Friday Squid Blogging: Squid Not Killing New Zealand Sea Lions

Experts are blaming bacteria, not squid nets.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on August 12, 2016 at 4:02 PM • 302 Comments

Comments

RickAugust 12, 2016 4:48 PM

As a reluctant business user of Windows 10 I'm eagerly awaiting Bruce's tips on hardening the OS. He said this was on his 'to do' list when answering a question (somebody asked what OS he uses) in his AMA Reddit.

It might be a good idea for us all to contribute our suggestions (as we did for his Worldwide Encryption Products Survey). Doing that will provide a valuable single resource for ordinary people who use Windows.

I've done most of what I think is necessary to lock down my system but I'd appreciate more tips.

EAugust 12, 2016 6:16 PM

It’s not squid that are not killing NZ sea lions, it’s squid fishing/squid nets that are not killing NZ sea lions. No information is given about whether or not squid are or aren’t killing NZ sea lions!

ThothAugust 12, 2016 6:44 PM

@The bear is angry

Possibly the tip of the iceberg for WW 3.

@Rick

The best option if you have to use Windows is downgrade to Windows 7 without all the cumbersome and useless who knows what updates. It's impossible to secure Win 10 since this version is the most intrusive version of Windows ever built. Forget about Win 10 if you really want your privacy and personal security.

If it's used for work. Strictly do not use it for personal browsing or accessing any sorts of personal emails. Use a Linux to browse for personal use and use a USB flash drive to transfer data between them at the very least.

RickAugust 12, 2016 6:54 PM

@Thoth

I can't downgrade my work laptop unfortunately although I have all of the privacy settings enabled, telemetry disabled and advertising functionality removed. Bruce seemed to suggest in his Reddit AMA that Windows can be hardened and to an extent I think it is possible... albeit extremely difficult, disparate and annoying for Joe Public.

My personal system uses Arch which I'm more than happy with for the moment. I've used Manjaro before and prefer its simplicity but I prefer the granular installation you get with a pure Arch build. Having said that I like Linux Mint for its out-of-the-box experience and stable Ubuntu base (without the Ubuntu advertising).

Clive RobinsonAugust 12, 2016 9:10 PM

I've noted on this blog a few times that when it comes to information security the "All roads lead to Rome" aspect of the Internet. Which is why the US, UK and Australia are considerably more capable of surveillance than any other countries in the world.

Well it appears that others are starting to see and talk about the importance of this,

https://motherboard.vice.com/read/the-internet-doesnt-route-around-surveillance

There are only two solutions to this problem. Firstly "rebuild the physical layer" of the Internet in a more rational way. Secondly build in "mitigation strategies" that the Five-Eyes et al can not pervert.

The first option carries the risk of "balkanisation of the Internet" with all the attendant problems that will cause, and may well happen at the next ITU congress for ITR changes (see what went on in the last one in Dubai back in Dec 2012 https://www.theguardian.com/technology/2012/dec/03/telecoms-unitednations ).

The second involves mitigation strategies that get around a number of issues such as "supply chain poisoning" or interdiction issues, which most likely will have a negative impact on Five-Eye countries economies.

Dog StarAugust 12, 2016 9:28 PM

@ Sanchez , last Friday Squid you were enquiring about messages hidden in public, plain text

@ Wael and @ r had some responses. @ Wael you described a situation whereby you shared a hidden message in public with Clive Robinson, and gave detailed explaination. Wael it was clear, concise, useful, easy to read, practical and enjoyable - thank you very much .

This is probably old news to most, but an interesting take on the intrigue surrounding Truecrypt closing down is the suggestion the farewell message had clues in Latin, warning of NSA involvement.

I love this. What would a crypt developer do when needing to communicate in public, in plain text, with the masses? In code!
He or she was probably despairing no one could 'think hinky' and catch on:
'I'm surrounded by imbeciles!!'
So too was the suggestion to use BitLocker as another public, plain text code. Ie, the closed source, NSA shafted & owned, vulnerable, bitlocker, is actually even SAFER than truecrypt now . I still can't believe people took that advice seriously ''oh, der, hey, I'll switch to bitlocker now'

A short article below touches on this.

https://www.grahamcluley.com/2014/06/truecrypt-hidden-message/

IsmarAugust 12, 2016 9:32 PM

@ Proton Mail Admin
Why is your Android app making connections to a server in the States?

Clive RobinsonAugust 12, 2016 9:40 PM

As some of you might know Google appear to be building a new Open Source OS called Fuchsia.

However apart from a code repository and some cryptic remarks little appears to be known about it.

Which is why "what is it" articles such as this,

http://www.androidauthority.com/googles-new-fuchsia-operating-system-709535/

are starting to appear.

Some think it's to strip Linux out of Android, but my view on that would be it's more likely to be to strip out problematic API's such as those of Java which Oracle have been trying to get traction on through the courts.

I suspect that whatever it does turn out to be IF it survives it will be another "Walled Garden" business model OS.

MatthewAugust 12, 2016 10:23 PM

@Dog Star

Given that many people including you, me and the author of the article you linked to do not know Latin and needs Google Translate, it is hard to say if that is the message TrueCrypt developers are trying to tell us.
Furthermore it could be just people trying too hard to find proof that NSA has broken TrueCrypt.

As far I know, no known method exists to break or get around TrueCrypt's encryption. Even bitlocker is considered to be safe except that if you are using windows 10 home, a copy of the key is stored with Microsoft. So NSA and FBI do not need to break anything, just ask Microsoft for the keys.

65535August 12, 2016 10:38 PM

@ Rick

If you are forced to use Windows 10 for your job:

1] Make sure you have the Enterprise edition.

2] Lock it down with one the many Windows 10 ‘Survival guides’ cough, like the one linked below.

https://www.hugofox [dot] com/shared/attachments[dot] asp?f=c1b37f75-4b5c-4954-8d58-4813c7b592ed.pdf – note there of plenty of links other than this one ['Ask Woody' is not the only resource].

3] If you done the above and still feel uncomfortable think about getting another job where Windows 10 is not required.

Windows 10 is one of the bigger bundles of vulnerabilities created - this is especial true for “non-enterprise editions.” The attack surface is just too great to secure. Further, M$ has been known to jump in bed with the NSA/CIA/FBI and so on. Chose your lock down template and take your chances.


https://www.askwoody[dot]com

@Rebecca HadronAugust 13, 2016 12:27 AM

Copied from "hacking your computer monitor" post:

@r , you wrote

"@ianf, Crumpets. How the hell did you figure out she wasn't a native english speaker? I must've missed it."

he/she didn't. I did refer to it in passing, a couple of times in a message to he/she personally, which they responded to.

@Rebecca wrote:
"people only belong here if they are british or north american native english speakers.

@r wrote:

Bzzzt, try again."

Of course. I was being sarcastic. As, what I suggested, was the impression that was being made, or could be the impression that is picked up by other newbies like myself

I said:
"You have a unique way of making your own text appear to be quoted text.

@r you wrote:

"If that's true, it should be self-explanatory - and it most certainly isn't a unique trait if that's true."

you and I could mean different things. Or I could be a blockhead, but I meant, the person in question will write a length of text and amidst it will be an arbritary paragraph entirely indented which gives the distinct impression it is being quoted from the receipient. Alas no the confusingly indented paragraph is intended to convey some kind of hyper-extraordinary *emphasis*

"If you're against trolling why bait ianf in a thread he hasn't polluted?"

I'm not baiting anyone. I am referring to a systemic dysfunction that is not unique to one thread, such that it did not specifically require a comment by the perpetrator in any specific thread, to initate my comment. In lawful terms someone is acting 'Dishonourably' and 'creating a controversy'. Hint - it's not me and it's not you, @r To be fair, my post did belong in Friday Squid but I was too impatient to wait another 48hrs.

This forum is unique. There is a congregation of brilliance here, committed to solving global problems of inestimable significance. Lives are literally at stake here. The signal quality is high. When noise interferes, so much so that even Nick P says it is inspiring him to stop commenting - Nick P being about the most sober level headed character present here - then it says a lot about the issue.

And the 'noise' is not the occasional troll with a drug induced mental illness claiming to be a secret agent spymaster controlling the world, from birth, and then disappearing again. The issue is systemic and persistent.

In contrast to the brilliance so often exhibited here, I object to mediocrity. I object to bullying and I object to behaviour intentionally designed to belittle and degrade and to cause harm. I have a responsiblity to this enlightened forum to stand up.
Now, having done so, I must stand down lest I break the common law tenant of 'keep the peace'. I've said my bit, a few times now.
It's up to the Moderators and everyone else to pick up on this and
join in with a response - or if not, by tacit acquiescence it will be agreed that the behaviour I object to is in fact not only tolerated but acceptable or indeed encouraged - and that status quo to date will remain. And, the only person with a problem, it would seem, will be me.

Incidentally, I am not claiming bullied or injured party status. I do however feel a concern not just for those present but for those still to join this forum in future. It is reprehensible to me to witness the risk of people not feeling welcome, when they wish to contribute, in what is a supportive community and must remain that way. As stated above, I'm bowing out of this discussion now.

@Wael you wrote

"@Rebecca Hadron, Don't feel bad! (S)he makes worse mistakes... Really!"

Thankyou. I don't feel bad nor did I feel bad by the original sentiments. As expressed above to @r, I was being sarcastic to address how inappropriate said sentiments were/are


@ Rebecca Hadron wrote:

...three other languages before I had the chance to pick up english.

@Dick Praet wrote:

So it would appear that you're living in the Geneva area, Switserland, then? Say hi to the good folks of Skopia art gallery from me. Nobody is called Hadron, so combined with the three languages (French, German and Italian) taught at school before English in Switserland, I took that as a reference to the LHC in Geneva.

@ Clive Robinson wrote:

One of a number of possibilities including parts of the "Tri-Border Area" of South America, if the assumption is solely three non english languages.

@Freezing_in_Brazil

There are 3 three-border-three-languages spots in Spouth America...

I respond:

What clever and fascinating observations. I love it. Nice how one casual comment can inspire a depth of considering

Actually it's two Eastern Bloc languages + [what was] the obligatory Russian. Not necessarily in that order

ThothAugust 13, 2016 1:58 AM

@Rick
Since it's a work laptop (assuming supplied by company IT dept, let them do the security).

Anything personal that goes through the work laptop is a gonna so make sure you have a for office storage media and never store personal stuff on it.

To summarize, you need to seggregate work and personal for safety where work stuff don't leak personal details and personal stuff don't leak work details. These are my personal opinions.

To be direct, securing Windows is impossible and it's known to have golden keys and backdoors. Linux, with Linus Torvalds refusing to harden Linux by default, is also another gone case.

@Nick P and I have been banging on getting the secure and private stuff onto dedicated secure hardware and to use OpenBSD and hardened variants of FreeBSD as the single only way forward until a community edition of some security microkernel emerges that is production ready and verified then we can talk Secure OS or at least a tiny chance of privacy. Other than hat all roads are pretty much unviable.

WaelAugust 13, 2016 2:03 AM

Dog Star,

situation whereby you shared a hidden message in public with Clive Robinson, and gave detailed explaination....

You're welcome! That makes me happy :) There is another one in the pipeline :)

Clive RobinsonAugust 13, 2016 2:48 AM

@ Wael,

There is another one in the pipeline :)

Err the explanation was some time ago...

I've sent several since, one just recently, which I think you got, as it appeared to hit fertile ground with you ;-)

@ Dog Star,

There is a degree of linguistic Steganography in this blogs comments. The steganos or cover is sometines based on word play, where you have to hear the words rather than see them. At other times it's a common knowledge base as in "Hark what light shines...". There is even the occasional social not geographic patois of the type used by coves and prisoners etc. The most notable being rhyming slang where you have a two word pair where the first word acts as a key and the second rhyms with the intended word. Thus a "richard" is the key word to "Richard the Third" and third rhymes with "bird", not what you thought perhaps which is where you can have two or more levels of meaning ;-) As far as I'm aware nobody has openly used the likes of Bible Codes as they realy don't work well with HTML though I had half suspected that @tyr might due to his odd use of line breaks, that could have been used to format fixed width fonts.

But if you realy want to see "hidden messages" at work, you will see it around marriages, a husband will apparently think his wife and mother are chatting amiabley, where as in fact they are snipping at each other verbally using what would appear to be bland pleasantries as bullets.

P.S. Wael, I Have just noticed that the spellchecker on this phone has patios but not patois, which makes quite a difference

Marcos MaloAugust 13, 2016 3:13 AM

I too have been thinking about Sancho_P's comment this past week–very carefully, as decoding and looking for levels of meaning where there might be none can lead to madness.

Extracurricular reading: Focault's Pendulum by Umberto Eco and for the ambitious, Ulysses by James Joyce.

If one were developing a program to decrypt text for hidden meanings, it might be interesting to run Ulysses through it for shits and giggles.

The danger of madness is because we humans have a predilection for pattern recognition, even "recognizing" patterns where there are none. Genius might be recognizing patterns that no one else has before. There is a danger if/when we move beyond the text into the physical world in our search for hidden meaning. Have a gander at Roland Barthes, especially some of his earlier essays on semiotics or semiology.

The danger being that one starts to read what isn't there, whether it be an exchange of texts or the silverware layout of a place setting.

Peek AbooAugust 13, 2016 3:16 AM

"Coming Soon: Cockpit Cameras, So Your Car Can Keep an Eye on YOU"

"This technology would likely be a boon to trucking and delivery companies to keep tabs on their drivers, as well as to car insurers to get accurate accident data. Still, many drivers may feel uncomfortable with the idea of cameras and computers knowing everything they're doing while in their cars. With some justification.

One unintended consequence of cockpit cameras, especially as cars become increasingly connected, will be privacy issues. In 2013, it was discovered, for instance, that built-in cameras in Samsung Smart TVs could be remotely hacked."

I can't see any drivers craving this brave new technology. But, the insurance and police lobbies will love it, especially the part where their targets are forced to pay for it. As noted by the article interior cameras will be yet another obsession of crooks and crackers.

There ought to be a law about intrusive, insecure, dictatorial technology like this, but politicians are too busy begging for "donations" from high rolling lobbyists to worry about trivia like this.

DogstarAugust 13, 2016 3:29 AM

@ Wael

a pleasure to read you / hear back from you

I'm going to continue with your happiness :-)

you went into some detail on a recent thread with your knowledge of Arabic - it was the 'why people join terrorist groups' thread and the definition of holy war and jihad. I appreciated your linguistic knowledge.
Can you feed-back regarding the word or phrase Al-Quaeda?
I remember seeing a presentation by a professor and native Arabic speaker whom explained how, it was impossible for Al Quaeda to mean what everyone thinks it means, as long as you know Arabic.
He explained it means 'the list' and that list being the soldiers of fortune (merc's) hired by the USG to do their dirty work, and really had absolutely nothing to do with 9-11 etc etc. But it all only really made sense with a linguistic context, which he explained and I've not retained.
Any commentary on this?

As a side point.
In Sydney Australia (Steak and Kidney, @ Clive! RE: cockney rhyming speak :-) Also the colony where bad people get sent if they misbehave with the NSA and bitlocker etc) ....ahem.
In Sydney there was a siege in martins place, in a cafe. About two years ago.
It was those evil, evil terrorists, from, oh my god, iran, or - some other evil evil country they stage films like ARGO in. actually I seem to recall a farsi speaking mullah member of Al Quaeda was the claimed culprit.
fairly early on in the theatre, one of the people locked inside the cafe held a flag up to the window for all the film cameras outside to witness. All the commentators were quick to point out, Oh yes, thats an Al Quaeda flag, yep - there you have it

Well. To everything I know - Al Quaeda doesn't have a flag. So, this was a signal, quite a literal one, to the world - this is a FALSE FLAG event . Apparently they always like to signal in some way, that something is a false flag, when they stage them. This rare occasion they had a sense of humour about it. Banal, but nonetheless
oh, and for some reason they chose to stage it in the Lindt Chocolate Cafe. Should we avoid eating Lindt chocolate from now on

@tyr
in that same thread about why people enlist based on the spurious research paper, you gave a fairly long
piece explaining many things geo socio political. I thought it was brilliant, and I was sorely tempted to save it amongst my 'valuable info' text file that no doubt many here keep - despite it being non-practical in content :-) So, thanks, you have an admirer here

WaelAugust 13, 2016 3:45 AM

@Clive Robinson, @Dog Star,

I've sent several since, one just recently, which I think you got, as it appeared to hit fertile ground with you ;-)

Oh, yes! this one. How could I forget!

And it hit fertile ground here and right here

Then there was the extremely difficult one to decipher (with the Moore) that earned you a yellow card from the moderator, because it was *gasp* inappropriate. It wasn't just hidden! You also compressed so much and encoded so much information that it made Claude Shannon turn in his grave (or is he in an urn, I don't know.)

WaelAugust 13, 2016 4:09 AM

@DogStar,

Can you feed-back regarding the word or phrase Al-Quaeda?

Al-Quaeda (القاعدة) means "the base" or "the headquarters". It's also the word to refer to chemical bases (as opposed to acids.)

He explained it means 'the list'

His Arabic sucks, ask for a refund! It does not mean "the list". The word "List" would be Al-Qaima (القائمة.) They may look or sound similar to non-Arabic speakers -- perhaps that's where the confusion came from.

hired by the USG to do their dirty work, and really had absolutely nothing to do with 9-11 etc etc.

Don't get me in trouble now! I'm not ready to spend an extended vacation at Gitmo! That will likely f*ck my happiness up ;)

tyrAugust 13, 2016 6:09 AM


@DogStar

The first step to remedy of any problem is to
identify what it is. Most of the current mess
is caused by trying to find a solution to the
symptoms of the problems. you can endlessly
treat the rashes of syphylis but the underlying
cause will not go away it will just get worse.

Societies of the past were quite capable of
creating a sense of self worth in young males
until they grew past the urge to rash acts of
stupidity. A careful examination of the ones
around you will show a complete lack of any
possible outlets for the excellence seeking
young male with any social handicap. All the
empty rhetoric about clashes of civilization
and the nasty name callings which include the
religion in some construct like Islamo-fascist
does nothing to solve the problems which the
young male with not much in the way of prospects
faces every day. Then you get some 'true believer'
who offers them a chance for excitement, even if
it includes martyrdom and his buttons are all
pushed.

If they were respected, offered employment, and are
a welcome addition to the society around them the
only problems left would be those who need mental
health treatments.

But that doesn't sell missles and bombs or give
the misguided troops anything to shoot at. Having
enemies makes certain sections of bureaucracies
prosper and thrive so all of the proud sloganeering
you hear from them is mostly empty bullshit to hide
their incompetences behind.

They have triggered a worse problem with their busy
bee propaganda. The last time that one raised its
head in europe the body counts were astronomical.
We now have a lot bigger population to toss into the
meatgrinder this time around. Moslems are not the
only dis-affected and problematic youth hanging
around out of work just waiting for a chance to do
something even if it is wrong.

Pareto noted that the health of a society is best
seen in the way it handles upward mobility of those
who are excellent in some way. Stagnate that and it
won't last very long because when you shut them out
of the system (for any reason) you force them to
turn against it to acieve anything.

The other trick which is harder is doing a look ahead
so that you don't create problems that you don't
need. The universe will make you enough without any
assistance.

rAugust 13, 2016 6:29 AM

@Rebecca Hadron,

Why is this, or anything an issue?

We have to learn to appreciate each other for each other and for each other.


@Dog Star,

What is that? A polite push into the arms of Microsoft? There are two very recent exploits involving the Microsoft operating system that are potentially deadly for anyone connected to the internet using BitLocker. TWO.

We will call them, sub versions of intended operations.

In situations such as this I refer to the previous statements made by Thoth as I feel the same way: TrueCrypt was audited and the linux one passed for the most part, anything else is pure speculation.

What you're saying is a gentle nudge, maybe it was right at the time - but those points are dated and aging - I have no choice but to ask "why?".

Which brings me to another point I have avoided making:

Apprehension can help to avoid apprehension (sometimes).

Some of us suffer from apprehension over apprehension over apprehension over apprehension others are cool, calm and collected though.

I don't get it.


@Anyone,
reference, reverence?
volks wagon, folks vagon?

ianfAugust 13, 2016 7:50 AM


@ Wael, if this

Oh, yes! this one. How could I forget! And it hit fertile ground here and right here.
represents the intellectual offline pursuits that you & Clive engage in, then both of you clearly could use a prolonged vacation in some quiet, leafy place, which would give your overworked grey cells a respite. NO DISCUSSION.


Why is this, or anything an issue?

Tsk, tsk, rrrrrrrrrrr, she knows, I know, that's enough. Hint: if you are an apprrrrrrentice drrrrrama queen, how else are you ever going to attain perrrrrrrfection?

Dan3264August 13, 2016 9:07 AM

@Clive Robinson,
That "bionic leaf" thing looks really cool. I wonder how easy it is to make one of those things. I generally think things related to computers and security are more interesting, but It would be awesome to have something that gives you fuel for free.

Mike BarnoAugust 13, 2016 10:06 AM

@ Marcus Malo,

I too have found Eco's Foucault's Pendulum to have relevant application to both the general topics covered by Bruce's blog and the specific contents of this reader comment section. When security requires attention to process/equipment subversions that may be hidden, it is appropriate to look for clues to information that isn't obvious, and to consider connections that aren't obvious. [Clive R's "thinking hinky" is a helpful approach toward both technology and humans.]

But as Eco implies and you noted above, humans can get obsessed, and can develop amazing proclivity to find connections and patterns even where they spring from coincidence or trivial matters. The resulting conspiracy theories get picked up by others who seek any ammunition to attack their perceived enemies, and who have abandoned judgement in evaluating evidence. The current US Presidential campaign has a number of examples of what can come from this. So do a number of drive-by posts when this blog features certain topics.

So there used to be a number of posts from "Marcus el Malo" on this forum. Are you no longer "Mark the Bad", and are you bad at all? Or perhaps just a real surname with perhaps an accent on the final O and a meaning unrelated to the Romance-language root that I inferred in your previous handle, that might not even be yours?

JG4August 13, 2016 10:20 AM


Thanks to whoever posted the link to economic growth in Vietnam yesterday or recently. I quickly realized that it corroborates the data that Hans Rosling presented in 2006.

The Best Stats You've Ever Seen | Hans Rosling | TED Talks
https://www.youtube.com/watch?v=hVimVzgtD6w

The only other data point I had on the situation in Vietnam is a depressing article about endemic corruption, which would be an ironic and tragic sequel to the corruption in the US that drove the hopeless genocide. In further irony, it was sold under the rationale that people will love you for killing their family and friends to make them free. It resolves the Buddhist paradox that "Life is suffering, help make all sentient creatures free from suffering." If you kill them, they will indeed be free from suffering.

Vietnam 40 years on: how a communist victory gave way to capitalist corruption
http://www.theguardian.com/news/2015/apr/22/vietnam-40-years-on-how-communist-victory-gave-way-to-capitalist-corruption

I was pleased to learn that people can prosper in a corrupt regime. My friend in Hanoi had some helpful comments on why the corruption isn't crushing prosperity.

It was a short step from there to here, which raises some profound security questions. I suspect that has a lot to do with the sabre rattling in the South China Sea.

Hans Rosling: Asia's rise -- how and when
https://www.youtube.com/watch?v=fiK5-oAaeUs

Thanks to whoever posted the bit a week or two ago about geniuses and their poor fit to society. I use to be one of the sharper knives in the drawer and it was helpful in understanding why I fit in some places and not others. And why I appreciate the high level of discourse here.

http://216.224.180.96/~prom/oldsite/articles/Outsiders.html

It also might explain some of why our favorite integrated circuit genius was a troubled anti-hero.

https://en.wikipedia.org/wiki/Bob_Widlar

Can't recall if Bob Widlar is the same character described in George Gilder's book, Microcosm, who would go to Mexico for extended drinking bouts, then come back to do a brilliant new integrated circuit design.

Clive RobinsonAugust 13, 2016 10:28 AM

@ Tyr, Dog Star,

A careful examination of the ones around you will show a complete lack of any possible outlets for the excellence seeking young male with any social handicap.

Whilst that is more or less true for any young male, even those without social handicap[1], there is another social indicator you need to consider as well. That is the type of society they are brought up in, it's something I've been discussing with people since the early 90's when the "cracker" and "script kiddy" culrures arose as the darkside of the hacker culture[2].

Put simply some societies are more rigid than others and this can be due to strong patriarchal or matriarchal family structures. This can lead to young men and women falling into what is in essence a "preordained" life, or rebellion. The rigidity does not encorage a moral compass to develop as it does in less rigid societies.

In essence the duty of a parent is to teach their children that actions have concequences. Socialy desired behaviour either does not get punished or it gets rewarded, whilst socialy undesirable behaviour gets punished in various ways, not all of them by criminal sanction. Thus the child learns two things, the first is responsability for their actions and secondly the societal norms we call morals. Ordering children around by ridgid dictat does not teach morals or responsability, just the consequences of anothers "Devine Right", thus submission or confrontation.

The problem with "crackers" and "script kiddies" was that parents had in most cases compleate disconnect from what their children were doing. The reasons are numerous, however importantly it was that in most cases the parents had no real cognizance of the technology and it's rights and wrongs, thus there were no sociatal norms to be taught, and also no responsibility.

The problem with those brought up in a rigid society is what happens when they nolonger live in that society... They loose the simplicity and comfort of certainty and suffer the ambiguity and stress of not having a place in the society they are now in. They are thus easy picking for anyone who wishes to give them the simplicity of certainty, irrespective of if it is moraly right or wrong in any society. In fact the ages old religious con of "redemtion for past sins" can be used to justify any future acction as "atonement" to those who have not developed a moral compass, by way of accepting that they are responsible for their actions and thus any approbation or reward that society is prepared to respond with.

[1] It's also a reason we have in the past had explorers and war heros, and more recently dam fools killing themselves in "outdoor pursuits" such as "B.A.S.E. Jumping" etc. Some see it as the price of a mediocre but safe life style, others some kind of hormone imbalance, posibly due to "fight or flight" syndrome trying to find other outlets by excessive risk taking.

[2] By "hacker culture" I mean the original creative culture of getting better understanding, performance or control of technology. Not the later off shoots for "sub culture ego food" and then criminality hence the terms "Cracker" and "Script Kiddy"[3].

[3] Unfortunatly journalists and now preditory lawyers and ill educated/advised judges do not appear to want to comprehend the difference hence the "tarring with the same brush" issues that are so problematical and are indicative of a Salam style witch hunt.

Marcos MaloAugust 13, 2016 11:23 AM

@Mike Barno

Sometimes the comments page forgets to "Remember personal info", despite the box being checked. As it happens, I also forget. Both handles are me (I don't have the stature to merit a troll faking my handle, or at least I don't think so).

RickAugust 13, 2016 11:42 AM

@r

What is that? A polite push into the arms of Microsoft? There are two very recent exploits involving the Microsoft operating system that are potentially deadly for anyone connected to the internet using BitLocker. TWO.

Are you talking about the NTLM vulnerability? [1]

This doesn't affect a non-domain connected system nor does it affect BitLocker systems using pre-boot authentication.

Granted the vulnerability wasn't good but the circumstances it could be used in were very limited and it has now been patched by Microsoft.

What's the other vulnerability?


[1]https://blog.ahmednabeel.com/abusing-kerberos-to-ntlm-fallback-to-defeat-windows-authentication/

George of the CyberjungleAugust 13, 2016 12:20 PM

@ Tyr:

I would amend your comment that "the first step to remedy any problem is to identify what it is" to add that the all-important second step is to determine whether it is, in fact, a problem or a constraint.

Also, re Pareto's take on upward mobility: Quite often, in modern America (and especially in government), the "smartest person in the room" isn't allowed in the room -- often because they don't give a tinker's damn about what anyone (themselves included) "thinks", "wishes", "hopes", "believes", "feels" or "has an opinion about". They concern themselves with the FACTS -- the mathematically provable, logically defensible and experientially verifiable facts. Others see them as "antisocial", when in fact they are asocial. Most of them would echo the assessment (Heinlein's, I believe) that "a committee is a life form with six or more legs and no brain". (But I'll get back to you on that after my focus group recommends whether I should appoint a commission to select a committee to determine whether I should fund a study on whether we should take a survey to....)

Anyway, I enjoyed your take.

@JG4:

No small amount of the economic growth in Vietnam is due to the American cons00mer's demand for "100% Colombian" coffee. ^o^

@ Peek Aboo:

Re in-car cameras, you can bet your a$$ that the politician$ will make a $pecial exemption for limou$ine$.

Mike BarnoAugust 13, 2016 12:55 PM

@ Marcos Malo [sorry for the vowel-change typo],

Sometimes the comments page forgets to "Remember personal info", despite the box being checked.

Decades of reading on security topics has left me with the habit of never never never letting such boxes as "Remember personal info" or "Keep me logged in" remain enabled unless I absolutely have to. In some cases I don't buy from a supplier or leave comments in a discussion if such a demand can't be disabled. I trust Bruce, but I don't trust anyone who might have hacked his website host or Man-In-The-Middle'd my connection, with whatever data-collection functionality might lay underneath such permission. On most websites (and of course smartphone flashlight apps), my PII and my contacts lists may get uploaded and sold to marketers and aggregators including those contracted by intelligence agencies. A tracker-blocker and this bit of caution and frequent cookie deletion reduce those problems. This comment forum works fine without checking that box, so it's worth an extra five seconds to manually type, in order to maintain that bit of discipline against risk.

albertAugust 13, 2016 2:11 PM

@Rick,
@Thoth, et al, give good advice. You are not responsible for your work laptops security, your IT department is. CYA by using a strong password, and don't venture into non-work related sites. Above all, do not use it for personal use, even it company policy allows it (not if they simply ignore it; it's the written policy that counts). Do not use company email for personal use. Does your company provide wifi? for personal use? Please don't tell me your work laptops use wifi in the office.
.........
@George, It's 'tinkers dam'.
..........
Mike Barno,
On Linux, with Opera and Chrome, I delete the corresponding .cache and .config folders. (Caution, they revert to defaults:)
...........
@Wael,
"Turn in his urn" has a nice ring to it. As the Cremation Society says, "Think outside the box".

. .. . .. --- ....

RickAugust 13, 2016 3:17 PM

@Albert

Technically I am responsible for my laptop's security. I work in law and, like many of my colleagues, am self-employed. I only use Windows 10 because our firm uses bespoke software which only runs on Windows (it doesn't work under WINE) and we also rely upon SharePoint and Office heavily.

There are 'minimum standards' which must adhere to: antivirus and software firewall on the endpoint, full disk encryption, screen locked when not in use, fully patched OS, Kensington lock etc.

We do use WiFi although via a RADIUS server with UTM. Hard wired Ethernet cables aren't practical for our purposes as we move about regularly (desk to: meeting room, client rooms etc.)

I don't use our corporate email for personal use and when we're out of the office we connect with a VPN.

We have a clear desk policy and physical security is fairly good.

I'm not suggesting that these countermeasures would protect against a nation state but they're not our adversary.

Any other suggestions for hardening the system would be gratefully received.

Sam GarlandAugust 13, 2016 3:58 PM

@Clive Robinson
"Google appear to be building a new Open Source OS called Fuchsia."
So named because as soon as you boot your system it will begin to fuchsia up the ass. ;-)

@Rick
"I'm eagerly awaiting Bruce's tips on hardening the OS (...) It might be a good idea for us all to contribute our suggestions"
Sure. Hold the installation DVD with a pair of tongs and set fire to it before it goes anywhere near your computer.

@Dog Star
That conspiracy theory has been widely dismissed. The message is not proper Latin. If the NSA had anything to do with the closing down of TrueCrypt, that supposed message is not the way to confirm it.

George of the CyberjungleAugust 13, 2016 4:33 PM

@albert
Re @George, It's 'tinkers dam'.

I no. Butt I just didn't give a damb. Sioux me. ^o^

Clive RobinsonAugust 13, 2016 5:59 PM

@ Rick,

I'm not suggesting that these countermeasures would protect against a nation state but they're not our adversary.

Your adversaries are who ever thinks there is an advantage in breaching legal privilege. Whilst they may not be "nation state" they could be worse a lot worse. It rather depends on who your clients are and who their adversaries are. In effect their enemies become your enemies. If they decide to get the likes of Kroll etc involved you could end up taking flying lessons out of a high rise window, or swinging by your neck under a bridge. And Kroll are one of the more cuddly investagative businesses out there, that is there are a lot lot worse. But then you have the likes of the NYC DA sending in SWAT teams into the houses of software developers to act as persuasion to "backdoor" quite legal software.

The point is you realy can not tell who your adversary might be at any point. And as I often tell people when it comes to security "Paper Paper never data" is a serious consideration, because it is easer to issolate, control and destroy paper than data ever is. After all as the Panama Papers have shown exfiltrating hundreds of megabytes of highly confidential client information is easy. Trying to do the same with the office photocopier or minox camera and tens if not hundreds of thousands of pages etc from filing cabinets and desk draws would be infeasible at best.

albertAugust 13, 2016 6:16 PM

@Rick,

That's entirely different.

I recall some recent postings with very detailed information on how to 'harden' Win 10. You might review them, and see if you're doing everything they suggest. It would be nice to have a company-wide policy for that, so one guy can't 'bring down' the whole system.

I'm sure the experts here might have more to add, given your detailed information.

. .. . .. --- ....

Nick PAugust 13, 2016 6:28 PM

@ JG4

re The Outsiders

That was me. Glad someone found it helpful. I got from "Tommy the turtle" who used to post here. He was a double MBA in economics/finance whose talents led him to learn all kinds of other stuff. Wrote some good posts here as he tried to learn INFOSEC and discussed things from his perspective. Learned so much from his emails. You can find his posts here if you put his name in quotes searching this blog.

@ all

Regarding Matthew Green's post on Apple's HSM use

Post here.

This article is weak in so many different ways. Let's just go through a few points that jump out.

"This leaves us with basically one option: a user password. "

"So Apple finds itself in a situation where they can't trust the user to pick a strong password."

There's been many strategies with various tradeoffs. Giving them the password isn't the only one. Let's work on that one as I already see objections coming involving people being too lazy, other stuff they'll loose, etc. I know Apple will say it at least although they likely want this centralized & push-button for reasons that aren't about privacy.

"Rather than trusting Apple, your phone encrypts its secrets under a hardcoded 2048-bit RSA public key that belongs to Apple's HSM. "

Rather than trusting Apple, you trust all developers, admins, HW engineers, suppliers, etc involved in the HSM. Unlike most things, the nature of this product and small number of suppliers means High-Strength Attackers will all consider targeting them or their employees. The theory is that there's more scrutiny on them and incentive for the companies to play honest. The truth was shown with Crypto AG, RSA, U.S. telecoms, and others: many will risk their entire business for short-term earnings (bribes) if they think low chances of getting caught. Double that if they think it helps them in long-term dominating markets with PR teams dealing with bad press.

"your phone encrypts its secrets under a hardcoded 2048-bit RSA public key that belongs to Apple's HSM"

"Critically, only the HSM has a copy of the corresponding RSA decryption key,"

My studies on HSM's showed many could import or export private keys. This is especially useful for backup/recovery purposes. This also means the keys could be shared with parties doing surveillance. If that's true, how do you know your password *only* went to a HSM if encrypted with those keys?

"provided that the HSM works as designed"

HSM's, esp supporting software, have all kinds of problems. People that work on them tell me about them. They all say they rarely talk publicly about it due to threat of losing job or getting sued. I'm not posting further on this point except to say it's a matter of faith until proven with rigorous evaluation that only a few have. Like any security claim.

"This rules out both malicious insiders and government access"

No it doesn't. See "rather than trusting Apple" above. The government's own standards, EAL6-7 and NIPSOM, show in theory plus practice with prior evaluations that it takes a lot to stop all the threats most of the time. Not everything or always, just mostly. There's no way these money-grubbing companies did all that. They certainly didn't claim it in evaluation. I also didn't see any Snowden slides where the U.S. government griped about targets using HSM's despite a bunch of them doing so. That might be due to pervasive insecurity where they just hit something else. Yet, I'm still concerned given most HSM's come from defense contractors that only care about the bottom line in jurisdictions known to bribe or secretly compel parties for surveillance boosts. Assume they have your stuff if you *solely* use a HSM to protect it.

"You see, the HSMs Apple uses are programmable. "

Apple says they're worried about High-Strength Attackers. They take a stand on privacy. They can choose between non-programmable and programmable solutions. One dramatically increases the risks of subversion and hacking. They go with that one. Now to explain why it's still trustworthy.

"programming the HSM to output decrypted escrow keys. "
"Or disabling the maximum login attempt counting mechanism. Or even inserting a program that runs a brute-force dictionary attack on the HSM itself."

Wait, didn't I guess that escrow one immediately? It's not a problem he (they) will tell us. Let's see why.

"Note that on HSMs like the one Apple is using, the code signing keys live on a special set of admin smartcards."

What about the code they signed? Did they publish it? If not, they're developers are at least virtuous people working for virtuous company. Next concern.

"We run the cards through a blender."

Will not comfort anyone whose read Anderson's Security Engineering about difficulty of exploding nuclear secrets or has heard of data recovery services pulling evidence off of shredded or burned disks. They were at least smartcards (see escrow & organizational risks above). So, if they were *secure* smartcards (oh no) & not subverted, then their design will probably prevent recovery. There's a lot of smartcards that aren't secure, though. Still probably hard if ground up. The card's contents were probably destroyed they assure me. Moving on.

"Pretty much the only action Apple can take is to wipe the HSM"

Assuming they didn't export the keys on HSM or smartcard. Assuming the software they loaded doesn't have an exploitable backdoor, covert channel, etc. Assuming they aren't cooperating with anyone possessing vulnerabilities in any of the products. Assuming they can't contract someone to beat HSM's tamper mechanisms like researchers have done for many devices (esp smartcards). Assuming a classic, EMSEC attack isn't possible to pick up the internal secrets like NSA, Russia, Israel, etc been doing for decades now. A few assumptions being true, some weaker than others, then his statement would be true.

"The downside for Apple, of course, is that there had better not be a bug in any of their programming. "

Look at Apple's security track record as you assess that. Come to your own conclusions.

"To be sure, Apple's reliance on a Hardware Security Module indicates a great deal of faith in a single hardware/software solution for storing many keys. Only time will tell if that faith is really justified. "

There's plenty of people I hacked that never knew it happened. There's tons of government secrets I've tried to figure out but still don't know. Unless Snowden 2.0 happens, you may never know that operators in a Special Access Program had and analyzed your secrets. You almost didn't know about what's been published. Hundreds to thousands of people kept it secret with only one man deciding to publicize it. Other leaks were extremely limited in comparison. That government can't keep secrets long enough to be effective is a lie. That highly-vetted people don't tell secrets to the media at TS/SCI level & some of those subvert INFOSEC tech is the norm. Snowdens are exceptions.

"But the argument that Apple has enabled a law enforcement backdoor seems to miss what Apple has actually done"

The argument is partly sound because Apple just increased the risk for their users in a way that might facilitate government eavesdropping. Nobody should argue that they did it intentionally for that purpose or law enforcement is using it. We don't have evidence of that. We do know a ton of keys are now concentrated in one, IT solution. INFOSEC history teaches us that bad things usually happen in such situations. Even lay people know this with some saying about baskets.

"Apple has devoted enormous resources to locking themselves out. "

Enormous resources is enormous overstatement. It's equivalent of a few IT projects. It's a better step than many others took, though. I also trust the HSM mechanisms to work better than I trust Apple's developers. It might also filter out many types of attackers because of difficulty or cost of breaking them. Those are its good points.

"That's radically different from what would be required to build a mandatory key escrow system for law enforcement."

No, this is exactly one of the things discussed under the Clinton Administration. The declassified CIA report (see 1996 policy) indicated that the main proposal was a third party hold, store, and share with LEO's the keys. One option was having the companies do it themselves. The standard way to do that in high-security, commercial sector is HSM's. Smartcards, too, these days. Keys are often moved for disaster planning. So, what Apple's doing and the prime risk is as old as the Crypto Wars. Actually older if you count military, COMSEC gear given similar practices. So, Apple's proposal is essentially one of the government's outside destroying the admin keys. ;)

https://www.cia.gov/library/readingroom/docs/DOC_0006231614.pdf

"That's a good question. Maybe you should ask them? "

Risk of loss if their crypto screws up and (most important) the extra costs. The same reasons many companies avoid the same things when they know about them. Same for encrypted email with usable solutions. I knew example where one person forgot their password and that led company to ditch the whole thing for fear more critical info would disappear. People's photos, music collections, etc are critical to them. Apple probably also values integrity and availability over confidentiality. I encourge more development of almost zero-cost, high-availability solutions to these problems so mature solutions will eventually get uptake. Quite a few academics and small businesses doing good work here, though.

ThothAugust 13, 2016 6:52 PM

@Moderator, @Bruce Schneier
@Rick is waiting for your (@Bruce Schneier) AMA answers regarding 'hardening'of his Windows 10 work laptop. Can you get his attention for this.

@Rick, why don't you email him directly :) ? Also, you stated that you are self-employed and this the Win 10 laptop is for your business purposes.

As I have mentioned, access personal stuff on a personal network and computer and access office stuff on an office network and office computer. I have two networks at home with one for office-only (2 routers) and one for home-only if that would be useful for you to copy.

Since you are asking how not to leak personal information and by that I am guessing you do not want to leak work information since it's a self-employed business, using VPN, FDE, pretty much covered all corners. You can only get as much security out of the OS that provides the basis for security and Windows especially Win 10 is notorious for leaking users information. There is nothing much that can be done due to the nature of the OS. One method would be to use high assurance Data Diode but that is too troublesome and you are better off without it. We are back to square one all over again :( .

If you are really paranoid, you are better off configuring office network to disable all wireless and only accept LAN and then blacklist ALL sites and protocols and slowly whitelist only protocols and sites you need. The reason is if Win 10 has backdoors to bypass your hardening selections (including modifying registry values), if your network routers do DPI and block all the unwanted sites and protocols, what can a Windows trying to exflitrate information do when it hits a stroct firewall and DPI engine. The management terminal for the network firewalls should be done on a non-Windows computer in case backdoors and malwares on Windows computers decide to play with your network protection console.

To summarise, the answer is not how secure you can secure Windows 10 but it is how much you can use the environment to lock Windows 10 down (i.e. network filtering on routers). This is an adaptation of @Clive Robinson's Prison model where the Windows 10 is the leaky traitorous CPU and how to imprison the CPU and prevent leakage.

Nick PAugust 13, 2016 7:06 PM

@ Thoth

"@Rick is waiting for your (@Bruce Schneier) AMA answers regarding 'hardening'of his Windows 10 work laptop. Can you get his attention for this."

There's all kinds of forums and articles reachable via Google for hardening Windows boxes. They're best spot for such answers with communities that stay posting them. People can ask questions like that here, too. People might even try to help them. Yet, nobody should expect it. Especially not from Bruce as he's a busy guy whose expertise is better suited to his current activities rather than configuring Windows. Best not to call him out to answer such questions. He will on his own if he wants to.

Btw, you might like my HSM-related article above given your research into those things. I'm particularly curious if there's any special, non-deletable audits of key escrows on the HSM's. I'm assuming not unless buyer puts them there. Green's misses are so obvious on a few of the issues that I'm going to start reading his claims more carefully from now on if it's not crypto algorithms or protocols he's reviewing.

ThothAugust 13, 2016 8:50 PM

@Nick P

re: Apple HSM and Matt Green

I heard someone implicitly summoning me via my HSM connected doorbell :D .

"My studies on HSM's showed many could import or export private keys. This is especially useful for backup/recovery purposes. This also means the keys could be shared with parties doing surveillance. If that's true, how do you know your password *only* went to a HSM if encrypted with those keys?"

If you could name a HSM that could export private keys and also whether they are in FIPS mode. FIPS 140-2 Level 3 mode prevents insecure exports of private keys and other keying material. For what I know, Thales and Safenet don't simply export keys. They use their own crypto tokens to store keymats when transferring between HSMs and their own security domain KEKs to wrap them as necessary and usually they will allow M/N secret sharing export and recomposition. Safenet uses some huge PED device to load the rypto token key shares while Thales uses smart cards. Thales does allow manual secret share export and import via entering wrapped key shares in hexadecimals for those of you who are paranoid and prefer the paper method. The paper method is used usually for the payment application where it requires more security to transport highly sensitive EMV payment LMK keymats used for your credit card transactions and across ZMK wrapped key shares. Good old days of the thousands of US dollars worth of crypto-calculator whose only function is help you to view the shared LMK shards and copy them on paper before you drill a hole into the IC chip of the smart card containing the wrapped LMK and then do paper transport as per the required standards procedure for EMV key transport security as per using the EMV payment application on the Thales HSM and still used till these days.

So for famous HSM suppliers with FIPS 140-2 Level 3 HSMs (FIPS 3), if the company enables Strict FIPS mode, good luck with exporting the private keys. You CANNOT export the keys thus that's why it's called a Hardware Security Module for a reason. You can only do a security domain transfer and even if you can view the wrapped key shares via the HSM's security domain keys, it would not benefit anyone either. Thus, for a properly vetted and certified FIPS 3 HSM operating in Strict FIPS mode (this is a Thales term for strict FIPS 140-2 Level 3 mode), you cannot do whatever password export you mentioned. That option simply doesn't exist in FIPS 3 certified HSMs with Strict FIPS enabled. You are left with security domain protected paper key share transport (Thales HSMs) or token transport (Thales and Safenet HSMs).

The only concern being whether the HSMs security domain keys are manipulated by The Powers That Be. If the worry and threat model is vs. The Powers That Be, then smartcards, HSMs ... almost nothing can be used. We would be frozen in place by fear as we start to suspect which IC manufacturer has been compelled. That means we should assume ALL ICs as untrusted and that would put both Prison and Castle model useless as we are back to "do not say anything if you want it a secret" or "only dead people speaks the truth". Even paper keys would be useless for who knows hidden cameras and surveillance apparatus might be everywhere.

Also noting that FIPS 3 certified HSMs must operate in strict security conditions and even a single byte of change in the firmware or even a change in hardware even as harmless as replacing a screen or button that have not been used in the certification would immediately invalidate the FIPS 3 certification on the spot and requires re-certifying. Of course the FIPS certification still has many holes left to be desired but those are the technical capabilities that they have dragged like mandating EMSEC which is reserved for FIPS 140-2 Level 4 (highest level) and now for the FIPS 140-3 draft (version 3 of FIPS 140), they are considering pushing EMSEC criteria through to make it more common and pushing up security but the FIPS 140-3 draft is taking to long to manifest.

"HSM's, esp supporting software, have all kinds of problems. People that work on them tell me about them. They all say they rarely talk publicly about it due to threat of losing job or getting sued. I'm not posting further on this point except to say it's a matter of faith until proven with rigorous evaluation that only a few have. Like any security claim."

SO far I have not seen or heard nor experienced anything with HSM's supporting software having serious enough problems to be concerned a security concern or security weakness as of yet from the Thales HSM side which I frequently work with. I also rarely heard about Safenet side but maybe because I use Thales HSMs as my main stay.

""This rules out both malicious insiders and government access"

No it doesn't. See "rather than trusting Apple" above. The government's own standards, EAL6-7 and NIPSOM, show in theory plus practice with prior evaluations that it takes a lot to stop all the threats most of the time. Not everything or always, just mostly. There's no way these money-grubbing companies did all that. They certainly didn't claim it in evaluation. I also didn't see any Snowden slides where the U.S. government griped about targets using HSM's despite a bunch of them doing so. That might be due to pervasive insecurity where they just hit something else. Yet, I'm still concerned given most HSM's come from defense contractors that only care about the bottom line in jurisdictions known to bribe or secretly compel parties for surveillance boosts. Assume they have your stuff if you *solely* use a HSM to protect it."

I am also not convinced if HSMs prevents Government access but HSMs are capable of preventing malicious insiders as long as the administrative quorums needed for colluding is high enough where a single malicious insider cannot do anything unless he/she colludes with all other key custodians to a point where the administrative quorum has been reached and enough to authenticate the command to the HSM to perform actions like wiping the HSM or transferring keys to a HSM the attacker owns.

Noting that Thales HSMs have "legal restrictions" in the form of their licenses for feature activation in the name of crypto export control from the UK and that you do not get all the security features from day 1 until the signed licenses issued by Thales arrives and is loaded into the HSM(s). One such feature is a rather dubious option selection between everyone else (Restricted Mode) and some European/American mode (Unrestricted Mode) when running the Secure Execution Engine which allows you to load your personally crafted applets you want the HSM to run in the security confines of the HSM's SEE engine besides the usual Key Management engine. Before you can load your specialized blob into the SEE engine for Thales HSM, you need to show your codes to Thales and they have to approve and sign your codes that will produce a special "warrant" (HSM certificate) that you load the signed code's warrant with the code blob and also select the Restricted/Unrestricted mode base on the country you are operating in. If Thales HSMs are used plainly for the basic Key Management, it's all fine and good with Strict FIPS enabled but once you have to write codes to load into HSM for Secure Execution codes ... I would like readers here to know that your codes are scrutinized by Thales before they can run it inside the SEE of a Thales HSM. If you are simply running a financial business and you want to run SEE codes (the proper name is called CodeSafe codes according to the Thales SEE CodeSafe branding), Thales supports financial businesses running CodeSafe (i.e EMV crypto codes, EMV PIN crypto ... ). If you are using Thales HSM because you are a Government agency needing to secure some critical codes in Thales CodeSafe engine or you are some cryoto-activist or maybe have an agenda not aligned to US/USA/Allied-friendly, you better think quadruple times before you want to use CodeSafe. One example are running Bitcoin hot wallets for Bitcoin Exchanges inside Codesafe which I am strongly against due to the fact Governments have varying views on Bitcoin and some view Bitcoin as Anti-Government activities and thus are hell bent on wiping it out so think quadruple times before using these special CodeSafe features.

For Thales guys who maybe lurking here which you know who you are, sorry to push in the spoiler but I don't trust your CodeSafe even after helping you guys service CodeSafe. It just ain't meeting my "Trustworthy" mark :) .

I will point out how to operate a HSM and also run your SEE codes without trusting the HSM's SEE engine but use them for Key Management on another LONG POST. I know I am writing too much (probably even for my own good).

"You see, the HSMs Apple uses are programmable. "

I think I just bunched that together above. No I don't trust a programmable HSM either. Read above. The KM is fine but the SEE is not.

Just a reminder that in FIPS-3 mode, all your programmable SEE codes cannot be used because FIPS-3 mode requires a clean environment and SEE codes are considered uncertified and thus unfit for running FIPS-3 mode.

WWWWAAAAAIIIITTTT ... that means Appple wasn't using HSMs in FIPS-3 mode because they could run their custom codes which means without the security of FIPS-3 ... OK ... now you may export the private keys without restriction :D . No FIPS-3 means weakened key export security. Hehehehe ....

""Note that on HSMs like the one Apple is using, the code signing keys live on a special set of admin smartcards.""

This part maybe misinterpreted with a very high degree of certainty in my opinion. The admin cardsets are not storing any keys whether it is for Safenet, Thales or whatsoever HSMs. How it works is, to approve X operation, you need the admins (with enough quorum) to present their crypto tokens (USB crypto token for Safenet and smartcards for Thales and AEP Keyper) in front of the HSM via it's USB token or smart card slot on the face of the HSM hardware. The admin keysets are used to sign operations like loading custom codes or exporting keys and so on. If you physically destroy enough quorum of the admin cardsets, you suddenly don't have enough admins to form back the proper quorum of admins needed to approve X operations that requires that particular admin cardset to authorize those operations (noting that every Key Blob Object has a Crypto ACL ruleset governing how the key can be used, how many times it can be used, under what conditions it can be used and by which admin cardsets assuming many admin cardsets and under how big of a admin cardset quorum).

Just to prevent confusion, the cardset controlling the signing key is not called an admin cardset but an operator cardset. Because if you destroy the admin cardset (with enough destroyed quorums), you cannot operate the HSM when you need to. The admin cardset would only have rights to administrate generic HSM functions (more like a Sysadmin) whereas the operator cardset has the fine grain ability to control the crypto keys (thus the name operator cardset - a.k.a Crypto Operator). The problem with destroying the admin cardset so prevents updating the SEE engine codes but would also make administrating the HSM impossible as well so I am thinking they created a Code Signing Operator Set to govern and create the Code Signing Key and then once done, simply destroy the Code Signing Operator Set would pose a problem with what to do with the lingering Code Signing key still sitting in the HSM (presumably in unlocked mode for free and easy key usage) and the what-ifs for using the Code Signing Key assuming you need to sign codes with the same key and also the key revocation problem where without the Code Signing operator cards, there is no known way to revoke the key because the actual HSM Admins are usually designed to be only concerned with generate administrative procedures of the generic HSM functions (loading CodeSafe codes, migrating HSM environment, reboot of HSM, creating new HSM environment ...etc...) and most HSMs have segregation of duty built into their architecture where the HSM Admins cannot interfere with the keys protected under a specific set of Operators. This ends up in a Chicken-and-Egg problem with that kind of simplistic thought that shredding a HSM's operator cardset physically would mean no one can gain access as now the owners cannot gain access or use the key either. You need the original Operator to transfer the control of the keys to another Operator and the HSM Admins have no say over transferring of rights of keys (at least from Thales HSMs point of view).

"We run the cards through a blender."

The most important part of a smart card is the metal contact. Just cut across thhe metal contact in an asterisk shape and you have rendered the 2mm x 3mm IC useless. View an actual smart card chip I personally opened below (still have the epoxy on it).

It's too much to post in one pot so I will break it down here. HSMs are secure against insiders for a reason (tamper resistance and administrative quorums). They may not be secure against Governments as we all know and it requires a setup that shares the security load (i.e. Prison model). The smart cards' chips are very tiny and my recommendation of destruction would make it very very hard to recover even for HSAs if you did view the image posted below on how small that chip is. The importance of enabling FIPS-3 mode and not go about destroying operator and administrative cardsets just to prevent the HSAs from entering. It inconveniences oneself but does not guarantee prevention of HSA entry via backdoored HSMs (if it exists).

I will post again later (as I am busy now) on how to use a smart card as a tamper resistant SEE engine which you have control over the codes and execution while still use a HSM for Key Management and backup of wrapped keys without needing to compromise either. A smart card would be very slow on execution of security codes but you can load balance them on a USB hub with USB smart card dongles to accelerate their speed for your custom codes which you have MORE CONTROL over (vs. a HSM's SEE where the codes must be vetted by HSM providers) and then use HSM to do backup securely.

Be back in a moment.....

Link: http://imgur.com/a/l3al0

ThothAugust 13, 2016 8:52 PM

@Nick P

"Green's misses are so obvious on a few of the issues that I'm going to start reading his claims more carefully from now on if it's not crypto algorithms or protocols he's reviewing."

He missed too much to be desired. I might find time later to read and try to fill in in more details if I still have the energy to do so. Busy busy busy !!!!!

BRB ....

ThothAugust 13, 2016 10:13 PM

@Nick P
Answering while travelling to my destination on smartphone. Short answer for is the iCloud scheme secure is YES it is secure if your device passcode is strong.

How it works after reading the Blackhat slides is passcode derived key (MKEK) wraps a backup escrow (KEK) which the KEK wraps Key Object Blobs. To access the escrow KEK, you need the passcode and bruteforce is the problem which is solved by a securely long password. The escrow is NOT generated by the HSM but by the iPhone SEP. So the HSM cannot access the escrow unless bruteforce the password.

Are users cloud keychain secure from academic perspective in short. YES of strpng password protects the SEP made KEK.

HSM from slides only bother with voting to allow fetching and changing of password try counter and has nothing to do with unwrapping or wrapping the Key Object Blobs whatsoever. In strict sense, the user's key escrow is only accessible from the user who knows the passcode and nothing more.

Since the escrow cannot be unwrapped by HSM, there is nothing to log down or unwrap assong unwrap is done on endpoint iDevice SEP processor.

65535August 13, 2016 10:28 PM

@ Rick

If you are a lawyer you are probably a target – be it a rival or possibly the FBI. I can understand your concern.

First, what edition of Windows 10 are you using? Is it from a major vender with bloatware? Some bloatware leak information. If it is loaded with bloatware then you may have to backup the critical files and clean install.

Next, is the infamous Microsoft Account? You should disconnect from your Microsoft Account.

Are you using Office 365?

Do you use a third party encryption tool?

Without knowing you version of your OS or if you have a Microsoft Account it is hard to give you useful advice.

rAugust 13, 2016 10:40 PM

The other exploit is the signature bypassing trick, and iirc there's one slightly further back than the new NTLM domain hack (having to do with the Edge browser reenabling an exploit that was fixed in the 90's).

rAugust 13, 2016 11:14 PM

I'm just not comfortable with the environment right now, things seem very hostile.

FreeBSD and friends, Multiple Windows 10, Linux 3.6+, Monitors; I mean, it could just be defcon this year - but it's not making me very comfortable.

The linux 3.6+ thing is capable of doing damage behind the scenes, watch packetstorm for the individual distro's to announce the application of said trickle-down patch. If it affects Linux, I wonder if that networking code was incorporated into all the new Linux to Android hardening that was imported (networking subsystem of the kernel may have been included for compatibity and ease(eg. whole kernel digestion I just don't know)), you just never know with today's open source world and the globally shared code base.

There's a reason DeRaadt is strict about his inclusions and slow about his adoptions, things have to be done right. I just think the shyguys like to play catch and release alot is all.

rAugust 13, 2016 11:18 PM

Oh, I almost forgot. I'm willing to bet the i2c monitor stuff can be used against VirtualMachines as a livelyness test.

rAugust 13, 2016 11:46 PM

@Rick,

Oh yeah, also the UEFI debug bootstrap bs.

Please remember, MS might've found out about any of those exploits a month before publishing - to develop and test a fix. The researchers might've discovered the holes a month before they emailed MS - to develop and test an exploit. Also please note, that multiple governments have access to MS source code and those researchers might've not been the first to discover it.

We know the NSA discloses bugs to companies when they are no longer of any use (or at least used to), SO if the jig is up there's a reason.

And at any point during that exchange of information, Eve's droppers could've been dropping Eves off at Adam's room for the night or the month invited or not.

They also make a habit out of targeting admins, developers, cow orkers, relatives, friends, people in proximity to, likely even one's kitty cat from time to time. When's the last time you checked his caller?

ThothAugust 14, 2016 1:44 AM

@r

Write your own smart card applet for security sensitive codes that requires secure execution and execute it from within it's security confines.

You get to control most of the execution and no central authority needed to vet your codes. You own your own environment to a hige extent.

Clive RobinsonAugust 14, 2016 2:15 AM

@ Rick, 65535,

One minefield you will have to negotiate is how you evaluate the security advice you get...

It's easy to get wrong and thus fall into the bear trap, and there is a cautionary tale you might want to investigate.

As @65535 has noted Microsoft "Office 365" is not a place you want to be at any time where legal or other privilege is a concern. To many security experts it is obvious why you should not, but that "Memo" apparently did not get through to those advising the UK's Parliament. Thus it came as something of a shock to MPs that their Office 365 work and EMails had been rendered compleatly void of privilege.

I would recommend you read the Computer Weekly article by two well respected journalists but it's behind a paywall. So second best is this TechDirt article discussing it,

https://www.techdirt.com/articles/20160602/17210734610/investigation-shows-gchq-using-us-companies-nsa-to-route-around-domestic-surveillance-restrictions.shtml

The question you have to ask is why were the clearly known security issues not made clear during the selection and procurement phase of the move to Office 365 considering the level of privilege and security even ordinary MPs work can have...

Clive RobinsonAugust 14, 2016 2:24 AM

@ r,

... likely even one's kitty cat from time to time. When's the last time you checked his caller?

Is that a "slip of the spellchecker" or do you realy let your cat receive visitors in your home?

Either way it raised a smile.

Gerard van VoorenAugust 14, 2016 2:28 AM

About trusting a MS OS. I can only comment on W7 as I haven't tried W10 and am not about to. W7 used to be the best MS can deliver, but it did have lots of problems that could have been avoided and improved later on if they cared about it. The problem with MS is that they delivered first and then "improved", with their Tuesday patch crap. Here are some of the problems of W7 (although not all related to security):

* Slow. Some programs are zillion times slower (and also much more limited) than their Open Source equivalents. Think about unzipping, Media Player, startup etc.
* Their sorry excuse for the command line.
* Notepad and that other pad. Notepad++ runs circles around these. And for the "shortcut pros" VIM and EMACS are unbeatable.
* The sorry excuse for that "registry"
* The fact that no program is sand boxed with fine access control. This means that each new 3rd party program install can and will mess up the system. And most professional W7 systems have dozens of 3rd party software installed, including Adobe crap.
* The "Only Sony" problem. W7 can't network with *nix, nor read/write *nix file systems. FUSE/9P? Never heard of it.
* Dealing with possible malicious content. There is no way of doing that. Look at Qubes for the right approach.
* File extensions that are hidden by default and the possibility of creating new icons for data means you don't know whether you are starting the right program.
* Encrypting hard drive? Encrypting network? Not by default. Packet filtering, the same.
* AV is required but these are not up to the task and a source of problems by their own.

Of course lots of these problems have been solved with W10, but they probably introduced numerous new ones (phoning home for instance). And also lots of these problems do have solutions in W7 but I am talking about defaults. Like someone in Reddit said: "Each time someone says that defaults don't matter God kills a puppy". It's also these problems that are the main reason that Botnets are so massive and can survive for so long and that also ransomware is "viral" today. I am not kidding here, I know quite a few companies and people who are the victim of this. MS has neglected these fundamental problems for ages (probably because of backwards compatibility and arrogance) simply can't be trusted.

I agree with Thoth that OpenBSD is probably today the best choice or if you have a system with the right amount of resources Qubes is another good choice but the state of affairs in Operating System world is quite sorry. Operating System design stopped 25 years ago. We see diversification but not fundamental and radical new approaches. The reason why is obvious btw. The same can be said about hardware.

Clive RobinsonAugust 14, 2016 3:25 AM

Now for something compleatly different...

Many know about the Mentos and Diet Cola trick where you get a realy good fountain of cola shooting out of the bottle[1]. It's been brought up on this blog before as a joke about liquid bombs.

Well I suspect many do not know that nature has the same trick, only in this case it has real world security implications as it kills,

http://www.atlasobscura.com/places/lake-nyos-the-deadliest-lake-in-the-world

The underlying process is "Nucleation" [2] and it happens under a number of circumstances.

As an example, the use of water to hold down other water in a dangerous state can and does happen in peoples homes. If you heat a cup of liquid long enough in the microwave, occasionaly when the cup is picked up the liquid erupts in a boiling state over a persons hand, causing quite bad scalding[3]. The cure is to put a spoon or similar into the cup before you heat it in the microwave, just remember if it's metal that it needs to be at all times a centimeter away from the sides or top of the microwave.

[1] https://en.m.wikipedia.org/wiki/Diet_Coke_and_Mentos_eruption

[2] https://en.m.wikipedia.org/wiki/Nucleation

[3] http://www.fda.gov/Radiation-EmittingProducts/RadiationEmittingProductsandProcedures/HomeBusinessandEntertainment/ucm142506.htm

tyrAugust 14, 2016 5:55 AM


@Clive

Sometimes you can see the same phase change
behaviors in the cold. Liquid water still in
a liquid state when at temperatures below
freezing. Any outside influence will cause it
to turn to solid ice instantly.

Your points about how societies effect those in
them are correct. The old Chinese tradition of
making everyone responsible for the community
reputation (face) kept a lot of antisocial acts
under the public radar. If you didn't the whole
community turned on you to correct your errors.

The real dangers are setting the young adrift in
the milieu where everything is commodified to
have them try to build a whole set of meanings
out of their own resources. That's a really bad
idea IMHO.

Assuming that the young can think their way out
of the induced emotional states of external
pressures is being far too naive about the
abilities of the median humans. We are social
animals and we need that social feedback or we
become abberant and not always in a benign way.

As far as cyber early days, the idea you could
buy a kid a 4000 dollar comp and turn them loose
on the information highways, made as much sense
as turning the same 14year old loose with a
4000 dollar car on the real highways. Mommy and
Daddy don't understand computers wasn't a valid
excuse. It made for a weird community of prodigies
and random adults, some dodgy as Hel in my opinion,
but with the shared value of curiosity about the
world it didn't turn out too badly.

One exception. the fears you could generate in
the ignorant were pretty hard to stomach, they
were far too ready to believe in magic. That's
pretty hard to justify in the light of science.

Probably just Clarkes Law but you'd expect more
from the civilized folk.

ThothAugust 14, 2016 6:53 AM

@tyr

"The old Chinese tradition of
making everyone responsible for the community
reputation (face) kept a lot of antisocial acts
under the public radar. If you didn't the whole
community turned on you to correct your errors."

Isn't this common in every community and not just the Chinese ?

Who?August 14, 2016 6:56 AM

@Rick

If you are forced to use Windows 10 then you have no privacy nor security. Your only choices are:

1. using another operating system (OpenBSD or a few hardened Linux distributions); and,
2. never connect your Windows 10 laptop to public networks, but be aware that it is one of the weaker operating systems even airgapped (how will you share data with this computer? by mean of USB drives? a bad choice... will data be Office documents? another bad choice).

You cannot just disable telemetry, as proved earlier on this blog. Even with telemetry disabled Windows will contact more than ninety Microsoft related servers around the world. Mainstream operating systems (Windows, OS X, iOS, Android, IOS (Cisco), JunOS, ScreenOS, ...) should be avoided if you really care about security and/or privacy.

If your business requires Windows then they do not care about privacy or security. Accept it. There is nothing you can do about it. There is no way to build a secure infrastructure using the wrong foundation, it is just a waste of time that will make you think you are secure while you aren't.

Hugos DerreAugust 14, 2016 7:07 AM

Re: Passwords

Here is a list of the 1000 most common passwords.

What jumps out at me is the complete lack of CAPITAL letters. Is it that capitals don't matter for crack apps or is it that adding capital letters to a password increases it's strength geometrically?

The other thing is: simple dictionary words, like "pizza" for a password.

I could imagine a password like that to lock your recipe app for pizzas, but would anyone in their right mind use something like that for, say, an online bank account?

Bruce has mentioned password crackers can do miraculous things these days using multi million item dictionaries. I think sometimes when big data bases are stolen part of the booty is simply having more passwords to add to the dictionary.

Anyway, do CAPITALS matter?

And, any thoughts on a SIMPLE but effective password strategy?

JG4August 14, 2016 7:08 AM


http://www.nakedcapitalism.com/2016/08/links-81416.html
...
Have we detected an alien megastructure in space? Keep an open mind The Guardian (furzy)
https://www.theguardian.com/commentisfree/2016/aug/12/alien-megastructure-tabbys-star-kepler-telescope
...
Big Brother is Watching You Watch
Facing Down the Panopticon Counterpunch (Bill B).
http://www.counterpunch.org/2016/08/12/facing-down-the-panopticon/
Developed in Iraq, Deployed at the DNC?: Cell-Jamming Technology is Being Turned on Journalists Mint Press News (Chuck L).
http://www.mintpressnews.com/developed-iraq-deployed-dnc-cell-jamming-technology-turned-journalists/219362/
Guillotine Watch
Rich people are bragging about their luxe panic rooms New York Post
http://nypost.com/2016/08/08/rich-people-are-bragging-about-their-luxe-panic-rooms/

Knot MeeAugust 14, 2016 7:15 AM

@Who?

One flaw, sort of, I've noted of the MSMS-Microsoft Mass Surveillance is use of SSL.

If you have a machine you want to protect, use the firewall and/or router to block port 443 and ssl.

Internally, windows will still be trying to phone home, but can't go anywhere.

Does it disable much web surfing? Ans: Absolutely. But, for other purposes it seems to keep MSMS at bay.

TatütataAugust 14, 2016 7:52 AM

The problem with all those long recipes for plugging the orifices through which Win10 oozes data is that M$ punch new ones can nullify all your efforts with the next compulsory automatic update. You can have no assurance that you didn't overlook anything.

It's like Whac-a-mole, but you are the mole, and Redmond wields the hammer.

After a few years of running Linux as a guest in a VM and becoming somewhat proficient with it, I'm finally biting the bullet. I'm installing Linux as host on my new laptop, and Win7 as guest for legacy applications. I can't say I'm enjoying this very much, but this should let me buy a few years of time, during which I'll be able to port or rewrite my own stuff, and find solutions for the third-party software.

ianfAugust 14, 2016 8:30 AM


      OT Somebody please warn @Figureitout of INCOMING! NOISE PAYLOAD. Others, please, suffer in silence.

IT'S OFFICIAL: “Millions of cars at risk as keyless entry systems can be hacked

    Cars that use Volkswagen’s remote keyless entry system are vulnerable to theft using equipment costing £30 [paper at Usenix security conference] https://gu.com/p/4qgf7


ALIEN LIFE “Have we detected an alien megastructure in space? Keep an open mindhttps://gu.com/p/4qt23


FILM “From Molenbeek to Hollywood – why Belgian thriller Black is the new La Haine

    The gang romance set in Brussels’ most notorious neighbourhood has earned comparisons to the 1995 French classic. [Trailer] https://gu.com/p/4qdph


LAWYERS, YOUR END IS NEAR “Chatbot that beat 160,000 parking fines now tackling homelessness."

    Dubbed “the world’s first robot lawyer”, the DoNotPay chatbot initially helped people in London and New York appeal fines for unpaid parking tickets. Then it was extended to a wider range of legal issues, such as claiming for delayed flights and trains and payment protection insurance (PPI). Now the 19yo author wants his chatbot to provide free legal aid to people facing homelessness. https://gu.com/p/4qd8y


LASTLY, ONLY FOR CONNOISSEURS
Sir Humphrey Appleby explains Brexit: https://gu.com/p/4pj2p [+ an earlier mention, of]

Clive RobinsonAugust 14, 2016 8:37 AM

@ Hugos Derre,

What jumps out at me is the complete lack of CAPITAL letters.

Well the answer is that for some online services case is unimportant. That is internaly they convert the case to all upper or all lower then compare with their password DB...

Why do they do this, simple it cuts customer support calls noticably, thus in the past it was an easy way to keep costs down.

What is funny in a sad way is that some services bolted on infront of the password update function checking for both upper and lower case in the new password along with digits etc. But due to the issues involved they still converted the password to all upper or all lower case prior to actuall update or checking with the password DB...

ThothAugust 14, 2016 8:38 AM

@Nick P
I have mentioned about using HSMs and Smart Cards in tandem for SEE environment where the Smart Cards are the one who host the SEE codes while the HSMs do the Key Management. The reason is simply HSM's SEE isn't "owned" by you as you may have your codes reviewed before allowing to load them in the HSM's SEE environment (Safenet and Thales have their own SEE). A smart card environment is different.

As long as you have purchased a card with "Open Keys" a.k.a OP_READY mode, no one is going to vet your codes and you can load the smart card with your security critical codes and execute them in almost the same security as a HSM but with lesser speed, memory, 16 bit CPUs for most smart cards and somewhat lesser security due to the lack of tamper-backed battery protection but it still inherits other tamper resistant features from a HSM.

A HSM is usually known for generating stronger keys (destroyed after use via a key usage counter set to single use) so you can use the HSM to generate some random keys and encrypt random data sent from a user controlled smart card and receive the ciphertext which can then be hashed and then mixed with other user controlled cryptographic seeds (which are mixed - i.e. hashed again) to finalize a somewhat stronger cryptographic seed to insert into the CSPRNG of the smart card to be used to generate stronger keys which otherwise a smart card may not have the best CSPRNG output if left as default (factory card seed).

Smart card running a user's critical SEE may offload cryptographic operations to HSMs which runs them at a higher speed than smart cards and can be beneficial.

Public Key caching and public key operations can be sent to HSM since it's simply handling all the public keymat side which are not as sensitive as the private key side stored in smart cards that run SEE codes within a user's control. If the smart card has excess secret keys to handle, the smart card can wrap the excess secret key mats with it's own wrapping key and then send it to the HSM to cache them as well.

Angry SheepAugust 14, 2016 9:00 AM

"The best option if you have to use Windows is downgrade to Windows 7" -@Thoth

No cigar.

According to this LINK and others MS is loading their surveillance apps onto windows 7 and 8.

Thus, you can run but you can't hide. But, my point is, the attacks are so large and overwhelming there can be no doubt all of it is done quite legally based on interpretations of semi-secret laws and that the US government is likely involved in day to day operations and implementation. For example, several of the initial updates to W8 and W10 seemed too clutzy to be MS engineers, more likely government hacks.

There is no doubt in my mind about that. It's not just about generating ad revenue. Indeed if you think about it, complete destruction of trust woud be ridiculous simply to sell snake oil and used cars.

Linux. Been there done that. No matter what, there is ALWAYS a dead end with LINUX...something you cannot do that you want or need very badly. Also, during my experimenting LINUX was found to have several long standing security holes as big as a truck. Last, to think NSA is giving Linux a pass is ridiculous. If anything, they have coders working undercover for the organization.

It's going to take some visionary people and leapfrog technology to beat the Panopticon and at this point I am thinking the smart money is still on our military-police dictators. The CounterPunch article suggesting one time pads and ditching your cell phone is NOT leapfrog btw, more like desperation.

It would appear ultimately the answer will be a rather harsh political solution.

Clive RobinsonAugust 14, 2016 9:02 AM

@ JG4,

Developed in Iraq, Deployed at the DNC?: Cell-Jamming Technology is Being Turned on Journalists Mint Press News (Chuck L).

Based on the information given in the article, it was a "downgrade of service" not "RF Jamming" that was taking place.

The clue is that SMS remained functional while services requiring the likes of 3G or above failed.

Thus it's more likely to be our old friend --the barely legal-- Stingray rather than an illegal jammer.

There is further indication of this in that what ever the device was it was turned on at "stress times" that the LEOs etc would want to know who was in the crowd communicating with whom to find what would in effect be a conspiracy to commit criminal acts. The down grading would give them access to SMS and Voice content in real time. Likewise metadata that could in near realtime build up communications graphs so that "ring leaders" could be identified.

The real question is I guess going to be the use the likes of the NSA TAO Find, Fix and Finish equipment to get a person adjacent to a suspected "ring leader" so that a quick dirty "Parallel Construction" can be done to grab a suspected ring leader in the act, and grab theit phone at the same time to "get the admissible evidence" for taking to court / turning etc.

Hugos DerreAugust 14, 2016 9:14 AM

@Clive

Thanks for the response and I am sure you are right in some situations, i.e., for convenience pws are mutated to become interchangeable upper or lower case.

But, I got to say, I tried it with my bank account: All lower case did not work.

Yet, in the list of the 1000 most common, not ONE has a capital letter. Very odd.

Somethin' not right.

rAugust 14, 2016 9:54 AM

@Clive,

It's intentional, like Eve's dropper - or would burners being at ends with windmills.

It's my way of attacking the processor2.

About the cat, that malware author in japan was using his for the hiding of micro sdhc cards, I'm sure it's a two way street.

Ergo SumAugust 14, 2016 10:19 AM

@Toth, @all...

According to this LINK and others MS is loading their surveillance apps onto windows 7 and 8.

Partially true, when it comes to Windows 7...

Windows 8.0 had been the first version with built-in telemetry and end user monitoring. Since nobody really complained, everybody concentrated on the new interface, Windows 8.1 was a more advanced version of the telemetry tools. One could call Windows 10 as "Telemetry 3.0", where the monitoring is built in to the core Windows files. In another word, it's impossible to to remove telemetry from Windows 10. Well, other than switching to a different OS, that may or may not have as extensive built-in telemetry function.

Nowadays, even Windows 7 and 8.x get updated to "Telemetry 3.0". As such, attempting to block end user monitoring is becoming increasingly harder. Especially, when the security updates require OS patches that have built-in monitoring.

Most people also forget that MS Office 2013 and later also have built-in telemetry functions, that had been quietly rolled out by MS. You may stop the OS based monitoring, but your MS Office makes up for it. There are also couple of scheduled tasks for Office telemetry like these:

OfficeTelemetryAgentLogOn and OfficeTelemetryAgentFallBack:

"This task initiates Office Telemetry Agent, which scans and uploads usage and error information for Office solutions when a user logs on to the computer."

That's great MS, in case the standard telemetry doesn't work, let the back up agent pick up the slack...

Microsoft isn't the first one, who monitors end users; Apple and Google had been doing it much longer. They may have not done it to the extent as MS is doing now, but it won't be long before they catch up with MS. It's a big business and hard to say no for all of the greenbacks that snooping on end users can bring in...

ThothAugust 14, 2016 10:41 AM

@Ergo Sum

Just avoid Windows if possible. There's still PDF and LibreOffice if there's a need for some level of inter-operability albeit inability of LibreOffice to be fully MS Office compatible which one can always ask clients to send their documents in PDF instead of MS Docs or Excel.

TedAugust 14, 2016 11:10 AM

NICERC
National Integrated Cyber Education Research Center
http://nicerc.org/

“NICERC focuses on STEM Curriculum design, Computer Science Curriculum design, Cyber Curriculum design, professional development, and collaboration in K-12 education.”

Welcome to Cyber Society
“Technology is advancing rapidly and connecting us in ways never before imagined. The modules in Cyber Society are designed to enable teachers to use liberal arts concepts and ideas as an approach to increase cyber awareness among high school students. This course helps contribute to the initiative of developing a better, more educated cyber workforce. The lessons within each easily customizable module improve students’ critical thinking and critical reading skills as they pull information from articles and other sources. Students also practice their presentation skills as they participate in debates and group presentations. The modules include a wide variety of topics such as law, ethics, terrorism, communications, and business as they pertain to cyberspace.”

Cyber Society Units

Cyber Law explores the differences between a criminal offense and a moral wrong, protection of intellectual property, the functions and uses of permanent electronic records, and the role of laws in addressing social challenges

Cyber Ethics examines ethical implications of extensive technology use such as conceptions of friendships, privacy, personality, and the harms inherent in new technologies.

Cyber Terrorism analyzes the motivations behind, desired outcomes of, and consequences of acts of terrorism and discusses appropriate counter attacks or counter measures.

Cyber Communities investigates the necessity of a networked society, crowdsourcing information, technology used in communication, virtual collaboration, and team dynamics.

Cyber Business demonstrates the collection, storage, usage, and protection of data; cybersecurity attacks and threats; and technology to improve information security.

Cyber Society Sample Curriculum
http://nicerc.org/wp-content/uploads/2016/01/SampleBook_CyberSociety.pdf

Clive RobinsonAugust 14, 2016 11:13 AM

@ Thoth, Ergo Sum,

one can always ask clients to send their documents in PDF instead of MS Docs or Excel.

There are other "older" options such as RTF and CSV format even ASCII text, that don't have the PDF problems...

First of PDF tools are quite hit&miss on other OS's if they don't come from Adobe. Secondly Adobe software quite rightly has a very bad reputation when it comes to security. Thirdly PDF like MS Office hides User / Machine Identifing Information etc in files.

But the big problem with PDF is one you hear from amongst others the "science community" where papers in PDF are "Human Only Readable", that is getting data out of them is rather more difficult than it should be. So much so I've heard PDF as being like "Burger mince, easy to fill with garbage unknown to the consumer, and difficult to work backwards to identify the original cut"...

RickAugust 14, 2016 11:26 AM

@65535

First, what edition of Windows 10 are you using? Is it from a major vender with bloatware?

Windows 10 Pro.

We've looked into Enterprise and that may be next up. I know that Microsoft says that their SAAS offering allows you to "completely" disable telemetry. I'll take that with a pinch of salt.

Next, is the infamous Microsoft Account?

We don't use Microsoft accounts. All the accounts are local (un-linked) accounts without administrative access. A separate password is required to elevate the UAC.

Are you using Office 365?

Yes but only for email. We also have a contract that our data is stored in EU data centres. We're UK-based. When they allow email access linked to HSM's we'll be going down that route. Microsoft currently impose restrictions on this because the service is being developed.

Our cloud storage is with a zero-knowledge provider.

Separate government-provided webmail is used for those who deal with criminal cases.

Do you use a third party encryption tool?

BitLocker for OS drives and removable media.
S/MIME certificates for email. (I'm aware there are PKI issues)
Encrypted PDF's, Word documents or ZIP files where required by the client.

Without making our working environment substantially counterproductive I'm at a loss what more we can realistically do?


@r

NTLM inbound and outbound connections are denied.

ThothAugust 14, 2016 11:40 AM

@Clive Robinson

If it is possible to request ASCII text, it would be the best option but the fact is no one would ever send ASCII text especially in the practical commercial world. Most company documents are in Document, PDF or Excel formats and these are all considered dangerous for security as we all know but there is no other option available and I wouldn't want to piss off my clients telling them I would only reply and send in ASCII text and no PDF or Word documents for my clients and same goes the other way round.

Even among security vendors, we don't exchange in ASCII format and instead some use highly visual Excel or Word document which may harbour dangerous macros. Not much can be done to industry standards (when Excel, PDF and Word reign supreme commercially and practically).

The only way out for most users is to have physically separated computers with physically partitioned networks and all the other stuff we discuss on not mixing personal with other category and having a multi-level and layer approach to categorizing and prioritizing one's personal security, privacy and work.

The same old thing which I have pointed, Linux and Windows are a gone case, OpenBSD is a plausible platform, microkernels are still in their "toddler" stage, high assurance ... well .. we only have @Markus Ottela's TFC for now but that's rather troublesome for the common users (who are mostly non-techies) to setup and use and even among us security conscious with technical know hows may not find it all too comfortable to deploy and use in terms of usability for now. The industry is poisoned by multiple interested parties who seek to control others for their own ends and benefits in a highly reckless manner. The open source community are still stuck at the level of software encryption with very low assurance methods (i.e. password + scrypt/hashing then encrypt in insecure CPU and OS) ... just too much layers to correct and fix to even have a little progress in security assurance. Poison of insecurity runs very deep to the core :) .

TatütataAugust 14, 2016 11:49 AM

There are other "older" options such as RTF and CSV format even ASCII text, that don't have the PDF problems...

LaTeX, dvi, Gzip'ped PostScript (but you must somehow disable file I/O primitives), If you look in the museum, you'll find troff.

There are also eBook formats, but there are simply too many of them. DjVu seems not too bad.

ianfAugust 14, 2016 12:09 PM


Wrote tyr

[…] Societies of the past were quite capable of creating a sense of self worth in young males until they grew past the urge to rash acts of stupidity.
Well aware that I'm cherry-picking just this sentence out of a wider context, never the less I find it much too generalizing to be (generally) true. Wasn't quite like that, EITHER–OR. Just one counterargument to your broad claim: survivability of young males to their breeding age was much lower in the past, than in modern times (and most of all in the last 65 years of relative welfare and peace, from historical perspective an era of extraordinary calm and prosperity).

Gerard van VoorenAugust 14, 2016 1:20 PM

@ WhiskersInMenlo,

Well, Obama promised transparency, didn't he? So what are they complaining about? I don't see the problem here.

@ Thoth,

Are you using OpenBSD? If so, what's your opinion about its usability from a desktop/laptop "power user" perspective? What are its pros and cons? Me, I am using Linux distros.

Alien JerkyAugust 14, 2016 2:42 PM

I use Linux Mint. Tried loading openBSD but after several attempts, could not get it to work. Mint at least is not as bad as Ubuntu when it comes to phone home monitoring, ut its interface is getting pretty good. Have not had any problems with Mint and updating to 18 worked without a hitch.

I am still trying to figure out why I cannot get BSD to install. Also looks like the user interface is more complicated and lacking the ease of a good gui.

A question. I am getting ready to build a dedicated server for a special application. Am currently using a GoDaddy VPS which provides zero security. A simple call to tech support and whoever answers the line has full access to my server and the constant non-stop, non-stoppable, non-watned cron updates that happen more than once a day even if there is nothing to update. I prefer reviewing what updates are available. wait a bit for others to find if there are problems. then do the update on my time.

Well back to my question as I tend to drift off into sub-toppics... I am building a server from scratch. A locking recessed Tripp-Lite cabinet, new BIC server hardware, going to be locked away in my own space. Seems CENTOS is the most used server operating system. I am going to set it up as an Apache server. So the question is, is CENTOS the best operating system for a server, or is it just that so many drank the Red Hat Kool-Aid? Will Apache work correctly if I use something like Mint or OpenBSD? And what about a free version of something similar to CPanel?

Two CentsAugust 14, 2016 2:58 PM

@Alien Jerky..

My 2 cents:

1 Run fast from Go Daddy and don't look back. When they wanted a copy of my passport, which I don't have, to renew an account.... I did. There were multitudinous other problems with them, for a long time. I then found other services that were much, much better, secure, and cheaper.

2. Apache server config files always confused me. When I went to NGINX all confusion was gone and it worked like a charm. Go with an NGINX stack.

3. You may want to go with Cloudflare for the added security they provide which is real. Their privacy issues do cause concern, however. But, assuming you aren't doing anything sketchy, and I know you aren't, you might like them.

rAugust 14, 2016 3:41 PM

@Alien Jerky,

Boot the install59.iso or install60.iso in a VM, follow the prompts and do not over-ride anything it suggests (it will only make the installation more difficult). If you think that installer is difficult now you should've seen the process in the 90's - everything was manual you had to handle CHS, everything - you could dual boot with a floppy as 'grub' though. It worked pretty well. Installing OpenBSD is not really hard at all unless you over-ride their recommendations (eg. 'whole' disk installation). Add a second user at least, invite them to the group 'wheel' (this is for 'sudo' & it's future replacement 'doas'). You don't need a second account from the start but if you don't want to be logging into root and using su this is how you avoid it. You'll have to edit /etc/sudoers as now it's being phased out, I still haven't brushed up on doas so I can't help you there - but there's a man page for everything. man -k (what), apropos (what).

When you login like I said edit /etc/sudoers from root, I think it's disabled because of doas currently. All of your services are controlled via rc.conf and rc.conf.local (define them there), you can setup inetd.conf (on demand network services, ssh not recommended as ondemand) if you turn it on in rc.conf.local.

OpenBSD is very straight forward once it's actually installed, when (and if you 'startx') it will start in FVWM you will likely want to replace that.

It also starts you in ksh, not bash so be aware!
For the ease of installation you'll want to export PKG_PATH and PKG_CACHE before you do pkgadd or w/e. Check the man pages.

XFCE is great, i3 wmii and dwm are all available for download - so are gnome and kde.

BUT!

@Alien Jerky, Gerard

Packages and ports in openbsd tend to run-behind the linux world do to a) incompatibilities and security considerations. Alot of the cutting edge linux features are picked up very slowly also, so don't expect obsd to be bare metal cluster material either (linux isn't either but w/e). QEMU works - BUT - it's software emulation the hardware emulation is not enabled currently they've also disabled linux binary emulation on everything except the i386 branch too.

They are working on their own virtual machine for the operating system though, expect drivers to either work or not work. Things are lightyears better than they were in the 90's, likely every piece of hardware I own (low/midrange consumer amd64) runs effortlessly.

But don't expect anything other than their built-in protections to be cutting edge (if you look at linux you should realize that cutting-edge can actually cut you(too many indians not enough chiefs|too many hands not enough eyes)), they spend a great deal of time with their limited resources developing, testing, converting (gpl -> bsd), and vetting. Anything you don't see in packages double check ports, ports may be slightly out of sync with the current base though. The reason for their lack of supported architectures at this point is directly based on resources. Their xenocara (x) was completely rebuilt like how LibreSSL was when it came out, I'm not sure where it puts it in the Wayland security v X Windows security though.

I could retrace the various members of hcunix through that process to find out.

You will not have access to NVidia or ATI drivers (I believe).

I love openbsd, love openbsd but it's not made for hacking it's made as a fire-and-nearly-forget weapon against hacking.

Oh and lastly, there are no automatic updates. Patches and updates directly involve the owner be warned, packages will update easier than the subsystem itself but again - patches and updates for the core os must be applied properly by you. READ READ READ.


P.S.
I'm likely wrong as usual, but that's my opinion on the matter - don't let the installer scare you we had worse things in the days of DOS.

Two things, that I think are missing from obsd - are a Virtualization solutions (not software based qemu/bochs) and a FLASH FILE SYSTEM.

Minor complaints imb for a system very proactive on structure, ease and resilience.

rAugust 14, 2016 3:44 PM

@Two Cents,

While openbsd provides both apache and nginx as packages, it no longer includes apache in the base system. From what I remember it's httpd is a cgi based gateway anymore, likely closer to nginx for speed than apache for complexity.

I'm not a networker though, so just adding those 2 quips.

Josip MedvedAugust 14, 2016 4:09 PM

Hi,

I know you were involved into creation of PasswordSafe and its storage format. Are you still actively involved and what do you think about its v4 format?

Alien JerkyAugust 14, 2016 4:48 PM

@r

READ READ READ

Such is why I use Linux Mint. It just works, is simple to install (well mostly) and installing and updating the OS and programs is very simple. Such is what is needed for Linux to become accepted by the mainstream non-techy people. Add OpenOffice (do not like Libre) Firefox, Thunderbird, Inkscape, Gimp, does most of what most people use a computer for. Never had a problem opening an excel or word document with OpenOffice. In fact I find the OpenOffice spreadsheet program (Calc) to work much better than Excel.

Took a quick look at nginx. Going to download the open source version and play with it. I too find Apache confusing. CPanel helps with that, but its still complicated. I found a reference to something called CENTOS Panel which is supposed to be similar to CPanel, but free.

I am going self owned and operated on the hardware side for security reasons. I want to lock down as much as possible with critical calculations done on separate machines, using the server just for being a server for this one application. Trying to figure out the best combination of OS, server software, and such to use for best security that is not overly complex to handle myself.

I have worked with computers since the 1970's, programmed in most languages, especially machine code for most of the old-school processors. But for some reason I have an issue with unnecessary complexity. I think the entire tech industry has become unnecessarily overly complex. Seems the younger generation just accepts the bloated techniques they are handed, then adds another layer of bloat on top of the bloat. I look at the source code of many projects and realize that the art of programming is disappearing. Remember when 64k of ram was a huge deal? Used to have entire programs and data files fitting on 384k floppies.

I recall last week seeing an article that shows good old C back to being the dominate language.I think it always has, and probably will be. Does everything you need to do. Of note is that C++ was 5th or 6th on the list. Should not even be on the list in my opinion. Yes it requires attention to detail, but that is the whole point of programming. The whole issue of buffer overruns is easily handled by always testing for out of bounds conditions. The couple of extra nanoseconds it takes on modern processors far outweighs the consequences of not doing so.

/rant

65535August 14, 2016 5:31 PM

@ Rick

As a lawyer you have a good reason to be concerned about security. You are on the right path.

1] Non-use of Microsoft account is good.
2] Cloud storage provider with zero-knowledge is good.
3] Bitlocker encryption is fair
4] Encrypted email is good.
5] Encrypted documents and PDF is good.
6] Office 365 is a problem. It leaks like the Titanic.

The basic rule when using any cloud storage is to use local encryption first and then send it across the wire. Third party local encryption is best – but is not perfect.

Keep as much original created documents local and encrypted. I will say Share Point is useful but is a security issue and the same for office 365.

Using Office 365 as a cloud program is really sketchy. It leaks all information and some would say it is a key logger – but I am not sure.

I would suggest installing a local Office suite say Office 2007 or there about Office offering. You will have more control what you create. You can make PDFs with Office 2007 but earlier version does not. Compatibility can be an issuer.

http://answers.microsoft.com/en-us/windows/wiki/windows_10-windows_install/a-look-at-running-older-versions-of-microsoft/6faf72ea-254a-4c8e-9982-2c36cdb1936c

There are plenty of Windows 10 lock down guides [I am sure you can find them on the internet]. He is a few examples [Warning some Win 10 hardening guides span hundreds of pages]:

http://hardenwindows10forsecurity.com/

http://lifehacker.com/how-to-configure-windows-10-to-protect-your-privacy-1716204024

http://lifehacker.com/what-windows-10s-privacy-nightmare-settings-actually-1722267229

[Enterprise environment]

https://technet.microsoft.com/en-us/itpro/windows/keep-secure/windows-10-enterprise-security-guides

http://www.computerworld.com/article/2968394/microsoft-windows/windows-10-hardening-and-enterprise-security.html

[Also check my previous “Ask Woody” links one is behind a paywall and one circumvents the pay wall]

Lastly, security and ease of use with Windows products is always a trade-off. Windows 10 non-enterprise OS with Office 365 hardening is difficult to impossible to secure [See above line about keeping programs and documents local and encrypting the documents before sending them over the wire].

In short, keep as much control over programs and documents as possible - don't allow M$ to control your data. Other posters on this blog can probably do more to help on certain port blocking methods and complex hardening of files and the like.

My feeling is that Microsoft has now turned into an Advertising company and basically cannot be trusted post Windows 10 [Few of my clients are using Windows 10 and I discourage the use of Windows 10 for critical business needs such legal work].

Dirk PraetAugust 14, 2016 5:41 PM

@ Rick

As a reluctant business user of Windows 10 I'm eagerly awaiting Bruce's tips on hardening the OS.

Start with downloading and installing the (free) Belarc Advisor. That will give you a bit of a starting point to see how your current Windows setup (XP -> Windows 10) scores. There's also the official MSFT Baseline Security Analyzer (MBSA) but current version 2.3 still doesn't support Windows 10.

Other interesting MSFT resources include LocalGPO Tool Windows 10, MSFT Security Compliance Manager and Security Baseline for Windows 10 TH2. You can find all of that stuff right here.

Then there's several 3rd party utilities which help in tweaking your security/privacy settings, uninstalling and hiding unwanted (telemetry related) updates, blocking telemetry C&C hosts/ip adresses to your local hosts file etc. Windows Lies / Block Windows also works for telemetry backports in Windows 7/8. Windows 10 Privacy and S**t is another script. GUI-based stuff: Destroy Windows 10 Spying, Disable Win Tracking, Windows 10 Privacy Fixer or W10Privacy (in German). DoNotSpy10 is in the same category but there seems to be an ongoing discussion whether or not the installer contains some kind of PUP.

Also make sure to check out the really good and comprehensive Hardening Windows 10 Guideline and which comes with configuration packs for Windows 10, Windows 10 Pro and Windows 10 Pro joined in a domain. The NSA's Information Assurance Directorate and NIST (USGCB) equally offer interesting guidelines, but they don't seem to be available for Windows 10 yet.

Application-wise, make sure you install the necessary privacy/security extensions in your browser (Adblock Plus, uBlock Origin, HTTPS Everywhere, Privacy Badger, NoScript and the like) and avoid installing the Flash/Java evil twins unless really needed.

Final note: as others have already pointed out too, trying to harden Windows 10 is an uphill battle and ultimately an exercise in futility as its entire intent is to data-mine its users. Office 2013 and up have introduced additional "telemetry" features and the Windows 10 Anniversary Update doesn't even allow you to disable Cortana anymore. This is no longer a traditional general purpose OS, but a data collection platform for which you actually have to pay.

@ Alien Jerky

So the question is, is CENTOS the best operating system for a server, or is it just that so many drank the Red Hat Kool-Aid?

CentOS is heavily focussed on hosting and cloud business customers and provides ready-to-go official images for Google, Amazon etc.

I am still trying to figure out why I cannot get BSD to install.

You may find PC-BSD a bit more user-friendly and easier to install. Start with a VM, then install on physical hardware. Once you get the hang of it, move on to OpenBSD.

Trying to figure out the best combination of OS, server software, and such to use for best security that is not overly complex to handle myself.

Have you considered Solaris? I know it's proprietary and everybody hates Oracle, but from a security vantage, I can really recommend it. Since Solaris 11, root is actually a role instead of a classic super user, and that's but one of many interesting features, including the trusted extensions. You can download a VirtualBox VM to play with and which has everything except kernel zones support.

WaelAugust 14, 2016 5:51 PM

@Dirk Praet,

Appreciate the excellent links. I'll play with Solaris (Currently on FreeBSD 10.3 / Windows 7.) Been very long since I used Solaris x86. I usually have a multi boot partion, some of which have VMs.

Dirk PraetAugust 14, 2016 6:43 PM

@ Wael

Been very long since I used Solaris x86.

It still totally sucks as a desktop, but it never really was intended for such use. You can download that VM from here . Also, as a former Sun Microsystems engineer, the (H)Oracle branding of our beloved OS still makes me want to throw up. Ever since those b*st*rds killed OpenSolaris, a number of other forks have emerged such as Illumos, SmartOS, OpenIndiana and the like, but I never quite got into those as adoption and developer support were rather marginal.

A very useful address to get (free) ready-to-run *nix VM images from is osboxes.org (both VMware and VirtualBox).

WaelAugust 14, 2016 7:12 PM

@Dirk Praet,

Ever since those b*st*rds killed OpenSolaris...

And java too. On FreeBSD, I am stuck with OpenJDK. the other version isn't supported now.

How about OS/2 Warp :) ? Used to write device drivers for that, eons ago..

Ergo SumAugust 14, 2016 8:08 PM

@Clyde and Thoth....

Can you imagine how the average users' face would look like, if you send them the a business proposal in ASCII format? Clyde, don't make me laugh so hard... :)

Unfortunately, MS Office is, and for the foreseeable future will be the de facto business document software. As Thoth said, "Not much can be done to industry standards (when Excel, PDF and Word reign supreme commercially and practically)."

BTW...

You don't necessarily need to stay away from Windows. There is still Vista that supported for almost another year. My Vista with Office 2007 still chugging along without built-in telemetry. I may even keep it afterward, disconnected from the web, and use a *nix box for internet stuff. Sneaker-net, or rather grandpa' slipper-net nowadays, for transferring files will be just fine...

ThothAugust 14, 2016 8:10 PM

@Gerard van Vooren

"Are you using OpenBSD? If so, what's your opinion about its usability from a desktop/laptop "power user" perspective? What are its pros and cons? Me, I am using Linux distros."

I am only experimenting OpenBSD within a VM and I think @r covered pretty much and there's the usual open source GUI Windows Manager (i.e. XFCE and all that).

My threat model is to not do everything on OpenBSD or on one platform. Ubuntu, LinuxMint and Windows 7 and older versions suffice for day to day communication and casual browsing when secrecy and security threat model are for the lower end. Anything higher on my threat model list would default to Live CD based TAILS and if necessary bring in OpenBSD.

Pros would definitely be tighter security and cons would be the lack of software packages that you may expect and enjoy on Linux.

As I have mentioned many times, I only place the most sensitive security logic in the bunch of smart cards I own and that includes PGP Key Management inside smart cards. If you noticed recently in the previous Squid post, I mentioned on using smart cards to do PGP Key Management for my PGP keys and if security necessitates, it would be Linux + Smart Cards which can be used to encrypt file and emails.

I consider online browsing pretty much a gone case as there are basically three main browser engine manufacturer namely Google (Chrome/Chromium - although it's a community effort), Microsoft and Mozilla. Web browsing is pretty much gone case even if you use Tor Bundle or what not. Who knows what bugs or backdoors are inside these browsers with bloated features and codebases.

What I feel that is requires protection would be communication and cold storage (File Encryption). This is where the use of PGP keys comes in and the smart cards with PGP capability comes into play.

So back to the main question. Use OpenBSD only for generating keys, key management and key imports (that's it's whole use in my threat model) into my PGP smart cards. Other than that they are in cold storage. The rest are done on Linux (Ubuntu and LinuxMint) and Windows 7 depending on what I need to do (communicating to clients or personal) since they are much more convenient with more software packages than OpenBSD.

I consider my browsing not secret to state actors or even those huge companies like Google. How I create email messages that require PGP encryption (how I communicate with @Nick P) would be to open a text editor (never to edit your email in a web browser) and then type my message, PGP sign and encrypt (smart card inside card reader slot) and then discard the plaintext as needed or if I need to keep a copy, I just encrypt it and store it away. They revolve around having the smart card protected keys.

WaelAugust 14, 2016 8:22 PM

@Thoth,

security threat model

You probably meant "risk appetite" or "risk tolerance" / OpSec...

TedAugust 14, 2016 9:15 PM

@JG4

Thanks to whoever posted the link to economic growth in Vietnam yesterday or recently.

With everything happening so fast, the long look at history is anchoring. Your follow-up article really delved deeply into the complete unfolding of events, and brought light to many unanswered questions I also had from the original post.

I found the economic growth article here http://www.bcg.com/ via here https://www.weforum.org/

The Best Stats You've Ever Seen | Hans Rosling

I also appreciate you sharing Hans Roling’s presentation above. This was my first introduction to his work. I watched the whole video and really got a lot out of it. I ought to have myself review it again (and take notes, lol) so I can make sure to catch more of the thought-provoking artifacts and perspectives unveiled by his studies. He has composed expansive and intensive bodies of research, and is a great storyteller to boot.

I am currently watching his video ‘The Joy of Stats‘

https://www.gapminder.org/videos/the-joy-of-stats/

65535August 14, 2016 10:30 PM

I just had an emergency problem from a client with Windows 7 Pro. During a period of about 2 weeks I had to take a business trip. I recommended my clients simply turn off all automatic updates.

Fast forward to today. A client with a critical Win 7 pro box called to say he had an error with the local group policy service client. I went to his shop because it was empty [and somewhat close by].

I found:

1] The automatic updates setting were set to “never check” for updates.
2] Two critical updates were applied and way.

The bad update appeared to be MS16-095. Here is the description:

Cumulative Security Update for Internet Explorer (3177356)Published: August 9, 2016

“This security update resolves vulnerabilities in Internet Explorer. The most severe of the vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This security update is rated Critical for Internet Explorer 9 (IE 9), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers. For more information, see the Affected Software section.”

https://technet.microsoft.com/library/security/MS16-095

How it got installed is somewhat of a mystery. But, since my client was in the office I am beginning to suspect he accidentally enabled auto updates and the Cumulative Internet Explore update was applied which hosed there local group policy client registry entry or part of the svchost settings [Just one box effected - which is odd].

The fix was to roll back the Win 7 Pro box prior to that patch. The box seems to work correctly.

My question:

Is is possible for M$ to push out a “critical update” while the Win 7 box is set to “Never check for updates” ?

ianfAugust 14, 2016 11:04 PM


@ JG4, Ted,

from one Hans Rosling's visualised science's fan to another. I've watched all his videos more than once, attended one conference with him in a panel debate; even held a class discussion about his rhetorical abilities. I've written about these lectures here previously:

https://www.schneier.com/blog/archives/2015/10/existential_ris.html#c6707610

https://www.schneier.com/blog/archives/2016/01/friday_squid_bl_508.html#c6714624

https://www.schneier.com/blog/archives/2016/07/friday_squid_bl_532.html#c6727760

Couple more of us, and we'll be a HR-posse! While he's still around, as apparently he suffers from some wasting disease, not that you'd notice it when he lectures. But he no longer does the 80cm long/sharp sword-swallowing hobby stuff in public… too bad, this world would need more rôle models like that, men able to sheath their swords inside their esophagi.

BONUS: there's not enough/ barely any/ appreciation of graphic

v
i
s
u
a
l
i
z
a
t
i
o
n
s
+ i.n.f.o.g.r.a.p.h.i.c.s

as such. Especially here, the alleged BIG DATA LAND. Yet it is a discipline that's of utmost importance: one providing ability to convey vast amounts of intel at a glance (which, of course, can be manipulated to fit any theory, just as any other statistics; only that with the infographics it's not as easy to hide unpalatable data sets among reams of other data, as it is in strictly alphanumerical tables).

This is pretty good, if incomplete and Anglocentric, piece on the history of infographics: http://www.smithsonianmag.com/history/surprising-history-infographic-180959563/

"Visuals" need not be as dynamic as those of Rosling's to provide much better insight into the core (or whatever) of (whatever)—as e.g. in this recent sample of Marissa Mayer's post-Yahoo! updated C.V. (drool over it!): https://goo.gl/4Fp2FN

[ This has been YA post in my THERE'S NO NOISE LIKE MY NOISE series. ]

rAugust 14, 2016 11:16 PM

@65535,

It's possible someone or your client installed an update accidentally, there are known instances of updates being included and silently installed with other software - the MSVC++ libraries for example. It's entirely possible, did MS force it? I doubt that, but installing someone elses software may have.

Of note, UEFI on windows or on anything is now effectively broken for the meantime - don't rely on it as the certificate bypass is public.

@All,

Does anyone know HOW INCLUSIVE the 2/3 cert signing problem is for Windows? does it only include 10? or does it cover 7/8/8.1 too?


@Gerard, Alien Jerky & Two Cents

Sorry for my lack of organization (Two Cents may want to quit reading this here), but the easiest way to explain the difference between linux and obsd is this:

Linux is pretty liberal, OpenBSD should be considered conservative. Variations of the Linux kernel and GNU toolset may be more or less conservative than others. Fedora IS SELinux enabled, Gentoo and Funtoo have hardened varieties also (PAX+GRSec). Technically speaking, I don't think obsd has the SELinux (fine-grained access control) style protections so in some ways it may be an even more hardened environment. I don't really understand all the nuances between them currently, but - if you invite problems into your home it doesn't really matter how many camera's you have inside. That's why the conservative stance of obsd wins in those cases.

Also, if you're really crazy paranoid - think about what Thoth said - that he varies his attack surface by not including similar devices. The same can be said for not only the operating system but the chipsets underneath them - this is an area where gentoo and funtoo can benefit you - compiling your own binaries is like having an extra layer of ASLR in the way of any attacks in some cases.

rAugust 14, 2016 11:19 PM

woops: 2nd to last paragraph, 3rd sentance - Fedora v OpenBSD where fine-grained-ACL's are concerned may be "more hardened".

rAugust 14, 2016 11:50 PM

Here's a pull-your-hair-out article on verifying copies (of live file-system data) in linux (should apply (for the most part) to most any *nix). This is the type of examination a root-kit would attack through subversion of things like du, ls, tar etc. (mem and /proc excluded ofc)

http://jrs-s.net/2016/06/29/verifying-copies/

questionAugust 15, 2016 12:07 AM

@65535

Short answer: yes, it sounds like you already know that is possible

Quick question: are there any inbound ports on that box open through the WAN (for instance, uPnP/80/139/3389/433/ANY)?

HermanAugust 15, 2016 12:15 AM

@Rick

I analyzed Win10 network security with tcpdump on a virtual machine on Linux last year some time:
http://www.aeronetworks.ca/2015/02/windows-10-on-virtualbox.html

There are now various free utilities that can be used to secure it a bit, but the best solution is to run Win10 on a virtual machine with its networking turned off.

So, the bottom line is that I cannot recommend Win10 for anyone and bought my wife a Macintosh.

Scott "SFITCS" FergusonAugust 15, 2016 1:00 AM

@r

Here's a pull-your-hair-out article on verifying copies (of live file-system data) in linux (should apply (for the most part) to most any *nix). This is the type of examination a root-kit would attack through subversion of things like du, ls, tar etc. (mem and /proc excluded ofc)

Unfortunately your link is to a site that is not functioning...

Hopefully it doesn't overlook the use of debsums. i.e.

debsums -a $(dpkg --get-selections | cut -f1)

65535August 15, 2016 1:24 AM

@ r

My first suspicion is the client accidentally installed the update. I am not so sure.

@ question

“Short answer: yes, it sounds like you already know that is possible”

I think you are correct. In fact, I think there was a discussion about critical updates being push down by M$ on non-enterprise boxes. I just cannot find the thread.

Yes, I am sure port 80 and 443 are open and probably uPuP is probably on at DMZ. I will have to check on the firewall situation on a business day.

Alien JerkyAugust 15, 2016 1:34 AM


Just saw this quote:

There are two ways of constructing a software design: One way is to make it
so simple that there are obviously no deficiencies, and the other way is to
make it so complicated that there are no obvious deficiencies. The first
method is far more difficult. --Tony Hoare

from

http://www.arnowagner.info/wisdom

65535August 15, 2016 1:38 AM

@ question

It appears to have been going on since Vista. Also, Krebs on Security mention a critical silent update installation – which I can’t find. Here is one I found:

“Microsoft acknowledges the lack of notice”

“In my Sept. 13 article [2007], I reported that Windows Update (WU) has been silently installing nine small executable files on Windows XP and Vista, despite the fact that users had disabled auto-installation. The files that WU has overwritten to date consist of benign support files — but many Windows users expressed outrage that any process was installing files without notification. Reaction from Microsoft to the article was almost immediate. In a post the same day on the Microsoft Update Product Team Blog, program manager Nate Clinton confirmed that updates to Windows Update itself are performed without notifying users. This is true even if users specify Let me choose when to install them or Notify me but don’t automatically download or install (two of the four options available to users).” -windowssecrets

http://windowssecrets.com/top-story/protect-yourself-from-silent-windows-updates/


Alien JerkyAugust 15, 2016 1:47 AM

This one is also good:


"At the beginning of the week, we sealed ten BSD programmers into a computer
room with a single distribution of BSD Unix. Upon opening the room after seven
days, we found all ten programmers dead, clutching each others' throats, and
thirteen new flavors of BSD."

Scott "SFITCS" FergusonAugust 15, 2016 2:07 AM

@r

<snipped>Fedora IS SELinux enabled, Gentoo and Funtoo have hardened varieties also (PAX+GRSec).<snipped>

Just to eliminate the implied factual inaccuracy - Debian has SELinux, Grsecurity (which is just kernel patches that add RBAC to SELinux), and PaX.

If you are willing to do the work Debian can be made STIGS4 compliant without too much difficulty (i.e. by a skilled sys admin or security engineer, not a "home user").

SELinux is definitely part of Debian, just not enabled by default (it's the "Universal Operating System", not the "one-size-fits-all OS", or the dillinger in the boot wearing bassist from ZZ Top) :)

You can simply use the pre-packaged Grsec kernel (Jessie, linux-image-4.6.0-1-grsec-686-pae), build your own Grsec kernel, use corscas's, or (currently on siesta?), Mempo's. See also gradm2, linux-patch-grsecurity2, linux-grsec-base, paxctl, and the relevant Grsec headers.

You missed Apparmour.

It's also worth considering hardening of binaries.

Notes: I know about the history of NSA and SELinux, but I trust Russell Coker's judgement.
Most of these hardening abilities should be available in all major Linux distributions, not just the ones you mentioned. I know they're available in RedHat/CentOs and ArchLinux.

ThothAugust 15, 2016 3:10 AM

@Figureitout, Markus Ottela, djb crypto et. al.

I have created a 8/16-bit capable ChaCha20 implementation following RFC-7539 guidance instead of the original DJB's version in Java (and also another port for JavaCard) which bypasses the 32-bit Integer which ChaCha20 uses and instead just using 8-bit operations (8-bit byte arrays).

Anyone wanting to reference the ChaCha20 implementation if they have 8/16-bit embedded projects may freely take a look at it's codes before attempting your own.

I will release 2 Github repositories (both essentially implementing the same 8-bit math library for 32-bit operations I created) but one is styled in a JavaCard context and the other in a normal desktop/server context (normal JVM). Both are still experimental but for the cipher system, it has passed the basic RFC-7539 KAT test vector.

The ChaCha20 implementation leverages on RFC-7539 specifications using 256-bit key, 96-bit nonce and 32-bit counter instead of DJB's 256-bit key, 64-bit nonce and 64-bit counter. This means that the RFC version can only encrypt 256 GB (estimated according to the RFC authors) of data before at the entire set of key, nonce and counter must be changed whereas DJB's original implementation (non-RFC) has a bigger data size due to 64-bit counter but a smaller nonce of 64-bit.

This project is an attempt to try and add ChaCha20 as one of the default ciphers for my other project namely GroggyBox so that on the smart card side, users can have an option to select ChaCha20 (RFC7539) besides having the standard hardware AES.

To my knowledge, it is highly ill advised to implement your own cipher for smart cards due to constrain space but as @Clive Robinson have mentioned, AES has too much problems and this is to my knowledge one of the few or even the first initial effort to push ChaCha20 onto a smartcard system (albeit risks) and hopefully to have it stabilize and make ChaCha20 more mainstream even in the embedded space (JavaCard and other embedded security systems running 8/16-bit CPUs) besides the desktop and server space.

The jcChaCha20 is a JavaCard ChaCha20 library specifically optimized for JavaCard smartcards and the jChaCha20 can be used for JavaCard, desktop and servers but is better for desktop and server JVM usage although I should point out that there are already other ChaCha20 variants running at full speed (or even accelerated) in Java because they use 32-bit word sizes whereas my implementation uses 4 pieces of 8-bit word sizes (shrinking the 32-bit maths to 8-bit maths) thus it would be very much slower and less efficient than other known Java ChaCha20 libraries.

When using the cryptographic function, it is only capable of processing 64-byte input (as per the stream cipher design). If you want to process more than 64-byte data input, you need to manually increment the counter after every 64-byte data you input and call the encryption or decryption function again and again after every 64-byte of data passed into it with manual effort to process an arbitrary stream of input. Once you have finish using the counter assuming you start off the counter with 0x00000000 and end with 0xFFFFFFFF, you need to re-key another nonce, counter and key manually.

Because the library does not implement standard JCE cipher and key classes, it is thus not bounded by export control that the JCE attempts to make Java users conform (to US/UK's export control bullying).

Links:
- https://tools.ietf.org/html/rfc7539 (RFC document)
- https://github.com/thotheolh/jChaCha20 (JVM/Desktop/Server/J2SE)
- https://github.com/thotheolh/jcChaCha20 (JCVM/JavaCard 2.2.2 and above)

CzernoAugust 15, 2016 4:01 AM

@65535, re: windows (no) updates :

Tis /not enough/ to 'turn off' automatic updates, there have been mutliple cases reported of MS chosing to force certain updates it deemed indispensible against that user choice.

It is prudent to disable (DISABLE - not just : STOP !) the "windows update service" altogether. (command line "services.msc" with admin priviledge). Optional : disable the BITS background transfer service too if you have no other uses for it than WU.

Reenable the service(s) only when you - or your client- are willing to and ready for checking, selecting and installing updates.

I have not seen - nor have knowledge of anyone seeing - Windows ever enabling a disabled WU service of its own will...

keinerAugust 15, 2016 4:38 AM

@Czerno

But I saw more than once that Win 7 switched ON ITS OWN from

"Download updates, but install manually"

to

"Download and install automatically"

Is the reason I finally turned of updates completely and use once a month WSUS or enable manually the search for patchday crap.

Dirk PraetAugust 15, 2016 4:48 AM

@ Wael

How about OS/2 Warp :) ? Used to write device drivers for that, eons ago..

I still have a copy of that running on an old i486DX2. Back in the days, I was mostly working for IBM partners specialised in AS/400 application software and where the desktop standard for PC's was OS/2. Although in many respects it was superior to Windows 95, IBM totally f*cked up its marketing and it never became popular. I suppose you remember the "dancing nuns" ads? Although official support was discontinued about 10 years ago, it still lives on in eComStation and in Arca Noae's upcoming Blue Lion/ArcaOS distribution, scheduled for release in Q4 later this year. It would be kinda cool if it could be run in a VM, but the only hypervisor OS/2 ever run reasonably well under was Parallels, so I don't think that's gonna happen.

@ Scott "SFITCS" Ferguson, @r

Most of these hardening abilities should be available in all major Linux distributions, not just the ones you mentioned.

Indeed, but they can be a serious PITA to set up and configure for the average user or even common sysadmin as they introduce a number of concepts people are generally not too familiar with. That's why I'm kinda enthusiastic about SubgraphOS which has all of these implemented by default, just like RBAC in Solaris 11 and which I mentioned earlier in my conversation with @Wael.

You missed Apparmor.

Yep. TAILS, for example, makes extensive use of that. Other interesting MAC implementations on Linux include TOMOYO and Smack MAC LSM.

@ 65535

How it got installed is somewhat of a mystery. But, since my client was in the office I am beginning to suspect he accidentally enabled auto updates and the Cumulative Internet Explore update was applied which hosed there local group policy client registry entry or part of the svchost settings

The golden rule for every support engineer is to never believe a word the customer says. If I had gotten a euro for every time a customer lied about "not having touched or changed anything", I'd be a millionaire.

In a business environment, you mitigate against borked MSFT updates by using Windows Server Update Services (WSUS) instead of direct updates and which gives you more control over the process. You then first install on a couple of selected machines to see what happens, and if everything is cool you deploy to the rest. It's relatively easy to set up and saves a lot of bandwidth too.

On individual machines you're paranoid about, grab a copy of Binisoft's Windows Firewall Control, a totally nifty utility that allows you to control outgoing traffic in the same way Little Snitch on OS X does. Block any outgoing connections generated by Windows Update and temporarily disable when you need to perform legit updates. I so wish someone would write something similar for Linux/BSD.

But I saw more than once that Win 7 switched ON ITS OWN from

I have observed the same on several occasions, generally when there was an update to Windows Update itself. For a very long time, iOS also re-enabled bluetooth and other disabled stuff after every iOS upgrade.

keinerAugust 15, 2016 7:29 AM

@Dirk Praet

Even more annoying: The Win 7 systems switched OVER NIGHT, after a manually authorized update, and AFTER CHECKING that the option

"Download updates, but install manually"

was still valid! Next day it had installed some "Extras" without asking. Deeply disturbing malware crap...

ianfAugust 15, 2016 8:07 AM


Google is trying to stop you having to put in passwords https://gu.com/p/4ptp9

    […] A partnership with Dashlane and other password managers, the new open source project called Open Yolo (You only login once) aims to provide a secure link between third-party Android apps and password managers. Using the system, users would only need to log into their password manager to access all their apps, without retyping any usernames or passwords.

Your days of woe are over
because that WILL work!!!

JG4August 15, 2016 8:44 AM


@ianf

Thanks. See also,

Hans Rosling and the magic washing machine (2010)
https://www.youtube.com/watch?v=6sqnptxlCcw

A long time ago, one, both of us, or someone else posted the most famous polydimensional data visualization up that point in time, which was the graph of Napoleon's army strength vs. time and location on the ill-fated Russian adventure.

There is a brilliant passage in Bill Bonner's book, Financial Reckoning Day, where one of Napoleon's lieutenants is alleged to have gotten down on his knees to beg Napoleon not to invade Russia. Addison Wiggins is the coauthor.

I've read elsewhere, but lost the reference, that Napoleon's troops had tin belt buckles. Tin undergoes a phase transition near 0 F that causes it to crumble. In addition to freezing, starvation and dysentery, their pants kept falling down. A couple of times, I have scoured the internet for verification of this legend, but couldn't find it.

Speaking of misadventures in Russia, I also read that the German troops radioed back to Berlin for cold weather gear. The response was, "Stop bothering us with irrelevant requests."

I realized very clearly again this morning that one of my problems is getting a clean visualization of internal state for the systems that I've been troubleshooting. Clive's hypervisor is an excellent example of a place where you'd like to produce a clean diagnostic visualization of health.

ThothAugust 15, 2016 8:56 AM

@all

Why sensitive information should never be used outside insecure compartments or devices. @Clive Robinson and me have always been pushing for a separate secure encryption device with on-screen display and keyboard for the reason that the screen and input on your general purpose computing devices are simply not cut for handling sensitive information.

Link: http://www.theregister.co.uk/2016/08/15/retroscope/

Nick PAugust 15, 2016 9:23 AM

@ Dirk Praet

I played with OS/2 in VirtualBox a year or two ago. Reminded me of a better Windows 3.1. I deleted it because it was incredibly boring. It ran fine, though. That was time I tried A2 Bluebottle, too. The Oberon OS was just as fast with memory safety. :) Weirder UI, though.

TatütataAugust 15, 2016 9:38 AM

I've read elsewhere, but lost the reference, that Napoleon's troops had tin belt buckles. Tin undergoes a phase transition near 0 F that causes it to crumble. In addition to freezing, starvation and dysentery, their pants kept falling down. A couple of times, I have scoured the internet for verification of this legend, but couldn't find it.

I'm very skeptical.

A quick check shows that tin indeed goes a phase transition around 13.2 C (that's WELL above 0 F. I will let you work out the equivalent in your antiquated units).

If the Grognards' belt buckles indeed contained tin, was it pure? I suspect this could have been Pewter, which has a lower melting point than pure tin. Was it possible in 1800 to produce chemically pure tin in large quantities?

There is actually a Wikipedia entry for a "Tin Pest, which casts doubts about the alleged decay of the buttons (and not belt buckles) used by the Grande Armée.

A more serious and contemporary problem is the temperature behaviour of RoHS lead-free soldering products.

ThothAugust 15, 2016 10:02 AM

@ianf

re: Open YOLO

Dashlane partnering with Google. Designed behind closed doors by closed source password manager. Backdoor alerts sounding everywhere :) .

Anyone going to use it is literally YOLO-ing their own personal privacy and security. It's about time people should stop buying into these fake security hype.

rAugust 15, 2016 11:21 AM

@Scott,

The link did the same thing to me last night, it's his backend or something - hitting refresh fixed it for me.

Also, yeah I'm know I'm a noob - thanks for the pointers - I realize debian and SuSE I don't think come with MAC enabled by default. Reading wiki says Fedora is not shipped with it being on by default either. I think MAC &lt;&gt; RBAC (! !=) just not equivalent from my understanding. Yes, I did miss AppArmor. My (very little) experience with hardened gentoo is apparently GRSEC+AppArmor(RBAC)((?)).

Oh, that reminds me - mempo is on hiatus.

Gentoo hardening bakes some binary hardening in, is there more that should be pointed out? I see they've quit publishing their slim-stdlib (uclibc, musl, etc) stages - I wonder what's going on with that.

Thank you for correcting me.


@ianf,

Yeah, I suck at just about everything. WWWWhat about it?

ianfAugust 15, 2016 11:44 AM

JG4: […] Clive's hypervisor is an excellent example of a place(?) where you'd like to produce a clean diagnostic visualization of health.
"Hypervisor" is such a common keyword here, most probably applied to different concepts by different posters, that I have to recollection of any such for health diagnostics of Clive's design. Perhaps you could refresh my memory with a tiny little granular URL?

BTW. your Napoleon & Hitler winter-in-Russia campaigns couture anecdotes are… ehmm… anecdotes.


@ Thoth,
               you, a guy with but a cellar full of decommissioned vintage computers to your name, are asking us to disbelieve the promise of Open Yolo from a self-designated benevolent global corporation, that they only have our welfare and ease of use in mind? The British have a word for such, and it is "on your bike!" (3 words).

@ rrrrrrrr,
                you must be good at… something. I can but compliment you on the obvious things that I don't see [think black holes that we can't see either, but know they're wherever there's a detritus of interstellar stoff being sucked in. Stoff that we're also are made of, however one looks at it.]

Nick PAugust 15, 2016 12:50 PM

A few things I've found in recent research for any interested.

- Type-safe, regular expressions here from Lobste.rs forum.

- Trying (and failing) to find my paper on that led me to HAMPI. I don't have anything like it. I don't think. It combines regexes & other language tools with constraint solver to find SQL injections and C errors plus generate SQL injections.

- Further looking for relevant paper screwing around with terms led me to formal methods applied to an important, but little worked, problem: pretty-printing. This paper shows how to verify it is done correctly against a grammar. Probably valuable for the little details it contains on the problem if not the method itself. A good chunk of formal specs & proof are understanding the domain in precise detail.

- I countered someone that neural networks can't be verified in anyway with this survey on various methods. Quite a few work well. The safety monitor was the technique I independently invented for doing it back in AI days. Time taught me it's a general pattern for safety-critical development: combine a complex, improved generator with a simplified, safe checker. Happens in control systems, formal proofs, security kernels, compilers, protocol steps, inline monitors for embedded C... all sorts of stuff.

Note: On non-security side, I also found a well-integrated solution for email, excellent descriptions of machine learning issues in medicine, list of key features a social media replacement might need, and an old video whose link I lost. Any of these might be useful.

Clive RobinsonAugust 15, 2016 1:52 PM

@ ianf,

Perhaps you could refresh my memory with a tiny little granular URL?

I realy don't know why I'm doing this but,

A little hint use google to search this site with my name the word hypervisor and optionally "castles v prisons" or "C-v-P"..

ianfAugust 15, 2016 2:33 PM


Clickee da linkee there, Mistah Wael!


@ Clive

A little hint use google to search this site with my name the word hypervisor and optionally "castles v prisons" or "C-v-P"
That's not how it works in this hypertextual medium, remember? If you had the time to write that up in the text field, you had the time to write that in the search field, execute, and then copy/ supply just the CORRECT target URL, one among several results. If you didn't do that, then clearly you did not care to have it (sp)read. So why should I bother?

vas pupAugust 15, 2016 2:49 PM

http://www.bbc.com/news/technology-37046477

"You might think that another potential use was by criminals attempting to forge your signature. But the researchers say that close examination with a microscope will still reveal what was written by a real human being and what was machine-generated."

I think (my humble opinion) signature is not reliable form of identification at all. I guess paper (other media), ink and other attributes of document could be useful for CSIs, but as comparison of face (photo with actual person - as reminder Argo operation when Tony Mendes created great disguise and save life of US diplomat) by human being comparison of two samples of signature without any additional equipment is not reliable stand alone security feature.

Clive RobinsonAugust 15, 2016 3:49 PM

@ Wael,

These were the days :)

Or if you are as old as me you would remember the song,

Those were the days my friend
We thought they'd never end.
We'd sing and dance
Forever and a day
We'd live the life we choose
We'd fight but never lose
Oh yes my friend
Those were the days

Which I'm sure most people --except ianf-- could find with google woth a simple cut and paste.

TEARFULTAOAugust 15, 2016 4:07 PM

@nobody, thank you for the most joyous and heartwarming news we've heard all year, with Borat-grade broken English for extra hilariousness.

Clive RobinsonAugust 15, 2016 7:01 PM

@ nobody,

Nice catch on NSA "Equation Group" hacked, just the thought that it has happened has made me smile :-D

Assuming that it is for real there are going to be a few red faces in amongst other places Washington. As the old saying goes "If you play with fire, expect to get burnt".

Mind you if it is real, what's the betting on it being the CIA getting pay back B-)

ThothAugust 15, 2016 7:10 PM

@Nick P

Google's Fuchsia using it's own Magenta "Mini-Kernel" with supposedly 97% of drivers and services loaded into userspace. Sounds like a microkernel of sorts but with more bloat and thus but I doubt it was built with much security property in mind. Yet another fail for mobile security and mobile OSes ... Oh ... I forget security doesn't exist on mobiles ... just security theater when considering the current state and history of Android and now Fuchsia.

Links:
- http://www.theregister.co.uk/2016/08/15/googles_new_os_could_replace_android/
- https://fuchsia.googlesource.com?format=HTML
- https://fuchsia.googlesource.com/magenta/+/master

Dirk PraetAugust 15, 2016 7:13 PM

@ Clive, @ nobody

Mind you if it is real, what's the betting on it being the CIA getting pay back

It's obviously those pesky Russians again ...

Beltway AllstarsAugust 15, 2016 8:16 PM

These NSA files are the gift that keeps on giving. There are whole new exploit codenames in there... And uh, remember when everybody thought infecting BIOS was just for weenies, it was too easy to just reflash, and the badasss NSA hadda be infecting MACs instead because they were superhuman brains in jars?

www.rootwyrm.com/2014/01/dismantling-more-badbios-hyperbole-and-explaining-how-tao-works/

Well,

################## Jetplow ###################

# Copy your jetplow implant to the jp directory

/current/bin/FW/BGXXXX/Install/LP/jp

# Then you need to create sym links

# FOR A GENERAL PIX
cd /current/bin/FW/BGXXX/Install/LP/jetplow
ln -s ../jp/orig_ua.bin orig_bg_pixGen.bin
ln -s ../jp/orig_code.bin orig_code_pixGen.bin
ln -s ../jp/orig_hook.bin orig_hook_pixGen.bin
ln -s ../jp/jp11_hook_gen.bin hook_pixGen.bin
ln -s ../jp/jp11_code_pixGen.bin jp_code_pixGen.bin
ln -s ../jp/BG2111_sicklestar_202.163.69.189.jp jp_ua_pixGen.bin

# FOR A PIX ASA
cd /current/bin/FW/BGXXX/Install/LP/jetplow
ln -s ../jp/jp11_hook_flash_asaGen.bin hook_flash_asaGen.bin
ln -s ../jp/jp11_code_asaGen.bin jp_code_asaGen.bin
ln -s ../jp/darkhammer_192.168.0.1.jp jp_ua_asaGen.bin
ln -s ../jp/ver_1_11_2_orig_flash_asaGen.bin orig_flash_hook_asaGen.bin
ln -s ../jp/orig_code.bin orig_code_asaGen.bin
ln -s ../jp/orig_ua.bin orig_bg_asaGen.bin

ls -latr

cd ..

# Now we have to load the bios module to the pix, so we can write to it.
# Connect up to the PIX with the LP.
Option 1 to connect.
Option 31 to load module

#### NOTE:
# The bios module you want is the biosModule_....mod. The three versions are based on
# the version of BIOS the pix has. You usually need the AM29F.mod module. If you
# upload the wrong BIOS, don't worry, it won't crush anything.

Choose Option 32 to activate the module.
Choose Option 9 to close out of the session
Choose Option 0 to close the lp

# Now we are ready to jetplow the pix. You should still be in the lp directory.
# Run binary without options to get usage

./writeJetPlow-2130

# Now actually run it:
# The only way to do a jetplow upgrade is to use the INSTALL operation mode and use expert mode.

./writeJetPlow-2130 --lp 127.0.0.1 --implant 127.0.0.1 --idkey project.key --sport 23435 --dport 45453 --readCmd 18 --writeCmd 19 --operation INSTALL --dir jetplow --expert --platform PIX###

# You will see defaults, just press enter through them, if you get an error,
# seek help

# Now you should get 3 prompts. This is because the script is looking at the
# memory on the pix and expecting it to have a clean IOS install. Since we have
# jetplow or speedplow there already, it's not clean. So we need to just proceed anyway.


JETPLOW Installation Operation - Successful.


## And we are done. ## You sure are!!

"./wreck_the_LANL_centrifuges --LULs=max"August 15, 2016 8:57 PM

Oh and in case anyone is skittish about data poisoning in the shadow brokers leak, there seems to be no malware in the malware - just 2 files trip a yara rule, 'vmdetect': eqgrp-auction-file.tar.xz.gpg and eqgrp-free-file.tar.xz.gpg - and that's almost certainly false positives, now that we've learned what sad clowns the NSA pukes are.

NicholasAugust 15, 2016 10:39 PM

@ Clive Robinson, "Mind you if it is real, what's the betting on it being the CIA getting pay back B-)"

They already did, the payback on Paetras gig was "Snowden..."

NicholasAugust 15, 2016 10:41 PM

that said, I think it was probably a whistleblower type of thing... maybe an ex-employee who had access to them?

WaelAugust 15, 2016 11:07 PM

@Thoth,

Do you see anything wrong with this sentence:

Homomorphic encryption is one idea offered to secure data in the cloud: the idea is to let software work on data without encrypting it.

?

WaelAugust 16, 2016 12:57 AM

@Thoth,

Excellent! How does this affect your trust level in the report, knowing that homomorphic encryption isn't mature yet?

WaelAugust 16, 2016 1:30 AM

@Clive Robinson,

Or if you are as old as me you would remember the song

I don't remember it, but it was composed at a time when lyrics had meaning, unlike these days! Sad song, though.

Clive RobinsonAugust 16, 2016 2:17 AM

@ Wael,

Sad song, though.

In some ways, yes it is, but a lot of music was at the time (think of "Where have all the flowers gone", or "Eve of destruction" to name but two of very many). There is still good music out there but with the MSM in it's "owned state" you'll only get to hear it by chance.

On a different note...

@ Wael, Thoth,

... knowing that homomorphic encryption isn't mature yet?

Not is it not yet mature, and I'm not sure it ever will be, it's not now nor is it ever likely to be a "Magic Bullet".

Look at it this way, although it may hide the data as crypto does with communications, you have to ask about how a programmer is going to cut the code... And if like traffic analysis with communications the resultant coding will leak information to an observer.

A similar objective technology to anonymize PII data to stop it becoming Privacy Breaching when given to third parties has hit a wall. In that breaching privacy appears to be possible as long as the data is usefull. That is the level of noise or aggregation required to stop deanonymising renders the data effectively useless for practical applications.

Clive RobinsonAugust 16, 2016 2:50 AM

@ Wael, Thoth,

I think both of you are aware on my thoughts with regards "Code Cutters" and "Monkey see monkey do" style programing, and how I blaim falling academic standards (and have done for years).

Well a couple of months back I read an El Reg article on just that but back then did not post it (for some reason I can't realy remember :-(

Any way browsing through El Reg looking for stuff on the Micro$haft "golden key" the article came up again. So this time...,

http://www.theregister.co.uk/2016/05/31/itif_bemoans_quality_of_us_it_courses/

ianfAugust 16, 2016 4:43 AM

@ Thoth: […] Clive Robinson and me have always been pushing for a separate secure encryption device with on-screen display and keyboard for the reason that the screen and input on your general purpose computing devices are simply not cut for handling sensitive information.
That's a very lofty, and commendable goal, that could be summarized by this paraphrase of Teddy Roosevelt's once perceived primary need of his country:

      What this blog community needs is a $50 secure comms‍ ‍device.

I'm not disputing this your analysis-synthesis, only would like to point out that, for such a gizmo "to ever happen"

  1. someone has to come up with a viable, verifiable design of both the hardware, the firmware, the constant crypto-validationware, the client software, AND the communication channel it will employ[*], all of which need to hold up in real hostile-adversary scenarios (a tall order either way, and that before any source code has been written)
  2. someone—else, or the same—has to build a pair of clunky physical prototypes to validate the concept IRL, and conduct a range of security breach exercises against the "devices"
  3. the project needs to be publicized in some form to capture the attention of, and attract line developers that later will crank out specific portions of the silicon, the plastic fantastic, and the code. Someone will also have to vet and weed out suspect IC plants[%], and the hordes of overenthusiastic, though ultimately project-disruptive, wannabe contributor script kiddies
  4. a core project leaders group needs to be established, work out internal idiosyncrat'i'c's, and first become a cohesive group sharing the same vision, no extras. Areas of responsibilities, time and budgetary constraints need to be spelled out. Someone will have to devote all time to fundraising, not a sexy subject, and will thus have to be well remunerated for that (excl. crowd funding, 15% net of the take?). Somebody else will have to be crowned Tsar of The Glue.
  5. After sufficient funds have been gained, the core leaders need to create their own sub-teams to implement their parts in it. The leaders will have to keep abreast (male or female) of the development stages in the other branches, and periodically pow-wow to correct/ change course of "action."
  6. [I'm ending this list here, before the project barely got off the ground, because there's not much point in fantasizing further… we both know that the FOSS community, pious declarations to the contrary, is not capable of launching this type of serious, industrial-strength security platform project, and maybe never will be.]
Now tell me that I'm wrong, and that I should stick to, if at all, my USUAL NOISE, which at least is occasionally entertaining rather than so depressing as the above.

[^*] a secure on-demand bidirectional transient comms channel that's not necessarily of a cellphone network mesh coverage or speed. If security is at a premium, perhaps other aspects of this will have to stand aside.

[^%] weeding out IC plants may not be entirely possible, so a degree of progress compartmentalization AND restricted flow of know-how needs to be deployed. OK if declared clearly at the outset.


Sent from my iPhone on iThrone (Wael put a sock in it).

ThothAugust 16, 2016 5:11 AM

@Wael, Clive Robinson
I agree that he maturity of Homomorphoc Encryption is questionable and so far there are no single scheme mature enough for use. The report is simply a reminder that we don't quickly jump onto some new security algorithm or scheme and rationalize ot through.

It is not really about code cutting. It runs deeper in the sense nobody bothers to consider other platforms and scenarios or plan their security threat model and deployment model im depth. I am not sure if I did rant about how modern cryptographers take a rather myopic view when they design their algorithms amd schemes but for sure @Nick P would have heard me rant about it for a while.

If you look at why AES is still prevalent, one reason is people are too comfortable with some established standards and never thought through beyond that. If you botj remembered, I recently took steps to port 32-bit word ChaCha20 onto 8-bit smartcard platform and I the crap that have to be gone through re-writing 32-bit math into 8-bit stings but I still got it my way and ported an 8-bit variant.

Most cryptographers assumes some common Intel x86 or 64 platform and stuck theit algorithms to it. Similarly, many code cutters are too reliant on high level programmimg languages and never bother to go lower down the layers and attempt to understand them even a little.

@ianf

If you are very concerned about backdoors, build yourself your own CPU using transistors.

Link: https://hackaday.io/project/665-4-bit-computer-built-from-discrete-transistors

CuriousAugust 16, 2016 5:34 AM

@Wael, Thoth

"Homomorphic encryption is one idea offered to secure data in the cloud: the idea is to let software work on data without encrypting it."

How about the following? I suppose this quoted sentence could perhaps be interpreted as a clumsily written sentence, as if wanting to point out that such an idea is to let software work on data without encrypting the process of doing such work. Would that rephrasing make sense with regard to homomorphic encryption accessible from the cloud?

ianfAugust 16, 2016 5:40 AM

@ Thoth: If you are very concerned about backdoors, build yourself your own CPU using transistors.
Wouldn't backdoors be of concern to us all, esp. where secure communications devices are envisioned?

I suppose I could do that, and after I developed it further into a workable no-backdoor unit, I could house it in one of these, you know, towed toy buggies, or hollowed out wheeled dachshunds. Become the dahrrrrrrling of TV News, too, because that's the kind of human interest story slash security "think," that everybody gets even before the first soundbite.

ThothAugust 16, 2016 5:41 AM

@Curious

It's not really about the word written by the tech journalist reporting on the issue in the clumsy way. FHE was always an odd science.

WaelAugust 16, 2016 8:00 AM

@Curious,

They reported on something they don't understand. What does encrypting the process mean?

WaelAugust 16, 2016 9:41 AM

@ianf,

Sent from my iPhone on iThrone (Wael put a sock in it).

No can do! Never wasting a precious moment of your productive life! While your at it, do keep typing!

rAugust 16, 2016 1:03 PM

@Bruce, @mod, @All, @trolls

No offense, but interesting meta deleting the first post - the 'github' is no longer on this thread - and it most certainly was.

CallMeLateForSupperAugust 16, 2016 2:33 PM

@JG4 re: WaPo story about "new" and "easier" way to make a strong passphrase

Yes, of course there's nothing new about it. My own response to it was an eye-roll, which was the reason for the "spoiler". I could have made my point more clearly.

TedAugust 16, 2016 3:05 PM

Mentor Scott Blair Shares His Spark Experience

"This was my first student mentoring experience and while it was different from what I expected, it completely exceeded my expectations."

"I was expecting all the students to be super excitable, since Activision is a gaming company and so many kids love video games, but Jesus, my 14-year-old mentee, was actually pretty shy. To get him excited, I needed to take an alternative approach to how I usually mentor a peer or colleague; I focused on helping, supporting and nurturing him, as opposed to providing constructive feedback the way I would in the work environment."

"Our biggest challenge was making sure that Jesus was comfortable. We turned to video games, a common interest, to help break the ice. Each week we assigned ourselves homework to play five mobile games and write down what we liked and disliked about each one of them, how much time we played each game and if we spent any money (imagine playing games for homework, what a dream come true for a 14-year-old)! This icebreaking exercise eventually led to our project, how to make a video game, and became one of the projects key deliverables - Market Research."

"You don’t know what your mentee will take out of the experience, but I just took it one week at a time, putting all the building blocks in place and planning interactions with various colleagues he could also learn from – I wanted to make him feel special every week."

"The project enabled us to focus on collaboration and although we didn’t know exactly how our project would end up, we built a solid project plan early in the process so we knew exactly what to do each week. That was something that I really hoped Jesus would take away from our conversations; that time management and planning is such an important skill and helps make everything easier, like making sure you plan to study for an exam at school, for example. I really wasn’t sure whether this was something Jesus would take away with him, but I was so pleased to read the thank you card he gave me at the end of his apprenticeship, as everything we had focused on with him was in there!"

CuriousAugust 16, 2016 4:18 PM

@Wael re "What does encrypting the process mean?"

Admittedly, I sort of had this vague idea of how making use of homomorphic encryption would work, as accessible data from the cloud, I suppose I imagined that perhaps one part of the processing any data off some homomorphic encrypted data could perhaps be outsourced to whoever is soliciting for some data off the cloud. Though for all I know about encryption (which isn't much) perhaps calculations on data that has been encrypted with homomorphic encryption must only be processed wholly by some dedicated server hosting the data.

CuriousAugust 16, 2016 5:24 PM

Heh, I feel stupid now, and reading about fully homomorphic encryption on Wikipedia didn't help.

"Homomorphic encryption is a form of encryption that allows computations to be carried out on ciphertext, thus generating an encrypted result which, when decrypted, matches the result of operations performed on the plaintext."

Dan3264August 16, 2016 6:24 PM

@Thoth,
A computer made of discrete components? That might be effective for avoiding backdoors. It would also be very slow. I propose a hybrid(and very esoteric) idea. As I am not an expert(most people aren't), my idea likely has many flaws in it. Here it is:

1) Build a board using a Raspberry Pi or FPGA or ASIC(or several, not necessarily in the same category). This will be the main computing board. Add all the circuitry you want the system to have.

2) On the main computing board, implement the logic for a Physical Unclonable Function(PUF. Also called a Physical Random Function). The delay wires will be implemented later in these directions.

3) Surround the main board with enough metal for a faraday cage. Make holes so you can run wires in and out of it.

4) Surround the metal shield with the delay wires of the PUF. Make it an enormous rat's nest of tangled wires. I recommend using connectors in the middle of the wires so you can attach all of them in one step and tangle them up later. There should be plenty of slack on the wires(it should not be tangled tightly). You also want to route the input-output wires of the main board so you can access them later.

5) Attach all the necessary input-output connectors to 6 metal plates(assuming you want the final shape to be a box). Then, glue the outer delay wires to the metal plates(if you put in enough slack, this should be no problem).

6) Press the metal plates inward until they close off the interior of the device you are building. Fasten the metal plates together to make a cube(any reasonably permanent way will work).

7) You are done building it. Use the bootstrap protocol described in the paper mentioned in step 2 to establish a shared secret with the device. You can then use it as you would use a CPUF(Controlled PUF) described in the paper.

Assuming this PUF design works, any attempts at tampering with the internal circuitry will change the delay wires enough to break the PUF. If you design the software correctly, breaking the PUF will completely remove the device's capability to encrypt/decrypt stuff. If you designed the input-output circuitry correctly, any backdoors will hopefully not involve the particular method of IO that you used. The inner faraday cage of the device should prevent stray signals from escaping. The big downside of devices constructed this way is that they are (presumably) a nightmare to build, especially because you would want to build it all at once to prevent tampering while you assemble it. I assume that you would have to have hundreds of delay wires for the PUF to have any meaningful strength.

WaelAugust 16, 2016 6:47 PM

@Thoth, (CC: @ianf)

If you are very concerned about backdoors, build yourself your own CPU using transistors.

How would that help? Didn't you say, on January 7, 2015, and I freaking blockquote:

What can we really trust in this era where almost every other chip, diode, transistor, resistor, capacitor ... etc ... has a high chance of backdoors ?

You gotta be consistent, Vato! We don't want to cause confusion now, do we? I leave you with some words of wisdom...

To transistor or not to transistor-that is the question:
Whether 'tis nobler in the mind to cleartext
The backdoors and spyware of outrageous TLAs,
Or to take encryption...

Clive RobinsonAugust 16, 2016 7:30 PM

@ Curious,

... reading about fully homomorphic encryption on Wikipedia didn't help.

It's one of those things that when you understand it, it appears very easy and thus very seductive. Unfortunatly if you don't immediately get it you feel frustrated.

The idea behind the homomorphic idea is that "Processing information on a system you do not 100% control risks leaking data to others who have access to the system". An idea that saw the light of day with "batch computing" back when renting an hour or two of computer time --if you could do it-- would cost as much as a car. This was when the use of computers was for military work only as nobody else could afford them, thus "Compartmentalisation Security" was high on the list of considerations.

As computers quickly dropped in price the idea of "sharing systems" became less important, except with the likes of vector "super" computers. Thus the lack of 100% control of the system became nearly irrelevant.

But the idea of how to mitigate for lack of control became a research idea. As you have probably heard cryptography sometimes gets alluded to as being the equivalant of a safe. Whilst that is fine for "data at rest" it's a very poor analogy for data that is being processed.

However as you might also know stream ciphers are also known as "additive ciphers" in that you "and the keytext to the plaintext to get the ciphertext. You also know that you can add multiple keytexts to the plaintext and use just a single keytext that is the sum of all the keytexts to recover the plaintext. But importantly this idea works with multiple plaintexts, and if the plaintexts are numbers then you can do simple addition by adding two ciphertexts together.

What works for adding also works with "two's complement addition" that gives you subtraction. Which leaves you with multiplication --as divison can be done by multiplication-- to find a way to do.

Thus you can do basic mathmatics where the actual values involved are hidden as ciphertext. Thus you can send the ciphertext of the data and the ciphertext of the values to a computer you don't control and have the basic maths performed and the result returned to you as ciphertext. The computer that does the maths performs the basic maths without needing to unencrypt the data or values to do it.

Thus provided you can work out how to do the other required basic operations such as comparison you could process the encrypted plaintext on a shared system without anyone else on that system seeing anything other than ciphertexts.

Whilst the idea is fine in theory practical implementations are something altogether different.

As I've noted above, whilst you as a user on a shared system might only see another users ciphertext, it does not stop you getting information from the way the computer program behaves for any given value of the ciphertext. Thus homomorphic systems can and almost certainly will leak information.

rAugust 16, 2016 7:40 PM

@Curious,

Think of it as algebra, you can perform a+6, b-2, z*3 without knowing the full results.

all you need to know is that a = a + 6 and you write that down.
z[1] = z[1] + 6;
z[2] = z[2] * 4;

You don't worry about solving the equation, you worry about doing your math on their incomprehensible values.

When someone finally comes along that knows the answer to a) they can solve it.

IF homomorphic encryption is secure, you can't solve it.

That's the question currently, it's in it's infancy.

Now, some homomorphic encryption is only good for addition/subtraction - others are capable of the full(?) gamut of mathematical operations being performed on their obscurities.

I'm not sure if you were stumped or you understood it? Just answering incase it wasn't clear.

My question is if it's possible to do z[3] = z[4] + z[5] - 2;
I don't think the logic can stretch that far, is it defining or requesting?

That's about all I know about it, other than there being a permutative decryption engine for java based on it to execute code securely within a 'sandbox'. It's more like a steelbox in that respect I think? There's a bunch of interesting applications of the technology, it would also allow the medical community (and other's I'm sure) to operate on your medical history without being able to see it.


@Wael,

You're evil for that reflection attack on Thoth. ;)

You and I both know that we can stretch @Clive's assertions to cover emissions from such a 4bit rig as a backdoor (intentional or not).

WaelAugust 16, 2016 7:55 PM

@r,

You're evil for that reflection attack on Thoth. ;)

It's not an attack! It's an innocent question! Do we transistor or do we not transistor? Or has everyone on this blog gone quantum on us, being in several simultaneous states and sh*t[1]? Besides, I gotta keep him on his toes, and also make sure shared information is accurate.

You and I both know that we can stretch @Clive's assertions to cover emissions from such a 4bit rig as a backdoor (intentional or not).

That wouldn't be a stretch.

[1] See, @ianf? My knowledge of Quantum Mechanics matches yours!

Rex RollmanAugust 16, 2016 8:51 PM

To the security expects on this blog:

Just as an intellectual exercise, if you were using a Unix-like OS and wanted to use the best encryption method available to encrypt a sensitive file, which program and settings would you choose? This question assumes that a long, truly random password will be used.

ThothAugust 16, 2016 9:06 PM

@Dan3264, r

You need to understand that for @ianf and @Wael, they love sarcasm and so it's just read and then be it :) . That's the same tactic @Clive Robinson uses but he is much better at adapting and replying skillfully to both of their trolliness.

@Wael

Write the ciphertext in an under-garment with "invisible ink" and then pass it to your target :D .

@Dan3264, Clive Robinson

On a more practical note besides all the fun and fooling around above, making your own chips with the PUF and tamper mesh (I did talk about those last time - to @Nick P) but the fact is trust in the manufacturing which (myself, @Clive Robinson, @Wael, @Nick P, @RoberT et. al.) were not convinced of not getting some "additional gifts" inserted into the silicon. The reason @Clive Robsinson talked about Prison model is because the trust in the manufacturing of the silicon is pretty low on our list and it's better to just buy COTS materials and then mitigate the known threats.

I decided to use smart cards as the base of my security scheme due to the fact it's commonly available, using old architectures that rarely changes (for many decades) and are known to have rigorous tests and certifications done to ensure their minimal baseline of security they deliver. Die to it's sheer volume (i.e. SIM cards, smart cards, credit cards ...) and it's very wide variety of use cases from business and financial transactions, to physical door access, Government PIVs, telephone SIMs and public telephone cards ... it has a huge scope and therefore backdooring all of them (including all brands) would be extremely difficult plus the fact there's so much surpluses lying around to the point that legacy smart cards (NXP Mifare Classic, Infineon SLE 4428 ...etc...) are lying around. Despite these cards may or may not have the lastest cryptography engines, all it takes is for the cards to be tamper resistant and have enough RAM and EEPROM, it would not stop anyone from writing a software-based cipher to load into the tamper resistant card (even with outdated DES crypto). As you might have noticed, I wrote a ChaCha20 library for smart card with a pretty modest amount of RAM needed (130 bytes of RAM memory for the crypto library to work minimally, 48 bytes of RAM to hold the key, nonce and counter, 4 bytes for 2 pieces of 16-bit counters to operate the library by iteration automatic encryption or decryption, 208 bytes for output buffer and 256 bytes for input buffer). The total space required in memory at most is only 602 bytes and many smart cards supplies about 1024 bytes of RAM memory at least which is more than enough to implement an entire 256-bit ChaCha20 according to RFC-7539 in software without needing hardware crypto accelerators at all !!!

If course some people might be better than me at code-cutting and might reduce the 602 byte footprint somewhere to around 500 bytes or so and make the software library even more compact by splitting the library between ROM, EEPROM and RAM locations in a smart card thereby reducing the overall sizes even more.

It's always better to mix around in the crowds and as smart card IC chips are increasingly becoming a common place in the form of contactless payment or door entry cards to embedded SIMs and so on, I feel it's much better to use them. Instead of trusting their key generation feature, you could import keys and do software-only crypto as I have shown above albeit the slower speed and cumbersome extra library codes but this will definitely be more challenging to exflitrate since the smart card IC chip designed for very low power scenarios where the power may get disconnected anytime when the card is randomly removed, would find itself harder to have a sort of backdoor watchdog that keeps observing the executing codes because once the power is removed, the watchdog function would also be affected and reset with it needing to re-profile the codes all over again. A little obfuscation over the code libraries would suddenly become a huge headache for any backdoor watchdog function as it needs more RAM and EEPROM space to cache whatever codes it's observing and the fact that most smart card have meager RAM and EEPROM space with loading a single userspace applet program already taking up close to 75% of the internal card's RAM and EEPROM memory, it would become very very challenging to backdoor and also become very obvious due to extremely slow speed of the already slow 8/16-bit CPU of the smart card chip. With that in mind, obfuscating codes and putting in redundant data to try to hog up all the EEPROM and RAM space to prevent having free RAM and EEPROM space to be used by possibly malicious functions would be useful.

Also, the arguement is more RAM and EEPROM can be added to dedicated hardware backdoors but how much more can you squeeze when a 2mm x 3mm chip is using fabrication with bigger than 90nm (~ 250 to 350 nm legacy) technology ?

rAugust 16, 2016 9:08 PM

@All,

https://news.slashdot.org/story/16/08/16/0322244/falseconnect-vulnerability-affects-software-from-apple-microsoft-oracle-more

HTTPS MiTM

"According to Decime, there is a flaw in how applications from several vendors respond to HTTP CONNECT requests via HTTP/1.0 407 Proxy Authentication Required responses."
"Until now, Apple, Microsoft, Oracle, and Opera have acknowledged their products are affected. Lenovo said this bug does not impact its software. Other software vendors that are still evaluating the FalseCONNECT bug and may be affected include multiple Linux distros, Cisco, Google, HP, IBM, Juniper, Mozilla, Nokia, OpenBSD, SAP, Sony, and others."

Well, shiver me timbers - the sky is falling. ;)

ThothAugust 16, 2016 9:09 PM

@Rex Rollman

If you consider software-based encryption as a legacy technique due to things like cold boot attacks on your laptop or desktop RAM, you should be moving to hardware-based encryption which I would say loading a suitable smart card with the open source OpenPGP applet and then use OpenPGP smart card encryption on the file.

WaelAugust 16, 2016 9:16 PM

@Rex Rollman,

In addition to what @Thoth said, these are the general guidelines:
- Air-gap the device
- Use removable media
- Keys for encryption should be on a separate device
- AES 128 or 256
- Tight access control
- Tamper resistance and detection
- Protection of data in transit, at rest, at runtime
- Don't trust your OS, nor your HW/FW and that includes all FW (keyboard, mouse, monitor, nic, video video card, Hard drives, sound card,... (That's why you air gap.) Once your device is air-gapped, it must remain air-gapped until you destroy it.

Don't forget the Faraday cage and the tinfoil hat....

rAugust 16, 2016 9:16 PM

"backdooring all of them (including all brands) would be extremely difficult"

Thus enters NIST to save the day and recommend a PRNG.

rAugust 16, 2016 9:19 PM

Wael is giving you a "howto be a tinpest for tempest" manual, if that doesn't cure you of botchulism I don't know what will.

WaelAugust 16, 2016 9:25 PM

@Thoth,

is much better at adapting and replying skillfully to both of their trolliness.

It's not trolliness at all. It's about correcting the invalid and wrong information you often share here. If you project yourself to be an expert, and some see you that way, then you need to do the due diligence of making sure what you share is correct. You often resist it when you get corrected, that's why I take a humorous stance - so I don't bruise your ego. Not trolliness, just being "nice" ;)

FigureitoutAugust 16, 2016 9:41 PM

Thoth
--Looks good (wish I had a smart card setup ready to test it). Don't have time to evaluate really unfortunately (useful feedback). Did do a quick read of the code, some comments would be nice (one-liners giving some context).

Unfortunate you have to re-initialize all that after 32 bit counter, could automate that but probably want to do that manually too...

ThothAugust 16, 2016 10:20 PM

@Wael

Sorry, I am no expert and don't pretend to be one. I am just doing a tiny effort with @Figureitout and @Markus Ottela to make all the nice theories that you, @Clive Robinson, @Nick P become as close to reality as possible on a practical and more down to earth level. Just trying my best with whatever small amount of time and resource I have at hand.

Regarding humour, I have nothing against it anyway. It's all good and I don't see anything wrong with the humour that you and @ianf brings to the comments section to lighten things up. My meaning of trolliness is referring to the humour but may how an Asian puts it is somewhat very inaccurate you know :) . Singlish (imperfect English) we call it in Singapore.

@Figureitout
I also added PGP code signing to my codes. Time to ramp up OPSEC with my PGP smart card. Going to sign all my other codes in my other projects. Of course code signing does not mean good quality codes with correct execution (which we have always discussed about).

Comments would be coming soon. I just need to update some codes to get the jcChaCha20 (smart card variant) to work and then add more comments. Regarding the manual re-init of the 32-bit counter, it is indeed a pain and can be rather slow but one scenario to be considered is in smart card projects, someone might lift the codes and may not want the automation. I am going to add the automation not in the MathUtil or ChaCha20 classes but inside the main class by connecting it to the smart card I/O sub-routine (process() method) for the fact that it seems more appropriate to live in the I/O sub-rountine there than bunch with the ChaCha20 class codes.

WaelAugust 16, 2016 10:41 PM

@Thoth,

We're good then. I owe you an apology for coming down hard on you, I regretted it a second after I pushed "submit", a feeling that never happens when I tear @ianf a new one;) I'm under a lot of stress these days.

You know what you're talking about, especially HSMs.

FigureitoutAugust 16, 2016 10:58 PM

Thoth
--Yeah I debated signing stuff too, I'll wait until I see an attack (def feasible) of code changing. That would be yet another unfortunate waste of my time. One funny thing regarding opsec, atmel studio (gcc-arm) puts location of binary, into binary (like C://blah/blah/blah). I'm not reversing opcodes or anything like that, just looking at it. On a work computer (I'd have to ask permission to build on a machine to obfuscate that) you generally use descriptive user names. Some data strings in code are human-readable too. But someone would have to dump binary. Just a good example of how paranoid you have to be, to be digitally clean of identifying info.

Alright sounds good. Yeah I didn't verify things further like I normally would w/ some common debugging tools in my project (register contents via debugger, RF channels via spectrum analyzer).

Clive RobinsonAugust 17, 2016 3:25 AM

@ r,

Thus enters NIST to save the day and recommend a PRNG.

You sound just as cynical as I did many moons ago. I feel I should warn you it will result in you developing an enhanced sense of humour. Due to listening for and recognising those "weasel words" you will develop a heightened sense of word play, and the urge to use it will be almost irresistible. The difficulty will be finding people with the same heightened sense of word play who will appreciate one of the higher forms of art, that leaves most short verse poetry in the dust.

Be warned though the Moderator has both yellow and red cards and will use them from time to time (as Wael occasionaly points out I got a yellow card, but... he forgets to mention why ;-)

@ Wael,

As for things most fowl you realise it was a question not about you, but that which you were impersonating.

I'm wondering if that will put me on the list again...

WaelAugust 17, 2016 3:42 AM

@Clive Robinson,

I'm wondering if that will put me on the list again...

I know that! I was kidding. You were never on the list, and never will be -- no matter what you say ;) We only have one Clive!

By the way, I didn't mean that you addressed the "fowl" to me, either! I guess it came out wrong ;)

There were two on the list. One of them just got off today. The other, has some ways to go. Lol!

Did I get upset when you made me spawn a sockpuppet? No! How about my scattered brain? Nope :)

Clive RobinsonAugust 17, 2016 4:04 AM

@ Thoth,

Time to ramp up OPSEC with my PGP smart card. Going to sign all my other codes in my other projects.

I should sound a cautionary warning about " key fingerprints" at this point.

As some may know there are people out their impersonating Linus Torvaldis and one or two other senior FOSS figures and getting away with it because their "key fingerprint" matches the FOSS persons key fingerprint, even though the keys are different.

If people want security they need to realise that key fingerprints in general not just those of PGP are quite susceptible to "collision attacks" and that caution should be used.

ThothAugust 17, 2016 4:40 AM

@Clive Robinson

I am aware of the problem of key fingerprint and for that matter I included a copy of the entire public key into every single Github repository I have signed with my PGP key to prevent people from looking elsewhere and finding some wrong public key or mistaking a wrong key instead just to make their life easier.

ThothAugust 17, 2016 8:45 AM

@Figureitout

jcChaCha20 is now fully functional with sample encryption and decryption of user data that can be called from the smart card APDU commands. Instructions on usage and comments have also been added.

Just a note that it might take 2 seconds or so to encrypt a 64 byte message due to the fact that it has to do 32-bit word downgrade to 8-bit word to process before upgrading it to 32-bit word and everything is done in software on a 16-bit smart card CPU.

Tested the encryption and decryption against the RFC-7539 test vectors and passed them.

TedAugust 17, 2016 11:32 AM

CrowdStrike to work on DNC's cybersecurity

"The Democratic National Committee (DNC) on Monday announced that cybersecurity company CrowdStrike would be restructuring its management systems."
"“I'm pleased to tell you that CrowdStrike — which was retained back in May — is doing a fabulous job and not only restructuring and rebuilding our entire management systems, but they have monitored our systems 24/7 over the past few weeks and I can tell you we are stronger, we're very well protected,” acting DNC chairwoman Donna Brazile said during a private call with state party officials, Politico reported."
"The move comes after the security community questioned the DNC for appointing a cybersecurity review board many felt was heavy on lawyers but light on security experts."

Members include:
Rand Beers, former Department of Homeland Security acting secretary;
Nicole Wong, former deputy chief technology officer of the U.S. and a former technology lawyer for Google and Twitter;
Aneesh Copra, co-founder of Hunch Analytics and former chief technology officer of the U.S.; and
Michael Sussmann, a partner in privacy and data security at the law firm Perkins Coie and a former Justice Department cybercrime prosecutor.

Gerard van VoorenAugust 17, 2016 1:36 PM

Thanks everybody btw about answers of the OpenBSD question. I have an old laptop that is gonna be "the victim" and I am gonna bite the bullet, just for fun.

CuriousAugust 17, 2016 2:02 PM

I will ponder on what fully homomorphic encryption is, but in the meanwhile:


If I understood the subject matter in the blogpost below correctly (I suppose there is a risk I get some things confused):

With Apple making use of a "cloud key vault" using dedicated hardware, and claiming success in having this way achieved great security by also having destroying the key signing code for the software/firmware to avoid tampering, it seems that Apple paradoxically ends up with providing law enforcement with an argument, that if Apple's solution is safe, then an installation of a backdoor can be commanded by the merit of such an argument alone.

https://medium.com/@pwnallthethings/pandoras-cloud-key-vault-204498fd125d

Me being me (a European, not knowing much about tech and generally being skeptical about computer security), trusting neither Apple nor other corporations, I think I sort of see an other issue that I wanted to point out, and hopefully it will make good sense:

The ones that ends up with having guaranteed privacy in this matter, would as I see it, be Apple and any government agency that somehow could end up installing a backdoor feature into Apple's products one way or another. It wouldn't be the users, despite the security of this arrangement of using dedicated hardware in which the software/firmware is made tamperproof (presumably, Apple should be able to detect a particular type of tampering if the entire machine was replaced with a copy made to run some other people's code on it). I have no idea if Apple would be able to inspect any of the code for such type of hardware (Hardware Security Module).

Philosophically, I think it would be better to guarantee the privacy for each individual using Apple's products, rather than Apple corporation.

rAugust 17, 2016 2:14 PM

@Gerard,

obsd should flourish on it, let me know how it fairs I have alot of old dells and ibm's that generally perform 100% so long as there isn't some strange broadcom in it.

Also note, OpenBSD also supports FDE - I can't help you with this though I haven't figured it out - there's webposts around that will walk you through configuration/setup during the initial installation phase (maybe 5.7/5.8(?)). Additionally, If you care about long-term ease track 6.0-current and continue to track -current. If you master following that you will almost never need to follow the periodic upgrade path of following on of the current LTS (5.8/5.9 currently). Track -current it will pay in large dividends.

CuriousAugust 17, 2016 3:38 PM

"[Announce] Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316]"
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html

"Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology found a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions."

rAugust 18, 2016 1:17 AM

@All,

https://bitcoin.org/en/alert/2016-08-17-binary-safety

"Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release will likely be targeted by state sponsored attackers. As a website, Bitcoin.org does not have the necessary technical resources to guarantee that we can defend ourselves from attackers of this calibre. We ask the Bitcoin community, and in particular the Chinese Bitcoin community to be extra vigilant when downloading binaries from our website."

It's the running of the bulls--- don't get killed in the stampede, please. ;)

ianfAugust 18, 2016 1:23 AM


OT Project Alloy: Intel unveils new generation of wireless virtual reality goggles: will not require a tether to a computer.

    Mixed-reality system will place user’s hands, arms and real-world objects into a virtual world without the need for a series of external sensors (Rrrrright, not only does it open up another vector for sneaking in ads for penile implants etc., but also now the Man will know where we've been in virtual space, and will thus be able to prosecute us for imaginary crimes. Oh, wait.) https://gu.com/p/5v75x


Michael Moore: Trump does not want to be president, only ran as a negotiating tactic for his TV work and has been ‘surprised’ by his own success.

    Documentary film-maker said he knows “for a fact” that Donald Trump does not want to be POTUS and is now sabotaging his own campaign in order to avoid the Oval Office. https://gu.com/p/5v6q6


Fake human sacrifice filmed at CERN, with pranking scientists suspected

    Spokeswoman at high temple of particle physics suggests ‘scientific users’ of the Geneva facility ‘let their humour go too far’ with staging of occult rite (Hey, not so fast! If Dirk Praet's toponymic theory is correct, and why shouldn't it be, it could well be our so-approximately-named Rebecca who staged her drrrrrramaqueenish in-style-exit there. We just don't know, she hasn't been seen here for a while after her spectacular latest denunciatory performance.) https://gu.com/p/5v9aj


BONUS: PlainTextCodedMessage to ItKnowsHo: It that waits, waits not in vain

Clive RobinsonAugust 18, 2016 3:09 AM

@ Wael,

Have you read down to the bottom of the ramblings from "You Know Who", well "hen" said,

BONUS: PlainTextCodedMessage to ItKnowsHo: It that waits, waits not in vain

Now "that's" trying to be cleaver, and well a little gauche.

Donny SutherlandAugust 18, 2016 4:52 AM

i don't care if hen says its dyslexia - calling it cleaver fits your argument too and is a rather beautiful

well, it they hen would like to believe I they themselves hen it they is cleaverclever. But it's not.

By the way smarty pants i seem to recall Rebecca said they hen it she had nothing further to offer as the point had been made.
Unlike someone else who knows who they hen are - it appears she only needs to express something once or twice and knows when to stop.

Donny SutherlandAugust 18, 2016 4:58 AM

PS

@ianf

no one cares about your 'flame' not least Rebecca, nor do they care about your over inflated self opinions or poor self image

Everyones just far too polite and mature here to say much of anything about it, @ Clive and @ Wael dig each other at your expense for fun and otherwise ignore you

I hate to imagine what you're like in physical social company.
I'm bored by you


WaelAugust 18, 2016 6:04 AM

@Clive Robinson,

Have you read down to the bottom

I didn't give it much attention. The formatting keeps throwing me off...

CuriousAugust 18, 2016 8:38 AM

"Exploiting two buggy SRP implementations" (SPR=secure remote password protocol)
https://www.computest.nl/blog/exploiting-two-buggy-srp-implementations/

"The problem was initially identified in cSRP (which also affects PySRP if using the C module for acceleration), and was also found in srpforjava. It’s not clear how many users these projects have, but regardless the bug is interesting enough to discuss by itself."

"Because of this bug the server will send a value equivalent to a password hash to any client that wants to log in. This can then be cracked offline, which totally breaks the guarantees of the SRP protocol."

ThothAugust 18, 2016 9:01 AM

@Curious

re: SRP

It's more of correct implementation of codes (a.k.a code quality). Security products requires high quality codes that are rigidly tested and checked to ensure bugs would not cause these kinds of problems (and also even better if the codebase is small and minimal). But the fact that even OpenSSL, OpenSSH and now SRP softwares can have bad quality codes with such dangerous bugs, it begs the question of what happened to high quality security codes.

ianfAugust 18, 2016 10:20 AM

Curious: “Something about fingerprints, not sure what this is, but it sort of sounds important
While it is endearing to hear your premptive owning up to ignorance, shouldn't you rather be playing the safe card, and simply pass over stuff that you admittedly do not grok? It's not like this blog suffers from lack of other threads in which you probably would feel on safer (non-techie) ground.

Gerard van VoorenAugust 18, 2016 10:41 AM

@ Thoth,

re: SRP

"It's more of correct implementation of codes (a.k.a code quality)."

I don't know why you keep beating that horse. Everything has been said about OpenSSL by now. But now with Google's help it's getting much better. The quality of OpenSSH always looked pretty decent to me and the same can be said about implementation of the crypto.

What's bothering me is the standards, the protocols. SSHv2 and TLSvX are complex, the latter because of its dependencies and both because of extendability. THESE problems should be fixed if you ask me. What's also bothering me is that standards have the tendency, like temporary taxes, to never go away. There are only appearing more standards. Standards should have a life cycle built in. For instance with a default lifetime of X years and after that it's either replaced or continued. And if replaced the old standard should not be supported by the operating systems anymore. Then you can have a small networking stack that is always up to date. It also could have fixed that never ending IPv4/IPv6 debate. Just run both networking standards separate from each other during the transition stage.

hattAugust 18, 2016 11:00 AM

@ Clive Robinson

re: cynicism. That was probably a write-off. It was a beatiful and a no-damage one though. Complimenting on that.

ThothAugust 18, 2016 11:09 AM

@Gerard van Vooren

Complex standards leads to complex codes and thus the code qualities. It's quite straightforward since these libraries tries to be capable of a multitude of tasks and features but can you be sure that within next year or two, no researchers can come up with new cool-named exploits ?

I won't dare bet on the codes of OpenSSH nor OpenSSL. These stuff have too much codebase if you have ever downloaded and tried to peel them and read them before. I just took a glance and I decided not to step further. They have too much codes due to too much features.

Download one and take a look. Oh ... and there is no HTTPS so ... MiTM possibly.

Link: http://www.openssh.com/openbsd.html

rAugust 18, 2016 11:42 AM

@ianf,

Curious: “Something about fingerprints, not sure what this is, but it sort of sounds important”

While it is endearing to hear your premptive owning up to ignorance, shouldn't you rather be playing the safe card, and simply pass over stuff that you admittedly do not grok? It's not like this blog suffers from lack of other threads in which you probably would feel on safer (non-techie) ground.

While it may add to the noise, it does not add to awareness by not promoting such links. I haven't seen you reprimand anyone else for such re-promotion.

He's learning, we're helping that - leave him alone.

rAugust 18, 2016 11:49 AM

@Curious,

The fingerprint issue means this:

Don't trust initials as authentic when you can check whole signatures. (think handwritting).

Clive RobinsonAugust 18, 2016 12:19 PM

@ Curious,

With regards key fingerprints see my comment to Thoth above (at August 17, 2016 4:04 AM).

The problem arises because of a human failing, in that we are absolutly no good with apparently random charecter strings. Keys are often given as a hexadecimal string that for even a 128bit key is way way beyond the majority of humans to check easily.

So back in PGP they came up with the idea of hashing the password down to a much shorter string humans could handle and it's known as a "key fingerprint". Which people will often include in their EMail signiture or other easily accessable places.

The problem is that short strings alow many keys to have the same short string. This is known as a "collision attack" in that you could --somehow-- find a collision for somebody famous's short string "key fingerprint". If you do you can impersonate them.

THis is what appears to have happened to a number of FOSS luminaries, and represents a serious security threat if it goes unchecked.

rAugust 18, 2016 12:25 PM

@Curious,

To add to what @Clive is saying (again)

This is why hashing algorythms are not considered simple "checksums", checksums (such as a dword signature in this case) are much easier to game. They are lossy, cramming all that identity information into such a small field. While all hash algos are lossy some are more so than others SHA512 has a considerably longer field emitted than md5/sha1 (which makes it much harder to verify by eyeballing(v speed)).

Lossy means loses information, and lossless means doesn't lose information - they are compression concepts (image and audio).

ianfAugust 18, 2016 3:28 PM


Fair enough, rrrrrrrr, can I add something to the pyre? It's not Curious's (or anyone's for that matter) posting links in blindo that grate me, it's here his recurring tone [I will find the samples if need be] of "I don't know what it is, but it sounds interesting." I happen to believe that if one doesn't understand something, one asks for an answer, or sticks to the principle of "silence is golden" (by that very same measure I could shower you with tons of stuff I find vaguely interesting, but which I do not really understand).

So when I now see you & Clive Robinson's attempts to bring the gent's knowledge up a notch in an instant, it reminds me of a visit to a eye doctor who couldn't find anything wrong with my tear duct(?), even though it was, er, teary. So she proceeded to teach me about the morphology of the eye instead, as were that of help. After 2 minutes of her spewing out various terms and dependencies, I broke in and asked "how many years did you study this subject before you were a bona-fide specialist eye doctor?" 12 years with practice. "And now you think that you can summarize all that in 5 minutes? I asked for a remedy, which you can't provide, not for a bowdlerized Eye Morphology 101 course." She was non-plussed. As you can see, I'm a equal opportunity defender of sanity.

I can't speak for Curious, the recipient of all that your double-barrel wisdom, but it wouldn't surprise me if you confused him in this regard even more.

PS. don't try to explain "hashing," I never met a compugeek who could. Figured it out by myself.

CuriousAugust 18, 2016 3:52 PM

I would appreciate if this thread didn't end up being about me. :) Thank you.

ThothAugust 18, 2016 4:59 PM

@Clive Robinson, r
My method I have always done is simply send or attach fhe PGP public key and then self-sign it in the first email message. For code repos, to put the public key inside the code repo, do my own SHA256 hash of key and create a hashes.txt file to write all the source code hashes, public key hashes and other file hashes in SHA256 and then sign the hashes.txt. This prevent the need to "look for the public key" and mitigates the problem of the other party finds a duplicate DWORD hash or colliding short ID hash by simply spoonfeeding the key right in front of them so they have no excuses of "finding the wrong key".

rAugust 18, 2016 5:19 PM

@ianf,

:)

It was either the TLDR response or: it gets the scalple.

You can decide which type of doctor you want, one that dianosis' or one that explores/writes off such activity to an insurance company.

ianfAugust 18, 2016 5:19 PM

OT Dividend of reading this forum:

Was buying olives at a large Medi food stall in a market hall/ food court. Order filled, I indicate to the sales lady that I'll go round to their POS card terminal. "There's a queue there, wait, I'll bring one here." They have one stationary wired, and maybe 2 wireless handhelds gizmos, such with a chip card reader, keyboard, display and receipt printer… quite handy, really… the stall is always busy. The Kalamata olives were ~€9/kg, I buy a kilo every month.

    I persist, however, move over to the stationary unit, wait my turn. Then I go in for the kill: "I don't want to use that (wireless) thing, because there may be people around sniffing the data being streamed to the receiver even though it is encrypted (I assume)—that's how ID-hijacks happen."
The seller pauses, "Really?" You bet, I say. Last week the TV News reported a rise in such ID thefts, the police will be assigning more investigators to that form of crime. This my act probably will wend its way up the chain of command… first as an local anecdote, then as a sample sales scenario, lastly per chance lead to that business owners' decision to exchange the handy wireless terminals for a couple more static ones.


Where's that dividend, you ask. It is in the mind of this beholder, who previously would not have thought about that side-channel attack vector much.

CrypticPlaintextMsg2ItKnowHo: there, and I didn't even have to suck on any transparent fish heads, red worm cysts optional.

rAugust 18, 2016 5:27 PM

@ianf,

Worse than sniffing, it could be a whole counterfeit unit. Do they keep those in the safe at night? Do they check them in/out? Did the employee order a look alike and bring it into work with him/her?

What do we/you really know is going on behind the theatre[s]?

ianfAugust 18, 2016 6:24 PM


@ rrrrrrrr
               You're right about all of that, but we'll fight them one battle at a time. In this particular place they used to have those manual paper slip sweep-units (not "swipe") at best, huge risk for "double charges," then the entire place went default wired digital and optional wireless terminals. As the food stalls are not closed up at night, only fresh produce trays moved to stand fridges, I presume that the whole place is under remote CCTV surveillance—maybe even automatic detection of movement—in nighttime… if for no other reason than to ensure that food hasn't been tampered with. I'll check the insignia of their daytime guards, could be Securitas… but of course am not about to inquire about who does their night security ;-))

That said, if only the swag is large enough, even the most logically secure setups can be subverted. Fortunately for card holders, we're usually indemnified in cases of post-fact-traceable mass-fraud.

rAugust 18, 2016 7:19 PM

@ianf,

Using a wholey counterfeit wireless device may evade the monitoring capabilities of the credit burro's if applied in limited fashion. While you may demand a refund if you actually pay attention it could be years before a manager (or higher up) picks up on such skimming2 activities.

rAugust 18, 2016 7:26 PM

@ianf,

Square charges what? 55 cents per charge? Would you complain if it took 7 days for a withdrawl to even show up? What if it was for a different amount than printed from the receipt printer?

How do you know that un-tethered kiosk isn't a shell of an injection molded unit with a Square+Phone inside of it?

Does McDonalds even kensington their wired ones?

"Oh that one doesn't work, here's the new wifi one 'they' send us."

What's a couple holographic uniden stickers when you're charged $102.01 to a company you've never been to? And where's that dozen doughnuts I bought?

Nick PAugust 18, 2016 8:18 PM

"Tomte" posted my essay on the history of C language and its "design choices" on Hacker News with a different, socially-acceptable title. I thought they'd ignore it given C fans and its source. Instead, it was getting so much useful feedback I held off on replying to anyone until it dropped off front page. Future revisions will use that feedback. I learned some new stuff, too, like how one system had a LISP to microcode compiler with original running on a vacuum tube machine. Because old, weak machines can't run higher-level languages. ;)

Article and its comments are here.

WaelAugust 18, 2016 8:45 PM

@Nick P,

"Tomte" posted my essay on the history of C language and its "design choices"

Congratulations! Nice concise article. Didn't read the feedback. My feedback is: it will be hard to design a language that programmers two or three generations later don't find to be bad.

TedAugust 18, 2016 9:45 PM

@r

Thanks for sharing the Educational Quality through Innovation Partnerships (equip) article! There is a great deal of valuable content there. I plan to research those pilot training programs for students further and forward the details of the affordable coding bootcamps (plus) onto others who I believe will also find them very helpful.

Cloud tweak comic :-)

ianfAugust 18, 2016 9:57 PM

@ rrrrrrrr: […] While you may demand a refund if you actually pay attention it could be years before a manager (or higher up) picks up on such skimming² activities.
Clearly, you've never worked in a family-owned retail business, or you'd have had a hum of the kind of penny-pinchydness that goes on there – they'd have been onto any cash diffs by suppertime. Neither have I (the first); acquired sense of the second by reading one early, and pretty intrusive, biography of the late grocer's daughter Margaret Roberts, primo et finito voto Thatcher; plus lots of other non-fictiony stuff on pre- and post-WWI Britain (just to stay with the English stuff).

[…] Does McDonalds even kensington their wired ones?
TheComputerSays: No such word.


That said, I think you're seeing unicorns where you should be seeing leprechauns, possibly in repose. It all hangs on the size of the criminal swag, remember? That pair that robbed Starbucks, tied up the 2 employees in the stockroom, then found so little money in the till that they had to serve Frozen Macchiato Grandes, and other coffee bean abominations for 2 hours before disappearing. With all of hard-earned $450 or something, now serving 5-to-20 in a state facility. Starbucks should've hired them on the spot as proven resourceful managers under stress, while all these unwitting customers who were served by them that morning ought to been banned from the chain for all eternity as possessing much too undiscerning palates for its branded effluvium… they should have protested "that's not my Starbucks® Latte Billyrubin!" but didn't.

Clearly, going to all the trouble of substituting handheld POS units with eviscerated copycat ones each with an iPhone inside needs to promise much higher InstantOrgasm™ take than the drip-drop one you envisioned (which just shows that you're not much of a criminal mind). If you've ever seen that—unrelated, but for the title analogy—Bond movie "Bullets Aren't Cheap" – let me yell you now "iPhones are neither!"

Nick PAugust 18, 2016 10:14 PM

@ Wael

That's mostly true. However, Burroughs did it for a HW/SW architecture and Wirth-style did it for a few languages. My main counterpoint was that Modula-2 was simple, easy to compile, fast in production, safe by default, and even addressed concurrency. And surprise: first compiler was done on a PDP-11. Seems to counter how a BCPL-variant at the foundation was "inevitable" or "good design." Plus, imagine how much more reliability, fewer vulnerabilities, & easier maintenance we'd have had if C's inventors did a Wirth approach earlier instead of later when they all agreed on features that became Go, an Oberon variant. ;)

WaelAugust 18, 2016 10:27 PM

Gives the expression
read between the lines
A literal meaning! How small can you make the text?

About 10 nested superscripts seem to be the limit!

rAugust 18, 2016 10:35 PM

@Nick P,

Well, let me put on some https://en.wikipedia.org/wiki/Waders_%28footwear%29

and dive in to some heavy conspiracy:

I appreciate you uncovering modula-2 for me, my background is limited but maybe NIST wasn't the first suggestion: college campus's were rife with socialism I thought the FBI investigated MANY groups. Maybe both K & R were an early style NIST subversion?

WaelAugust 18, 2016 10:38 PM

Last one:

You can use that technique to "underline" a block of text with the key or the "hidden text" as such...

This is a clear text message :)
This text looks like an underline, but it's really a hidden message, or it could be some other clever way of passing information. This text looks like an underline, but it's really a hidden message, or it could be some other clever way of passing information. This text looks like an underline, but it's really a hidden message, or it could be some other clever way of passing information - looks like an underline, doesn't it?
Or you can use it to post an answer to a question so the reader gets a chance to guess, before the magnify the screen.

rAugust 18, 2016 10:50 PM

@Wael,

Thanks for reminding me to use lynx/links/elinks.

I always wondered why Tor doesn't bundle that by default?

WaelAugust 18, 2016 11:05 PM

@r,

I always wondered why Tor doesn't bundle that by default?

I don't use Tor, so I wouldn't know. My assumption is that there is always a MiM or (WiM; Woman in the Middle -- sounds dirty)... So I stick it to the man, and live on ze edge ;)

"If you have nothing to hide, you don't need to encrypt"

Well, I have a lot to hide, and won't encrypt. That'll throw them off. Sound logic, right?

WaelAugust 18, 2016 11:13 PM

@Nick P,

You know that I know diddly sh*t about compilers. What's your favorite language, and why haven't you evaluated Swift? I'd like to 'hear' your opinion on it.

rAugust 18, 2016 11:49 PM

@Wael,

Well, there's other hactors - take ianf for instance. Say amid all his english trickery he drops an innocuous looking link - what if all his claims are an aside like Assad and he really is a super hacker - and he's after your private research.

There's an argument both for and against Tor in that respect, I occilate between both personally - eventually all my minor revelations were either discovered independantly or validated but even a little edge is an edge - and all edges (like Occam's) accumulate sooner or lator.

Say I don't like your MB connotations as a fellow Muslim, my interest is in silencing you, supervising you, subverting you.

Since the whole world has discovered the 'wild wild web' we just don't know anymore.

rAugust 18, 2016 11:54 PM

This site, with all it's good intent aside (hi wonderful moderator); is really unregulated for the [h|m]ost part. Not only can we be impersonated (there's no accounts or pgp signatures here), but somebody wouldn't have to come at you randomly: they could subvert @Clive or @Nick or @me. Nothing to hide is irrelevent, we're all hops.

Clive RobinsonAugust 19, 2016 12:01 AM

@ Wael,

This text looks like an underline, but it's really a hidden message, or it could be some other clever way of passing information... - looks like an underline, doesn't it?

Err no, it looks insufficiently solid, you'ld have to take the spaces out, and use capitals only.

There are other ways to communicate in HTML covertly.

Consider the html tags, they can be nested and their order is unimportant (as I'm lazy I'll use square brackets not greater and less than). So you could have,

[i][ul]XXX[/i][/ul]
[i][ul]XXX[/ul][/i]
[ul][i]XXX[/i][/ul]
[ul][i]XXX[/ul][/i]

Which would give you two bits of information not visable in a standard displayed html page.


WaelAugust 19, 2016 12:06 AM

@r,

and he's after your private research.

If I work on a project I want to protect, I do it on an air-gapped machine. Before that machine ever touches the Internet, I make sure it's "clean". I don't want my ideas to be stolen -- happened a few times.

There's an argument both for and against Tor in that respect,

The thing about Tor and similar 'tools' is: firstly, they attract unneeded attention. Secondly, you really never know how many 'exit nodes' are compromised or are 'fronts'. Thirdly, and that's the worst: you can't trust any part of your 'system'; HW, SW, Protocols, algorithms, transports... Come to think of it, why don't you brush up on C-v-P and bring new blood in?

Say I don't like your MB connotations as a fellow Muslim

When did you become Muslim? Did these swindlers trick you? Asalamu Aleikum, brother 'r' -- lol :)

WaelAugust 19, 2016 12:26 AM

@Clive Robinson,

Which would give you two bits of information not visable in a standard displayed html page.

I'll mess with that a bit.

ThothAugust 19, 2016 12:38 AM

@r

re: Coding Bootcamp

How to code quick and code dirty :D . That's the latest trend these days. High assurance codes or probably just better quality codes are getting more rare.

Here's a very simple programming logic regarding a login module:

if userPIN.check(inputPIN):
...setLoginFlag(true);
...sendSuccessResponse();

It is tempting to terminate the logic once the check returns true and it sends a successful response. On a logical level, it should execute fine and looks OK but what happens when the context is put into an embedded chip (smart card) that uses a request/response ratchet (card reader and card).

If the above code executes, it will most likely fool a card reader thinking the authentication passes because the success response of a card defined in ISO-7816 is 0x9000 and if a code simply breaks from a loop and does nothing, it will also send 0x9000 by default which means everything is OK status.

If this were a card login system to login to a terminal, it would immediately unlock the terminal and give access even if you were to enter a wrong PIN. Of course this is too big of a blunder if you are a card developer (especially for security systems) but what I am saying is code qualities are pretty poor even in security systems (I am seeing daily) and that sort of nasty example I showed above can happen very easily when developing card systems.

I was reading through some smart card code signing applet and I thought the quality can be improved even more.

The above bug is just imaginary and not real if you didn't figure out. It was just to show a context that security codes must be rigid and strict.

Coding bootcamps would not necessarily help people to develop strict and better quality codes other than to give them additional knowledge on where to get started.

Code quality is more of a personality trait that must be developed by working under certain stressful conditions to meet certain requirements (i.e. to have a paranoid security mindset which @Bruce Schneier mentioned in Cryptography Engineering book he published).

Clive RobinsonAugust 19, 2016 12:40 AM

@ r,

they could subvert @Clive or @Nick or @me. Nothing to hide is irrelevent, we're all hops.

I suspect I get subverted in some way every day, it's the price of progress. By that I mean we all have certain assumptions we use as "fill in" for unknown information, as information becomes known to us it should replace our assumptions.

If our assumption is broadly in agreement with the new information then it makes little or no difference to us. If however our assumptions are contradicted by the new information, then that can cause cognative issues both for us as individuals and those around us. In general society deals with this by almost invisibly adjusting it's norms. It is only where there is resistance to change that we tend to see it. Those who tend not to move with societies norms are considered either reactionary or conservative. Usually the ones we most frequently see are those of a conservative nature, who basicaly would rather stick with their cherished assumptions rather than face the consequences of new information. Frequently those of a conservative nature see themselves not as an impediment to progress but a stabilizing influence, whilst others see them as "dead weight".

The way to avoide the cognative issues is to be of open mind and seek the truth, but that has it's own problems. As Terry Pratchett so succinctly put it,

    The problem with an open mind, of course, is that people will insist on coming along and trying to put things in it.

And thus as Sir Terry also noted,

    The presence of those seeking the truth is infinitely to be preferred to the presence of those who think they've found it.

Thus "The truth does subvert the assumptions of the wise".

ThothAugust 19, 2016 12:45 AM

@Wael, r, Nick P

re: Apples's Swift Language

I wonder how it stacks up against Mozilla's Rust since Swift also claims to be a Safe programming language.

@Nick P

Do you have any documents on how Mozilla's Rust VM works ? It would be interesting to dig into the VM and see if it's really robust against memory corruption and flaws.

rAugust 19, 2016 1:03 AM

@Thoth,

RE:Bootcamps,

Yeah, that's exactly why I referenced Clive and Nick(?) there sorry if I didn't CC: you for that one it slipped my mind like one of Apple's if/goto statements.

I'm both thrilled and horrified by the USG's warming to coders because of this.

When I write, when I do write I try to do right - I handle every imaginable output I can +unknown/unexpected responses with a panic/unwind - always have always will - I think it comes from having to step through code with NMI's enabled? You've really got me curious about the SmartCard/SIM market maybe I'll find some motivation who knows - there's alot I'm curious about but time and opportunity are different from motivation and drive. I'm mainly all talk these days, it's sad. I am here for one reason - free HA recommendations and understanding - you guys, and the varied nature of your experiences is what keeps me here annoying you all.

Nick posting the EAL software ratings really gave me some perspective about what is what - that and the common-what-not-todo docs. I really enjoyed the

rAugust 19, 2016 1:10 AM

Er, fault detected.

I referenced @Scott not Nick.

And I forgot where I was going with the 'I really enjoyed the'. Oh well.

WaelAugust 19, 2016 1:17 AM

@r,

Not only can we be impersonated

It's a double edged sword! On the one hand, someone malicious can impersonate us and write things that can get the victim in trouble. On the other hand, it's a vector of deniability (repudiation.) -- net net, it's a good thing!

WaelAugust 19, 2016 1:19 AM

@Thoth, @r, @Nick P,

I wonder how it stacks up against Mozilla's Rust since Swift also claims to be a Safe programming language.

Well, that's in @Nick P's neck of the woods.

WaelAugust 19, 2016 1:25 AM

@r,

And I forgot where I was going with the 'I really enjoyed the'. Oh well.

I'll remind ya! You enjoyed chatting with me and my showering pearls of wisdom, or something like that :)

Don't let the door hit ya, where the good lord split ya :)

Nick PAugust 19, 2016 8:10 AM

@ Wael

I don't know anything about Swift. It was an Apple-only language at the time two good ones (Go and Rust ) were open-sourced. So I ignored it.

@ r

Rust has no VM or garbage collector . Like Cyclone language, it uses a form of static analysis and memory structure to ensure at compile-time there's no errors using dynamic memory or concurrency. Also, if compiler is slower than C, they tell you to file that as a bug report they'll try to fix. Lots of libraries already. Even a hobbyist OS, Redox, that is moving fast.

Clive RobinsonAugust 19, 2016 8:30 AM

For those interested in homomorphic encryption, one of the primitive functions required will be the ability to "order data" in it's encrypted form.

Supprisingly this actually has very little overhead when compared to other aspects of homomorphic encryption, and as it's a primary requirment for DataBase work the technology is not just "hot" it's being used by the likes of SalesForce and cloud based applications with other major plays like Netflix taking a keen interest (though it appears that CipherCloud claims are not what they should be, the folks at Stack Exchange Crypto debunked them, and CipherCloud did a copyright takedown on them, however you can still find the analysis out there).

Over at Stanford Uni Dan Boneh et al, are looking into this and they call it "Order Revealing Encryption" (ORE),

https://crypto.stanford.edu/ore/

HOWEVER note the warning at the bottom of the page.

ORE has it's "information leakage" issues (as did it's predecessor "Order Preserving Encryption" OPE). One such issue is with a non sparse data range, where you know a start or finish value and the value to value stepping.

For instance "serial numbers for humans" such as social security number etc tend to be issued in sequence, if you know the database you are looking at is very nearly compleate, you can order it and thus determin which record has association with which person etc.

Look on ORE as the point where Homomorphic Encryption crosses into the PII data anonymization domain.

If you want to know more about why there are leakage issues with ORE and OPE have a look at,

http://www.cc.gatech.edu/~aboldyre/papers/bclo.pdf

ThothAugust 19, 2016 8:36 AM

@Clive Robinson

re: FHE

Do you still have the links for the Crypto Stack Exchange conversations or at least some old URLs of the discussions ? I can either use Time Machine or if it's still around at least mirror them and back them up on my website.

Dirk PraetAugust 19, 2016 3:24 PM

@ Ergo Sum, @ Windows Vista->10 users

Nowadays, even Windows 7 and 8.x get updated to "Telemetry 3.0" ... Most people also forget that MS Office 2013 and later also have built-in telemetry functions, that had been quietly rolled out by MS.

For those affected, Spybot Anti-Beacon takes care of your M/S induced Windows 7, 8 and 10 telemetry worries. I just came across it doing some maintenance work on a couple of old XP, Vista, 7 and 8 VM's. It's a free point-and-click GUI that seems to come without (x)ware. Unfortunately, it doesn't get rid off the 7/8 updates that install telemetry services and similar cr*p, and which for identification and removal still require the "Block Windows/Windows Lies" script(s) I mentioned earlier.

On the down side, there are a couple of serious issues with the Windows Update mechanism in Vista, 7 and 8.x and which apparently seem to affect people who haven't updated their machines/VM's for an extended period of time. In short: all Vista->8.1U1 installations I tried running Windows Update (WU) on to my horror resulted in WU running for ever without throwing any errors.

The solution (from August 9th, 2016) posted on http://wu.krelay.de/en/ solved the problem on Vista. The 8.1 VM required manual installation of the latest WU Agent patch before it could fetch any others. One Windows 7 SP1 VM got through after manually installing roll-up patch KB3161608 from June 2016 while another one eventually required a full removal of the SoftwareDistribution and system32/Catroot2 Windows directories as described here.

More bad news for Windows 7/8 users is that Redmond as from October 2016 will be porting its much criticized Windows 10 update system to 7/8 as well, thus removing the private user's ability to manually select which patches/KB's to install and which not.

Sancho_PAugust 19, 2016 5:58 PM


@Wael (“Well, I have a lot to hide, and won't encrypt.”)

ianf is ianf, now I have to flag this thread to Mr. Comoc!

Clive RobinsonAugust 19, 2016 6:42 PM

@ Dirk Praet,

Redmond as from October 2016 will be porting its much criticized Windows 10 update system to 7/8 as well

Thankfully on my "private" network the only MS OS's I have stop at XP for the non laptops and a single laptop with Win7 that I "13arstardized" on day one by ripping out all the update 541t.

The thing is those I developed control software for and still support never went beyond XP or SCO Sys5r4 so upgrading has never been an issue. I'm guessing it's going to be OpenBSD when their current geriatric hardware turns up it's toes as it appears easier to write drivers for.

Clement AstleeAugust 19, 2016 7:19 PM

@Wael
Re: This is a clear text message

Span the "underline" with a style like font-family:impact. Looks closer to realistic.

Hmm, wonder what mischief you could pull with a nice, blue underlined "link"....

Clement AstleeAugust 19, 2016 7:34 PM

Markupanography: New Vistas in Web Security for AOL Users©2016 by Clement Astlee

Sorry, just wanted to secure the title copyright to my upcoming comedy album.

WaelAugust 19, 2016 8:53 PM

@Clement Astlee,

Sorry, just wanted to secure the title copyright to my upcoming comedy album.

Wow! What an eye-opener. Thanks for that enlightening comment! Allow me to share with you the contributions that I'm most proud of:

'Snowden and the Seven Spooks' © Wael on Schneier's blog

Poor Angela Merkel © Wael on Schneier's blog
Thought she's in the inner circle
When she heard what's said and done
She screamed: Das kotzt mich an!
And wet her girdle

So anyone who posts anything that even smells like these, I'll sue them. And this applies to every:

PeepingTom, DickHead, and DirtyHarry © Wael on Schneier's blog

on this blog.
MIDDLE NAME REFERS TO ANY AND EVERY PRICK THAT POSTS SPAM ON THIS PROFFESSIONAL SITE

rAugust 19, 2016 9:56 PM

@Wael,

Don't start any trademark issues with me either, I didn't see an [r] or [tm] anywhere but here.

ianfAugust 23, 2016 3:32 AM


      Clearing up backlog from what feels like a month, though it's from no more than a week ago.

@ JG4

data visualization on steroids

I don't get it. I've read the manifesto, and liked this diagram well enough, but, for a visualization outfit, there's much too much theory-behind-theory there, and not enough infographics.

If you want to see an INFOGRAPHIC DONE RIGHT, look this one over, basically a at-a-glance [1160x1904px] summary of this "Visual Guide to How Terribly the World's Best Human Athletes Fare Versus Most Average Animals."


AND THEN: [August 18, 2016 4:58 AM] writes one "Donny Sutherland" to inform me that “no one cares about [my alleged] 'flame' not least Rebecca, nor do they care about your over inflated self opinions or poor self image.

        So, while the cat's away (actually merely asleep), the mice come out to play, eh? What do you think this is, some perverted Tom and Jerry comic?

Is that you, Danny? Welcome back. Feedback/ criticism, however negative (never "unconstructive") greatly appreciated, preferably with samples of own or others' by you praiseworthy content that I might learn from. Is the latter forthcoming[sic]?


“[…] @ Clive and @ Wael dig each other at your expense for fun and otherwise ignore you

I haven't seen Clive, nor Wael, refute it—so, congratulations on acquiring a Spokesdanny… as could be expected of your shared intern, one quick with blowing hot gas in your name from some orifice. I shall be looking towards (the odor of) his continued (a)verbal representation of you.


Later, Clive Robinson, demonstrates

ways to communicate in HTML covertly: tags can be nested and their order is unimportant

[i][ul]XXX[/i][/ul]
[i][ul]XXX[/ul][/i]
[ul][i]XXX[/i][/ul]
[ul][i]XXX[/ul][/i]

Which would give one two bits of information not visible in a standard displayed html page.
Not quite "unimportant," and the given "Mœbius-like" tag sequence is a particularly inefficient way to encode measly two bits of secret intel. Especially as the HTML offers several other, far more databit-dense, covert or obfuscated ways to provide that.

Depending on mutually agreed (in Clive's verbiage) KeyMethod to detect KeyMat to decode into PlainText, the simplest way could be adding extra non-delimiter spaces "&nbsp;&nbsp;" immediately after e.g. the end of a paragraph, or the signal terminating consonants or vowels, like this."  "

To any unwitting inspector's eye it would look like detritus from editing, while easily be detected by initiated readers with the "Select All" command. Most graphic browsers will show the extra "white square" in these quarters. One can set up a whole list of rules of how e.g. each preceding ASCII symbol–white square semaphore combo is to be decoded.

Early Salon's discussion fora allowed one explicit trick patterned on TV teletext's "hidden text" function, as in

SPOLERS HERE: <p text-color="white">spoilers revealed only upon explicit CTRL-A</p>

… or dragging the mouse over the blank space. This saw a great deal of use once it was discovered; also for taunting and hidden insults etc. Added spice ;-))

A bit more intricate way would be to employ some little used tag like &zwj;, or &zwnj;, or explicitly www-urlencoded otherwise perfectly printable apostrophes etc as semaphores that the page source carries a hidden message. I've seen a stanza from a sonnet unobtrusively hidden in plain text in this fashion in an ordinary sized few-kB web page (needed some manual/ brain effort to detect and extract it though).

Only these are script-kiddie techniques.

In contrast to that, HTML has a ready mechanism for encoding proper ciphertext as unique labels to its internal anchors. Simply put, if you elect to tag every paragraph, not to mention sentence, for later granular access, who will be the wiser if IDs like "ArbiRARyalPHANumerICSTring" are instances of automatically generated, not meant to be read by human eyes labels, OR parts of some secretly encoded message masquerading as a sequence of labels (to be strung together by the recipient–not necessarily in FIFO order)?

And the only thing that the encoder has to keep in mind is that such covert KeyMat parts need to be unique – which is not a given where bits of encrypted streams are concerned. There are so many variants of how that built-in anchor-ID method could be bi-deployed, that I'll rest here.

PS. Wael's nested sub tags to make the text line beyond petite is not universally viable, either in browsers or across platforms. At best it's a visual FX of Wael-sy shallow type, so what else shallow is new?

Clive RobinsonAugust 23, 2016 7:38 AM

@ ianf,

Later, Clive Robinson, demonstrates

Congratulations, on blog topic original thought.

However, you might have inadvertantly leaked a few more bits of information than was required.

Part of the charm of this blog is people give you enough information "to taste". That is enough to be able to think, consider and research a subject. Not a full blown banquet solution where you can just cut and paste consume.

The ability to think and extend knowledge by thought is one of mankind's greatest and most important assets. The ability to endlessly consume is on the other hand almost the polar opposite, leading to wanton destruction and self gratification.

WaelNovember 4, 2016 11:21 PM

@Dog Star,

Al-Quaeda (القاعدة) means "the base" or "the headquarters"

Probably too late now, but I don't know how it escaped me: it also means "The rule", as in "every rule has an exception'".

WaelNovember 5, 2016 4:39 AM

@Aql,

So who is Biqawa'id, Mr. brain :) Is there another group with that name?
Qawa'id has other meanings, as you probably know :)

AqlNovember 7, 2016 9:20 PM

@Wael,

Who is Biqawa'id? I'd hoped you'd understand. Maybe I botched the word? :(

Oh well, doesn't matter, it was just a bit of wordplay. :)

WaelNovember 7, 2016 9:45 PM

@Aql,

I'd hoped you'd understand

Sorry to disappoint you.

Oh well, doesn't matter

I need to know! I don't like leaving open issues, my insomnia will come back! The word you used means "With grammar" or it means "Women past menapause" or "with pillars". Or probably something else.... What's the word play?

WaelNovember 7, 2016 10:07 PM

@Clive Robinson,

Speaking of open issues....

[1] Testing my ability to read @Clive Robinson's mind... SHA256 of hidden footnote - I may or may not reveal it :) aa8cf1df2c8bfc1c382bf3bf611d75f0a641529f9d643315fdb96dac1b8067f1

It has been almost a year. Do you want to take a stab at it or should I reveal it? I don't want anyone to think I'm sending secret codes here.

Clive RobinsonNovember 8, 2016 12:15 AM

@ Wael,

It has been almost a year.

I do not remember it, which probably means I did not read it...

I do not read every comment in every thread, I'm not sure anybody could. Instead I read the "100 last comments" page, generally this means I catch things that I would otherwise miss, but... sometimes if I'm unwell, in a hurry due to being busy or comments are coming in thick and fast I may not read a comment I rarely search for my name as occasionaly people don't use them (@ Bruce is a bit of an offender on this score, but it is his blog after all, however I suspect in his case the reason is he makes general point replies ment for all readers not just specific individuals).

To keep you off of the "no fly list" or worse... I suggest you publish. Mind you after nearly a year, if you have not felt the effects, either you are of no interest, or of such significant interest to the "authorities" they think it wiser not to tip you off. Thus the first you will know it's the latter is waking up with a black bag over your head or in an orange jump suit accessorised with a lot of hard core "bling" of hardened steel... tell me again, how's your insomnia these days, just got worse? ;-)

WaelNovember 8, 2016 12:31 AM

@Clive Robinson,

I suggest you publish.

It's SHA256 of this:

Clive Robinson will now say I leaked information about myself since if I worked at SUN, I should have remembered if it was a member company :)

either you are of no interest,

That's very comforting.

Thus the first you will know it's the latter is waking up with a black bag over your head or in an orange jump suit...

The black bag is doable. The orange jump suit... won't work. It'll be hard to fit over my straightjacket ;)

tell me again, how's your insomnia these days...

Oh, the harsh mistress! She's upset with me these days. I sleep at normal hours now, but probably temporarily.

Clive RobinsonOctober 9, 2017 11:27 AM

@ Wael,

It's been nearly another year... No hard core bling or bright orange over suit to make the straight jacket look like a May West?

Just remember it's not just mummy who's girdle may give cause to chafe, those ones they were outside the orange can be a real pain ;-)

Oh I see IanF never replied...

WaelOctober 9, 2017 1:31 PM

@Clive Robinson,

No hard core bling...?

Not yet! I sport a Kevlar straitjacket and a salad bowl with a skin depth of 0.052 µm @10GHz. That would be Cobalt, if you care to know. A better tinfoil hat.

those ones they were outside the orange can be a real pain ;-)

Mainly because they're above the Law.

Oh I see IanF never replied...

What's the implication of a capitalized "I" and "F", oh you mysterious man? He couldn't take the "strain"... RIP

Clive RobinsonOctober 9, 2017 3:21 PM

@ Wael,

What's the implication of a capitalized "I" and "F"

If you remember back, he had a keyboard slip and said he was in Europe but not where so we started pulling his leg about location. I said that maybe his handle stood for,

    I am not French

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.