Mike Barno July 22, 2016 4:31 PM

Today’s (Friday July 22) New York Times has an article about the June 24 and July 15 broadcasts on North Korea’s Pyongyang Radio, containing lists of numbers like the old Cold War “numbers stations” broadcasts. Supposedly, the PRK used to communicate with agents in the RoK this way until de-escalating after a 2000 summit.

I noticed that a spy ring captured in 2011 sent info to the North through steganography. This, of course, is the use of a coded message hidden within a dinosaur with large plates sticking up from its back, so others who see it will not suspect the presence of a message.

Nick P July 22, 2016 4:38 PM

Let’s get it started off with some interesting stuff from research field. I found most of these today. Field ranges from hardware circuits to hypervisors to drivers to GC’s. Enjoy. 🙂

A unique design methodology to generate reconfigurable analog ICs with simplified design cycle

Nick’s note: Analog IC design, esp in ASIC’s, remains a cumbersome, manual process that fights against full effects of materials and physics. Gets worse as things get smaller. This scheme makes the analog IC’s configurable to eliminate a good chunk of the problems.

Design, Implementation, and Validation of a New Class of
Interface Circuits for Latency-Insensitive Design

Nick’s note: Just posted for anyone’s intellectual curiosity given it’s a correct-by-construction approach for asynchronous model.

TITAC-2 – an asynchronous 32-bit microprocessor based on scalable-delay-insensitive model (1997)

Nick’s note: Example of a delay-insensitve CPU under SDL model. Got 50+MIPS on old node with first-pass silicon across range of voltages.

Inverting martin syntehsis for verification (2013)

Nick’s note: A straight-forward synthesis method for asynchronous circuits was inverted to verify them. I was especially excited to see it as my proposal for verifying ASIC synthesis was to get untrusted synthesis tools to create series of intermediate steps that trusted tools could verify for equivalence and correctness. This is an example of such a technique in action.

Second Generation Stack Computing Architecture

Nick’s note: Author argues that we should consider stack computers as two generations: pre- and post-Moore/Forth. Looks at both lineages to identify key properties, problems, and former problems. Whether one likes Forth or not, the Moore lineage of stack computers is still significant for older nodes or low-end FPGA’s due to very, low number of gates.

Sego: Pervasive Trusted Metadata for
Efficiently Verified Untrusted System Services

Nick’s note: I previously posted InkTag and some other hypervisor-based methods. This improves on such approaches plus has handy chart showing what all of them do.

Towards foundational verification of cyber-physical systems

Nick’s note: I previously posted the Galois work on verified, low-level systems that got included into a drone with Ivory and Tower languages open-sourced. This is another project in hardware/software verification using different technique that’s also on a drone. There’s a paper, Github code, videos, and more.

On the construction of reliable device drivers (2009)

Nick’s note: This is the PhD dissertation that formed bases of Termite tool for driver synthesis. That’s promising work I’ve already posted. The cool thing about this paper is, being the PhD work, it has enormous amount of detail on the problems of device drivers, approaches in some systems, author’s method, the related work, and so on. Lots of info for anyone wanting to tackle driver issues. Although, I suggest building on open-source Termite as first resort. 😉

A stall-free real-time garbage collector for FPGAs (2012)

Nick’s note: Garbage collection gives us memory safety & less worries at often significant cost in performance or memory usage. All kinds of improvements in research & deployed VM’s with my own advise pushing hardware, including FPGA, methods of doing it concurrently. This work by IBM beats STW collectors on every benchmark simultaneously, uses only 1% of large FPGA, and is 4-17% slower than malloc. That’s awesome. Remember such methods can be combined with safe, manual, memory management on fast paths to get best of both worlds. Watchdog is example of safe manual that I posted previously.

Nick P July 22, 2016 5:38 PM

@ Daniel

Funny how he starts with saying that corporate executives are fed up with the problems but doesn’t go on to talk about how they create them. He and those fools think they should do everything but apply sound INFOSEC to protecting information security. Up to and including somehow stopping hackers with hacking after hopefully attributing them correctly. Most likely outcome is lots of innocent parties whose PC’s are infected and sold by bot-herders then get their own data/PC’s sabotaged.

Alain July 22, 2016 5:51 PM

I don’t seem to find info about -a bit- more secure smartphones with a “normal” price tag. Just no or less phoning home and security against apps that are gathering to much info.

Is that market dead?

neill July 22, 2016 6:06 PM

i wonder if “secure one way communication systems” have been explored ?

don’t find much on the net

e.g. your electricity meter sends encrypted UDP packets regularly to your power company, albeit with a fake sender’s IP since you never expect and never allow traffic to come back

might be more safe than today’s devices

in the old days you physically needed to open up a device and set jumpers to reconfigure

automatic updates (even for firmware) etc opened too many doors for hackers …

Nick P July 22, 2016 6:10 PM

@ All

Just found another language for verifiable programming that I had never heard of: Whiley. It’s interesting given it combines some proofs from SPARK with Rust’s lifetimes scheme. Also, this survey of programming language security issues is dated but still useful. Shows each of the common errors that lead to vulnerabilities plus many techniques for countering them. Makes for a nice intro.

@ neill

“i wonder if “secure one way communication systems” have been explored ?”

Numbers stations and shortwave/burst transmissions. Still in field use.

Thoth July 22, 2016 8:07 PM


Open Source CyanogenMod Android OS Might Turn Unsupported from the company who created it. The support of CyanogenMod OS would likely be left to the Open Source community as Cyanogen Inc. might start to lay off employees especially in the CyanogenMod support department.

CyanogenMod/OS could have competed with Google to create a more secure version of Android as it’s defaults but it seems it has lost that very opportunity by giving up on the community side in a bid to cut loses.


Anon July 22, 2016 8:44 PM

@neill: one-way secure comms have been around for decades (nay centuries)! You won’t find much as it is still current! 😉

@Daniel: I find the whole “havk them back” to be weird. Hackers to worry about will be using systems that aren’t theirs, and switching machines often, so all that will happen is you end up hacking … what? Totally pointless!

@All: I didn’t know Win 10 shipped with an in-built video recorder. It can record 30 second rolling video of the entire screen, and no apparent way to know it is active. Has anyone looked to see if this functionality has any undocumented features?

furloin July 22, 2016 9:54 PM


Do you not realize most IT ‘certifications’ are just pay walls used to keep those with knowledge but without money outside of big business IT jobs in the UK and the Americas? Maybe I am just missing something here.

Markus Ottela July 22, 2016 11:11 PM


“i wonder if “secure one way communication systems” have been explored ?”

Been exploring them since 2012.

“e.g. your electricity meter sends encrypted UDP packets regularly to your power company, albeit with a fake sender’s IP since you never expect and never allow traffic to come back”

Companies that manufacture electricity meters probably want to be able to read and update the firmware remotely. Where unidirectional transmission is used, the functionality is usually enforced with hardware data diodes. An example would be a power plant where meters need to be read remotely without risk of becoming exploited from network.

“might be more safe than today’s devices”

This is funny; Data diodes are so old their patent hits 20 years (and expires?) in 2017. But they’re AFAIK still extremely rare.

“automatic updates (even for firmware) etc opened too many doors for hackers”

The issue is many systems behind data diode require updates, as there’s always a feature to add or debug.

r July 22, 2016 11:48 PM

@Mike Barno,

I stegosawthat.

@Nick P,

Thanks for the enum.pdf.
I’m going to grok that like a document on hooking. 🙂

Ted July 23, 2016 12:03 AM


I forgot that the A+ is a two part exam so the cost is USD 398 | GBP 232. There are a variety of study books available for around $30 or less, plus many free online resources. You might find this guy worth a visit

Clive Robinson July 23, 2016 12:10 AM

@ neill,

i wonder if “secure one way communication systems” have been explored ?

There are actually many systems and it rather depends on what you mean by “secure one way communications”.

From a more theoretical perspective all communications are actually considered “one way” in that you have a single Shannon Channel in which information passes from a transmitter to a receiver in a noisy bandwidth limited channel. Shannon came up with this model from studying secrecy systems.

Back in WWI radio systems were somewhat primative and it was quickly realised that you could not realisticaly hide the transmitter from the “enemy” (see history of British Admiralty Room 40) thus you had to protect the message content by encryption. But it was also realised by U-Boat activity that two way communications revealed the location of both ends which made shiping vulnerable to attack. Thus methods to protect not just content but from transmission errors was needed. This gave rise to the early Fleet broadcast systems some of which were used to transmit just weather information.

By WWII things had moved on a lot the German idea of rapid attacks to overwhelm defences was absolutly reliant on radio communications to maintain control of the attack to stop what we now call “blue on blue” attacks. Thus radio systems were developed to much higher standards. In Britain it was finaly realised by one or two people that much intelligence could be derived from radio networks or “nets”. There are funny stories about the British getting thousands of coloured pencils from America and other places under very great secrecy. The reason was that the analysts at Bletchley gave each net not just a name but a colour as well such that net identification was visually more apparent. This gave rise to what became known as Traffic Analysis, and up until the early 1980’s it was a secret that the British and their American Allies wanted to keep rather more than they did the breaking of the German Enigma cipher system (see behaviour by UK and US SigInt towards Gordon Welchman). The reason can be seen by the difference in success the British had against various parts of the Axis forces. In essence the later plugboard Enigma was in practice unbreakable from just the cipher text, and the initial breaks by the Poles were down to the German KeyMan issues, that were later changed. The Enigma still had a fatal flaw which was that due to it’s reciprical nature no plaintext char would encrypt to it’s self. It was this that enabled the British to use “Known Plaintext Attacks” on their bomb systems.

However there was one series of nets the british had only occasional success and then only due to errors in German signaling systems and this was the Naval systems under Karl Donitz. He had read Churchill’s account of the goings on in Room 40 and was thus very much more aware of Radio Security than any others at his level of authority. Which was why the German Naval Enigma was sufficiently better and operated more securely than any other radio network. It would not have been broken at all except for “pinches” and that the German Navy had to work with the harbours and merchant marine which via the very much weaker “Dockyard” and “Weather” ciphers gave “known plaintext”. However towards the end of the war Karl Donitz changed from “Fleet Broadcasting” with a Net key schedule to individual key schedules for each U-Boot and it was only because the Atlantic war was virtually over that this loss of a way into U-Boat command traffic was not a compleate disaster.

During the Cold War Russian spys used not just Fleet Broadcast systems for one way traffic from Home to Out stations but individual One Time Pads for agents as well, even when the agents were acting in rings with only a single radio link. This was due in part to the way return traffic was handled. In many cases spys did not use high power transmitters back to their home countries, but low power short range systems that worked from vehicles back to the embassies.

However the technology had a problem untill the 1980s which was “local oscillator” (LO) and “Intermediate frequency” (IF) leakage. Put simply a radio receiver contains a radio frequency oscillator which is like a mini-transmitter. If it leakes it can be received and used to determine what frequency the radio under observation is tuned to[1] and by direction finding[2] find the location of the reciever. However you do not have to tune a receiver into the actual frequency the radio is tuned into to receive the transmission it is listening to, you can if close enough simply tune into the fixed IF[3] and demodulate that. In practice when you know where a receiver is you monitor the IF to see if the radio is turned on or not. If it is you can sweep down or up it’s known RF band and get a “bump” from it’s IF this then alows a surveillance officer to get an initial fix on the LO which can be received from much further away. During the cold war this sort of surveillance was done from aircraft to see who might be tuned into Number Stations and the like. It exploited a weakness in the Russia system, in that the Embassies radio operators would tune into the Numbers Stations to check the reception quality such that local jamming etc could be identified so that the likelihood of agent’s receiving the broadcasts could be sent back to the home control.

Some of the Fleet Broadcast ideas will work across IP networks and it’s something I’ve suggested Tor and other mix-nets investigate.

[1] In early “superregenerative” and later direct conversion receivers the LO was actually tuned to the frequency of the signal it receives

[2] During WWII many SOE and other radio operators were found by the German Radio Security Service, not by them transmitting, but by DIrection Finding the local oscilator leakage that could be received many hundreds of meters and sometimes several kilometers away.

[3] Listening in to the IF leakage was the way the British GPO television detector vans used to work. When I was quite young there was a TV program called Thunderbirds I liked a lot, but one of my parents did not, so I did not get to watch it very often. However I discovered that I could hear the sound around 90MHz on my FM radio. It was only on explaining this to a school friend who’s father was a Radio Amateur that I found out why (it was a harmonic of my neighbours TV IF). It was only after I had the radio bug seriously that my friends father let slip he had worked for the British Radio Security Service during WWII and as I discovered the techniques myself explained I was “not the first” to discover it. Some years later when wearing the green I got to meet Tony Sale who rescued Bletchly Park and I realised he was Peter Wrights old MI5 colleague and we swapped stories about things “radio security” most of which were about the failures not the successes, such as an MI5 officer being rushed to hospital with burns due to a “technical fault” with a hidden transmitter in his trousers…

Grauhut July 23, 2016 12:23 AM

@Daniel: “This most certainly will end well if by ending well one means creating utter mayhem.”

I dont think so, my personal highscore in the codered/nimda stoneage was around 80k remotly dropped default routes (after a net send administrator “patch your f…n malware cannon, see link …”). 🙂

Thoth July 23, 2016 1:17 AM

@Clove Robinson

How would a war zone journalist be able to send back video feeds with lower chances of getting detected by militaries or armed groups finding out and then executing the war zone journalist ?

r July 23, 2016 2:20 AM


Trusted Couriers and Encryption #1,
Hacked Transceivers/Uplinks (maybe point-to-point microwave stations) #2

That’s all I’ve got.

neill July 23, 2016 5:09 AM


thank you, fascinating stories!


wonder why we don’t use those “data diodes” much more, IMHO that would prevent “casual hacking” a lot

i have used “write only” (for documentation) and “read only” folders in NTFS, EXT3 etc but then any kernel access can circumvent those perms

wish we all were not beta testers and wouldn’t need firmware updates that often

personally i don’t mind setting a PCB jumper for the sake of security … but users are so spoiled these days!

Thoth July 23, 2016 5:40 AM

@r, Clive Robinson

Ops … typo again for @Clive Robinson’s name.

Trusted couriers can be problematic if you are new to the country. There is also the problem of getting a trusted courier killed and then no one dares to be your trusted courier.

One of the reason I am asking is because of the MIT’s Media Lab Forbidden Research Live Webcast where Snowden pointed out one live example of a journalist killed by artillery fire by the Syrian military who disliked her reporting and it was suspected that she was traced by her electronic emission (and probably broadcasting ?) and the electronic emission was used to “walk the arty” to bombard and finally kill her in a barrage of arty firing (in cold blood .. or hot blood ????) .


Abother_Clive_Fan, July 23, 2016 7:18 AM

I second Thoth’s suggestion that Clive, r, and possibly others, look into the bunnie and Snowden research. (interestingly behind cloudflare) ; mentioned in MIT media lab talk ; posted by ianf ; posted by JG4

Gerard van Vooren July 23, 2016 7:36 AM

@ Nick P,

You are well informed about new technology. Do you know of source code implementations for Etypes and MinimaLT? I don’t mean some hobby stuff but the real deal. (what is taking them so long btw?)

About ASN.1, are there currently plans of redesigning this protocol or replacing it (again on the real deal level)?

Clive Robinson July 23, 2016 8:18 AM

@ neill,

thank you, fascinating stories!

They were not ment as stories alone but food for thought / pointers to finding out more about what you are looking for (certain people think my replies are “to long” thus abbreviating coherently and in a readable way with out producing lists ends up with a brief narative time line).

With regards,

personally i don’t mind setting a PCB jumper for the sake of security … but users are so spoiled these days!

It’s not a case of “spoiling the users”, but cuting production line costs by a a few tens of cents, whilst reducing or eliminating the expensive “physical” part of rework / returns / support. As has recently been seen with domestic road vehicles even a software upgrade can cost millions, replacing a small 10Cent component tens to hundreds of millions, and thats all before the fines of having emmisions test cheating software found out… All these costs come out of profit, and oddly perhaps it is the regulation of the industry that has created the “slack” in finances that will stop these companies going to the wall, but it will reduce inovation and make more problems down the line as a concequence.

@ and Markus,

With regards data diodes, I’ve been building serial data diodes using the likes of opto couplers since the 1980’s (for the likes of the UK IC / Royal Signals back then) in part as a universal level converter, in part for galvanic issolation but also to reduce TEMPRST and similar EmSec issues. To that effect I’ve augmented them with “re-clocking” and “frame checking” using UARTs and microcontrolers, and to make them also act as “terminal concentrators” to drive radio / line modems. And I was certainly not alone in this respect, others like Trend were in the same game all be it at eye watering prices.

Thus I seriously doubt the patent that has been mentioned has any enforcability even in the US as prior art is well established and as such I think it is a “nuisance patent” used for leverage / negotiation not to protect an original idea, or novel secondary application idea. Like @Bruce I don’t advise the reading of patents as US law has some real nasties for the unwary…

Sad Kuwaiti Incubator Baby July 23, 2016 8:18 AM

@Thoth re the Intercept’s offhand example of Colvin as a journalistic victim of demonic great satan Syria. Colvin would be a sympathetic and high-profile example of extrajudicial killing by SIGINT – except she’s probably just another Jessica Lynch propaganda poster girl.

The judicial complaint for the DC Circuit

is this gripping yarn with a lot of who did what to whom, and a detailed timeline of bureaucratic decision-making but no sourcing at all. It’s the sort of detail that would have had to come from HUMINT or more likely SIGINT. How are the plaintiffs planning to substantiate claims based on intelligence sources and methods? And considering the track record of past US Syria intelligence, how will the plaintiffs prove it’s not just more fabricated bullshit?

The only documentation provided is a memo that includes these words:

“You are requested to apprehend these persons, particularly those inciting people to demonstrate, financiers of demonstrators, members of coordination committees who organize demonstrations, agents who communicate with persons abroad to perpetuate the demonstrations, and those who tarnish the image of Syria in foreign media and international organizations.”

Boilerplate counterintelligence. The word “apprehend” doesn’t do a lot to substantiate the murder plot.

Testimonial evidence of artillery targeting the building is probably the plaintiff’s best stuff. But the allegation is, that the building was targeted by Syrian SIGINT. That would be the same sort of targeting that routinely leads the US government to blow the arms and legs off widows, orphans, blushing brides, village elders, winsome moppets, tall guys, old guys gathering firewood, groups of guys conversing, and of course everybody who goes near a journalist. How likely is it that a circuit court will set a precedent that establishes state responsibility and criminal liability for SIGINT targeting under Article 51(2) of Additional Protocol (I), Article 13(2) of Additional Protocol (II) to the Geneva Conventions (June 8, 1977), and the precedent of In re Yamashita and the ICTY?

So the case is a stunt, even if the plaintiffs don’t know it. The media echo chamber screams CIA war propaganda. You want a clear-cut example of targeted journalists, try Kareem Khan.

Clive Robinson July 23, 2016 8:47 AM

@ Thoth,

“Clove” hmmm… How spicy / fragrant[1] you make me sound B-)

With regards,

How would a war zone journalist be able to send back video feeds with lower chances of getting detected by [local hostiles]

There are two parts to this. The first is the actuall detection of the transmission, the second the discovery of the equipment to do it.

Of the two it’s the discovery of the equipment which is going to get you the worst treatment. Because you can not bring it into the country openly or purchase it there, thus you have to smuggle it in some how. Which automaticaly makes you either a criminal or non diplomaticaly protected agent of a foreign power (NOC / Illegal), which carries a death sentence without civil trial in many places, or summary execution in a war zone.

Neither is a good place to be in, so you need to look at “dual use” equipment you can legally bring in or obtain in country, such as satellite phones, laptops, digital recorders. The trick then is having the technical smarts to be able to do what is necessary to setup a sheilded satellite uplink and compress your “data” to fit in the bandwidth and duration of an ordinary conversation.

I know how to do much of this, and you can find out how to do much of it by “thinking hinky” having read what others have done as hobbies. @Figureitout almost certainly has demonstrated sufficient knowledge (even if the penny has not yet dropped for him, which I suspect will happen a few minutes after he has read this 😉


Scott "SFITCS" Ferguson July 23, 2016 9:23 AM

@Clive Robinson

you need to look at “dual use” equipment you can legally bring in or obtain in country, such as satellite phones, laptops, digital recorders.

Perhaps an option is to simply not be in the same location while uploading takes place… “smart phones” are cheap(er than lives)?

ianf July 23, 2016 9:28 AM

@ Another_Clive_Fan, Thoth,

What can be gleaned (“inferred”) from the Snowdenthe-new-radio-interference-indicative-iPhone-case-designer announcement in The Guardian:

(1) it is in research project stage, they have a mock-up, no prototypes yet to show to the press;

(2) Andrew Huang of MIT is the brains behind it;

(3) Ed Snowden has been attached to the project for media interest/ idea marketing value (nothing wrong with that, ES obviously liked it well enough to come aboard);

(4) there is nothing there yet to research by interested 3rd parties among ourselves.

    When the duo has a prototype ready, they’ll tell the world, and we’ll get to hear about it. Only then can we issue a collective-cry RFC to Clive “The Scented Scientist” Robinson.

Clive Robinson July 23, 2016 9:58 AM

@ Another_Clive_Fan, All,

I second Thoth’s suggestion that Clive, r, and possibly others, look into the bunnie and Snowden research.

I’ve not yet read what Bunnie and Snowden are researching, but I’ve mentioned in the past how to detect a mobile phone smart or otherwise transmitting.

All you realy need is a cheap transistor radio with an AM band and a little knowledge of where to add a loop of wire.

All mobile phones transmitters generate an EM energy signiture which a diode probe can pick up and envelope demodulate. The detector in a cheap AM radio is usually a transistor biased to act like a diode probe. If you have a cheap AM radio handy, turn it on and tune it to a quiet radio station, adjust the volume and put your mobile phone on top, then from another phone call it. If it’s a GSM phone you should hear an unpleasent grating buzz start a second or so before the phone starts to ring, and it will continue for the duration of the call. What you are hearing is the envelope of the GSM signal.

Not all AM radios these days are sufficiently cheap in design or the AM detector circuit might have extra bits to protect it. This is where you need to know a small amount about electronics and how to solder. The first thing to look up is the use of an 1N4148 general purpose signal diode as a diode probe for a voltmeter or osciloscope. The circuit is usually just a length of RG174 or similar thin coax (mic coax will do) the diode a resistor a small value capacitor (1nF etc) and a 10K resistor. Instead of connecting this to an oscilloscope connect it to the “mic input” of an amplifier or computer sound card. What is shown as the tip of the probe just needs a loop of insulated wire about three inches in length that will go around the phone. This should produce the desired noise at a quite high level.

Unfortunatly a diode probe on it’s own is suspicious even sitting at the bottom of a bag of “odds and sods” cables, so it needs to be effectivly hidden. This is where a little knowledge of cheap radios comes in handy. In most cases the audio amplifier of the radio is connected to the wiper of the volume not the top from the detector or bottom going to ground. If you connect the diode probe to the wiper then you should find it works rather louder than you would like. Thus it is better to add a switch such that the internal detector is switched out and the detector switched in. In all probability you will not need the 10K resistor as the volume control resistance will work as well and also you might not need the capacitor, just the diode and wire loop. Back in the “old timer days” when sound engineers kit was unreliable, they knew how to fix their kit on the go so making such a modification was well within their capabitities.

Any way the other thing you need is not an Apple smartphone but one where you can fairly easily open the case, and get at the battery wires so you can solder a “gimic switch” like a NC reed relay in so you can disconnect the battery by use of a magnet etc.

Any way that should give the mildly technicaly competent enough information to build their own EM energy detector.

Which reminds me @Figureitout, have you had any thoughts on using a Grid Dip Oscilator as a transmitter and receiver at 14Mhz or there abouts? Have a look at GDO designs and minimal QRP sets, you will be surprised at just how similar the test kit is to the transceiver kit. Adding an XTAL test circuit more or less makes it compleate…

Slime Mold with Mustard July 23, 2016 10:06 AM

Would the commenter who, a month ago, predicted that our resident sage would answer both “yes” and “no”, please stand for applause?

Which is in no sense meant to suggest anything but that Clive is completely correct.

@ Clive
“..which made shiping vulnerable to attack. Thus methods to protect not just content but from transmission errors was needed”.



Scott "SFITCS" Ferguson July 23, 2016 10:26 AM


a la: hacked transmitter.

I think you miss the minor difference between device and location of device. i.e. the difference between being blown up and having a common dual-use transmitter blown up instead, and projecting McGyver fantasies onto the average journalist, and reality.

No hacking required (unless you call cron hacking)


there is nothing there yet to research by interested 3rd parties among ourselves.

There is a fair amount, I can only speculate as to the relationship with his recent lawsuit against the USA government – I note that it’s currently illegal to modify an iPhone 6.

r July 23, 2016 11:22 AM

@Scott Ferguson,

I don’t believe so, most injection/monitor mode capable wifi chipsets could be construed as reasonably dual use and re purpose able.

The problems that have been illustrated are range and power.

You can’t smuggle large long range, smuggling non transmitting carriers is dangerous, mesh networking could lead to major crackdowns (albeit potentially near light speed itself), and small covert dual use technology with short range capabilities.

But one can build an antenna out of just about anything, subs used to drag wire lines for low baud.

Covert and dual use is of the utmost importance.

Moderator July 23, 2016 11:55 AM

@Scott Absent those features, the moderator can help; your post has been corrected.

Nick P July 23, 2016 12:27 PM

@ Gerard

The MinimaLT project is an academic prototype with little staff slowly working toward a release. DJB mentioned handing it off to someone adding that DJB et al mainly helped with thd crypto. Etypes I cant remember for some reason. Not E lang or Combex people was it? Need a link.

Far as ASN.1, you shouldve known the answer: it’s in legacy mode ( aka we fucked forever) like most Internet protocols that use it. The good news is that it’s not inherently bad or impossible to parse. The next good news is most high-assurance folks work on semantics. So, stuff like this is happening. They open-sourced CRYPTOL, BASE64 encoder, Xen/Haskell stuff, and do on. Hopefully they’ll FOSS this, too.

Markus Ottela July 23, 2016 12:29 PM

I’d imagine they’re quite expensive, $10k..100k. Have no price quote though. Depends how many you’re buying. Whenever I hear people talk about intrusion prevention it’s about firewalls and patching up the system. People either haven’t heard of data diodes or if they have, they don’t want to implement red/black architecture on a company scale system. Security-critical things such as signing keys are usually stored in HSM devices or airgapped computers. I’d imagine data diodes are used in banks, defense industry (which makes me wonder how F-35 plans got stolen) and in new critical infrastructure.

“i have used “write only” (for documentation) and “read only” folders”

One thing I did when I started was I used live distro during network connection, and what ever I wanted persistent I copied to external drive after I had disconnected networking. Then I’d disconnect the drive, reboot and reconnect to network. The amnesic property (and RAM overwriting of Tails) gives decent protection against data exfiltration of previous sessions. It works for exporting data as well. Boot without network, copy the things you have to live system, disconnect drive and connect to network. Finally, reboot the computer with either configuration. It’s not perfect by no means but provides additional security for when you don’t have another, airgapped computer available.

@neill, Nick P, Thoth et. al.
“wish we all were not beta testers and wouldn’t need firmware updates that often”

I understand. But from the viewpoint of a developer, it would require extreme efforts to get everything right the first time. I have no solution to the problem of people having to buy new hardware every time TFC updates to a version where you need new dependencies (that is, unless they want to risk their keys by re-connecting the transmitter computer to network. The receiver and networked computer can be updated over the network with reasonable assurance and with no risk to keys though. I’ll have to see how it could function.

An even worse thing is, every time I make crucial changes to protocol, all previous versions become incompatible. The changes are always improvements, and I have to think about it in the long terms and improve as early as possible, to prevent a catastrophe. Support for “legacy protocol” would add complexity (opposite of security) to the software.

“but users are so spoiled these days!”

And that’s a big issue. Even if you ran GPG on a data-diode separated, split TCB, your contacts are not likely to do the same. And even if you setup the hardware for them, they might accidentally break the separation; “I wanted to forward the file.” “What? I don’t have time to copy all that by hand!” “What is private key?” “What is exfiltration?”

@ Clive Robinson

Interesting. Was the EmSec protection to protect plaintext transmissions or to prevent unintended emissions that are conducted from computer’s other operations to the cables?

“others like Trend were in the same game all be it at eye watering prices.”

Any chance you could give a ballpark figure?

Scott "SFITCS" Ferguson July 23, 2016 1:04 PM


The problems that have been illustrated are range and power.

Where? Best I can tell is that mobile phone networks function even in ISIS territory.

But one can build an antenna out of just about anything, subs used to drag wire lines for low baud.

(Emphasis mine) You can. Which, sadly, doesn’t solve the problem – “how does a journalist upload video in a war zone?” (with being targeted by enemy fire, or arrested/shot for carrying a prohibited device)

A hardware solution that’s expensive, requires technical skills, or the risk of being caught doing something illegal – is possibly not the optimal solution for a journalist. And of decreased value if the end-user doesn’t use it (correctly).

There’s no compelling reason for the journalist to be at the location of the device (target zone) when it’s uploading.

Smart phones are cheap and easily configured to upload at a pre-set time, small, reliable, found almost anywhere there are people – and often not considered prohibited items for journalists (or cause for additional suspicion). Any cheap rootable Android should do the job, provided it had good reception (bonus if it has one of those antennae test sockets near the battery with the little button in the middle that disconnects the on-board aerial); an externally accessible micro-SSD slot.

Hiding the transmission might be an unnecessary complication unless jamming is a consideration. Smart phones are capable of camouflaging video uploads. That capability, plus upload-at-a-given-time are easily made into simple event-triggered tools e.g. swipe in a given pattern to bring up hidden video timer upload app – which wipes the connection records, config records, and re-encrypts the SSD after it finishes.

An ideal scenario might be to carry two phones:-

  1. Used regularly, taking photos and video which can be configured: to save to the phone by default, but with a single action that enables changing the default to the (encrypted) micro-SSD. The option should very clearly show what is the current default action. Moving images or video between the SSD and the phone should be simple.
  2. The other phone is just used to send videos/reports. Insert the SSD from the main phone, power it on, set the timer and upload method/and or connection settings, drop the phone and move away.

If most of the software evidence is on the (easily hidden) SSD card the approach should be:-

  • technically feasible (the mobile phone network is accessible almost anywhere there is war)
  • cheap enough to be afforded by most
  • simple enough to be used by most
  • safe and reliable enough to be useful


Thank you.


Hacks, are just ways of changing the intended functionality of something. cron isn’t the only target.

With the greatest respect, given that using cron for timing requires no change of functionality – I don’t believe it’s healthy to recognise the twisted logic that would label using cron (a timer) for timing, a hack. That might lead to Idiocracy becoming a documentary from the near-future. :/ 🙂

ianf July 23, 2016 1:23 PM

@ Scott Ferguson […] “An ideal scenario might be to carry two phones:

Less than ideal, so let’s make it more optimal:

    Carry 1 + n prepared phones over the border. Why the n? “Gifts to family, etc”

    Cache the additional phones + locally for cash acquired SIM cards in safe places that won’t be associated with you. Wipe them clean, and make sure that neither the phones nor the SIM cards have serial numbers in sequence.

    When the time for (preset) transmission comes, treat each phone as one-time transmitter/ abandon it. Make sure not to be caught on your way to/ from its resting place.

    Repeat until you run out of phones or until the opposition comes onto the method. Go home in one piece.


ianf July 23, 2016 1:35 PM

@ vas pup – hasn’t your mother taught you not to automatically believe everything you read? Apologies if you’re motherless.

albert July 23, 2016 1:59 PM

@Clive, etc,

Super simple FM detector:

Never got around to building one.

This design could be built for “fixed”-frequency operation very compactly. Lacking an audio amp and antenna, it might truly be a mystery box. I wonder if some of the circuit could be potted?

. .. . .. — ….

ianf July 23, 2016 1:59 PM

@ Scott Ferguson

Please note the given narrow scope of my dispatch before questioning its narrow-mindedness(?). I still say that UNTIL Huang & Snowden come up with something that CAN BE put up to debate, we’d at best be speculating – and then to what NIL purpose and effect?

    (Just as you admit to be doing in the case of the lawsuit—which I understand isn’t so much “Bunny’s” as the Electronic Frontier Foundation’s, on his and Matthew Green’s behalf – unless we’re talking 2 different lawsuits, which I have yet to research in shallow depth. Let’s say the lawsuit and the MIT announcement are somehow connected in time and intent – so, yes, AND?)

Gerard van Vooren July 23, 2016 2:01 PM

@ Nick P,

Etypes is a binary type safe data serialization protocol (and more) meant for IPC developed by roughly the same group of people who developed MinimaLT. See this link. For what I read from the paper it forms the basis of MinimaLT.

Two of the developers (djb, Tanja Lange) are now working for the EU post quantum crypto project.

Funny note is that NIST is now starting a “competition for post-quantum systems” (after the EU PQ crypto project had already started). I think NIST is fearing technological relevance in this subject.

“Far as ASN.1, you shouldve known the answer: it’s in legacy mode ( aka we fucked forever) like most Internet protocols that use it. The good news is that it’s not inherently bad or impossible to parse. The next good news is most high-assurance folks work on semantics. So, stuff like this is happening. They open-sourced CRYPTOL, BASE64 encoder, Xen/Haskell stuff, and do on. Hopefully they’ll FOSS this, too.”

As a side note, I am beginning to realize that FOSS is the only software deployment worth investigating.

Nick P July 23, 2016 2:16 PM

@ Gerard

“As a side note, I am beginning to realize that FOSS is the only software deployment worth investigating.”


Gerard van Vooren July 23, 2016 2:58 PM

@ Nick P,

Why do I start to realize that FOSS is the only software deployment worth investigating? It’s because of experience. A long time ago I trusted MS to do the right thing. But again and again that trust was misplaced. And that counted for a lot of other closed source software too. So I started to use open source and FOSS. I thought, what’s all that fuss with FOSS, why not open source? But here the same thing went on. You could have toys with open source but the real deal was closed. With FOSS that’s not possible. Note that in all those years I never got the finger on the issue but it was there. The writings of Cory Doctorow made it all clear. He said:

“So, as you might imagine, I’m here to talk to you about dieting advice. If you ever want to go on a diet, the first thing you should really do is throw away all your Oreos.

It’s not that you don’t want to lose weight when you raid your Oreo stash in the middle of the night. It’s just that the net present value of tomorrow’s weight loss is hyperbolically discounted in favor of the carbohydrate rush of tonight’s Oreos. If you’re serious about not eating a bag of Oreos your best bet is to not have a bag of Oreos to eat. Not because you’re weak willed. Because you’re a grown up. And once you become a grown up, you start to understand that there will be tired and desperate moments in your future and the most strong-willed thing you can do is use the willpower that you have now when you’re strong, at your best moment, to be the best that you can be later when you’re at your weakest moment.”

That is what FOSS is all about. It doesn’t allow you to misuse the code when you are at your weakest moment.

Dumber than Nick P and Clive Robinson July 23, 2016 3:51 PM

Nick P and Clive Robinson, i got to ask how do you guys know so much? Have i been living under a rock this whole time? If you can recommend any books that would be greatly appreciated.

Clive Robinson July 23, 2016 4:22 PM

@ Markus Ottela,

Was the EmSec protection to protect plaintext transmissions or to prevent unintended emissions that are conducted from computer’s other operations to the cables?

Mainly to stop “unknown” signals in both directions, that is emmission and susceptability. The aim is to put in a bandwidth / energy choke point in to stop the smart attackers who not content with passive listening illuminate your equipment with various EM frequencies modulated to encorage faults or cross modulation, thus lift out information that otherwise was not available.

With regards Trend equipment pricing it was a third of a century ago, and the easiest way to compare is it cost a little under a years wages for an engineer at the time.

r July 23, 2016 5:25 PM

@Scott Ferguson,

My apologies ahead of time for this division on semantics, but if I commandeer your car without sitting in front of it… is that car jacking or car hacking?

It doesn’t matter if it’s only a single bit different, I still modified it’s purpose for me and mine.

Also, I don’t know where you got the idea that I don’t advocate [ab]using a phones versatility. I buy water proof ones every three months but switching carriers and I get them for free, Qualcomm trustzone and all.

Waterproof phone + duct tape and a custom apk/ROM can keep you well ahead of the Jones’.

Drone July 23, 2016 6:45 PM

@Gerard van Vooren,

You said: “That is what FOSS is all about. It doesn’t allow you to misuse the code when you are at your weakest moment.”

Yeah right, and OpenSSL caused my “Heart to Bleed”…

Rebecca Hadron July 23, 2016 7:18 PM

(I’m working off the backlog)

@ Rebecca Hadron of July 14, 2016 11:24 PM – are you still with us, or should I skip composing a reply?

@ianf That would be k-k00l. That would be k-rad

And, regarding our friend Clive and his recent experiences.
The film Transcendence starring Johnny Depp is actually a factual account of Clives experiences some 50 years ago
The rather attractive french female engineer was interviewed and thus it was agreed that Johhny Depp was the only person suitable to play the man himself

Over It, So Boring July 23, 2016 7:25 PM

so, can all the BLM // ferguson / guns / general arguing hysteria about yankee LEO move to another forum where it’s actually on topic?

unless, Bruce specifically posts a security related story related to these topics whereby the comments can specifically relate to BLM and pigs pulling guns on innocent civvies etc . etc.

Thoth July 23, 2016 8:37 PM

@Markus Ottela

“I’d imagine data diodes are used in banks”

Unlikely and they have no idea what these are. The highest assurance they know of is simply HSMs and anything requires “Secure Execution”, they will look for HSMs. It’s a pretty survivable business selling these stuff 🙂 .

I have known people who worked for the local Government and they have never even heard of the word HSMs (despite in the local Government’s ITSec circle) until they come to know about it from me. The only people knowing HSMs are banks, telecoms and defense industry for the most part which I have been into their DCs before and taken a look while servicing them.

“Whenever I hear people talk about intrusion prevention it’s about firewalls and patching up the system”

That’s exactly what people thought I was doing when I say I am a Security Engineer working for an InfoSec/DataSec company. Fact is we don’t carry firewalls and ITSec is a huge market but somehow the eyes of ears of most people associate it to firewalls and anti-viruses (as these are the common products). What that is usually handled is Cryptography, Secure Execution (inside the Thales nCipher HSM’s SEE), Identity Management (via CyberArk/CrappyArsked) and Secure Key Storage (HSMs) so it quickly breaks the notion of Firewalls and AVs for ITSec and people get curious and to add on top of that they never heard much about crypto (except from news media) and HSMs is the rarity.

To be exact, ITSec can be put into a very wide variety of discipline from CommSec, Info/DataSec (Encryption and Secure Keystore), Software Assurance, Hardware Assurance and many more.

“what ever I wanted persistent I copied to external drive after I had disconnected networking”

My method would be to buy multiple small capacity USB storage and use a signing key in a smart card to sign (encrypt if needed) it and then store them multiple copies. It’s less secure without the air-gap but as I only have that many computers on hand, I have to make do with what I have. Of course RPis would be a nice advantage to confuse them but end of the day if you are backing up stuff (and uploading codes), you are better off just making multiple copies and signing them. Of course code signing does not equate to good codes or anything meaningful other than the binaries are not tampered.

“but users are so spoiled these days!”

Thus, only give information you think the users can handle. If it’s utterly secretive, ask them to come to your house and show them from your TFC setup. Give them a pat down and remove video and audio recording devices if necessary.

crypto advice? July 23, 2016 9:34 PM

can anyone (Eg @ Tyr, @Thoth @Nick P , @ Clive @ Markus Ottela @ amongst others) suggest a reason NOT to recommend VeraCrypt for a non infosec / OpSec profesional , which means virtually everyone ?

assessing the pros and cons, vera crypt is easy to use, is FOSS, is versatile without being ridiculously complicated. It is the successor to Truecrypt in form and function and indeed remedies some of the flaws
going through all the FOSS options it appears to stand out from the crowd and tick every box

a search of this forum doesn’t appear to bring up any commentary about VeraCrypt, one positive outcome of my question is, some positive feedback here (About Veracrypt or another FOSS crypto) may encourage other neophytes to apply full disk or partial encryption in the absence of other suggestions

It’s funny that with all the encouragement about crypto by Bruce and others there’s actually little literal advice for the newbies (read: the entire population). What do folks here prefer to use out of the box? (meaning, off the shelf options that don’t require some of the extraordinary expertise some of you have)

Data and Goliath had nada advice on FOSS reliable crypto which was very disheartening. I expected a great deal more considering the reputation of the author

Jen Gold July 23, 2016 9:37 PM

@Mike Barno

“Today’s (Friday July 22) New York Times has an article about the June 24 and July 15 broadcasts on North Korea’s Pyongyang Radio, containing lists of numbers like the old Cold War “numbers stations” broadcasts. Supposedly, the PRK used to communicate with agents in the RoK this way until de-escalating after a 2000 summit.”

nothing old or cold war about numbers stations. They still exist,
even in places where they would apparently have no rhyme or reason to.
they have a cult following akin to train watchers and continue to receive the full scale of deniablity

if I was in the trade I would consider them a brilliant utilitarian tool. Nice and old school.

ianf July 23, 2016 10:11 PM

@ Dumber than Nick P and Clive Robinson

Knowing so much easily turns into too much, and then becomes way too much. The art of sharing it then lies in selective, not wholesale unloading of it.

@ Rebecca Hadron

are you still with us, or should I skip composing a reply?

    “That would be k-k00l. That would be k-rad”

“k-rad” is ambiguous,
but even if it weren’t,
k-rad which: skip or

regarding our friend Clive and his recent experiences.

This “Our friend Clive” comes fairly close to the Dickensian “Our Mutual Friend,” which is not a friendly characterization (“c16n” Clive knows). None of us but C. was there, hence what can we know of his “experience” – I’m sure that, had he had any say in this matter, he’d have opted right out.

@ jengold – is that you, Jen, originally Chung? Heard you got hitched, and to a star (pace Ralph Waldo Emerson). If so, congratulations. If not she… ah well, your time will come.

Thoth July 24, 2016 12:04 AM

@crypto advise?
I am in the midst of creating my own file encryption tool and format which runs in a smartcard (mostly adjusted to my personal preferences and requirements for now). It’s incomplete and so nothing to recommend for now.

Although I would say I am still using the old Trucecrypt 7.1a as I still have a many copies of the same installer since many years ago and I am still fine with it for the intermediate time when my own security tool is still work in progress.

And yes, VeraCrypt is a better option but I don’t want to migrate over as a personal choice though.

Data and Goliath book I believe is not a recipe book on OPSEC and the likes but a general review of the political climate regarding ITSec thus probably a non-obligation to recommend anything for security until he decides to write another recipe book for security.

Clive Robinson July 24, 2016 12:35 AM

@ Albert,

This design could be built for “fixed”-frequency operation very compactly.

It’s operation is dependent on the Q and the stability of the tuned circuit, neither of which is good.

For those who don’t know what a slope detector is (and that’s nearly everybody these days) it’s a trick to make an FM signal that has a constant envelope have an envelope that varies with frequency, thus can be “envelope detected” as it’s the frequency changes you want to recover as audio.

Put simply all tuned circuits have a bandwidth based on the “loaded” circuit Q and “loaded” center frequency. Very roughly (and I do mean very) the frequency response of a single tuned circuit looks sort of similar to a normal distrubution curve you get taught in high school maths. With the bottom axis being frequency and the side axis being the response (or loss) amplitude. Thus if you tune the circuit such that the incoming FM signal is not at the maximum response but down either slope you will get an approximate AM envelope that the diode and integrator circuit will convert to an audio signal. Two things immediatly “come to eye” the first is you are losing response thus sensitivity as you go down the slope, and secondly the slope is only approximately linear at one place so the audio will be distorted in amplitude. What is less obvious is the circuit will respond to any signal that falls on the slope and thus two or more adjacent stations will be picked up and the strongest will dominate.

At 100Mhz which is aproximately the middle of the FM broadcast band you will be lucky to get a loaded Q of 10 thus your slope will cover a large part of the FM broadcast band. If you live in a low population area you might only have a handfull of FM stations to chose from, so the circuit will work for you. However if you live in North or East London you will find not just twenty or thirty licensed stations, you will gat as many again of unlicenced / Pirate stations. Thus you will be picking up ten or so stations atleast at the same time, which will not sound nice.

It’s this lack of “selectivity” that moved the radio industry from superregenerative receiver designs to superhetrodyne receivers with local oscillators and mixers to produce a much lower Intermediate Frequency where the Q of the detector would give much greater sensitivity but the preceading IF filter circuit would also give much greater selectivity. Cheap FM radios would also “tune” the RF amplifier to improve selectivity as well.

Anyway enough on Radio theory as @ianf will complain I’m off topic by to greater a margin or some other heinous crime 😉

r July 24, 2016 12:48 AM


“Knowing so much easily turns into too much, and then becomes way too much. The art of sharing it then lies in selective, not wholesale unloading of it.”

My grandfather used to say:

“A smart man knows what to say, but a wise man knows when not to say it.”

I guess I haven’t learned a thing. 🙂

Clive Robinson July 24, 2016 2:00 AM

@ Dumber than Nick P and Clive Robinson,

Perhaps, perhaps not, being smart/dumb is not based on what you know, but how you use what you know for an intended purpose. It’s almost certain you have interests that I or @Nick P have little knowledge of thus in those areas you would have a head start on us.

The important part of learning, is something teachers do not know how to teach, which is how to learn. Every individual is different and what works for some does not work for others. Politicians (as clueless as ever) have a habit of believing how they were taught is the best way… Which just about everybody else knows it’s not from their own experience. A simple fact that the politico’s don’t appear capable of understanding, is the worst time to test people is when it’s “getting into summer”… The result is the overal marks are something like 20% lower than they could be. Which might be great if you want to make argument about how teachers should do better, but penalizes students who have environmental sensitivity issues which most people do in one way or another.

Thus the three types of teaching that are around, “spray and prey”, “teach by drill” and “drill to the test”. When done well all three methods should be used. Teach by drill where the teacher makes you write out notes laboriously in longhand is a good way to get the basics in. Which you need to understand what comes with the “spray and prey” disemination of information, but it is reliant on the students actually engaging with the process. Drill to the test is a way of focusing a student to cope with a test environment as it takes out some of the unknown, it also alows for increased “cramming” at the week or so before the test, most of which will be forgoton two or three weeks after the test…

Thus the most important part of your education in any subject is how well you as an individual engage during the “spray and prey” phase. The more engaged the more you will not just learn but learn for life in a way that is usefull for you and an employer.

Thus the real problem for a teacher is getting those they teach to engage, to get them to not just see what they are being taught is usefull but interesting to them as well. Thus teachers have to be able to communicate a passion for their subject that will lift up those they teach, that is the passion has to be appropriate for the level of skill those being taught are at. Part of that is challenging the students and encoraging them to compeate with themselves to keep pushing forwards. This is difficult to do for just a couple of years, let alone a whole career.

I once only half jokingly told a political type, if we could get the same level of enthusiasm adult males show for sport, in children about science and mathmatics we would have the “better mouse trap” education system.

As for books, I have a dead tree cave with several thousand books in (about 20,000 pounds in weight so it’s got floor reinforcement). It’s neither portable or replacable as most of the books are long out of print. A few years ago I had a cull of Microsoft and Novel books, though I still have and use all my Unix books, which might tell a story to many (I expect @Gerard van Vooren might make a comment at this point ;). I also still have all my O’Reilly books, including the same book in different editions (perl and python in particular).

As for @Nick P, I often joke about his “link farm” which he claims he does not have 😉 however he has mentioned in the past he subscribes to various online publishers like the IEE etc.

One skill you should develop is “constructive skim reading”. As you develop a feel for a subject you should be able to pick up a book or paper look at the contents/index, introduction and conclusions and decide if it’s worth investing time reading the rest of it. Academic papers do however have refrences, some are just padding but some are gold mines of further information, getting a feel for these can give you almost laser like precision on finding further information.

Finally “student books” for higher level high school and degree education are worth keeping, if you have a wide bredth in subjects you will come across “phrases of art” that are “domain specific” and you can not hope to remember them all or which version they mean (you see “borowed terms” such as “entropy” that develope a life of their own in different domains). Thus you can look them up. I would like to say that Wikipedia had replaced the need for them, but that is unfortunately not true, the near anonymous contributers often have their own axes to grind.

Vote GPG/SSH like it's 1992! July 24, 2016 2:39 AM

@crypto advise

It’s funny that with all the encouragement about crypto by Bruce and others there’s actually little literal advice for the newbies (read: the entire population). What do folks here prefer to use out of the box? (meaning, off the shelf options that don’t require some of the extraordinary expertise some of you have)

Data and Goliath had nada advice on FOSS reliable crypto which was very disheartening. I expected a great deal more considering the reputation of the author

My Vote is GPG, same as it ever was. Then for the more adventurous subset of the entire population, I’d recommend learning SSH and/or dm-crypt on a FOSS OS. Reading the documentation for those things can be considered the optional long road forward from there.

Clive Robinson July 24, 2016 6:19 AM

@ crypto advice?,

Can anyone suggest a reason NOT to recommend VeraCrypt for a non infosec / OpSec profesional?

Sadly yes, it’s the wrong way to go about things as you have to consider “The security of the system” not “the quality/security of the application”.

It’s the old “weakest link” issue that @Bruce has mentioned on the odd occasion, or as it has also been put as “The vault door on a tent problem”.

You have to consider the entire computing stack from the base level device physics upto and above the corupt political/legislative level.

It fairly quickly becomes clear it’s broken beyond any single persons ability to secure, and as I’ve argued repeatedly in the past I do not think it is possible to fix at all no mater how many geniuses you put together to try to do it.

Thus if you can not fix it, you are only left with “mitigate it”. Whilst there is little you can do above the managment level because “stupid does as stupid will” you can mitigate the lower layers.

The first thing you have to realise is that to compromise you, the agent has to do two things,

1, Get access to your information.
2, Communicate the information to others.

Treachery is like fire, it needs both oxygen and fuel, remove either and it is extinguished.

I think it is now clear to anyone who can read a newspaper, that the UK government has effectivly corrupted the stack atleast as far down as the OS layer by legislation and the US has done likewise but in different ways. For most readers of this blog it should also be fairly obvious that the IAx86 based PC hardware is now corrupted by it’s manufacturer, and need I mention Win10 or any other Cloud insistent OS?

Thus any IAx86 PC you buy now and by far the majority of installed OS software, you should regard as irredeemabley back doored. So it is the first step that has been irreversibly taken and there is nothing you can do to change that. Thus you should consider any password/phrase typed on a PC keyboard compromised and hidden away somewhere pending the ability to communicate it to others.

Thus it is the second step you have to use by disrupting and preventing communication.

Whilst stoping the communication of the information is the way to go, it is often not understood what that entails, and thus why any crypto application running on the PC is not the way to go, if even a modicum of privacy let alone secrecy required for ordinary commercial confidentiality is the objective.

The NSA, GCHQ et al have long been aware that you absolutely must keep the entry of KeyMat away from the entry of plaintext or ciphertext. In the case of hard drives for computers these should be devices external to the computer and accessed through an “Inline Media Encryptor” (IME) with the caveat that “data is only secure at rest” and at no other time. That is when the “Crypto Ignition Key” is removed from the powered down IME and physicaly seperated from it via an approved KeyMan method… Or to put it another way the NSA, GCHQ etc know that in a powered up state a computer is an uncontroled Security disaster (as maning and Snowden have made all to clear, and the Chinese have known and benifited by with US etc weapons designs). Primarily that any KeyMat that touches a PC is irredeemably compromised hard drives or not (as demonstrated by GCHQ’s “Pinky-n-Perky on their grand day out shopping in London and with a little side visit to the Guardian basement to polish a political idiots machismo)… There are also cable distancing and other TEMPEST/EmSec requirments about how things are used when powered up. All of which is usually only for lowely Secret and below clasification (sort of inter office memo downwards not upwards).

So how to mitigate if your only option is to use IAx86 PC equipment and a crypto application?

The answer is use two PC systems and an enhanced form of air-gapping to stop all energy that might be used for covert communication by an agent to plaintext cross the gap. If you search back on this blog for “energy gapping” you will find my previous comments on how you should go about it.

However as I’ve said using a crypto application on any hardware made this century (ie after 2000) is potentialy compromised. Though equipment upto around 2010 that has been securely wiped and has a minimal XP or *unix (not the commercial Linuxes though) is probably OK. The reason for the dates is the usage of Flash ROM on I/O devices where malware etc can be hidden to survive reboots and hard drive wiping.

Personaly I would look at building your own IME and HSM as @Thoth and others have been discussing. Something along the lines of a Raspberry Pi with a Smart Card not just holding the KeyMat but doing the encryption/decryption as well might be a starting point. It will of course require a seperate system to put the KeyMat on the Smart Card…

Stanley July 24, 2016 6:29 AM

@crypto advice?

I’m going to answer your question on the assumption that you’re using Microsoft Windows because Linux has its own encryption.

On that basis I’d recommend against using VeraCrypt for Full Disk Encryption – there’s nothing wrong with using it to encrypt individual volumes.

There’s a few reasons so I’ll be brief:

Windows 10 (and Windows 8.1) introduced significant protections, including:

Secure Boot. PCs with UEFI firmware and a Trusted Platform Module (TPM) can be configured to load only trusted operating system bootloaders.

Trusted Boot. Windows checks the integrity of every component of the startup process before loading it.

Early Launch Anti-Malware (ELAM). ELAM tests all drivers before they load and prevents unapproved drivers from loading.

Measured Boot. The PC’s firmware logs the boot process, and Windows can send it to a trusted server that can objectively assess the PC’s health.

If you use VeraCrypt you lose a lot of the above protections because VeraCrypt DOES NOT support UEFI and you have to downgrade to legacy BIOS.

If you’re using Windows then I’d recommend sticking to BitLocker (found in Windows Pro). Bruce has said before that he uses BitLocker.

Do not confuse BitLocker and the free Device Encryption offered with all newer versions of Windows. The free Device Encryption doesn’t allow a pre-boot password and will force you to upload your recovery key to OneDrive (there is a way around the key escrow but it’s extremely fiddly). For average users that’s good because they have a tendency to forget their passwords – for “information security professionals” use BitLocker. Another benefit is that you can encrypt extremely large drives because there’s an option to only encrypt “used space”. The other option takes far longer. The first is recommended if the system is new or if you’ve previously been using FDE (i.e. no confidential information on the system).

I don’t believe that BitLocker has been backdoored and, if it has, then you’ve got bigger things to worry about (i.e. that Microsoft is prepared to backdoor their own encryption therefore Windows is likely to be compromised and therefore NO encryption solution will protect you).

Remember that big corporations use BitLocker. However you need to set it up correctly: ensure your recovery key is not uploaded to the cloud, use pre-boot authentication WITH a password (the default is TPM only), change the key length to 256-bit AES, configure an interactive user lockout after too many incorrect attempts (to protect brute force whilst your system is on but locked), ensure that all DMA ports are disabled (default settings block all new DMA devices when the account is at the lock screen), use a screensaver and NEVER use ‘sleep’ mode when using full disk encryption. There are a number of additional countermeasures you can take which will make attacking your system extremely difficult.

Of course remember to disable telemetry and all other non-essential reporting features.

If you’re very paranoid you can use BitLocker with multi-factor authentication – part of the encryption key on the TPM, part in your head (the password) and the other part on a USB drive. Without all three being present the computer will not unlock (unless you have the recovery key; that’s why it’s so important to keep that a secret). Thus even if you think TPM’s have been compromised by their manufacturer you will maintain security by using a password and/or a USB in addition.

Any attempts to attack the firmware etc. will result in BitLocker demanding the 48 character recovery key instead of your password. This makes brute force almost impossible.

I like VeraCrypt but I think you’ll lose a significant amount of in-built protection if you use it on a Windows system. If you’re a Linux user then use LUKS or eCryptfs.

Hope this is helpful.

Grauhut July 24, 2016 7:23 AM

Munich amok weapon came from #darknet, says German police.

To understand this one needs to know that censorship in Germany is to be privatized.

And the story is imho to be interpreted in relation to EU anti-firearm anti-darknet plans.

“‘Action Plan on illicit trafficking in firearms between the EU and the South East Europe Region’. The Commission has already called for a revision of the directive setting out certain minimum conditions for the circulation of civil firearms inside the European Union (EU) territory by 2016, this initiative is likely to be brought forward. A particular emphasis is likely to be placed on the trade of arms via the ‘darknet’.”

No good crisis unused!

Thoth July 24, 2016 7:34 AM

@Clive Robinson, crypto advise?

“It will of course require a seperate system to put the KeyMat on the Smart Card…”

Just buy another old RPi without the integrated wireless bloats or for the case buy a $9 CHIP computer as your Keyloading Device. For the specification, get a striped down Linux or maybe if you are more daring, write your own kernel. Strip out all the fanciful GUI, networking tools and everything you don’t need and won’t need until it’s close to the barebones. If you need, dremel out or desolder the wireless chipset on the $9 CHIP board to fully disable wireless backdoors.

Hook your $9 CHIP to it’s accompanying display and keypad module (check those for any possible wireless side channels but I guess there won’t be one ?) And then boot the stuff up. Use a USB CCID smartcard dongle (JavaCard for easy programmability of the smartcard USB dongle) or a traditional SC setup with card and reader.

Load your keymat by either physical input or by unwrapping key shares from a quorum. All these are tedious and troublesome for a good reason because the separation makes attacks so much harder and you are using a non-standard hardware making casual attacks far more difficult.

ATTENTION please! July 24, 2016 7:41 AM


Full ATTENTION please!

The shooter of Munich, Germany who killed 9 people last Friday bought his gun in the darknet.

You must start to contact journalists especially in Germany to counter a expectable and misleading discussion over “Forbid Tor because of weapons in the darknet!”.

Please contact at least Markus Beckedahl of, Patrick Beuth of and Christian Stöcker of

If you personally can’t do this in your new role as member of the Board of Directors, please let Kate Krauss do this right now. But I expect that German journalists will be more interested in what a Bruce Schneier has to say about it than a random PR manager of Tor. That’s how media works.

JG4 July 24, 2016 8:05 AM

this is directly relevant to Liars and Outliers

Altruism is favored by chance
Mathematicians may have found an answer to the longstanding puzzle as to why we have evolved to cooperate
Date: July 19, 2016
Source: University of Bath
Summary: Why do we feel good about giving to charity when there is no direct benefit to ourselves, and feel bad about cheating the system? Mathematicians may have found an answer to the longstanding puzzle as to why we have evolved to cooperate.

not that anyone cares or that it matters, but my opinion is that anything that touches security is fair game for Friday squid comments section. the fundamental problems on your planet are conflicts of interest. pretty much all of the technical problems can be solved, in an afternoon, by Clive. BLM goes to the heart of the security matter, which is who do you trust to provide security, how do you monitor them to make sure they are doing a good job and how do you correct them when they aren’t. the problem is human factors, not technical factors, except to the extent the technical factors include mistakes and backdoors let in by human factors.

the conflicts of interest with the police can be solved in an afternoon by using their pensions to provide lifetime care for their victims. in this case, the lifetime care will be provided by the taxpayers for the autistic patient and his caretaker.

North Miami Cops Shoot Behavioral Therapist Trying to Help Autistic Patient Who Had a Toy Truck

just another day on the planet of unintended consequences

Miriam Janice Rivers
July 22 at 4:25am · Richmond West, FL ·
All I hear from the news is how my brother was holding a gun; He wasn’t. How my brother was blocking traffic; He wasn’t. How my brother ran away from the group home; he didn’t. How my brother was suicidal; how ignorant! He wasn’t.
He was walking with his caregiver. With his toy truck.
Now I hear the police saying how they wanted to shoot my brother and not Mr.Charles. As if THAT makes the whole situation better. And if that was the case, how come they handcuffed Mr.Charles while he was bleeding from the bullet wound? Also handcuffed my brother. Leaving my brother inside the police car for 4 hours despite all the staff members from the group home informing the police that Arnaldo was Autistic. Instead they just read the “rights” to him.
Now Arnaldo is in Aventura Hospital in the Behavioral Unit. He keeps having frequent episodes of screaming, intense fear and flailing while still asleep. Asking for Charles, crying. He wasn’t eating and he was anxious. Being easily startled or frightened. How can we explain to him what happened? He doesn’t have the capacity to comprehend the gravity of the situation. He has no sense of what danger is! But he understands someone got hurt. He understands Mr.Charles got hurt. Why? Because he kept saying to my mom:”Blood oh no Charles,blood!”In a desperate atempt to explain what he went through. What he witnessed.
In the end I just hope Mr. Charles recovers quickly and stays safe. Him and his family have gone through enough as well. Praying for everything to be settled appropriately.
I also hope Arnaldo heals and forgets what happened quickly. And that my mother can actually have some peace of mind. Even though she is still mortified, perplexed, angry and appalled.
I’m just tired.
But this isn’t over.

see also:

Video: Police body-slam black teacher, tell her blacks have ‘violent tendencies’

‘Is that the way I want my loved one treated?’
At the press conference Thursday, Chief Acevedo began by alluding to the intense national debate over race and policing.
“This is a journey we are in as a community, as a nation,” he said.
Acevedo, who is Hispanic, then offered an apology to King.
“I’m sorry that on the day you were stopped for going 15 mph, you were. . . treated in a manner that is not consistent with the expectations of this police chief, of most of the officers of this department, and most importantly, of all of us as human beings,” he said. “Police officers have a sworn duty to try to calm things down, approach incidents, approach people in a manner that enhances the probability that everyone gets to go on with their day, especially over a speeding ticket.”

Grauhut July 24, 2016 8:08 AM


The most important action will be to make media ask the right questions:

  • Was the police able to reconstruct the serial number of the Glock 17 pistol?
  • To wich original customer was this pistol delivered?
  • Who bought it from whom in order to convert it into a theatrical decoration weapon?
  • Who bought this deco weapon and who remade it working and sold it?
  • Wich dark market was used and wich payment system?

  • If bitcoin, who was in the blockchain?

And no, i dont believe in converted Glocks from eastern Europe.

I think they made the serial number visible and knew they needed a more politically correct story.

Or does Tor Browser log something in a police-readable format recoverable from a disk?

Grauhut July 24, 2016 8:55 AM

New Senate Bill Aims To Restrict Tor Access For Illicit Activities
JP Buntinx July 15, 2016


Thoth July 24, 2016 9:27 AM

How would anyone know if someone is going to use TOR for “good” or for “bad” ? Hmmmm … thoughtcrime prevention ? Minority Report ?

Ohhhhhh…. it all makes sense now … remember most of TOR’s fundings come from the US Government ? Backdoors 😀 !!!!

Winter July 24, 2016 9:40 AM

I have a Manchurian Candidate problem. If this is true, every alarm bell in every TLA should be going off 24/7. It is too plausible to simply ignere. What do you think of it:

Trump & Putin. Yes, It’s Really a Thing

To put this all into perspective, if Vladimir Putin were simply the CEO of a major American corporation and there was this much money flowing in Trump’s direction, combined with this much solicitousness of Putin’s policy agenda, it would set off alarm bells galore. That is not hyperbole or exaggeration. And yet Putin is not the CEO of an American corporation. He’s the autocrat who rules a foreign state, with an increasingly hostile posture towards the United States and a substantial stockpile of nuclear weapons. The stakes involved in finding out ‘what’s going on’ as Trump might put it are quite a bit higher.

Slime Mold with Mustard July 24, 2016 11:00 AM

@ Clive Robinson
1. Could you elaborate “spray and pray” teaching method?

  1. As torturous as drill is, my first year of Latin gave me three free years of straight ‘A’s’ when I switched schools. The method suites tables, declinations and conjugations.
  2. Since only one of the spouses could do graduate work (time/money) and that was her medical school, I undertook to truly master a topic of choice. I chose the Korean conflict (1950 -1953). It took me in the most unexpected directions! I believe it important that every human have an academic project, of whatever ambition, current. It makes us not squirrels.
  3. “Cave” Ha! I have a fair sized home. What were the kids’ rooms are library annexes. Had to implement an “A List Only” policy for fiction. I’ve become a book burner!

@ Dumber Than…
Start here. Search unfamiliar terms and issues. Pick a topic and become a genuine expert. This largely done by reading, but it is critical that you reach out to people studied in the field. It is important that you do this during a phase of research where you are familiar with most terminology and concepts, but not so far that you have firm opinions or fixed ideas. I recommend in person. The research interview is a friendly conversation for the purpose of eliciting knowledge. It makes the interviewee feel smarter. Most people are happy share with people who are open to their ideas. Do not be intimidated by what you do not know unless it is physically hazardous or involves large sums of money. Do, however, learn it.

At this point I feel obligated to point out that I am a security specialist at company that does niche work for financials. I am not an “IT guy”, although they report to me.

Where Is Wael?

k15 July 24, 2016 11:09 AM

Winter, if Trump/Putin was real, why was there no prominent news about it in the primaries? Or did Trump’s daily item of outrage not leave space for it?

Slime Mold with Mustard July 24, 2016 11:24 AM

@ Dumber Than…
Forgot two critical things:

  1. People learn and remember what they care about. I can’t tell you who won an Academy Award or the Super Bowl.

  2. Experimentation. Put what your learning to work as feasible (do not crash your employer’s system!). a) Principles unclear in print often resolve in practice. b) The brain also has a type of “muscle memory”. Working through a theoretical will allow you to tackle an actual with relative ease.

Winter July 24, 2016 11:37 AM

“Winter, if Trump/Putin was real, why was there no prominent news about it in the primaries?”

It has featured in the NYT and WP.
Si, why indeed.

Punkin Papers July 24, 2016 11:45 AM

@Winter, The Dems must be pretty panicked to dig up the moldering corpse of Tail Gunner Joe. The remarkable thing is, they seem to expect people to be scared of Putin or Russia. Imagine if a presidential candidate was an agent for a foreign power that says things as calm and rational as this:

We should be so lucky. The Russians could explain human rights and rule of law to these blood-dripping Cro Magnons that we’re supposed to vote for.

Instead, we get Trump under Sheldon Adelson’s thumb and Hillary with Saudi mole Huma Abedin as her handler (just in time for release of the 28 pages, ace optics!) And whoever gets installed when the election is formally stolen in November, if they even think about crossing CIA, Marine One will throw a rotor and crash ka-FOOM in tragic flames. Look at poor chump Obama, how Brennan keeps him shitting bricks:

If I get to choose between Putin’s puppet ruler and John Brennan’s puppet ruler, I’ll pick Putin’s any day.

Wael July 24, 2016 12:14 PM

@Slime Mold with Mustard,

Good advice to @Dumber than Nick P and Clive Robinson. I’d add the following:

Pick a topic and become a genuine expert.

Yes! Start with depth and that’ll take you to breadth — something about forests and trees. Focus on the flower, then you’ll understand the forest — may take you 10K hours. You’ll need to focus on an area you like: Software, Hardware (Digital, Analog, …), Social, … I believe, for security, an understanding (not only memorization) of the principles is essential. For instance, why Least Privilege, Compartmentalization, Separation of duties, Segregation of roles… work. These topics have been discussed on several occasions here.

but it is critical that you reach out to people studied in the field.

Reach out and challenge claims they make.

Books: There were a few recommendations on this blog. If you care enough, you’ll find them.

WiKi: Take what you read there with a grain of salt — @Clive Robinson maintains the grain of salt RFC exact specification.

General: Always go to the source. Read specifications, don’t adopt someones’s evaluation without checking references. Some comments on this blog are misleading and far from accurate. They have been challenged in the past, but sometimes your words may fall on deaf ears.

General: Don’t resist reading sources that oppose your firmly established beliefs (talking about technical issues, not political or religious, but the comment applies to those as well)

Where Is Wael?

Taking a break somewhere. Unfortunately the sky isn’t clear.

Winter July 24, 2016 12:30 PM

@Punkin Papers
I do not think the Democrats are deperate. I think they do not even k ow what to chose to make Trump sink. Their biggest fear was that he would quit and the GOP would chose a sensible candidate (a low bar indeed).

Even the Republicans do not believe Trump can win

Figureitout July 24, 2016 1:19 PM

Clive Robinson
–Not sure what penny you’re talking about..? You know I don’t like it when you tease me. :p I do know many hams connect their radios to their computers, then do remote in via whatever so they can operate while they’re away from their station.

Didn’t have much thoughts on a GDO (why you ask?), but it is a nifty device. I think we use something like that for an “RF detector” at work. Remember my ADD? Something I’m working on is if I start something, finish it, even if I run into rough spots. I suppose I could…I was wanting to get into one more RF firmware project b/c the dev boards are too good to sit around, do a serial data diode build, try to play around w/ Yardstick One a little (probably going to hold off on that a bit) before school starts and all my personal projects shutdown…

The AM radio “bug” detector did pique my interest so I spent a couple hours yesterday testing that (didn’t have another phone to test). It works, I’m using a La Crosse weather radio, cheap thing. Set to AM, go to quiet frequency, then you have to get the radio within at least 3 or less inches to any kind of electrical device and you hear a very loud and ugly static noise, occasionally what sounds like some kind of clear modulating tones on some devices. One of my LCD’s had a weird signature that you’d be able to pick out among my others. I tested turning off my iPad and seeing if it was still on (I think it still is but you can’t really tell), and I tried it on my phone charger. When you unplug the charger, for 5 seconds or so I guess a cap is still discharging and the noise continues then promptly shuts off. For sh*ts and gigs I did a quick and dirty sweep of my room. :p

The primary use case I see for something like this for readers would be to check that your laptop/cellphone is really off and not transmitting after turning off/removing battery. Of course you could get unlucky if a malware has some preprogrammed random times to transmit and you miss it. Just put it in a static bag and metal box (padded w/ foam for audio muffling) if that’s a problem for you.

Got some pics of the radio internals, this is a very hacker friendly device (but the quality is umm…well basically what you would expect, PCB looks like sh*t, soldering looks amateurish, wires going over chip pins (wtf…), glue globs..). I was wondering if you could help me find the actual detector circuit on the board, I did spot a 1N4148 diode up around the light, as well as some transistors, and a 100K resistor (10K’s are other places), that’s the AM detector circuit I suspect.

Slime Mold with Mustard
–I’m here buddy. Like Linus Torvalds, I maintain that I’m a pedestrian engineer (though hope to be a “10X engineer” someday) and I try to keep my head down and just keep working, hopefully being useful. It’s all a matter of how badly you want to know something, and to know your boundaries/limits.

albert July 24, 2016 3:27 PM

OT or not, thanks for the primer on FM slope detectors. There are much more sophisticated versions out there, but the utter simplicity of this one impressed me.

Now I’ll go back to studying RF communications in the 20-20kHz range. (US allocations go down to 9kHz, but that’s the ‘official’ limit. Hams have already communicated across the Atlantic using code and super power audio amps. Fascinating stuff.

. .. . .. — ….

Smart Phones Inhibit Security July 24, 2016 4:14 PM

The NYT’s reports the chairwoman of the Democratic National Committee is resigning over the public leaking of sensitive emails.
Someone posted Putin was going to do this and was widely doubted here. This follows the similar leaked Sony Pictures emails scandal.
The root cause is because corporate officials did not follow or have in place prudent security measures. One would think so after the 22 million thefts of OPM security background investigations. Or the USA State Department Official for Europe being recorded cursing allies over an unsecure line.
Its ironic Europe trusts clueless Americans with their data.

Why is it we Americans don’t learn from past mistakes?
I’ve noticed that there is an overall laziness of “I don’t care”. Americans want instant gratification of being fed media with zero effort or thought. Not only is this a root cause for security violations, but they make poor students and employees. They are the distracted drivers and can’t sleep at night. They perform poorly in relationships putting their smart phone addiction before the humans around them. Call them out and they get angry, like taking their Bottle away…
Movies theaters have to warn three times for the addicts to turn phones off. Swimming pools warn of children drowning silently while the mom is distracted just feet away.
How many more scandals before we careless, lazy, negligent Americans (FBI quote) become smarter?

Tatütata July 24, 2016 4:43 PM


The frequency modulated sound carrier for the former analog US NTSC system at channel 6 was also right at the left of the scale of the FM band at 88 MHz.

Professional Russian receivers of the 50s-70s were AFAIK well designed (I saw a few of them in a book), and they knew of the value of inserting several RF stages for insulation ahead of the first mixer. I’m skeptical of the value of trying to extract intelligence from embassies by monitoring the IFs or LOs, especially in an urban environment. I may be biased as I grew up in the shadow of a large TV transmitting site that spat out huge amounts of intermodulation and spurious signals of all sorts. It was only when I was in the country that I discovered the joy of DXing without a continuous buzz at the frame frequency all over the place. (OK, there was also the infamous woodpecker, but that’s another story)

In another life I was also a ham. We had a terrible annoyance with a certain make of commercial land mobile radio putting out a spurious signal right at the input frequency of our VHF repeater. We weren’t too sure who the operators were working for, but one day we heard them agreeing to have lunch at location X.

We descended on the place in 15 minutes, and we confronted the fellows who had no idea what we were talking about. But now we knew who they were working for and their cryptic exchanges also became meaningful.

Clive Robinson July 24, 2016 5:42 PM

@ Albert,

Hams have already communicated across the Atlantic using code and super power audio amps. Fascinating stuff.

Look up “Class F amplifiers” with “Class H” power supply modulation. If you do things right you can sum the outputs of a number of such amplifiers using a multi-winding transformer and directly digitaly modulate the output with AM very efficiently. A 10KW QPSK modulated system at ELF “uses the world as the antenna” and submarines can hear the signal at quite some depth as can cave explorers…

Clive Robinson July 24, 2016 6:07 PM

@ Tatütata,

I’m skeptical of the value of trying to extract intelligence from embassies by monitoring the IFs or LOs, especially in an urban environment.

Oh it’s real enough. Back untill the 1970’s valves (yep them glass bottles) some as small as half an acorn were still used for low VHF upwards as the FTs of transistors back then made them unsuitable. Further those delightfull diode bridge and “rat race” mixers needed upwards of 1.5volts into 50 ohms, which if you do the maths is quite a bit of RF power (some even needed +27dbm or half a watt, with -40db leakage from LO to RF port and no real front end that went up the antenna for all to hear).

Have a read of Peter Wright’s “Spy Catcher” you will find Tony Sale got a mention, much to his annoyance, along with a good description of using such leakage by both sides.

Oh fun note even though Peter Wright as MI5’s technical liason informed the CIA about this problem they carried on using “civilian commercial equipment” with these problems for years afterwards (TEMPEST protection for civilian commercial equipment was illegal in the US).

In the end what killed much of it off was the EU and the EMC regulations in the 1980-90s, much to the anoyance of the FiveEyes Signals Intelligence Services, who had been profiting from it due to “third world sales of second hand equipment”, much as had happened with crypto kit from Crypto AG in Zug Switzerland.

Inselaffen July 24, 2016 6:23 PM

You know who’s a shit-for-brains? Thomas Rid, perfesser of security studies. He’s fine with the idea that Russia grabbed DNC sausage-making and election-rigging off a comically inept computer setup. Like all security mediocrities, Rid loves spying. But if instead of using it secretly for subversion, you go and expose malversation to defend the public’s information freedom, then Rid loses his shit. Rid parrots that cherished catchphrase of the bureaucratic mediocrity, Crossing a Red Line. Just like the big shots say!

Ass-kissing worms are made, not born. Rid got his brainwashing as a Western-Oriented Gentleman (wog) at Johns Hopkins and Rand, where CIA sinks the hook in weaklings’ vices and character flaws. And of course in Israel, where the videos of his bestial sex acts are a favorite at Shin Bet movie nights – just in case he ever happens to think for himself, can’t be too careful!

This is what passes for studies. And people wonder why NATO is pancaking like WTC7.

ianf July 24, 2016 9:53 PM

Re: advice to @Dumber than Nick P and Clive Robinson

@Slime Mold with Mustard, Wael,

Anyone, who in earnest is asking how to become an expert (like X and Y, say) is too… immature, to begin with, to understand what s/he’s asking for. Because it goes without saying, that expertise in any field is gained by practice and exposure to problems/ issues arising in that field (preferably under time pressure in the line of duty, rather than during some ever so pleasing hobby activities), and not by reading books or following blogs alone. Wael’s advice to “go to sources” is problematic as wæll, because it presumes a level of insight into sought realm (chasm?) of expertise at which one already is capable to distinguish wheat from chaff without generic strangers’ advice.

    In short: one does not become competent, much less an expert on anything, by pursuing a study course to become one such; that’s at best a road to getting a gig as TV-pundit.

One becomes an expert when one is able to see problems/ and their solutions/ before they arise, and is competent enough to convince the “problem owners” of the existence of future problems (which usually doesn’t work the first time, because of the Not Invented Here Syndrome, but looks great on a CV later on never the less, esp. if listed under subhead: Failures).

One is an expert when others turn to one for advice on how to become an expert, and one is mature enough to tell them not to be asking silly questions.

    Finally, there’s no path to expertise in any field that does not include at least a passing acquaintance with the entire body of literature (and by extension other arts), which one then can mine for analogies, and human interaction methods there recorded, to be applied to one’s area of endeavor. Literature is the carrier of knowledge, and the glue for combining otherwise disjointed pockets of “hardcore” insight into coherent shape. Reading up on hardcore alone, learning by rote, at best leads on to constipation.


Nick P July 24, 2016 10:24 PM

@ Dumber than Nick P and Clive Robinson

Haha appreciate it. Others gave some helpful tips. I should as well. As Clive said, I do read a lot. Actually, I deleted a few hundred obsolete references out of it this week in case anyone remembers me claiming 16,000 or so. That’s just papers over past 10 years or so that I’ve been heavily involved in INFOSEC research. Before that, there were books, conversations with experts, experiments, multiple specialties, and so on. Started as the most slow-learning, green-horn programmer (QBASIC) and hacker (Windows then WebTV then other stuff) to later find high-security the most mentally challenging thing I’d ever encountered. Endless studying, working, and debating followed.

I gotta say upfront though: you will not ever have close to the knowledge Clive or I have. The reason is we’re both savants of some sort. I was at least with my current status being a fraction of the starting point. Thing about savants is nature trades off certain properties for others, especially absorbing tons of information. We’re nature’s intellectual vacuums. Now, most savants will suffer in social life and sometimes physical properties due to different wiring. Combined with a fucked up world & social stuff driving it, I think we’re disadvantaged and continually challenged by it. I’d further say it’s better to not be a savant with our intellectual capacity so much as able to blend, be smart, and have reasonable expectations. So, certainly enjoy the discussions and such you see people like us have. But life is better if you set your sights at just being well-educated and thoughtful with deep expertise in one or more subjects plus a bit in others. That will make you effective, happier, and still impressive to your peers.

So, from there, where to go? The trick is that high-security generalists are in low demand (I’d be rich otherwise). What businesses or even effective FOSS needs is people who are a combo of domain experts plus building/maintaining stuff in that domain plus appropriate security knowledge. We generalists are great to have to play a guiding or support role as we live and breath the shit with mental capacity to absorb and apply a lot of it. Yet, most great work… including much of what I post… is done by one or more individuals with limited expertise just fucking applying it. They can always be closer to ideal, security knowledge but you’d be amazed what one or more people can do re-coding WordPress in a safe language, putting DNS on more secure OS, or adding safe transformations to a C compiler.

All the great stuff starts with someone that simply really understands, not necessarily masters, a subject plus tries to improve something in it thinking carefully. There’s also people like DJB that thoroughly master a subject (i.e. crypto) plus relevant ones, like secure coding or networking protocols, to come up with amazingly, effective results (eg djbdns, NaCl). He might be, probably is, a savant but same concept works for well-educated as I see here and other places. Aim to be these so one day I share your project as an exemplar or at least give you a nod and positive comment for good effort.

At this point, I need to know what specific things you’ve messed with or are interested in to give you guidance on how to get to next level. As a generalist, I might not have great advice on any given specialty. Yet, I’ve studied enough to maybe have some specific ideas for how you can improve your knowledge on that and maybe contribute something meaningful. My suggestions range in effort from small (side project) to large (MS or PhD). I’ll at least read your post and try to suggest something. Also, add if your detail-oriented, strong in math, big on coding, lazy (short-term), or whatever. Helps me filter things. Might throw in some tips on amassing technical knowledge from papers or whatever if you didn’t see my post to Wael about that. Wish you the best whether you reply or not.

ianf July 24, 2016 10:57 PM

@ Wael,
              you’re only saying that because you are a card-carrying member of the Coquette of the Month Club, and “playing dumb” is this month’s command.

PS. regarding your “sky isn’t clear” – I hear that seeding clouds with [redacted ingredient] causes rain (a Russian large-area irrigation method), after which they revert to blue. Just a hint, hint.

Dumber than Nick P and Clive Robinson July 24, 2016 11:15 PM

@Clive Robinson
In my experience with the education system i have met teachers who hate being challenged even when they flat out wrong. When i saw the teacher retaliate it scared the hell out of me. It reminds me of the most important rule in OPSEC: Shut the hell up. Constructive skim reading is something i would have to work on. I always feel that i need to read cover to cover to understand whats going on.

@Slime Mold With Mustard
I have been reading Captain Bruce (the superhero) blog for a while now. If i were intimidated i wouldnt keep checking in.

Challenging claims is important although i found that this is rarely done. Heck, even on things i am confident on it still takes quite a lot for me to challenge the ideas. Its hard changing this mindset. I will focus on hardware that seems to be the next battleground once ME hits all of us.

I dont’t want to be considered an expert, i just want to understand whats going on

Markus Ottela July 25, 2016 12:14 AM


“Unlikely and they have no idea what these are.”

Possible. I’d imagine tape backups might benefit from them.

“other than the binaries are not tampered.”

The major benefit of Python: No binaries to distribute <:

“Thus, only give information you think the users can handle”

Exactly! The tool is only useful if people know how to use it. Security is problematic because there are limitations, not just “how to do it”, but “why it has to / must not be done”. Providing proper use guide is very important.

@crypto advice?

“suggest a reason NOT to recommend VeraCrypt”

It’s not audited like TrueCrypt is. The short guide is, if you’re using Windows, use VeraCrypt as TrueCrypt has a known vulnerability no one’s going to patch. If you’re running Linux and are familar with the concept of password entropy, use a high-entropy passphrase together with TrueCrypt. If you’re using Linux but want equivalent security with a couple of characters shorter passphrases, use VeraCrypt as it has higher PBKDF2 iteration count.

“a search of this forum doesn’t appear to bring up any commentary about VeraCrypt”

If you’re familiar with this XKCD strip, you’re familiar with the idea encryption has alternative attack vectors. If you live in the civilized west, the issue is less about rubber-hose cryptanalysis, and more about remote exploitation. So the script would go–

His laptop’s encrypted, Let’s ask NSA to crack it.
No Good, it’s 256-bit AES!

Blast! Our Evil plan is foiled!

His laptop’s encrypted, add him to GENIE task list that and let me know when FoxAcid
returns the remote shell.
Got it.

Now don’t get me wrong. FDE solves a huge problem of data secrecy as people lose their phones and laptops all the time. It’s just that nation state adversaries (not just US, but other FVEY countries, Russia, China, Finland…) have remote exploitation capability.

But for the most part, the issue of full disk encryption is (aside Android) a ‘solved’ one. Vera/TrueCrypt, BitLocker (hopefully) are good until ‘evil maid’ replaces your bootloader. The attack can be mitigated by verifying the bootloader with TPM (with EFI?) but that can be de-processed by a government agency. Live distros can help here as bootloader comes from ROM but ultimately the issue is adversary might have no accountability for it’s budget, and they might get curious when automated mass surveillance stumbles upon someone who took it as a hobby to build the digital equivalent of security the NORAD bunker has (but with stronger pass codes than 00000000).

So I think users get more security when the focus is on addressing remote attacks. There’s plenty of discussion on that. There’s some good discussion about different architectures (Nick P and Clive?) about “castles” (impenetrable from outside) and “jails” (secure even when threat is inside castle walls) which is a great. One missing piece in it was jail-like environment with no way to leak data (data diodes are the crucial thing here) — I might call them pits/black holes (a system like this proved crucial to endpoint-secure secure chats).

“It’s funny that with all the encouragement about crypto by Bruce and others there’s actually little literal advice for the newbies — Data and Goliath had nada advice on FOSS reliable crypto which was very disheartening”

Bruce indeed does most of his teaching via his books. Data And Goliath has a section on “Solutions [against surveillance] for the rest of us”. It doesn’t have practical guide on how to use privacy enhancing technologies (PETs). That’s the job of the creators of the tool. And I think thats’ a good thing. The “Bruce Schneier of Finland”, Petteri Järvinen has included some tutorials in his books on privacy and encryption, and while they’re quite useful, programs change with every update. The entire content of Data and Goliath will be relevant 5-10 years from now (I’m not expecting major policy changes), the guide on how to create and use personal certificates in Outlook Express in the book by Järvinen, won’t. A good place to look for support on how to use tools is Crypto Parties; A great way to network too.

But to get you started, as a quick reference that also answers your question “What do folks here prefer to use out of the box?”

Quick start

Password manager

Secure communication on mobile
Smartphone encryption, Signal + fingerprint tutorial

Secure communication from computer
Signal Desktop version
OTR-encrypted instant messaging over Tor

Secure email isn’t a good idea as it’s hard to find service providers that don’t ask for payment and allow connection over Tor. Email is not by default end-to-end encrypted and even if you do it with PGP, you have no forward secrecy (when you get hacked, all your past messages are compromised even if you delete them locally) or cryptographic deniability (you create cryptographic proof you’re the author of the message). So use instant messaging tools.

Closing notes:

There’s a ton of variables: the amount of effort you, your peers, and adversaries are willing to put, the choice of hardware, how future proof encryption is required (quantum computers are coming).

There’s no general consensus in infosec community about what is scalable to mass surveillance — if targeted surveillance is filtering you from passively collected stream, MITM attacks, end point exploitation or putting antennas outside your house. No wonder there’s no easy guide to follow.

So I suggest that you start with the guides above, stick around and shoot any questions you might have. The two things that bring me here are the welcoming community and “never being the smartest person”: Expect to be challenged as this community likes to take the right turn.

Dumber than Nick P and Clive Robinson July 25, 2016 12:42 AM

@Nick P
I dont meant to be an expert like both of you and Captain Bruce. I just want to be able to understand.I am more interested in hardware though. It seems like its going to be really important. I’ll take journey one step at a time from python.

Andy July 25, 2016 1:30 AM

An idea I just had for a secure system: proxying a Chromebook over Tor. Chromebooks already have great security, so adding Tor for anonymity would be awesome.

Here’s how it works:

  1. Log in to Chrome OS with a Google account over the clearnet. Harden it by restricting the browser settings, disabling plugins, installing HTTPS Everywhere, installing an adblocker, spoofing the useragent to be the same as Tor Browser’s, etc. Then log out.
  2. Set up a hardened Wifi access point that routes everything over Tor and keeps no logs of devices that connect to it. (ie. Anonabox or similar or DIY.) Connect the Chromebook to this network.
  3. Log in to Chrome OS in Guest mode. Guest mode is a clean slate with no persistence and no contaminating info from your Google account.
  4. Do your secure business. When finished, log out and Guest mode will be wiped clean again.

This would be similar to booting Tails. But the UI in Chrome OS is much easier for beginners. Also, it would be protected from exploits that might otherwise affect Tor Browser or Tails.

Some downsides:

  • The unique browser setup is fingerprintable. It’s risky to use the same setup when logged in to Guest mode over Tor as when logged in to a Google account over the clearnet.
  • No room for error in setting up the Tor Wifi netowrk.
  • The amnesic factor is not as guaranteed as Tails burned onto read-only media.
  • Chrome OS is proprietary software. No certainty that backdoors aren’t present.
  • No secure memory wipe on shutdown to prevent cold booting.

I would not call this setup more secure than Tails. For very high risk users, forget it, go with Tails or Qubes. For average non-targeted people who want some anonymity from mass surveillance and security from exploits, though, I think it’s pretty good.

ianf July 25, 2016 1:37 AM

@ Dumber than Nick P and Clive Robinson:

just wants to understand what’s going on.”

The Donald on TV:

… until we figure out WHAT THE HELL IS GOING ON

Analogy, direct dividend of general erudition. What I said. It’s a matter of time: do your thing, until you become saturated with knowledge, then you can start ladling it out (Clive has the instructions). There are no shortcuts.

Thoth July 25, 2016 2:02 AM

@Rapid Response British Intelligence
Isn’t it bit too late for the “scrubbing” asuming some form of caching already have their data or any nation state or persistent adversary already had whatever they are looking for.

Clive Robinson July 25, 2016 4:29 AM

@ David,

Petition to rename the collective noun for Squid from shoal to squad. What’s not to like?

You realy should not say “What’s not to like?” because some old g1t will tell you 😉

Squid like sharks do not behave collectively but with occasional aligned self interest, that is they are like sharks not orcas, dolphins or wales. Arguably they are as bad at impulse control as baboons and have a side order of cannibalism as well. So something as highly regimented as a squad would not be appropriate as their collective noun. Even gang or pack is not appropriate as they appear not to have a leader but do exhibit some swarm like behaviours.

Clive Robinson July 25, 2016 5:04 AM

@ Markus Ottela,

One missing piece in it was jail-like environment with no way to leak data (data diodes are the crucial thing here) — I might call them pits/black holes

Actually it was there each “cell” of the prison held it’s own CPU and limited local resources of memory and clock. To “pass work” from cell to cell shared memory was used by “letter box access” controled by a Memory Managment Unit (MMU), controled by the hypervisor not the cell CPU. Thus it used the better parts of Virtual Memory (VM) control to implement a secure Inter Process Communications (IPC) process. All the cell CPU saw was in effect was one or more fixed size letter box buffers it could either write to or read from.

In effect it used a cross between the ideas of “Mass Production” using *nix shell / parallel programing idioms to break the program down into tasklets that communicated much like the Sys V streams working on a base crossbar switch in shared memory.

The security came from the design of the MMU which acted like a programable diode. Being controled by the hypervisor not the cell CPU. So the cell CPU only saw the letter box buffers in a fixed position in it’s local memory map, and had no possible way to know where in the system shared memory it’s letter box buffer window mapped.

Europe vs. USA Data Mining News July 25, 2016 6:21 AM

France orders Microsoft to stop collecting excessive user data\

New Autos in USA Automatically Data Mine Owners without Consent

American Wireless carriers expect older auto owners to enroll for data-mining

Slime Mold with Mustard July 25, 2016 8:03 AM


Point well taken. Trying to impress a prospective client, as I wandered into his office, the CFO says “Here’s our security guy, he knows every way to cheat or steal”. I replied “Damn it, John, the day I tell you I know everything is the day you need a new guy”.

You may note that nobody ever calls themselves an expert. At most they say ‘I am considered expert’.

I was careless. You called me on it. Thank you.

wanna_some_input July 25, 2016 9:13 AM

@Andy wrote:

“2) Set up a hardened Wifi access point that routes everything over Tor and keeps no logs of devices that connect to it. (ie. Anonabox or similar or DIY.) Connect the Chromebook to this network”

a) Is Anonabox available in big box stores? Regardless, how might one prevent interdiction of such a product?

b) DIY- Might something like this work:

wifi Network sharing (laptop B) — ethernet cable — (laptop A) running tails (tails wifi) — cellular modem

c) Any input would be appreciated.

d) Would major providers of software updates be likely to allow security updates
to a device via tor routing?

wanna_some_input July 25, 2016 9:21 AM

@Markus Ottela and others

Thank you for your efforts to make this stuff understandable for us 99%ers

CallMeLateForSupper July 25, 2016 9:35 AM

Bruce is on Motherboard:

“Like data privacy, the risks and solutions are too technical for most people and organizations to understand; companies are motivated to hide the insecurity of their own systems from their customers, their users, and the public; the interconnections can make it impossible to connect data breaches with resultant harms; and the interests of the companies often don’t match the interests of the people.”

Read that again. Companies are motivated to hide insecurities; companies’ interests diverge from users’ interests. Bruce is correct: the fox cannot be trusted to secure the hen house.

Andy July 25, 2016 10:50 AM


“a) Is Anonabox available in big box stores?”

I don’t think Anonabox is in stores. No info on their site about it. Not sure.

“how might one prevent interdiction of such a product?”

It depends, but if a person’s threat level is high enough that their packages are at risk of being interdicted, then this system probably isn’t for them. That person has bigger problems and should use Tails. Tails on a USB or DVD bought in a store with cash is nondescript and unlikely to arouse as much attention as purpose-built products like Anonabox.

“b) DIY- Might something like this work:
wifi Network sharing (laptop B) — ethernet cable — (laptop A) running tails (tails wifi) — cellular modem”

Do you mean this:
Chromebook -> laptop B with Wifi sharing -> laptop A with Tails -> cellular modem -> Internet

That probably would work, but it seems complex. And if you’re going to be using Tails anyway, then why bother with all this to set up an anonymous Chromebook? Just use Tails as it was intended and forget the Chromebook.

A simpler DIY setup:
Chromebook -> machine sharing Wifi, running Tor, and directing all traffic through Tor -> Modem -> Internet

There are tutorials on DIY Tor Wifi access points, most involving Raspberry Pi: 1, 2, 3.

“d) Would major providers of software updates be likely to allow security updates to a device via tor routing?”

I don’t know, good question. I guess you mean updating the Chromebook over Tor. There’s potential for malicious exit nodes to tamper with the updates. If Google allows it, I’d trust them to verify updates properly. But other providers might not do it right, I wouldn’t feel combfortable updating Android over Tor.

Wael July 25, 2016 11:31 AM

@Dumber than Nick P and Clive Robinson,

Challenging claims is important although i found that this is rarely done.

It’s rather common. Start challenging, regardless!

PS: I suggest you pick a different handle. Something more positive such as “Smarter than ianf” 😉

Markus Ottela July 25, 2016 1:46 PM


“An idea I just had for a secure system: proxying a Chromebook over Tor. Chromebooks already have great security, so adding Tor for anonymity would be awesome.”

Chromebooks are like GMail, secure from hackers but not private from Google/government.

Furthermore, the Chromebook is everything a government watchman could want—even without Google Apps data and Gmail, it could give those with network monitoring capabilities a way to pinpoint the location of a credential-holder via 4G wireless (thanks, Verizon).

Set up a hardened Wifi access point that routes everything over Tor and keeps no logs of devices that connect to it. (ie. Anonabox or similar or DIY.) Connect the Chromebook to this network.

Stay away from Anonabox. Run Tails on any generic laptop and you’re much more secure than with Chromebook and Anonabox.

Also Qubes requires a ton of RAM. It’s definitely not for the average netbook.

wanna_some_input July 25, 2016 2:25 PM


Thanks for your fast response and links.

I have never used a Chromebook but I appreciate the fact that you and Bruce (in his Ruin Podcast he recommends, I think, Chromebooks for dissidents).

I haven’t worked with with a Raspberry Pi yet.

Regarding below, please substitute, for “Chromebook”, “Chromebook, iOS, Microsoft OS, and/or other OS”.

Regarding your input (edited):
“A simpler DIY setup
Chromebook -> Tails machine sharing Wifi, running Tor, and directing all traffic through Tor -> Modem -> Internet”

I haven’t tried that, and I assume it is consistent with sharing Tails’ wifi. I also assume you are implying a ethernet cable between the “Tails PC -> Modem” above.

Because of a MiFi modem (without an ethernet port) the setup of interest is:

Chromebook -> machine running macOS, linux, or BSD sharing wifi (with an ethernet cable connection to the Tails machine) -> Tails machine directing all traffic through Tor (with a wifi connection to the Cellular Modem)-> Cellular Modem -> Internet”

On this blog I have learned that Opsec is hard and from a Opsec standpoint this potential design might suck. Regardless, I have grown to like Apple hardware, little snitch, running VMs in Virtualbox, and Apple corporate polices.

One design goal is to sort-of trust the security update provider and their signing process (or whatever), but not much else for security updates. Of course, numerous hardware and software substitutions could be made in an attempt to harden things.


Many elderly can “readily” navigate Tails, at least compared to some
other OSs. In addition, I like the ease of downloading, and trying to verify, an updated DVD about once a month.

Gerard van Vooren July 25, 2016 3:07 PM

@ Wael,

PS: I suggest you pick a different handle. Something more positive such as “Smarter than ianf” ;)”

Do “we” need someone smarter, as in more assertive and punctual, than ianf? The goal can be set much higher than that. Why not smarter than Wael? Or maybe even better why not smarter than “myself”, for the poster I mean. (I think I better quit now 😉 )

Gerard van Vooren July 25, 2016 3:20 PM

@ Wael,

The final line should be: Or maybe even more challenging why not smarter than “myself”, for the poster I mean.

Wael July 25, 2016 4:09 PM

@Gerard van Vooren,

Smarter than me? That doesn’t set the bar too high. Lol 🙂

Nick P July 25, 2016 4:22 PM

@ Dumber than

“PS: I suggest you pick a different handle. Something more positive such as “Smarter than ianf” ;)”

I second that one. I get it was a complement but it does look like I’m insulting someone at very start. Should focus on individual asking like “How to be better/best at hardware or security”

re “I just want to be able to understand.I am more interested in hardware though. It seems like its going to be really important. I’ll take journey one step at a time from python.”

Alright. Well, you can certainly do some good in that area even if you do nothing but port what old commercial or state-of-the-art academia do into FPGA’s or ASIC’s. It is the most important area right now given most software, security issues trace back to fact that hardware is intrinsically bad at preventing, detecting, or containing them. I’ve been forced to absorb tons of shit about digital and analog hardware without enough time to learn to use it. I see the opportunities & issues, though.

I’d say where to go at this point depends on your ultimate goal. If you want to understand it fully, then you’ll have to learn digital and analog electronics. If just at gate & digital level, you only need to learn digital. Note that the I/O blocks are usually mixed signal that contain both types of circuits. If doing ASIC, probably need to learn both unless you can partner or contract out analog parts. If just FPGA, esp on pre-made kit, then digital will mostly be fine.

For digital, you should get a book on digital design with Verilog or VHDL. Learn both but I can’t say which is best first. Verilog seems more popular. Make sure the book tells you how to go from abstract state machines to mealy/moore state machines to gates. It’s the main way you do it manually. Read papers on so-called C to hardware or C to Verilog systems to see other ideas for going from algorithm to circuits. Experiment in a good, Verilog simulator so you don’t break anything if that’s even possible (idk). Get the “high-speed, digital design” book plus one on verification with good reviews that covers at least formal, equivalence and gate-level testing. Learn to use logic analyzer or whatever to verify the waveforms since the tools screw up. Once comfortable with Verilog concepts, switch to a tool like Chisel HDL (Java) or MyHDL (Python) to get some benefits of high-level language. Pick at least one FPGA book that has examples that look useful and let you learn incrementally. Also, Google around for differences between doing FPGA and ASIC HDL code so you can make your designs work on both. Free papers exist. Get at least a Spartan6 so available logic slices don’t hold you back.

For analog, I’m still working on that. It either has no shortcuts, nobody tried to create them, or I just haven’t found them. Wael sent me electronics kits that have common components & use battery to avoid power management (or electrocuting you). That’s nice. However, Chris Gammel’s approach of mixing top-down and bottom-up seems to be best one I’ve seen based on user feedback. It’s a paid course that’s a series of lessons and projects using open-source KiCad. Wael’s recommendation of Malvino’s Electronic Principles was a good one as it keeps things simpler than many books with useful heuristics. Older copies can be dirt cheap. Regardless of your approach, there will be lots of trial-and-error with a learning process that takes patience and significant amount of time. So, if you’re learning digital + analog, I recommend you do them in parallel while beginning analog as soon as possible. Digital, since you’re mainly coding or mastering techniques, will get you the continuous highs that will be a break from painful analog learning. Analog’s highs will be better given you worked hard for each of those successes even if just a PCB with some blinkenlights. 😉

Once you know enough digital, you can try to build some CPU’s. Even embedded. Start with a Forth processor or Wirth’s stack machine as they’re simple. Then you add some security (eg memory safety) or availability (eg triplicated CPU’s w/ voter logic) to it. At this point, depending on analog skill & money, you can design your own usable CPU with RTOS or ucLinux port on FPGA or ASIC with shuttle run. Do a RISC processor next like DLX. At some point, do some accelerators for simple compression, encryption, or A/V codecs to get an idea of how custom HW benefits you. Your final goals at this point might be (a) designing a full SOC w/ CPU, I/O, accelerators, and better security; (b) improving whatever OSS CPU (eg RISC-V Rocket) is most mature with better features or security; (c) improving or even designing OSS HW tooling for PCB’s, digital synthesis, verification, and so on as it all needs work (shit, even UI improvements go long way); (d) working on dedicated tooling for highly correct or secure hardware that’s easier to use than prior work but will need formal methods experience for this probably (Haskell’s pretty solid though & Bluespec is Haskell). Note that a parallel track exists where you might explore general-purpose analog computing of which there’s a few examples & basically no interest despite their promise of insane performance/power/transistor ratio for niche applications (eg math coprocessors, neural netowrks).

Far as security, it’s a process with a few elements. I’ll start on it but others can chime in given this is a brainstorm. The safety or security of a system requires you to understand how the system itself works abstractly, understand it’s implementation with associated risks, understand how people will use (or abuse) it, be able to express a clear policy for how that should work safely/securely, and convincingly argue it will via design and/or mechanisms. Your tools are learning domain knowledge, experimentation, documenting/testing any assumptions about what’s already there, methods to clearly specify requirements/design, architecture/structure in your code/hardware that keeps interactions few & simple to ease analysis, re-use of any battle-proven techniques/code/HW-blocks, simple implementation techniques subjectable to any automated analysis, careful inspection for quality at each of these steps, testing of each function (esp interface testing!), and where secrets are involved covert channel analysis to find leaks. And watch out for physical attacks, administrators, or TEMPEST-related issues. You’ll learn that stuff latter, though. 🙂

Far as books or guides, I’d start with this a summary or reminder of steps I listed in process with focus on EAL5-7 parts. The best, generalist work is still Security Engineering by Ross Anderson. Code Complete book is great on proper coding. Art of Testing covers much of that. Write Portable Code is self-explanatory but gets you quality benefit where different compilers catch different problems. Plus avoids lock-in. SPARK knocks out defects in software with static, memory allocation whereas Rust catches dynamic and concurrency issues. Use static analysis and fuzz-testing of your interfaces where possible. If you must use C, follow coding guidelines from secure or safety-critical communities. For HW, use their equivalent of these with high-level HDL for ease-of-use and always stick to synthesizable subsets to avoid useless hardware. Use mockups in languages like Haskell, ML’s, or Java to leverage their security-analysis tools & techniques to spot issues before conversion to HW. Example are Haskell’s QuickCheck or Java concurrency checkers. If you get EDA access, use Synopsis Design Compiler for behavioral synthesis, Mentor Precision for logic synthesis, and Mentor Calibre for physical checks as it’s most, common combo for successful ASIC’s. Can’t say best or good due to NDA’s but I see it a lot. Try Qflow as it’s OSS flow. Also, remember you can always google “vunerabilities in (tech/product here)” or “secure coding/implementation/considerations of…” to get a quick idea of problems and solutions.

Note: If you request, I’ll post some PDF’s of various hardware modifications for safety or security plus maybe robust, hardware methods to give you an idea what approaches you might take. Once again, Wael had some good advice that the best method for a hobbyist is probably whatever one is simplest to implement. We can always stop the other threats later while using software protections in meantime. So, maybe most expensive (in SW) or memory-safe defenses first.

You need to maximize your mind to be effective, too. Important considerations are ability to work with people, communication/persuasion, logic, statistics, creativity, intuition, philosophy and ethics. For people, I recommend Goleman’s Emotional Intelligence to understand how it works & why it’s important. Put it to use with Carnegie’s How to Win Friends and Inlfuence People + Van Fleet’s Lifetime Conversation Guide. Cover lots of ground. Plenty of books or free articles on clear communication or persuasive writing a Google away. Learn to spot logical fallacies more than anything else although formal logic can help with formal verification later on. I had Capaldi’s Art of Deception for that. Find a great guide on statistics & research methodology given they’re basis for most stuff you’ll believe. Then read “How to lie with statistics” cuz most will be bullshit. Creativity training is really about verbally or visually looking at information in different ways to see connections you might have missed. Michalko’s Cracking Creativity had many techniques & is probably cheap by now. Intuition is your brain’s muscle memory which can be trained as taught in works like Intuition at Work. Philosophy just opens your mind up and teaches you to ask the right questions. Empiricism & skepticism are also foundational in science with wisdom to learn exploring those. Ethics and continuous introspection will help you decide who you want to be and how you will make the hard choices hopefully before you run into that.

So, there’s some resources. Hit me with questions if you have any.

Dirk Praet July 25, 2016 7:30 PM

@ Andy, @Wanna_some_input, @ Markus Ottella

Set up a hardened Wifi access point that routes everything over Tor and keeps no logs of devices that connect to it.

What your describing is an Onion Pi. You can build one yourself or buy it from Adafruit. Quite handy when you’re on the road. An RPi based Whonix Gateway would be interesting too, but I haven’t looked into that yet. Another option is an OpenWRT Tor transparent proxy+bridge. Those who wish to avoid Linux can go with BSD-based pfSense, which you can also set up as Tor proxy.

Also Qubes requires a ton of RAM. It’s definitely not for the average netbook.

Not just a ton of RAM, but also quite specific hardware to make full use of all features. They kinda promote the Librem 15 open source laptop that with 16Gb of RAM sells for 2,168 USD. That’s not really cheap. Debian-based PureOS also has Tor pre-installed. And have you tried the latest Subgraph OS alpha yet?

Thoth July 25, 2016 7:52 PM

@Dumber than …
For a soft start (for less painful learning), you might consider one of the following practical activities to get started with:

  • Write your own cipher library for learning how algorithms work.
  • Write a password manager or fils encryption program in Python. You may use OpenSSL or other crypto libraries off the shelf.
  • Write a file shredder software. You may use the shred command found in GNU utility tools. This allows you to understand how filesystems and hardware level can make ahredding a pain.
  • Write a simple web server (you may include SSL support from OpenSSL) to understand the impacts of networking protocols and theie security.
  • Write an experimental secure file transfer and secure chat program to understand how to better secure network traffic.

  • Write a secure data exchange (for calendaring, contacts, internal memo, notes) portal to run off a RaspberryPi. For additional difficulty, the portal needs to run off a secure web session. For even more difficulty, the crypto of the portal server should be provided by an off-the-shelf smart card over PKCS11.

  • Write a simple smart card applet in JavaCard with accompanying client API for PKI functionalities.

  • Design and implement a secure chat and data exchange portal on a ARM based SOC chip of your choosing.

I have given some practical ideas for implementations rating from the easiest at the top to the most difficult below. It is no point just ranting about security and not get your fingers and brains moving so a little practical will help you a long way. It is up to you to choose something to do or you can choose your own implementation and ignore mine above which is also fine.

Main thing is to get up and start moving as that’s the only way to start learning and being more capable on security.

Thoth July 26, 2016 7:12 PM

Throwing SMS authentication and 2FA shouls have happened a long time ago just that Governments take too long to respond appropriately.

As US NIST attempts to discard SMS 2FA as an insecure authentication option, Singapore’s National Authentication Framework attempts to force citizenry to register for SMS 2FA but gave already faildd a couple of times and extended the deployment time for a “Smart & Secure City” project for a few times to see it fall on it’s knees.

Some good reasons to abandon SMS 2FA is the messages can be intercepted due to weaknesses of SS7 and the fact that there are so many malware for smartphones these days that can read your SMS 2FA and possibly even coordinate real time with a malware C&C.

The better authentication method is a physical token of like an OTP token or a PKI token (i.e. RSA SecurID token) but that means people have ro carry more token. Another authentication method would be to not host the authentication on one’s premise but to rely on more trusted parties (i.e. banks and financial services) that have already issues tokens out to their clients and then collaborate with the banks for authentication and identity management along the lines of OpenID.

Another existing but less frequently used method for national level authentication is to leverage the telecom’s control over the SIM card for secure identity (GSMA has a working document on secure ID via SIM card) but this require telecom involvement to implement the GSMA API onto their SIM cards and maintain a database.

The less secure but more common options would be software identity (usually installed into a phone with TrustZone-enabled ARM chips) but not all phones may have TrustZone if it is an older version of ARM chip.

Thoth July 26, 2016 8:35 PM

@Nick P
Blackberry seeks to be CC EAL 4+ certified. I wonder when Samsung would step up it’s game tobout itself at a higher EAL rating and also capable of Confidential security classification. Samsung could have cleared that but I guess they are hilding back a lot of evaluations for some reason.

I am guessing a higher EAL or security rating might mean they have to face a more stringent export control rule.


ianf July 27, 2016 4:42 AM


‘The graveyard of the Earth’: inside City 40, Russia’s deadly nuclear secret

    Ozersk, codenamed City 40, was the birthplace of the Soviet nuclear weapons programme. Now it is one of the most contaminated places on the planet [2.5x the level of Cherbobyl] – so why do so many residents still view it as a fenced-in paradise?

[…] Frustrated by increased airport security checks, actor Maurice Micklewhite has decided to replace his birth name with his showbiz moniker for good.

    An airport security guard would say, ‘Hi, Michael Caine,’ and suddenly I’d give him a passport with a different name on it,” Caine said. “I could stand there for an hour. So I changed my name.”

Kim Kardashian West’s posting of an audio recording of her husband’s call with singer Swift discussing his song Famous may violate California wiretapping law.

            wannabe off-grid afficionados here will surely want to read more about one family’s radical agenda for “self-sustaining” life in Costa Rica that will include, anong its other philosophies, “non-assisted home births and keeping the placenta attached instead of cutting the cord. Adele’s advice is to sprinkle the placenta with salt and flower petals and cart it around, like a macabre saline drip, until it drops off naturally. We’re talking placenta, the original comfy waterbed we were aghast to leave for the first 9 months of our lives, people!

    (Barbara Ellen’s comment: Any pregnant women who would like to practise this technique could perhaps rustle in the bins at the back of Sainsbury’s for some out-of-date mince.)

ianf July 27, 2016 6:16 AM

[Borderline OT, am clearing out Guardian-extracts backlog, and rest assured that I already was EXTREMELY VIOLENT with ✂️.]

[29dec2015] The 75 films we’re most excited about in 2016

    Oliver Stone’s biopic of the NSA whistleblower… Joseph Gordon-Levitt takes the lead, with Shailene Woodley as his girlfriend, plus Tom Wilkinson, Zachary Quinto and Melissa Leo as the Guardian journalists and [Laura Poitras] to whom he first told his story.

    #75 “David Brent: Life on the Road”
    Ricky Gervais is returning to the tragicomic creation that originally brought him fame for this look at Brent’s post-Office private life.

How the [IP wireless] internet was invented
In 40 years, the internet has morphed from a military communication network into a vast global cyberspace. And it all started in a California beer garden

    (Some new intel in that piece. Also, there were six of them in that garden, and a woman-keyboard operator. Nobody cared to remember her name for posterity.)

[15july2016] Who is the real Theresa May? Six writers on what her cabinet says about her

    How should we interpret the UK new prime minister’s first cabinet? (You’ll be surprised).

France’s Saip emergency smartphone app failed during Nice attack

The Secret Agent: ​a timely BBC adaptation of Joseph Conrad’s novel
As Conrad’s 1907 novel screens, Mark Lawson hails a prescient masterpiece that has shaped depictions of terrorism and espionage.

    (Nominally a review of a remake of a twice-filmed novel, this article carries a pretty comprehensive list of all important terrorist/ spy-theme English novels and films to date. The fin-de-siècle Joseph Conrad was the first to take up two since then all-important trends in literature: colonialism as seen by the colonized; and terrorism as weapon of imaginary instant progress.)

Curious July 27, 2016 10:00 AM

I guess what I don’t like about password software, is that it all sort of hinges on trusting the software, something that is totally not necessary if you can just write it down on a piece of paper, and trusting software for storing passwords seem imo silly given how far a vulnerability would reach (world wide presumably).

I guess one thing that might improve security with a password software, is that it might perhaps help in making sure you are typing in a password into a legit password field, for the authentic web page (is this true with password software?).

I also guess that using password software, US government will maybe try argue that passwords aren’t even private information when doing that.

Thoth July 27, 2016 11:24 AM


“I guess what I don’t like about password software, is that it all sort of hinges on trusting the software, something that is totally not necessary if you can just write it down on a piece of paper, and trusting software for storing passwords seem imo silly given how far a vulnerability would reach (world wide presumably).”

I assume that’s for the LastPass case. They keep passwords for users which is a taboo to any security aware people. So what if the passwords get encrypted on the user side, I wouldn’t trust it.

If the password manager software cannot be audited or have a backend server beyond your reach (for auditing and control), it must never be used as it’s considered compromised. If you can audit the codebase (small codebase with couple of class files) and you kind of trust it, it’s all good. I code my own password manager (couple of iterations since many moons ago) and consume them myself so that removes the problem with the “trust” portion. Of course not everyone can design and code their own security software or build their own security hardware so you have to look for open sourced auditable ones with small and easily auditable codebases.

All these assumes you are not paranoid about running them on your Intel machine (hello Intel ME 🙂 ) or maybe a nice option would be to use a hardware based password wallet of sorts like creating a password manager app for Ledger Blue and Nano S programmable personal security devices.

Some would advocate not storing passwords as it creates a “put all eggs in a basket” scenario but equally for the use of a personal password derivation technique from some favourite words or the likes, all it requires is the leak of such a personal password derivation technique as it also resembles a “put all eggs in a basket”.

The better option would be to move away from passwords and use things like FIDO enabled tokens although the problem is only Google’s browser seems to be supporting FIDO despite a ton of big companies and organisations have already pledged support. Uptake of FIDO based authentication is still a little slow.

“I guess one thing that might improve security with a password software, is that it might perhaps help in making sure you are typing in a password into a legit password field, for the authentic web page (is this true with password software?).”

It can be done. Some password managers also have the option to help you key in the password on your behalf when you click on the browser plugins to insert the password for the webpage.

“US government will maybe try argue that passwords aren’t even private information when doing that”

If they want to take down someone, they won’t need to bother to argue at all. If they want in, they are in. It’s all some theatrical show and political play just to boost their image.

Clive Robinson July 27, 2016 11:39 AM

More troubles with HTTPS

This attack that works on the three main PC OS’s has just poped up on my radar,

It will be shown at Black Hat,

Basically it alows an attacker to get the full URL which is problemattic for a number of security services. Not sure how bad it actually is I shall have a think about it later over a cup of the hot brownian motion generator 😉

Jist Curious July 27, 2016 1:45 PM

Aside from someone gaining actual physical access to your computer, how secure are Firefox bookmarks? Is their any way — other than an already-installed extension which uses the Bookmarks API — for any website to be able to read them? My (perhaps flawed) understanding is that no browser would allow a security hole like that, but I’d like to hear from the security/privacy experts.

ianf July 27, 2016 4:30 PM

      [ Not trying to reheat a 5-day old topic, but know no other way to say it than to say it out loud ]:

    @ Sad Kuwaiti Incubator Baby, Thoth,

    The slain journalist Marie Colvin family’s attempt to sue Syria for alleged targeted artillery assassination is beneath contempt. Whether we like it or not, a civil war is raging there, and every resident faces the same risk of death or personal injury. Unlike locals who can but stay put and endure, the foreigner Colvin infiltrated herself into the war zone for professional gain – what was she thinking, that nothing bad could ever happen to ENTITLED HER? She already lost an eye in another armed conflict, was she drawn to violence like a moth to the flame, a war press-corps groupie?

    I saw Colvin’s sister on TV paying lip service to “also 60000 dead Syrians,” but Marie was “her mother’s daughter,” hence implicitly somehow special. Nothing will bring her back, and, had family wanted to honor her memory, they’d find a constructive way to do so. Instead, they chose a prolonged legal tussle over intent with the shelling that killed her: was there a artillery piece with Marie’s name on it?

      The only practical outcome of that will be lawyers getting fat, while search keywords “Marie Colvin” forever will be tarnished with the sore proxy loser-loser suit that’s being pursued in her name.

    @ Clive Robinson July 24, 2016 12:35 AM

    […] “… enough on Radio theory as @ianf will complain I’m off topic by to greater a margin or some other heinous crime 😉

    When have I EVER said anything critical about your obvious expertise in matters analog-digital-electronic-military-mystic-fill-in-missing? I’ll tell you: NEVER.

    Besides, I do not complain, I occasionally deliver valuable, primarily methodological, feedback that you should, and usually are, happy to receive—if merely as a token that (however badly ad-hoc-interpreted) “you are being criticized, therefore you ARE alive” – as good an life-affirmative yardstick/ dipstick as any.

    [2] “During WWII many SOE and other radio operators were found by the German Radio Security Service, not by them transmitting, but by Direction Finding the local oscilator leakage that could be received many hundreds of meters and sometimes several kilometers away.

    That’s interesting. I had the impression that that homing in on wartime underground transmitters was achieved by triangulating what in popular WWII history books was called “carrier wave,” is it the same oscillator leakage we’re talking about?

    Later, @ July 24, 2016 2:00 AM

    Clive Robinson […] “As for books, I have a dead tree cave with several thousand books in (about 20,000 pounds in weight so it’s got floor reinforcement). It’s neither portable or replacable as most of the books are long out of print.

    Nominally, I ought to be envious, but somehow I’m not. In fact I pity your coming despair what will happen with your beloved library after you’re gone. For that same reason I am trying to wean myself off physical books. I only have 3000 books or so, partly in the attic and at another place, most of them non-fiction/ lit.crit and related, and no more than 2 shelves worth of computer books (half of them barely read). At least most of your books are of reference type, hence usable still for some years to come.

    However, unlike you, who, I presume, has a permanent place for them, I intend to move elsewhere in a few years time, and so already have begun to thin out my collections. And here lies the problem: I find it extremely difficult to find anyone who’d be happy to take them off my hands for free, no need to be grateful, nor asking me questions. No younger relatives of mine are the least interested even in eye-opening fiction and polemics by famous authors (I have to assume they will be as they get older, as I did, too).

    They simply are of a generation that doesn’t see a home full of bookcases as something natural, if not satisfactory by itself. And possibly they are right, because I now, too, find ePUB a overall better carrier medium for content (even if the readers still are not perfect), than physical volumes. Albums, etc., that’s a different story, and possibly easier to donate to public libraries. I keep imagining living in some abode that’s devoid of books, and it frightens me.

    Previously there was no alternative to printed books, so we had no choice. But now there is, and I, for one, do not intend to fight the direction in which book publishing is going. The lopsided world that we live in, however, means that for the moment it’s usually far cheaper to buy used trade paperbacks & have them air-freighted to me, than get same titles as DRM-ebooks to iBooks or Kindle Reader (sad but true). So any new used book that I buy cheaply off Amazon I now treat as a read-then-dispose-of-it-in-a-public-place item… may it please a new pair of eyes.

    OK, enough for one night with these my #firstworldproblems.

    Everything Xen July 27, 2016 7:32 PM

    This vulnerability is probably the worst ever seen affecting Xen and it was introduced 7 years before its discovery. As demonstrated in this blogpost, it is exploitable and a code execution within dom0 is not so difficult. There is probably other possibilities than patching the vDSO page, for example Shangcong Luan has decided to target the hypercall page [6].

    Originally this second part should have been the last one… but we recently found a new vulnerability allowing a guest-to-host escape. The related advisory has been publicly disclosed yesterday (XSA-182 [9], CVE-2016-6258 [10]), and a future blogpost will describe how we managed to write a full working exploit. Stay tuned!

    Clive Robinson July 28, 2016 2:36 AM

    @ ianf,

    That’s interesting. I had the impression that that homing in on wartime underground transmitters was achieved by triangulating what in popular WWII history books was called “carrier wave,” is it the same oscillator leakage we’re talking about?

    Yes it’s the same oscillator in some cases but as with all things security it’s a bit more complex than a simple yes no answer. Carrier wave or CW is a generic term that is context sensitive. All it realy means is a radio frequency (RF) signal that is radiated, generally not modulated, unless you are talking about modulation in which case CW is short hand for Morse Telegraphy (confused?). Thus carrier wave referes to both the intended transmission of the morse signal as well as the unintended RF leakage from the oscillator in the receiver.

    You need to look up Geoffrey Pigeon “The Secret Wireless War”, which contains the background to how the “Spy sets” came to be made and where, along with information from those involved. You can also find some documentation for some of the spy sets online now as they were declasified a few years ago.

    The early sets needed to be small enough to carry and the thermionic valves (tubes) at the bigining of the war were large and circuit design was shall we say a bit primative and not what it was in later years. Thus circuits got simplified to get the set into a suitcase and this caused problems due to lack of issolation, shielding etc. One problem was the use of the same oscillator for transmit as for receive that got switched between the two.

    Radio operators were found by the fact that their transmissions though short gave the German radio service Direction Finding (DF) teams sufficient time to get their first “cocked hat” or generalised triangulation on the operators location. If the operator did not move location then the DF vans would be waiting for the next transmission, where they would get within a few hundred meters. It was at this range that the German DF vans could receive the actuall oscillator leakage in receive mode thus had much more time to move in for the capture. The parlance for this three stage process is “Find, Fix and Finish”.

    A good operator would move regularly and know how to make the signal difficult to DF. However as you will find in Leo Mark’s biography “Between Silk and Cyanide” SOE radio operators lives were needlessly endangered by the use of “Poem Codes” which were forced on SOE as a result of turf wars in Whitehall.

    There were two problems with Poem Codes, firstly they were by no means secure, the second and most deadly was they had to be around two hundred charecters long to get any kind of security. At six words or thirty letters per minute sending a message was a lengthy proceadure, which gave the German Radio Security Service plenty of time to do the Find and Fix stages whilst others did the Finish. Which in some cases was the Gestapo, before the concentration camp and gas chamber (look up Noor Inayat Khan, who’s agent name was Violette Szabo, or watch the film “Carve her name with pride”).

    ianf July 28, 2016 3:25 AM

    @ JP … where the Internet is goingJust reading the name Yochai Benkler was enough to pick my interest.

    How so… not exactly a household name in Internetty context. Perhaps explain what makes the gent worth our time. I agree that it was interesting, not least because it was a asynchronously & own-pace digestible transcript of a podcast, and not merely a full attention requisitioning audio message (I can only assume they bother with podcasts because recording of a live conversation, then transcribing it with some adaptations for print, is a altogether simpler/ less expensive form of content production—talk comes cheap—than were it commissioned as a coherent source essay instead. Plus, they have subscribers with lengthy commuter journeys ahead, where they can half-sleep while being massaged with opinion via earputs). Also appreciate the doggy watching dogs on Fuckfacebook, a nice play on the famous Peter Steiner’s “on the Internet nobody knows you’re a dog” 1993 New Yorker cartoon.

      That said, transcribed talks may be cheap to produce, but the messages they are to convey risk drowning in wordiness. I’ve read most of this one, but have yet to discover its challenging where the Internet is going bit. I’ll end now before I drown myself in the soothing timbre of my own doing.

    Clive Robinson July 28, 2016 6:11 AM

    @ Wael, ianf,

    Let’s confuse him more 🙂

    I think I’ve just done that 🙁

    I was mobile when I was tipy tappying me reply to him, and in reading your comment, I noticed I’ve mucked up the last part –in brackets– of the last sentance due I assume to interupting my train of thought / editing when undergoing a change of mode of public transport.

    Noor Khan’s agent/cover/radio name was Madeline and her “official fate” was she was shot in the neck and cremated. However the usuall practice befor and after her death at “Dachau” concentration camp was “slow hanging”. Violette Szabo was another unfortunate SOE wireless operator with the initial agent name of “Louise” who was shot in the neck at “Ravensbrück”, and her story was told in the film and book “Carve her name with pride”. Worse perhaps was the deaths of other SOE women such as Cecily Lefort, who was transfered to “Uckermark” where she was put in the gas chambers. There were reports that some other female SOE wireless operators and operativez were burnt alive in crematorium, what the truth of this is I’m not certain, but the barbaric practice of tourturing with branding irons and the like was well known as were other grisly practices.

    Miraculously some captured SOE agents escaped, one Odette Sansom, remarkably managed to survive through Ravensbruck concentration camp despite the purge after the allied landings.

    I could give more details of the “missing in action” SOE wireless operators, but suffice it to say Leo Marks blaimed those in senior postitions in Baket St and the in fighting with the older Secret Service later known as MI6. My own involvment with various parts of the UK IC in the at one point or another last century, makes me think little had changed over the following sixty or so years, there were to many Oxbridge types with the sensabilities of “Eaton Nappy Boys”.

    JG4 July 28, 2016 7:13 AM

    can’t recall if I posted this before or not, but it is a gem

    the term of art is “full spectrum dominance”

    Clive’s mention of the secret wireless war reminded me of this

    Secret History of Silicon Valley

    Thanks to whoever posted the Wired documentary on Shenzhen. The depth and width of that supply chain is going to challenge the usual full spectrum dominance. And the number of heads, hearts and hands willing to work against weaponization of IP is going to be interesting, as they say across the big pond.

    Jist Curious July 28, 2016 11:36 AM

    Question upthread still unanswered. Extensive metasearch-fu provides about 30 bazillion irrelevant “results”, most of which are trying to sell me a password manager. So let me be a little more specific:

    You go to a site’s login page containing a form asking for UID and password. Rather than typing them in, you execute a Firefox bookmarklet that fills them in on the copy of that page that is displayed on your computer, then manually click the submit button.

    Obviously, this is insecure if someone other than you has physical access to your computer. If they do not, HOW can anyone remotely “read” your bookmarklet?

    (Assume that your bookmarklets are original, never synced/imported/exported/published/etc., and that you have no extensions installed which use the Bookmarks API. As for physical access, assume that the computer is an armored non-WinDUHs box in the 24/7/365 possession of the owner, and that the owner 24/7/365 packs a comped .45 and has shown absolutely no compunction in the past about blowing holes in people large enough to pitch a medium-sized cat through.)

    I would be grateful for any technical replies, even those involving, say, spherical cats in a perfect vacuum.

    ianf July 28, 2016 11:44 AM

    #WTMI Alert, Clive!

    “Yes|No” would have sufficed; yes-but-no-but is Vicky Pollard’ish overkill. Do remember that I have no intention of attaining a Clive-class level of low-level expertise, and that no others, bar that Dumber than fella, expressed a misguided interest in that.

    That ticked off, I couldn’t help noting that teachers of young Clive (yes, I find it hard to imagine as well, but you were a blank-slate zygote once), no doubt out of Victorian prudishness, failed to tell you the proper Latin name for CW Morse Code: Transmitus Interruptus (and I beg Wael to hold the sophomoronic smirks as well).

      My teachers didn’t hold back; on the other hand they had us disassemble a old radio and then measure i/o and classify each valve’s characteristics. I could have told them what Peggy Sue told the back-to-the-50s class nerd in that her movie “algebra won’t matter,” only that script was yet to be written.

    Thanks for the book tips; afraid won’t get hold of Geoffrey Pigeon’s “Secret Wireless War,” (found same-title GCHQ history by Nigel West); but both Leo Marks’ own, and 2 biographies of Violette Szabo are within my biblio-reach. BTW. you mixed her up with Noor Inayat Khan, another SOE operative who died in Dachau… DEAD OR ALIVE, A GENT DOESN’T DO THAT TO NO LADY!!!

      [Addendum post your premature chest beating over allegedly having managed to confuse me: I told you earlier that, in matters of Holocaust, you are a dilettante. It now seems you also have convinced yourself of, that “captured female SOE agents were singled out for Sonderbehandlung” (=”Special Treatment,” a term that happened to be the official Nazi euphemism for mass murder [plural], genocide, and annihilation of the Jews). Alas, no, they died mostly as any other KZ lager inmates, which of course doesn’t diminish their stature, but also is not a license for embellishing their suffering as you appear to be doing:
      there were reports that some other female SOE wireless operators and operatives were burnt alive in crematorium, what the truth of this is I’m not certain, but the barbaric practice of torturing with branding irons…

    This is getting morbid, but the degree of your dilettante approach can best be summed up by this: burning anyone alive in a crematorium would have necessitated binding the person to the oven “bedstead” with textile or leather straps, which were more valuable in wartime than humans. Similarly, you must’ve confused branding of cattle with KL-tattooing of Häftlinge-numbers, undertaken on arrival and still in relative “tranquility.” Some prisoners were indeed tortured, but the methods used were either public beatings, or incarceration with no food or water to prolong that individual’s terminal suffering. By KZ standards, most any AngloSaxon prisoner was treated in kid gloves—so don’t kid yourself.

    @ HeKnowsHo: Confusion attempt

      – detected
      – thwarted
      – recorded against.

    JP July 28, 2016 11:47 AM


    Bruce has mentioned Yochai Benkler in this blog a few times before, like here or here (also many others). His description of the evolution of the Internet presented in the podcast reminded me of Bruce’s Feudal Security post a lot.

    I admit there’s not too much about the future of the Internet, only that the companies that hold the power will keep barring entry to this select group. I can’t blame them for not trying to predict technology advances too far ahead. Whenever we humans try that we usually fail miserably and end up saying stupid things like “640 kB should be enough memory for anyone”. Still, I liked their assessment of the past and ad-revenue fueled present of the internet.

    I also liked that there’s a transcript for the podcast. I’m not a native english speaker and translating while listening is a lot harder to me than simply reading an english text. (Harder by itself and yet harder to me due to a bit of hearing loss).

    Curious July 28, 2016 1:20 PM

    @Jist Curious

    Interesting. I didn’t think about that. Makes me wonder if maybe it is possible to even remote control the use of someone’s password manager. shrugs

    Curious July 28, 2016 1:22 PM

    I remember being at an office once and the person I was having a conversation with was at a computer, and as I was talking I had to point out that I noticed how the cursor on the computer screen was moving around by itself. 🙂

    Thoth July 28, 2016 7:51 PM

    @Nick P, Clive Robsinson, Markus Ottela, Figureitout, Dirk Praet, Anura

    UAE forbids usage of privacy tools and proxies in updated law. VPN, TOR, I2P … anything secure is now illegal in UAE with this update of their anti-privacy law.

    It’s about time we need to strongly consider how we want to obfuscate secure communications and access via commonly available security protocols that are much harder to censor (TLS) as an obfuscation layer to carry the actual encrypted payload inside the obfuscation tunnel to attempt to evade Deep Packet Inspection.

    Whether the UAE can fully enforce the ban on secure and private communications and access is one thing, having a list of different technical solutions is more effective than to rely on lobbying groups and international pressure (or lack of).


    Scott "SFITCS" Ferguson July 28, 2016 9:47 PM


    I still say that UNTIL Huang & Snowden come up with something that CAN BE put up to debate, we’d at best be speculating – and then to what NIL purpose and effect?

    I’m having trouble parsing your logic. The project plans I linked to clearly show that they want to modify an iPhone so that it can be monitored for spyware that transmits location data. I don’t see how speculation is required. Bunny has a well documented ability to design, produce and market electronic devices.

    Clive has suggested that it’s entirely feasible to detect transmissions (legality of modifying an iPhone to do so aside). – though the discussion has taken a tangent towards detecting mobile phone transmissions.

    Thoth raised the interesting question of whether it was possible to avoid being targeted by artillery directed by detection of data transfers/mobile phone usage – which is distinctly different to targeting a phone which has had spyware installed.

    (Just as you admit to be doing in the case of the lawsuit

    No. That was sarcasm. I can only apologise for the confusion my thoughtlessness caused you.

    —which I understand isn’t so much “Bunny’s” as the Electronic Frontier Foundation’s, on his and Matthew Green’s behalf

    Then we are not in agreement. :/

    – unless we’re talking 2 different lawsuits, which I have yet to research in shallow depth.

    In lieu of which your conclusions are, perhaps, premature. 🙂

    Let’s say the lawsuit and the MIT announcement are somehow connected in time and intent – so, yes, AND?)

    Unnecessary speculation aside, if the lawsuit succeeds then Bunny will be able to research the viability of producing such a device for sale/distribution.


    My apologies ahead of time for this division on semantics, but if I commandeer your car without sitting in front of it… is that car jacking or car hacking?

    cron is a program that schedules tasks. Using it, atime, or a java gettime function, to schedule a task is no more modifying something than driving your car or using a fork to hold food. i.e. using something for it’s intended purpose != modification.

    My apologies if I’ve somehow made that seem like “hacking” (or as you seem to be alluding, “cracking”).

    I have no idea what you mean…. :/

    r July 28, 2016 10:31 PM

    The jig is not up, not by a long shot.

    Since I’m out in the open and left-over meat (mutton), I’ll humor you.

    Modifying a transmitter’s controller, beit hardware or software beyond it’s intended (private property (eg. not yours)) to me is still hacking.

    You think modifying your bosses cron job is not hacking? Try it out, I bet you get prosecuted.

    If I take a hack-saw, mind you; and lower the legs of your chair.
    Have I not modified it’s original form and purpose? Have I not hacked off your legs?
    Have I turned your sitting chair into a “lawn” chair?

    Think about it.

    The division in lines you see about ‘cracking’ and ‘hacking’ are quite literally, ALL OVER THE PLACE. And I don’t mean the internet.

    I mean linguistically:

    Cracking Software and Cracking Passwords are not the same thing, yet cracking software is literally what hacking is (or was) before some dimwit got his hands on a white hat and labeled it ‘cracking’ due to trespass?

    Now, even login hacking – attempting logins is classified as cracking by you sissies.

    A password cracker is more like john the ripper, a password hacker is more like a seasoned veteran guessing your pants size.

    Is it just a little convoluted in here?

    Again, I state: cron is but one target, if that is your limited scope so be it.

    Lastly, about your question/comment to @Thoth let me point out that…

    “which is distinctly different to targeting a phone which has had spyware installed.”

    No, I believe the intent of the device they are developing is to not catch known software-malware but potential hardware-malware. While it would catch software based run-of-the-mill things it stands a much better chance at verifying the security of devices which may have their hardware subsystem and transmitters directly compromised.

    Not indirectly co-opted by software you or I can finese out of a network packet, executable or gif.

    r July 28, 2016 10:38 PM

    @Scott Ferguson,

    Also, please note that by your logic someone who accesses your computer through rdp and then ftp’s your ~ to wikileaks: is also not hacking.

    They used things exactly as intended, just without authorization.

    And, I’ll laugh when they modify your cron jobs to do it.

    r July 28, 2016 10:45 PM

    @Scott Ferguson,

    All of that aside, I think it’s funny nobody ever asked crackers how they felt about being re-labeled hackers and vice versa.

    It’s utter insanity the can of worms the PC (politically correct) crowd continually opens up.

    cracksaw July 28, 2016 10:54 PM

    You tell me.

    Can you grok that you’re not modifying cron but cron jobs?
    Although… you could modify cron too.
    You’re also not modifying the antenna, you’re stimulating 😉 the repeater in the cross-link to @Clive.

    Do you use a cracksaw on pipe?

    A hacksaw, is for quick-dirty-modifications to alter functionality.

    Cut your teeth on that.

    Thoth July 28, 2016 11:52 PM

    @Scott “SFITCS” Ferguson

    re: Authoritarian regimes finding and murdering journalists in cold blood.

    It is one thing to be able to hack a device and if anyone realizes, hacking a mobile device is just a means to an end … which is to destroy the perceived threat … which is journalists (whether they are gossip news or factual reports).

    What is the use of intelligence gathering if you cannot use the intelligence to your advantage. Thus, this draws the interesting question of asymmetric transmission techniques (e.g. using a sacrificial phone to send a recorded audio at a distance within a pre-determined time frame).

    The reason hacking techniques and SIGINT exist is to allow decisions to be made over the information. Using directional tracking techniques to locate a particular mobile phone or smartphone is just a means to the goal (e.g. capturing a jouralist, arresting a perceived criminal via Stringray …).

    I have given a sample asymmetric transmission technique above albeit it’s rather incomplete.

    The same technology that the militaries of the world are using to tap into opposing armed adversaries in the past and present are current used by the same Governments against civilians (esp. journalists). With the corrupted Governments having decided to use military-like force and techniques against civilians and to pre-judge them and even execute them without a trial, techniques in the civilian world have to evolve to cope with military-like threats targeted at them instead of just becoming sitting ducks.

    The only way to cope with these SIGINT techniques taken directly from military operations or modified from military purposes to suit the convenience of corrupted civilian agencies, the escalation of just using encryption algorithms for TLS or Signal apps to more advanced higher assurance techniques to cope with military-like threats have to be in place (without breaking too much laws 🙂 ) to protect oneself at the very least.

    Thoth July 28, 2016 11:53 PM


    re: Yubikey

    I don’t use them and thus I can’t comment much. All I know is they are a JavaCard smartcard chip (likely NXP’s chip). Your question is very generic as well. What aspect of Yubikey do you like me to comment about ?

    Thoth July 29, 2016 1:08 AM


    Messengers are hard to shoot for malvertising. It is a market/business sickness that has deep roots. Ads are something that get cash for big companies (e.g. Google) and small companies. I have talked to online content providers (i.e. authors, bloggers …etc…) and despite knowing the risk that they are exposing users to random malvertising risks via their ads program on their blogs and webpages, they still insist it’s their revenue and income and they feel very stronger against plugins and tools that prevent ads. Although these content providers I spoke with (casual lunches and dinners over tea) understands the risk of their actions, they felt they have no choice as they are simply providing the ads as they are required via scripts provided to them by ads provider that pay them for displaying ads.

    Furthermore, there are no regulations to handle malvertising and to attribute responsibilities (e.g. fines or jail terms) unless the culprit behind the malicious malware is caught.

    What is needed is to make the chain of people involved and to issue out varying degrees of punishment according to their roles in direct/indirect malvertising. That is to presume the Governments bother to do anything but the current trend seems to be rather relax in most countries with the Governments not really doing much to stem off security breach responsibilities and some Governments are even known for introducing vulnerabilities to international and national security standards and destroy trust and security of the ordinary people.

    How are we going to better secure ourselves in the light that the Governments are not being effective (and at the same time also being aggressive and suspicious of their own citizens) ?

    We have community supported microkernels that are still not in a production state with consumer level security microkernels and security hypervisors not easily accessible to ordinary civilians (and also very expensive). Do we trust Qubes that uses a large TCB hypervisor that is not proven to be secure (Xen hypervisor) ?

    Hardware protection can be a tricky thing which range from the outright GOTS stuff inaccessible to civilians (i.e. Secteria secure phone and AIM crypto chips) to very expensive secure hardware like the traditional HSMs and to the lower end but cheaper smartcards and TPMs which have problems with accessing secure display and input that other more expensive solutions provide.

    Schemes to segregate one’s lifestyle and to have a few sets of computing equipment for different purposes are one of the most common methods available. That is as much as most of us can afford (if we can buy a few cheap computers or from a recycling center).

    The general state of security and security assurance (secure coding, code verification, tiny TCBs …etc…) are still having trouble going mainstream. One good example is the microkernel concepts that have been around for ages but have not really taken off due to lack of interest and the dominance of Micr0$0ft, Apple and Linux in the general computing space and the Governments’ constant meddling in security via export control which prevents ownership of higher security hardware.

    Dirk Praet July 29, 2016 5:09 AM

    @ Thoth

    UAE forbids usage of privacy tools and proxies in updated law. VPN, TOR, I2P … anything secure is now illegal in UAE with this update of their anti-privacy law.

    I saw that passing by too in my RSS feeds. The entire thing seems pretty technically illiterate. I wonder if they are really aware that most expats living there (which is the majority of the population) are using VPN’s to access corporate networks or to work around Netflix content restrictions.

    Anyone aware of any recent progress in network steganography protocols?

    Thoth July 29, 2016 6:07 AM


    We can only imagine the worst and prepare for the worst. It’s really about a game of evading capture and being caught when one has to operate off a human rights-less land thus all protocols for secure communications and tunneling should be as robust as possible to remove trials of suspicion as much as possible.

    If steganography is used, make sure the adversary cannot easily fish out the encrypted data hidden within the steganographic material and for the handling of keymats, always assume that they have the aid of US ICs backing them a little 🙂 .

    This is where the paranoid methods of keymat handling that me and @Clive Robinson have mentioned before comes into use.

    One interesting side channel steganography I have in mind is for both parties to negotiate not just a key during a physical meetup but to take a photo (of something random). The message sent should be smaller than than the photo (but not to worry as most digital photos are huge in size these days with all the craze for HD images).

    Encrypt the message and then play around with the light and dark of the image or something along the lines of controlling the contrast or some tone that should be subtle to the human eye.

    To communicate the encrypted 1s and 0s, everytime it’s a 1, darken it a little and every time it’s a 0 make it lighter (the altered image should not be too obvious to the human eye). Destroy the original image. If it’s stored in a MicroSD card, take a drill or a sharp point and a heavy object to shatter the flash IC chip and due to the IC chip being very small, you can safely discard it in one place as long as the destroyed fragments are smaller than 2mm x 2mm in small as per NATO sanitization methods for TS and above classified media (if I remembered correctly).

    ianf July 29, 2016 12:17 PM


    Following up my earlier OT literary note on the 1907 senseless terror novel “The Secret Agent,” I found this review-essay on how prescient Joseph Conrad really was, how his then-conclusions apply to recent events in the world:

    […] a telling insight about contemporary terror attacks, to be seen less as political acts than as violent adolescent look-at-me-on-YouTube tantrums

    Enjoy, ‘possums! Barefaced Audacity and Childishness of a Peculiar Sort.

    r July 29, 2016 12:48 PM


    Given the size of those files, I don’t believe the down sample from raw or the raw itself doesn’t have artifacts from the camera itself or the camera firmware downsampling that wouldn’t be destroyed or create detectable interference through the ‘princess and the pea’ concept. I’m uncomfortable using direct to disk camera images for subchannel communication, in my opinion edited (blur radius, edge detection, text-modified (think meme) ) images are a safer route (just not when shared publicly). But, you’re most definately right about using images and sound files as PSK’s. Especially where the original is kept for comparison or a logical (xor, or, and, nor???, nand???) style base (bitrot == deniability).

    I think this is a large part of the reason the image comparison and search sites are used and are useful.

    That malvertising campaign above made me especially nervous post-hoc as I just got a new credit card and registered it with paypal, this livecd has been in suspend on and off for a couple weeks and it’s a full-root penetration distro (not to mention out of date (@Bruce & anyone else who may be Browser &| TLS Fingerprinting))… I should’ve rebooted prior but it could’ve been too late. The market penetration of such a maligned scheme could’ve gone 4d in all of our faces (especially those with phones on their LAN and not practicing isolation).

    Of note, I am going to be purchasing some fun hardware soon. Assuming it isn’t pre-rooted (or interdicted (go-ahead, you’ll find that I love you (maybe sometimes love-hate))) these specific type of concerns will pretty much be a thing of the past.

    But yeah, I’m a huge fan of microsd too. I purchased a bunch of 128mb from a random cellphone store to use as a removable /boot. My fascination with them runs far wide and deep2. To be considered, non-micro sd’s should be considered also vs the assumed time envelope of things like IME, and where /boot is concerned a BSD style kernel could fit onto a 4mb? one (that’s going waaaay back).

    Tethered bluetooth with live heart-rate or voice input can be security enabling too.

    I think boot password prompts should have an ASCII escape/buffer overflow for the [re]adjustment of keys. I wouldn’t mind having a competition to find the smallest possible ascii shellcode and escape for popping a ramdisk’d kernel sh+expr/dd/etc.

    Welcome to the deep state, everything is deny-able.

    ianf July 29, 2016 1:17 PM

    @ Scott Ferguson, who “is having trouble parsing my logic.

    Please accept my so-so compassion on account of your, let us hope transient, intellectual malfunction. I experienced no such “troubles” – you were/are decisively trying to make me agree to something or other that, in the overall context of things, carries no importance (other that you’d manage to make this someone agree). You have studied some preliminary paper of a conceptware, and, not finding everything there to your liking, elected to make a fuss about it.

    My calls to wait until we see something palpable, some reference design to judge and opine about, were brushed by you aside in favor of engaging NOW in “speculations as to the relationship with the inventor’s recent lawsuit against the USA government;” which, on second thoughts, and because they did emanate from you, must indeed have been all that counted.

      Does that my agreement with your stance satisfy you, or are there any boots anywhere I could spit-lick-polish in penance?

    r July 29, 2016 2:39 PM


    It’s funny you picked up on that ianf, the reversibility reimplementation and repurposability of technology is exactly why I (personally) quit contributing ‘projects’ and minor “hacks” to the outlaying world.

    @Apple, Sony

    How’s it feel to get your inner workings probed by the masses and maligned? It’s something you’re going to have to learn to live with. IMO it’s better to keep your research under lock and key than to facilitate WMDs but w/e, to each his own – we can’t protect ourselves from unknowns.

    Any good idea (or information in general), or even just technology is nothing more than a virus. It will infect you, it will infect your friends, your family, your children. Once it gets out there’s almost no stopping it. RESPONSIBLE DISCLOSURE IS THUS PARAMOUNT.

    For some things (in reference to humanity and society), it’s not responsible to disclose them at all. Certainly, I don’t believe Apple has such interests – they should love the attention and jump at the chance to partake in the revisionists nightmare of audit-release-audit. Why else would they have 74.6b(circa 2011) in reserves?

    Feed the children?

    I still don’t know who to attribute this to but:
    “God gave us geometry but Mathematicians gave us the bomb.”

    Clive Robinson July 29, 2016 8:58 PM

    @ ianf,

    I do wish you would grow up and stop accusing people of things. Because it becomes embarising correcting you.

    With regards your comment,

    Similarly, you must’ve confused branding of cattle with KL-tattooing of Häftlinge-numbers, undertaken on arrival and still in relative “tranquility.”

    No, the Gestapo used for the purposes of tourture a hot iron applied to the back near the spine. This information is recorded in the UK and US archives, if you wish to go and look them up.

    As for your “and still in relative tranquility” comment, I would hardly describe the methods of capture, tourture and transportation of women SOE radio operators as “tranquil” in any way. Likewise as you chose to broaden the subject range those of others.

    However it’s interesting to note that whilst you mention the extermination of people clasified as jews, you repeatedly fail to mention others such as communists, Russian’s those of physical and mental disability and the many more that the Gestapo and SS got their hands upon and mistreated or encoraged others to do so in various ways.

    Further you accuse people of your own failings, it’s not just silly it’s abrasive, like quite a number of your other remarks to other posters. Why you wish to behave in such a maner is a matter of conjecture, which I will leave to others to form their own opinion of you.

    Nick P July 30, 2016 8:09 PM

    @ furloin, Dumber Than

    The reply on HW architectures is in newest, Squid Thread here. Posting the link here in case you’re still looking at this one.

    Figureitout July 30, 2016 11:29 PM

    –Key words being “for the purpose of committing a crime or preventing its discovery”

    You have to get caught first.

    And instead of very similar medium (protocols over internet) I’d prefer some others to actually have some choices besides radio and internet for worldwide comms (oh and couriers you pay to fly a message to your buddy across the world, and mail via barges or private planes or submarines).

    The only reason world isn’t falling apart is complexity of attacks to be “100% undetected”.

    Leave a comment


    Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

    Sidebar photo of Bruce Schneier by Joe MacInnis.