Friday Squid Blogging: Global Squid Shortage

There's a squid shortage along the Pacific coast of the Americas.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on April 29, 2016 at 4:05 PM • 142 Comments

Comments

ianfApril 29, 2016 5:48 PM


This just off the BBC World News: the Southern German city of Augsburg has come up with a workable solution to protect smombies [=smartphone zombies] from themselves: they have installed warning blinking red LED beacons in pavements and street surfaces along tramway stops to signal trains' arrival in said smombies background/ periphery vision when they are engrossed in their precious mobiles while walking/ crossing the streets.

    [This reeks of Nanny State (city) to me. In fact, that's meddling with the scientifically proven Natural Selection. Me, I'd let these (and all) smombies weed themselves out from the human gene pool to everybody's cumulative benefit.]

AnuraApril 29, 2016 5:53 PM

@ianf

I wouldn't use the "nanny state" label for anything that's completely non-intrusive. You might as well start complaining about warning signs on roads at that point.

ThomasApril 29, 2016 6:02 PM

@ianf

I look forward to a future where the pavement is covered in a matrix of multi-coloured LEDs allowing smombies to be safely mustered.
Just follow the green blinking lights in your periphery.

Bonus points to whoever hacks the blinkenlights and creates aerial smombie-pixel art.

Thomas

rApril 29, 2016 7:49 PM

@Daniel,

The other thing I saw about that was that it legalizes targeting people who try to remain private through "technological means".

So, anonymity and encryption.

MrCApril 29, 2016 8:43 PM

@ Daniel:

If you start from the premise that issuing a warrant for "remote access" is OK, then these are perfectly sensible rules: In general, the Feds have to get a warrant from the District Court for the district where the hardware is located, but -- A: If the Feds don't know where the hardware is because you concealed it, then they can get a warrant from any district where part of the criminal activities took place. B: If you hacked multiple computers spread out over 5 or more districts, and those computers are the thing to be searched, then the Feds can get a warrant from any district where part of the criminal activities took place.

The real problem is that "remote access" means "government hacking," and that *any* rule authorizing hacking is a backdoor way of legitimizing a police behavior that is generally regarded as a criminal activity, that has never been authorized by Congress, that may have some significant constitutional problems,* and that really should only be allowed, if at all, after a robust public debate.

*I see two constitutional issues off the top of my head: 1. As a technological reality, this sort of hacking is often going to require making unauthorized access to systems and data belonging to people other than the suspect in order to get at the suspect's stuff (e.g., shared server hosting), and the rights of these non-suspect parties are not only not being protected here, but the problem doesn't even seem to be on the radar. 2. I think there's a Fifth Amendment issue in hacking the suspect's computer and waiting for him to incriminate himself. Add to these one major practical problem: While some magistrates are remarkably tech savvy, most are remarkably NOT-tech-savvy. This, coupled with the FBI's predilection for overreach, poses a real danger of magistrates unwittingly signing off on roving fishing expeditions.

GrauhutApril 29, 2016 9:01 PM

@MrC: "The real problem is that "remote access" means "government hacking," and that *any* rule authorizing hacking is a backdoor way of legitimizing a police behavior that is generally regarded as a criminal activity, that has never been authorized by Congress"

Whats the difference to having your physical front door "hacked" by a SWAT team with a search warrant? :)

ThothApril 29, 2016 9:04 PM

@Nick P, Clive Robinson, all
For Java and C# crypto code cutters, BouncyCastle (a.k.a BC) crypto provider (as of 8th Apr 2016) is submitting the BC crypto lib for FIPS 140-2 CMVP program.

Those who have worked in this industry or have experience in this industry knows very well that certifications (FIPS, CC EAL ...) are problematic and expensive. OpenSSL is known to be THE STANDARD for crypto libs to obtain FIPS 140-2 certification and we all know very well how dreaded the damn OpenSSL crypto lib is (full of known/unknown flaws and holes). Some of the FIPS 140 "security measures" in OpenSSL are rather cumbersome and complex and that is one of the mechanisms (FIPS 140 compliant security mechanisms) that the people working on LibreSSL removed immediately when forking OpenSSL project to create the LibreSSL project thus making LibreSSL not FIPS 140 compliant despite being a fork.

BC is walking on the thin thread of FIPS compliance by submitting themselves for FIPS 140 CMVP program and recent boast their crypto lib to be hardened according to FIPS 140 CMVP standards.

Will it turn out to be another OpenSSL nightmare in an attempt to attain FIPS 140 certification (thus including complex compliant mechanisms) or would the FIPS 140 CMVP program aid BC to be more secure (note that Galois Inc. is also sponsoring FIPS 140 CMVP program) ?

I wonder if Galois Inc (as a sponsor) would aid BC team to increase their software assurance to meet FIPS 140 certification standards without going down the OpenSSL's fateful path....

Links:
- https://www.bouncycastle.org (read the top right news feed)
- https://www.bouncycastle.org/fips/BCUserGuide.pdf (BC FIPS 140 Guide)
- https://www.bouncycastle.org/fips/BCSecurityPolicy.pdf (BC FIPS 140 Security Policy for compliance evaluation program)

GrauhutApril 29, 2016 9:22 PM

Rinse, repeat! :)

Forthcoming OpenSSL releases
============================

The OpenSSL project team would like to announce the forthcoming release of
OpenSSL versions 1.0.2h, 1.0.1t.

These releases will be made available on 3rd May 2016 between approximately
1200-1500 UTC. They will fix several security defects with maximum severity
"high".

ThothApril 29, 2016 9:50 PM

@Nick P, Clive Robinson, all
More signs of complexity created by FIPS 140 CMVP requirements which states the necessity to implement blinding mechanisms (software/hardware) in an attempt to make the cryptographic operation look confusing to attackers listening on energy-based emissions (whitebox crypto :)).

I was reading the first half of the BC User Guide and all it talked about were approved mode algorithms until I chanced upon a sample code that requires code cutters to understand the concept of blinding mechanisms and load a RNG manually into the FIPS approved cipher for generation of noise on the software crypto lib, my jaw dropped open at that moment.

Here's a sample Java code for using a FIPS approved BC crypto lib that requires the code cutter's manual intervention of loading an RNG to initialize a blinding security mechanism (initialize whitebox security):

FipsKeyWrapperUsingSecureRandom wrapper =
wrapFact.createKeyWrapper(pubKey, FipsRSA.WRAP_OAEP)
.withSecureRandom(new SecureRandom());

And the nicely tucked away note that I am pretty sure most other code cutters in a hurry trying to flip through the pages to learn how to use the FIPS approved BC crypto lib would have missed:

"Note: that in both the wrapping and unwrapping process a SecureRandom is required in
order to facilitate RSA blinding on the decryption."

Most code cutters have no idea about the crypto codes they are writing because all they want is the benefit of crypto security without the code cutter needing to know much about crypto algorithms, FIPS requirements, cryptosecurity, EMSEC security, tamper resistance ... all of a sudden, the code cutters would actually need to know some knowledge of each of these stuff to be able to properly operate the BC FIPS validated crypto lib otherwise not using the correct FIPS mechanisms (e.g. the blinding security mechanism) would render the implementations either not FIPS approved or even worse not operable or even with vulnerabilities bubbling up.

Most code cutters are already struggling to use crypto libs (OpenSSL, BC, JCE ...) and there are very few well made and simple to use crypto libs (NaCL and derivatives). Complexity added by these complex crypto libs lead to more implementation errors (and insecurity). Complexity is widely known as the common enemy of security. It is best to follow the KISS (Keep-It-Simple-Stupid) principle.

One good example of a crypto lib following KISS principle is NaCL et. al. which is currently growing in popularity.

For all crypto implementors and code cutters who don't need FIPS validation, do consider moving over to the NaCL et. al. bunch of crypto libs to make life simpler and implementations more assured (due to lesser complexity).

Talk about complexity introduced by FIPS, CC EAL ... in fact, more insecurity might bubble up due to an attempt to satisfy requiremenets presented at the very moment than it might aid in actual security on the long run.

AnuraApril 29, 2016 10:11 PM

@Thoth

I've used BouncyCastle before for a little project I had using ECC and AES-GCM. In terms of usability, it blew everything I had tried out of the water. I abandoned it just because I couldn't actually find a usable C library. The idea was to have a simple, standardized container format that could allow you to encrypt files using x.509 certificates while avoiding all the problems of PGP (large, complicated spec, too many options). I settled on using only the Suite B algorithms, which I thought were conveniently implemented in a lot of libraries already.

Key Exchange provided for ECDH using secp384r1, pre-shared symmetric keymat, and/or a passphrase; if you used the ECDH, it would always generate an ephemeral key, if you used a symmetric key/passphrase but not an asymmetric key it would generate a nonce (using both, the nonce is not necessary). I used PBKDF2 for key stretching for use with the passphrase, and the shared secret from ECDH would be hashed along with the PBKDF2 output and/or symmetric keymat, depending on what was provided. Authorship could be proved using a certificate for either an ECDH key, an ECDSA key, or both (both secp384r1 - the certificates could be specified for either signing or key exchange but not both), and AES-GCM was always used for encryption and authentication (with all headers, including sender certificate(s) being passed to the AAD, and the signature, if applicable, would include the MAC tag).

I first tried implementing it in C# since Microsoft had released libraries for all the algorithms I needed as part of their CryptoNextGen project, and I had a fondness for the language after using it at work. Microsoft, being Microsoft, decided to make it nigh impossible to extract the private key from a certificate, making it impossible for me to implement the ECDH key exchange. So I moved to C, which had plenty of libraries available. I couldn't find an obvious way to do what I needed with the OpenSSL API, and so I moved on to NSS and GnuTLS; I think NSS had yet to implement the algorithms or something (AES-GCM maybe?), and for GnuTLS I found I could only do what I wanted if I used undocumented functions. That was the case for everything I could find for C at the time; either it didn't implement the algorithms, or I couldn't figure out how to make it work for my use case.

So, I went back to C# with BouncyCastle, and had no problem getting it working. However, I never really trusted it. BC was always a bit obscure, especially the C# implementation. I put the project on hiatus until I could find a good C library that did what I wanted, even though I knew I could have gotten it working in C++ with Crypto++. That was about six months to a year before the Snowden leaks came out, at which point I no longer trusted Suite B and abandoned the idea completely.

In short, Crypto libraries in general are just plain crap.

AnuraApril 29, 2016 10:20 PM

Correction: "extract the private key from a certificate" should be "extract the private key from a PKCS #12 file" - of course you can't get a private key from a certificate.

ThothApril 29, 2016 10:49 PM

@Anura
I wanted to use BC on many instances and had to default to JCE or write my own crypto somewhere.

Since then I have stopped using BC and looked elsewhere...

Recently I am working on a project and needed to store RSA keypairs (for quick development) and I am baffled by the JCE Keystore, PKCS12, BC Keystore and whatever. I looked around and thought of writing my own simplified keystore but due to the amount of time needed to even write a simple keystore, I decided to store all the development private keys in simple PLAINTEXT file :D ... solves all the problem.

Talk about a security engineer writing security and being pushed into a corner needing to store private keys in PLAINTEXT.

Of course the actual deployment version would use a HSM to store private keys but for now I am happy with PLAINTEXT KEYS while in development mode !!!

By the way I am not storing them in ASN.1 or any weird format ... just plain Modulus and Exponentials in hexcode.

re: PBKDF2 Key Stretching

" I used PBKDF2 for key stretching for use with the passphrase, and the shared secret from ECDH would be hashed along with the PBKDF2 output and/or symmetric keymat, depending on what was provided."

For those whom have worked on crypto hardware programming, you know the tiny amount of RAM/EEPROM and CPU you have. PBKDF2 to stretch PINs and Passwords are downright luxury. The BCRYPT, SCRYPT and many other open source stretching algorithms are even more luxurious. What you can do is simply HMAC (Algo=SHA256, Key=Password/PIN, Message=[00, 00, 00, 00, 00, 00, 00, 00 ...... 00]) or maybe HMAC(SHA256, Key=Password/PIN, Message=[00,00...00], Iterate=10000) or the worse case just SHA-256/SHA-512 (anything above SHA256 is a luxury) and probably iterate it. Some applications requiring such limited resources might include PINPads for cards or tokens that require administrative modes without the power of a proper CPU (Intel, AMD) which the BCRYPT and SCRYPT are designed for.

re: MS CNG + Impossible Cert Extraction

"Microsoft, being Microsoft, decided to make it nigh impossible to extract the private key from a certificate"

Have you tried to read the RAM memory or maybe done a cold boot attack :D ?

I have bad memories implementing the Thales HSM with both CAPI and CNG. They are a chore to do and it leaves unpleasant stains in one's consciousness for the rest of your life.

re: BouncyCrap

That is generally true of most crypto libraries I have encountered. I have not yet tried the NaCL/Sodium libraries but from the review of it and it's KISS design and simple APIs, it looks promising.

AnuraApril 29, 2016 11:22 PM

@Thoth

"Have you tried to read the RAM memory or maybe done a cold boot attack :D ?"

This is why I long for the XP days. There isn't a problem you can't solve if you just assume your code will be run with administrator privileges.

MrCApril 30, 2016 12:02 AM

@ Grauhut:

"Whats the difference to having your physical front door 'hacked' by a SWAT team with a search warrant? :)"

1. It's **your** door. Kicking in a suspect's door may be a decent analogy for hacking the desktop PC sitting in his study; but it's not such a good analogy for hacking the server owned by an innocent hosting service that hosts a dozen sites belonging to innocent third parties, which contain data pertaining to thousands of their innocent customers, because one of the hosted sites got compromised and is being used for CnC by your suspect. A more apt analogy would be kicking down every door in a five-story apartment building to search for your suspect -- which is something that would clearly not pass Fourth Amendment muster. As compared to the physical world, it's harder -- often impossible -- to do a "search seizure by hacking" without riding roughshod over the rights of third parties not named in the warrant.

2. When a SWAT team kicks in your door, you've received a pretty unambiguous hint that this might be a good time to invoke your Fifth Amendment rights. By contrast, self-incrimination is pretty much unavoidable if they hack your PC and wait for you to damn yourself. We allow police to do this sort of thing in the context of wiretaps, but there's a difference that I think matters. With a wiretap request, the government's probable cause showing and the judge's attention are focused on the likelihood that certain future telephone calls are going to include incriminating statements. Under this proposed rule, the focus is on searching for and seizing evidence that already exists. This allows the FBI to pull a bait-and-switch on the judge, presenting the case for probable cause that hacking a given computer will turn up such-and-such presently extant evidence, but then using the warrant to effect what is basically a really invasive wiretap -- a wiretap that the judge might not have authorized if the government had straight-up asked for a wiretap.

3. When a judge authorizes a SWAT team to kick down your door, he or she has a pretty clear idea what he's authorizing -- a dozen burly bullies shattering precisely one 80" x 36" piece of oak. That's not so much the case with "remote access." Most magistrates are too technically illiterate to have the faintest clue what they're actually authorizing. Even the handful of magistrates who do understand technology* are going to find it impossible to draft warrants narrowly enough to prevent the FBI from creatively "interpreting" the text of the warrant to authorize broad fishing expeditions.

* There aren't very many of them, but those who do are really quite impressive. For instance, if they've got a civil case in which one party wants something put under seal as a trade secret, they'll ask for it to be delivered to chambers for evaluation in a truecrypt container.

DroneApril 30, 2016 4:31 AM

@Hamid,

For the "good RF detector" you are asking about, go here:

www.keysight.com

I suggest model N9952A with options 236, 312, & 330. Bring your check book.

Tor ExploitsApril 30, 2016 5:00 AM

The FBI now resorts to "The dog ate my homework" when asked to reveal zero days and other exploits for the Tor Browser in court cases - truly pathetic.

Note the former Tor developer who is central in all this and apparently helped take out the Silk Road.

news.softpedia.com/news/former-tor-developer-helped-the-fbi-by-creating-malware-to-go-after-tor-users-503504.shtml

Matthew Edman, a former core developer on the Tor Project, has helped the FBI after leaving the non-profit by creating the Torsploit malware used to deanonymize users of the Tor network

....

"The FBI "lost" the Torsploit source code"

Controversy ensued when one of the Dark Web suspects wanted his lawyers and technical experts to have a look at Torsploit so they could validate its mode of operation and accuracy.

The FBI's answer was similar to a fourth grader saying the dog ate his homework. FBI officials simply stated that they've lost the source code.

Edman's collaboration with the FBI continued, and he's been credited with helping the Bureau bring down the Silk Road marketplace, where it's been said that Edman had a key role, especially in tracking down Ross Ulbricht's Dark Web and Bitcoin transactions.

John CampbellApril 30, 2016 7:24 AM

More governmental tentacles...

Smart Guns.

Will their chips (somehow) include a remotely activated kill switch?

(Imagines a bluetooth receiver so police officers can broadcast "thou shalt not shoot" signal that disables all "smart" guns around them.)

Well, we can figure an EMP will disable them all...

Clive RobinsonApril 30, 2016 8:20 AM

@ Hamid,

Can anyone recommend a good RF detector?

For what purpose?

Some EM detectors are very good bit in very limited ways. A Narowband CW receiver in the shortwave bands can be very good for SWLs and various people involved in HF comms. But is of no real use for most other things.

The simplest "detector" is a diode that rectifies the alternating waveforms and drives a voltmeter to show the RMS value of the sum of the strongest signals in it's usable bandwidth. But it will not differentiate against multiple signals.

Give a bit more info on what you want to do and the answers will be of more use to you.

Bumble BeeApril 30, 2016 9:24 AM

Bumble Bee and squid friends have moved to the East Coast, by the Atlantic Ocean. After about the third or fourth contract put out on my life, I am sick and tired of the Pacific Coast.

rApril 30, 2016 10:05 AM

@John Campbell

Is that a double negative?

Disable the smart gun or disable the smart features? That's pretty scary, guns won't work after nuclear war... You won't find me buying something like that unless the failure mode is to disable the smart feature.

Clive RobinsonApril 30, 2016 10:34 AM

@ Anura,

In short, Crypto libraries in general are just plain crap.

There is a reason for this, and it's called "Putting the Cart before the Horse".

For a library to become popular it needs what the record industry call a "Hook". That is some reason to use it as oposed to some other library. Sometimes the author has "star credability" but in most cases they do not, thus plain and simple gets thrown out of the API early on and replaced with trying to be "all things to all men" (see the story of the object oriented toaster for what should but does not happen).

FOr years now I've been making noises that NIST needs to come up with a "Framework" standard not algorithm competitions...

ParkerApril 30, 2016 10:45 AM

@Hamid

What RF? Just detect or analyze?

You can get a 1GHz spectrum analyzer pretty cheap, make a probe yourself to sniff with. At the other end, check out SignalHound and BumbleBee. They're not cheap. Also look at ads in QST.

Nick PApril 30, 2016 11:15 AM

@ Grauhut

"Rinse, repeat! :)"
"They will fix several security defects with maximum severity
"high"."

I wonder if those affected LibreSSL or failed to affect it like most others. ;)

@ Thoth

"I wonder if Galois Inc (as a sponsor) would aid BC team to increase their software assurance "

I really doubt it. Their goal isn't really production applications so much as developing tools to make them. They do some demos and production code. Just usually short-term developments. For crypto, they already open-sourced both CRYPTOL and Ivory/Tower languages. These can be used to build embedded crypto. I bet CRYPTOL at least could be retargeted for use with Java or JavaCard.

"FipsKeyWrapperUsingSecureRandom wrapper =
wrapFact.createKeyWrapper(pubKey, FipsRSA.WRAP_OAEP)
.withSecureRandom(new SecureRandom());"

That's utterly horrific. I think this one line of code shows problems with crypto UX, library implementation, and Java itself. Maybe we need to keep it.

"and there are very few well made and simple to use crypto libs (NaCL and derivatives). "

Keybase switched to NaCl. See lower in post for latest on them. Anyway, the better stuff is at least getting adoption in visible places.

"For all crypto implementors and code cutters who don't need FIPS validation, do consider moving over to the NaCL et. al. "

I totally agree.

@ All

Check out Keybase's filesystem for automatic signing of shared files. Another cool deliverable from a company doing great work on usable PKI. I could critique things about the offerings. Instead, I say bookmark, test, and/or periodically visit their stuff just to later clone what seems to work in a high-security offering. They're doing an impressive job of building stuff people would want to *use*. :)

AnuraApril 30, 2016 12:23 PM

RE: NaCL/libsodium

I looked into NaCL in redeveloping my standard, but I'm just not comfortable using ECC as part of what I would intended to be a long-term standard. Right now, if I decided to give it another go, I would use ChaCha20 for encryption, RSA and Diffie-Hellman (2048bit key, minimum) for key exchange, RSA and DSA for signing (again, 2048-bit minimum), x.509 certificates, and HMAC-SHA256 for authentication.

It would actually be simpler to use HMAC-SHA256 than it would have been to use AES-GCM, because of the nasty little problem of the maximum length you could encrypt being in the realm of reality. The format was pretty simple. Off the top of my head (| denotes or, || denotes concatenation):

3 Byte File Signature
1 byte standard version - always 0x01
1 byte options flags
[recipient cert signature length||recipient signature]
[sender cert length||sender cert]
[signing cert length||signing cert]
[Ephemeral ECDH Public Key|Salt]
[PBKDF2 iterations||16-byte PBKDF2 Salt]
Encrypted/Authenticated or Plaintext Message
Signature

The options were:
0x01 Symmetric Key Exchange
0x02 Passphrase
0x04 Asymmetric Key Exchange
0x08 ECDH Sender Key
0x10 ECDSA Signature
0x20 Buffered Mode

0x04 must be set if 0x08 is set. If no key-exchange/symmetric key options are set, then the signature flag must be set (sign-only mode). Other than that any combination could be set. Buffered mode wrote the messages in length-prepended (LEB-128 encoded) chunks up to the maximum message (AAD+Plaintext) length AES-GCM could encrypt/authenticate (a little less than 64GB), with a 0-length block signifying the end of the data. The first chunk had the headers passed to AES-GCM as AAD, and each chunk had its own auth tag with the length passed to the AAD, and the last 64-bits of the IV (AES-GCM uses a 96-bit IV and 32-bit counter) was incremented by 1 - this is sufficient to ensure an attacker can't strip blocks out of the message.

In unbuffered mode, it is treated as one large blob, and the length was appended (as an 8-byte unsigned integer) instead of prepended, this is necessary because of the limitation of AES-GCM. Each 64GB chunk had its own MAC, and like before each chunk had the counter incremented, and then the length (plaintext) is treated as AAD for AES-GCM with zero-length plaintext. If you were signing, the whole shebang would be hashed, and the last however many bits were the signature.

If I was using ChaCha20+HMAC-256, then it simplifies unbuffered mode a lot because you don't have the limitations on message length. You just need to take care that the buffered mode includes a counter or the previous MAC tag in the message for the next chunk.

The point of all of this, is that by limiting the algorithms, and limiting the options, this standard could be written out in a few pages. Compare to PGP, which is a fucking mess of a 100 page standard. This is mainly because my standard focuses on doing just the pieces necessary for file encryption and signing and nothing more.

RelegatedApril 30, 2016 12:25 PM

There is evidence that Google and other search providers have been ordered by some unknown third parties to either block certain specific search terms from a targeted site or deliberately and arbitrarily relegate the site's content search ranking in terms of relevance to brought down to a level only the tiresome and thorough researcher will have the means the discover relevant content on the targeted site. In the end the targeted site will be as good as if it did not allow its content to be indexed by search engines. This is dangerous and troubling situation we find ourselves to Obama's Machiavellianism.

I think the drop visits to Wikipedia' articles on surveillance might be partly due to deliberate and malicious orders from the NSA to manipulate the search ranking of Wikipedia articles and thereby instead of being in the top ten results it would be relegated to maybe bottom of top 100 or even 1000 search results.

DanielApril 30, 2016 12:35 PM

@MrC

"A more apt analogy would be kicking down every door in a five-story apartment building to search for your suspect -- which is something that would clearly not pass Fourth Amendment muster."

Yes, that is a major problem. The change to Rule 41 essentially turns it into a mechanism that allows the courts to approve a general warrant (or a writ of assistance).

https://en.wikipedia.org/wiki/Writ_of_assistance


However, in my mind there is a bigger conceptual problem. Conceptually courts are courts of limited jurisdiction. This is why we have circuits courts and appellate courts. Indeed, the pedigree of the terms "circuit" is from judges riding a circle on horseback as they went into the hinterland to hear cases. This also gets into the legal concept of venue. In other words, it has always been understood that a judge can't hear the complaint of any two people who walk into his courtroom, his power to hear their complaint is circumscribed in some significant ways one of which was geography.

With this change to rule 41, these limitations on the judiciary fly out the window. So long as the Executive avers that the person is trying to hide something by "technological means" (a very broad phrase, which could include one's car) the court can then dodge all these historical limitations on its power. This will allow the Executive to go forum shopping and find judges who are friendly to its interests, and in doing so the independence of the judiciary as a check the Executive is significantly weakened.

GrauhutApril 30, 2016 1:24 PM

@MrC: "It's **your** door. Kicking in a suspect's door may be a decent analogy for hacking the desktop PC sitting in his study; but it's not such a good analogy for hacking the server owned by an innocent hosting service that hosts a dozen sites belonging to innocent third parties"

Would it make a difference if the cops hacked a vm / cloud instance and not the vm host? Or a rented server? Wouldnt that be **just my door**?

In the case of mass hosting sites, right, this is more like swatting a homeless shelter. Is it possible to get a warrant to swat such a shelter? ;)

(Never mind, we stand on the same side, but our arguments should stand a comparision to real world analogies. I just do some devils advocate work here... :)


@Nick Nothing visible yet! https://en.wikipedia.org/wiki/LibreSSL#1_March_2016

Everyone hoping and praying :)
https://twitter.com/hashtag/libressl

Bumble BeeApril 30, 2016 1:42 PM

@ Grauhut

Is it possible to get a warrant to swat such a shelter? ;)

Lol I think you're on the wrong side of the law for that, as well as completely out of your jurisdiction. You're an abusive boyfriend of some sort from somewhere and I refuse to dignify it with a four-letter acronym.

GrauhutApril 30, 2016 2:58 PM

@Bumble Bee, seems i have hit a weak point if you are crying! :)

The problem is that at least in the jurisdiction i live in swatting a shelter is legal. And it happens nearly daily, if i like it or not. http://archive.is/woWvd

There will be no appeal court judge ruling that federal hacking of mass hosting servers is illegal while swatting a shelter is. There are not special rights for us cyber folks.

What i want to say is: This is not a working argument! We need better ones.

JG4April 30, 2016 3:03 PM


My memory was sharper before the 9 cubic meters of beer. This only scratches the surface of what is possible. As I remarked at the Wright-Pat museum, "It's amazing what you can do with $15 trillion of R&D spending."

https://www.schneier.com/blog/archives/2015/10/friday_squid_bl_499.html#c6709471
...
The two recommendations that I have for exploring these possible cell phone behaviors are to use an RF receiver like the one described in Melissa's DEFCON (14?) talk, and to use ultrasonic microphones in proximity to cell phones to observe undocumented emissions of ultrasonic coding.

DVB-T Realtek RTL2832U
DEF CON 21 - Melissa Elliott - Noise Floor Exploring Unintentional Radio Emissions
https://www.youtube.com/watch?v=5N1C3WB8c0o

RioRand DVB-T USB Receiver & Low-Cost Software Defined Radio (SDR) - Realtek RTL2832U + Elonics FC0013-Based $13.50 + Free Shipping
http://www.amazon.com/RioRand-Receiver-Low-Cost-Software-Defined/dp/B008XFDHWW

as always, this is not an endorsement of Amazon, although I do like the part where they are fast and cheap

Clive RobinsonApril 30, 2016 4:33 PM

Looks like Iraq's "puppet" government has a lot more to worry about than IS. The "green zone" around various embassies, parliament and other government buildings has been invaded by Iraqi citizens fed up with the corupt politicians. So far it appears to be peaceful but all it takes is a small spark in the powder keg for it all to go up in smoke.

http://www.bbc.co.uk/news/world-middle-east-36176910

Senator HarumphApril 30, 2016 4:44 PM

@Clive:

Haven't you heard? Our politicians are going to "fix" the Meddle East. Hell, they can't even get Coke and Pepsi in the same restaurant.

I don't know about marijuana, but it's DEFINITELY time to take reality pills off the government's prohibited list.

Dan3264April 30, 2016 6:05 PM

@Thoth,
I know how you are feeling. I recently tried to understand the built-in Java crypto code(and to use it, of course). It is just too complex to understand in a short amount of time. I am not willing to spend the time needed to understand how to use everything in java.security (and most of the .class files in there are not intended to be used directly. Something about "engine classes" and "security providers" and other craziness. I just want to be able to easily use cryptography. Is that too much to ask for?). I am currently making a crypto library for my own private use. It doesn't matter if it is insecure as long as I can use it.

ianfApril 30, 2016 6:12 PM


While you were talking in tongues, the high-brow New Yorker magazine printed these (and plenty other) stories:

The Father of the Information Age Turns 1‍1001‍00

    Claude Shannon had a weakness for juggling and unicycles, but his fingerprints are on every electronic device we own. [by Siobhan Roberts]
http://www.newyorker.com/tech/elements/claude-shannon-the-father-of-the-information-age-turns-1100100


Why Digital Money Hasn't Killed Cash

    Digital currency hasn’t (yet) killed cash, especially the much prized hundred-dollar bill. [by Mark Gimein]
http://www.newyorker.com/business/currency/why-digital-money-hasnt-killed-cash


The Dice You Never Knew You Needed

    What do you use a hundred-and-twenty-sided die for? “We have no idea,” the inventors of the d120 say. [by Siobhan Roberts]

    Could it be of use to generate truly random one time pads (OTP) of sufficient seed complexity, and the like?—Duty Ed.
http://www.newyorker.com/tech/elements/the-dice-you-never-knew-you-needed


… among which are consecutive signals that the USA at large simply can't wait to become the truly fascist state of its dreams.

A Whistle-Blower Behind Bars

    What happens to a prisoner after he comes forward with an account of torture? [by Eyal Press]
http://www.newyorker.com/news/daily-comment/a-whistle-blower-behind-bars


Madness: The Torturing of Mentally Ill Prisoners

    The guards at a Florida correctional facility beat and starved inmates—and even killed one—but the psychiatric staff was too afraid to speak up [by Eyal Press] + podcast
http://www.newyorker.com/magazine/2016/05/02/the-torturing-of-mentally-ill-prisoners

ThothApril 30, 2016 7:39 PM

@Anura, Nick P, Dan3264
I was reading the Security Policy guide that would need to be included in the FIPS certification which will list the compliance areas.

I scrolled to the part which includes the FIPS requirement to destroy/zerorize Cryptographic Security Parameters (CSP - your keymat) and to any security engineer and cryptographer's horror it states in the SecPol report that it leaves the JVM garbage collector to handle CSPs.... that is a huge flaw because the Java GC is not in the control of the user, might do anything with the CSPs and may not trigger in time to destroy the CSPs in a controlled manner (zeroize) according to FIPS reuqirements and still has a green tick next to it !!!!

That makes me see red instantly and decide that the BC FIPS version is not fit for crypto whatsoever in the real world and whoever certifies FIPS for BC must be sleeping.

The reason is if you call the method to destroy CSP, it cannot be delayed and must be reliably to some extend immediately wiped wih at least a single pass of zero bytes. To simply call GC collector or maybe wait for GC to collect a CSP that needs to be immrdiately destroyed is totally unacceptable behaviour for FIPS requirements.

What could have at least been done is active overwriting of the key bytes with zeroes and then GC collect. It needs to be pointed out them for a VM based language like Java, attemoting the overwrite zero bytes on the CSP materials may not be accurate as the VM might schedule the resource without user control but a due diligence to zero shouls at least be made before calling GC instead of relying on GC.

In fact a VM based language may not always be suitable for security applications with the assumption that the VM needs to know that certain memory bytes are for sensitive use and need to have capabilities to handle the CSPs accordingly instead of just reallocating memory resource and GC stuff. Whether the JVM's GC actually knows how to handle CSPs is doubtful.

For the case of using Java or some VM languages that are not truely aware of need for secure memory sanitization (zeroize), it is quite doubtful of their security offerings hence the use case for using a specialized hardware crypto like a HSM to do the secure stuff and the host PC to do the relaying of commands to the HSM.

Noting that BC was only rated with Level 1 of FIPS, this is the lowest and weakest rating and thus is expected so.

Reading the SecPol and other FIPS related document BC wrote, they used hardware security compliance language for software secure products and it sounds very awful. One example of defining it's physical security boundary in the SecPol and BC simply wrote that the entire GDC (General Desktop Computer) is the physical cryotographic boundary which made me laugh. How would a GDC device be of any security to be considered a physical cryotographic bonudary secure enough. They might as well not label any physical boundaries and say it don't exist.

In general do not use hardware secure compliance to software secure compliance which is similar to not bringing a knife into a gun fight !!!

The FIPS CMVP program in general is a huge mistake as well since it has caused more confusion than true security (false senae of security).

@Anura
I think I would prefer RSA/traditional DH + AES-CBC-HMAC-SHA256 would be less complex and more readily available despite some known problems of CBC mode. An advantage is most smart card hardware still does not support GCM mode.

@Dan3264
Maybe a simple RSA, DH, AES-CBC, HMAC library with very focused utility like cryptobox function that NACL et.al. offers would be nice. No hassle use by forcing users to only call cryptobox function and with limited range of algorithms and functions for simplicity sake.

Nick PApril 30, 2016 8:00 PM

@ Thoth

"To simply call GC collector or maybe wait for GC to collect a CSP that needs to be immrdiately destroyed is totally unacceptable behaviour for FIPS requirements."

I agree. The evaluation criteria show their usefulness once again by telling us exactly what not to use. :) The suggestion to zeroize it before GC is a good one. Just gotta check that compiler doesn't make that go bye-bye during optimization.

"Noting that BC was only rated with Level 1 of FIPS, this is the lowest and weakest rating and thus is expected so."

Yep, yep.

@ Thoth, Anura

re RSA

I like that RSA is more well-understood. Yet, security evaluator Thomas Ptacek keeps warning against it in docs like this (see asymmetric sections). He points out you have to do a lot of work to use it securely with more places to screw up. Attacks are progressing against it faster than ECC. Alternatives exist without this risk. So, he recommends using them.

One of the few times where I agree with him. I think solution is an RSA setup where such is needed and a replacement. Safe defaults & easy usage for both NaCl-style. NaCl, of course, already provides that where you can use it. Maybe porting it to new platforms is the best start. If a Java platform, I say implement the Java version first and then directly implement bytecode from that by hand showing key things are done right. Same for CLR. Same for P-code so the Visual Basic 6 industry and academics using Pascal will be safe, too.

Dan3264April 30, 2016 8:20 PM

@Thoth,
That idea might work(meaning that it will work as long as I am willing to figure out how to use it). The thing I am working on is currently not doing what I want it to do(It does exactly what I tell it to do, but apparently that isn't what I want it to do). Public-Key cryptography is hard to do(I could probably do RSA pretty easily with the BigInteger class, but I am aiming for quantum-resistant algorithms).

ThothApril 30, 2016 8:25 PM

@Nick P, Anura

"Just gotta check that compiler doesn't make that go bye-bye during optimization."

An even more paranoid attempt is one pass random overwrite and then zero bytes overwrite once and then GC collect. I wonder if the random bytes overwrite would be "optimized" :D .

re: NaCL

There is already a few Java bindings (e.g. Kalium) and they use JNR binding to interface into the C codes. This way you call from the JVM to C environment which in the C environment you could do things like memory manipulation to PROPERLY WIPE/ZEROIZE the memory stack when needed instead of ... just calling GC and hope for the best ... LOL.

Still the NSA's bombshell regarding ECC being insecure is discomforting to know at least. Maybe DJB et. al. should really push for an investigation into Curve25519 to assure that nothing is wrong with Curve25519 despite NSA's ECC bombshell and to conclude what NSA might be hinting at with their hasty release of the ECC issue just to help settle those dust NSA stirred up due to their reports.

What could be done to improve the quality and assurance of RSA/PKCS1 implementations would likely be very useful. These may include listing logical boundaries in design circuits, expected behaviours, etc... in a very easy to understand manner for code cutters (something Galois Inc. might be interested) to do high assurance RSA/PKCS1 on the code implementation levels.

Link:
- https://github.com/abstractj/kalium

AnuraApril 30, 2016 9:22 PM

@Thoth

At the very least maybe there should be a push for larger curves. M-383 and M-511 are Montgomery curves like Curve25519, and should be more secure while being easier to implement securely like Curve25519 (see https://safecurves.cr.yp.to/ )

tyrApril 30, 2016 9:59 PM


@Clive

Nothing like a popular uprising to expose the core
of the farcial situation in Iraq. Once those folk
have seen the inside of the Green Zone and compared
it to their own situation you may see some real
fireworks take place. Ole W may have succeeded in
provoking real democracy in Iraq, but the beltway
bandits aren't going to like this a bit.

I do like the idea of "do not shoot" since the next
thing to do is force the police to buy those firearms
and sell every citizen the equipment to turn off
the cops guns. That would make a real difference in
the death rates among unarmed perps. Not every cop
victim is innocent but the current free fire zone on
civilians is a travesty that needs a solution like
that. If everyone around the cop thinks the shooting
is OK then it probably would be justified. Democratic
consensus enforced by technology, a utopian dream come
true.

It looks like the perfect application for the secure IoT,
what could possibly go wrong. : ^ )

ThothApril 30, 2016 11:51 PM

@Nick P
If you remembered last year the NSA cautioned on the development and use of NIST Suite B ECC ?

@Anura
Indeed we should be moving to larger curves but for now Curve25519 would still be the main NaCL preferred curve unless DJB adds the bigger curves into NaCL library and tweetnacl.

Nick PMay 1, 2016 12:13 AM

@ Thoth

That was mostly about quantum worries. They apply to RSA more than ECC. That threat model suggests trusting ECC more than RSA. Unfortunately, there's no one algorithm for public key that counters both classical and quantum attacks believably. It's why I talked about symmetric crypto a lot in my comment.

ThothMay 1, 2016 12:43 AM

@Nick P
Indeed. The better way is face to face exchange of a short codebook or codeword used as KEK for symmetric key establishment like how the NSA does it's EKMS systems.

Just as Matthew Green in 0ctober 2015 noted on the August 2015 incident when NSA advise critise the massive growth of ECC, the much safer options for now is RSA/DH until a post quantum suite of algorithms or people willing tobadopt symmetric key exstablisment on a face to face basis.

Link: http://blog.cryptographyengineering.com/2015/10/a-riddle-wrapped-in-curve.html?m=1

65535May 1, 2016 1:35 AM

@ Daniel

‘According to Wyden, the government could use this authority to “search thousands or millions of computers at once,” even when those computers belong to “the victims, not the perpetrators, of cybercrime.”

‘The rule changes also don’t specify that NIT warrants need to be restricted to searches of computers within the United States, according to Google’s legal director for law enforcement and information security, Richard Salgado. The Open Technology Institute (OTI), a technology policy group supported by many foundations and internet companies including Yahoo, Netflix, Facebook, Uber and Google, is objecting to the rule changes on multiple grounds. Perhaps most importantly, the OTI notes that Congress has never enacted legislation authorizing this kind of “government hacking.”’ – sophos

That is bad stuff.

@ MrC

“The real problem is that "remote access" means "government hacking," and that *any* rule authorizing hacking is a backdoor way of legitimizing a police behavior that is generally regarded as a criminal activity, that has never been authorized by Congress, that may have some significant constitutional problems,* and that really should only be allowed, if at all, after a robust public debate.”

“*I see two constitutional issues off the top of my head: 1. As a technological reality, this sort of hacking is often going to require making unauthorized access to systems and data belonging to people other than the suspect in order to get at the suspect's stuff (e.g., shared server hosting), and the rights of these non-suspect parties are not only not being protected here, but the problem doesn't even seem to be on the radar. 2. I think there's a Fifth Amendment issue in hacking the suspect's computer and waiting for him to incriminate himself. Add to these one major practical problem: While some magistrates are remarkably tech savvy, most are remarkably NOT-tech-savvy. This, coupled with the FBI's predilection for overreach, poses a real danger of magistrates unwittingly signing off on roving fishing expeditions.”

I agree. I just realized that this rule came from the US Supreme Court which is sworn to up hold the US constitution. It is doing the opposite and it smacks of political shenanigans [close to the election].

It appears that Justice Roberts is wiping his butt with the US Constitution… that is a fine mess.

I see more problems such as dirty tricks on political campaigns. Say, the opposition to a Congressman’s campaign hired Blackhat XXX. Then, Blackhat XXX puts code on the Congressman’s computers that resembles a botnet. The Opponent then gets the FBI or local police to infect the Congressman’s computers with their hacking malware and finds evidence of Campaign ill regularities. This action knocks the Congressman out of the race. Mission accomplished.

There could be many permutations to this blame the victim and infect the victims computer for a fishing expedition.

Next, is the rest of the major countries around the world who will emulate the USA and want to break into anybody’s computer. If this happens we will be in a quasi-world war.

Thanks a lot Justice Roberts for trying to instigate World War 3 over the internet. Other countries are watching your actions!

I wonder what the EFF thinks about this. I wonder what Emptywheel thinks about this.

Satan's AdvocateMay 1, 2016 1:51 AM

The Dual State Myth


Using the United States as an example, though this could well fit any country, I do not believe there is any manner of dual state.

Rather, the more simple is true. People do as they say and act. There are no unexplained mysteries in government, certainly not enough to claim there is some secret ruling cabal.

Yet, every culture always thinks this. All across history.

No society too small, no society too large.

It is just a symptom of collective wishcraft, or wishful thinking.

Something goes wrong in a society, like the plague, or famine, and people always look to someone not in the group to scapegoat.

This is why that you see the charge of "witch" leveled against innocent people across many languages and states of society. You see it in isolated tribes in New Guinea, and you see it in much of western history. If you open the context some, you really see it everywhere. In one form or another.

And they are always wrong. So, this means the probability of there being some secret ruling cabal, is extremely low.

These theories range all across the board.

- there is a cabal of witches
- your worst political group enemy is secretly controlling everything
- some secret group rules it all, those with a clearance level that no one else knows exist, embedded among all
- the human population was infiltrated in a very specifically mixed manner all across strata by an alien species
- lizard people
- the rapture doesn't come from the sky so you can see it, but is among you. Every other person was replaced with an exact doppelganger
- in some science fiction, these exact doppelgangers are biomorphic robots, in others they exist in a state of reality we don't even know about yet are more like living software code of the ether then some merely material construct

The Nazis and Soviets used "Jews" as the scapegoat. The Americans and British used "Commies" as the scapegoat. Communists used "capitalists" as the scapegoat. Protestant vs Catholics. One's race against another's. Religious affiliation, political affiliation. The illuminati. The skull and bones. The masons.

But, they are always wrong, because this is clearly not a rational process. It provides something very valuable to their ego. But it destroys themselves and society in engaging in it.

By definition wishcraft and wishful thinking are self-evidently not rational thinking processes. More like thinking processes driven by a desire for pleasure.

AnuraMay 1, 2016 2:01 AM

@Thoth

AES-CBC vs AES-GCM

I missed this earlier, but with reference to AES-CBC, I personally prefer block cipher modes to stream cipher modes for the simple reason that it's more difficult for an attacker to modify only specific bits (they can't achieve it without corrupting other bits as well). The problem is that every padding standard I know of leaves potential security issues for implementation. The ideal standard would be this:

When encrypting: Padding bytes *should* be chosen such that each byte is the number of plaintext bytes in the final block. The last byte *must* be chosen such that (last byte) mod (block size) = (number of plaintext bytes)

When decrypting: the (last byte) mod (blocksize in bytes) is the number of *plaintext* bytes in the message, other than that it must be assumed that all padding bytes are arbitrarily chosen.

This had two distinct advantages: There is no such thing as invalid padding, reducing the possibilities of padding oracles. The second is that when copying from the final block to the output, the length of the plaintext is the simplest possible computation (i.e. memcpy(dest,block,block[15]%16) is all you need, and guaranteed not to ever fail).

Satan's AdvocateMay 1, 2016 2:02 AM

@Hamid

What @drone suggested is sick.

I was about to say, it is expensive to get a scanner that goes far into the ghz. That one goes to fifty, which is insane. And down to 200khz, which is very nice.

With a cheap pi, cheap rtl-sdr, and free software qspectrumanalyzer, you can get a decent sweeper that can also analyze the frequency. Pi for portability and inexpensiveness. You can do heat map via google api, tied into a number of apps so as to even track down the source.

But, considering how cheap and safe it is to just aim a laser at your window, not so great.

Also with firmware hacks, a determined attacker can just enable your microphone and send it across the wire. Unless you are dead silent about your new toy, they will know you are using it and simply remotely turn the bug off.

If you are looking to explore IoT/wifi cams/etc, rtl-sdr will cover a lot of the more mainstream, cheap protocols. Which is a good place to start.

Though, for that, a lot of the interesting systems are legacy, eminently hackable, and simply relying on insecure wifi. With 'security by obscurity' as their modus operandi.


Satan's AdvocateMay 1, 2016 2:24 AM

@Tor Exploits

Unfortunately, he could have backdoored it in any way he could have injected a critical vulnerability which is very difficult to find. Or, a few very well crafted vulnerabilities which are chained together for a singular critical vulnerability.

Mole developers are very real things.

Some critical vulnerabilities go hidden for years, even in very deeply and frequently tested software. They can just be that obscure and difficult to find.

More complex a system, easier to do this.

The idea that some have that an intentional backdoor in code must actually look like a backdoor is absurd. Any manner of critical vulnerability which gives remote compromise suffices. And it gives substantial plausible deniability.

(Not in this case, though. Anything that guy wrote is suspect, and any serious vulnerabilities he may have contributed could chalked up as "intentional vulnerability". eg, installing a lock, with a simple flaw.)

HamidMay 1, 2016 2:35 AM

@Clive and others
I should clarify - simple detector of listening devices / cameras would be sufficient - no need for analysis at all only the location of the signal source

CuriousMay 1, 2016 3:24 AM

(About RFID shielding on credit cards, and how they maybe don't work as expected)

I am about to get a new credit card issued, because of how the old one has been damaged, and so as spoke to my bank for renewing the card, I ask about RFID tech on the card and the bank confirmed that newer cards comes with RFID functionality. Apparently they also told me something along the lines that this feature could be disabled by the bank if I wanted, though I told them I wouldn't trust that to work as expected, so I asked for a regulre one with RFID "included".

Anyway, so I am looking for a RFID blocking card holder (not wallet) and not knowing much about tech, I am a little surprised to be reading that aluminium in one instance supposedly did not properly work as a shield, though it seemed as if the user's card had to be brought much closer to the terminal for the card to register. The card in this instance supposedly did "connect" to the terminal even when shielded with some kind of aluminium product.

I guess a minimum test for using RFID shielding would be to simply try pay for stuff with the shielding covering the card, and ideally, for the people that knows how all this tech work, using instruments to get to a more detailed conclusion about the problem of RFID shielding of credit cards. And even then, I guess all things RFID would still work differently one way or another (nothing I know anything about), and I guess I sort of worry that maybe RFID hardware could be misused to aggressively scan for cards on demand across some greater distance.

CuriousMay 1, 2016 3:27 AM

To add to what I wrote:

Heh, I now wonder if the authorities in USA (or others) has some kind of gadget for aggressively scanning for detecting credit cards at longer distance using RFID tech.

ThothMay 1, 2016 3:44 AM

@Anura
Those techniques are useful on PC systems with good amount of resource. I usually work near constrainted security devices (HSM and smart card with few KB of RAM and EEPROM). For such an occassion I have actually tried writing a PKCS5/7 for smart card by hand abd from there I realize almost every other padding scheme if needed to be done on something constrainted needs three properties: compact padding, operate on byte words and easily defined and quantified into fix length blocks.

I dropped PKCS 5/7 because it adds additionally blocks if a block of data is filled and cannot fit the pads inside and this is a huge no no when your memory capacities are in terms of only KBs.

From there I experimented with other padding scheme which innclude ISO7816 padding scheme for smart cards. They operate in bits not bytes and this is a headache when your device wants you to program in bytes not bits !!!

Finally I settled with good old zero pad with a single Lc byte (Length counter in smart card parlance). That means I just need to sacrifice 1 byte for Lc and I can have both predictive fixed length padding thst will not suddenly append some additional bytes and also it is pretty easy to code them into the constrainted device.

Talking about padding, it took me 4 to 5 months of trail and error to settle on this scheme while designing my smart card programs and protocols.

Oh, and not to forget the shear simplicity of the zero pad + Lc means you can easily verify padding with a single glance and done by hand. Anything too complex or mathematical (e.g. calculating PKCS5/7 pads) would only violate the KISS principle when your eyes are staring hard at lines of thick and messy codes you need to squeeze into KBs of memory space in the allocated space of a smart card or HSM.

I sometimes feel that the standard crypto we take for granted (e.g. ASN.1 cert, SSL/TLS, PGP...) were not made for compact and constrainted implementation in mind but due to the standards requiring them, now the compact devices need to attempt to implement standards that were never intended for them and in consequence bubbling up vulnerabilities due to faulty and highly complex designs needing to squeeze into a couple KB of memory space ina HSM/Smartcard/TPM...etc...

AnuraMay 1, 2016 3:58 AM

@Thoth

"I dropped PKCS 5/7 because it adds additionally blocks if a block of data is filled and cannot fit the pads inside and this is a huge no no when your memory capacities are in terms of only KBs. "

I'm not sure I understand. There is no padding scheme imaginable that will work universally without the possibility of up to one extra block.

ThothMay 1, 2016 4:42 AM

@Anura
An example is a fixed length block protocol. If you are given a 128 byte space to fill a message including the pads, it must only fit 128 bytes and no more. Imagine you have just enough data to fill a 128 byte data space and you put it through a PKCS5/7 pad, you would end up with another small block.

In the sense of a 128 bit block cipher, you would have to add a small block of 128 bit pad if your data is filled completely. Given that you have a buffer of 128 bytes already filled with data and you have to add another 16 bytes of pad, you would effectively have a buffer overflow if you attempted.

The data could be split across to another message packet but this would mean sending two message packets instead of 1.

In the sense for zero pads with a length counter, you could simply specify the length in a header and the rest padded to zero and encrypted without needing another block.

Of course the main issue would have been planning the message packets in advance before crafting the protocol but in many circumstances, a lot of "standards" would not be suitable for constrainted environments.

Clive RobinsonMay 1, 2016 6:06 AM

@ Hamid,

simple detector of listening devices / cameras would be sufficient

Then the way you want to go is probably not an RF detector, but a transmission line mismatch / transducer detector.

Ask yourself the question "How do you shoot rabbits/foxes in the dark?". The answer is by shooting it between the eyes when it is looking at you.

Which begets the question "How do you know it's looking at you?" The answer is of course "red eye" and the game keeper calls the whole process "lamping".

Red eye is the common name for two effects many people have seen, first in photographs taken with a "flash" where people looking at the camera have "red pupils" in the photograph. The second is used in the "Cat's Eyes" road markings that get their name from people seeing to points of light in the distance when driving on unlit country roads.

A camera like the eye is a transducer with specific properties. One of which is it brings light into focus on a sensor. The sensor has inefficiencies like all energy converters, which results in some of the light being reflected back throug the lense back along the path of the light to the illumination source due to "180 degree internal reflection".

Thus to find a camera bug first, draw the shades/curtains, shut the door and turn out the lights. When the room is sufficiently dark you are at risk of walking into things due ti not seeing them you are ready to camera hunt. To do this put a powerfull light like a keyring or pencil "Mag-light" up against your temple with the beam pointing directly forward. Scan the room slowly by moving your body and head not your eyes, any camera that works in the visable light spectrum will "twinkle" pack at you irrespective of if it is on or off.

Some surveillance cameras try to stop this by using IR filters, however as I've described on this blog before there are fairly simple ways around that with quite cheap digital cameras that don't have the IR stop filters fitted. If your adversary can afford miniture Thermal Image / VLW-IR equipment, then it's probably game over anyway (the same with the THz immaging equipment that looks through walls).

All transducers suffer from inefficiency, it's required by the laws of thermodynamics, and likewise as transducers are most often passive devices, they can still be found when not powered up.

The hard question is how, as I noted earlier cameras use lenses to focus light down onto a sensor, the same is true for most other ambient sensors such as microphones. Such focusing is a form of transmission line. All transmission lines have charecteristics such as "time delay" and "load mismatch reflection". One method developed by the investigative journalist Duncan Campbell to check for "telephone bugs on the line"[1] used the principle of "Time Domain Reflectometry". Simplisticaly like radar it generates a very short high energy pulse, then looks for the echos in the "return waveform". Any modification of the phone line impedence will reflect energy from the pulse and the time delay will tell you how far down the line it is. The same technique is often used in radio and audio engebeering eqyipment to measure "return loss".

This works just as it did with red eye against microphones and antennas, though is harder to do. The important point to note is that just as with "Non linear junction detectors" and "Grid Dip Meters" that work sinilarly the equipment does not have to be powered up for it to be found.

Nor do these "Red Eye" methods get confused by complex RF modulation systems and Low Propadility of Intercept (burst transmission, spread spectrum, frequency hopping etc) radio techniques.

Finally as I described on this blog a few days ago, the other proplem with bugs etc is the issue of being "thermaly inconsistant" with the objects they are hidden in, thus you can find them with good quality Thermal Imagging Equipment and knowing about "thermal lag" amongst other things.

[1] The idea was stolen by MI5, (quite illegaly) when they staged a raid after their "hook switch" junping bugging technique failed and they heard strange clicking on the line. MI5 not only stole the equipment, they got Marconi to manufacture duplicates of it and sold it to other spying agencies and did not pay royalties on the idea as they should legaly have done.

Clive RobinsonMay 1, 2016 6:30 AM

@ Curious,

The card in this instance supposedly did "connect" to the terminal even when shielded with some kind of aluminium product.

This issue has been discussed a number of times before on this blog with if I remember correctly @65335 looking into using a cooking pot rather than the Ed Sbowden "fridge" method (or the riskier "microwave" method).

The thing to remember is what people call "shielding" works by "eddy currents" and is thus effected by "skin depth" and impedece / breaks in the conduction path and other odd effects like "slot antennas" and "waveguide" or "ducting" effects. Also you have to remember shielding effects the E not the H component of an EM signal.

Thus you need a good conductor at all frequencies that is unbroken (aluminium not to good due to oxide layer issues), around this you need an absorbing layer that is good at all frequencies and around this you need something like iron, nickle or chromium metals that block magnetic fields...

Thus you might be looking for a case made of certain stainless steels that have been copper coated as part of the process to put a "bright work" chrome finish on as the outer case inside of which is "carbon loaded" or similar foam used in RF test cells with a fine copper cloth/mesh inner liner...

There is a company called Rohde & Schwarz who describe themselves as "an independent manufacturer of test and measurement equipment" amongst their many products are sheilding products that are used by the better quality forensic examiners for the transportation of powered up mobile phones etc.

Nick PMay 1, 2016 7:24 AM

@ Satan's Advocate

re Dual State

You studied witches, lizards, and stuff to conclude there's no dual state? I suggest you review the evidence of dual state instead to make a more informed opinion, for or against. Let's simplify it:

1. Overt government groups with laws granting powers, having restrictions, results in courtroom, ability to challenge it, and sometimes prosecution of representatives that go too far.

2. Different groups that operate in secret, [semi-]arbitrarily ignore rights/restrictions, can cause harm to population, limited to no courts, and no prosecution of representatives that go too far.

There are clearly groups like 1 and 2 operating in the United States. The problem is, if No 2 exists, it's not a real democracy with due process as all that can disappear if a secret person says so. So, we live in a police state that uses No 1 to not look like one.

Dan3264May 1, 2016 9:29 AM

@Thoth,
To prevent the code from being "optimized" you could call ".hashCode()" on the key in between the overwrite passes(assuming the key is a object in java). Design ".hashCode()" to return a value that is dependent on all of the key data. Sum the ".hashCode()" values from every overwrite pass. Xor that value with the next random number used in the program. That would make sure that the overwrite code is not optimized out.

Rule 41May 1, 2016 9:57 AM

@Clive

Interesting re: RFID chips and tinfoil not working effectively. The internet consensus appears wrong - common sense is not common after all ;-). However, some testers report that tinfoil stops long distance RFID scanning i.e. from several feet away, with the read only occuring at around 1-2 inches from the reader. Interestingly the 'RFID shields' advertised seem to have about the same range.

Conclusion: The tinfoil hat brigade can use their technique if they are paranoid about long distance tracking.

@Satan's advocate

Also interesting re: mole developers & insights re: buried backdoors not being obvious for years. Thanks for the info. Never considered this possibility until now, but it seems an obvious tactic for the MIC now that you mentioned it.

I disagree with the secret cabal conclusion in your other post though. Surely the 'Cult of Intelligence' is the new cabal? Knowledge is power etc. Probably also explains why the SCOTUS is going full police state retard in its recent rulings i.e. every judge is owned and in the pocket of their new masters.

@All re: Rule 41 authorising remote hacks

The EFF is seriously concerned. Their conclusion:

https://www.eff.org/deeplinks/2016/04/rule-41-little-known-committee-proposes-grant-new-hacking-powers-government

The first part of this change would grant authority to practically any judge to issue a search warrant to remotely access, seize, or copy data relevant to a crime when a computer was using privacy-protective tools to safeguard one's location. Many different commonly used tools might fall into this category. For example, people who use Tor, folks running a Tor node, or people using a VPN would certainly be implicated. It might also extend to people who deny access to location data for smartphone apps because they don’t feel like sharing their location with ad networks. It could even include individuals who change the country setting in an online service, like folks who change the country settings of their Twitter profile in order to read uncensored Tweets.

........

The second part of the proposal is just as concerning. It would grant authorization to a judge to issue a search warrant for hacking, seizing, or otherwise infiltrating computers that may be part of a botnet. This means victims of malware could find themselves doubly infiltrated: their computers infected with malware and used to contribute to a botnet, and then government agents given free rein to remotely access their computers as part of the investigation. Even with the best of intentions, a government agent could well cause as much or even more harm to a computer through remote access than the malware that originally infected the computer. Malicious actors may even be able to hijack the malware the government uses to infiltrate botnets, because the government often doesn't design its malware securely. Government access to the computers of botnet victims also raises serious privacy concerns, as a wide range of sensitive, unrelated personal data could well be accessed during the investigation. This is a dangerous expansion of powers, and not something to be granted without any public debate on the topic.

Effectively, the World Police has decided that they will, after all, police the world's computers and hack Tor users, VPNs, and anybody obscuring their identity or data trail in any way whatsoever. Frankly it is chilling. Storing any personal data on computers now seems to be inadvisable. As per Qubes developer views, we need 'stateless' hardware and non-persistent VMs to become the defacto standard.

If I had a few billion dollars for R&D, I'd employ the Schneier crowd to develop this model as they saw fit:

http://blog.invisiblethings.org/papers/2015/state_harmful.pdf

The main principle introduced below is the requirement for the laptop hardware to be stateless, i.e. lacking any persistent storage. This includes it having no firmware-carrying flash memory chips. All the state is to be kept on an external, trusted device. This trusted device is envisioned to be of a small USB stick or SD card form factor.

Ergo SumMay 1, 2016 10:38 AM

@NickP...

Next, is the rest of the major countries around the world who will emulate the USA and want to break into anybody’s computer. If this happens we will be in a quasi-world war.

Thanks a lot Justice Roberts for trying to instigate World War 3 over the internet. Other countries are watching your actions!

Aren't we already there? By now, all nations have a "cyber division" in one form or another. While the stated intent of these divisions is protecting the country's critical infrastructure, prevent terrorism, rooting out pedophiles, etc., their main objective is to exploit targeted individuals, organization, businesses, etc.

Seems to me that the POTUS has updated the procedure for holding LEOs harmless for hacking anywhere in the world. That's probably the main reason for the change. Other countries either already have similar laws, or soon to enact one.

GrauhutMay 1, 2016 12:00 PM

@All anarchists here: Imho its time to build a net tech-trolls! :)

The three letter guys trust too much in the quality of metadata. Its time to kill this trust and poison some databases.

How much work would it make to patch the firmware of a cheap usb surf sticks so that it broadcasts IMEIs and SIM card numbers of other network members on continuously changing locations in the world?

Satan's AdvocateMay 1, 2016 1:40 PM

@Clive Robinson

I was really enjoying your response to Hamid, until you mentioned thermal. :(

Thermal (FLiR) Developer's Kit

https://www.sparkfun.com/products/13233

249.


Very poor resolution.

But it would work for basic surveillance.


However, while it can work well for outdoor, fuzzy surveillance. I think thermal would be absolutely terrible for indoor surveillance. Indoor, you would probably want to get any non-verbal cues, every form of body language and facial language, lip reading.


Satan's AdvocateMay 1, 2016 1:48 PM

@Grauhut

How much work would it make to patch the firmware of a cheap usb surf sticks so that it broadcasts IMEIs and SIM card numbers of other network members on continuously changing locations in the world?

I don't think it would be more difficult to hack up a gsm stick then to hack up a cell phone or embedded linux box. But, to do what you are asking would mean the systems actually get connected using false data and used. As they are upstream, I don't think that would have any meaningful effect.


Another problem here is that their database is already going to be rotten. Because people say all sorts of things in context and out. Grabbing everything everyone says all across the world and trying to make useful sense out of it is simply not the way to go.

Human beings are incredibly complex, and predicting the next big thing from distantly analyzing human beings data is just not going to happen.

If it could, they might as well just start investing. Because they would be able to know all the future successful businesses and the failures. All the next trends, and all the trends going out.


You are talking about people who spend a good portion of their life asleep or on the toilet. When they are not thinking about sex or their career.

Not exactly an army of perfect robots who see and know all.

Satan's AdvocateMay 1, 2016 3:02 PM

@Rule 41

Also interesting re: mole developers & insights re: buried backdoors not being obvious for years. Thanks for the info. Never considered this possibility until now, but it seems an obvious tactic for the MIC now that you mentioned it.

Defensively, this is the number one reason why governments with significant adversaries perform exhaustive code reviews and analysis on code which they depend on.

They are mole hunting.

Unfortunately, while they do find security vulnerabilities, it is near impossible to prove any are intentionally put there.

Code is just too complex, and many little errors can create one really hard to find critical vulnerability.

The bar for getting an agent into development on a product you want to compromise is about as high as getting an agent secretly embedded in a fast food joint.

But, do not think 'all is hopeless'. The bar is about equivalent in terms of getting someone on the supply side line for chips going into mass production.

It is about as hard to compromise the delivery of chips going into product as it is to compromise a food service line at your favorite junk food joint.


I disagree with the secret cabal conclusion in your other post though. Surely the 'Cult of Intelligence' is the new cabal? Knowledge is power etc. Probably also explains why the SCOTUS is going full police state retard in its recent rulings i.e. every judge is owned and in the pocket of their new masters.


It was rhetorical.

Though I did sneak in my own pet theory in the list. That people have been replaced with dopplegangers, intermixed through all society.

Don't let that ruin my above very plausible observations. :-)


But, yes, by all appearances, the superpower of the US is becoming the world's last great, black eagle.

You know, many states have outlawed video of cops as a felony offense, even if this video is taken where the cops have no expectation of privacy. Which is where it is needed most? Why would any state do that, if they were not corrupt. Criminal.

There are literally cases where a person did nothing but have on a helmet gopro cam, and get a felony charge because the cop came into their view.

Other states have enabled identity theft for the purposes of creating cover legends. How else will they create cover legends but by taking real people's identity?

The people don't even have to be arrested nor criminals for them to do this.

You look back on American history, and see all of this racism. (It is everywhere, but just to focus on that.) None of that changed easily. The same is true with police corruption.


What they should be doing is trying "not to be like those corrupt cops" of old. But, this seems to be the reverse of how they see things.

Like wherever corruption festers, people view themselves and their own groups actions flawless. Without error. That is part of the reason they join groups in the first place. So everyone can accept them, despite what they do and say.


This is probably why I prefer my vast delusions about the human race secretly having wide swaths of the populace replaced with virtual robots from Heaven, outerspace.

It comforts me to think that things really are Under Control.


GrauhutMay 1, 2016 3:06 PM

@Satans Advocate: "If it could, they might as well just start investing. Because they would be able to know all the future successful businesses and the failures. All the next trends, and all the trends going out."

They already invest if the "Working Group on Financial Markets" says they need to.

I am quite convinced there is already three letter data flowing into systems like Blackrocks Aladdin in order to help hedge the FEDs bad bank assets they manage.

EO 12631: "The heads of Executive departments, agencies, and independent instrumentalities shall, to the extent permitted by law, provide the Working Group such information as it may require".

Its just FININT and ECONINT, nothing special. The OES manages this.

http://en.citizendium.org/wiki/Intelligence_collection_management
http://www.historycommons.org/entity.jsp?entity=office_of_executive_support_1
http://www.heise.de/tp/artikel/7/7752/1.html

GrauhutMay 1, 2016 3:27 PM

@Satans Advocate: "But, to do what you are asking would mean the systems actually get connected using false data and used. As they are upstream, I don't think that would have any meaningful effect."

Of cause they would have to register to a cell tower. No need to make a call, this fake login would be transported and sniffed on the SS7 network, the login produces false inter provider location messages.

These would poison the three letter databases and produce costs, since human capital would be needed to clean up this mess. And this is the most expensive in this war against our privacy and dignity. :)

Satan's AdvocateMay 1, 2016 4:07 PM

Nick P • May 1, 2016 7:24 AM
@ Satan's Advocate re Dual State

You studied witches, lizards, and stuff to conclude there's no dual state? I suggest you review the evidence of dual state instead to make a more informed opinion, for or against. Let's simplify it:
1. Overt government groups with laws granting powers, having restrictions, results in courtroom, ability to challenge it, and sometimes prosecution of representatives that go too far.
2. Different groups that operate in secret, [semi-]arbitrarily ignore rights/restrictions, can cause harm to population, limited to no courts, and no prosecution of representatives that go too far.
There are clearly groups like 1 and 2 operating in the United States. The problem is, if No 2 exists, it's not a real democracy with due process as all that can disappear if a secret person says so. So, we live in a police state that uses No 1 to not look like one.

Well, you know, my day job is as a professional witchhunter, but I dabble on the side fighting magical dinosaurs.

So, I am kind of biased in this.


Unfortunately, magical beings are not in control of everything. Because they can use their magical powers to provide them minds and knowledge.

Something which already comes with being immortal. (The ancients were not incorrect, the only way to prove someone is a witch is to try and kill them. If they succeed, they are a witch. If they fail, then, well, they had the wrong suspect. "Kill them all and let God sort them out", is the saying power hungry human beings like to quote.)


Critics have the belief that human nature is flawed. That they are very, very prone to every manner of lose. Inaccuracy. Missing the shot. Sin.

So, you find your self a job as a cop or spy, or a manager of cops or spies. What else do you have to live for? Power provides them pleasure. They try and get what they can, while they can.


So, right, of course, there is loosely organized corruption. Cops and judges and spies and politicians are all of related groups. There is no fun for these sorts being "public servants", they are in it for the prestige and social acclaim.


Believing otherwise is naive.

That there are exceptions to this rule is meaningless, when they are exactly that. Exceptions to the average.


Tyranny always comes forward.

They are put in jobs which is beyond their level of capacity to fulfill. Morally.


Unfortunately, the number of groups with controlling influence are too many to count or even begin to name. Beyond the large subgroup of "cops and spies and soldiers and judges and elected and non-elected officials".

You want to appeal to them with what they so badly want to believe? So not difficult. Just go hyper conservative. Agree with them on the ever evident dangers hidden in the populace and the world. Join with them on their magical dinosaur and witch hunts. That is how you get to belong and rise.


You want to be their enemy? Go against any of these hyper conservative plans. Say there is no great enemy. Don't play their childish game.

Express concern that they, actually, might be the Stasi or Gestapo or KGB. That they might be the exact same manner of creature as who manages North Korea.

Even by implying they can not be trusted with total domestic surveillance systems, implies that there is serious doubt that they are or can not be just as those groups.

You can not be more offensive in a statement then that. And against a huge group, not singular individuals.


Long story short, there is no solution. Might as well let it all slide. Everyone knows there is no God, no angels, nothing. Not even bored extraterrestrial robots quietly sent like mars rover bots from a civilization a billion years ago.

We live, we die, and in between time, we hope to get our kicks while we can. As meaningless as even the most noble of pursuits were during our lives, all is as forgotten as the deeds and words of a tree falling in a forest which no one hears.

The famous are regaled for centuries, if not vilified. Neither matters to them anymore.


Satan's AdvocateMay 1, 2016 4:41 PM

@Grauhut

Of course, it is actually a priority for intelligence agencies to try and "figure out the world". But, if they are so incredibly smart... why, on earth, are the heads of America's law enforcement and intelligence going on, week after week, year after year, about how they are desperate to foremost backdoor all US technical products?

And they really started this right after Snowden. Snowden, OPM, Manning, and so many hacks happening, these all happened on their watch.

Which is a better example of just how stupid and inaccurate they are? Snowden, or OPM?

For that matter, we can really scroll up some here, and consider, that US Government has been sending as bad of a publicity message to other nations as they possibly can. And that for a very long time.

I hate to say it but I do not think they intended to collapse the financial markets in 2008. Nor did they intend for OPM to lose all data on their cleared workers. I certainly do not believe Snowden was part of their master plan.

And what would Iraq be looking like today if they just invested and trained Iraqis, instead of using the chance to pump up revenue for Halliburton and similar groups.

Or, for that matter, the ingenius detail of not separating the nation into three. Leaving the Sunni, Shia, and Kurd mess exactly how they found it.

America did get people on the moon. How that improve the quality of life for all. (It kind of did, I suppose, in a "do something because you can" way. Or, "look at what human beings can do".)

They have been instrumental in tech fields, and in cultural fields.

The later they do not exploit for changing the world or trying to win the global popularity vote. Instead, they go directly against it.


America has spread the wealth. It is an extremely diverse country. At any time, any place, I am likely to run in from people all over the world, often even more then second and better generation Americans.

They offshore tremendous opportunities, such as in the software market.


But, I do really believe that their databases of human correspondences are absolute crap. Some rules could be applied to narrow hunts for foreign spies and terrorists. Sure. Because those are entirely exceptional groups.

But, you know who is going to be creating and working on that? Die hard Republicans. Maybe some die hard Democrats. Which of these two major groups do not believe a whole ton of a crock of 'it just ain't so'?


This does not relieve the problem. It is actually because you can trust in their incompetence, that you can trust it won't be terrorists and foreign spies who are the enemies they find.

I don't think similar systems in previous nations ever found real enemies, either.

Enemies to corrupt systems, sure. Sometimes. Often, just innocent bystanders branded as such. Because people get off on showing power over other people.

Lording it over them.


GrauhutMay 1, 2016 5:07 PM

@Satans Advocate: "Well, you know, my day job is as a professional witchhunter... Long story short, there is no solution. Might as well let it all slide. Everyone knows there is no God, no angels, nothing."

Isnt it hard to hunt something if you believe in nothing?

Or is it simply too easy to present something as a "genuine witch"(tm) because the average witchhunt manager is braindead enough to accept anything and happily pays the bounty? ;)

The Next Aaron BarrMay 1, 2016 5:07 PM

@Tor exploits, Edman was not a 'core developer' of Tor. Edman worked on the obsolete user interface Vidalia and not the Tor codebase. Then he tried to get a job with Big Brother by saying he could sabotage Tor. Edman has no esoteric knowledge that would make him a fit for that job - no more than any other Internet plumber with a Ph.D. As it turned out, all Edman could think to do was fish for idiots who wrecked their Torbrowser by installing Flash. And that's when he was working for MITRE, who compile the CVE, after they help themselves to the worst of it. MITRE, who detailed high-powered Clouseaus to the gelded geezers of the 9/11 Commission. Publicizing Edman as a threat to Tor is straightforward Fear, Uncertainty, Doubt. That MITRE could sell FBI on Edman as a hacker says a lot about FBI's sad CNE skillz.

ianfMay 1, 2016 5:24 PM


OT: a Monday morning reflection followed by heavy-duty J'Accuse!

I just received an email from Amazon‍.‍com that began with these words:

Based on your recent activity, we thought you might be interested in this
[followed by cover, price, and description of a book, one of several that I indeed looked over recently].

I know that when I access, and now and then order books from their site, they keep a book-keeping[sic!] record of my visits, thus they know the topics that I happen to be interested in—but do these BOOK PEDDLERS FROM SEATTLE really have to be so obnoxious about it? Where did I sign that I concur to their regurgitation of my search history to remind me that I wasn't the good boy they expected me to be last time I came by? Has it not occurred to these marketing corporate yobs yet that by behaving in this fashion they effectively drive me away, and that judging by cumulative record of all my past visits, I probably use them mostly for comparison, and reputation (buyers' reviews) shopping? In fact, I get most of my books from the aptly named UK bookdepository‍.‍co‍‍.uk, which doesn't charge extra for worldwide p&p, yet manages to stay below list prices (the only negative being that they do not carry other data than author, title, year of publication and current—often clearance—price… which is why I "shop" for the rest at Amazon‍.‍com).

This concludes my kind diatribe. Now it's gloves-off time. Wael, I'm talking about/ down to you. HENCEFORTH YOU WILL ABSTAIN FROM POSTING LINKS TO VIDEOS WITHOUT CLEARLY LABELING THEM FIRST. NO EXCEPTIONALES, AMIGO. Some time ago I relented my resolve not to, and looked up what you could be meaning but had no words to express it. Baaaad choice. Now sodding YouTube pollutes my weekly "videos you might like" newsletter with TOMBSTONE outtakes. You seen one of them (=2 unshaven macho guys daring one another to draw first), you seen them all. And it's ALL YOUR DOING. What's next, I wonder, the Toy Story? Do not pooh-pooh this my desist or else.

GrauhutMay 1, 2016 5:29 PM

@devils advocate: "I don't think similar systems in previous nations ever found real enemies, either."

Define "real enemies"(tm), without resorting to dual state entities! :)

Rule 42May 1, 2016 6:46 PM

@R41

The EFF is basically an industry consortium. They don't see solutions that may involve AT&T losing profits to competitors.

WaelMay 1, 2016 6:53 PM

@ianf,

Henceforth you will abstain from posting links to videos without clearly labeling them first...

Okay, makes sense! You, in return, shall henceforth abandon typing in caps. Try to apply std::tolower() to all your strings before you post them. Additionally, you shall cease to abuse blockquotes so as not to confuse us.

65535May 1, 2016 7:26 PM

@ Clive & Curious

I have found that a .25 inch thick iron [or mostly iron] cooking pot with iron lid does stop cell phone signals. I have put as many 7 to 8, G2.5 to G4 cell phones in the pot, from children within the neighborhood and the phones go dark. They don’t get incoming calls.

I also reviewed YT videos of aluminum wrapped cell phones. I tried thin aluminum foil and it did not stop the cell phones from getting inbound calls.
Then I tried think aluminum foil of .9 to 1.0 mils thick wrapped about 7 to 8 times around the cell phone with a shinny surface and found that 1 mil thickness of aluminum foil wrapped around the phone many times does stop all inbound calls [inbound call are the simplest to measure].

“Standard household foil is typically 0.016 mm (0.63 mils) thick, and heavy duty household foil is typically 0.024 mm (0.94 mils). The foil is pliable, and can be readily bent or wrapped around objects. Thin foils are fragile and are sometimes laminated to other materials such as plastics or paper to make them more useful.” – Wikipedia

https://en.wikipedia.org/wiki/Aluminium_foil

@ Rule 41

“The key word here is “procedural.” By law, the rules and proposals are supposed to be procedural and must not change substantive rights.
“But the amendment to Rule 41 isn’t procedural at all. It creates new avenues for government hacking that were never approved by Congress.

“The proposal would grant a judge the ability to issue a warrant to remotely access, search, seize, or copy data when “the district where the media or information is located has been concealed through technological means” or when the media are on protected computers that have been “damaged without authorization and are located in five or more districts.” It would grant this authority to any judge in any district where activities related to the crime may have occurred.” –EFF

https://www.eff.org/deeplinks/2016/04/rule-41-little-known-committee-proposes-grant-new-hacking-powers-government

That is a good description of a bad rule.

I sense this new rule is very dangerous. Worse it is issued by the US Supreme Court. That is the very court sworn to uphold the US Constitution.

This new rule smacks of political shenanigans and is contrary to many parts of the US Constitution. I am extremely displeased with Justice Roberts. He should step down now!

JG4May 1, 2016 8:24 PM


I didn't explicitly point out that my reference to Melissa's DefCon talk was for Hamid. What is shocking is how cheap that software defined radio thumb stick is.

On the RFID credit card topic, it should be noted that any card that can be scanned at a distance of a couple of inches can be scanned at a distance of 10 meters, if a sufficiently large antenna/coupling device is used.

I was shocked that an access card worked even when wrapped in aluminum foil. Clive hit the nail on the head by pointing out that skin depth is related to frequency. If the data rate is a few bits per second or a few tens of bits per second, the eddy currents in foil damp out much more quickly than the field changes.

The magnetic field can be redirected around the card and aluminum foil by using mu metal. Aluminum foil may not be needed at all if a suitable magnetic shielding is in place:

Magnetic Shielding Foils
- High and Low Permeability Options Available
http://www.thorlabs.us/newgrouppage9.cfm?objectgroup_id=6065

Clive RobinsonMay 1, 2016 8:39 PM

@ Wael,

Regarding ianf, a thought for you...

    Where forout the scribe?

He posted the following,

ianf • May 1, 2016 5:24 PM

OT: a Monday morning reflection followed by heavy-duty J'Accuse!

I just received an email from Amazon‍.‍com that began with these words:

The date of the post is a Sunday late afternoon at the timezone the server is set to. But @ianf says,"a Monday morning reflection"...

But I'm posting at a quater to three in the morning UK time...

Now on the assumption he is probably not playing games --it can be hard work to keep up-- either he has no clue what time it is where he is, or he is a fairly early riser (I'll let you draw lines on the map to see why if you are not upto visuallising time zones at the drop of a hat ;-)

But his subject matter of buying books and from whom adds a little more light...

So as I know you like the odd short verse --so with appologies--...

    We seek his ear. We seek his hair. To net that dam, Old moaning Pimple head.

JG4May 1, 2016 9:59 PM


this should have some security implications

In proof we trust
Blockchain technology will revolutionise far more than money: it will change your life. Here’s how it actually works
by Dominic Frisby
https://aeon.co/essays/how-blockchain-will-revolutionise-far-more-than-money
...
Once your online reputation can be stored on the blockchain (ie not held by one company such as TripAdvisor, but decentralised) everyone will want a good one. The need to preserve and protect reputation will mean, simply, that people behave better. Sony is looking at ways to harness this whereby your education reputation is put on the blockchain – the grades you got at school, your university degree, your work experience, your qualifications, your resumé, the endorsements you receive from people you’ve done business with. LinkedIn is probably doing something similar. There is an obvious use for this in medical records too, but also in criminal records – not just for individuals, but for companies. If, say, a mining company has a bad reputation for polluting the environment, it might be less likely to win a commission for a project, or to get permission to build it.
...
Few have seen this coming, but this new technology is about to change the way we interact online. The revolution will not be televised, it will be cryptographically time-stamped on the blockchain. And the blockchain, originally devised to solve the conundrum of digital cash, could prove to be something much more significant: a digital Domesday Book for the 21st century, and so much more

Satan's AdvocateMay 1, 2016 10:42 PM

@Grauhut

@Satans Advocate: "Well, you know, my day job is as a professional witchhunter... Long story short, there is no solution. Might as well let it all slide. Everyone knows there is no God, no angels, nothing."
Isnt it hard to hunt something if you believe in nothing?
Or is it simply too easy to present something as a "genuine witch"(tm) because the average witchhunt manager is braindead enough to accept anything and happily pays the bounty? ;)

First of all, I do not exist. There are few nicks ppl can take and assure everyone understand's they are not real.

The one I took, is one of them.

So, devil's advocate of what? Is my view the opposite of what I am saying?

It is a mask.

I am a magical being.

Do you believe I am real, Grauhut?


To the topic, I find the scapegoats cultures get is very unique to their culture. Each culture produces their own favorite scapegoats. It is basic human behavior.

Scapegoats are created as a delusion from their strong us vs them beliefs.

Only right group does not have 'us vs them'.

@Grauhut

@devils advocate: "I don't think similar systems in previous nations ever found real enemies, either."
Define "real enemies"(tm), without resorting to dual state entities! :)

That is just it, a scapegoat is not real at all. And that is what they really look for.

Yes, there are people there, real people, suffering because of their oppressors. But the oppressing people do not see them nor their suffering, at all. They have their dream machine running while wide awake.

WaelMay 1, 2016 11:31 PM

@Clive Robinson,

Where forout the scribe?

I noticed the time as well. "Early morning" is a rather fuzzy range. It could start at 12:00AM and end at 7:00AM -- a range of 7 hours.

12:24 - 5:24 = 7:00
Server at UTC-6
Then he's at UTC+1 or more east. Anywhere between the UK and New Zealand...

bookdepository‍.‍couk, which doesn't charge extra for worldwide p&p

Sheds some light -- character set / encoding wise ... Also depends what editor he uses.

So as I know you like the odd short verse --so with appologies--...

Nice :) !
I also sometimes misspell "apologies". It needs to have a double 'P'.

AnuraMay 2, 2016 1:00 AM

@JG4

Blockchains will neither revolutionize money, nor will it be used for things like reputation (which is a horrible, dystopian idea in the first place). Bitcoins will never be more than a niche market; right now, it's just a crappy and difficult to use payment method that provides no advantages and tons of drawbacks unless you are trying to do something illegal; for this reason, it will never grow beyond that. Of course, the fact that it's based on a libertarian understanding of economic concepts made it doomed from the start as a currency in the first place.

ThothMay 2, 2016 1:51 AM

@Ergo Sum, Nick P
re: Aren't we heading to WW3 already ?

"Aren't we already there? By now, all nations have a "cyber division" in one form or another. While the stated intent of these divisions is protecting the country's critical infrastructure, prevent terrorism, rooting out pedophiles, etc., their main objective is to exploit targeted individuals, organization, businesses, etc."

We have to consider not all countries have "TRUE" Cyber Commands. Most of the nations in the world only have "Subordinate Commands" or simply the extension of the Will of those who are Powerful. Put it simply, think along the line of Lord of the Ring's One Ring concept where all the other Rings are slaves to the One Ring. Bring this over to the Defense Industry, there are only very few "Solutions Maker" who can manufacture the entire "Solution" without the inclusion of parts from someone else.

An example is the secure communications encryptors. Thales, Harris and a few powerful names have the capability to create their own crypto chips. If you look at Curtiss Wright and the smaller companies, they have to leverage off someone else chips to include into their "Solutions". What if .... the Big Boys decide to backdoor their chips and now all the other "Solutions" that rely on the backdoored chips and building blocks are all tainted along the line :) ???

How would you know your Cyber Command is not a (in)voluntary slave of one of the Big Bros (UK, USA, China, Russia ...) who have the absolute capability of producing their own building blocks and also have businesses that provides their (possibly tainted) building block into the "Solutions" to be supplied to their friends and others willing to pay ?

What is the likelihood that if one of the Big Bro's decide to launch an attack, they wouldn't use you as their proxy by sending a backdoor command of sorts to cause your system to automatically engage their targets on their behalf so that the blame falls on your "Slave" Cyber Command ?

Regarding the use of network based Data Diodes, the designs for the Data Diodes are actually rather simple and an example was done via the TFC project for civilian use (from @Markus Ottela's design ... hope I did not misspell your name yet again). If you look at the design from FoxIT or any other Data Diode, they are going to be supplied to your nation's Cyber Command (Slaves !!! AHEM) in a Black Box form and you wouldn't have access to the circuitry. They might even tamper resist the circuitry and I have known cases of nation states trying to pry open foreign supplied defense equipments and failed in their attempts.

How would you know these stuff are not tainted with some subtle backdoor that may look like accidental bugs in designs ? You could try all attempts to test them but most modern defense equipments come with tamper resistant designs specifically to prevent the owner from tampering and also to keep out attempts by attackers to tamper.

Who knows if a country accidentally pisses of one of the Big Bros, their F-16s or MiG 29s wouldn't be able to lift off their tarmac or wouldn't engage their weapons ?

Put it simply, the world has always been structured in an imbalance way where there are some more powerful than the rest and we might be heading into deep trouble due to manipulations as a result of using other nations as proxies. The Great Game never ended after WW1 & 2. The powers are simply shifting around.

JG4May 2, 2016 7:05 AM


It's pretty clear that money is a medium of exchange and store of value, or at least used to be. I've never tried bitcoin, but it seems like some efficient mechanism for exchange of electronic value would be useful on your planet.

I thought that there was a bible verse to the effect "what is whispered in secret will be shouted from the rooftops." cui bono?

http://www.zerohedge.com/news/2016-05-01/british-spies-among-thousands-names-exposed-following-massive-leak-largest-mid-east-
...
Some files had pictures of account holders from Facebook and LinkedIn, a potentially sensitive issue in a conservative country where privacy is valued.

ianfMay 2, 2016 7:17 AM


In a display of imitation being the sincerest form of flattery, Wael paraphrases (mongrelizes really, but I'm too sophisticaté to bring THAT up) my words to emit: “you shall henceforth abandon typing in caps. Try to apply std::tolower() to all your strings before you post them."

NO SALE. This is typing the prose, where letter case is both a signifier, embellishment, and column diversifier, not coding the code where case often is critical. I also refer you to our earlier mutual cross-licensing agreement regarding lexical/ typographical matters.


@ Clive & Wael

Rather than pinball, I see that ye gents are playing a game of… pinpoint, could it be a variant of "Where in San Diego Is Yours Truly." Any luck yet? (Wael: the range UK to NZ is in the [pin]ballpark). NOTE2SELF: work harder on sowing geo-fuzz, uncertainty, and doubt in the minds of so deserving. Out of curiosity, however, perhaps you could s.p.e.l.l. o.u.t. what MONUMENTAL insights were arrived at as a result of these your conclusions:

But his subject matter of buying books and from whom adds a little more light... […] Sheds some light -- character set / encoding wise ... Also depends what editor he uses.

p.s. if I disclosed that my mail-order bookseller of choice also responds to bookdepository‍.‍com, would that be tantamount to throwing a spanner into your mindworks?

    As for Clive's ambiguously short verse: am not going to fall for it, but have filed that away for the future. Remember that faux nursery rhyme games are a two-way street.

@ Anura, @JG4

Blockchains will neither revolutionize money […] Bitcoins will never be more than a niche market; right now, it's just a crappy and difficult to use payment method that provides no advantages and tons of drawbacks unless you are trying to do something illegal; for this reason, it will never grow beyond that. Of course, the fact that it's based on a libertarian vulgar misunderstanding of economic concepts made it doomed from the start as a currency in the first place.

Quite so. The overt advantage of democratizing the power over money transfers by cutting out the middleman is precisely why current stakeholders in that field, banks and other financial entities up to and including states, and collectives of states, can't allow it to happen. Therefore it seems perpetually doomed to be both a better mousetrap and an "also run."

The only logick way in which Bitcoin or similar could come to the fore would be in the wake of some global cataclysm of ELE-proportions that has nullified present money accrual mechanisms, and given way to physical product barter. From which a step up to Bitcoin would be more viable than gradually rebuilding physical money-lending frameworks. But even that is a long shot.

ianfMay 2, 2016 10:20 AM


OT: Catnip for SAS and US Special Forces

This reported in The Guardian as a new Guinness World Record, but, drunken yobs' interest aside, of wider potential for the MIC: Jet-Ski champion Franky Zapata used own invented jet-powered hoverboard device to fly a distance of over 2km, 50m above the Medi. His Flyboard Air can stay airborne for up to 10 minutes at a maximum speed of 150km/h (93m/h). The video shows him clearly outpacing trailing boat and jet-ski rescue craft below, while the device itself seems no larger than a suitcase (plus hardly a backpack); nor s.e.e.m.i.n.g.l.y. more difficult to control with posture, than an Earth-bound Segway (that's also used for military patrolling etc).

Well done, Frenchy… now expect an order of a dozen such units for field evaluation purposes, as it seems to have potential for military battlefield and liaison duty. It also could abet solving the last mile rapid advancement problem in localities where armored carriers/ Humvees would be out of the question, but where half a dozen such (rebranded) Personal Airborne Assault Hoverboard Unicorns launched inside a swarm of two dozen lookalike (collision avoiding) drone-with-inflatable-trooper-decoy figures to confuse the opposition, could be just the ticket. Plus, in 10 years' time it will become a Fast Forward to the Future commodity! http://gu.com/p/4tncg

ps. A decade or so years ago there was an attempt to speed up and extend the range of personal travel with the Springwalker Body Amplifier Exoskeleton. This 44s video of a working prototype nevertheless clearly shows why it went nowhere.

Who?May 2, 2016 11:16 AM

Thanks @keiner,

I found the chapter that addresses Internet and telecommunication issues enlightening, e.g.:

2. Each Party shall ensure that service suppliers of the other Party are permitted to:

(a) purchase or lease, and attach terminal or other equipment that interfaces with a public telecommunications network;
(b) provide services to individual or multiple end-users over leased or owned circuits;
(c) connect owned or leased circuits with public telecommunications networks and services
or with circuits leased or owned by another enterprise
;
(d) perform switching, signaling, processing, and conversion functions; and
(e) use operating protocols of their choice.

John CampbellMay 2, 2016 11:57 AM

@r: "Disable the smart gun or disable the smart features? That's pretty scary, guns won't work after nuclear war... You won't find me buying something like that unless the failure mode is to disable the smart feature."

Smart guns are to ensure inhibitions; A failure that keeps it from being able to fire is, to the politicians, a fail-safe mechanism.

Admittedly, in a Zombie Apocalypse, this does not strike me as a "safe" failure mode.

The real problem, of course, is so-called "smart" mechanisms to inhibit operation will be bypassed by those who are not planning to use it for "approved" purposes (IOW, penalize the law-abiding over the non-law-abiding).

We already have laws against USE of weapons...

WaelMay 2, 2016 1:37 PM

@ianf,

NO SALE. [...] I also refer you to our earlier mutual cross-licensing agreement regarding lexical/ typographical matters.

No sale, no sale! I'll post videos the way I see fit, then. Our earlier discussion was under a different context. I, for one, don't read caps. I skip them. When I see a blockquote, I expect that someone else is quoted (including quoting a previous post by the same poster.)

Clive RobinsonMay 2, 2016 6:10 PM

@ ianf,

As for Clive's ambiguously short verse: am not going to fall for it, but have filed that away for the future. Remember that faux nursery rhyme games are a two-way street.

The verse is short, but so was the original in 1903, it later got expanded... Thus you need to know what is and is not there to understand what lies beneath the prose, but it's not a line of Trollops.

As Wael knows from the past, more can be communicated by what is not said than what is said and will no doubt have located the message within it's borders.

HansiMay 2, 2016 6:16 PM

The list of people who have a backdoored rng is quite impressive...

http://phuctor.nosuchlabs.com/phuctored


"An RSA public key consists of a modulus n and an exponent e. Modulus n is a product of two large primes, p and q. If one knows p or q, one can derive the private key corresponding to the given public key.

A typical GPG public key contains one or more RSA moduli, depending on the number of sub-keys.

Under certain conditions, a public key modulus will share a common factor with an existing modulus belonging to someone else. This may happen if both keys were generated on a system with a thoroughly-broken entropy source, or if a particular GPG implementation has been back-doored.

Submit a GPG public key to determine if any of its moduli share a common factor with with the moduli of public keys already in our database. The test is a simple application of Euclid's GCD (Greatest Common Divisor) algorithm. You may wish to revisit your key's page later, as more keys with potential common factors accumulate in the system."

Dirk PraetMay 2, 2016 7:36 PM

@ ianf, @ Clive, @ Wael

Rather than pinball, I see that ye gents are playing a game of… pinpoint

No condescending remarks about pinball, please! I used to play tournaments and am still the undefeated champion in this ol' town here. My 437 million on Stern's "Pirates of the Carribean" even earned me a top 15 world ranking at some point.

WaelMay 2, 2016 9:23 PM

@ianf,

perhaps you could s.p.e.l.l. o.u.t. what monumental insights were arrived at as a result of these your conclusions...

Well, you're not using an English keyboard. I say you're Italiano.

p.s. if I disclosed that my mail-order bookseller of choice also responds to bookdepository‍.‍com, would that be tantamount to throwing a spanner into your mindworks?

I can't speak for @Clive Robinson. Me? Makes no difference.

@Dirk Praet,

I used to play tournaments and am still the undefeated champion in this ol' town here.

A man with many talents. I know @ianf has many hidden talents. I hope he finds one of them someday ;)

WaelMay 2, 2016 10:34 PM

@Clive Robinson,

Show some compassion!

more can be communicated by what is not said than what is said and will no doubt have located the message within it's borders.

@ianf,

Here is a hint!

ThothMay 3, 2016 12:33 AM

@all
A Self-Destructing Pattern-based Biometric Authentication Scheme
================================================

In the light of powerful organisations and agencies engaging in actions of harassment against individuals to coerce secret information to unlock detained devices (iPhone with TouchID in this case), the necessity to equip biometric capable devices equipped with security co-processors with secure wipe functionalities and self-destruct capability is paramount for the security of the individual and any accompanying secrets held within the device.

There are known cases of politicians communicating national secrets or sensitive information over COTS hardware bought off-the-streets/off-the-shelf from civilian vendors which makes it paramount for implementors to consider some levels of security in the event these off-the-streets devices are used for communication of sensitive secrets (i.e. Hillary Clinton's case of using her own COTS email server).

For the scheme to work, the device requires at least a Secure Execution Environment supported by hardware with fingerprint pattern biometric capabilities (e.g. Secure Enclave, ARM TrustZone, Smart Card with Bio-Template enabled ...etc...). A tamper resistant environment would provide higher security benefits as well.

A user would be required to enroll a particular finger for unlocking the device and also one or two more secondary fingers to act as a "Self-Destruct Indicator". In order to trigger a self-destruct under duress, the user would simply have to attempt the unlock with a registered finger that has been set aside as a "Self-Destruct Indicator". The software logic in the biometric template matching algorithm would always randomly decide whether to check for self-destruct before normal unlock or vice versa first in an attempt to prevent power line glitching attacks on the chip using the chip's HW-CSPRNG.

To prevent accidental self-destruct from occuring on the device, the user may setup an option to use multiple sets of fingerprints being scanned according to a fixed pattern or randomly scanned (as long as all or majority of the fingerprints used are registered as "Self-Destruct Indicators") in an attempt to prevent random fingerprint touches from triggering an actual self-destruct on the device.

Most fingerprint protected devices also come with a backup password/PIN/swipe pattern that could be used in case of failure to unlock a device with the correct fingerprint. There should also be considerations to include Self-Destruct features on password/PIN/swipe patterns in the event those who coerce knows of the existence of self-destructing fingeprint setups and decides to use password/PIN/swipe pattern which under these circumstances, all avenues for authentication must be protected with self-destruct features.

The down side is you have to remember extra passwords/PINs/swipe patterns in the event attackers decide to bypass the self-destructing fingerprint implementation which in this case, you can assign a significantly weaker password/PIN/swipe pattern as an alternate self-destruct trigger.

Link: http://arstechnica.com/tech-policy/2016/05/should-the-govt-be-able-to-force-you-to-open-your-phone-with-just-your-fingerprint/

Clive RobinsonMay 3, 2016 2:10 AM

@ Wael,

I can't speak for @Clive Robinson

How nice ;-)

Unlike,

    would that be tantamount to throwing a spanner into your mindworks?

Any way I could make the observation by that, which is someone is trying to hard, which begs the question why?

Hmmm Vexations and Recreations, to carry them around as such a load of old Babbage.

The thought occurs that "ianf" could be a four letter anagram, such as "Italian And Not French" but I have my doubts. After all it presupposes a certain mentality, that has a Romance for Language.

Clive RobinsonMay 3, 2016 3:18 AM

@ Thoth,

With regards the bio-metric -v- passphrase and a court demanding the use of a fingerprint.

As I've indicated many times in the past I dislike bio-metrics and the perverted thinking that goes behind them, which is just wrong at so many levels. This just adds another level of wrong thinking.

I worked out before I was a teenager many hundreds of moons ago how to fake fingerprints with things you could by in just about any supermarket in the western world. Unfortunatly demonstrating this lost me a nice job. The reason being people only want to hear upsides not downsides. Which highlights a major security failing across the entire tech industry, and worse causes other distorted thinking.

If you have "invented" something and have taken the idea to where you can demonstrate it you start to see $$$ signs. The last thing you want to hear is that the house you have built is one made of cards on shifting sands. And perhaps even more gauling to know that a child had invented the downfall of your invention before you had ever first thought of it, so you do what has been done in times past "kill the messenger" of bad news.

But this thinking goes further, back in times past someone came up with the idea of passwords, they have many failings but they are still with us. However people realised that other methods of security such as what we now call tokens might be better.

But for years the thinking was that you had to find the better mouse trap that would replace not augment existing systems. So systems turned up where you had the choice of one of several methods of identification. I can remember arguments I've had over using PK certificates and passwords not as I frequently got told "one or the other".

Which makes the last paragraph of the ARS article raise a wry smile,

In 2013, Hoffman noted that there is a simple solution to avoid this entire problem: use biometrics in conjunction with passcodes.

Which raises the question of just how much effort would be required to alow not just "conjunction" but "flexibly", "user configurably" as well?

After all I might want to use a different finger and different password at the various levels of a phones state. Thus say my right thumb and fifteen charecter password at powerup, just a swipe of my index finger to answer the phone, but another finger and say a numerical pin to unlock SMS usage, but something a lot more complicated to open the "smart phone" functions.

Whilst such functionality is probably not required by most people yet there are many that do for many reasons --such as those subject to abusive or oppressive behaviours by others-- and I'm sure many more will learn from life that such features are highly desirable.

One such feature morbid as it sounds is to do with "death rights" and "living wills". More and more people are finding that when loved ones die the data in their phones etc becomes unavailable. Thus the task of notifying people of a death or injury becomes difficult if not impossible if the phone book etc is only on the phone.

The question then arises as to why industry drags it's feet on such things, and how long it will take yo catch up with societal needs...

ThothMay 3, 2016 5:24 AM

@Clive Robsinson
I do not encourage biometrics either and I have also spoke against biometrics but as it seems, more and more push are towards the adoption of biometrics and it has been seemingly close to a necessity soon. It would be a useful additional defense (self-destruct fingerprints) for those who are already enrolled onto their phone's biometric scheme until they decide to switch over to PIN/Password.

For those who are still very attached to their fingerprints, maybe a scheme of sorts to self-destruct data using fingerprints I mentioned would at least help them a little.

Of course the final goal is hopefully to turn the tide and point out the problems with biometrics and go back to the old PIN/Password way but until then, the commercial and industrial push towards biometrics are getting stronger and louder in an effort to deliver false promises.

Until the day where higher assurance techniques can be introduced to the public in a meaningful and practical manner, it seems we have to "wait it out" and try to use what's best available for now.

ThothMay 3, 2016 6:09 AM

@Clive Robinson
Maybe the better idea for shorter passwords would be short 6 to 8 digit PIN but those would be easily bruteforced. To prevent bruteforce, a combination with a hardware secure element (PKI token) that allows short PINs and limited pin tries would be useful.

A modified login module that accepts a contact/contactless token/smart card with an external or embedded contact/contactless reader would be sufficient and the user simply presents a token and validates the token by entering the token's short PIN code (6 to 8 digits).

This would make PIN codes easily remembered and PIN codes can be reused (not advisable). The PIN tries would typically be hardware counters stored inside the token which bruteforce would be ineffective (causing the token to be disabled until a strong 48 bytes PUK code is used).

The applet software for the token can be inspected if open source applets are used and tokens in the form of "Open Platform" cards that allow users to install any applets and take control over the cards by setting their own Issuer Security Domain keys by themselves.

One example is the open source IsoApplet and the open source GIDSApplet (both are open source PKI applets for smart cards) can be downloaded and installed into your preferred "Open Platform" smart card and afterwards you select your own keys to lock the card from modification.

The thing left to do is create an open source login module that accepts smart card login from either or both open source applets and then users can use short PINs and PKI as much as they like. The trouble is always whipping out a card to unlock your phone unless you have a phone cover that have card pouches built in it.

Links:
- https://github.com/philipWendland/IsoApplet/
- https://github.com/vletoux/GidsApplet

Dirk PraetMay 3, 2016 6:56 AM

@ Thoth, @ Clive

... I have also spoke against biometrics but as it seems, more and more push are towards the adoption of biometrics and it has been seemingly close to a necessity soon. It would be a useful additional defense (self-destruct fingerprints) for those who are already enrolled onto their phone's biometric scheme until they decide to switch over to PIN/Password.

I find biometrics useful in dual authentication schemes only: something you have and something you know. The same combination could be used in a much needed self-destruct feature to prevent folks from accidentally wiping their phone, which ideally would involve a different fingerprint and a different pin code.

ThothMay 3, 2016 7:59 AM

@Dirk Praet
My scheme has a multiple finger and multiple scan scheme in case you prevent to scan different fingers randomly or via a sort of secret sequence to activate the self-destruct. It is sort of like a secret door tapping method. It should be viewed as a low security scheme (as with other biometrics that are used alone).

It really boils down to the level of security you want. Anything sensitive would require more than just self-destructing fingerprints and biometrics to protect. Ideally for something sensitive, you want to use a smart card (CAC, PIV, GIDS, PKI cards) with PIN/Password to authenticate the card to use a PKI key for challenge response unlocking features.

If you want to quickly unlock (with minimal security levels) and have "nothing to hide", then a fingerprint and probably a self-destructive sequence of fingerprint(s) would suffice.

ianfMay 3, 2016 9:17 AM


@ Clive Robinson comments this past weekend's popular Parliament-storming outrage in Iraq […] “Iraqi citizens fed up with the corrupt politicians. So far it appears to be peaceful but all it takes is a small spark in the powder keg for it all to go up in smoke.

Smoke, and then what? I saw this on BBC telly, too, but do not share your cautious—if it happened to be—optimism. An "Iraqi Spring" in the making has as much chance of a democratic outcome/ success, as did the Arab ditto [use one of 8 free monthly New Yorker articles to see the analogies in “How the Arab Spring Became the Arab Cataclysm,” and then follow that up with the most lucid theory to date of ISIS' sharia-law-and-order appeal for the affected downtrodden in the region. A sample from the latter: Rather than a state of nature where all war against all, [people in the region believe that] it's better to have a single ruler with a monopoly on violence, no matter how arbitrary. That's the appeal of the ISIS' caliphate—a strong government based on religious principles, able to bring somewhat predictable order to regions plagued by near-perpetual corruption and tribal wars; never mind that the reality later proves to be entirely different.

    For one reason or another the "Arab mentality" (in native lands/ settings) has no understanding of, much less respect for (Western-style) gradual evolutionary changes for the common good. Lacking those traditions, the only protest voicing options at grassroots' disposal are such of recurring violent, enough-is-enough/ boiling-over anarchic kind. Which in turn nearly always (thus far) has led to one strong-arm despotism being supplanted by another—and I am not solely talking of ME either!

Back in (by Senator Harumph aptly rebranded) Meddle East (no typo), while not much given to conservative opinion, I keep returning to one key text from 1989 that has not lost one ounce of applicability. That's “The Closed Circle: An Interpretation of the Arabs,” author David Pryce-Jones' earnest attempt to uncover (decode?) what makes the Arabs tick (IMV as impassioned a treatise as its opposite, “Orientalism” by Edward Saïd, could be termed hysterical indictment of eternal Occidental perfidy towards the Levant).

I already mentioned that book here once, but it stands to be promoted more; especially as I've just come across the best review of it yet—in itself a source of so many acute quotes, that this one barely registers: “the Western powers have naively sought to reduce the Palestinian question to one of real estate [which happens to be at odds with] the Islamic tenet that once a land has been claimed for Allah, it belongs in perpetuity to the faith.”


In turn, tyr adds to the pyre: “Nothing like a popular uprising to expose the core of the farcical situation in Iraq. Once those folk have seen the inside of the Green Zone and compared it to their own situation you may see some real fireworks take place.

Beware of what you wish for for third parties' sake, for they may yet get to experience your Answered Prayers on their own skin.

[…] “Ole W may have succeeded in provoking real democracy in Iraq…

The only thing Ole W ever succeeded with was destabilizing ME into creeping anarchies from which it may never recover. I.e. rather than the above closed circle, it now resembles a accelerating downward spiral… all in the name of fervent Progress & paid for by Willing American Taxpayer-Executioners (pace Daniel J. Goldhagen).

Perhaps THE lesson of post-WWII world, as amplified on 2001/09/11, is that the not inconsiderable American military might COUNTS FOR NOTHING when confronted with a mentality that the West itself has outgrown, and no longer has the stomach for its core value of an-eye-for-an-eye.

ianfMay 3, 2016 10:56 AM


@ Clive “As Wael knows from the past, more can be communicated by what is not said than what is said

So you are saying: absence is license for essence. Good luck, Wael, with implanting meaning into word spaces.


@ Dirk Praet What condescending remarks about pinball?

Certainly not from me… I've lost count of times that I wished other people, also here, would rather stick to pinball, snooker, foosball, or similar fields of their apparent expertise. Even if that meant losing the benefit of their acquaintance.

PINBALLWIZARDBONUS4U


@ Wael “you are not using an English keyboard

And you, sir, are vely pelceptive—as indeed it has been Made in China. As I write in 3 languages, I also constantly switch between virtual keyboard layouts, one of which may or may not be that Eyetalian in the Eye of Yer Beholder.

ianfMay 3, 2016 12:36 PM


Re: A Self-Destructing Pattern-based Biometric Authentication Scheme

@ Thoth's proposal slightly paraphrased and extended:

[…] Apart from the "Unlock finger," a [TouchID/equiv.] user COULD enroll one or more other fingers to act as "Self-Destruct Buttons" while acting under duress. That action would visibly "unlock" the device (to satisfy the interrogators), but provide no access to [all/ designated/ critical] user data, that are being wiped out.

Since not all onboard content is of equal importance, the user initially could be asked to approve a default selection of data-generating apps (or modify the list to suit) that will instantly be shredded at such (validated) "Self-Destruct time." The remaining non-critical (and/or designated decoy) data would then act as proof of compliance, while stalling any further inquiries. E. g. if using multiple mail accounts, at self-destruct time all but the preselected unimportant one are wiped out.

PS. many years ago I wrote to a credit card company that begun with transaction authorization by mailing a response code to one's preregistered mobile number (worldwide GSM), that if that happens under duress, then the rogue party probably also has access to my cell phone (as indeed happened in a few high profile cases). For that reason alone I suggested that a safer option would be to first have a "talking clock" spell out the code to a submitted landline home/ work phone, listen to any predefined audio confirmation ("seven two one four OK" for "received;" "NO" or white noise for "cancel transaction"). Only when the call not picked up, send it to a mobile number, and require a reply after a user-preset (thus secret) delay from the same handset.

They thanked me for my suggestions, complimented on caring for security, promised to get back to me, but never did. After a while they quit requiring that cell code authorization, though it's still present on their web pages.

Benjamin SchulzMay 3, 2016 1:25 PM

LoL, in http://phuctor.nosuchlabs.com/phuctored one has to search after apple....

Public Exponent 281479271743489 is NOT PRIME ! Modulus has mirrored low-order 32 bits !
User(s):
Apple Product Security ;


they have given Apple a faked random box.....

Who?May 3, 2016 2:00 PM

@ Benjamin Schulz

Indeed, 281479271743489 factors are 641, 65537 and 6700417.

It is being listed more than one hundred times, so I would start looking for a serious and widely deployed bug in software (libgcrypt?).

JacobMay 3, 2016 2:06 PM

Just another day in OpenSSL life Cycle..

1. Memory corruption on parsing X509 certs with a specially formed tag.
This bug comes alive just on parsing valid and legitimate certs provided by trusted CA (no kiddin')

2. A MITM attacker can use a padding oracle attack to decrypt traffic when the connection uses an AES CBC cipher and the server support AES-NI.


https://www.openssl.org/news/secadv/20160503.txt

tyrMay 3, 2016 2:38 PM


@ianf

The middle east is not the only area where the
purveyors of "western values" have failed to pay
attention with disastrous results. Many a 21st
century knob has the dimmest grasp of history or
geography. Link that up with the epistemological
cartoons that pass for understanding of other
religions and cultures, including in some cases
their own and you have a recipe for continuous
disaster of an epic scale. Most of the beltway
bandits can't tell you whether Joseph Goebbels
was in the first or second Nixon administration.

We'd be a lot better off if every school child
was given a map of the world to take home to mommy
and daddy so they could see what BRICS really
means. I don't believe in quantified suffering so
am not advocating any but also am not naive enough
to expect any sudden outbreak of rationality or
decent behaviors from any culture.

ThothMay 3, 2016 7:06 PM

@Benjamin Schulz, Who?
Exotic primes for RSA exponents with problematic crypto library are a bad idea. If the crypto lib is capable of PROPERLY generating and detecting primes, by all means use whatever exotic primes there are. Otherwise, for RSA operations, stick to the well known pre-calculated 0x010001 public exponent which never goes wrong.

Some may find using static well known public parameters as a danger but it is an even greater danger to pick the wrong parameters which shows the low quality of the crypto library and also hints at possibly dangerous crypto bugs in the poor quality crypto library.

FigureitoutMay 3, 2016 11:35 PM

Nick P
--You've mentioned in the past how you're "disappointed" in the American people about how we don't "rise up" and either implement new laws or forcibly throw out corrupt politicos. Lots of people say that but would never do anything themselves. Well, watched a decent documentary on the situation down in Mexico w/ the cartels. We all know how that is. Even completely innocent people that pose no threat to cartel get their heads cut off. My observations are, that it takes extremely stressful circumstances to start a movement like you see in the documentary. You reach a certain point in fear threshold where you just don't care anymore, it's either die sh*ting your pants or die fighting. That's what triggers these extreme responses. In one scene, you see an entire town of civilians drive out the Mexican "federales" in favor of a sort of civilian militia b/c they're known to be corrupt and will simply release the criminals back. You see some pragmatic individual rise up and unite a bunch of people and organize and begin to actually fight cartels and kill them and force them out of their neighborhoods. Whole towns scared to go against the various cartels show up to support him and the movement, the tide seems to be turning...

Then....it's all too predictable what happens next. I won't ruin it too much. The ending was quite a trip, and downright depressing. This is why the best way to fight IMO is technically (except in these areas you don't even have the safety to do that at all). It's on netflix if you have that.

https://en.wikipedia.org/wiki/Cartel_Land

Lotta BSMay 4, 2016 2:29 AM

Satans Advocate: Human beings are incredibly complex, and predicting the next big thing from distantly analyzing human beings data is just not going to happen.

The only logical explanation for deploying this is a controlled environment, what research scientists do, by managing input and observing output variables, which must be well-defined. As in the chicken'n'eggs dilemma, predicting the next thing is a rather pointless circular analogy, so it's more useful as a shaping or training exercise.

Satan's AdvocateMay 4, 2016 9:36 AM

@Lotta BS on Friday Squid Blogging: Global Squid Shortage:

[^^ Cute. And revealing.]


Satans Advocate wrote: Human beings are incredibly complex, and predicting the next big thing from distantly analyzing human beings data is just not going to happen.


@Lotta BS wrote: The only logical explanation for deploying this is a controlled environment, what research scientists do, by managing input and observing output variables, which must be well-defined. As in the chicken'n'eggs dilemma, predicting the next thing is a rather pointless circular analogy, so it's more useful as a shaping or training exercise.


Hah.


Researchers: So, if we get enough data consistently coming in, and have the capacity to archive as much of it as possible, we are quite sure we can come up with numerous very impressive, low false positive systems. Which systems, over time, will provide highly accurate results under found "good contexts". We believe we can find many very meaningful "good contexts" at a predictably progressive rate, so there will be good results over the next 3, 5, 10 years, and further on.

Management: Huh, what? Plain english.

Researchers: It might help us stop the next 911.

Management: What? Great?! Why didn't you say so! We are going to go to bat for you on this!

Just, first?

What is the dumbed down version the general public and politicians will understand?

Researchers:

Media: The government thinks if they are able to get all the data of the world, they can stop the next 911. Makes sense.

Public: Yes, yes! Trust everyone!

Other Public/Some Media: WTF! That is impossible. They are lying! I don't want to give them *my* data. [Godwin's Law automagically fires.]

JacobMay 4, 2016 1:48 PM

Just in - the best tweet so far this year:

----------------------------
Jeffrey Goldberg (@JeffreyGoldberg)
May 4, 2016

Tomorrow, Obama national security team will begin debating plan to arm moderate Republican rebels.
-------------------------------------------------

BytopiaMay 4, 2016 3:31 PM

A number of vulnerabilities has been found in ImageMagick:

http://www.openwall.com/lists/oss-security/2016/05/03/18
http://openwall.com/lists/oss-security/2016/05/03/13

There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

A number of image processing plugins depend on the ImageMagick
library, including, but not limited to, PHP's imagick, Ruby's rmagick
and paperclip, and nodejs's imagemagick.

ianfMay 4, 2016 6:18 PM


@ Thoth

re: Aren't we heading to WW3 already?
        […]

We have to consider not all countries have "TRUE" Cyber Commands.…

[Googletranslatingly] speaking of which: Sweden gets new military cyber command. (apt sarcastic comment THE WORLD TREMBLES deemed inappropriate in the circumstances).

    I presume that means that there now will be a Swedish CyberCommand Recruiting Booth at DefCon and similar Black/ GreyHat conferences, complete with cured-reindeer-meatballs-on-toothpick appetizers and imported sparkling Ramlosa mineral water, the latter said to cure mumps and gout, all-free to qualified callers!

ianfMay 4, 2016 7:03 PM


Engrossing panel discussion on "Muckraking journalists in cooperation for the Panama documents" [46 minutes, in English]. Posted on UR, the educational (C-SPAN-like) site of the Swedish Public Television SVT.

http://urplay.se/program/195325-ur-samtiden-grav-2016-gravande-samarbete-i-panamadokumenten

UR Samtiden - "Dig(?) 2016"
Download [46:12] http://pod.ur.se/media/195000-195999/195325-15.mp4

Available online until 15 October 2016

    370 journalists from 78 countries worked together for over eight months to review the 11 million of [what subsequently became known as] "Panama documents." In a world where money, companies and individuals operate globally, also investigative reporters must act like this. Here some of those journalists [talk about] how that work was done. Participants: Mar Cabra (ICIJ), Helena Bengtsson (The Guardian), Joachim Dyfvermark and John Kristjansson (SVT) Moderator: Fredrik Laurin.

Recorded April 9, 2016 at the Swedish Exhibition Centre, Gothenburg. Organizer: Association of investigative journalists. [imperfectly modified non-idiomatic mechanical translation; the three Swedes apparently also previously worked with the Snowden/ Greenwald data trove.]

RELATED from the SVT main site:

Read all NSA related articles in English

    All articles published by Uppdrag granskning relating to the Snowden documents will be published in English under this headline [documents dealing with hitherto unknown cooperation between the NSA and their Swedish counterpart(?) FRA and/or security services deemed of interest to Swedish public].

Last updated: 11 December 2015

http://www.svt.se/ug/read-all-articles-in-english

ThothMay 4, 2016 7:29 PM

@ianf
Do note that not all countries are capable of manufacturing and being self sufficient in their own capabilities.

If your nation uses equipment from another nation or if you produce your equipment using the building blocks from another nation, it is already compromised.

I thin the long time discussion about security designs like Castle and Prisons makes it rather clear that theae topics are applicable on a national cybercom security level.

We all know a ton of FPGAs and chips out there with only a handful of manufacturers like Xilinx, Intel and a few others mostly from USA. Whether these black box chips contain backdooe is unknown but researches have found backdoors in security chips. If you are going to build your own military comms or electronics equipment, it would be ideal you have your own national foundries and build your own chips and stuff but the fact is investing into your own foundries is very expensive and a huge effort not all nations are capable of.

The world's foundries are very limited (e.g. IBM foundries, Infineon, NXP, Samsung, Foxconn...). Similarly, military comms and electronics firms using building blocks from other bigger players are susceptible to backdoors. Just a note that Thales have a Nordic division there and they develop interesting high security commsec equipment but alas they are still part of the French corporation called Thales (and thus susceptible to French policies).

ianfMay 4, 2016 7:50 PM


> From the UhOh Dept.

See the top two-liner on this cover: http://goo.gl/ASAEEK

… then reflect on the mad trend to promote even yet unfinished product – not at all unlike premature releases of still—if ever somewhat fully—debugged software.

As for the book itself, judging by its description in The Guardian's Bookshop, "the way we die now" seems to be an ambitious long essay with little, if any, analogous semblance to Jessica Mitford's famous 1953 exposé of the thoroughly commercialized "American Way of Death".

    […] “Seamus O'Mahoney's thoughtful, moving and unforgettable book on the western way of death. Dying has never been more public, with celebrities writing detailed memoirs of their illness, but in private we have done our best to banish all thought of dying and made a good death increasingly difficult to achieve.

Nick PMay 4, 2016 11:48 PM

@ Wael, Clive

I recall you two were talking fecal transplants one night. I stayed out of that one. Yet, there's been a trend to try to use them for health purposes. On Slashdot, one person doing self-experimentation was an interesting, case study.

WaelMay 5, 2016 12:21 AM

@Nick P,

I recall you two were talking fecal transplants one night.

It's not wise to talk sh*t about me and @Clive Robinson in one sentence ;) Why don't you help my memory with a link to this atrocious subject matter?

Clive RobinsonMay 5, 2016 12:33 AM

@ Nick P,

Yet, there's been a trend to try to use them for health purposes.

On the health side I think there is little doubt that they "can" work, the problem is knowing what is safe and what is not (see history of blood transfusions as to the problems). Doctors are risk averse for various reasons, and Big Phama has no interest in investigating anything they can not patent (it's one of the reasons we are in the anti-biotic trap).

But the "ID by flora" is something I have been keeping my eye on. Whilst not totaly faux/psudo science. I personaly think it is like some of the more recent bio-metrics that get over hyped in the reliability / unvariability side.

As I've mentioned before I've a life long interest in beating supposadly "gold standard" evidence / identification systems because I've found that thay are mostly bogus as are much of the forensic measures beloved of the likes of the FBI... And I realy don't like the idea of people being subject to incarceration simply because it's a convenient step on somebody elses career or share options.

WaelMay 5, 2016 1:17 AM

@Clive Robinson, @Nick P,

bio-metrics that get over hyped in the reliability / unvariability side.

Biometrics are currently about convenience. When coupled with an appropriate network of security controls, they provide an adequate and acceptable security posture for several use cases that would otherwise present unnecessary "user friction". I anticipate that Biometrics will play more prominent roles in the not too distant future. As for ID by flora... Perhaps it has a use case in forensics, same applies to other forms of "invasive" Biometric techniques...

somebody_elseMay 5, 2016 1:49 AM

@Wael

Why don't you help my memory with a link to this atrocious subject matter?
It may be because @Nick P chose... poorly (with regards to the attribution of you).
Or perhaps that was deliberate -- In which case, hey Nick! I haven't forgotten about you.

I don't usually enjoy the long-form fluff pieces like this, but you hooked me stink-line-and-sinker with the refined skill that's usually reserved for semi-professional fishing boats! ;-)

I did spot a number of holes in the editing, experimental procedures, reporting, and qualified medical advice, although this was particularly interesting to me:

As a result, he was putting himself at risk for hepatitis, rotavirus, and a whole slew of other pathogens and parasites.
...
"Less than 3 percent of all of the donors that we screen end up qualifying as donors."
Now, I'm really wondering who these supposed 'pathogen-free' 3-percenters are...

A decade or two follow-up would be pretty interesting, I think. Will Zayner trade in his (punk?) Wu-Tang Clan T-shirt for a Jim Morrison or Justin Beiber one? What is 'Michael' like?? Is it possible to scientifically disentangle the 'placebo-effect' when the 'best-practice' guidelines probably involve seeking cohabitational or familial donors???

The best tidbit of information I gleaned from this article is the assumed fact that the Argonne National Laboratory will sequence genome samples for anyone at a price under $60USD!!

WaelMay 5, 2016 2:25 AM

@somebody_else,

but you hooked me stink-line-and-sinker...

Good! Better than swallowing it hook, line, and stinker ;)

Argonne National Laboratory will sequence genome samples for anyone at a price under $60USD!!

Save your money! It'll be free public information before you know it. Patience my friend, patience. Or you can visit Kuwait, they'll do it for free! Kuwait, by the way, had the best chocolate cake (gâteau, actually) that I ever had in my life. Nothing in the US, Europe, or Asia came close.

tyrMay 5, 2016 3:51 AM


That gives new meaning to two factor biometric
authentications. With a comp record of your diet
for the appropriate proceeding period, all you
have to do is present a stool sample to authenticate
the youness of your stool biometric. while gaining
access to your authentication port becomes a lot
more difficult in practice for those who aren't
cleared by you.

Nick PMay 5, 2016 9:48 AM

@ Wael

"Why don't you help my memory with a link to this atrocious subject matter? "

Oh yeah, so you can merge the shittiest discussions on the blog into one huge, cross-linked pile. I think not.

"I don't usually enjoy the long-form fluff pieces like this, but you hooked me stink-line-and-sinker with the refined skill that's usually reserved for semi-professional fishing boats! ;-)"

Well, that's where those reading skills I mention come in handy of skimming, going to conclusion first, and so on. In this case, conclusion is quite rewarding. Makes me want to do some statistically-significant replications with control groups. Might find a cure for my own stomach problems. Everyone's getting a blood test for HIV and shit first, though. ;)

"The best tidbit of information I gleaned from this article is the assumed fact that the Argonne National Laboratory will sequence genome samples for anyone at a price under $60USD!!"

Blew my mind, too.

@ Clive Robinson

"Whilst not totaly faux/psudo science. I personaly think it is like some of the more recent bio-metrics that get over hyped in the reliability / unvariability side."

Three biometrics that you won't see me use are sticking my tongue into anything (already exists), my shit (might be in motion), or sticking my dick in something. These are just asking for the worst, denial-of-service attacks you can imagine. Plus the worst someone else can imagine. Plus, I'm sure I can make a formal proof of non-recoverability for some of them.

ianfMay 5, 2016 2:52 PM


Here's a competition in the spirit of Alan Turing's Imitation Game that goes beyond mere Turing Test, and poses a question "what if algorithms went beyond their jobs as mediators of human culture and started to create culture themselves?"

    More specifically, what if piece of code/ custom algorithms were able to make a dance music mix (out of a given set of tracks and sound modifying techniques); write a sonnet; or a short story (either seeded with a word or a short phrase), and end them being judged as statistically indistinguishable from such created by a human?

What if this https://goo.gl/QBgPtj was a reality?

We'll find that out on/after the 18th of May when the submissions will be evaluated and judged.

More at: http://bregman.dartmouth.edu/turingtests/node/1

and

https://theconversation.com/looking-for-art-in-artificial-intelligence-56335

ThothMay 6, 2016 6:38 AM

@all
I have been looking through different PKI/File encryption capable smart cards and smart card standards and protocols and I come tk a conclusion then almost all PKI/File encryption smart cards ARE AS VULNERABLE AS NOT USING ONE !!!

The problem is very simple and has nothing to do with cipher strength, key sizes, RNG problems, smartcard architecture or whatsoever so complex. The problem with most smartcard PKI/File encryption applets is they simply only handle the use of the private key to sign file and decrypt files. The generation of the symmetric file encryption key is simply left to the vulnerable CPU not designed to be secure. All you need is an infected PC and the symmetric key to a message is comprimised. Who needs the private keys anyway unless you want to forge signatures otherwise exflitrating symmetric file and message keys on a normal Intel or AMD PC running Micro$oft, Mac, Linix et. al. can be within reach of ordinary criminals as well.

After inspecting numerous PKI applets and standards (e.g. OpenPGP smartcard standards, PkiApplet, GIDS standard ...etc...) I am very convinced that even if you were to use the oft hyped up smartcard protected keys, you are still as insecure as you never used it due to the symmetric message or file key existing even for a brief moment in the unprotected normal CPU.

Some arguments would call into question the necessity of doing symmetric key generation or secure loading into a smartcard due to he lower throughput speed to encrypt files and messages if both the symmetric and asymmetric keyed process were to be done in the tiny smartcard chip. Security comes with trade offs and speed is one trade off that is a necessity. The question of proper random generation for symmetric keys is valid as well thus a secure channel to side load symmetric keys should be part of future smartcard standards anf implementatiins besides processing both symmetric and asymmetric keyed process in the secure confines of the smartcard chip.

Just a note reading the GIDS standard is a standard mostly developed by Micro$oft with integration for Bitlocker encryption wih smartcards equipped with GIDS standard interfaces. That is to say, all Bitlocker encryption are likely to be vulnerable even with the use of smartcards to store the private key for wrapping the symmetric key. Users using Bitlocker with GIDS compliant smartcards are as good as vulnerable which all it takes is a script kiddy virus to listen to the CPU processes and RAM of the Windows machine.

For smartcard developers and standards architect, please mandate secure key loading for symmetric and asymmetric keys as well as processing all symmetric and asymmetric process with the smartcard chip AND STOP CUTTING CORNERS !!! I believe the reason these happened is due to convenience trade off as more modern smartcards come with crypto capabilites with NIST recommended key sizes and bigger (RSA 4096 bits, AES 256 bits ...etc...).

TatütataAugust 13, 2016 3:29 PM

A squiddy topic just jumped before my eyes (gotta catch'em all?):

Thailand wants to track you with a special tourist SIM card

It comes as the Thai military, which came to power in a 2014 coup, continues its crackdown on misbehaving tourists as well as during a time of high state surveillance of online activity throughout the country.

Under the plan, the SIM cards would include a feature that allowed mobile operators to track and locate users at any time, although there has been little detail about how exactly a tracking system would be implemented.

The plan was originally set to apply to all foreigners, including residents on long-term visas, but it has been scaled back to just tourists.

Takorn Tantasith, the secretary-general of Thailand’s National Broadcasting and Telecommunications Commission, denied the government was attempting to curtail civil liberties, and said the plan was designed to help catch criminals and assist tourists who ran into trouble.

Another outlet (Thailand sparks outrage with plan to track tourists’ phones) mentions earlier plans:

After the high-profile murder of two British tourists in 2014, the tourist minister floated the idea of giving visitors identification wristbands and local minders, ostensibly as a safety measure.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.