Friday Squid Blogging: How Squids See Color Despite Black-and-White Vision

It's chromatic aberration.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on July 8, 2016 at 4:09 PM • 143 Comments

Comments

Untitled*July 8, 2016 4:20 PM

With regard to the Dallas police sniper shootings,

https://www.washingtonpost.com/news/morning-mix/wp/2016/07/08/like-a-little-war-snipers-shoot-11-police-officers-during-dallas-protest-march-killing-five/

"The gunman was killed when police detonated a bomb-equipped robot."

Being killed by police for selling cd's or a few loose cigarettes is a terrible thing and so is killing police officers, but things are boiling. Nonetheless is anyone worried that the police are now equipping robots (and probably drones) with explosives to take out suspects? A lot could go wrong there. Of course this was Texas...

Ergo SumJuly 8, 2016 4:49 PM

@Untitled...

Nonetheless is anyone worried that the police are now equipping robots (and probably drones) with explosives to take out suspects? A lot could go wrong there. Of course this was Texas...

While there's plenty of reasons for picking on Texas, the chances are that most if not all states, cities, etc., police departments have this capability already...

InsightfullofitJuly 8, 2016 5:10 PM

@Ergo, Untitled, Curious


@Anura,
@YOUR DISCRETION SIR


The justice system has been renamed the just-us system and they've abdicated our right to a trial by a jury of our peers and thus our right to due process!

So by a trial by your peers they mean, whoever is standing directly over us right?

https://hardware.slashdot.org/story/16/07/08/1752214/using-a-bomb-robot-to-kill-a-suspect-is-an-unprecedented-shift-in-policing

Why did they not just gas him out?
Did they try?
Did they think to?

I remember the 2002 Russian Theater attack, where the FSB attempted to use AEROSOLIZED FENTANYL to subdue the hostages and terrorists...
So not everyone made it, AT LEAST THE RUSSIANS TRIED IN THAT CASE.

There's no antidote for a bomb.
Nobody even tried a tranquilizer gun strapped to the damn thing first?

LevJuly 8, 2016 5:14 PM

@Insightfullofit

Well; you cant have the patsy open up about who convinced him to do the act now can you. That might lead to some FBI agents; and then they might have to shoot someone in an interview in Florida to clean up the loose ends.

DanielJuly 8, 2016 5:17 PM

Regarding the drone in Dallas.

I am not surprised as I predicted this development a decade ago. The underlying problems are two fold. First there is the militarization of what were formerly civilian police forces. The second thing is that uses such as this case are justified as being "defense" but there is no such thing as a defensive weapon. Sooner or later the boundaries will be pushed. So let's be clear what this "bomb equipped robot" represents from a security point of view---it represent escalation. The question then becomes what is the end game for the escalation and do we really want to internalize psychologically a cultural state of MAD (mutually assured destruction) with in the USA.

Anonymous CowJuly 8, 2016 5:32 PM

@jdgalt

> T-Mobile gives a guy's SIM card ID to a hacker...

Can someone take over your account simply by knowing your SIM card ID? The way the story was told, I thought what T-Mobile did was to associate a different SIM card to the victim's account. Did I misunderstand what happened?

tyrJuly 8, 2016 5:55 PM


ianf will love Vanity Fair getting in the cyberwar
alarmist network.

: ^ )

ErJuly 8, 2016 6:06 PM

CECPQ1 in TLS

CECPQ1 is a post-quantum cipher suite: one that is designed to provide confidentiality even against an attacker who possesses a large quantum computer. It is a key-agreement algorithm plugged into TLS that combines X25519 and NewHope, a ring-learning-with-errors primitive. Even if NewHope turns out to be breakable, the X25519 key-agreement will ensure that it provides at least the security of our existing connections. This is only an experiment and will only be used on a small fraction of HTT

https://www.chromestatus.com/feature/5749214348836864

Also: https://eprint.iacr.org/2015/1092 and https://www.imperialviolet.org/2015/12/24/rlwe.html

________________________________________________________________________________


Experimenting with Post-Quantum Cryptography

https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html

July 7, 2016

Posted by Matt Braithwaite, Software Engineer

Quantum computers are a fundamentally different sort of computer that take advantage of aspects of quantum physics to solve certain sorts of problems dramatically faster than conventional computers can. While they will, no doubt, be of huge benefit in some areas of study, some of the problems that they are effective at solving are the ones that we use to secure digital communications. Specifically, if large quantum computers can be built then they may be able to break the asymmetric cryptographic primitives that are currently used in TLS, the security protocol behind HTTPS.

Quantum computers exist today but, for the moment, they are small and experimental, containing only a handful of quantum bits. It's not even certain that large machines will ever be built, although Google, IBM, Microsoft, Intel and others are working on it. (Adiabatic quantum computers, like the D-Wave computer that Google operates with NASA, can have large numbers of quantum bits, but currently solve fundamentally different problems.)

However, a hypothetical, future quantum computer would be able to retrospectively decrypt any internet communication that was recorded today, and many types of information need to remain confidential for decades. Thus even the possibility of a future quantum computer is something that we should be thinking about today.

Experimenting with Post-quantum cryptography in Chrome

The study of cryptographic primitives that remain secure even against quantum computers is called “post-quantum cryptography”. Today we're announcing an experiment in Chrome where a small fraction of connections between desktop Chrome and Google's servers will use a post-quantum key-exchange algorithm in addition to the elliptic-curve key-exchange algorithm that would typically be used. By adding a post-quantum algorithm on top of the existing one, we are able to experiment without affecting user security. The post-quantum algorithm might turn out to be breakable even with today's computers, in which case the elliptic-curve algorithm will still provide the best security that today’s technology can offer. Alternatively, if the post-quantum algorithm turns out to be secure then it'll protect the connection even against a future, quantum computer.

Our aims with this experiment are to highlight an area of research that Google believes to be important and to gain real-world experience with the larger data structures that post-quantum algorithms will likely require.

We're indebted to Erdem Alkim, Léo Ducas, Thomas Pöppelmann and Peter Schwabe, the researchers who developed “New Hope”, the post-quantum algorithm that we selected for this experiment. Their scheme looked to be the most promising post-quantum key-exchange when we investigated in December 2015. Their work builds upon earlier work by Bos, Costello, Naehrig and Stebila, and also on work by Lyubashevsky, Peikert and Regev.

We explicitly do not wish to make our selected post-quantum algorithm a de-facto standard. To this end we plan to discontinue this experiment within two years, hopefully by replacing it with something better. Since we selected New Hope, we've noted two promising papers in this space, which are welcome. Additionally, Google researchers, in collaboration with researchers from NXP, Microsoft, Centrum Wiskunde & Informatica and McMaster University, have just published another paper in this area. Practical research papers, such as these, are critical if cryptography is to have real-world impact.

This experiment is currently enabled in Chrome Canary and you can tell whether it's being used by opening the recently introduced Security Panel and looking for “CECPQ1”, for example on https://play.google.com/store. Not all Google domains will have it enabled and the experiment may appear and disappear a few times if any issues are found.

While it's still very early days for quantum computers, we're excited to begin preparing for them, and to help ensure our users' data will remain secure long into the future.

Manafort USAJuly 8, 2016 6:48 PM

Amid the floods of propaganda that will tell us what to think, the wurlitzer is not ever going to mention that there is a simple, rigorous way to investigate occurrences like last night. This.

https://www.academia.edu/8776021/The_Snipers_Massacre_on_the_Maidan_in_Ukraine

And find the criminals who did this thing. Who do it again and again. This is boilerplate strategia della tensione, recycled to ram through increased repression here at home. This was CIA.

ianfJuly 8, 2016 7:16 PM


Alas, tyr, no more. Was gifted a subscription once, kept it up out of pure inertia for some 10 years (liked the bg Hollywood gossip though), until one day woke up with unread, still shrink-wrapped, stack of VF issues this high,
         |
         |
         |
         |
         |
         |
         |
so quit renewing it. Can't muster up the courage to throw them out; can't find anyone to take them off my hands; have convinced myself that I'll clear that backlog when I retire, but suspect it'll be more convenient to simply "forget them" in the attic. So what was it you wanted confirmed from there, this ?
http://www.vanityfair.com/news/2016/07/are-we-at-the-start-of-a-tech-world-war

Ergo SumJuly 8, 2016 8:10 PM

@Daniel...

This was not a drone in its regular meaning, this was a remote controlled non-autonomous unit that defuses bombs. In another word, there was an officer behind the control, who said boom and it was over. How's this different from the DPD deploying snipers in the surrounding building and one of them would've taken the suspect out? Other than deploying the snipers probably would've been faster, I don't see a difference.

Miles ArcherJuly 8, 2016 8:12 PM

I'm curious about what experts think about the Ars article posted above about Google's attempt to improve https encryption.

Ergo SumJuly 8, 2016 8:15 PM

@Lev...

Well; you cant have the patsy open up about who convinced him to do the act now can you. That might lead to some FBI agents; and then they might have to shoot someone in an interview in Florida to clean up the loose ends.

Are you saying that the other three suspects in custody soon to be shot and/or they are FBI agents? Don't make laugh...


Mike BarnoJuly 8, 2016 8:29 PM

(1) @Daniel and others,

Soon the suicide-mission robots will experience psychosis and start making their own choices of targets. If this one was just the equivalent of a remote-control kids' backyard copter, rest assured that the equivalent of full-autopilot drones will soon be deployed in our cities.

(2) On topic: squid color vision,

So ... squids take advantage of LSD users' experience of seeing trails. Next we'll be seeing tie-dyed cuttlefish humming "Yellow Submarine".

rJuly 8, 2016 8:53 PM

@Ergo Sum,

The police involved, obviously didn't see a difference either. Don't they usually use armored escorts and shit for things like that?

FredJuly 8, 2016 9:04 PM

@ Er

Have you seen this site "Quantum for Quants"?
http://www.quantumforquants.org/

It has a great blog also. From there I found this: http://www.quantumplayground.net/

"Thanks to some ingenious engineers at Google, you can now turn your desktop PC into a quantum computer. Well, OK, not quite: You can simulate a quantum computer on your PC by running the Quantum Computing Playground web app for Chrome. The Playground allows you to run famous quantum algorithms, such as Grover’s, or even to write your own quantum script. Short of buying your own quantum computer — which, despite what D-Wave says, you can’t — this is the next best thing. If you’re looking to get in on the ground floor of the future of computing, this is your chance: If I had kids, I feel like it would be a disservice if I didn’t make them sit in front of the Playground for at least six hours a day to teach them the intricacies of quantum computing."
http://www.extremetech.com/extreme/182913-googles-quantum-computing-playground-turns-your-pc-into-a-quantum-computer

A GJuly 8, 2016 10:11 PM

Most of us here do it by trade - pretending to be stupid for money. In the security biz it's letting the client scope 'security' as fighting bad guys or threats or stupid shit like that. My hope is, at some point our host decides he's got enough fuck-you money and he stops putting up with these bullshit incomplete security concepts, infosec or natsec or whatever crap the beltway wants to hear. To think about security you have to work down from the most comprehensive concept, human security, and human security is rights.

http://www.washingtonsblog.com/2016/07/59404.html

Acknowledge that and you see the only threat is this criminal state.

ianfJuly 9, 2016 2:44 AM


@ Laurel “Let us remember: One book, one pen, one child, and one teacher can change the world.

Easy, now. Because if that's all that it takes, then so does a single bullet. Sound-bites are just terse slogans, and Malala Yousafzai's optimism, though endearing, is closer to the Shakespearean "words… words… words… words…" than not.

ianfJuly 9, 2016 4:00 AM


In other OT news, I am half-watching a "compressed" TV rerun of some very peculiar, apparently Great-Britainish perennial? periodical? pageant, whereby hordes of what looks like Elizabethan and Tudor theatre fancy costume dressers drag a bewildered pair of 90-year olds out of their beds, dress them up in hideous green frock and tails, then parade them FOR HOURS ON END through the streets of London, UK, in an open 2HP open buggy—I trust at least that one with discretely built-in porta-potties and under-seat heating.

Because stiff upper lip and all that, but Nature's calls and consequences can't be bought off with fanfare. The truly remarkable factoid about that event, is that these two nonagenarians APPARENTLY are happy and willing to be put through that operetta ordeal out of a sense of some imaginary "duty." Wonder if the woman actor's vague resemblance to the visage on UK stamps and coins could have something to do with it (latest update has it they only do it every 90th year—odd interval, but that's Albion for you!)

65535July 9, 2016 4:42 AM

@ Untitled, Insightfullofit, Daniel and others,

The robot bomb is a disturbing to people when used in a civilian setting. Will terrorist mimic this robot bomb?

[ABC News]

“For the past five years, one particular police robot manufacturer by RoboteX has been passed around at police special tactics conferences, said Rob McCarthy, the former senior supervisor and assistant commander of the LAPD SWAT team. They are small track vehicles, about 18 inches tall and a foot wide, weigh about 12 pounds and can go up to down stairs.

“Dallas police used a C-4 model to detonate the bomb… RoboteX model is being used in more than 800 police departments all over the country, said the company's president, Eric Ivers. McCarthy described the Dallas SWAT team as having "very progressive training." "It doesn't surprise me that they have this ability," he said. "[The robot] takes away some of the danger to deliver something that would be considered critical, in this case an explosive device." …RoboteX devices cost anywhere from $20,000 to $70,000, depending on how they're equipped, Ivers said. RoboteX is considered a lower-priced model, her added, with higher-end versions costing upwards in the hundreds of thousands. “ - CBS

http://abcnews.go.com/US/robot-bomb-kill-dallas-suspect-appears-time-tactic/story?id=40441517

[see RoboteX for police departments that use robot bombs]

‘Avatar III Tactical Robot’

“The AVATAR® III enhances the capabilities of SWAT and tactical response teams by allowing them to quickly and safely inspect dangerous situations, there is no longer a need to send personnel in before you’ve had a chance to assess the situation.” -RoboteX

‘Contact Us
‘Corporate Headquarters
‘433 Lakeside Dr.
‘Sunnyvale, CA 94085’

http://robotex.com/products/

[and]

http://www.robotex.com/

Not first time use of police bombings – prior use of police bombs caused huge fire

[NYT]

“PHILADELPHIA, May 13 [1985] — A state police helicopter this evening dropped a bomb on a house occupied by an armed group after a 24-hour siege involving gun battles.

“A 90-minute shootout this morning came after a week of growing tension between the city and the group, known as Move. Residents in the western Philadelphia neighborhood had complained about the group for years. The only known survivors from within the house were a woman and a child. The fire spread to 50 to 60 other houses in the neighborhood, said the Fire Commissioner, William Richmond. He declared the fire under control about 11:40 P.M. “ -NYT

http://www.nytimes.com/1985/05/14/us/police-drop-bomb-on-radicals-home-in-philadelphia.html?pagewanted=all

This is not proportional use of police force against civilians. What is next, drones and air to ground missiles? I believe police with bombs will end badly.

AlanSJuly 9, 2016 8:21 AM

US veterans on Chilcot: we need our own inquiry to avoid repeating mistakes

Congressional reports have shown that the US invasion was based on faulty intelligence, but none were as crushing as Chilcot, which provoked the mother of a British soldier killed in the war to declare former British prime minister Tony Blair the “world’s worst terrorist”. The inquiry found that President George W Bush and his aides exaggerated intelligence to make a case for invading Iraq, and that planning and preparations for Iraq after Saddam were “wholly inadequate”. “The fact that we haven’t done a report like that – and there haven’t been any moves to do that – makes it a whole hell of a lot more likely that we are going to go right down the same road and make the same mistakes we did less than 13 years ago,” said Howard....But the response to Chilcot, which supported allegations that the invasion helped spawn terrorist groups like Islamic State, was muted in the US. Iraq and Afghanistan Veterans of America, a prominent not-for-profit group, did not have a comment on the report.

AlanSJuly 9, 2016 8:28 AM

After invading Iraq 13 years ago the US is still making the same mistakes

With the Iraq invasion 13 years behind us, one thing is for sure: you can turn on Sunday morning television and see an Iraq war advocate – whether it’s a politician or pundit or a journalist – eagerly explaining why we should throw ourselves into our next war and no one will blink an eye.

Interesting that the response in the US and the UK is so different. A large section of the population in the UK thinks Blair should be prosecuted as a war criminal.

LaurelJuly 9, 2016 9:27 AM

@ ianf

Guardian.com article

"Well, I believe in these things, too, but if someone put a bullet in my head I suspect I would be more than a little irate. Doesn't [Malala] feel at all angry? "I only get angry at my brothers, and at my father," she says. Particularly her brother Khushal, who is two years younger than her. "I can't be good to him, it's impossible. We can't ever be friends," she says, sounding like the teenager she is.”

Years without Nobel Prizes: "Since the start, in 1901, there are some years when the Nobel Prizes have not been awarded. The total number of times are 49. Most of them during World War I (1914-1918) and II (1939-1945). In the statutes of the Nobel Foundation it says: "If none of the works under consideration is found to be of the importance indicated in the first paragraph, the prize money shall be reserved until the following year. If, even then, the prize cannot be awarded, the amount shall be added to the Foundation's restricted funds."."

All Nobel Prizes: Literature has a category of its own. Choices for prize money (amount for 2016 is set at Swedish kronor (SEK) 8.0 million per full Nobel Prize): Physics, Chemistry, Medicine, Literature, Peace, Economic Studies.

Exchange rate (adjust for your country’s currency)

Pomp & CircumcisionJuly 9, 2016 9:29 AM

@ianf

You owe me a new keyboard AND a coffee refill. AUTHOR! AUTHOR!

albertJuly 9, 2016 10:12 AM

Re:

Arse Technika story (http://arstechnica.com/tech-policy/2016/07/is-it-ok-to-send-a-police-robot-to-deliver-a-bomb-to-kill-an-active-shooter/)

A bit of editorialiizng in the link.

How clever.

BTW, the answer is 'yes'. Police are authorized to use deadly force in such situations, provided innocent folks will not be injured.

From the article: "...The death of Johnson raises new questions about the appropriate limits of drone technology outside of the theater of an overseas war..."

Raises new questions in whom? It's a freakin' -robot-.

Isn't the real question" 'What can be done about -abuses- of drones?'

Gimme a break.

. .. . .. --- ....

My 2 CentsJuly 9, 2016 1:36 PM

Whilst exploring the possibilities of using bitcoin I found it was difficult to connect to most any website regarding bitcoin, BECAUSE:

There were Clouflare captchas and outright 403's and 404's everywhere. Huh? Seems almost all bitcoin sites have been recruited by Cloudflare, because: SECURITY.

However, as we all know Cloudflare security is based on the classic Man in the Middle SSL exploit. Thus, Cloudflare is seeing whatever you do in plaintext. ? So, whose security are they protecting, anyway?

Meanwhile, the Cloudflare choke point becomes a prime target for criminal and government hackers and crackers. Or, maybe simply a full feed node.

I need to think this one through a bit more.

QuigleyJuly 9, 2016 8:43 PM

@AlanS

Hi, America here. Just wanted to let you know a large section of the US population thinks Bush/Obama should also be prosecuted as war criminals as well. I only mention it because I kind of got the feeling you might be confusing our leadership and/or media with our citizenry.

"After invading Iraq 13 years ago the US is still making the same mistakes"

The US military/government has been making these "same mistakes" for much, much longer than 13 years. Perhaps at some point the public might decide to pay more attention to what it is that these military actions consistently accomplish - and to who's financial benefit - rather than how they deviate from their publicly stated goals.

tyrJuly 9, 2016 9:17 PM


@ianf

Thanks I was far too disinterested in VF myself
to find that link.

@the usual suspects

This is worth reading and maybe worth thinking
about in more depth. The security implications
should give everybody real nightmares.

https://www.edge.org/conversation/neil_gershenfeld-digital-reality

A fab lab in every pocket and by branching out
you get your own biofab lab so everyone can be
a genetic engineer in their spare time.

GurkaJuly 9, 2016 9:34 PM

Ahh, two vision-related stories in a short time span!

I'm a little bit puzzled by the angle of the articles discussing new insight in Cephalopod vision. I do not recognize the "consensus" that squids have black-and-white vision in the first place. What they do have, is a mechanism quite unlike ours, with specific cone cell types for distinct spectra. What they have is generally rhabdons with a few receptor cells. This resemble of the compound eyes of some arthropods, who have rhabdoms in their ommatidia, a single unit of the compound eye, however unrelated evolutionary. A rhabdom can have pigment of just any sort basically, to filter colors. It like having a color camera or have a set of black-and-white cameras with color filters. The end result are the same.

So, my interpretation is that the emphasis should be on the explanatory power of the new result, rather than implying that squids "only see black-and-white but somehow resolve colors anyway". Old theories may be insufficient or outright wrong, but did not assume that "in fact" squids cannot see colors.

It reminds me a bit of the old statement that the image on our retinas are projected upside down (it is), but the brain "somehow" "turned it right". Well, it is true, somewhat, but sounds a lot more mystic than it is. Hint: If I turn my computer upside down, is it reasonable to say that the image now in the VGA/DVI/HDMI cable is "upside down" but the monitor "turns it right" as in an active process?

Yes, the photoreceptor cells of many (not all - I think) Cephalopods can respond to light in a broad spectra and therefore themselves individually do not encode color. But neither can most pixel sensors in cameras (such as CCDs or CMOS). Filter (in CMOS cameras, pixels sometimes is stacked and can act as a filter for deeper pixels) do the color discrimination.

But this new theory is neat! Chromatic aberration and even polarization is often considered as a nuisance in imaging. It's good to see that the squids doesn't mind! :

This said, I should mention that I'm certainly not an expert on squids even if I do enjoy eyes! :)

ianfJuly 10, 2016 1:47 AM


@ AlanS […] “A large section of the population in the UK thinks Blair should be prosecuted as a war criminal.” (cc: Quigley)

That's not quite true, and you know it. Try “large section of the liberal media thinks [ehmm…],” which is not the same as population. But even if, what good would it have accomplished?

Concentrating the blame on a single individual, rather than on the systemic failures that allowed/ led this single person to act for war (and then in a place that Britain already fucked up once in the 1920s), merely underlines him being a scapegoat, thus ready recipient of populistic empathy for being singled out like were he an underdog. Tricky thing that assigning the blame.


@ Laurel,
               if you've got a dissenting opinion, then post it. If you do not, then pasting in vacuous quotes and factoids from well-known websites, even with attached currency exchange URL, serves no purpose. Above all, however, do not equate own superficial knowledge with knowledge, nor assume the need to enlighten the opponent with the former.

FYI: Economic Sciences is not one of Alfred Nobel's testamentary prizes, even if such now awarded by the same body. The unofficial and cynic, but never the less truth, is that that prize exists solely due to corrupting influence of the Swedish Employers Association on the Nobel Committee, and its purpose is to provide the industry heavyweights etc an opportunity to rub shoulders with Laureates during Nobel banquets (to which they otherwise would not have been invited).

However, as for by you so-cherished Nobel's Peace prize (decided upon by a Norwegian parliamentary QUANGO), can anyone take it seriously ever since it was awarded to Henry Bleeding Kissinger and Le Duc Tho—the latter, bless his soul, promptly refusing it? I suppose that not giving it to twice nominated Joseph Stalin ought to count in the committee's favour.

BTW. better Nobel Prize amount currency exchange client.


@ Pomp & Circumcision alleges that I “owe him a new keyboard AND a coffee refill..”

Get in line then, your ticket is #19.

You may laugh all you like, but the subject of loo-gistics is far from a laughing matter. Having for a time been in a line of work that included ensuring big name performers' access to "backstage facilities," I know what I'd rather not be talking about. To that end, I'll hide behind the back of the poet Clive James, who, 77yo, and in the process of dying, has nothing to lose by analyzing in print TO THE INITIATED WAY OBVIOUS fashion sense, if here only of one willowy young artiste. Watching her on TV at the Glastonbury music festival, after first noticing “a tangle of white muslin being agitated by an invisible washing machine”, he proceeded with this rhetorical question followed by unparalleled semiotic decoding:

Clive James: […] could any angel be more wildly delicate while wearing work boots?

The boots were a puzzle until you dug up your old semiotic vocabulary and realised what they were saying on her behalf. They weren’t saying, “If I have to go to the loo, I’m all set even if it’s half a mile away through a lake of liquid earth.” http://gu.com/p/4n4e2

There, watch that coffee again, I've enough on my legal plate as it is.

BTW. James' acute analysis was preceded by [t]his beyond-apt metaphor of another #deartomyheart artiste:

[…] as madly ethereal as Kate Bush in her Wuthering Heights outfit, back when she was first giving insanity a lyrical dimension [4m video].


@ Daniel,
               you need to stop thinking of Cosmo as you do, and start thinking of Cosmo as an Condé Nast [publishing stables] asset. Which among others houses WiReD, and many a tech magazine; not to forget the episodic walnut coffee-table accoutrement Vanity Fair, that also tries to educate its ego-surfing "celeb" readers in the art of cyberwar.

Wesley ParishJuly 10, 2016 3:02 AM

Yet another interesting question on biometrics:
Do You Own Your Own Fingerprints?
https://yro.slashdot.org/story/16/07/09/1350231/do-you-own-your-own-fingerprints

which points to this:

http://www.bloomberg.com/news/articles/2016-07-07/do-you-own-your-own-fingerprints

Now that's an interesting question, innit? It's another form of the question, do you own your own data? Considering that companies are always in a tizzy if you move and don't inform them where to, I'd guess that since the law takes such a dim view of companies making up customer data our of thin air, that the question always answers itself with a yes, you do own your own data and biometrics.

I'm also surprised that someone hasn't drawn the obvious conclusion and decided that if he/she/they don't own their own fingerprints, then neither do they own their own excrement, and dump it all over the companies mentioned. Lessee, they mentioned Facebook:

In April 2015, Chicagoan Carlo Licata, a Morgan Stanley financial adviser, sued Facebook under BIPA, arguing that the company violated his privacy by using its facial-recognition software to create a detailed geometric map of his face and tag him in photos. Two more Illinois residents filed complaints against Facebook the following month.

and Google:
Google, meanwhile, is challenging BIPA as unconstitutional on the grounds that one state can’t set rules for the rest of the country.

Why not, that's how people got their own back on the spam kings.

CuriousJuly 10, 2016 6:45 AM

"Password Sharing Is a Federal Crime, Appeals Court Rules"
https://motherboard.vice.com/read/password-sharing-is-a-federal-crime

One of the nation’s most powerful appeals courts ruled Wednesday that sharing passwords can be a violation of the Computer Fraud and Abuse Act, a catch-all “hacking” law that has been widely used to prosecute behavior that bears no resemblance to hacking.


What I find interesting, is that in the event of someone being convicted of a crime this way (accused and found guilty of having made use of shared passwords while also it being deemed 'unauthorized access'), I think it is fair to say that you then would have been persecuted, in the sense that an activity or perhaps an expressed intent was deemed criminal based on what might be thought of as being a commonly acceptable activity.

Because password sharing probably is a thing of the modern age, criminalizing the very act, or perhaps also, an intent of password sharing as such seem like an authoritarian (read draconian) thing.

It seems to me that the knowledge of someone's password sharing would be more like being a piece of evidence in an investigation than anything else (rather than, as if having knowledge about something criminal).

I also suspect that the notion of 'unauthorized access' is a draconian invention, so to speak, because of how 'unauthorized access' probably exist mainly as a conceptual idea (a purely legal term and never a "real" thing from life) used to criminalize specifically an undesirable behavior (certain types of access and/or use), and in which 'behavior' (something generalized) tend to be another type of conceptual idea that also revolve around undesirable things (something deemed threatening, offensive, inappropriate, inconvenient, or perhaps embarrassing).

This in turn makes me wonder if perhaps the very name of the 'Computer fraud and abuse act', is perhaps wildly inappropriate. Is there perhaps separate a law elsewhere for specifically "fraud and abuse"? Why would a special law about computer "fraud and abuse" be thought to be necessary?

I am guessing that the very idea of "unauthorized access" as a legal term that stems from firstly a desire to make unwanted and uncontrolled access a punishable crime in retrospect, while also having it working as a legal tool for policy making with persecution in mind (which would be really bad).

Former FreemanJuly 10, 2016 7:48 AM

Re: "do you own your own data?"

That seems to be a key question, but it's not, because the government and corporations made the decision already that personal data belongs to whatever corporate or government entity that can get it, by hook or crook. Forget about silly vestigial stuff like rights, the Constitution or the will of the people. Now the courts are backing the power grab as usual.

One way to end a lot of controversy in favor of the people would be a simple law that states any personal data or data generated by a person electronically is property of the person and all rights and laws are therefore applicable.

Of course, that's not going to happen without a fight. Those that now own the data will fight fiercely to keep what they have.

On the other hand, ...

CuriousJuly 10, 2016 8:20 AM

re "HTTPS crypto’s days are numbered. Here’s how Google wants to save it"

Goofing around on Wikipedia looking up seemingly weird terminology and ending up on "Noncommutative_polynomial_rings" (article "Polynomial_rings") I read the following:

"Neither the coefficients nor the variables need commute amongst themselves, but the coefficients and variables commute with each other."
(https://en.wikipedia.org/wiki/Polynomial_ring#Noncommutative_polynomial_rings)

That sort of sounds like counter intuitive to me, as if something can be both commutative and not commutative. I am sort of thinking that in crypto, maybe security would sort of rely on "things" not being commutative, yet other aspects could be commutative being possible backdoors.

I guess I imagine the word commutation to be a bad thing for anything crypto, as if commutation was a pattern that was reversible, as if being symmetric in a way.

When I read this, without really knowing what this is (I am no mathematician), I couldn't help but think about my super vague notion about what I liked to call multidimensional math from earlier. I am super curious about what the statement from Wikipedia above means. :)

albertJuly 10, 2016 10:41 AM

@Wesley Parish,

Do you happen to have a link to the Google filing?

"...Google, meanwhile, is challenging BIPA as unconstitutional on the grounds that one state can’t set rules for the rest of the country...."

The summary is absurd. State law is only unconstitutional if it violates the Constitution. Illinois expects Google to abide by BIPA in Illinois. Obviously, Google would rather not have different policies states. Tough s--t. Let's make it simple for 'em by making BIPA Federal Law. Problem solved.

. .. . .. --- ....


Winston SmithJuly 10, 2016 12:57 PM

@Manafort USA

"This was CIA."

I agree. Supported by: 1) obvious established current administration policy objectives which include but are not limited to impoverished and urban African-American sympathy/liberation, gun control/abrogation of the American 2nd amendment, disrupt American status quo and direct her towards a more idealistic, socialist/Marxist/NWO state, 2) motivation of Obama's near-term exit and impatience to accomplish #1, 3) complicit media influenced/directed by #1.

Wild guess: there is now or will soon be a push to foment Caucasian retaliation to provide more justification to accomplish policy objectives ASAP.

GrauhutJuly 10, 2016 1:32 PM

@ianf: "...on the systemic failures that allowed/ led this single person to act for war"

Wich failures do you mean?

The failure to deindustrialize, resulting in the necessity to hedge your currency's purchasing power positions in the global economy by military power?

Alien JerkyJuly 10, 2016 2:27 PM


http://www.telegraph.co.uk/news/2016/07/10/consumers-left-without-warranty-as-text-on-receipts-fades-away/

Consumers are struggling to return goods to shops after it emerged that receipts issued by some of Britain’s biggest retailers are fading within weeks.

Many shoppers are being confronted with blank receipts when they try to claim money back for faulty products, it has been disclosed. This means some are unable to return items even though they are in their warranty period.

Bumble BeeJuly 10, 2016 3:13 PM

@Alien Jerky

USA as well.

Just last month I bought a SIM card and one month of prepaid service from Cricket in Bronx, NY. The receipt has already faded. I also paid way too much for a poor passport photo right next door to the passport agency in Washington, DC. That receipt faded within days, no refunds, no retakes, damn chip debit card, debit sale, no signature, PIN bypassed and the bank (United Bank WV) refused to allow me to file a dispute after insisting I drive all the way to Charles Town to dispute it.

The disappearing ink trick is old and not really worthy of U.S. State Department.

Bumble BeeJuly 10, 2016 3:32 PM

And I'm not mentally ill, either. Quacks and shrinks insist I "hear voices" but I don't hear voices unless people around me are flapping their jaws, and I don't have hallucinations because I don't do drugs.

ianfJuly 10, 2016 3:57 PM


@ Grauhut

Failure of constitutional oversight, for one, read total absence thereof… by analogy, like then, the UK now is in the process of selecting a new PM to lead it out of EU, a person who effectively will be chosen by 0.3%[*] of the electorate – equal to the size of Conservative party clubs that will pick either Ms. Pest (Clive has the details), or Ms. Cholera (AlanS has the details). We may yet end up all nostalgic for Clive's Auntie Maggie ;-((

[^*] source: BBC Dateline London


You know that funny White / Balfour dialog?

Not until now; couldn't see the humor in it, but don't take it as an invite to educate me here, as I'm quite content with my ignorance in this regard. Can't be an expert on everything anyway.


@ Bumble Bee

Faded POS receipts… that's what Xerox machines were invented for, and graphic scans of same stored on a computer later evolved out of.

ianfJuly 10, 2016 4:02 PM


@ Bumble Bee… not that I'd ever try to diagnose anyone from afar, but I need you to observe, that no "sane" person (however one defines it) has EVER felt the need to announce not being mentally ill – as you did. Perhaps because it's sort of a baseline/ default sane human's condition?

Untitled*July 10, 2016 4:07 PM

If you give me six websites visited by the most honest of men, I will find something in them which will hang him.

Mohammed and Mohammed's Excellent AdventureJuly 10, 2016 5:06 PM

Mohammed: Did you see Mohammed at the meeting today?
Mohammed: No, but his brother Mohammed showed up.
Mohammed: What did Mohammed talk about?
Mohammed: Mohammed introduced us to Mohammed who is also a mason!
Mohammed: A mason? No shit? How long has he been one?
Mohammed: About five years. He was referred to the local lodge by Mohammed.
Mohammed: Ah, yes, Mohammed. He has a shit ton of connections around town!
Mohammed: Yes, and our brothers, police be upon them, Mohammed and Mohammed from Egypt came, too.
Mohammed: I've been thinking of becoming a clown.
Mohammed: A clown, Mohammed, why?
Mohammed: So I can film myself being gay.
Mohammed: Oh, you.
Mohammed: So anyway, is Mohammed, Mohammed, and Mohammed coming to the next party?
Mohammed: Indeed. Mohammed was so funny last time.
Mohammed: Well it wouldn't be a party without Mohammed.
Mohammed: Yes, my friend. POLICE BE UPON THEM!

LaurelJuly 10, 2016 8:24 PM

@ ianf

It's not just the writers and number crunchers having all the fun. Technology innovators apparently merit prizes as well.

ACM A.M. Turing Award | Association for Computing Machinery
http://awards.acm.org/

“These innovators were selected by their peers for making significant contributions that enable the computing field to solve real-world challenges. The awards reflect achievements in cryptography, network coding systems, computer-human interaction, and software systems.”


Millennium Technology Prize | Technology Academy Finland
http://taf.fi/en/millennium-technology-prize/

“The Millennium Technology Prize is Finland's tribute to innovations for a better life. The prize promotes technological research and Finland as a high-tech country. The rationale behind the international Millennium Technology Prize is the extensive impacts of science and innovation on society, even on humanity at large.


“How Nobel Laureates' Work Leads to New Technology”
http://blogs.scientificamerican.com/guest-blog/how-nobel-laureates-work-leads-to-new-technology/

“Amano began his lecture by describing his poor academic performance from primary school to high school. Since it seemed to him that the only reason to study hard in Japan was to get into a good high school or university, he lacked sufficient motivation. A former professor changed this mindset by describing the purpose of engineering as a discipline that connects and supports the people. From that moment on, Amano had no trouble finding the inner drive to study hard.”
“Despite his title as a Professor in the Department of Engineering and Computer Science at Nagoya University in Japan, Amano won the 2014 Nobel Prize in Physics along with Isamu Akasaki and Shuji Nakamura for the invention of high-brightness blue light-emitting diodes (LEDs). For three decades, the creation of a commercially viable blue LED remained a slow-going and difficult endeavor for researchers despite the previous success of red and green LEDs.”


I am still working through your prior observations. Thanks for checking out the links.

ianfJuly 11, 2016 4:43 AM


Not so much about squid vision, as about human vision, or the optical tricks our brains play on us. I think I saw a couple of posts dealing with such matters here recently, so bear with me: while I enjoy 2D & 3D optical illusions, I don't possess the specialist vocabulary for such, so I may express myself imprecisely…

Anyhoo… I was shown a palm-size rectangular prism of polished crystal glass with an inside 3D etching of a grrrl's face (similar to this… judging by the sheer number of google hits, it seems to be quite established a trade).

The figure was obviously laser-engraved, pixels in 3D coordinate space precisely melted(?) in sequence by high-energy pinpoint beam… so far so good. The interesting thing was that the 3D face, ~3x5cm across and ~1cm in depth can't but have been created from a 2D photo of the recipient, fetched from her Fuckfacebook account (there of 2592 x 3888 pixel size). As far as I can ascertain, after blanking out the background, that 2D headshot was then sliced into 20? vertical layers to be "fleshed-out," offset from one another by perhaps 0.5mm each. This created a 3D matrix of the face that was laser-heat-etched—in a manner similar to 3D-printing—in the glass object. Pretty impressive, even if, for the image inside to appear, it requires holding the prism in the air against a dark background with just-so much light falling upon it sideways or from above. That in itself was not what I wanted to share, however.

    Rather, I observed a curious effect: while the figure was 3D when viewed en face (when looking at the convex surface of it), the face truly CAME ALIVE, became downright dynamic, when viewed "from behind." Despite formally viewing a concave (curving in) shape, it still appeared anatomically correct, i.e. cheeks and nose and forehead in proper convex relation, only now with look-into-my-eyes-look-into-my-eyes visual pizzaz. Even when turning it up or down rather than sideways, that effect remained… m.e.s.m.e.r.i.z.i.n.g. I suppose it had something to do with that, unlike viewing it up front, where distance and ocular angles to all its pixels were relatively short and narrow, viewing it from "the back" moved the focal points farther afield, which is when the illusion of a dynamic encased head appeared. Never previously having seen a shrunken head, this felt almost like interacting with a live one!

Insight gained: the 2D image should have been flipped (mirrored) vertically prior to the 3D conversion to make the dynamic "from behind" optical "mirage" truer to the original (says the perfectionist nitpicking me). End of not-squid-vision digression.


@ Laurel,
               your latest contribution: impressive in a do-I-know-how-to-paste-in-blockquotes kind of way.

Wesley ParishJuly 11, 2016 5:18 AM

@albert

It's mentioned in the bloomberg article I give the url for:
http://www.bloomberg.com/news/articles/2016-07-07/do-you-own-your-own-fingerprints

Sadly I don't have any data on the filing itself: this is what Groklaw existed for. Sadly it is no more.

@Former Freeman

I suppose the key to that is to mention the points I make so repeatedly, that the individual generates personal data, not the company, and thus one's personal data is covered by copyright law, and it therefore is leased to state and private organizations under strict conditions for specific purposes and may therefore not be used for any other purposes, otherwise the criminal provisions of the updated copyright law come into play, and the companies misusing and abusing this data are subject to termination - the RIAA head honcho did once suggest that breaches of copyright were worse that terrorism, and if so we may as well use it to the fullest extent against these companies.

Mention that the data you are providing to any given company is issued to them under the provisions of the DMCA and you will start criminal proceedings against them for misuse of your copyrighted materials, the next time some company hands you a data entry form and requires you to fill it. Make sure you take a copy of the data and your copyright statement, and submit them to your local copyright registration office, and after a while people might get the hint.

CuriousJuly 11, 2016 6:21 AM

I think the notion of anyone "owning" someone's fingerprints, is not a useful idea, because owning fingerprints doesn't seem to be a known problem, other than "owning" having the metaphorical meaning of simply being unique (presumably) and thus found on just one individual alone.

What would be interesting, is how "owning" a fingerprints means as a problem for starters. How that or those problems are actualized, then becomes a second set of problems to deal with. Ultimately, any ownership of fingerprints shouldn't be the focus of discussing fingerprints, because such a problem is probably quite arbitrary and not something one can easily relate to.

AlanSJuly 11, 2016 9:05 AM

@Quigley

You assume too much.

@ianf

A YouGov poll three years ago found that 22% of the UK population thought Blair should be tried as a war criminal. Post-Chilcot the number is unlikely to be less.

I agree with your comments about focusing blame on one person. See my comments in last Friday's Squid post.

We now know Ms. Mayday will be the new British PM. And not even those nice Tory Party members got to vote.

CallMeLateForSupperJuly 11, 2016 9:27 AM

Re: fading text on printed receipts

Text printed on "thermal paper" does tend to fade with time. Being a receipt keeper, I have a pile of specimens spanning more than two decades, made by many different printers on many different rolls of paper. Most of them have faded. Some are illegible. By contrast, all of the older, ink-printed receipts are still good to go. (Which speaks ill of "progress")

Passing time is a factor, but two of the root causes of fading seem to be heat and humidity. Heat turns the paper's coating black - which is how the printer prints - so it doesn't take much imagination to conclude that it's a bad idea to store receipts in a hot place (e.g. window sill; automobile). I suspect that ambient humidity tends to reverse the chemical process that blackens the paper, but I cannot prove that. It is a fact that the highest humidity, i.e. water droplets, on printed thermal paper can erase printed characters they sit on: circular blank areas tell the story. Avoid rain drops, drink splashes, sneeze droplets. Even your hot, damp little fingers can permanently mess up a thermally-printed document.

In the early 80's I programmed my HP calculator to brute-force a puzzle. Each solution was saved for posterity by a thermal printer. The program ran 24/7 for several weeks and consumed countless meters of thermal tape. Ten years later I discovered that much of that record had become illegible, lost.

Bumble BeeJuly 11, 2016 10:16 AM

@CallMeLateForSupper
Ten years later, vs. two weeks later. Unless you try to iron the receipt, or set it on a hot stove, there is no excuse for it to fade in a human lifetime.
It's just plain fraud.

ianfJuly 11, 2016 10:33 AM


@ AlanS,

Ms. Mayday is beyond apt. Purrrfect.

And where is Clive Robinson to throw himself at the threshold to the Parliament to block her ascension? (He can play the NHS card only that many times).

albertJuly 11, 2016 10:37 AM

@Wesley Parish,

The quote in question appears to be a 'reporters' 'summary' of the filing. I can't imagine a Google filing that crazy in substance. IANAL, but I sure learned a lot from Groklaw (RIP). If you do business in a state, you're obligated to follow state law. Federal law trumps state law unless it's un-Constitutional, (but probably needs a court fight to repeal it; good luck with that:), so that would be the next step for Google and their ilk.

Re:
'Personal data'. The fly in the oinkment is the TOS. You can 'sign away' your copyrights, because the TOS is a legal contract.

I'm tired of reading about folks getting effed by efbook. Really.

When you lie down with dogs, you get up with fleas. Mix some flea powder with you grains of salt.

. .. . .. --- ....

LaurelJuly 11, 2016 12:01 PM

@To those who are likewise curious about Intellectual Property (IP) and Copyrights
(and are not already Wesley Parish)

World IP Day is April 26.
“The important role intellectual property plays in innovation and creativity is marked each year on April 26, when organizations and individuals observe World Intellectual Property (IP) Day.” Check it out on Facebook!

World IP Day Event Map roundup.
"People from around the globe celebrated creativity and innovation with over 400 activities in 110+ countries!" Interactive global map 2016.

albertJuly 11, 2016 1:41 PM

@Laurel,

IP Rights and innovation/creativity are inimical.

See: http://giswatch.org/institutional-overview/civil-society-participation/world-intellectual-property-organisation-wipo

Key points:

"...WIPO was established in 1967 by the WIPO Convention, which states that WIPO’s objective was “to promote the protection of intellectual property throughout the world …” (WIPO, 1967, Article 3). Headquartered in Geneva, Switzerland, WIPO currently administers 24 treaties and facilitates the negotiation of several proposed treaties covering copyrights, patents and trademarks.....Although WIPO was originally established explicitly to promote the protection of intellectual property, when it joined the UN family in 1974 its objective had to be redefined as a public-interest or humanitarian goal....."

and

"...WIPO is unique among UN organisations in that its activities are largely self-funded. Approximately 90% of WIPO’s 2006-2007 budget of CHF 531 million (USD 440 million) comes from the fees its earns for international trademark registrations and patent applications. The remaining 10% of WIPO’s budget is earned from fees for its arbitration and mediation services, publications, and from small contributions from member states...."

Pressed for time?

Skip to: "5. Conclusions and recommendations"

---------
@All, Some, or None,

The section on ICANN is interesting.

. .. . .. --- ....

LaurelJuly 11, 2016 2:57 PM

@albert "IP Rights and innovation/creativity are inimical."

Your link to the WIPO report on GISWatch is a treasure.
http://giswatch.org/institutional-overview/civil-society-participation/world-intellectual-property-organisation-wipo

The Global Information Society Watch (GISWatch)

The GISWatch Reports are a series of yearly reports covering the state of the information society from the perspectives of civil society.

GISWatch is not only a publication, it is a process. The long term goal of the project is to build policy analysis skills and ‘habits’ into the work of civil society organisations that work in the areas of ICT for development, democracy and social justice.
….

5. Conclusions and recommendations (details on website)

5.1 WIPO’s problems:
1 Undemocratic
2 Private interests trump public interest
3 Lack of transparency
4 Too “diplomatic”

5.2 Recommendations for improving WIPO:
1 Development Agenda and A2K Treaty
2 New leadership in key WIPO positions
3 Encouragement of more diverse views
4 IPR “agnosticism”
5 Greater oversight and accountability from the UN


What are your thoughts on the 'conclusions and recommendations' and/or the reports?

albertJuly 11, 2016 6:37 PM

@Laurel,

GISWatch surprised me too.

I don't have any thoughts on those points.

Another interesting site:

http://thiscantbehappening.net/

"The only news organization in the US to be labeled a threat by the Department of Homeland Security"

What's not to like?

. .. . .. --- ....

you_dont_need_to_see_my_identificationJuly 11, 2016 11:44 PM

http://www.ciphergoth.org/crypto/solitaire/

claims to have found a bug in a Schneier algorithm.

Readers of Neal Stephenson's "Cryptonomicon" will be familiar with the cipher "Solitaire" (called "Pontifex" in the book), which was designed by cryptologist Bruce Schneier specifically for the purposes of the book. It is intended to be the first truly secure hand cipher, and requires only a pack of cards for encryption and decryption.

As yet, the technical information about the design of the cipher has not been made available, but I decided to go investigating, and I've now written a fast "C" implementation of the cipher suitable for collecting statistics about the CPRNG at its heart. I have found two interesting facts:

The CPRNG state machine is not reversible, contrary to what the operational notes claim: the initial step in which a joker is moved to the top if it is on the bottom cannot be reversed. This is surprising since non-reversible CPRNGs tend to have shorter periods and can more easily exhibit bias.
And indeed, the output of the CPRNG is very biased. The output of each step of the CPRNG is a number from 0 to 25; you would expect successive outputs to be the same around one time in 26, but my experiments show that the frequency is closer to 1/22.5.
I'm making the source code for the tests I ran available to the public domain.

ChristianJuly 12, 2016 1:39 AM

@Grauhut: Can you explain what you mean by "comes too late"? I know of only a handful of open hardware projects, and want to see more.

tyrJuly 12, 2016 2:57 AM


I can't wait to hear Clive on the subject of May.
I am appalled that the way to choose a country
leader is by default. Nobody else wants the job
May so you're the new PM.

Maybe Oswald Spengler was too much of an optimist
after all.

CuriousJuly 12, 2016 5:03 AM

There is apparently something similar to 'Tor' (The Onion Router):

"MIT Researchers Devise New Anonymity Network Following Tor Bug"
http://uk.pcmag.com/software/82898/news/mit-researchers-devise-new-anonymity-network-following-tor-b

"Riffle relies on a series of servers (known collectively as mixnet), each of which "permutes the order in which it receives messages before passing them on to the next," according to a news release."

"Like Tor, the system also uses onion encryption, wrapping each message in several layers of protection."

ianfJuly 12, 2016 5:35 AM


@ tyr, who “can't wait to hear Clive on the subject of May[day].”

But you already know what Clive Robinson would say on that subject, he's been saying it for a long time and would hardly change the broken record now that she's about to ascent to the Decimal Throne.

What I wonder about is whether her new, broader duties, and the need to focus(all her energy) on making Brexit come true, will result in her not being able to do as much legislative damage in domestic policy matters (as the Home Secretary up to now), and, IF SO, may[sic!] this not be a unexpected May-as-PM electoral dividend?

ObLitContent: a extraordinary piece of May-scented literary vandalism (search for the string "Dydo came across something extremely odd" & read on).

ianfJuly 12, 2016 5:48 AM


P.S. Be careful what you may[sic!] wish for: with the UK Labour Party in shambles, once The Abominable Miss M. has gotten warm in her PM clothes, she may[sic!] well call for a general election to be returned with a solid democratic mandate for leading the UK astray & away from the despicable EU. So, tyr, maybe let's keep the evil genie in the bottle?

ianfJuly 12, 2016 8:21 AM


OT Do you know/ could you recommend a webpage-by-mail service, preferably a mail robot to which one could send a URL, and get a TEXT or slimmed-down HTML version of that page by return mail? (I have some pages that either crash my Mobile Safari, or are coded in such a fashion that no copying of content is possible, and they won't render sans JS).

(I used to have such a service, but it has gone stale).

rJuly 12, 2016 10:05 PM

Sounds like they need to execute under DRM or some way of verifying they haven't been spotted.
I don't think homomorphic stuff can directly accomplish what they're getting at.

PK and PSK wont work either, DRM would do it though. Too bad they weren't targetting ARM, a payload with a trustzone component may get the job done.

rJuly 12, 2016 10:07 PM

The good thing is, if somebody was reflecting ONE TIME CODES any serialization wouldn't have helped beyond the single user being (mis)identified.

Not American SpyJuly 13, 2016 1:58 AM

Step one, create drive by attack methodolgy. Improve it. Promote it. Step two, make the case this was done by US intelligence. Step three, target china, specifically.

Thereby persuade China, a major nation state, that they are being targeted and attack by this scary, unknown means, without regards to laws or boundaries.

Thereby, they, needing innovation, will retaliate, wanting to believe this fiction.

Step four, ensure they believe this is really done by American intelligence, and so feel they are right to retaliate.

Step five, encourage America to promote these attacks. As nations normally do not wish to speak of such attacks.

Where are we now. A few years later? China is the bad guy. Across the world. they have a bad reputation. This is mixed with rightful inspection into their products which have also returned these viewpoints.

End goal of over throwing Chinese regime?

Not yet.

The dragon has followed every step set for them since. And they will continue to. Until they put their eye, right there, so it can be stabbed out.

A 20 year project to end the Chinese regime is not a bad goal.

I think observant Jews might recall this story from somewhere...

Watch and wait.

:-)

ThothJuly 13, 2016 4:58 AM

@ianf, all
I think the Wiki Markdown format should also be considered and used in lockdown and highly sensitive environments.

The amount of Markdown syntax available is highly limited and much lesser features than even HTML 3.2 or even XML bit the possibility of expressions (i.e. nested point forms or simple formatted tables) can be easily expressed in Markdown.

Markdown used as an expression of spreadsheet tables (without the dynamic formulaes) and HTML-like display should give enough features while remaining lightweight for embedded security processors with attached secure screens. Of course some features like embedding HTML and Youtube videos and pictures should be controlled since it is for a secure text processing and display.

Link: https://github.com/adam-p/markdown-here/wiki/Markdown-Cheatsheet#html

JG4July 13, 2016 7:27 AM


if the analogy is that a business can order you off of their premises, and staying becomes trespass, this decision is almost logical. for simply revisiting the premises to actually be a crime, there would have to be a specific court order, so the analogy fails. the decision should require thorough documentation of the notice.

https://www.washingtonpost.com/news/volokh-conspiracy/wp/2016/07/12/9th-circuit-its-a-federal-crime-to-visit-a-website-after-being-told-not-to-visit-it/

see also:

http://www.thedailybeast.com/articles/2016/07/11/alton-sterling-witness-cops-took-my-phone-my-surveillance-video-locked-me-up.html

from the usual compendium

ianfJuly 13, 2016 9:56 AM


@ Thoth thinks that “the Wiki Markdown format should also be considered and used in lockdown and highly sensitive environments.

For a while there I thought there was some new Wiki-specific .md variant, but it seems to be the same old, same old John Gruber's once regurgitation of a bevy of presentational-punctuational text markup methods (rather than formal bona-fide languages like LaTex and SGML), only housed in GitHub's Wiki.

Except that when I requested your html2text tool advice, I wasn't thinking of the security aspects of (potentially adulterated) HTML, but of pure accessibility of some existing webpages. Those that either crash the mobile browser or render strange/ parts blank at my end.

    For reasons too diverse to explain, one of my iDevices runs on never-to-be-upgraded iOS 6.1.3 (I also have such on iOS 8.x and 9.3.2), which occasionally, but with ever greater frequency, "chokes" on needlessly convoluted/ bloated web pages. In a sense it is my HTML usability canary – if I apply the term in its proper "gas danger trigger" sense.

There used to be a mail robot, in essence a remote Lynx-like browser, to which one could mail URLs, and get a plaintext HTML page version by mail in return. Alas, no such user@domain anymore. But a bit of research found this dual function client: http://www.textise.net/

It works EITHER as a input field/form for presenting output of chosen search engine's results in plaintext with links;

OR as a client for stripping any webpage of all non-text embellishments and then rendering it plain, optionally still with links.

Works pretty good in my sparse browser and actually permits advance manual synthesis of target URLs to be clicked directly in this fashion:

http://www.textise.net/showText.aspx?strURL=http%3a%2f%2fbbc.com

Here's another, a bloated Medium story (UK Immigration Protecting the Realm From a Web Animations Lecturer) page, that crashes my iOS, but "textises" just fine.


[…] “possibility of expressions (i.e. nested point forms or simple formatted tables) can be easily expressed in Markdown.

I strongly dispute that. Save for titles and block-level content, the simplest of links and inline typographic tags, Markdown quickly becomes cryptic and unruly. Its dependence on trailing (rather than merely line-leading) spaces is also unworkable IRL. I remember late 80s ".leading dot commands WordStar" flow that was more readable than "ambitiously coded" Markdown.

rJuly 13, 2016 10:02 AM

@JG4,

Does Facebook have a non-transferability clause or does authorization by name imply that?

Nick PJuly 13, 2016 1:01 PM

A thread on Hacker News references an attempt to replace core banking with buzzwords and such. I decided to do a brief write-up on how I'd go about it keeping banks' agenda in mind. Plus, I don't like startups that might sell out or the word "cloud." ;) Re-posted here for your consideration.

"Alright, my turn. The bankers want back-end software that's near 100% uptime, cost-effective, future-proof, flexible for integrations, and secure. They have all of those but cost-effective and flexible. The next architecture will have to do better on those. We'll start with a sort-of, three-tier architecture & client-server model since those have been analyzed to death with tons of tool support for getting them right.

First, the datastore that simply stores raw data everything else depends on. The datastore will be bootstrapped on HP NonStop or OpenVMS clusters to inherit their high-availability. These systems already run banking backends in multiple datacenters with automatic failover and no lost transactions in specific, case studies. Decade plus uptime is not uncommon. They're also way cheaper than mainframes with more support for modern SW & easier to access for ISV's. The software itself will be built to have minimal dependence on underlying platform with tools to rapidly export data, sync with, or switch to a replacement. The will be a licensed copy of Google's F0 RDBMS on OpenBSD & reliable servers rewritten in the manner about to be described. If not, then something similar. :)

The core, banking stack. This is the banking software for withdrawls, deposits, basic security checks, audit events, and so on. Anything that's happening constantly in real-time with high-criticality. This will be contracted to Altran/Praxis who will apply Correct-by-Construction method to produce it in C, SPARK, and Rust simultaneously. Best available tools for static analysis and testing will be applied to each to catch whatever others miss. Prior work in just SPARK has almost no defects. A combination of simplified components with extra checkers should further reduce that. The protocols will be contracted to Galois Inc to do in TLA+ and Haskell. Especially generic, secure, messaging protocols to replace SWIFT. Altran will implement anything Galois finalizes to integrate with rest of system. Paid, peer review by people with track record of finding esoteric flaws will occur for each of the deliverables.

The client, presentation, and application layers' hardware will be SAFE architecture (crash-safe.org) or CHERI CPU's (CheriBSD). These will be implemented with Leon3-FT processors on a Silicon-on-Insulator node with ChipKill and ECC RAM. They will run minimal OS's created for embedded systems with proven reliability & performance. Those will be modified to support security features of processors plus support security labels for users & apps. Each machine, a la DiamondTEK LAN, will have PCI cards (or on-SOC HW) that authenticates users on trusted path, checks system integrity, end-to-end encrypts all data, and especially tags/checks packets with security labels of users & apps. Specific hardware modules will exist with data diodes to constantly sniff network, transaction, and audit trails to check them against a security policy. Similar one for reliability and performance of network.

The software stack will akin to REBOL's reblets and container apps. The apps will be isolated on microkernels with basic, GUI forms. These apps will be developed in both a safe, systems language plus an information flow language like SIF. The systems will be shown with analysis & testing to be free of common errors. Information flow analysis will prevent common forms of information leak and security breach. The apps will integrate with trusted hardware to pass labels along. The server apps will pick up those labels & continue to factor them into their operations. Over time, the tooling will mature to automate these operations with only basic annotations by programmers plus a formal, security policy by administrators.

People still need to get work done in terms of Internet research, report writing, and so on. OSS apps for these will be ported to the platform overtime. Meanwhile, the client-nodes will support physical virtualization whereby those nodes can run on a PC with mediated, information sharing and built-in KVM. Users simply press a button to be in a regular desktop. Documents and such will be done in easy-to-analyze formats that are checked by a guard upon transfer. Those files are also labeled. Anything that goes into the trusted machine will be shown in text form for visual confirmation by operator plus automatically sanity-checked & logged for any other auditing. Overall process will be like switching tabs + drag n drop to encourage users to work with security features instead of against them.

The corporate itself will be a non-profit. The charter will put a cap on how much profit it can take with a lean approach to administrative expenses, limits on executive compensation, and limits on management-to-staff ratio. Incoming revenue is to be put into further QA/pentesting of platform, development of it, support to customers, consulting for integration/extensions, datacenters for availability, and so on. The nonprofit will be established in a jurisdiction with strong laws favorable to honest banking plus minimal corruption. Its operations will be audited by third-parties who also have their own, dedicated hardware & cages. These factors will collectively eliminate or reduce the risks of VC-backed sellouts, management cooking the books, top-heavy organizations, and stagnation from lock-in.

OK. So, let's summarize. The hardware itself will be simple but highly reliable. The software is done in languages immune to most coding errors with high-level properties precisely specified, checked, and pentested. The two integrate well to eliminate abstraction gap attacks. The initial backend is software that has over a decade of uptime with modern stuff coming online if possible. The non-core apps on client and server encode sensible use into information flow policies that are checked in several places & efficiently. All apps and network are black-box to attackers with tons of defense in depth. Insider risk reduced as they put individual name & reputation on each action with mutually-suspicious auditing they can't remotely sabotage due to data diodes. All of this tech already exists in either prototype or production form with suitable substitutes for prototypes that turn out infeasible to use. It's also legally setup to be more trustworthy in terms of what people will do & long-term benefit. Initial development costs would be huge but the first year without mainframes and SWIFT will probably pay it off. Especially spread out among numerous banks investing."

rJuly 13, 2016 2:50 PM

@Nick P,

They effectively flank cost by regularly passing the buck on to us.

rJuly 13, 2016 3:30 PM

@Nick P,

"method to produce it in C, SPARK, and Rust simultaneously. Best available tools for static analysis and testing will be applied to each to catch whatever others miss."

I meant to post them but I believe I lost track due to using live CDs lately, last week? there were two separate source code "instrumentation" and analysis papers on ycombinator I believe. One specifically about RustC for bug detection.

Thought I'd mention it cuz you always talk about RustC, so you got me curious in it too.

rrrJuly 13, 2016 3:34 PM

I think the other one pertained to the automatic introduction of errors to fuzz the analyzers for improvement.

Nick PJuly 13, 2016 3:45 PM

@ r

I was in both threads so it's all good. ;) Yeah, the banks mainly push the cost on us. Other thing is they don't want to risk stuff crashing down. Finally, there's probably plenty of schemes in those systems benefiting people that are currently invisible.

ianfJuly 13, 2016 5:30 PM

When the cat
                      Clive Robinson
                                               is away
the comments here
                               veer astray.

AlanSJuly 13, 2016 6:22 PM

The Mother Theresa of Maidenhead became the new British PM earlier today and the mayhem has already begun. One of her first actions was to appoint this guy as the new foreign secretary. German TV news presenters can't help laughing. The Whitehouse is not amused. He recently referred to Obama as "incoherent, inconsistent and downright hypocritical...a part-Kenyan President." Breakup of the UK to follow and maybe what's left getting kicked off the Security Council. And some of these Westminster politicians think we should worry about terrorism.

ThothJuly 13, 2016 7:04 PM

@Nick P, r
Re: Banking ware

The banks don't actually care a whole lot on higher assurance security. In fact they mostly peg themselves against the minimal baseline security that their compliance requires for standards like PCI-DSS, EMV, PBOC, MAS-TRM and the likes.

They use any software most conveninent from legacy Big Blue old iron stacks to modern computing. If you ever been into a bank's datacenter for services, you can literally see the whole history of computing including legacy-ware. Things that should have been patched with updates to things that are newly installed all the the server racks and a good amount of ancient looking server racks with ancient machines ;) .

The bottom line for them is to be just secure enough and not have troubles spilled onto their doorstreps (hence their behaviour of pushing blames to others except themselves). The minimal requirements would be hardware firewalls and routing, segregated LAN networks, HSMs :) , and corporate DLP suites. Whether the stuff are build with Rust or Microkernel via seL4 or OpenBSD, they don't care.

As I recall one of the security officer from my customer told me, he doesn't want to have to squim his eyes at tiny OLED display on the HSM and doesn't like that design (but have to do it because of work).

The banks are just like any other users. They want something easily accessible and comfortable to them be it executing batch file scripts or running Java GUI console so long it makes their life easier. They are very busy people and do not have the time to look into the technical details (according to a few security officer friends in banks that I have or whom are my customers).

If they could get away with scripting batch files and embedding obfuscated root passwords or even plaintext root passwords into batch file or shell script, what is going to make them move to more higher security assurance setup ?

Will banks ever use OpenBSD or any alternate OS other than RHEL and Windows (2003, XP, Vista, 7, 8, 10 ... and oh ... 95 still runs on some banking platforms :) ) ? If they could still use Win 2003 for some of their ATM's OS (Diebold and NCR brand still have them for old versions) abd are still very comfortable with these insecure OSes, what is the likelihood they would give at least OpenBSD a look ?

RHEL and Windows are chosen because of commercial support and someone they can sue if crap occurs but who are you going to ask for support or sue for damages for OpenBSD or seL4 ?

Banks want stability, commercial support and usability for their staffs abd customers above security and compliance if security proof cumbersome and cryptic. They are similar to people on the streets when you try to ask your friends and family or people whom you just met to use privacy and security oriented communications method (TOR + OTR messaging and the sorts instead of Snapvhat and WhatsApp) and they would have a varying degrees of bad knee jerk reactions to us whom are security over-paranoid in their eyes.

The SWIFT network hacks are a good reminding that banks don't always use and adhere to security we expect them to have....

Bottomline for new and incoming security enterprises, make your stuff usable and user friendly with a pretty safe security base line and very safe default options if you want to sell products to banks and make their life easier if you want them to buy your stuff.

Also include lots of marketing hypes and documentations too because they like to read documents and brochures before hand to debate amongst themselves as they are very tight on cash expenditures to meet their profit margins.

Nick PJuly 13, 2016 8:03 PM

@ Thoth

re Wiki Markdown

Dont use it for these reasons. Make sure you use something that has an easy, formal specification for generating secure parsers and such. Even HTML subsets have those plus aren't Turing Complete. The MySpace kids did just fine with them. :)

re banks

"In fact they mostly peg themselves against the minimal baseline security that their compliance requires for standards like PCI-DSS, EMV, PBOC, MAS-TRM and the likes."

Oh yeah they do. Makes the new startup even funnier. They're looking at extra effort, a startup's risk, unproven tech, and risk of mainframe migration. Funny shit.

"he doesn't want to have to squim his eyes at tiny OLED display on the HSM and doesn't like that design (but have to do it because of work)."

It's why I'm using the monitor in the trusted path with them basically just switching labeled windows CMW-style. Gotta be easy.

"RHEL and Windows are chosen because of commercial support and someone they can sue if crap occurs but who are you going to ask for support or sue for damages for OpenBSD or seL4 ?"

It's a good point. Actually what Schell said industry reps at Black Forest Group told him about why they rejected PKI in place of existing interaction methods. They didn't know who they could sue when shit went south. In my scheme, there's clearly an entity that will be held responsible. The parts are already reliable with new stuff created by companies with great track records and who warranty deliverables. I've done what I can in the design to reduce risk. Hardware is greatest risk so I might ditch that part given Ada + Rust + OpenBSD + monitoring should be pretty solid.

"The SWIFT network hacks are a good reminding that banks don't always use and adhere to security we expect them to have...."

SWIFT comes with dedicated terminals and such. It's what was available as an option with support of banks rather than what they really wanted. I think SWIFT is a social & economic phenomenon. It will be hard to replace due to network effects but the offering itself is beatable in tech & usability. One could get a specific product, like security box, in tons of banks then then sneak a SWIFT replacement in through that market share. Let them gradually try out the alternative until it proves out.

tyrJuly 13, 2016 8:49 PM


@the usual suspects

Now's your big chance to bash TOR and have it mean
something. Bruce is no on top of it and should be
congratulated for taking on the job. you might also
help out if you're really serious about your own
dubious security.

OT the EU bigwig hopping over to Goldman Sachs makes
the UK decision to exit look a lot more sensible.

The covering quote:
"It's a big oligarchy and you ain't in it !!"

Mr. Obvious (aghast)July 13, 2016 11:23 PM

Not a single reply to the comment by "you_dont_need_to_see_my_identification" at July 11, 2016 11:44 PM further up on this page?

Really? Not a single one? Have none of you glanced at it for the huge entertainment value and übernerdity? Were you all modestly waiting for Schneier to reply first?

Don't tell me none of you have ever read Cryptonomicon!? By chance mine happens to be 50 cm away from my left hand right now, right beside my copy of The Catcher in the Rye (yup). Oh and my Cryptonomicon is one of those weird ones where the the pages jump around from 58 to 823, from 854 to 87, from 822 to 55 and from 86 to 855 so I've got it neatly indexed and enumerated by hand with cut-out post-it's & tiny writing. Yeah run for the door :P

It's there because I was recently thinking about writing up Schneier's Solitaire/Pontifex in Python for the fun of it, maybe I have to find time for it now to complement the C and Perl versions on ciphergoth.org.

A big thank you to the poster for the most interesting comment in a week :) Even better than the New Hope paper Schneier linked which also had entertainment value with it's talk of a JARJAR version & some funny sentences in the appendix resulting from that choice of name. It also left me wondering if Miss Lovecruft is for real :)

FigureitoutJuly 14, 2016 12:04 AM

Nick P
--Cheri project has an update of the ISA but still an FPGA, not actual hardware (lots of papers but good probability of a deliverable), SAFE project hasn't updated papers since March 2015, no news. So hardware is already a bust.

Is Altran/Praxis or Galois up-to-date w/ banking regulations/specs? These are typically at least 200 pages of legalize, banking it's probably no less than 1000 pages of info that needs to be accounted for.

As Thoth pointed out, who provides support when things fail (which they will) when you have OpenBSD (not sure of Google support, never used).

Who's doing the peer review that's not going to be a waste of money?

What specific OS on embedded chips do you run, I thought it was CheriBSD? Where is this embedded OS running then?

How are the endpoints doing the data diode sniffing secured? What hardware, what are they running?

Why support KVM? Just more crap to support.

What guard? Where is all this extra hardware features being supported in? CheriBSD or the embedded OS?

Limits on executive compensation won't fly at banks, these are greedy scum that don't deliver the money value they demand, were talking here. They're money changers, that's all.

What products combine Ada, Rust, SPARK, and C?

No novel defenses for insider attacks, that risk remains the same in this scheme as presented.

Replacing SWIFT, w/ a new protocol. How would that be designed?

So, as usual, way way too much for a security project; way too much opportunities to fail. You'd need a team of DO'ER's that have a history of delivering HUGE projects that last long-term if you want to succeed in that at all.

tyr
--Yeah that was kind of "wtf" seeing Bruce on the Tor board. Well, Matt Blaze is on there too so that's nice. Not sure what technical changes will happen to the network (the main public usable one right now that everyone loves to point out a small flaw yet tons of evidence that it does what it says, and it's got a big bulls-eye on it).

Needs a lot more users. Maybe one idea is offer a faster version for people that want that, and a slower version putting in randomized delays for fighting traffic analysis more. Probably don't have the resources to do that.

Mr. Obvious (aghast)
--If you're using pen/paper ciphers, you might as well use OTP's and exchange those instead of keys. You can run all the cryptanalysis on some bullsh*t OTP, you may get garbage, part garbage, or a message that's yet another code...

I don't understand solitaire enough to comment on whether that "attack" back in 2001 meant anything, but not sure how effective it is when combining solitaire w/ another paper cipher or just an OTP.

ThothJuly 14, 2016 1:57 AM

@Nick P, Figureitout, r
re: Banks

"It's why I'm using the monitor in the trusted path with them basically just switching labeled windows CMW-style. Gotta be easy."

In fact the tiny Thales HSM on-board OLED screen is pretty bright and comfortable to read. I could read off SHA key hashes in hexcodes (displayed on the small screen) without trouble. Heck, even the SafeNet Luna HSM's on-board OLED screens which are so much dimmer and smaller are also nice to read off. What I meant is they need to step up their efforts. Thales side, the HSM have enough meat to expand the screen a little.

"It's a good point. Actually what Schell said industry reps at Black Forest Group told him about why they rejected PKI in place of existing interaction methods. They didn't know who they could sue when shit went south. In my scheme, there's clearly an entity that will be held responsible. The parts are already reliable with new stuff created by companies with great track records and who warranty deliverables. I've done what I can in the design to reduce risk. Hardware is greatest risk so I might ditch that part given Ada + Rust + OpenBSD + monitoring should be pretty solid."

Just make sure the usability and marketing hype side gets a boost. The saying of not judging a book by it's covers are rather false. First impression matters and you need to make it look seamless in experience even if glitches ever come up. Ultimately, any user wants to have a nice and secure experience and know of some solid backend support from a responsible company or individual (legally and technically). They don't really care if it is seL4, OpenBSD, Ada, Rust, Java, .NET ... it simply needs to just work and work well with as little pain in the butts and be predictable. I think Steve Jobs' method of just making Apple and iPhone work was what contributed to it's success commercial as a home computing device. If the device is a security critical one, it needs to be secure as well as function smoothly and nicely.

"SWIFT comes with dedicated terminals and such. It's what was available as an option with support of banks rather than what they really wanted. I think SWIFT is a social & economic phenomenon. It will be hard to replace due to network effects but the offering itself is beatable in tech & usability. One could get a specific product, like security box, in tons of banks then then sneak a SWIFT replacement in through that market share. Let them gradually try out the alternative until it proves out."

The painful SWIFT hacks won't be the first and unlikely the last. The opportunity it presents for alternative products or better SWIFT implementations (note that the messaging protocol is inside ISO standards for bank messaging). Security implementation market has some opportunities if you know who to contact and where to look into for investments.

"Is Altran/Praxis or Galois up-to-date w/ banking regulations/specs? These are typically at least 200 pages of legalize, banking it's probably no less than 1000 pages of info that needs to be accounted for."

Banking standards (both Islamic and Non-Islamic banking standards) consist of not a single standard but so many standards to start off with and then on top of that you apply electronic transaction standards like the bunch (EMV, PCI-DSS, MAS-TRM ...et. al...) and then you apply security standards (FIPS 140, CC EAL, BSI ....) and more standards stacking up on one another. Whenever I need to reference an electronic banking standard, it makes me want to hide under my desk. There's so much to flip through before you even draw out your system architecture and decide to use Java, C, Ada, Rust, OpenBSD, Windows, Linux ...etc... bunch of technologies.

Best to start off with EMV and PCI-DSS bank transaction standards for starters (yes a lot to read if you are in this line of business) and then move to other less common ones (PBOC, JCB, MAS-TRM ....). If you are doing business with China, go for PBOC, if you are doing business with Japan, go for JCB, if you are going for Singapore, read the MAS-TRM.

By the way, Guards and Data Diodes are usually not so common or even rare in banks. Those things really hinder traffic and the last thing you want is a frustrated administrator. Heck, even a normal Cisco firewall or even a HSM is a handful to chew off already let alone things like DMZ zone, Guards, Data Diodes ... the administrators go crazy real fast and you see them age very quickly while they do their job.

Don't be surprise even the Government IT guys don't even know what is a HSM or more advanced stuff like Guards and Data Diodes until I took the time to sit down and explain. It happens :) . Do you think the Bank IT guys know :D ?

"No novel defenses for insider attacks, that risk remains the same in this scheme as presented."

I did mention in the past of customers hoarding the entire HSM administrative token quorums (making them super admins essentially by possessing all token quorums). It is easy to take control of security devices in a huge forest of so many IT equipments because there are too many things to keep track off and there are many real life examples of customers having trouble with their employees hoarding credentials and access rights (and also reluctant to yielding control).

"So, as usual, way way too much for a security project; way too much opportunities to fail. You'd need a team of DO'ER's that have a history of delivering HUGE projects that last long-term if you want to succeed in that at all."

I would say, start off with what's in the market (well supported platforms) and slowly build up the profile. Approach it as though incrementing assurance steadily. You don't want to have a whole ton of plan and realize that the parts and equipments are problematic.

Also as a side note, I did mention in the past that I am looking into Microkernels for secure computing and after some digging I have come to a conclusion that at this current point in time, Microkernels simply don't make the cut in temrms of robust support. I have looked at community-based Microkernel offerings and none of them are satisfactory. Their features are still lagging and their progress are still very slow which leads me back to the original conclusion which is if you have something critical, lock it into a smart card secure microcontroller or HSM equipped with SEE environment for secure execution.

TEE environments (ARM TrustZone) are getting more popular but I still don't trust placing secure and insecure codes and data on the same processing unit. I prefer to place the security stuff in a secure microcontroller and insecure stuff in it's own open hardware MCU. There are concerns for hardware backdoors but do you have a workable and ready Off-the-Shelf solution I can purchase (and also not spend too much time tinkering) for the preventive methods (it must be practical and already on the shelf) :) .

To step up security assurance, I am slowly feeding companies and organisations I deem responsive and willing to improve with ideas (and even blueprints). One example is the Ledger guys who made the Ledger Blue (and now the Ledger Nano S) which some of the ideas I have contributed and given feedback as I foresee their capability in producing higher security assurance security devices that are commercially viable, low to medium cost of ownership and risk, Off-the-Shelf capable, uses known technology (smart card chip, ARM MCUs, C language ...), mostly open source stuff, proactively pushing for openness and most importantly willing to listen and discuss on issues.

ianfJuly 14, 2016 3:33 AM


@ AlanS […] “The Mother Theresa of Maidenhead

More like “Indescribable 51st Shade of Gray,” except that that movie has yet to be made. In the meantime then, how about the more apt metaphor of Medea, remembered primarily for avenging her husband's betrayal by killing their children.

[ s/husband/former PM/g \
  s/children/the Brits/g ]

    All the same, don't you experience living in some kind of a strange time warp? [Wael has the details]. The world of UK domestic politics, seldom known for speed, all of a sudden kicks into hyper gear: in the time-space of <3 weeks

    a referendumb is conducted and lost;

    its may-it-lose-hence-no-plan-B chief promoter resigns his PM job;

    the winning side is stunned that it has won;

    one contender for the new PM stabs another in the back, yet another waves her uterus, then quits;

    … and now you (and, unfortunately, by implication also we) are saddled with a Thatcher-wannabe major world power leader who acceded to the throne by not making waves, and not even being elected internally by her party stalwarts; also not exactly known for her originality of thought OR anything else of memorable dimension.

We are  i n d e e d  living in [the proverbial Jewish curse] interesting times. John Crace couldn't agree more, while actually finding lots of humor in it: http://gu.com/p/4zpkv

Dirk PraetJuly 14, 2016 5:58 AM

@ ianf

We are i n d e e d living in [the proverbial Jewish curse] interesting times.

s/interesting/sickening . Sometimes I think both the US and the UK are going through some sort of "Invasion of the Body Snatchers", in which Wall Street and the Murdoch Empire have been steadily replacing ordinary politicians by wholly unaccountable liars, buffoons and authoritarians. All while the general public is too busy keeping up with the Kardashians and trying to catch silly, non-existing creatures on their smartphones.

If ever there was a time to start working on Blackadder the Fifth, it's now. The surreal scripts and scenarios are pretty much writing themselves for the moment. Cast: Rowan Atkinson as Boris Johnson, Miranda Richardson as Theresa May, Steven Fry as David Camoron, Hugh Laurie as Nigel Farage, Brian Blessed as Donald Trump and Tony Robinson as Rupert Murdoch.

JG4July 14, 2016 6:09 AM


Suppose, for a thought experiment that I have a corporation, or an LLC, and I open an account with any of the service providers (I include Netflix, Amazon and HBO as service providers). Then the board delegates the task of managing the account to a team of professional IT managers. This is little different from a person giving a limited power of attorney to someone to manage any activity. I doubt that the terms of service can restrict the use of a valid power of attorney. If they can, it opens the door to ADA litigation, which could be very profitable.

http://www.nakedcapitalism.com/2016/07/links-71416.html
...
Big Brother is Watching You Watch

Sharing Your Netflix, Amazon Prime or HBO Go Password Is Now a Federal Crime Alternet
http://www.alternet.org/culture/sharing-streaming-service-passwords-federal-crime

Computing DARPA Hopes Automation Can Create the Perfect Hacker MIT Technology Review (David L)
https://www.technologyreview.com/s/601901/darpa-hopes-automation-can-create-the-perfect-hacker/

Tor Project, a Digital Privacy Group, Reboots With New Board New York Times. Bill B:
http://www.nytimes.com/2016/07/14/technology/tor-project-a-digital-privacy-group-reboots-with-new-board.html

Recall that Bruce Schneier is also on the advisory council of the Open Technology Fund…
https://www.opentech.fund/advisory-council/bruce-schneier

Which is funded by the Broadcast Board of Governers (BBG)…
https://www.opentech.fund/about/program

Which is linked to the… a drumroll please, the CIA!
https://pando.com/2015/03/01/internet-privacy-funded-by-spooks-a-brief-history-of-the-bbg/

JG4July 14, 2016 6:38 AM

this probably explains why they kill people based on metadata. also, because it is good for "business"

http://arxiv.org/abs/1606.06737v2

“We show that in many data sequences – from texts in different languages to melodies and genomes – the mutual information between two symbols decays roughly like a power law with the number of symbols in between the two. In contrast, we prove that Markov/hidden Markov processes generically exhibit exponential decay in their mutual information, which explains why natural languages are poorly approximated by Markov processes. We present a broad class of models that naturally reproduce this critical behavior. They all involve deep dynamics of a recursive nature, as can be approximately implemented by tree-like or recurrent deep neural networks” [Arxiv.org]. This sounds like it would be interesting in the context of the propagation of narratives, now, and for good reason, prominent in the zeitgeist.

WaelJuly 14, 2016 6:42 AM

@Dirk Praet,

If ever there was a time to start working on Blackadder

Can't wait to see the new script!

Steven Fry as David Camoron...

I take it that's not a spelling mistake :)

WaelJuly 14, 2016 6:51 AM

@hay nony mouse, @ianf,

“My intuition is that it will take more than just a re-working of quantum physics, it will require a breakthrough that will come totally out of left field,” Seiberg says. “Only time will tell what that revolution will be.”

Yea, until a newer theory comes from the next theoretical astrophysicist schmuck. And since time is an illusion, you can replace the stressed quote with: "Only illusion will tell" :)

rJuly 14, 2016 7:36 AM

@Nick P, Thoth, all

About what Thoth is saying about ease-of-use_v_hardened-environments-and-banks, I think some of that issue is what Nick said about the cost of quality auditable and secure systems. They cost alot I imagine, and without the banks being any more liable "too big to fail" and "pass the buck" there's not really any incentive to track a higher security path.

I don't think there will be any motions in that direction until something changes, forcibly, legally, financially.

I'm thrilled Bruce is going to be hawkish on Tor, I think it's all our responsibility to be hawkish on security trends for our friends and neighbors as developers (of any kind). Our families and friends depend on these institutions being responsible, to me it's a form of responsibility.

But if we didn't care, we wouldn't question methods and motives.

AlanSJuly 14, 2016 7:53 AM

@ ianf, Dirk Praet

Interesting times indeed. Dangerous too. We may be at an inflection point for which 2001 and 2008 were mere precursors. We will see.

CuriousJuly 14, 2016 9:46 AM

Wow, according to Wikipedia, 'The Onion Router' supposedly has a completely new management, with Bruce Schneier and Matt Blaze on it to name the two names I recognize on that list of six people.

https://en.wikipedia.org/wiki/Tor_(anonymity_network)

If I have learned anything about Wikipedia, one shouldn't simply trust it, though the wikipedia article references two other articles which seems legit to me.

https://blog.torproject.org/blog/tor-project-elects-new-board%C2%A0-directors
http://www.theverge.com/2016/7/13/12176262/tor-project-new-board-members-announced

I don't understand why the most recent referenced news in the wikipedia foot notes have numbers that are low (38 & 39), compared to other news dating further back in time.

Nick PJuly 14, 2016 10:23 AM

@ Figureitout

As usual, a mix of useful questions and being negative for the sake of negative by ignoring information in my post. I'll addess the latter first as there's only a few this time. Progress. :P

"Is Altran/Praxis or Galois up-to-date w/ banking regulations/specs? These are typically at least 200 pages of legalize, banking it's probably no less than 1000 pages of info that needs to be accounted for."

No, they're obviously going to *build the systems*. The domain requirements are done by domain experts as in every successful project in existence. What has to be put into a computer will be discussed with and eventually handed off to the tech people.

"Who's doing the peer review that's not going to be a waste of money?"

Like in the comment, people with prior experience both finding hard-to-spot bugs in systems and publishing them. That they looked for a while, found stuff others missed, and reported it establishes credibility. One can offer bonuses for bugs found on top of dedicate pay for time put in.

"who provides support when things fail (which they will) when you have OpenBSD (not sure of Google support, never used)."

You've never heard of OpenBSD, OpenVMS, or NonStop? How all their users talk about them basically never failing with a reboot or restore being worst-case with such quality? How two of those are supported by multi-billion dollar companies running entire Fortune 500 companies "nonstop" for decades with clustering that automates recovery & didn't miss any transactions in real-world disasters? And you assume they'll just crash down entirely then imply nobody can do something about it? Lol...

"What products combine Ada, Rust, SPARK, and C?"

The contracted work I just described in the comment.

"Replacing SWIFT, w/ a new protocol. How would that be designed?"

Re-read the comment. Galois will design it like they design everything else. I've already described their work here. Likely a re-configuration of a proven one with solid implementation.

"So, as usual, way way too much for a security project; way too much opportunities to fail. "

As opposed to the same, damned thing on monolothic systems, C/C++/COBOL code, Windows boxes, Cisco routers, and security-by-obscurity mainframes? That works most of the time despite horrid security and architecture. Mine would be more secure by design, detect problems more easily, & more recoverable so fail isn't apt description at all compared to existing situation.

Now, to your legitimate questions that my comment didn't already answer or imply.

"SAFE project hasn't updated papers since March 2015"

Google gave me different results (below). The PUMP is done. They've already designed it, tested it, ran lots of policies, and so on. Just needs to be added to real CPU. Draper is putting a PUMP on RISC-V then trying to build an ecosystem and brand out of secure CPU's. That's hopeful. Just look at micro-policies supported to see how insanely flexible their mechanism is. I prefer hard-coding a few of those but I'll take a PUMP over a mere MMU any day. Plus, some of those policies will work wonders for debugging system code. By itself might justify the cost for businesses that already spend big $$$ on development tools.

http://riscv.org/wp-content/uploads/2016/01/Wed1430-dover_riscv_jan2016_v3.pdf

"What specific OS on embedded chips do you run, I thought it was CheriBSD? Where is this embedded OS running then?"

Which embedded chips? The PCI guards? There's a few you can use with high-security profile. I've already written tons on that topic. Pick whatever is the best deal at time of development. The cool thing is that the system is *tiny*. Takes almost no functionality. So, you could just as easily strip out all non-critical stuff in a BSD or apply full-safety techniques to a RTOS. There's almost nothing to evaluate with most stuff running compartmentalized in safe languages. Plus, pick whatever CPU you want without Intel's baggage and BS (esp ME). It's why I love coprocessor model.

"How are the endpoints doing the data diode sniffing secured? What hardware, what are they running?"

Same as above. You pick what works for you. For example, SVA-OS adds security checks to the key hardware resources and to all the code in Linux kernel. Combine a technique like that with stripped-down OS, trusted boot, IOMMU, append-only filesystem for logs, and serial port for administration to get quite a bit of security. I mean, what are they going to do remotely without a code-injection opportunity or ability to see results of commands? Not shit. Have diverse monitors that both monitor the network and each other on top of that if you want. Sneak microcontrollers in that do nothing but sniff memory or data busses for anomalous stuff.

"Why support KVM? Just more crap to support."

A Keyboard-Video-Mouse switch is one of the strongest forms of separation in existence. You can implement it as a button or switch that physically disconnects your KVM from one PC then connects to another. Many cheap ones probably do it in software or on MCU. Obviously, I'd do it the stronger way. You want to pick the untrusted hardware carefully though so I doesn't leak around that somehow. There's companies specializing in combining desktop-style components with embedded boards.

"What guard? Where is all this extra hardware features being supported in? CheriBSD or the embedded OS?"

That hasn't been determined. Better to decide on it once other stuff is figured out. Essentially, it can be onboard software (weak/fast-transfer/cheap), network appliance (strong/slow/mid-cost), or onboard embedded (strong/fast/higher-cost). Can mix these, too, where content easy to analyze goes over software but rough stuff goes to high-strength options. That the software is written safely, is isolated, and results checked help things a lot.

"No novel defenses for insider attacks, that risk remains the same in this scheme as presented."

Bullshit. I just presented total tracing with mutually-suspicious auditing. Knocks out all kinds of insider attacks. Others remain. Banks will be fine with that as they're among the best at keeping insider damage to an acceptable level. I just reduced that level. Success.

"Limits on executive compensation won't fly at banks"

It's flown many times at independent ones, credit unions, and financial non-profits. They still make good money. They just don't pull $10-15 million a year. Remember, though, that this organization isn't a bank: it's a nonprofit that provides software and services to banks. SWIFT is, too, just with narrower focus. Even their money-grubbing asses only spend $16.5 million, that's short- and long-term expenses, on all their executives and directors combined. I'd pay that if it guaranteed contracts (networking benefits) but if not the number could certainly go down by over half.

@ Thoth

"Heck, even the SafeNet Luna HSM's on-board OLED screens which are so much dimmer and smaller are also nice to read off. What I meant is they need to step up their efforts. Thales side, the HSM have enough meat to expand the screen a little."

Makes sense. I didn't know you worked with Luna's, too. What was their quality and interfacing like?

"Just make sure the usability and marketing hype side gets a boost. "

Oh, I will. Buzzwords, high-octane sales team, enterprise support partner, booth babes, and free meals at five star's for the CTO's. I know plenty of people that can handle the marketing and sales. I also know how to evaluate them plus people I can trust who are better at that. Get them in on it worst case. Good news is this was mostly a counter-proposal to an Internet article instead of something I'm starting up. I have no intentions to directly compete with banking sector, HP, or IBM. That's asking to be sued into non-existence. More likely to secure what they have or selectively replace things where secure coprocessors, front-ends, or whatever runs in parallel with existing tech. Big companies still make their money, I make some, and security + speed + flexibility go up for banks. That's what I'd aim for.

"note that the messaging protocol is inside ISO standards for bank messaging"

Didn't know that. Wasn't sure if it was proprietary or open messaging they used. That's pretty cool then. I get to hold a Wirth-style, formal grammar side-by-side with a printed copy of the SWIFT stack. Then, I say, which do you prefer to have to manage, fix, extend, and support for next few decades? Oh, btw, mine might get simpler over time and allows hot swapping the protocol itself if it ever is inadqueate. Liability conscious mgmt likes such things.

"Whenever I need to reference an electronic banking standard, it makes me want to hide under my desk. "

I've seen many of them. Horrid. The best bet is to get a domain expert with prior experience in them. They work with a group like Praxis to spec it out with quick-and-dirty prototypes for exploration/understanding. Also, divide it up into incremental pieces to assess progress. The group then builds a piece at a time, testing in non-critical sites. Each block that gets built can be licensed competitively to recover some costs. It's the model that Karger at IBM used to build their EAL7 smartcard OS, policies, and crypto.

"By the way, Guards and Data Diodes are usually not so common or even rare in banks. Those things really hinder traffic and the last thing you want is a frustrated administrator."

That's because they work against the apps instead of with them. Remember I'm proposing an integrated architecture. Think like the clouds with their containers and supporting stacks. It's all smooth because it's packaged to work seemlessly. Makes things easier for admins as they're just keystrokes away from getting whatever resources they need. I'm doing something similar with isolated apps on simpler hardware and software. Guard & diodes are in specific parts that admin and user won't even really see most of the time. For users, it would be drag-and-drop with a background task much like shared folders or printing.

"Don't be surprise even the Government IT guys don't even know what is a HSM or more advanced stuff like Guards and Data Diodes"

I expect that. I have arguments suitable for laypeople that I've already tested on both lay and IT people. Ironically, I get more resistance from INFOSEC people on INFOSEC techniques as they would clearly work to laypeople once put in their language. They just worry about cost or time involved, which are legit concerns.

"I have looked at community-based Microkernel offerings and none of them are satisfactory."

They need more work. One of reasons government and commercial sectors are using the commercial microkernels. They at least have paid engineers to fix stuff when it breaks. Plus they have a number of working components. ;)

"There are concerns for hardware backdoors but do you have a workable and ready Off-the-Shelf solution I can purchase "

That's incremental. I mentioned building hardware in the proposal. We start with existing stuff in hardened configuration. That bootstraps the product to get money coming in. Justifiable given all competitors have HW problems *without* our hardening. Then, I selected Leon3-FT as (a) it's reliable and (b) already ASIC-proven. Could trade reliability for performance with quad-core Leon4 if necessary. I could use their process nodes or do it on a new one. It's low-risk either way given how it's designed and how many silicon implementations it's done. The SAFE, CHERI, Hardbound, whatever modifications are relatively small. Basic IOMMU and trusted boot are small. Low gates + pre-proven HDL = lower risk.

"To step up security assurance, I am slowly feeding companies and organisations I deem responsive and willing to improve with ideas (and even blueprints). One example is the Ledger guys who made the Ledger Blue (and now the Ledger Nano S) which some of the ideas I have contributed and given feedback as I foresee their capability in producing higher security assurance security devices "

Good. Keep it up. I'm putting a little review into Ron Garrett's HSM right now. It's for host compromise with no physical or EMSEC security. Unlike smartcards, it does have a trusted path for user. Costs about $60 in limited quantities. Interesting.

@ r

It's a problem. Not as much as you'd think, though. Altran (formerly Praxis) is said to charge a 50% premium for nearly, no-defect systems. That's not so bad. LOCK had a nice breakdown of what A1 assurance costs for a system with custom HW, an OS, user-space software, and a 3rd party coprocessor. It was 58% for A1-related extras on top of regular development process. Cost about a third extra for cryptoprocessor assurance. So, it's significant, but not unreasonable given databases go for $70,000+ a CPU and mainframes for $25 million a system most of which are profit. Plenty of opportunities to sneak in high assurance by just saying it's reliable, secure, and quickly fixed product with (desirable features) at (acceptable price for offering) which pays for assurance over time. Incrementally as Thoth said and illustrated here by legendary Paul Karger for smartcards.

ThothJuly 14, 2016 11:36 AM

@Nick P, r, Figureitout
re: Banks too big to fail

"About what Thoth is saying about ease-of-use_v_hardened-environments-and-banks, I think some of that issue is what Nick said about the cost of quality auditable and secure systems. They cost alot I imagine, and without the banks being any more liable "too big to fail" and "pass the buck" there's not really any incentive to track a higher security path.

I don't think there will be any motions in that direction until something changes, forcibly, legally, financially."

That is exactly why we have all these financial crisis here and there. If you still remember the CC EAL and FIPS 140-2 criterias where I kept ranting (in the past and current as well) about the standards being set too low and why there are a good amount of certified security products having security problems that are not all too complex ? The Governments do not want to push changes and on one hand they want their ICs to benefit from security weaknesses and on the other hand guess whose boss in the Government ? It is those who supply the ruling elites with cash that turns into their true boss. Do you think the Government would easily walk in and meddle in such affairs ?

This is where the perpetual insecurity just keeps on going... despite existing higher security assurance theories and architectures that many of us on this blog comment section suggest.

re: SafeNet Luna SA

"What was their quality and interfacing like?"

A big PED for tokens (comes with a screen too ... bigger screen :) ) and PIN entry for the token (imagine a huge keymat and PIN entry handheld device). Mostly command line and on-board screens + that huge PED device thingy.

re: Direction of investment for security startup and marketing hype

"I have no intentions to directly compete with banking sector, HP, or IBM. That's asking to be sued into non-existence. More likely to secure what they have or selectively replace things where secure coprocessors, front-ends, or whatever runs in parallel with existing tech."

Never venture into terrains where there are already other companies having a good time selling their solutions. Always take a unique approach as it will safe you on the legal side as well as new ideas to attract customers.

re: SWIFT messaging

Look up ISO 20022. Links for all the SWIFT messaging documents are below.

re: SC4 HSM (a.k.a Ron Garret HSM)

It's very close to the Ledger's Blue and Nano S designs as the Ledger team also elected to use STM32 MCUs with screens. The Blue uses a touchscreen and the Nano S (similar to the SC4) uses OLED display. The Ledger team diverged from Ron by the use of ST31 smartcard chip for a hardware-based "Secure World" and the STM32 for a hardware-based "Insecure World" (taking the ARM TrustZone idea and putting it into physically separated form). From the SC4 specs, it simply bunch everything from the secure to the insecure operations into the STM32 (lower assurance than the Ledger Blue and Nano S). The Blue and Nano S are mostly open source and hardware (source code on the Ledger team's Github) except the proprietary ST31 blobs requiring NDA are accessible to developers by using a HAL layer over the proprietary NDA ST31 blobs supplied by the Ledger team to access the proprietary ST31 blobs. The rest of the STM32 and non-NDA blobs for the ST31 for the Blue and Nano S are fully open sourced on their Github. In fact, the Ledger team formalized an architecture called the BOLOS architecture which is an OS for the STM32/ST31 combination providing a HAL layer for the proprietary ST31 with the rest of the BOLOS OS open sourced.

Ledger Blue and Nano S are also commercially available as well and more expensive than SC4 but the features do cover for the higher price. The Ledger Nano S and Blue offers secure PIN entry as well besides secure display which the SC4 doesn't have.

Links:
- https://www.swift.com/standards
- https://www.ledgerwallet.com/products


ThothJuly 14, 2016 11:43 AM

@Nick P
Improving the SC4 and making it better.

1.) Include 4 buttons (Up, Down, Confirm, Cancel) for secure PIN entry.

2.) Include a SIM card slot for allowing tamper resistant key storage into SIM cards. SIM cards loaded with an open source Java Card PKI applet with open APDU protocol formats. Although this would mean the SIM card's OS and firmware is not open sourced but at least the applet's Java Card codes are open source and falls inline with the open source theme for SC4. Due to the lack of RSA or modular math engine in the STM32 hardware, the SIM card may be used as a math engine as well.

Nick PJuly 14, 2016 1:15 PM

@ Thoth

"1.) Include 4 buttons (Up, Down, Confirm, Cancel) for secure PIN entry.

2.) Include a SIM card slot for allowing tamper resistant key storage into SIM cards. "

Interesting ideas. Especially the 4 button scheme. I'll forward those plus your comparisons to him for his consideration.

FigureitoutJuly 14, 2016 8:13 PM

Nick P
--I'm not being negative for sake of being negative, I'm trying to be *real*. Real world. Making progress on real projects that will deliver. If it could be done, it would have. Who's to say these systems themselves don't become convoluted messes w/ a bunch of single fail points scattered everywhere? I mean, even in embedded world, we're not 100% sure what the hardware is like unless you're at the big companies w/ fabs and equipment to get inside these chips, we can read datasheets and verify it w/ a scope and multimeter (and measure other known things like batteries or AC power outlet to be *reasonably sure* accurate measurements are happening) but we have pretty good control of the software. Running a large OS has additional failpoints on that, no one really knows what they're really running, which is a problem that won't ever be solved and gets worse by the day. You want to then combine systems like no one has and add in additional new hardware? At least a decade until something like that is even close to solid, depending on your $$$.

So the people implementing your fantasy, I mean realistic project, would have to be in constant contact w/ people who are experts on all those regulations that still don't regulate banks enough. They're going to have to read it, and code accordingly. I'd not want to be put on that project, banking regulations...*shudder*.

It may be helpful for the developers to *be honest* and give these pentesters on new hardware and software, hints to trouble spots to speed up the process or be prepared to shell out money for trivial stuff, not really exploits etc.

Nope never heard of them, IT work isn't my area. I do hear that OpenBSD "supports what we want to support, and drops support for things we don't care about".

The contracted work? Looks like something yet to be made.

New protocols eh? Probably going to be a rip off of existing protocol, or just tweak of one. Otherwise it'll need a lot of time to find all the hidden bugs in it.

As opposed to the same, damned thing on monolothic systems
--Yeah, sucks. Try to hack a local bank though and be 100% not getting caught. Commerce still flows, we just have to get refunded when our card info gets skimmed or stolen via false certificates/websites.

Mine would be
--WOULD be, would be. It doesn't exist, but it would be. I'll believe when I see it.

RE: safe
--Well you'd think they'd put that on their site, unless they're letting it go.

I don't know what embedded chips you're even talking about, it's not clear how many chips you want, sounds like a regular computer w/ up to what, at least 10 embedded chips? A basic mockup schematic would be nice, preferably one that actually has a working circuit.

And sh*t can be done w/ physical access, which is what you say can be protected against, but it can't.

A Keyboard-Video-Mouse switch is one of the strongest forms of separation in existence
--And also probably one of the biggest targets to get screen grabbers, keyloggers, and mouse clicks on malware traps. I prefer having all separate KVM hardware for my PC's so at least an attacker would have to keep track of all those logs from different machines if they can exfil all that (I have a few PC's, and always want more).

RE: insider attacks
--Saying to check each others work, and to be mutually distrusting doesn't prevent insider attacks. They're *insidious* like electrical noise corrupting signals, they listen to internal discussions and meetings, they know schedules, they know weak spots, they know when and how to tamper w/ stuff and not get caught (unless another suspicious insider bugs them or lays traps). It is not bullsh*t and definitely dangerous to give a supreme false sense of confidence in words telling people to be mutually distrusting. So good job on saying some words telling people to not trust coworkers, success!

RE: credit unions
--I only "bank" at credit unions now, all the mega banks can shove a fat one up their's w/ the fees. They're terrible and I don't know why people still use them over local credit unions that don't charge out the ass for moving your money around yourself.

I would mainly support improving credit union security, big banks, nah they can get hacked where shareholders, not account holders lose money. But we all know what ultimately happens.

rJuly 14, 2016 10:25 PM

@Figureitout,

Of note, irrespective of fees: my bank is open 9-8mf and 10-5s/s I believe.

So shop around, but yeah I know a guy who buries his money lol.

tyrJuly 15, 2016 1:58 AM


OT

Is it just me being out of touch or are there really
people lurking in alley mouths wearing long coats
full of NetFlix for viewing by unauthorized folks?

I also see the FBI is visiting the homes of Black
Lives Matter people to warn them off demonstrating.
What that means kiddies is that Uncle Sam is afraid
of non violent demonstrations far beyond their fear
of violence by the outraged. They literally can not
see how to contain such a thing in any way except
cops wading into the crowd and provoking incidents.
Civil rights folk from the old days know this is
how you get the changes and they know police will
hit and arrest but that doesn't work all it does
is make them look worse on the nightly news. So
either you play their game or you do what makes a
real difference but you have their attention now.

I for one do not want to see the IC explain that
the latest French nit has been on their radar for
years. My heart breaks for the victims.

ianfJuly 15, 2016 2:06 AM


@ hay nony mouse

Re: “… living in some kind of a strange time warp

Wasn't it clear enough that mine was a pedestrian metaphor for the current political upheaval in the UK? What do you think this is, a BBS for S-F fans? Timespace String theories' die-hard fantasists?


@ Dirk Praet

I'm afraid no film script will surpass this particular Life Imitating Bad Art caper. Though, perhaps, potentially improve it later, take out the boring bits, speed up the narrative, when it gets thumbs up for reenactment on the silver screen (here's to hoping for Helen Mirren teaching May how to act her act).

PS. do not post any more Blackadder speculatives… Wael gets all excited for nothing.


@ rrrrrrr […] TOR's new “security technologist

So, a clear step-up from current perch of Guard Duty Meerkat Impersonator Schneier. Congratulations.


@ AlanS […] “We may be at an inflection point for which 2001 and 2008 were mere precursors.

Sadly, the reigning and sole somewhat working economic system of Capitalism has devolved into management of recurring crises, with no spare energy in the meantime to heal self-inflicted wounds, never mind to lift itself up to a higher plane. I doubt that the Mayday Entity will make things much worse, however… she seems quite competent at not sticking out too much lest she be found out for who she is (not), rather than her Always There Replacement Option.

In related news, I'm waiting my turn for the library loan of "Sapiens: A Brief History of Humankind" by Yuval Noah Harari (still 10 others ahead x up to 2 weeks each) which seemingly manages to compress the entire spectrum of Gaian existence into one chained sequence of interdependent trends (or something). I saw the BBC-transmitted talk at Hay Festival, and was impressed with the author's apparent erudition and quiet eloquence (the sucker for apt word that I am Wael take another note). That's why I elected to go that library route, not to buy it outright: for risks of Obsessing Too Much.

@ Wael nowhere and elsewhere,

Impatient, aren't we? When your turn for coughing up opinions on Universe comes up, we'll dispatch a suitably tooled-up 42 strong Interview Team for that specific data-uptake purpose.

WaelJuly 15, 2016 2:30 AM

@ianf,

When your turn for coughing up opinions on Universe comes up...

Getting OT... Check out how he defines "nothing", then comment on it. Then I'll tell you what nothing really means.

ThothJuly 15, 2016 7:00 AM

@all
Cryptocat developer discovers hardcoded Saudi call censor mechanism in decompiled WhatsApp binary.

If there is any sanity for trusting WhatsApp because it uses a modified TextSecure/Signal but not revealing it's source code, it is absolutely absurd.

I do like to speculate that there might be backdoors in WhatsApp (which may have been inserted after TextSecure team implemented the Axolotl ratchet protocol). Hopefully more decompilimg and reverse engineering can be done to reveal the true nature of WhatsApp and other closed sourced proprietary "secure" comms binary.

Link: http://www.theregister.co.uk/2016/07/14/cryptocat_dev_reckons_whatsapp_is_blocking_calls_to_saudi_numbers/

ThothJuly 15, 2016 7:58 AM

@Nick P, all

Empowering the SC4 HSM: How to turn the SC4 HSM into a beast !

From my previous post, we know that something fishy is cropping up in WhatsApp and the fact that most people trust their smartphones too much. In a bid to improve the security of text messaging on portable and static devices, the open source SC4 HSM would be used as a blueprint for secure text input and display while using the smartphone or static device as a simple network access device.

For more information on SC4 HSM, ask Nick P for the website address :) .

The whole idea revolves around pairing your communication device with a trusted open source encryptor like SC4. The input of plaintext messages, displaying of received ciphertext, generating and provisioning cryptographic Critical Security Parameters (i.e. keymats and User PINs) a.k.a the commonly named CSP would all be done on the external secure encryptor device. Ideally, the secure encryptor device would need a secure input and secure display which can be in the form of physical buttons or touchscreen.

The above idea is a re-adaption of the Ledger Blue device for a more open source and community centric secure encryptor (with secure input/display).

The SC4 HSM can be upgraded to be better than the Ledger Blue by including:
- Some sort of secure display and input (i.e. touchscreen or possibly even low power e-Ink touchscreen technology which are at the bleeding edge).

- SIM card slot that accepts JavaCard based smart cards for use as key storage.

- Dynamic whitebox algorithm can be implemented on the STM32 MCU on the SC4 device instead of relying on the crypto accelerator the STM32 provides. The reason is the crypto accelerators on the STM32 may not be certified to be side-channel resilient like it's proprietary ST31 smart card security MCU. Open sourced dynamic whitebox implementation of DJB's cryptographic algorithm suite (NACL crypto library) probably even with the help and blessing of DJB himself would be the best course of action.

- Dual or multiple STM32 MCUs for integrity checking of each other, detecting possible glitching or attacks by comparing executing instructions and for generating random noise (discussed below).

- Dynamic procedural instruction noise generation to create confusing instruction execution to prevent EMINT and other energy-based side-channel attacks that attempt to understand the actual instructions and hide the proper instructions in a sea of noise.

- EMSEC shielding. The cheaper option would be the dynamic procedural instruction noise generation done on software :) . [OPTIONAL & EXPENSIVE]

- Support for Bluetooth pairing over encrypted channels with a hardware switch to toggle between Bluetooth mode or USB mode.

- Pressure switches on PCB to detect attempts to open the secure encryptor.

- Open source application for the STM32 MCUs to not only handle keymats and CSPs but also to allow on-screen text editing and display (for secure chat, secure notepad and secure email).

- Client applications and libraries to be able to communicate with the secure encryptor device with the secure chat/email/notepad/key storage/key usage functions.

CuriousJuly 15, 2016 8:07 AM

It just occurred to me that anything net neutrality might benefit by adding the following aspect to net neutrality: sameness.

I honestly fear that some time in the future, you risk being served a different looking webpage, either because of censorship or because of how some content is served differently depending on the locality of the reader/viewer. Afaik, printed newspapers today make use of different front pages, presumably to try pander to regional sensibilities.

So here, would be two issues, that could perhaps be solved in one go so to speak.

rJuly 15, 2016 8:25 AM

What about motion sensors like included in phones, I'm not sure how much vibration decapping creates but I'm sure drilling is abrasive enough to be uniquely detected.

rJuly 15, 2016 8:45 AM

@Thoth,

To add to my recent untargeted question above, I realize a motion sensor or any other sensor on the board that is not directly under the chip could be removed so I'm curious as to whether microphones or inertial sensors have unique bias at all?

ThothJuly 15, 2016 9:05 AM

@r
Don't depend on the phone for anything sensitive. Use a separate secure and open source hardware specifically designed for the job.

@Clive Robinson, all

UK's Snooper's Charter would have power to ban End-to-End security. Oh, and not to forget, Theresa "Snooper" May would likely be UK Prime Minister. That spells much more incoming disaster for the British people ?

Preventing a central point of failure for E2E secure comms would need to require the use of P2P or broadcast-based messaging instead of relying on central servers. Signal/TextSecure in reality has to rely on an official server although you could technically implement your own server and that would not be Signal/TextSecure by name anymore and you have to get others to use your server and client software modifications. WhatsApp is even worse as it's implemented as a closed source variant of Signal/TextSecure and my previous post shows some troubling signs brewing in the land of WhatsApp which led me to speculate possible backdoors in WhatsApp.

It's only going to be a matter of time for security engineers and implementors to realize that centralized security comms design is just not working out and the move to P2P and/or Broadcast style messaging with the usual traffic analysis resilient techniques via store-and-forward-delay methods, disguising traffic patterns and headers ...etc... would be the only means of survival in a world of blanket censorship which the Warhawk World Governments are implementing. It's only a matter of time that nations waving the "Freedom of Speech" flag (i.e. Switzerland and Iceland) would fall at the knees of Imperial BRUSA to implement their policies and trade agreements (including blnaket censorship) or they do lose trade deals and face economic sanctions from Imperial BRUSA.

How to start implementing P2P-E2E secure messaging:
- Use commonly available P2P protocols to blend in and use their traffic (Bittorrent, GNUnet ... etc ...)
- Use headers and encryption provided by these P2P protocols as obfuscation and then the real traffic would be in the payload.
- Do not leak version headers, metadata headers ...etc... (I will come back with a more concrete protocol later)
- Store and forward with random timing delays
- Unequal message size to simulate normal network traffic otherwise if all the packets are fixed sized, it becomes too obvious and may prompt them to investigate and create a filtering rule based on packet size patterns.
- Every message to include a random sized padding with the pad of at least 6 bytes as the minimum in case the message contains passwords or PINs that are short and without padding, can easily leak the sensitive encrypted credential sizes travelling over the network. Paddding can be randomly appended to the front or back of the message.

Link: http://www.theregister.co.uk/2016/07/14/gov_says_new_home_sec_iwilli_have_powers_to_ban_endtoend_encryption/

ThothJuly 15, 2016 9:10 AM

@r
re: Unpowered sensors

"Nvm, they don't work unpowered."

How sure are you that these sensors are not powered and working :D ? As long as you have a running battery on the line, all your hardware are technically powered unless you physically break the circuit with a physical switch or some methods of physically cutting the circuit. Power is still driven through the line even if you "soft sleep" the CPU and sensors. Essentially, when you press the power button on your phone, you are using a small charge to trigger the main processor and sensors to "soft wake" them up.

AlanSJuly 15, 2016 10:31 AM

@Thoth

Theresa "snoopers charter" May has been the British PM since Wednesday. She's in Scotland today telling the Scots how precioussss (think Tolkien) the Union is.

Hay nony mouseJuly 15, 2016 11:11 AM

Poke ur mon tp Go and Die

It would appear that Nintendo has the real deal on "Killer Games" with Go...

Apparently armed robbers have used Nintendo's new Go game to lure victims to secluded spots,

https://www.theguardian.com/technology/2016/jul/10/pokemon-go-armed-robbers-dead-body

I have no idea as to the reality of the story, but... if you think back to Google Street view being used by burglars to find houses to rob. And the likes of other apps with location identification such as "Grinder" and similar being used to facilitate other "meat space" crimes, you have to consider the mentality of those involved.

That is not just the robbers, but the victims and most importantly the Game Developers. I can easily see a class action etc by those having been hurt etc against the company that has alowed location data to be exploited...

Nick PJuly 15, 2016 2:41 PM

@ r

As Thoth said, your chips are usually drawing power at some level unless the mechanism flips a physical switch or something. What happens is some components that use almost no power stay awake to watch for reasons to turn the rest back on. The earliest devices for that were 4-bit MCU's for wristwatches, electric razors, and so on. Other data on low-power circuits here:

https://en.m.wikipedia.org/wiki/Low-power_electronics

For high-performance ones, they use something called clock/power gating. Similarly lets you keep gates off much of the time.

BlackListedJuly 15, 2016 3:20 PM

@r

Fun fact, I recently got out of the Marines. And all of the Marines I stay in contact with still catch pokemon on base when not working. They catch stuff not far off from what they get right off base as well. Plus the location feature on Pokémon go doesn't actually display any other player on the list or location information.

@Hay nony mouse

I assume they turned that around to make it look worse than it was. When in actuality the fact people decided to cluster in one are, made them an easy target for the robbers. I wouldn't put the blame on a company that had a few small goals. Make people happy, make a lot of money, make even more money. I doubt their overall game plan was to assist the "job opportunities" for robbery.


rJuly 15, 2016 4:04 PM

@BlackListed,

While I'm entirely glad our military can find constructive social ways of relaxing after a 48hr shift "on-point", I'm not sure that (not) listing actual players matters. As that Chinese conspiracy illustrates by crowdsourcing "walkable paths" Pokemon trainers are going to be drawing circles around private property. I did wonder how it worked though, I've been running into couples everywhere at all times of the day and the night. It's kind've refreshing to see people getting out of their houses and getting exercise even if it is going to lead to eye-strain and vehicular accidents.

And, whether Nintendo planned to facilitate robberies or not wrong so someone from bringing a civil or class action suit. I'm sure that precedent has already been set, look at the restrictions and fines that between applied to Uber for instance.

But, I'm willing to bet somebody else has more experience with this(that) than I do and look forward to understanding the legal ramifications more.

rJuly 15, 2016 8:24 PM

Ah, and what's old becomes me again. I suppose I should get this out of the closet:

xhttps://www.google.com/search?q=newt+hates+me&tbm=isch&sa=G&gbv=1&sei=mouJV-zzGsicjwS4rZWYAg

ThothJuly 15, 2016 9:11 PM

@all
Rigged US "Undemocratic" Senatorial Hearing on E2E Encryption Refused By Apple Tim Cook

As usual, the current USA attempts to appear democratic and civilized and extended a Senatorial Hearing invitation to Apple's Tim Cook on security and encryption which Tim Cook refused to attend. During the Senatorial hearing, it was announced of Tim Cook's refusal to attend (in an attempt to shame Apple ???).

There is nothing left to debate about. The Powers That Be would always be corrupted and people with influence and power to change the circumstances are not positioned to change the negative course of US Government's and other Warhawk nations' move to deprive the people of privacy and personal security.

Industry force is unreliable and only looks for profit. Lobbying groups only care about whoever invested in them. Same for the Government being controlled by lobbying groups that in turn are controlled by the industry who paid the lobbying groups and Governments their salaries. In the end, the industry group are made out of us .... the problem goes back to it's roots .... us ....

There is no need for debate on E2E encryption (banning and weakening). If the Governments want, they would have driven a Bill through very quickly and ignore the consequences.

To summarize what we can do on our part...

What we can do is use existing resources and technology to our advantage. Use common protocols for obfuscation and pattern hiding, use commonly found security hardware for secure CSP storage, use secret sharing and splitting to reduce the overall risk of compromise, use voting protocols and quorums to detect traitorous behaviours and lower risk of collusion, use P2P and Broadcast messaging to avoid a single point of failure, include out of band methods to strengthen security and robustness in case a particular type of transmission fails, use oblivious protocols and do not store whatever that is not needed.

Link: http://www.theregister.co.uk/2016/07/15/mccain_come_to_my_encryption_hearing_tim_cook_no_im_good_mccain_i_hate_you_i_hate_you_i_hate_you/

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.