Friday Squid Blogging: Whale Hunts Squid

A sperm whale has been sighted in Monterey Bay, hunting squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on November 4, 2016 at 4:41 PM • 142 Comments

Comments

SamNovember 4, 2016 6:12 PM

LastPass Everywhere is now free and you can access it on all devices. Previously you had to pay for the Premium Service.

https://blog.lastpass.com/2016/11/get-lastpass-everywhere-multi-device-access-is-now-free.html/

I don't trust LastPass since their acquisition but for those who need a cross-platform solution this may be for you. Even using a service like LastPass would be an improvement for the majority of people who don't use any sort of password manager.

It'll be interesting to see how other commercial password managers (Dashlane, 1Password, RoboForm) react to this news.

TedNovember 4, 2016 7:05 PM

IC3 Annual Reports

In order to promote public awareness, the Internet Crime Compliant Center (IC3) produces an annual report that aggregates data on internet-facilitated crimes, highlighting the trends and what they may represent in the coming year.

Over the last five years, the IC3 has received an average of 300,000 complaints per year, addressing a wide variety of internet crimes affecting victims across the globe.

Only an estimated 15% of the nation’s fraud victims report their crimes to law enforcement. Victims are encouraged, and often directed by law enforcement, to file a complaint online at www.ic3.com.

The most common internet crimes in 2015, listed in descending order, were non-payment/non-delivery, 419/overpayment, identity theft, auction, personal data breach, employment, extortion, credit card fraud, phishing/vishing/smishing/pharming, advanced fee, harassment/threats of violence, confidence fraud/romance, no lead value… the rest of the list can found on page 15 of the report.

Appendix I provides crime type descriptions.

Appendix II provides links to public service announcements alerting consumers of recent cyber trends.


‘Online Cyber Training for Law Enforcement First Responders'
https://www.fbi.gov/news/stories/online-cyber-training-for-law-enforcement-first-responders
The FBI is releasing training courses for local and state law enforcement to help teach them the methods used for cyber investigations.

Haters Gonna Hate Hate HateNovember 4, 2016 8:02 PM

https://surveillancevalley.net/blog/interview-in-german-magazine-konkret-about-tor-and-the-cult-of-crypto

Yet another smear article about Tor filled with half-truths and outright lies but since Bruce is now on the board he should at least have a feel for what the naysayers are actually saying. I don't have the energy to dubunk all the bullshit but this got my ire up:

Everything that you communicate on the Internet gets sucked up and filed away — not by the NSA, but by Google and Facebook. Tor does nothing to protect people from that. Tor does not prevent Google from scanning your emails or recording your search history.

The person who said those words is too dumb for words. How is it even reasonable to expect a browser to stop Google from scanning e-mails--it's as if the person doesn't understand the basic difference between client side and server side. Further, Tor is the best browser that exists for stopping Goggle from recording your search history. Stopping corporate surveillance is the one thing Tor is best at. The whole interview is mind-boggling in just this way.

ThothNovember 4, 2016 8:29 PM

@reassured
re: Cisco's IOT Security Certification

This is one of the biggest jokes I have ever heard. Cisco whose ASA products that have been vulnerable to Shadow Brokers

Always vulnerable Linksys routers and other possibly vulnerable Cisco products.

My recommendation is they clean up their Cisco product security first before they start to "certify" and bother in oher's security when it can't even handle it's own. Cisco's security certification is yet another joke in the security industry. I wonder how much more vulnerabilities would still persist ir even introduced by these so-called certifications.

A hint to come is expdct even more vulnerabilities with such certifications as they complocate the already fragmented, weakly secured and vast IOT range of products with so many standards that no one can agree on. IOT security in itself or I should say IOT is a joke.

GrauhutNovember 4, 2016 9:20 PM


Someone should tell all these cyber hillbilly rednecks out there that this world belongs to us, the hard working people and not to them and all the other parasites sucking our blood out...


"U.S. military hackers have penetrated Russia's electric grid, telecommunications networks and the Kremlin's command systems, making them vulnerable to attack by secret American cyber weapons should the U.S. deem it necessary, according to a senior intelligence official and top-secret documents reviewed by NBC News."

http://www.nbcnews.com/news/us-news/u-s-hackers-ready-hit-back-if-russia-disrupts-election-n677936


This dadaist "election" with a choice between a resurrected zombie from a 80s c movie from outer space and the crystal driven (half) living incarnation of the worst possible conspiracy theories is not worth fighting for!

This is MAD.

And we should get mad now.

https://www.youtube.com/watch?v=rGIY5Vyj4YM

MatthewNovember 4, 2016 10:39 PM

@All

You can currently buy 1 year of LastPass premium and CyberGhost VPN subscriptions from Humble Bundle right now for about $7.59. (Latest update of average price. Damn you mac users for paying so much above average.)

Has anyone here use CyberGhost before? Some comments on Reddit says that the humble price is definitedly worth it.

Nick PNovember 4, 2016 11:05 PM

@ Grauhut

You and others wondering about the lunacy of the Trump phenomenon might find this article interesting. I'm geographically at a spot with lots of different people with more Trump supporters than most areas. I was in rural areas a lot of my life. The article seemed more spot on than most. Can't remember if I posted it her or not but the relationship between the left and rural right is worth remembering in these things.

Note: My area & even family helped a lot of refugees from Louisiana and Mississippi as the author describes. Just like author describes, media almost entirely ignored all the rural people in coverage who were a good chunk of our refugees. I vouch for that & hate of snobbery particularly.

Wesley ParishNovember 5, 2016 4:33 AM

@Grauhut, NickP, et alii

If so it's an exercise in pitting various forms of inequality against each other instead of against the system. This electoral farce, that is.

I'm tempted to quote MacBeth's speech on the death of Lady MacBeth: full of sound and fury, signifying nothing; I suspect many a future historian will do so anyway.

Meanwhile Donald Trump scares many a foreign observer ... Uri Avnery for example:

The Last Trump
ht tp://zope.gush-shalom.org/home/en/channels/avnery/1457104627
The Orange Man
ht tp://zope.gush-shalom.org/home/en/channels/avnery/1469744450/
The Lesser Evil
ht tp://zope.gush-shalom.org/home/en/channels/avnery/1478265224/

I trust Uri Avnery's assessment.

And yes, inequality does qualify as a security issue. And yes, I've independently considered that spreading education and opportunity world-wide is going to prove vital for humanity's chances of survival, so I agree wholeheartedly with David Wong's other article.
ht tp://www.cracked.com/blog/5-helpful-answers-to-societys-most-uncomfortable-questions/

So ... Why be satisfied with the lesser of two evils!?!? Cthulhu for President!!!

rNovember 5, 2016 7:22 AM

Grauhut,

I feel ya, but how are we going to disarm the world?

Hugs don't disarm weapons, they catch tanks and police batons in the grill.

rNovember 5, 2016 8:05 AM

Man, I'm so excited about the future... Intel is going to be selling festive fourth of july clothes for robocop to win the hearts and minds of children everywhere.

July 5th those same drones will be eavesdropping on your weed gambling and sex party from 200ft in the air with silent blades a couple shot spotting parabolic microphones and god only knows what after-market chipset and antenniii paired.

It's a bird! It's a plane! It's a classified death ray duh.

Don't have a heartgasm bro.

albertNovember 5, 2016 11:35 AM

A plethora of new articles on the FAS website https://fas.org/blogs/secrecy/ :

"You Could Look It Up: DoD Dictionary Updated"

"Challenges to Election Law, & More from CRS"

"CIA Releases Draft History of Bay of Pigs"

"Invention Secrecy Increased in 2016"

"Intelligence Spending Increased in 2016"

. .. . .. --- ....

rNovember 5, 2016 1:55 PM

@VPN Dude, (CC: All)

Yanno, I was wondering **who** runs that site as it's usually a good thing when you can direct your flame mail to a real live person accordingly, BUT:

"Detailed VPN Comparison Chart
PLEASE BE PATIENT AS IT MAY TAKE SOME TIME FOR THE SHEET TO LOAD"

That could remain an indefinate problem seeing as the tabulation is ran in what seems to be client side javascript.


@All,

What we need, aren't script blockers... but signed and sealed scripting modules and libraries.

rNovember 5, 2016 2:07 PM

@VPN Dude,

Site gets a +1 (from me) despite the -1 previously mentioned for having a colorblind-friendly chart.

Gunter KönigsmannNovember 5, 2016 4:13 PM

This week the German government has decided upon a law that exactly defines what it's secret service is allowed to do in the internet and what it isn't allowed to do there.

As this setd the limits it is a step forward not many states did go until now. But the limits are wide enough that they shouldn't hinder the secret service from doing anything they already did and the new law explicitly allows things the secret service wasn't able to do until now since there was no law that allowed to do them, like listening on the big network node in Frankfurt.

Slime Mold with MustardNovember 5, 2016 4:39 PM

@Grauhut

I saw that article too and was pretty unhappy/confused until I realized that it has two of the same three authors that produced this piece of drivel ( CIA prepping for Possible Cyber Strike Against Russia ) that I asked about on the Squid Thread three weeks ago.

I beleive both articles rest somewhere between hysterical exageration and outright fabrication. I note the topic has not been picked up by other outlets as one would expect.

@ Nick P

Nice link. There are more academic treatments of the phenomena, but they are not more accurate.

25 years ago, I lived atop a high rise with three floor to ceiling vistas; The sun rising over the water to the east, a world famous skyline to the south, and live episodes of COPS - Shots Fired to the west. We couldn't let our toddlers out, I had to carry a pistol to get milk.

Since I travel so much, I realized it didn't really matter where we lived, so we headed for the woods and have never regretted it. Sometimes we hear distant gunfire at night - because we have poachers around here.

Lill ByrdyNovember 5, 2016 5:51 PM

@Sam Re: LastPass

LastPass becomes "free", after a merger with Logmein, which in turn merged with Citrix, and they are now giving out their neat little program free.

I assume there is a revised privacy and security policy, right?

Let's cut to the chase: No, you cannot under any circumstances trust LastPass at this time or maybe ever. The temptation to dip into the data pot is strong for companies consumed with merger mania.

However, here's a good password keeper, that's also free, called Password Safe at this site: https://pwsafe.org/

Passwords and keys are stored locally, no need to transfer your passwords to a corporate cloud looking for ways to find a profit from your data. Works reliably all the time.

The guy who wrote Password Safe is quite trustworthy. I think he hangs out here...his name is on the tip of my tongue. A famous kung fu guy and him have the same first name.

Oh, who could could he be?

NeiHuemNovember 5, 2016 6:02 PM

With the massive increase in "security" budgets, with the massive increase in surveillance in the name of "security" - how come this?

As killings surge, Chicago police solve fewer homicides

In 1991, Chicago police solved about 80 percent of all homicides in the city. Last year, the rate dropped below 26 percent, the worst clearance rate for police in any large American city, a Post analysis shows.


(Washington Post article)


What actually is "security" meant to be about?

ThothNovember 5, 2016 7:26 PM

@Lill Byrdy, Sam
re: LastPass

I am still bewildered by the fact people are still trusting an untrusted service like LastPass. It is like handing out your passwords for free to someone to escrow your account.

Networked password managers are only suitable for organisations where a centralized password manager is needed as it is assumed that all passwords stored in a networked password manager is the property of the organisation. Whereas for most of us, a network password manager if used would be the property of whoever controls the central database.

Claim 1 - LastPass password transformation (PBKDF2-SHA256 and password database decryption) are not done on LastPass

How sure are the codes executing don't on client side and not done on the user's side and to ensure the codes are not tainted ?

Claim 2 - LastPass only stores PBKDF2 hashes for authentication.

The PBKDF2 hash itself is sufficient to allow bruteforce for whomever have the password hash. Despite PBKDF2 likely taking years on a normal CPU that have not been optimized or networked into a farm (think of Bitcoin miners) or even loaded onto specialized ASICs/GPUs or super computers (up against power nation states that have stole or were offered the password hashes), technology is advancing and PBKDF2-SHA256 simply doesn't cut when instances that could handle better hashing (Argon2, BCRYPT, SCRYPT) were not being used. Hashcat as an example can also be used to bruteforce by simply downloading the program although it will be more effective if cheaper Bitcoin mining ASIC and GPUs or even specialized SHA256 ASICs found in Bitcoin mining hardware can be put to work and all of a sudden, it would simpply take seconds on networked specialized ASICs to work on a single hashed password.

Therefore, even if you store only just password hashes, you are pretty much done for anyway as now your master password hash is with someone and they can hand it over to others. What is going to stop them from bruteforcing your password and handing the hashes out or leaking them to more capable adversaries ?

Better off to use an offline password manager and even better if they have hardware protection (i.e. Mooltipass).

ab praeceptisNovember 5, 2016 8:37 PM

Thoth

Isn't your judgement somewhat too harsh?

Entering ones password on an iphone or android (fail), having it (doubtfully) hashed by some javascript thingy (fail) in ones browser (fail), then sending those data through an "ssl secured" (fail) connection via nsa infested networks (fail), owned by corporations know to happily cooperate with nsa, fbi, etc. (fail) to have them stored in a cloud (fail) operated by yet another nsa,fbi etc. infested corp (fail) possibly having it's infrastructure outsourced (fail) and next to certainly built upon the idiocy du jour like "cloud on serverside javascript rails" (fail) to then have that cloud corp send your password hashes across the internet again and again (fail) - sound just brillant and very solid, no?

What could possibly go wrong? Oh, I see, you are worried that symerski hasn't yet an "internet AV scanner" on offer. Yes, that's indeed worrisome. Evil Russians might infest ones password with cyrillic letters, oh gosh, now I'm frightened.

symerski, we need you! Give us a cloud-AV and an internet-AV. Plus: I demand golden symerski "AV-checked" stickers for ISPs and cloud hosters!

[Note: Replace "symerski" by any snakeoil vendor of you choice].

Oh, and if I may have a timid little question: How can they give me my password when they say it's hashed but some site in my browser needs not the hash but the password?

Did Bruce Schneier and all the other crypto people lie to us when they explained that hashing is one-way and can't ne reversed?

symerski, I demand a "secure hash reversal" product from you, too! Plus a sticker of course. For only 59$ a year. Where can I order?

I don't trust em cloud corps. They don't have golden "secure" stickers. me not stupid. I know that real security comes with a golden sticker!

Jennifer Rodriguez of J'BergNovember 5, 2016 9:23 PM

@ Sam @ Matthew @ All


stay away from Lastpass. Not only does it break the rules of OpSec by hosting ones passwords on an server - this was demonstrated by the major breach of its data recently. Quite ironic for a 'store everything in one secure place' service to be majorly compromised, don't you think? Are you trolling?

Key Pass is the FOSS password manager to turn to. It even has entropy generation. although Bruce has a password manager apparently, I've not used it.

@r, @ Matthew, @ VPN dude

someone posted a really good article from - was it Ars Technica - on Friday squid a couple months ago, about VPN comparison. They set out trying to find the best one and went into a lot of detail explaining how they work, misconceptions, and came to the conclusion that they don't work as we think they do and are in fact best avoided most of the time as the author couldn't find a VPN that met all of the required criteria for optimal functionality

I just don't know how to use the search function to locate the comment post with the website. I did try.
It's something like 'how to choose a VPN'

by the way @R - appreciate your style & candour. Nice character virtues I've observed over time. Must be said, lot of mature , empathic & aware cats on this comments section ;-)

ThothNovember 6, 2016 12:14 AM

@ab praeceptis
A very gentle judgement you have there. Hopefully a gentle or harsh remimder to people to not touch cloud password managers wouldn't work anyway. Marketing is the key. Just mass produce golden blinky stickers and ditribute them ;) .

GuyNovember 6, 2016 5:15 AM

As far as I know, no breach of LastPass has resulted in any password compromise. Also, a cloud storage service like LP is for some people a must. For me, either the passwords are synced across my phone and my laptop, or I have to remember them. I use my phone as frequently as my laptop.

With a strong enough master password, and assuming that I can trust LP, I don't see why it would create such a risk. And subverting their extension's code to only encrypt passwords server-side would have a good chance of being discovered, and putting them out of business quickly. Which is why I trust them : it's too risky for them to do that.

For now, I stay with LastPass, because it's the least bad alternative.

SamNovember 6, 2016 5:42 AM

@All

Bruce's password manager, now maintained by somebody else, is an excellent open source password manager as is KeePass which is regularly updated.

The problem with offline password managers for most people is the multiplicity of devices that they access their services through. They might have a Windows PC, an Android smartphone and an Apple tablet. None of the major open source password managers support decent cross platform integration - they make attempts at it but fail miserably.

If you've got extremely sensitive information then offline is the way to go but for John and Jane Doe they're too clunky for everyday use. We need to consider what 'normal' people use password managers for: their online email account, bank accounts, shopping sites etc. Almost all of their stored passwords can be changed via password reset functions on the respective merchants' website.

It doesn't make sense to limit yourself to one device (an offline password manager) as it'll encourage using weak passwords so they can access their favourite sites on the go.

Assume John and Jane Doe have some very sensitive passwords; they could use an offline password manager for that purpose and online password manager for everything else. But, as Bruce has often said, if they're against nation state adversaries... "if they want in, they're in" which makes the argument against online password managers very weak.

JG4November 6, 2016 5:49 AM


@Slime Mold

when I was a toddler, we lived in beautiful downtown Newark. I always wanted to go outside, but couldn't understand why my folks didn't. one night a car burned outside. I don't think that anyone came to put it out, because it was there for days or weeks after. as always, appreciate the high level of discourse. I missed if anyone mentioned compromised hardware this week, because you can't trust the results if your software isn't driving the bus.

@NeiHuem

Chicago looks pretty good compared to Mexico, but then we don't have any evidence that Eric Holder was shipping guns and money to Chicago

http://www.aljazeera.com/indepth/opinion/2016/10/murder-rate-mexico-161031122439604.html

I'll skip over all of the evidence that the situation in Mexico is exactly as the profiteers in the fever swamp and the rigged casino want it, because they are profiting from all sides of the trades. speaking of guns and money, it would be interesting to look at murder rates in Arkansas before, during and after the airlift of cash, cocaine and weapons. managed by the same oxygen thief whose fingerprints are on everything from Watergate to the prison labor camps that Walmart uses. Hillary is his business partner.

DanNovember 6, 2016 5:56 AM

Here's an excellent primer of PBKDF2 and how 1Password use it (PBKDF2-HMAC-SHA512) for protecting their users passwords:

https://blog.agilebits.com/tag/pbkdf2/

Key quote:

PBKDF2 isn’t perfect. Most importantly, it can only go so far. We can reach a point where even tiny improvements to a password (say, just adding a digit) can offer far more additional protection than adding extra strength to PBKDF2.

For example, adding a single random digit to the end of a password will offer as much as going from 30,000 PBKDF2 iterations to 300,000. And the latter can do real harm in making legitimate decryption too slow.

Increasing the number of PBKDF2 iterations does not change the Attacker/Defender ratio at all.

ab praeceptisNovember 6, 2016 6:45 AM

Funny misunderstandings around.

PBKDF2 is certainly better than pretty any password, unless one chose one with *many* characters (in the programmers sense, i.e. incl. digits, punctuation, etc.).

Simple reason: Not only are common hashes way longer than common passwords but they are also way more random.

The other part in those ratchets (usually KDfs) the number of rounds, as some describe it, serves a completely different puropse, namely that of driving up the cost to use rainbow tables, or to otherwise crack password hashes.
It works (in good cases like Argon2) by very considerably driving up the memory and computing cost. The "rounds" are not just rounds but rounds designed specifically to be expensive, not to be parallelizable, not to be easy for GPUs and ASICs, etc.

The problem with cloud based password managers is somewhere else, like in lousy javascript running in gigantic bug heaps called browsers and, worst of all, it's in trusting a third party with all ones keys - usually a not at all trustworthy one, at that.

My suggestion for fans of clous based password managers is hence to go the full way and to use voice recognition and/or fingerprint readers at their local end, too.

Or, to make it much simpler, to use 1 single password for everything and to simpley write that one on a sticker attached to ones monitor. The security level is about the same cloud based password management, haha.

Maybe nas and fbi should open a free cloud based password service and put a nice fbi "secure" logo on their website. I'm sure they'd need serious rack space in no time.

Kee TapperNovember 6, 2016 6:45 AM

@Jennifer

I think this is the article you referenced:

"The impossible task of creating a “Best VPNs” list today"

http://arstechnica.com/security/2016/06/aiming-for-anonymity-ars-assesses-the-state-of-vpns-in-2016/2/

I read it too and found it a bit generic: 'they're all no good' with the solution being leasing your own server to install a roll your own VPN. I would guess OPSEC becomes a problem there...one oopsy and you are had.

The fact that NSA/FiveEyes/FBI doesn't complain about the "going dark" value of retail vpns suggests they are borked every which way by world governments. I suppose your ISP or the selected website might get fooled, unless there's a dns leak, which many have, but that's about it.

As always, those who want a relatively anonymous and secure connection should use TOR, although I wonder about that sometimes, too.

ThothNovember 6, 2016 6:49 AM

@Guy

"As far as I know, no breach of LastPass has resulted in any password compromise"

This is a dangerous statement. How would you know no one was compromised from leaked LastPass db ? Comprises can go under the radar for a long time before surfacing.

ThothNovember 6, 2016 7:10 AM

@ab praeceptis

"PBKDF2 is certainly better than pretty any password, unless one chose one with *many* characters (in the programmers sense, i.e. incl. digits, punctuation, etc.)"

My latest method for creating a new login passowrd is to simply use a CSPRNG and spit out a random (256-bits) and hash it for more than 100,000 times via SHA-256 and then directly use it for login (not going to convert to other formats). That gives you an easily forgettable 64 byte UTF-8 string (because I directly apply it as a string format).

Good luck guessing :) .

Oh, and I store it in a password database I hand coded myself.

"My suggestion for fans of cloud based password managers is hence to go the full way and to use voice recognition and/or fingerprint readers at their local end, too.

Or, to make it much simpler, to use 1 single password for everything and to simpley write that one on a sticker attached to ones monitor. The security level is about the same cloud based password management, haha."

Use password is 'password'. Very easily memorized :) . Oh and for those login with strength checkers, open a dictionary of compromised passwords and look for a compromised password that looks easy to remember and looks "strong".

Public cloud password managers are a joke when they store your password hash and claim they cannot crack it. It's a total lie anyway. A bunch of Bitcoin miners that support some SHA algorithms and it's over. Looking back at the history of crypto, DES was claimed to be strong and there came the EFF's DES Cracker that make DES look stupid. Cracked by a non-Govt Org and funded from the pockets of EFF supporters (a.k.a civilians). You don't need to be a Govt Org to have a crypto cracker. You just need to drive down the cost of ASIC, GPUs or even FPGAs and it's pretty much over.

The fact that Bitcoin miners are a good example of SHA hardware accelerators and anyone willing to purchase a bunch of these to hook them into a Bitcoin farm and re-purpose the bunch of SHA accelerator hardware chips would probably be able to get something done out of PBKDF2.

There will be people who will claim that all these a paranoia but security and crypto research have always shown the opposite. It is always better to be paranoid that be pwned and owned on a daily basis by making the wrong choices.

Link: https://www.bitcoinmining.com/bitcoin-mining-hardware/

JG4November 6, 2016 8:44 AM


@ Kee Tapper

"As always, those who want a relatively anonymous and secure connection should use TOR, although I wonder about that sometimes, too."

Clive did a great job of explaining some weeks ago why TOR is flawed at the concept level. I thought it was in this squid post:

https://www.schneier.com/blog/archives/2016/09/friday_squid_bl_544

except that I can't find it. There are some other good critiques of TOR in the comments that week. I'll say it again, it doesn't matter what OS and network connections you use if the hardware you are running was compromised before manufacture, from the router all the way down to the CPU and hard drive.

I have related before that the spook rat bastards reflashed my BIOS and disk drive firmware for my thought-crime of running TOR. At this point, I'd be happy if I could just reset those and lock them down.

With the right safeguards, the spying would be a good idea, but it is difficult to conceive, much less actually implement, appropriate safeguards that would make a system robust enough to produce good results, even when operated by liars, thieves and murderers. The US Constitution was an admirable effort in using checks and balances. Hillary is the epitome of that system.

MatthewNovember 6, 2016 9:01 AM

@All regarding LastPass

Thanks for the comments.
My main interest is in the CyberGhost vpn subscription in the LifeHacker humble bundle mainly to bypass geoblocking and censorship. The LastPass is just one of the extras included in the bundle.

There are so many websites eg. MOOCs, online stores, forums, etc that require a login account. I think I will use LastPass to keep track of these websites that I sign up. Definitely I will NOT use LastPass or any cloud to store my important credentials to emails and Facebook.

I am very glad Bruce does not require a login account just to comment here.

@Jennifer Rodriguez and Kee Tapper

Thanks for the links. I have forgotten the Ars article about vpn.

Rodney DangerfieldNovember 6, 2016 9:18 AM

I'm not ordering any coffee cup for my mug from wikileaks, they claim to be 100% lead and cadmium free but I don't see anything as to their polonium content.

Clive RobinsonNovember 6, 2016 1:02 PM

@ Haters...,

Yet another smear article about Tor filled with half-truths and outright lies

Is it the message or the messenger Yasha Levine that is getting you so worked up, you are not reading the article for what it says?

For instance you give this as a quote,

    Tor does nothing to protect people from that. Tor does not prevent Google from scanning your emails or recording your search history.

Which is correct for anyone who uses Google services which Yasha Levine did point out originaly was the context of what he was saying. If you chose to use any of those big company services on their servers in plain text then of course they will hover it up and use it. It's something that most of their users don't appear to either grok or care about.

But you chose instead to say this,

The person who said those words is too dumb for words. How is it even reasonable to expect a browser to stop Google from scanning e-mails--it's as if the person doesn't understand the basic difference between client side and server side.

Tor is not a browser nor is it a server it's a virtual network running on node hosts.

The Tor bundle contains a browser that has a number of issues that enabled various people to uncloak users, which --apperently only-- with hindsight was not unexpected (though others had been waving big red flags for a long time prior to that). The problem with web browsers and other client side software is that most are beyond any individual to comprehend to a level to say if they are secure or not because of the level of their complexity.

As for the other technical points Yasha Levine talks about there is nothing there that many others have not said before.

I can not talk about the EFF and Tor managment and social responsability issues Yasha Levine talks about. Because like most I have no first or second hand knowledge, only what various people have said fifth or even sixth hand and the repeating of which would not even be classed as opinion just rumour spreading or even trolling.

All I can say is that stories of sexual misconduct makes newspaper headlines and has often been used as a weapon of political and espionage warfare at all levels for centuries. As does stories of bribes, cronyism, patronage and coverups of all such behaviours.

As for Tor being in receipt of "Money from the Man" which in turn comes from "The tax burden" and also Tor being a "Defence Contractor" it appears to be true, but then the same applies to those who supply food, stationary, furniture and computers to the US DoD... You have to known a lot more about what is in the contracts before you can realy make judgment.

One thing Yasha Levine did not bring up when talking about Tor was why the US and other Five Eye countries such as the UK and Australia have such advantages over others when it comes to uncloaking Tor users. It's the issue of "choke points" and what that gives them in the way of monitoring Tor traffic not just from the gateways but nodes as well. It is a major weakness of Tor and one that Tor has made no apparent effort to mitigate, similarly the other well known issues that aid traffic analysis.

Personally I don't use Tor nor am I ever likely to, it has little to offer me, because I don't have interest in what is reputed to be it's major traffic load, nor am I involved with the clandestine side of political intrigue.

As for secure communications, I know sufficient from practical experience to know that whilst Tor can give those who are extreamly knowledgeable, thus skilled and carefull both secure and anonymous communications, that is not true for the bulk of it's users who just do not have the knowledge to give them the skills required.

You could liken Tor to the early days of aircraft, most crashed or burned till improvments in knowledge gave rise to improved systems and training in how to use them more safely... And only then with the help of the worst war to that point in history did aircraft get to the point of being of major use.

TedNovember 6, 2016 1:14 PM

November is “Critical Infrastructure Security and Resilience Month.” (#CISRMonth)
https://www.dhs.gov/cisr-month

According to DHS’s website, DHS’s National Protection and Program Directorate's (NPPD) Office of Infrastructure Protection (IP) leads the coordinated critical infrastructure effort; the department works with critical infrastructure partners to implement the mission of the National Infrastructure Protection Plan (NIPP).

Per DHS, there are 16 critical infrastructure sectors. They are listed here:
https://www.dhs.gov/critical-infrastructure-sectors

This month four themes are being highlighted. They include 1) the interdependency between cyber and physical infrastructure 2) tools and resources available for small and medium-sized businesses 3) public-private partnerships and 4) innovation and investment in infrastructure resilience.

DHS provides free tools and resources for the community here:
https://www.dhs.gov/hometown-security

Additional news, efforts, and resources can be found on Twitter @DHSgov #infrastructure

A Twitter chat session was held on November 3rd to allow groups and individuals to share information about protecting critical infrastructure. A transcript of that chat can be found here:
https://stopthinkconnect.org/blog/chatstc-twitter-chat-building-cyber-resilience-in-critical-infrastructure

Haters Gonna Hate Hate HateNovember 6, 2016 1:55 PM

@Clive Robinson

Which is correct for anyone who uses Google services which Yasha Levine did point out originaly was the context of what he was saying.

A context which is a false premise. For no one uses Tor to prevent e-mail scanning because Tor is not capable of preventing e-mail scanning nor designed to prevent e-mail scanning, and this is true whether one is referring to Tor itself or Tor Browser bundle (TBB). You harp on this distinction but in this context it is a distinction without a difference because neither can do what Yasha claims they should be capable of doing.

The problem with web browsers and other client side software is that most are beyond any individual to comprehend to a level to say if they are secure or not because of the level of their complexity.

This proves too much because it applies to almost every piece of computer software from the bios to the OS to the applications. A criticism of everything is a criticism of nothing in specific.

As for the other technical points Yasha Levine talks about there is nothing there that many others have not said before.

"technical points" which were as slanderous when they were first stated by others as they are when repeated by Yasha.

ab praeceptisNovember 6, 2016 4:30 PM

Clive Robinson

It should be obvious by now. (Most) tor fans are not interested in facts; it's an emotional and social issue for them. Rather than being glad to get pointed at facts by helpful knowledgable people like you, they perceive your remarks as an attack.

tor traffic many times intercepted? Many tor nodes, particularly exit nodes, under dubious control? People using tor being arrested? Doesn't matter to those who *want* to religiously believe in tor.

But it goes much deeper. Some of the good and nice tor people (like some of the good and nice mozilla people and others) are more or less visibly related to people like soros, and even to organizations quite close to nsa, cia, ghcq, etc.

There will never be such a thing as secure and confidential communication for the people. The internet is *said* to serve that purpose (at least inter alia) but is, in fact, quite probably the contrary.

Let's be reasonable and cold thinking for a moment. No state likes real freedom for their people. Each and every state has it written down in law, albeit worded looking positively. Things like "the untouchability of the private sphere" sound nice but simply mean that outside your house you are fair game. And even inside your house you are fair game if any state agent pleases to assume that you are possibly not a perfectly law-abiding citizen.

Moreover the internet was a darpa project. darpa is a mil. agency and since millenia the control of information and communication has been impregnated onto the genes of mil. people. It seems ridiculously blue-eyed to assume that those mil. people ave let go some of their holiest principles for the sake of freedom and blabla.

Whenever mil. (and in extension, spooks) is involved there is a simple "law" applied, and that is the law "we can communicate securely and confidentially and all other can not. Moreover we can control the flow of communication, the confidentiality, etc.".

To look at that from a democracy perspective is just nonsensical. If one really, seriously wanted to limit the mil. and security agencies, one might as well resolve them. They *need* that to operate; it's not a political issue for them but a simple precondition to perform their work.

Many are shocked at how they lie and that they do not seem to understand liberal values and the need of citizens to communicate freely, etc., plus it's even written in the laws. What did they expect? Did they expect that politicians write into the laws "Dear people, mil. is about killing others and preferrably not getting killed oneself" or "dear people, our enemies don't have the politeness to always attack in formally correct ways and from far away, hence we *must* include all possibilities"? Hardly (at least not in language normal persons could understand).

Possibly the worst flaw of (not only) the tor crowd is to consider them friends rather than foes. That's the classical - and often deadly - error. Same with cloud based password services.

Security begins with having a reasonable idea about the threats to expects, about the foes (and their desires and means) etc.
*Can* the (in particular, the deep) state de facto take over tor? Certainly. They've shown so much. *Can* tor show convincingly that they can't be taken over, poisoned, abused? No.
Ergo: tor is *not* an ally. tor is *not* friends.

And that's what crypto is all about. It's about being certain about some properties (like confidentiality, integrity, ...) **under hostile conditions**.

tor is but security theater. Simple reason: It doesn't meet spec #1.

Will religous tor zealots eventually get that message? I don't hold my breath.

Clive RobinsonNovember 6, 2016 4:40 PM

@ NeiHuem,

Hmm remind me, Chicago is that place where they had that "warehouse" where rather than do real Police work they would just grab people of the street and "pre-process" them outside the requirments,of the law[1]...

Thus even less than a third clear up on homicides looks way to good for what you would expect. What's the betting the real rate is less than half that and the rest coercions of one form or another to make up the numbers...

[1] https://www.theguardian.com/us-news/2015/feb/24/chicago-police-detain-americans-black-site

Clive RobinsonNovember 6, 2016 5:29 PM

@ ab praeceptis,

With regards the morum praecepta tradere alicui for the genuflecting Tor devotees, an addition is required for their acolyte duties.

That is that they actually read and understand what a person has written or said, and not assume for the purposes of their own zealotry that the person wrote or said something else. With this "else" being one the zealot can cry "heresy" interminabley, loudly and to be quite honest embarrassingly for all within range.

Clive RobinsonNovember 6, 2016 6:37 PM

Hardware drivers now have Telemetry

This is the sort of bad news you realy do not want to be hearing about. Apparently Nvidia has added that sort of Spyware the FBI et al want you to have on your computer that is called "Telemetry"...

The three things telemetry does,

1) It destroys your privacy.
2) It steals your resources, like memory, CPU cycles, and importantly for mobile data your bandwidth.
3) You have no idea what information it is "phoning home" now or in the future.

Importantly it does not ask, it just spews your data PII or otherwise out of your machine without your knowledge or consent.

Further you have no idea if it alows inbound nasties either by design or lack of design. Either way it certainly increases the attack surface needlessly.

If you have Nvidia products you can read more at,

http://www.majorgeeks.com/news/story/nvidia_adds_telemetry_to_latest_drivers_heres_how_to_disable_it.html

Sadly I suspect that "shaming" will not be enough to stop this incredibly evil behaviour as has been seen with Micro$haft. But even the likes of the Sony Music "RootKit", CarrierIQ "test harness" debacle and others like Lenenvo have not been treated in a sufficient harsh way. That is it needs to be a "heads on spikes" type punishment to make other OEM hardware and software designers think such ideas are truely toxic to the point they fear the results of installing telemetry will be life ruining such as years of incarceration and zero employability.

My InfoNovember 6, 2016 6:39 PM

@ab praeceptis

"tor is but security theater."

Thank you.

Anyways, I've been up to more mathematical doodling, and I have a new version of the oracle H that I was working on a few weeks ago: https://www.schneier.com/blog/archives/2016/09/amtrak_security_1.html#c6735169

Let F be the formal system on which we have developed the oracle H, and define the following propositions:

Q :<=> P == NP
R :<=> PH == NPH
E :<=> Q <-> R
D :<=> F |- E

I have been able to prove that F && E && D is relatively consistent to F. My reasoning here is that if F is inconsistent, then E and D are satisfied; therefore any derivation of !(E && D) from the axioms of F would constitute a proof that F is consistent, and by Gödel's theorem, F would be inconsistent.

To be continued...

My InfoNovember 6, 2016 6:54 PM

My new idea (and I'm still not 100% sure it will work) is to "bake" those axioms E and D into a new oracle H* where we define

x ε H*

if and only if

[≤x](E* && D* -> !R*) && ![≤x](E* && D* -> R*) && x ε A
-- or --
[≤x](E* && D* -> R*) && ![≤x](E* && D* -> !R) && x ε B

where

R* :<=> PH* == NPH*
E* :<=> Q <-> R*
D* :<=> F |- E*

... if a fixed point still exists for all this, which there is no reason it should not. And moreover if F && E* && D* is still relatively consistent to our original system F...

AnuraNovember 6, 2016 7:00 PM

Firefox is a great browser, such a great browser that they introduced a new feature a ton of people complain about that you can't disable where if I type, let's say "sc" and press down and enter, I don't go to https://www.schneier.com like I expect, instead the first item in the list is now "visit schneier.com" which (if I disable HTTPSEverywhere) goes to the insecure site, before redirecting to the correct site. Now, let's say someone was on a site they normally expect to have a secure connection, and they were using public wifi, and they were used to typing those specific keys to go to the secure site - if they aren't paying attention they might go to the insecure site and a MITM can edit the redirect response so the protocol in the URL is http instead of https.

ab praeceptisNovember 6, 2016 7:06 PM

My Info

Just a short remark: many people seem to blissfully ignore that but a) proving anything with Gödel incompleteness theorems is not the best way to go about it and b) GITs also apply to themselves!

Plus: Looking at different areas of math/logic one is easily seduced to feel having discovered something great which also seems provable but actually isn't.

If you ask my advice: Continue playing with it but don't bet anything on it. Playing is good, playing is a wonderful motivator and in one or another virtually alway bears fruits. But think more than twice before building or betting anything on it.

One of the problems you are dealing with is the age old question whether mathematics is an invention of the human mind or whether it's something inert in the universe which we discover. Which, btw. is also a sibling to Gödels ITs.

Next: Keep in mind what P/NP really is! It's a rough - and temporary - sieve. One can, of course, establish propositions based on that but in terms of proof it isn't worth to much.
Also keep in mind that the settings are very floating and diverse. What might be P for nsa might well be NP even for most states.

To make it even uglier: What reference do you have? What's NP - and: are you sure?
What I mean is this: The assumption that "is known to be NP" is treacherous. What guarantees that agency X in country A having achieved to bring, say factorization into P will also publish that?

That's btw also why I'm so worried about pq. My worry is less that google or someone might soon have Shore and Grover working on a quantum computer. Hardware progress has a tendency to be talkative (i.a. because usually corps. are involved and selling usually needs talking). My worry is that another Perelman might come up with a devastating algorithm that, however, is not published.

And btw. keep in mind what oracles really are. They are by definition magic boxes. I see more problems than advantages in using them in proofs.They are useful devices, no question, for certain model operations but as lemmas they are pretty much worthless.

ThothNovember 6, 2016 7:33 PM

@Figureitout, ab praeceptis

What are your thoughts if a password hashing takes 12 seconds ++ to execute ? Would it be acceptable ?

One of my GroggyBox encryption method is to allow users to select a password to encrypt each individual file and the password hashing takes place on the host computer (not the smart card).

My password hashing blends BCrypt and SCrypt together where the password is fed into BCrypt and stretched then the output of the BCrypt is fed into SCrypt which would produce the file encryption key (all done on desktop client side) before the final file encryption key is loaded into the smart card to encrypt a single file object.

The password stretching can be expressed as:
FinalFileKey = SCrypt(BCrypt(Cost, Salt, Password), N, r, p, salt, dkLen)

The BCrypt parameter for work order is:
Cost = 2^16

The SCrypt uses the parameters of:
N = 2 ^ 20
r = 8
p = 1
dkLen = 256-bit final output

All the parameters I have chosen are geared at the "Paranoid" level of setting for each of these password stretching algorithm hence when they are used together, I wouldn't be surprised that the password stretching to be very slow (12 secs).

I have not chosen Argon2 as I have decided to give it sometime for more attacks to be mounted against it and to choose more established algorithms like BCrypt and SCrypt although my usage is rather unorthodox but the idea is to combine the CPU expensive qualities of BCrypt and the memory expensive qualities of SCrypt to prevent acceleration from both CPU and GPU side.

ab praeceptisNovember 6, 2016 8:05 PM

Thoth

IMO that largely depends on whether we are talking about one shot ops, i.e. once creating a secure has that is then used over and over again or whether we are talking about something that happens each time, say, a login proc. In the former case it seems acceptable, in the latter it seems a no-go.

And again, I think that you should reconsider your approach. Let me explain again in the context of KDF (which your are using):

Using an excellent KDF with a reasonable cost in both performance and memory, I end up with a ratio of about 1:10 to 1:20 between a fast multicore machine and a slow pentium or modern dual core arm machine. Note, however, that unlike smartcards for all machines 16 or 32 MB memory use is small to neglegible.

I guess that even a fast infineon would be more in the range of 1:200 - 1:500. That's deadly. In a real world application you must see both, your quite poorly equipped user and you quite amply equipped opponent. That difference or, more precisely, to have a small difference, is absolutely key to your KDFs. Get that one wrong and you have a weak mechanism.
Also note that KDFs must be well understood. A "cost" parameter tells you little. What you want is a thorough understanding of the cost domains, of memory, algorithmic complexity, cpu cost. Example: You do *not* want algorithmic complexity! That's OK if the execution context virtually always are intel or arm and Joe and Jane users but otherwise not. Complexity is the weak point because it invites HW powered opponents.

I think you should look and assess again. A smartcard is (within the bounds of easy availablitiy) a very attractive and secure "I have" that moreover can be well linked with with a "I know" (and can, to a degree, also have a "I know" on board).
*That* is it's strength. Not computation, no matter what they tell you about their hw engines (don't forget that those hw accels are being there to make crypto bearable in terms of time, not to make it fast!).
And smartcards have an inherent weakness, namely their weak processing power.

Therefore I suggest again looking into staging, i.e. transferring a very small routine from the smartcard to the host which then runs on the host and checks that some larger routines haven't been tampered with which then do some more complicated checks as well as the crypto.
As an exception one might have 1 long running (even minutes) single-shot routine that is only rarely running to, for instance, KDF create a good key or hash or alike.
Be ware though that one must "cut into pieces" the KDF very carefully. Why cut? Because users will need some "I'm alive. I'm just working hard" signal. So, rather than having your KDF do 10.000 rounds in one go you want it to do 100 rounds of each 100 rounds each time with a life signal for the user in between. That slicing, however, can be intricate (e.g. you must keep lots of delicate state intact) and some KDFs lend themselves better to that than others.
I have coded that myself and I has to carefully study some of the better KDFs for that (and stayed away from bcrypt and scrypt and simple (say sha256 based) ratchets.


It's ugly, I know, but if we want users to actually use our devices we must keep their needs and way of ticking in mind.
One example that comes to mind is the fact that users have different needs and priorities. So, your mechanism must be constructed in a way to allow users to make decisions for themselves e.g. re speed vs security level.

And again, I think that "I use a smartcard" by itself is not the best approach. I'd strongly suggest to use a mixed approach where each elements can fully play its strengths while avoiding its weaknesses.

My InfoNovember 6, 2016 8:58 PM

@ab praeceptis

a) proving anything with Gödel incompleteness theorems is not the best way to go about it

That is definitely a fringe point of view. I have personally studied Gödel's incompleteness theorems and the proofs of them. I see nothing wrong with Gödel's theorems, and neither do any mainstream mathematicians or philosophers.

But think more than twice before building or betting anything on it.

I really do not like the sound of that type of "warning." At all. I have already expressed such reservations quite adequately in my own words.

To make it even uglier: What reference do you have? What's NP - and: are you sure?

There is no need to make anything ugly. I am quite aware of the standard definitions of P and NP. Look them up in Scott Aaronson's "zoo" if you can't find them on Wikipedia.

ThothNovember 6, 2016 9:49 PM

@ab praeceptis
Just to note that the password hashing is not done on the card as the card have no such resources to even accommodate a simple SCrypt, let alone BCrypt and all the complexity. The password hashing are done solely on the client desktop side.

I have scaled the parameters back and now it takes only 2.5 seconds (maximum time) at most on an old Intel i7 Broadwell to run every iteration of password hashing with the parameters of:

BCrypt parameter for work order is:
Cost = 2^14

SCrypt uses the parameters of:
N = 2 ^ 17
r = 8
p = 1
dkLen = 256-bit final output

It seems to be much more tolerable now compared to the original (12+ seconds) with the updated that takes only (2+ seconds) with a speed up of 6x .

Perp walk for GlansheadNovember 6, 2016 10:03 PM

The Shadowbrokers' IP list shows US government duplicity and bad faith in defeating the object and purpose of OPCW's confidentiality policy by sabotaging the Verification Division's server. This invokes the Chemical Weapons Convention: Annex on the Protection of Confidential Information Part IX, potentially triggering referral to the treaty body's Confidentiality Commission for remedies including but not limited to suspension of staff immunity from prosecution. Treaty parties may participate directly in identifying and punishing breaches in their national courts. One more crime by NSA officials - the timing provides additional evidence of a US plan and conspiracy for armed attack against Iraq in manifest breach of the UN Charter.

NSA staff are now implicated not only in murder and torture, but in aggression. There is no statute of limitations and NCSL can yield to superior exigencies in the interest of accountability and preservation of world order. Hayden and his underlings will be looking over their shoulders the rest of their lives.

ab praeceptisNovember 6, 2016 10:05 PM

My Info

I see. It's a religious or quite personal thing.

"GIT fringe view" - BS. I didn't doubt the GITs. Reading less zealously you might have found that I merely suggested that they are (often) not a good approach to proving something. Like potatoes. They exist; definitely. But they are often not a good approach to prove something.

Moreover you seem to have missed a point or two in the linked paper. I quote: "Gödel's assertion ... We have certainly shown that it cannot be a provable theorem" and, more importantly "Since Gödel's theorem applies to *all* formal logical systems ...".

The author certainly doesn't serve as a basis for your attempt.

You might also want to think about the temporal/causal properties of both GIT and the machine you rely on so strongly.

It seems to me that you mix and shake Gödel numbers, his incompleteness theorems, Oracles, Turing machines plus an assortment of crypto devices and feel to be on the track to something big. Well, good luck, honestly, but I don't hold my breath.

"I really do not like the sound of that type of "warning." At all." - don't worry, I will not again benevolently fall for your game (nor will I make it my religious goal to care about what sounds you like).

ab praeceptisNovember 6, 2016 10:40 PM

Thoth

OK. But keep in mind that you should assume at the very minimum a factor of 1:200 with mechanisms like scrypt and bcrypt. So if on a more or less average you need 2,5 seconds for a full run, a well equipped opponent must assumed to take no longer than about 10 ms. Given that your whole mechanism (of which *crypt is just one element) and the parameters like key sizes are well chosen and balanced what you wrote sounds all in all reasonably secure to me for all but very sensitive applications.

I would, however, still suggest that you offer your users some wheels for fine tuning, particularly the cost factors. Just let them decide themselves where their sweet spot is in between, say, 0.5 and 20 seconds runtime. Some simple wheel where they can chose between faster and more secure.

Again, I don't know much about smartcards but if there is a chance to go (at least optionally) from 256 to 512 bits that would be very, very attractive. While not being that much more expensive it would offer a dimensional advantage in terms of keeping rainbow and similar attacks out of the game.

That's, in fact, one of the (mild) "criticisms" I have concerning bcrypt, scrypt and similar (or more precisely concerning many users of those). The whole raison d'etre of those mechanisms is to make certain (in particular prepared) attacks next to infeasible.
Going to 512 bits followed by far fewer ratchet rounds IMO easily beats expensive 256 bit ratchets and at considerably lower cost for that class of attacks. And your card easily has the memory to hold 512 bits.

Finally this brings up a maybe attractive idea: How about dividing the cost by storing a considerable intermediate step (say, after half of the rounds) on the smartcard? Such you could run much faster while still having the full rounds security - *iff* the user has the smartcard, which is true for your legitimate users but not for opponents.
The only problem I see is a practical one: Not every algorithm lends itself to that. Only those whose single rounds work with the result of the prior round (not all do. Some want to have all the state (of megabytes) available).

FigureitoutNovember 7, 2016 1:11 AM

Thoth
--Depends if I use it everyday or once a month, few months, or yearly. So some account you only need to login to every few months, may use it for that (internet is weakpoint and where attacks would come from anyway). Day-to-day, just backing up my files multiple times is enough for me. If delay provided some defense again timing attacks, would be more attractive. Well if you give user a choice to scale encryption up/down, and if file is small/large; no way around that really. An attacker could reason small hints if they just had access to a "time start, time finish" channel and ran some tests on their own to start identifying suspicions.

Z.LozinskiNovember 7, 2016 6:31 AM

The UK new media are covering an online security breach at Tesco Bank this morning.

40,000 accounts saw suspicious activity over the weekend, and 20,000 accounts had money removed, according Benny Higgins, CEO talking to the BBC this morning.

As a result the bank has blocked all on-line transactions; conventional transactions (ATM, EMV) are unaffected, provided of course you still have money in your account. Lots of speculation, but at this early stage there are no hard facts.

I'm reminded of a security seminar at the Computer Lab in Cambridge. A straw poll asked how many people in the audience used on-line banking. Nearly everyone said yes - the holdouts who did not use online banking were the greybeards, the ones with 30+ years experience.

The BBC report is here:

http://www.bbc.co.uk/news/business-37891742

Tesco are responding well, and to their credit have published a statement:

Tesco Bank can confirm that, over the weekend, some of its customers’ current accounts have been subject to online criminal activity, in some cases resulting in money being withdrawn fraudulently

We apologise for the worry and inconvenience that this has caused for customers, and can only stress that we are taking every step to protect our customers’ accounts. That is why, as a precautionary measure, we have taken the decision today to temporarily stop online transactions from current accounts. This will only affect current account customers. While online transactions will not be available, current account customers will still be able to use their cards for cash withdrawals, chip and pin payments, and all existing bill payments and direct debits will continue as normal. We are working hard to resume normal service on current accounts as soon as possible.

We continue to work with the authorities and regulators to address the fraud and will keep our customers informed through regular updates on our website, twitter and direct communication.

We can reassure customers that any financial loss as a result of this activity will be resolved fully by Tesco Bank, and we are working to refund accounts that have been subject to fraud as soon as possible.

Benny Higgins
Chief Executive

Clive RobinsonNovember 7, 2016 1:56 PM

@ L.A.X.X.X.,

20,000 customers dropped their wallet.

It would appear that Tesco banks central systems were attacked --apparently a first for the UK-- and 40,000 out of 130,000 current accounts (~30%) saw irregular behaviour with half losing money (Tesco Bank has about 7million customers in total but mainly for loans etc).

Whilst nobody is giving figures it appears to be between 15 and 40 million pounds of potentialy fraudulant transactions have been made... Due in part to the bank being inordinately slow on blocking irregular transactions, even though they had detected the vast number involved and texted effected customers... Belatedly they have shut the stable door, but left people with either no access or insufficient funds...

It's anybodies guess who is going to pick up the bill on this though the bank has said it will return lost money, it's not said anything about costs arising or compensation...

Now the 64,000 dollar question is who is going to get the finger pointed at them for this. In Good old US style we would have heard that "it's those pesky Russians" giving Trumpy a small loan to stop the DemoClintons or maybe "it's the nasty North Koreans" stealing the money to get little kim a new hair cut and a squid supper for every one else to celebrate. Mind you on a more serious note, it appears that the South Korean Premier has other fraud allegations on her mind at the moment...

Or will calmer heads prevail, and do a little investigation of "follow the money stupid" --to Spainish retailers and beyond-- prior to comming out and saying something that might be credible...

Oddly this appears to have happened just after the UK Politico's anounced a new anti-cyber-crime initiative...

Anyway you can read more at,

http://www.bbc.co.uk/news/business-37891742

https://www.theguardian.com/business/2016/nov/07/tesco-bank-freezes-transactions-online-attack

Clive RobinsonNovember 7, 2016 2:42 PM

@ The usuall suspects,

This amused me, and might do the same for you,

https://shift.newco.co/what-50-buys-you-at-huaqiangbei-the-worlds-most-fascinating-electronics-market-f0384d9fca32

The last time I was in Huaqiangbei market I purchased a couple of hundred quad pack CPUs at around 15p UK (say 35cents). They all worked according to spec and were less than 1/20th the "standard price" in the UK.

Whilst those people went around the market themselves, there are people who will save you the trouble and will go around and fill an order for you. Their haggling ability can get you a better price than you could even including their fee...

For a geek that market is one of those places you have to put on your "must see" list.

Clive RobinsonNovember 7, 2016 2:47 PM

@ Thoth and others,

You might find this of interest,

https://whispersystems.org/docs/specifications/x3dh/x3dh.pdf

    This document describes the "X3DH" (or "Extended Triple Diffie-Hellman") key agreement protocol. X3DH establishes a shared secret key between two parties who mutually authenticate each other based on public keys. X3DH provides forward secrecy and cryptographic deniability.

BlueGirlNovember 7, 2016 6:59 PM

Just a thought Since we live with a system that operates in a fashion such that "we can amplify or misrepresent or pretext or construct as necessary and desired to where circumstances are always exigent, therefore access will always be lawful so be sure we have back doors for that lawful access" perhaps we need more instances of equally stubborn disobedience.

WaelNovember 7, 2016 10:25 PM

@Clive Robinson,

The last time I was in Huaqiangbei market I purchased a couple of hundred quad pack CPUs at around 15p UK (say 35cents)

More than amuzing! How could they get prices so low? I liked the "Tape gun Rock Tar"! I'll keep it in mind if I ever end there!

Did the CPUs work?

Clive RobinsonNovember 7, 2016 11:39 PM

@ r,

Obviously this implies artifacts are factual watermarks

It depends on your point of view...

No manufacturing process is perfect, there are always subtle differences that could be used to fingerprint the device. This idea has been around for almost as long as typewriters have. Less well known is the obvious fact that usage and time alters these fingerprints. Thus these fingerprints are subject to "expert interpretations" which as we know from the history of human fingerprints is subject to all sorts of influence that cause the innocent harm.

Less well known still is that trying to "remove the human element" can cause rather more of these problems than they solve as biases etc get hard coded into the systems. Worse still they then go on to create opportunity to some because the hard coded defects in the software can be exercised repeatable alowing testing to be carried out such that the state of a test result can be chosen.

We actually see this kind of testing carried out by malware authors trying to evade tripping AV software, so it's far from a theoretical idea.

Thus you get a problem arising when you look at "recorded" evidence, especially digital evidence. What you get to examine is a created artifact for which there is no true physical chain of evidence back to the original recording device. To see this think for a moment about an ordinary analog photograph, what you get is the artifacts of the camera defects, subject to the film stock defects, which are then subject to the defects of the development process into negatives, then another chain of defects as the negatives get turned into actual positive photographs. There is no direct physical chain just a chain of transformations. It is however not just a lot of unwanted defect "noise" being added to the wanted defect signal. That additional defect noise can hide a lot of other sins as well.

Firstly most of the camera defect signal is considerably less than the added noise thus for all practical purposes hidden by it. Thus you only get sufficiently clear signals to be unambiguous occasionally, in effect they have to be major defects.

But you also have to ask 'Can these signals be faked?' and the answer is yes and fairly easily if laboriously. I won't go into how many can be done, but if you think about a scratch on the lense. If you have the camera then you can characterize the scratch and from that make a mask that will have a very similar effect when placed between the negative and the photo paper. Thus an image captured by a camera with no scratches can be made to look like it was taken by a camera with scratches... Yes it's a time consuming process but as the "erased from history" photos show one that people will do for various reasons...

But now consider the case of a digital camera what you get is a data file, but one with implicit assumptions that cut both ways. One of which is the ability to make "perfect copies". When you make "analog copies" each copy is slightly degraded by the process noise and distortions thus faint signals get lost in the noise very quickly, this tends not to happen with "digital copies". Thus the assumption that the data file contents are more pristine and thus finer detail on defects can be found... It also means that for anyone with the correct knowledge, they can write software to add or subtract signals, and there is no "analog degredation" to worry about.

Thus there is a problem with the forensic tests. If you can characterize the way the test works or know first hand then you can "cheat the test", it becomes a simple case of what level of resources are required...

Thus you run up against an issue in the judicial process. A fundemental right is that you can independently verify any test the opposing party submits as evidence. This means that the tests used should be open and available to all so that they can be verified, if they are not then it's not evidence that can be used in a fair court system.

For the tests for tampering to work they have to somehow be able to get a reliable signal from the noise. With digital systems you can make or remove any signal you like, thus the test used has to be "unknown" to a person doing the tampering. For that to be the case, the test has to have come into existance after the tampering or in some way be hidden from the person doing the tampering in effect "kept secret", which in theory is not allowed. Which is why some legal representatives go after the designers and purveyors of the tests, knowing they would rather keep thier intellectual property secret rather than lose it in court to their competitors etc. Unfortunately some judges are getting fed up with such tactics and rejecting them, much to the joy of certain law enforcment organisations, that push through very dodgy "faux science", that as we know from history has a habit of eventually comming out, but not before quite a few people are hurt by it.


just an intangible informational one

WaelNovember 7, 2016 11:57 PM

@Clive Robinson,

Apparently Nvidia has added that sort of Spyware the FBI et al want you to have on your computer that is called "Telemetry"...

One if the reasons I use Nvidia is their excellent support for FreeBSD. The driver has some source code and some object code. One complies it on FreeBSD then installs it. I usually change some things, for example I disable Linux compatibility, because I'm a purist. If I am running FreeBSD, then I don't want any Linux binaries running. If I need Linux, I just boot to a Linux partition. One of my setups has FreeBSD, Linux, and *ahem* OS X El Capitan. That's on an AMD 8-core machine. FreeBSD has Virtual Box for other OSs like Windows 7, and Linux has VMWare for similar purposes.

I'll need to check the driver sources to see if there are any telemetry code. If it's in the binaries, then it'll be a more involved task to disable it. By the way, OS X El Capitan's and Sierra's kernel are open-sourced too ;)

I do have like 3 Macintosh's too.

tyrNovember 8, 2016 12:38 AM


@Clive

Thanks that reminded me of Akihabra back in the
day. I always got a huge sackfull of e weirdness
and some semi useful items from the Vessel Junk
Tool Corporation. I got a hand nibbler labelled
with japanese characters so I asked someone who
reads the stuff to tell me what it said. He did
the translation as Handu Nibera. Very exotic of
them to rename it.

Comey is a real card, he is more embarrassing
than J Edgars pink tutu, he may rise up in the
world now as the Boris Johnsons of the world
seem to make it to center stage with alaruming
regularity these days.

Clive RobinsonNovember 8, 2016 12:39 AM

@ Wael,

Did the CPUs work?

As far as I am aware, they still are, or atleast nobody has told me otherwise.

With regards,

I do have like 3 Macintosh's too.

I'm glad you said "Macintoshs"... If you said "Macs" It would have sounded to much like "a lunch I would munch" occasionaly in my fitter days when having ridden a hundred and fifty or so miles on my bicycle in the morning and needed a little "fillup" to get me home again.

On a more serious note, the Nvidia code doing an "ET" is possibly not in the actual drivers themselves yet... But it will not be long before that becomes "industry standard practice" for hardware manufacturers chasing that extra bit of profit that the likes of Micro$haft and Google get on their OS's etc.

My concern is that as they would be at such a low level they might "see" what the OS might not, or get subverted into "shims" that display false information from banking apps etc etc...

ThothNovember 8, 2016 1:23 AM

@Clive Robinson

re: Nvidia's telemetry backdoor

This is where the use of microkernels come in or whichever system that support secure separation of different workspaces and to never allow drivers to be executed only with userspace privilege within it's assigned workspace. I would say Qubes is close to meeting this requirement but the fact that Qubes uses Xen which is a huge hypervisor in itself would not make it to my consideration of secure workspaces.

Properly defined computers that are assigned for different classification is highly necessary to prevent data from different classification levels to leak to each other.

Using dedicated security hardware (i.e. smart cards and HSMs) for sensitive operations are highly recommended and when possible, secure input and display (at least secure input) should be provided and these dedicated secure hardware should be used in the appropriate designated computers that carry the minimum classification.

I am making things sound like civilians have to lead the life of Govts and militaries by employing classification into daily life but that is the necessity we need and has worked even if it sounds weird or difficult to execute.

One of the main reasons I decide to put my free time into smart card development is to allow users to have a minimum basis somewhere to start. Encryption is not going to solve the problem but dedicated security hardware that are cheaply available would give a certain basis to work with due to the fact that things like security capable separation microkernels and hypervisors are still years before they mature and get adopted into the main stream and it is highly likely that most people will reject installing a secure OS as they prefer to use a single OS to do everything and thus a separate secure hardware would at least provide some basic protection against exflitration (i.e. private keys, sensitive secrets ..etc..).

Once there is a wider acceptance of secure OS systems, the secure hardware can be integrated in to provide even higher levels of security on an individual basis.

ab praeceptisNovember 8, 2016 6:56 AM

Info Update:

OpenSSL has announced their new bug collection. One of the features is that a *high severity* bug from the recent bug collections has been killed.

It just keeps giving ...

ThothNovember 8, 2016 7:38 AM

@ab praeceptis

I am guessing that OpenSSL development rarely employs defensive code cutting when creating codes. That would explain OpenSSL simply "keeps giving". If they did their due diligence in employing defensive programming methodologies (i.e. verifying the branching within codes and memory usage), it would have significantly lessen all the problems.

As long as there are software depending on OpenSSL (especially due to it's FIPS certified status), systems that rely on it for certification would always have something to patch more frequently.

ab praeceptisNovember 8, 2016 8:20 AM

Thoth

For the sake of fairness: The OpenSSL developers are confronted with a code base that is about as lousy as it is massive, which then is implementing a plethora of algorithms for a plethora of architectures.

Which translates to a) no chance, and b) no chance again.

To roughly quote Hoare, reliability is to be payed with simplicity - which comes down to saying that *no* ssl/tls implementation can be of good quality, unless they throw out tons of "historically grown" crap for a start.

Another very important point is that to the best of my knowledge none of the halfway known ssl/tls implementations (ignoring the F* based one which iirc is hardly alpha and whose usability for code in other languages remains to be seen) does even so much as annotating their C or C++ or java source texts for static verif (leaving aside the fact that even trying to implement tls in c/c++/java and accomplices should be punishable by law).

But, OK, granted, OpenSSL is quite certainly winning the big "crap" medal.

WaelNovember 8, 2016 8:52 AM

@Thoth, ab praecepris,

As long as there are software depending on OpenSSL (especially due to it's FIPS certified status)

This squid has some related discussions on "FIPS"...

(leaving aside the fact that even trying to implement tls in c/c++/java and accomplices should be punishable by law).

The problem is in adding stupid features and mixing programming language choices. What would you implement them in? RUST? And would that be a good measure, knowing that the host OS is written mostly in C/C++?

ThothNovember 8, 2016 9:03 AM

@ab praeceptis

"Which translates to a) no chance, and b) no chance again."

That means OpenSSL is perpetually crapped no matter now many bugs that are reported to them.

"which comes down to saying that *no* ssl/tls implementation can be of good quality"

Or maybe the world should simply ditch SSL/TLS to look for something that doesn't have so much problems with the standardization which still doesn't exist as of yet.

It's about time OpenSSL shave off all the unnecessary bulk load of algorithms that hardly anyone uses these days. Look at the bulk of ciphers (linked below) and I could start to count a ton that needs to go. Kill list: RC2, RC4, MD5, IDEA, SEED, DES (1 key mode), All GOST algorithms (not that I am against Russian algos but who ever uses them ?) and put to depreciate 2/3 Key TDES, SHA1, DSA and also start depreciating and showing HUGE WARNING SIGNS for any key sizes with less than 128-bit strength.

For SSLv3, they should really start to break compatibility and delete it off from the master branch otherwise it would be like a haunt from the old past that never dies.

They even have a HIHG, MEDIUM, LOW for encryption strength and this is ridiculous design. They should be removing LOW and MEDIUM permanently and make "export grade" stuff non-existent to permanently cure the problem of downgrade attacks.

Well, the road ahead for OpenSSL is pretty much hopeless anyway...

Link: https://www.openssl.org/docs/manmaster/man1/ciphers.html

rNovember 8, 2016 10:58 AM

@Thoth,

GOST may still be in use for aging hw like how DES was (and is?) for the U.S.. If that's the case, it's polite to include it considering.

rNovember 8, 2016 11:28 AM

@Clive,

Maybe, I don't own the software and dongle so you're right. It may require the original camera for comparison, or a second photo sourced from the same device... But, if that dongle and software works against any photo and is capable of identifying the ones sourced from the DSLR variants specifically then in my mind that betrays the existence of some specific previously unidentified and unlisted non-feature.

Maybe I'm paranoid, but it's 2016 I was told in like 007(?) if I knew what they knew I wouldn't be classifying myself as spooked.

If, if that software can verify a whole photo without the originating device or a secondary affect (second copy of lens and aperture artifacts) then I assume it's embedding a hash out hash marks like ECC.

There's alot of questions afoot imb, IF I were a camera company - I would most definitely choose to embed watermarks for the reasons listed on the website and for other ones like aiding prosecution purposes.

CuriousNovember 8, 2016 12:21 PM

Off topic:

I think the Wikileaks shop is broken. Completing a purchase isn't possible apparently and the shop button linking to https://wikileaks.spreadshirt.com/ redirects to https://shop.spreadshirt.com/wikileaks/ and then quickly to https://wikileaks.shop, and everything is confusing.

The shop apparently worked previously 30.Oct.

Is it just me or does the url "wikileaks.shop" look fake?

I am no expert, but I guess I would instead expect the url to instead say "shop.wikileaks"

CuriousNovember 8, 2016 12:23 PM

To add to what I wrote:

Correction, I meant the last url to be shop.wikileaks.org, not just shop.wikileaks.

CuriousNovember 8, 2016 12:30 PM

Off topic:

The last time I donated to Wikileaks, my local bank froze my credit card and gave me a call a few minutes afterwards, and they told me about how they would unfreeze it again, which they did. An overreaction imo, or my favorite theory, maybe being some kind of harassment. This isn't the first time my bank has done this with me having donated a little bit of money to Wikileaks.

rNovember 8, 2016 2:27 PM

@MyInfo,

My polling location has some kid wearing a Bitcoin jacket from Switzerland supervising(?) today.

Not Who You ThinkNovember 8, 2016 2:59 PM

Responses to various points:

First, on the US election. I do believe it has some relevancy for computer security. One is at heart has been the "Clinton Email Scandals". In this, we have also seen a major US agency which is deeply involved in global computer security issues get heavily involved. That is, of course, the FBI.

It must be noted the FBI has been heavily lobbying against encryption for all consumer software and hardware products. This is certainly a global issue.

https://www.theguardian.com/us-news/2016/nov/03/fbi-leaks-hillary-clinton-james-comey-donald-trump

Indeed, claiming the world would be safer without encryption and claiming that Donald Trump is a viable and even best US Presidential candidate are statements on equal levels of insanity. They are such of statements, I am reminded of the statement by Hitler, that implies people do not buy so easily into little lies, but that they will willingly buy into truly fantastic lies.

There are many reasons for this, but, I would point out many state level law enforcement agencies across the world certainly lean towards agreeing with the FBI.

I would also point out, to keep this short, the ultimate problem is one called "group think". Others call it "politics". It is herd operation, where critical analysis is taboo. And where critical analysis is taboo, there is no reasoning, no rationality, only recitation of what one has heard from others.

An echo chamber.

This sort of behavior is exactly what we saw with the Nazis. It is what we saw in the US with the opposition to the Civil Rights movement, and with the Salem Witch Trials. It is what we saw with the Inquisitions in Europe. And it is what we have seen so often, over time, and today, all across the world.

It is how seemingly human, reasonable, intelligent mobs -indeed whole cultures and societies- have done such truly awful things.

Because while doing those truly awful things and well before doing them, they come to believe truly awful things.

I am, of course, not here stating that the FBI is absolutely evil. Many groups within them are strong at critical analysis and not mere echo chambers, especially when contrasted against smaller law enforcement organizations.

However, the greatest threat the world has today is that the past is not repeated. Can human kind do this? Can human kind advance beyond totalitarian societies, away from tyrannical State sponsored cult societies? That enemy is not "out there", nor your strange neighbors, but that enemy is within your own self.

On Nick P's article from Cracked, and some other comments about the inherent virulence of cities: either country or city living is completely valid way of living today. I have lived at both. I could live in the country because I work in a field where I can telecommute.

I have seen telecommuting grow, greatly, and so it is surburbia is expanding, as well. This, we should understand, is an inevitable trend.

I have lived in very wealth surburbs well within the heavier city boundaries. And, I have lived in truly violent crime areas, where literally I had prostitutes in my front yard and hearing gunshots on weekends was normal. Where seeing violence locally, was normal, and knowing gang members was also normal.

If you work in any facet of security, however, you know how tricky statistics are. You know how threats are blown up. Certainly, there are many comfortable areas even in heavily populated cities, and certainly, just outside heavily populated areas.

Ultimately, perhaps, Trump's worst beliefs are misogynic. Which, sadly, not unlike as we see in the worst of Islamic states, is a deep consensual delusion held both by males and females within those societies. This sort of belief system is far from "merely" against women, but it is endemic of a savage, animalistic belief system where there is no rationality, no reasoning, but only "might makes right".

So, of course, Trump, as his similar across the world, and history, have a deep hatred of immigrants. The proverbial 'strangers in a strange land', immigrants are among the weakest in society, and so those who wish to monopolize as much as they can for themselves today wish to trumpet them for easy victimization.

Trump very likely has been courted by Russian intelligence, since back to the late 70s, where his wife was from behind the Iron Curtain and whose claims to past are found to be so fraudulent even the first few paragraphs of her wiki entry state as much.

Does this mean much to anyone? He won't be elected, so no, in some sense. If anyone has the most to lose from a President so closely aligned with Russia, this would be European states.

Neither Russia nor the US want Sunni control of Syria. So, there is much pretend going on in the region.

As for the Russia hacking the US? Or the US hacking Russia? Both nations hack each other, substantially. Russia certainly has focused extensively on US energy companies and power grid.

Russia has a very strong mandate of tradition to prepare for "eventualities".

Russia, however, is simply not a superpower, even if they remain very loud when it comes to intelligence. Indeed, just last year, they were very close to bankruptcy.

They do desperate actions, however, so they must be very closely monitored. But, because of their extremely finite resources, they are also like the robber that takes a cab after robbing the bank. They are very bad at what they are attempting to do, even if very bold.

The US has no national reason nor interest to entirely rob Russia, unless Russia shows that they wish to entirely rob the US. In which case, the simplest solutions for the US is economic kidnapping of their primary industry, energy. Which can provide a very bloodless, yet complete coup.

Either Trump or Clinton is quite capable of being at the helm of an administration which does that.

Intelligence agencies court every manner of powerful people, from corporate heads, to research scientists, to journalists. None of this means their courting ultimately provides them control or favor. Intelligence agencies rely on self-deception for continuation of their programs. That is failure is never what they want to believe unless they absolutely have to. So, they tend to accept success when it is not there.

...

Are those in cities smarter and more educated then those in the boondocks? Of course, not necessarily. And evil takes many forms. But, when you are forced to live with a wide variety of people, from a wide variety of divergent backgrounds? You are forced to come to terms with human beings under the skin, under the cultural trappings.

Certainly, many in cities do not do this, and many in the country do not.

"Group think" can certainly also become especially virulent in larger, more connected, more closely communicating groups. Which are found in plenty in cities.

Indeed, a huge base block of support for Trump are the militias and alt-right groups. While the militias tend to be country, alt-right groups tend to be very much "city".

...

Will there likely be a strong shakeup in the FBI and so ground made against the grab for global information power? After the election?

It is a continuing movement. It should be reminded, Comey was elected by Obama, because Comey was against these sorts of programs in the first place. Yet, has come out for them in many cases. Similar can be said of Obama.

The US is but one small part of the global population, though it is important. No nation on the planet has more citizens per capita imprisoned then the US, at this time. This inherently makes the US deeply unstable. After all, is this key criteria something which the US should be surpassing Cuba on? Venezula? China? North Korea? Yet, it is a key criteria which the US surpasses even old Shinto Japan on, even Nazi Germany, indeed no nation ever has so imprisoned their own populace.

Change comes slowly, peacefully, as the world grows up, and communication which is heavier is allowed to have a voice. Which is deeply accelerating due to the internet, and the freedom of it, and the global media, and the increasing freedom of it.

ab praeceptisNovember 8, 2016 5:15 PM

Wael, Thoth

Fips. Let me be frank: About the only property Fips seems to actually ascertain is certainly not about software safety. A Fips certficate seems to be about as valuable as a blind comatose dog is as a guardian. It seems to wear a golden collar with rubies though.

And btw. there are other creepy options with a Fips sticker around than just OpenSSL.

The question in which language I'd implement it is not fair (towards OpenSSL). When OpenSSL was started there were a whole lot of things we didn't know and understand. Then it reasonably looked like a good choice to do it in C.
On the other hand even then alternatives like Modula were around. I mention this less as an attack than as a witness. It points to people not really understanding their problem domain because, if they did they would at least have used some *available* tools like e.g. Larch and they would have approached the whole thing quite differently. So if one asks me, one should ask me what language *and other* (spec, model. verif) tools I would have used *then*. My honest answer: I would have done it like them because then I was a cool youngster with bold self-confidence, a half empty brain, and a lack of proper reasoning. But I *know* that smart, experienced and very capable men with a far more professional attitude than I had then were around. So, it could have been done much much more professional than it was done.

And languages ... oh well, we had no lack of them plus we had very fine research centers with very fine people in PL. One would have had languages available that were running on pretty much anything plus, so it seems, it's much easier to port a well designed language than it is to hunt the bug in a big pile of crap down ...

But it's not even about the language choice really. From my point of view the language choice was just another symptom of the real problem. And that was too much politics in it, probably too much sales interests, and most importantly too little quality thinking. I think that OpenSSL is rotten due to very poor conception and design, showing a severe lack of understanding the problem domain.

I'm btw. not so much concerned about too many ciphers. Sure, obviously and known to be creepy and broken ones should be thrown out, but all in all the problem isn't about ciphers multitude, and if it is then more due to the mechanism that come with that choice (complex options processing etc.)

Interesting problem domain btw. A well meant and well conceptioned system with, alas a lot of problems due to implementation - vs - a lousily conceptioned and carelessly designed system with, of course a never ending stream of problems. The former can be repaired, the latter can't. "Simple" reason: The problem source is out of reach for the repair tools; one can't but fix symptoms over and over again. About the only way to make that worse were to thrown in a golden "secure and well done" seal (Fips) because what that really does is cementing the problem source and strongly supporting it.

But hey, in case no one noted it: My point wasn't so much about C anyway. My burning concern was "How much more pain do we need to learn that we need to use some formal methods for our safety and security crown jewels?". An attempt in C but using ACSL/Frama might not be the optimal but *much much more solid* than the 16th attempt in naked C. It might acually being a basis for some reasonable safety propositions.

WaelNovember 8, 2016 6:02 PM

@ab praeceptis, @Thoth,

A Fips certficate seems to be about as valuable as a blind comatose dog is as a guardian.

Yup! It's as useful as "FIPS" on a Boar.

My point wasn't so much about C anyway. My burning concern was "How much more pain do we need to learn that we need to use some formal methods for our safety and security crown jewels?".

Formal methods. Hmmm, let's see now: do formal methods catch conceptual flaws, things that caused Heartbleed, for example?

ab praeceptisNovember 8, 2016 6:59 PM

Wael

do formal methods catch conceptual flaws, things that caused Heartbleed, for example?

For a starter: One may debate in which corner to put heartbleed and one might well argue that even proper implementation could have avoided it.

Here you go: Rather than


...
free(p);

one might - given an understanding of the problem domain - have written

... memset(p, 0, pSize); /* pSize is the chunk size */ free(p);

An artifact well known back then and often used. Had it been used, the heart wouldn't have bleeded (but happily thrown out zeroes).

But, more generally, YES one could, at least to a quite large degree. Not with verifiers, of course, but with formal spec and modelling. And, yes, that kind of tools were available back then. Z, for instance, or vdm, to name two examples.

Et voilà, back we are at what I said. Lack of understanding of the problem domain; if those guys had had that understanding, it would have bitten them right in their noses that a project that is about safety and security crown jewels and hence includes lots of crypto, loudly shouts "spec and model me properly and formally!"

Note: I used "blockquote" formatting for code above. In case is a futile attempt, I apologize. I'm rather stupid in html stuff.

ThothNovember 8, 2016 7:32 PM

@ab praeceptis, @Wael, @Nick P

I wonder if some sort of automatic branch tracing (if-else) for possibly problematic branching logic could be done. I remember @Nick P used to post a good about of verification tools here and papers that have verification capabilities. Maybe that could be used to make the "heart not bleed out" in the first place. On top of that, a verification tool that can track memory declaration, overwriting and foul play can be useful too. @Nick P, do you have papers and tools that cover those ?

Oh, and I am not the first one to be pointing out the problem with the FIPS sticker. Just a marketing hype anyway. I sometimes wonder if the "validation labs" actually do take the trouble and attempt to attack the product logically and physically or maybe their jobs are to simply read reports and go down the check list of requirements and if the check list matches, they issue a certificate.

WaelNovember 8, 2016 7:40 PM

@ab praeceptis,

/* pSize is the chunk size */
memset(p, 0, pSize); 
free(p);

Will work some of the time. Memory needs to be cleared immediately after its usage. Anyway, you may want to use the <pre> tag for formatting code.

I'm not opposed to formal methods, but as far as I know these are mostly used in critical systems such as air cabin control systems. In the real world, where schedules trump everything else, you'd be satisfied with a "smoke test" :)

As for OpenSSL, it's unrealistic to expect this level of organization when anyone can just put a block of code without "due diligence"... or "deliberately"

WaelNovember 8, 2016 8:10 PM

@Thoth, @ab praeceptis, @Nick P,

There are a metric ton of these tools:
https://en.m.wikibooks.org/wiki/Introduction_to_Software_Engineering/Tools/Static_Code_Analysis

There are dynamic analysis tools too. I used one from Compuware long ago that went through all code paths at runtime (with instrumentation).)Tools aren't the problem! The problem is what to do when tools report 28000 warnings, and some are false flags.

@Nick P has the comprehensive list (if he wasn't the one who compiled the Wiki article.)

ab praeceptisNovember 8, 2016 8:40 PM

@Thoth

Yes and no. Yes, there is quite some formal tools that can help to an amazing degree. Some problems, however, like heartbleed and other buffer or mem. problem classes pretty much fall into the separation logic field (where tool support still is very thin).

A not completely correct but good enough primer to understand:

One problem class is to do with code paths and code flow, plus a whole lot of related stuff.
Another problem class is roughly what one tries to tackle with strong static typing. Things like not reading/writing beyond mem/array boundaries.
Those two are often put into one solution approach roughly summarized under "static" whatever (static verif, static typing (and checking), etc.). It's roughly what one means when talking about "formal tools".

But there is rather different problem class, namely memory, which, to make it harder, is not only closely linked to code paths but also to time. That's where separation logic enters the game. One can roughly understand that as Hoare triples but memory related.
Where is normal H3s you make logic statements as we know them (like "when entering param 'day' must be no less than 1 and no more than 31" or "the return value is guaranteed to be a valid date") separation logic follows the memory and works with predicates like (very simple example) "Upon entry the memory area of var X is of know size and location and accessability (e.g. threads!) and does contain a value within a specified range".
It is this that allows to posit properties like "for all bytes of array 'heartbleed' it must be true that their index is either lower than 'pSize' or else their value must be '\0'" - which is the only way to properly and verifiably state that there are no arbitrary values within that array (which led to heartbleed).

The other main approach to that problem class, which is often preferred for its friendlier surface ("ease of use") is the path Ada took, namely to anally control and limit (to sane levels) memory, in particular access.
In some way Rust is going somewhat in that direction, too, albeit from a more "C-ish" perspective. Where Ada says (except for exeptions which need to be expressely declared and are avoided as much as any possible) "Nope. You can get a pointer to some variable mem that you own ("access") but you may neither change that "pointer" nor do arithmetic with it. Period." Rust come from a C view and says "Well, the world needs pointers, but we must control them, tag them, group them into different kinds of pointers, etc."

In other words: You can chose between a very strict and limiting language or else you can enjoy funny pointer games but you'll have a lot of not exactly easy formal work to do.

Personal side remark: Both approaches have their advantage. Ada (to name the classical 'strict language' example) offers a lot of convenience at not a high price (it just feels tough for C-ish developers because the paradigms are so different on multiple levels) but one must also see that quite many projects just can't be implemented reasonably without some pointers - and that's where Ada leaves you completely alone. You *can* do it but you'll be alone and outside the supported zone.
Rusts approach is (IMO) by far inferior but, and that's an important but, it doesn't leave you completely alone when you sometimes just need them dirty pointers.

Looking at how Ada evolved there is a clear trend visible (it seems to me anyway), both in Ada 2012 and in Spark 2014 that IMO points to them sooner or later (and maybe already) looking for ways to include at least some basic separation logic into at least Spark.

For other languages like Parasail, Modula-3 or Sather who look(ed) promising but are either rather exotic or next to dead that SL approach would be desirable and feasible, too, but rather unrealistic when considering how poor tool support is even for way more common languages.


@Wael

First, thanks for the html formatting hint.
And, yes you are right, one should neuter memory right after use but I wanted to stay close to the point.

"Critical Systems" - You are right. Of course that effort isn't made and that price isn't payed when building some everyday thingy. But: I think we should have learned by now that the crown jewels of safety and security, the very f*cking base that is used in so many software products **is** critical.


@MyInfo

"pentagrams, hex, ..." - Bullshit!

ab praeceptisNovember 8, 2016 9:03 PM

Wael

Forget those lists. I know them, they look impressive - and are next to worthless.

Many of the tools listed there are dead or hardly alpha. Moreover one needs documentation, which many have hardly. Also one can't just blissfully pick one; OS, tools, dev. chain, language must somehow match. Etc. ...

Moreover, not with this one but with others, some of those lists mention a plethora of such diverse tool categories that, as I happen to know from quite some question I was asked, most developers end up but confused. One might as well thrown organic chemistry formulas at them.

Plus lots of other problems or even traps, like, for instance, a tool running only on .net, a tool having an inacceptable license, a tool promising so much more than it delivers, etc.

What I said was in relation to "those lists filtered for actually useful tools". And that filtered list is saddeningly small.

WaelNovember 8, 2016 9:41 PM

@ab praeceptis,

And that filtered list is saddeningly small.

It is, about three or four.

Nick PNovember 8, 2016 10:42 PM

@ ab praeceptis

re adding separation logic

Alright, I have a better paper for you on Matching Logic that's an extended intro building up the logic. The interesting part is adding separation logic to it is done in about half a page. Except that's just covering the heap where they cover everything like what they did in executable, C semantics. Here's the intro. Turns out it was also developed at NASA for their program analysis tooling which other stuff just couldn't handle without being hard to read or redundant.

Another one I found interesting as a stepping stone to future work: Integration of higher order interactive proof with first-order automatic theorem proving. I've seen enough formal methods projects to say their initial success in percentage of theorems that get automated looks similar to what spec-based, automated provers do for program analysis. Good prototypes often report somewhere between 60-100%.

@ All

An old one I found that slipped past me somehow: Bill Gates rants in 2003 about how unusable Microsoft.com was for installing software.

Sounds like the rest of us dealing with that bullshit. Lol.

Clive RobinsonNovember 8, 2016 11:15 PM

@ ab praeceptis,

Where is normal H3s you make logic statements as we know them (like "when entering param 'day' must be no less than 1 and no more than 31" or "the return value is guaranteed to be a valid date")

The use of time measures greater than 1 second is a difficult problem for many reasons such as different calendars, and correction systems, thus,

    "the return value is guaranteed to be a valid date"

Is an example of a statment that looks correct being actually incorrect, and not achievable in all cases.

Lest you think I am "nit-picking", I'm not. I've been bitten a number of times by reasoning built on incorrect assumptions.

A simple case of what can go wrong --and did-- is different measures and convertions, you would think that "a valid angle" would not have any holes in it as a statment but you have a couple of measures (degrees and radians) so you need to first get that right. So the statement goes to "a valid angle in degrees" but that it's self has issues when it comes to how you give fractions of a degree, do you do it as normal "decimals" or in "minutes and seconds", if the latter how do you deal with fractions of a second of arc? But there are other issues such as the use of negative degree values and values greater than 360 degrees.

The point is you get just one of these things wrong and you can be in a world of hurt, thus the seamingly simple "a valid angle" needs not just an entire specification but also a detailed description of how and when to convert from one measure to another and the required precision and rounding.

Even in areas where you would expect such levels of detail things still go wrong, and there is no system of formal methods that is going to "catch them all in a tool". Because tools work within the "known problem set" not the "unknown".

ab praeceptisNovember 8, 2016 11:48 PM

Nick P

Thanks, I know Rosu (a very bright mind) and his work. But there are problems, although I congratulate to v. 1.1. One problem is that matchC is, of course, for C. Another and way heavier problem is that his system is way too math-heavy for the vast majority of developer to find take up and use.

The Cambridge paper (the dissertation) is a very interesting read and an attractive endeavour but somewhat besides the point here from how I see it. That's not something of direct relevance to software development (but rather for people who develop proving tools). I would, however, much like to (and in a not too far future expect to) see it in the modelling area.

Which btw is another sad point. Many people in sw developement tend to confuse all that and to vaguely talk about "formal methods".

If I were to teach a uni course for sw development, it would be one of my major and first points to help my students to gain a proper understanding of the different steps and fields.

Why am I so picky? Because, frankly, static sw verif. is pretty much a done thing. Sure, we still want better expressivity, more speed, etc, but the foundations are there.
At the same time one of the *major* problems I see in sw devel. is that it's widely understood as the implementation process - which, unfortunately, is a the source of much trouble (up to heartbleeds).

Short, I would feel confident today to take on a project properly implementing e.g. tls. We have the languages and the tools (but sadly too few developers who know to use them ...)

What we need id better spec. and modelling tools and we need sw developers to understand that either them or someone else must push the beginning of sw dev'ment to the proper point, i.e. to the algorithms, to the conception phase.

To put it into a somewhat warped picture: If a dev. wants to quickly try out something he can use a plethora of interpreted languages, maybe python, maybe s-lang, or whatever.
And if he wants to play with an algorithm on a more abstract level? He is stuck with coq or isabelle which are cumbersome and very weird to non functional developers. And keep in mind that those tools are not for playing but for proving work beforehand.
That's where I see great value and an important step in endeavours like the above Cambrige dissertation. Until then, oh well, something like WhyMl (yuck) and patiently holding the tools hand ...

Until we get a "python" like modeller, modelling will largely take place in heads only with maybe a piece of paper or in committe like aberrations.

ab praeceptisNovember 9, 2016 12:34 AM

Clive Robinson

Thanks for walking right into my (absolutely benign and friendly, purely discursive) trap; I used a date/time related example well knowing about the box I would open *g

And you are absolutely right.

But it's not just for the fun of it that I opened that box. It also serves as a striking example why we need to shift "start of design" from "well, hack away" towards "play with your model".

What you say are basically algorithmic and/or conceptional problems. Doing it sloppy and just assuming that dates are in *our current* calender system is a good example. Static code verif. will fail to catch the problems arising from that; it will be limited to catch errors in implementation on top of the chosen concept. How should it catch the fact that someone might enter a julian date? Or how should it catch a feb 28 vs 29 error unless our conception includes that issue?

Short: we should change towards a model where we finally remember Dikstra: Software is the implementation of algorithms.

Nobody (I would hope) would try to redesign a houses static while building it. Obviously a "building checker" can only check against what the blueprints tell.

Accordingly we must re-locate our perception and habits to do the playing and testing on algorithms/models and not on code. Unfortunately, as I showed above, that is a complicated a hardly promising endeavour when the tools are cumbersome and didely ignoring developers (they are usually made by and for mathematicians) and when steady progress on the code verif. side makes it luring to do the modelling as an afterthought and necessity or, in many cases, just let go completely and content oneself with "the compiler gave me no error".

tyrNovember 9, 2016 2:17 AM

@all

If you have 50 minutes to spare, Doug has some
interesting ideas to present.

http://www.rushkoff.com/sibos-2016-closing-keynote-platform-cooperativism/

His idea of where the renaissance came from is
somewhat suspect though. The free exchange of
ideas was caused by the Mongols opening the
trade routes from China to Italy. Western
centric history tends to ignore that since it
frightened them out of their wits. Once you
open new areas of contact you get lots of new
innovations and the impact of the Net hasn't
really occurred yet.

CynthiaNovember 9, 2016 2:32 AM

Been using Lastpass since 2010 and I haven't experience any issues with it. I'd give Keypass a try though upon hearing these Lastpass shenanigans.

Clive RobinsonNovember 9, 2016 4:39 AM

@ tyr,

Once you open new areas of contact you get lots of new innovations and the impact of the Net hasn't really occurred yet.

Ouch... The way the things are shifting with the Internet, the future looks very bleak on that view.

History tells a rather unplesant tale from around the time of Henry VIII and the first proffessional Navy through empire building and colonisation to the modern day "Invasions for Democracy" which are anything but. Put simply it's all theft oppression and servitude started by corporate adventures and reinforced by the guard labour of states paid for by the plundering of those less technically advanced.

ab praeceptisNovember 9, 2016 5:26 AM

Just discovered at hackernews. An open source "Hospital System". In java. What could go wrong?

On the home page I quickly see a smartphone, a tablet and a notebook; looks all very apple-ish (don't count on my word. It's my first impression, it might be wrong).

Evidently that's their image, both of themselves and for users (hospitals). Looks like a typical driven by design (as in "colours" and "forms", not as in "engineering"). What could go wrong? After all, as everybody know, the most important criterium for a hospital application is doubtlessly that it's nicely designed and that it runs on smartphones, right?

Next, a look at the code. I have a hunch ...

Being confronted with a java typical maze I walk around and have a look at the drugs stuff ("It's all a matter of dose. Too much can kill, too little can be irrelevant or even harm").

And what do my eyes see? Some kind a prescription/application class (feed drug order).

Wow. Have look:

private int numberOfDays;
private String productUuid;
private Double quantity;
private Double dosage;
private String unit;
private String orderUuid;

They should be lauded! At least they didn't make it public and accessible through a web xml blabla publisher thingy (don't take my word for it ...)

Quantity as a double. Brillant. I see it before my eyes how their brains ticks, when suddenly it strikes them "There might be half pills or 2,7 ounces of something!" - hence double. double is also good and useful in case you ever wanted to describe 3.7 zillion tons of some medicine. Don't you laugh! let me ask: what's in their way to avoid that?

Well, let's look:


public BahmniFeedDrugOrder(String productUuid, Double dosage, int numberOfDays, Double quantity, String unit, String orderUuid) {
this.numberOfDays = numberOfDays;
this.productUuid = productUuid;
this.quantity = quantity;
this.dosage = dosage;
this.unit = unit;
this.orderUuid = orderUuid;
}

Very well done. In case you wish to prescribe 3.7 gazillion tons of some medicine, that is.

But let's not hasten and judge too quickly. Maybe that constructor wasn't really meant to set all the parameters and they just put it there because they like to type.
Certainly, there is a setter which then with eagle-eyes controlls whether the input makes any sense.


public void setQuantity(Double quantity) {
this.quantity = quantity;
}

Uhm, hmmm.

Do you feel better already?

So sorry, Ma'am, but who would have thought that our 30 cents an hour nurse would mix up micrograms and pounds? Sorry again. Have a nice day.

ThothNovember 9, 2016 6:27 AM

@ab praeceptis
That sort of subtle problems are due to the ease of the IDEs where you right-click on variables and select the "Encapsulate Field" option from the pop up and the IDE (Netbeans in my context) automatically generate the Get and Set methods.

An easy fix is to enumerate the unit fields instead of string field and then set a logic when setting the amount to work with the enumerated units to do bounds checking.

ab praeceptisNovember 9, 2016 8:22 AM

Thoth

Rule #1: Assume that the user will enter the most nonsensical input imaginable.
Rule #2: Assume that your imagination is limited and that some user will find ways to enter crap far beyond your wildest imagination.
Rule #3: setters are part of the interface. Any input that is not properly checked is to be considered a kilogram of explosives with a free crocodile with aggression disorders thrown in for free.

But hey, it's just a hospital system. Though, certainly it's not too welcome to hear "Pardon me, Sir, yes your wife is dead and your brother crippled but, you see, that's not our fault. It's our IDEs automagic that did it" (and the fact that our developers chose to remove their brains to make room for java stickers and usb sticks).

(I'm not angry at you. You just told a reasonable assumption. I'm angry at those brainless "developers" who, of course, expect but admiration; after all it's open source!)

Sometimes I'm wondering whether it's soldiers with evil intentions who killed more people or whether it's brainless meatpiles who meant, oh so well.

ThothNovember 9, 2016 9:19 AM

@ab praeceptis
Got it.

Kinda have to expect all these IDE magic these days. It's a huge hindrance to a point I don't code my GUI with drag and drops via IDE's visual editors which are so irritating. I prefer the old school style of hand coding as much as possible. Heck, you could even code with visual drag and drop to create your source codes these days, let alone right-click brainlessness these days.

IDE devs will say that they are providing convenience and it's the software dev users who are suppose to check the codes the IDEs generates automatically and edit them (oh and some code blocks auto-generated by Netbeans are so hard to edit as they are locked and I had to manually code them myself most of the time) while the software devs would try to point fingers at "stupid" automagic.

JG4November 9, 2016 11:43 AM


You can exfiltrate sound from a room via modulation of an LED bulb, if the corresponding window can be observed with binoculars or telescope, then fed to a demodulator. Can't recall when I became aware of the concept, but it almost certainly was between 2006 and 2010. This seems to be a mildly overhyped example:

http://therundownlive.com/new-smart-lights-allow-nsa-spy-using-led-technology/

LED streetlights that only turn on when vehicles or persons are in the vicinity will save a lot of greenhouse gases from being emitted, but create other interesting problems.

Laser scatter from dust in the air can be read remotely with a laser, analogous to the way that laser beams are used to monitor window vibrations caused by sound in the building.

PetterNovember 9, 2016 12:51 PM

HALs future friend have appeared. :)
Great for surveillance when it's not possible to get audio.
Or in political discussions when someone is talking away from the mic.


LipNet, a model that maps a variable-length sequence of video frames to text, making use of spatiotemporal convolutions, an LSTM recurrent network, and the connectionist temporal classification loss, trained entirely end-to-end. To the best of our knowledge, LipNet is the first lipreading model to operate at sentence-level, using a single end-to-end speaker-independent deep model to simultaneously learn spatiotemporal visual features and a sequence model. On the GRID corpus, LipNet achieves 93.4% accuracy, outperforming experienced human lipreaders and the previous 79.6% state-of-the-art accuracy.


https://arxiv.org/abs/1611.01599

ThothNovember 9, 2016 6:53 PM

@Shaken, not stirred.

The only defense that the corporate telecom industries have at hand to protect themselves against some levels of hacking is simply security via obscurity (secrecy of protocols, NDAs ..etc..) and nothing more.

It is unsurprising that telecom networks are deliberately weakened for easy interference (a.k.a NOBUS operations) as per necessity.

ThothNovember 9, 2016 8:37 PM

@Shaken, not stirred.

How is this ever surprising to note that Samsung could simply switch off or do anything it wants to it's phone. Carriers and phone makers are the true owners of the phones they made and we simply "rented" the phone for a few thousand USD$.

what?November 9, 2016 8:58 PM

@Thoth

You mean USAE (Us And Everybody else)? I don't believe any of that wasn't common knowledge in the tech infosphere many years ago. Maybe it was somewhat pushed aside since late 2015?

Shaken, not stirred.November 9, 2016 9:00 PM

Tor's transitive disclaimer to human rights couldn't have been more keenly positioned than the position we find ourselves in today.

Yesterday, it was 1984. Today?

It's 1938.

John J FoelsterNovember 10, 2016 12:21 AM

I'm reaching out to Dr. Schneier:

I hope you read this. It's in regards to the Washington Post article about your speech on attacks on our voting machines. I had already sent an email on the subject but it may have gone to spam. I may attempt to reach you by phone at your offices tomorrow.

I am deathly terrified that you may have been right. (Not entirely true, I'm more afraid that I'm wrong and that this is actually the will of the people. I'm slightly less afraid that we're both right but the apparent results will stand because of my incompetence and, eventually, lead to a second civil war.) I'm under an immense burden because I, by the most ridiculous of coincidences, have a very clear idea who hacked this election. And I don't know what to do.

I'm an out of work database geek who has been spinning his wheels researching hacked voting machines in Alaska in the 2008 and 2014 General Elections. I'd been trying to craft into a case with academic level precision, which of course also means that no one is interested in trying to read it. Planning... Worked myself to near breakdown trying and failing to get it published the week before the election.

I think I have a fairly complete case on the 2008 Alaska hack and the Palin resignation that it caused. I know who did the programming for it and the 2014 Alaska attack, and we have to assume he could have done it again. But I have no contacts in law enforcement, the Democratic Party, the media or... Well to be perfectly frank I actually am an obsessed loner with far too much free time and no social outlets, which is something I need to work on.

And the practical upshot is that I know who the hacker is and I think I can get someone else who knows too, the Director of Elections who caught him and precipitated the Palin resignation to give criminal evidence against him once she knows all the facts.

I really need to lay it all out for an expert. Actually two sets of experts. One on election results analysis, one on voting machine technology. Probably some forensic programmers, criminal detectives.

If you have the time to help me out please respond to this comment, and we can figure something out.

Clive RobinsonNovember 10, 2016 12:56 AM

@ Shaken...,

With regards the 4g lte protocols and their lack of security when deployed.

The researchers observe,

    While the Nokia Bell Labs’ team’s proof-of-concept attack should concern telecommunications executives, Rao cautioned that it would also be difficult to pull off.

Difficult to whom?

The unvarnished truth is that telco operators interests in establishing "trust" between them is incredibly minimal to non existant. It's why SS7 has been around for over forty years without any security.

The reason is that the only interest the telco operators have in security/trust is for "reconciling payments", nothing else. Due to the way the market works cheating would kill a telco faster than a "nuclear enema" so they do not do it... Thus as they implicitly trust each other they take no security precautions what so ever due to "cost" savings.

Which means that the most likely course of action for the telcos is to take no security precautions even if IPSec is "built in".

So any attacker who gets into the signaling system network can do things with near impunity providing they ensure "the books balance". Which harks back to Cliffod Stool's "The Cuckoo's egg"... and coldwar international espionage and unexplained deaths in forrests. Then of course in more recent times the Athens Olympics and yet more international espionage and unexplained death. Where their any changes made by the telcos, ley me think... Err no.

WaelNovember 10, 2016 1:26 AM

@Clive Robinson, @Shaken, not stirred,

Which harks back to Cliffod Stool's "The Cuckoo's egg

Pretty good book. Read it many years ago. 75 cents is what gave away the spy. Here is a free PDF.

By the way, he talked about his degree defense questions in the book. Here is a short clip of him answering the simple question why the sky is blue.. A small tribute to him. And The KGB, the computer, and me, talks about the adventure in the book. Pretty interesting character, would have been fun if he participated here ;)

Wesley ParishNovember 10, 2016 2:57 AM

Interesting! But would such a thing ever happen?
http://www.theregister.co.uk/2016/11/09/trumps_torture_support_means_end_of_gchq_nsa_relationship/

Jim Killock, executive director of the Open Rights Group (ORG), warned The Register: "If the US openly pursues a policy of torturing those suspected of terrorism, it cannot legally be enabled by the sharing of intelligence from the UK."

I'm sure MI5 and MI6 would cheerfully bastinado whatever and whoever is responsible/irreponsible in the UK state apparatus for oversight of intelligence into agreeing to continued intelligence-sharing ties with the US. I'm sure they'd even agree to a name-change from Military Intelligence to Natural Stupidity ...

tyrNovember 10, 2016 3:32 AM


@Clive

I'm amazed at the level of density shown by the
anti-Trump crowd when faced with the reality of
majority rules democracy. To paraphrase Churchill
Democracy is a terrible system but it is better
than the rest of the alternatives. You'd think
that folk who use such high sounding rhetoric
would be able to accept a defeat by the voting
process a little more gracefully... : ^ )

He hasn't even had a chance to screw up the world
yet, which you can't say about the other set of
clowns. Their track record was all too plain for
comfort.

Taleb was particularly unkind about it and IYIsms.

I wonder how long it will take for Comey to scrape
the egg off his face, all he had to do was keep
quiet for a couple of days and he'd have been secure
in his job but he believed the media and now will
have to start typing his resume.

John J FoelsterNovember 10, 2016 4:38 AM

Since this seems to be a pretty robust community on IT security, and the posters and mods were very friendly and polite in explaining to me where to, (and I can't sleep) I thought I'd post some links to what very little is on the web right now about my proposed 2008 and 2014 Alaska election hacks and their relation to what is looking very much to me like a spectacularly fraudulent 2016 election.

Here's my early post election morning Daily Kos story on the existence of a viable AV-OS hack since about 2014, with some recommendations on what to do in the present emergency.

http://www.dailykos.com/stories/2016/11/9/1594135/-We-have-not-Lost?_=2016-11-09T02%3A05%3A54.548-08%3A00

It's replicated here, with a very nice recommendation of the confidential (and bloated) blog I wrote on the details of the 2008 Alaska attack.

https://whatdoino-steve.blogspot.com/2016/11/john-foelsters-research-into-alaskas-av.html

I'll state that one thing we absolutely need someone to do is take a look at the county to county swing to Trump over Romney 2012 nationwide and to what degree it correlates with presence of AV-OS and AV-TSX brand machines. And a measure of which states where Trump most outperformed the polls had the biggest usage of the AV-OS and AV-TSX, to see if there is a correlation there. I've been trying but getting well formed county results data out of news sites. You'd think getting a list of what % of registered voters use the AccuVote brand in each state out of Verified Voting would be easy, but their data file is... proving to be a pain.

I'm pretty sure that the high AV-OS usage in Michigan and New Hampshire is significant though in their going a way that was unexpected in the pre-polling.

I had been discounting Dr. Elizabeth Clarkson's conclusions that an attack had been made on Wisconsin and Kansas in 2014, or at least Wisconsin, because I had thought it would require too large a conspiracy. Based on what I'm seeing in last night's data, I think we have to assume that she was correct in all or most of her conclusions, and that GEMS PCs for configuring AV-OS and AV-TSX voting machines have been being corrupted by the employees of the manufacturer nationwide for the last two years.

Clarkson, who's been kind enough correspond with me briefly, indicates that some other machine brands were implicated earlier. But her notation makes it a bit had to pick out what the brands she implicates are. And the statistics is utterly above my head. If anyone can understand it, I'd be indebted for an explanation.

https://www.statslife.org.uk/significance/politics/2288-how-trustworthy-are-electronic-voting-systems-in-the-us

Trump's a con man, and this is the greatest con in world history. He talks about election rigging for weeks in advance so everyone will ridicule the idea in the press and then, when you do it yourself, no one can accuse him with a straight face.

The whole thing will disintegrate if someone does a hand count of those AV-OS jurisdictions and the VVPAT for the AV-TSX ones. But how can I persuade them to do it?

I can prove the 2008 and 2014 Alaska elections were hacked if someone will take the time to apply the test I have suggested. But how can I persuade them to do it?

Sigh.

ab praeceptisNovember 10, 2016 5:21 AM

John J Foelster

Pardon me, but from what I see and know about this blog, this blog is not the right place.

For two reasons:

- This blog is about security. Our interest in voting fraud is of a rather technical nature. (And I guess most of us have lots of reasons to be suspicious of pretty much all voting machines). But your post offers very little for us to look at.

- Please join the line. There is many, many who feel or think that the elections haven't been perfectly proceeded, possibly with evil intention.

But this is neither a Trump nor a clinton forum.

Third, many of us are not the believer kind of personality but the researcher kind. And mistrusting (security and mistrust are cousins).

Having your text on an absolutely non-technical site and on what seems to be a pals site, doesn't exactly soften my mistrust.
Neither does the fact that your "vast" private website with "lots and lots of information" gets mentioned in your pals intro but I don't see a link.

Mentioning "lots of info" but not providing it is all but making sure to create mistrust.

Maybe I'm a tough a**hole. Possible. But from what I see, there is no case because there is no material, no evidence, at least none for us.

I therefore suggest that you lay down and get some sleep, possibly while sobbing about this bad world, or that you give us something tangible and IT security related to look at.

Clive RobinsonNovember 10, 2016 5:25 AM

@ Wesley Parish,

SiS (MI6) in particular is quite sensitive these days about "torture" due to Tony Blair then UK PM and the "10 Downing St Clique" that produced amongst other loads of clap trap the "Dodgy Dossier", ripped off a PhDs thesis and sucked in some of the more gullible members of the State Securocracy who realy should have known better.

The main perp behind the clique was an unelected lick spittle sadist psycho called Alistair Campbell, who was Teflon Toy's "spin doctor in chief". He abused so many people, processes and laws it's of some wonder why he is not locked up into some durance vile untill he expires in the same way as Dr. David Kelly. Despite the superficial charm he uses to get his way, he is such a repelant person underneath, in comparison he makes Margaret Thatcher look like a sweet old dear.

https://www.theguardian.com/uk/2010/jan/10/alastair-campbell-iraq-dossier-inquiry

Campbell managed to hook in John Scarlett head of the JIC and appears to have significantly influanced Scalett's report writing on Iraq WMD repeatedly and incorrectly.

https://en.m.wikipedia.org/wiki/John_Scarlett

Much to many peoples suprise John Scarlett got given the top job in the SiS and the acompanying Knighthood. Some view it as a pay off for keeping the cupboard door firmly closed against the Iraq skeletons. Which included just what SiS Officers were doing at US torture facilities and sessions, and facilitating US rendition flights through UK airports and similar...

The result is quite significant reputational damage for SiS, which they are slowly correcting. Thus they are quite touchy about tourture in all it's forms including the mainly usless intelligence that arises from it.

One big lesson relearned from Irag is neither tourture or bribery/bounties realy works. What does is carefull boots on the ground forming mutually viable trust relationships. In effect the old "Hearts and Minds" techniques but in a way that does not endanger the methods and sources.

John J FoelsterNovember 10, 2016 5:55 AM

@ab praeceptis

Those are perfectly understandable and justifiable responses, and ones that I should try and answer.

The fact is I'm on the horns of a dilemma with respect to the data on that private blog. It has a a lot of detailed analysis of the backgrounds of individual employees of the Alaska Division of Elections, and makes specific criminal accusations against one.

If I make it public, I could be sued, which I can't afford. I could precipitate this person's flight and the loss of him as a potential witness, impeding an investigation. If I don't make it public, I'm just as screwed, because people can justifiably ask why they should take the time to sift through the gigantic thing.

The people I really need are folks like Nate Silver and Sam Wang, whom I've already emailed to no effect.

Dr. Schneier is the only person with any sort of expert authority who predicted this. It seemed he'd be more inclined look at what data I do have and grab the ear of the polling analysts.

My presumed hack on the 1.96.10 firmware is derived from anomalies in the 2014 election data. I don't know where in the AccuBasic interpreter it exists or how it allows arbitrary code execution, just that it absolutely must exist. I could give you those, but you just specifically said they did not interest you.

Admittedly the only thing genuinely >>IT

I'm not really doing a good job of answering your critique, so I apologize.

If that's the feeling of everyone else in the community and Dr. Schneier, I can withdraw when that becomes clear.

John J FoelsterNovember 10, 2016 6:07 AM

Using those symbols to emphasize "IT" somehow broke that sentence. It was supposed to say that there was a part of the reporting system on the ADABAS Alaska voter registration database that was removed for no apparent reason and never replaced, despite subsequent upgrades to the same system. They had an automatically generated HTML report of the number of people who voted in each election from 1996-2006, which was replaced by a scanned PDF of a printout. When the system was replaced with a modern RDBMS in 2015, they replicated the format of the printout as a styled PDF, despite that taking more effort to make (and conveying less information). They also were willing to pay big money to hire an ADABAS programmer to make reports requested by the staff.

So why make the staff scan a printout?

It's pretty dry as evidence...

pastebin.comNovember 10, 2016 6:12 AM

@John J Foelster: "If I make it public, I could be sued, which I can't afford."

Someone else might anonymously put these data on pastebin, using TOR, TAILS, ... afterwards, you might give that link here.

ab praeceptisNovember 10, 2016 6:51 AM

John J Foelster

Much of that material (like the names of persons you accuse) is not relevant to us.
Just assume that we are experts at court. Like those experts, we only need "our" beef, the tech stuff.

In case you are lucky, someone already posted much of that material (in particular the tech stuff) on, say, pastebin. If so, I would hope for that person that he didn't use his home ADSL ...

It might be worth for you to have a good look at pastebin and other watering holes. In case you happen to find the material there, give us the link.

part 2: adabas?

Let me tell you something: You don't need fraud or evil intent to experience strange and "funny" phenomena with adabas, haha.

GregWNovember 10, 2016 7:45 AM

If you want an expert on voting fraud you might try contacting Bev Harris of Black Box Voting. She doesnt get the press of the public figures you mention which you'd need to get the hand recount done, but she does have a fair bit of experience and expertise in this area and perhaps could give you some insightful advice or partner with you getting the word out if she gauges your reasoning as credible.

ThothNovember 10, 2016 9:54 AM

@all

In the light that the next US President is willing to make torture legal, techniques for duress situations (i.e. self-destruct of secure execution environment CSPs, deniability) should be ramped up. Creating duress triggers that prevents adversaries from deriving evidences or clues and denying the adversaries the capabilities of predicting when the duress trigger is activated (prior and post duress trigger states) including the secure destruction of sensitive materials (i.e. tamper resistant environment zeroizing of materials) would require more research to protect users in duress situations and secure self-destruct without leaving too much traces behind.

Link: http://www.theregister.co.uk/2016/11/09/trumps_torture_support_means_end_of_gchq_nsa_relationship/

John J FoelsterNovember 10, 2016 7:10 PM

@All

Apologize for lack of replies, been doing stuff.

Other channels are now moving things forward.

Excellent ideas all but do not have time to reply.

I apologize again for imposing and thank you for your advice.

name.withheld.for.obvious.reasonsNovember 10, 2016 10:09 PM

It is during a period of social-political disruption that BULLIES will seek out and use technology and technological expertise (GEEKS/NERDS...you know who you are) to manage the levers of power. Leveraging broad swaths of scientific disciplines, tyrants and authoritarian actors pry from the resistor/dissident/citizen handsthe means and apparatus of resistance. Often lured by the trappings of "name the moral or ethical weakness here" the duped technologist gives in to temptation--not realizing that it is only a matter of time when their card is drawn from the deck.

My advice, remain revolutionary (counter revolutionary may be more accurate)...do not fall prey to the shiny objects or disingenuous platitudes made by those whom benefit from your devices.

Wesley ParishNovember 11, 2016 3:54 AM

@Clive Robinson, Thoth, anyone else interested

The reason why torture is a waste of time is a simple neurological matter: it just happened to be the one thing that I found hardest to work out when I was reading Guyton. The brain consists of a vast set of sets of neural networks. Some are excitatory: that is, they "fire" to get something done; others are inhibitory: that is, they "fire" to stop things being done.

Some circuits are relatively simple and easy to understand. The excitatory ones connected to appetite fire when energy levels drop; the inhibitory ones fire when the stomach registers "full" and energy levels start to rise.

Others are rather more complex and depend on the brain's social circuits drawing connections. We know, I suspect from embarrassing personal circumstances, what happens when the inhibitory circuits in the social interaction part of the brain are switched off by an intake of a popular intoxicant.

Now when you have an individual under interrogation, the interrogator is trying to change the interrogated individual's inhibition on releasing certain information in general. Pain is sometimes a method that works; other times it doesn't. It's a rather blunt instrument.

That's because there is no "automatic" path between pain under one's fingernails and the password for such-and-such an account. There is no necessary neurological path between a red hot poker up one's rectum and the code for turning off the obligatory ticking time bomb - much less a necessary social path. In fact, torture replicates being a victim of predation. And some people hallucinate during dying.

So there you have the benefit of my neuroscience education and my diversions into zoology ...

WaelNovember 11, 2016 4:28 AM

@Wesley Parish,

The reason why torture is a waste of time is a simple

It doesn't matter. There'll always be the sort that enjoy inflicting pain on others, sometimes as a form of revenge. It's more about "enjoying" the process than its about extracting the truth.

And some people hallucinate during dying.

They are crossing a boundary into another realm. They're not hallucinating! They are seeing and hearing things that we aren't[1]. They are not able to describe them in terms we understand. And even if they were able to describe them to us, they'll sound like hallucinations. Someday we'll pass through that boundary. Hopefully after a long happy and safe life for you.

[1] Imagine a twins in thier mother's womb. The womb to them is thier whole world. Sufdenly an earthquake takes place (the mother starts to have contractions.) One of the babies goes out first. To the other unborn baby, it's sibling is about to leave their world, I.e: about to die. The baby being born starts signaling its sibling to describe what's the outside world looks like. To the baby inside it sounds like hallucination. Once the first baby is born and gets a slap on the butt, it'll scream to warn its sibling: stay the f*ck inside, there is this giant that'll cut your cord and kick your ass.

ThothNovember 11, 2016 6:31 AM

@Wesley Parish
Interesting information. The fact that torture (i.e. waterboarding, making a victim deprived of sleep ..etc..) is still being used under the "Enhanced Interrogation Technique" spectrum and so on is a huge concern despite scientific studies showing that torture can be a wild card and may even alter the target's perception and memory as well thus making the information unusable. The fact that nation states and organisations insist on the use of such techniques meant that there needs to be defensive measures even if torture may or may not work.

AnuraNovember 11, 2016 9:04 AM

@Stephen Landers

Republicans have been fightingng Net Neutrality for a whil now and now they have full control over government with a President who has shown no concern for anyone, and who is likely to appoint all the Republican's favorite insiders. Not only that, it's an Obama victory, which makes it a doubly high priority to shut down. What makes you think Net Neutrality is safe?

If you think Republicans aren't going to get the things they have been fighting for now that they have full control over Government, you are really going to be disappointed.

John J FoelsterNovember 11, 2016 10:52 AM

I thank the members of this community for the excellent advice.

After reviewing my evidence for systemic fraud in Tuesday's elections, I have discovered that I was in error. As these statements were libelous I have removed them from Daily Kos and asked that Steve Aufrecht remove them from his site.

I will be issuing a formal note of retraction and apology later today.

Bare TrapNovember 11, 2016 11:10 AM

John,

So says the guy that was hanging out at the water cooler for an hour after voting while the young Dems played angry birds on their phones. It's a good thing those Dems made sure to place it right behind the Diebold model 1 for all the civvies to inspect for malignant behavior.

You know, just like distracted drivers.

I personally found the failure mode to be disturbing, the machines only beep once and only beep if there's a problem.

If things went right, it went off without so much as a sound otherwise.

Bare TrapNovember 11, 2016 11:44 AM

If the winds change, and the net neutrality protections go byebye I think that we can expect the net results of any and all significant traffic to be used as smoke signals without our approval.

Which came first, the gestapo or the fuhrer?

My InfoNovember 11, 2016 7:08 PM

Regarding my previous comment about my investigation into the P vs. NP question and its possible independence: that was just a test run.

Actually, I realized that no proof along those lines will succeed in establishing the independence of the P vs. NP question. If it did, an almost identical proof would establish the "independence" of the statement P==EXP, which we already know to be false.

Reason being, the BGS oracle A is so powerful that

PA==NPA==EXPA==EXP

So if my proof worked, so would a similar 'proof' based on the fact that

PA==EXPA and PΣ!=EXPΣ

but we know that P!=EXP.

However my post must have fooled a lot of people, because beaucoup unsavory characters related to organized crime, national security, and foreign interests suddenly showed up all over the place with an all too convenient interest in this issue, all too eager to dig in my pockets, my personal computer, and my private papers even to the extent of committing multiple counts of robbery and grand larceny. And I hope they're prosecuted for it, too, and deported after they've served their sentences.

Just the usual bankster and gangster crowd stupid enough to think that any possible attempted proof related to the P vs. NP question will somehow threaten the security of their money laundering, drug dealing, and banking operations which have now come in their minds to depend on certain mathematical operations that are supposedly difficult to compute and easy to verify.

"But thou, O Daniel, shut up the words, and seal the book, even to the time of the end: many shall run to and fro, and knowledge shall be increased."

So anyone who actually has interest in the math: get lost, get out of my hair, get out of my honeypot, stay away from me, get out of my neighborhood, read the posts and do your own research and your own math on your own time.

That's my warning.

It is unfortunate that no one can study such an unobjectionable subject as pure math in the U.S. without being assaulted and robbed and having one's privacy maliciously invaded and violated by international criminals.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.