Comments

Ed October 14, 2016 5:29 PM

Information gathering and privacy invasion in the US is rampant.

True story from Joe, a family member (names were changed):

Joe and his daughter, Heather, lived in Kentucky, USA in the past, and for the last 10 years have been living in Europe.

Joe had an old, inactive account under his name and his daughter with a financial institute in Kentucky which was opened at a time under an address which is, since he and his daughter moved to Europe, no longer valid.

Joe called his financial institute a couple of months ago and asked to forward his account mail, if any, to a family member, Mike, in California.

Last week Mike’s independent insurance agent called Mike and told him that while attempting to renew his car insurance policy, the form on his computer asked if Joe and Heather live with him and if they use his car.

Startled Mike asked the insurance agent where he got that info from, and the agent replied that the Insurance company gets a regular feed from the United States Postal Service, among other places, and the data is used by the insurance co. to verify that premiums are properly set according to the actual drivers who use the car.

What we have here is a government agency feeding the private sector, possibly under the DHS program to protect critical infrastructure, which includes financial institutions – where insurance companies are part thereof – against fraud.

A bit over the top, I’d say.

Sticky Rice October 14, 2016 5:37 PM

Et tu, Brucey, et tu? I knew it was fashionable these days on the left to trash Wikileaks but I must say that I am slightly surprised to see Bruce taking such obviously pro-Clinton positions on his blog. Well, Podesta will be happy to have another ally his his Risotto war on Assange.

Rollo October 14, 2016 9:23 PM

@ all

Based on @ Clive Robinsons precept of ‘paper, paper, never data’
we are working on a proof of concept for an high assurance world wide web reimagined with security baked in. The working title in honour of its visionary is The Inter-Clives

As an elementary example, let us consider the (what will hopefully be) antiquated concept of email.
We reimagine a person to person communication with minimal stages in between. First the sender encodes data in hard copy. This is then
secured by way of an ‘envelope’ , sealed manually, and meta data is coded by hand on the outer aspects, visible to the network.
The secure transport protocol is by way of trains, planes and automobiles, with potential motorcycle or bicycle for the final stage of delivery. The ‘envelope’ is specially constructed so it is extremely difficult to remove the contents without ensuring permanent damage, and thus telegraphing to the recipient the fact of interception

For what we presently know as web browsing, we re imagine people all around the world hosting depositories of information in secure, physical high assurance volumes of plain text. These volumes of information can be accessed by attending the depository in person, perusing an on site catalogue card rack, lodging a submission over a counter with a clerk, and standing by for the said individually selected secure volume to be available for use within the depository.
The volumes are protected by firewalls, in case of fire. These are usually constructed of steel or other high temperature resistance apparatus. Other firewalls to protect the volumes include security personnel, baggage checks, and smart cards for access after closing hours.

Thanks again to @ Clive Robinson and we eagerly anticipate worldwide presentation . Feedback very much encouraged

Clive Robinson October 14, 2016 9:23 PM

@ r,

The headline is bigger than the effect…

It’s also incorrect. It’s not an EMP device, but a “spark gap transmitter”[1]. Further the use of such a high voltage is actually counter productive as it’s the total energy you are looking for, not just how big a spark you can draw.

Back in the mid to late Victorian era the natural philosphers were generating microwaves with tens of killowatts of power with spark gaps, in their attempts to verify the Rev. Maxwell’s theory[2].

What they initialy had was a copper tube closed off at one end and fixed to a metal plate at the other end which had a hole the same size as the inside diameter of the tube. It sort of looked like a “top hat” inside the tube was a copper ball mounted on a copper rod that went back through the closed off end of the tube. A high voltage was generated and fed to the tube and the copper rod, the result was a spark between the ball and the inside of the tube, the whole thing acting as what we would now call a waveguide resonator. They found that using it they could induce considerable power in adjacent wiring. Experiments showed considerable promise but the detectors of the time where grossly inefficient. It did however alow them to make open feeder transmission lines on which they could measure wavelength with a small bulb (known as a “Lecher line wavemeter”[3]).

[1] https://en.m.wikipedia.org/wiki/Spark_gap_transmitter

[2] http://www.tuc.nrao.edu/~demerson/bose/bose.html

[3] https://en.m.wikipedia.org/wiki/Lecher_lines

0xc3 October 14, 2016 9:58 PM

@Rollo

That is a great idea! My first question is about the protections you have against legal and physical interdictions.

Obviously the “The Inter-Clives” system you proposed has a real danger of “going dark”. This means that your company is bound to face covert attempts of internal subversion, overt subversion accompanied with NSLs, and changes to legal systems that would provide the authority to open or read any package in transit without a specific warrant.

The physical security of document stores is an even more challenging task you will face. I would suggest that you discuss your plan with a very diverse set of librarians before your first round of funding.

Thoth October 15, 2016 4:10 AM

@Figureitout
I have found the culprit for the speed of GroggyBox. The problem lies in the card reader.

I scripted a test to test the I/O of the card reader sending and receiving data from a card and it has an average of 53ms for 200 bytes of data and 70ms for 256 bytes during exchanges.

To make the scenario more realistic, I read an actual file (the same file I used for the GroggyBox test to be fair) to ensure fairness.

I guess this confirms that the encryption process within the card is actually very fast (4ms to 5ms at most) but it’s the I/O delays that are the pain in the bottoms to deal with.

I guess GroggyBox users have to be very tactical and selective on what they want to encrypt in case they twist and turn in their chairs and beds with impatience 😀 .

It would be highly recommended that GroggyBox is to only be deployed for high value messages in a highly portable and highly volatile situation (e.g. travelling journalist or rights activists) where they need to carry a very lightweight yet secure cryptographic device that can also be easily put out of plain sight without too much scrutiny. The messages to be secured should not be more than 1 MB in total otherwise it would take too long to encrypt (10 minutes ?) and recommended message exchanges should b e text-based transcripts of conversations without graphics, media or bloated stuff inside. Simply .TXT files or probably RTF with very lightweight formatting to keep the message transcript very small.

Clive Robinson October 15, 2016 4:35 AM

@ Drone,

In the first article Brian Krebs forgot to mention that due to the “FCC Fear of SDR” updating router and IoT software will probably become a thing of the past.

Basicaly many of the SDR devices in WiFi capable routers and IoT devices can relatively easily be re-programed to use adjacent non approved radio frequencies / channels. Thus the FCC is scared of the regulatory issues that will arise should a popular FOSS router / Iot upgrade get modified to do a couple of extra channels either side of the ISM allocation thus doubling the spectrum use and creating interference etc.

The FCC answer is the usual bureaucratic “Though shall not permit…” type edict handed down on tablets of stone. Whilst the FCC only intend the edict to apply to the radio chip software, most manufactures out of simplicity will just lock down the entire device.

Which will actually create a worse problem due to hacking etc than leaving the radio chips open. But the sort of havoc we saw with the attack on Kreb’s site is not really the FCC’s problem…

Welcome to the world of bureaucratic boondoggles where on agency’s minor issue gives rise to major harms.

Comrade Major October 15, 2016 5:28 AM

@Clive Robinson
In other words, manufacturers will
1) lock device’s firmware for the user
2) make it download and install autoupdate with user unable to cancel it.

This will simplify things for NSA to do targeted attacks which will never be discovered.

The only answer to this is a “FOSS-hardware”. And since we don’t have good legal system for such things to happen, it should be done through black market.

Ergo Sum October 15, 2016 5:51 AM

@Messed up..

It’s not just you, same here with some TOR exit nodes. Cloudfare blocks or requires completing a captcha based on the autonomous system number(ASN) and/or source IP. Most, if not all TOR exit nodes will experience this in one form or another. If you don’t use TOR, your internet IP might be deemed worthy to be blocked by Cloudfare.

Rusty Shackleford October 15, 2016 5:54 AM

Roseanne Barr: I Was the First Person to Tell Trump to Run for President

“When Roseanne ended its celebrated run, Barr got her own syndicated television talk show, The Roseanne Show. Recently, she realized she’d had two very special guests come through her studio-and told one of them he should consider a presidential run.

“I interviewed both Trump and Michael Moore together,” said Barr, who says she “sort of” knows the GOP frontrunner and likes him “as a human being.” “I was watching it and I tell Trump, ‘You should run for president,'” she grinned.

Why did Trump seem so presidential back then? “Because of all of his views,” Barr said. “He was extremely progressive. He was saying we should invest more in education, and we need health care. He said all the things that Hillary’s saying. That’s why I know that it’s just a con. The whole fucking thing. It’s a scam, a con, and it’s rigged.””

/dev/null October 15, 2016 6:09 AM

@Ergo Sum

It’s not just you, same here with some TOR exit nodes. Cloudfare blocks or requires completing a captcha based on the autonomous system number(ASN) and/or source IP. Most, if not all TOR exit nodes will experience this in one form or another. If you don’t use TOR, your internet IP might be deemed worthy to be blocked by Cloudfare.

It’s “Tor”, not “TOR”, BTW.

There are ways around Cloudflare. Loading the site you want with either archive.is or archive.org/web seems to work in most cases. Some require use of a web proxy. Startpage’s free proxy works well in avoiding most CloudFlare pages, and that’s just one of many.

Ergo Sum October 15, 2016 6:15 AM

@r…

I swear, everything is on the up-and-up you just need to provide a little proof of ownership if we’re going to play with your little brother.

Mom says.

Mom is always right and has seen this coming…

Master card says, take a selfie before approving your purchase of the cup of coffee:

http://money.cnn.com/2015/07/01/technology/mastercard-facial-scan/

Once credit card companies roll out the “selfie-secured purchases”, the malware will have a better chance to work even with security conscious people.

Ergo Sum October 15, 2016 6:49 AM

@AlanS…

I agree with Bruce on subject of fixing the user. The bottom line is that if the end user security training could work, it would have worked by now. It’s not like the security training is something new…

Most, if not all malware exploit buffer overflow vulnerabilities. On the Windows side of the house, there are number of security solutions that can protect against this type of malware. Malwarebytes Anti-Exploit, EMET, WoodooShields, etc., comes to mind. If these solution can identify malware, even the zero-day variety in some cases, why can’t this technology be built-in to the OS?

Oh, yeah… It’s a lot easier to blame the end user for clicking on some link in the email, on the web, etc…

Ted October 15, 2016 7:08 AM

https://www.us-cert.gov/ncas/alerts/TA16-288A

Alert (TA16-288A) – Heightened DDoS Threat Posed by Mirai and Other Botnets
Original release date: October 14, 2016

“Systems Affected
Internet of Things (IoT)—an emerging network of devices (e.g., printers, routers, video cameras, smart TVs) that connect to one another via the Internet, often automatically sending and receiving data”

Solution (mitigation and preventive steps outlined)

VinnyG October 15, 2016 7:12 AM

According to current headlines, US citizens renewing passports will be required to remove eyeglasses for the passport photo after 1 November 2016.
http://www.freep.com/story/travel/2016/10/02/new-passport-rule-you-cant-wear-your-glasses-passport-photo/91120380/
While the State Dept claims this change is to expedite “processing speed”, I suspect it is at least as much about increasing the effectiveness of surveillance by means of automated facial recognition. If so, I guess this can be viewed as a good news/bad news story. The bad news is fairly obvious; the good news would be that this seems to imply a fairly poor real world success record in those recognition techniques…
-VinnyG

Figureitout October 15, 2016 8:38 AM

Thoth
–Glad you found it but I can’t really follow your tests. Curious what’s the cause of delay. What you need is a decent scope to look at those lines too to verify more, or if you could toggle a line before sending (not sure how easy that is in Java?), then right after when done if the modulated comms make it a bit harder to see what’s going on. I’d assume it pulls a line high or low when comms start. Or you could just put scope on a power pin and watch for voltage drops (unless it defends against this info leak lol) and see if the timing lines up w/ your tests. In scope we trust. :p

Yeah like I mentioned, the delay added means people would use only when really needed. But it’s good to have these options, more choices for whatever one needs. All one’s day-to-day files it’s probably not worth the effort and the main thing is backing up multiple times. I see main use being encrypting password files. The Mooltipass is another option here, I think you unfairly criticized that (needs legit attacks on it demonstrated before can criticize IMO). I think does emulated keyboard and would put the password into say a gmail login field. There’s other options (encrypted USB sticks, w/ each password file zipped and encrypted w/ separate keys…or SD cards w/ Veracrypt) but w/ a smart card you don’t have an additional MCU in the card like you do w/ SD cards, which is a security risk. But I think that security risk has shifted to the card reader now…?

OT: look at SIM cards too, amazing how big a micro is in there (32bit arm core…ton of memory), you might like this: https://www.youtube.com/watch?v=l_BfjEF513k So much 404’s trying to find some of the datasheets lol.

Ergo Sum October 15, 2016 9:12 AM

@r…

What’s old is new, and repurposed for w10. 🙂

More accurately, L0phtCrack is re-purposed for current hardware. Since version 6 in 2009, the processing power increased substantially and as such, version 7 now utilizes multi-core CPUs and GPUs. Windows 10 password hash did not change from earlier OS, such as W7 and 8, and of course the increased processing power will crack the hash faster.

As a side note…

Getting the password hash requires admin level access for the running Windows OS, with tools such as PwDump. With that level of access, be that internal or external, does the password cracker matter much? A key-logger is a much faster way to get the password…

Thoth October 15, 2016 9:21 AM

@Figureitout
If you recall, I did mention that the card reader have a chip of it’s own. I suspect that the reader’s chip might be the cause for concern since you need another chip to take the logical data and modulate into ISO7816 compliant frequencies for the card.

I do not have an oscilloscope and I need this card reader for other stuff so I guess I will have to just live with it and not take out some pliers and break it open for now. You are not able to “toggle a line” in Java.

The procedure is Java will call the native PC/SC library (smart card driver) which will encode it in USB CCID commands and send it to the card reader. The card reader will have it’s own chip and translate the USB CCID command into ISO7816 frequencies and then send it to the card. You can see from the sending of a simple logical APDU datagram, it passes through at least 2 translation phases already.

I critisize Mooltipass because there is better stuff out there. The Ledger hardware team are going to include a Password Vault app and I believe this Ledger device which have a USB stick form factor or also a touch screen “PDA-like” form factor maybe the answer which Mooltipass have been attempting. In my opinion, the flexibility and almost open nature of Ledger Nano S and Blue are very tempting especially for those who seek for both security and portability in one package and also most part are open (including the STM32 OS) save for the security HAL for the smart card chip.

For practicality, the Ledger Nano S is already in production and can be purchased. The OS and software can be found on their Github page and one can simply flash and DIY your own application. A few people have gotten started code cutting for the Ledger Nano S already.

Ledger devices comes with a USB HID interface library and that opens the opportunity to emulate Mooltipass/Yubikeys by injecting keystrokes just like a keyboard that is if someone bothers to use the HID API though.

The card reader can be a security risk but that is if you don’t do Secure Channel Protocol which is to open an end-to-end secured channel between the host PC and the card’s chip. The reader can be malicious but the SCP channel should handle it.

On top of that, I have placed a purchase for FIDO authentication USB sticks. These FIDO sticks contain a smart card chip and a reader chip all in one so I am wondering if the hugely compact form factor might increase the I/O speed (untested yet) and there wouldn’t be a need for a physical reader anymore as the FIDO authentication stick contains the reader chip and smart card chip all in one module.

I have plans to try and implement some form of secure input into these FIDO authentication stick once I get hold of them. These sticks have a single “approve” button and that’s more than enough to do lots of things if you can let your imagination run a little wild 😀 .

Wow… that SIM card chip makes me droooooolllllll…. So much RAM and Flash. Hmmmm … yummmmyyyy…. 😀 .

Oooopppss.. don’t mind, when I see such chips, I can start to see many opportunities for all kinds of weird projects I have. I have a list of unconventional implementations that most card makers and suppliers would find it totally unorthodox which doesn’t bother me.

The usual problem with most smart cards are what I call “dumb cards”. They have no way for secure interaction in the form of accepting direct input from a user or a direct display to the user. If we consider display or input as more sensitive, I think input is more sensitive than display so for me, I do be searching for secure input for the card to make it a little “smarter” and more secure.

Ledger products fit into the bill of “smart” security devices since they pack both secure input and display but that is not the case for most day-to-day usage where one might have to pass through multiple international checkpoints and these sort of “secure devices” may attract attention thus the next graduated step for blending into the crowd is to carry something that looks like what most everyone else carries … dull USB dongles that have no display but a touch capacitive button should be enough to fit the bill for secure input (FIDO single touch button devices).

My original idea for the GroggyBox was to create a portable secure email reader (MailCard) but that has proven to be problematic as you have to handle TLS and POP3/IMAP/SMTP and everything under the hood which I scaled everything back to making it a simple “Burst Message Encryptor” or maybe a “Burst File Encryptor” for encrypting small “bursts” of messages and files. Using it as a password file encryptor is a nice idea but as my GroggyBox implementation mentioned, it has a format it supports which is a Keystore format to store PIN/Password/Keys and also import/export via it’s GroggyBox Keystore format if all plans goes well but nothing is fixed since GroggyBox is in it’s infancy.

Thoth October 15, 2016 9:26 AM

@Figureitout
I forget to mention in the previous post that the huge blackout of information on smart card chip and such is not just due to the certification criteria for these chips but a poisonous industry habit that has always been lingering due to greed, jealousy and in-fighting.

War Geek October 15, 2016 9:34 AM

@VinnyG

The US state of Virginia DMV is already asking people with glasses to take their glasses off for their driver’s license pictures…seen first hand at the Arlington County DMV building.

Whether that’s a pilot program for a state/national facial recognition program, or just something another perk of living too close to the intel sleaze in DC is a question.

Clive Robinson October 15, 2016 10:16 AM

@ Comrade Major,

Sort of… But,

2) make it download and install autoupdate with user unable to cancel it.

Consumer level devices will not get upgrades, the manufacture will drop any development/software for it the second it goes into production.

Back in the bad old days which were fun, you used Mask Programable MCU’s, with about 50% of software development time actually being fairly intensive testing. Thus hardware went out with either few or no software faults that customers would notice.

However the use of Flash ROM parts now means software can be sent out in “barely functioning” state with the potential for “patches” down the road if customers put on enough preasure. With this FCC requirment we will go back to the bad old days of no updates, but…the managment will not alow the now much shorter development times to go back up for sensible testing….

Thus this race to the bottom is actually being driven by gov regulation for once… As opposed to the greed of the free market.

Slime Mold with Mustrard October 15, 2016 11:36 AM

Does anyone have a clue as to what the hell this is CIA Prepping for Possible Cyber Strike Against Russia ?
Revenge for the DNC hack? Why telegraph the move? Idle threat? The Russians might not see it that way. It begs for a preemptive strike. Are we that confident in our defenses?

For that matter, why the CIA instead of Cyber Command at Fort Mead?

The conspiracy sites and UK Tabloids are reporting that the US has raised our alert levels to DEFCON 3.

Gerard van Vooren October 15, 2016 11:52 AM

@ Slime Mold with Mustrard,

Does anyone have a clue as to what the hell this is CIA Prepping for Possible Cyber Strike Against Russia ?

My first impression is that the talking heads are talking. As always, don’t listen to what they ramble about, look at what they do.

Figureitout October 15, 2016 12:08 PM

Thoth
–I recall, just clarifying. I don’t have a scope either but if I need one I can use one at my school or work. Is there anyway to use one at your work? A startup company that my dad got offered to work at (and it’s doing well now) has USB scopes that are like 1/4 price of regular scopes, and first thing you think, “USB scope, pffft that’s a joke”, but I think they’re actually much better than your typical USB scope. They wouldn’t be selling if they sucked. I’d prefer a standalone regular one though, plus the probes are damn expensive too, and good probes are a must. Can’t toggle line in Java?–Ok, well for instance I’ve run into issues where timing functions weren’t right or get compiled out, and we needed a scope to “get the truth”. The software was lying and needed external checking. One instance I found out a delay function was off by a factor of 10. We know that the chip in the card reader is in an “on” active state before comms start, correct? So no kind of startup time is happening either powering up or waking from a low power state. That would be a few ms depending on the chip. So something in the protocol going back and forth from PC to card reader, and differs w/ different payload sizes.

Ledger hardware team are going to
Going to, going to do it. Mooltipass has that functionality already, did you see how it was developed? They let anyone who wanted to get involved, there was people all over globe contributing. It’s all open source too. Think it’s mostly your personal preference.

Here’s the thing w/ the USB sticks, a lot of them put the buttons where if you pushed down while it was plugged into a USB port, it may damage the port. You’d have to use external usb cord.

Yeah, isn’t it incredible that such a thin card has such an MCU? What an attack surface! Lots of room for a malware lol…at least it has some additional security features from typical MCU’s.

Just one little thing regarding cap touch, for bare bones implementations (depending how it works, few different methods but a capacitance value can be converted to voltage and run thru an ADC and then you can run software filters on the digitized values), we know it’s possible to remotely activate it w/ a radio. How to use that in an effective realistic attack, don’t know right now. That was a few years ago, things have improved greatly and you can implement lots of other filters, especially if you don’t have to worry about power consumption. That would only matter I think if you left it plugged in somewhere mostly, which is user error, and that kind of attack would be rarely used. And you would either need an additional micro or just put the rest of security functionality into cap touch chip (certainly do-able..).

Or you could just use a boring button, I know it’s not “sexy” though eh? :p

Yeah I think the functionality is enough for now, supporting all those protocols would get ugly and most likely insecure real quick, too much moving parts, easier for things to hide in the noise. But it’s your baby, we’ll see how it turns out eh? 🙂

And yeah sucks we can’t get info on those cards easier, sounds pretty nasty what you describe. :/

Figureitout October 15, 2016 12:13 PM

Thoth
–Actually damnit the USB scopes were USB vector network analyzers, which are typically eye-watering expensive. I’ve never used a VNA so I don’t know how to use those, think similar to spectrum analyzer which are definitely different than scopes. Anyway…sorry about that lol.

Comrade Major October 15, 2016 12:41 PM

@Slime Mold with Mustrard
It don’t think it will be massive ddos or any kind of attack on russian infrastructure. My opinion they will leak some kompromat on closest friends of Putin.

Comrade Major October 15, 2016 12:46 PM

@Slime Mold with Mustrard
Putin’s daughters. Forbidden topic in Russia. There is also this old pedophilia story…

ab praeceptis October 15, 2016 2:53 PM

I’m somewhat shocked about what’s going on here. For instance mentioning an article on security/crypto in the nyt. That’s about as sensible as discussing complexity theory in a farmer gazette.

Also way too much focus on washington, fcc, government and whatnot. Those aren’t a source of solutions, they are the problem.

Compliments to some few like Thoth who actually contribute to security.

As for the big-mouthed attack plans against Russia: Bring it on – and then live with the response.

In other words: There will be plenty blabla but little action. Simple reason: It security in Russia is way better than in the nato countries. I state that, well noted, as someone who follows IT and in particular security in Russia since quite a while. The Russians have quite some quite smart (and excellently educated) people who do quite some things right and, more importantly, they pretty well avoided to create wide open insecure junk in the first place.

Don’t forget that Russia is a victim, too, of all those smart eastern hackers (e.g. and particular from ukraine), i.e. the russian defense people have seen a lot of seriously hard attacks.
Plus, they have their own CPUs and hardware for critical systems and they have a lot of excellently educated and bright software people.

Moreover, the us-americans have lots of crappy and lousily make-shifted infrastructure. The last thing they need to give Russiaa proper and clean legal reason to hit them in response to an act of war (which a cyber attack like the planned one would be).

My take is that, as usual, almost everything in washington is about show and about saving face. As they were stupid enough to tell the whole world that evil Russia cyber attacked the democrats (which doubtlessly is mindless BS) they urgently need to “do” something; and that something is what is always is, namely some threatening blabla.

Ted October 15, 2016 3:23 PM

The Peggy Smedley Show, the Voice of IoT
10-4-16, Episode 474, Segment 1 – Industrial Internet Security Framework</a href>

“Peggy talks about a recently published “Industrial Internet Security Framework” from the Industrial Internet Consortium, and encourage listeners to take a look at the framework. She explains that the framework is part of a bigger movement to move the Internet of Things forward, and is proud of the industry for coming together.”

The Industrial Internet Consortium
http://www.iiconsortium.org/

The Industrial Internet Security Framework
http://www.iiconsortium.org/IISF.htm

The World Economic Forum report “Industrial Internet of Things”
http://reports.weforum.org/industrial-internet-of-things/

MrC October 15, 2016 4:13 PM

@ David Kowis:

Meh.

It’s utterly worthless against an attacker with physical access to the smart card. It relies on a 4-digit numerical PIN and a self-destruct mechanism on the smart card. But it includes functionality for duplicating the smart card. That makes a brute force attack feasible with nothing more than cash. I also imagine it wouldn’t be hard (given that it’s open hardware) to construct a knockoff smart card minus the self-destruct mechanism and then duplicate the victim’s card onto that. Given the tiny search space for the PIN, a brute force attack using a non-self-destructing smart card would only take minutes.

The gadget’s one undeniable strength is that it moves the key material and the master password entry off the PC. That’s a good thing no matter how you cut it. I’m just not sure it’s worth the hassle. Ultimately, it only stops the subset of attackers who are capable of defeating a properly implemented software password manager (e.g., passwordsafe) but not capable of mounting an evil-maid or black bag operation to duplicate your smart card. That subset isn’t empty, but it isn’t very big either (at least for those of us not high-profile enough to draw a lot of targeted attacks).

JG4 October 15, 2016 5:33 PM

It would be prudent to mention that a DMV photograph could be done with a sufficiently high resolution camera to capture iris information. The multiple reflections from eyeglasses might spoil the data quality. It should be possible to wear contacts that defeat the undesired data collection.

I’ve wondered if decorating the back of a car with a large quantity of letters and numbers could defeat license plate tracking. There is a fairly wide swath of first amendment rights left in the US and artistic expression is one of them. If the license plate were mounted off center and tilted, and many of the other collections of letters and numbers of similar size were tilted and scattered about, it would at least make tag ID much more difficult. If any meaningful fraction of people adopted the technique, it would be quickly made illegal. In the interim, the artistic expression might be regularly rewarded with hardwood shampoo.

I stumbled into a thicket of old news today. This gem was in it:

iPhone 5nSa
https://www.youtube.com/watch?v=IQQH_A9qVgs

It started in one of the usual spots:

http://www.nakedcapitalism.com/2014/04/wolf-richter-just-got-paypals-new-absolutely-privacy-ever-policy.html

http://www.testosteronepit.com/home/2014/2/24/big-brother-surveillance-propagandist-arrested-in-california.html

With the right safeguards, this would be a good idea. As it stands now, Frank Church’s warning is more timely than ever. At least he got a pleasant spot named after him, after they poisoned him with carcinogens.

Los Angeles Cops Argue ALL Cars in LA Are Under Investigation
http://www.testosteronepit.com/home/2014/3/19/los-angeles-cops-argue-all-cars-in-la-are-under-investigatio.html

Do you drive a car in the greater Los Angeles Metropolitan area? According to the L.A. Police Department and L.A. Sheriff’s Department, your car is part of a vast criminal investigation.
The agencies took a novel approach in the briefs they filed in EFF and the ACLU of Southern California’s California Public Records Act lawsuit seeking a week’s worth of Automatic License Plate Reader (ALPR) data. They have argued that “All [license plate] data is investigatory.” The fact that it may never be associated with a specific crime doesn’t matter.
This argument is completely counter to our criminal justice system, in which we assume law enforcement will not conduct an investigation unless there are some indicia of criminal activity. In fact, the Fourth Amendment was added to the U.S. Constitution exactly to prevent law enforcement from conducting mass, suspicionless investigations under “general warrants” that targeted no specific person or place and never expired.

Taken to an extreme, the agencies’ arguments would allow law enforcement to conduct around-the-clock surveillance on every aspect of our lives and store those records indefinitely on the off-chance they may aid in solving a crime at some previously undetermined date in the future. If the court accepts their arguments, the agencies would then be able to hide all this data from the public.
However, as we argued in the Reply brief we filed in the case last Friday, the accumulation of information merely because it might be useful in some unspecified case in the future certainly is not an “investigation” within any reasonable meaning of the word.

r October 15, 2016 7:08 PM

@JG4,

Zeroing in on the appropriate set would be aided by the holographic tags we all have, might be a good idea to cut similar holographic squares and artistically express your frustration over license plate readers with those too.

r October 15, 2016 7:11 PM

@JG4,

I had an odd run in with a local officer about 10 years ago, while it was before the time that I think the technology would’ve been generally capable – he explained to me that he could tell my tag was expired from 100~ yards away. I didn’t ask if it was with his naked eye or some sort of telescopic vision but you get the idea.

They were expired, I payed my ticket no questions asked.

r October 15, 2016 7:13 PM

IF that was true, and it was aided by technology: be mindful of “plain” sight where drones and stop lights are concerned.

It’s the whole, interoperability of things.

Thoth October 15, 2016 7:20 PM

@Figureitout
There isn’t any scope at workplace. Mostly code cutting tools for code cutting people. These days, physical probing are getting less attractive than code cutting but still, probing with scopes are useful. Where do I get a cheap scope good enough for the job by the way ?

Thoth October 15, 2016 7:25 PM

@MrC
Do you have any proof of your claims that you can bruteforce the 4 digit smart card PIN or even clone it within minutes without authorization ? I do be interested since this would be very useful in many scenarios.

Oh, and the attack shoud not be targetting a memory card but a secure processor card since Mooltipass uses a secure processor card in this instance.

MrC October 15, 2016 9:22 PM

@ Thoth:

It seems I was mistaken. The clone feature works differently than I originally understood. I thought it was doing a dumb copy of the encrypted contents. On a second look, it appears the smart card being cloned won’t dump its data, encrypted or otherwise, to be cloned without its PIN. That moves the whole cloning process behind the smart card’s anti-tamper protections. Which moves the bar considerably. I was totally wrong on this one. That’s what I get for shooting my mouth off before reading closely.

Thoth October 15, 2016 10:43 PM

@MrC
Smart card “cloning” has another name called Key Migration or CSP Migration. What it does is that the keymat is securely transferred between two secure environmemts while the individual identifiers and PINs can remain untouched in the sense that he PINs would not be transferred.

How a typical secure migration process would look like in a typical scenario (not specific to Mooltipass or any specific cards) is both cards negotiate each others’ attestation and credentials then they create a secure channel or negotiate a KEK of sorts to wrap the CSPs (keymats) before transferring them securely.

How does Mooltipass move the keymats between cards … have to ask them because the AT88 smart cards they use are proprietary platform and it maybe subject to NDAs.

JK October 15, 2016 10:53 PM

@ ab praeceptis

Many blog regulars discuss what is going on in popular media because that has a big influence on the perceptions the general public have about security/privacy issues. Understanding how these issues evolve in public discourse is an important factor in understanding how our society deals with those problems.
In definitely no fan of the media or our governments, and I understand your reaction, as they are often ugly and counter productive. Trust me, i feel that. But this blog is not just for pure technical discussion, it serves a wider audience. I read posts by Thoth, Nick P, yourself and various other with interest and respect, even though I don’t usually get the fine points. I’m sure you’ll also be able to respect people who discuss how these issues are represented in the media, even when its not pleasing. Thanks

Clive Robinson October 15, 2016 11:42 PM

@ The usual suspects,

You might find this from “Tom van der Woerdt” of interest,

    The last few weeks I have been spending my free time on implementing a Tor OR (Onion Relay) in the Go language (golang.org). After a while I realized the language was not suited for the project, and stopped working on it. Today I am sharing what I learned, and will release the partially working code on github.com/tvdw/gotor.

https://tvdw.eu/blog/2015/01/24/implementing-a-tor-relay-from-scratch/

Gerard van Vooren October 16, 2016 3:44 AM

@ Clive,

It’s a good read. I like the hands on dealing with issues approach style of writing. On the other hand, I really doubt the security of it all. That’s where ab praeceptis comes in and he is right, especially when you deal with Tor.

About the issues with Go, I filter out two issues. One is contact switching with C that is running hot. That issue can’t be solved unless you want to develop a fast Go crypto library (probably in assy but Go has quite good assy support). The other issue is memory bloat. That issue (usually) can be dealt with if you are using the profiling tool.

But all in all if you want to use Go for a “hack a week” to deal with something that is so hardware demanding, Go is probably not the right tool. Especially if you have to use C for the running hot parts, I think that today Rust is a better answer. I am a bit curious how Haskell deals with this.

Clive Robinson October 16, 2016 6:55 AM

A story of DRM, upgrades and obsolescence

https://community.rapid7.com/community/metasploit/blog/2016/10/11/pokemon-go-security-and-obsolescence

It’s about the problem of hardware manufacturs orphaning their high end hardware, a users attempt to keep attack vectors down and application vendors assumptions that you are cheating on them.

Whilst this is initialy about Pokermon Go on a Nexus smart phone, this issue is going to get a lot worse real soon with the likrs of home WiFi devices like routers, IoT devices etc.

The result is that contrary to the intention of environmental laws designed to protect us landfill or worse sea dumps are going to be contaminating the water supplies and food chain more rapidly with those nasties that electronics needs…

t41nt3d k3rn31 October 16, 2016 8:00 AM

@r, @Clive, All

Here is a link to a thread on TorProject’s Mailing List, section of “tor-talk”.

It’s brief and there really should be more intelligent responses there, but maybe people are busy working on problems rather than chatting about them. Maybe you want to add to their thread about it?

Clive Robinson October 16, 2016 8:11 AM

@ r,

With regards the Tor-DNS problem, I’m afraid it is just one of several attacks that the Tor topology engenders.

Also remember when they talk of a “global passive” entity most nation states including some of the super powers are not in that position.

If people want to work out which ones are firstly consider “The all roads lead to Rome” design of the Internet and then consider who are “the friends of Rome”…

It is then an easy step to realise that such monitoring is not for finding foreign intel agents, terrorists or even the majority of non brain dead hackers but the –innocence nolonger assumed– citizens of those nations.

Further the likes of the NSA are known to “forever keep” traffic they consider “in code” what has not been indicated is what they consider to be “in code” nor the level and granularity of it’s direct, indirect and associated meta-data (into which DNS falls).

Thus the NSA has a “time machine” into which they can travel their new exoloits back onto old traffic.

At some tipping point, other US Gov entities are going to get access to this time machine, one of which is definitely going to be the FBI on a quid pro quo basis for “running cover” for the NSA via NSL letters etc. We already suspect this has happened at some level, but like any drug addled looser that is hooked the FBI want more. Hence they are setting up their own quasi-legal systems and pushing technology down –stingrays etc– to other LEAs to enable them to push up (the comparison trick to be used on congress critters etc).

So yes Tor is as I’ve repeatedly said not fit for purpose, and at some point those that use it currently are going to have to ask themselves the question,

    If Tor does not give me IP address anonymity to the Nation state, and the nation state assumes Tor use makes me a person of interest or worse, am I putting a rope around my neck by using Tor?

But further to that is what happens if the FBI takes more than a watchfull interest because they need to up their profile (think of those faux terrorists they created/entrapped). There is of course the “court of public opinion” that is driven by the gutter that is the MSM. They know that any hint of codes, secret messages and similar intrigue sells. And more importantly there is no legal risk in playing it up when talking about people the FBI have pulled in. So otherwise innocent people get tarred with the same brush as kiddy fiddlers, illegal drugs and gun running, terrorism and a whole host of lesser evils in the court of public opinion and that sticks and can be a life sentance with the Internet for HR depts to check people out…

I guess it boils down to how much risk you want to take on for no real gain…

Thoth October 16, 2016 8:25 AM

@Clive Robinson
Hackability could still be enabled via ARM TrustZone. I have been very outspoken against many TrustZone implementations and even called it a backdoor trap once (probably more) but there is a split between my personal opinions on what I prefer and what is practical to the business or public. For this fact, if a business wants to allow users to hack their phones but also to lock down on features and uses, they could do it via TrustZone.

For Pokemon Go, the software developer could create a minimal codebase for critical functions like accessing GPS coordinates and secure communication with the Pokemon Go servers which would reside and execute exclusively in the Secure World. This would effective put the business critical codes out of the reach of the users even if they were to flash the userspace Android OS residing in the Insecure World since the TrustZone uses multiple layers of security including a ROM RSA public key, ROM bootloaders, signed secondary loaders and other security processes.

When interacting with Pokemon objects, the objects can be tokenized (on the server side and then sent down to the device) and given a time span for say 5 to 10 minutes before it is re-tokenized and re-populated into the Pokemon Go’s virtual environment. This gives enough time for user interaction but to copy and transmit the tokenized data in a re-play attack instance, it would be detected and ignored or even allow tracking of violating users and allow future actions to be carried out and investigated on frequent violations.

The users can root the userspace Android OS as much as they like but the fact that the Secure World is intact and mostly unreachable from the Insecure World except for the Secure Monitor that sits between the Secure and Insecure World. The Secure World is still in control of the situation as I have pointed out many times because the boot sequence for TrustZone is to first boot the Secure World which would later initialize the Secure Monitor which later would allocate memory and bootload the Insecure World and it’s userspace OS which means that the Secure World is always available but mostly not heavily active until something triggers it. Theoretically, it could be used as a secure backdoor into the userspace to change the kernel of the Android OS and no matter what sort of Android OS or Linux flavours loaded onto a TrustZone enabled chip, it is theoretically possible to persistently compromise the userspace as much as the Secure World wants to.

Due to the TEE environment mostly still hush hush and NDAs, it is common to see software developers pull their hairs out when it comes to controlling the rowdy crowd who loves to root their devices and want to spoof GPS coordinates as they have very little knowledge to code cut TEE applications for the Secure World and resource to get started on TEE development. It is a matter of time someone figures out some flaws in the TrustZone implementation but that would need another long rant/article to touch one. Two paths are available.

Business centric approach where the user gets an open (or even locked down) Insecure World with a vendor (Qualcomm, Samsung, Apple…) controlled Secure World which can serve as a secure backdoor if misused or to simply fling wide open the entire chip (either placing both the Secure and Insecure World into the end-user’s hands at their own responsibility) or simply just disabling or not using a chip with TrustZone or whatever security there is and simply live with the griefing of hackers and game exploits for software developers but at the benefit (maybe ?) of the end-user.

It is more of a zero sum game when it comes to control.

Skeptical October 16, 2016 8:34 AM

@Slime Mold:

As I’ve written, the official attribution of responsibility to Russia committed the US to a response.

“CIA” because they are the agency legally authorized, in accordance with certain procedures, to conduct covert actions. Also because – imho – a proportional response here will involve operations undertaken to shape the information environment, which will involve expertise and capabilities beyond cyber (no use of actual force though, I would guess).

If this leak is authorized, it’s in part a warning to Russia. The United States does not consider the information operations conducted to influence the US elections to be conduct within the bounds of ordinary espionage, but rather considers it an escalation to level of conflict that threatens core US interests, is not tolerable, and that therefore the US will be required to respond proportionally. The official attribution – removing the fig leaf of official Russian deniability which the US might seize as a reason to not respond – in conjunction with this leak, is intended to make clear that the US is not bluffing.

As a warning, it also puts Russia on notice as to the consequences should it decide to escalate the influence operations it has already launched: the US will not only be taking measures designed to thwart Russian attempts to escalate, but is prepared and committed to undertaking punitive measures in response.

Overall, the intent to provide the Russian Government a clear understanding of the US position, and to open an opportunity for the Russian Government to manage its operations so as to avoid further escalation.

Needless to say, it also diminishes the extent to which continued Russian influence operations can be interpreted as a miscalculation by the Russian Government, which could conceivably view this as within the outer boundaries of established norms of conduct.

@Ab: As for the big-mouthed attack plans against Russia: Bring it on – and then live with the response. … In other words: There will be plenty blabla but little action. Simple reason: It security in Russia is way better than in the nato countries. … the us-americans have lots of crappy and lousily make-shifted infrastructure. The last thing they need to give Russiaa proper and clean legal reason to hit them in response to an act of war (which a cyber attack like the planned one would be).

I’ve heard this reasoning before: the US can’t escalate because cyber attacks on US infrastructure would be devastating.

The problem with that reasoning is that it does not trace the likely sequels to such an attack.

A devastating cyber attack on US infrastructure would take this conflict out of the cyber/information realm. It would instigate a state of war. Russia would be completely isolated – China has no wish to see the world descend into conflict, nor could China view such an action as anything other than an act of war equivalent to a kinetic attack – and would if anything aid the United States. It certainly would trigger a response by NATO, and retaliation on a variety of levels.

In other words, to take advantage of the vulnerability of US infrastructure requires one to escalate the conflict beyond cyberspace. At that point, one has lost. US infrastructure may be vulnerable in some respects, but it is resilient. The US Government has vast resources to effect the repair and rebuilding of the infrastructure – indeed quite frankly such a program might be immensely beneficial for the United States in the long-term.

But the party which attacked US infrastructure would find itself in quite a different position. Isolated economically and diplomatically, out-matched kinetically, it would be devastated at home and abroad. How long would the Russian leaders responsible for such results last in their current positions?

So it would very much NOT be in the interests of the Russian Government to escalate to an attack on US infrastructure in the manner you allude to.

Should this continue within the realm of information operations, the United States has the advantage.

Clive Robinson October 16, 2016 8:40 AM

@ Tainted Kernel,

It’s brief and there really should be more intelligent responses there, but maybe people are busy working on problems rather than chatting about them. Maybe you want to add to their thread about it?

Years ago there used to be this statment,

    What ever the question is, Microsoft is not the answer.

Put Tor in Microsofts place and you will start to get an idea of the problem.

There is a very old joke, about a young newlywed couple going on a driving tour for their honeymoon. They get lost in the countryside and see an old farmer leaning on a gate puffing his pipe. So they stop and ask the farmer for directions. He nods, takes his pipe out and rubs the side of his nose with the stem and develops a very thoughtfull look. After a little while he clears his throat and says, ‘If I was you I would not be starting from here’.

Which about sums it up for Tor, it’s fundemental design is not capable of keeping your anonymity from High Level Attackers. To pretend it can be fixed would be at best kidding yourself, at worst condeming people to an ignoble end.

I’ve been saying it for years, and as every year passes Tor’s failings become more widely known by researchers. Tor is dying the death of a thousand cuts and needs to be put out of it’s misery. It appears the developers will not acknowledge that the fundemental design of Tor is broken and needs fixing. As I’ve indicated in the past, slapping a bandaid or two on a broken bone is not going to fix the underlying problem.

I’ve previously outlined what needs to be changed and why, so you can search back on this blog if you want more. It’s upto you if you want to go banging on the locked door that is the Tor developers, to try to get them to open up to it, but past experience suggests you will be wasting your time and effort.

Ted October 16, 2016 9:59 AM

New York’s top banking regulator has proposed new cybersecurity regulations for banks, insurers, and other financial services institutions.

The regulation was proposed by the Department of Financial Services on September 28th and will be open for public comment for 45 days before its final adoption (November 12). It establishes minimum cybersecurity standards and will allow companies to adjust their risk profiles adaptively after meeting these baseline standards.

Some of the proposed regulations will require that covered entities maintain a detailed cybersecurity policy, designate a qualified CISO, perform penetration testing and vulnerability assessments, implement and maintain an audit trail, perform annual risk assessments, require multi-factor authentication, establish a written incident response plan, etc.

The new regulations will apply only to banks and other financial services companies licensed by New York state, not to nationally chartered institutions. However, New York’s Department of Financial Services could set an example for other regulators at the state and federal level.

NY DFS Cybersecurity Requirements for Financial Service Companies</a href>

Press Release</a href> | WSJ article</a href>

Gerard van Vooren October 16, 2016 10:11 AM

@ Skeptical,

If this leak is authorized, it’s in part a warning to Russia. The United States does not consider the information operations conducted to influence the US elections to be conduct within the bounds of ordinary espionage, but rather considers it an escalation to level of conflict that threatens core US interests, is not tolerable, and that therefore the US will be required to respond proportionally. The official attribution – removing the fig leaf of official Russian deniability which the US might seize as a reason to not respond – in conjunction with this leak, is intended to make clear that the US is not bluffing.

Have you read what has actually been leaked? It shows that Hillary Clinton is corrupt. She has been keeping that quiet in spite of repeated requests made by Bernie Sanders, who didn’t participate in this kind of stuff. Personally I don’t care who is behind these leaks but I do care about what has been leaked. And let me add that Trump isn’t any better. He didn’t pay taxes for a couple of years and he probably can get away with that.

The system is corrupt, that is what is going on here. Blaming Russia is wagging the dog. The real problem is the corruption that is present in both D and R. Maybe going Green is the answer here.

A devastating cyber attack on US infrastructure would take this conflict out of the cyber/information realm. It would instigate a state of war. Russia would be completely isolated – China has no wish to see the world descend into conflict, nor could China view such an action as anything other than an act of war equivalent to a kinetic attack – and would if anything aid the United States. It certainly would trigger a response by NATO, and retaliation on a variety of levels.

It’s quite clear here you have no idea of what you are talking about. Again.

What have we seen so far? We have seen hacks in personal computers. That’s it. Nothing more, nothing less. Oh yes and publishing the copied data. We haven’t witnessed hacks on infra structure. That’s more an US/Israel game.

Yet you keep on talking about NATO responses and that kind of stuff. Snap out of it.

No, DJB was pretty right in his tweet:

“Democracy” (noun, American slang): A multiple-week mob trial of two accused criminals to decide which one will be the next 4-year warlord.

ab praeceptis October 16, 2016 10:48 AM

Gerard van Vooren

Not meaning any bad, seriously not, but: the Go failed even before they started the Go project. Why? Because the right path would have been to re-vitalize what already existed since decades and actually was one of the few good evolutions of C. I’m talking about Limbo.

But then, again, meanining no bad whatsoever, Limbo was somewhat of an exceptional moment of light. Languages just weren’t their strenght – and they need not be; after all those people were glorious heroes in the field of Operating systems (Plan 9, Inferno, plus a loooong background).

As far as I’m concerned Go is a funny and interesting experiment that, however, is probably more to do with the need of one person to finally create a major language, too, than it was to do with safety and security. And, of course, google was more than happy to make it happen.

The article linked by Clive Robinson doesn’t surprise me in the least. I wouldn’t have expected anything else. Brutal and unfriendly as it may sound: there are some subtle but extremely important differences between a language that really lens itself well to system jobs and a cool language du jour.

Plus Tor. And there I’m not even addressing the, it seems, inherent problems of Tor (which btw do not exactly hint at an excellent design …) the author demonstrates. No, I’m talking about loads of exit servers eavesdropped and about other quite unpleasant things that somehow seem not to disturb the fans of Tor.

Finally, to name another ugly detail: Running massive loads of data through a system with lots of crypto is exactly the kind of invitation nsa guys love.
Well noted, I do not say, it can’t be done; it certainly can. But I say that unless is properly and well (designed and) done, it opens a vaaast sampling space. Add lousy PKE to that and you have created a monster that will bite you more than occasionally.

The lesson that I’d suggest to take away from that article is: Unless your crypto is properly modelled and verified (there are meanwhile some quite good tools available, but it could be done before, too, albeit with more efforts needed), chances are that thing will bite you. Second: Unless you use a well etablished and understood (incl. its weak points!) adequate language for implementation (incl. a compiler proven at the very minimum by time and heavy usage) which is validated and verified, too, you only feed the bad-crypto monster to grow bigger faster and to bite you worse.

Daniel October 16, 2016 10:55 AM

@Clive writes, “I guess it boils down to how much risk you want to take on for no real gain…”

That is unfair. I am the first to agree that Tor has major issues and is broken in some hard-to-fix ways. Yet I think it is wrong to suggest that Tor has no value or that there are not ways to mitigate those flaws by the Tor user. But most importantly, I think it misses the direction which Tor is going. @TheGrugq had a comment on twitter some time ago where he noted that Tor was headed in the direction of a secure Voice of America. I think that’s correct. Tor doesn’t have any fundamental desire to support illegal content and while given its design it will never be able to rid itself of illegal content entirely it is going to put significant effort into make criminal activity on Tor as limited as possible. FWIW I said a number of years ago that Tor was a far bigger threat to Google than it was to the FBI and I still think that is true today.

In short, I don’t think the biggest problem is with Tor itself. It is with the false expectations people have of Tor. Expectations, to be sure, that Tor has often inadvertently encouraged in the public’s mind.

ab praeceptis October 16, 2016 11:01 AM

Thoth

Yes. Risking to be called an a**hole: A company, that’s what experience strongly suggests, will either create a nice marketing gadget or a nice security engine. Arm took the blurb path. “trustzone”. Sound nice and handy and promising – and I don’t believe it a second.

I don’t want (or trust) a blabla zone in a processor. I want clear cut simple things like a montgomery unit and some other basic building blocks. If they feel like it they may add some micro firmware for pseudo instructions like “aes256”. Next, give me some KB of WORM on chip, preferably in multiple chunks, each of which can be fixed down indepedently, and I’m happy, much happier anyway than with a half opaque promise zone.

Btw, re. your project: Am I mistaken that your smartcard communicates only by some old style simple RS323 like facility or how come those lousy limits like 20 KB/s? (Be generous with me; smartcards are not my forte but I would have assumed that something like 1 Mbit/s was kind of the lower limit).

Shemptical October 16, 2016 11:07 AM

skeptical’s back as the still small voice of the beltway parasites, pretending their war hasn’t started. Mr. Magoo didn’t notice the pieces of CIA knuckle-draggers bouncing down the road.

http://www.special-ops.org/19267/russian-jets-reportedly-bombed-covert-us-base-in-syria/

http://russia-insider.com/en/politics/russia-ready-war-usa-defend-its-national-interests-while-american-public-slumbers/ri17008

https://nationalinterest.org/blog/the-buzz/revealed-russian-invasion-could-overrun-nato-60-hours-15112

Let’s get this over over with. The SCO will deftly cripple and decapitate the US banana republic. Then we the peoples will put their heads on sticks. Not skeptical, he’ll be a shadow on a chunk of rubble.

ab praeceptis October 16, 2016 11:13 AM

Skeptical

I strongly object.

While you are right in that next to certainly none of those countries wants a cyberwar, possibly soon escalating to a conventional war, I still object.

Reason: It comes down to a simple equation: How vulnerable are you, how well are you capabilities to recover at least partly and how strong is is your attack force?

Russia has slight to medium advantages over both China and the usa. Moreover, in case it escalates to a conventional war Russia is clearly better positioned. Both can’t win a war against the other, both have some capability to attack the other (with usa having a strong advantage) but finally both will fail for basically the same reason: distance and logistics.
With a big fat “but”: the usa war machine is cruelly depending on modern c2 and Russia (as well as China) is in a good position to main that vital infrastructure.

Add to that russian systems like Krasukha (EM warfare over large distances) and the fact that the usa will (for classical mil. reasons) have no chance whatsoever to establish air superiority over Russia.

In summary: an escalation to conventional war isn’t reasonably feasible for both, and in a cyber war Russia is was better positioned. Finally and importantly: Russia has no interest whatsoever to start any kind of war. That fact is not changed by some mental asylum candidated in washingtons polit crime scene blabbering weird BS.

Uncle Joe Stalin October 16, 2016 11:17 AM

VP Biden threatens “covert” cyber operations in Russia, Snowden comment:

https://twitter.com/Snowden/status/787324496491479040/photo/1

Bruce has been fanning the flames of revenge against Chinese/Russian hackers while warning us of the terrible power of Chinese/Russian propaganda.
Maybe this Snowden comment foreshadows Killary droning Assange(in the UK!) and assassinating Snowden and giving Bruce juicy PR contracts.

ab praeceptis October 16, 2016 11:33 AM

Uncle Joe Stalin

I clearly disagree with Bruce Schneier in the matter. BUT: I do not think, it’s acceptable or justified to accuse our host of evil intention.

Bruce Schneiers blog has become a major institution in the security and crypto community and I’m grateful for that and feel it to be grossly inacceptable to personally attack our host.

His right to an opinion is certainly no less than ours. Let’s stay reasonably decent and polite!

CarpetCat October 16, 2016 12:48 PM

@ ab praeceptis,

You are correct, Bruce’s right to an opinion is no less then ours. However, the quality of said opinion is paramount. Myself, and others here have rightfully noted the casual and rapid company line toeing. Granted, a rather recent and indeed the only time I can recall it has happened, yet the fact remains that Bruce has posted horrible Russian attributions while having left out the clear and present chain of evidence which would convince us.

It is this war drum beat that dismays us. All too sudden after IBM and Tor, but what’s the use of critical thinking about this subject anymore? Our host has absconded, we should hasten to follow his lead…

ab praeceptis October 16, 2016 1:15 PM

CarpetCat

As I said: I strongly disagree with what Bruce Schneier says sometimes. The “the Russians attribution” is an example. That attribution is extremely questionable and untenable from a professional POV. Of course Bruce Schneier should know the attribution problem well and shouldn’t make utterly questionable and unprofessional statements.

We should, however, be sure that while we question or even attack his views and statements we do not attack him as a person.

“Bruce, frankly, that’s questionable BS” is one thing. To accuse Bruce Schneier of evil intentions, however, is a rather different thing – and one I consider inacceptable.

BTW: It’s also logically flawed. If, just assumed, Bruce Schneier really were an evil cia or whatever asset, he would quite probably not allow criticism, let alone blunt contradiction to his statements. All he needed to do was to press a delete button – which he doesn’t do.

So I stay where I was. His right to speak his mind is no less than ours, no matter whether what he says seems right or wrong in our eyes.

Figureitout October 16, 2016 1:53 PM

Thoth
–Well, having one or getting access would likely give you some more insight into what’s happening if you think the timing issues are worth looking at. I said it was fine performance b/c I expect encrypting something to take some time but we’re hearing otherwise from others. Like the link Clive posted on Go, there’s some things that may be unavoidable w/ Java and Javacards.

There may be solutions that make analyzing quicker/easier like this: http://www.kmeasure.co.za/more/technical-info/debugging-smartcards but more expensive.

Here’s a link if you want to buy one: http://www.usedoscilloscope.org/ But if you just want this for 1 time use, would be better to borrow one somehow or someone recreate what you’re doing and look themselves. How much does your setup cost? Think you’ve said your card and card reader before but can’t recall that.

Clive Robinson October 16, 2016 2:52 PM

With regards Russian Propaganda

It would appear that Putin feels the need to saber rattle the UK with a “fleet sail by” of their only aircraft carrier and missile boats, apparently on it’s way to kick the crap out of Alepo and other places in Syria,

http://www.independent.co.uk/news/uk/home-news/russian-warships-military-to-sail-fleet-through-english-channel-aircraft-carrier-a7362931.html

Apparently they might stop off for a while to the north or east of Scottland to run some battle drills with live fire practice.

You will note that although the UK’s Royal Navy gets mentioned, the talking shop that is NATO and it’s founding nation do not get mentioned.

In essence Russia is doing a little “Gun Ship Diplomacy” in a some what watered down version of what the US Fleet has been doing for years in the South China Seas.

All a bit silly realy but it alows the boys to blow a few tax dollars away as they play.

Gerard van Vooren October 16, 2016 2:59 PM

@ ab praeceptis,

Not meaning any bad, seriously not, but: the Go failed even before they started the Go project. Why? Because the right path would have been to re-vitalize what already existed since decades and actually was one of the few good evolutions of C. I’m talking about Limbo.

In all honesty, I’ve read a couple of things about Limbo and some source code but I don’t really know Limbo. I am curious about your arguments and what you have in mind. What makes Limbo exceptional and would it still be a good PL today?

Clive Robinson October 16, 2016 3:21 PM

@ CarpetCat,

Our host has absconded, we should hasten to follow his lead…

A look at the decreasing number of posts recently, suggest quite a few have “left the building” in recent times.

The reasons for this could be many including the more general decrease in blog activities on many security related blogs.

A more obvious reason might just be that CompSec is getting jaded and boring with the same old same old for quite a while now. Let’s be honest even the Yahoo revelations realy did not get that much interest and neither did the Krebs on Security DDoS attack.

As for the technical side we don’t see the number of first class papers we used to get either. Sadly many academic papers in CompSec leave you with the “Why did they bother” feeling. Thus much of what there is is trivia or worse, it’s already been raised on this blog years ago discussed and people have moved on.

Just dull dull dull.

I know Bruce does not like politics on the blog because of it’s side effects, but even some of the stuff he has posted in the recent past would have been yellow carded a few years ago…

The simple fact is it feels like we are “waiting in a phoney war” with people trying to talk up the equivalent of graffiti into first strike scenarios.

The western world especially the US is very clearly not ready in any way shape or form for a real “cyber-war” where “code cripples infrastructure thus people”. And whilst there have been a couple of minor examples in Eastern Europe, I suspect a whole lot more can happen with just a nod of a head.

Whilst the US realy is economically dependent on the Internet and becoming more so day by day, the other Super Powers are not yet even close to that position…

Which raises the question of when not if the US gets it’s first Cyber-9/11 and what will happen as a result…

Bong-Smoking Primitive Monkey-Brained Spook October 16, 2016 3:46 PM

@Clive Robinson, @CarpetCat,

suggest quite a few have “left the building” in recent times.

Not so fast! Some have medical issues and or busy projects at this time of the year. I’m coming back, and hell is coming with me. You hear me? 🙂

Technical issues are fine, too. The field is too fertile to be boring 😉 An occasional religious, political, or otherwise off topic discussion is ok, I guess. Perhaps @ianf should come back to stir up some emotions. @Rolf Weber can lighten things up too 😉

I still have a feeling @ianf is with us under a pantyhosepuppet disguise 🙂 What happened @ianf? The moderator’s warning bruised your ego? I thought you had much thicker skin than that!

What really puzzles me is the person that keeps responding to @Skeptical in the same style but under frequently changing handles. I wish he or she kept a static handle.

albert October 16, 2016 3:49 PM

@Ergo Sum,

Exactly how would cloudflare block fas.org? (I assume you misspelled when you wrote ‘cloudfare’)

I allow 3 of 4 google scripts, and fas.org, with no problems.

. .. . .. — ….

AlanS October 16, 2016 4:27 PM

@Ergo Sum

It’s not an issue of either do this or do that. You have to do both. Technical systems are social systems.

Who do you think the designers are? The designers are just a different type of user. And when you get down to it designers have all sorts of motivations and there are plenty of good design reasons for lousy security. Bruce’s argument is just backing up from we can’t fix the behavior of one type of user so let’s fix the behavior of another type of user so they design systems the way security professionals consider secure, in this case by taking as much discretion to do something risky away from the end-user as possible. So you are moving the social problem from one location to another: we are going to take discretion away from end-users but now we have to change the behavior of hardware and software designers so they do what security gurus consider ‘good design’. You may get some push back on that because designers are embedded in social networks that value lots of things, some of which are in competition with the value ‘secure’. There is no pure technical solution to this as there is no such thing as pure technology.

r October 16, 2016 5:13 PM

@BSPMBS

The person who you’re addressing as “responds” to skeptical shouldn’t puzzle you, there’s something funny about hen’s usage of henglish. I’ve been trying to put my finger on it for a while but I’m not redherring to their specific usage of keywords. It has a specific sound to it.

ab praeceptis October 16, 2016 5:20 PM

Bong-Smoking Primitive Monkey-Brained Spook

(Nice nick, btw. Compliments)

In case your remark included me (I happened to answer Skeptical) you’re wrong. I detest name changing games and write under exactly one nick at any point in time. Boring, maybe, but it keeps things simple.

Btw, I largely agree with Clive Robinson. My criticism was only directed against personal attacks like assuming Bruce Schneier having evil intentions.

Otherwise I’m not too interested; My main focus here is professional matters and I see next to no value in what I perceive as misguided intra-usa polit discussions or in dropping bit and links one found somewhere.

But yes, I also think that Bruce Schneier is somewhat “guilty” by kind of inviting those non-crypto, no-security, non-professional posts with some of his latest blog posts. It’s just that I still see him as our friendly host deserving some not too negative attitude and politeness. I’m mildly annoyed by some of his posts, but hey, it’s his blog (and his reputation, if I may mention that) and hence his right to post whatever he pleases. Rather than personally attacking him I personally prefer to just yawn and wait for more interesting posts and discussions coming up.

r October 16, 2016 5:21 PM

@BSPMBS,

My take, continuing what I said a moment ago – basically is that I believe you, we, I are witnessing specific competing interests in those two.

That's messed up! October 16, 2016 5:29 PM

@albert

My IP was apparently banned from accessing fas.org a couple days ago. Scripts were disabled. Ban was lifted sometime yesterday though.

Clive Robinson October 16, 2016 5:31 PM

@ Bong “cough cough” I spy,

Nice to hear you are living the –arboreal– life, just hanging around like an old swinger 😉

Yup them medical issues soon get you down to earth, and these days the nurses are not as much fun as they used to be 🙁

As for @ianf the departure was a little abrupt and he never did put that opus magnus up he told me he was preparing to show how wrong I was… as for Rolf well, my mother used to say “if you’ve nothing good to say it’s best not to say anything”.

As for you bringing hell with you make sure that the hellfire is cheary and the damnation jovial, and just remember the old saying “the wages of sin…” with the old rider of “But the hours are good”.

But I’m afraid to say I disagree on your technical take, it is getting boring, I used to get out of bed with a spring in my step eager to get to grips with new stuff, now I find myself comparing the latest thing to stuff a quater of a century or more ago and just like @ Nick P finding it wanting in comparison. It seems it’s only fresh to youngsters.

I actually read more of Nick P over on hacker news than I do here these days, and whilst Dirk is still reading he does not pop up much either.

As for Skeptical and his antithesis, the style remains fairly consistant even though the handle changes. But usually the handle is subject related.

Interestingly is the relative ratio of US to no US posters, maybe the US malaise is down to “Crim -v- Crim” for the “World Warlord” title (you can thank DJB for that analogy). I guess those of us not waving the star spangled tea bag fail to see the advantage in either pooch, because we know they are both going to try humping your leg and crapping on the carpet prior to chewing the furniture…

As for Cyber-Armageddon bursting out into the infrastructure of the West, it’s getting on for winter in the Northern hemisphere, so the traditional time for Putin to “turn off the gas tap” etc is approaching.

I was actually chatting to my son about how you survive a “white out” with power loss, and relating a story about suffering it in Canada when I was a lot younger. Put simply, we pitched a couple of two man hiking tents in the middle of the room and put duvets over the top and inside and carefully used a petrol cooking stove to heat a large “kettle” pot of water wrapped in towels to use as a radiator / hot water bottle in the tents. The bit that amused my son most was explaining what you do when the toilet freezes up… Lets just say for the sake of others delicate sensibilities it’s the same technique that a covert four man brick uses when behind enemy lines… The real problem however which most don’t know is drinking /cooking water, you drink a lot more when it’s cold, and tined food can be problematic without it and dry goods like noodles come into there own. Large catering thermoses of the type used at conferences and the like to make tea/coffee come in handy. Oh and when you are cold coffee with unsalted butter instead of cream tastes rather better than you would expect, and hot choclate practicaly begs for it, even black tea with a couple of large spoons of lemon curd tastes nice when you are below minus ten inside for a few days… It was the first time in my life I saw the strange effects of supercooled water –freezing rain– outside of a laboratory and it’s hard to get your head around when you see it’s effects.

r October 16, 2016 5:51 PM

@BSPMBS,

Also, if @ianf is still around – consider that relatively close to his disappearance he was potentially doxxed. It may be within his own self-interests to keep the guise going, I wouldn’t worry so much if that really is the case. AFAIK he wasn’t doing any real harm to anyone other than maybe the communitae and as I’m sure quite a few of us are thankful there is something else to be thankful for if he is still here – that unlike me he is capable of growing up. 😛

It’s impolite to speak of others in the third person though, so I’ll end it on the note that I hope he is safe and doing well.

albert October 16, 2016 5:52 PM

@Ergo Sum,

I’ve read of fas.org being ‘unavailable’ during certain time periods. Am I correct in assuming that other folks could access it when you couldn’t?

. .. . .. — ….

r October 16, 2016 5:54 PM

@albert,

I had no problem, so did somebody else who actually responded to the query.

I only issued my request through a single path though, so it’s an incomplete picture reguardless. (@Cringe)

Thoth October 16, 2016 6:07 PM

@ab praeceptis, Figureitout
Smart card reader is Feitian SCR301 and card is FT-A22CR. Card reader is a USB-CCID card reader over USB interface.

Probably woulf be more economical if I could borrow a oscilloscope than buy one since I am mostly curious on what’s going on in the card reader when sending card commands.

Card reader should cost about $50 and the card should be somewhere around $5 to 7. I want expecting an order of a famous brand of smart card reader I recently ordered which is the Identiv SCR3500 soon which is approved for US Govt HSPD/PIV/FIPS201 usage to arrive at my doorsteps and maybe I can do a speed test on that reader once it arrives.

That's messed up! October 16, 2016 6:10 PM

@albert

A cloudflare proxy splash screen literally said my IP address was banned from accessing the site.

Seems like no one else here that tried it was.

Bong-Smoking Primitive Monkey-Brained Spook October 16, 2016 6:11 PM

@ ab praeceptis,

(Nice nick, btw. Compliments)

Complements need to be attributed to @Clive Robinson and @Figureitout. ‘nough said.

In case your remark included me …

No! Not in this case 😉

This is a person that waits for Skeptical to post something. He has a distinctive style in writing. I don’t feel like sharing links because for some reason I am not able to recollect key words to search for.

Bong-Smoking Primitive Monkey-Brained Spook October 16, 2016 6:17 PM

ab praeceptis,

But yes, I also think that Bruce Schneier is somewhat “guilty” by kind of inviting those non-crypto, no-security

It’s the man’s blog. He’s free to do whatever he wants with it — including banning my a$$, we aren’t paying a fee to cover his expenses – therefore we can’t complain. I don’t have any complaints. I like it the way it is. It caters to my needs 🙂

Cheers!
BSPMBS (to make it easy for you to type. It’s a long sock-puppet name..)

Sancho_P October 16, 2016 6:20 PM

@Skeptical

Pointing at the alleged messenger only underscores the message,
here:
The D rigged the democratic election process.
Sanders lost and his supporters won’t forget it.
So Trump voters don’t necessarily support Trump but try to hinder known corruption.
Kinda protest, like the Brexit referendum.
Great success for the US, democracy and the world.

Didn’t work, next is an official leak, but:
No one will listen to upcoming scandals now that it’s known who staged them.
Unbelievable stupidity to blow the horn before “a possible hidden strike in the open”.
Great success for US foreign policy. Embarrassing, as always.

China?
China would side with China and take the South China Sea, ‘cause they are intelligent.

Bong-Smoking Primitive Monkey-Brained Spook October 16, 2016 6:20 PM

@r,

It’s impolite to speak of others in the third person though,…

No! By all means, please do! If you have hate in your heart, let it out! — Dave Chappelle (as Clayton Bigsby)

Bong-Smoking Primitive Monkey-Brained Spook October 16, 2016 6:22 PM

@Clive Robinson,

But I’m afraid to say I disagree on your technical take, it is getting boring, I used to get out of bed with a spring in my step eager to get to grips with new stuff, now I find myself comparing the latest thing to stuff a quater of a century or more ago and just like @ Nick P finding it wanting in comparison. It seems it’s only fresh to youngsters.

Oh, that part is boring! I hear ya’ 🙂

Wae October 16, 2016 6:25 PM

@Clive Robinson,

even black tea with a couple of large spoons of lemon curd tastes nice when you are below minus ten inside for a few days… It was the first time in my life I saw the strange effects of supercooled water –freezing rain-

Oh, yea! Tea again.. Brings back memories.

r October 16, 2016 6:33 PM

@BS (Short enough? (joke) :P)

I have very little room in my heart for hate, not saying that I’m practically heartless or anything I’m just stating that I’m kind’ve short on attention. My words may sound harsh at times, but that’s just my tongue and my mind mincing what little logic I grasp, the few spaces in my heart that do feel more than frustration are reserved for a very special few.

Nobody would be caught off guard if they had it coming, I usually blacklist people – hate is more extreme than disgust/distrust/etc.

My Infamous had me a little on edge like in any good game of battleship, but it may have been some sort of retalitory strike.

I had the hopportunity earlier to speak with a couple Eastern Orthadoxxer’s earlier, it was fun – I kept the estimation of Russian by asking them if they were Swedish, sometimes it’s good to be corrected.

r October 16, 2016 6:55 PM

The other day, I failed to fully comprehend another’s position (I guess it’s a norm for me).

When the news hit that that ny bomber was awake a lady asked rather candidly (facetiously I suppose) “Why is he still alive?”

I interjected and said “because you can’t have justice otherwise.”

It seems there is a level of resentment and a quality of revenge in the air of who is and who is not shot by police.

My utmost sympathies for any and all misunderstandings.

ab praeceptis October 16, 2016 6:57 PM

Thoth

My hw work is rather limited these days as I’m deep in software. My advice would be limited anyway because I wass lucky enough to get an action priced Rhode & Schwarz 300MHz under the Hameg brand which, frankly, is ridulously overkill anyway for my purposes. But it answers many questions …

I mean to remember though that while USB analyzers aren’t a dime a dozen there are meanwhile even toy board based versions around (rasberry and Co). If I get you right, speed won’t be faster than USB 1.1 anyway and it’s the USB bus you are interested in, no?

I also remember (and find it noteworthy) that a friend of mine recently remarked that he got himself some (midrange) bus analyzer (his focus was CAN) because those are way cheaper than the sw options for the better logic analysers. Strange world.

Finally I just opened one of the small Via C7 Boxen I liked a lot for small firewalls and the like because they don’t eat much power, have a PCI slot, sometimes an additional pc-card slot, plus an ide port – and sometimes a quite nice card reader that is known to work quite well and to work under linux, too. I just opened one of the up for you:

It has a usb (internal header) connected with an atmel omnikey chip (i.e. an atmel 51 chip w/omnikey firmware). The chip is a “83C230K…”.

Them boxen are available (2nd hand but usually in good condition) for around 30 – 50$ and that kind of smartcardreader is quite wide spread in europe. Would give you the reader plus a nice small system for lots of testing, analyzing, playing.

In case you’re interested let me know. Because those “Igel” boxen are easily mixed up and only a few types are useful for your purposes.

Nick P October 16, 2016 7:24 PM

@ Clive Robinson

I was hoping you were enjoying them, too. 🙂 I also comment on Lobste.rs that was made by OpenBSD developer Joshua Stein (“jcs”) as a more transparent alternative to Hacker News with different features. It has lots of programmers, including OpenBSD devs and Suckless people, that add their own thing to even the HN reposts. My profile is here. Finally, a Lobster (pushcx) started Barnacl.es as a site to help bootstrappers instead of just VC sellouts. Used the Lobsters engine since it’s an open-source, Rails app. They have lots of good articles, good commentary (esp pushcx’s), and I mainly just read it as I’m the apprentice not master there. 😉

It’s been too rough a month to do many detailed write-ups. Plus, our last car got smashed yesterday by a driver running a four-way with insurance not paying due to ambiguity. Fun times ahead. Anyway, I cranked out a few decent ones plus found a nice article I can’t recall if I posted here.

@ Clive, All

re Xenix

First good one is a History of Microsoft’s UNIX: Xenix. Main link on Hacker News was crap but I found this in the comments. A great read showing just how popular Microsoft’s UNIX was and how it may have helped define UNIXen and Linux today with how it was marketed & batteried included. It’s an angle worth exploring. I did find some gold in there:

“When I arrived in early 1990 people were using OS/2 for development. For example the early development work for NT was done on OS/2 and then cross-compiled for NT. Keep in mind that up until September 1990, NT was the next version of OS/2 so this made perfect sense…even after the “divorce” with IBM, OS/2 1.2 was still the best development environment.

There was a push to self-host on NT which I recall became feasible in early 1992. Eventually more and more of the group switched over to it. I think the rest of the company probably didn’t switch until after the first version of NT shipped in July 1993.

But it is indeed true that the standard email terminal in 1990 was connected to a XENIX machine, and there was a card handed out “how to use vi to edit email” or some such. ”

So, combining all I’ve learned, Microsoft was a clone of OpenVMS architecture backward compatible with existing market OS’s via emulation that was developed on OS/2 for its then-greatness with a Microsoft UNIX handling mail and whole business running on an AS/400. The OS they were building with all this stuff was intended to replace them all. It largely did with it achieving a good deal of parity over time due to money from Worse is Better growth strategy. I have to say that they don’t seem as technologically stupid as I thought they were when I was younger. I knew Bill Gates was a business genius & technically smart but he might deserve more credit on technical side.

re counterpoint to Leslie Lamport about discrete vs continuous

A nice video was posted by Lamport where he traces his reasoning about various things. I think his concurrency scheme being inspired by tickets at a bakery was neat. The traffic stop thing actually happened to me due to bald tires that couldn’t take my slow reaction time on a yellow light that changed too fast. All good until, asked about continuous vs discrete computing, he said that all computing was fundamentally about discrete steps with continuous something just brought in. I disagreed after studying analog computers (esp general-purpose one’s) where it seems to me there are two models with two separate computational schemes even though Turing equivalence is proven for GPAC. My counterpoint mentioned this, summary of analog vs digital computers strengths/weaknesses, evidence from mixed-signal, and some links.

Note: On Lobste.rs, the main article is in upper-right of my comment if you choose to look at it.

re what is a backdoor

This came up here originally when Skeptical claimed NSA wasn’t weakening security due to absence of deliberate backdoors. I argued any artifact in a system that disables security is a backdoor in practice. They’ll use them that look like mistakes to hide it. This was already in Meyer’s definitive work. Well, mainstream finally caught up with this with a good article that demanded a history lesson and reality check in the comments section. Meyer’s paper is there those interested.

re unions for developers

Wrote this piece in response to a guy who was blacklisted for being suspected of trying to create a union. As usual, I use a low-margin company with a reasonable union approach to show it’s not hard or even too onerous requirements. Most companies refuse to provide basic consideration for workers or allow collective bargaining purely out of greed given precedents like above union. It’s why IT workers should try to unionize. At least the good ones that college grads can’t replace easily. 😉

re system that keeps getting worse with less change or reform

I have long been observing what components and trends maintain the status quo. It got me really depressed when I fully understood it. I tried a brief write-up describing the components, their interactions, and how the system as a whole maintains resilience to protect elites’ interests. That’s here.

re 256-core Brainfuck CPU

We got a nice thread going about that where a few others and I were brainstorming business models for getting this thing into production. Might net you all some laughs.

re software bloat

Related to above, I joked about it being used to further obfuscate SystemD execution and updater. “witty_username” replied it’s only 336KB. qwertyuiop and I list a bunch of software that’s more useful with sizes to put things into perspective. The ones I list were also highly reliable with fewer vulnerabilities in core. 🙂 Link here.

re conspiring with NSA is always bad for business if you get caught

I looked up the numbers on some of worst offenders in the Snowden leaks. They’re doing well. The claim was sadly wrong. Fascism pays if we’re talking about the host country.

My Info October 16, 2016 8:05 PM

@Nick P
s/NSA/Mafia/g; #the car…

College grads lol. They’re so deep in debt on the state and federal dime that we’re all on the hook to line the pockets of the tenured crooks and college administators teaching them all that political nonsense. We’re all paying to deliver warm edible cookies to their dorm rooms till 3:00am.

Wael October 16, 2016 8:55 PM

@Nick P,

Xenix! Man, I had that OS on like 21 floppies and installed it on a 386 back in the early nineties! I ended up trading the disks for a couple of coffee tables 🙂 That’s when Santa Cruize Operations was a big thing. Twenty some years later, I ended up working within 20 miles from SCO 🙂 Strange world!

Limptical October 16, 2016 9:07 PM

@i It’s a mistake to call circumscribed technical problems ‘professional’ and to devalue everything outside that arbitrary scope. Ethical and humane concerns are what distinguish professionals from technicians. The times when you cannot stick to your last are the most important junctures of your life.

@i+1 If it doesn’t seem like idiomatic fluency, perhaps that’s because the ideas are so very alien to most people trapped in the US. When the nickel drops a whole new world will open up.

Nick P October 16, 2016 9:09 PM

@ My Info

Are you adding that angle to my education component or suggesting I should’ve mentioned it specifically?

Nick P October 16, 2016 10:24 PM

@ Wael

“I had that OS on like 21 floppies and installed it on a 386 back in the early nineties! ”

So, you have any comment on the article’s claim that it inspired Linux in a way? They didn’t quite support that. What they said was Xenix put UNIX on personal computers, got it deployed to many universities, developed ecosystems, significant contributions to POSIX, and made it useful in a bunch of ways. Linux did do many of the same things but I still lack any clear evidence tying them other than the POSIX-like functions.

“That’s when Santa Cruize Operations was a big thing. Twenty some years later, I ended up working within 20 miles from SCO 🙂 Strange world!”

Interesting. Most of the time they have to work lawsuits through third parties due to distance and such. They could hand-deliver a $1 billion claim to you personally if you were using Linux or something. 😛

Kraken October 16, 2016 10:48 PM

I received an invitation to this site which is still in Alpha. Any opinions?: https://keybase.io/

More info, FAQS, etc: https://keybase.io/docs

Great idea to prevent identity theft, or, a TLA honeypot? Installation of the FOSS app required for best features to operate… is this a great idea which eliminates the centralized server/sync concept, or, is it a potential Trojan horse?

Wael October 16, 2016 11:00 PM

@Nick P,

So, you have any comment on the article’s claim that it inspired Linux in a way?

I didn’t read the full article. Can’t at the moment. Read about 20%. It sounds right. SCO had precedence in things such as Alt F1, Alt F2… to switch between virtual terminals. It was there before Linux. Inspired? I’m not sure. If I remember correctly, Linus said he developed Linux because he wanted a cheap PC to run an operating system like a SUN (I rember SUN stood for Stanford University Network – as networking was a big thing with SUN. Can’t verify it now, but I could be wrong.) So SUN was the inspiration of Linux according to historical claims. I remember installing Linux back in 91 on an X86 and ran X. I think the distribution was called “Color”.

furloin October 16, 2016 11:32 PM

@Nick P && @My Info

Would that only apply to Americans and Europeans? Last I checked Russia and China were subverted through mandatory societal means. Not a ‘optional’ education means. College last I checked was still optional in Europe and America if you wanted to work with your hands as a apprentice at a low skill and low pay job.

Since I posted it’s worth mentioning that however useless self taught knowledge is for job purposes, it is extremely useful for your ‘private’ life.

also I need to go buy black paint while visiting Europe.

tyr October 17, 2016 1:07 AM

@Nick P., Wael

I have my Xenix comp right in front of me,
haven’t fired it up in years though. I also
loaded Linux from floppies and looked at it
while we were using SCO Xenix at work. Other
than a good try at doing a smaller unii clone
it didn’t seem too much like an offspring of
any commercial version. Xenix was Sys V not
quite the same as SUNOS 4.0. Sun was pretty
good stuff at that time.

My favourite part of XENIX was the DOS 3.3 in
it done by the same company M$ you’d expect it
to work right once in awhile. It used to blow
up with alarming regularity on hobbyist jobs.
The idea of trying to do serious work in it was
cringeworthy.

Linux at that time used to run out of brains if
you tried to load too many jobs at once. Most of
the Unix stuff had to get above 50 at once to
bog down.

If I stop being lazy and load the Debian into a
box sitting here I will be able to bloviate on
a modern Linux version.

A shameful sexism apparent in your error correction.
^ )

@Clive

Threatening the Rus with cyberwar while their
carrier is in the channel next to GCHQ doesn’t
strike me as very bright… : ^ )

[R]odney Dangerfield October 17, 2016 1:14 AM

If that carrier group is on their way to the med then you guys are slow, I said that back when the turkish disinfo presses started rollin.

[R]odney Dangerfield October 17, 2016 1:23 AM

Purloined,

My suggestion is not to use something identified as subversive or maligned, I would suggest using contacts and various colors of https://en.wikipedia.org/wiki/Surgical_mask

I see alot of people wearing them in my neck of the woods and the only thought that ever crosses my mind is that they either a) have SARS/TB or are b) germophobes.

Figureitout October 17, 2016 1:24 AM

Thoth
–Ok, probably going to order a card and a reader. On break now so I can chat a bit, but I’m gonna get swamped again and won’t have time to even look at it until late december. I wanna know what’s going on w/ it too now :p, if nothing else but to verify your timing benchmarks. But it could be a deep rabbit hole tracking it down…

[R]odney Dangerfield October 17, 2016 1:27 AM

Purloined, etc,

Of course though, considering the recent neural network paper claiming the ability to see through blurred images simple cover ups like I suggest may not be effective. Your black paint may aid still through a lack of contrast but I’m sure lighting in that case would be a factor.

I still like my idea, it’s somewhat innocuous.

i[e]; // ? October 17, 2016 2:28 AM

You often lead with proper nouns and you make a lot of strong assertions. You tend to come off sounding fairly aggressive in a non-combative way. The little back-and-forth between Skep and yourself to anyone actually watching looks like nothing more than competitive narration, you actually sound pretty hallow at times.

Likely SPAM October 17, 2016 3:32 AM

For all the miners minors niners fivers and tenors.

https://www.schneier.com/blog/archives/2014/10/us_intelligence.html#c6681666
https://www.schneier.com/blog/archives/2015/08/meerkats_that_l.html#c6702720

You really don’t need a word key to find the key words.

Not that this is a definitive list but this has been an ongoing campaign, and yet I’m labeled a troll. ;Rx

For those who may or may not be @Curious1 or @Curious2, there is quite a bit more to be found laying around here to feed the elefants if need be.

Wesley Parish October 17, 2016 4:07 AM

@the usual suspects

Quite likely OT: in relation to a topic formerly of interest, namely the reliability of torture for extracting information, I scribbled Yet Another Piece of Flash Fiction for your delight:

The Truth Test
http://antisf.com/the-stories/the-truth-test

“But it occurs to us that the statements made confirming the reliability and validity of statements obtained under torture were not themselves made under torture and thus may be untrue, unreliable and invalid. So, at no extra cost, we will torture you to remedy this defect in your election platform.”

Some might term this line of reasoning ad hominem, or even ad lapidem but some of (former) Vice-President Dick (Typhoid) Cheney’s public statements on the validity of statements obtained under torture invite this response. Thankfully he’s been conspicuous by his absence for the past few years …

Clive Robinson October 17, 2016 4:23 AM

@ Nick P,

Nice to see you back in the squid, sorry to hear about the car. Thankfully in some respects it’s not something I have to worry about any longer (I had to hand the licence back due to medical issues). In Scotland a couple of years ago, a bloke with medical probs hid it and passed out while driving a rubbish truck and dod quite a lot of damage. Anyway PubTran in London is sufficiently functional though mind boggling expensive (per mile Concord was cheaper by a large margin).

With respect to,

re conspiring with NSA is always bad for business if you get caught

Sadly no it’s not if you are big enough to get the perks of “guard labour” feasting on the top table spill over.

That is the big companies usually hav Gov work that the Gov has reliance on, giving more work to give the proto-corpse life support till it recovers is often cheaper than moving the other work. Further many movers and shakers who bend the ears of the politico’s they have bought have interests in those large infrastructure embedded companies and don’t want to take a bath on the investment. It’s called leverage, and it will be interesting to see how much the less ingrained likes of Apple realy have.

The reason it works is that in general the US Joe Sixpack has less memory than a goldfish when it comes to this sort of thing. Partly because the “Great American Dream” is an artfull form of brainwashing just like many religions. The majority (even democratic types) are turned into “authoritarian followers” before they can spell it. Thus you get the initial news break then the MSM doing it’s platitudes about “protect and serve in dangerous times” and the moment is gone, investors see the large ingraind corparates chuging on and they may even see a rise in dividened thus often increased share price as they all jump back on. The American dream is all about the money train and conning people that inflationary paper is an asset not a liability (the movers and shakers however make sure they aquire and exploit real assets).

It’s the less ingrained companies that don’t have leverage that get thrown under the bus with only the prolls geting hurt as their pensions disappear in a puff of FBI/DoJ PR, it’s the old “Justice has to be seen to be done, rather than actually done” flim flam.

As for Linux and Microsoft Andrew S. Tanenbaum might have a thing or to to say about that. It’s fairly well known that it was his Minix that inspired Linus and Linus used to produce the first couple of Linux kernels. Basicaly Linus wanted a “busines Minux” not an “Academic Minux” and set out to make it, part of that was doing the compatability dance which ended up unifing the many disparat comercial *nix’s.

What few remember was the how and why of SCO and the pact with the devil that they and AT&T made. AT&T made the same mistake that Intel made with Gary Kildall, and in turn Gary made with IBM. Billy boy exploited the oportunity that presented it’s self in what for a more established organisation would have been high risk, but for a jumped up startup with more front than stability the risk was the other way around. Microsoft went from a bit part player to what it is today off of the back of an IBM “Skunk works” project that senior managment did not even know was happening and would almost certainly have killed stone dead if they had realy known. The IBM PC was an Apple ][ clone with a new phoney 16bit chip in it (8088). IBM was running scared of the Apple ][ and a strange little program called VisiCalc, that was an electronic version of a Harvard Business tool.
The combination was bubling up into their corporate market space, one IBM manager realised that IBM had to go down the “if you can not beat them, then join them” road untill they got into the “then you can shank them” position, hence the skunk works project. Few remember just how many IBM PC’s failed on delivery and just how flaky it’s casset tape system was. What Billy boy had that IBM did not was BASIC which was why they visited him, they also did not have a disk OS so Bill sent them in Gary Kildalls direction. Contray to what was later put about Gary was not joy riding in his aeroplane, he was making an important delivery. As was normal for his company his wife did the usual “first contact” accompanied by their lawyer. Unfortunately IBM came the heavy with you’ve got to sign a blanket open ended NDA before we will even tell you why we are here routien. Unsprisingly the lawyer advised Gary’s wife it was not possible to do so untill Gary was present. IBM went back to Billy boy for further discussions on BASIC and the prob with the lack of OS came up again. Bill took a leap off the high board without looking and said he could sort it out. He then found a rip off of Kildall’s CP/M written for the 8086 and bought it for a song. They deal Bill did with IBM was a real poison pill as it alowed IBM to sell it for only 40USD whilst the official CP/M for 86 was 240USD.

From this Microsoft became a player, and when the 286 came along various people started experimentaly porting striped doen / early versions of Unix to it. AT&T misjudged where the IAx86 was going their money was on the Motorola 68K, so decided to concentrate on that and outsourc getting Unix onto the 286. They went to Billy boy as he was now a player, just as he did with IBM he lept before looking. He extracted quite a deal from AT&T over copyright over “Unix on AIx86” and found three guys in a garage already porting a striped down Unix to Intel Architecture, who grandly called themselves the “Santa Cruze Operation” and did a similar deal as he did over CP/M and this became Xenix and why every *nix on IAx86 with tracability back to AT&T / Unix Labs carried a Microsoft copyright notice and in many cases still does.

It’s interesting to see what effect Linux free of Microsoft encumbrance did, and how it effected it’s proto-parent Minix. Andrew S. Tanenbaum got a lot of renewed interest and a large chunk of money, the result is Minix 3 that has a number of advantages (see http://www.minix3.org ). Unlike Linux with it’s monolithic kernel Minix has gone down the microkernel route and has a reputation for both stability and security.

Hairy Carey October 17, 2016 5:24 AM

In a timely fashion, @und keiner eier.

On this day in his story, an omelette was made:

http://www.bbc.com/news/world-us-canada-37627086

I suppose this was a succesful expose to the DARPA infosec feeding trough, blatently disconnecting geofedie from the pulse of the public social api doesn’t stop it from being retrofitted to an NDA or (gag) order.

Comrade Major October 17, 2016 5:45 AM

@Hairy Carey
Facebook, Twitter and Instagram have revoked access to their data to an analytics firm accused of selling information that allowed US police to track activists and protesters.
Why this “activists and protesters” is so stupid? Everyone know these days that this services fully cooperating with governments.
The only explanation I have is that if “activists” will start using good end-to-end encryption then government agencies will start massive crackdown on them.

JG4 October 17, 2016 6:35 AM

apparently, if her political views and reporting would have been more in-line with the prosecutor’s thinking, she would be a journalist. it seems that elements of crime of riot are not in evidence. I’d like to see a little more discussion of geopolitical security from the point of view of countries that aren’t run by war criminals for war criminals and policed by privatized war criminals. approaching peak irony – mind the event horizon

https://www.thenation.com/article/amy-goodman-is-facing-prison-for-reporting-on-the-dakota-access-pipeline-that-should-scare-us-all/

Yet, on September 8, Goodman received the news that Morton County, North Dakota, had issued a warrant for her arrest. The charge: riot, a misdemeanor punishable by jail time and a fine.

When asked to explain the grounds for arresting a working journalist, Erickson told the Grand Forks Herald that he did not, in fact, consider Goodman a journalist. “She’s a protester, basically,” Erickson told the newspaper. “Everything she reported on was from the position of justifying the protest actions.” And in The Bismarck Tribune he later added, “I think she put together a piece to influence the world on her agenda, basically. That’s fine, but it doesn’t immunize her from the laws of her state.”

Wael October 17, 2016 6:37 AM

@tyr, @Nick P,

A shameful sexism apparent in your error correction.

I’m not sure I understand!

Ergo Sum October 17, 2016 6:53 AM

@Albert…

The options for Cloudflare customer, regarding to Tor users are:
1. Whitelist (trust)
2. CAPTCHA (visible challenge which the visitor must interact with to pass)
3. JavaScript Challenge (visible challenge with less friction, testing the browser)
4. Block (blacklist — available only to CloudFlare Enterprise customers)

Source: https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-

So, you could say that it’s not Cloudflare, by their customers electing to block ToR exit nodes…

Clive Robinson October 17, 2016 7:20 AM

@ tyr,

Threatening the Rus with cyberwar while their carrier is in the channel next to GCHQ doesn’t strike me as very bright… : ^ )

GCHQ is in Cheltenham which is a ways from the North Sea and channel. MI6’s outpost at Hanslope Park would be nearer. Likewise the Golfballs up on the Yorkshire moors where the NSA have a listining post. But I guess the one of most concern is neat Scarborough where the VLF OTP station is that sends messages to the nuclear deterant subs.

JG4 October 17, 2016 7:30 AM

@Ergo Sum

I don’t mind one challenge per TOR session, but every time I want to open a different article to read is b******t. I don’t understand why they want to stick their head that far in the back end. Once should be enough to prove that I’m not a robot scraping their content for the dark web.

Ergo Sum October 17, 2016 8:07 AM

@AlenS,

It’s not an issue of either do this or do that. You have to do both. Technical systems are social systems.

Who do you think the designers are? The designers are just a different type of user. And when you get down to it designers have all sorts of motivations and there are plenty of good design reasons for lousy security.

I tend to disagree…

There are different platforms with different levels of perceived and/or real security differences. Admittedly, the “mind share” of these platforms may have more to do with its perceived security than the platform in itself.

The security solution mentioned earlier, that had been developed designers, can overcome platform vulnerabilities. I simply asked to have these solution integrated in to the platform. Much like EMET had been integrated in to Windows 10 for self-protection. And yes, OSX does a better job to protect the system against malware and the end user than MS can ever do…

ab praeceptis October 17, 2016 9:29 AM

Gerard van Vooren

What I said about Limbo was based on remembering playing with it. Would it be a good und useful language today? Yes and no, the “no” part mainly due to being quite old by now and being pretty much linked to the Inferno OS or, more precisely, to its VM (which is somewhat strange, too).

And I said it in the context of a whole new language (go) being designed. Means that with by far less effort put into modernizing Limbo and Dis (its VM) and breaking them free from the “this is for the Inferno OS only” jail, yes Limbo would be a useful, powerful modern language that would as an aside deliver pretty much everything that make go attractive for many (channels, etc.).

Limbo has a good static typesystem, has learned quite something from the Algol family, incl. modularity that is comparable to Modula, is based on H3 principles (read, it could easily get DbC), etc.

Seen from today, I’d say it’s an excellent approach that however, must be brought up to date and get some early rough edges worked on (some syntax like := and = being used in a somewhat confusing way, head and tail syntax looks like “just thrown in” rather than being syntacticly in line, plus some (minor) semantics, basically increasing consistency and implement some wisdom learned since then).

The basis is excellent and being designed – and quite properly so – for concurrent systems (I’m ignoring the “distributed” is also offers as being outside of our context).

All in all my take is: Limbo plus 1/4 of the efforts invested in go would have resulted in a Limbo+ that would be better than go.

Careful though with my judgements, as my judgement is very much guided by conservative criteria like strong, checkable, reasonably complete type systems, safety driven design, how well a language lends itself to static verif., etc. while “coolness” or “being 99 as fast as C rather than just 98% as fast” mean next to nothing to me.

For those interested, Kernighans (yes, that Kernighan) http://www.vitanuova.com/inferno/papers/descent.pdf entertaining intro would be worth a read.

CallMeLateForSupper October 17, 2016 9:49 AM

Better pay cash for that make-america-hate-again bling.

“A report this past week out of The Netherlands suggests Russian hackers have for the past six months been siphoning credit card data from visitors to the Web storefront of the National Republican Senatorial Committee (NRSC).

“If you purchased a “Never Hillary” poster or donated funds to the NRSC through its Web site between March 2016 and the first week of this month, there’s an excellent chance that your payment card data was siphoned by malware and is now for sale in the cybercrime underground.”

https://krebsonsecurity.com/2016/10/hackers-hit-u-s-senate-gop-committee/

[i,j,k] October 17, 2016 9:49 AM

@i[e]; // ? The subtle difference between the two competing narratives is, one’s illegal. War propaganda is prohibited as a special category of hate speech. It says a lot about US secular religion that people are trained to perform outrage over coon/hebe/wog impieties even as they justify and advocate the gravest crimes against whole nations in monkey-see-monkey-do imitation of their betters on TV. Intelligent people can’t easily maintain that kind of social psychosis. Wisner and Forrestal went nuts. Skeptical’s third-rate intellect protects him but it doesn’t make him harmless. You need compliant mediocrities like that to permit crimes against humanity and peace.

lmhosts October 17, 2016 9:58 AM

Well, seeing as one almost needs to be a lawyer to successfully navigate both OSL and International Law I find it to be much safer to navigate life by a moral compass as opposed to a 1000 pages of 7pt slant.

Just like men with hill, “I’m all ears.”

AlanS October 17, 2016 10:17 AM

@Ergo Sum

Yes, there may be real or perceived differences in security between different platforms and these may change over time but that’s irrelevant to my point.

Bruce writes:

Usable security does not mean “getting people to do what we want.” It means creating security that works, given (or despite) what people do.

But “creating security that works” is still “getting people to do what we want”; it’s just that it’s a different group of people. Bruce is moving the social problem of security from end-users to software and hardware designers and to CEOs and others. Behavioral change is hard so yes, there’s logic to bake security into your products so for the most part the users don’t have to jump through hoops to stay secure, it just happens by default. However, shifting the focus doesn’t change security from a social problem (changing behavior) into a technical one because the technical solution that adds up to “security by design”, is still dependent on culture and social relationships. How do you change the behavior of CEOs and senior management, developers and designers to prioritize security?

At a security conference I was at maybe 5 years ago one of the speakers was the CSO at a large Internet company. And one of the things he was interested in was baking security into the software platform from the start but he said it’s hard to achieve this because companies are competing with each other and the development had to happen really fast. So security wasn’t perceived as a priority because if you spent time getting that right you’d already lost in the market. The calculation being made was that you were going to build the product and get users and then you’d fix all the security stuff later, and only if the market (or government regulations and enforcement) forced you to fix it. Of course if security was a real concern of end-users that would impact whether they used or purchased a product or not then things might be different but we’re back to the end-users again and what they value and prioritize. So you still end up back in a situation where security is a secondary consideration, after-the-fact, reactive rather than pre-emptive.

When Bruce writes:

People — ­and developers — ­are finally starting to listen.

One has to ask really (where’s the evidence) and, if so, why? What happened? How have the culture and social relationships within which development is embedded changed to prioritize security or how do they need to change and how does one accomplish that change?

It seems unlikely that we’ll see security by design when there’s an endless stream of reports of this sort:
CISOs Challenged in C-Suite: Report

Even after a year of debilitating data breaches and an increased focus on information security, chief information security officers are still trying to be taken seriously and to get a seat at the executive table, a new report has found. And in some cases, CISOs have lost ground.

Gerard van Vooren October 17, 2016 2:03 PM

@ ab praeceptis,

And I said it in the context of a whole new language (go) being designed. Means that with by far less effort put into modernizing Limbo and Dis (its VM) and breaking them free from the “this is for the Inferno OS only” jail, yes Limbo would be a useful, powerful modern language that would as an aside deliver pretty much everything that make go attractive for many (channels, etc.).

All in all my take is: Limbo plus 1/4 of the efforts invested in go would have resulted in a Limbo+ that would be better than go.

Yes you are absolutely right. If they used the Dis VM and made it portable the effort would be minimal and easy to verify. But I can also understand why the Go developers chose the path they walked. Thanks to UNIX (and today Linux), POSIX, C, and let’s not forget MS we are living in a world that is far from perfect. We would be a lot better of in a Wirth world with GC and concurrency at OS level, and with type safe compiled modules. No API bug gets fixed faster than a program that just won’t start and reports an error message that module X has an incompatible API. Also deployment and compilation improves drastically. But we are living in a world with a gazillion PL’s that are all binary and API incompatible, except for … with C. It’s incredibly stupid but that is the state of today.

Go also has its own binary model that even between versions change. So sticking with static compilation makes sense. You only have to deploy for instance the Linux binary and it runs on (probably) all Linux distributions. Static compilation has its benefits. Of course it also has its downsides. For instance if there is a bug in the crypto package then an already deployed binary doesn’t automatically gets updated. This is a security issue.

But the two downsides of the Dis compilation model are: 1) Compilation of P-code which takes startup time. A Go program, no matter how large, start blazingly fast, comparable with a C program. So for instance if you want to do piping you won’t notice any difference. 2) The deployment of the runtime/std-lib itself. If Dis R4.2.1 has a new feature that an app uses but you are running Debian which has Dis R3.8.6 you have a problem. In again an ideal world this could be solved with NIX or GUIX package managers but these are Linux only and you still have the problem of the crypto package bug.

So both models have benefits and downsides.

ab praeceptis October 17, 2016 3:08 PM

Gerard van Vooren

re 1) Not quite.I’m not sure it was actually available, but Limbo was at least designed with flexibility in mind. So usually programs would run on top of Dis but there would also be a way to compile the P code to a systems binaries.

My remarks were, btw. not about “Oh, the world could be a better place, if only Wirth languages ruled rather than C”. Otherwise I would have complained about Limbo rather than liking it, namely a “better C”. And it does look C-ish, just look at the syntax or even the module stuff.

And don’t you tell me about this world being, uhm, less than perfect. I’ve arrived using rather weirdo tools like “kind of Scala with DbC and formal logical specs” and I’ve also had to use C – of all languages! – for some server stuff because, hold your breath, for C, unlike for e.g. Pascal let alone Modula, there actually are ways to bring it into a formal work cycle; crippled and burdensome, yes, but existing.

The other, more standard, approach being Ada which I theoretically would love but which I practically dislike for diverse solid reasons (like e.g. selling slightly pimped up DbC (Spark) as if it was the thing fully exploiting formal approaches. Oh well, no, not really.

C0? Nice toy, honestly, but not useful for real world jobs. Cyclone? All but dead. Deputy/Ivy? Nice but more of a “get at least some basic checks done” tool. VCC? ms crippled, dafny dito.

Limbo would very nicely fit and offer an excellent basis. With a little love Limbo could be what go became (asking an ugly price) and what D talks about (but gets lost in ever new std libs, absurd kindergarden dream features etc.

But oh well. I’ll shut up. Evidently this world needs a pwnd and melted down nuclear reactor before they learn their lesson. Well noted, I do not complain about being considered a reliability obsessed paranoid old broom. I’m complaing about the lack of tools. Having a couple of new “cool” languages every week, one should think that having 1, just 1, language making weirdos like me happy shouldn’t be asking too much.

Thoth October 17, 2016 7:10 PM

@Figureitout
I have laid my hands on a bunch of USB smart card tokens and the proof is likely to be in the pudding. I ran a speed test and there was a drastic reduction of time from an average I/O of 50+ ms to a range between 10 to 30ms while using the USB smart card token. I am starting to suspect that the original card reader is slowing the I/O down while the USB token simply is working at so much higher speed.

Thoth October 17, 2016 7:17 PM

@VeraCrypt Audit Results
re: Veracrypt audit results.

Ouch… that is a ton of critical vulnerability and hopefully they fix it properly this time round. The four worst vulnerabilities in my opinions in order:

1.) Memory corruption
2.) Sensitive data not correctly erased
3.) Password length can be determined in classic bootloader
4.) Keystrokes not erased after authentication

r October 17, 2016 7:39 PM

@Thoth,

I think it says fixed in 1.19? (for the most part, minus some specific complexity issues as work-arounds are provided I suppose)

The use of GOST made me suspicious prior to the audit (I think like Speck wiki has some negative paint for the algo). At any rate, we now know for sure it was a mistake. Stuff like this is why I’m sad I lose hdd’s from time to time, my 1.1.0a kali iso’s that had truecrypt preinstalled are bad hashes at this point.

Fortunately for me, hdd’s are no longer an issue unless they were interdicted prior to my reception. I have enough electronics at my home to require being locked out to subvert all of it post-hoc in one sitting. (Assuming my neighbors wouldn’t notice a presence :P)

Unfortunately I suppose now we should diff 1.18 and 1.19, I’m not sure the audit technically covers the “fixes”.

Anyways, that only covers what was discovered or at least publicized – a secondary audit of the same sources would be in order considering the security constraints of such software.

Also remember, that all that was audited this time around was technically the diff between 1.18 VeraCrypt and whichever TrueCrypt version is was forked from originally.

Interestingly, I saw somewhere (I think in the HN thread) that VeraCrypt was actually started a year prior to TrueCrypt’s abandonment.

@JG4,

Thank you as always for your atavist links, I believe you originally brought them to our ATTN here IIRC.

r October 17, 2016 8:16 PM

Upon re-examining some of the slightly dated corners of this blog, it could’ve been @65535 or @ianf too.

Thank you to all.

Including the Enamored of the Holy See, cheers!

tyr October 17, 2016 9:09 PM

@Wael, Nick P.

The word you wanted is spelled mispell using
miss spell makes it female but pronounces the
same.

English she is spoken and spelt wunderfull !!

@Clive

The Kildall decided to go flying story was used
around IBM lower levels to cover up their own
arrogance.

I ran both CP/M86 and MS-DOS and couldn’t
believe that they didn’t even bother to change
the menu screens while proclaiming it was a
great leap forward. That takes cast iron gall
in the case of Gates and a big legal staff to
pull off with a straight face.

Your rundown of the SCO and Linux tale sounds
pretty accurate to me.

Sadly the Original PC was a sorry piece of crap.
It might have been competitive with he Apple II
but compared to any CP/M machine of the time it
was pretty sad. My Ampro littleboard could read
and write diskettes to 26 different computers
while they were trying to re-invent the TRS80
4K mod 1. It set the microcomputers back 20
years in development overnight.

Jobs and the boys at Apple weren’t any better at
technologies though and they should have been.
Its that old insular religious wars me firster
ways of thinking all around. I swear sometimes
I expect to find everyone trying to find a cave
to live in.

To IBM the PC was a minor sideshow, ewhen it took
off they had to scramble like mad to catch up with
the demand. A black Swan event…: ^ )

Wael October 17, 2016 11:10 PM

@tyr,

The word you wanted is spelled mispell using…

Would it be accurate to say that you misspelled “misspell”? Oh, the irony is killing me.

Clive Robinson October 17, 2016 11:30 PM

@ tyr,

That takes cast iron gall in the case of Gates and a big legal staff to pull off with a straight face.

It was a gamble nothing more on Billy Boys behalf, back then Microsoft were a two bit “out m’garage” hardware manufacturer of CP/M cards for the Apple ][. His legal team was his family. His claim to fame at that time was MicroSoft BASIC written by Paul Allen using stolen computer time…

The reason Gary Kildell did not sue was two fold, first his legal advisors said that there was no precedent so the case would be not just expensive but risky. Secondly MicroSoft had no real value from which damages could be paid. Thus Gary had to accept that chasing what for all intents and purposes was,an impecunious man for money would be far worse than a pyric victory, due to the risk to his own business.

Few seem to remember or care that Billy Boy was caught and punished for stealing computer time whilst at school (something he was to not just repeate but compound at Harvard’s DARPA funded Aiken computer center). But quite a few remember his “Open letter to hobbyists”[1] about what he saw as people stealing from him and claiming “funny money” expenses in computer time.

I had business dealings[2] that involved Microsoft back in the hay day of the Apple ][ and had the misfortune to meet him. I was not impressed in the slightest (in fact the word repugnant still hangs in my memory). Suffice it to say I was not a fan in anyway shape or form.

It’s actually worth going back and reading his “Open letter to hobbyists” about “his” BASIC and the claimed development costs. Then finding out about the background to it which needless to say involved theft and fraud… Billy Boy was at Harvard at the time of the BASIC development project mentioned in the letter. It was a commercial product which was largely written by Paul Allen[3] who was not a student at Harvard.

However Billy Boy snuck Allen onto the Harvard campus, to use resources they most certainly did not have official permission to use for any personal project let alone a commercial one. The computer they were thus illicitly using was one which was being funded and used by the US military DoD with Harvard. Thus arguably Gates and Allen were funded by the tax payer dollar.

Gates did get called up before the Harvard administrative board for this, but no criminal sanctions for the theft of computer time happened. One can only assume that like many guilty men Billy Boy was “economical with the truth”. God alone knows what his father a very prominent lawyer of the time thought of it, or his mother for that matter who held significant positions in both a bank and US wide charity… Others have indicated that the administrative board effectivly looked the other way (much like the recent Comey and the FBI whitewash of Hillary Clinton).

[1] https://en.m.wikipedia.org/wiki/Open_Letter_to_Hobbyists

[2] Put simply the Apple ][ used a 6502 processor running at 1MHz, new 6502’s would run at over twice that speed and I’d developed a little hardware trick that would switch the speed of the 6502 from 1MHz to 2MHz depending on where it was in the memory map (I/O had to stay at 1MHz). I’d also developed a similar trick for Microsoft’s Z80 card and the point of the meeting was to get an arangment with MS over it. Billy Boy was not a happy camper he got agitated and rocked around like a weeble and got into a deep sweat that pervaded the room. Basicaly he was quite annoyed/upset that somebody else –who he pointed out was younger– apparently had the temerity to think themselves better than “his design team”…

[3] As Paul Allen recorded in his book “Idea Man”,

    Returning to Aiken late one night after a fast-food run, we were stopped by the campus police and asked for our IDs…Harvard split the computer’s maintenance costs with the U.S. Defense Department, based on usage. I’d relied on Bill’s password account for my work on the simulator, which ate a lot of processor time. When the January bills came due, Harvard’s share was up conspicuously, with one student the prime culprit: William Henry Gates III. (he appeared before the university’s administrative board that summer…)

vlumis October 17, 2016 11:46 PM

I am assuming that everyone has read the report on vercrypt. For argument sake let ls assume that truecrypt is still being developed, would it be better to use it than to use LUKS. I know LUKS leaves some header information but truecrypt completely encrypts the informations. There is also the option of plausible deniability. What do you think?

(Am sure we all know that these option are supsecible to the greatest cryptoanalytic tool known to man: the rubberhose)

What got me thinking about this was seeing Clive Robinsons’ comment about a clients enemies suddenly becoming a lawyers’ enemies and how you might be forced to take flying lessons from a high rise apartment.

Figureitout October 18, 2016 12:43 AM

Thoth
–So, let me guess, the card reader vendors don’t make the info of the CCID protocol available much? One other thing, we’re definitely going to have to turn off any encryption to for sure find the signal first.

And for your USB token, that depends on what kind of USB eh? Or no? 3.0?

RE: veracrypt audit
–Pretty bad, but there isn’t much other choices for what it does. Is there a big team working on it? No, looks like mostly 1 guy again…So pretty much all these vulnerabilities were in Truecrypt? One big bullsh*t was the memset() getting compiled out; that’s compiler being a dumbass not smart, corrupting the application and forcing a workaround.

r October 18, 2016 12:52 AM

I believe the guy behind zuluCrypt actually posts here, someone might want to shoot him an email to verify.

r October 18, 2016 12:57 AM

@FigureItOut,

No, the vulnerabilities found in VeraCrypt by the audit are not present in TrueCrypt.

VeraCrypt was forked from TrueCrypt 7.1a and only the diff between 1.18 and 7.1a has been audited. The prior codebase of 7.1a was audited separately.

I’m not sure if this newest audit technically covers the fixes included in vc1.19 BUT something I missed when I posted earlier is that apparently 1.19 does not fix ANY of the 4 problems listed as critical.

Thoth October 18, 2016 1:25 AM

@Figureitout
USB-CCID protocol links below and you can search for USB-CID. It’s an open USB forum standard. It should not have encryption as encryption is only done on the logical layer and not the physical layer.

USB-CCID tokens are usually USB 2.0 types. I have never seen a USB 3.0 token before.

Links:
http://www.usb.org/developers/docs/devclass_docs/DWG_Smart-Card_CCID_Rev110.pdf
http://www2.electron.frba.utn.edu.ar/~afurfaro/descargas/Universal%20Serial%20Bus/Especificaciones%20de%20clases/ChipSmart%20Card%20Interface%20Devices%20(CCID)/ccid_classspec_1_00a.pdf

Comrade Major October 18, 2016 4:00 AM

@Clive Robinson
It has a delightful history going back almost 600years to a little incident in Prague…

Its not about encryption.

@vulmis
I think you should concentrate not on encryption, but instead on steganography. Your note about rectal cryptoanalysis is right – encryption have the same effect to police like red flag to a bull have. And cypherpunks is just a walking provocation.

Clive Robinson October 18, 2016 8:13 AM

@ Comrade Major,

Its not about encryption.

That rather depends on your viewpoint. If you read the original you will find it is about what can happen as an end game to poor security that in turn can arise and historicaly has done when poor encryption has been used.

Maybe you want to look up Mary Queen of Scots and her demise, as but one of many historical examples,

http://www.scotsman.com/lifestyle/dangerous-cipher-that-led-to-the-death-of-a-queen-1-467080

Oh the cryptanalysis angle is disputed by some historians, apparently the cipher used was one that was well known not just amongst Catholics but their opponents as well. The reason this is belived is that like any symetric cipher both ends need to know both the method and the key. It was very unlikely that a new method and key could have been smuggled in to Mary without it being intercepted and read. Further the same method and key have been found in unrelated correspondence between other Catholics. Thus it was little more than equivalent of the “pig-pen cipher” still used by children today.

Comrade Major October 18, 2016 8:43 AM

@Clive Robinson
Encryption is important, but its very important to hide the fact that you use encryption.

NSA may intercept all traffic, but this doesn’t mean they store it. They collect only what’s important to them. And how they decide what’s important and what’s not? Metadata. Who, what, where, when, to-whom etc.

In case of vlumis its important to use steganography. Yes, he may encrypt his data before he’ll hide it, but he should hide the fact that he have his data.

r October 18, 2016 8:49 AM

@Comrade Major,

Have you ever seen those inflatable tanks from WW2 ?

Advanced, D & DDDD 3rd and 4th edition.

Use your imagination 🙂

r October 18, 2016 9:00 AM

The term, imo steganography demonostrates an even higher level of malignancy than encryption.

While necessitates under certain circumstances e.g. duress, obs, maybe technically jamming – it is likely not a good idea at all. Encryption has a certain err(air) of explainability to it, as does the deniability of multipartite containers.

Coded transmissions that travel under the smurface like namor the submariner? That should count as a red flag in and of itself piquing both their antennas and their interest.

I’d stay clear from talking about keywords such as that if you have a weak stomach, alot of what’s spoke (like a wheel) about here is theory and implementation not strict enforcement and compartmentalization.

It’s a, “bring your own opsec” blog.

You want catch me talking about using technical steganography or using technical steganography. We have had discussions about it in the past, including embedding into images and I just think it’s as hard to properly implement as encryption itself and likely even harder to properly or safely use due to the fact that it’s literally an unvetted and bootstrapped mode of communicae. If you have military training in it’s proper use go for it, I trust it less than a good hard crypted file mislabeled.

Tightening the Beltway October 18, 2016 9:43 AM

First, and most importantly:
https://cryptopals.com/ (8x math agnostic crypto challenges for beginners)
https://news.ycombinator.com/item?id=12720009 (warning, may spoil your fun with answers)

“I won 104 million for blowing the whistle on my company but somehow I was the only one who went to jail.”
https://news.ycombinator.com/item?id=12729624
https://melmagazine.com/i-won-104-million-for-blowing-the-whistle-on-my-company-but-somehow-i-was-the-only-one-who-went-to-7ed8a808d50c (@People with fins, NSFW)

“Retired U.S. general pleads guilty to lying to FBI in ‘Stuxnet’ leak case”
https://news.ycombinator.com/item?id=12729568
http://www.reuters.com/article/us-usa-iran-cyber-idUSKBN12H25M

“Scrypt is Maximally Memory-Hard”
https://eprint.iacr.org/2016/989
https://news.ycombinator.com/item?id=12731914

“The future of weapons smuggling.”
http://www.bbc.com/news/science-environment-37632616

Thoth October 18, 2016 11:31 AM

Fingerprints are dead
re: Fingerprints

Fingerprints are not very secure and should not be used to protect sensitive objects. At least pair fingerprints with PIN/Passcode of sorts.

Another way is what I called “Fingerprint Dance”. You use a sequence of different fingerprints similar to port knocking to authenticate. Once 3 bad sequence are used, it wipes the device. This isn’t the most ideal method and the fact that most Android and iPhone devices are vendor locked in, you would unlikely have a chance to implement a security login of your own choosing if they deliberately do not support.

End game is ALL SMARTPHONES MUST BE CONSIDERED INSECURE for civilian purposes. There is no grounds for arguing that smartphones are secure for civilian purposes unless the user can control the OS and firmware in the chip and even the chip itself. Smartphones can be outfitted for the “elites” to be secure in terms of “Elitist Protection”. NSA have a bunch of secure smartphones and related technology but those are exclusive in protecting the “Elites”, not the “Serfs”. Secure smartphone can be done if you own the chip, the manufacturing process, the firmware and all that which can only be available to nation states and the “Elites” not to “Serfs”.

The global game is about “Elites” vs. “Serfs” where the “Elites” have their own agenda while the “Serfs” stand in the way as they become more aware of the activities of the “Elites” and their abuses and misuse of the system.

Anything to be stored on a “Serf” quality smartphone would need to be secured by a somewhat more secure device that is also highly available. The only candidate to fit the bill would be smart cards and SIM cards. They are numerous in number and the old versions using 8051 architecture are still being churned out in quantities. Backdooring them is a tricky business as the supply is open to everyone and thus a very difficult thing to become precise without alerting people. The growing number of home experimental chip decaps available would mean that more people can turn their homes into simple decap labs and decap chips and examine the circuitry. Recent increase in smart card chips being decapped and their designs placed in the open would make attempts to backdoor these cards harder as anyone can buy a whole reel (thousand pieces) and then sit down and decap for as many as they want and get their processes correct by trail and error and backdoors would become much more easier to spot and become very obvious to catch with the low prices and high quantity of such chips in the market. SIM and smart cards would fit the bill for mobile On-The-Fly security chips where one needs to process short term sensitive materials on the go.

For more static and heavier defenses, things like TFC would suit even better and more suited for longer term and highly sensitive materials.

Split secrets on invisible ink and flammable paper would be for extremely sensitive material and last but not least, the best secret is one that doesn’t even exist at all.

I have broken down various tools to use according to various classifications of sensitivity of secrets and also the mobility they bring on the move. Anyone seriously considering their privacy and personal security should follow the different classifications of sensitivity levels and process their materials accordingly. Smartphone provides no security whatsoever (even negative security – leaking and traitorous) in nature.

Fingerprince et tu October 18, 2016 11:57 AM

Oh come now @Thoth, a fingerprint is the password that that keeps on re: gifting.

Name another method of identification short of DNA or dental hygiene that can be used to unlock a loved one’s de vice after an NTSB endorsed and or promoted mishap en?

+1 if that sounds like a likely schenario.

SW October 18, 2016 1:11 PM

once had octopus carpaccio in squid ink at a swank place in NY. I’m not normally adventurous, but it was amazing.

Thoth October 18, 2016 6:34 PM

@Fingerprince et tu/Fingerprints are dead

If you bothered to read through everything I said, I did conclude that fingerprints are not the way to go as I explored options and settled on the fact it is not secure. Seems like you are only reading part of it and jumping to the point.

And do not keep changing your nickname as the @Moderator does not like nickname changing.

Thoth October 18, 2016 7:08 PM

@Fingerprince et tu/Fingerprints are dead

In fact, I pushed the entire concept of smartphome security (not just fingerprint sensor on the phone) under the bus and label the whole scheme as insecure regardless if you use a 32 character long password or a 10 digit iPhone PIN with Secure Enclave support or fingerprint, these are all broken by design from day 1. Scroll above and look for my description of using ARM TrustZone and a tamper resistant Secure Element to build a secure backdoor.

All phones running Qualcomm, Apple A series chip or Samsung Exynos contain TrustZone that runs quietly behind the scene whether you like it or not as it is part of the chip’s design. This is the mobile version of the Intel AMT. Who needs fingerprints, 32 character passwords, 10 digit PINs, bruteforce guessing of passwords and PINs or coercion when you can go straight to chip manufacturer for access. That is what the FBI tried as precedent via the iPhone saga where they realize it is much easier if they use the secure backdoor desigm of TrustZone and walk right into your phone. No guessing required whenever possible anymore. FBI could even request Apple to send a signed update to inject a PIN code they like to replace the old PIN code but they seem to have not thought of that from day 1.

Summarizing everything, regardless if you use a 32 character password or 10 digit PIN with hardware PIN protection or fingerprints, facial or eye authentication or any combination of any of them or even lauered deeply, they are all totally useless when the very base of the system, the chip itself with TrustZone enabled, would simply allow the chip maker to sign an update that removes completely every single authentication and security you put in place. Fingerprints, passwords, PINs … are not secure if your chip is already fromt/backdoored.

ab praeceptis October 18, 2016 7:48 PM

I consider this whole fingerprint problem thingy non issue anyway.

Reasoning: a) It has been amply demonstrated that that whole technology is nonsensical for diverse reasons (e.g. easy to fake/reproduce). b) whoever uses a smartphone for anything sensitive or has any data of any worth on it, deserves no better anyway. c) formertimes having ones fingerprints taken put one into a bad light (“police is taking his fingerprints, so prbably he’s an evil guy”) and nowadays millions upon millions happily trust their fingerprints to a device class that is know to be completely rotten? Funny. d) the main reason for that mechanism (other than collecting bio id data from the population) is the sad fact that the vast majority out there can’t be bothered to come up with and to remember a sensible, sensibly complex, and sensibly long passphrase. They don’t deserve any better as their whole attitude clearly says “I want to buy a cool security i-gadget (and the be fu**ed hard)”.

Seriously, how would one reasonably assume that some gadget (“look, mom, a fingerprint reader like on starship enterprise! cool, huh?”) with some smartphone built by slave labour for some billion-dollar nsa and fbi friendly corp and running ‘Crap OS’ with crap java (or object-crrap) and an obscene assortment of widgets … had any concern whatsoever for its usersm, other than “how do we get those derps to shell out another couple hundred $$ for the next version of our gadget?”.

The real problem for mankind is that those gadgets do not (yet?) have a “kill me in a funny way” app. Though, I have to confess, pokemon seems to be a promising first step …

Clive Robinson October 18, 2016 8:06 PM

Apparently not an April’s Fool…

In what sounds like the reverse of normal expectations, there is a simple way to convert stale breath to alcohol…

More accurately contrary to scientific expectations it appears there is a simpl(ish) catalyst that will turn Carbon Dioxide (CO2) to ethanol (CH3CH2OH).

https://www.engadget.com/amp/2016/10/18/researchers-accidentally-turn-carbon-dioxide-into-ethanol/

If –and it’s a big if– the technology becomes viable at scale it will have significant implications on fuel security and potentially have environmental and climate science impact (in effect it’s carbon neutral).

Thoth October 18, 2016 8:30 PM

@ab praeceptis
re: Long passphrases
That’s if the chip can be trusted. Otherwise, with things like Intel AMT, AMD PSP, ARM TrustZone, you can come up with as long a passphrase/word/code you like, those AMT/PSP/TrustZone simply makes all security attempts look like child’s play. Does it mean I am advocating for weaker passphrase, no … because it simply makes no difference … down right pwned again and again by the good olde industry of profit margins and huge payouts while in bed with the nation states (selling their ordinary customers out).

There’s a saying that you can run but you can’t hide. I guess this is the same situation where we simply keep finding some self-protection methodologies but to discover sadly that we have been sold out big time.

KimFAATKow October 18, 2016 8:57 PM

Study: Face Recognition Systems Threaten the Privacy of Millions
https://theintercept.com/2016/10/18/study-lack-of-face-recognition-oversight-threatens-privacy-of-millions/

A broad coalition of over 50 civil liberties groups delivered a letter to the Justice Department’s civil rights division Tuesday calling for an investigation into the expanding use of face recognition technology by police. “Safeguards to ensure this technology is being used fairly and responsibly appear to be virtually nonexistent,” the letter stated. The routine unsupervised use of face recognition systems, according to the dozens of signatories, threatens the privacy and civil liberties of millions — especially those of immigrants and people of color.

ab praeceptis October 18, 2016 9:03 PM

Thoth

You are quite right but my point (as usually) is not that we can’t have high security but that actually even a low but reasonable level of security is often not achievable.

In other words: Yes, if a state is after you, chances are they get you. But what I’m talking about is plain stupidity, factors like people “thinking” that “secret” + their birthday is good passphrase or people “thinking” that if apple advertisements create the impression that their iphone is secure than that must be true, or, to come to more painful and shameful issues, that people actually “think” that there’s nothing wrong with 14-year old bulgarian teenagers hacking together apps in javacrap and using a multitude of crap libraries on top of a colourful crap user interface.

Let’s be clear: There was only and exactly 2 things to learn from diverse openssl malheurs, namely 1) to throw it away and 2) to think profoundly before hacking together the next desaster.
(Or, more realistically, to leave openssl and siblings alive for those who are not disturbed by the occasional being stabbed with a knife and who think “but somewhere is bangladesh there is someone with an x86 dos system who must be able to ssl connect to our site!” and to create a secure alternative (as in “throw away the crap and start over again; this time thinking before hacking” and not as in “oh, let’s build yet another ssl library but let’s use ada this time!”).

In yet other words: Why the hell all those complaints? Whenever a mega corp offers a new pile of crap (looking cool, of course) and throws a mega advertisement campaign at people, they happily run to the stores.

They get what they deserve. Simple as that.

ab praeceptis October 18, 2016 9:25 PM

KimFAATKow

Couple of questions:

  • “Face Recognition Systems Threaten the Privacy of Millions” – what a surprise! Who would have thought that?
  • “civil liberties groups” – I guess that’s the same who somehow failed to stop your country from becoming what it is today?
  • “delivered a letter” – wow. Am I wrong assuming that the addressees won’t read it because they are too busy reading letters from corp donors and lobbyists?
  • “Justice Department” – isn’t that the institutions whose chief privately meets the husbands of suspected criminals whom they officially investigate ?

  • “calling for an investigation” – well done! The results of which will surprising to say the least … (“with friendly sponsorship by the corps selling the products used for privacy instrusion” – what could possibly go wrong? It didn’t work 1000 times but this time it will. Kind of.)

  • “police” – kindly help me out, because I’m from europe. “police” is the guys who are in the habit of wanton beating, tasering, and killing whomever they please, right?

  • “… the letter stated” – I see. Certainly the same people who gave the corps and agencies green light in the first place will now, having gotten that letter, immediately go against their pals, sponsors, and own interests. Sure.

  • “according to the dozens of signatories – Impressive! Am I right assuming that the politicians will be gravely impressed and immediately turn from egomaniac corrupt berserks into warm fuzzy angels?

  • “privacy … liberties … especially those of immigrants and people of color” – Now, I might be mistaken but if I remember correctly that’s pretty much the same groups who get wanton beaten, tasered, disenfrechnchised, incarcerated or plein and simple shot, no?
    I agree. It’s of utmost importance and urgency to care about the privacy and liberties of people one wanton tasers, beats, or shoots.

Laudable, very laudable. I’d send pampers to congress, though, because I’m sure they will sh*t their trousers when they read that letter.

Clive Robinson October 18, 2016 9:43 PM

@ ab praeceptis,

[T]he main reason for that mechanism … is the sad fact that the vast majority out there can’t be bothered to come up with and to remember a sensible, sensibly complex, and sensibly long passphrase.

Err not quite true.

The problem was perceived differently. Put simply it takes a long time to enter “a sensible passphrase” and many phone service providers kick in Voice Mail within six rings for business reasons (call conversion). The idea of the finger swipe was a way to have good security with a fast “authentication factor” entry when the phone rang.

The problem with hindsight was not realizing / predicting the DoJ rendering two of the three standard authentication factors (what you have / what you are) moot.

Which leaves two other factors (what you know, where you are) of which only one is realisticaly practical against law enforcment[1]. Which gets you back to the slow passphrase (what you know) system.

A number of years ago I looked into the design of a high security USB style memory device that would have a location&time (where you are) authentication factor / destructor. The problem was making it reliable…

Whilst it is possible to have a reasonably tamper proof internal Real Time Clock it requires a continuous power source which is it’s self problematic (as Galaxy Note 7 owners have recently found). It also has implications for KeyMat destruction.

After some thought I went with the idea of a two part system using a PubKey system from the device to a server. The device would not store the FDE symetric key except in non battery backed up volatile RAM[2] that would be erased on removal from the USB socket and other triggers. What it would have would be a private key that was securely stored inside the device (think a micro HSM or smart card/SIM). It would then communicate with a remote host to download a new copy of the symetric key for each file use (think along the lines of how PGP etc send symetric key for secured EMail). Thus the time function would be removed from the device to the server that could / should be in a different jurisdiction. Likewise only the actually files alowed at any given time could be accessed. The problem with this at the device end is of course the need to have a communications path to the server.

However the problem that could not be securely solved was the all important geospatial one of “location”. Every way you look at it a device on powering up has no way to establish it’s location that cannot be somehow faked or in otherways falsified. You can establish a minimum radius from a secure server by measuring time delay on a transmission path ping, but it is unreliable for the likes of networks.

Thus you get back to the original problem the only authentication factorvyou can get working in a mobile device like a phone is the “what you know” of passphrases that have an entry time issue.

The person who patents a fast secure way of authentication that the likes of the DoJ can not get around might just make some money off of it (if it does not get outlawed etc etc).

[1] I was one of the first people to talk publically about data protection on smart phones and how applications etc might prevent “lawfull access”. I had an argument on the Cambridge Labs blog with one of the then regulars about it, and he dissmised it as a non-issue, and now it’s a major issue (hi to Richard Clayton if he’s reading).

[2] Using an “in memory” protection system based around using data shadows that I’ve described in the past.

ab praeceptis October 18, 2016 10:40 PM

Clive Robinson

Sure, you are largely right, but let’s not ride that dead horse and let’s not forget the context.

The context being smartphones, i.e. a device on which any person with some leftover brain cells wouldn’ store really confidential data. So we’re not talking about the blueprints of new weapon systems or the private key of a CA (OK, OK, I’m somewhat optimistic, here …*g).

We’are talking about protecting my wifes nice *** image which is not meant for the pleasure of the neighbours or the officers at the local police station around the corner.
We are certainly not talking about keeping the fbi away from those data, or the russian fsb.

Oh, and btw, let’s not forget that everything has two sides. Like, for instance, the “where I am”. Actually, it just so happens that quite many people have a problem with the “where I am” because if, say my login process has that info than basically everyboday has it (need I mention A5/1 – 3 and similar encryption jokes?).

Also let’s keep in mind that “what I have” should be closely related to “what I am” (read: reasonable and actually working bio-based id) because, say the burned in chip id of my device might be not really me but rather Mr. pickpocket or Mr. fbi officer.

But there is another, way more important point that makes me stress the matter of passphrases: Bio-id is not me but it’s me plus whatever some more or less trustworthy curcuitry makes out of it.

In other words: What I know is the bloody only thing that, if properly applied, really proves the “me”. I want that; the what-I-know is the one factor of all factors I’m not willing to give up because all other factors (incl. bio id) are in one way or another more or less outside of my control.

Don’t get me wrong, I’m very interested in what you say and I largely agree as far as tech is concerned (minus the “USB” … because USB and secure go together like electricity and and a full bathtub), but (not that different than you) I also see the negative sides. Can you design and produce your own chip, can I? No, we can’t and hence I don’t really trust them. Do we control wireless protocols? No, and well deserved no and hence I don’t really trust that, either.

Funny thought: Is there a realiable study about how well, solid and realiable the login, authentication, etc. of intel, samsung, etc. designers and engineers is and how solid their processes and habits are? Why should I believe that thousands upon thousands of employees in a brutally profit driven industry are properly authenticated … which is frighteningly related to the questions of their chips doing what we are told they do and doing it in the way we are told (and the companies maybe believe) they do it?

Nuh, I’ll stick with passphrases and mistrust against chips (let alone software).

prints October 18, 2016 11:21 PM

Almost a non issue.

What is the overlap of people not fingerprinted at birth and don’t have a state issued ID vs the people who use fingerprint authentication? Almost nill in the states? Then guess whose of intrest

Clive Robinson October 18, 2016 11:59 PM

@ ab praeceptis,

Why should I believe that thousands upon thousands of employees in a brutally profit driven industry are properly authenticated [?]

It’s funny you should say that.

Getting on for a few years ago, before Stuxnet was even thought about, I argued this exact point over “code signing” and both insider and black bag jobs. My opinion was not well appreciated at the time…

@Nick P had similar views and tried to see if there was a way you could somehow protect the production of chip manufacture from supply chain tampering. His conversations with @RobertT are worth reading, especially the bits on just how vulnerable the whole process is.

The thing is at the end of the day protecting information is all about eliminating the need to trust in others. Even the OTP pencil and paper secure cipher has more trust issues than you can shake a stick at, and it’s only usefull to protect information in transit not for storage etc[1].

As Bruce and others have noted it’s not the crypto algorithms that you need worry about, it’s the way they are implemented and used in systems where “the easy breaks” are. Hence the old joke about theory and practice.

[1] For those reading along thinking “Err why?” it’s blindingly obvious “when you know” but not otherwise. It’s because if you can store the OTP keymat securely then you can as easily securely store the plaintext, as the OTP keymat is as large as the plaintext…

furloin October 19, 2016 12:25 AM

@Clive

“The person who patents….”

Fingerprints are inherited and their scanners use only four data points to generate the images. Why not tounges instead? We have the touchscreens to press against. Now all we need is the processing power for all that input at once. Also a hardware abstraction library willing to read all it. Also screens capable of as much input as possible all at once.

Sounds simple the way phone manufacturers are heading. Now we would just need non back doored hardware etc etc and we might be able to make secure enough systems for the average Joe. Or maybe I am just ignorant again.

Figureitout October 19, 2016 2:07 AM

Thoth
–Ok, so there’s docs on the protocol and it won’t be encrypted. Should be good to go. Haven’t ordered a reader and card yet, will soon. I’ll try to look at it over winter break but won’t make promise. Summer more likely, unless it starts taking too long.

Clive Robinson October 19, 2016 4:55 AM

@ furloin,

Why not tounges instead?

Because the FBI / DoJ would just mandate that tounge prints be collected in the warrant, likewise any other part of your anatomy that could conceivably be used. Just to humiliate you and show you who the boss is.

It’s a game they will always win in the US because they will just charge you with resisting arrest, lying to a federal officer, impeading an investigation or worse you might just “accidently” get lost in the system (Chicago Police style) till they get you to do what they want. That’s how it works these days, or had you not realised from their current track record?

The only thing their “standard investigation and interegation” –ie non mortal injury type tourture– techniques will not get them these days is the contents of your mind if and only if you can keep control of it. But the US Gov definition of what is not tourture but “enhanced interrogation” does not meet most internationaly recognised norms, hence many forms of psychological tourture are OK…

Eventually the FBI / DoJ psychos will get their way past some senile old judge and even the contents of your mind will cease to be off limits as standard…

In theory it already exists, the US has extended it’s border zone to a hundred miles deep, and as was seen with Ed Snowden they can revoke any rights to travel for any individual that is not in the part of the US inside that border zone. Something like nine out of ten US citizens live or work in that border zone and can be treated as “entering” the US at any time with all that loss of legal protection that entails… One such is they can remove all your money, credit cards etc so you can not buy anything, but as you are “entering” you lose the right of basic sustinance that prisoners would otherwise get… Eventually it will be used as a way around even “what you know” protections such as the right not to self incriminate.

Adou Metel October 19, 2016 9:11 AM

Clive, ab praeceptis:

It need not even to be thousands. Dozens are just enough. I’ve worked in a few companies involved in various ‘handling’ of personal data. The security procedures were… lacking. Those PII would end up on Facebook and other 3rd party services with questionable privacy practices. All because someone was lazy and sent sensitive information through that because oh so convenient.

r October 19, 2016 9:44 AM

They’re discussions that need to happen in the open air, not everyone has seen the arguments before and realizes how dangerous taking the easy route can be.

I did fully read your reply, and I appreciate the further elaboration and devolution also. It was not meant as a stab wound.

The Queen of Mena October 19, 2016 10:00 AM

For anyone unsure which candidate is CIA’s anointed, here’s some remarkably feckless cyber-libel by a cutout, clearly not the sharpest knife in the drawer. The intent, so far as it can be divined through the layers of ineptitude, is to suggest Assange is bribed and blackmailed by Russia. CIA used to be good at this sort of thing. Then they started hiring washed-out Marines to put things up captive wogs’ asses, and lost whatever useful skills they had.

https://www.reddit.com/r/WikiLeaks/comments/587lbg/i_have_been_looking_into_the_san_fransisco/

https://wikileaks.org/Background-and-Documents-on-Attempts-to-Frame-Assange-as-a-Pedophile-and.html?update3

Nick P October 19, 2016 1:32 PM

@ ab praeceptis

(Repost of older comment Clive is referring to with links to prior discussions.)

It’s hopeless for now without an incredible budget and years of work. The chips might have hidden functionality, they might have been altered before being put on silicon, and they might have been swapped out for functionally identical (subverted) chips. There are companies that can tear chips apart to analyze their features and look for backdoors. You’d need to (a) trust them, (b) send them regular samples from your batches, and (c) have a ridiculous amount of money. They might still not see clever attacks in analog and RF areas as there’s less expertise there than digital.

These and more issues were covered in discussions with a chip designer with rather esoteric skills:

This comment contains a summary of RobertT and I’s discussion of the issues
https://www.schneier.com/blog/archives/2013/12/friday_squid_bl_404.html

RobertT on why auditing chip processes takes as much faith as just trusting them
https://www.schneier.com/blog/archives/2013/12/friday_squid_bl_403.html#c2828013

RobertT on an example subversion area
https://www.schneier.com/blog/archives/2013/09/surreptitiously.html#c1744173

RobertT discusses how and why hidden functionality is common in chips
https://www.schneier.com/blog/archives/2014/01/souffletrough_n.html#c3595520

My interim solution was to use really old hardware where they didn’t waste resources, use only non-DMA I/O, have no Internet connection, use no risky files (eg PDF’s), and port a highly secure OS on it. The idea is that these are less likely to be subverted, although they have all the usual risks from firmware to OS’s to networking. So, start with non-subverted hardware, air gap it, increase that system’s assurance, and then move simple to validate data to/from over simple to verify interfaces. More work than most people are capable of so they must all be assumed subverted or insecure at the least.

My previous list of chips to consider and tips for choosing:

https://www.schneier.com/blog/archives/2013/09/surreptitiously.html#c1762647

END OF OLDER COMMENT

Two recent analysis are here and here.

Nick P October 19, 2016 1:36 PM

@ All

There’s been lots of Americans discussing elections online in social media and the news as if people are actually voting for who will be President. It’s as if they don’t know how our system actually works. Further, they think they picked these people although most of the candidates for Presidency and Congress trace back to the workings of corrupt officials in office or elites. So, I posted this clarification on U.S. elections on various forums for anyone unaware how little role they play:

“Oh really? Do you know the definition of a democracy? A democracy is simply a form of government that gives power to the people.”

The candidates are self-selected based on how much money they have plus connection with corrupt parties who operate on bribes from corporations, special interest groups, and rich people. The people get information on these candidates from highly-biased media that lie about other candidates to drum up ratings for advertising revenue while also run by people in capitalist class. Territories, phrasing of questions on ballet, and voter rights are used to filter a chunk of votes that may threaten status quo. They votes are often entered into machines that are easy to hack with consistent refusal to eliminate that risk. These votes determine which “electors,” not Presidents, are decided. Who they are. These electoral candidates were already chosen by prior, political parties. Depending on state law, those electors will then vote for Presidential candidate people voted for or vote against people’s choice.

This total process is what many Americans call an election system where the “people” decide who runs the country. They’re participating in a mass delusion. It’s clear that the people have limited participation in the above process. The final choice isn’t made by the people at all. Some democracy…

ab praeceptis October 19, 2016 2:27 PM

Nick P

Now, that’s a load! Thanks a lot for collecting and bundling it up!

Some remarks:I see a strange kind of ping pong pattern in security discussions: One one hand we’re circling in a perfectionism loop and worrying about e.g. sub 20 nm “attackability” – and on the other hand we experience the other extreme of even very basic security failures everywhere.

I’ve learned to always zoom out once in a while and to ask the basic questions like “What’s my threat scenario in the first place?”. If I’m, say Huawei or Cisco then my threat scenario will almost certainly include inside-the-chip attack vectors.

Another obervation of IMO high significance I made many times (which to often ignore will continue to pay out plenty of punishment) is defining the problem-solution space properly. Example: There’s trade off between a solution that covers just a part of the threat but can be implemented simply and quickly – and – a solution that (almost) fully covers the threat but demands billions in money and decades in time. To me, that is part of a threat scenario analysis.

Plus there are solutions which are not really solutions, at least not for certain threat scenarios. Example: Open source CPUs. Sound very attractive, does solve certain problems but does not solve quite some of the serious problem classes associated with nsa and the like. In the fab it’s not important whether they f*ck up an OS chip or a proprietary one. And there are quite some thing we simply can verify.
For one we simply don’t know all the premises and hence we can not even reasonably start to define tests. Think, for instance, of EM attack vectors while we diligently run myriads of logic tests …

At the same time I see again and again that we get too easily distracted/focus manipulated. Do really need to verify the chip innards? For some vectors yes, but often I’m just concerned about, say, serdes not pulling off funny things – that, however, can be tested and, even better, the domains can be broken down into feasible chunks. 2 to the 32 is not something that is unsurmountable.

Finally I’m deeply troubled by another factor, namely, the next to absence of reliable software (read: OS, basic drivers, etc.) – how on earth am I to find out whether the processor is flaky (or nsa manipulated) when it could as well be some lines out of millions of lines, say in firmware?

All in all I say a major step towards security in avoiding x86 and arm-based processors, particularly the x86. One major reason to say that isn’t even the processors but the plethora of grafted on chips during the years. In effect an x86 board isn’t an x86 board but a board with a plethora of chips, one of which happens to be the CPU. All those management and security and remote management and whatnot crap – thanks, but thanks no.

So, in my segment we are looking into solutions with more managable parts, often Sparc based. Rather than one multi-billion transistor mega monster we prefer to use a couple of simpler (and easier to verify) chips.

In servers I sometimes advise clients to stay away from standard stuff with remote management crap and rather have a KVM attached. Boring, somewhat more expensive but way better than the built in crap.

But again: While we have those discussions here, there are billions of Johns and Janes who just don’t care f*ck; they can not even be bothered to use different passphrases for different sites.
And we have 14-year old romanians (and, PhDs * wink wink nudge nudge (OpenSSL)) who just carelessly and ignorantly hack away at what will soon be served as the next version of the super-duper “freedom” OS.

PuP October 19, 2016 3:22 PM

“Lewis[1] is a Dark Web crusader on a mission to make the internet’s anonymous annex live up to its billing.
She scours the Dark Web with her OnionScan[2] tool searching for those signs, welcome mats and keys.
She cares too much about anonymity for naming – but she’s not above a bit of shaming.

Today Lewis aimed her shame-o-matic at “Mr. (redacted) a European application developer” who entertains a sideline selling drugs on the Dark Web.

It wasn’t that she was upset about his illegal activities mind you, it was his bone-headed attempt to set up a Dark Web site that attracted her Twitter-ire.”

[1] https://twitter.com/SarahJamieLewis
[2] https://github.com/s-rah/onionscan

Thoth October 19, 2016 10:21 PM

@Figureitout
Just a couple recommendations:

Card Reader (portable and surprisingly fast APDU messaging):
http://www.ebay.com/itm/301843630933?_trksid=p2057872.m2749.l2649&ssPageName=STRK%3AMEBIDX%3AIT

Card:
– Search on eBay for JCOp J2A040 or J2A080. This is NXP’s JCOP JavaCard. The J2 refers to contact only (no contactless which is denoted by J3) and the 040 means 40KB of EEPROM while the 080 is 80KB of EEPROM. The 40KB EEPROM is more common and easily available.

Take your time for research.

Just an update, I might try to enable “ExtendedLength” feature on the GroggyBox but the side-effects is it will definitely have a lesser amount of supported cards and systems. ExtendedLength feature would allow transmission of more than 256 bytes as long as the length of data can be represented by a “short” type of 0x7FFF or a length of 32767 bytes in a single sitting. I am considering if I should break support of all older versions of cards that do not support ExtendedLength or stick to more traditional non-ExtendedLength ?

CarpetCat October 19, 2016 11:24 PM

On chip design and subversion…

What are your thoughts on virtualized hardware? I remember reading about the old Commodore64 chips that had been fully virtualized, warts and all. Wouldn’t such a system be inherently secure? Just a few bounds and tolerance limits, and the virtual chip won’t do anything it isn’t supposed to. With supposed to defined as full range of past practice observed.

Am I missing something? It’s not my balliwick to be sure, but isn’t the discussion focused on a bad chip altering the math? Or phoning home somehow? Just off the napkinhead, wouldn’t a virtual circle of trust help?

Clive Robinson October 20, 2016 6:43 AM

@ Wael, Nick P, and the other usual suspects,

Some time ago you enquired what I ment by signiture analysis of the hardware usage in C-v-P.

Well, things have moved along a bit in the past five years and as with all things, people invent new names to differentiate their proro-ideas from others proto-ideas untill the practitioners in a particular field of endeavor make a choice of terms.

As you probably know by now various people have been investigating the use of the ARM performance registers to look for signatures of behaviour that are not just different from those expected, but also those that are indicative of certain types or classes of malware.

Well things move on and this paper might be of interest to you,

http://www.cs.binghamton.edu/~dima/raid15.pdf

r October 20, 2016 7:24 AM

@Clive,

My computer (and network) will be thrilled Dr. Clive Robinson recommends a rectal thermometer for deep learning and diagnosis of the many varied elusive causes of computerized symptoms. 😉

Wael October 20, 2016 8:23 AM

@Clive Robinson, @Nick P, and the other usual and unusual suspects,

signiture analysis of the hardware usage in C-v-P…

22 pages. Should be a good weekend paper to look at 🙂

I read some parts of the other paper by Nael Abu Ghazala (I know what the name means.) about ASLR, perhaps I’ll comment on that as well. I didn’t see any glaring mistakes in what I read so far. By the way, “Khalid” means “eternal”. I’ll also share a story about ancient Arab weird naming conventions — something you won’t find on Wikipedia 😉 I’ll quickly jump back to C-v-P again…

@r,

My computer (and network) will be thrilled Dr. Clive Robinson recommends a rectal thermometer for deep learning and diagnosis…

I think not! Your computer already had a few colonoscopies done by several TAO “scopes”. You can ask for a report from BSPMBS. For a nominal fee, he’ll release the report.

Nick P October 20, 2016 1:38 PM

@ Clive, Wael

The paper shows a 80+% slowdown in hardware for probabilistic security. The mechanisms like Watchdog, SAFE, and CHERI vary from under 10% for provable safety against common flaws + around 40% or so for strong, probabilistic safety of others. I stand by my prior review showing the performance hit of profiling method is worse than prevention methods while providing vastly reduced safety in return.

Such a model might make a coprocessor for HIDS on top of the preventative one that looks at execution traces to compare against a policy. Copilot already does that in software. There were hardware coprocessors that did it scanning RAM with knowledge of what it should look like in certain areas. Stuff like that might be feasible. Right now, a pointer, bounds, stack, or reference check in ASIC circuitry is much more efficient in area and performance than profiling which basically requires mini-CPU’s for execution of flexible, state machines.

Ted October 20, 2016 1:57 PM

United Nations Day
24 October

Paragraph 70 of the United Nation’s ‘2030 Agenda for Sustainable Development’ called for the creation of a Technology Facilitation Mechanism to support the implementation of the UN’s 17 Sustainable Development Goals.

The TFM has three components. The first is a Interagency Task Team on Science, Technology, and Innovation to support the SDGs. The second is a collaborative STI Forum. The third is an online platform for information on STI initiatives, mechanisms, and programs.

On the platform there is an interesting report, the ‘Global Sustainable Development Report 2016’. Chapter 3 covers ‘Perspectives of scientists on technology and the SDGs.’

https://sustainabledevelopment.un.org/globalsdreport/2016

Gerard van Vooren October 20, 2016 2:07 PM

@ ab praeceptis,

I am taking this to the squid.

Math is our friend. We should ignore him a lot less and rather gladly take his friendly stretchend out helpful hand.

I don’t know whether I have said this before, but math alone isn’t gonna do it. Having the right abstractions and make them usable matter too.

You mentioned plan-9. These guys have invented 9P. This opinionated IPC may not be suited for every task but they did standardize on it and made it the only IPC. This resulted in a ridiculously simple “look and feel”. Dconf, sockets, none of it all. Everything is a file or filesystem. You could work on another computer as easy as its your own. Today this is not an easy task in other operating systems, especially on a mixed network and with encryption.

Another IPC example is etypes, which is strict typed and simple. With this IPC you get what you requested or else an error. No half measures. But if you look at how etypes deals with RPC’s you see real beauty. Everything is properly defined and the paper itself is only 14 pages.

The problems with many popular operating systems are the extensibility, flexibility, backwards compatibility, the never ending search for raw speed, and hard- and software support. With well thought usable, secure and simple abstractions at least the “look and feel” could improve a bit.

Nick P October 20, 2016 2:25 PM

@ Gerard, ab praeceptis

Don’t Trust the Math

It’s just a start in the process of high-assurance. It has to be as vetted as anything else then proven to be equivalent with code and executable. Each step or property should also be human-reviewed, analyzed, tested, and pen-tested by diverse people to be sure the math specs properly represented reality. We then trust that process and deliverables assuming they were delivered with trustworthy distribution. 🙂

ab praeceptis October 20, 2016 2:59 PM

Nick P

You do not at all contradict me. Of course it must be made sure and verified that the code actually does implement the algorithm (plus some more, like e.g. that it doesn’t do anything else, that it does it not only under ideal conditions, etc.).

But still: Math is the basis. Without math the whole game is lost.

Now, we can, of course, discuss a lot about a lot of things. Examples are “Is the tool itself sound and verified?”, or, a funny derivate of a famous dictum, “Who verifies the verifier?”, or “Does separation logic really mail down all cases? How about, for instance, the fences assumption?”, etc, etc.

And those discussions are justified. After all, we’re only in early stages in quite some sub-fields and moreover our targets are moving; new version of many premises come up, etc.

Plus, many times the tools themselves are kind of stupid. Examples I often see are loop invariants. Or the fact that many tools simply don’t allow me to properly carry over my specs by, for instance, not allowing to properly spec. variables.

But turn it any way you like: Without math we are lost.

And from what I see it also offers us halfway cheap compromises. Example: Often times boundschecking is not even available or it’s turned off for performance reasons. Being able to math-verify my model, may allow me to go without boundschecking and still being sure that my arrays won’t overflow. I hinted at a (often) useful way recently by mentioning CLP.

Finally, when your real point is to say that implementation must match specification and algorithm or that the tools must perform properly or that the models must match the real world sceanrio, etc, then you should say so rather than headlining “No, don’t trust the math!”.

Clive Robinson October 20, 2016 5:31 PM

@ ab praeceptis, Gerard van Vooren, Nick P,

Trusting the math…

Is insufficient to get a secure system, but… it is probably the best place to make a start.

If you think about the software process it starts with an idea or need, becomes a specification and so on down to native instruction codes in memory prior to being taken into the CPU and translated into RTL and logic for the ALU to process.

Anything you do with math or any other formal method realy only applies at that level in the computing stack. It can not deal with active attacks at that layer or lower, nor can it deal with any error or attack at lower layers.

You thus get into the position where you can only verify down to some point in the stack and then “finger crossing” for the rest of the way down.

So unless you can find some mitigation stratagy for the lower layers you have to cross your fingers and pray to the gods of computing (which as there are none will not get you anywhere).

Which as @Nick P knows brings us back to voting protocols and signiture analysis, other probablistic tests etc etc…

Curious October 20, 2016 8:50 PM

How does Twitter use link shorteners?

It looks so weird to me. People post a normal looking url, and if I hover over it, I can see the whole url, but at the bottom left side in my browser I see that the normal looking url links to a shortened url. Why the hell for?

r October 20, 2016 8:52 PM

@Wael,

You joke about Tia practicing tao chi, I smile and nod because I know this to be true. I like @BS, but I will never be sure if you know what I know or if I am seeing imaginary goats in the pasture. I know there’s a subchannel I just haven’t been able to find it, no big deal I have alot of fun. Those who are not only watching can see my sincerity.

I’m not going to be around for a while, so don’t think I’ve been spooked. 😉

r October 20, 2016 11:05 PM

@Nick P,

How do your secure hardware explorations affect AI assisting chips?

Have you gave that a thought yet? the effects of subversion other than DoS ?

Figureitout October 21, 2016 12:07 AM

RE: chips
–This video does a good overview of the process in fabs for people not in the field: https://www.youtube.com/watch?v=NGFhc8R_uO4 He focuses a lot of size though, which is what seems to drive that industry (and I’m glad it’s going to stop around 7nm when Moore’s law ends, I’ll say it’s impossible and want to see the best engineers work on something other than shrinking components down to frickin nanometers).

CarpetCat
–What does the virtualized hardware eventually run on? There has to be something real it eventually runs on. Then, what are the issues w/ that architecture and can the VM be breached?

Thoth
–Looks slick but I wanted to recreate your setup to try and find if there was an unnecessary timing issue there (which is purely performance issue so not real critical). Looking though, think I’d want a different reader, just based on looks, let alone the actual specs. :p What I’m worried about is if the issue is buried deep inside java interpretation down to executable code, I’d just stop then trying to find the timing issue.

Re-evalutating how much I could do, since I’ve got other things lined up. Definitely going to buy a reader & card, play w/ them a bit, then open up the reader probably.

Mind doing me a favor, can you open the card reader and look at the ISO 7816 smart card interface chip? What one is it? This would help to track it down much quicker, maybe w/o using a scope. If I could compare it to others would be ideal too…So looking at this one: http://www.onsemi.com/pub_link/Collateral/NCN8025-D.PDF confirmed some of my fears, multiple settings for card voltage (may affect chip operation in strange ways, even though it has supply voltage monitoring) and for clock division (divide by 2, 4 or 8).

This TI one is even more complicated, probably most out of 3 I’ve seen so far. http://www.ti.com/lit/ds/symlink/tca5013.pdf Has clock dividers too in addition to much more stuff in chip.

And then Linear Tech makes one? Wtf…lol http://cds.linear.com/docs/en/datasheet/17556s.pdf What you would expect from Linear…more analog-like solution, less software. Less features, just get job done.

These look like yet another interface for another MCU. See this a lot of places, some interface chip that does whatever is necessary for comms protocol, and converts back to say i2c or serial, etc. for an MCU. Seems clunky to me, I’d rather just have MCU integrated in for a 1 chip solution. So comms would come in via USB from PC to an MCU (maybe another USB chip first), then go thru interface chip, then to smart card and then back the same way. No wonder there appears to be some delay. That may be why…surely designers have optimized for highest speed?

RE: extended length
–I would let that be a setting a user chooses, if you can do that. Best to have generic support for all smart cards if you want biggest uptake, IMO. What kind of benefits would the user see if you change the length? Faster speeds? More security?

Thoth October 21, 2016 12:39 AM

@Figureitout
I recently purchased a couple of that slick looking reader and I guess now I can afford to tear down that old and slow reader I was using previously. I will be putting up photo shots of the internals very soon once I have the time to grab my pliers amd screwdrivers.

I will post a link to my website which will be used to do a teardown on the reader.

The ExtendedLength is simply to read in more bytes to process the data faster and prevent too many round trips. I can try to support both types with and without ExtendedLength. Just need time to experimemt and code.

Thoth October 21, 2016 12:47 AM

@Chip level signature
Those are theoretical and nice to see work done on that. Like many theoretical work, they must be practical and ne deployable very easily and efficiently across multiple platforms.

So far I have not been aware of practical and deployable solutions as per the paper’s description. It can only be considered successful o ce it has at least one real world deployment with enough time spent on solving real world problems otherwise it is still paper theory.

It sounds somewhat harsh but reality as it is, implementing such a solution vs. just drawimg out a bunch of theoretical work is a stark difference as real world chip implementation may not be so straightforward.

The best way is to get some trusted chip and make do with it. If you can write protect and crypto or password lock it, all the better. Nothing much can be done.

tyr October 21, 2016 2:02 AM

@ Clive

I always thought the convenient manure pile was
the best part of the Prague episode.

As I recall it Gates and Allen were porting Dartmouth
BASIC rather than creating it from scratch. His
nasty letter to the hobby didn’t win him any fans
at the time and some of them never forgot his
shitty attitude.

@ Wael

It’s a joke, I say a joke.
One of the most hilarious of all since written is
supposed to record sounds to be played back in
your head by a trained neural module. Between
that and the nasty habit people have of mutating
meanings as they go along, things get harder to
even understand after a few years. My copy of
Spenser Faery Queene had to include a dictionary
in the back so the changed meanings were there
to use.

@All

The nanotech news had a nice article about the
way to do 3D printed electronics and was thrilled
about it now being the InterNet of Everything.
If IoT wasn’t enough of a disaster for security,
now you have to suspect every item of the same
set of problems. It’s called progress but I’ll bet
the advertisers and dataminers will use it first
followed shortly by our benevolent government.

http://www.nanowerk.com/spotlight/spotid=44821.php

Wael October 21, 2016 2:29 AM

@tyr,

It’s a joke, I say a joke.

I know. Just messin’ with you. I make the same kind of jokes 😉

Thoth October 21, 2016 2:36 AM

@Figureitout
re: Reader decap

I have managed to open the reader albeit damaging the casing a little and found a single IC chip inside. It is a Freescale JS16CFK4KTQAC USB 2.0 compliant MCU.

Smart card reader is a Feitian SCR 301 (a.k.a Rockey R301 C11 model for the modern naming convention) that has a SIM card and a smart card slot which you can read a SIM card and also a smart card since there is two physical slots.

It is a two sided board where on one side it contains the main circuitry and the other side only has a crystal oscillator and the main smart card reader slot without much circuitry.

Spec sheet: http://www.nxp.com/products/automotive-products/microcontrollers-and-processors/8-bit-s08-5.5v-mcus/8-bit-usb-js-mcus:S08JS

Github page with some weird binary blobs: https://github.com/FeitianSmartcardReader/R301

My website image folder for SCR 301 teardown: https://askg.info/img/teardown/cardreader/ftscr301/

My website image folder for SCM SCR3500 without teardown (tricky):
https://askg.info/img/teardown/cardreader/scmscr3500/

Smart card reader website: http://www.ftsafe.com/products/reader/Contact

Clive Robinson October 21, 2016 5:02 AM

@ Figureitout,

See this a lot of places, some interface chip that does whatever is necessary for comms protocol, and converts back to say i2c or serial, etc. for an MCU. Seems clunky to me, I’d rather just have MCU integrated in for a 1 chip solution.

It is clunky, but it’s a solution that is not going to go away any time soon, due to low volume production economics.

From a software point of view the lowlevel drivers for USB/CAN/I2C/Serial etc are already done, as is much of the middle ware libraries. Whilst device speed may suffer development time is much reduced, and it’s that which costs the big bucks on new technology deployment.

But on the hardware side getting production masks made for chip fabrication is quite expensive, likrwise royalty payments on standard CPU macros. Also the less complex the part the higher the yield etc. All of which are key factors in new technology development. Further the less “sunk cost” there is the less loss there is if the technology does not become a major contender.

Thoth October 21, 2016 6:47 AM

@Clive Robinson
Sadly the persom who wrote the post seems to not know the proper classifications to a good extent either. He said “Unclassified, Confidential, Secret, TS”. He is only 3/4 right. The first one is not Unclassified but Restricted. Restricted is by itself a clearance level that already requires the use of FIPS and NSA Suite B cleared algorithms. Restricted in itself allows flexible use of key size of around 128 bits of strength meaning RSA 2048 and AES 128. Restricted level of classification by itself already requires the use of 128 but encryption, let alone S and TS which requires at least 192 bits of key size. Usually at thw S and TS level, only NSA Suite A algorithms will be used. If it is unclassified, transmission and storage level encryption would be optional and Unclassified But Sensitive which is below Restricted has a recommemdation of at least 128 bit encryption with FIPS and NSA Suite B algorithms.

Clive Robinson October 21, 2016 7:00 AM

@ tyr,

I always thought the convenient manure pile was the best part of the Prague episode.

No doubt you know the parable of the “Frozen bird, the turd and the Fox” and it’s advice that sometimes being in it up to your neck is not necessarily bad, but singing about getting out of it could be 😉

Clive Robinson October 21, 2016 7:59 AM

@ Thoth,

The first one is not Unclassified but Restricted.

It certainly was back in the 80’s in the UK and many of the old dependencies and commonwealth countries. But…there was no Top Secret so U/R/C/S then “codeword named” was in use in the military. The US was different in that it had the broad clasifications such as “No Foreign” etc before codeword naming.

However the times change and prior to April 2014 it got upto the GPMS of (U)nclasified, (P)rotected, (R)estricted, (C)onfidential, (S)ecret, (TS) Top Secret. But due to issues there is now the ideas of GCSP of (O)fficial, (S)ecret, (TS) Top Secret, which supposadly makes everything simpler, however there was also Official-Sensitive slipped in to highlight “need to know” rules. But… ICT systems got exempted and should thus be built and used in accordance with existing guidance from CESG (with it’s TEMPEST, EmSec etc etc rules).

Just as with GPMS, GCSP will continue to use codewords, descriptors prefixes and nationality restrictions/caveats.

But GCSP is only for newly created document, so there are still the, old systems going back to the First World War and upto and including GPMS still running in parallel with GCSP… Simpler it is not.

But some of the Intell agencies work closely with partners in the Five-Eyes, NATO etc, thus there are hybrid/bastard systems as well to consider. The US will of course have similar problems.

I remember many years ago the sage advice of a seasond veteran, when asked about “local handling conventions”, after there had been a rule change, it was “How TF should I know, just treat it all as Secret named, it’s all locked in the safe unless it’s in your hand, in which case lock the bl**dy office door first.”

Thoth October 21, 2016 9:13 AM

@Clive Robinson, Nick P
A Classification Aware Computation System

I have been toying around with this idea for quite sometime and I thing I would just put it here.

The idea is build around Secure Execution Environment (as you know due to my background in Thales HSM with it SEE environment) and not to take into consideration of nation state interference since the end-users are after all nation states themselves and would probably not survive in civilian security markets.

SEE enabled tamper resistant chips are built into each computing device with differing processing capabilities but they will have and understanding of classification and roles.

Upon recipient of a command to transfer data to another device (i.e. for downloading, uploading or display purposes) , the security enhanced chip would evaluate the security level of the target device before releasing information.

One example is an encryptor attached to an organisation issued laptop and the encryptor has a classification of Secret and the laptop has a classification of Restricted. The encryptor would download secure emails and would first unwrap the outer layer of the encryption which would contain a clearance level and ACL roles. The encryptor knows that it is connected to a Restricted capable laptop via the laptop’s security enhanced CPU (i.e. Intel Trusted Execution or ARM TrustZone). Noting that TrustZone has capabilities to store cryptographic keys in it’s Secure World and Intel CPUs these days have a Intel Identity Protection Technology which is simply a reserved area within the Intel chip to store miscellaneous data which most people refer to as the “Intel Remote Access Backdoor” or the Intel AMT that is actually made to be “tamper resistant” (otherwise how would it be a backdoor if it ain’t tamper resistant) according to Intel whitepapers.

One of the methods of proving is via the laptop holding a private key in it’s Intel or TrustZone security enhanced memory and the organisation’s root CA issues a certificate with an additional field for classification levels which the external encryptor would negotiate with the laptop to provide it’s attestation certificate and a challenge-response to assert the security provisioned level of the laptop before further decrypting the secure email and feeding the plaintext into the laptop for use.

In the event an external device is plugged into the laptop to transfer the decrypted email (o.e. a secure flash device with baked in security chip) the laptop would negotiate for the attestation certificate and assert the external secure flash device is belonging to the same organisation and an acceptable security clearance before sending the plaintext email to the flash device for secure storage. The enabling technology for the laptop to attest the identity of the connected device is via chip level security applets (Intel have a API to load secure execution applets to execute and exist within a security enhanced partition of Intel (Intel TXT technology) and for ARM TrustZone there is the TEE applets) and also if possible, bake the security logic within the ROM/security enhanced EEPROM of the chip.

Using this method, every single connected device would have to attest and secure the entire chain thus the guarantee of not transferring information of a higher classification would be much stronger. If the connected device cannot proof it’s identity and classification, nothing gets through and this stops the risk of allowing classified information from being leaked.

This method is reserved solely for organisational and Governmental security purposes and not for activists, hackers, individuals or those who are concerned with issues of Government backdoors.

Ted October 21, 2016 11:53 AM

Microsoft recently opened a Transparency Center in Brasilia</a href>, which will serve Latin American governments and enterprise customers. The organization has also opened other centers, including a North American center in Redmond, WA in July 2014, a European center in Brussels, Belgium in June 2015, an Asia Pacific center in Singapore in October 2016, and a China center to be opened later this fall.

From a 2013 Microsoft blog post</a href> on government surveillance:

Increasing Transparency

“Just as we’ve called for governments to become more transparent about these issues, we believe it’s appropriate for us to be more transparent ourselves. We’re therefore taking additional steps to increase transparency by building on our long-standing program that provides government customers with an appropriate ability to review our source code, reassure themselves of its integrity, and confirm there are no back doors. We will open a network of transparency centers that will provide these customers with even greater ability to assure themselves of the integrity of Microsoft’s products. We’ll open these centers in Europe, the Americas and Asia, and we’ll further expand the range of products included in these programs.”

“Ultimately, we’re sensitive to the balances that must be struck when it comes to technology, security and the law. We all want to live in a world that is safe and secure, but we also want to live in a country that is protected by the Constitution. We want to ensure that important questions about government access are decided by courts rather than dictated by technological might. And we’re focused on applying new safeguards worldwide, recognizing the global nature of these issues and challenges. We believe these new steps strike the right balance, advancing for all of us both the security we need and the privacy we deserve.”

Here is a September 29th update from Microsoft that provides transparency information</a href> on their biannual digital trust reports, including their ‘Law Enforcement Requests Report’, ‘U.S. National Security Orders Report’, and ‘Content Removal Requests Report.’

Nick P October 21, 2016 2:53 PM

@ r

re subversion

Subversion of hardware can in theory be used to do anything that subversion of an OS might do. That includes DOS, leaking of secrets, hosting illegal content, sabotage of digital assets, insertion of criminal evidence against host, use of host as proxy in criminal behavior, social engineering of user, and so on.

re “affect AI assisting chips?”

I’ll need you to elaborate about what that question means. I’m not sure what you’re getting at.

Gerard van Vooren October 21, 2016 3:14 PM

@ skeptical (and the world),

Let me be clear. I didn’t mean to scare you off. We need different voices. We (whoever we are) aren’t always right. But you gotta face it. The world has changed. This is not the world of the big wrongs anymore. We are living in a corporate world today. And even the corporate world isn’t immune to criticism and “wrongdoing”.

We are living today in a world where whistle blowing still isn’t appreciated, no matter how wrong that is. Whistle blowing isn’t a good career move, but there are in this era really a lot of areas where people need to blow the whistle, regardless of the penalties.

What has been worrying me today is that South Africa wants to clear itself out of the The Hague court. The reasons behind it are probably self interest but you gotta face it: The The Hague court has been all about Africa. And to be precise, about African leaders. The rest, except Bosnia, is free of Western “wrongdoing”. This “exceptionalism” has been worrying me today.

How is it possible that clear war mongers such a Blair and Bush are still free men? They are responsible for at least one hundred thousand murders. Yet it’s really quiet in The Hague. So despite of the “self interest” South Africa has a strong argument. Where is justification in the West? It doesn’t exist, except for the common man of course. There is no “moral high” anymore. Iraq has dealt with that varnish.

Obama isn’t any better of course. That snake has at least thousands of killings on his name. He also likes to talk about torture and drone killings. He even makes jokes about it.

The next POTUS is quite sure a guy (m/f) who is corrupt. This guy fits really well in the corporate system where justice is an after thought, where whistle blowing is wrong and where The Hague is very far away.

If “the west” wants to restore its moral high, a lot has got to change. I am not talking about money, I am talking about moral high. Corruption, mass killing, exposure, treating whistle blowers as dirt. There is no moral high anymore. There has got to be a lot of changes to restore the trust.

r October 21, 2016 5:06 PM

@Nick P,

I know the architectures are just now coming out, maybe they’re like fpga’s ???

But can you subvert something that is complete, as in fully utilizing it’s package and packaged software.

It just seems to me that any “AI” filling gaps in processors will be filling large sections if not completely utilizing any die space, aside from say introducing leakage I’m not sure any sort of attack on code (not data) could interfere with something so “loopy”. Maybe a DoS? But a full co-ersion short of a complete reprogramming?

What I’m saying, is can we inject anything but data or as clive said with the “trapflag” attack do anything more than “slant” a fully utilized processor of wanton-intelligence?

Could we tell by watching the output looking for a drastic change you think?

I don’t know, it’s just a question – sorry to bother you. If it’s any consolution, I’m not “irritated”. 😉

DoS is wide; it covers input, output and access obv.

Skeptical October 21, 2016 9:20 PM

@Gerard: Have you read what has actually been leaked? It shows that Hillary Clinton is corrupt.

No, it didn’t. She showed an unnacceptably low level of understanding of what vulnerabilities her system of emails and servers might contain or develop; she showed a troubling inability to admit what was clearly a mistake to be one.

But corruption? No – despite the Trump/GOP machine spinning into overdrive to push that story.

The system is corrupt, that is what is going on here.

You prefer an alternative tax arrangement. I understand, but it’s not good ground for supposing the government corrupt.

Blaming Russia is wagging the dog. The real problem is the corruption that is present in both D and R. Maybe going Green is the answer here.

Russia is being blamed for attempting to influence the results of an American election, both via information operations, and via other avenues. It’s a serious red line; they crossed it.

It’s quite clear here you have no idea of what you are talking about. Again.

No, you’ve simply lost the thread. The person to whom I was responding raised such a prospect.

My point is that beyond a relatively low point in cyberware, it escalates into the uses of other means, at which point, though this is not an outcome anyone would want to envision, the US emerges much better off than its enemies.

So Russia is essentially stuck between traditional forms of espionage – which are fine – and more of these influence operations. The problem is that the US is much better able to handle open information than Russia – Russia, in a remarkable strategic blunder, has practically guaranteed the US will respond in kind. And the Russian Government is FAR more concerned about its secrets and the effects on the RG should they be published.

It’s as though Putin, in his zeal to find anyway to undermine democracy and score some points against Clinton along the way, neglected to take stock of all the pieces now pointing at his information, his history, etc.

So this is yet another strategic blunder for Putin, and one for which I expect he’ll pay a price.

King Henry III October 21, 2016 9:57 PM

Stick with the proxy wars gentlemen. None of us want to get hurt now, do we?

At a high level of generality, this too is familiar territory. This is a species of covert action, and there is little doubt that we have on occasion engaged in covert actions intended to influence foreign elections via information operations. In the current case, however, the Russian operation feels different in that (i) it involves hacking and doxing (thus touching on a host of issues generally associated with public anxieties about cybersecurity, including oft-repeated fears that we do not have clear rules or sufficient capacities in that area) and (ii) it targets not some third country’s political process, but our own (thus violating a holdover Cold War norm (or at least something the public perceives to be a norm) in which America and Russia would not do to one another some things that both might due to the other’s allies and proxies).

Skeptical October 21, 2016 10:03 PM

@ab: Moreover, in case it escalates to a conventional war Russia is clearly better positioned. Both can’t win a war against the other, both have some capability to attack the other (with usa having a strong advantage) but finally both will fail for basically the same reason: distance and logistics.

The United States certainly retains the power, in a conventional war, to destroy Russian forces. Really I doubt anyone outside RUssia who has looked at the matter thinks differently, and Russia own professional appraisals, if not politically influenced, would come to the same conclusion.

You reference distance and logistics, there is no military in history as practiced at deploying vast amounts of equipment and personnel across the world – the US has had decades of practice, often in or near combat zones. Frankly, I don’t think you understand how purposefully restrained the US has been in deploying its conventional forces to this point.

Air superiority over Russia would be achieved at higher cost than the US has assumed in previous air wars but within acceptable limits.

With a big fat “but”: the usa war machine is cruelly depending on modern c2 and Russia (as well as China) is in a good position to main that vital infrastructure.

Preparations have been long in the making – don’t mistake the state of security at a retail store for that of a theater commander’s communications system, much less the security of comms between flights of F-35s and F-22s.

And of course: the UAVs, only at a level likely hidden from the world until now.

Putin isn’t suicidal. He’ll avoid escalating to war, which means he can either continue the information game – which he’ll lose – or can consider ways of mending the damage before the response damage.

Add to that russian systems like Krasukha (EM warfare over large distances) and the fact that the usa will (for classical mil. reasons) have no chance whatsoever to establish air superiority over Russia.

Yes, the US will have no chance whatsoever to force Russia to light up its defenses at which point they may encounter something entirely unexpected, hurtling towards them with great precision and speed, and completely devastating upon impact. At that point the only question is who ousts Putin first: his own government or the United States, as neither will be pleased with him.

This would be a pointless war, and a bloody, though very unequal, fight. I predict confidently that Putin will avoid escalation to that point, continuing a trend of low-intensity, information warfare while attempting to undermine US policy in what it views as its near abroad.

But Putin may find that the strategies of yesterday have not worn well with time.

ab praeceptis October 21, 2016 10:59 PM

Skeptical

As usual, you don*t care about reality.Your uninformed statements are not worthy of a qualified answer.

Thanks btw for amusing me with your earlier remarks about clinton.

I’m looking forward to your exposé recommending rattlesnakes as pets for kids and warning of extremely dangerous pidgeons exploding the the faces of grizzly bears.

Ratio October 22, 2016 2:09 AM

@Gerard van Vooren,

We need different voices. We (whoever we are) aren’t always right.

Reading the comments, this attitude doesn’t seem to be particularly wide-spread. 🙂

This is not the world of the big wrongs anymore. We are living in a corporate world today.

What do you mean by that? You aren’t saying that the big questions in the world today are corporate and not ideological, are you? Because that sounds profoundly wrong. So what are you saying?

We are living today in a world where whistle blowing still isn’t appreciated, no matter how wrong that is. Whistle blowing isn’t a good career move, but there are in this era really a lot of areas where people need to blow the whistle, regardless of the penalties.

Appreciated by whom? Also, are you saying that the need for whistle-blowing is limited to this era and a lot of areas? (Which ones would those be, by the way?) If that is what you’re saying, why the restriction?

What has been worrying me today is that South Africa wants to clear itself out of the The Hague court. The reasons behind it are probably self interest but you gotta face it: The The Hague court has been all about Africa. And to be precise, about African leaders. The rest, except Bosnia, is free of Western “wrongdoing”. This “exceptionalism” has been worrying me today.

South Africa intends to withdraw from the ICC (International Criminal Court), not from the ICJ (International Court of Justice). Every country that is a UN member is a member of the ICJ, but about a third of them are not members of the ICC (including the following that are among the 10 most populous countries of the planet: China, India, United States, Indonesia, Pakistan, and Russia).

There is a dispute about South Africa’s refusal to arrest Sudanese president Omar al-Bashir when he was in South Africa last year. (You might want to read up on al-Bashir if the name doesn’t ring a bell.) This may have something to do with its plans for withdrawal.

While the ICC has so far, in all of its 14 years of existence, been mostly about Africa, the ICJ has not. (“Bosnia” has its own tribunal, the International Criminal Tribunal for the former Yugoslavia, also at The Hague.)

Which case(s) should the ICC be prosecuting that it isn’t?

What do you mean by Western “wrongdoing” and “exceptionalism”? (What is Western about it? Why the quotes? Isn’t crime the right word in this context? Then why the euphemism? Who or what is exceptional and how?)

How is it possible that clear war mongers such a Blair and Bush are still free men? They are responsible for at least one hundred thousand murders. Yet it’s really quiet in The Hague.

Just in case, you’re aware that being a warmonger (i.e. advocating war) isn’t a crime, yes?

You’re not terribly explicit about the actual crimes you think Blair and Bush have committed, so I’ll limit myself to asking you if you think they are the only people that are legally responsible the crimes you accuse them of.

As for the ICC and Iraq, you may want to read the letter the Chief Prosecutor of the ICC sent in 2006 in response to the over 240 communications concerning the situation in Iraq (10 pages).

Where is justification in the West? It doesn’t exist, except for the common man of course. There is no “moral high” anymore. Iraq has dealt with that varnish.

I don’t follow. Could you explain?

Wesley Parish October 22, 2016 2:53 AM

Glad to know you’re still alive and (relatively) well, S[k]eptical! Glad to know it wasn’t you your colleagues threw to the wolves in some park or other (and the wolves died en masse of cholesterol poisoning, leaving the park rangers infuriated.) Mind you, some of them also threw another colleague of yours under a bus in some foreign part – and the bus died of cholesterol poisoning too!!! Will wonders never cease?!?

Let’s see, the US isn’t guilty of “clean hands” when it comes to interfering in the internal politics of other states. Mossadeq in Iran; there was that case in Guatemala back in the ’50s; Chile in ’73; Vietnam from 67 to (roughly) 73 – anybody remember who Ngo Dinh Diem was? And Cuba – Batista was a creature of one of the big US sugar companies, IIRC; etc, etc, etc …

So, we have the Federative Republic of Russia accused of interfering with internal US politics? And we have the US declaring it an act of (cyber)war. At one and the same time we have a candidate of one of the parties asking said foreign power to do it again!

For all her unsavouryness, Hilary Clinton has not been reported as doing any such thing. So The Donald – during an alleged incident of (cyber)warfare – has incited said foreign power to commit more of the same. Clinton wins by default. The Donald’s party, the (US) Republicans, is discredited as being a party of traitors, and the US declines into one-party status, unless the Greens and the Socialists and the like get their act together.

I can’t see anyone in the US government doing anything other than imitate a hare caught by headlights on a Nebraska backroad.

And then we have the consequences to Europe of abiding by the unilateral US declaration that it is indeed war. Remember what happened when Europe decided to impose sanctions on Iran during the nuclear imbroglio? And Iran deciding, okay, we’ll see what we’ll see, and imposing its own sanctions on the export of natural gas to Europe? Keystone Kops, Laurel and Hardy, and Charlie Chaplin weren’t in it!

All a storm in a teacup, dear sir. The US will blink. Is blinking. It’s the only way to avoid becoming roadkill.

In the meantime, please ignore the colleagues who wish you to inspect the underside of the bus they’re just bought, and run like said hare on the Nebraskan backroad if they invite you to a camping trip in a national park. It would be tragic being the immediate cause for the extinction of the North American wolf.

Wael October 22, 2016 5:18 AM

@r,

I’m not going to be around for a while, so don’t think I’ve been spooked. 😉

Don’t stay away too long, now, or we’ll think you got spooked!

Figureitout October 22, 2016 12:56 PM

Clive Robinson
–Yeah, that’s ok. Even other protocols that must meet a standard for timing (well every protocol does, but we had to contract out a protocol implementation since we know of a few companies that got burned trying to implement themselves and screwed up the timing and that failure cascaded and blew up in their faces) and they did same thing, a driver chip, then a fat MCU to transfer comms onward or do other things. Not bad IMO, more flexible.

Sancho_P October 22, 2016 5:52 PM

@Skeptical

[Hillary] ”But corruption? No – …”
Right, what we heard was unacceptable, but didn’t show corruption.
However, to delete some “private” emails from an official’s mail account when facing FBI investigation is exactly what qualifies her for the US gov
– or suspicion of corruption?

”Russia is being blamed … they crossed [the line]”
To blame Russia is very similar to say “America is stupid”,
whether there is evidence or not.
This is the level of the US government (but it wasn’t yours until recently).

I guess publicly blaming a nation without showing any “evidence” is called slander, but I’m ESL, how would you call it?

If America had a leader as President he’d sit down with Putin and discuss the issue.
Sadly this is why some endorse the Donald.
What a joke (and personal affront to Putin)!

Fix (y)our “cyber” vulnerabilities, this would be a solution.

Skeptical October 22, 2016 7:18 PM

@ab: As usual, you don*t care about reality.Your uninformed statements are not worthy of a qualified answer.

Of course. And I will not answer by pointing out that even a casual comparison of the forces arrayed on either side shows that, while neither side would really “win” a conventional war (much less a nuclear one), the overwhelming advantage is on the US side. That’s simply a hard truth.

Nor will I point out to you that Russia is highly vulnerable even at lower levels of escalation. Its government is already issuing threats in response to the prospect of further sanctions; and while the US has refrained from providing lethal and sophisticated weapons to Ukraine or certain Syrian rebel factions, that’s something very easily changed. In the case of Syria it would likely be a mere matter of taking pressure off Saudi Arabia, the Gulf States, and Turkey, not to do so.

Nor would I finish by telling you that the above reasons are why Russia has every interest in keeping this contained to a level below that of conventional war, or indeed proxy wars. It would not be difficult for the US to roll back, by proxy, every one of Russia’s foreign adventures.

I’m glad we could agree on not answering one another.

@Wesley: And we have the US declaring it an act of (cyber)war.

The USG hasn’t called it an act of war. Instead the USG attributed responsibility to the Russian Government, and stated that it would respond, proportionately, in a time/manner/place of its choosing.

At one and the same time we have a candidate of one of the parties asking said foreign power to do it again!

Thankfully Donald Trump does not speak for any government on the planet. Indeed his own running mate has disagreed with him on this issue – and his entire political party has thoroughly repudiated his position (if not his candidacy, though most wish they could).

The Donald’s party, the (US) Republicans, is discredited as being a party of traitors, and the US declines into one-party status, unless the Greens and the Socialists and the like get their act together.

I think Trump is an act and brand unto himself. As I said, most Republicans have long since broken with him on the question of Russia, and in Congressional races the GOP candidates have essentially been told to do/say whatever they want about Trump.

He’s an embarrassment to the United States on the world stage, and certainly to the Republican Party on every stage. And most Republicans know it.

I can’t see anyone in the US government doing anything other than imitate a hare caught by headlights on a Nebraska backroad.

I think your perception of the willingness of the USG to act in this case is off.

You must understand the broad, bipartisan consensus that the US should and must respond. In fact, I would even call it broad, bipartisan PRESSURE on the President to respond. Obama is deliberative, careful, and cautious when embarking on a course without very clear contingencies and sequels – something Putin has exploited, whether by intent or by luck (or, most likely, some mixture of both). However Obama has been very willing to go offensive once matters are processed. The USG committed itself publicly the moment it made an official attribution, and likely did so secretly some time before.

Let me ask you this question Wesley.

Closed societies are terrified of information. They think themselves brittle; their leaders think their positions precarious; they undertake a variety of measures to control the media and suppress, brutally, dissent.

Open societies – such as the US, for all its flaws – are essentially inured to free speech from a vantage of stability. They have presses that thrive on, and report eagerly, any hint of scandal. It’s business as usual for them.

Who do you think has the advantage in a war of information/propaganda in the internet age?

This was a remarkable blunder on Putin’s part. He stayed true to the Cold War playbook, but failed to realize that the ease of information distribution allowed by technologies introduced since the end of the Cold War is a double-edged sword.

He quite literally picked a point of conflict where all the asymmetries favor the US and its allies.

And then we have the consequences to Europe of abiding by the unilateral US declaration that it is indeed war. Remember what happened when Europe decided to impose sanctions on Iran during the nuclear imbroglio? And Iran deciding, okay, we’ll see what we’ll see, and imposing its own sanctions on the export of natural gas to Europe?

No one has declared this war. Indeed my entire point is that Russia cannot take full advantage of weaknesses in the US infrastructure because that actually would lead to war. So the conflict must stay contained within certain domains and parameters. That’s the point of the USG statement re proportionate response.

As to Europe going along with a proportionate response – most European governments are eager to do so. They understand the importance, and they understand the protection they derive from an allied effort.

The US will blink. Is blinking. It’s the only way to avoid becoming roadkill.

Respectfully, you’ve completely misread the shared opinion of – as far as I can recollect – every influential policymaker that has spoken on the matter in the United States Government. It would also be radically out of step with US history to not respond to this, especially post-attribution.

@Sancho: I’ve lost track of the number of independent, well respected companies that have looked at the evidence and come to the same conclusion. As to the US sitting down for a discussion with Putin, unfortunately Putin has simply denied responsibility for it (just as there was no Russian anti-aircraft system involved in the downing of a passenger plane over Ukraine, just as there are no Russian troops in Ukraine, etc etc). So there’s not much discussion to be had. There are a variety of other things to do, however – none of which need involve violence, but all of which will deter governments from attempting such interference in the future.

Unfortunately not everyone is guided by the same norms. Perhaps someday, we’ll get there (for the most part). But until we do, the HOPE of arriving at such world must be defended by more than conversation.

Wael November 4, 2016 11:58 PM

@Clive Robinson,

Well things move on and this paper might be of interest to you…

Fascinating resemblance to your prison concept. I am not convinced this paper presents an effective counter malware mechanism in the real world. Interesting academic research paper, though.

Clive Robinson November 6, 2016 2:44 PM

@ Wael,

I am not convinced this paper presents an effective counter malware mechanism in the real world. Interesting academic research paper, though.

As has oft been remarked “Every journy begins with the first step”, even though it might be to the car door of a McLaren F1 or similar to gey there faster 😉

Where it fails is not realy in the idea but in the lack of instrumentation in the silicon. This I suspect will now start to change.

Because as @Nick P mentions, there are other ways to partialy deal with this issue. But they are insufficient to deal with all and this will eventialy become an issue, such is the nature of such things.

Thus as is oft the case the solutions will be hybrid in nature, finding a “sweet spot” where you get the best bang for your buck. This process could be speeded up significantly as it was in the auto industry with the likes of “lemon laws” and other safety regulation. Arguably such legislation actually saved the auto industry forcing it out of the “race for the bottom” “death spiral” it had entered into due to the short sighted behaviour of “bean counters” on first order risk analysis.

It’s funny you’ve given a link recently back to your comment on SPE using the wrong “bean counter” type risk analysis and why first order reasoning can be oh so wrong.

Wael November 6, 2016 5:37 PM

@Clive Robinson,

Where it fails is not realy in the idea…

The idea is good, but not complete. In its current state it could fail due to malware that mutates and adapts to fool the mechanism.

It’s not necessarily a bad first step. I’m reluctant to endorse any “signature-based” anti malware techniques – and this paper qualifies as “signature-based”. Something like codeDNA from Johns Hopkins will have better chances. A next iteration that implements the “algorithm” in hardware + other mechanisms borrowed from biology is more likely to be one of the leading mechanisms in the future.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.