbos"

...and that's just the beginning.

I am totally for Let's Encrypt free and transparent. But, I need something that's comprehensible, too. The Achilles heel of encryption for the masses has always been complexity. Complexity breeds glazed eyes, drool and non-participation.

If I am not mistaken, based on going over the site, to install a free certificate on a website requires the web developer to be a Kung Fu Master of multiple versions of Linux. Sorry, I am not there yet.

Where is the one page that says: "Check the box to install the free cert on your site?"

ps: I not thrilled about OVH as a sponsor. There have been issues.

FlynnJanuary 23, 2016 11:31 AM

@Clive Robinson

"...primarily in support of "big business", not to catch criminals or terrorists. That is ordinary law abiding people expressing their political rights through legitimate protest..."

Exactly. This elephant in the room is the crux of 99% of the true motivation behind mass surveillance. I can't help but chuckle at all the professional/political/media/etc. discussion on this topic desperately framed in terms of the drug dealer-pedophile-terrorist menace. They all tippy toe around any discussion of the absolute certainty for abuse of these systems of surveillance while completely ignoring why such practices were made illegal in the first place. It would all be hilarious if it weren't so dire.

WaelJanuary 23, 2016 12:02 PM

@BoppingAround,

I've just imagined taking a good dump somewhere in public [1] and screaming, 'I am an honest citizen! I have nothing to hide!'

Correction: Ain't nothin' you can hide [2]. In their efforts to reduce users' friction [3], so to speak, you won't have to be 'somewhere in public'! A SmartTrone is coming to a toilet near you in the not too distant future.

[1] The probability of someone watching you is directly proportional to the stupidity of your action.

[2] As the saying goes: 'You can sh**, but you can't hide!'

[3] Pun intended... Constipated people don’t give a crap.

albertJanuary 23, 2016 12:08 PM

@Nobody,
Notice I didn't say Cooper was a bad cop. How would I know? Yes, there are plenty of good cops. The police, like any other citizen, -will- mirror the society they live in. Even good cops don't understand the implications of the surveillance state. Maybe I should have said 'ignorant' instead. Then again, 'idiot' is defined as 'foolish and senseless'...
. .. . .. --- ....

Just passin' thruJanuary 23, 2016 1:25 PM

@Duck N Dodge (and @Thoth and @Curious)

It would be hard to believe that Fortinet developers don't have a source code control system like git or subversion, which tracks who has been making what changes when to their source. So I assume they do, and they (should) know what account made the change and when.

It would be interesting (to Fortinet, at least) to talk to the account owner to find out why the change occurred. I bet they did, and the poor sap denied making the change (or had already quit, or died).

Elsewhere, I've read (https://www.schneier.com/crypto-gram/archives/2015/1115.html#4) that the NSA has an attack that allows them to crack selected products by precomputing, but this only works because these products have a baked-in RNG seed that never changes.

If the NSA were to use this capability, it most certainly be on companies like Fortinet, for precisely this purpose.

How to fix at-risk companies like Fortinet? I'd be interested in other's ideas. As I see it, virtually no amount of good practices and op-sec can prevent this from happening in the future. However, I do think that their product source code reviews should be occurring much more frequently than they are.

More generally, developers of products with baked-in RNG seed should be changing these regularly.

WaelJanuary 23, 2016 1:28 PM

@Tõnis, @Leonhart231, @AlienJerky,

also mentioned getting a glimpse of text mentioning "facial recognition."

Yes he did, it was caused by a manual trigger as he described below:

I noticed that if I start to swipe to open the phone, but do not finish, or it just sits there, after a moment a message pops up saying facial recognition something.

Alien JerkyJanuary 23, 2016 1:32 PM


Regarding the concept if you have nothing to hide ... I have much to hide. I design stuff. solve obscure very technical problems, and spend most of my time hiding in my self-funded lab working on my own projects. At times the spooks do not even try to be covert following me. Since I spent the past 30+ years in this type of work, mostly working by myself, it is normal for me.

VJanuary 23, 2016 1:40 PM

To see how how ridiculous FBI's anti-encryption hysteria is, just look at how a competent, independent judicial system busts a criminal conspiracy. Italian prosecutors caught a couple dozen co-conspirators in the crime against humanity of CIA's worldwide torture death camps. Catching super-stealthy CIA ninjas is like taking candy from a baby - when you do real police work, instead of trying to sit on your fat fed ass and peek out from behind a computer.

So now CIA's torture piccioti are franticly running and hiding from Italian courts. As their luck runs out (and it will - these are crimes with no statute of limitations) Italy will reel them in and make them sing. As soon as they bagged soldato Sabrina De Sousa, she was threatening to rat out the whole chain of command.

https://www.ansa.it/english/news/politics/2016/01/15/court-oks-ex-cia-agents-extradition_d9e3bab6-43b5-4e09-af2c-9a62dc55d20a.html

The Italians know how to destroy a mafia. And CIA is just another mafia, with their drug rackets and their pedo rackets and their money-laundering rackets.

rJanuary 23, 2016 2:03 PM

Fortinet and all these guys may just not be bound by some specificity of an NSL. It may be like how Google, Facebook and Yahoo gained the right to disclose how many times they had received government requests for data...

Alien JerkyJanuary 23, 2016 2:58 PM

The exact message that comes onto the screen...

SMART SCREEN
Face Detecting

Just do a partial swipe to open the phone and let it sit a moment. does everytime even with the camera covered. Went through all the settings and can find no reference to it.

Android 5.0.2
Kernel version 3.4.0+
Build Number LRX22G
Software version D41520c

DomJanuary 23, 2016 3:30 PM

@AlienJerky I just had a strange little bug on my Android phone today. Whenever my finger would get close to the camera, the screen would turn off and then come back on once I pulled it away. It has since gone away. It had to be the camera because my phone doesn't have a light sensor (it's a cheaper smartphone).

BoppingAroundJanuary 23, 2016 4:20 PM

Wael,
> SmartTrone

I'll nuke it into oblivion with a pie made of cabbage, milk, trout and
gherkins... You didn't misspell the capital T there, did you?

P DiddyJanuary 23, 2016 4:24 PM

@Nobody

"That is really sad. And he was promoted? What did he do to get promoted, I wonder."

We will never know. He used encryption.

TõnisJanuary 23, 2016 5:28 PM

"Yes he did, it was caused by a manual trigger as he described below:

I noticed that if I start to swipe to open the phone, but do not finish, or it just sits there, after a moment a message pops up saying facial recognition something."

@Wael, yes. Perhaps there's battery consuming facial recognition that takes place each time the user unlocks/wakes up his phone. It could be a background process of which a user would be unawar, until he just happens to swipe to open the phone and not finish thereby triggering the message. It's not normal to swipe like that, so the user ordinarily would not know about it.

ThothJanuary 23, 2016 5:39 PM

@Little Grasshopper
I guess if you are talking about Linux or FOSS for most part, you have to kind of expect the worst case scenario which command line or terminal entry is still quite OK. At least they don't dump a library and ask you to code with no help or comments which can be the case for some good amount of projects. It would be nice to have a one-click GUI for setting up a secure HTTPS server but for most part the more friendly ones are commercial ones. I would really recommend that you learn some basic terminal handling :) .

@Just passin' thru
Another possibility is the NSA might have gotten them a deal to put that backdoor in :) . There were speculations that the Juniper's Dual_EC RNG usage was either a deal with the NSA or NSA had entry into their systems by some means.

Little GrasshopperJanuary 23, 2016 6:08 PM

@Thoth

I am glad you responded because it gives me a chance to set the record straight.

Apparently the Linux files and whatnot available for Let's Encrypt from github are for SERVER SIDE installation. When I went to my webhost I quickly found a check box to install a SSL cert. for my site, free of charge and NO hassle. I checked the box and literally within five minutes my site doing ssl!!!

All I can say is....WOW!

Hopefully all the web hosts will get on board with Let's Encrypt.

Frankly, I think my .mp4/.jpg heavy site loaded faster, too!

ThothJanuary 23, 2016 8:26 PM

@Little Grasshopper
That's cool. I believe you might be using CPanel to manage your website hosting that includes one-click SSL/TLS setup via a web-based console ?

If you are using someone else webhosting servers and you are buying a shared domain, I am not sure if the purchase package comes with a terminal or SSH access but it really depends on the hosting plans you purchased. If you have a plan that includes SSH access and allows you to install stuff on your Linux machine, you could just use the SSH or terminal and get the Let's Encrypt installed (but with some hassle with apt-get or yum repo and stuff).

The more convenient thing of what Let's Encrypt could do is to take into consideration shared domain hosting support by having their domain authentication process less friendly to people who have a domain but don't have low level terminal access.

DanielJanuary 23, 2016 8:31 PM

@Who

Who knows? Seriously, I have no idea if the specific allegations are correct but the general point is sound. The NSA isn't going to sit around and do nothing while they burn though billion dollar budgets. If they are not worried about encryption it is because they have other ways to get that data. You can bet your life on that. It would be grossly irresponsible for them to behave otherwise.

name.withheld.for.obvious.reasonsJanuary 23, 2016 8:37 PM

CLOSING GITMO

The enemy combatants being held in detention as prisoners of war (if there is an end to hostilities) are under the direct supervision of the Executive. Congress cannot constrain the Executive in matters of war unless their is a breach of Executive fidelity and only one action is available to congress, impeachment. Currently the Executive is claiming the inability to close GITMO due to congressional constraint by specific statute. Law in statute that specifies specific actions of the executive cannot bind the Executive to any directed action, period.

All the executive has to do is issue an order under the Law of War directing the DoD to release the prisoners, shutdown the base, and leave Guantanamo. Case closed...

Clive RobinsonJanuary 23, 2016 8:48 PM

@ Who?

May this be true?

Long answer short, Yes.

The way to attack symmetric crypto is by attacking not the encryption algorithm but the method/algorithm the keys are generated by.

The way to attack asymmetric crypto is via common primes or mass use of the same primes.

By common primes I mean those that have been selected badly often in embedded systems by poorly implemented Random Number Generators (RNG).

I've been pointing out on this blog for years now that we do not pay any where near enough attention to how we generate "random" and collect entropy. Thus if you were the NSA, GCHQ et al "Why attack the crypto algorithms when you can attack the RNG" or it's lack of entropy.

There are lots of problems with not just the RNGs but how you use their output as well, and these are not well understood by system builders. Which is just one of the many sets of reasons why there are very many ways the likes of the NSA, GCHQ et al can find ways to by pass the crypto algorithms in working systems.

As I likewise often explain you need to seperate your encryption process from your transmission process. Using two seperate computers means two uncorrelated RNGs which breaks quite a large number of the available attack vectors... but as normal people rarely listen when they think that a single computer is both cheaper and easier to use...

As the old saying has it "You pays your money, and you takes your choice".

ThothJanuary 24, 2016 12:14 AM

@Smart Card Code Cutters
For those Smart Card code cutters who are trying to implement traditional Diffie-Hellman (probably suspicious of ECDH ?) on JavaCard platform but are getting stuck (because JavaCard only supports ECDH), I have uploaded a sample code applet source code to help you adapt to using JavaCard with DH with tonnes of comments in the codes.

Simply, RSA and DH shares the ModExp function which can be re-used for DH usage although technically traditional DH have been abandoned by the Smart Card standard writers for unknown reasons. The DH function in the applet uses the RSA key slot (thus your private keys would be "secured" in "tamper-resistant" memory slots) and the RSA crypto engine (suppose to be somewhat side-channel resistant if your card claims to be DFA, SPA and DPA resistant on it's marketing).

The license is 3 Clause BSD and is it proved as is. If you want to be NSA/TLA-resistant, then this wouldn't be of any use :) .

Link: https://github.com/ASKGLab/DHApplet

Gerard van VoorenJanuary 24, 2016 7:36 AM

@ Thoth,

NSA rejects backdoor and supports strong encryption.... like real.

I think they mean it. The vast amount of hacks in the last years and the years to come show -again and again- that the economics speak for strong encryption. And the article mentioned they still have the meta data, which for surveillance is much more important than the actual data.

ThothJanuary 24, 2016 8:05 AM

@Gerard van Vooren
That is true until someone manages to come out with methods to confuse the trails of metadata they are after.

Gerard van VoorenJanuary 24, 2016 9:10 AM

@ Thoth,

Confusing trails turns out to be harder than it looks. Remember silkroad and that large kiddyporn site? I think that that someone who you refer to could better stop using electronics in the first place.

BoppingAroundJanuary 24, 2016 9:23 AM

Wael,
Thank god. Wouldn't want to be the one sleeping with an RPG in my hands.

No Safe Harbor Is Coming -- CISA Made Sure Of ItJanuary 24, 2016 10:41 AM

Most of the time the American press does a poor job reporting on the current state of privacy laws. However reporter Sara Peters is the exception and provides remarkable insight:

“Information-sharing through CISA isn't mandatory. You don't have to give your threat indicators to anyone, if you don't want. Some businesses will certainly take that route.

The initial recipients of the data shared through CISA will be the departments of Commerce, Defense, Homeland Security, Energy, Treasury, and the Office of the Director of National Intelligence, Herold notes. "These are huge agencies. So there is a great likelihood for a huge number of people to access the data that is shared from the privacy sector," she says.

Organizations concerned that data they share with the feds could be breached likely won't share it, she says. It could be a PR nightmare, even if they're not liable: "Just consider all that bad press that many tech companies have gotten when the public found out they had been sharing personal data with feds," she says. (Snowden effect)

Eliminate All Personal Information From Data You Share
If you do wish to share data, you can sanitize it of personally identifiable information before you hand it over. Even though the regulation doesn't require you to do so, it doesn't prohibit it -- not unless the Attorney General's guidelines change that..."
http://www.darkreading.com/threat-intelligence/no-safe-harbor-is-coming----cisa-made-sure-of-it/d/d-id/1323930?

AdmittedlyAnIgnoramusIamJanuary 24, 2016 4:06 PM

I don't know much about cryptography and that probably shows in this question...

@Clive Robinson
The way to attack symmetric crypto is by attacking not the encryption algorithm but the method/algorithm the keys are generated by.
The way to attack asymmetric crypto is via common primes or mass use of the same primes.

Should it not be possible to break encryption through a system that stores a large amount of precomputed values from primes, with each value linking to the prime number that was used?

This sort of system could be queried with an encrypted value (some protocol value that is the same at the start of every encrypted session) to quickly obtain the prime(s) without further calculations.

Clive RobinsonJanuary 24, 2016 4:20 PM

The BBC news has said the weather in DC is a not good with the metro closed and both airports badly disrupted and a meter of snow fall in a day,

http://www.bbc.co.uk/news/world-us-canada-35394742

With eleven states declaring states of emergency, it sounds like it's not at all pleasent or safe. I hope any of this blogs readers in the effected areas are safe and well, and things get back to normal quickly.

Lack of TrustJanuary 24, 2016 8:07 PM

In a glaring omission, NYT reports 'Europe’s Top Digital-Privacy Watchdog Zeros In on U.S. Tech Giants' does not even mention the recently passed CISA, a draconian anti-privacy law that Facebook, Google and Microsoft require to monetize citizens non-tangible assets (Personal Health Info, DNA sequencing, prescriptions, tax returns, bank and credit card transactions, school records).
http://www.nytimes.com/2016/01/25/technology/europes-top-digital-privacy-watchdog-zeros-in-on-us-tech-giants.html?_r=0

Today's Humor
“Bruce Andrews, the deputy secretary of the Commerce Department, dismissed Europe’s concerns, saying that the United States had already offered the European Commission a number of guarantees on how its citizens’ data would be treated. We’ve agreed to make major changes,” he said. “The U.S. takes individuals’ privacy very seriously.”

Examples of America's data protection 'seriousness':
The nations top security officer lied under oath to Congress, the CIA lied about illegal eavesdropping on their Congressional oversight committee and the Secretary of State had beyond Top-Secret emails read by China, Russia and Iran. She seriously claims ignorance as her excuse.

Seriously the incompetent grandmother of OPM allowed the Chinese to take the complete life history of 22 million Americans with security clearances. Perversely the USA government allows Google and now Microsoft to build secret, daily, unregulated dossiers of grade school children under the guise of 'school officials'. They don't even notify the child's parents!
Because of the lies and deception, American citizens are unable to trust its leaders. Why should the Europeans?

No Mo' Trust January 24, 2016 10:21 PM

@ Lack of Trust

I am not sure, but didn't you misquote Mr. Bruce Andrews?

You said the quote is “The U.S. takes individuals’ privacy very seriously.”

Shouldn't it be, “The U.S. very seriously takes away individuals’ privacy.”

Those who follow cyber rights issues know that Mr. Bruce' statement, with very slight variations is standard house lawyer double-speak. It's what you say when you are cornered and need a catch all lie to escape.

Gerard van VoorenJanuary 25, 2016 2:07 AM

@ Lack of Trust,

Because of the lies and deception, American citizens are unable to trust its leaders. Why should the Europeans?

Well, absolute power corrupts absolutely. The Bush administration shows that very clear. The EC doesn't have that power (yet), so it's up to the countries to deal with most of the issues and you can see that each country has its own policies which are usually a result of the history and culture of that country. The original intention of the EU was to have a better economical system between the former enemies of WW2 (to avoid WW3). The intention wasn't to have a powerful Federal EU.

Clive RobinsonJanuary 25, 2016 3:00 AM

@ Gerard van Vooren,

The original intention of the EU was to have a better economical system between the former enemies of WW2 (to avoid WW3).

Unfortunatly it worked.

It appears we always need a tribal "them or us" for politics, religion and as a consequence society.

The EU turned a collection of compeating tribes in Western Europe into a larger tribe. Where the fighting is seen more as squabbling.

But we forgot that whilst it stopped wars in Western Europe, it did not stop "them or us" in other tribes that form Eastern Europe or further abroad. They view Europe as in effect a Super Power.

What has stopped World Wars for now is Super Powers with sufficient weapons power to cause almost unimaginable destruction to civilisations. Hence the Mutualy Assured Destruction (MAD) doctrine and it's secondary concequence of "proxy wars".

But things are changing proxy wars do not achive much accept localised devistation, and to prevent that small nations are either aligning themselves to nations with MAD weapons or are building their own MAD weapons and intercontinental delivery systems.

The fighting / squabbling is not going to stop, it can not in a world of finite resources and expanding population, where people are not going to readily accept a change in lifestyle. Even abundant energy is not going to solve the scarce resources issue, there is only so far science can go to maximise their use.

Thus the question is where do we go from here...

Gerard van VoorenJanuary 25, 2016 3:30 AM

@ Clive Robinson,

Thus the question is where do we go from here...

Von Rundstedt answered after D-Day the question of a German officer about what to do next with "End the war, obviously!". The only answer is to stop overpopulation and that is obvious. I only don't hear both that question and answer from "our leaders".

keinerJanuary 25, 2016 3:58 AM

...hmmm, or to stop overuse of resources by a little minority, especially located in the north of the Americas? How about that?

keinerJanuary 25, 2016 4:03 AM

PS: effectively the USA have become what the founders of the nation were effectively running away from: The nightmare of the rest of the world....

GrauhutJanuary 25, 2016 4:19 AM

@Gerard: "I think they mean it. The vast amount of hacks in the last years and the years to come show -again and again- that the economics speak for strong encryption."

I think they mean "stop verbally attacking encryption, the more we talk, the more they walk and act against our interests".

The whole crypto debate hurts them and they dont want consciousness and will to act to spread more and more.

Imho the NSA just wants the easy going times back.

Gerard van VoorenJanuary 25, 2016 4:53 AM

@ Grauhut,

The whole crypto debate hurts them and they dont want consciousness and will to act to spread more and more.

That could be true but if you look at the economics, the US tech industry has been hurt and is going to be hurt a lot more. In the end it's all about economics. You need security and crypto is a key element of that. I've said it before, they still have the metadata, and plenty of it.

CallMeLateForSupperJanuary 25, 2016 10:07 AM

"[ProtonMail] and its customers have almost single-handedly forced the Swiss government to put its new invasive surveillance law[1] up for a public vote in a national referendum in June."

https://theintercept.com/2016/01/25/how-a-small-company-in-switzerland-is-fighting-a-surveillance-law-and-winning/

[1] "Nachrichtendienstgesetzt (NDG), a mouthful of a name for a bill that gave Swiss intelligence authorities more clout to spy on private communications, hack into citizens’ computers, and sweep up their cellphone information."

FBI CP EmporiumJanuary 25, 2016 10:24 AM

FBI shits on the law, making up their own law so they can start running the clock whenever they decide which of us they're after.

http://media.ca8.uscourts.gov/opndir/16/01/151993P.pdf

Senile hick judge Beam in make-believe independent court says that's Okey-dokey, clarifies that the Fourth Amendment is not a real right like ICCPR Article 14 which he never heard of anyway.

Bob PaddockJanuary 25, 2016 11:01 AM

@Clive Robinson

"By common primes I mean those that have been selected badly often in embedded systems by poorly implemented Random Number Generators (RNG)."

What do you consider a good RNG for low end embedded systems (8-Bit AVR, 32 Bit ARM M0(+)) type, that is low energy featureless, parts?

What do people here think of the 'True Random Number Generator' built in to some of the newer Atmel (Soon to be Microchip) ARM (SAM L21) parts?:


http://www.atmel.com/images/atmel-42385-sam-l21_datasheet.pdf :

37. TRNG – True Random Number Generator
37.1. Overview
The True Random Number Generator (TRNG) generates unpredictable random numbers that are not
generated by an algorithm. It passes the American NIST Special Publication 800-22 and Diehard
Random Tests Suites.
The TRNG may be used as an entropy source for seeding an NIST approved DRNG (Deterministic RNG)
as required by FIPS PUB 140-2 and 140-3.
37.2. Features
• Passed NIST Special Publication 800-22 Tests Suite
• Passed Diehard Random Tests Suite
• May be used as Entropy Source for seeding an NIST approved DRNG (Deterministic RNG) as
required by FIPS PUB 140-2 and 140-3
• Provides a 32-bit random number every 84 clock cycles


"AT10732: SAM True Random Number Generator (TRNG) Driver"
http://www.atmel.com/Images/Atmel-42444-SAM-True-Random-Number-Generator-TRNG-Driver_Application%20Note_AT10732.pdf

"Random Number Generation Using AES"
http://www.atmel.com/zh/cn/Images/article_random_number.pdf

How would they compare to say a random emission of radiological isotope based TRNG?


meJanuary 25, 2016 11:44 AM

@Bob Paddock,

You'd actually consider trusting a "RNG" baked into silicon and marketed as such? hahaha

Bob PaddockJanuary 25, 2016 12:21 PM

@Me

"You'd actually consider trusting a "RNG" baked into silicon and marketed as such? hahaha"

I'd not trust them without asking experts in that field, as I just did. I ask for help when I know it is outside of my field of expertise.

Tell me how you would do a TRNG that needs to run on a CR2032 coin cell for five years and fit in a device 1/8 the size of an iPod?

GrauhutJanuary 25, 2016 3:15 PM

@Gerard: "In the end it's all about economics."

Thats right, but i am quite sure in the end they will settle on a price per kilobackdoors.

The cyber-threeletteragency complex just wants moaaaaaa! ;)

AnuraJanuary 25, 2016 4:07 PM

@Grauhut

Any static tools are going to be insufficient to test RNG output for cryptographic purposes. I can easily write a TRNG that passes any fixed test you want whose state can be recovered with only a few bytes of output.

AnuraJanuary 25, 2016 4:18 PM

Case in point:

init = first four bytes of sha512(seed)
count = next four bytes of sha512(seed)

output_0 = first four bytes of sha512(init || count)
output_n = first four bytes of sha512(output_[n-1] || count+n)

Can be broken with 4 bytes of output in at most 2^32 tries. Will likely pass any RNG test that tests up to 16GB of output from the RNG as long as the test is not specifically designed to fail that particular RNG.

Rick MoenJanuary 25, 2016 4:19 PM

Heads-up about upcoming patch for a high-severity OpenSSL defect:


https://mta.openssl.org/pipermail/openssl-announce/2016-January/000058.html

Forthcoming OpenSSL releases
============================

The OpenSSL project team would like to announce the forthcoming
release of OpenSSL versions 1.0.2f, 1.0.1r.

These releases will be made available on 28th January between approx.
1pm and 5pm (UTC). They will fix two security defects, one of "high"
severity affecting 1.0.2 releases, and one "low" severity affecting all
releases.

[...]

Dirk PraetJanuary 25, 2016 4:31 PM

@ CallMeLateForSupper

[ProtonMail] and its customers have almost single-handedly forced the Swiss government to put its new invasive surveillance law[1] up for a public vote in a national referendum in June.

It's BEAUTIFUL!

meJanuary 25, 2016 5:32 PM

@ Bob Paddock,

Read our god DJB. /cr.yp.to/

http://cr.yp.to/talks/2014.05.16/slides-dan+tanja-20140516-4x3.pdf

http://blog.cr.yp.to/20140205-entropy.html

On the other hand, there's no actual need for this huge pile of random numbers. If you've somehow managed to generate one secure 256-bit key then from that key you can derive all the "random" numbers you'll ever need for every cryptographic protocol—and you can do this derivation in a completely deterministic, auditable, testable way, as illustrated by EdDSA. (If you haven't managed to generate one secure 256-bit key then you have much bigger problems.)

rJanuary 25, 2016 7:02 PM

@me,

Yeaaaaah... while that's good in theory and all I dare you to even try to survive on 8 bytes of entropy.

That had better be one very secure seed.

Even with the lattice and mcelise stuff being hash based and quantum resistant? That's a very lean statement to live with.

meJanuary 25, 2016 7:42 PM

@ r,

> That had better be one very secure seed.

The seed was forgotten after the first round.

Priming the system is the interesting part. Dice?

meJanuary 25, 2016 8:36 PM

s/seed/initial seed/g

After each round, the seed is anew.

DJB's thinking is still sound. Given an initial entropy injection, there is no need for hardware ("blackbox") assistance in the generation of an infinite stream of secure, random numbers. That in itself is a security win. Auditable means no room for tampering. Have a human prime the pump with an external physical system.

FigureitoutJanuary 25, 2016 11:28 PM

Bob Paddock
--It would help if you say how much you need (if it's on a coincell, guessing you just need a one-time "random" seed?). What are any realistic attacks you can envision beforehand? If you need continuous entropy and want to cover your ass I'd use what's in the chip (as it will work nicely w/ all the sleep modes you need to keep the product alive for 5+ years), and depending on your work environment, I'd modify the output somehow to break any pre-made attack.

I personally like the entropy of a push button and the highest resolution timer you can support (16bit and above or don't bother w/ this method). This will take some debounce code (or hardware, whatever; should be easily supported on that chip), and you need to make sure to hold it for all areas of timer for extra security (don't just hold it for around 1 second for a large shipment of product; this is the major flaw in this method, but I can combat that by taking many more samples, depending on what extra space you have, it would be practically impossible to predict 5-10+ microsecond resolution timer samples, even if you try to make it the same time), but you control it and real-time surveillance of an MCU is needed (generally); which is thankfully still a complicated/expensive attack unless attached to a PC on the internet.

not meJanuary 26, 2016 12:06 AM

@me

If you've somehow managed to generate one secure 256-bit key then from that key you can derive all the "random" numbers you'll ever need for every cryptographic protocol—and you can do this derivation in a completely deterministic, auditable, testable way, as illustrated by EdDSA.

so maybe The Gov't does not even generate these keys on their own because they receive a copy one of the parties involved in the encrypted connections

Clive RobinsonJanuary 26, 2016 4:55 AM

@ Bob Paddock,

What do you consider a good RNG for low end embedded systems (8-Bit AVR, 32 Bit ARM M0(+)) type, that is low energy featureless, parts?

The simple answer is a good noise source and wideband amplifiers with appropriate powersupply and environmental decoupling.

Which you are not going to get using low energy...

Most "on chip" TRNGs are not up to what they say in the published specification. You'd be lucky to get 11bits of linear dynamic range in the amplifing parts on chip. Thus you go for some kind of over sampling system, or worse a --supposadly-- unstable oscillator system you sample in time both of which reduce the noise bandwidth.

If you look at the direct output of such TRNGs on test equipment you see all sorts of issues. That take up quite a few linear circuits, which consume energy like it was going out of fashion compared to digital circuits.

However even with properly setup linear circuits the overall TRNG of noise source and debias circuits you are still going to have a tough job meeting the minimum standard of the DieHarder tests.

Thus the manufactures apply a little "magic pixie dust" to the design to get it to meet the specification...

Basicaly they apply a crypto function to the noise source output. Because of the crypto design it would meet the DieHarder tests even if the input was a ramp waveform (ie just like a CTR mode CS-DRNG)

The question should then arise as to if this crypto function is realy one way or not... Hashes should be but AES with a "secret key" is not if you know the secret... And importantly you can not know from examining the output... So how much do you trust the chip manufacture that you actually get sent silicon from (think supply chai poisoning).

Thus if you have a need to be moderatly secure, to be reasonably safe you need to apply your own crypto function to the output of the --alleged-- TRNG, Preferably in a second chip, which also adds a little entropy or atleast uncertainty of it's own.

Which brings you back to the question of "Why not run AES256-CTR with your own dice-ware selected seed?".

Back at the end of the last century I ended up using a transistor noise source to drive a high frequency VCO this was sampled via a more stable oscillator (CPU XTAL) into a two bit shift register and von Newman de-bias circuit. This was used to add numbers into an ARC4 array using the key update function. This ran in the foreground of a PIC microcontroler, which had an interupt driven serial interface, which read out values from the ARC4 in the usual stream mode. The output values fed a twenty stage digital lowpass filter the output of which XORed with values from the de-bias circuit.

It passed the tests of the time and was OK for what it was to be used for. However a later version got rid of the VCO circuit and debias and replaced it with a BBS DRNG and a modified version of ARC-1024, and the last time I checked it passed the current tests.

Bob PaddockJanuary 26, 2016 6:51 AM

@Garhut

"Intel needs to sell some fpga in the future. And of cause, the loadable ip for it.
After a first test shoot 2010 they bought Altera..."

Altera was originally a break-off from Intel.

Altera's first part was their EP300. It did not work correctly. If your power supply rise time was to slow or too fast the part did not initilize correctly leading to starange outcomes. Any device that used this parts did not work and it took Altera far to long to admit and fix the problem. Their early tool sets were a disaster (not that all tools sets of that era weren't) as well.

For a while Intel Second Sourced the parts, at least on paper, as they came from the same fab.

The EP300 was replaced with the EP310 and the EP600 with EP610. However in my mind the damage was done and never used Altera again.

That there was any major separation between Altera and Intel I find dubious at best.

Bob PaddockJanuary 26, 2016 7:42 AM

@Figureitout • January 25, 2016 11:28 PM

"--It would help if you say how much you need"

What I truly need is a Random Event Generator. The now defunct company Psyleron based on Quantom Tunneling were the leaders in the area of my interestes (Parapsychology).
Radioactive sources for such things as REGs today are frowned upon now. :-(

However TRNG's at the chip level are far easier to come by with a lot lower power today.

"I personally like the entropy of a push button"

Yes this is a primary input in most of these kind of devices.

@Clive Robinson • January 26, 2016 4:55 AM

"The simple answer is a good noise source and wideband amplifiers with appropriate power supply and environmental decoupling."

That would be Linear Tech "A Broadband Random Noise Generator – Design Note 70" found here: http://cds.linear.com/docs/en/design-note/dn70f.pdf
"Analog Circuit Design, Volume 3 – Design Note Collection" as explained here : http://www.linear.com/designtools/acd_book.php goes in to a bit more detail with more graphs.
There is a discrepancy in the output voltage of the circuit between the two published versions that I need to track down with my Linear Tech FAE.

Do you know of anything better than that circuit?

All with appropriate shielding (in Parapsychology who can really say what that might be? I believe the Aharonov Bohm Effect from the brain acting as a Scalar Interferometer is at play so Faraday sheild means nothing; See E. T. Whittaker et.al).

http://ramseytest.com/ does make nice desktop Faraday Cages for small circuits.

"Which you are not going to get using low energy..."

Yes, DN70 required +/- 15V supplies. :-(
Which obviously must be clean.

Also any true Random Event Generator is going to make a really good thermometer, unless compensated for which in turn removes some of the randomness. :-(

"Most 'on chip' TRNGs are not up to what they say in the published
specification."

Which what I expected. :-(

"Thus you go for some kind of over sampling system, or worse a --supposedly-- unstable oscillator system
you sample in time both of which reduce the noise bandwidth."

What about a Chaotic Oscillator such as such as Chua's Circuit as a REG?

I've also been thinking along the lines of Lancaster's Twinkle Lights based on Plasma in NE2 bulbs.
http://www.tinaja.com/glib/muse136.pdf

"However a later version got rid of the VCO circuit and debias and replaced it with a BBS DRNG..."

BBS? Do you mean DDS?

A blog entry I wrote in 2013 gives background as to why I'm looking for good REGs or TRNGs that cna be used as REGs:

"Is consciences itself influencing your Embedded System?"
http://blog.softwaresafety.net/2013/09/is-consciences-itself-influencing-your.html

"This week [Sept. 20th 2013] I spent a fascinating evening with Bob Jahn and Brenda Dunne of the former Princeton Engineering Anomalies Research (PEAR) laboratory, who are now running the International Consciousness Research Laboratories (ICRL). Bob Jahn is Emeritus Professor of Aerospace Sciences and Dean Emeritus of the School of Engineering and Applied Sciences of Princeton University. He was founder and director of PEAR from its inception in 1979 until its closing in 2007, with Brenda serving as its laboratory manager. Bob is now Chairman of ICRL and Brenda serves as its President.

Bob and Brenda over 28 years investigated psi from an engineering point of view. That is, the primary subject of their human/machine experiments was not the human, but the machine. This shift in emphasis required different experimental designs based on the accumulation of very large databases from a relatively small group of human operators, manipulation of physical variables rather than psychological ones, and data processing and statistical techniques drawn from engineering practice....

PEAR experiments involved many different types of Random Event Generators. For our discussion here I assume the REG is based on the decay of a radioactive element. It is impossible to know when a radioactive particle will be emitted from a mass. The unpredictably of this emission form a random event that is coupled into a logic system to record such events. ..."


While many may discount Parapsychology the engineering challenges are still interesting...

Gerard van VoorenJanuary 26, 2016 9:11 AM

The Dutch are gonna bomb IS in Syria as well. What could ever go wrong? And they are gonna use a deciding air-force of 4 F-16 jet fighters.

JG4January 26, 2016 9:18 AM

@Bob Paddock
Couldn't you use the radioactive circuit in a $10 smoke detector? You wouldn't have to alter the dangerous bits - just intercept the analog signal from radioactive decay and put it in a sealed enclosure so that it isn't affected by dust, smoke and pollen.

BoppingAroundJanuary 26, 2016 9:20 AM

Dirk Praet,
Either way it is going to be interesting. If that law is voted out, I'm curious about the fallout (spooks don't give up, innit?). If it will remain, gotta examine the reasons.

CallMeLateForSupperJanuary 26, 2016 9:21 AM

Can we think of any other reasons to eschew JavaScript??

"The code of the CrashSafari site is very simple. The page includes a header title (which you’ll never actually see because the browser crashes) and a small piece of JavaScript.
The >>>> JavaScript

"Watch out for this new URL that will crash your iPhone and Mac Safari if you click it"
http://9to5mac.com/2016/01/25/safari-mac-iphone-ipad-crash/

CallMeLateForSupperJanuary 26, 2016 9:24 AM

Oops. What posting rule did I break? That paragraph should have been:
"The JavaScript calls the HTML5 History API thousands of times in a loop, essentially causing Safari to freeze."

meJanuary 26, 2016 10:12 AM

Re: entropy

I question anyone who questions DJB.

# of generators (1, 3, 5, 7+) , always running, potentially at different rates, mixing, from seeds provided by a human.

Nice Arduino or PIC project. Serial interface for reading the output. Button, knob and display. Various modes of operation. Prime the system with as many hex numbers as you can dial in. Pick your mode. Let run. Query output as needed. Change on the fly when you're bored. Deterministic, so it can be implemented and verified against a test suite.

Me, like.

Clive RobinsonJanuary 26, 2016 12:18 PM

@ Bruce,

It would appear to be not just parts of the US going over board on "bomb threats" in schools.

The UK's "Global Radio" 6PM news said sixty schools across England had been evacuated or closed due to "bomb threats". Other news outlets give smaller figures,

http://www.independent.co.uk/news/uk/home-news/bomb-threats-spark-evacuations-at-14-schools-across-london-cornwall-and-west-midlands-a6834476.html

At the same time there have been almost as many severe storm warnings across the UK as the tail end of the weather that gave a meter or more of snow fall in the US over the weekend hits the UK. Some places that were recently flooded twice are being flooded again some by over a foot of water...

CzernoJanuary 26, 2016 12:52 PM

Re: fake bomb alerts in schools...

They seem have become viral.
Also in Paris today at least six such alerts were reported,
fortunately fake (crossing fingers).

What next ?

CzernoJanuary 26, 2016 4:10 PM

Fake bomb alerts (to be followed...) And also during court hearings
in Bobigny (near Paris, France).

The worst problem, of course, being that after a time
people will get tired and stop believing in alerts... like crying wolf... and when the real thing comes...

CuriousJanuary 26, 2016 11:45 PM

Reading this, it looks to me that US courts are interpreting a particular piece of Freedom Of Information Act (FOIA) law differently, because of there allegedly lacking a comma in the FOIA law text:

https://www.eff.org/deeplinks/2016/01/case-missing-comma-why-congress-must-fix-foias-law-enforcement-exemption

"This issue was front and center in Hamdan, as the court had to decide how to interpret FOIA Exemption 7(E),(...)"

"Confused? So were we. The upshot of the Hamdan court’s intense focus on punctuation (or the lack thereof) means that law enforcement agencies no longer have to explain why particular investigatory techniques and procedures should remain secret. Instead, agencies can just withhold them."

Clive RobinsonJanuary 27, 2016 12:38 AM

@ JG4,

Couldn't you use the radioactive circuit in a $10 smoke detector?

The problem with radioactive sources for such things as TRNGs, is firstly debiasing the half life. Secondly that the source is rarely pure, thus their may be several half lives to deal with which complicates the issue further.

Any physical source that varies with time in a semi-predictable way needs debiasing in time which is problematic at the best of times. The usual solution is to "not bother" and use a very short period of time to the half life. But you need to know this and be able to take accoubt of it if your experiment is to run for a long period.

@ Bob Paddock,

What about a Chaotic Oscillator

It depends on "the type of chaos" and the amount of "real entropy" -v- "faux entropy" there is.

It is fairly simple to design a RNG device that "close in" looks random. However when viewed further out it can be seen to have a regular pattern that is cyclic. Thus there is a lot of faux entropy and little or no real entropy.

An example would be two XTAL oscilators going into the CLK and D inputs of a D-type latch. Close in the Q output "looks very random" however further out you can see the transitions increasing and decreasing sinusoidaly at the difference frequency of the two XTAL oscs. The real entropy would be from the aging of the XTALs and by the time you debias it, it is measured in parts per billion in years, which is a very negligable amount of entropy.

Markus OttelaJanuary 27, 2016 4:38 AM

TFC NaCl 0.16.1 out

PGP signature is postponed at least until I get manual and white paper done.
Try it out; hardware is not absolutely required, and feedback is more than appreciated.

Nick PJanuary 27, 2016 10:35 AM

@ Sredni Vashtar

Yep, yep. The high-security products are all virtualizing the whole OS for a reason. The reason is they wouldn't know where to start on containing anything within the OS abstractions. And it actually working.

@ Markus Ottela

Cool. Cool. I'll check it out when I can.

Gerard van VoorenJanuary 27, 2016 3:02 PM

@ Nick P,

You probably have heard of it before but Genode is now becoming a desktop OS. At FOSDEM they are gonna have a presentation about it. I think it's quite interesting to follow these developments.

tyrJanuary 27, 2016 5:24 PM


Tor project has new versions up.

Tails 2.0 for the systemd fans.

Browser 5.5

And another beta hardened Browser package to play with.

ThothJanuary 27, 2016 5:39 PM

@Gerard van Vooren
More accurately Genode is a framework for using multiple mircokernel or microhypervisor architecture and building them for different scenarios.

Being a Desktop OS is not accurate as Genode was not made for a standalone OS but a framework. The Desktop OS part is simply one of the plugim scenarios called the Turmvilla scenario (https://github.com/genodelabs/genode/issues/1552) where the framework has a plugin to render GUI for things like someone wanting to develop a Desktop OS from a Genode framework and one of the microkernels/microhypervisors they support.

The only microhypervisor/microkernel desktop for security is a commercial closed source TCB microhypervisor/microkernel by Sirrix AG called TrustedDesktop (https://www.sirrix.com/content/pages/trusteddesktop_en.htm).

If you can segregate your security sensitive applications onto a separate device than using a TCB, it would be all the more better.

One example is Ledger Blue hardware which is essentially an open source device integrating a ST31 smartcard chip paired with a touchscreen, NFC/Bluetooth and USB. You can find it here (https://www.ledgerwallet.com/products/9-ledger-blue). They are still working on the current developer early edition and have not open sourced their system yet although they have an empty github repo ready for use. You can imagine pairing the Ledger Blue hardware with your smartphone and use the Blue as an encryptor where you key in plaintext into the Blue and use it's smartcard chip to encrypt your plaintext and yse your paired smartphone as the TX/RX device. This gives a much higher assurance with separate hardware security.

ThothJanuary 27, 2016 9:57 PM

Just to add onto the above, additionally, there is a prototype hardware security device with red/black separation (@Nick P's fav) for a hardware secured bitcoin wallet (http://www.eliptibox.com) which could possibly be programmed and is fully open sourced so that adds an even higher level of assurance in comparison to the Ledger Blue.

ThothJanuary 28, 2016 2:19 AM

@all
Why the spooks love civilians to use encryption while the police doesn't. Simple reason being the spooks have the experience, know-how and resources that the police doesn't have to render encryption useless (via metadata, TAO stuff ... etc...). That is one reason why NSA boss, Mike Rogers, encourages the world to use civilian made encryption (a.k.a leaky and broken homebrewed security) which makes it easier to detect and defeat whoever is using them.

About time that metadata resistant traffic and messages should be used. The spooks kill using metadata and patterns :) .

The civilian agencies (FBI, DEA, Homeland ...etc...) do not have the capability of NSA so all they can do is kick a fuss and home people listen to them (or at least the decision makers to acknowledge them).

NSA's TAO department boss also came out (last link) and shared some "tips" to make "life difficult for his team".... or is it an NSA's strategy to attempt to poison and blind the security community yet again like what they have always been doing since forever.

According to TAO boss's statement:

"A lot of people think that nation states are running their operations on zero days, but it’s not that common,” he said. “For big corporate networks persistence and focus will get you in without a zero day; there are so many more vectors that are easier, less risky, and more productive.”

Ouch .. that's how weak the current security environment is. They don't even need to do much customized TAOs and use existing vulnerabilities to get their way into organisation networks and systems. How true is that ? You have to decide for yourself but I am pretty sure that would be the case (due to my observation in the field while doing my day job).

NSA like many other ICs exhibit a publicly known and obnoxious pattern of vulnerability hogging, not reporting them timely and then re-arm them for their exploits from these sentence:

"Another common attack vector is common vulnerabilities and exposures (CVEs) that haven’t been patched"

The suggestion to mitigate some IC level attacks is to do frequent automatic patching which partially is correct but mostly wrong since the ground work of most systems are "built on sandy grounds" from the following statement:

"Companies need to make automatic patching the norm to protect themselves against nation-state hackers he warned."

Might as well rework ground up to get a rock solid framework.

To get more details, read the rest from the link. Most of the stuff mentioned and counter-measures suggested are already well known industry practices that organisations don't seem to understand or do properly. The good stuff which is to re-work the base systems with high assurance and verifiable methodologies and techniques are missing as usual.

More smoke screen coming up from the NSA et. al. in an attempt to blind the public... and pretend they are the good guys...

Links:
- http://www.theregister.co.uk/2016/01/27/nsa_loves_it_when_you_use_pgp/
- http://www.theregister.co.uk/2016/01/27/homeland_security_says_ban_internet_anonymity/
- http://www.theregister.co.uk/2016/01/28/nsas_top_hacking_boss_explains_how_to_protect_your_network_from_his_minions/

Conspiracy of AngelsJanuary 28, 2016 6:49 AM

"Ethics charges filed against DOJ lawyer who exposed Bush-era surveillance
Thomas Tamm exposed "the program" which provided the fodder for a Pulitzer Prize."

http://arstechnica.com/tech-policy/2016/01/ethics-charges-filed-against-doj-lawyer-who-exposed-bush-era-surveillance/

A former Justice Department lawyer is facing legal ethics charges for exposing the President George W. Bush-era surveillance tactics—a leak that earned The New York Times a Pulitzer and opened the debate about warrantless surveillance that continues today.
The lawyer, Thomas Tamm, now a Maryland state public defender, is accused of breaching Washington ethics rules for going to The New York Times instead of his superiors about his concerns about what was described as "the program."

Tamm was a member of the Justice Department's Office of Intelligence Policy and Review and, among other things, was charged with requesting electronic surveillance warrants from the secret Foreign Intelligence Surveillance Court.

"Congress Gives Federal Agencies Two Weeks To Tally Backdoored Juniper Kit "
http://slashdot.org/story/16/01/27/2334211/congress-gives-federal-agencies-two-weeks-to-tally-backdoored-juniper-kit

Yes, they are idiots. People forget there are those who put the backdoors in, and then everyone else in government. And the guys that are screaming their heads off about how the internet should not have encryption are not the ones who actually have any power in the first place. They are the ones with the doors slammed in their faces, who are whining about it. And crying out for their own selfish political gain reasons, working from the fear angle which is inspired by terrorists and which capitalizes and depends on the work of terrorists.

Stingray Case Lawyers: "Everyone Knows Cell Phones Generate Location Data"
http://yro.slashdot.org/story/16/01/26/028227/stingray-case-lawyers-everyone-knows-cell-phones-generate-location-data

If stingrays should not require warrants "because everyone knows they generate location data" -- effectively, this means stingrays should be legal for usage by anyone and everyone, against anyone, at anytime.

What do you get when a good layer of government out there is operating entirely without a mind, and entirely by instinct? Chaos. This sort of gut wrenching idiocy.


Golden rule: What happens if such people could warrantless wiretap/hack anyone, anytime? They would use it for their own personal gain. Which is their primary and only motivator in their short, sad lives.

Free nations, those sorts are either made incapable or in prison. Totalitarian nations, those sorts rule.

People forget "free" nations are a very new concept and thing. It is a continuing struggle. What differentiates such nations from their adversaries is their freedom.

If you are pro-tyranny, you are pro-totalitarian. You are anti-freedom.

National boundaries are meaningless.

Political bullshit and lying actions and words, ultimately are meaningless.

History judges much faster and much more harshly today.

While all these sorts are desperately counting on being dead soon so history will never know the truth about them -- they are betting against matters they know nothing about.

A near meaningless statement, considering they are generally oblivious to their own shameful state to begin with -- but worth noting for other reasons.

Conspiracy of AngelsJanuary 28, 2016 7:23 AM

@Thoth

... the ones arguing against encryption are not real spooks...

Yes, they are incomptents without access to the technology. To a certain degree, I would note they do serve as a smoke screen for these purposes. People should not forget government is much more complicated and multi-purposed and layered then it can often appear. This might especially be true in democracies at this state of time.

For instance, Donald Trump. Or, here are two other good examples of the sorts of individuals these types are really well like:

Chris Christie
http://i.crackedcdn.com/phpimages/photoshop/2/5/0/498250_v1.jpg

Ted Cruze -- in which example well exemplifies the sort of sociopathic behavior sets of these sorts, duly noting Cruze is actually considered by many as a "good" conservative candidate
http://i.crackedcdn.com/phpimages/photoshop/2/3/8/498238_v1.jpg

And, as it certainly is not conservative only, as if "conservative" is a meaningful term, a good Bernie Sanders one
http://i.crackedcdn.com/phpimages/photoshop/2/7/8/498278_v1.jpg


Warning: Spooks very well could actually own even seemingly outlaying sites like Slashdot, Cracked, or Vice.


On one hand, we expect and are accustomed to awe inspiring sophistication from modern, free governments.

On the other hand, we are also accustomed to terrifying incompetence from these very same governments.


What layer ultimately rules? The ones with the powers of the terrifying sophistication one expects as evidence of power. That is who.


To be fair, while this issue should work up anyone who is not incompetent in security - in technical information security - where "information security" is a damned good covert term for spies, too...

... it should be as well noted that these incompetents who do not understand the field of technology, who have horrible assets, who have terrible advisors... are under "real" pressures that arise these sorts of whining complaints.

This is why it rises everywhere, across nations, and from so many quarters.


But, there are real and severe dangers here. For one, this output is largely a product of terrorists. It is the language of fear these herd creatures are speaking. While surely not conscious buddies with terrorists, they are absolutely of the same kin and kind -- they are invaluable partners against freedom with the terrorists. And deplorably actually view themselves (as dim as their human views are), as being activists *against* terrorists.


This certainly does mean that there are those in darker areas of government who want to have less encryption so they can have more power.

More terrorism -- more of these complaints, stronger of these complaints. They are terrorists bitches.

And you know, you will never be ruled by these terrorists. They are not the threat. The threat are these mind numbed fools who truly could turn these nations into tyrannies. They would rule, and they would get there on the shoulders of terrorists.


The number one way for them to get there would be to have more surveillance.

More surveillance, more information, more information, more power. All of which also equitably translates to more money.

More "surveillance" more capacity for tyranny. It is the fuel behind control.


This is the often under stated undercurrent in these matters.


The other layer of the problem is simply more practical: the modern, global communications infrastructure depends on the security of those systems and networks. They are possible because of that security. And it is exactly that security which these folks are against. They would devastate those networks and systems if they had their way.


We can very visibly see that these previous fights which went on - where they lost - allowed us this very critical "internet" we have today. In quotes, because we are really talking about what is so much more then just the internet.

They are polluting and attempting to destroy what is the very bloodstream and nervous system of the global system.

It is much more then just "communications" of the archaic understanding of the term. It is communications like how the bloodstream system and nervous system is communications.

It is communications like how electrical infrastructure are communications.


Communications are more then just people talking shit. Communications are inherently manipulatable. Communications control and empower, empower and disempower. Lead and crush.

Their attempts are all about supplanting and discouraging, fighting against those very networks. And so against the strength of those networks. Which strength is daunting, and ultimately? That is what scares them, that is what threatens them. Because their kind is going out, unless they can overpower them.

But, weakening these systems is exactly like as virii weaken blood and nervous systems.


Is it strange that components of a system designed for security can run amok? AIDS/HIV? And other autoimmune issues?


Their tumor, their cancer, is ultimately, their lack of understanding.

Conspiracy of AngelsJanuary 28, 2016 8:25 AM


City cops in Disneyland’s backyard have had “stingray on steroids” for years
Pentagon: DRTBox can usually nab phone's crypto session keys in under a second.

http://arstechnica.com/tech-policy/2016/01/city-cops-in-disneylands-backyard-have-had-stingray-on-steriods-for-years/


The DRTBox has been described by one Chicago privacy activist as a "stingray on steroids," referring to the controversial cell-site simulator that spoofs cell towers to locate phones and intercept calls and texts.

Last year, both the Department of Homeland Security and the Department of Justice (which oversees the FBI) said that they would require a warrant during stingray deployments. A new law that took effect in California on January 1, 2016 would also require use of a warrant for a cell-site simulator.
"If a city of a few hundred thousand can have this kind of arsenal, it raises questions as to what similar cities across America might have it as well," Matt Cagle, an ACLU lawyer, told Ars.

etc, etc, generally sickening information.


Why is this sickening? Shouldn't cops be free from the laws that burden everyday civilians? Why can't they hack, torture, kidnap, steal, murder? They have badges and are fighting against crime, right?

What, exactly, is the difference between a "free" nation and, say, what Communist, Soviet Union was? Or the difference between North Korea and a "free" nation? Or between the block of territory controlled by ISIS and a "free" nation?


Hell, how much training and experience do these guys even have to utilize this technology, and what sort of ethics levels are they therefore expected to abide to?

Obviously, cutting and bypassing red tape is a part of the job for authorities, but when a primary law is against unwarranted surveillance.... this kind of thing is obviously, and for very good reason, entirely against all good conscience.

Only reason it has been allowed is because of the technical details. The devil is in the details. Ain't a crime if there isn't good understanding of it.

More aptly, the devil(S) are in the details.


This kind of thing is the wet dream of every elected and unelected official because it allows them to consolidate power and keep power they do not deserve.


Clive RobinsonJanuary 28, 2016 8:35 AM

Kleptography the art of how to steal Keys

For some reason I don't know this has poped up on Hacker news...

http://www.infosecurity-magazine.com/magazine-features/the-dark-side-of-cryptography-kleptography-in/

I've mentiond Kleptography a few times on this blog over the years (search for "moti" and "young"). But by and large most people don't get it on their radar, even when it drops on their head through the cone of silence.

Personaly I think it's something people realy should take more interest in as you can be sure it's the sort of thing the NSA and GCHQ et al are upto their armpits in these days as stealing keys is way way easier than just about anything else for de-cloaking crypto protected data.

It's also likely to form the basis of any "golden key" / "front door" backdoor that Comey and Co are prostituting themselves for.

ThothJanuary 28, 2016 9:36 AM

@Clive Robinson
I remembered I mentioned about the RSA-based kleptography some time back a year or two ago which uses RSA keys as trapdoors.

The best way is a software implementation of a distributed CSPRNG system like @Bruce Schneier's Fortuna RNG system which aggregates the randomness of even malicious manipulations into it's system to process, mix and neutralize those "poisons" in a distributed context. In a network context, if one computer on the network wants some randomness, it will have it's own Fortuna system running and will reach out to other Fortuna implementations to get some randomness so at least one party hopefully can be unbias and as long as one source of randomness has an unbias randomness, the Fortuna RNG should be able to neutralize the biasness which I remembered while reading the paper on Fortuna some time ago.

ThothJanuary 28, 2016 9:45 AM

@Clive Robinson
I wonder if money from the UK Govt (not to forget Cameron hates strong and properly implemented crypto with no back/front-doors) to invest into the field of "Cybersecurity" is another smoke screen and hidden daggers of sorts to show that they are concerned but also an opportunity to meddle with security systems to corrupt them silently ?

There is a pattern with 99.999999999% of any country's Government and any era to prohibit free and secure communications are seen as a national threat since ancient times during 5000 B.C. in Egypt where their hieroglyphs were encoded at times to hide the meaning of their messages. Since then, every other civilization has shown signs of suppressing of secure and free communication in the population as a means to do policing and suppression.

It is always a cat and mouse game between the civilians trying to secure their communication so to express themselves freely and Governments trying hard to defeat any sort of secure communication except for themselves.

Link: http://www.infosecurity-magazine.com/news/uk-government-money-cybersecurity/

Nick PJanuary 28, 2016 3:21 PM

@ Gerard

Thanks for the link. I do look forward to seeing what Feske et al's progress is. Like Thoth said, it's a framework that can be shaped into a lot of different things. They do lots of interesting stuff, integrating best of breed components like Nitpicker GUI. However, we both suggested they get more focused on one deployment or configuration just to get more interest and uptake. The project recently, as of this point, got the desktop part stable enough for them to use it day to day a la "eat your own dog food." Others report issues due to its new state.

That was November. Hopefully, they ironed out a few bugs and improved hardware support a bit since then. I look forward to seeing what it looks like.

@ Thoth

"prototype hardware security device with red/black separation (@Nick P's fav) for a hardware secured bitcoin wallet (http://www.eliptibox.com) which could possibly be programmed and is fully open sourced so that adds an even higher level of assurance in comparison to the Ledger Blue."

Yeah, it was interesting. I liked that they knew about Red/Black model and were doing some EMSEC work. At least a step in the right direction. People buying stuff like that might support development of even better stuff.

tyrJanuary 28, 2016 10:45 PM


@Clive Robinson

I know you will appreciate this Boingboing headline.

Monkeys make surprisingly terrible random-number generators

Clive RobinsonJanuary 29, 2016 7:09 AM

@ Thoth, Nick P, Wael, and others,

"prototype hardware security device with red/black separation (@Nick P's fav)

It's not just "@Nick P's fav", it's something that comes up one way or another surprisingly often and we have discussed it in many ways, such as in TEMPEST/EmSec, Authentication tokens, side channels, crypto and air gapping.

However it has it's problems, that I went into in some depth in discussions about secure authentication tokens.

The important two are,

1, It must go through the operator.
2, Humans are very fallible.

The first is to prevent a host of "end run" and similar attacks. The operator acts as a data diode / pump / sluice to protect the device and sanity check the traffic to and from it.

Because a technology based communications "pinch point" and "Data checking" device such as a data diode can only do a tiny subset of what is required without becoming overly complex and thus a liability in of it's self.

But humans are also fallible and suffer from things like, a lack of attention, a dislike for doing things like typing in long streams of apparently random text, etc, etc.

Thus as I've said in the past, technology that tries to remove the human from the process is going to fail horribly when an attack finds a weakness.

In essence the "NOP Sledge" is a very clear indicator of this. A Human on seeing it will usually quite quickly realise that it is "most odd" and therefore investigate. An automated system unless very complicated will let the NOP Sledge pass without raising a query.

So if your device has only a keypad and display the user will see the NOP Sledge and will go "What on Earth???" on copying from the computer screen into the device keyboard. However if the device used an electronic interface such as USB then the NOP Sledge would go through unnoticed as would the following "text only" attack exploits... In effect this is what happened with Stuxnet, it took over the control PC and sent commands off to the PLCs for the centrifuges that destroyed them. If however a human operator had manually transfered the commands they would have had a "What the heck???" moment first time around and there would have been little or no damage done. Likewise for many other attacks using either insufficiently or not correctly monitored interfaces.

WaelJanuary 29, 2016 9:44 PM

@Clive Robinson, @Nick P, @Thoth, ...

In essence the "NOP Sledge" is a very clear indicator of this. A Human on seeing it will usually quite quickly realise that it is "most odd" and therefore investigate...

Humans can be fooled too. Typically one would want to terminate transports and change protocols at each zone interface hop.

Thus as I've said in the past, technology that tries to remove the human from the process is going to fail horribly when an attack finds a weakness.

Quite a dilemma! What to do? Simulate a human with perhaps some entity like say a ... Digital Warden?

ThothJanuary 30, 2016 12:31 AM

@Nick P, Clove Robinson, Wael
Using a human to transfer data as the data diode is a good idea and one of the higher assurances available where the security requirements also demand the level of protection.

For lesser security requirements and ease of use for the general public, probably the entry level which is a data guard would suffice. Both the Ledger Blue amd Eliptibox uses an intermediate guard via a FPGA or a ARM chip whih handles the interfacing of I/O from external environment and internal environment and the good thing is both are open source. For a lesser security requirement the I/O simply needs to check for USB-CCID a.k.a smartcard interface protocol instead of memory storage I/O protocol and filter the I/O to only allow legitimate smartcard protocol language (APDU protocol) in the open source firmware codes for the case of the Ledger Blue hardware since the core is a ST31 smartcard chip.

The nice thing about smartcard chip is the architecture does not allow sideloading of codes and codes are sandboxed as part of architecture but that is all just theory.

Aything more secure would require totally disconnected modules and only using humans as the proxy.

WaelJanuary 30, 2016 4:59 AM

@Thoth, @Nick P, @Clive Robinson, ...

Using a human to transfer data as the data diode is a good idea...

Can you imagine a human sitting on a plane with the humble task of manually transferring flight sensor data to the cockpit displays? Humans are error prone.

Clive RobinsonJanuary 30, 2016 9:18 AM

@ Thoth,

Clove Robinson

Hmm, when did I become so "fragrant" if not "spicy" B-)

@ Wael,

Can you imagine a human sitting on a plane with the humble task of manually transferring flight sensor data to the cockpit displays? Humans are error prone.

Yes they are as I've mentioned before.

Real time systems are problematic at the best of times and should not be connected to any kind of network where external network data can get into them. I've mentioned this in the past, including the problems of "data logging" information going out put being subject to "down stream error correction" which can give rise to "tailored fault injection".

If people want I can give a more indepth explination of the hows and whys. As far as I'm aware nobbody else has put up anything even close to the information I've put up before, which makes me think some people in the UK / FiveEye IC have been sitting on it for over thirty years...

Which as I know they've been told about it --because I told them-- it has got to make you wonder why?

WaelJanuary 30, 2016 10:06 AM

@Clive Robinson, ...

If people want I can give a more indepth explination of the hows and whys...

It's clear to me that critical systems need a few layers of isolation from the Internet or external interfaces. It's also probable that real time systems are mission critical or life critical systems. As they say: I'm all ears.

ThothJanuary 30, 2016 11:40 PM

@Clive Robinson
It would be nice if you can elaborate:
"If people want I can give a more indepth explination of the hows and whys. As far as I'm aware nobbody else has put up anything even close to the information I've put up before, which makes me think some people in the UK / FiveEye IC have been sitting on it for over thirty years...

Which as I know they've been told about it --because I told them-- it has got to make you wonder why?"

Clive RobinsonJanuary 31, 2016 11:08 AM

@ Thoth, Wael,

The question is "where to start?", as I've said on a number of occasions you have to have a good knowledge of the whole computing stack, and thus a big chunk of mankinds understanding of the universe and himself.

So...

Security in all it's forms is primarily about "information" which is a bit of a problem to start off with because it means many overlaping things to many people. As does unfortunatly "knowledge" and "random".

If you take a very basic view of information it is fairly easy to see it is neither energy or matter, but can be easily impressed one way or another onto either of them. We are taught from a moderatly early age that matter and energy are effectively equivalent and constrained by forces and thus the speed of light. Einstein came up with his famous equation that couples energy, matter and the speed of light.

But information apparently does not get a look in untill you get to find out about what Einstein is reputed have called "spooky action at a distance". Also "quantum teleportation" and "quantum entanglement". Currently there is the question of the "What, how, why" of entanglement as previous assumptions come into question.

Increasingly it appears that unlike energy and matter information is neither local or constrained by forces... If true then amongst many other things ultimately their can be no security for information, only our inability to recognise it in a meaningful form due to impartial knowledge.

This should not come as a surprise as in essence it's what the ideas behind the One Time Pad tells us.

There are three basic things we do with all information, communicate it, store it and process it. However the reality is we don't do this to the information but the media on which it is impressed. That is we process not the information but the energy and matter it is impressed upon, and it is the constraints of the media not the information that limit how we communicate, store or process it.

Of the three processes communications is the fundemental one, as with a moments thought it can be seen that neither storage or processing can work without communication.

Thanks to the work of Claude Shannon we have a basic theory of communications in a physicaly constrained channel whereby energy directly or indirectly carries information from one locality to another. Shannon went on to show that with two or more channels it was possible to present an intermediary "eavesdropper" who only had sight of only one channel only partial information in that one channel thus secrecy could be achieved in that channel. However the valid sender and receiver having access to both channels had the full information and thus could recover the information.

Thus information security is about witholding some or all information from those not authorised to know it. If you are not authorised your task is to somehow gain sufficient information to make all information recoverable or atleast usefull in some way (ie via traffic analysis).

By and large humans are "simple souls" who perform tasks at some level sequentially. That is information is recieved as "input" processed in some manner and transmitted as "output". This is the basic model used to explain all information handeling. Thus at every stage the model is a "data source" transmitting information down a Shannon channel to a "process" which transforms the information in some way and then transmits it down another Shannon channel to a "data sink". Both the data source and sink are processes in their own right, thus we build chains of processes. The processes can be of two basic types "stateless" or "statefull", to be statefull the process requires some storage to hold the state in. Which makes the storage both a data sink and data source and the process has effectivly two inputs, the current data and the current state held in the storage.

From this basic model any type of information processing system can be built and the examination of a CPU ALU shows this clearly. As does the rest of the CPU etc all the way up into the assembler language it interprets. Likewise from the assembler up through the high level languages and up the rest of the computing stack.

However the model is incompleate in that it assumes information goes only in one direction --left to right--, from input to output. It does not consider errors, exceptions and rate control.

Thus the model needs to be augmented to take this into account, and each Shannon channel actually becomes two the primary information channel (Left-Right) and a control channel (Right-Left) which provides feedback to a preceding proccess for rate, error or exception control / handling.

Thus a downstream (right side) process can send signals back to upstream processes (left side).

Which means there is a degree of reverse transparency back through the system.

Electronics engineers get taught about this when studying "small signal analysis" via "S-Parameters" and they get an apreciation of how such feedback can effect a system.

Importantly they learn that there is a time or phase component, that can effect system stability amongst other things as well as causing cross modulation and interference products. Computing systems wgilst not directly suffering from these problems, do suffer from their analogs.

Most "code cutters" never get to hear about such issues and rarely handle exceptions in sensible ways. Likwise errors tend to be handled badly or catastrophically in the "blue screen of death" or similar abnormal program termination. Worse exceptions or errors can due to bad handeling cause all the same sort of security vulnerabilities that poorly handled input can.

Even when code cutters do handle exceptions they usually.do it badly and errors tend to only checked for at the initial system input not where they will actually cause problems.

This pushing of error checking to the left has a number of side effects. Firstly it makes the input overly complex, difficult to debug and prone to "overly clever" optimizations that are very fragile and near impossible to upgrade or maintain effectively. Secondly, because the error checking is seperated from the code where it is needed for "code reuse" becomes problematical at best. Thirdly this alows the security to be bypassed from downstream.

To understand why this might happen consider the case of a partialy implemented control handler. The code cutter implements some kind of backwards data transmission to alow for say a "disk full" condition not to cause data loss. Thus the record that failed to get written gets passed back up the software process chain to a buffer pending a new disk etc being available. An attacker knowing this can fake a disk full but return not the actuall record but a malicious record instead. which would not have got through the error checking but has now bypassed it and is in the supposedly "checked data" stream to cause mischief.


Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.