Friday Squid Blogging: Cooking with Squid Ink

Risotto nero and more.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on April 8, 2016 at 4:30 PM • 171 Comments

Comments

TomApril 8, 2016 4:46 PM

“Do you think WhatsApp will become secure?” the group asked in a post, which Vocativ uncovered early on Thursday. It answers: “Definitely not.”

The channel instead recommends that ISIS loyalists use eight other “encrypted and secure” apps: Telegram (for “private messages”), Silent Text, ChatSecure, Linphone, Signal, Wickr, MyENIGMA and Surespot.

http://www.vocativ.com/306495/isis-urges-its-supporters-to-avoid-using-whatsapp/


Apple said it was unclear whether the FBI employed a software or hardware hack, and the company did not understand why it would only work on a 5C, as the government said.

http://arstechnica.com/tech-policy/2016/04/apple-wont-demand-to-learn-how-fbi-cracked-terror-suspects-phone/


However, it became increasingly clear two days ago that authorities would likely forge ahead with this bid in the New York case after James Comey, the director of the Federal Bureau of Investigation, said the workaround purchased in the San Bernardino case was exclusive to the 5C and not other models like the 5S involved in this New York drug probe.

http://arstechnica.com/tech-policy/2016/04/us-government-still-pursuing-court-order-to-unlock-iphone-in-new-york-case/

TomApril 8, 2016 4:49 PM

Read America's insane draft crypto-borking law that no one's willing to admit they wrote

http://www.theregister.co.uk/2016/04/08/draft_of_encryptionborking_bill_floated/


China's Great Firewall inventor forced to use VPN live on stage to dodge his own creation

http://www.theregister.co.uk/2016/04/07/great_firewall_architect_forced_to_use_vpn/


GCHQ is having problems meeting Osborne's 2020 recruitment target

http://www.theregister.co.uk/2016/04/08/gchq_facing_difficulties_in_meeting_osbornes_2020_recruitment_target/


POST - Parliamentary Office of Science and Technology - Data Encryption Briefing

http://researchbriefings.files.parliament.uk/documents/POST-PB-0019/POST-PB-0019.pdf

DanielApril 8, 2016 6:28 PM

http://www.dailymail.co.uk/news/article-3530065/Clinton-campaign-blasts-reporters-white-noise-machine-t-hear-comments-outdoor-campaign-fundraiser.html

Hillary Clinton uses white noise to block speech from reporters.

I'm not interested in the political aspects. It occurred to me, however, that the white noise use in this case is effectively an attempt to introduce entropy (randomness) into the listener's aural system. I wonder if it is possible to "decrypt" fan noise in some way such as reversing the fan noise input in a recording to get the original speech (I'm thinking here of the way noise canceling headphones work).

Jim KApril 8, 2016 6:59 PM

Daniel,
If the reporters are careful and keep their microphones still (and remember where they were sitting), they could build a beam former to focus in a particular direction.

ThothApril 8, 2016 10:04 PM

@Nick P
It is much better to work on encryption in my area than US/UK in the event anti-encryption laws (below) were to be fulfilled. At least there is a slowly growing thirst for security products here and so far no cases or laws to coerce developers and companies into putting backdoors ... yet ... although there is a demand for decryption law (similar to UK).

Current list of countries to peacefully work on encryption according to my ranking:

1) Iceland
2) Switzerland
3) Germany
4) Netherlands
5) Singapore

Link: http://www.theregister.co.uk/2016/04/08/draft_of_encryptionborking_bill_floated/

65535April 8, 2016 10:06 PM

Here is a little item that most certainly will end-up in some NSA/FBI/IRS data base to be spread like leafs in the wind – and a magnet for fishing for petty criminals.

I couple of weeks ago a client who does taxes [Accountant and tax professional] called with a question as to whether he should click a warning button while up-dating a Lacert or Intuit Pro Series tax suite . I ask him to first take a screen shot and send it to me. Then I would advise him [finger printing was also brought up on Kreb’s site].

Here is the warning popup – which for all practical purposes cannot be dismissed and must be accepted by all tax accountants who file taxes electronically:

“IRS Device ID

“This latest update of ProSeries now contains support for the IRS Device ID in electronically filed 1040 Federal and state returns.

“As required by the IRS and States for fraud protection purposes, ProsSeries will collect the serial number [MAC address ? - ed] and the universally unique identifier [UUID] of the computer used to create and transmit any electronically filed 1040 return. These values known as Device ID will be sent to the IRS and states as part of the electronic file.

“For more information on the IRS Device ID go to: www.irs.gov/Individuals/DeviceID”

Here is the problem, he cannot file electronically with out his machine being finger printed and spread to the Feds and virtually all States in the union and all USA protectorates [about 57 territories/protectorates for example Puerto Rico] who are required to file tax returns.

That is quite a number of Tax accounting computers and customer data spread around the USA. 1040 Tax-form data includes the Name, Social Security Number/TIN/EIN, location, age of individuals, sex of individuals, and Individuals spouse, children who are included in the tax return; individuals holding college loans, work visas and so on.

Further, I would suspect that said data will be forwarded to the NSA/FBI/DSH and held for a long time. This is a huge destruction of privacy.

With the Feds have finger printed each Tax Preparer's computer and spreading around all of that information I think they will soon determine all of those individuals who don’t file taxes electronically or otherwise and figure out their location and PII data with ease… cough illegal aliens and the like.

It’s all done for the children and financial fraud… or makes an nice lead into fishing for vice criminals who do not file taxes – “National Security” blah, blah blah. This is not good.

WaelApril 8, 2016 10:23 PM

@Clive Robinson,

RE: Something for the weekend...

Let’s eat kids!

Amazing what difference a piddly little coma makes!

Spellcheckers, realtime keystroke transmission before hitting 'Enter', close to realtime draft file transmission before a file is even saved are all too familiar... And commercials that seem 'random' because apparently the AI behind them stands for Absolute Incompetence. It's not the software's fault. This problem is a dormant acute bug in humanware. People writing software for computer advertisements are the same ones who write TV commercials. No surprise at all.

WaelApril 8, 2016 10:31 PM

Amazing what difference a piddly little coma makes!

That was the spellchecker's bad! Coma is supposed to be comma!

Amazing what difference a piddly little 'm' makes!

WaelApril 8, 2016 11:39 PM

@65535,

With the Feds have finger printed each Tax Preparer's computer...

Device fingerprinting (DFP) is a straightforward problem to solve, given adherence to the following high level tenets:

  1. Uniqueness: Bijective mapping between a device and a DFP
  2. DFP should not be static: Resist replay attacks
  3. DFP-Device mapping should be confidential: Only the service using DFP can map a DFP to a device
  4. DFP must be stable over the lifetime of the device: Usual software upgrades shouldn't change the DFP, or change it in an unpredictable fashion
  5. DFP should be independent of the user: No user parameters are factored into the DFP
  6. DFP must be spoof resistant
  7. DFP should resist device cloning attacks

These are the minimum requirements of a properly designed device fingerprinting solution ('must' and 'should' are defined as per RFC2119

One relatively widespread problem is to use DFP as a component in 2FA or MFA (Multi-Factor Authentication.) First of all, DFP is a device 'identifier'; it shouldn't be used as a representation of authenticity: it's analogous (in terms of security) to a 'username', but for a device. Secondly: if the DFP is firmly anchored to the device, it maybe coupled with HW protected KeyMat to act as a Device authentication tuple. In this case, the tuple {[DFP, Device KeyMat], [user authentication factor]} composes a multi-entity authentication construct because we are authenticating two entities, and not using "two factors" to authenticate one entity (the user)...

Another somewhat common problem is the use of 'analytics' and 'DFP' as synonyms. They are two different things.

There shouldn't be security (confidentiality, tracking, ...) problems with a properly conceived and implemented DFP solution.

Relevant discussions...


ThothApril 9, 2016 12:07 AM

@all
Yet another product for unlocking doors with smartphones. It seems that few seems to understand the insecurity of using a multi-purpose device like a smartphone not built to be terribly secure to be granted the ability to do security. The better idea is separate physical secure element built with security in mind and on top of that to possibly include a secondary authentication like biometrics and PIN besides tapping a device (common setup for most secure offices requiring card and pin/bio).

Link: http://www.secureidnews.com/news-item/unikey-focuses-on-user-experience-with-mobile-access/

#dead#April 9, 2016 1:20 AM

Is it possible for two or more air gapped computers to communicate with each other while turned off? (w/ CMOS batteries factory installed)

I've noticed some strange things on a Windows system with several "Mesh Networking" programs factory installed and discovered upon first use.

On some other systems I've noticed in dumps of memory/boot reference of the other system with the mesh networking programs installed. I've never operated both computers at once and I don't use wifi, blue tooth, mesh networking, etc.

JacobApril 9, 2016 2:42 AM

@ #dead#

Most probably due to an inadvertent link between the 2 computers in the past.

Short of an intermediate agent, e.g. a router that is connected to both (not necessarly at the same time) an air-gapped OFF computer can not share its RAM with another computer.

This of course assumes that nobody subverted the hardware of the OFF computer with some added battery-powered local storage and side-channel transmission capabilities.

#dead#April 9, 2016 3:21 AM

@ Jacob:

Thank you. Can you speculate as to how the several Mesh Net programs were installed on a system which sat idle after purchase for a few months? I've never come across these installed Mesh Net programs before. It's kind of spooky!

Clive RobinsonApril 9, 2016 3:26 AM

@ Wael,

Amazing what difference a piddly little coma makes!

Yes especially with a statement like,

    You are going in a comma

Does this mean "the big sleep" or "going for a ride" in a 1960's British car.

Even back then British cars had funny names, a point British author Douglas Adams made with the "Ford Prefect". A car which first saw the road around 1938 and is the sort of vehicle vets and doctors would have owned, oh and possibly the likes of Miss Marple would have riden around in, in later TV and Film productions.

I was once told that "Whilst it is possible to write without commas and semicolons, it is not desirable to do so". The funny thing is most people --myself included-- have no idea of the intricacies of when to use colon's and semicolon's so we try not to bother over taxing them.

Clive RobinsonApril 9, 2016 4:18 AM

@ 65535,

With the Feds have finger printed each Tax Preparer's computer...

I suspect this has been started due to the number of false filings by criminals etc. You would not expect significant multiple filings from individual computers, even from an accountant doing it for several people.

Without going into details there are often ways even unique electronic serial numbers can be changed because the App sits several software levels above the hardware.

Years ago the NE2000 network card was cheap and plentiful, and due to this the manufacturer had "soft MAC addresses". For various reasons in a number of places the MAC address would be changed after the OS / Apps etc had been installed or upgraded (it helped with inventory). This worked fine untill Micro$haft decided to "get cute" with trying to tie software to hardware...

The thing is that these serial numbers that go into making the device fingerprints are often not reliable in many ways. It's why I object to the term "fingerprinting" when used with them. If criminals know about what forms the roots of these serial number amalgamations then they can find out how to change them, and probably have.

Thus these electronic device fingerprints are not like the Typewriter Typeface Forensic fingerprints of old that could be used as reasonable evidence in a court. Something that nodoubt will at some point in the future form the basis of yet another forensic evidence scandal as has hair analysis, bullet fragment metallurgical matching, drugs traces in currency etc.

All of which is not helped by the fact that the DOJ/FBI are known to regularly cheat in the "evidence discovery" phase of a trial, especially when politicaly motivated. It's got to the point where people should be asking if those in the DOJ should be tested to see if they are sociopaths or not, or just accept the idea that the DOJ is "an institution for the criminally insane" where "win by any means fair or foul" is the name of the game...

Clive RobinsonApril 9, 2016 4:55 AM

@ Bruce and the usual suspects,

You might want to have a flick through this Brazilian paper,

http://arxiv.org/abs/1604.01450

    Specifically, we conduct an investigation to reveal the different types of Technical Debt that can lead to the rejection of pull requests. From the analysis of 1,722 pull requests, we classify Technical Debt in seven categories namely design, documentation, test, build, project convention, performance, or security debt. Our results indicate that the most common category of Technical Debt is design with 39.34%, followed by test with 23.70% and project convention with 15.64%.

The authors used six open source projects and interestingly found that although only 1.42% of the 1,722 pull requests rejections were about security they formed one of the largest sets of comments.

Sadly they did not go further into that.

Clive RobinsonApril 9, 2016 5:10 AM

@ 65535,

Or how about the CIA venture capital funding a "skincare" company, that has a novel way of striping the outer layers of skin off and in the process makes DNA easy to collect from an individual?

https://theintercept.com/2016/04/08/cia-skincare-startup/

Where ever you look the Feds etc have their little wrinkles that all appear to be about invading privacy and collecting personal identifying information.

Clive RobinsonApril 9, 2016 5:44 AM

Big Brother and a Cashless community

I've been aware of this problem since the very early 1980's, and it's nice to see it getting mote mainstream attention.

Our lives revolve around money, and the less affluent you are the more true that is. The desire by the state to drive cash out of existance gives "Big Brother" opportunities aplenty, especialy on those who are in the bottom of society financialy (which is about 9 out of 10 of you in the US). Thus the ability to illegally penalize groups of society "just by political comment" is just one letter away and increases rapidly as cash becomes less common.

It's one of the reasons why in my early twenties I decided that plastic was not the way to live and have since encoraged the use of cash wherever I can.

http://www.theatlantic.com/technology/archive/2016/04/cashless-society/477411/?single_page=true

WaelApril 9, 2016 5:47 AM

@Clive Robinson,

Whilst it is possible to write without commas and semicolons, it is not desirable to do so.

I feel you! That's especially true for the full stop.

The funny thing is most people --myself included-- have no idea of the intricacies of when to use colon's and semicolon's so we try not to bother over taxing them.

@CallMeLateForSupper let the cat out of the bag! As I said in the same thread "punctuation isn't my strongest point"! I sometimes refer to the quick guide but often ignore it and get in trouble with you and @ianf ;)

PS: Someone, you know who you are, noticed that my signal-to-noise ratio is inversely proportional to the phase of the moon. In other words, SNR = CS / MoonPhase; where 'CS' is "Schneier's Blog Constant". Need to add an entry right here...

I better try and get some sleep. Getting closer to 4:00AM...

Clive RobinsonApril 9, 2016 6:26 AM

Emacs on Android

Yes it can be done,

http://endlessparentheses.com/running-emacs-on-android.html

Yes I know many will think "So what?" not everyone is an emacs fan and I'm not one of them, but nano, jed or vim would be nice (I grew up on WordStar which I still use and it's interface was much copied as Borland IDE users amongst many will know...).

But as anyone who spends a lot of time traveling or waiting being able to do something productive with the time makes you feel less venal to those who try to make you waste it. Further not all of us want to carry expensive and above all awkward and fragile laptops / pads etc around, and your phone is normally in your pocket for quick and easy use.

The real problem is a lack of developer environment style FOSS for Android. I've tried several of the "free" editors on Google Play in the past and they are deficient in oh so many ways. My biggest gripies are the "adds" and "required access" with both rendering most editors Malware in my books. Oh and no I don't want cloud based solutions they munch your battery and data faster than you can imagine.

I'd be curious to hear what others have to say about there experience and what editors they use on their phone or small screen pad?

65535April 9, 2016 7:58 AM

@ Clive; Wael

What are the exact commands? I like to help my client. But, it seems it cannot be done. And, I would suggest you try it on a test machine.

{wae]l

The tax program and the actual tax loss carry are built into each and every tax year program – which must be updated each tax year.

As far as I can tell each Tax preparation professional, must accept the “up-date” from both Lacert and Intuit Pro series. Thus, you suggestions may be good on digital paper but not good in digital life.

The IRS will utilize this unique identifier; in addition to key elements we already collect to improve fraud and ID theft detection. Vendors implementing Device ID in their software should ensure that their privacy notice will cover Device ID.

“• DFP should not be static: Resist replay attacks
“• DFP-Device mapping should be confidential: Only the service using DFP can map a DFP to a device
“• DFP must be stable over the lifetime of the device: Usual software upgrades shouldn't change the DFP, or change it in an unpredictable fashion”

Hum, what about the “Record Retention rules” which are quite strict in the states?

“I suspect this has been started due to the number of false filings by criminals…” -Clive

@ Clive

“the piss poor Feds excuse given for this law. I don’t buy it. The past is a good example of our future.

“Or how about the CIA venture capital funding a "skincare" company, that has a novel way of striping the outer layers of skin off and in the process makes DNA easy to collect from an individual?” – Clive

That is exactly the problem I am trying to highlight. With computer finger printing - that is the real problem. The medical record problem is form Stalin to the any modern dictator.
Got a fix?

Thanks.


Social Media Regression: Advertising Posting as News April 9, 2016 8:16 AM

Mark Zuckerberg has made a personal plea for his Products to share more of their juicy personal lives. Titillating posts are down 20% as people are sleeping more.
Zuck also frowned on posting links to outside articles, as Facebook Net Neutrality leadership is recognized throughout The World.
www.wsj.com/articles/facebook-to-allow-media-companies-marketers-to-post-sponsored-content-1460116801

Why not post a list of ‘news’ stories that fooled both you and Snopes?

Behavioral ProfilingApril 9, 2016 9:41 AM

In the battle to remain anonymous when browsing and chatting online - preserving our inalienable rights in the process - it seems we have reached stage 3 in the browser wars.

Stage 1: cookies, ever-cookies and other basic profiling tools that are generally easily defeated

Stage 2: fingerprinting based on browser & device configurations, IP address, canvas image extraction, available O/S information revealed when browsing, by enabling Javascript etc - mostly defeated by Tor Browser with no Javascript running, MAC spoofing, Whonix, VMs and other techniques

Stage 3: user behavioral/biometric profiling - specifically keystroke dynamics, mouse movements, reading speed and so on. This is partially addressed by not running Javascript and cut and pasting text into browsers where required for keyboard typing. But, when behavioral profiling is used in combination with a range of inputs, this will likely defeat the use of VPNs, VMs, proxies and Tor once your profile has been established (90% accuracy apparently according to online sources - FUD?).

The question then remains how to defeat this, as it would logically remain a top priority for Stasi agents right now.

Chrome has KeyboardPrivacy which: Prevents behavioral profiling by randomizing the rate at which characters reach the DOM. It works by caching keystrokes and introducing a random delay before passing them on to a webpage. Nothing exists for Firefox yet - Clive, this is your chance to become the next 'NoScript' in terms of add-ons popularity! Maybe a weekend's work for you ;-D

The remaining problem for civil libertarians is how the mouse movement tracking problem and other indicators can be defeated e.g. stylometry? Random noise and garbage data might need to be necessarily incorporated as part of everyday browsing. Perhaps some uniform parsing of the English language will help defeat stylometry analysis?

An old schneier blog post from 2012 suggest hardware dongles or the unreliability of humans would defeat definitive behavioral profiling, but I doubt it when combined with other unique factors e.g. reading speed and the possibility of quantum computers and "Cognitive Footprint Biometric Applications" that have been in development for years.

Also don't forget an enemy that: never sleeps, possesses virtually unlimited computational power and is completely unrestrained in its behavior.

See here: https://www.schneier.com/blog/archives/2012/01/authentication_1.html

BTW Note the evils of having Javascript enabled in general. Whonix news notes:

With JavaScript enabled, user behavior can be tracked and profiled. Tor Browser implements defenses against user behavior tracking as of the beginning of the 5.x.x series.

It reveals, how fast you type, how long your breaks are, which mistakes you make and how you correct them while writing the draft, also which type of local keyboard you are using.
Mouse tracking analyzes the position and speed of cursor movement unique to each person as they interact with webpages.

Combined with stylometry which works with less data (final text only), keystroke fingerprinting will completely de-anonymize you. An adversary can compare statistics about user's typing over clearnet, then compares it to texts composed over Tor in real-time.

Thankfully this website does not require Javascript enabled to participate, but it is one of the few.

For the interested readers, I suggest you try the advanced fingerprinting tests for your browser below (better than Panopticlick 2.0 and Browserleaks). I'm sure you will be unpleasantly surprised at how unique you are. Even using Tor Browser will put you in the 1-2% of all tested browser fingerprints, and that is WITHOUT JS even running.

https://amiunique.org/

Dianne FraudsteinApril 9, 2016 10:09 AM

The Empire Strikes Back

https://theintercept.com/2016/04/08/bill-that-would-ban-end-to-end-encryption-savaged-by-critics/

The bill, from Sens. Richard Burr and Dianne Feinstein, would force technology companies to either decrypt the contents of their customers’ communications for law enforcement, or hack into their own products to do so — effectively rendering illegal the end-to-end encryption currently offered by some of the heaviest hitters in the business, like Apple, Facebook, Google, and now WhatsApp.

...

“No person or entity is above the law,” reads the beginning of the bill draft. “All providers of communications services and products (including software) should protect the privacy of United States persons through implementation of appropriate data security and still respect the rule of law and comply with all legal requirements and court orders.”

The bill would specifically require companies to decrypt communications “in a timely manner” or provide “technical assistance” in order to override any security measures preventing access to “intelligible” data — precisely what the FBI ordered Apple to do in order to access San Bernardino killer Syed Rizwan Farook’s work phone before finding an alternate way in.

No person or entity is above the law except the MIC participants and the war criminals inhabiting the White House. One wonders what dirt the shadow agencies have on this mummified hag; it must be serious stuff.

A nice way to destroy the remnants of the republic and major Silicon Valley products with one deft stroke. Simply idiotic.

But on the bright side this will be a huge boon for FOSS and widely available encryption alternatives.

JG4April 9, 2016 10:34 AM


@Jim K

I like the beamforming concept and it dovetails to some related topics. A collaborative beamforming system can triangulate disturbances like gunshots and traffic accidents at neighborhood and city-scale. This already is provided by the private sector for policing, but it also can be done on an ad-hoc open-source basis. It would make a nice kickstarter project too.

I've been meaning to write up some notes on a generalization of system identification. A key step in beamforming is to calibrate the microphone spacing, which may not be easy. A second key step is to estimate the postion of the speaker of interest. This probably all can be done in post-processing, so it would be sufficient if the reporters capture the sound streams at their locations with good fidelity and then pool their data later.

I have suggested previously that undocumented features of cell phones can be used to enable beamforming in crowds of people, as well as monitoring the relative position of each person in the crowd.

https://www.schneier.com/blog/archives/2015/10/friday_squid_bl_499.html#c6709471

I don't recall whether I suggested that the x-rays used in airports now have sufficient resolution to capture the tooth patterns from old-fashioned car keys, house keys and the like. How convenient that they can be surruptitiously rifling through your house while you are sitting on an airplane.

Clive RobinsonApril 9, 2016 11:24 AM

@ JG4,

... this interesting side-channel attack

The instance is new but the class is old ;-)

The first implementation of Quantum Key Transfer used motors to change the poloriser. Thus as he was adjusting the experiment the audio side channel was telling him exactly what state both polarizers were in.

And back in the 1950's MI5 provided GCHQ with an audio side channel into various Embassies Crypto rooms which provided fast short cuts in determaning the mechanical cipher machine settings.

Oh and the British DWS Rockex OTT Super Encryptor in NY was likewise attacked by the US during WWII, they used a dual channel scope to see the audio at the same time as the signal on the line. This enabled a keen eyed engineer to spot that there were slight differences on the hold and release times on the "adder circuit" as well as powersupply issues. Which ment they could strip of the super encipherment by one time tape and see the Typex encrypted traffic and EOW instructions.

It's why we should realy talk about "energy gapping" not "air gapping" systems to remind ourselves that not all side channels are electrical or electromagnetic.

de La BoetieApril 9, 2016 11:43 AM

@Behavioral Profiling

The way to defeat browser profiling is, in part, to avoid using browsers. Today, browsers are a form of smart-dumb terminals onto closet mainframes, and are vassals doing the center's bidding.

If we draw back from the siren browser call of instant gratification and visual candy (which is primarily about owning you by the eyeballs), and go back to batch message exchange, possibly with a controlled vocabulary and standardised extensible fields, but certainly mediated by a local open source program which performed the exchange, defences could be far stronger. Effectively like EDI, but for a range of topics. My feeling is this will also become more prevalent in the marketplaces on the dark web, if for no other reason than survival of the "fittest".

Personally, I think reducing browser use would be way more productive in any case, but from the perspective of privacy and anonymity, would be far more defensible than attempting to defend bloated browsers.

I can recommend the book "The Secret Life of Pronouns" for those interested in how below-the-radar language use can potentially identify us.

WaelApril 9, 2016 12:25 PM

@65535,

As far as I can tell each Tax preparation professional, must accept the “up-date” from both Lacert and Intuit Pro series. Thus, you suggestions may be good on digital paper but not good in digital life.

I made no suggestions. Tried to clarify the difference between a good DFP solution and a not-so-good one.

65535April 9, 2016 12:45 PM

@ Wael

I meant on offense to you. You explanation was through and understandable. Thanks.

The problem with altering certain ID’s on an important device spans to, the device not fully booting because of a SSL/TLS certificate errors which in is tangled into said certificates for encryption purposes - to the record retention laws.

I do find the idea of each individual’s tax return tied to a certain machine owned by a tax professional is disturbing [I am sure that said Tax ID is printed in a bar code or otherwise obscured in said tax returns – yet extract-able]. Some Individual my cheat on his/taxes and cause the tax professional problems. Or, some crooked tax preparer could cause tax problems for his/her entire client base – i.e., and audit of all individual who used that particular tax preparer.

CallMeLateForSupperApril 9, 2016 12:56 PM

Yet another study on this.

"Almost half of dropped USB sticks will get plugged in"
https://nakedsecurity.sophos.com/2016/04/08/almost-half-of-dropped-usb-sticks-will-get-plugged-in/

"This time, the researchers hail from the University of Illinois. They decided to test what they call the “anecdotal belief” that people pick these things up and plug them in, so they dropped 297 drives on the school’s Urbana-Champaign campus last year."

The reaearch results (PDF): https://zakird.com/papers/usb.pdf

DanApril 9, 2016 12:58 PM

@65535, @Wael,
I don't think that DFP is that useful against smart defenders (it would be very useful normally, but not necessarily for its "intended" purpose). People can buy a Raspberry Pi computer for $35 (one model goes as low as $5). It would be very cheap to use a several single-board computers to defend against DFP. Raspberry Pis(is that the correct plural form?), and similar single-board computers, are also useful because you can effectively switch computers by switching SD cards. You could probably have the air-gapped computer and the networked computer be the same physical hardware.

DanApril 9, 2016 1:02 PM

"It would be very cheap to use a several single-board computers to defend against DFP"
Ugh. Spell-check doesn't defend against bad grammer:(

WaelApril 9, 2016 1:34 PM

I meant on offense to you.

None taken. I'm not that sensitive, don't worry.

The problem with altering certain ID’s on an important device spans to...

A balance has to be struck between fraud and privacy. A good solution is a solution that preserves privacy and reduces fraud. Doing away with device characterization and identification opens the door for fraud; to implement an ill-conceived DFP solution will expose users to privacy issues, and may not deliver the expected security posture.

WaelApril 9, 2016 1:48 PM

@Dan, 65535, ...

I don't think that DFP is that useful against smart defenders

It depends how DFP is used and for what purpose. A typical use case would be to identify a tenured device during a service request: If the user passes authentication, and the DFP is recognized, then service may be rendered with low risk. If the user authenticates successfully, but the request originates from an unrecognized DFP, then this is a risk flag. Further checks need to take place since there is a possibility that a hacker captured the user's credentials and tried to request the service from a rogue device.

This was just one example. Other examples of benign DFP usages include customized rendering of web content,...

Using DFP for tracking purposes, behavioral analysis misuse, ... is what we "don't like". DFP is a tool, and like most other tools, it can be used or misused.

Raspberry Pis(is that the correct plural form?)

I believe the correct plural form is: "Raspberries Many Pi", but don't quote me ;)

albertApril 9, 2016 1:58 PM

@Jim K, @JG4,

A simple method would be to obtain a recording of 'only' the white noise, obtained at the same time as the noise + voice recording. By varying the phase differences between the two, one could cancel out most of the noise. If both recordings have voice + noise, the voice component will be canceled to the degree determined by the relative levels of voice in each.

Filtering can help. Spoken voice (female) is usually considered to be in the range of around 150 to 3000hz. Sibilants occupy the upper range. The 'telephone' response standard: 300 to 3000Hz is considered good enough for intelligibility. Super-compact 'shotgun mikes'* are also available. The human ear/brain system has remarkable abilities to distinguish the spoken word. S

And there's always lip-reading :)

Anyway, I know what she's saying to her contributers: "Don't worry, I've got your back."
------------
* or 'gun mikes'. OK, I'm an OT.
. .. . .. --- ....

Clive RobinsonApril 9, 2016 2:09 PM

@ JG4,

suggested that the x-rays used in airports now have sufficient resolution to capture the tooth patterns from old-fashioned car keys, house keys and the like.

It's not just the "tooth patterns" it also captures the pits and depths of those Kaba and similar security keys.

There are ways to make this more difficult for them but they can easily pull the key wallet etc off of the belt and just photo or re xray them again, whilst they give you an extended search, or take you for a chat in another area.

The only way to beat this with ordinary locks and keys is to take dummies and leave the real keys in trusted care. Which is way to much effort for most people.

The thing is if they want in they are going to get in anyway, which means you have to use far different from normal alarm systems.

One such system is to use the WiFi Radar technique yourself, there is sufficient information up on the web to work out the details, if you have the prerequisite background in such technology.

Personaly I would advise people "To never crap on their own doorstep" but that does not stop evidence being planted etc, which will be the new game in town along with parallel construction and not following evidentiary rules etc.

The real trick that will follow is invalidating / tampering / destroying defence evidence. Such as things like phone records, bank records getting changed, likewise cloud data etc. It's why we need to realy do a lot more research on tamper evident data storage etc.

We have seen this already with manipulation of HTML pages to make ordinary porn look like kiddie porn etc. Although caught out by the "wayback machine" files I don't remember any LEO going to jail or even being sanctioned, even though false convictions and suicides resulted from it.

albertApril 9, 2016 2:11 PM

@Wael,

You mean like 'Attorneys General'?

Try apple pies - more than one

The apple pie's hot (pie is)

The apple pies crust is too hard. (or pies') possessive singular

The apple pies crusts are too hard. (or pies') possessive plural, meaning derived from context

Apples Pie: Apples share of the market

:)


RickyApril 9, 2016 2:24 PM

WhatsApp might just have accidentally made itself illegal.

WhatsApp encryption uses a 256-bit key, which is only known to the sender and recipient, which is why the security is described as “end-to-end”. But the Indian rule requires companies to use no more than 40-bit encryption, unless they get explicit permission from the government.

Getting that permission will prove impossible because of the way that the system is set up. WhatsApp would have to hand the key over to the government for it to be checked — but since the company doesn’t actually have those keys, they can’t be handed over at all.

http://www.independent.co.uk/life-style/gadgets-and-tech/news/whatsapp-end-to-end-encryption-update-might-have-made-chat-app-illegal-in-india-a6974921.html

A maximum of 40-bits? Where have we heard that before?...

albertApril 9, 2016 2:28 PM

@Clive,

"...Sometimes all you want on a Friday is touch of lubrication and a little light relief...."

OK, I haven't heard alcohol referred to as a 'lubricant' in decades. Today, the usage is......slightly different:)

You're an OT....WordStar boy!!

Is your left pinkie still strong?
. .. . .. --- ....

WaelApril 9, 2016 2:36 PM

@albert,

Try apple pies - more than one

Kinda...

Woman running to police station....

- Woman: I was graped... I was graped!
- Officer: Do you mean 'raped'?
- No! It was a bunch of them.

Mike BarnoApril 9, 2016 2:39 PM

Friday's (April 8) Wall Street Journal has an article on Grid Assurance LLC, a company to keep powerplant equipment ready for quick deployment to electric providers to minimize blackouts after natural or man-made damage events. It also mentions noise in Congress about forming a Strategic Transformer Reserve.

Most of the past discussions I've seen here on Bruce's site have been about the risk of hacking into powerplants' electronic control systems, invariably focusing on the foolishness of allowing Internet access just for the convenience of remote managing or integration with other functions. But in the wake of the Brussels airport and subway bombings, the mass media got really scared by one surveillance video among the conspirators' files, watching the home of a nuclear researcher. Suddenly politicians who never talked, nor apparently even thought, about powerplants' physical security got scared enough to demand armed guards around nuclear plants. I haven't heard that debate extend to conventional coal/oil/gas powerplants or distribution stations.

Just as an ordinary civilian thinking about common-sense disaster recovery, this has always been obvious. The April 2013 San Jose incident where 17 transformers were shot up (and the perpetrators went unbusted) certainly should have stimulated serious action. Maybe the regulators didn't want to give anyone bad ideas? Apparently the only previous response by the utilities was quiet sharing of info about their spares on hand.

Can someone with industry risk-mitigation experience provide a better understanding?

albertApril 9, 2016 3:42 PM

@Mike Barno,

"...the mass media got really scared by one surveillance video among the conspirators' files, watching the home of a nuclear researcher...."

OK, you're talking about:

1. Mass Media, basically run by idiots.
2. Politicians, who are basically idiots.

How many nuclear researchers work in power plants? How many nuclear researchers know enough to run one, let alone sabotage one?

They are many ways to sabotage a nuclear power plant that don't require reactor control expertise; indeed, that don't even involve the reactor. Those methods will work on any power plant.

Those 'nuclear researchers' -do- work with nuclear materials. Perhaps -this- is a reason to surveil them. I'd be far more concerned with that. Attempts to storm a nuclear plant will eventually end in a hail of lead; bet on it.

I do agree with keeping spare transformers available. I also think our billionaires need to spend some money repairing our infrastructure.

Do you have a link for the Brussels media/politicians thing?
. .. . .. --- ....


Mike BarnoApril 9, 2016 4:09 PM

@albert:

One early example is:

http://www.usnews.com/news/articles/2016-03-24/brussels-attackers-linked-to-suspected-nuclear-plot

A quick search showed many other news articles. I haven't dived deep enough to find anything more substantial than what was described on USA cable TV news networks. Most assumed the purpose was to get radioactive materials and/or knowledge to build a "dirty bomb".

I agree with each of your comments, and already understood each. I've seen mention of the incident where an insider (apparently) turned a valve draining cooling oil from a nuke plant's turbine. That one went unsolved, so utilities are finally adding internal cameras to monitor their staffs for Homer Simpson accidents and actual sabotage. They're also finally bothering to review lax vetting of employee backgrounds. Supposedly, some traveled to Syria and got hired after returning.

Gerard van VoorenApril 9, 2016 4:17 PM

@ Albert,

"They are many ways to sabotage a nuclear power plant that don't require reactor control expertise; indeed, that don't even involve the reactor. Those methods will work on any power plant."

I think I have quite a bit of knowledge. Okay, compared with Clive, Dirk and Wael it's shallow. Sometimes I speak about things I have zero knowledge of which I later regret. But Albert are you a nuclear power plant expert? If not, please don't pretend to be one. Or do you really know many ways to sabotage a nuclear power plant for real?

Clive RobinsonApril 9, 2016 4:55 PM

@ Mike Barno, Albert,

Can someone with industry risk-mitigation experience provide a better understanding?

There are much better reasons to keep spares of transformers and the like on hand than maybe terrorist / hostile nation getting into the control systems. The terestial and space weather being two.

If you remember nit so long ago NYC got a little bit damp and had flooding etc. Quite contrary to many peoples expectations the local power company kept things together quite well. The reason was a short while before that they had major problems and had to put their hand in the profits to upgrade their run down infrastructure. As a result they could divert upgrade to repairs. Thus a valuable lesson was learned.

Back about a quater of a century ago a major Canadian area discovered what effect a solar storm can have when over head power cables and the transformers they feed are running at 99% capacity and get the equivalent of a hundred years of lightning in charged particles etc in just a few seconds causing things to melt like fuses.

We were due a solar storm maximum a little while ago but it did not realy happen which means the next one could be a real biggie... Whilst over head cables can be cheap to put up, they tend to have higher maintenance costs which counteracts the initial savings quite quickly. The sort of transformers they need are neither cheap or quick to source and can have two or more years lead time, so losing four or five at the same time could through us either back to the 1920's or have disastrous health consequences due to generator emissions (Diesel Particulates). New Zeland had an example of this a decade or so ago and the privatised supply company disappeared like thieves in the night, and there were reported increases in breathing issues and premature deaths.

The other thing to remember is that older transformers are an environmental disaster they are fulk of PCBs used as coolant. In many places they are now effectivly illegal to use. Thus transformers are having to be replaced long before their end of life time. Put simply there are no PCBs that are safe in the environment and destroying them is a very difficult task for the same reason.

As for "good old boys, getting a skin full" and shooting up transformers, that is fairly trivial to stop with appropriate walls. Likewise thrown explosives can be stopped by steaply pitched roofing or chainlink netting. Which means terrorists are more likely to attack pylons in fields etc where security is much more in their favour.

By the way, you dont need explosives to take out over head cables you can do it with as little as a lead fishing weight a catapult and thin monofiliment fishing line which you fire over the top then pull over thickish cheap polyprop rope to then pull up lengths of old chain or steel rope. When the chain gets to bridge two cables then there will be fireworks and circuit breakers will trip. Back when the PIRA were doing their "mainland gigs" back in the 1980s this was one of the attack scenarios that most worried Maggie Thatcher's advisors after bombs under man hole covers. Which had it's own fasical side, they decided that tack welding man hole covers down was the solution, but... The only qualified people available to do it just happened to be mainly Irish...

The simple thing is all infrastructure is vulnerable and is often poorly maintained. Have a look at California where a gas company has let millions of cubic meters of methane escape which is a major "green house gas" disaster. They are basicaly saying that they are going to fiddle the restitution they have agreed to do --to avoid potential prosecution--, so it does not cost them to much...

At the end of the day if you want infrastructure security your biggest threat is and will remain the free market and it's share holders. It needs not "light touch regulation" but serious legislation with serious consequences for not just directors but share holders, jail time and bankruptcy and life disbarrment from any kind of office should be what they face for even minor infringments.

Draconian sounding, but it's part of the price you have to pay to get infrastructure security with the current corporate ethos.

Clive RobinsonApril 9, 2016 5:35 PM

@ Gerard van Vooren,

As far as it goes, Albert is right to say that it's the generator set onwards that is easier to sabotage than the reactor.

I'm not a nuclear reactor designer but I've worked with them two or three times in my career. Early reactors were not understood and had many acidents --see history of Callder Hall-- and strange behaviours. It was more luck than judgment that there were not realy any serious incidents just the odd kilo or three of plutonium etc going up the chimney, and reactor graphite cores burning.

The result was third generation systems had overkill on overkill on safety systems. So much so one engineer only half heartedly joked "It's a bloody miracle the dam thing starts up".

Once outside the reactor heat is taken away by a primary loop that via heat exchangers drives a secondary loop which then basicaly produces super heated steam which is in effect identical to that you get from coal / oil / gas fired boiler systems. Thus the generator set switch gear and distribution farm is pretty much the same.

Sadly there are no currently running fourth generation reactors in Europe as these are inherantly fail safe systems and it's belived that they could also be designed to run on the likes of Thorium which you can not make nuclear weapons out of. They might also be a more practical way of dealing with the large stock piles of nuclear waste with half lives that are longer than man has been able to write.

The generaly held belief is that the public would rather go back to late 19th early 20th Century level electricity usage rather than have any nuclear plants, no matter how safe, or how they might use up the nuclear stock pile, thus vastly reducing the nuclear weapons in the world (of which the US is belived by many to have atleast two thirds of).

Nuclear reactor design which is realy an engineering discipline is rapidly becoming a "dying art" as it's something like thirty years since major power production reactors were designed...

The real issue is not if we can have efficient "green generation" but how we produce reliable power when the wind dies and the sun is overcast all at the same time as slack water. We don't have efficient storage systems, and we could not build enough "batteries" there is not enough of certain types of metals. Which is why people are investigating "molten salt" and "compressed air" solutions. But so far they are not up at the 25% efficiency levels and their power density is quite low.

We have a major "energy gap" approaching fast and it will not be at all pleasant. After all do you want your energy security to be based on which way Vladimir Putin is looking today?

#dead#April 9, 2016 5:58 PM

Hello, can anyone help me regarding the questions in my posts so far in this thread? TIA HAND

tyrApril 9, 2016 6:14 PM


There are things I have dreamed of that are strange
but even one of Stallmans converts never wanted to
see emacs on android.

Now DRDOS5 editor might be handy (subset of Wordstar).

My own usage of emacs was less all encompassing than
Richards vision to be able to do everything from an
ostensible text editor. Probably due to the limited
memory of microcomps. With context switching CPUs
and vast expanses of RAM you can burn power with a
profligacy that imperils the planet.

@Clive
While I can parse out the meaning of corporate ethos,
I think that such a thing is impossible in concrete
terms. That it is assumed to have a connection to the
mundane real is pretty dangerous to the whole concept
of ethics.

I'm always amazed at the levels of intrusion that have
occurred via technology, starting with the microcamera
in the xerox that recorded every document copied. The
mad schemes to fingerprint every device and infiltrate
all materials are quite staggering when considered in
the aggregate. I'm sure everyone is much safe when each
piece of paper carries multiple watermarks and serial
numbers. I can't wait for nanotech to start encoding
everything and make every LEO into a Mycroft Holmes.

Mike BarnoApril 9, 2016 6:36 PM

@ Clive Robinson :

Not only are those old PCB-filled transformers unsafe in the case of simple leaks, but if they burn, it produces dioxins ( https://en.wikipedia.org/wiki/Dioxins_and_dioxin-like_compounds ), which are highly toxic and persistent. When a transformer burned in a fire in the State Office Building in Binghamton in upstate New York in 1981, then-governor Hugh Carey tried to assuage public fears by saying he would drink a glass of PCBs. I lived a few miles away, and the incident left me awfully cynical, both about politicians' trustworthiness and about government competence in infrastructure maintenance. Replacing these transformers before their EOL would be a great benefit to national security. Replacing these politicians seems to be no benefit until we change their incentives to protect corporate short-term profits.

Clive RobinsonApril 9, 2016 6:39 PM

Lotto boss shimed RNG with a DLL

It appears that a state lottery official used his position to put a tammpered dll onto a machine that picked the winning numbers, after it had be audited...

http://arstechnica.com/security/2016/04/neutered-random-number-generator-let-man-rig-million-dollar-lotteries/

It raises the point about how you stop this sort of "breaking bad" behaviour.

One way is multiple independent signing of audited code. That way you are not stopping people thinking bad --nothing can stop that--, you are forcing them to have to collude with others to go bad. Which can be effectivly stopped by making the independent auditors unknown to each other and randomly rotating them.

The other thing that people get wrong with signing code is when they check the signiture. In most cases the signiture is only checked when you try to put it onto the computer in the first place. To be more secure it needs the signiture checking every time it's loaded into memory for execution.

But even that leaves the potential for it to be modified some way during execution. Thus there needs to be a process that randomly checks the signiture of the code in RAM. And to ensure the signiture checking system is not got at you need it to be done by an immutable hardware device, which needs a specialised system design. All of which is a bit complicated.

However this brings up the question of why they were using the equivalent of a PC with complex operating system for drawing the numbers... Thus it sounds like the system was poorly designed from the get go.

O. BeyApril 9, 2016 6:58 PM

Re the white noise problem: I'm afraid none of the solutions proposed thus far would work, due to well-documented chemical/physical interactions between (a) the massive amounts of hot air emanating from any politician's mouth and (b) both the dense concentration of crazy gas and the massive generation of stupid waves emanating from any location where large numbers of the current electorate are gathered. A more productive approach would be attempting to develop those Roddy Piper sunglasses, so we can at least read what those political billboards actually say.

Some guy who's been thereApril 9, 2016 11:12 PM

@Mike, Clive

In the US, a couple of hundred or so substations will be getting added protections under NERC Reliability Standard CIP-014-2, a Industry/Regulatory standard. Too soon to see if it the Standard achieves the intended objective.

What makes this standard so important is that we haven't fixed the real problems. Fundamentally, we have inadequate power grid resilience. Why? It takes 10 years of paperwork with a 60% chance of approval to build a new 500 kV power line. And then you get the not in my backyard fights.

Then again, I think distributed interlinked micro grids are a better solution, but not yet cost effective and definitely not popular.

NatApril 9, 2016 11:59 PM

"Chrome has KeyboardPrivacy which: Prevents behavioral profiling by randomizing the rate at which characters reach the DOM. It works by caching keystrokes and introducing a random delay before passing them on to a webpage."

How would this work if keystrokes were captured on the OS level ?

WhoaApril 10, 2016 12:42 AM

@Ricky

So I guess that means all banking, online commerce, and the whole internet is illegal in India too? Do people know how web sites are made? Programmers make them using encryption to log in remotely into a server. You ban all encryption, and you ban everything. It's a technological apocalypse. It's like the end of the world, turn off all computers, dress like cave men.

Wesley ParishApril 10, 2016 2:25 AM

@Clive Robinson

I strongly suspect the real threat to energy security is not some random pterorist on flights of fancy - remember just how successful the shoe bomber and the underpants bomber were? - but your ordinary Arfur Daley ripping off transmission lines to take to scrap dealers to pay his drug debts.

BytopiaApril 10, 2016 5:38 AM

I can hardly imagine using Emacs on Android without a physical keyboard. And even then it ought to be the full-sized one, not the typical "Bluetooth keyboard for your smartphone." Think Vim would have fared better if you need a quick edit here and there.

The Squid thread this week is awfully interesting.

Thomas_HApril 10, 2016 7:15 AM

RE: potential for nuclear terrorism by spying on Belgian researchers:

Considering the state of some of Belgium's nuclear power plants the chance that one of them melts down without IS assistance likely is larger than that of a terror attack on them. They have non-critical failures in various systems every couple weeks (pumps breaking down, valves failing, computers grinding to a halt, you name it) and at least one of them has a problem with cracks that, we are assured, is of "no danger to public health whatsoever". Clearly, the calls for closure by neighbourging cities are all much ado about nothing. Of course, one of the most unnerving plants is located right at the border with the Netherlands, so if something went wrong close to half of the problem would not be one for Belgium...right?


Mike BarnoApril 10, 2016 8:26 AM

@ Some guy...

Thanks for the mention of NERC CIP-014-2. I found a useful overview at this Electric Energy Online page:

http://www.electricenergyonline.com/show_article.php?article=813

Basics are that this is a process for evaluating risk and prioritizing, and that it's about transmission systems, not powerplants. The NERC's 36-page PDF of the actual standard can be downloaded from this page:

http://www.nerc.com/_layouts/PrintStandard.aspx?standardnumber=CIP-014-2&title=Physical%20Security

A lot of other NERC standards relating to Critical Infrastructure Protection, and to Emergency Preparedness and Operations, among other areas, can be found at this page:

http://www.nerc.com/pa/Stand/Pages/ReliabilityStandardsUnitedStates.aspx?jurisdiction=United%20States

Looking through these, it's good to see that grid operators are increasingly required to do real planning to address security risks of various sorts. The ones I browsed seem to be about process and reporting, rather than directing specific steps such as "put sloped chain link fences over substations to protect against grenades and Molotov cocktails." Of course, as you implied, all the document-writing in the world does no good if a brittle system doesn't get its real-world resilience fixed.

Gerard van VoorenApril 10, 2016 8:48 AM

@ Clive Robinson,

"As far as it goes, Albert is right to say that it's the generator set onwards that is easier to sabotage than the reactor."

All I want to say about it is that "talking from the underbelly" without solid references / proofs makes me a bit nervous especially when it comes to security.

About the molten salt reactors, I certainly hope they are being fueled with nuclear waste first.

albertApril 10, 2016 11:57 AM

@Gerard,
I'm not a nuclear power plant expert, but I've been studying them since Three Mile Island. I've also worked in fossil-fuel(FF) plants. I would guess that there are hundreds of potential points of failure (PPFs) in a conventional plant, and possibly hundreds more in a nuclear one. Obviously, I wouldn't give you specific examples, or even possibilities.

Non-destructive shutdown of a FF plant would be an annoyance, and in most cases a restart is routine. Restarting a nuclear plant is more complex and takes longer.

I guess, for the public: nuclear == scary, be afraid, very afraid. Fear is useful for population control, but doesn't directly translate into critical infrastructure improvements. The need for such improvements is already well known among utility providers. Now that terrorism has become a motivating factor, let's hope that we'll see some progress in that area.

.............

@Mike,
Thanks for the link. A dirty bomb is more dangerous than a few AK-47s.

@Everyone,
Thanks for your rational and thoughtful comments.
. .. . .. --- ....

prank call vandalism tricks workers into breaking windowsApril 10, 2016 12:06 PM

Sort of security related:

A Twin Cities fast food chain is the latest victim of a prank playing out around the nation.

Employees busted out all the windows of a Burger King in Coon Rapids because they believed a prank caller.

According to Coon Rapids police, the caller pretended to be with the fire department and essentially had the workers fearing for their safety.

The caller told the manager they detected dangerous levels of gas and workers had to keep the building from exploding.

http://minnesota.cbslocal.com/2016/04/10/4-things-prank-stamp-prices/

PetterApril 10, 2016 12:25 PM

The Swedish system called BankID is a citizen identification solution that allows companies, banks and governments agencies to authenticate and conclude agreements with individuals over the Internet.

This system have been around for quite some time now but last week or so they released an update for their iOS app with support for Touch ID.

This means you, with a finger, can authenticate, transfer money, do your taxes or manage other financial or legal matters very easy.
You enable it by launching the app, type your code and enable the Touch ID usage.

When this is done, you also open up a fully passive way of borough ones identity, money and correspondence with government and banks etc by simply holding ones iPhone against the finger.

I wonder if any bank, police etc would believe you when you state someone used your ID while you were asleep.

Allowing passive authentication systems are bad.

CallMeLateForSupperApril 10, 2016 1:27 PM

Another story about LinkNYC, New York City's free, public WiFi.

"The tremendous ambitions behind New York City’s free WiFi"
https://www.washingtonpost.com/news/the-switch/wp/2016/04/08/the-tremendous-ambitions-behind-new-york-citys-free-wifi/

The following particularly claimed my attention. Last month the ACLU surfaced this concern:
"The sheer volume of information gathered by this powerful network will create a massive database of information that will present attractive opportunities for hackers"

Apparently in response, Jen Hensley, LinkNYC's general manager, said this: "LinkNYC does not collect or store any data on users’ personal web browsing on their own devices.'

I think Hensley's statement is very wobbly.

DanApril 10, 2016 3:09 PM

@Dianne Fraudstein,
The lawmakers are looking at it wrong. With cryptosystems that use 256 bit keys, there is nothing preventing acess to intelligible data, if you do work with an upper bound of O(2^256). If you do that many trial decryptions, you are guaranteed to get the plainext. If the law enforcement can't do that much work, that is their problem.

mozApril 10, 2016 3:15 PM

@Clive

We have seen this already with manipulation of HTML pages to make ordinary porn look like kiddie porn etc.

Could you provide a citation/link for that please.

"Not Whittingly"April 10, 2016 3:19 PM

@CallMeLateForSupper

She is of course using the special NSA dictionary, which means she can simply redefine any of the words in that statement and claim she never lied, if she's ever proven wrong... For example, I think "do not collect" has already been redefined as "collect it all, just don't actually quite read all of it with physical human eyes"

albertApril 10, 2016 3:37 PM

@prank call,

How many Burger King managers does it take to change a light bulb?

. .. . .. --- ....

SimonApril 10, 2016 3:47 PM

Copied from the source. I am not the author.

-------------------------------------------

Mr. Comey,

Sir, you may not know me, but I’ve impacted your agency for the better. For several years, I have been assisting law enforcement as a private citizen, including the Federal Bureau of Investigation, since the advent of the iPhone. I designed the original forensics tools and methods that were used to access content on iPhones, which were eventually validated by NIST/NIJ and ingested by FBI for internal use into your own version of my tools. Prior to that, FBI issued a major deviation allowing my tools to be used without validation, due to the critical need to collect evidence on iPhones. They were later the foundation for virtually every commercial forensics tool to make it to market at the time. I’ve supported thousands of agencies worldwide for several years, trained our state, federal, and military in iOS forensics, assisted hands-on in numerous high-profile cases, and invested thousands of hours of continued research and development for a suite of tools I provided at no cost – for the purpose of helping to solve crimes. I’ve received letters from a former lab director at FBI’s RCFL, DOJ, NASA OIG, and other agencies citing numerous cases that my tools have been used to help solve. I’ve done what I can to serve my country, and asked for little in return.

First let me say that I am glad FBI has found a way to get into Syed Farook’s iPhone 5c. Having assisted with many cases, I understand from firsthand experience what you are up against, and have enormous respect for what your agency does, as well as others like it. Often times it is that one finger that stops the entire dam from breaking. I would have been glad to assist your agency with this device, and even reached out to my contacts at FBI with a method I’ve since demonstrated in a proof-of-concept. Unfortunately, in spite of my past assistance, FBI lawyers prevented any meetings from occurring. But nonetheless, I am glad someone has been able to reach you with a viable solution.

In spite of my careful vetting of personnel, over time, my own forensics tools had began to trickle out (leak) into first the forensics community, and then to private commercial forensics companies who reverse engineered them and ingested them into their own commercial products. Inside law enforcement, I’ve heard of a number of questionable uses of my forensics tools to do everything from accessing subjects’ devices without a warrant, to accessing devices of girlfriends of officers. Forensics tools like the one the FBI is in possession of are extremely powerful, and in spite of even your best efforts, sir, my experience suggests that yours will no doubt be used for questionable uses just as mine were. I urge you to take appropriate steps to protect this new tool under the strictest use guidelines, even requiring an audit trail for every single use of it to prevent abuse. I do not recommend releasing it outside of the FBI, but rather recommend that the FBI maintain control of this tool when providing any assistance to outside law enforcement agencies.

I am glad that you were able to find a private company to provide material assistance, rather than the alternative – Apple being compelled to redesign their operating system. I do understand, however, that this issue is likely to be raised again with Apple. My experience in this field leads me to numerous concerns about both the direction this case was originally going, as well as concerns about where the FBI stands now with access to an exploitation technique for iOS devices. Here, I would like to share my technical concerns, as I’m sure you’ve no doubt heard all of the philosophical ones.

Across the span of my research of the iOS operating system, I’ve found many very bright and talented communities of individuals who share ideas and collaborate on vulnerability research. Often times, it takes a team of people to come up with solutions like the one you’ve acquired for the 5c. Many different individuals often wind up analyzing the same security boundaries on a device, only to find that their research has overlapped, and then collaborate to find ways to exploit it. Add to this the constant threat of intellectual property theft, a common occurrence among the forensics industry, and other less honest motivations in vulnerability research. The result is that an often-unsavory collection of third parties will race to exploit the same weaknesses. My point is this: One way or another, someone else always finds out about a vulnerability and exploits it.

What has been made painfully apparent to me for nearly the past decade in this field is that keeping an exploit secret is not possible, no matter how good an agency or corporation may be at keeping secrets – because an exploit is merely a dotted line on a blueprint. Mere knowledge of the general parameters of a vulnerability – even just the details of the device’s condition in this case – has been enough for security researchers to know exactly what security boundaries to start looking at, and they can do so now with the confidence that there is a known, exploitable vulnerability. One does not need to steal any exploit code in order to take advantage of a vulnerability; they only need to find the vulnerability; the way in already exists until it is closed. In spite of the picture that Hollywood paints, the list of potential security boundaries is quite narrow, especially given the details of this case.

The same is true of the software the FBI was trying to compel Apple to create. The FBI argued that Apple could contain such a technology, using a digital leash, however it is the mere existence of a vulnerable design, and not the leash, that poses the greatest technological risk. Consider that the security “switches” and what they were connected to would have been the core target of hackers. At present, these “switches” don’t exist to disable the security mechanisms FBI described, which makes them exponentially harder to attack.

To use a less technical analogy, consider a home alarm system. There is no question that many savvy thieves know how to disable one of these, and all of them know to attack the alarm box: the central security mechanism. A key protects this box; much like Apple’s code signing protects code execution. As you can imagine, picking Apple’s code signing has historically been as easy as picking the lock on this alarm box, and the FBI’s new exploit is likely just one more proof of that. What the tool doesn’t have, however, and why the tool doesn’t work on newer devices, is a conduit into the alarm box on newer devices (the Secure Enclave) to disable the security inside of it. Apple’s alarm box is buried under six feet of concrete, to prevent the common thief from being able to simply shut the alarm off.

I know the software the FBI asked Apple to create because I’ve created it for FBI (and for others) in the past. My forensics tools did virtually the same thing that FBI tried to compel Apple to do, and I’ve often wondered if FBI got the concept from one of my books on the subject. The success of hackers, in fact, is the primary reason that Apple has buried their alarm box in concrete on newer devices. In order for Apple to comply with the FBI’s order, they would have to drill a conduit and wires down to this alarm box for the FBI to be able to deactivate these mechanisms that they’re now protecting much better than they used to. It is this conduit, and not the tool itself, that poses the greatest security threat to public safety. If Apple is ever compelled to comply with such an order, that conduit will exist on every device manufactured, whether it is ever used or not.

Even if Apple were able to protect their own copy of “FBiOS” from getting out, and did a better job than Coke did protecting their recipe (which was stolen once, then offered to Pepsi), the mere design demands that are implied in building a tool like this would force every iPhone (not just those running FBiOS) to suffer a great security risk to public safety. After nine years and billions of R&D dollars, the FBI has demonstrated that there are still third parties capable of breaking at least some of the locks on Apple’s latest operating system (and in record time). If one company can find them, then criminal hackers, nation states hackers, and others can certainly find and tap into that conduit as well. This puts everyone at risk – you, me, the President, and everyone else using an iOS device.

Digital security is crucial to not only digital privacy, but also to physical safety. As one example, consider the iCloud celebrity leaks from two years ago. Not only were women victimized in the most intimate way, but the EXIF data analyzed revealed that many high profile women’s GPS history – their homes, boyfriends’ homes, frequented locations, etc., were also exposed, making stalking, sexual assault, or other violent crimes possible simply by means of one instance of digital theft.

Given that it’s only a matter of time before a criminal finds the blueprint to this vulnerability, I urge you to consider briefing Apple of the tool and techniques used to access Syed Farook’s device. While the part of the tool that brute forces a PIN does not seem to work on newer devices, the locks that it picks in order to get past the front door most certainly can be vulnerabilities that carry over into newer devices. Depending on the nature of these components of the solution, criminals or nation states could take advantage of them to install malware, spyware, ransomware, or to infect a target by other means. Individual components of this tool may be very dangerous to millions of Americans, even if the solution as a whole is not viable.

In our nation’s continuing discussion about the force of the All Writs Act, I also urge you to take these technical issues I’ve raised into consideration as well. Compelling Apple to design a specific version of their operating system to defeat security will no doubt have the side effect of compromising the overall design of their latest technology, and will open up design flaws and weakness to any third party to attack their devices, even if such a tool is never leaked. There is a way in which Apple can design their devices to be unhackable – even by them. Please let them do this, for the security and safety of our country. Otherwise, you may end up solving some crimes, but will inevitably engender others. What may help provide background on a murder or kidnapping will undoubtedly also create the opportunity for identity theft, cyber stalking, and even potentially murder as well. The nation’s debate about privacy is a double-edged sword.

Sincerely,

Jonathan Zdziarski


http://www.zdziarski.com/blog/?p=6043

rApril 10, 2016 3:54 PM

@albert,

I'm sure you already know this but I'm going to say it anyways...

With every design iteration the level of failsafe/failover and redundancy increases in each respective nuclear plant and each generation of design. Now, I'm not sure of the average or expected operating lifetime of any of the respective variations: but I believe many current and proposed projects are what? All gen3 and gen4?
With gen1 and "piles" being decommissioned and gen2's currently reaching EOL?

Nuclear is an on going venture, whereas fossil fuel plants in my mind other than in States like the US for the most part are prolly somewhat design stagnant. You would obviously know far more than me, and this is just a statement of opinion and wiki based observation.

My point is, points of failure for nuclear are exactly what has to be located long before implementation during the design phase... Lessons from Fukushima aside.

rApril 10, 2016 3:55 PM

To clarify, being decommissioned should be read as having already been decommissioned.

WhiskersInMenloApril 10, 2016 4:06 PM

Regarding security, process and theater all.

When enough is enough?
When doing all that you can do is wrong?
When one word evokes incorrect responses education and more must begin.

Listen and substitute terror when she says cancer.

Ponder what happens when a word gets crafted into law and then more is learned.

In this Commonwealth Club talk an oncologist
discusses and wrestles with a question that also
applies to and impacts security, defense and governance.

https://www.commonwealthclub.org/events/2016-04-05/making-better-decisions-about-breast-cancer
http://audio.commonwealthclub.org/audio/podcast/cc_20160405_Breast_Cancer.mp3
I wish it was shorter..

65535April 10, 2016 4:25 PM

@ Dan

“I don't think that DFP is that useful against smart defenders (it would be very useful normally, but not necessarily for its "intended" purpose). People can buy a Raspberry Pi computer for $35… It would be very cheap to use a several single-board computers to defend against DFP. Raspberry Pis(plural form?), and similar single-board computers, are also useful because you can effectively switch computers by switching SD cards…”

I agree with you. It certainly is not helpful to my clients. Further I bet that some smart hacker will learn how to copy DFP and impersonate a Tax preparer to commit fraud [somewhat like the SSL/TLS forging/stripping by hackers].

Your Rasberry Pi “min-Tor/firewall” idea looks to have merit. I will look into it.

“You could probably have the air-gapped computer and the networked computer be the same physical hardware.”

I assume your talking VMware or Virtual Box where you have internet access one VM and deny internet access on the other via virtual switches – kind of a Proxy? That is interesting.

The Lacert and Intuit Pro series need internet access to run properly, they are always internet connect as I understand [Any tax accountants out their to verify if this is true?].

So the air gapping of the tax machine is a non-starter unless the air gapped box has a proxy in front of it – and does communicate with the proxy and eventually the internet… somewhat defeating the air gapped machine.

Those are some interesting ideas.

@ Wael

“None taken. I'm not that sensitive, don't worry.”

Good.

“A balance has to be struck between fraud and privacy…”

Yes, it always does. But, IRS ID fingerprint solution is not the best balance.

Clive RobinsonApril 10, 2016 4:51 PM

@ Moz,

Could you provide a citation/link for that please

Look into Duncan Campbell's investigation of the UK Operation Ore, which resulted from mainly false evidence provided by the FBI from their Operation Avalanche into the Adult Porn Gateway run by Lanslide.

Basicaly the FBI supplied evidence that the Landslide front page had a link for child porn and a mockup page demonstrating it which was shown to judges. As Duncan Campbell found out it did not nor did it ever. The only link that could be found was in an advert within an affiliates page deep down in the site. Further two LEOs provided sworn testimony that it was on the front page which means that in all probability they had purjured themselves.

You can find the LEOs names on the Wiki page for operation Avalanche and you can follow various links to get other information.

Clive RobinsonApril 10, 2016 5:13 PM

@ Albert,

How many Burger King managers does it take to change a light bulb?

Answer :- None, that's what they get buger flippers to do when they are also cleaning the toilets between flips.

The last time I ate a Burger King burger was at Waterloo mainline station in London. The guy operating the fryer chased a pigeon out of the food preperation area and it flew close to me. Four hours later I went down with realy nasty food poisoning and ended up in A&E (ER for US readers) and was admitted to the hospital and put on IV fluids and IV antibiotics and spent nearly a week in there before they moved me over to day patient to compleate the course of IV and injected meds. As I was later told one of the antibiotics I was given was the penultimate one of last resort. Unfortunatly I've also ended up on life long prophylactic antibiotics due to damage to my immune system... This was not a case of "What does not kill me makes me stronger".

Unsuprisingly I've never since crossed the threashold of a Burger King in the UK, nor do I have any intention of in the UK or anywhere else in the world for that matter...

rApril 10, 2016 6:31 PM

@clive,

A little league coach who's a friend of mine ratted out a McDonald's maintenance worker who took a crap, didn't wash his hands and proceeded to return from break and hand a customer a large soft drink out... He was sent home, still has his job though.

Dirk PraetApril 10, 2016 6:35 PM

@ Thomas_H, @ Clive, @ Gerard Van Vooren, @ albert

Considering the state of some of Belgium's nuclear power plants the chance that one of them melts down without IS assistance likely is larger than that of a terror attack on them.

You are unfortunately quite right, and it's a scenario many people in Belgium are very worried about. Our nuclear plants are really old and many of them should have been closed if it weren't for the mob-like blackmail tactics of monopolist electricity producer Electrabel.

Despite a government decision in 2003 to abandon nuclear energy altogether, it was reversed by subsequent governments under pressure of French holding company GDF-Suez so three plants could remain open until at least 2025 in order to avoid general electricity shortages. Electrabel/GDF-Suez played it really dirty by refusing to invest in new power plants and alternative technologies, instead hanging on to cheap nuclear power from their decades-old plants as to keep competitors off the market. Quite some people believe that several malfunctions that lead to the powering down of several of these plants were actually staged by Electrabel itself to increase the pressure on the Belgian government to extend their lifespan. Permanently taking them off-line without any viable alternatives would cause country-wide black-outs during winter, and a very unhappy electorate.

The sheer incompetence of both current and previous Belgian administrations is beyond astounding. On top of failing to reign in Electrabel for decades, previous ministers succeeded in creating a multi billion euro debt with a horribly ill-conceived subsidy plan to promote green energy, but which proved an abysmal failure and resulted in a steep extra tax on electricity, paid in full by consumers. To which Electrabel added yet another price hike in distribution charges, net result of which is an almost 50% increase in electricity cost compared to a few years ago.

In essence: the complete failure of successive Belgian governments to come up with a decent renewable energy policy and to break open the market has left the country heavily dependent on nuclear energy from one supplier and imports from abroad. Nobody is feeling comfortable with the continuing reports of failures and power-downs at these old plants, and many fear that it is just a matter of time before something goes really wrong there. And for which there is of course no serious contingency or disaster plan in place either.

Some Guy Who's Been ThereApril 10, 2016 7:25 PM

@Mike Bardo

I am deeply familiar with the NERC CIP Reliability Standards. In general, most of the industry does the right thing. We have managed to at least drive extremely basic security into the Bulk Electric System.

We still have a ways to go. The Investor Owned Utilities generally have overall cyber security programs. The municipals and coops are especially challenged as they have fewer resources.

The industry's biggest strength is that it gives a damn about security Besides electric only nuclear has regulatory cyber and physical security standards out of the 16 Critical Infrastructure sectors. There is an international drill, GridEx, in odd years to simulate a coordinated attack across the grid. See the recent GridEx 3 report. There is high cooperation between the electricity sub-sector and the US and Canadian government regarding security. Finally, the industry's Critical Infrastructure Protection Committee is extremely active averaging 100+ attendees at every quarterly meeting.

There is significant industry involvement in writing and enforcing standards. This is both a strength and weakness. The standards process is too slow to react to rapidly changing environments. Adding in pressure from FERC to pass a standard for risk assessment (CIP-002) that stunk has made the current version a nightmare. See the Tom Alrich blog for detailed analysis here. Throw in more and more NIST reacting to Executive Orders, and it gets way out of focus.

Yes I'm there and I'm biased. Grid cyber security isn't there yet, but it matters. We can never be 100% secure. But we can be prepared to respond and recover. And that is as much about grid resilience as security. This is Bulk Electric System only 100 kV+. No distribution as that is state regulated. No smart grid.

DanApril 10, 2016 8:48 PM

@65535,
I mean that all the software is on the SD card. If you swap the SD card out, it effectively becomes a totally different computer. If a attacker compromises the operating system on one SD card, all the user has to do is plug in a different SD card that isn't compromised. This is a cool security feature of single-board computers that isn't present in regular computers.

FigureitoutApril 11, 2016 12:16 AM

Clive Robinson RE: emacs on android
--Doesn't it have a bunch of hot keys? How would that work, a keypad on a smartphone takes up half of a small screen already...way annoying to use hot keys on a smartphone.

Best thing is probably post code on github and just use smartphone to review code. Ideally the code space would be a square w/ nice scrolling x and y directions, that's all you need. Smartphone vendors already have nice scroll algorithms that lock on and really adjust to your finger scrolling.

One thing I noticed is that you just disable internet to not get ads on apps worth installing, guess a lot of them need easy network access to serve adds. Better than having prepaid ads loaded in the binary to serve no matter what...

And I'm not a big Apple fan but their ipads are pretty good, bigger screen, you have to have the case thing you can prop it up that's simple and reliable, w/o that case the ipad is worse than a smartphone.

#dead#
--You have to define "turned off" and what "mesh network" program you're talking about, b/c if completely "turned off" then it should also reject power injected into circuits to turn it on for a blip (probably simplest implementation is jumpers b/w important components), if it has a coincell battery that turns off whenever AC power is on, it could probably survive for...conservative guess of 5-6 years, sleep modes these days are very low. But it is within commericial capability to sit around wait for an RF command for up to 10 years, but very obvious to do it reliably.

Put a shield around it, have you tried that yet?

when m4m nsa means: mute 4 mute - no sounds attached!April 11, 2016 1:06 AM

"MAKE AMERICA GREAT AGAIN" is an anagram of:

Emaciate Rainmaker Gaga

Make of that what you will.

Clive RobinsonApril 11, 2016 2:25 AM

@ Dirk Praet, albert, Gerard van Vooren, Thomas_H and all other EU readers.

Electrabel/GDF-Suez played it really dirty by refusing to invest in new power plants and alternative technologies, instead hanging on to cheap...

In the UK we are in the process of shutting down 9GW of "coal fired" capacity with no replacment. The UK Government wanted to build new nukes twenty years ago but the process was drawn out by bureaucracy etc much of which was caused by Maggie Thatcher "deregulating the energy market" back in the 80's. A big chunk of which became under the control of a French Government shared/run organisation called "EDF" in the UK, for which there is clear evidence they illegaly --under EU regulation-- cross subsidize the French consumers.

Well after a series of dirty tactics which I won't bother to list because it would take forever to type in. The bids to build the new nuclear stations fell to EDF and with Chinese money. They wanted and got a massive "sweethart deal" with guarentees that they would get a significant multiple of base unit pricing... And just a few weeks ago EDF decided to pull out of the deal as it was to risky for the French... But importantly not long after the UK changed it's biding process for "feed in" at high usage times (ie when the wind is not blowing, the sky is cloudy and we are at slack tide etc).

So in the UK we are now looking around for new emergancy supply... Which will fall to old inefficient and therefor cheap inefficient and potentialy dangerous gas stations and killer Diesel plant which may well double the UK's current 40,000 early deaths each year caused by diesel combustion products...

The question then is where the feed stock of gas and oil comes from, which means the UK is going to become a hostage to another probably unfriendly Government. But of course there are the underlying issues of the EU energy market to consider that would realy bite very hard if the UK left the EU via Brexit.

All of this is not helped by the UK Chancellor "white lines" George "Gidiot" Osbourn who has a "Madam Butterfly" complex and want's to sell as much of the UK as possible to China...(a real life Manchurian Candidate perhaps?). Oh his supposed "Coke" habit has even been joked about in Parliment when it was live broadcast for the recent budget debate. Gidiot has decided that "sugar laiden fizzy drinks" such as a well known brand of cola are the main cause of obease children. So he has only singled out the fizzy drinks companies for his new "sugar tax"[1]. It prompted one MP to ask the smug looking Gidiot during the budget debate if the "new sugar tax would help the Chancellor curb his own coke habit"... He was, not as smug looking and the broadcast director quickly switched to a different camera, where unfortunatly was an over head shot of the government front benches, where Theresa May was sitting leaning forward with a very low cut red top and those watching were treated to a view that will haunt many of us for years to come... Now I appreciate this might be TMI but to use another Americanism "Naaastee".

[1] There may be another reason for "only fizzy drinks" but it would take to long to go through. Anyway as it currently is the "sugar tax" will not make fat people slim.

Clive RobinsonApril 11, 2016 2:42 AM

@ Dan, 65535,

I mean that all the software is on the SD card. If you swap the SD card out, it effectively becomes a totally different computer.

Unfortunately that will probably not work. The type of fingerprinting mentioned is similar to that used for "software licensing" which usually is based on what is on the motherboard and IO electronics, swapping a storage device will not realy change the fingerprint.

The way to change it is to replace or override the electronic numbers. This could be done by swapping out IO boards, but probably enough of the mainboard numbers will remain to keep the fingerprint working. The other way is to identify how the application gets at the electronics numbers, which will probably be one of many routes through the OS. Which means you need a "selective shim" between the App and the OS, that recognizes the App and changes appropriately (which may well cause other issues).

Clive RobinsonApril 11, 2016 4:21 AM

@ Figureitout,

RE: emacs on android --Doesn't it have a bunch of hot keys? How would that work...

I'm not entirely sure, but those who have done it have loaded a "programmers keyboard" or use a BT external keyboard (I've a roll up rubber one that I sometimes use with this phone and a stand for the phone, okay on a flat surface like a pull down table but not when "strap hanging" which I do rather more of).

The basic Termux keyboard uses the volume control if you push it down and press a letter it gives you the ctrl equivalent, push it up and it gives other missing keys like Tab etc. As I'm left handed I can do this easily with my right thumb on a phone, but it would be a pain on some larger devices.

On chatting with my son he's decided it's a good idea and put Termux on his phone last night, along with nano and python (for doing school work at lunch break etc, as you can not get on the library computers). I'll keep an eye on how he progresses with it.

Which if it works well might persuade me to "upgrade" this phone for a new one.

As I said I'm an Old Timer, with not only the whiskers to prove if but a fondness for WordStar and still use it on an 8086 640K RAM two floppy --lugable-- portable computer. Also on several other very old 486 systems I use as multi serial port terminals with development boards (the term program has a built in editor that uses the WordStar keying). Did you ever use Borlands SideKick or AutoDesq DesqView, they could do task switching. SideKick was a Terminate and Stay Resident (TSR) PIM which could keep several tasks in memory on a 486, DesqView could also "swap" to disk. I ended up writing my own task switching and swapping TSR to take advantage of "extended paged memory", and it still shuffels along to this day (though I never did get IPC memory pipes working). I won't say "Happy days" but it did give me a lot of extra productivity.

Although I can and do use it I never liked vi (OK so flame me already ;-) prefering to use sed/ed (for that real old "KSR" TTY teleprinter experience, not that "new fangled" CLI experience).

My VGA terminal usage habit in *nix has caused comment/anoyance in younger --ie most-- colleagues who want IDEs and multiple Xterms on a desktop where they can see them.

As for working at one place back when 486's and MessDross and Windoze were the engineering mainstay, and the emulator board head end software wanted MS-DOS all to it's self, engineers would end up with three or four PCs on their bench and fighting each other to get another one when not doing the sneekernet thing... When the place got burgled and nearly all the computers stolen, they were quite supprised when I brought in a 486 with an IEEE controler, eight port serial card and Unix with DosMerge from my "home lab" and sat there using six emulator boards a printer, a plotter and VT220 terminal, pulling up scope traces etc from the commfort of my desk or work bench and importantly not getting back ache from working on several keyboards and VGA displays all at different hights... I heard both the "Real Men don't..." and "Snot Fair" comments from envious colleagues, who had slipping project dead lines, even though I had brought in a couple of other computers to help fill the emergancy gap caused by the theft...

Clive RobinsonApril 11, 2016 4:46 AM

@ Thoth,

GCHQ helps J.K.Rowling (author of Harry Potter) to detect leaks of new books on the Internet.

What a "wizard idea" not...

Maybe they are desperately trying to raise their public profile... Especially after the "Body in a bag in a bath" episode of "was he off'd" by a government.

GCHQ have a real image crisis with most technicaly able people under fourty, which is all of their own making. Further poor pay and conditions compared to the private sector realy don't help either, especialy when they say "good pension package" whilst the UK Treasury are "down sizing" the Civil Service and slashing public sector pensions every which way they can it is at best a hollow promise bordering on a sick joke.

But GCHQ culture especialy at the top needs a serious re-work if they want to get the young tallent they so desperately need.

So maybe they are trying for the old religious trick of "indoctrinate the child, and you have their soul for life"... One trick they are trying in this line is giving A-level age children 250GBP/week to attend "summer school" to learn Cyber-Security...

Any way you can read more about GCHQ's recruiting problems at,

http://www.theregister.co.uk/2016/04/08/gchq_facing_difficulties_in_meeting_osbornes_2020_recruitment_target/

Richard HApril 11, 2016 5:41 AM

@Daniel

(I'm thinking here of the way noise canceling headphones work)

I don't think they work the way you think they work...
In order to cancel the noise, they first need to know what the signal is. Then the difference between what their internal microphone observes and the required signal is the noise they have to cancel. This could be implemented as a classic op-amp circuit with the microphone output added to the negative-feedback loop.

It doesn't work if you don't already know what the signal should be.

GentooAndroidApril 11, 2016 6:17 AM

@Clive Robinson, @Bytopia, about vim on Android:

I use vim on android. I uploaded my outdated version on gentooandroid.sf.net; it also contains Gentoo's FOSS environment, able to build emacs ; you might also want to try vim from the Google app "Terminal IDE".

When standing, I prefer to use the Keymonk app from Google Play. I mainly use it to write SMSs, and also on vim. I type faster using two thumbs on Keymonk than with the CelluOn bluetooth projecting a laser keyboard. That CelluOn was not worth buying, except to impress people. I will start to use the first voice-to-speech App in which I can order, orally, to delete a word (didn't found any as of today).

When standing and dealing with grocery lists, I only use the micro keyboard of bVNC (from Google Play), featuring only arrows, tab, Esc and modifiers. In this case, my vim session maps "tab" to "delete current line" [meaning "got that item in my basket"].

When on a chair, I deploy a USB-OTG adapter and a Scissors mini keyboard (30 seconds needed to deploy, 30 more to pack back), and also, often, an external screen (Padfone-2). I remapped it with `x11vnc -remap` so that shift, control and Alt are done with my thumbs. I have downloaded on Google Play a remappable keyboard (to write SMSs, ...) but did not have the time to try it.

99% of the time, I am using the vim on my phone from a distant computer, using SSH.

ThothApril 11, 2016 7:26 AM

@Clive Robinson
That is a nice little advertisement trick instead of those old boring ads with military or some terror theme that sounds like they are trying to sell some really bad insurance of sorts.

WaelApril 11, 2016 8:59 AM

@Clive Robinson,

I've a roll up rubber.

Good heavens, man. I'm shocked it has come down to this!

I sometimes use with this phone

goddamn!

Dirk PraetApril 11, 2016 9:42 AM

@ Clive

A big chunk of which became under the control of a French Government shared/run organisation called "EDF" in the UK, for which there is clear evidence they illegaly --under EU regulation-- cross subsidize the French consumers.

EDF (Electricité de France) is GDF's (Gas de France) sister company. They were both created by the French government in the aftermath of WWII. GDF merged with Suez in 2008 to become GDF Suez, the world's second-largest utility group. In April 2015, they changed their name to Engie.

In the UK, EDF Energy - wholly owned by EDF - operates two coal-fired power stations, two wind farms and eight nuclear power stations. They generate a bout 20% of British electricity. About ten years ago, Electrabel controlled no less than 95% of all domestic power generation and distribution in Belgium.

FigureitoutApril 11, 2016 10:40 AM

Clive Robinson
--Ah, yeah I want one of those for my raspi. I definitely would not want to code on that much though, hunched over squinting at a tiny screen w/ a tiny keyboard, mashing the wrong button every 5th keypress lol...you can't beat the keyboard (it won't be beaten, besides just "thinking" the code to the screen).

And yeah I guess I'm one of those "youngins" that likes coding in an IDE (besides trivial things I try, for that you can't beat vim and a terminal and gcc), as long as it's not too irritating (I refuse doing online IDE's, no. Everything doesn't have to be in browser.). I wouldn't be hating nor care as long as the job got done. I gotta have my mouse scroll (not sure you have that in terminal), one feature in Atmel studio I really like is right clicking a function and then going straight to it, especially when the code gets a little large. Or seeing references of it, thru out whole project.

And I generally like at least 2 PCs to dev on (it's easiest for receiver/transmitter projects), ideally I do all my surfing on one, then code on the other. But yeah the mess on the desk gets too much sometimes and I gotta clean it up, I've learned my lesson shorting out boards etc.

Clive RobinsonApril 11, 2016 10:45 AM

@ gentooandroid,

Thanks for the reply, I was thinking about Terminal IDE a little while ago but... It's only Android 4 capable and does nit look like it's had much love recently.

You say "I use vim on android. I uploaded my outdated version..." how old? I noticed that the site looks like it had love at the end of last year so is more recent than some.

I'll have a look at the alternative keyboards, I'll see if they are available outside of Google play first (as it hates the way I've set this phone up to stop them "being evil").

My son has been playing with Termix today with nano and python IDLE and appears happy (at least as much as you can tell with a teenager ;-)

It looks like you can also have Linux beside/under Android as well with a number of newer FOSS projects. Which I might do if I upgrade to one of the snazzier quad core phones... Choices Choices the devil is in the choices ;-)

@ Wael,

Hmm sometimes your scatter brains behave more like brains scattered, have you been singing "Opps up side yer head" at a party or something over the weekend?

rApril 11, 2016 11:46 AM

@clive,

PIM...?

Programmers interface module?
Program in memory?
I know what a TSR is... Unless I'm missing something in my lookaside buffer - I don't believe I've seen that acro before.

Thanks ahead of time.

albertApril 11, 2016 11:51 AM

@Clive,

Sorry to hear about your BK experience. Fast food can be like Russian roulette for sensitive folks.

@ Everyone Re: nuclear plant issues,

The nuclear power issues seem to be similar in all countries, which is not at all surprising. We (US) have plants operating which should have been shut down years ago. Do we know all the effects of high radiation to reactors over decades of operation? I think not. Would SOTA reactor design have saved Fukushima? Not if the emergency generators were still underground. Operator error caused Chernobyl and Three Mile Island event was exacerbated by operator error.

Given the billions of dollars paid for a nuclear plant with all the subsidies (not on the balance sheets), and the 'kick the can down the road' waste disposal pseudo-plans, wouldn't it be cheaper to build a coal/oil/gas plant, filter everything and sequester the CO2? With NPPs providing only about 10% of the worlds energy, isn't it time to switch to renewables?

. .. . .. --- ....

Clive RobinsonApril 11, 2016 3:19 PM

@ r,

PIM...?

Personal Information Manager.

Borland SideKick was rather more than just a task switcher, it also loaded in a calander, address book, diary and meeting schedular and note taking at the touch of the right key combination. And a few more things besides if my jaded old memory serves (if not it's bound to be on Wiki somewhere).

All rise for ShitheadApril 11, 2016 3:37 PM

Dumbshit Seattle cop Daljit Gill pretends to be even stupider than he is so he can raid a Tor exit node run by local human rights defenders. Gill's sworn affadavit omits and conceals the Tor exit node's public listing.

https://www.seattleprivacy.org/affidavits-and-warrants-from-case-no-16-164/

Dumbshit superior court judge Ken Schubert falls for it. Third-tier toilet local law school produces barely-qualified hack - who woulda thunk it?

DanApril 11, 2016 6:32 PM

@Clive Robinson,
It probably wouldn't protect against fingerprinting. To stop fingerprinting, you would need some kind of browser plugin that stops the sending of information that isn't absolutely necessary (Why does the javascript need to know what operating system is running? Isn't the whole point of a browser to remove any dependancies on OS? Pretty much all of the web standards(in addition to a lot of other important standards, such as airport design standards) need to be redesigned with security in mind. I have played games where the game does a different thing if the game is already running in a different window.). Being able to quickly switch between multiple independent copies of the system is a good security feature in general (Although you could just spend another $35 and get a second one. The Raspberry Pi brand is cheap). This makes a good security argument for getting a Raspberry Pi (or another single-board computer).

AnuraApril 11, 2016 6:43 PM

@Clive Robinson

I've never had food poisoning from fast food, but my dad had Food Poisoning from Jack in the Box twice, once before I was born, and once when I was a toddler, and then he never ate there again. That's pretty much the only fast food place I never ate at growing up. It's now the only fast food place that's open after 1am here, so I eat there occasionally and I honestly cannot say that I missed out on anything - it's edible, but everything on their menu, from the fries to the burgers to the chicken sandwiches just tastes... off. Maybe it's because I'm going at 2am-3am, but I'll take Burger King over them any day.

I miss working next to FatBurger :(

BillApril 11, 2016 6:47 PM

@Dan

"Why does the javascript need to know what operating system is running? Isn't the whole point of a browser to remove any dependancies on OS?"

Because, young whippersnapper, way back in the olden days browsers behaved completely different on different platforms. They were never originally designed to remove all differences between what browser and OS you were running. In fact quite the opposite, they were competing with each other in trying to differentiate between each other to outdo each other with new features (i.e. Netscape vs MSIE)... So you needed that info to alter your web page to make it work on different browsers and platforms and versions of each!

"Pretty much all of the web standards need to be redesigned with security in mind."

This! Oh please somebody do this!

DanApril 11, 2016 6:55 PM

I have an interesting idea for makeshift tamper-resistance: Have a light sensor set up to trigger a relay when it detects light. Have the relay set to connect one of these (or several, if you really want some fun) across the 5-volt power bus on a desktop computer. Make the whole thing powered by a battery. Make sure to set up a arm-disarm function(maybe using a custom USB or PCI device) if you ever want to open it again. Put your little device in the computer you want to protect, close the case, then arm it. "Do you want the hard drive? Just open it up. Opps! the computer is on fire now. I hope you didn't want any data that was on it. Better luck next time". (Use full-disk encryption and store the key in the non-volatile memory, encrypted by the Trusted Platform Module). How well would this work?

DanApril 11, 2016 7:18 PM

@Bill,
Unfortunately, it is pretty unlikely that any organization would actually redesign the standards. If someone does, it would be hard to get other people to adopt it. I still really wish someone would do it.

WaelApril 11, 2016 10:15 PM

I don't mind Burger King. I don't eat at McDonald's because there was a rumor they once had a sandwich made out of cow's lips. They call it the McJagger...

FigureitoutApril 12, 2016 1:13 AM

Dan
--Think pretty well. There's some tricky spots though. When/how do you turn on the light detector? There's the hole eh? Some kind of external switch? Could do RF then encase completely in a shield. USB would definitely need to have encryption (it's contents, and password to disarm). Non trivial to implement, securely...

Those ultra caps lighting up those traces...there was a thread here awhile back, where it was said that electrically frying a chip, still retained data. I still think it's a useful thing to do if you're trying to kill data. Would be cool to see someone try to kill a chip w/ just electricity, and someone actually recover pre-verified data...doubt it.

GentooAndroidApril 12, 2016 2:35 AM

@Clive: "I'll see if they are available outside of Google play first"

If unavailable, you might want to ask them on http://forum.xda-developers.com/showthread.php?t=2392504
And, maybe, on a second equivalent channel, just to double check that you were not given a dangerous .apk.

I will try to upload to you the .apk of the configurable keyboard I talked about.

If your have rooted a device, then there is far better than gentooandroid.sf.net available (see links at bottom of my install instructions; I'll soon add a link to Termux there, thanks for your feedback on Termux).

"I noticed that the site looks like it had love at the end of last year so is more recent than some."

When I need a lacking package, I add it to gentooandroid.sf.net. But as I cannot easily upgrade installed packages (10% failure rate), I only add two-year old versions of the package. With some exceptions (bash; openssh; but, unfortunately, not glibc). If you ask it very very nicely to me, I may even try to add (two-year-old) emacs or xemacs.

Nicholas MApril 12, 2016 2:44 AM

@ Clive Robinson, Unfortunately that will probably not work. The type of fingerprinting mentioned is similar to that used for "software licensing" which usually is based on what is on the motherboard and IO electronics, swapping a storage device will not realy change the fingerprint.

...and for some reason the software licensing feature appear to not work with older hardware. My grandfather's computer, which was sold to him by a Best Buy salesperson several years ago, has had windows licensing issues periodically since about 5 years ago.

Nicholas MApril 12, 2016 3:01 AM

@ Dan, I mean that all the software is on the SD card. If you swap the SD card out, it effectively becomes a totally different computer. If a attacker compromises the operating system on one SD card, all the user has to do is plug in a different SD card that isn't compromised. This is a cool security feature of single-board computers that isn't present in regular computers.

Chances are pretty good that you will load the same set of software right back in, in my humble opinion.

This would perhaps fit the behavioral asspect of profiling. Different SD card, different $40 hardware, same set of apps or a slightly different set with the same configurations, visiting the same set of URLs.

As for device profiling, what would you do if everyone in the same organization is assigned the same laptop? So the profiling there, I think, is down to a set of custom platform, serial numbering, or manifucaturing inconsistency, etc. which likely won't change by loading a different set of software. And what would you do to a single-board computer to support all these good stuff?

DanApril 12, 2016 5:51 AM

@Figureitout,
You would want some kind of custom device that interfaces woth the computer(probably through the USB port or the PCI bus). The device would listen for a command sent to it with the correct password. When it recieves the right command(and password), it will activate or deactivate the circuit. It should have some protections against brute-force attacks.

@Nicolas M,
Here is one of my previous comments:


@Clive Robinson,
It probably wouldn't protect against fingerprinting. To stop fingerprinting, you would need some kind of browser plugin that stops the sending of information that isn't absolutely necessary (Why does the javascript need to know what operating system is running? Isn't the whole point of a browser to remove any dependancies on OS? Pretty much all of the web standards(in addition to a lot of other important standards, such as airport design standards) need to be redesigned with security in mind. I have played games where the game does a different thing if the game is already running in a different window.). Being able to quickly switch between multiple independent copies of the system is a good security feature in general (Although you could just spend another $35 and get a second one. The Raspberry Pi brand is cheap). This makes a good security argument for getting a Raspberry Pi (or another single-board computer).

Clive RobinsonApril 12, 2016 9:22 AM

@ Dan,

It probably wouldn't protect against fingerprinting. To stop fingerprinting, you would need some kind of browser plugin that stops the sending of information that isn't absolutely necessary

I Think you and I are talking slightly at cross purposes.

I was talking about an Application running on the computer, not a webbrowser, which As you note can be fingerprinted from within due to javascript pulling information from various sources, many which are due to browser functionality (cookies, fonts, lastpage etc etc) not hardware functionality or OS supplied info.

But it does point out that fingerprinting occurrs at all levels of the computing stack.

APApril 12, 2016 10:56 AM

NIST recently put out guidelines on Format Preserving Encryption (FPE).
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-38G.pdf
This was specifically in regards to bank's using it to "encrypt" account number, credit card numbers, etc but keeping them in the same format, only with random characters. So if your real number is 23-33797772, it would be "encrypted" as 77-83987729.
See this article http://www.bankinfosecurity.com/nists-new-guidance-could-simplify-some-encryption-a-9028
I wanted to know how this can possibly be secure? What about collisions?

Clive RobinsonApril 12, 2016 11:19 AM

@ Anura,

I miss working next to FatBurger :(

You are probably going to be as queasy as I am after you read this so stop now if you want your memories to remain happy ;-)

The name "FatBurger" sounds an awful lot "Fatburg" which has an entirely unpleasant meaning in the UK. As far as I know the largest of which was found outside a McDonald's in London Rd, Kingston-upon-Thames Surrey and was avout the size of a double decker bus and weighed if memory serves around 18,000Kg. Of the workmen sent to deal with it a number became quite sick and were taken to Kingston Hospital.

Officially according to Thames Water a fatburg is an accumulation of fat, sanitary towels, wet wipes and other solid contaminates that should not be put into surface drains or down toilets or sinks. Because in the process of forming they also accumulate human waste and thus become a significant bio-hazard. The bio material can also start to break down forming poisonous explosive gases not to disimilar to marsh gas. With sewer water backing up these gases along with other bio-hazard byproducts can get into homes and buildings causing a potential lethal hazard from contamination or explosion or both.

Thames water has indicated that fatburgs can occure anywhere in the sewers but are most often found close to or down stream of fast food restaurants and similar.

Interestingly fatburgs have a very high calorific value and will burn just like candle grease. Thus they can be fairly easily turned into bio-fuel or used in CHP plants. However as Thames Water also pointed out such conversion is more easily carried out with oil/fat waste prior to entering the drainage system illegaly.

So for your next visit to FatBurgers Bon appetite, and don't think of the monster building outside in a sewer near you...


Clive RobinsonApril 12, 2016 11:59 AM

@ Dan,

As @Figureitout has poinyed out,

there was a thread here awhile back, where it was said that electrically frying a chip, still retained data

Trying to zap/fry a chip on it's pins does not work. The basic reason is the contact pad on the chip in effect has two high current diodes to either power supply rail to act as ESD protection. Not only do these turn on in fractions of a pico second thus clamping any transient to within 0.7V of the rail protecting the internal circuit, the clamping effect causes the IR heating effect to fall into the bonding wires between the chip and the package. Thus the bond wires blow faster than even the best of "fast blow" non explosive assisted fuses.

But there is another issue with chips to consider and it even effects RAM, it is a form of "burn in" where even is erased the longterm storage of a value leaves a trace that can be measured.

Thus to protect secrets you are looking to use battery backed up a nanopower CPU and RAM. The CPU moves the "secret" aroind in RAM after it has encrypyed it, with an encryption key that changes from the likes of a TRNG. The simplest way to think about it would be a stream cipher using a card shuffling algorithm where by each XOR is done with the XOR of the old Encryption key and the new encryption key, thus simultaniously decrypting and reencrypting the secret without it ever being in plaintext form in RAM storage.

Obviously this combination of CPU and RAM needs to be made physically tamper proof and needs foolproof triger inputs.

All of this has been discussed on this blog a long time ago, including the use of Thermite to cause the packaging and the chip it holds to be brought above the temprature of molten iron and remain that way for several minutes. As this can cause an explosion as the package gasifies a more modern method uses a tiny anvil and explosion driven hammer to shatter the chip to dust.

Such are the joys of protecting secrets in electronic storage.

CallMeLateForSupperApril 12, 2016 2:14 PM

Plans/stories here about using thermite to protect data/hardware from unauthorized access make my skin crawl. Thermite is "Naaastee" (hat tip to @Clive. Anyone thinking about implementing such "security" really ought to first take her contemplated quantity of thermite to the local desert and ignite it there. Admire the resulting sparks, fire and dense smoke and imagine that blinding spectacle transpiring inside your (probably under-insured) home.

In my pickle suit days, I spent several months operating electronics at a hush-hush site within a certain asian country. "Indian country" was very near, and regular incursions - just probes - were a fact of life. As "my" site was a pile of classified documents and equipment, protocols were in place to destroy everything if/when impending arrival of indians were heralded by the sleady wail of the base siren. To wit: One of the two men who were on duty in the ops trailer was to commence "zeroing" certain dials on certain equipment sets. The second man was to go most riki-tik to the admin tent, unlock the classifieds safe, initiate the thermite grenade within, lock the safe, grab sledgehammer, run out to the two diesel generators and aggress upon their respective governors with extreme malice using said sledge. There was more but those details are irrelevant here.

As you probably guessed already, there was a SNAFU that resulted in a melted safe and documents reduced to nothing. The admin tent and months of data stored on magnetic tape - not to mention the commander's office - fueled a prodigeous inferno that would have provided a righteous challenge for fire responders had they arrived while it raged... which they did not.

Thermite is stable and not easily ignited. But once it ignites, you don't want to be near it. Bucket of water? Hose? Fire extinguisher? Forget it!

Clive RobinsonApril 12, 2016 5:54 PM

@ CallMeLate...,

Thermite is stable and not easily ignited. But once it ignites, you don't want to be near it. Bucket of water? Hose? Fire extinguisher? Forget it!

You are talking of aluminium and iron oxide thermite, as is used for "rail welding" and the like. But there are other mixtures...

uminium and red lead oxide is another thermite mix, and if you worked in a paint shop realy fine powder aluminium and red lead was not difficult to get hold of.

Now there is a third chemical you can get quite easily which is Ferric Chloride and it's used for amongst other things etching copper clad board (PCBs).

What most people dont know is that a mixture of aluminium and ferric chloride when dry is sort of stable, however add even a small amount of water and you get the start of a very exothermic reaction.

Mix the three chemicals together in varying proportions such that you go from the ideal thermite combination into the ideal exothermic mixture, and you end up with a thermitr mix that can be started with just a little water.

Further few people realise that aluminium bar will burn and once started is almost as difficult to put out (a large pile of sand works if you don't mind having a lump of glassy like substance in the middle). So if you drill out a large bar of aluminium and add the above mixture you can end up with a very serious aluminium fire on your hands with just a very very small amount of water as I discovered.

All good fun as a young teenager, but it could have had very serious consequences.

As I've mentioned in the past thermite is not an explosive, that is it does not have rapidly expanding gases. However a steel high preasure bottle of propane gas with a suitably aranged thermite charge will heat the propane to a very high temprature before the steel bottle fails, at which point you end up with a Boiling Liquid Expanding Vapour Explosion (BLEVE) which you could call "a poor man's FAE". If you search Utube you will find examples of BLEVE's and slow motion FAE's so you can compare them.

The difference is that a BLEVE only burns at the surface of the expanding vapour which is well below the speed of sound, an FAE however uses a primer charge to mix the Fuel and Air to approximately the right combustion mix prior to ignition to obtain maximum brisance, thus the cloud ignites super or hyper sonicaly producing a very pronounced over preasure wave causing even more rapid burning at the shock wave interface due to density changes. As some experiments have shown, it's possible to make FAE's with shockwaves similar to that you get from tactical nukes...

DanApril 12, 2016 6:10 PM

@Clive Robinson,
Yeah, it was just an idea. There would probably still be all sorts of information leaks after the super-capacitor fries the computer. The hard drive platters would be mostly unscathed, although the controller for them might be destroyed. I wanted to see what other people thought of it. The owner of the computer could try to sue the government for destroying the computer(that makes an interesting easter egg for the paranoid person).

The real solution (for secure communications that don't leave records) would be a guaranteed memory-only messaging application. The protocol would perform a key exchange with forward security. The application would display the message, but neither the sender or reciever would store the keys, plaintext, or ciphertext in nonvolitile storage. If you really care about security, you could also have the tamper-resist to waste the government's time. Imagine what you would feel like if you spent months investigating the computer of a known criminal, and all you found were cat pics and a ".txt" file that contains the word "lol".

DanApril 12, 2016 6:24 PM

@Clive Robinson,
To deal with fingerprinting by javascript and over the web, you would need a custom browser or browser plugin. Dealing with fingerprinting by applications is much harder, especially because there are so many legitimate uses for the IP address and other pieces of data.

tyrApril 12, 2016 6:27 PM


Like Clive says, thermite like Happy fun ball (grenade)
is not your friend and is a lousy playmate for the
unwary. Able to generate a stream of white hot steel
from an inch thick piece of metal in seconds is not
something you want to be close to. Most folks have no
conception of what that level of temperature can do.

DanApril 12, 2016 8:05 PM

@Clive Robinson,
Another method of secure communications is to encrypt data with a Trusted Platform Module, mail the TPM to the recipient, and reveal the ownership secret once the receiver gets the TPM. Why do I like this idea? I like it because it pits the DRM advocates against the surveillance advocates. If the TPM is tamper-resistant, the Feds will complain because it will be harder to break into TPMs. Let the DRM advocates fight the surveillance advocates, for the personal amusement of the people who want neither.

FigureitoutApril 12, 2016 11:46 PM

Clive Robinson // Dan
--I still think, after simultaneously shorting all the pins on a chip, then dragging that across the chip and hold until all the power discharges, would be pretty good. To totally dismiss it doesn't seem right to me, it's definitely not thermite which I'm probably not ever going to do, but will take some time to even know what got damaged etc..

I've got a chip on my desk, highly suspected ESD, first time not being able to connect to programmer, so those pins are dead too. I'm assuming not a large shock, b/c what can do such damage besides lightning?

FigureitoutApril 13, 2016 12:57 AM

Nick P
--Got some language flamebait which I'm sure you'll eat up. :p Sure you saw this on HN and your eye started twitching :p Don't you dare touch my beloved C (actually contrary to what you think I don't f*cking care what language, if it's quick to write and read I'm drawn b/c I like to get things done quick).

http://www.embedded.com/electronics-blogs/break-points/4441819/Fixing-C

And the better HN thread: https://news.ycombinator.com/item?id=11477989

It was pretty pointless to choose curly braces as the thing to end in C lol. Then his ideal example had improper indentation and "if (blah) [...] end if" crap can make way more terse and bug prone. Based on his wish, it's very simple, just have the lined up indentation (this is a requirement for large code bases, IDE's need to handle this) and if you want to end curly braces for something else, just use "if (uniqueN@me) [...] end (uniqueN@me)" not just if it's for loop or while loop or whatever. Seems most obvious to me.

ianfApril 13, 2016 6:04 PM


@ MrC,

Inky may be a cephalopod, true, but should we really applaud such juvenile Rumshpringey, AWOL behaviour? He wants to earn our respect, let him (her?) first get a Twitter account, start sharing. If Mia the Bronx cobra could manage it without a single digit, post with a regurgitated iPhone from right within the Zoo, so could Inky from the seashore with 8 nimble tentacles. Learn from the pros.

    The great escape: Inky the octopus legs it to freedom from aquarium in New Zealandhttp://gu.com/p/4taah
ps. we who've been around for a while have learned to distrust claims of unconfirmed feats of any cephalopod that resembles an arthropod.

Nicholas MApril 13, 2016 11:43 PM

@ Dan, Let the DRM advocates fight the surveillance advocates, for the personal amusement of the people who want neither.

That's assuming they've not a backdoored. Considering that the two parties are frequent collaborators, I would not bet against it.

Nicholas MApril 13, 2016 11:47 PM

@ Dan, To deal with fingerprinting by javascript and over the web, you would need a custom browser or browser plugin. Dealing with fingerprinting by applications is much harder, especially because there are so many legitimate uses for the IP address and other pieces of data.

Yes but the web browser is also an application, which has its legitimate uses.

Nick PApril 14, 2016 12:16 PM

@ All

I thought you might find this interesting. This risk came out of a best practice: automated backups. Forgot the other one apparently: "avoid using risky backup methods over software that's field-proven." Lol.

http://www.independent.co.uk/life-style/gadgets-and-tech/news/man-accidentally-deletes-his-entire-company-with-one-line-of-bad-code-a6984256.html

Noticed something better that I wrote elsewhere:

"What's most epic about this is it's in the UNIX Hater's Handbook. One of its rants was how better-designed systems would warn you if you were going to nuke your whole system. The reason is that a command to wipe the whole system was more likely a mistake than developer or admin's intent. UNIX would do it without blinking. Inherently unsafe programming and scripting combined with tools like that meant lots of UNIX boxes went kaput.

And today, over two decades later, a person just accidentally destroyed his entire company with one line without warnings on a UNIX. History repeats when its lessons aren't learned. This problem, like setuid, should've been eliminated by design fairly quickly after it was discovered.

http://esr.ibiblio.org/?p=538

EDIT: Added link to ESR's review of UNIX Hater's Handbook which links to UHH itself. Nicely covers what was rant, what was fixed, and what remains true. Linking in case people want to work on the latter plus my sour relationship with UNIX. :)"

WaelApril 14, 2016 12:53 PM

@Clive Robinson,

Thanks for the link. I learned about the Faraday Rotation phenomena :)

It opens up a whole new research area for these instruments, which will probe as deeply into the and as far back as we can go – it’s going to be an exciting time to be an astronomer.

Not sure I understand the sentence. Perhaps a typo or a missing word...

Taylor, "and that helps us explore what the universe of tomorrow will be like."

The more important question is where this universe came from! Suppose the Big Bang is the correct theory, then where did that initial seed come from? I know we talked about this in the past, but it still fascinates me more than what the universe will look like in a few trillion years.

One of these days I'll use the size of the universe to illustrate how improbable "evolution" really is.

Earth size ...
Size comparison

AnuraApril 14, 2016 3:13 PM

Cipher Musings:

You can create a simple, efficient cipher using two involutory functions (that is the function is its own inverse), a nonlinear function and a linear transformation. For example, take these two functions:


1) Nonlinear function F

w = b+c+d
x = a+c+d
y = b-a-d
z = a-b-c

2) Linear Transformation G

t = a ^ rotl(b,r0) ^ rotl(c,r1) ^ rotl(d,r2)
w = a ^ t
x = b ^ rotr(t,r0)
y = c ^ rotr(t,r1)
z = d ^ rotr(t,r2)

(there are other ways to write that so it can take advantage of pipelining)


Then encrypt as this:

for i = 1 to num_rounds:
    x = G(F(x^round_key[i]))
loop
#Apply non-linear function one more time, and xor final
#round key so last operation cannot be reversed
x = F(x) ^ round_key[num_rounds+1] 

The advantage of this construction is that decryption can then be performed with the exact same function, using an inverse key schedule. The inverse key schedule can be constructed from the regular key schedule by reversing the order of the round keys and applying the linear transformation G to all but the first and last keys. Feistel ciphers with odd number of rounds have a similar property, although I like the symmetry of the functions I gave above.

tyrApril 14, 2016 4:18 PM


@Wael

The big bang is the limit test for credulity.
If you can believe that the universe sprang from
nothing for no reason then you can believe any
story with a consensus.

Since western science began with an angels visit
in Einsteins birthplace, the claims made for it
as the metatheory aren't any more believeable than
any other preisthoods claims to all knowledge.

The ability to make neat tech stuff isn't a real
proof of omnipotence either.

WaelApril 14, 2016 4:53 PM

@tyr,

If you can believe that the universe sprang from nothing for no reason...

I don't believe that for a second. One day I'll share the probabilities with you.

the claims made for it as the metatheory aren't any more believeable than any other preisthoods claims to all knowledge.

Much less believable. Any "priest" who claims all-encompassing knowledge is ignorant.

Clive RobinsonApril 14, 2016 5:57 PM

@ Wael, tyr,

Wael: Suppose the Big Bang is the correct theory, then where did that initial seed come from?
tyr: The big bang is the limit test for credulity.

The problem with the "big bang" is that it's a point we can not reach back beyond with our current abilities and knowledge and the chances are good we may never be able to.

However we may at some point be able to reach forward and create a big bang for a new universe in parallel with our own. If we do and it does not disappear from our ability to observe it then we may be able to make deductive reasoning to say "it could have been...".

But there is a greate deal we do not know, that we abstract away with "dark matter" and "dark energy". However as they appear to be dominant, we may have our understanding of the universe compleately squed or wrong (it would not be the first time).

As has been noted before there may be no seed it could be "turtles all the way down". Fred Hoyal for instance put forward the notion that the universe could expand and contract with a rythm infinitely.

The problem with the "seed" argument is "what came before" and infinite regression. If for arguments sake we say there was a creator or race of creators --as we might one day be-- you have to ask where the creator(s) came from, which gives rise to where their creator(s) came from which is the "lesser flea" argument in reverse.

Unless something can come from nothing, we have to assume an infinite continuum. The problem with the something from nothing argument is what triggered it, and how it's possible to have a trigger where nothing is, which quickly brings you back to the infinite continuum issue.

Call it a paradox if you will but we got here somehow and that has implications that we may never be able to answer, and appealing to the $DEITY argument is not answering the question. Because you in turn have to ask where $DEITY comes from, which puts you right back in the hamster wheel, and around you go again...

Of course there is one glib answer to the problem, that is "we will create our past selves", much like standing between two mirrors ;-)

Nick PApril 14, 2016 7:10 PM

@ Bytopia

It's possible. That claim came from one comment on the site. A counter pointed out an older installation might not have that. Another possibility is that the person didn't post the full command. There's many. Unfortunately, this sort of thing has a history of happening.

Aside from non-UNIXen that did it better, there's tools like "safe-rm" that let you be absolutely sure you want to nuke a system. There's also versioned filesystems and append-only storage. Many options to get what that person needed while reducing risk.

AnuraApril 14, 2016 7:39 PM

@Nick P

For the most part, you should run jobs with proper permissions anyway. For a server environment, I would definitely use ACLs and give any service accounts the minimum permissions necessary. Very few things need write access to root, and only your backup process needs access to the backup share.

WaelApril 14, 2016 8:34 PM

@Clive Robinson, @tyr,

If for arguments sake we say there was a creator [...] you have to ask where the creator(s) came from, which gives rise to where their creator(s) came from which is the "lesser flea" argument in reverse. Unless something can come from nothing, we have to assume an infinite continuum. The problem with the something from nothing argument is what triggered it, and how it's possible to have a trigger where nothing is, which quickly brings you back to the infinite continuum issue.

Strange way to get out of this dilemma! You give the universe the "infinite continuum" attribute to avoid the "lesser flea" argument, yet you refuse to give the same attribute to the creator instead! An attribution that also avoids the "lesser flea" or infinite regression argument!

Clive RobinsonApril 15, 2016 4:35 AM

@ Wael,

Strange way to get out of this dilemma!

I don't get out of it at all, the point I was making (apart from the glib paragraph) is that you end up with the infinite regression whichever way you go which gives the continuum with no begining, and thus logicaly no end.

The problem is always going to be the "What came before?" that is each effect has an explicable cause, if you violate that how do you object to perpetual motion, the laws of thermodynamics etc, etc, etc. But even if you accept that something can come from nothing and it can happen with no cause you still have a problem...

On the assumption something can come from nothing without cause what's stopping it happening again?

If you say "nothing" you then have to ask what happens if it does?

But if you say $XXXX stops it happening then you have an even bigger problem. Because $XXXX is the inverse of a cause, which is a cause in it's own right, thus you have not removed the cause...

You can then argue back that likewise nothing has to be something for there to be a cause.

So rather than get into infinite regression and it's seemingly impossible future implications, we argue that our universe and thus our knowledge has bounds that is there is the equivalent of a zero origin back through which we can not go. But we also have to argue for the "Big Crunch" to "close the envelope", because if we don't then we get back to the "something from nothing" argument which in turn gets us back to that hamster wheel continuum...

One attempt to get out of this is the idea of positive and negative energy/mass argument. That is everything sums to zero thus you can get something from nothing providing you also have a negative nothing. But you have to explain away why it has not zeroed back out. One argument for this is what might be termed uneven clustering, which in effect says we are that infinitesimal fraction that got so seperated from our negative infinitesimal fraction by such an extent that in our universal time span we have been left behind...

But... You are still stuck with the cause issue to argue away...

So are arguments do not fly by our own system of reasoning, so as some have suggested maybe we should go back.and check our reasoning is valid and that the system of reasoning os valid... Only we know the answer to this and it boils down to any system of logic of any real use can not prove it's own self consistency.

So we still end up with "It's turtles all the way down..." only we call those turtles agreed assumptions or axioms, to somehow make them seem better than "Your guess is as good as mine, if not the same thing".

But there is another aspect to consider, and that is "information" that by becoming measurable, becomes "data" from which we test hypothesis to come up with "knowledge". We have come to accept that information does not have a physical form, but we physical beings need it impressed or modulated on matter or energy to store, communicate and work with it. This gives rise to a problem, in that we currently assume our universe although large, is actually finite in both matter and energy... Thus there is a limit on how much information there can be in our physical universe, thus a limit on how much we can know at any given moment in time. But worse is the realisation that as our knowledge gains in one direction it must reduce in another direction...

Unless of course we work out that "something from nothing" trick ;-)

JG4April 15, 2016 7:36 AM


possibly the most important book you'll ever read

Boyd: The Fighter Pilot Who Changed the Art of War
http://www.amazon.com/Boyd-Fighter-Pilot-Who-Changed/dp/0316796883

while Boyd doesn't bring out the fact that competition is a fundamental law of nature, or at least derives from the fundamental laws, he does show how to prevail in the general case. he also managed to synthesize important and useful conclusions from Gödel, Hegel, Heisenberg and thermodynamics. the best fighter pilot in US history and the best military strategist since Sun Zhu.

you could think of it as the prequel to The Pentagon Wars. both the movie and the book of that name are worth the price of admission.

I'd prefer to link an open-source compendium of book titles/information, but I am too lazy and dysfunctional to build one. I don't like doing business with Amazon, except for the part where they are fast and cheap

ianfApril 15, 2016 10:58 AM


OT: I am not going to insult your considerable aggregated intelligence by reposting the appetizer title of this Medium dispatch as a question… because I just happen to know that, YES, deep down you all ARE constantly Looking for An Edge in the Digital Age.

    So make my day, drool over this barebones listicle of 70 browser-invoked tools (predominantly such online, not browser extensions). Its scope is too wide for detailing in this medium, but here is an octet of tools that I'll be checking out next (I already use another quintet there). Needless to say evaluating utility, quality, and accessibility of all 70 sounds a daunting task!

SmallPDF — A comprehensive PDF editor.

Gravit — An online Photoshop alternative.

GuerrillaMail — One-time disposable email address and inbox.

ProductChart — A chart for comparing electronic products and gadgets.

CutMP3 — Cut MP3 files.

Unfurl — See where a URL really leads.

OnlineOCR — Convert images and PDFs to text.

https://medium.com/p/38274e123a53

KarmaTriggerApril 15, 2016 12:39 PM

File under "Would have been funny 25 years ago":
For the millionth time, data integrity as a security fail.

Was former OPM CIO Donna Seymour serious when she said they still have COBOL systems? You mean they wrapped a multi-million dollar AI heuristic decision-making firewall around an Atari 400 with a cassette tape drive? Like telling DARPA to mount a spear on their robotic donkey. Message to China: you can keep those documents.

I am going to release COBOL4WEB, a development framework for government agencies, health insurance companies, and universities that want to destroy CIS students' lifepaths.

Irony: somebody still has Open-COBOL in Synaptic
[https://packages.debian.org/search?keywords=cobol&searchon=names&suite=stable§ion=all]

This is proof that you can stand still and make gains... watching the govt workers walk backwards blindfolded off a cliff. Yeah, on this idea of crypto laws passed with outlier conditions... no. Do politicians know what escalation means? As in custom encryption and pre-encrypted data; only idiots using free cloud for jack. As if law enforcement can even pre-cog their next doughnut run with the front and back doors gaping wide open. I'm just gonna say this: my enemy is no longer in the desert.
And finally, why would I show up to an RSA conference laced with govt retards pushing backdoor and fear tactics?

WaelApril 15, 2016 5:20 PM

@Clive Robinson,

I don't get out of it at all, the point I was making (apart from the glib paragraph) is that you end up with the infinite regression whichever way you go which gives the continuum with no begining, and thus logicaly no end.

How can you claim we end up with infinite regression whichever way we go after you introduced the concept of 'infinite continuum'? I'm not going to make it easy for you to wiggle out of this one...

Me: There is a creator, because every object must have a maker! Objects just don't create themselves! (the clock maker argument)
You: Well, then! Who created the maker? This degenerates to the 'infinite regression' argument

Me: Fine! Explain to me how "something" can come out of "nothing"?
You: The logical conclusion is the universe has no beginning and no end (The infinite continuum) argument. And this gets you out of answering "how something can came out of nothing" question.

Me: Ok, then! You proposed the principle and concept that there are objects (the universe) who don't need a maker because they are past-eternal and future eternal.

You: Yes, that's the logical conclusion!

Me: You applied this eternal attribute to the wrong entity! The creator is the one who possesses this characteristic. So you must necessarily agree that the other possibility is that the universe is time limited (has a beginning and an end), and was necessarily created by an entity that always existed and will continue to always exist. The creator, therefore does not need to have a creator that created him -- thereby nullifying the 'infinite regression' argument

Notice that I didn't factor in evidence that universe is indeed time-limited or other ancillary arguments so we only focus on 'Infinite-regression' vs. 'Infinite-continuum'.

I was going interweave a blockquote of what you said, but it looked more complex. I can still support all the quotes assigned to you from what you said! Now which step in the sequence don't you agree with?

Clive RobinsonApril 15, 2016 7:01 PM

@ Wael,

Me: Fine! Explain to me how "something" can come out of "nothing"?

I Said,

    But even if you accept that something can come from nothing and it can happen with no cause you still have a problem...

My use of "if you accept" I would have thought is a clear indicator I do not believe "you can get something from nothing"

Additionaly,

    The problem is always going to be the "What came before?" that is each effect has an explicable cause, if you violate that how do you object to...

I would have thought reinforced the point I don't believe "you can get something from nothing"...

I went on to say how others tried to get around this issue by either putting some kind of bound around it by saying you can not reach back beyond a certain point, or by saying you get a positive and a negative of equal magnitude where some tiny fraction --our universe-- has so far escaped being sumed back to zero for some reason (unstated).

Thus they have given themselves a get out clause, I however have not given myself one because I see no validation for them.

Thus whether I like it or not I have limited myself to an eternal continuum or our current understanding of the way "nature" works is wrong. Of the two the latter seems to be the more likely. Because as the old saw has it "Natural Philosophy is a series of lies, each more accurate than it's predecessor".

That said, as it should be clear I don't believe in $DEITIES, I see no reason for them[1], except as "lies to children" that are used to hide the fact we adults don't have all the answers, thus lose face over "why are we here" type questions.

Which appears to cause you an issue when you say,

You applied this eternal attribute to the wrong entity! The creator is the one who possesses this characteristic.

That is you have in no way established a need for a "creator" eternal or otherwise.

All I've talked about is "causes" and their "effects" and pointed out if there is an identifiable effect logically there must have been a "cause". Further I've also pointed out that in all probability there is a "negative cause" or "inhibitor" otherwise we would have perpetual motion etc and our universe would not be as we know it.

I do not ascribe any kind of need for an entity intelligent or otherwise with a consciousness to bring about either type of "cause". That is I see no need for "intelligent design" or a creator, as there is no proof that one is needed. All I indicate is that there needs to be something that can have a change of state, that is there can not be "nothing". I don't even require the something to have a physical state as we understand it just that there is something.

As an outfield comment for consideration, let's assume that our tangible physical universe with it's energy/matter constrained by forces and the speed of light, is in fact a subset of an intangible information space in which physical universes can exist in parallel or sequentialy (ie Swiss Cheese or Sausage String models). Our universe could have come about because the interaction of information by some random process, which was the cause that created the initial unbounded "laws of nature" of our physical universe. Which in turn with the coalescing of matter/energy gave us the starting point for our bounded laws that need the forces and the limits of the speed of light and the passage of time to provide stability.

[1] I'll leave out the explotative excuse of "Divine Right" used by those in the "King Game", which needs the invention of a $DEITY to work to brook any kind of dissent from the masses.

Nick PApril 15, 2016 8:01 PM

The Engineer's Engineer: Computer Industry Salutes David Cutler

Above is the page for it on Hacker News that Ray Ozzie personally submitted. The page has the link and some interesting discussion. Cutler's work included VMS, MicroVAX/PRISM, Windows NT (good parts haha), Azure's low-level stuff, and Xbox One's hypervisor. Focused on solid design of hardware-software combinations with high-quality code. His work is literally all over the place.

One of the few to live up to IBM's concept of superprogrammers. :)

WaelApril 15, 2016 8:56 PM

@Nick P,

Windows NT (good parts haha)

Windows NT kernel and device driver model was a piece of art. Dave Cutler was behind it, I believe.

WaelApril 15, 2016 9:10 PM

@Clive Robinson,

I would have thought reinforced the point I don't believe "you can get something from nothing"...

But I didn't contest that! It's evidently crystal clear to me you don't believe "something can emanate out of nothing", and neither do I.

That said, as it should be clear I don't believe in $DEITIES, I see no reason for them...

I know you don't! I stated previously that I'm not trying to change that either.

I don't even require the something to have a physical state as we understand it just that there is something.

Ok. We agree there!

let's assume that our tangible physical universe with it's energy/matter constrained by forces and the speed of light, is in fact a subset of an intangible information space in which physical universes can exist in parallel or sequentialy (ie Swiss Cheese or Sausage String models).

That thought always crossed my mind. I didn't think of it as a "parallel universe", though. I thought of "it" as a different "realm" that we have no way of conceiving correctly. Sometimes I think of an analogy: Suppose our universe is two dimensional. All we see, observe, measure is located in our flat plane. Now we become intelligent enough to theorize that there are other parallel planes that we have no way of observing... We then make up theories of how the laws on our plane of existence would look on other planes. We may get it right or wrong and we wouldn't be able to test it! It could also be wrong because the reality is really three dimensional and the planes are just slices in the encompassing "realm". But this isn't what I'm discussing here!

Our universe could have come about because the interaction of information by some random process, which was the cause that created the initial unbounded "laws of nature" of our physical universe. Which in turn with the coalescing of matter/energy gave us the starting point for our bounded laws that need the forces and the limits of the speed of light and the passage of time to provide stability.

Maybe, maybe not. Yes, I understand that's the meaning of "could have".

Anyway, I wondered what prompted this sort of "defensive" response. When I read my comments, I realized I used the the second-person personal pronoun inappropriately. Would your response have been different if I said:

Would you think applying this eternal attribute to a hypothetical creator entity resolves the problem of 'infinite regression' because this hypothetical entity or 'force' possesses 'infinite continuum'?

Instead of:

You applied this eternal attribute to the wrong entity! The creator is the one who possesses this characteristic.

I'm basically saying this: we have two entities; a 'possible Subject' and an Object. The 'Object' is the universe, and the 'possible Subject' is an 'unknown entity', construct, realm, or parallel universe . We need the 'Subject' because we both believe that "something" can't come out of "nothing". So the 'possible Subject' is now just a 'Subject'. And my understanding is that you also believe there is a 'Subject' that either acted on the 'Object', interacted with it, or influenced it's behavior in some form that we may never understand properly.

If the universe is time-limited, then the Subject must have an 'infinite continuum' property otherwise we'll have to deal with the 'infinite regression' argument.

If the 'Object' has the 'infinite continuum' property, then the Subject may or may not posses the same property. In which case, it's no longer a 'Subject'....

Thorny subject, I guess ...

Clive RobinsonAugust 18, 2016 11:16 PM

@ Wael,

Yes we do need to continue at some point in the near future.

Just not at the moment, I'm on my sick bed yet again and nearly ended up in hospital :(

I joke about getting a "Time Share" deal on a hospital bed, but the simple truth is being ill is a major disruption in life. Even simple things like "food shopping" become major logistical hurdles, and mind numbingly exhausting.

So I'm not at my best right now.

WaelAugust 18, 2016 11:24 PM

@Clive Robinson,

Oh, man! Take care of your health. Hope all is well.

So I'm not at my best right now.

But that gives me the best chance ;) We don't have to continue... We can talk about C-v-P or something interesting?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.