Skeptical August 5, 2016 4:51 PM

FireEye reported quarterly sales figures that missed its own projections. The company also announced layoffs.

Interesting is the company’s explanation. As reported in a Reuters article:

Mandia said that was due to a shift away from previous years where there were large numbers of state-sponsored espionage hackers from China attacking customers in the United States.

FireEye and other cyber security firms said in June that cyber espionage attacks from China appeared to have dropped this year as the Chinese government made good on a pledge with the United States to stop supporting the digital theft of U.S. trade secrets.

Signs of progress in the effort to establish certain standards of conduct – at least by state actors – in the global marketplace.

Also, perhaps, an indication that, under some conditions in a world of vulnerabilities, the threat of a good offense can sometimes fill the gaps of a weak defense.

One might guess that the institutional resiliency of developed democratic states is a formidable advantage here.

Banana Republic USA August 5, 2016 6:19 PM

Boneheaded insistence on Russia Did It doesn’t just help with your warmongering. It also diverts attention from the all-important question of who’s got dynastic successor Hillary Clinton by the short-‘n-curlies. Enough “Yes they did, No they dih’nt, Did too, Nunh-uh! Oh yeah?” and in all the commotion, nobody thinks to ask how Hillary’s server wound up at Platte River Networks.

Talk about a well-resourced adversary. So just in case anybody was worried about electing a bloodthirsty bug-eyed harpy, you can chill, because she’s never going to be anything but a puppet ruler. All the CIA slush-fund corruption, all the national-security compromise and treason, it’s all in good hands.

tyr August 5, 2016 6:54 PM

I’d like to thank our host Bruce for the priceless
comedy routines that appear here now and again.

The best ones are uttered with a pompous dignity
unmatched in the annals of political discourse.

All that and some good information about security
too, all in one spot for free (barring the odd ISP

Thoth August 5, 2016 7:12 PM

@Banana Republic USA
Just throw Hillary Clinton to jail already for all the deliberate mishandling of nation secrets.

Oh wait … she’s Mrs. President and cannot be violated. Hmmm…. She can do what she wants to do. Including leaking all secrets of USA to Russia and China.

Grauhut August 5, 2016 7:23 PM

@Thoth: You missed the best, “HRC is payed by Wall Street and therefore too big for jail!” 😀

cyberflatus August 5, 2016 7:53 PM

Oh no, not again, time to shovel the shite. In skeptical’s delusional bassackwards world, US threats brought China to the negotiating table. When China got fed up with TAO sabotage and took 22 million blackmail-ready dossiers on Federal officials, that didn’t figure in at all, no sir. The public humiliation caused the US to regress to blowing shit up in August, but the US can’t intimidate the PRC, so the US had to use their words, wincing from the butthurt on their Sagami Depot sphincter.

Skeptical shares the beltway fixation with bilateral negotiations, and naturally can’t comprehend that this bilateral joint statement pushes the US back to multilateral development of norms explicitly based on that US bête noire, human rights and rule of law. The UN’s working draft for norms comports with the Cybersecurity Strategy of the European Union in requiring compliance with the UN Charter and the ICCPR, binding treaties that the US government is constantly trying to worm out of.

The SCO has the initiative here, as the working draft is their “Letter Dated 9 January 2015 from the Permanent Representatives of China, the Russian Federation, Tajikistan, and Uzbekistan to the United Nations Addressed to the Secretary-General,” A/69/723, January 13, 2015. The letter specifically affirms the ‘important role of the United Nations in formulating international norms.’ NATO meanwhile is off in the corner circle-jerking onto their Tallinn Manual, which eccentrically tries to apply jus ad bellum to ICT, ignoring state responsibility for internationally wrongful acts, the legal basis as agreed by the UN GGE.

So once again, what we see here is the SCO curbing US threats to peace with necessary and proportional countermeasures. As US standing trickles down their leg, the international community goes ahead and makes law for grownup countries.

herman August 6, 2016 12:52 AM

Drink it??? One of my uncles sometimes wrote letters with squid ink and a porcupine quill – just for fun.

Scott "SFITCS" Ferguson August 6, 2016 1:15 AM

Recent security news that doesn’t appear to be covered:-

  • Joey Hess has started a new coding project, for keeping keys “safe in the cloud”. Keysafe.
  • Chaos Key, the solid-state random number generator is now available for purchase. Schematic, Hardware, Firmware. Developed by Keith Packard and Bdale Garbee.
    “Plug ChaosKey into your (sic Linux USB bus)system and the driver will automatically add entropy into the kernel pool, providing a constant supply of true random numbers to help keep the system secure.” Debconf video.

r August 6, 2016 1:29 AM

@Scott “SFITCS” Ferguson,

Nice find, I was considering something quite a bit simpler for like SMALL truecrypt images of a set of bookmarks/private keys to be accessed from live cd’s.

Very nice, I’m going to dig through that. With the two/three thing he’s using what the hell did he do split a key into 1/2 then xor them for the third peice?

I’m interested how he got that to be ‘scalable’ (more than the 2/3 xor trick), not the tunable encryption he mentions.

Will definately be checking that out for remote storage of things, hopefully participation explodes.

Scott "SFITCS" Ferguson August 6, 2016 5:05 AM


With the two/three thing he’s using what the hell did he do split a key into 1/2 then xor them for the third peice?

No. Shamir’s Secret Sharing, and only 2 shards are required.

Note: this is still “it may run over your dog” code and he’d like expert review.

Thoth August 6, 2016 5:06 AM

@Scott “SFITCS” Ferguson,

The security of keysafe hinges on the strength of the password used to derive the encryption keys for the key shares. Most passwords have low entropy and thus the strength of the password derived key has also the weak entropy. SCRYPT and Argon2 are used to transform a weak entropy password and also make it harder to bruteforce but essentially, the worry is the “What-Ifs” for the encrypted key shares by a weakened entropy password derived key. No matter how the password is delayed and stretched to form the KEK key, it is much to be desired for a stronger and higher entropy key preferrably not derived from a password to be used to wrap the key shares.

My scheme below only does very little modification to keysafe but provides an exponentially higher margin of security and also includes a Two Factor Authentication method to ensure that the KEK key used to wrap the key share is not password derived (weak entropy) and uses a CSPRNG or TRNG.

The modified keysafe scheme assumes that the random sources (/dev/random, /dev/urandom Windows CNG and CAPI or even a cryptographic TRNG dongle) are untainted and provides strong randomness without backdoors.

1.) Generate a 256-bit key from the random source and this key would be the Root Device Key (RDK). The RDK would be stored in encrypted form in a portable device (smartcards, portable HSMs, TPMs, TEEs or even a normal flash drive or MicroSD card). This forms the 2nd Factor in the 2FA as well.

It can be represented as:


2.) The RDK would be encrypted and MAC-ed with password derived key. The password, representing the 1st factor in the 2FA would be Argon2 transformed to yield the password dervied encryption key. The password derived encryption key (PDK1) would be hashed with SHA-256 to yield the 256-bit HMAC-SHA-256 MAC key (PDK2).

It can be represented as:

PDK1 = Argon2(Password)
PDK2 = SHA-256(PDK1)

3.) The RDK would be encrypted by the PDK1 and then encrypted RDK would be MAC-ed via HMAC-SHA-256 with PDK2. The MAC is stored after the RDK. The encrypted RDK curity terms).

It can be represented as:

BlackRDK = HMACSHA256(RDK2, Encrypt(RDK1, RedRDK))

IsMacAuthenticationOK = HMACSHA256(RDK2, BlackRDK)
…RedRDK = Decrypt(RDK1, BlackRDK))
…Return False

4.) Keyshares are derived from Shamir Secret Sharing as per the original keysafe.

5.) Every key share is protected by a Key Share Wrapper Key (KSWK) which is used to authenticate whether the key share shard is tampered and also to unwrap the key share shard. Key Share Wrapper Keys are deterministically derived from the RedRDK to bind the RedRDK’s security to the key share shard’s security. This would enable the 2FA necessary to unwrap the keyshare shards residing across different servers.

To derive the Key Share Wrapping Key but also make it hard to determine the RedRDK in the even the Key Share Wrapping Key is compromised (and thus the other different key share groups protected by the RDK), The RedRDK would be SHA-256 hashed and then concatenated with the hash of the keyshare’s name and then hashed with SHA-256 again to produce the KSWK. The hashing of the RedRDk, then hashing of the name and then hashing of both the hash of the RedRDK and the hash of the name is to ensure that working backwords to find the RedRDK is a very difficult task by the virtue of the hashing being cryptographically secured one-way hash.

It can be represented as:

KSWK = SHA-256(SHA-256(RedRDK) || SHA-256(Name))

6.) The KSWK would be used in the raw form as the wrapping key to wrap the key share shards and hashing KSWK with SHA-256 would yield the MAC key to MAC the wrappted key share.

It can be represented as:


7.) The wrapping and MAC-ing of the key share shards should be done by first using a symmetric cipher to encrypt the shard and then use HMAC-SHA-256 to MAC the encrypted shard to yield the MAC code which is appended behind the encrypted shard.

It can be represented as:

WrappedShard = Encrypt(ENC-KSWK, Shard) || HMACSHA256(MAC-KSWK, EncryptedShare)

8.) When decrypting and authenticating the shards as untampered, the reverse is done with checking the MAC code of the WrappedShard before decrypting the Shard.

It can be represented as:

IsMacAuthenticationOK = HMACSHA256(MAC-KSWK, EncryptedShard)
…Shard = Decrypt(ENC-KSWK, EncryptedShard))
…Return False

The above scheme provides much higher cryptographic security than the original keysafe scheme by requiring the possession of the BlackRDK (what you have) and the password (what you know). The BlackRDK is equivalent to a master key of sorts and should never be uploaded online and be carried on person used in a secure environment while the WrappedShards can be highly important keys but are considered “black keys” or “inert” in a sense as they are unusable by the virtue of them being wrapped by a KSWK derived from the RDK.

Jacob August 6, 2016 6:22 AM

@ Anonymous Cow – This Company Has Built a Profile On Every American Adult

This may explain why I have been repeatedly asked by a company called Scarborough Research to fill out a very long and rather intrusive questionnaire. It started with a letter asking me to go on line to fill out a survey, and a follow up letter when I didn’t respond. Another letter, this time with a one dollar bill, and a promise of $10 if I would fill out a 54 page form. A couple of more letters each accompanied by a $1 bill, and the promised payment is up to $20.

There was no specific reason given for the survey, just that “You can make a difference”. There was the usual “your privacy is important to us”, “Scarborough is a research company and will never try to sell you anything”, and “We do not sell or share your personal information to others for marketing purposes”. That last one made me wonder for what purposes they WILL sell my information. $20 is a lot to pay out for one response, and if they will pay me that much, they are obviously getting a return.

The survey included to usual questions about what I buy and restaurants I go to, but there were a lot of personal questions such as if and how much I smoke, what health insurance I have, my income, the value of my home, the car I drive, how much beer, wine, and liquor I consume, specialties of doctors I have seen, the operating system of my smart phone and computer, and so on. It is a very comprehensive survey, and if I filled it out would give them an extremely accurate snapshot of my life.

Anyone would have to be an idiot to participate in this. I kind of liked the persuasion though, a $1 bill to make me feel as if I owe them something, and a $10 or $20 reward if I respond.

r August 6, 2016 6:59 AM

@Scott Ferguson,

That’s fair, I just lost one of my dogs last month too – so the last thing I’d want is for that to happen.

I wasn’t going to look at it for others, considering my reposting the UEFI thing you pointed out that I pointed out I’m hardly the go-to person for something like that when I can’t even read. But again, thank you for posting it, both.


Thank you for your hardening recommendations. 🙂

JG4 August 6, 2016 7:22 AM

I’m too lazy to look up who posted the awesome material/links about Elsevier’s walled garden (last Friday squid or the previous?), but I managed to connect a few more dots this week. Thanks for bringing that to light.

The natural language processing branch of artificial intelligence is one of the most important developments in the history of your species.

Elsevier want to do the “data mining” themselves and sell the service and/or the results over and over again, in perpetuity. That gets into a lot of deep questions that I don’t want to tackle, but are very much in need of good answers, ones that maximize long-term value for a slightly wider audience than Elsevier and the pols they pay off. The quotes indicate that the value-add goes well beyond string-matching. The best positioned entity to do this, other than Elsevier, is Google. If anyone wants a rigorous one-paragraph mathematical description of Google’s core algorithm, John Hussman, the autistic polymath from Stanford, published it years ago. The algorithm falls far short of where NLP is going, but it was a brilliant start on funding the quest.

When I saw the headline for this:

I thought that it was going to plough the same field. In fact, it is a related and interesting topic.

Once you have a proper NLP setup running on your computer and use it to analyze the millions of pages of laws and regulations, you’ll find out that your existence was long-ago outlawed. They just haven’t gotten around to taking you to the recycling center yet. At which point, you’ll have nothing to lose and may want to go join the protests, get a vigorous hardwood shampoo and be on TV with blood streaming down your face. It was more obvious to some of the minorities that they had been outlawed long ago, because they were constantly shot in the back by police and yet the millions of pages of regulations had no effect.

Thoth August 6, 2016 10:46 AM


This is where RF shielding and @Clive Robinson’s advises comes into play. User wired connections and use RF shielding for the connection cable and computer.

vas pup August 6, 2016 11:27 AM
That part in particular:
“Adding security after the fact was always more difficult than doing it during design and development, he said.” Who can argue?
Q: How to force business to add security during design and development?
My guess legal remedies not working, marketing of products with built in security probably will – any reasonable and respectful input appreciated. Emotional – discarded.

Wael August 6, 2016 11:42 AM

@vad pup,

Is it distant or close future?

Near future, as some of this functionality already exists. For example, HP — and I mentioned this in the past, had “bot” type software that searched for vulnerabilities on the enterprise machines. When it found a vulnerability, it used it to deliver a payload to fix it,

Complete functionality is distant future (whatever distant means). It’s in continuous evolution mode, so it’s hard to nail when the “program” is mature enough.

Greg August 6, 2016 12:17 PM

Hi, can anybody recommend a good (but secure) PDF reader for Windows?

I know that Edge and Chrome both include a PDF viewer but I’m looking for an equivalent to Adobe which is lightweight yet secure.

(The only ones I know of are for Linux and I’d like a native Windows reader).


Wael August 6, 2016 12:28 PM

@Nick P, @Buck,

Don’t go where @Mike the goat went!

@Mike the goat,

I would like to see a discussion between you and the trouble-maker @ianf 🙂 That’s pay-per-view material 🙂

z80 August 6, 2016 12:38 PM


have a look at SumatraPDF – not sure if it’s secure but it’s at least lightweight

Greg August 6, 2016 2:14 PM


Thanks; I’m going to give Sumatra PDF a try.

I had been looking at Okular but Sumatra seems incredibly lightweight which is perfect for my needs (the only downside is it doesn’t support interactive forms although I don’t use them).

I’ll sandbox the app just to be on the safe side.


Clive Robinson August 6, 2016 2:22 PM

@ r,

th regards the BBC Detector vans, it’s probably not WiFi they are using but some other technology.

The story apparently started with the UK Telegraph newspaper –AKA Torygraph– which is owned by the weirdo Barcly Brothers who are making peoples lives a misery in parts of the channel islands because they won’t fall down and kiss the ground the weirdo’s walk on. Like many Whaco’s they have money problems from trying to buy respectability and position. As a result the Telegraph has sacked decent journalists and are starting to resort to “click bait” type journalism, where fact checking is not what it should be and sensationalism takes center stage.

What has probably triggered it is a report that was published a few days ago from Sir Amyas. Interestingly what it actually says is this,

    “Where the BBC suspects that an occupier is watching live television but not paying for a licence, it can send a detection van to check whether this is the case. Detection vans can identify viewing on a non‐TV device in the same way that they can detect viewing on a television set. BBC staff were able to demonstrate this to my staff in controlled conditions sufficient for us to be confident that they could detect viewing on a range of non‐TV devices.

If you think about the sentence I’ve highlighted, the implication is it’s the common element between a computer / tablet / smart phone and a TV that they are going after. Which would be the flat panel display and it’s driver circuitry, in a modernised version of “Van Eck Phreaking”. The technology to do this has been around for quite some time –wideband receiver and FPGA board– and the bods over at the UK’s Cambridge Computer Labs have demonstrated it a number of times.

Also there is another clue, it’s the “live stream” not the “catch-up” they are after. This makes their life a lot lot easier as they have a “refrence signal” from the Freeview transmissions to verify against, rather than tens of thousands of program files.

So my guess with no further information is the proven Van Eck Phreaking of Flat panel displays, followed up by the old “lift the letter box and listen to the sound from the TV” the likes of Crapita currently use (re-training such –lower IQ than TSA grunts– monkeys in something new takes a lot of effort and expense than they would want to spend).

albert August 6, 2016 3:37 PM


“…but until now they been used mostly for shady transactions or to buy illegal goods and services on the “dark” web….” – News to me. Like to see a source for this, with actual statistics.

Ya gotta wonder why undercover agents are using tricks like this. Do they really care about catching drug dealers, etc. or is it the banks that want to put cryptocurrency out of business?

We are moving more and more toward a fascist state where -everything- will recorded and analyzed, and cash will be eliminated entirely.

It’s ironic that financial crime gets worse every year, thanks to technology.

. .. . .. — ….

r August 6, 2016 3:49 PM


Okay, if you’re thinking it is a LCD/LED van-eck variant: could be it the high frequency MICrophone squeals we saw about ads?

I can’t imagine anyone stuffing that technology into a dvd except in short bursts for amazon ads, maybe they’re modulating the audio output of live feeds to scream “I’m here I’m here”.


How would a van pick up high-frequency audio squeeas short of a laser bug though. You’re probably right.

ianf August 6, 2016 4:12 PM

@ tyr

Among benefits of this Bruce’s blog, you forgot to include, ?HOW? COULD YOU FORGET TO INCLUDE, the blogverse-unique, rich cephalopod content (jerome said it best). In fact, I am surprised that Bruce is not seemingly fêted by, nor invited to hold inspirational talks/etc, at Cephalopod Science Fanciers Congresses and the like.

@ Wael, none of the nicks you called above is present in this thread. Were you talking to yourself again, only in print.

If you ABSOLUTELY have to goad me with some goat, at least try to be clear-headed. For once? Also I’m no trouble-maker, at best an amateur impersonator of my aspirational guru Big Noise From Winnetka, Illinois.

Re: BBC Detector Vans

I don’t have any inside or outside intel on these, but, on logick grounds alone, they seem to be figments of someone’s hyperactive imagination, amplified here by no other than Clive Robinson’s learned ruminations.

The BBC has constant budgetary problems, so where would they get the money for these electronics-rich vans? And how many vans… one each for each ‘shire, or just a solo unit for Greater London? What would the goals be, and cost/benefit ratio, for them to be considered a sound investment: 5 discovered unlicensed BBC reception cases on average per 1 man crew working day?

Above all, however, WHAT VANS? If there is any actual in-situ signals detection to be executed, surely the equipment for it would by now fit in a briefcase, and pinpoint not any specific type of display (flat panels ARE legal and do not require a license per se), but some known to be leaky emissions from TV decoding circuits.

But, hey, Clive—your click-bait was more tech’y than Torygraph’s.

albert August 6, 2016 4:18 PM

@vas pup,

“…Q: How to force business to add security during design and development?…”

Historically, businesses have been loath to add any development time($) to a product that will not yield immediate returns. ‘Legal means’ would need to be explicit, accepted standards and practices. Very hard to enforce in software development. Manufacturers who incorporate s/w in their products treat s/w security as a not even necessary evil. (Is it true that many manufacturers still contract out their s/w development?)

Since the only thing manufacturers care about is money (OK, that’s an intentional exaggeration), I submit the idea of making the makers liable for security breaches; expensively liable; feet-to-fire-and-stir-up-the-stockholders liable. Everyone wins! Consumers have safer (but more expensive) products. Lawyers, obviously. Programmers get more jobs, and more job security*. Manufacturers make bigger profits. Once the IoT is complete, -everyone- will have a stake in this. Do we need to redesign the Internet? DO it! There’s plenty of money in the War Chest, corporations can pay a little more tax, and consumers won’t mind a -small- increase in their bills.

That’s my €0,02

  • see what I did there?
    . .. . .. — ….

Wael August 6, 2016 4:26 PM


I’m aware these nicks aren’t on the thread. Just haven’t heard from them in a while. Do a search on Mike the goat, and you’ll find him on the blog!

albert August 6, 2016 4:46 PM


“…After Dallas Shootings, Police Arrest People for Criticizing Cops on Facebook and Twitter…”

Cops arrest folks for online criticism all the time. Those 4 cases you cited are tricky. While it’s possible use hyperbole in a threat, it’s best to avoid threats altogether. To say a cop should be shot is generally not protected speech. To say a cop is a “stupid dickhead asshole motherfucker” is protected speech. It’s opinion. Facts are also protected speech. The above quote may be a fact, maybe not.

For a lawyers take on ‘free’ speech, cases similar to the one mentioned, and cops who (sadly) match most of the expletives mentioned above, see

Caution! Not all lawyers have a accurate understanding of free speech issues. This guy (Ken White) does. He also provides ‘help’ to folks who can’t afford a lawyer in free speech cases. (see the ‘popehat signal’).

I guess I should put ‘dickhead’ in my spelchek dictionary
. .. . .. — ….

ianf August 6, 2016 5:36 PM

@ Grauhut,

looks like a hash or a checksum to me, meant for some specific, by Ed Snowden side-channel-contacted, party. Good use of a public medium for distribution of transient bite-sized content to targeted, though not disclosed, addressees.

I remember once reading of someone’s fairly complex (Yahoo!) Pipes program [manipulation of public data snippets], which at one point generated a sizable table of indexing data that needed to be available for a subsequent op in the same program flow. This, however, happened first after some double digit minutes delay. Since everything happened in virtual space, the program simply created a randomly named Usenet binaries group, posted the data there, then read it back after a while, processed to completion, and deleted the group using the authoring token that likewise was stored by adding it to the posted data in security-by-obscurity-encrypted format (it looked like part of the table). I remember being mightily impressed with the multi-tier no-need-for-physical-data-storage approach.

I don’t think Pipes exists any more, decommissioned even before Marissa Mayer’s stewardship.

Nick P August 6, 2016 5:53 PM

@ Greg

re PDF

Try muPDF. OpenBSD developer Marc Espie vouched for its code quality.

@ Wael

“Don’t go where @Mike the goat went!”

Haha. Noise ratio is still high so I comment less. I’m still reading the blog comments, though. Still on Hacker News as nickpsecurity, recently with same name, and a day or two ago excellent, bootstrapping site Barnacles. Lobsters often copies HN stories but has others & different comments with many OpenBSD devs and pentesters. Funny one here about what hardware they run on. Introduced myself by dropping a H bomb (H for high-assurance) on another post on reproducible build bullshit. Latest incarnation of my verified, not reproducible, builds mini-essay with curated links for intro to high assurance, subversion in general, SCM, compilers, and so on.

Far as this blog, I’ll drop an interesting find or two real quick if that one wasn’t.

@ Figureitout, Wael, Clive

I know Figureitout likes to see source. Turns out the eChronos RTOS that was used in DARPA drone project is open-source now at GitHub page. Or maybe I just noticed it but a nice find. As page notes, it’s aimed at correct operation on highly-constrained MCU’s w/ no memory protection. Targets an ARM Cortex-M4 right now. I could see it ported to RISC-V Arduino clones like Pulpino later on.

@ All

re formal verification

I think I previously posted Myreen et al’s work on verified LISP, ML, machine code, first-order logic, HOL Light, and hardware. They’re kicking ass. Turns out CakeML is funded by organization, now Data61 (formerly NICTA), that did seL4 & they did COGENT language I posted about before. COGENT, a verifiable language for systems programming, is now open-source on Github. Overview, the Github, and so on can be reached from this page. For best result, skip to the paper where they do two filesystems (including ext2!) in it verified down to ASM in tiny fraction of time and expertise of seL4 method.

Note: Also found a nice list of compiler optimizations for anyone wondering what to Google for on that. Might help projects aiming to do simple compilers with just enough optimizations for best ROI of effort. Like QBE.

re hardware verification

I’ve already noted we might be able to use black-box, EDA tools to make trusted hardware if we can at least formally verify and test with open tools any steps from behavioral to RTL to transitor level. All kinds of testing approaches out there. Just today found this paper on how Centraur built a framework on ACL2, an open tool, to verify their VIA Nano, etc processors. They do full-custom designs with only a handful of people needed to build this tooling. If they can do it, then so can some FOSS lovers starting with guidance as in the paper.

re protocol verification

Verdi, which I probably already posted, is still my best find recently for distributed systems. Another page on testing distributed apps.


Best outcome of that is still HAMMER toolkit. All parsers should probably be using it right now. They often push for non-Turing Complete languages but have no recommendations when I confront them on that. Just that SuperGlue paper that’s a non-solution. Stumbled across one with some wild properties: Charity language. One of those that make you think differently about practical, decidable languages. Might be worth further investigation for people interested in those things.

re Control Flow Integrity

Memory-safety is strongest technique but too expensive often. Best of those are SAFEcode and Softbound+CETS. Control-flow integrity tries to just protect against hijacking of control with mixed success. KCoFI and CPI are the best. Anyway, this paper details about every method, their properties, recommendations and so on. The kind of assessment that needs to be done across the INFOSEC field on all the major topics. Readers interested in improving security of C software can get most done by running popular programs through the tools above, fixing any problems found. There’s also potentially benefits in running safer language programs that compile to C through them. Might be redundancy in the checks where you need to turn them off on one side or the other.

re covert channels

Another win at Data61 is their work on side & covert channels here. Cock has integrated probabilistic models for catching them into HOL to get formal toolset for that. Kemmerer’s Shared Resource matrix is always available for people who don’t do formal methods. Maybe implement it in a regular language with hand-entry of variables, functions, and so on in abstract form.

re crypto

A cryptographic, type checker.

re garbage collection

A IBM paper describing a stall-free, real-time, garbage collector. Doesn’t pause mutator for even 1 cycle & uses around 1% of FPGA resources.

re safe, parallel programming

Delegated isolation is a new model. Prototype Aida language has simple constructs, supports arbitrary accesses, high concurrency, and maintains freedom from data races, deadlock and livelocks. More properties at once than I thought I’d see in one language anytime soon. 😉


A few more papers and tools added to the collection focusing on some foundational stuff mostly. That’s the 80/20 rule in action. I plan to look back at the application level of things later to see what people are doing in servers, storage, messenging, time keeping, whatever.

Skeptical August 6, 2016 6:34 PM

@cyberflatus: Remarkably I cannot find a single coherent argument in your comment. I’m therefore reluctant to respond at all, as I clearly must not understand you. Nonetheless…

In skeptical’s delusional bassackwards world, US threats brought China to the negotiating table. When China got fed up with TAO sabotage and took 22 million blackmail-ready dossiers on Federal officials, that didn’t figure in at all, no sir.

Why would the OPM records acquisition make the PRC more willing to curtail its state-sponsored commercial espionage?

And re: blackmail – one of the points of full disclosure is to mitigate susceptibility to blackmail. Anything derogatory in the OPM’s records is by definition known to the USG.

The public humiliation caused the US to regress to blowing shit up in August,

OPM penetration: US reportedly aware as of March 2015.

Airstrikes against ISIL: Began in August 2014 – and were likely planned earlier.

Timeline aside, there’s no plausible connection between the events.

but the US can’t intimidate the PRC, so the US had to use their words

You’re suggesting airstrikes against ISIL were an attempt to intimidate the PRC?

Skeptical shares the beltway fixation with bilateral negotiations, and naturally can’t comprehend that this bilateral joint statement pushes the US back to multilateral development of norms

Such as the multilateral talks the US long insisted upon with North Korea, with respect to issues in the South China Sea, and elsewhere?

Outside of your narrowly framed fantasy-world, one of the key strengths of the US is in the number of its allies and the strength of the bonds between them – which is why the US usually prefers multilateral negotiations.

The norm at issue – no state-sponsored commercial espionage – is one that the US has been pushing “with words” and otherwise for some time.

The SCO … specifically affirms the ‘important role of the United Nations in formulating international norms.’

How impressive. Also important to formulating international norms: words, state behavior, state agreements, atoms, thoughts, …

So once again, what we see here is the SCO curbing US threats to peace with necessary and proportional countermeasures. As US standing trickles down their leg, the international community goes ahead and makes law for grownup countries.

I cannot begin to imagine what the connection in your head is between the PRC agreeing to the US demand that it cease years of state-sponsored commercial espionage and the SCO letter, much less how this equates to the SCO curbing anything at all.

To the extent you intend vulgarity to substitute for logical argument, I suggest you drastically increase the level of vulgarity, as at present it is woefully insufficient for such a purpose.

65535 August 6, 2016 6:58 PM

@ r

I think we will have to wait until more accurate information comes out on the “BBC Detector vans” to see the exact technology [possibly a leaker or a Freedom of Information Act request].

@ Clive

“If you think about the sentence I’ve highlighted, the implication is it’s the common element between a computer / tablet / smart phone and a TV that they are going after. Which would be the flat panel display and it’s driver circuitry, in a modernised version of “Van Eck Phreaking”. The technology to do this has been around for quite some time…”

That is a good guess. But, I am not sure. What about all of the many screens in the area of the BBC Detector vans? How does the BBC detector find the culprit and administer justice [say a fine or the like]?

Dove tailing on the “more information” aspect of those BBC Detector van does the UK have an effective Freedom of Information Act [like the USA]? That would be a direct route of gleaning more information on those vans.


‘The Freedom of Information Act 2000 (2000 c. 36) is the implementation of freedom of information legislation in the United Kingdom on a national level, with the exception of Scottish bodies, which are covered by the Freedom of Information (Scotland) Act 2002 (2002 asp. 13). Environmental information is covered by further legislation Environmental Information Regulations 2004. Tony Blair, the UK Prime Minister who introduced the Freedom of Information Act, later expressed regret over the Act, claiming that the Act impeded the ability of officials to deliberate “with a reasonable level of confidentiality”.’ –Wikipeda

In the USA, the ACLU and others such as Emptywheel have been using it to glean information on the NSA/CIA/FBI and so on with some success. But, usually the documents are heavily redacted. Is this the case in the UK?

Thoth August 6, 2016 7:17 PM

@r, s

Law rarely exists. It’s all about power, time and resources. Sad truth. Encryption and high assurance makes it much harder via the need of expanding exponentially more resources, time and manpower which is why the corrupted elites hate anonymity tools, encryption and personal security like it is a poisom to them.


“and cash will be eliminated entirely”

Credit cards and mobile payments are driving all these cashless and recordable transactions. Cut down on credit card and use insist on cash as much as possible. Also, avoid mobile payments or banking apps for mobile phones as not only are these apps prone to being owned, who knows what details the mobile payment apps would harvest from the already leaky mobile phones.

“It’s ironic that financial crime gets worse every year, thanks to technology.”

Technology is an enabler for more abuse or more security depending on intentions and use. Now with all the corruption, it is the enabler of harming innocents more than helping people.

@Nick P
Lobsters, barnacles but no prawns, king crabs and scallops 🙁 . Need a seafood feast before reading those papers.

Hmmm… about time to name my Groggybox desktop and android clients since groggyboxclient and groggyboxforandroid seems too long. Talking about seafood, barnacles and lobsters are too tamed and don’t hurt. Maybe I should name the client Tridacna (huge clam that can snap off diver’s limbs !!!) and then modify the name to make it … Cryptdacna ? Ot may leave the naming to later ? Btw both the desktop and android clients would be done in Java to make maintenance easier since android stuff is already Java.

The main keying modes and encryption/decryption routines for the Javacard variant is up but requires a whole lot more work as explained to @Figureitout earlier (just a heads up in case you missed it).

It does not have signature checking for the purpose of allowing sending without allowing reverse checking on who the sender is. It is part of my bigger plan to have @Clive Robinson’s fleet broadcast with encrypted files capable of being sent over some sort of broadcast or multicast without having a “phone home address” so that it matches the broadcast/multicast theme. Although … it does have implicit checksuming to ensure deniable integrity 🙂 . What a weird term for “deniable integrity”.

Nick P August 6, 2016 7:32 PM

@ Thoth

Haha. It’s just the titles whose origin I have no idea about. The sites themselves are security and business articles respectively. Following a dispute with HN founder, the Lobsters founder also created the site with open code, visible log of moderation activities, and other accountability features. Description here.

cyberflatus August 6, 2016 8:10 PM

Yes, give up, no one’s talking to you. No special ed for you.

94% of 7:53 went over skep’s head. Like so many patriotic rubes behind the US iron curtain, Skeptical is not so plugged in as he poignantly tries to suggest. Even the broad Sagami Depot hint leaves him befuddled, so he clearly has no need to know the clandestine precursors. Under the brittle pomposity there’s nothing but slack-jawed incomprehension of the most fundamental legal issues and obsessive need for affirmation from ‘allies’ (that is, bribed puppet rulers leeching off peoples who despise their neo-Soviet bloc.) The whole regime is like that, one big Trump.

Cosay Nold August 6, 2016 9:02 PM

I have some files that I want to backup online. Prior to upload, I want to encrypt them, but I can’t decide what program to use. A lot of articles that I have found seem to suggest using GPG but Scrypt would also seem to be an option.

Any recommendations?

Thoth August 6, 2016 9:59 PM

@Cosay Nold
SCRYPT is only used for key stretching and not encryption. Stick to PGP/GPG or VeraCrypt/CipherShed for now.

Wael August 6, 2016 10:38 PM

@Nick P,

Haha. Noise ratio is still high so I comment less

Well, if you post more you can swing the ratio 🙂 I’ looked at some of the links. Me? Don’t care for source code 🙂

r August 6, 2016 11:20 PM

@Detection Vans,

You make laugh now, but a White Van with a vinyl cutter etc can offer near limitless possibilities especially with a roll of blank magnet.

If your neighbors listen to radio, take over their favorite station with an Orson WellsESQ broadcast about such vans.

If they’re over wifi you can take over the ads displayed on their computer etc.

Near Limitless.

Andrew August 7, 2016 12:19 AM

I missed the passwords article earlier this week, for people still interested here is an idea of password for managers or really important accounts:

You concatenate a passphrase you remember with a truly random sequence of characters you write down on a paper in your wallet.

ianf August 7, 2016 12:47 AM


    Here’s a set of instructions for making high-entropy paper Bitcoin wallets that ought to agitate the bloodstream of some of you, and cause ERUPTIONS OF INDIGNATION over its author’s not explicitly warning readers against (a) using potentially already corrupted/ unclean USB thumb drives for storage of (b) potentially adulterated HTML content off the web; and then (c) processing it on an non-energy-gaped, if “clean,” computer:

    […] Generating secure and highly entropic private keys is of the utmost importance, and it’s easy enough to do on our own. Here are the steps:

      1. Visit
      2. Save the page as an HTML file to a USB key.
      3. Safely remove the USB and plug it into an offline computer running a clean OS.
      4. Open the HTML file and click on “Brain Wallet” vii.
      5. Since your own vocabulary is inadequateviii, derive an 10-word (minimum) passphrase using five (5) dice and this 7776-word English dicelist, this [Romanian dicelist], or one of these [other non-English language dicelists].
      6. Click “View”, then print 2 copies.
      7. Clear the browsing history, safely eject the USB drive, and restart the computer.

    Voila! You now have a high-entropy private key on a paper wallet (aka cold storage)! […]

    Rebecca Hadron August 7, 2016 12:53 AM

    RE: password manager, Last Pass as suggested by Bruce and some others, is cloud based (!) – and to add injury to insult was also breached not so long ago

    Key Pass is very good however. FOSS and includes a key file, has random generator built in amongst other features

    @ All
    this is a place for quality, maturity, service sharing support and community. We can make the world a better place
    the signal to noise ration will greatly improve with just one single adjustment:

    Who agrees to participate in the total isolation & ignoring of a certain, well known regular troll?

    Who votes to petition the moderator to ban them completely?

    Thoth August 7, 2016 1:03 AM


    “truly random sequence of characters”

    Not going to be easy to generate one bunch of truely random characters. Remembering truely random characters are veru difficult especially if it exists more than 5 characters.

    Just use an offline password manager like @Bruce Schneier’s PasswordSafe which is easier to audit the source code due to it’s open source nature.

    Figureitout August 7, 2016 2:33 AM

    Nick P
    –I like schematics too, block diagrams of chips.

    Still too much code. Smaller. The actual code size is always much larger. I don’t have my roots of trust built and backups prepared. I don’t care for an RTOS now, still too much code. Don’t need it. I like my code elegant, powerful, diced up in small chunks in separate devices serving their own small simple purpose. Or chips that you simply configure (not really program) for certain protocols. Just some registers to configure, that’s it. Datasheet will be small since it’s just protocol implemented in hardware.

    Curious August 7, 2016 3:18 AM

    There is apparently something called a ‘vibration API’ for mobile phones:

    “Privacy of W3C Vibration API”

    The mechanism allowing websites to utilize device’s vibration motor is called Vibration API. The mechanism allows a device to be vibrated in particular patterns.

    For example, a web designer can make the device to vibrate for a specific duration, say 50 ms and follow that with a still period of 100 ms (…)

    Curious August 7, 2016 3:20 AM

    To add to what I wrote:

    I wrote “for mobile phones”, but I think I perhaps misunderstood the article at first, and I guess the API might be used for any device really.

    Curious August 7, 2016 3:35 AM

    There is apparently something called “wafer level cameras”, for ease of manufacturing and for making them smaller. Creating cameras on a wafer.

    Makes me wonder/worry if tiny cameras will be covering ones computer screen at some point as if it then would be possible to create a big camera looking back at you.

    ianf August 7, 2016 3:39 AM

            MORE NOISE
            FOR LESS NOISE

          ADMINISTRIVIA @ Rebecca,
                                                         whilst much in agreement with what you propose, may I point out some irritating small inconsistencies that have “smuggled themselves” into your “thought line” for that your great signal to noise ratio improvement with just one single adjustment:

          FIRST you speak of “participation in the total isolation & ignoring of a certain, well known regular [SINGLE INDIVIDUAL] troll.

          THEN you inquire “who would”/ but really you promote the idea of/ “voting to petition the moderator to ban THEM completely?”

          “Them” = a multiple of “single individual,” that somehow has expanded into a legion between sentences, no foreplay, no nothing. You simply can’t jump over that, grrrrrl.

            LASTLY, may I point out to you that any petitions to @Moderator calling for any measures against unnamed (but wink-wink) fellow participants—I think I know who you have in mind—are bound to fail. If for no other, than for the simple reason, that GDR anonymous denunciation methods do not work here in the West.

          EvilKiru August 7, 2016 3:44 AM

          As I was perusing one of my RSS feeds, a very interesting ad popped up. Rather than try to describe it, I captured a portion of my RSS reader’s page that includes the ad and uploaded it to My first reaction was, “Seriously?”

          For those that don’t like to follow links, it’s an advertisement from an outfit at for a “CIA Intelligence Degree. Taught by former CIA, FBI and DOD.”

          What the ever-living f…?

          Thoth August 7, 2016 4:23 AM

          @Nick P, Figureitout
          re: eChronos Project

          I noticed an irregularity in the project’s statement namely:

          “…eChronos project builds and formally verifies, a small, versatile, high-assurance real-time operating system (OS) for embedded micro-controllers. In contrast to other OS work at NICTA, the eChronos RTOS is for tightly constrained devices without memory protection. Current implementations are available for Intel 80251 and ARM Cortex M4 micro-controllers.”

          ARM Cortex M4 comes with MPU that has is optionally enabled. It kind of bewilders me why someone would not enable MPU if they know they are doing security critical applications in still not enable MPU.

          How to enable MPU in ARM Cortex M4 is linked below and other details of M4’s MPU. I have checked both STMicro’s STM32 and Atmel AT02346 (@Figureitout’s favourite) that are ARM Cortex M4 and both comes with MPU.

          Why wouldn’t a security application be enabling MPU on ARM Cortex M4 that allows toggling of MPU ?

          When you enable the MPU for the loaded applications, it would lock the memory of the loaded application to the range it is suppose to use and it is better to create the OS to run the native MPU locking and force the enabling of MPU. This would make it much lighter and I am guessing this might be @Figureitout’s concern. I looked at the Github and it’s kinda a wall of things. Not gonna be too easy for the eyes and probably also the mind thus @Figureitout’s knee jerk reactions kinda kicked in.

          The eChronos page has a time line that mentions it’s deliverables can be loaded onto STMF32 which is what the Ledger Blue and Nano S are using which immediately got me flipping through the pages and noticed the possible discrepancies in the statements because I remembered that the STM32s have MPU.


          Erisian Dave August 7, 2016 4:57 AM

          BBC wifi snooping could be as simple as the iplayer client phoning out, or sniffing marked/timed acks, or bandwidth correlation. Note this is a wifi attack, not a lcd or broadcast signal attack.

          Apple hold patent on BB style camera/screen chimeras, this is old old old tech, patent at least 10 years old now.

          @Rebecca Hadron
          Great idea, lets all self assemble into small focus groups and petition the mods to get rid of those of whom we don’t approve. that seems a great way to run things. Lets make the world a better place by getting rid of those with different ideas and non-conforming ways of expressing themselves. Probably useful pr to label them fascists, everybody hates fascists right??

          ianf August 7, 2016 5:10 AM

          @ Curious,

          unless you can come up with some new physical/ optical capture principle that does not rely on a pinhole or lens AND some minimal focal distance to the plane that “freezes” the photon-borne image, the “wafer level cameras” you talk about will never be “[Christian-communion-with-“god”-that-doesn’t-exist]-wafer-thin,” as their name implies. At best we’re talking of, essentially, “growing” (or 3D-printing in some fashion) of multiple 4-6?mm thick lenses already inside their mounts OVER a ready multiple pixel sensor 0.5mm Si-wafer substrate. Or prove me wrong FOR MORE NOISE.

          We already have front-pointing cameras on laptops and phones, so what would those your imagined future “tiny cameras covering ones computer screen at some point… creating a big camera looking back at you” be capable of, that the present, single camera lenses, already do not do? [And, btw., congratulations on HIGH SIGNAL contribution of your submission.]

          @ EvilKiru,

          as the CIA is a branch of the USG, and composed of much more than its single trademark image WetWorks Directorate, where do you suppose they recruit their future cadres from?

            From among Ivy colleges’ graduates, at their perennial Career Fairs, dahrrrling. So it is not surprising, that they had sponsored some 3d party Uni. to set up a ambitious prep-, or post-initial-CIA-rejection study course.

          I knew a guy who was some kind of minor academic in agricultural development, for years in the employ of the U.N. Then he got a teaching job in Washington, D.C., moved to Silver Springs, MD (Maryland). He never spoke of his courses or students, and after a while the bits started falling into place. So I asked him in passing about his job at the CIA (which is like the 4000 lbs gorilla employer in that region), and was told matter of factly that he was a researcher in its, yes, agricultural studies department. I could have inquired more, but what for… I already knew what geographic regions were his life-long speciality, and doctoral dissertation, of, agri development in Central Asia, with once Soviet Kazakhstan at its core.

          Nick P August 7, 2016 5:32 AM

          @ Thoth

          First, do all Cortex M4’s have a MPU or is it just certain models? This targets baseline.

          Second, the point of project is OS for stuff too cheap and weak to leverage memory protection. The Cortex might just be prefered platform for tooling, boards, whatever. Especially one should consider if Cortex M4 code works on models like M0. If it does, then they just used faster CPU for their tests and/or drone.

          Those come to mind.

          furloin August 7, 2016 5:53 AM

          @ianf and evilkuru

          Does this mean American uni students should only go to places like that for technology jobs?

          Maybe all the Americans with small amounts of sanity should just move to South Africa and become farmers.

          /sarcasm partially

          ianf August 7, 2016 6:12 AM

          The course EvilKiru was speaking of is voluntary (and, unless the Uni has gone socialist, costs on a par with other pol-sci courses there).

          Anyway, I can’t muster up enough indignation over the CIA now recruiting somewhat educated people… judging by past performances, I suspect that their on the ground policy operators will still be the kind of fuckups like that Gust Avokados figure in “Charlie Wilson’s War,” who just wanted to “kill Russians” in 1979 Afghanistan—and look what that led to. So at least the next time we’ll be screwed by educated fuckups.

          Thoth August 7, 2016 6:21 AM

          @Nick P
          So far most of the M4 I have seen implemented the entire portfolio which includes MPU which the big fabs made (NXP, ST, Atmel, Texas Instruments) . Most manufacturers would buy the portfolio and implement the entire blueprint they bought into the chip so that they would have all the features available instead of selectively removing certain modules from the blueprint and then making them into silicon and when they need to bring in a feature, going back to drawing and then lithography and all that which is a waste of cash and time.

          Since the common Cortex M4 from what I see comes with MPU inside, the baseline is inverse where MPU equipped M4 are the common norm in the industry and market as can be seen from common M4 products like STM32 from ST and LPC family line from NXP/Freescale and TM4C from TI. Due to these 4 companies having the lion’s share in silicon production of ARM chips specifically the Cortex M4 and all of them brings in the MPU in their design, it becomes harder to find someone that does not bring MPU onto M4 chips. If the project is security related, the project implementors do better make damn sure they buy one with MPU.

          Gettingan ARM Cortex M4 without MPUs is harder due to most of the big chip makers have implemented MPU into their ARM Cortex M4 products.

          Sabrina De Souza boo hoo hoo August 7, 2016 6:35 AM

          Doesn’t matter who you hire, if they have impunity they will turn into criminals. The Central Intelligence Agency Act in 1949 put CIA covert activities beyond the review of any court. Subsequent laws hid that provision in red tape but it’s still in force. That’s why the CIA Torture Report sits shrink-wrapped in a safe at DoJ unread. The only way to get CIA under control is ratify the Rome Statute, because first and foremost it’s a pledge to prosecute or extradite. If the US judiciary is still scared to stand up to CIA, then it’s open season on individual CIA criminals worldwide. Italian courts for instance, they know how to break up mafias like CIA: grab the small fry, make them squeal, work your way up to the capos like Brennan.

          Curious August 7, 2016 6:39 AM

          I can easily imagine a world filled with either light emitting surfaces (think, computer screen or just light bulbs), OR, surfaces filled with cameras.

          Cameras, cameras everywhere! Ugh.

          Curious August 7, 2016 6:42 AM

          Btw, reading slashdot comments, I am annoyed by people who say privacy is dead.

          I’d argue that what such people probably fail to understand, is that by making ‘privacy’ a foregone conclusion, their apologetic take on things probably end up screwing over those people that have a need for privacy, and those that have been subject to abuse. So, in short, simply denying people privacy, or abusing people’s privacy, doesn’t make privacy issues go away.

          ianf August 7, 2016 6:45 AM

          @ Erisian Dave,

          From the 1st of September all iPlayer streaming (restricted to the UK) will command a license fee, hence presumably use some cryptoken to periodically verify the transmission to the requesting, logged in IP. So what would iPlayer need to hone phome for?

            Anyway, let’s not speculate endlessly over potential BBC detection vans or methods, because, unlike learned Clive’s signal, ours would be all noise.

          ianf August 7, 2016 7:05 AM

          Reading slashdot comments, Curious is “annoyed by people who say…

          Never mind them, there are people here, who will say ANYTHING just to confirm to themselves, that they post, therefore they exist. No examples, because that’d be NOISE.

          Cosay Nold August 7, 2016 7:21 AM


          “SCRYPT is only used for key stretching and not encryption. Stick to PGP/GPG or VeraCrypt/CipherShed for now.”

          That can’t be completely right. I know from reading Hacker News that Tarsnap uses Scrypt.

          Skeptical August 7, 2016 7:42 AM

          @cyberflatus: 94% of 7:53 went over skep’s head. Like so many patriotic rubes behind the US iron curtain, Skeptical is not so plugged in as he poignantly tries to suggest.

          “[T]he US iron curtain”? I’m actually laughing. Thank you.

          And I’ve noted repeatedly that if I had any knowledge beyond what I read in the newspapers, I wouldn’t post here.

          All I did above was take apart a belligerently incoherent post by you. That you have now given up the pretense of a substantive view at all, and have resorted to a post consisting in entirety of half-baked insults, is I suppose an improvement of sorts.

          Have a 100% of a good evening.

          Thoth August 7, 2016 8:53 AM

          @Cosay Nold

          Firstly, Tarsnap presented the SCRYPT Encryption utility tool in a very misleading manner.

          Before you start thinking SCRYPT algorithm itself is an encryption algorithm, read the papers on SCRYPT. SCRYPT is a KDF function to derive cryptographic keys from weak entropy passwords.

          On Tarsnap’s website:

          “The scrypt key derivation function was originally developed for use in the Tarsnap online backup system and is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.

          We estimate that on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20000 times greater than a similar attack against PBKDF2.”

          Thus, it is very clear that the function of SCRYPT is to derive keys from weak entropy inputs like passwords.

          The Tarsnap website also includes PDF and slides on SCRYPT algorithm which is a KDF function from the papers.

          So what is this SCRYPT Encryption function doing ?

          If you look into the source code, the encryption function is simply using SCRYPT to generate an AES key from a password and then doing AES encryption in CTR mode. So essentially, it shows that SCRYPT must rely on AES or some encryption algorithm to encrypt while SCRYPT derive the keys from the password.

          The code snippet from the Tarsnap’s SCRYPT Encryption function can be found from line 303 to line 346 in the source code taken from Tarsnap’s Github linked below.

          If you are referring to using Tarsnap’s SCRYPT + AES-CTR vs. GPG/PGP vs. VeraCrypt/CipherShed, all of them use valid and strong crypto. Choose anyone of your liking as they are all valid and secure as long as you find them easy to use 🙂 .


          Wael August 7, 2016 11:46 AM


          Have a 100% of a good evening.

          I don’t wish to be intandled in this discussion. This caught my eyes, though: How did you know it’s evening time where your correspondent is? Are you two acquainted with one another in real life?

          Alan August 7, 2016 12:10 PM

          This latest vulnerability, well known to the community, is now affecting millions of users. Microsoft have refused to remediate the problem notwithstanding that they’ve known about it for 15+ years.

          If you visit a specially crafted website or receive a specially crafted email your Windows credentials (local password and Microsoft account password) will be leaked.

          NTLM hashes are incredibly insecure but are being transmitted over the internet. Now a majority of users login with Microsoft Accounts their online accounts are in danger. 2SV would provide protection against this.

          The exploit only works in Internet Explorer, Edge, Outlook and other Windows Processes. Google Chrome is currently unaffected.

          Ted August 7, 2016 12:27 PM

          University of Iowa Injury Prevention Research Center (IPRC)Towards trauma-informed care</a href>

          “When a child is repeatedly acting out in class, unable to pay attention or skipping school, teachers and parents might ask “What is the matter with him?””

          “But there is a different question researchers of Adverse Childhood Experiences (ACEs)</a href> say educators and parents should ask instead: “What happened to him?””

          “ACEs are traumatic events that can dramatically upset a child’s sense of safety and well-being, such as child abuse, child neglect, and household dysfunction, among many others. It could also include things like bullying and childhood injuries. The life-long impacts of childhood trauma are staggering: ACEs have been linked to risky health behaviors, chronic health conditions, low life potential (graduation rates, lost time from work), and early death.

          “How we as caregivers can help prevent trauma and build resiliency in the child was the topic of a May 18th workshop at the UI College of Public Health</a href>. Around 150 researchers and practitioners attended the “Resiliency Triumphs Over Trauma</a href>” workshop, which was co-sponsored by 10 institutions and organizations including the UI Children’s Hospital and the UI Injury Prevention Research Center (IPRC). IPRC Director Dr. Corinne Peek-Asa and Associate Director for Science Dr. Marizen Ramirez presented on community engagement and program development in healthcare and schools.

          Take the survey
          Calculate your ACE score at
</a href>. A high score doesn’t guarantee bad outcomes, but can increase the odds of struggle.

          cyberflatus August 7, 2016 12:54 PM

          Yes, stick to meta, you’re less likely to embarrass yourself as the tone police.

          This is skeptical’s one and only trick, ignoring what he doesn’t like. His only new wrinkle is complaining that it doesn’t make sense once he’s bowdlerized it in his pea brain. ‘Take apart,’ that’s the magic of Dunning-Kruger: he can’t assimilate anything that conflicts with his brainwashing, like that is my problem.

          Whenever you’re tired of all the bloviation and you want to short skeptical out, just mention anything the Sixth Committee does. He can’t stand the thought of his dear leaders held to universal standards. North Korean dips are much less rigid. 또라이 미국놈

          65535 August 7, 2016 1:17 PM

          @ Alan

          Micro$oft is one of biggest bundles of vulnerabilities called an Operating System.

          Now, to the ancient NTLM problem which seems to go back 25 years or so, are you talking about:



          NTLMv2 + SSP

          Or a mixture of the above?

          Here is what Wikipedia says [take it with a grain of salt]:

          “Microsoft adopted Kerberos as the preferred authentication protocol for Windows 2000 and subsequent Active Directory domains.[15] Kerberos is typically used when a server belongs to a Windows Server domain. Microsoft recommends developers Neither to use Kerberos nor the NTLM Security Support Provider (SSP) directly.” -Wikipedia

          “NTLM remains vulnerable to the pass the hash attack, which is a variant on the reflection attack which was addressed by Microsoft security update MS08-068. For example, Metasploit can be used in many cases to obtain credentials from one machine which can be used to gain control of another machine. The Squirtle toolkit can be used to leverage web site cross-site scripting attacks into attacks on nearby assets via NTLM.“ -Wikipedia

          [And a fair description of configuration of NTLMV2 + security ~]

          As an aside, a guy named Casper wrote a lot about NTLM and NTLMv2. To make a long story short and to paraphrase him:

          Use NTLMv2 with a 16 alphanumeric or higher password.

          Once, he thoroughly described NTLM he suddenly quit writing about it. I think M$ may have influenced him to quit [NTLM was just too easy to break].

          Sean Tapes August 7, 2016 2:12 PM

          @Anonymous Cow
          Wooo! What a nice list of cocksuckers.

          Fill it with disinfo next time. It begs to.

          CallMeLateForSupper August 7, 2016 2:46 PM

          James Bamford, in Reuters:
          “The world’s best cyber army doesn’t belong to Russia”

          “National attention is focused on Russian eavesdroppers’ possible targeting of U.S. presidential candidates and the Democratic Congressional Campaign Committee. Yet, leaked top-secret National Security Agency documents show that the Obama administration has long been involved in major bugging operations against the election campaigns — and the presidents — of even its closest allies.

          “Given the news reports that many more DNC emails are waiting to be leaked as the presidential election draws closer, there will likely be many more reminders of the need for a public dialogue on cybersecurity and cyberwarfare before November.”

          Clive Robinson August 7, 2016 4:10 PM

          @ ianf,

          If there is any actual in-situ signals detection to be executed, surely the equipment for it would by now fit in a briefcase

          Err no, in many respects RF is like optics and you need to consider the implications when it comes to locating direction and range.

          Without going into the dull details you will need widband antennas and atleast two of them, spaced appart.

          Which brings us onto,

          … pinpoint not any specific type of display (flat panels ARE legal and do not require a license per se), but some known to be leaky emissions from TV decoding circuits.

          I’m guessing not, because diferent devices will have different decoding signitures depending on who wrote the software. It’s only when it finaly hits the display hardware that the signiture is likely to be sufficiently reliable to determine what is being watched.

          @ Curious,

          Makes me wonder/worry if tiny cameras will be covering ones computer screen at some point as if it then would be possible to create a big camera looking back at you.

          It rather depends on what you mean by “looking back”… The human eye is very much like a CCD camera as are many creatures eyes, which generaly work best when the lens has some focal depth. However it’s not the only way you can do things. Have a think about the compound eyes of insects and how they work. This all you need is four phototransistors etc under a single “water drop” lens as the basic movment / edge detector and these can be spread evenly across a surface. Idealy the surface would not be flat but slightly convex or concave then each detrctor would be pointing in a slightly different direction.

          Alan August 7, 2016 5:39 PM


          It seems to affect all versions of NTLM. I’ve not been able to test it with NTLMv2 + SSP.

          It’s worrying because the leaked information discloses your computer name, VPN login name, VPN password, Microsoft account name and Microsoft account password (if used).

          Sancho_P August 7, 2016 5:59 PM

          @Wael, re “intandled –> entangled”

          Thanks for clarification, I was afraid I’ve lost you, too 😉
          Often I need a dictionary in my attempts to follow certain postings.
          Now there are two groups of posters in my limited universe:
          The first I (hopefully) understand (and can agree / disagree, like or not, …),
          the second group, unfortunately growing, I do not understand, for whatever reason.
          My problem:
          The second might be at least as interesting as the first.
          Sometimes I’m not sure if it’s just gibberish or if there is a special meaning hidden in that stuff.
          Don’t laugh, exactly this is my main interest:
          How to hide information in plain text, or, much more interesting, vice versa, how to find whether any text is simply text or tries to convey a hidden (secret, encrypted) meaning.
          To top that, is is feasible for an automated process to encounter a hidden meaning in clearly readable plain text?
          Or in general, what is encrypted, what isn’t?

          The posting @Skeptical replies to – gibberish?
          His “good evening”? [1]
          To silence a “well known regular troll” or petition the mod – an insane but real idea or a hidden message?
          “Noise” (?) postings, where do they start? Here?

          It might be a signal to be silent now, regardless of the actual time at the target?

          Thoth August 7, 2016 6:30 PM

          Properly designed file signature schemes are immune to such attacks especially if sideloading fields are not allowed but as usual with m!cro$oft, anything made by them is crap and hopelessly broken. Even their authenticode digital signature scheme is hopelessly broken by allowing the fields on part of the ACT header to allow bypass by not checking it.

          A properly designed scheme and implementation would be more rigid and not allow arbitrary data to escape the signature checking.

          This is more of m!cro-crap implementation and design than say signature schemes being insecure.

          r August 7, 2016 6:40 PM


          The least he could’ve done is published a header to parse and verify the 3 offsets independantly.

          Second, at least as far as Windows 7 there was a subsystem abuser capable of doing what he describes: in memory loading of PE’s using windows own memory mapping components hidden inside ntdll.dll(?) and kernel32.dll. The library may already be out there, it’s rk teq: BUT his is likely up to date eg. w8 w8.1 w10 at this point.

          Even though you star trek fans could call me oftenwrong, I know there’s been parasitized mechanisms for in-memory loading of PE’s with ms’s own impls.

          He hasn’t necessarily been vague enough, and I’d be interested in the case of current anti-ransomware teq if the on-disk measurements aren’t still able to identify such deep-root in-memory malignant behaviour as we would expect from exploitkits + ransomware.

          Have you guys seen the repurposing of ARM’s performance counters to detect malware yet? It’s pretty cool.

          I know I’ve seen more recent stuff than that, I believe that’s based on 2013 stuff.

          Nick P August 7, 2016 6:49 PM

          @ r

          My general rule is that anything that (a) runs code and (b) takes possibly malicious input might be (c) hacked. So, it needs to be protected. However, all the intellectual property I’ve seen on ASIC sites (both analog & digital) for handling video made me skeptical. I decided to read deep in slashdot comments in case anyone had a counter-claim. Here’s one that looks believable:

          “Calm down. TFA is bullshit.

          I’m a firmware engineer. Let me tell you a bit about how monitors work internally. The data rate for video is way, way too high for any kind of inexpensive CPU to handle. It’s all done by ASICs, which are fixed function. They have a few programmable parameters, but the most you will be able to so is configure things like gamma/contrast/brightness and change scaling options, stuff like that.

          There is a CPU in there (more accurately an MCU), to do menus and talk to the PC, but it can’t see what’s on screen. The data rate is too high, it doesn’t even connect to that bus. It doesn’t need to, it just sends commands to the ASIC to to the overlay graphics. So this idea that a hacker could infect the firmware and then communicate via a flashing pixel is bollocks, the CPU can’t even see the pixels.

          Apart from bricking or irritating the user, I can’t see any practical use for this. If the hacker can get to the point where they can talk to the monitor’s firmware anyway, they already p0wned your system remotely or are standing next to it. I can’t really see much opportunity for an evil maid attack.”

          So, now we have two claims from sources of unknown reliability. The counter has more detail and is supported by fact that most SOC’s have hard blocks for this stuff. They’re unlikely to do that if a microcontroller could handle it. So, the question is (a) do the hackable MCU’s have any access to the data line the ASIC works with and (b) can their limited CPU’s do anything useful (esp at good frame-rate) with that? Without these answers, we should assume either denial-of-service and/or using it as stepping stone toward attack on host via maybe a driver.

          ianf August 7, 2016 7:09 PM

          @Clive: Without going into the dull details you will need wideband antennas and at least two of them, spaced apart.

          I know that, same old triangulation as in wartime. So now—in budget constricted times in peacetime—you’d need 2 of these per detection “opportunity.” Which is where the entire idea of a fleet of BBC “direction RF detection vans” spreading out from the 1st of September starts to fall apart. One question on PMQT about efficiency of the scheme sinks it… it simply is beyond preposterous to consider.

          Apparently the BBC goes after the ~£150M that it feels is them due… that translates to roughly a bit over 1M “signal leeches,” who, however, are not spread out evenly over the 60+M strong country.

            So, say 30 vans, even only leased for a year = £0.5M + £15k equipment/van = total of £1M. (30+10 support) staff = 40 salaries @ £30k/year = £1.2M. Assuming a UNIFORM success rate of 10 “catches” per van/day (already that an impossibility), that’d make ~27000 new subscribers per 300-day year, or, roughly bring in £4M for the outlay of £2.2M. Divide 1M / 27k = 35 years. Goodnight, Nurse.

          Which brings us onto… It’s only when it finally hits the display hardware that the signature is likely to be sufficiently reliable to determine what is being watched.

          Various other EU state TV authorities tried the TV frequency leakage detection ops in the past, which never worked IRL. It seems that the only somewhat efficient method is statistical-based invigilation and projection per given area: so many households composed of known age/ income profiles, so many TV licenses, let’s filter license-free addresses out of the electoral rolls database, and go pay them a visit AFTER working hours—needed pocket income for downsized technicians—to ogle the tube glow in their living rooms. That’s how it is done, if at all.

            We talk here a lot about security theatre, so why isn’t this single stupid Telegraph article dismissed out of hand as equivalent DETECTION SCARE PANTO?

          PS. this was another NOISE wrapped in a SIGNAL from me, and/or vice-versa.

          r August 7, 2016 7:16 PM

          @Nick P,

          HDMI doesn’t have access to DMI or you’re saying the subsystems are sufficiently separated you think?

          Yeah stepping stone is what I was thinking, I can see why you are picking apart “infections” there – I don’t see any evidense of it being like the mac keyboard firmware attacks or the NSA’s hdd one.

          When it comes to specifically my Dell Monitors that’ve required “firmware updates”, it’s only a temporary update that’s live as long as it’s stored on disk – not like the microcode updates we get for cpu’s.

          If my menu subsystem can apply gamma options, then isn’t it garanteed to be connected to the higher-frame-rate asic involved and be capable of programming it (asic’s arent programmable yadda yadda yadda)?

          r August 7, 2016 7:19 PM

          @Nick P,

          Actually, the menu-overlay proves it can at least over-write areas.

          DoS is a valid concern here how big are popups usually? AND yes/no boxes tend to be centered.

          It would work as a direct attack on UAC

          ianf August 7, 2016 7:56 PM

          OT Those of you overwhelmed by the signal flood of past 12 hours, may care to rest your eyes for a mo on this followup of the Bron/Brœn Saga’s saga, courtesy of author Clive James YOU WILL BE SHOCKED TO DISCOVER THAT HE SHARES MY OPINIONS ON THAT IN THE MAIN (long extract from a upcoming book of his, so scroll down to the following fragment):

          […] The Bridge’s Saga Norén has a case of near-autistic something-or-other which would make any hetero male viewer think twice about angling for a lift in her Porsche, although it’s probably true that any hetero male viewer would think of it once.

          neill August 7, 2016 8:08 PM

          @Nick P,

          you could sample pixels, e.g. every 10 seconds you collect 16 pixels@24bpp = datarate is 38.4 bits/second, that’s good even for a slow serial bus e.g. “one pin”

          no idea though how many pixels you’d need to “fingerprint” an HD broadcast

          some years ago a friend participated in a nielsen study, he got a “listening device” that recorded short segment audio clips periodically – overnight you were to plug it in a cradle to charge and via ethernet let it call home

          couple that with gps and you can get your friends busted for playing bootlegs at home

          r August 7, 2016 8:17 PM


          About video fingerprinting,

          Likely quite a few pixels, video codecs are usually lossy.

          r August 7, 2016 8:22 PM


          Are you insinuating the Brit’s are fear mongering civilians into turning off-their tv’s and or looking outside (in no certain-order) as a detection mechanism?

          Practicing PSYOPS on your own people… Good thing Tony Blair left huh?

          ianf August 7, 2016 8:36 PM

          @ Sancho_P

          […] is is feasible for an automated process to encounter a hidden meaning in clearly readable plain text?

          Encounter? Yes.

          Decode? Only if hide-in-plain-sight rules are known in advance, and specifically searched for, otherwise it’s all plain text. Decryption of suspected “spy book code” (words picked out acc. to predefined rules out of a specific edition of a book at both sending and receiving end) could presumably, and probably has been automated, and, even when it has failed, may yield certain statistical token-frequency etc. insights, but that’s about it (there’s a whole branch of, quantitative linguistic studies, devoted to finding correlations and etymological provenience of words and languages).

          ObLitContent: “The Ghost” book by (British) Robert Harris/ filmed as “The Ghostwriter” by Roman Polanski, is centered on a message hidden in plain typescript, but I won’t spoil either for you. The entire Dan Brown’s oeuvre is about search for medieval hidden codes, but, essentially, it’s “THE TRUTH IS IN THERE FOR DUMMIES.” The day DB disappeared off the bestseller lists, the average in print book IQ rose by a magnitude.

          r August 7, 2016 8:57 PM

          @Nick P,

          I think both neill and I missed your leading quotation mark. (I know I did they’re kinda hard to see on my beeeeeedy little screen.)

          ianf August 7, 2016 9:02 PM

          Oh, @rrrrrrrr, why are you so thick all of a sudden? (that’s Wael’s prerogative). Clearly, this DOJ recommendation to “aging judges to protect their own pcs” is a bugle call to crony capitalists to upsell their security services to the courts, and then run the servers for them—to everybody’s, but the taxpayers’ benefit

          r August 7, 2016 9:21 PM


          That’s what they want you to think, this was an overt attempt to manipulate judges.

          That pixel modulation attack (if real) should be able to pierce Tor easily – one script to rule them all – drop me on your network for the windows RDP domain controller injection – log into your google account – force install one of these: ‘Quadrooter’ – don’t forget to log the judge’s number – I now control your eyes and ears and maybe with a little digging I can control your mouth too.

          Your contacts, your input, your where-abouts.

          With a little luck and some hard work mining your devices since you’re a terrorist and all for using Tor… maybe I can control that gold mine that is your mouth keeping the belief in privacy alive.

          r August 7, 2016 9:25 PM


          Yes, shattering their belief in: the office, rank, or preeminence of an ecclesiastical primate.

          r August 7, 2016 9:28 PM


          I forgot one: their ‘wear’s about’.

          Do male judges wear female panties? Stay tuned, NEWS AT 11.

          ianf August 7, 2016 9:30 PM


          ARE British PTB Practicing PSYOPS on their own people…

          Nothing as intricate as that, merely acting on time-and-again proven knowledge, that EVERY TIME they announce some new strategy to catch the free-loaders, the voluntary new Beeb subscriptions rate gets A SIZABLE UPTICK. Cheap-o tactic.

          BTW. In the aforementioned The Ghost Writer, an Tony Blair’ish effigy (Pierce Brosnan on the silver screen) gets the bullet from TB’s IRL friend RH. That’s as close as some Brits here will ever come to revenge on THE EVIL BLAIR RICH PROJECT.


          r August 7, 2016 9:50 PM



          Context is always minable. 🙂

          CR… LF?

          Addendumb, so your country like mine is full of Beeb-ers?
          I’ve never heard that idiom before, are you yank’in my chain?
          I’m not sure that counts if you’ve given that nickname to yourselves.

          Smoking fags in the lift after gettin shagged by a Bobby who threaten to beat their bloody arse after watching the telly?

          Oh the Beeb is the BBC?

          Sorry this line of thinking is engaging?

          I still call that a psyop.

          r August 7, 2016 9:56 PM


          Man, I just cant understand you.

          And how messed up is it that I can watch BBC FROM AMERICA for free and you can’t?
          You can’t watch hulu or netflix without a VPN, can you?

          Scott "SFITCS" Ferguson August 7, 2016 10:11 PM


          Re: Wired’s carefully researched, um, story about monitors…

          If it looks like Uri Geller, and it walks like Uri Geller…


          Extraordinary claims claim large audiences?

          65535 August 7, 2016 10:52 PM

          @ Alan

          “ It seems to affect all versions of NTLM. I’ve not been able to test it with NTLMv2 + SSP. It’s worrying because the leaked information discloses your computer name, VPN login name, VPN password, Microsoft account name and Microsoft account password (if used).”

          It sure is worrying. The vulnerability is real and is not easily mitigated.
          The problem is backward compatibility of most Microsoft product and the may different OS and machines that need to talk on either:
          1] Homegroup or workgrop
          2] Domain with domain controllers.

          Hence, once you begin to mix and match OS series and or types you get the “security down grade attack” situation. There is no easy way around it with M$ products.

          Many years ago when I was working my MSCE we were taught to only use NTLMv2 with 21 digit passwords for domain controllers [domain] environments and to turn off the Single Sign On feature. Next, use both complex machine name and passwords. For a “domain controller” provide a fake Administrator account that is actually just a user and change the Administrator account name to something obscure [the 21 character password still goes]. User group policy to restrict the attempts to log on to the domain controller and use a high security template – and never allow machines under XPsp3 Pro on the network… ect {Old and obsolete information].

          If your user was a telecommuter – you are somewhat screwed. You start to get into the VPN issues you are pointing out.

          I have tried using XP home with NTLM SSP and it does contact domain controller so I have a feeling that some security is lost. The situation a marginally better with Win7Pro and up. But there is no sure fire quick fix security. My experience with M$ is soured.

          That said there a number of NTLM harding guides that purport making security better. But, you pay your money and take your chances.

          [Jasper long winded guide]:


          “Although Windows Vista has not been released yet, it is worthwhile to point out some changes in this operating system related to these protocols. The most important change is that the LM protocol can no longer be used for inbound authentication—where Windows Vista is acting as the authentication server.
          Windows Vista will no longer store the LM hash by default. Acting as a client, Windows Vista also makes a change to outbound protocols by setting LMCompatibilityLevel to 3 by default. In other words, NTLMv2 will finally be the default protocol for non-domain authentication. In the next scheduled release of the Windows Server platform, code-named “Longhorn Server,” a lot of work has been done to reduce the need for NTLM altogether. In Windows Server 2003, NTLM, and sometimes even LM, is used in many cases, such as in clusters. In the next version of the operating systems many of these protocols will finally be turned off by default.

          “Please note that these statements are based on prerelease versions of the operating systems. It is possible that compatibility testing during the beta cycle will force these settings to change.

          “So what should you do now? In all environments you should consider setting the LMCompatibilityLevel as high as possible. The decision needs to take into account the types of systems used in the environment and how high the threat of attack is. For instance, inside a datacenter where all communication lines are secured, the threat of man-in-the-middle attacks is relatively small. In an unsecured or WEP-secured wireless network the risk is significant. Attackers commonly sniff these networks in the hopes of catching the authentication sequence and cracking it.

          “Generally, the setting should be as high as the needs of the environment allows. In a network that consists of only Windows 2000 SP3 and higher systems, and has no third-party devices that require LM or NTLM authentication, LMCompatibilityLevel can be safely set to 3 or higher on all systems. Problems may occur when level 5 is used on systems running operating systems prior to Windows Server 2003 SP1. Routing and Remote Access Services will fail if the RRAS server or the domain controller is running with LMCompatibilityLevel 5.

          “It is also important to consider the error messages you get when you have a conflict in the LMCompatibilityLevel capabilities of different systems. Effectively, the only negotiation in this entire set of protocols is NTLMv2 Session Security. Downlevel systems will ignore that flag. Therefore, the only error message you get if there is a settings conflict between client and server is that access was denied due to a bad username or password. Neither side to the transaction has the ability to determine that the issue was due to unsupported authentication protocols. This makes troubleshooting somewhat challenging.

          “Hardening the NTLM SSP

          “The NtlmMinClientSec and NtlmMinServerSec settings, which are known as some variant of “Minimum session security for NTLM SSP based (including secure RPC) clients” in Group Policy, govern which behaviors are allowed for applications using the NTLM Security Support Provider (SSP). The SSP Interface (SSPI) is used by applications that need authentication services.

          “The NtlmMinClientSec and NtlmMinServerSec settings do not modify how the authentication sequence works. Rather, they are used to require certain behaviors in applications that use the SSPI. Each setting contains a bitmask that can be used to require some combination of up to four different types of behaviors, shown in Figure A.

          The easiest way to differentiate between the NTLM SSP settings and LMCompatibilityLevel setting is by just considering the items they affect. The SSPI settings govern the behavior of applications that use authentication, while LMCompatibilityLevel governs which authentication protocols the operating system can use… Jesper Johansson, a senior security strategist in the Microsoft Security Technology …He has a PhD in IS and has delivered speeches on security at conferences all over the world.”

          [Windows 2008r2 server Harding by Petri]

          “Security Configuration Wizard (SCW)

          “Once you’ve addressed the security issues uncovered using the MBSA, the next step is to perform a comprehensive attack surface reduction on the system. The purpose here is to limit the exposure of the system by disabling services that are not required to support the workload running on the server, and configure additional network security, authentication, and audit settings to support a secure server.

          “While it’s possible to perform this process by manually, the ideal way to do this is to use the native Security Configuration Wizard (SCW) included with the operating system. The SCW will walk you through the process of gathering information about the intended role of the server and will create a security policy that can be applied to the target system. The SCW also allows you to edit existing policy and optionally perform a rollback of an applied policy. To open the SCW, navigate to Start/Administrative Tools and click the Security Configuration Wizard.” -Petri

          [Example of a security check list]

          [other Windows Harding]

          [Mitigation of attacks]

          As you can see it is spaghetti and meatballs approach when mixing and matching legacy machines, different OS boxes, and ‘hang-off of the back’ Exchange, MsSQL, VPNs and Voice over IP configurations. You are never going to have perfect security with M$ products. The attack surface for the vast array of M$ machines and products makes it impossible to secure. Pick your security template and take your chances.

          As an aside, the Hillary Email deal is supposedly because of downgrading security on her 2008R2 server + Exchange server [?] for various iPhone’s, Android’s, Blackberry’s and the like [or even turning off security altogether]. But, all of that is past history and debatable.

          tyr August 7, 2016 11:05 PM

          @Rebecca Hadron

          Nice try !!! That was a revered part of Athenian
          democracy when it was first tried. You could do
          an anonymous vote to expel the one you disliked
          from the debates. The debates were supposed to
          be judged on the ideas of merit with no reference
          to the speakers obvious faults. The best story of
          this was Phocian who was asked by a citizen to
          write Phocians name on the ostracism shard, he
          did so but asked why. The citizen replied he was
          tired of hearing about how virtuous Phocian was.


          There’s a rumour that cephalapoid researchers
          have been known to speak of the subject with a
          religious intensity, some have even been looking
          at the stars on occasion. Probably for this.

          @Nick P.

          I liked that IBM paper link. Having been around
          when garbage collection used to take minutes as
          your comp went off to play with itself, the idea
          it could be seamlessly done by hardware has real
          charms. M$ should jump right on that one.


          I doubt the possibility of the revival of democracy
          any time soon, it will be continually used as a
          coverword for various crappy political schemes until
          we run off the looming cliff ahead. However hope
          srings eternal in the primate fools heart.

          vice-versa? August 7, 2016 11:45 PM

          I cant be arsed to keep track of all these split-personalities right now. I’ll just say that if your intent was NOISE wrapped in a SIGNAL, you have ignored at least one major flow in your cost/benefit analysis

          general rule August 7, 2016 11:53 PM

          @Nick P
          Assuming the more detailed claim has merit, has it occurred to you that this attitude is strongly correlated with the number of vulnerabilities in existence? Did you see the one here yesterday from the self proclaimed cellphone network technician? An engineer and two advertisers walk into a bar…

          r August 8, 2016 12:41 AM

          @All, Thoth(?)

          re: FreeBSD

          “Around three months ago, a post was published (mirror) on GitHub’s Gist service. In the report, multiple vulnerabilities against portsnap, freebsd-update, bspatch, and libarchive were detailed. To this date, FreeBSD has been silent on official mailing lists. However, Allan Jude talked very briefly about it on BSDNow. FreeBSD is still vulnerable to the portsnap, freebsd-update, bspatch, and libarchive vulnerabilities.”


          “No-one at this point has a device that’s fully secure,” he said. “That basically relates to the fact that there is some kind of issue of who fixes what between Qualcomm and Google.”

          r August 8, 2016 1:01 AM

          The above affects HardenedBSD too,

          These exerpts from the mailing list first:

          Our AV researchers have analyzed the following link that was cloud-
          submitted as suspect:

          The document is from an unknown author and describes “non-cryptanalytic
          attacks against FreeBSD update components.” The affected components are
          the portsnap and freebsd-update tools, both directly and indirectly.

          From what we can tell, the text file is part of a larger stash of
          documents, all with the same attack-defense style. We have other
          documents, dated 2014 and 2015, detailing attacks against the update
          systems of multiple Linux distributions and the corresponding defenses
          against “the adversary.”

          We believe this to be the work of an MITM-capable advanced threat actor.

          Full details of our findings will be released in the coming weeks. This
          is a courtesy heads-up to FreeBSD users.

          > Counterintuitively, the segfault case is (currently) less dangerous
          > than
          > the error case. This is because the segfault arises from harmlessly
          > trashing the heap until an unmapped page is hit (though you never know
          > what the future – or creativity – brings). But taking a cue from a
          > comment in the exploit, I bumped up the compression to level 9, which
          > positioned a lot of libbz2 internal data after the buffer. This data
          > gets overwritten and could very likely be finessed to dangerous effect.
          > The error message is simply because after pulling out my hair to figure
          > out bspatch, I had no desire to follow the author down the rabbit hole
          > of bzip2/jemalloc/libc internals, which shall remain for me black
          > magic.
          > Martin Schroeder

          Now, as for hbsd – this is nice:

          For binary updates to base, HardenedBSD relies on a tool called hbsd-update, which is enabled by default in base. hbsd-update was affected. hbsd-update updates come in a single tarball that contains multiple file within it. Prior to the series of commits fixing hbsd-update, the outer tarball was not validated prior to extraction. Only the inner files were validated by enforcing digital signatures. The libarchive vulnerabilities could allow a malicious third-party to distribute update archives that could place arbitrary files on the filesystem. To address this issue, the hash of the current hbsd-update is published as part of the DNS TXT record. HardenedBSD’s DNS entries are signed with DNSSEC, which hbsd-update now verifies. By utilizing DNSSEC, hbsd-update can ensure that not only the version information is valid, but also the hash of the update archive–effectively turning the DNS TXT record into a digital signature for the outer file. Those who publish their own binary updates using hbsd-update-build are advised to do the same.

          Due to the new DNSSEC validation feature in hbsd-update, the unbound-host application has been wired into the base build. FreeBSD includes the code for unbound-host; however, it is not wired into the build. Additionally, we now install the DNSSEC root key 257 as part of the hbsd-update trust store. Since DNSSEC key material is routinely rotated, we will maintain the DNSSEC root key pinning in the trust store long-term.

          Let’s hope it’s not already too late, and some sleeper cell hasn’t been installed somewhere in their code base

          The date on the github post is 07/29, Russia was ‘hacked’ on the 29th/30th ? Snowden may be missing 😛 and 8 torrent sites went down – ALSO microsoft just published a patch and exploit about their signature subsystem being circumvented including remote domain controller injection and potential subversion of their FDE.

          WTH is going on?

          Clive Robinson August 8, 2016 1:06 AM

          @ r,

          With regards Columbia University researchers use of “timers” to detect malware, it’s prior art, and they should know that.

          It is something that has been discussed on and off for the past few years on this blog it’s part of the “Prison” model I’ve developed.

          The fact that they have got a patent is thus some what dishonest of them, and only possible because of the US and it’s Patents Office behaviour.

          r August 8, 2016 1:10 AM


          Well, now that’s more than a good enough reason to start a defense fund in your name.

          If I ever hardcode that sort of thing into one of my Qualcomm’s I’ll certainly give you a reference in the source, you never know – those researchers may have been here picking your brains – Bruce has backups in xml and in the US being archived like that digitally is more than enough evidense to backup such an assertion.

          There’s quite a few neat little copyright tricks writers can utilize on this side of the pond, digitization and transmission is one of them.

          Clive Robinson August 8, 2016 1:25 AM

          @ Alien Jerky,

          With regards “Your Plastic Pal that’s Fun to be with”[1] I loved the quote of one of the researchers,

            “We have had problems picking up the signal,” said Follower. “It turns out the human body is a surprisingly efficient faraday cage.”

          This is not the first time “body cavities” and security have been discussed on this blog, but as the Gov health warnings say “Remember to use protection” 😉

          [1] For those that don’t instantly recognise the line, it comes from Douglas Adam’s “Hitchhikers Guide to the Galaxy” and is a Sirius Cybernetics marketing line[2].

          [2] Which gives me an idea… If we add an “Artificial Intelligence” component to the devices control software, we could get it to “learn a few moves”, now that would make a patent (secondary though as IBM already has a patent on vibrators).

          r August 8, 2016 1:27 AM


          Don’t feel bad, (I’m not saying you do) I was unattributed by another Robinson myself – actually I haven’t had too many good long term experiences with Robinson’s at all. No offense, you being english I’m sure your line is the originator of those lines. But! I was not too happy not being acknowledged for spending a week of my time explaining the intricasies of import and export patching to an HLLer.

          Bunnie got the gold for figuring out it was xor’d, I didn’t own an xbox and it wasn’t my thing.

          But a ‘thunks dude’ sure would’ve been nice. ;]

          That’s the problem with “free” help, someone can go build nuclear weapons with a little bit of geometry and the right tools.

          Thoth August 8, 2016 1:57 AM

          @Clive Robinson, r
          re: Patent Pooling and Legal Defense

          I think the usual commentators who have designs and implementations on this blog forum should have their own patent pool. Cryptographic Research Labs (a.k.a Kocher) stole your idea and now he’s reaping tonnes of cash in licensing and patents used in smart cards and HSMs for side channel analysis. Columbia Uni thieves stole your ideas on the “Prison” model. You gave away the Energy Emission attacks to GCHQ and probably even NSA. Who knows what those ICs might be doing with your attack ideas.

          I am pretty sure international ICs are watching this forum and quietly harvesting techniques as well as finding people and content.

          Have you considered opening a Github account with an alternate email and then dumping your ideas into a Github account and signing it with a PGP key ? This might be useful for evidence preservation in case you need it besides this blog forum’s archives ?

          Clive Robinson August 8, 2016 2:30 AM

          Are our “monkey brains” the real reason why we click on malicious links?

          Some researchers think so,

          Now the $64,000 Question is who dares click on the above link 😉

          I am reminded of the apocryphal story of the psychology exam question “Is there any need for human curiosity?” to which a student replied “Need you ask”.

          As was once noted “There is a reason a cat has nine lives, which the ever curious should be mindful of”.

          Clive Robinson August 8, 2016 3:33 AM

          @ r,

          WTH is going on?

          Just the usual in the trillian Dollar IC community, but for some reason a corner of the rug got lifted.

          I’m guessing that the “Manning/Snowden effect” is spreading with a little more caution…

          There is a problem that some are starting to wake from. Since the “U2 incident” certain western powers have been sleep walking into a self made quagmire with regards the various ElInt, SigInt etc “non boots on the ground” intel gathering.

          The issue is how to get the intel without others getting intel on you. The problem being that any technological advantage is quickly lost when your opponent has access to the same technology.

          Back in the days of mechanical cipher machines one trick was to design the system you used such that it had strong keys through to weak keys. Providing you issued the keys you could always ensure that your side used only the strong keys. Your opponent however on capturing and copying the technology might not be aware of the weak keys, thus would use them. You by using traffic analysis and a good catalogue as well as cryptanalysis could break the weak keys, and build “known plaintext” etc to either break the stronger keys or inferr what a given ciphertext was about.

          Unfortunatly you can not rely on your opponent remaining ignorant forever as the NSA to Crypto AG “secret relationship” becoming known indicates.

          Even trying to control the information about crypto systems fails eventually, the opponent builds up their own methods and spots trends etc in your thinking and direction. Add in a little espionage “black bag” jobs etc and fairly quickly “they know the system”.

          But it gets worse, technological advantage is only an advantage if you not only use it, but also reinvest the current advantage to invent future advantage (R&D). The problem is primary invention or “original thought” is a very rare beast, secondary invention or “adaptation” whilst rare is more dependable thus can be invested in. However primary invention rarely pays the inventor except in academia, because it’s “ahead of it’s time” and secondary invention is almost always stolen by corporations one way or another. Hence inventors tend to get the rough end of it, which leads to problems.

          Whilst the military can to a certain extent control those under flag, it needs others to provide the technology they use. All of a sudden you have gone from the pack/herd behaviour of dogs/sheep you see in the military and government bureaucracy to the independent behaviour of cats, especialy corporate fat cats, and as we well know “herding cats” is at the best of times difficult.

          With independent behaviours comes independent thought, and not all original thinkers are corporate fat cats. Thus not all people are “authoritarian followers” or have “the morals of an ally cat” thus some can behave in what they consider altruistic ways.

          Sometimes the altruism comes from within the mil/gov and that’s when the corner of the rug gets briefly lifted…

          Thoth August 8, 2016 3:36 AM

          @Dan3264, all
          The service maintenance on the HTTPS portion on my website has been completed and you may now visit it. I have also re-issued a SHA256 certificate (the old one uses SHA1) to meet with the latest HTTPS standards for SHA256 certificates. Below is the newly issued SHA256 certificate if anyone is interested.

          —–END CERTIFICATE—–

          Wael August 8, 2016 3:45 AM


          Thanks for clarification, I was afraid I’ve lost you, too 😉

          No worries, sometimes I loose me, too!

          How to hide information in plain text, or, much more

          Doable if you are on the same wavelength as your partner, or accomplice or whatever 😉 I tried it with @Clive Robinson, and he got the message. I, the sender, wasn’t sure if he understood until he confirmed it, in his usual way. You know, the parables that @ianf loves 😉

          Follow along… It’s gonna be long!

          I wanted to send someone a secret message on a public forum (without the DH crap.) So I asked him (indirectly, here: here:

          PS: I dont know how to inject that I think light is not the fastest thing without getting a warning from the moderator. If only I can relate that to security 🙁


          He hinted that some people use poetry, and him being English and all, suggested “Bill” Shakespeare, in the post that followed immediately.

          So, I sent it his way, here:


          blockquote>As for “Bill” Shakespeare, I guess I am allowed to talk about “poetry” again, WooooHoooo
Anyways, in lightof your quoted sonnet, I would say, I am attracted to this one 😉
          “What doth gravity out of his bed at midnight? -King Henry IV. Part I. Act ii. 
Sc. 4.”



          I wasn’t sure if he got the message, I had to ask him in a hidden manner (2- ACK/NACK on Shakespeare.) He replied later as such (my emphasis), in this post:

          The result was a chain of events that gave rise to “The Knowledge of Gravity” being formalized from the information about it which has fairly obviously been around since before man existed.

          This is the message I wanted to send him, and he got it.

          Who? August 8, 2016 4:08 AM

          @r, Clive Robinson

          About Columbia University:

          An usual problem in the research community. If you have an important email address (let us say something at, and so on) then “prior art” does not apply to you.

          I have seen lots of research stolen from “minor” universities (usually from South America and Europe) over recent decades.

          This is an odd game. Rules are asymmetric and, as in other zero-sum games, the small player loses once the big player wins even in the case “research community” acknowledges who really did the work, as they will cite the papers with the “important email address” before anything coming from a small university outside the United States.

          This one is a consequence of the game of numbers our research community likes so much:

          Another evil system that favours big players.

          Curious August 8, 2016 6:10 AM

          @CliveRobinson Re. curved monitors

          That reminded me of how curved tv screens and curved monitors is a thing nowadays.

          That alone makes me think of some kind of technological conspiracy at least being a possibility, though only as an idea. Heh, being an example of what I like to call a one-way-conspiracy (benefiting from an effect that otherwise seem trivial).

          ianf August 8, 2016 6:19 AM

          @ Clive,
                        that cumulative crypto-knowledge that you talk about, the one saturating, dissipating, or percolating up or down the chain of frenemish ICs, which I do not doubt is happening (even as we speak!!!!) – how do you envision the mechanism(s) by which strategies and tactics for protection of “our assets,” while nullifying encroachment of the “not ours” ones, are agreed upon?

          Do the ICs form impromptu committees (I love sitting on committees – all those tasty bites from Dean & DeLuca and imported Perriér water!) to analyze threat maps in order to agree on countermeasures that the home agency then implements…;
                      or do they have a whole sub-sub-department, or a “desk” that does that analysis instantly-constantly, and alerts the affected yet compartmentalized parties within their building of… incoming wads of foul packets on a contingency basis?

            I.e. I want to form a picture in my head of how such—social not electronic—processes are conducted (while trying to forget the idiot “Spooks” episodes), needn’t be true, only somewhat plausible.

          @ Wael,
                        what has Sancho_P done to you for you to confuse the bejesus out of him? And if you think that that your loquacious explanation of… don’t ask me… clarified anything, made sense, then wakey, wakey, sleepy toots!

          Lee Reg August 8, 2016 6:25 AM

          Police are having to investigate a fourfold rise in the number of crime reports involving shop bought drones – including allegations they are being used by paedophiles over children’s playgrounds, peeping toms spying through bedroom windows, burglars scoping out people’s properties, and even cash point scammers recording PIN numbers.

          An investigation by The Independent has found that the number of incidents reported to the police involving drones surged by 352 per cent in a single year as the public became increasingly aware – and suspicious – of the machines.

          Thoth August 8, 2016 8:01 AM

          @Clive Robinson
          If you still remembered I previously brought up the technology on allowing memory devices (SSD arrays and hard disks) direct access to the Internet. There’s a patent application and the drawings should give a little more technical details below.

          Doesn’t seem to include any encryption and security whatsoever. Yet another easy to attack setup. Oh well … nobody wants security because it’s hard and unpleasant (unless for compliance) and nobody is accountable for security faults.


          Scott "SFITCS" Ferguson August 8, 2016 9:04 AM


          The security of keysafe hinges on the strength of the password used to derive the encryption keys for the key shares. <snipped>

          Thanks for your thoughts and my apologies for the slow response, at best I’m an amateur cryptographer so it took a while to appreciate your response.

          I should have previously stated Joey’s specifications to provide a useful context:-

          Have you ever thought about using a gpg key to encrypt something, but didn’t due to worries that you’d eventually lose the secret key? Or maybe you did use a gpg key to encrypt something and lost the key. There are nice tools like paperkey to back up gpg keys, but they require things like printers, and a secure place to store the backups.

          I feel that simple backup and restore of gpg keys (and encryption keys generally) is keeping some users from using gpg. If there was a nice automated solution for that, distributions could come preconfigured to generate encryption keys and use them for backups etc. I know this is a missing peice in the git-annex assistant, which makes it easy to generate a gpg key to encrypt your data, but can’t help you back up the secret key.

          So, I’m thinking about storing secret keys in the cloud. Which seems scary to me, since when I was a Debian Developer, my gpg key could have been used to compromise millions of systems. But this is not about developers, it’s about users, and so trading off some security for some ease of use may be appropriate. Especially since the alternative is no security. I know that some folks back up their gpg keys in the cloud using DropBox.. We can do better.

          P.S. Any particular reason for generating your own SSL certificate on your website instead of using one from a CA, e.g LetsEncrypt? Do you not support Strict Transport Security for a reason?

          Wael August 8, 2016 9:22 AM


          what has Sancho_P done to you for you to confuse the bejesus out of him?

          Did he assign you to be his spokesperson?

          Thoth August 8, 2016 9:23 AM

          @Scott “SFITCS” Ferguson

          re: Keysafe

          My enhancement targets the weak spot of keysafe and is designed for exactly that kind of scenario in mind (cloud backup of encryption keys). In fact, I have been sitting down and re-designing my modified keysafe to be capable of being secured by hardware TPMs and TEEs by including a RSA encryption phase that uses the TPM or TEE hardware key that wraps the Root Device Key which in turn the user password derived key wraps and MACs the RSA encrypted RDK. This would effectively bind the RDK to a hardware backed RSA key (TPM or TEE) which is much more secure than leaving it inside a flash drive for the Root Device Key.

          For the key shares, they can be published online and even cached but they cannot be broken (even with Quantum Computing assuming symmetric crypto and 256-bit key sizes are strong against QC).

          By the way, I have already read the context before I modified keysafe. If Joey wants my modified keysafe, it would be nice if you can provide Joey with a copy if requested for.

          re: ASKG.INFO website

          For Let’s Encrypt, you only have 9 months period and then it expires. Whether Let’s Encrypt would allow continuous renewal is at their discretion. I don’t want to be struggling with pushing for renewals and all that sort of stuff. I am not familiar with Let’s Encrypt’s level of security despite having emailed them and talked to them. Mostly generic answers not to my level of satisfaction and I won’t want to push the matter any further.

          Commercial CAs are either too expensive or untrusted. I don’t really trust much of the CAs out there anywhere as they don’t have any basis I can trust. Their systems are all closed behind their walled gardens and I think CAs are not as effective as intended.

          It’s a shared hosting provided by Icelandic hosting company, FlokiNET so all I get is a cPanel and then just click around whatever they allow me to click. Not much choices I am allowed.

          Wael August 8, 2016 9:28 AM


          then wakey, wakey, sleepy toots!

          Who? What? Where? How? Why… Zzzzzzzxx. Add me to your list 🙂

          Mitch August 8, 2016 9:51 AM

          @ Skeptical, “FireEye reported quarterly sales figures that missed its own projections. The company also announced layoffs.”

          Interesting choice of a current event.

          While layoffs are unusually good for its financial well-being, hence short-term stock price, I would not be surprised if they were acquired by a bigger Umbrella, possibly joining Bruce’s foot-step.

          However, it seems to be the type of industry where doing too good of a job you shoot yourself in the foot.

          r August 8, 2016 10:01 AM

          I’m going to invest in wood burners, you know – in the unlikely event that some of our windmills go out.

          Mitch August 8, 2016 10:12 AM

          @ Banana Republic, “Boneheaded insistence on Russia Did It doesn’t just help with your warmongering. It also diverts attention from the all-important question of who’s got dynastic successor Hillary Clinton by the short-‘n-curlies.”

          But it does give the Patriotic self in me a rile. Nothing spooks it like Russian. As the smear against Wikileaks presumes, it became more obvious that the bigots of your bigotry is your enemy.

          Mitch August 8, 2016 10:15 AM

          @ r, “Has anyone asked the AI what they think?”

          The Octapus you meant? Nobody ate it.

          r August 8, 2016 10:29 AM


          This octoplus? They’re not biting? Surely they’re biting something…

          Their tounges? Each other’s backs?

          Maybe the jobs weren’t “layed-off”, but what we are seeing is a portion of them re-allocated to a black budget ledger?

          Or, as I said – they were lay-offs and nobody cares what the AI thinks about being replaced by two men and a key.

          Nick P August 8, 2016 11:36 AM

          @ r, neill

          The ASIC’s and their controllers are usually on a bus that connects to some I/O strip. The bus is how the data comes in/out. My main concern is that compromising the monitor MCU can give persistent access to that bus. If that access affects kernel, then the MCU can be used to reinsert malware much like BIOS or peripheral firmware attacks. Same old, same old.

          Far as the other stuff, I wrote a few counterpoints but I have less confidence in them as I write them. That means I need to think on this topic some more. I’ll probably draw out some attack charts later on simulating different things one might do with a compromised monitor. I’m particularly interested in what extra access is required for each.

          @ tyr

          I hope MS doesn’t actually. They might get smart, acquire Azul Systems, and then we’ll loose one of the best ones before we convince them to dual-license it. 😉

          @ general rule

          “has it occurred to you that this attitude is strongly correlated with the number of vulnerabilities in existence?”

          It’s not. It’s a combination of a demand and supply problem. Mostly demand. I gave some detail here countering a claim that NSA is the big problem. I showed decades worth of worked examples plus specific, modern tradeoffs that users make that collectively show apathetic or straight-up anti-security attitude by consumers and businesses. They reject anything with strong security even if it’s usable because it lacks feature X or takes tiny, extra, work Y. They’re the problem and it won’t change.

          There are a few ways to get high-security stuff coming out based on what worked before. For one, small or large businesses funded by taxpayers will produce it. Experienced academics, too. (Think Bernstein et al.) Just gotta get more of them that will open-source stuff in on it or at least make it affordable. Another model is small businesses selling a product or service that’s low friction which differentiates on quality/security. As usage goes up, so does the security of it, its underlying libraries, and platforms. They might also promise, even contractually, to donate a percentage of profits to OSS projects and security-related ones. Finally, the non-profit model might be used to get donations for certain ones. That hasn’t been reliable at all, though.

          r August 8, 2016 12:08 PM

          @Nick P,

          re: pixel modulation,

          Make sure to keep in mind that modulation should not be 0xFF 0x00, idealy it would be something the eye can’t sense 0xFE… FF … FE somewhere in there. It could definately be done in slow 4d with something near the invisible I think.

          One GOOD THING, my mouse doesn’t show up over the over-lays the menu provides. So as for gui overlays there’s a weakness at least where popups trayicon url/statusbar are concerned.

          At least with dell’s anyways.

          r August 8, 2016 12:10 PM

          @Nick P,

          A predictable color at a predictable position would be the best for bitwise modulation.

          r August 8, 2016 12:11 PM

          @Nick P,

          Also, might be able to blackout an entire scanline successfully on any of the 4 edges.

          ianf August 8, 2016 12:16 PM

          @ rrrrrrrrr

          […] “how messed up is it that I can watch BBC FROM AMERICA for free and you can’t?

          Is it via IPTV & KODi? I can, too, but dare not install it at home for fear of watching even more TV than I already do. There’s Netflix via Internet (& AppleTV) for the equivalent of $10/month, which is ~2/3 of a single cinema ticket, also that a bottomless time sink. Might try it in winter, though, do not think about Hulu. Ever since the Beeb closed down iPlayerGlobal, and iPlayer UK soon requiring a subscription, ergo an local address, there’s no other way to watch BBC1-4 than streamed via KODi… but for how long until they start to scramble that, too?

          I wish that Netflix would add English-language ebooks to its product range… the entire US/UK/CA/AUS range for downloading to a device for offline reading. There are a couple local subscription-ebook mongers, but their catalog of Amer/Anglo lit is beyond abysmal… when I inquire, they always are SO PROUD of the gutenberg‍.org, and “the latest bestsellers” from, at best, some 2nd-tier British publisher. Which then cost on a par with hardbacks. Worthless the lot of them. As Netflix’ streaming movie & TV series business model has NOT DESTROYED the movie industry, why should Netflixbooks negatively affect the book biz?

          r August 8, 2016 2:12 PM


          No, it isn’t through some device.

          And it’s only partial programming through american PBS, so I’m sure it’s payed out for that. But it’s strange to me you guys have to pay for television.

          Is Brittian that republican? they wont just tax everyone an extra dollar a year and liberalize the programming?

          k15 August 8, 2016 2:32 PM

          When there’s a no-brainer security enhancement to a flaw, and you report it to Google, and Google does nothing about it, what does this mean? Is it a values problem or a communications problem?

          Gerard van Vooren August 8, 2016 2:39 PM

          ProjectSauron : Top Level Espionage Platform Covertly Extracts Encrypted Government Comms

          This is an act of war! The yanks really did it this time!

          r August 8, 2016 3:19 PM


          Naw, it was a plane buzzing over their deck.

          100% friendly, exactly what I said about hoping they used a burnable resource as retaliation.

          Fast flux binaries.

          Russian’s still only lettin the trolls comment? They must’ve been on an unaffected network otherwise they’d be saying “No comment, I do not wish to swear.”

          There’s another link around here about the Russian ambassador or something saying the same thing.

          Thoth August 8, 2016 9:48 PM

          @Scott “SFITCS” Ferguson

          re: Keysafe

          I have created a project on Github named “CloudKee” for the implementation of my modified version of Keysafe. Any interest in giving a helping hand would be most welcomed. This project would not immediately be realized but be slowly developed as a side project.

          This version of CloudKee would use a smart card as the storage device.


          ianf August 8, 2016 10:33 PM

          @ Fun with emails

          July 7, 2010, Hillary Clinton accidentally burns an Iranian CIA agent with her hack-me amateur server.

          Out of curiosity, which word, sentence, or line in the quoted email can be said to constitute HRC’s burning of such an asset?

          (Also, while we’re on the subject of retribution for “burning,” shouldn’t the same “Manning-type” sentence be meted out to those within the previous administration who disclosed CIA operative Valerie Plame’s identity to the press in some kind of inside-the-Beltway sick power play?)

          In other Iranian news, over the weekend BBC News reported that the family of a jailed Iranian nuclear scientist (I wrote the name down, but mislaid the paper slip, so, perhaps, “Amiri”?) received his corpse for burial with rope marks around his neck. No verdict or anything. The not very coherent backstory was that in 2009 he claimed to have been abducted while on a hajj to Mecca, and turned up in the USA, where the press subsequently claimed that he “provided the authorities with valuable intel.” Then, in 2010, he voluntarily returned to Iran, to a “hero’s welcome,” shortly after which he started “helping the police with their enquiries” – without his concerned family being given as much as an inkling of what he was charged for. Until last week, when the inkling turned palpably solid. Such BBC news items usually are followed up by longer in-depth segments, but maybe there wasn’t more to be said this time.

            My initial reaction was that this might EITHER be payback, OR scapegoating, for the Stuxnet… the dates “dovetail,” though of course that payload could already have lied dormant in some other facility waiting to be “introduced” to do the dirty @ Natanz.

          I do not know if that was the same person as the one allegedly being burned in the aforementioned email, but it seems… plausible. In any event, the blood is on the Iranian Republic’s, not HRC’s, hands; and, anyway, WTF was someone outed as CIA asset in the US press then voluntarily returning to Iran, “because the family repeatedly pleaded with him to do so?” There are good Persian restaurants and a vibrant Persian community in the USA as well. Also the CIA should have sicked Carrie Mathison on him, she’d have sorted him out. Oh, wait! maybe they did, and that’s what made him scuttle back?

          r August 8, 2016 10:54 PM

          “By default, this uses the USB attack method, which requires the computer to be
          plugged into the monitor’s USB hub. To use the i2c method, which only works on
          Linux and requires the computer to be displaying to the monitor,
          create a
          config.ini file in this directory that looks like:”

          “It wasn’t exactly an easy hack to pull off. To discover the vulnerability, both Cui and Kataria spent their spare time over two years, conducting research and understanding the technology inside the Dell monitor.

          However, they also looked at monitors from other brands, including Samsung, Acer and Hewlett Packard, and noticed that it was theoretically possible to hack them in the same manner as well.

          The key problem lies in the monitors’ firmware, or the software embedded inside. “There’s no security in the way they update their firmware, and it’s very open,” said Cui, who is also CEO of Red Balloon.

          The exploit requires gaining access to the monitor itself, through the HDMI or USB port. Once done, the hack could potentially open the door for other malicious attacks, including ransomware.”

          (from the above cso article)

          Figureitout August 8, 2016 11:05 PM

          –Unless there was some kind of strange undocumented bug with MPU (stranger things have happened), not sure.

          Nick P and I have different interpretations of “constrained devices”, that’s all. An M4 is not constrained…I have enough chips to know anyways today already.

          Finally tried out a yagi antenna to wifi usb dongle, just need a RP-SMA -> to SMA converter, then just whatever male/female converters or coax -> to Type N or TNC connectors. That’s the most annoying part (and I recommend going the clean route unless you really wanna build your own antenna). Pretty fun to see a bunch of networks pop up. Line of sight recommended (I have more testing to do), and the higher the better too. Had to do windows and driver install.

          Security purpose is to avoid cameras in an area to connect to a public wifi network.

          r August 8, 2016 11:20 PM


          TP-Link would’ve worked out of the box in linux I believe, lot’s more fun there.

          I got a [g] yagi at a garage sale for 3 bucks last month, plugged it right into my ralink (to all of your dismay). They thought it was UHF.

          Figureitout August 8, 2016 11:49 PM

          –Didn’t here, didn’t want to put driver on other pc. Probably use for another rpi.

          Scott "SFITCS" Ferguson August 8, 2016 11:51 PM


          Tested with Debian Jessie using Dell 19074FPt and Dell 1907FP (does not work, will not recommend, won’t buy again).
          While it’s possible it might work (with a bit of assistance from someone with root rights, when the right dependencies are installed), and I don’t doubt those that say it worked for them – it’s still a hell of a long way from being the pervasive and easily executed attack originally implied in the Wired “story”.

          Notes: The authors of the Defcon speech never made the click-bait claims published in Wired.
          The required dependencies (imagemagick python-wand python-usb bin86) are rarely installed even on kitchen-sink distros like Ubuntu (see Popularity ratings for those packages). I suspect even in those cases where a vulnerable monitor is used that changing imagemagick for the more sensible graphicsmagick might prevent it.
          It still requires user interaction to make it work. In which case it’s not really much more a threat than these
          Despite the massive hyperbole (on Wired and such) it’s another exploit that will be patched against on the perpetual treadmill that is the pursuit of software perfection in a complex system. (where everyone who can click is a system administrator)

          tl;dr Yes joggers have been attacked by lions… but jogging does not mean the lions are watching you from behind every bush.

          Thoth August 9, 2016 1:30 AM

          M4 is actially a pretty generous. Looking at hw STM32F4 with crypto, 4KB RAM, 1MB Flash, camera, DSP and all that nice things on top a 32 bit CPU is very luxorious.

          In fact most of the 32 bit CPUs with anythong above 2KB RAM and 50KB storage is pretty luxurious. 16 bit smart card legacy CPUs for the win 🙂 .

          Most people these days are expecting more resources anyway.

          Clive Robinson August 9, 2016 3:54 AM

          @ r, Figureitout,

          I curse the day some idiot in the FCC thought up the reverse SMA, it’s caused so many problems.

          I use normal SMAs in sufficient quantity to “bulk order”. It realy annoys me when I get N-type to SMA pigtails with reverse SMA’s because some skiddy in a warehouse can not tell the difference 🙁

          More of your “US Tax Dollars hard at work” creating mayhem around the rest of the globe.

          Mind you the likes of Asus also annoy me with their power connectors, they use a atandard 4mm barrel but with a much smaller center pin from a smaller barrel conector. These things break because people “trip over the lead” when “surfing from the sofa” and bend/break the PCB mount connector. If it was a normal 4mm it would take a quick trip to the local component store to buy a replacment and a few mins with the soldering iron to fix. Instead I have to get two connectors and have to perform micro surgery on them then with Epoxy glue make the desired connector all very annoying. Which is why I very rarely fix peoples laptops for them.

          I often feel that all those stupid stupid idiots who think they have something to gain by doing stupid things with standard parts should be shaved bald and chained to a wall in a deep dank dark dungeon till their hair grows down to their waist :@

          JG4 August 9, 2016 5:38 AM

          you don’t have to get the threat model right to win, but it improves the odds

          from another useful daily news compendium

          just for the record, surviving is winning

          I urge everybody I meet to learn history. Once you become knowledgeable, you’re going to be worried. Once you’re worried, you might be prepared. If you’re prepared, you will [me:might] be one of those who survives whatever happens. Because what’s coming is going to be a mess.

          for the record, I object to being brainwashed in preparedness by the government, only to have them turn around and criminalize it in a blatantly unconstitutional way. the only suitable punishment is being chained in a dungeon until their bones are highlighted by hunger and their skin is a mess of weeping sores.

          btw, I made a couple of advances in the concept space. any interest in an inexpensive, robust Faraday housing for your entropy generators? I think that you can couple in the power through a filter and couple the true noise out through an optical fiber. for apartment dwellers who want to use lead-acid power systems and co-gen, there are a host of interesting problems to resolve. some aspects would make good open-source hardware. if it hasn’t been pointed out previously, science was open-source, long before open-source was cool, amateur radio was open-source, long before open-source was cool, and experimental aviation was open-source, long before open-source was cool

          roughly speaking, the four most metabolically active tissues in the body are the retina, the hair cells, the islet cells and short-term memory. elevated blood glucose, alcohol metabolites, including oxygen radicals, all tend to damage these tissues first. I suspect that blood glucose is harder on the first two, and alcohol is harder on the second two

          Mitch August 9, 2016 6:42 AM

          @ r, “This octoplus? They’re not biting? Surely they’re biting something…”

          Not the Octapus I had in mind, but thank you for the interesting link. 🙂

          r August 9, 2016 6:44 AM


          We both have our own belief systems, I do agree that the new article is considerably less alarmist(?) but that’s still no reason to discredit it. Those dependancies are for a PoC not a fully developed attack frame, you wouldn’t need python or a/d86 if you weren’t studying the exploit anymore AND if you look at the slides this may be [old] news to some.

          They have just scratched the surface on this, it could be benign or it could be much worse.

          The only way to find out is to start asking questions.

          I just don’t expect that one PoC that they list as working with only their one monitor to be immediately repurposable to older monitors. I do appreciate your trying though, and I will be double checking mine if not studying them further and taking a second look at the w7 update I get on here from time to time.

          r August 9, 2016 6:46 AM


          I’m just upset with myself now for not keeping a single analog device around, I could’ve picked up a good CRT the other day but I told them to keep it.

          Fun with emails August 9, 2016 6:57 AM

          @ianf, 2343 exemplifies the ultimate Noob boner of trying to ‘talk around’ classified on on insecure channel. Soon as you get read in to anything you’re constantly drilled never ever to do that. Context and timing tells your adversary everything they need to know (in this case, context is every other email that passed through HRC’s swiss-cheese server)

          Same goes for the people who burned Plame, you’re right, except they meant to do it.

          You’re right, it is Amiri. re his blood on whose hands, a nation-state punishing a traitor is a separate problem from an official in a position of trust burning an agent. Thanks to this catastrophic cockup, no one in their right mind will trust CIA now. Anyone who ever exchanged pleasantries with an attache will go to ground, if they know what’s good for them. CIA HUMINT will be crippled for years, and it has sucked anyway since CIA stuffed the place with military knuckle-draggers. That’s why NSA has been eating their lunch. The effect of this new breach is equivalent to a highly-placed mole, a senile Hanssen, if you will.

          Why did Amiri return? Clearly because CIA screwed up and failed to safeguard his loved ones, who were vulnerable as hostages (you don’t want them calling your defector up screaming in limbic agony every night.)

          So credit where credit is due. Reanimated zombie corpse Hillary Clinton did us all a favor. Now it will be harder for CIA to commit serious crimes of concern to the international community.

          r August 9, 2016 7:11 AM

          @Fun with emails,

          Just when I thought I had you figured out, that’s okay though: I am learning the sound of your voice.

          JG4 August 9, 2016 7:47 AM

          from the usual compendium

          comment from NC

          IMHO although this is meant to be a warning, I see this as having a different effect. Face recognition technology is nowhere near as accurate as this article suggests. But reports like this prime potential jurors to regard it as gospel, which is how DNA testing has also mistakenly come to be viewed. And this article is also throwing people off the track that you can defeat face recognition tech through makeup.

          ianf August 9, 2016 8:54 AM

          @ rrrrrrrrr,

          Where is Fräulein Macbeth to issue a verdict on the Indignation‍ : ‍Reflection ratio?

          ianf August 9, 2016 11:08 AM


            High on [w]heels of that stupid “BBC Detection Vansnon-story comes this BBC rebuttal of “the Telegraph’s article (without naming it), over “considerable inaccurate reporting about how TV Licensing will detect people breaking the law by watching BBC iPlayer without a licence”.” Find out how it probably will be done @

          So What Else Is New Dept.

            QuadRooter Android bug (inside Qualcomm chips) could affect almost 1bn phones, researchers claim

          Pay ATTN While You Still Can Dept.
          ​The mysterious eye condition of ‘visual snow’​

            It can cause television-like static or trails of light in the vision, but the disorder baffles the experts – so much so that a handful of doctors and patients are fighting to prove it really exists.

          80-year old Woody Allen tries to look like James Dean in a trailer/ preview for a 6-part TV series.

          Clive Robinson August 9, 2016 11:40 AM

          @ r,

          I could’ve picked up a good CRT the other day but I told them to keep it.

          Well think about those cold winters nights… you could have used it as a heater 😉

          CRTs are old low res tech that is inefficient, flat panel technology would be more efficient. Or atleast it would be if they did not shove a load of crap in their which you mostly have no use for, but potential has a nice large totaly unprotected attack surface…

          There are even flat panal displays with WiFi in them that are now being used in places where they don’t want to or can not run network or other cables. Originaly designed for the advertising or announciator markets, the cost differential on running seperate manufacturing lines or putting WiFi in all the flat panels of that size favours everyone getting WiFi regardless of if they know it or not…

          r August 9, 2016 11:51 AM

          @Clive Robinson,

          The whole “cost differential on running seperate manufacturing lines” is what concerns me about the stance Scott is taking, only time will tell where these LCD/LED OCD injection hacks go.

          The best thing about it is in the slides, these guys might just be knicking the heels on a 2008 development from So the whole “doesn’t work on my monitor” thing and “python as86 etc” as dependancies is moot in the long run and the short term considering the windows available.

          What made me curious, is their “funtenna” comment. I have alot of digging to do.


          Did you clone joeyh yet? 1GB of personal backups, where is the CODE?

          Needs a clean branch, he’s not on github is he?

          Wael August 9, 2016 12:33 PM


          /James B. Comic

          A bit ambiguous, although I can “guess” you meant IC is a comedy show staring a certain TLA’s director, played in an unternational Security Theater.

          Clive Robinson August 9, 2016 2:51 PM

          @ r,

          What made me curious, is their “funtenna” comment. I have alot of digging to do.

          From the little of what has been said I’m guessing it’s actually a technique that has it’s roots back in the 1950’s

          If you generate a signal around 1 MHz and send it down a loop of unscreened cable it will radiate both an E and H wave of the two the H wave is more likely to get out of a box in a short (magnetic) loop.

          The other thing is as part of generating the signal, you will change the load on the PSU as the current goes up and down, this will cause certain components to vibrate in sympathy which will produce conducted mechanical vibration that will get to the casing and radiate outwards from there.

          Back in the 1950’s the clock speed of computers was at the bottom or below the MW band (.5-1.5MHz) thus it was the harmonics (not sub harmonics) that could be picked up an an AM radio. The use of the radio kind of took over from the speaker and hookup wire that had previously been used for diagnostic work. It was not long before programers used timing loops to generate tones and thus melodies. This was still in use in the early Home Computers and PCs.

          You might also want to look up “Soft Fonts” from the UK’s Cambridge labs, whilst these are designed to reduce information leakage by reducing harmonic content of the display signal, the papers descriptions will help you get your head around things, as will some of the papers recently published by an Israeli University partly sponsored by the German Telecoms company.

          The name Funtenna is a bit akward in that AMSAT designed the “FunCube” SDR system and Funtenna had been suggested as a name for a hand held wideband antenna for portable use to go with the FunCube receiver.

          Nick P August 9, 2016 3:58 PM

          @ Figureitout

          “Nick P and I have different interpretations of “constrained devices”, that’s all.”

          Yeah, I posted links to 1-bit and 4-bit MCU’s encouraging the demoscene to get on that shit. I want to see SymbOS effort at 4-bit with maybe RTEMS at 1-bit. I’d be there with them with high-level or synthesis angle. Instead, everyone is working with 8-bitters powerful enough for Ocaml interpreters talking about how “constrained” they are. Yeah sure. (villainous laughter)

          @ Thoth

          I like fucking with the UNIX/C fanboys on HN missing key parts of history. Was doing again when topic of build systems came up with declarative (Nix-style) vs imperative/arbitrary (make & rest). I’m pushing declarative when I ran into this objection:

          “That wasn’t what the original post by ashitlerferad was calling for. I have not problem with generic declararive-model build systems that can be used for anything. However, the original call was for build systems which don’t require arbitrary code execution. A generic build system must deal with many different tools and compilers, and thus REQUIRES arbitrary code execution: Somewhere, there’s got to be a piece of code telling the system how to build each file. And if you don’t build that into the build system proper, you wind up either integrating everything into core, or adding an unweildly plugin architecture and winding up like grunt/gulp and all the other node build systems. Or you could just allow for arbitrary code execution, and dodge the problem all together. This is possible in a declaritive system, but it’s a lot harder to do, and means at least part of your system must not be declarative.”

          I agreed it was reasonable in my first reply. Then, I saw “a lot harder” then decided to see what I could do cheat impossible requirements. Here’s what I brainstormed:

          “It seems some kind of arbitrary execution is necessary. I decided to come back to the problem out of curiosity to see if I could push that toward declarative or logic to gain its benefits. This isn’t another argument so to speak so much as a brainstorm pushing envelope here. Could speculate all day but came up with a cheat: it would be true if anyone had replaced make or other imperative/arbitrary pieces with Prolog/HOL equivalents. Vast majority of effort outside I/O calls & runtime itself would be declarative. Found these:

          Add to that Myreen et al’s work extracting provers, machine code and hardware from HOL specs + FLINT team doing formal verification of OS-stuff (incl interrupts & I/O) + seL4/Verisoft doing kernels/OS’s to find declarative, logic part could go from Nix-style tool down to logic-style make down to reactive kernel, drivers, machine code, and CPU itself. Only thing doing arbitrary execution, as opposed to arbitrary specs/logic, in such a model is what runs first tool extracting the CPU handed off to fab (ignoring non-digital components or PCB). Everything else done in logic with checks done automatically, configs/actions/code generated deterministically from declarative input, and final values extracted to checked data/code/transistors.

          Hows that? Am I getting closer to replacing arbitrary make’s? ;)”

          (more villainous laughter)

          tyr August 9, 2016 4:09 PM


          The timing loops for music reminds me of the
          days of disc drive racing.

          I was wondering today if the armaments industries
          pushing conflicts is going to turn out to be a
          tulip frenzy style fad that will suddenly fade
          away on us. Stranger things have happened in
          human history.

          @Nick P,

          I was thinking of the BSOD instances caused by
          apps stepping on each other that have plagued
          M$ products ever since they stole CP/M and
          tried to rip out its multitasker hooks.

          Nick P August 9, 2016 4:23 PM

          @ tyr

          “I was thinking of the BSOD instances caused by
          apps stepping on each other that have plagued
          M$ products ever since they stole CP/M and
          tried to rip out its multitasker hooks.”

          Haha. They’ve made plenty of progress. The majority were drivers, which they solved with formal verification with Driver Verifier. They switched to pushing managed code to try to get 3rd party apps and their own under control. They have the best OS in formal methods scene if considering pervasiveness vs safety vs effort required. They have Spec# and Dafny for Design-by-Contract + algorithm verification for lightweight stuff. TLA+ leads in distributed verification with main authority, Lamport, being at Microsoft. The Hyper-V hypervisor is getting Design-by-Contract checked down to C and ASM via VCC. Their 0-days are lower than most things despite ridiculous amount of new and modified code in Windows.

          So, they certainly were the laughing stock of software quality. Were. Now, they’re just the laughing stock of software marketing. Especially inability to respond to user demand so simple as “give us back the start button, damnit!” 😉

          Note: We’re going to leave Clippy out of this discussion except to say it might come back via IBM Watson or Google DeepMind.

          Grauhut August 9, 2016 5:51 PM

          New APT toolkid in town: ProjectSauron

          “The actor behind ProjectSauron is very advanced, comparable only to the top-of-the-top in terms of sophistication: alongside Duqu, Flame, Equation, and Regin. Whether related or unrelated to these advanced actors, the ProjectSauron attackers have definitely learned from them.

          As a reminder, here are some features of other APT attackers which we discovered that the ProjectSauron attackers had carefully learned from or emulated:


          Use of intranet C&Cs (where compromised target servers may act as independent C&Cs)
          Running only in memory (persistence on a few gateway hosts only)
          Use of different encryption methods per victim
          Use of named pipes for LAN communication
          Malware distribution through legitimate software deployment channels


          Lua-embedded code
          Secure file deletion (through data wiping)
          Attacking air-gapped systems via removable devices

          Equation and Regin: …”

          Sancho_P August 9, 2016 6:02 PM


          Single typos are innocent, double typos may be info (cough, probably).
          Good guess anyway.
          I intended to hint that from now on I won’t try to interpret strange postings as they could make any sense, as Mr. Comey likely would (“terrorist’s encryption might be everywhere, let’s ban it”).

          r August 9, 2016 6:28 PM


          All typos are information, single mispellings may be freudian slips illuminating something in the background (OCD v OSD). Somebody could be communicating through pre-shared checksummed names with single-bit slippage.

          Careful about chasing windmills bud, it will drive you insane. But, you might be a woodburner – and they might be a threat to your coal burning friends.


          It’s not the first episode in refactorization, let’s call it reformulater v3.

          Also, as stated in my previous statement – what’s old is new and what’s new is old.

          checksum checksum checksum
          whitelist/signature (if possible considering…)

          GOOD LUCK.

          r August 9, 2016 6:36 PM


          Also, and believe me I’m on your fence about this sort of stuff.

          The links that are being shared here are more sources of potential blits (blips). The blots you seek are readily available in most every media article I read, blogs included. Can you factor everything presented on even this single source of transient banter?

          I think about stuff like this constantly, had I not heard about eschelon in ’99 I probably would’ve made it much further in life. The rumors of DPI creep were chilling forecasts of the near future.

          r August 9, 2016 6:40 PM


          If you want to defeat miscreant verbiage you need to insert mispellings randomly. I’m sure it can be defeated but let’s not forget the watermarking attack on researchers that krebs illustrated last year. You have to think far ahead, and remain open minded.

          Thoth August 9, 2016 7:01 PM

          @Nick P
          I am guessing that it is more of people too used to seeing the insecure stuff from their day to day programming with insecure tools and secure verifiable models and tools are still not commonly seen and mostly either for academics and research and probably Governments like NSA’s IAD might simply hire those niche security market leaders like Galois to do the high assurance codes for them while they dish out specifications and test cases.

          Thing is such verifiable models and systems need to get out of the “academic” state to a production mode.

          Some products as you have pointed have those high assurance verifiable models which is good to know but what is needed is industry effort to drive out the old shadows of insecure models which the industry have been unwilling as no one wants to be held accountable for poor codes they wrote. Most of them just want to code and forget.

          Thoth August 9, 2016 7:09 PM

          I saw that coming 🙂 . Have fun with that huge repo.

          I avoided download because the repos did not have a specific section for keysafe and I decide to read his webpage more closely and saw that it was just concepts.

          Figureitout August 9, 2016 8:47 PM

          –You generally have more peripherals than you can really use.

          Clive Robinson
          –I’ll take you one further and say it was an outright scam. Putting them in a dungeon seems a bit much but maybe a nice punch in the gut would do. :p

          And the Asus plugs suck so I’d never use on a bed connected (too many times hitting cords).

          Oh found a potential backdoor in an RF chip today (mildly proud of myself for once, now need to eliminate the bug) that may make you smile, nasty one that (perhaps you wrote the f*cker?:). A transmitter gets a hidden ack (ie: when not “paired”) so it won’t retransmit if there’s dropped packets.

          Nick P
          –Yeah you go from an M4 to 1-bit MCU’s…there’s an area in-between where an individual can be most effective. Don’t need an OS all the time either. Have you tried the OCaPIC? Still waiting to see your github too.

          Thoth August 9, 2016 9:02 PM


          Samsung Pay’s MST found to be insecure. In fact, it’s not just Samsung Pay. I theorize in the past that Host-Card Emulation technology strongly pushed by huge security companies like Gemalto and Thales, standardized by EMV for EMV-based HCE payments and consumed by huge Financial Institutions globally that uses mobile payment are insecure as One-Time Tokens are used to represent transactions and can be captured and abused.

          1.) One Time Transaction codes should have a much shorter alive period instead of 1 day alive period which is too long.

          2.) Provisioning of a monthly 128-bit or 256-bit HMAC key that permutates the transaction every X amount of time (just like TOTP) and the HMAC key would be refreshed by connecting over the air over a secure uplink to re-key the HMAC transaction authentication key would be much more preferable.

          3.) The best is real-time verification and approval of transactions via a secure token (smart card with built-in screen and input keyboard) instead of tokenization technology for payment as these tokens can be copied and spoofed upon capture. It is much more preferable to securely authenticate a real time transaction to proof ownership of the account and person in real time.


          Tim Wilmont August 9, 2016 9:27 PM

          Australian Bureau of Statistics shutdown census collection yesterday while publicly they were announcing all was well it was fine to submit their private information. They brought in Australian Signals Directorate to investigate after their Geo-blocking system, Performance Analysis and a router went down after repeated DDoS which started at around 10am while repeating all day everything was fine.

          Although still investigating, they are repeatedly claiming it’s not an “Attack” or “Hack” and data submitted is fine. After trumpeting their systems were ready for any attack for weeks, and that they had been planning the Census for 5 years, perhaps their P.R. and terminology could be a little better.

          Anyone working in security will know DDoS is used to tie up resources while targeting systems considered not high priority and possible other weaknesses that may have been overlooked, and anyone working in Australian Information security would know it’s generally a frustrating and very under resourced area to say the least. For starters password security is piss-poor at the very least. Passwords often require much less than 10 guesses at words in the related industry (when no one bothers to supply it to you when asking to remove infections/recover data), password will be used for 10 years, admin password is given to nearly every employee by manager (despite protests of admin) so employees can bypass firewall to download crap riddled with viri/worms/Trojans/keyloggers/malware. Data breaches are majorly under reported on systems that contain personal information including Credit Card details (and the passwords on many of these systems are horrible is to say the least).

          I don’t know when information security will be taken seriously in Australia but I doubt it will be soon by most people, except for the poor bastards still trying to admin systems managed by incompetent fools who don’t understand what an “admin” is or a “server” (“so is the box the hard drive?”).

          Thoth August 9, 2016 11:12 PM

          @Tim Wilmont

          They fact they have to bring their system down is they aren’t fine at all. In fact they are silently worried and bringing in the big guns (Australian Signals Directorate) is surmounting to bringing in the NSA when nasty crap happens.

          “I don’t know when information security will be taken seriously in Australia but I doubt it will be soon by most people, except for the poor bastards still trying to admin systems managed by incompetent fools who don’t understand what an “admin” is or a “server” (“so is the box the hard drive?”).”

          I would refine your statement to when InfoSec/DataSec would be taken seriously on a Global scale. If the global industries were serious, we won’t be having all these problems now.

          From the Financial to Payment industry to Governments, Defense, Health … whichever sector you name it, whichever sector is simply just insecure.

          Tim Wilmont August 10, 2016 12:18 AM

          @Troth Yeah it’s pretty bad.

          Here’s a case in point of the general attitude shown by people in charge, this time from Australian Bureau of Statistic’s “security expert” Kalisch.

          Kalisch told the ABC “there was one breach that did actually get through via a third party” but insisted “[we] believe that we’ve plugged that gap”.

          “The more we talk about it, the more people decide to see if they are better than we are,” he observed.

          “In this case I’d say it ended up a draw”.

          I won’t point out the gap[s] in their security, but they’ve got more than one at least and I will be interested to see how many of them they’ve “plugged” when they put it back up for another attempt at “a draw”.

          Thoth August 10, 2016 3:00 AM

          @all, Nick P, Figureitout

          How to use OpenPGP card applet on Windows

          No hate spamming on Windows for this documentation.

          This is only for documentation purposes as I am experimenting around just in case we have readers here who find Linux not suitable and wants to use Windows with an OpenPGP smart card.

          – Latest build of GPG4WIN
          – A Yubikey secure hardware dongle containing PGP capability
          – If you do not have a Yubikey or want to use a traditional smart card … you have to meet the below smart card hardware specs
          – A smart card supporting JavaCard 2.2.2 and above with RSA-2048-PKCS-1.5 signing and encryption algorithm. Smart card with at least 20 KB of EEPROM or Flash memory and at least 2KB of RAM memory on the safer side.
          – You need to know how to find out card reader name via OpenSC (another software) and also know how to use GPShell or GPPro to load your own smart card with the smart card applet downloaded from Yubikey’s repository and the card must be an Open Card (a.k.a OP_READY mode) with the default GP keys 0x40,41,42 … 4E,4F (found in GP manual).
          – Windows 7 and above (any desktop or server variant)
          – Smart card reader supporting ISO-7816 at the very minimum
          – Default card user PIN is 123456 and default card Admin PIN is 12345678 (hard coded defaults needing to be changed upon receiving new card)
          – Downloaded smart card applet from Yubikey website (

          1.) Go to %APPDATA%/gnupg
          2.) Create scdaemon.conf file
          3.) Add lines in the scdaemon.conf file

          card-timeout 5

          4.) Go to Task Manager and stop all gpg… exe processes and scdaemon.exe process.
          5.) Open command line and enter “gpg –card-edit” to enter into GPG’s Smart Card Shell
          6.) Setup your PIN, Admin PIN and Reset Code
          7.) Type “admin” to enter to card admin mode and give them the default admin PIN. It should reply that admin commands are allowed.
          8.) Type “passwd” to enter PIN changing mode and select “1” to change normal user PIN.
          9.) A popup would ask you for PIN which you type the old default user PIN (above) and then type in your new user PIN twice. It should say PIN changed. Be very careful when entering PIN codes as you have only 3 tries for all the PINs and must destroy the applet or even the physical chip card if the Admin PIN and Reset Code PIN runs to 0.
          10.) You should be brought back to the PIN change option selection menu where now you select “3” to change the old default admin PIN (above) to new admin PIN. Use the 8 digit old admin PIN (above) when asked to supply via a popup and then key in a new admin PIN twice.
          11.) You are now left with specifying Reset Code which is a code able to reset a blocked user PIN but is not as powerful as the Admin PIN. A scenario is an organisation issuance of smart cards where the Admin PIN is held by the employer and you are issued with a Reset Code in case you block your user PIN out with too many wrong tries.
          12.) Select “4” for reset code and use the new Admin PIN to authenticate and then set the Reset Code. If there are simply too many PINs to remember, skip the Reset Code out.
          13.) Quit the PIN changing menu by pressing Q.
          14.) You may freely explore the card and setup additional card information like the “name” (your name), “login” (login card screen name), “lang” preferred language, “sex” (gender).
          15.) To generate your PGP keypair, type “generate” in the main menu.
          16.) You will be asked if you want to have off-card backup of encryption key (PGP key) which you select “Y” (Yes) in case you botched it up. You will need to authenticate with your user PIN (a popup) and you will be asked to select validity period of key. Select 0 or simply press the Enter key for infinite validity key period. Confirm infinite validity period for PGP key and you will be asked some information (name, email …) to be stored with the key including comment on the key’s usage. Acknowledge the information.
          17.) You will be asked for a password to protect the backup copy of your PGP key on your computer.
          18.) You should see something like that after you generated your smart card protected PGP key.
          19.) You may use the “verify” command to verify your user PIN from time to time.

          gpg: NOTE: backup of card key saved to `C:/Users/Thotheolh/AppData/Roaming/gnupg
          gpg: key FDF2BE7E marked as ultimately trusted
          public and secret key created and signed.

          gpg: checking the trustdb
          gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
          gpg: depth: 0 valid: 7 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 7u
          gpg: next trustdb check due at 2016-12-31
          pub 2048R/FDF2BE7E 2016-08-10
          Key fingerprint = D581 6857 8CBA 5E40 F681 B363 2D83 B277 FDF2 BE7E
          uid [ultimate] Thotheolh (PGP SC Code Signing Key)
          sub 2048R/BCCA4F9D 2016-08-10
          sub 2048R/452E3DE5 2016-08-10

          20.) You now own a smart card containing a PGP keyset for signing your PGP protected data. Type “list” into the main menu (with your card still connected) to view your card details:

          Application ID …: D2760001240102000000000000010000
          Version ……….: 2.0
          Manufacturer …..: test card
          Serial number ….: 00000001
          Name of cardholder: Thotheolh
          Language prefs …: [not set]
          Sex …………..: unspecified
          URL of public key : [not set]
          Login data …….: Thotheolh SC PGP Code Sign
          Signature PIN ….: forced
          Key attributes …: 2048R 2048R 2048R
          Max. PIN lengths .: 127 127 127
          PIN retry counter : 3 3 3
          Signature counter : 5
          Signature key ….: D581 6857 8CBA 5E40 F681 B363 2D83 B277 FDF2 BE7E
          created ….: 2016-08-10 07:43:37
          Encryption key….: 2D9D 4A3D EA85 4D1D 09C2 7A12 5C65 F6B0 452E 3DE5
          created ….: 2016-08-10 07:43:37
          Authentication key: 0C2B 2740 7F31 CECF D075 1326 B6F2 3861 BCCA 4F9D
          created ….: 2016-08-10 07:43:37
          General key info..:
          pub 2048R/FDF2BE7E 2016-08-10 Thotheolh (PGP SC Code Signing Key) twzgerald@gm

          sec> 2048R/FDF2BE7E created: 2016-08-10 expires: never
          card-no: 0000 00000001
          ssb> 2048R/BCCA4F9D created: 2016-08-10 expires: never
          card-no: 0000 00000001
          ssb> 2048R/452E3DE5 created: 2016-08-10 expires: never
          card-no: 0000 00000001

          21.) You will see the PIN retry counter as 3 3 3 with the first number representing the PIN tries for user, the second for keeping the first PIN try counter in sync and the 3rd PIN try counter is for Admin PIN tries.
          22.) Carry the smart card with you whenever possible as it contains your PGP key and do not disclose any PIN information in any way.
          23.) To physically destroy a smart card (single chip type) take a scissors and cut across the metal plate contacts in an asterisk shape with all cuts meeting at the center of the metal plate of the smart card as the IC chip is encased directly in the center underneath the metal plate. More careful cutting (as long as the cuts all meet in the center of the metal plate) is most advisable.

          Thoth August 10, 2016 3:02 AM


          My new smart card protected code signing PGP key (only for signing software codes and not for emails).

          Version: GnuPG v2


          vas pup August 10, 2016 8:34 AM

          Bruce and @all:
          Interesting article related to psychology of security as well:

          In some situations, happiness carries far more serious risks. It’s associated with the cuddle hormone, oxytocin, which a handful of studies have shown reduces our ability to identify threats. In prehistoric times, happiness would have left our ancestors vulnerable to predators. In modern life, it prevents us paying due attention to dangers such as binge drinking, overeating and unsafe sex.

          Happiness functions like a shorthand signal that we’re safe and it’s not necessary to pay too much attention to the environment,” he says. Those in a continuous happy haze may miss important cues. Instead, they may be over-reliant on existing knowledge – leaving them prone to serious errors of judgement.

          Like happiness, positive fantasies about the future can be profoundly de-motivating. “People feel accomplished, they relax, and they do not invest the necessary effort to actually realise these positive fantasies and daydreams,” says Gabriele Oettingen from New York University.

          Next she looked at presidential inaugural addresses – and found that more positive speeches predicted a lower employment rate and GDP in during their time in office.

          “Defensive pessimism” involves employing Murphy’s Law, the cosmic inevitability that whatever can go wrong, will go wrong. By anticipating the worst, you can be prepared when it actually happens.

          Dirk Praet August 10, 2016 9:04 AM

          @ Thoth

          This is only for documentation purposes as I am experimenting around just in case we have readers here who find Linux not suitable and wants to use Windows with an OpenPGP smart card.

          Thanks for that, mate. I needed to get me a Yubikey for some other experiments on PC-BSD anyway, and this is a neat additional incentive.

          Thoth August 10, 2016 9:31 AM

          @Dirk Praet
          If you want the Yubikey wih PGP, you need to purchase from them Yubikey 4, 4 Nano and Neo. A note is the Yibikey 4 and 4 Nano are currently under-going FIPS 140-2 CMVP validation program for it’s cryptographic secure hardware certification. They have not yet been certified.

          Curious August 10, 2016 10:06 AM

          “AT&T Transparency report”

          Me being me, I see attempts at ironic distancing all over the place.

          “frequently requested”
          What about the non frequently requests?

          “We take our responsibility to protect your information and privacy very seriously.”
          How about instead: We take the responsibility to protect.. to provide some substance to this statement.

          “We continue our pledge to protect your privacy to the fullest extent possible and in compliance with applicable law.”
          Performative statement, rings hollow in my ears so to speak.

          “This report provides specific information regarding the number and types of demands to which we responded for the first half of 2016 (…).
          Performative statement sort of. “Our report” would make it substantial” “This report” does not.

          “For comparison purposes, we included data from our prior report.”
          One or more purposes? Vague and nonsensical language.

          “We remain committed to the privacy of AT&T’s customers around the world.”
          Performative statement. Also vague: “to the privacy”, almost as if their idea of ‘privacy’ has no substance.

          “As such, we have been engaged in a number of initiatives during this reporting period.”
          Might as well mean nothing, if also being a performative statement.

          “AT&T continues to join with other technology companies and public interest groups to advocate for limits on the government’s ability to obtain customer communications stored abroad.”
          Performative statement again. The lack of a comma after “interest groups” makes it even more fitting.

          “AT&T believes that law enforcement should respect the laws of other countries and work through established treaties.”
          Vague language, with an emphasis on “law enforcement”, no reference at all to national security issues, with a deemphasis of sorts on the “should” part of the first part of the sentence, making the “work though” part unintelligible.

          “Our country’s respect for international data protection standards will help ensure that the privacy interests of Americans are also respected by other countries.”
          But what does it mean, or how would it even work? Seems to me to be wishful thinking, and a also delusional because of the insistence pointed out in that sentence (the ensure part). What are “privacy interests”. Is that one thing, or, many things?

          “We support the simplification, clarification, and unification of the legal standards in the Electronic Communications Privacy Act, while preserving the tools necessary for government agencies to enforce the laws, respond to emergencies, and protect the public.”
          A white lie? As if really alluding to the importance of the latter, but without highlighting it. What sense does it make to fist say that you support something, and then add the clause “while preserving”?

          Dirk Praet August 10, 2016 12:21 PM

          @ Curious

          Re. AT&T Transparency report

          An AT&T report on transparency and privacy sounds about as daft to me as an Abu Bakr Al-Baghdadi speech on peaceful coexistence with non-Muslims. I don’t know why they even bother.

          vas pup August 10, 2016 12:32 PM

          @Curious • August 10, 2016 10:06 AM
          In old Soviet Union it was a joke/dialogue between citizen and government: C:Do I have a right? Gov: Yes, you do. C: Can I? Gov: You cannot. That is about law tricks utilized by At&T here in particular providing ambivalent statements. The best classification for such content you referred to is BS. I’ll suggest you read article by Harry Frankfurt (Princeton University)’On B… Sh…’. BS is generating not only by politicians, but by law departments of big corporations/banks as well.
          See any privacy policy statement as example.

          Yoshii August 10, 2016 2:34 PM

          War, Peace, Truth and The Media (video talk)
          “OPUS” audio is about 30 MB from YouTube if you use
          “YouTube Video And Audio Downloader”

          Scroll to the 8 minute timeline to begin.
          This speaker seems educated and sincere.
          The contents of the talk are somewhat surprising, yet believable.

          As usual, tons of respectably good IMPORTANT information here:

          Useful for people who care about MUTUALLY ASSURED SURVIVAL.

          Curious August 10, 2016 2:48 PM

          “Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea”

          Not sure what this is about, but it sounds bad.

          According to The Register:
          “Microsoft leaked the golden keys that unlock Windows-powered tablets, phones and other devices sealed by Secure Boot – and is now scrambling to undo the blunder.”

          “These skeleton keys can be used to install non-Redmond operating systems on locked-down computers. In other words, on devices that do not allow you to disable Secure Boot even if you have administrator rights – such as ARM-based Windows RT tablets – it is now possible to sidestep this block and run, say, GNU/Linux or Android.”

          “Before we delve further, it is important to understand that up until now we’ve been talking about keys metaphorically: at the heart of this matter are what’s called Secure Boot policies.”

          “If you provision this magic policy, that is, if you install it into your firmware, the Windows boot manager will not verify that it is booting an official Microsoft-signed operating system.”

          r August 10, 2016 3:57 PM


          It means that all MS and the “consortium” (UEFI) did was consort about moving the goal post. (UEFI is dead! long live UEFI.) It means that not only did they only make it harder for you and me to install to the deep end and see what they were doing, they made it far easier to hide themselves (and brothers) in the deepend and see what everyone else was doing at the same time.

          By stating that they’re scrambling (easter?? eggs?) to undo the (this?) blunder(blender?), I’m sure they mean to do the very same thing that was done with the usb exploit stuxnet employed. Do you know what that was?

          The Five Eyes have a show for us to watch, drum roll please…

          Let’s go Voltron Force.

          You guys haven’t covered (up) this yet either:

          Who? August 10, 2016 4:06 PM

          I see @Curious was faster than me!

          Certainly we need a serious analysis of the consequences of this backdoor keys leak and how avoiding it being exploited in the wild for those manufacturers not fixing their firmware.

          Curious August 10, 2016 4:58 PM

          “Flip Feng Shui: Hammering a Needle in the Software Stack” (Rowhammer/bitflipping related)

          “We show FFS is extremely powerful: a malicious VM in a practical cloud setting can gain unauthorized access to a co-hosted victim VM running OpenSSH. Using FFS, we exemplify end-to-end attacks breaking OpenSSH public-key authentication, and forging GPG signatures from trusted keys, thereby compromising the Ubuntu/Debian update mechanism. We conclude by discussing mitigations and future directions for FFS attacks.”

          Curious August 10, 2016 5:02 PM

          Complementary article to my last post:
          “Linux bug leaves USA Today, other top sites vulnerable to serious hijacking attacks”

          “Computer scientists have discovered a serious Internet vulnerability that allows attackers to terminate connections between virtually any two parties and, if the connections aren’t encrypted, inject malicious code or content into the parties’ communications.”

          Clive Robinson August 10, 2016 5:32 PM

          @ Curious,

          “Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea”

          Things might not be as at first they appear…

          If you look at the article you see the nubin of the problem, which is such a standard way to do things few would question it,

            For internal debugging purposes, Microsoft created and signed a special Secure Boot policy that disables the operating system signature checks, presumably to allow programmers to boot and test fresh OS builds without having to sign each one.

          If you think about it from a standard engineering process it’s a more efficient way to do it.

          Also if you look at it another way it very much reduces the amount of access required to the “golden key”, thus on the face of it, it’s a lower risk way to procead, thus on the face of it “more secure” as many would think of it.

          But for years now I’ve raised a read flag about “code signing” in that it says nothing about the code that has been signed. Which means the process is open to “insider attacks” be they by accident, oversight or intent.

          And it’s this “insider” aspect where it has actually gone wrong, because,

            These policies must also be signed by Microsoft to be accepted, and are installed on devices and machines using a Microsoft-signed tool.

          And thus one way or another an insider attack has happened.

          That said you have to ask “Was it by accident, oversight or design?”

          The answer to this question could actually be “by design” to see why you have to think of the “political” asspect. Not so long ago Apple got embroiled with the less desirable aspects of US DoJ policy. Many people believed that the reality was that Apple was colaborating with the DoJ provided they kept it from public view. But unlike the IC agencies the FBI’s attitude to “Sources and Methods” was not conducive to keeping it out of the public view (think about StingRay behaviour and how it came to be known). Thus when Apple started ratcheting up security the FBI and the DoJ saw an opportunity to “collect a high profile scalp” and went for it like a rabid dog.

          It’s fairly well known that Microsoft employ legal advisors with similar boundry pushing mentality as the DoJ and marketing people that likewise go to great lengths to keep the Microsoft name shiney in the corporate and public view. Thus there will be seniors in Microsoft who can see that there is a good chance that they are heading for the same sort of brusing Apple went through, and would want to head it off before it happens.

          Even if not deliberate it would appear that the likes of the FBI now have no excuse to try to compel Microsoft on these products as there is now a backdoor they can use, and the majority of the effected products have been “end of lifed” already, so the real loss is actually quite small.

          Dirk Praet August 10, 2016 5:34 PM

          @ Curious, @ Who?, @ r

          “Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea”

          Jules in “Cyber Fiction”: [points gun directly in Brett’s face] Say “NOBUS” again! Say “NOBUS” again! I dare you! I double-dare you, mtherfcker! Say “NOBUS” one more g*ddamn time!

          r August 10, 2016 5:59 PM

          @Wael, Dirk Praet, Curious, All

          Resevoir Dogs is good too.

          I was writting up a simplification for the new blind-injection attack affecting linux 3.6+, but I think I should just direct you guys to section 4+.

          It’s horribly noisy, good thing hardly anyone watches their end points.

          It requires MUCH GUESSING and estimation.

          Nick P August 10, 2016 6:47 PM

          @ Thoth, verification fans

          I kind of jumped the gun on that paper that verified theorem provers in theorem provers. I went by the description where they seemed to go from pencil & paper prover to more complicated then so on. Actually, they do it through the LISP-to-x86 runtime/translator verified in HOL. So, the implementation of the lowest level is still done in HOL, not incremental. Then, they go from simplest operations to propositional logic to… to last one. Works like a JIT compiler that inputs logical specs for more complex prover into verified, lower layer to output new prover. If underlying LISP is correct, then the method is sound & still awesome result. HOL work usually finds problems in the work, not HOL. So, high confidence of correctness but still be nicer to have ground up. This is all assuming I understood what I read this time haha.

          So, my research to back them up wasn’t necessarily redundant like I thought. I mainly looked at spec, verification, and compilers for both set theory and first-order logic. Found some interesting things. For one, someone did a proof-producing translator from HOL to set theory (Isabelle/ZF), which is tied to first-order logic. So, you can check HOL proofs with a half-dozen, simplified provers plus Prolog implementations. Depending on complexity. Looking to implement set specs directly, I found a language for programming directly in set theory albeit not verified or anything. Best find, though, was DeCCo from company that proved Mondex purse at E6 (EAL7-equivalent). DeCCo used Z, set theory, to do a certified compiler from a Pascal subset suitable for high-integrity apps to an assembly language for safety-critical MCU. The compiler only had one, minor flaw in rigorous testing by group that regularly smashed Ada compilers to bits back then. So, quite impressive & could possibly be used for (at the least) re-verification of bottom layers of the HOL-verified stack or start right at set-theory layers. Alternatively, for an interpreter or maybe compiler for one of simple languages used in verification tools.

          Note: I also found a version of make and a compiler for Hansen’s Edison language both done in Prolog. Was looking at them for tangent discussion but fact that we have verified provers and logic implementations make them more interesting. If you can specificy problem in FOL, your answer or result will probably be true. Unlike HOL, about anyone can learn basic Prolog.

          Another find was the background of guy behind verified provers, Jared Davis. I recently posted a paper on Centaur’s inexpensive, formal verification of fully-custom processors used in VIA x86 systems. I didn’t realize same guy was in both projects. Actually, the man’s background is a who’s who of ass kicking in hardware verification space. He open-sourced his Verilog tool and lots of ACL2 libraries, too. We need more like him in the field on these other problems.

          r August 10, 2016 7:26 PM

          @Nick P,

          Are you trying a multi-layered/many-eyes approach to proovers or something as a land-grab at a (not-so) fully-proofed system?

          Cyrix was a super 486, not sure about the Centaur but that’s part of the reason they lost: no fpu really.

          Which brings me to what I was going to post


          That explains alot, I think it was you asking about stuff like that.

          On a general purpose cpu encoding is on an equal generic footing, people optimize for specific processors (which is why chacha is listed, bcrypt(hash algo) is another example but in the opposite direction).

          Processers in recent memory have all been purpose-optimized, atom’s for web pages and high end pentiums for games. So we have a diversification of compatible routines, ARM(4,5,6,7,8) getting some implementations, MIPS(1,2) and SPARC getting others, PPC, and Intel getting speedups (RSA opcodes are an example of a combinatorial work-around, they built a whole set of directly implemented RSA codes into the processor which is why they are faster than core2’s)

          Things like that, the ecosystem – is exactly why ‘universalality’ striving projects like OpenSSL are so horribly convoluted. And that’s not even touching on strings, endian.

          r August 10, 2016 7:32 PM


          In addition to thinks like a system’s API or ABI (The differences between various *NIX, Linux variants, Macintosh/OSX, Windows)

          The water’s get deep quick.

          ianf August 10, 2016 8:15 PM

          Wael: with the exception of a couple of scenes, the “Cyber Fiction” is a great movie. The milkshake part is one of my favorites.

          Oh, really? I learn something new about you every day (night). I took you to be more of Le French Quarterpounder l kind of guy, but now I see that I was mistaken. Which other signature movie tableaux did not meet your elevated sense of quality, but were supplanted by, I dunno… the famous one with Helga milking the Queen cow while thinking of Helmut? (also that formally a milk scene, and then some! Hankie-at-the-ready advised.)

          Thoth August 10, 2016 8:26 PM

          @Nick P

          “verified theorem provers in theorem provers”

          Chicken-and-egg problem. This opens a bigger surface area to attacks vs. hand checked and hand coded nano TCB.

          If underlying LISP is correct, then the method is sound & still awesome result.”

          That’s too much trust placed upon LISP’s correctness and also assuming the underlying codes that runs LISP is not subverted by some HSA or Nation State ICs (i.e. NSA, GCHQ, BND, FSB …etc…).

          Nick P August 10, 2016 8:39 PM

          @ r

          Most of the work in formal verification is about mathematically proving the correctness of something with regard to some properties, specs, whatever. How to do that can get pretty complicated. So, the common technique is to use high-level provers with many tactics to assist the human side. For the machine-checked proofs, they do provers in combo’s with a prover that might be complex + a simple checker (a few Kloc tops). The prover eventually generates a series of facts, conditions, whatever that are checked by the checker. If specs, checker, and logic itself are correct, then the proof is trustworthy. As in systems, the components needed to trust it are the Trusted Computing Base (TCB), which we want small and verified. Major tools also have extraction mechanism that pulls executables out of that for ML, Ocaml, or Haskell. Field is more complex but this is the gist of it.

          Most work has been about getting critical software verified. Kernels (seL4), compilers (CompCert), protocols (TLS), interpreters (VLISP), and so on. All these tools rely on checkers, underlying logic, sometimes extraction, and correct machine code. Myreen and Davis trying to hit those. Myreen et al made a machine code model for x86, a LISP-to-x86 implementation in it, a Standard ML-to-x86 implementation, extraction mechanism-to-x86, and with Davis a underlying-logic-to-prover-to-x86 implementation. Proved all except the last one using the HOL prover, relying on its logic. For the last, addressing critical step of verified logic & prover, they prototyped on top of the LISP-to-x86 runtime the simplest, possible logic or primitives in a way that anything expressed in it is automatically checked & turned into code through verified LISP. Then they layered another on it and another and another… incrementally increasing logical complexity… checking each through below layers… until they got a powerful prover. Amazing result but my problem is LISP-to-x86 is still HOL-checked. And wanting that verified is partly the reason for Milawa in the first place. So, not nice it’s at its foundation.

          So, seeing they already incrementally built provers, I was looking for all papers on converting higher-level ones to lower-level ones or directly implementing executables with lower-level ones. Idea being a project could do the proofs by hand with numerous people checking it up to a certain level. Then, the first part that’s automated could use that level with its proofs also checked by hand against what’s trusted. Probably pre-proven in a bunch of computers or untrusted provers to save us pencil time of course. 😉 Result would be something with truly minimal TCB that could bootstrap the rest. It might even be a LISP just like Myreen and Davis’ to reuse their work. Also, side benefit is that doing similar stuff in very different logics might catch problems they didn’t due to different perspectives or bugs.

          So, those are what I was thinking as I looked this stuff up. I was especially excited to find a Z-based method for a correct-by-construction compiler that proved out in industrial use in the 90’s. Tooling is better now across the board so same method would do even better with less work. Lots of old stuff vanishes into obscurity despite potentially lasting value. I dig into the depths of history to pull it back into the light. 🙂

          @ Thoth

          “Chicken-and-egg problem. This opens a bigger surface area to attacks vs. hand checked and hand coded nano TCB.”

          Yeah. It still has similar benefits given (a) checkers are really small/simple, (b) they get used by all kinds of people in many ways with results that imply they work, and (c) as typical with prover use it forced the them to clarify & rigorously implement the checker. It just still has that kernel of chicken-and-egg with an unknown amount of risk. So, what they’ve done is build provers on top of simpler, checked provers all way down to basic propositions on paper. Should work. Probably better than they think in the long run as I doubt they know about the stuff I found.

          “That’s too much trust placed upon LISP’s correctness and also assuming the underlying codes that runs LISP is not subverted by some HSA or Nation State ICs (i.e. NSA, GCHQ, BND, FSB …etc…).”

          No, no, no. It’s not like that. Myreen originally used MyCarthy’s LISP 1.5 to make it as simple as possible. They expanded it a bit for the prover project. The LISP specs, ISA specs, proof stuff, and prover are all open-source. LISP’s that simple are coded by undergrads in spare time all over the world. Straight-forward if unoptimized for… insert attribute of real-world systems. 😉 All they go for is direct, efficient translation to assembler within prover. Likewise, ISA and Isabelle/HOL are used and studied by people everywhere. It’s also a niche project with little attention. Odds of subversion are low here with odds of LISP correctness way up due to simplicity of the LISP & reliaility of Isabelle/HOL.

          The trust angle is already really good. Either the best ever for what we get for it or one of best ever. I just want the assurance level improved on prover side where we trust less and what we trust definitely has simple execution backing it up. Plus, once these things are done, I want them fully EAL7 where we don’t trust the formal methods: we have those, human review, static/dynamic analysis, specific tests, and fuzz tests on multiple runtimes. All of those at once in case something was wrong. Result can be used to verify about anything else. They making good progress, though, on the hardest stuff. So, I’m not bothering them for now until I see clear path to something better they do or hand off to new people.

          Thoth August 10, 2016 9:11 PM

          @Nick P

          “The LISP specs, ISA specs, proof stuff, and prover are all open-source.”

          Where do I get the Lisp program and the other stuff necessary ?

          “LISP’s that simple are coded by undergrads in spare time all over the world.”

          I thought Java, C#, C/C++, Ruby, Python, HTML/JS are the more common stuff people (and students) turn to these days ?

          r August 10, 2016 9:30 PM

          @Nick P,

          And then came the microcode updates, re-defining years of work.

          I hate having to scavenge out of suspicion, where’s the trust man?

          Wael August 10, 2016 9:37 PM


          I learn something new about you every day (night).

          Learning is a lifelong experience, Ma Man!

          r August 10, 2016 9:55 PM


          I’m sitting here reading the above mailing list about AES and ChaCha optimization schemes and realized there’s a bigger picture here.

          It claims it’s a 4kloc kernel VPN dependant on “noise” ?

          Add it to the international crypto list.

          Nick P August 10, 2016 9:57 PM

          @ r

          The instruction set generally works the way it works. Their projects usually go to ARM and PPC, too, though. I don’t think the last one does.

          @ Thoth

          They do it all in the prover that I’m aware. Their machine code framework autogenerates the machine code from the LISP specs. They skip traditional source and compilers altogether for a translation framework from specs to machine code. So, you’d have to pull it out of there unless they’ve already done it for you somewhere.

          “I thought Java, C#, C/C++, Ruby, Python, HTML/JS are the more common stuff people (and students) turn to these days ?”

          Scheme has been popular in CompSci courts in good universities for a long time. One of first things students do is implement their own Lisp interpreter for most basic stuff. It’s so simple. Complexities come with performance boosts, error handling/printing, OS integrations, stdlibs, and so on.

          r August 10, 2016 10:00 PM

          @Nick P, Thoth,

          “CompSci courts in good universities”

          And therein lies Clive and Wael’s(?) complaint.

          Both of those assertions are moving targets.

          Nick P August 10, 2016 10:22 PM

          @ r

          I meant classes. The students all get it. Plus, you can look at the output of decent compilers at various optimizations to see how primitives are implemented a la Hyde’s Write Great Code.

          r August 10, 2016 10:25 PM

          @Nick P,

          Didn’t know he wrote something other than AoA, huh maybe I’ll have to add that to my kindle.

          Thoth August 10, 2016 10:47 PM


          re: Wireguard

          Nice nifty tiny codebase for a VPN software. If it could do a P2P VPN supported by a DHT where all nodes are legitimate clients as well as servers, it would make deployment of VPN painless when the IP address expires and updates for nodes. Also, using a DHT while also deploying my DERIS initialization protocol (below), it makes session initialization rather deniable without metadata and headers to lean against. DERIS protocol is also suitable for broadcast and multicast as it was designed to make implementing @Clive Robinson’s broadcast to a more practical real world solution.

          The P2P user database would use common public DHT networks and one may use multiple public and private DHT networks so that scrutinizing a target would mean they have to put everyone using a DHT network as a target which makes it harder to pin point someone.

          If the VPN messages portion is header/metadata information protected it would be even better but that would take too much time to write another VPN protocol instead of just riding on something that already exist with modifications to add my SIP protocol.


          Ratio August 11, 2016 12:26 AM

          @Dirk Praet,

          An AT&T report on transparency and privacy sounds about as daft to me as an Abu Bakr Al-Baghdadi speech on peaceful coexistence with non-Muslims. I don’t know why they even bother.

          Is the idea of an AT&T report on transparency and privacy or of an al-Baghdadi speech on peaceful coexistence with non-Muslims daft? Or are you talking about the contents of a particular AT&T report on transparency and privacy or of a particular al-Baghdadi speech on peaceful coexistence with non-Muslims?

          When you say “daft” do you in fact mean “not credible”? (“Why do they even bother? They aren’t fooling me!”) Do you disbelieve what AT&T has reported on transparency and privacy about as much as what al-Baghdadi has said on peaceful coexistence with non-Muslims?

          As to why those who bother bother: could it be they think they will profit from their efforts? Could they be right?

          HAL August 11, 2016 3:12 AM

          The apparent chain of events in the DDoS attack / meltdown at the Australian Census is laid out in detail by Patrick Gray at

          It’s not a pretty read if it accurately describes the state of preparedness on a high-profile, time-critical multi-million dollar project that apparently spend more than A$400,000 on performance testing.

          Clive Robinson August 11, 2016 5:19 AM

          @ The Usual Suspects,

          You might be intetested in this posting from D. J. Bernstein,

          He discusses why AES is now “nolonger fit for purpose” with regards the usage and direction of the design of CPU’s and a more secure way to move forward with efficiency with such CPUs.

          His comments on general purpose parallelisation are similar to those I’ve expressed here in the past.

          Clive Robinson August 11, 2016 5:38 AM

          @ The Usual Suspects,

          As you will know I have “a bit of a bee in my bonnet” about what is and is not “real” true random and what is “faux” true random masquerading as “real”, and the security implications of near zero real entropy in supposadly non determanistic generators of various forms.

          Well it appears that others think similarly and that we all have reason to worry about what information gets leaked by not just our choices of entropy source but also how we subsequently use them in the likes of Public Keys,

          Clive Robinson August 11, 2016 6:26 AM

          @ All,

          You’ve probably all read the post on NIST and 2FA.

          Well 2FA can “still save your bacon” as this auther indicates,

          That said the attack he described is much more interesting. The attacker first got at the MX records of the DNS of the mail server the author receives email on. The result was that when the attacker got a reset email sent out the attacker got it not the author.

          Proving once again that “a chain is only as strong as it’s weakest link”.

          Wael August 11, 2016 6:39 AM

          @Clive Robinson,

          You might be intetested in this posting from D. J. Bernstein

          Seems his view is that chip manufacturers optimize thier design for the most profitable market segment, which happens to be gaming. He then talks about the original design goals of AES and how it fits within the new chip design decisions, including timing attacks.

          Wael August 11, 2016 6:56 AM

          @Clive Robinson,

          The effectiveness or robustness of 2FA varies from one usecase to another. Stingray type attacks can be mitigated as well, even when the malware is known to be resident on the phone. Another type of attack (to capture OTP over SMS) is account takeover. An attacker masqarading as the target victim calls the MNO and tells them to move the phone number to another device the attacker owns, and the rest is history… There was a thread relevant to this topic in the past…

          2FA still presents a good barrier, in general.

          Thoth August 11, 2016 8:07 AM

          @Clive Robinson

          re: RSA Key Generation Biasness and Randomness

          I have long suspected that as well. As you know I am programming smart cards in JavaCard and I noticed that I can detect different batches of smart cards and IC manufacturer under the same card supplier or even among different card suppliers with different Card OS with very high accuracy by simply looking at the first byte of the public key despite using the smart card boasting to have TRNG features and compliant to AIS-31 for TRNG according to German BSI standard and now widely industry recognized as the go to standard for TRNG ranging from CC EAL to FIPS 140-2.

          I sometimes wonder if there is some sort of batch seed of sorts inserted at the factory as the RNG seed with some mixing of some weak TRNG circuit or PRNG circuit in the IC chip and some magic dust formula to make it look random to pass whatever evaluation tests they need to undergo. Noting that smart cards and embedded cryptographic chips are highly reliant on factory set seeds in a bid to prevent collision of seed material to create some illiusion of randomness.

          A better method as @Bruce Schneier have already written is to use the Fortuna RNG system he created which aggregates entropy from as many sources and then process the possibly bias or even malicious entropy to spit out more secure entropy.

          To protect smart cards and embedded cryptographic devices from problematic randomness, it’s best to use a trusted air-gapped and even energy-gapped system to gather entropy before finalizing a seed and then injecting the seed into the smart card or embedded crypto-processor’s RNG instead of using the default seed that the smart card or embedded crypto-processor might be programmed with.

          CallMeLateForSupper August 11, 2016 9:18 AM

          ON topic.
          I think the squid ink soda looks like what issues from a clogged drain, and the mystery vegetable matter and bright citris don’t soften the impact. Maybe people who like black nail polish would disagree. I’ll stick with tonic & lime.

          Ted August 11, 2016 2:06 PM

          Lotus Nation: Sustaining Vietnam’s Impressive Gains in Well-Being</a href>”

          “Vietnam’s success over the past two decades is undeniable. The country has moved from a largely agrarian economy to one powered by manufacturing. Food is more plentiful, health care more accessible, schooling more affordable, and disposable incomes higher than ever. But the country faces significant challenges, some of which stem from its rapid progress. And those issues will create formidable obstacles as Vietnam aims to transform itself into a modern knowledge-based economy.”

          “To understand how far Vietnam has come—and what the country’s leaders must do to sustain progress—we used The Boston Consulting Group’s Sustainable Economic Development Assessment (SEDA)</a href>. SEDA is a powerful diagnostic tool designed to provide insight into the well-being of a country’s citizens and how effectively a country converts wealth</a href>, as measured by income levels, into well-being.”

          “A key finding: Vietnam is among the top performers globally when it comes to converting wealth into well-being. With GDP per capita (based on purchasing-power parity) of about $5,200, Vietnam has a well-being level that would be expected of a country with GDP per capita of more than $10,000—a clear indicator that the country has successfully harnessed limited resources for the good of its citizens.”

          gordo August 11, 2016 8:06 PM

          Not that it’s an exact comparison, but I noticed these two market numbers recently. I could be wrong, but it seems like the more that gets spent the worse things get…

          “The value of all arms transfer agreements worldwide in 2014 was $71.8 billion.” (Summary, second-to-last para.)

          “Worldwide spending on information security will reach $75.4 billion in 2015, an increase of 4.7 percent over 2014, according to the latest forecast from Gartner, Inc.” (first para.)

          Background pieces:

          mostly demand August 11, 2016 11:54 PM

          @Nick P

          It’s not. It’s a combination of a demand and supply problem. Mostly demand.

          To counter a counter-claim, here’s another one that looks believable

          Bleh, bluh, blah

          The lines aren’t crossed. That CPU isn’t powerful enough. Our system is secure enough. These attacks are only theoretical. It would require a nation-state to exploit such an exotic vulnerability. Journalists and dissidents are only statistics

          I think I see where you’re coming from, but there’s little money to be made in provably secure architectures

          but where there is, it’s probably doomed to further enhance the existent security differentials

          r August 12, 2016 12:37 AM

          @Nick P, mostly demand

          No offense Nick, and I know I’m one of those crazy paranoid voices out there.

          But aren’t the only people that buy high-security pretty much the same people potentially behind marketing, developing, vetting, releasing, and coercion of the apparently low-security envelope we’re currently trapped in?

          Thoth August 12, 2016 1:13 AM


          Ouch … goodness … you nailed the problem in it’s head 🙁 .

          Hopefully our (me, @Nick P, @Clive Robinson, @Wael, @Figureitout, @Markus Ottela) push for increasing the margin of security would take roots but for now, it’s just us (me, @Figureitout and @Markus Ottela) who are doing practical implementations of some higher assurance projects but if compared to commercial offerings, it is very roughly done.

          Wael August 12, 2016 1:19 AM


          I think the squid ink soda looks like what issues from a clogged drain…

          Sounds like bottled mineral water from Los Angeles.

          ianf August 12, 2016 5:23 AM

          @ rrrrrrrrrr

          How the hell did you figure out Mechtild wasn’t a native English speaker? I must’ve missed it.

          You did that—because I didn’t. Make any suggestions either way, while having a vague recollection that earlier she contributed that bit of herself voluntarily like. Worthless bit of tush, too[*], of importance only to self-designated purists like Wael, who “think” of language in a binary way: either it is perfect, or it isn’t, never in-between, never mind both (it works for quantum mechanics, but that apparently is too unpalatable for his refined palate). And that it should matter more than, e.g. whether one changes to fresh underwear every day—of which in either’s case I couldn’t tell you nothing true anyway.

          BTW, where did your “Crumpets” come from? Was it an uncalled-for culinary exhortation? The only time I alluded to such was way back in May (Clive didn’t deny it then, SO IT WAS TRUE!)

          PS. you’re my wingman, remember? So you shouldn’t goad Wael into a state of self-congratulatory astonishment over own quick reparteebility. TAKE that “polluted” BACK AT ONCE, expunge it from the record (sell soul to Bruce if need be). Blame it on the weather, the cat walked across the keyboard, anything. Otherwise we’ll be hearing this, with you as quoted/ hyperlinked source, like forever, or until 2020, whichever comes first.

          @ Wael,
                       good boy! here’s one more bone for you to chew on: the “i” in me nick obviously stands for “indent.” Only 3 more letters to go. You’d never have figured that out on your own.

          [^*] is it tosh or tush? I think the latter. (Ducks like a quack, quacks like a duck, she’s a duck!)

          r August 12, 2016 5:39 AM


          It came from fail left field I suppose,

          “Tea & CR[LF] Crumpets.”

          I realized after I posted “-Crumpets.-” (by itself) that that may have been sufficient.

          You asked about Madam Fraulein MacBeth.

          About ‘polluted’ (minus quotations), I was likely projecting? 😉

          Indent huh? I almost posted: I am not afraid when I saw that unaddressed snippet yesterday(?).

          I am not friendly?


          r August 12, 2016 5:46 AM


          Even if you guys had the LISP (I’m walking-around Marcus’ comment about C to Nick some months back I can’t find it offhand someone has my depth at 2 currently) done and proven tomorrow: you would still need uninterrupted access to a foundry (who’s equipment and software has been vetted (unless, there’s some magic (foundry agnostic) way to self-prove a design underneath the borderline analog world of it’s traces and pads)). While I’d settle for some upturned ~30mghz free form dr. franken beatle zombie reanimated from the de-soldered scrapings of dvrs, remote controls, sega saturns and the like – I doubt too many people would find anything of use in such a project as it would be reasonably too brittle for transportation.

          Maybe Nick’s right, maybe with a sensitive enough power analyzer you could detect even things like that analog trace-as-capacitor hack we saw a couple months back. It certainly is my hope, we (the public, technically you though) only have so much time before variations are developed that move it further away from the light of who knows.

          I don’t want to live in the land of who anymore, there’s no trust in it.

          That darn cat.

          Dirk Praet August 12, 2016 6:12 AM

          @ r

          OT also, but potential near-future replacement of existing OS technologies.

          Not sure if Fuchsia would be suitable for a general purpose OS, but I can see plenty of interesting applications for VR stuff. A couple of weeks ago, I had my first HTC Vive trip, and I was totally impressed. Absolutely amazing sea and space sceneries, a very cool 3D Photoshop-like program from Google, zombie shoot-them-up games etc. I can easily see how people could get addicted fast to this.

          Clive Robinson August 12, 2016 6:17 AM

          @ ianf,

          Clive didn’t deny it then, SO IT WAS TRUE!

          Ahh “babie Homes” at it’s finest…

          I’m not that keen on crumpets (unless you are refering to the fair sex as they once did) I have a preference for Blinis (if made properly with buckwheat) and the appropriate smoked salmon (not caviar) with a decent white wine, not that fizzy muck that calls it’s self a faux-ache. If I want fiz then sparkling mineral water suffices.

          As for dining with Royals I could tell you some stories but then as they say… But personally I prefer the Princes Royal, she has much better stories to entertain with, and thankfully does not smoke like a factory chimney in an L.S.Lowry painting.

          Wael August 12, 2016 9:59 AM


          good boy! here’s one more bone for you to chew on…

          That wasn’t me, vato! Rectify your attribution immediately, or prepare for my retribution 😉

          Wael August 12, 2016 10:16 AM


          to self-designated purists like Wael, who “think” of language in a binary way: either it is perfect, or it isn’t, never in-between, never mind both

          Dude! Have you ever contributed a constructive comment in your life?

          Clive Robinson August 12, 2016 10:35 AM

          @ Wael,

          Dude! Have you ever contributed a constructive comment in your life?

          Don’t ask ianf such self apparent questions, you know he will go into “Nixon Mode” and anounce you have made it to his list.

          Like Nixon he appears congenitaly incapable of “follow through”. So what currently emmits from the lower facial orifice will soon bubble out of those higher orifices…

          Remember that although he has a habit of ejaculating his words in rapid order, it’s not just they that fall on stoney ground.

          Wael August 12, 2016 11:14 AM

          @Clive Robinson,

          Remember that although he has a habit of ejaculating his words in rapid order, it’s not just they that fall on stoney ground.

          Yup! He shoots blanks and produces intellectually sterile discussions, and I’m using “discussions” loosely. Too bad, because he has a talent! If he relenquishes his extensive personal attacks, I think he would produce better on-topic discussions. I don’t mind a few jokes or excessive sense of humor, as I’m guilty of that myself. But it can’t be everything we discuss. My expectation is this will fall on deaf ears, but I hope I’m wrong.

          Nick P August 12, 2016 3:03 PM

          @ mostly demand

          That’s similar to what a HW guru said about how SOC’s for a peripheral on a laptop might have a 3G modem embedded them them. They’re cutting cost by reusing other designs without advertising what extra blocks are there. Then there’s needless additions. Plus, combining them, they might have that same USB-enabled chip in monitors that don’t have USB ports. Or something worse than USB.

          “but there’s little money to be made in provably secure architectures

          but where there is, it’s probably doomed to further enhance the existent security differentials”

          Possibly true. I work hard trying to come up with ways around it. So, I’m not done yet and HW/SW people are just getting started. 🙂

          @ r

          “But aren’t the only people that buy high-security pretty much the same people potentially behind marketing, developing, vetting, releasing, and coercion of the apparently low-security envelope we’re currently trapped in?”

          Some but that’s peripheral. Focusing on good suppliers, they’ll build whatever they can actually sell in the high-security market. So, more buyers always are a good thing unless they’re demanding bullshit. Increased diversity of buyers, esp at national level, is better to reduce the odds they’ll subvert something highly-likely to be inspected. They’d do a targeted vs mass is the the idea. Then, people make tradeoffs that leave a lot of stuff without such assurance. It doesn’t need it, they don’t want to spend it, or whatever. So, it’s always mixed with me not caring much about who the customers are so much as the development & vetting process.

          “you would still need uninterrupted access to a foundry”

          “Maybe Nick’s right, maybe with a sensitive enough power analyzer you could detect even things like that analog trace-as-capacitor hack we saw a couple months back. ”

          Huh!? I didn’t say that. Someone here, maybe even me, might have mentioned that onboard, power analyzers are a tactic someone prototyped for that. It’s not my main suggestion as I’m against tactical approaches except as interim methods or for obfuscation layers. I’m for root cause approaches. That means a way to make foundry trustworthy, protect shipment, and/or vet the resulting chip. It’s also why I keep bringing up stuff for 350nm/0.35micron processes. They’re the last ones you can see in a microscope if you verify it by eye. Full breakdown of risks and requirements here. I have a few solutions but no intention to publish them. Almost all are inherently obfuscation at some level where publishing benefits attackers more than defenders. I’ll give it to a HW/SW, security project going production if and when they need it, though.

          @ Thoth

          “Amongst other Turkish firms, Ayesas is currently the sole supplier for the F-35’s panoramic cockpit display and its missile remote interface unit, while Fokker Elmo makes 40 per cent of the aircraft’s wiring harness.”

          Lmao. Talk about dependency problems. Outsourcing, too. Let’s create a dependency that we outsource to a country with lots of terrorism and political instability. Oh wait, they might align with the enemy? Oh shit, who saw that possibility coming!?

          “The F-35A’s main aerial adversaries are likely to be Russian-backed nations’ air forces ”

          Yep, but giving our F-35’s to our enemies is what they should be worrying about.

          “the information gained by Russia would be very valuable, particularly for regional allies likely to have to face the F-35 – such as Syria”

          Are they serious? Have they not studied Cold War-era or recent espionage at all? This is a huge program bringing in all kinds of people due to politics. Lots of organizations with hand in cookie jar. Lots of bragging about capabilities to lots of people. The Russians have massive espionage campaign with many infiltrators looking for this sort of information. So do the Chinese. It’s foolish to think they don’t already know the basic parameters of F-35 operation. Among other things.

          Dan3264 August 12, 2016 5:48 PM

          Your suggestions on dealing with trust issues with hardware are interesting. How likely do you think ASIC makers are to actually backdoor a custom circuit? I assume the likelihood depends on the ASIC maker and whether or not the ASIC you build seems related to security. Preventing backdoors is currently on my list of things to overthink, along with Physical Unclonable Functions(On one of your posts recently you mentioned the Aegis processor, which got me interested in PUFs).

          Nick P August 12, 2016 6:48 PM

          @ Dan3264

          Almost all ASIC’s are backdoored. It’s called Design-for-Testing where scan chains are added all throughout the circuit to help them see if it works. I don’t have reliable data on who takes them out and who leaves them in there. JTAG functions are essentially backdoors. Many chips use flash for critical firmware that can be hacked and overwritten. We’re seeing more of the MCU’s on them get hacked by DEFCON types. This is all before you get to a purpose-built, intentional backdoor for remote use. 🙂

          I have no idea about those. The people doing it won’t share their market, penetration numbers with me. Pun intended.

          r August 13, 2016 6:10 AM

          @Nick P,

          Sorry for the mis-attribution, it really wasn’t an assertion anyone specific made sorry for applying it to your name. I’m still trying to wrap my head around the greater-scheme-of-things, you guys have really helped that.


          Thank you, all of you.

          Dan3264 August 13, 2016 8:33 AM

          @Nick P,
          That is annoying. Design-for-Testing makes sense. Unfortunately, it is a bad idea for security. It seems like the best thing to do is to ask for a JTAG function in the ASIC specs. The JTAG function put in should be easily disabled later. I think a few high-current reverse-polarity spikes on the JTAG lines should do the trick. Ideally the JTAG circuitry should be in the middle of the chip, where it is hard to get to. The JTAG circuit should be designed to provide what a backdoor inserter would want, so they use the backdoor you provided instead of making their own. After the voltage spikes ruin the input-output circuitry of the JTAG, the backdoor function will be useless. This is the best method of preventing backdoors I can think of (that doesn’t make very unrealistic assumptions). What do you think?

          Figureitout August 13, 2016 9:42 AM

          –Nice thanks (this would be good for work where you have to use windows (and you still do quite a bit, it’ll probably never change…)). So much bullsh*t in security community when there’s never any straightforward tutorials on how to “properly” use encryption software. Like a circle jerk. I generally just use veracrypt though, just a large encrypted container. And keep multiple backups on different kinds of memory (and some I don’t care, unencrypted). Need to refresh my backups actually…

          –Not sure your background, but having test spots that would give a reverser a nice headstart is never going away. If I owned a company, I would never approve removing them (only temporarily if after explaining to customer we can’t support or debug any potential problems, and getting that exchange in writing). If your circuit is even mildly complex, and SMD parts these days, you can’t check if pads underneath an IC are soldered correctly or backwards (usually, places like Google etc. could) and you couldn’t prove to manufacturer they f*cked up. Already, in a couple years of working, I’ve seen brand new parts fail that I would’ve NEVER imagined failing (pots…POTS(!), ethernet connector (not new), new switches (contacts don’t touch), and others I can’t recall now). Plus, you don’t even need test points, I was able to find a pretty good bug by putting a scope on the power supply and watch for the voltage drops of transmitting/receiving. Can’t remove the power supply…

          Dan3264 August 13, 2016 10:11 AM

          I am not planning anything yet. I might want to experiment with security related stuff in the future. It would be nice to know a bit about trying to avoid backdoors and stuff before I want to have a system that is free of backdoors. That would make me so much more likely to get it right. Also, security and computer related things are interesting to me.

          Figureitout August 13, 2016 2:54 PM

          –You may also want to be forewarned before you jump off the deep end and potentially waste a lot of time trying to do the impossible.

          It is close to impossible to avoid backdoors (having assurances, you can try to “trick” them to reveal themselves via side channel counter-attacks or setting up honey pots) so we need to try and focus on/protect what little actually needs serious protection. We can’t really discuss this all in one setting, takes years of mulling over research and experiments. Think our general consensus is it’s impossible but we can settle for very hard to attack systems. I’m annoyed that vast majority of security community throws their hands up w/ physical/evil maid attacks so I did a little versatile detection system. If you’re working on a tamper-proof setup and an attacker just breaks in while you sleep and steals design docs…no good. You need to at least be aware of an intrusion.

          Certainly there’s a ton of things you can do to be annoying; some of the best defenses though may come back to maybe kill you (got thermite rigged up on your computers). Being mobile (in every sense of the word, physically too) and hiding in the noise is best strategy to hide from TLA’s. But you definitely need to be able to have some extensive design skills to make a minimal computer, be able to store/encrypt things there (I’d be fine w/ a million write cycle EEPROM but you could lower attack surface or make attacks harder by painstakingly making your own memory cells), and interface to a transfer computer. Gets into a lot of design areas…

          Clive Robinson August 13, 2016 5:38 PM

          @ Figureitout, Dan3264,

          You need to at least be aware of an intrusion

          And as equally what has been looked at / compromised. It’s one of the reasons the military don’t use safes with “re-lockers” in.

          Whilst a fully / 100% secure system is not possible mathmaticaly or due to the more prosaic “Unknown Unknowns” issue you can go a very long way towards it, but it does mean one heck of a lot of restrictions on what you can do.

          In essence what you are trying to do is issolate a system entirely via an “energy gap” then to make the system of “real world use” build a bridge across the gap that is fully instrumented and controled such that all transfers are fully known.

          Thus even though such a system –like Win10– might have built in backdoors and other insecurities by default, such attack vectors are issolated from use by an attacker.

          This sort of aproach is a “class mitigation” rather than an “instance mitigation” which does not tend to involve you in a “Red Queen Race” where you spend your entire time devoted to security updating just to stay where you are.

          Also as anyone who has run production servers or client machines knows, “instance mitigation” via “Patch Tuesday” has distinct disadvantages in terms of system stability. Each patch to close an instance of a vulnerability has interactions with other parts of the system, which even at the best of times can have unforseen consequences. Thus ways to avoid the Instance Mitigation of Patch Tuesday are desirable, and issolation with mandated and instrumented comunications is actually a prefered way to go where possible, even for servers.

          Thus isolation as a mitigation stratage is the way I tell most people to go where possible. This is because it allows you to concentrate more on securing the bridge that is the communications interface which should have a significantly reduced attack surface.

          Dan3264 August 13, 2016 5:49 PM

          I suppose it would be too easy if there was a easy way to defend against TLAs. Most “straightforward” ways of defending against TLAs are probably way too cumbersome for me. I do not want to use the “human augmented by a pencil and tons and tons of graph paper” computer, no matter how hard it might be to backdoor. I probably should focus on something more practical, but where is the fun in that?

          Figureitout August 14, 2016 8:53 AM

          Clive Robinson
          And as equally what has been looked at / compromised
          –And at what time…probably the most important. If immediately after you left you could reason maybe someone was waiting for you to leave…In my case I saw people heading towards my house as I was leaving, as well as other spotters to give them enough time to get out if I turned around.

          –There is easy ways, they can be very lazy since they generally don’t have to worry about prosecution from their f*ckups b/c they are “above the law”.

          And getting practical is fun, having something that works against most attackers (and probably all for most times) in your hands. Not sure why you think it’s not…would you rather just do mental masturbation on things you’d never do?

          ianf August 14, 2016 2:25 PM

          @ Wael adopts a denialist attitude with me, “that wasn’t him,” he claims.

          Oh, really? That wasn’t you engaging in a bit of Schadenfreunde, adding to the noise? Don’t tell me, it was your evil imaginary twin… how convenient!!!!


          to self-designated purists like Wael, who “think” of language in a binary way: either it is perfect, or it isn’t, never in-between, never mind both (REINSTATED DELETED PART “it works for quantum mechanics, but that apparently is too unpalatable for Wael’s refined palate“)

            Wael: Dude! Have you ever contributed a constructive comment in your life?

          Rrrrrrrright, when missing ANY coherent counterargument, go ad-hominem, as that absolves you from addressing the charge. (Also: was my analogy to quantum mechanics too heavy an intellectual fare to stomach?). But since you ask: YES. Happi?

          @ Clive Robinson
                                        hyperventilates on the imaginary subject of my alleged “Nixon’s [enemies] list” and piles on: “Like Nixon he appears congenitaly incapable of “follow through”.

          I don’t know about Nixon, only saw him in Frank Langella’s imago in the “Nixon–Frost” movie, but there’s a grain of truth in that I do indeed am way behind in my responses. Unlike you, I don’t just write anything that falls down from my forehead, but, knowing limits of my competence, have to conduct research, line my argument ducks in a row, etc. All that takes time, which is NOT a self-replenishing resource, but flows in one direction only (elementary physicks). Meanwhile the backlog just grows, and so I have to cull it constantly, or else I’d never be able to post anything. Per chance, what you think should warrant feedback from me differs from what I find worth my effort… so feel free to respond to me-as-a-strawman, using arguments that you ascribe to it (I won’t have the time to deny, much less to rectify everything – statistically your gain).

            Inexplicably mamselle-confusing indent again. Rest assured, however, that on certain issues, your (and others’) posts have not been neglected by me, but wait their turn in a special folder where I had to #hashtag keywords (e.g. #antisemitism), or else I’d never find them when needed. As most of these thorny issues do not belong to core themes of this blog, however, I’d have thought that the restraint that I am showing would be appreciated rather than castigated, but apparently I am mistaken (BTW. this is NOT a solicitation for applause, mind).

          Later, you and Wael engage in a sort of camouflaged adolescent pissing contest over my posts, which can but be summarized as:

          emits from lower facial orifice” – no orifices have part in my keyboard input

          ejaculating my words” – so I’m virile

          shooting blanks” – yet also must be sterile

          deaf ears” – plus deaf, too(?)

          Among these, however, I found a speck of gold (=a metaphor for something of value). You wrote, and Wael then quoted, this quantifiable–thus–easy-to-verify-OR-debunk claim:

            he has [=that is, I allegedly have] a habit of ejaculating words in rapid order

          If we take “words” to mean “posts,” and use “rapid” as a metric for comparison of our respective frequency of submissions, burst rates of commenting, and, per chance also the length of texts; and even if we were to narrow it down to just these posts of yours and mine, where the opponents’ name appears; I DARE SAY THAT IT WOULDN’T FALL OUT IN YOUR FAVOUR: you’d be the one with frequent logorrhoea, while I’d barely register in that—and only that—context.

          Had I had the time, I’d write a program to scan and scrape publicly accessible Schneier blog archives of the last year or so, since my first post here, extract all me-to-you and you-to-me items with bytesizes and dates, and then pipe them through a number of statistical evaluation functions. Presented in comparison horizontal bar graph form, one side you, the other me, it would be one asymmetric sick pupa of a “butterfly.”

          Wael August 15, 2016 2:11 AM


          Oh, really? That wasn’t you engaging…

          The “blockquote” text you attributed to me wasn’t posted by me, and that is what I denied. As for the “bit of Schadenfreunde” thing, it really isn’t. It could happen to anyone. I just thought it was funny. I wont comment on the rest so I don’t bore everyone else.

          Clive Robinson August 15, 2016 3:42 AM

          @ Wael,

          … you attributed to me wasn’t posted by me…

          Yes ianf does that.

          He’s done it to me, thus it’s likely he’s done it to others as well.

          So treat his attributions as suspect untill you verify them.

          Wael August 15, 2016 3:50 AM

          @Clive Robinson,

          So treat his attributions as suspect untill you verify them.

          Code-cutting is a bitch! Dereference “his attributions” and you’d more accurate 😉

          bob August 18, 2016 12:09 PM

          Re TV Detector Vans

          Someone posited years ago that the vans just looked for known patterns of light flicker from windows (behind curtains or otherwise).

          The BBC have always been secretive about their technology which does make one suspect that it’s all propaganda – although it is odd that they’ve consistently talked about a detector “van”. USA cable companies seem to depict a man walking around with a little box.

          Leave a comment


          Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

          Sidebar photo of Bruce Schneier by Joe MacInnis.