Friday Squid Blogging: Electronic Screens Inspired by Squid
Squid-inspired electronic screens.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Squid-inspired electronic screens.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Ronnie • December 9, 2016 5:16 PM
PoI: The Machine or Samaritan
IBM Watson to fight cybercrime
https://www.wired.com/2016/12/ibm-watson-for-cybersecurity-beta/
Starting today, 40 organizations will rely upon the clever computers cognitive power to help spot cybercrime. The Watson for Cybersecurity beta program helps IBM too, because Watson’s real-world experience will help it hone its skills and work within specific industries. After all, the threats that keep security experts at Sun Life Financial up at night differ from those that spook the cybersleuths at University of New Brunswick.
Watson isn’t starting from scratch here. IBM researchers started training Watson in the fundamentals of cybersecurity last spring so the computer could begin to analysize and prevent threats. Now it graduates to real-world situations to further hone its skills. Think of it as the world’s smartest intern.
Peter Thiel’s Vision • December 9, 2016 6:29 PM
Peter Thiel, PayPal founder claims to care about individual privacy and freedom. Obviously this is why he invested in Facebook in 2004. He also founded top-secret Palantir who today, has unparalleled access to millions of the the most sensitive personal databases.
Thiel Quotes:
Instead of the United Nations, filled with interminable and inconclusive parliamentary debates that resemble Shakespearean tales told by idiots, we should consider Echelon, the secret coordination of the world’s intelligence services, as the decisive path to a truly global pax America,” Thiel wrote.
In a world of nuclear weapons, facing the scale of terrorism seen on 9/11 or worse, true liberal thinkers must act forcefully to spread their values and stave off existential risks, Thiel argued.
http://www.businessinsider.com/peter-thiel-is-trying-to-save-the-world-2016-12
In the mass of bickering idiots Mr Thiel stood alone having a clear vision of the future, somehow knowing Mr Trump would likely become President. His speech at the Republican National Convention put him on a pedestal with both Mr Trump and the nation. Now is the time to dramatically change the nation and World.
Souless Clueless Leaders
Since the election New York Times executive editor reflects: ‘We don’t get religion’. (Mr Thiel and Mr Trunmp do!)
http://www.businessinsider.com/new-york-times-editor-religion-dean-baquet-2016-12
Peter Thiel gave Mitt Romney some prescient advice in 2012 — and was ignored. In comparison The Donald laid it on ‘thick and heavy’ and won.
http://www.businessinsider.com/peter-thiel-gave-mitt-romney-advice-2016-12
Cast Aside
But in the weeks since the election grass roots citizens supporters are no longer needed. Populism is already the first casualty.
So too are American national-security leaders and agencies. Why? Ask Peter:
“But I have a slightly different cut on the Snowden revelations. I think it shows the NSA more as the Keystone Cops than as Big Brother. What is striking to me is how little James Bond-like stuff was going on and how little they did with all this information. That’s why I think, in some ways, the NSA is more in this anti-technological zone where they don’t know what to do with the data they find. So they just hoover up all the data, all over the world.
One way to think about this is that if the NSA bureaucracy actually knew what they were doing, they would probably need way less information. What’s shocking about Snowden is how much information they had and how little they did with it.”
http://www.vox.com/2014/11/14/7213833/peter-thiel-palantir-paypal
Theological Doctrine Requires Both Military Force & Mass Surveillance
Quote:
We now have three of the four top national and domestic security agencies of the government under the management of recently retired generals. (One might reasonably change the number to five if considered the DOJ which houses the FBI.) We could have a fourth if President-elect Trump chooses David Petraeus as Secretary of State
http://talkingpointsmemo.com/edblog/this-is-not-normal
Peter Thiel is well versed in the Bible and uses it as a foundation for his plan to transform the hapless jealous, bickering souls into a new world order. His mature weapons of mass surveillance and the appointment of no-bullshit commanding generals leave no-stone unturned for the ‘undemocratic use of force’.
True believers ‘of good’ are taught NOT to be fooled. The feigned caring about privacy and freedom are red herrings.
Its easy to predict strong encryption will soon be outlawed just as in England. The currently ignored intelligence services will be retasked inwardly, which, could be argued was always the long-term goal.
Pretty exciting times?
65535 • December 9, 2016 6:34 PM
@ Uncle Joe Stalin
‘…deputy press secretary Eric Schultz… briefing.”This will be a review that is broad and deep at the same time,” …The announcement follows repeated demands from congressional Democrats for more information about the digital assault that destabilized the Democratic Party and Hillary Clinton’s campaign through much of the election. Schultz insisted the review was “unrelated” to these requests… At a Friday morning event, Lisa Monaco, Obama’s counterterrorism and homeland security adviser, explained that the country had “crossed into a new threshold.”’-politico
http://www.politico.com/story/2016/12/obama-orders-full-review-of-election-relate-hacking-232419
It’s looks like we have thrown a spanner in Trump victory… or have we?
I don’t pretend to know in the mechanic of the Electoral College but, I do know an 11th hour big shot political maneuver to pull the levers behind the curtain.
This is bombshell delivered on a Friday in the States. That means the public cannot contact their political representatives until Monday [or working days] to get official Senate or House action [maybe twitter, or gov email but the latter will probably not be read until Monday].
The Obama “Bomb shell” may indeed delay the electoral college votes in the swing states that Trump won. It looks like those swing states electors must certify the Presidential results by approximately December 13, 2016.
‘December 13, 2016′
“States must make final decisions in any controversies over the appointment of their electors at least six days before the meeting of the Electors. This is so their electoral votes will be presumed valid when presented to Congress.
“Decisions by states’ courts are conclusive, if decided under laws enacted before Election Day.” –archives dot gov
https://www.archives.gov/federal-register/electoral-college/key-dates.html
[The swing state issue Wikipedia]
“According to this criticism, the electoral college encourages political campaigners to focus on a few so-called “swing states” while ignoring the rest of the country. Populous states in which pre-election poll results show no clear favorite are inundated with campaign visits, saturation television advertising, get-out-the-vote efforts by party organizers and debates, while “four out of five” voters in the national election are “absolutely ignored”, according to one assessment. Since most states use a winner-takes-all arrangement in which the candidate with the most votes in that state receives all of the state’s electoral votes, there is a clear incentive to focus almost exclusively on only a few key undecided states; in recent elections, these states have included Pennsylvania, Ohio, and Florida in 2004 and 2008, and also Colorado in 2012. In contrast, states with large populations such as California, Texas, and New York, have in recent elections been considered “safe” for a particular party – Democratic for California and New York and Republican for Texas – and therefore campaigns spend less time and money there. Many small states are also considered to be “safe” for one of the two political parties and are also generally ignored by campaigners: of the 13 smallest states, six are reliably Democratic, six are reliably Republican, and only New Hampshire is considered as a swing state, according to critic George C. Edwards III. In the 2008 election, campaigns did not mount nationwide efforts but rather focused on select states.”
“Discouragement of turnout …Except in closely fought swing states, voter turnout is largely insignificant due to entrenched political party domination in most states. The Electoral College decreases the advantage a political party or campaign might gain for encouraging voters to turn out, except in those swing states.[111] If the presidential election were decided by a national popular vote, in contrast, campaigns and parties would have a strong incentive to work to increase turnout everywhere.”-wikipedia
See Contemporary issues => Exclusive focus on large swing states”
https://en.wikipedia.org/wiki/Electoral_College_(United_States)#Contemporary_issues
[or]
https://en.wikipedia.org/wiki/Swing_state
[And]
https://en.wikipedia.org/wiki/Electoral_College_(United_States)
Although I am sorry to have enabled the Spy Agency Increasing President Obama, I wonder if we have clogged the gears of the Trump election. What are the chances we have done so? Any odds makers out there?
SoWhatDidYouExpect • December 9, 2016 6:39 PM
Exciting times???
This is potentially a time when the masses become the downtrodden, as in the “good old days” from the early half of the last century.
The real question is where will the money come from when only the rich & powerful have all the money? There won’t be any incomes from the masses on which to collect taxes to pay off the rich and powerful.
Like the data collection law in the UK, there will be an extensive “don’t collect on me” list written into regulations. And your means of privacy and protection will be taken away.
Her FATNess • December 9, 2016 6:45 PM
Researchers Find Fresh Fodder for IoT Attack Cannons
https://krebsonsecurity.com/2016/12/researchers-find-fresh-fodder-for-iot-attack-cannons/
Trump's Drool • December 9, 2016 7:37 PM
https://twitter.com/bradheath/status/807239727879438336
What good does it do to use passwords? None, court rules, unless the computer is encrypted.
Liberty • December 9, 2016 7:40 PM
As of this writing, all currently manufactured, low- to mid-range and higher x86 devices, with the exception of two obsolete AMD CPUs, incorporate a security processor that is cryptographically signed, updateable, unauditable, and for which no source code or documentation has been made public. Worse, these security processors must load and continually execute this signed firmware for the system to either be brought online (AMD) or for it to remain operational (Intel). Intel calls this technology the “Management Engine” (ME), and ships a network-enabled firmware stack for the custom OS running on the dedicated ME CPU, while AMD calls it the “Platform Security Processor” (PSP), and won’t even release the x86 cores from reset until the PSP has been started from its signed firmware blob. AMD has also incorporated the PSP into its ARM CPUs, rendering them useless for libre hardware. On the low end, some unlocked ARM devices are available, but either their I/O options are severely lacking or they are not designed for general purpose computing in the first place, rendering performance even worse than expected when used in this role. RISC-V is behind even ARM in terms of maturity with no shipping general-purpose silicon or public, reproducible benchmark data at this time. ARM-based libre systems may allow libre computing to survive in some form as a retrocomputing hobby, but they will not allow libre computing to retain its dominant role in shaping the modern software world that we have all not only grown so accustomed to, but have benefited greatly from.
Until such evil ends all programmers should go on strike indefinitely.
If the GCHQ/NSA insist on serving all companies with NSL gag orders that prevent people from owning their own computers, and the legal system has completely failed, then the only option left is to start bombing the spooks.
Jonathan Wilson • December 9, 2016 9:46 PM
What about things like the Samsung Exynos? Nvidia Tegra? Qualcomm Snapdragon? TI OMAP? Freescale i.MX? Any of those that are free enough to work? Or do those all have hidden code that the manufacturer of the device using the SoC cant audit or change like the Intel and AMD parts do?
WhiskersInMenlo • December 9, 2016 10:33 PM
The NYT no less. No less no more.
“Foes of Russia Say Child Pornography Is Planted to Ruin Them”
http://www.nytimes.com/2016/12/09/world/europe/vladimir-putin-russia-fake-news-hacking-cybersecurity.html
The risk of nations hoarding and keeping secret system exploits makes this bit
of paranoia far too possible. The risk need not be just from “Russia”…
Clean laptop ignore updates like grand ma does. Visit a coffee shop….
Start with a google search for “george carlin words” follow random links and then plan to toss your laptop if you wish to run for political office.
davidh • December 9, 2016 11:00 PM
Re: Intel management engine
Here is someone on a web site recommending that an external server be used to disable the management engine.
https://software.intel.com/en-us/forums/intel-business-client-software-development/topic/563988
Hmmmm… seems like a wide open vulnerability.
Thoth • December 9, 2016 11:11 PM
@Clive Robinson
Remember I spoke about the rotten industry of advertising and the unscrupulous milking of the ads-cow ?
ABP which has a prefential treatment model hauled to court for adblocking. I guess those who hauled ABP had no cash for prefential treatment but have cash for lawsuits. What an irony.
Link: http://arstechnica.com/tech-policy/2016/12/german-judges-explain-why-adblock-plus-is-legal/
davidh • December 9, 2016 11:30 PM
Re: Intel management engine
one venturesome soul has found a way to erase block 0 of the M.E. firmware.
it seems to be a way to neutralize the management engine.
https://github.com/corna/me_cleaner/blob/master/me_cleaner.py
Thoth • December 9, 2016 11:37 PM
@davidh
Any thoughts of a possibility of hidden firmwares and ROM codes which erasing block 0 might not be sufficient ?
@Nick P
How about moving away from Intel and AMD x86 or even ARM and move to PowerPC or something that is not so commonly found on the market for consumer electronics to build a secure computing node ?
r • December 10, 2016 12:01 AM
@Thoth,
https://netbsd.org/releases/formal-7/NetBSD-7.0.2.html#system-families
But, if it can be written…
AndyF • December 10, 2016 12:57 AM
Looks like PWC wrote some audit software to check SAP configs for their clients. Unfortunately it appears that the software has at least one horrible security hole which leaves the SAP system insecure.
A company investigated and reported it to PWC who promptly arranged for a cease and desist letter from their lawyers. This will not endear them to the security world and I expect that, now it has gone public, several PWC clients will be taking an interest too.
http://www.theregister.co.uk/2016/12/09/fatal_flaw_in_pricewaterhousecoopers_sap_software/
My Info • December 10, 2016 6:01 AM
RUSSIANS HACKED THE ELECTION?utm_term=.4c5d0e1bd42b
In addition, any GOP effort to dig into the matter risks antagonizing the president-elect, who has said flatly that he doesn’t believe Russia interfered with the election, despite receiving intelligence briefings to the contrary. And he’s proved more than willing to go after fellow Republicans who run afoul of him.
On the other hand, if Republicans play down the issue, they risk giving a pass to an antagonistic foreign power that significant majorities of Americans and members of Congress do not trust and which, if the evidence is accurate, wields significant power to wage successful cyberwarfare with the United States.
I do know Vladimir Putin was rooting for Donald Trump as POTUS. I do not know what Donald Trump does for Vladimir Putin.
We have already discussed the matter of bizarre Russian Revolution-era Jewish-themed dystopian literature.
Tin Mann • December 10, 2016 8:52 AM
Rule 41 passed without a raised eyebrow from Congress, Democrat or Republican. It allows various government agents to search millions of electronic devices on one warrant, anywhere in the world using the same exploits as cyber criminals. Secretly. No knock.
The drumbeat to make encryption illegal gets louder particularly in the USA and GB.
(“Trump’s CIA Director Pick Thinks Using Encryption ‘May Itself Be A Red Flag’”)
Cyber World War I is declared by the CIA because: The Russians hacked the election.
Blood and Guts Generals appointed to high level former civilian posts.
Big name social media, advertising and software corporations announce they will dial up electronic surveillance and rusty hatchet censorship to fight something called “fake news”.
Most people don’t care. Those who do are branded tinfoil-hatters.
Thoth • December 10, 2016 9:10 AM
@Tin Mann
The stupidity of Western country governments are endless and always full of “Fun and Surprises”.
If they are thinking that encryption is bad, then it’s best to make more formidable encryption more widespread (i.e. NaCL) to a point it is the norm.
Anura • December 10, 2016 10:33 AM
@Tim Mann
Without an eyebrow? It raised three eyebrows: Ron Wyden, D-Ore., Chris Coons, D-Del., and Steve Daines, R-Mont.
So there you go, three eyebrows.
Doublethink • December 10, 2016 11:41 AM
@Whiskers in Menlo, thanks for the entertaining CIA propaganda that projects a standard CIA smear tactic onto Russian devils. Ask Matt DeHart and Julian Assange how awful it is when spooks try to brand you as a pedo for exposing state crime.
@My Info, what evidence convinced you that Putin is “rooting for” one candidate? And what does Putin care which figurehead he poses with in photos? Putin knows, as you surely do, that the President is a CIA puppet, manipulated by CIA ‘focal points’ in the executive, intimidated and menaced if he steps out of line.
Tin Mann • December 10, 2016 11:49 AM
@Thoth
My view is time is running out. Idiot proof encryption needs polish and major promotion, and yes, with plenty of salt.
@Anura
Of course I was aware of Wyden and friends, but that’s 3 out of 465. Not hardly an eyebrow in my view. I suppose the lesson is, advocating a private and secure internet will be a thankless and likely unproductive pursuit in the foreseeable future.
Unless….?
@Doublethink
It used to be CIA was the Presidents personal army, specializing in dirty tricks and destabilizing unsavory governments. BUT, these days, of course, it’s true, the Prez works for the CIA on whatever their dirty agenda du jour might be.
Winter • December 10, 2016 12:19 PM
It has crossed my mind that the GOP could simply impeach Trump and then have Pence as their president unelect. Pence is a marginal nobody that is very easy to control by a congress where he has few friends.
My suspicions are raised by the fact that there are no Republicans of name that appear in Trump’s team. Except Priebus who has no clout at all. It seems few Republicans think being connected to this president will be a future career asset.
Alex • December 10, 2016 12:21 PM
For a long time, one of the main talking points among pro-crypto people is that government pressure on tech companies to build systems and services that are open to surveillance has led us to a world in which all of our systems are less secure.
It’s common to say that if you build something that allows our government in, other people will be able to get in a well.
Now we find ourselves in a moment when the inability of political organizations to secure their systems is very much central to what’s happening politically. Here in the US, we seem to be heading into the most severe political crisis of my lifetime, and the crisis might have been provoked in party by security problems.
But most of the security people I read are confining their comments to very narrow and focused statements about specific technical aspects of what’s going on — what we know about how a certain type of voting machine might be hacked, for example.
I’ve been surprised that there isn’t more of a full throated cry for more fundamental technical changes in our systems that might make them easier to secure.
NOYB • December 10, 2016 12:34 PM
Does anyone know anything about this company?
https://encrochatsure.com/buy-encrochat/
Lot’s of babble, but no button where one can actually buy the damn thing 🙁
(sigh) It seems no one does vaporware more competently than secure telephone vendors.
Still waiting and waiting for our Jackpairs. Have pretty much resigned myself to the fact they are vapor too.
Well,
If this isn’t improper.
I never was much of a plant person.
Btw,
https://linux.slashdot.org/story/16/12/10/0152244/5-year-old-critical-linux-vulnerability-patched
Linux priv esc through a race condition with af_packet.
Bait and switch with a kernel object apparently.
Still feel safe in an insecure environment?
CallMeLateForSupper • December 10, 2016 2:46 PM
@Liberty
“…only option left is to start bombing the spooks.”
You did mean to say “love-bombing”, right? RIGHT??
65535 • December 10, 2016 3:35 PM
@ Tin Mann, Thoth, Anura and others
Rule 41 Mass Virus Spying looks to have passed as of December 1. 2016
“If Congress doesn’t act soon, federal investigators will have access to new, sweeping hacking powers due to a rule change set to go into effect on Dec. 1.”
https://www.eff.org/deeplinks/2016/11/give-congress-time-debate-new-government-hacking-rule
So it looks as if the Mass Virus Spying operation is now underway with little controls.
[And see the struggle by the EFF]
https://www.eff.org/deeplinks/2016/06/we-made-message-loud-and-clear-stop-rule-41-updates
[Not too late to take action]
“It’s not too late to debate—or even reverse—the update to federal rules governing search warrants, which now lets investigators use one warrant to search an untold number of computers across the world. We’ve long called for Congress to get involved in the Justice Department’s push to change Rule 41 of the Federal Rules of Criminal Procedure, and we’re not alone. Tens of thousands of people joined EFF in speaking out against the rule change. Members of the tech industry—including Google, Brave, the i2coalition, PayPal, SpiderOak and Reform Government Surveillance—and civil liberties groups like the ACLU, the Tor Project, Access Now and the New America Foundation’s Open Technology Institute joined us in asking Congress to take the time to consider the rule change. And some lawmakers on the Hill, including Sens. Ron Wyden, Chris Coons, Mike Lee, and Steve Daines as well as Rep. Ted Poe, pushed for a delay through legislation…”
https://www.eff.org/deeplinks/2016/12/fight-over-government-hacking-continues
The EFF and Sen. Wyden fought the automatic rule 41 change. But, it did go into effect. Sure, the EFF is still fighting but we need more support.
The big question is whether Rule 41 Mass Virus Spying will be rejected by the rest of the modern world such as the EU – or will Rule 41 Mass Virus Spying serve as Good to Do signal to the rest of the world? It seem every nation is weaponizing the internet, phone, and radio waves for their gain.
One more thought, where does the US based anti-virus makers stand on this issue – or do they just sit on their hands [because of NSL]?
@ r
“If this isn’t improper.”
It is not proper, I suspect that those $1,000,000,000 club DEA snitches never paid a dime of US federal and state income tax on those gains. They would blow their cover and their million dollar DEA compensations. I hope the IRS is listening.
[The economist]
“The best-compensated of these appears to have been a parcel company employee who received more than $1 million from the DEA over five years. One airline worker, meanwhile, received $617,676 from 2012 to 2015 for tips that led to confiscations. But the DEA itself profited much more from the program. That well-paid informant got only about 12% of the amount the agency seized as a result of the his tips”- The Economist
http://www.economist.com/blogs/gulliver/2016/12/snoop-case
“The DEA had paid out $237 million to over 9,000 informants over five years towards the end of 2015, according to the report. The Economist writes that “travelers no doubt paid the price in increased searches,” adding that the resulting searches were all probably illegal.” -Slashdot
[And the actual justice gov report has many more eye popping DEA bribe figures]
“Between October 1, 2010, and September 30, 2015, the DEA had over 18,000 active confidential sources assigned to its domestic offices, with over 9,000 of those sources receiving approximately $237 million in payments for information or services they provided to the DEA.”- Justice gov Executive Summary
https://oig.justice.gov/reports/2016/a1633.pdf
It is just wonderful to see the DEA bribing civilian workers at choke points to snitch on supposedly dastardly “drug dealers” and perpetuate the “War on Drugs” for an other 100 years – much to the DEA’s enrichment. /
JF • December 10, 2016 3:50 PM
It would be useful to see an extensive linguistic analysis of comments made on the websites of the various local media outlets in the states as the primaries proceeded, over the months leading up to the conventions. I bet it would be possible to see who might have been using multiple screen names and ginning up enthusiasm for one candidate and tearing down others.
If time stamp data were available, it might even be possible to determine who was working a shift. Perhaps even what the talking points were on any given day.
Not to forget social media.
My Info • December 10, 2016 4:02 PM
@Doublethink
I believe (and have believed since long before the election) that Putin supported Trump.
I also believe that Clinton might have won had Putin not interfered with (“hacked”) the election.
I do not necessarily believe that Trump’s presidency will be of significant assistance to any of Putin’s strategic goals which are opposed to those of the U.S.
CIA puppet? Trump is not lightly to be taken as a fool, nor is he likely spoon-bending fodder. Let’s nix that idea.
ab praeceptis • December 10, 2016 4:57 PM
A message to the us-americans debating election-related:
Put yourselves into the skin of mighty people, of those who used to (and possibly still) really steer your country.
Then look at the debates here. And that’s about the intellectual upper-class of us-americans debating here. There are many much worse.
Now, ask yourself a simple question: “Would I, given I were one of the 0.1%, and given I were somehow out of kind and honestly interested in what the 99.9% think and want, would I and how long would I follow that path – and how soon would I return to the old path of “don’t care about the masses. Keep them stupid, use and abuse them to your liking and punish them hard if they are not obedient!’?”
Pardon my french but I’ve read damn enough self-important idiotic crap here to tell you the real problem: YOU. You are the real problem. The 0.1% don’t hold the power and use and abuse it to their liking because they are so intelligent or rich or whatever. Nope. They hold the power because the masses in the western world have become stupid, egocentrical, coreless blabbering idiot-bots.
Most of you/us do not even command of enough self-discipline and reasoning to understand the situation we’re in. Most of you/us stay on the lowest most primitive level of perceiving and acting as if elections and the presidency were some kind of gladiator-games between two teams most of us having a clear position on one side.
If I were one of the 0.1% I’d tell you “What are you complaining about? After all we arranged a quite nice and exciting show for you and you seem to be quite taken by it. On a more serious note I could not possibly, no matter the good will I might have, allow the system to be run by you. You are hardly demonstrating what’s needed to run a small town. Actually you are so excessively incapable that you do not even understand that you don’t understand what’s really going on or how it’s played.”
They offered you a nice fairy tale (“democracy”) and you took it, hook, line, and sinker.
Let me close with a simple but important question: Assumed that there existed and would be implemented a perfect election system; non hackable, perfectly just, etc, etc.
Would we then live in a better world? Really?
Let me give you two hints:
a) the light bulb or the diesel engine were not invented by elections in a large convention.
b) The larger a group gets the stupider and easier to manipulate it gets.
Oh and btw: It’s not Putin who manipulated your elections. Didn’t you hear about the “research” that Putin is dead and that the russkies (possibly using the tens of billions of $ he amassed in his many palaces) created lots and lots of Putin-Clones? Maybe Trump didn’t even need to be manipulated because he is a Putin clone anyway (them tricky russkies, threw you off track by giving him a weird hair-do). So what? They did that only because clinton is a reptiloid, probably from Mars. But don’t you worry, as soon as the jesuits have won the war against the nazis in Antarctica they will take their flying discs and save us all (unless the creepy aliens in the tunnels come out to eat us all).
Uncle Joe Stalin • December 10, 2016 5:22 PM
WashPo and Politico harden up Fake News Rooski election hack story with “secret” report to be given Obama before Jan 20,2017. Just like Joe McCarthy and Gilbert and Sullivan’s Ko-Ko, Obama has a “little list”.
So goes the “technical” details of the “security” of elections that worries Bruce so much, no real news about vote suppression, spoiled ballots, local election contractors hacking for cash or the rest of our regular fraud, just secret reports with no proof. Another curveball thrown by the CIA.
Snowden #937876354597 • December 10, 2016 5:36 PM
Hey, think I’ll write a Lawfare Article using that handy Mad Libs thing!
[Words words words] ____________ is a national security issue and a threat to our Democracy. [Words words]
Hm. Hmm… Ooh, I know,
Fabricated CIA hacking accusations is a national security issue and a threat to our Democracy.
What I don’t get is, How come CIA didn’t just shoot Trump like they shot JFK and RFK and Wallace and Reagan? How come they didn’t just blow him out of the sky like they did to Wellstone and Hale Boggs and Dag Hammarschold?
Are they ascared? Are they having trouble killing whoever they want and getting away with it? Maybe CIA’s a little bit afraid that they’re not gonna get away with the crime against humanity of systematic and widespread torture, after bombing the Murrah building and then bombing WTC and doing 9/11 and the Boston Marathon bombing and all the time running drugs from their war zones. Are they getting nervous about their infosec, Maybe? Hmmm?
Uh, oh, Alfreda Francis got her tit caught in the wringer!
r. Monger • December 10, 2016 5:44 PM
Are you kidding me?
The hand behind the funding of you trolls hasn’t dried up yet?
Where’s a predator drone when you need 3-4 of them.
What’s ultra funny, zerohedge doesn’t make enough money running their own networks they have to come over here to drum up additional support.
Mr. Durdin would be embarrassed by you.
HIS name, is Robert Paulson.
This whole thing,
has been nothing more than a schoolyard,,,
“I am rubber you are glue, everything I say bounces off of me and sticks to you.”
Every news article,
Every opinion,
Every thing is being twisted back around.
There’s a psychological condition that would apply if this was a single individual but it seems to be more of a narrative for how far and wide it’s shared.
And I’m sure, that’ll just get twisted right back around on myself too right hens?
65535 • December 10, 2016 6:19 PM
65535’s error
1 billion or 1 million in rule 41/Dea post?
No, it is supposed to be 1,000,000 or one million.
I was thinking about the approximately 1 Billion dollars Hillary spent on her unsuccessful campaign and how her supporters were hurt in the process. Sorry for the error.
Yes the DEA is playing a dirty game with paid citizens snitching on each other [possibly to attack competitors while collecting a reward].
Maxwell's Daemon • December 10, 2016 9:02 PM
@ab praeceptis
Funny, that was exactly the point I was making to a group of 99.9% that I live with. All “people of color.” Bread and circuses. What’s hilarious was that I was reading the Economist at that time and they really don’t “seem” to have a clue either.
BTW, I’ve been following the discussions on formal verification avidly even if this is my first post. My computer geek/engineer aspect was always concerned about things blowing up and/or people getting killed as a result of my code. I put a ton of effort trying to prevent that. So, thanks! The descriptions of tooling were most enlightening.
@the_usual_suspects
What I find concerning about Rule 41 and the FBI is that they demonstrated they are quite willing to seize and operate a hidden service (TOR) child pornography site. Given that Russia is, supposedly, planting child porn on anti-russian activists computers, … well it’s not like anyone has to suggest this to them. It’s time to be observant of what might end up on one’s computers. Especially on SSD’s. Forensic recovery on them is still an art, but not an totally unknown art.
Speaking only of myself, they already know who I am. Nuclear security clearances aren’t that common. One phone call and I’m back in uniform to do with as they please.
Daniela Caruso • December 10, 2016 9:15 PM
@ Dark Flying Thing w/
Out.
This. Yes, more of this please.
Although, based on everything else you wrote you seem like more an ‘over and out’ type of guy
Daniela Caruso • December 10, 2016 9:30 PM
@ All
@ Nick P, @ Ab Praeceptis @ Thoth @ Clive Robinson all say TOR is dangerous to use.
There are plenty of really smart people here but the above 4 are the more recently most regular here and clearest in their intelligence and ingenuity.
So. If they say Tor is unsafe to use I am going to believe them. Because they have proved their worth and their cred with literally every single post over a long time.
I just have two questions for the fab 4 above, if you care to answer
What situations would you consider Tor uniquely an asset and ‘okay enough, enough’ to use?
Circumventing censorship is the one thing that comes to mind.
Secondly : Recall Ed Snowden referring to the ‘Tor Stinks’ power point presentation in his release? In which NSA considered Tor ‘catastrophic’ for decryption/interception?
And Ed also said using encryption + Tor proved secure enough for him to send his data?
Would you say this facts stand as of 2013 but not now? I am going to second guess and say no because things were just as bad back then. What’s your take on that – surely Ed is bright enough to understand the real and serious vulnerabilities with Tor in the ways you Fab Four do. But at least was – and as recently as a Tor fundrasing last year – still is cool with TOR.
I am a newbie and asking you straight because I trust your take – genuine sincere honest enquiry here
Thanks for your time
ab praeceptis • December 10, 2016 10:11 PM
Maxwell’s Daemon
“formal verification … enlightening”
My pleasure. I mean it. The more of us there are who really care about creating safe software, the safer we are all. If I, as it seems, could help you in any way in that endeavour than all the typing (attempt at pun, haha) was good for something.
As for the other matter: What drives me mad is that they (>>90% of the 99.9%) don’t even pass the first gate of reasoning. That whole elections debate is meaningless if the premise is wrong – and exactly that seems to be the case. I’m talking about the “democracy” premise.
If our kid were seriously ill, would we walk downtown and poll some 100 people on how to treat the kid? Or maybe even on who of some arbitrary people should perform surgery on our kid?
Hell, we wouldn’t even consider that an acceptable approach if it was just our car that was broken.
Short: We look for and demand certain qualities – plus – we want that qualification to be serious and checked by some authority or at the very minimum by excellent reputation.
But with our countries we deem it fine to make a mega poll (elections), well noted with candidates not selected by us, on who should run it? Spock might call that “fascinating”; I call it simply braindead.
The magic is simple: Tell some million idiots a fairy tale about their immense significance when chosing between red and blue every 4 years and make an insanely big show out of it – and they will fall for it.
After all, the dumber the derp the more he will be ready to buy the “your vote counts!” story.
I’m bewildered how mercilessly stupid people are. They verify absolutely nothing. “Your vote counts!” – they not only don’t verify that but, worse, they are pissed off when I ask them to stop ranting and to think about how to make “your vote counts” at least a little more realistic.
Next, I see a serial mass murder talking as if they were nicer than granny. clinton is exactly that. Provably. Plus a serial liar. Provably. Plus she doesn’t care sh*t if us-american soldiers or ambassadors die. Provably.
This is not a question of pro or anti clinton or Trump. In any country with a minimum of lawfulness and civilization clinton would be in jail; simple as that (and so would quite some others from both parties).
Yet, there is an endless stream of us-americans who behave as if the usa could hardly continue to exist without clinton being president.
Idiots. Braindead derp idiots all over the place. Btw, it isn’t much better in europe. It seems that mankind needed 3000 years to reach an intellectual and civilization peak but just some decades back towards being apes.
Thoth • December 10, 2016 10:19 PM
@all
Cloudflare’s “crypto engineer” rants about GPG/PGP. Compares email encryption (GPG/PGP) against IM encryption. Comparing apples and durians … well done Cloudflare guy 🙂 .
Does people ever have any idea what they are comparing (IM Crypto vs. Email Crypto) where IMs are mostly short lived messages while emails are long lives messages that maybe archived. Emails are possibly archived in corporates for data retention for audits and all that. Different cryptos are designed differently and the rants simply don’t match up for their use cases where IMs (short-lived messages that may not need archiving) are compared to emails (long-lived messaages that may need archiving).
Try sending 3000 word sentences (imagine organisational reports) designed for emails via IMs 🙂 . It do be fun breaking the 3000 word sentences into so many IM messages until your hand hurts.
Now that Signal app have become a cure-all, I wouldn’t be surprised that the powers that be might want to or may already have polluted the App Store distribution to have NOBUS access sooner or later since most smartphones relies heavily on some form of App Store model these days (especially Apple’s iPhones).
Oh and the person who ranted in the said post is helping to design TLS 1.3. Hmmm ……..
In the end, it’s another of those rants that do not have a proper comparison nor some form of constructive improvement for the said category of communication that requires security. No efforts whatsoever other than GPG bashing.
Of course GPG have it’s flaws and I do agree that it is problematic. Instead of sitting in front of my computer and type a rant, I am working on GroggyBox that I have designed to try and clean up the GUI problem which GPG had made a mess of and also to make GPG less susceptible to metadata leaking over emails during my limited free time on weekends.
Summary ? Compare correctly and move the hands and work more besides just ranting.
Link: http://arstechnica.com/security/2016/12/op-ed-im-giving-up-on-pgp/
ab praeceptis • December 10, 2016 10:37 PM
Daniela Caruso
First of all, with most issues, and certainly in the field of security, it’s always a deal and nothing comes free.
To offer an example: Even if, assumed, tor were secure, you’d pay a price. For one in speed plus, more importantly, in risking to create suspicion.
My usual first advice is “Against what do want to defend/be secure?”. Another very important point is that the playground isn’t static. Example: To defend against too curious neighbours or colleagues, even lousy encryption is good; chances are that even, say, old DES would be more than secure enough. That might quickly change, however, if, say, tomorrow the fbi believed you might be a terrorist.
The ugly part very many don’t see is that crossing over a certain level of (simple) security, one quite probably wakes up “sleeping dogs” and has people ofa very different caliber enter the game.
IMO this is one of the ugliest properties of tor. It paints “suspicious” on your forehead (in the eyes of many agencies) and at the same time next to certainly fails to protect you against that kind of adversaries.
As for Snowden and tor my opinion is this: Probably Snowden is a nice human being and almost certainly he had access to lots of security related material – but that doesn’t make him an ITsec expert. From what I know he quite probably is not.
If I wanted to know about dirty things the nsa did, I would ask him; if I wanted to know about OpSec in agencies, I’d ask him. If I wanted to know, however, about the security of algorithms or protocols I would not ask him.
Finally YOU are a decisive factor. It’s like with a knife. Don’t bring one along in a bad neighbourhood unless you master that art. If a bad guy sees you with a knife you find yourself in a severely escalated situation.
If you are a windows user whose expertise allows him/her to click-install tor, stay away. If you are an experienced user with solid security know you won’t need (nor like) it.
In other words: Stay within your league and avoid the middle ground.
I’d suggest to look into PGP. That’s relatively good security and relatively easy to use (My tax guy learned it in an hour or so (with a little help)). That allows you to encrypt and exchange pretty every kind of confidential material.
As for privacy I’d suggest to go the VPN route. With a little luck that’ll provide plenty privacy for little money (maybe 50 to 100$/year) plus an innocent excuse (“I used it to watch TV series in/from other countries”). Avoid the big names and look for reputation.
ab praeceptis • December 10, 2016 10:51 PM
Thoth
I agree partly. Obviously that guy is evangelizing and selling, for instance, Signal.
At the same time I feel you are too hard on him. Example: a) one can, at least with quite some IMs, transfer files. b) IMs short lived and not stored? Maybe. Maybe not.
What worries me more, though, is to see what kid of people work on tls 1.3 – obviously believing in it.
I take his betting on signal, a toy for iphone and android, as a confession of gross incompetence.
Thoth • December 10, 2016 11:37 PM
@ab praeceptis
It really boils down about the role one is using at the moment or in a way, the mask one is wearing at that moment.
If one is a CISO or CTO, would it be preferable to hold ephemeral secure communications in a formal setting while at the same time statutes and rules requires record retention ?
From a work perspective, SMIME or PGP emails would be more preferable where the employer provisions a cryptographic key for the work email account.
If it is taken from a personal communications perspective, it is up to one’s choosing.
It is true that you can write your email in a text document and then attach it to the Secure IM and transfer it over (while also enabling logging if it’s a corporate Secure IM account) but it would be more convenient if one simply pops open a PGP capable email editor and hit the send button.
The IM for this case would be Signal. Most people would be using Signal in ephemeral mode and would not allow logging to take place.
It is mostly a matter of what type of message being sent across the communication channel and the necessity for it to be archived or not.
Figureitout • December 11, 2016 1:53 AM
Thoth
–Yeah sounded pretty whiney (who cares..?). You can make short-term keys, and post that you change keys every 1-3 months or less. The same applies to passwords to accounts, they need to be changed often. So now he has all plaintext email, and no encrypted option, good job. I don’t put my pub key on anywhere, you have to email in the clear (or contact in meatspace) and then I would exchange.
Anonymity gets more and more difficult everyday (unless you hide in the noise); every method you use where you absolutely need to evade the best attackers and forensics teams in the world, has a short shelf-life and isn’t sustainable long-term. But actively surveilling is costly, and the threat is still overblown IMO (they still can’t do true stealth, you’ll know something’s up).
But yeah I barely use it b/c not a lot of people do and it takes me like 10-20 mins just to get my key; but the option is there if I need it. Like phone calls, I don’t really like cold emails.
He also goes from hand-waving evil maid attacks (requires pretty active surveillance of your schedule, and knowing your hotel room, then the break-in and attack; all while not tipping off and being able to “abandon ship” in case you return unexpectedly) to feeling good about twitter dm’s. If that’s in your threat model and you leave your PC in your room, well…
He also doesn’t seem to be using a data diode to transfer files from a completely offline PC to a transfer PC (working on that, hope to have some deliverable goodies to make it more user friendly in near future, likely summer). Malware would need to embed an attack in file being transferred over at that point, otherwise zipping w/ a long password should suffice. I can see big use of this on official “build” machines in companies all over world, mainly huge companies where this is worth the cost (probably have a similar system already in use). This will hurt malware-spreading quite a bit, needs to work and be easy though.
Daniela Caruso
–Tor is fine to use (w/ its flaws, there is few alternatives besides VPN’s, and those can only be anonymous providing false registration info) w/ opsec (so work required on your part). Even the most infected PC and router MITMing all traffic, is still usable w/ good opsec.
Purchase laptop w/ cash, less paper trail the better (and cameras). Downloading legit CD/DVD ISO is risky but mainly unavoidable. So Tails liveCD (haven’t tried Qubes liveCD, which would mean a VM on a liveCD…even better), on the laptop you need to remove camera/mic and wifi/bluetooth (if they can be…). Remove HDD (getting harder w/ newer laptops). Get a supported USB wifi dongle, then go to a local area (further away you travel the better, and keep in mind the beacons you have on you (cell phones and potential GPS bugs in your car)) w/ free wifi. Riding a bike w/ a laptop in a backpack is a good option, less area to hide bugs. Don’t advertise what you’re doing as much as possible thru search terms and ruin all your opsec using personally identifiable info on your burner laptop.
Those are the main areas of opsec we’re all familiar w/ here that provide huge security returns. It will get around huge amounts of attackers.
Thoth • December 11, 2016 2:26 AM
@Figureitout
re: Leaving PC in room
That’s asking for trouble if it’s an insecure room or in a hotel or public space.
re: TFC/Data Diode
I had thought about approaching a PCB manufacturer locally to print out and do the PCB with @Markus Ottela’s design but I wonder if it’s worth the trouble. Wonder if anyone here is willing to help convert the design for TFC into friendly open hardware PCB and put it
cheaply (for the effort and BOM cost) on a store front online or something since not everyone has the environment and time to solder all that stuff and look for parts.
Another way is as you say, just zip the email, use a flash drive to move stuff around or some form of internal hardened network running off OpenBSD. Very limited options on hand anyway.
@Daniela Caruso
There are currently no secondary alternatives to TOR and most are still theoretical. Just make sure to be careful even when you are using TOR since that is considered under the TLAs’ controls in a sense.
neill • December 11, 2016 6:33 AM
we should kiss those logins goodbye and get rid of them
just doesnt work
use passwords only, or certificates
usernames like
admin
administrator
itsupport
service
support
help
should be a thing of the past. learn from it.
Yet Another Blowhard • December 11, 2016 7:11 AM
@DFTwT
(What was that guy’s name again, uhm… you know, the friend of Crowley and Hubbard? Or do you?)
https://en.wikipedia.org/wiki/Jack_Parsons_(rocket_engineer)
JG4 • December 11, 2016 8:04 AM
@Snowden #937876354597
check out the dates on the aircraft accidents that killed Heinz and Tower. that made the hair on the back of my neck stand up. the same crew probably gave Frank Church and Jack Ruby cancer
@Daniela Caruso
Thanks for the endorsement of thinking quality by the four heavy hitters
@the heavy hitters
I am enthusiastic about data diodes (e.g., for routing email to run encryption/decryption on an energy-gapped machine) and yesterday happened to think again about why after 30 years of feasibility, we don’t see inexpensive (plastic) optical links used for interconnects both inside and around computers. like with LEDs and silicon photodiodes. where this goes is that such connections would make nice data diode links in and out of an energy-gapped environment. I did some crude calculations about blurring of signals at 20 megabits per second and it seems feasible over surprisingly long distances. the TOSLINK audio standard has been around for a long time, but it seems to languish.
@Thoth
I think that you can get a prototype run of boards done for under $100 if you are willing to populate them. I am enthusiastic about open-source designs for hardware. I haven’t said enough times that something like artificial intelligence can be used to find backdoors that have been sneaked into open source designs. finding the five types of backdoors in commercial hardware generally is intractible and the best a person could do is exhaustively test a limited parameter space, then insure that the states never leave that space
Snowden #937876354597 • December 11, 2016 8:49 AM
@r.Monger,
On what evidentiary basis are you asserting that commenters are funded? What is the funding source indicated by your evidence?
To which assertions are you reacting with death threats? Are you implying that some of the referenced assertions about CIA criminality are false? Which ones? Do you have evidence contradicting the public documentation supporting any of the referenced claims?
What does Zerohedge have to do with provably fabricated CIA claims documented by multiple sources?
The tone of your comment seems agitated. Does the thought of CIA criminality upset you? Why? Are you aware of any nonpublic evidence concerning CIA acts that may have been subject to compromise or disclosure?
In your opinion, will CIA officials or agents be tried in independent foreign or international courts in the next two years?
CallMeLateForSupper • December 11, 2016 9:05 AM
I had missed this 1 DEC tweet by Edward Snowden:
“Guess who is protected from the broad spying powers the British govt just got in the IP Act? British politicians.”
It’s one of those laugh-’til-you-cry things.
@Daniela Caruso, FigureItOut,
Not just the microphone if you have a realtek audio chipset or some other type of auto sensing jack too…
In such a case you need to pull the speakers out of your laptop too.
65535 • December 11, 2016 10:42 AM
@ CallMeLateForSupper
‘I had missed this 1 DEC tweet by Edward Snowden:
“Guess who is protected from the broad spying powers the British govt just got in the IP Act? British politicians.”’- CallMeLateForSupper
The Snooper’s Charter is mass spying at a horrible level.
The MPs exempting themselves was discussed in previous threads as a double standard of the Rich/powerful Class v. Average Joe Citizen class. Hat tip to Ted.
[link dump of Snoopers’ Charter]:
Q and A of Snoopers’ Charter cont. 2.2.1
https://www.schneier.com/blog/archives/2016/12/a_50-foot_squid.html#c6739890
@ Thoth and Figureitout
“Does people ever have any idea what they are comparing (IM Crypto vs. Email Crypto) where IMs are mostly short lived messages while emails are long lives messages that maybe archived. Emails are possibly archived in corporates for data retention for audits and all that. Different cryptos are designed differently and the rants simply don’t match up for their use cases where IMs (short-lived messages that may not need archiving) are compared to emails (long-lived messaages that may need archiving).” –Thoth
Good point.
Now, some serious technical questions regarding Rule 41 Mass Virus Spying and the fact that most people have an Gmail account, Yahoo, Aol and so forth which does not allow erasing of old emails.
Since emails are a good way of getting a computer virus or worm how dangerous are these “free Gmail and yahoo accounts” since emails cannot be deleted in regards to Rule 41 virus/worms/keyloggers by the FBI?
1] How would Fed’s Rule 41 Mass Virus Spying be used via Gmail or Yahoo mail?
2] What is best outcome or worst outcome for the privacy concerned citizen/reporters when using Gmail or Yahoo email?
3] What is the alternative to these big email services which ensure you cannot delete your prior emails?
4] Is there a program to alert citizen to Rule 41 Mass Virus Spying?
Inverse Snowden • December 11, 2016 11:07 AM
So, are you going to believe the factless hearsay Bruce got fifth-hand from anonymous cowards at the CIA bullshit factory, or are you going to believe the guys who dumped the data?
https://www.craigmurray.org.uk/archives/2016/12/cias-absence-conviction/
But then why do all these high-profile people keep making fools of themselves? Why this compulsive repetition of mortifying, cred-blasting crap?
Once you know this was a leak and not a hack, you make the obvious inference: the sort of people who leaked these emails have entree to obtain all sorts of stuff, even probative evidence of CIA crime suppressed in breach of international criminal law.
Snf. Snf. Smells like pants-pissing fear.
Winter • December 11, 2016 11:23 AM
I see the whole email hacks during the elections as the total bankruptcy of the NSA strategy of “Offensive capabilities over deffensive protection”.
By frustrating defenses of computer networks and stimulating the development of offensive tools, they have given away the presidency of their country to the enemy.
The NSA et al. have receded control of their country to the enemy. What is this for epic failure?
Nick P • December 11, 2016 12:56 PM
re verifiable vs reproducible builds
I don’t expect masses to go full formal. Just something they can inspect by eye. The Scheme and ML languages are ideal for safe, readable compilers. Most don’t use them. Prior idea was Oberon and P-code together or something similar to Wirth’s Pascal/P. Just found a great one along these lines I’m surprised I haven’t seen before:
PascalS – A Pascal Subset and Its Implementation
It would be quite usable for bootstrapping a simple, C compiler like tcc. Looks like it would be easy for imperative programmers to follow. The simplicity of the error handling and diagnostics is interesting, too. Score another win for Niklaus Wirth in balancing ease of implementation against usefulness.
Note: The MinCaml compiler is still the most impressive & preferable at around 2,000 lines of code for an interesting ML subset. Plan is still to use Design-by-Contract checks, QuickCheck, Frama-C, and SPARK on whatever interpreter & compiler is built to prove absence of problems. Probably manually insert safety checks & such to simplify the implementation.
Figureitout • December 11, 2016 3:32 PM
Thoth
That’s asking for trouble
–Yeah I mean, he mentioned having keys in other countries yet he would leave his stuff in a room (probably under his name, probably reserved in advance, giving red teams time to set up a room right next door etc..).
Sounds more like he just needed to rant and blow off steam and is burnt out. I get that, I’ve definitely had burn out some (my passphases were ridiculous and I needed to type them in everytime, shortened them; want to only secure accounts I really care about and don’t log into multiple times a day). Going to clean all my accounts etc. and get a better backup system in place when I’m done w/ school (sucks all my time up). If my workhorses have some spyware on them but it stays outta my way, meh, not a big deal to me. The alternative is never being able to concentrate on actual work, you’re always setting up another PC lol…never use.
I had thought about approaching a PCB manufacturer
–Yeah we need a board laid out first, this is something a million people could whip up real cheap. I want to learn KiCAD or Eagle this summer and layout some simple boards.
But yeah, a nice simple populated board like that w/ logical test points, that’s what we need.
Then do a test run w/ like 3 boards, make sure no problems (should be relatively simple board, so tracking down potential manufacturing issues, (hopefully no design issues) should be easy (should be…), then we’re good.
Another way is as you say
–To really do it right, we’d need to do TFC concept, if you want to save files from network, use a separate receiving PC. Backup multiple times etc. Generating files on a separate TX PC. Data diodes each way.
What I’m hoping is established terminal programs work.
r
In such a case you need to pull the speakers out
–Yeah, wire snippers is all you need. Might as well if you go that far (so long as you don’t care about bios beep codes anymore). I question the audio quality of recordings made w/ a speaker being used as a microphone in a laptop case. In any case the easier thing to do is don’t talk which is what most computer users by themselves do anyway. If you need skype, keep it.
65535
What is best outcome or worst outcome for the privacy concerned citizen/reporters when using Gmail or Yahoo email?
–Don’t put plaintext in, and it’s probably not worth dealing w/ all metadata. Assume a networked PC has a keylogger and all traffic is being MITMed; whatever you want to send needs to be encrypted separately (where you do a 1-time grab of all the software you want/need, transfer and install via USB) then transfered over 1-way. Accounts could be hacked and deleted at anytime via backdoors you have no control over etc.
Gmail satisfies my current requirements, I can encrypt a file and send it, or send encrypted message, but I’ve used a bunch of those temp. email services.
Sancho_P • December 11, 2016 5:19 PM
@Figureitout, @Thoth, re datadiode and PCB
No PCB, what you need is a solder iron and a perfboard, there are nearly no traces, the caps must be close to the chip anyway.
Use wires to connect the USB converter (better mechanical stability)
The RS232 + battery solution is very complicated plus the molded RS232 converters can not be inspected.
JG4 • December 11, 2016 5:51 PM
I set a challenge for anyone to articulate the most Orwellian scam lurking in this disclosure:
https://blog.evernote.com/blog/2014/06/03/evernotes-three-laws-data-protection-update
ab praeceptis • December 11, 2016 6:15 PM
Nick P
Thanks for your interesting hints. I would, of course, love to discuss that interesting matter that, as a side note, is also closely related to better election machines.
Unfortunately, though, certain people here who only very rarely if at all contribute to matters in the scope of this blog, continue to abuse Bruce Schneiers hospitality and to sully this blogs comments section with the output of what seems to be social and personality disorders.
I’ll gladly join the interesting technical (temporarily non-)discussions as soon as that is reasonably feasible again.
Uncle Joe Stalin • December 11, 2016 6:18 PM
Wonder why Bruce plays along with the “condemn the current bad guy” game (Rooski, Chin, etc)?
So Wikileaks and pals does not happen to his blarg.
https://www.craigmurray.org.uk/archives/2016/12/facebook-suppresses-truth/
All security is political.
Uncle Joe Stalin • December 11, 2016 6:28 PM
For this article Craig Murray former UK ambassador to Uzbekistan got “ghost banned” on Twitter and banned on Facebook.
https://www.craigmurray.org.uk/archives/2016/12/cias-absence-conviction/
So much for Bruce’s tepid assertion that “Russia hacked the election”.
@FigureItOut,
Microphones are for more than language, they can be a good 3d activity/proximity sensor. Plus, I wouldn’t want to accidentally pick up confidential information just be being in the area. That’s not a trustworthy thing to do.
I wonder if you could run an LED off the BIOS speaker line for the codes?
Maxwell's Daemon • December 11, 2016 7:34 PM
@Sancho_P, @Figureitout, @Thoth, re datadiode and PCB
Ah, that’s the circuit I’ve been needing here. I’ve an isolated (BSD) server that has my archives and for crypto functions and have been using DVD-R’s as transfer mechanism in/out (with safeguards). I don’t generally trust USB but mods shouldn’t be too difficult on that front.
Off to price parts. I’ve even a single-board computer to play with on the testing side.
Thank you! {Sheesh, too many years since I lived on a diet of engineering manuals and data books. Duh!}
Thoth • December 11, 2016 8:41 PM
@Figureitout
re: KiCAD
I had it sitting on my computer for a while. Had to find time to learn it. I opened it once and it looks pretty nice (GUI part).
If you want to start a project to put TFC on PCB board and do a small and cheap open hardware production, count me in. You can setup a Github repo with the files needed and add me as well when you have a repo made. You can try to open a small crowdfunding project to get some funds for a small production too and if that happens, drop a message and funds will find their way to you 🙂 .
@Sancho_P
re: TFC
I think the best way to drive up more uptakes and interest to the TFC project is to simply provide an open source and open hardware PCB. Are we going to expect everyone to grab some perfboards, find some wires and some optocouplers and do their own soldering and stuff ?
It would be much faster and less time and effort consuming by simply providing a PCB with open hardware and designs funded by crowdfunding.
The usual concerns are that the TLAs might find ways to prevent the creation and funding of such projects. If that’s the case, then what about the schematics that @Markus Ottela published and it’s still nicely on the Internet.
Also, in a portable secure communications scenario, are you going to sit down in the airport or in a public space and wire up a perfboard and possibly even trigger the Anti-Terror units just because you are trying to setup TFC in public ?
The concept of TFC is nice but it does not have a medium for wide adoption. It has no portability, takes time to setup … these are the things people don’t want to go through just for secure communications and secure environments.
Why are there so many people and projects still using vulnerable security techniques ? The reason is very mundane. Because “Johnny doesn’t know how to encrypt”. Are we going to expect users to type “gpg –output doc.gpg –encrypt –recipient blake@cyb.org doc” or would they want to use a GUI ? I think we know the answer but as a community we failed to provide them some form of ease of use by having some compromise of sorts between security and usability.
@all
The problem with the open source security community is what many of us who are creating security applications are struggling with … to increase adoption by making it easy to use security. Why did I chose Java for GroggyBox’s GUI client and not some Haskell or Ada ? It has a huge support base and almost every OS and system supports Java. The import part is that the smart card applet which does the security critical execution and invisible to the user is to be secure and while the GUI can be a little laxed if it boost usability.
Rigidity in schemes and adhering to verbal and theoretical words and ideas are useless. What is needed is practicality and something that actually works on the ground with ease. This effectively removes the excuse of “Johnny can’t encrypt” if security is just a few easy clicks away.
High assurance theories, OSes, schemes, applications ??? I don’t see them anywhere near usable or ready for the general public. If these stuff really wants wide spread adoption to try and do some counter-balance to the ever encroaching reaches of tyrannical nation states, it has to be easily usable even for one’s own granny !!!
65535 • December 11, 2016 8:55 PM
@ Figureitout
What is best outcome or worst outcome for the privacy concerned citizen/reporters when using Gmail or Yahoo email? -65535
“Don’t put plaintext in, and it’s probably not worth dealing w/ all metadata. Assume a networked PC has a keylogger and all traffic is being MITMed; whatever you want to send needs to be encrypted separately (where you do a 1-time grab of all the software you want/need, transfer and install via USB) then transfered over 1-way. Accounts could be hacked and deleted at anytime via backdoors you have no control over etc. Gmail satisfies my current requirements, I can encrypt a file and send it, or send encrypted message, but I’ve used a bunch of those temp. email services.”- Figureitout
I assume you are encrypting with PGP or GPG. How to you get the key to your recipient?
Now, the 1-way transfer is not quite clear to me. Are you using a data diode? Are you using two separate machines? Are you using a third party or third party mechanism?
What would be the best combination of software to achieve what you describe?
I ask this because with Gmail a person cannot remove emails. Thus, with Rule 41 virus spyware payloads it seems that a Gmail account could be constantly re-infected with Rule 41 virus spyware.
ab praeceptis • December 11, 2016 9:36 PM
Thoth
“Why did I chose Java for GroggyBox’s GUI client and not some Haskell or Ada ? It has a huge support base and almost every OS and system supports Java. … has to be easily usable even for one’s own granny !!!”
How easy your program is to use is little to do with the language you use.
As for running pretty much everywhere you are right with java – however, the same is true for Scala which is considered more secure. Moreover there exists a (rather rich) Scala subset (LEON) that allows for formal methods.
Although I value your work I find it regrettable that you yourself tainted it by using a language should be considered as quite poor regarding safety.
In the end it comes down to you having lots of good will and having invested lots of work but not having any satisfying level of certainty regarding the reliability and safety of your software.
You should at the very minimum use java ESC (formal annotations). Just a friendly advice.
Thoth • December 11, 2016 10:02 PM
@ab praeceptis
As I have said, Java application on desktop is considered insecure anyway if your computer is not secure from ground up. You can use Haskell, Ada, whatever formal verifications and nice sounding name … the bottom line being the hardware and OS being crap (Linux, Windows, Mac), no matter how good your Haskell or Ada or High Assurance language magic is, it makes no difference when the attacker can go below the OS and hardware stack and make your High Assurance to No Assurance.
The security in my scheme does not reside in the client side. It resides in the smart card side. The desktop client running Java application is considered compromised anyway if the hardware and OS level is gone case.
Try doing High Assurance languages on Windows OS 🙂 . Tell me if you can do anything significantly useful with HA languages when your Windows OS is a bunch of crap heaped upon crap. It doesn’t make sense and is a waste of time.
The only exception is the use of a chip like PowerPC, ARM Cortex M, SPARC, imaginary RISC-V chip that suddenly comes into existence and you have to ensure from the lowest stack to the highest stack is not compromised.
HA is difficult. You have to ensure everything from chip to software is trusted. Any part not trusted and it’s an open invitation for attacks.
Whatever that is said in theory is just theory. All the High Assurance languages sounds nice as you know. But there is so much things to consider from the chip to the upper layers and also user behaviour and interests. This is when reality sweeps away all those theoretical stuff. Only the things that works in the real world would be useful, other than that, all the nice numbers are useless unless they withstand the tides of reality.
Figureitout • December 11, 2016 10:41 PM
Sancho_P
–Yeah I’m about to make that, may use a mini breadboard and I needed an adapter board b/c the damn ebay seller didn’t advertise dip-smd, just dip…he’s getting a bad review for that.
https://postimg.org/image/azh8xqhn7/
I want a small slick board, w/ a case, so I can take it in my backpack w/o breaking just like this: https://greatscottgadgets.com/throwingstar/ , it could be a little giftbaggie item at security conferences too. We’re not going to argue this, not needed but I want.
r
–Certainly not the best proximity sensors, that’s for sure. Well thankfully speakers are always easy to spot and remove. It’s a tad overkill too, tape on the camera and don’t talk is another less invasive option. Spotting the realtek chip usually isn’t too bad either, w/ that damn crab on the chip.
Maxwell’s Daemon
–Yeah, Markus Ottela found the paper from Douglas Jones at university of Iowa and used it in TFC, that’s where I first saw it. The original application was for voting machines, auditors would look at output (and wouldn’t have further access). The Jones paper is what I would use in more high assurance, circuit’s given (and we need a board for that I can just buy, it’d be cheap too), just discrete components, and photoresistors/LED’s for the actual isolation. But I’d say it’s low risk that optoisolator chip ends up having a some malicious circuit, but it’s a packaged IC, definitely possible.
Sancho_P extended the concept to USB-Serial converters, makes me wonder where else you could apply this since there’s all kinds of serial->whatever converters and vice versa.
But yeah this is exactly the application for this, I’d imagine a project like OpenBSD would want this for their official build machines if they don’t already (but they won’t be doing CD’s anymore sadly). But updating an airgapped machine is annoying but not too bad.
I don’t trust USB that much either, especially after badUSB. But I use it everyday. Diode function is done outside of it though.
Thoth
–Cool, yeah we could get the HWRNG and the data diode as 2 boards at least. Have other projects on the backlog as usual, but want this. I’ll let you know what I do (want to make a little arduino shield too).
65535
–Yes, I’d encrypt messages w/ GPG, I like 7zip for encrypted zip files. Would probably just state key for zip file in GPG message. W/ Mike the goat he made his key available, Dirk Praet also has his key hosted online. So I imported their keys. But I don’t even want my pub key out there that much so I just keep it to myself. In my email sigs I have a separate email for it, people would email me first (do a “finger in the air” sniff test for troll or spammer etc.), then I would send the key or just tell them to send it to me.
So unencrypted startup but that’s a whole separate (sort of unsolvable) problem.
RE: one-way transfer
–I know it’s confusing, no I’m not using yet. Just got my parts to build a data diode. I’ve got finals, hackaday project, then I’m going to go hard on it before next semester (I work too).
Way I see it working is this: You got a terminal program (PuTTY) that supports serial comms on each end. On the air-gapped (or energy gapped whatever means same thing) machine you have latest software from one big download. I’m going to be occasionally adding files via USB probably (cleaned stick etc.) updating software or importing keys etc. Getting a purist airgapped machine from the start, not yet for me.
Anyway, I could save GPG output as a text file that I paste into email editor, and zip file for whatever. Send it over to transfer PC, either connect from there to email acct. or connect to another PC. I’ll show you if I get it working how I see.
This may work nicely: http://stackoverflow.com/questions/30826002/is-it-possible-to-send-the-content-of-text-file-over-putty-over-serial-port or what I’m seeing in ExtraPuTTY is promising. Will test soon, there’s no reason this shouldn’t techically work, file transfer over serial port.
There’s no integrated solution to get a file straight from serial port to an email attachment yet. Don’t think I would use it much anyway, prefer putting file on desktop, then attach, then clear it from desktop.
Any emails on gmail, I assume it’s public info (well, yeah…basically). I don’t care if there’s spyware on it, I’d encrypt anything I do care about. I can call someone too and set something up if it gets that bad (seen email accounts go down for a while but it’s rare). I lose control of the acct. I’ll take it up w/ google.
65535 • December 11, 2016 11:29 PM
@ Figureitout
“Yes, I’d encrypt messages w/ GPG, I like 7zip for encrypted zip files. Would probably just state key for zip file in GPG message.” – Figureitout
Good idea
“RE: one-way transfer
–I know it’s confusing, no I’m not using yet… You got a terminal program (PuTTY) that supports serial comms on each end. On the air-gapped (or energy gapped whatever means same thing) machine you have latest software from one big download. I’m going to be occasionally adding files via USB probably (cleaned stick etc.) updating software or importing keys etc. Getting a purist airgapped machine from the start, not yet for me… I could save GPG output as a text file that I paste into email editor, and zip file for whatever. Send it over to transfer PC, either connect from there to email acct. or connect to another PC…”- Figureitout
Interesting. I’ll give it a go.
“This may work nicely: http://stackoverflow.com/questions/30826002/is-it-possible-to-send-the-content-of-text-file-over-putty-over-serial-port or what I’m seeing in ExtraPuTTY is promising. Will test soon, there’s no reason this shouldn’t techically work, file transfer over serial port.” -Figureitout
I see. Putty long text transfer depends on Plink [and extension]. It is a provoking idea.
“Any emails on gmail, I assume it’s public info (well, yeah…basically). I don’t care if there’s spyware on it, I’d encrypt anything I do care about.”- Figureitout
I get what you are saying. In other words don’s Gmail for serious conversations unless you first encrypt with PGP/GPG.
Last, is the problem of having Gmail with a Rule 41 virus/rootkit spyware [Toxic mix ?].
Could just opening your Gmail account spread the FBI’s Rule 41 virus/rootkit spyware to one’s computer, laptop, iPad, iPhone?
In other words, because of Gmail’s ability to keep all email forever and the combination of the FBI’s Rule 41 virus/rootkit spyware, should even opening Gmail be avoided?
Thanks.
Wesley Parish • December 11, 2016 11:54 PM
I was wondering if anybody had noticed the three big security stories on Slashdot today
https://yro.slashdot.org/story/16/12/10/2148243/nsas-best-are-leaving-in-big-numbers-insiders-say
so I popped in to take a peek, and no one reads Slashdot these days, it appears.
It also appears that a former NSA staffer has a rare sense of humour:
“What really bothers me is that the people of NSA, these folks who take paltry government salaries to protect this nation, are made to look like they are doing something wrong,” the former NSA Director added. “They are doing exactly what our nation has asked them to do to protect us. They are the heroes.”
and with a straight face, too. First time I’ve heard of the US-Americans asking people to protect them from terrorists by LOVEINT and snaffling pictures of women undraped etc … or is it?
It wasn’t their fault, as he himself had pointed out to an over-inquisitive reporter in a phone interview just a few minutes ago — it was hardly their fault that terrorists had developed ever more effective means of camouflaging themselves, and so the inspections had to become ever more intrusive. One did not expect women to be so fanatical that they would replace their saline and silicone inserts with plastic explosives. But someone had written a short story about such a thing happening, and it had been made into a movie, so they were doing their duty in protecting the public by…damn, he was going to have to put that reporter on the no-fly list, wasn’t he! Obnoxious little puppy, he should’ve been drowned at birth!
If LOVEINT makes you a hero … WTF … ? And what about the non-US-Americans? That brings us back to the days of one King George, lawful sovereign of the Thirteen Colonies, and some terrorists like George Washington and the like …
ab praeceptis • December 12, 2016 12:13 AM
Thoth
First and importantly: I like you. You are a colleage and one that actually moves his ass and works on concrete solution. So, do not mistake what I say as negative criticism. It is not. It’s just that I’m the weirdo who happens to think that safety and security are important and worth going an extra mile.
Trust me, I can understand your argument. We all have our preferred languages that we are used to and have lots of experience with, and I myself sometimes grunt at e.g. Nick P under the “paper tower” headline.
No matter how nice a given language is theoretically, it’s like with a car: The nicest porsche engine is of little worth whithout a good chassis, brakes, wheels, etc.
Similarly, for us developers and engineers we need a complete tool chain that works on/for all architectures and systems we might need to target.
I know what I’m talking about. Seen it, done it, been there. I actually have fought with diverse languages like, for instance, Sather as a C generator, Modula-x for diverse stuff, etc. Similarly I did not just read papers about formal methods but I have actually used them in practical work. And yes, that’s a sad story. In the end there are very few practically useable languages with an at least reasonable basic tool chain and for a reasonable set of architectures and systems.
But still, there is a major weakness in your argumentation. It comes down to “why should I eat pain and make major efforts when the whole system is rotten anyway?”.
Please, consider 2 points:
a) Unless we start to actually build up a basis, a set of solidly engineered software, we will continue to run in the that wheel of argumentation forever (while nsa, fbi, and accomplices solidly f*ck is with cacti).
b) Unless you can formally prove safety you have none. Simple and brutal as that.
Again, you can’t change java or windows or shitty libraries, nor is it your job. What you can do, however, is to make sure that at least your sofware is safe and secure, no matter how much below and above it is crap.
It’s not much in a lousy environment, I know, and it’s hard work but it’s the ony way to create a safer IT basis.
r • December 12, 2016 12:25 AM
@ab, Thoth,
As for running pretty much everywhere you are right with java – however, the same is true for Scala which is considered more secure. Moreover there exists a (rather rich) Scala subset (LEON) that allows for formal methods.
Scala doesn’t work on smartcards at this very moment does it?
My Info • December 12, 2016 12:28 AM
“Construction workers” in the government.
You know the type. They construct, construe, interpret, and build until there is nothing left of Constitutional or even statutory law.
I was just browsing the Microsoft(R) Active Server Pages of the Finnish legislature https://www.eduskunta.fi/FI/tietoaeduskunnasta/eduskunnan_talot_ja_taide/Sivut/default.aspx
They have the worst “construction worker” syndrome ever!
Säätyvaltiopäivien rakennukset Säätytalo ja Ritarihuone …
Not only do they use multiple synonyms for the law-making body, but right off the bat on that page, they refer to the two houses of the legislature as buildings that have been constructed, rakennukset. And then they go on and on about their “construction” and “architecture” and so on and so forth. Not even a thought of restraining themselves to constitutional limits! And they are still building even more legislative houses. It just goes on and on and on!
My grandfather told me all this building and construction was a sign of the end of time. I don’t understand it, but it’s definitely in America, too. More of the same.
What if someone told them “Älköön eduskunta säättäkö lakiaa … ?”
65535 • December 12, 2016 12:44 AM
@ Wesley Parish
“I was wondering if anybody had noticed the three big security stories on Slashdot today”-Wesley Parish
Does The ‘Snoopers Charter’ Also Enshrine Lying In Court? -slashdot
[This leads to The Register]
“Enshrining parallel construction in English law”
“…despite the establishment of a parallel system of secret justice, the IPA’s tentacles also enshrine parallel construction into law. That is, the practice where prosecutors lie about the origins of evidence to judges and juries – thereby depriving the defendant of a fair trial because he cannot review or question the truth of the evidence against him. Section 56 of the act as passed sets out a number of matters that are now prohibited from being brought up in court. The exact wording of section 56(1) is as follows:
“Exclusion of matters from legal proceedings etc.
“(1) No evidence may be adduced, question asked, assertion or disclosure made or other thing done in, for the purposes of or in connection with any legal proceedings or Inquiries Act proceedings which (in any manner)—
“(a) discloses, in circumstances from which its origin in interception-related conduct may be inferred—
“(i) any content of an intercepted communication, or
“(ii) any secondary data obtained from a communication, or
“(b) tends to suggest that any interception-related conduct has or may have occurred or may be going to occur.
“This is subject to Schedule 3 (exceptions). Schedule 3’s list of exemptions is broadly confined to national security court hearings, tribunals and other judicial occasions when the great unwashed, usually including the defendant and his legal representatives, are excluded from part or all of the hearing. Out of sight, out of mind.”-The Register
http://www.theregister.co.uk/2016/12/06/parallel_construction_lies_in_english_courts/
This is terrible. It practically requires UK prosecutors to lie in court. I am sure the back lash will be swift – after a few citizen a smeared for life.
This goes in to the-
Q and A of Snoopers’ Charter cont. 2.2.1
https://www.schneier.com/blog/archives/2016/12/a_50-foot_squid.html#c6739890
Hat tip to Wesley Parish
https://www.schneier.com/blog/archives/2016/12/friday_squid_bl_556.html#c6740334
Thoth • December 12, 2016 2:02 AM
@r
Scala does not work on smart cards. Nobody made a Card VM for it yet.
@Thoth,
I understand that, but when I looked at Scala (on wiki) it states it’s based on the JVM mostly.
If there’s a subset of Scala that lends itself to formal proofing(?) a portion of it may overlap with java bytecode.
I’m curious at least, as I would like to look up LEON. Sure it doesn’t solve the issue of the JVM itself but… I’m curious about LEON now.
ab praeceptis • December 12, 2016 2:32 AM
Thoth
My javacard knowledge is rather limited but from what I know the javacard tools work on class files; those can be created with scala like with java and the javacard tools should be happy with both.
Moreover, as I mentioned there is ESC/java which afaik can work with SMT solvers in the back. So, one can significantly enhance ones trust in java code. Plus, which is important for javacard, it is transparent as it’s annotation based.
You do what you want and I won’t evangelize; but I didn’t want you to pass up just because you seemed to not know that there are ways.
Whatever. Up to you and good luck
Thoth • December 12, 2016 2:57 AM
@r
JavaCard (smart card type of Java) uses Java 1.2 as a basis. Ouch, it’s so old but nobody bothers to update it for ages.
Scala is indeed built on top of JVM but for smart card style of JavaCard, you don’t have the space to do so. JavaCard is essentially Java 1.2 (in essence) so do not expect lots of upgrades and functionality.
@ab praeceptis
JavaCard is indeed Java but a heavily modified Java 1.2 for smart cards that have seen very little changes except for newer ciphers and key lengths and some other changes but essentially it’s still Java 1.2 that has been heavily modified for smart cards. SMT solvers can be applied to JavaCard and have been done so.
Links:
– http://research.microsoft.com/en-us/um/redmond/events/smt08/filliatre.pdf
– https://people.cs.kuleuven.be/~bart.jacobs/verifast/
– http://spinroot.com/spin/symposia/ws10/spin2010_paper_19.pdf
– https://online.tugraz.at/tug_online/voe_main2.getvolltext?pCurrPk=74503
Who? • December 12, 2016 4:03 AM
@Liberty
It is time for someone inside Intel to leak the ME source code then, so we know for sure if there is a way to stop ME being owned by spooks.
Clive Robinson • December 12, 2016 4:14 AM
Yet more potential IoT / Router fallout.
A news snipit from “Security is Sexy”[1],
Indicates that maybe a million or so routers have been infected with malware, which is not exactly news in of it’s self currently. However a person claiming to be responsible says the malware can not be removed… therefore enough bricks to make a fair sized slum.
Having designed embedded devices in the past that can be updated by end (ab)users and the Flash ROM over written, this is not exactly news either. The reason being that the software that does the update is also stored in the Flash ROM.
What is getting lost in the article, is that the manufacturer originally had to put the update software into the Flash using another method… So the devices may not be entirely bricked, it rather depends on what it would cost to get them “factory reprogrammed” and who would pay for it… Thus it’s the FMCE Economics not the technology that decides if a router is destined to be “just another brick in the wall” of land fill.
Oh but it leaves another question hanging that has come up before… Why do the manufactures not put a write protect switch in, or actually use another method of updating that is more secure?
Again it is the question of FMCE Economics… As I’ve indicated in the past unless there is “suitable” legislation in place the economics of the “race to the bottom” become the dominant driver.
Thus the question has to be asked “What would be suitable legislation?”…
Just a thought to ponder over your “Tea Break” this Monday morning.
Markus Ottela • December 12, 2016 5:08 AM
@Thoth:
Whatever you end up doing, please don’t pre-assemble logical components to HWRNG/data diodes.
It’s not that complex to plug in 5 transistors and two op amps to HWRNG prior to use or provide those components pre-installed but removable. Sockets don’t require soldering so it’s easy enough. If possible, the HWRNG design should be altered so that the op-amp is replaced with transistors.
2N3904, 2N3906 and TL082 are all extremely common components. As for data diodes, please look
for functional LED-phototransistor assembly, e.g. fiber optic Tx/Rx pair, instead of IC. Or
provide the PCB with DIP socket that supports some common optocoupler.
“The usual concerns are that the TLAs might find ways to prevent the creation and funding of such projects.”
Or companies with their patents: https://www.google.com/patents/US20100257353
“are you going to sit down in the airport”
It’s unlikely anyone’s going to run entire three-computer setup at an airport no matter what.
A user is quite unlikely to seek for private anonymous communication at public space with
excessive surveillance looking for anything that looks like a bomb: battery packs, wires.
Were you to need HWRNG, you’d have to also verify public key fingerprints, tying public keys
to your face. It’s much more likely someone records them. One option would of course be
to change the way fingerprints work altogether. Instead of public keys, you compare
a domain separated hash of initial symmetric key. This would ensure the value changed
over phone could not be attributed to public key exchanged over XMPP server (e.g. if/when
OTR is not used).
“The concept of TFC is nice but it does not have a medium for wide adoption.”
A commercial system could look like three smart phone screens in a rack the size of a a tablet. Embedded shielding, integrated HWRNG and data diodes would make it practical. It’s possible but then there’s the interdiction issue, court orders, supply chain security and even if it gained popularity and patents could be
overcome, someone might offer similar product with half the security-effort and twice the marketing budget, and the userbase would flock there. I never intended TFC as a commercial product.
“As a community we failed to provide them some form of ease of use by having some compromise of sorts between security and usability.”
I really wish I had the time to look into GUI development. But then again, tools like Irssi are quite popular too so decent UI with curses might be enough. There’s only so much I can do with student loan. The project has had zero funding since start.
TFC was designed for the needs of the few when remote CNE was a rare threat and when OTR-messaging could provide protection against mass surveillance. The industry does not consider bulk CNE a problem, at least yet. Maybe they are afraid of what’s coming. I see the schizophrenic arguments “Use Signal” and “Governments can hack smartphones the minute they connect to network” coming from the same experts. What I could offer is clearly not easy enough for the average Joe but it’s not impossibly hard to plug in the hardware and run the installers under Ubuntu. I felt the tutorial videos were in the right direction but editing them was so painfully slow I wanted to wait until the project felt more finished before doing them again. I’ll eventually re-record them. But then there’s the question about circuits.
@Nick P, Clive Robinson, Thoth, Sancho_P, Figureitout et. al.
What is your idea? What is the realistic risk of serial / UART pin remapping in adapters / Raspberry Pis?
Is it enough just to cut excessive cables from null-modem cables and use one Tx-Rx + GND pair between the interfaces? The risk is imaginable and mitigation is straightforward, but is there any proof that users should play it safe?
Wael • December 12, 2016 5:13 AM
@Clive Robinson,
Why do the manufactures not put a write protect switch in, or actually use another method of updating that is more secure?
That problem is being worked out in various industry standards bodies: how to enable robust SW update mechanisms on extremely resource constrained devices. A standard mechanism is better than a zillion proprietry solutions. Economics is a factor that’s also considered.
Just a thought to ponder over your “Tea Break” this Monday morning.
I’ll tell you about the tea in a couple of days from another time zone.
Thoth • December 12, 2016 5:16 AM
@Who?
It isn’t so simple as leaking Intel ME source codes and chip designs. The chip includes booting keys (presumably an RSA key) and assuming Intel did not screw up, they should have commercial HSMs with multiple admin quorums locking the Intel root private key in HSMs. You also need to get the private key to sign updates to overwrite Intel ME firmware.
@Clive Robinson
Probably it’s about time we make our own routers at home ? How about using a spare PC loaded with OpenBSD as a network router ? The link contains the official guide by OpenBSD team on how to do just that.
For those who are interested, find a router with Freescale/NXP PowerPC chip (linked below) or some Freescale/NXP PowerPC chip and then run your router. Much better than ARM (with it’s TrashZone) and Intel and AMD with their AMT and PSP backdoors.
Those supported Freescale/NXP PowerPC boards are also linked below just for convenience.
Links:
– https://www.openbsd.org/faq/pf/example1.html
– https://www.openbsd.org/socppc.html
– https://routerboard.com/RB600A
– http://www.thecus.com/product.php?PROD_ID=6
keiner • December 12, 2016 6:17 AM
Any links for this here yet?
https://www.theguardian.com/technology/2016/dec/12/new-ransomware-victims-popcorn-time-malware
…did anybody see this coming?
My Info • December 12, 2016 7:49 AM
Regarding my previous comment in this thread:
When I read such writings as the aforementioned web page of the Finnish government, I am reminded of the circumstances of my ancestors’ emigration from their native land and settlement in the United States. Then I see that those same circumstances have not improved one iota in that land, and that they begin to appear, particularly in my own native land, the State of Washington, which, with its beautiful Capitol Dome in Olympia, completely did away with the U.S. Constitution’s Grand Jury clause:
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; …
http://leg.wa.gov/LawsAndAgencyRules/Pages/constitution.aspx
SECTION 25 PROSECUTION BY INFORMATION. Offenses heretofore required to be prosecuted by indictment may be prosecuted by information, or by indictment, as shall be prescribed by law.
The word “information” here means that the due process of indictment by a grand jury has been deliberately omitted: even a speeding ticket or parking violation may be trumped up to a felony or capital offense without a grand jury’s finding of “a true bill.”
Many Finns settled in Washington State; evidently they brought too much baggage with them, since there they continue their medieval practices of villeinage along with other European immigrants and their children.
Furthermore, I want to ask: What are the circumstances of the Finnish government’s choice of Microsoft Windows over Linux and of Linus Torvalds’ emigration from Finland and settlement in the Portland, Oregon area?
vas pup • December 12, 2016 10:47 AM
@all respected bloggers. Just completed reading old book ‘Gift of Fear’ with content addressing in detail psychological aspects of physical security, and threat assessment in particular. Looks like new technology just added new tools to the same issues.
That citation caught my attention in particular: “People who apply a fatalistic attitude to their own safety, often do so as an excuse not take reasonable precautions”. Good point!
My Info • December 12, 2016 3:49 PM
@vas pup, respected bloggers, etc.
via McDonald’s Free WiFi, right across the street from FBI.
I just met some blonde girl on the train, said she was Italian, “not even Caucasian,” with the Mafia, owned crooked cops everywhere, yelling and screaming about some plot to assassinate Trump, like some teenage girls who were hit in some gated community somewhere…
Yadda, yadda, yadda…
You’re all pwned by the computer villeins of medieval America.
The “construction” doesn’t stop there, either. The 14th Amendment, the so-called Civil Rights Amendment, has been massively reconstrued, even after the Supreme Court tried to hang the entire weight of the first ten amendments (the “Bill of Rights”) on its “due process of law” clause.
Section 1.
All persons born or naturalized in the United States, and subject to the jurisdiction thereof, are citizens of the United States and of the State wherein they reside. No State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any State deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws.
…
Section 5.
The Congress shall have the power to enforce, by appropriate legislation, the provisions of this article.
Namely being citizens “of the State wherein they reside” is now interpreted to require the ownership of residential property from a Realtor(R), without which such persons are no longer allowed to vote, even in national congressional or presidential elections.
All persons in a state are of course subject to criminal prosecution in that state, but only those who own property are afforded the equal protection of the laws.
Clive Robinson • December 12, 2016 3:53 PM
@ Nick P and the usual suspects,
You might find this of interest,
https://blog.acolyer.org/2016/12/12/xft-practical-fault-tolerance-beyond-crashes/
My Info • December 12, 2016 3:59 PM
No one really “owns” property in America anymore, anyways. Property nowadays is held in tenure from a Realtor(R), subject to various conditions, covenants, and restrictions, so detailed that they specify or require certain clothing, medications, hairstyle, commitment to mental hospitals, and so on and so forth along with numerous lifelong professional and occupational restrictions and other conditions of serfdom.
My Info • December 12, 2016 4:10 PM
Bloomberg: “… as the battle for employees in a tight labor market grows …”
As if! Jobs for serfs and peons! I never heard so much bullshit in my life.
Clive Robinson • December 12, 2016 4:26 PM
@ Vas Pup,
“People who apply a fatalistic attitude to their own safety, often do so as an excuse not take reasonable precautions”. Good point!
Ever driven in India, Vietnam or the Middle East?
It’s an experience you will not forget, I can assure you :-S
Sancho_P • December 12, 2016 5:58 PM
@Thoth re TFC and data diode PCB
No one will (or could) prevent the creation of any PCB layout as well as publishing it.
Ideas are free.
Local laws might criminalize the use (or even the possession) of certain electronic devices in some countries, like radar warnings in cars, or stingrays for the plebs.
But the question would be if it makes sense to create a “data diode” PCB in the first place.
TFC is promising, but at the moment it’s a design, not a product.
To be usable, the secure connection to the hostile world must be part of the TCB, not part of a removable cable [1].
For your airport example, would a manually soldered PCB improve the situation? 😉
Btw., USB can’t be part of any TCB because of complexity and obscurity in HW and (OS) software.
Re open source I share your sentiments but that’s the difference between idealism and capitalism, especially to be seen in the Linux community.
Yet there is enough nearly unusable crap commercially available – just thinking of my satellite tuner (Sancho grabs at valerian …).
However, the open source style of TFC is it’s biggest enemy and the main challenge.
All systems I know of are built on security by obscurity, nothing is open source or fully documented, especially when it comes to hardware.
Imagine the US would share their military grade technology with the world, discuss their nuke-launch systems with the Russians, or happily sell the Chinese and NK their encryption machines made in the USA.
This would be a world I’d love to live in.
From open source TFC to a secure, commercial, worldwide available and “average user” accepted communication system there would be a looong way to go, only I’m not sure if there is a path at all (to satisfy all these targets).
[1]
When thinking of a (TFC) data diode why not think of a wireless connection?
All transferred data is actually encrypted = must be deemed secure.
Galvanically isolated, right out of your pocket.
No cables, no hassle, no problems.
Just thinking.
Sancho_P • December 12, 2016 6:03 PM
@Figureitout re data diode
Great, just one comment:
The Mini-B USB needs to be pushed / pulled really hard, this (daily?) force will stress and break the solder points of both, the converter-board and the perfboard (additionally to the converter’s slack in a case).
I’m not talking about the USB socket itself, that’s OK, it’s made for that.
Use short flexible wires to connect the converter to the perfboard / adapter board to avoid broken copper traces / solder points.
Or include the USB Mini-B plugs into your enclosure ( – this will invoke other mechanical problems with the cables, though).
Be sure to place the caps onto the adapter board to reduce inductivity.
Sancho_P • December 12, 2016 6:06 PM
@all
Re encryption of files and sharing:
Please have a look at https://www.cryptomator.org (page takes ages to load even in the EU, don’t be disappointed).
This app is a blessing (*).
Clean interface, simple, fast, multi-platform, mobile, FOSS (see GitHub for source).
It works with remote folders (in the Cloud) as well as with local folders, access is using WebDAV (fairly fast, Win limit is 4GB per file).
Each “safe” (think of a directory) has it’s own key so you can share it with other devices …
Use multiple vaults in Dropbox with unique (scrypt KDF) keys.
Directory names and filenames are encrypted, too.
Remove the auto update in the settings (calls home otherwise).
(*) Well, I can’t read / understand the source … 😉
Sancho_P • December 12, 2016 6:09 PM
@Who?
If you want fun with the Intel AMT (ME) check also for their standard pwds here:
http://www.howtogeek.com/56538/how-to-remotely-control-your-pc-
Sancho_P • December 12, 2016 6:19 PM
@Markus Ottela
From the abstract in your patent link:
”The data diode system includes a voltage converter that receives a negative voltage from a serial data port connection of the secured device. The voltage converter converts the negative voltage into a positive voltage in order to power the data diode.”
it’s clear that the essence of that design is generating the positive voltage from the (unused) negative (RS232) communication line, esp. by converting the negative voltage from the (in the patent example) TxD data line.
See description 0025 and 0026.
So your use of batteries is already out of the scope of that patent.
The simplex transmission (the “data diode”) can’t be patented because it was always part of the serial console standard created between 1962 and 1969, as well as half duplex and duplex transmission.
Simplex is the system of radio broadcast, try to talk back!
However, thinking of bipolar RS232 was already crap in 2009 because nearly no contemporary machine had the negative voltage for that standard. Disadvantages were low speed, large voltage swing, short transmission distance, bipolar power supply needed).
It was phased out in 2002 in the EU, also because of ground loop problems and often destroying EMF spikes, it was replaced by current loop transmission using optocouplers (at least in the EU industry).
Probably voting machines in the US still have RS232, or the OPM?
As said above, RS232 is an unnecessary crap nowadays, stay away.
Re remapping serial UART pins:
AFAIK that’s not the question because serial UART is a hardware function, it’s a shift register and a buffer, you can’t abuse it, there are bits only. The function behind is in the OS (kernel) and in the user software.
The HW is necessary for the strict timing, even with speed below 100 baud.
You could try (using a appropriate CPU) to remap pins and bit-bang the serial console, but good luck with a non RTOS above 100 kbaud.
And who would load that software (the chicken and egg problem)?
UART was never used to boot-load, RasPi uses it to spill out it’s boot sequence.
But to make 100% sure I’d recommend to electronically block the input line, even and esp. on RxD during boot, until the user program is ready to enable it.
Re my “That’s not the question” above, what is your concern exactly, I may not understand what you mean –
But any electrical, direct connection between TCB and NH would be a no go no go no go no go no go no go no go no go no go – never!
Btw. I’ve sent you a message on Dec. 4th, no reply, was it lost?
I’ve a whole bunch of points prepared, also re data diode / UART.
Thoth • December 12, 2016 6:42 PM
@Sancho_P
“Local laws might criminalize the use (or even the possession) of certain electronic devices in some countries, like radar warnings in cars, or stingrays for the plebs.”
That would effectively make a Bluetooth Mice a munitions since many Bluetooth enabled mice are using AES-256 to encrypt traffic between the Bluetooth receiver and the Bluetooth mice.
How about all the Intel chip with it’s AES hardware accelerator ?
Maybe that Android smartphone (even without FDE usage) is capable of crypto. That is illegal ?
It seems you have ever done export and import of security items but that’s not how it’s done. There is a list of items, the uses and more specifically a checklist that they operate on.
Of course, BRUSA is the odd one with those stupid export/import control laws. The manufacturing of the PCB can be done in countries not bound by BRUSA regulations.
A blank PCB without the “settings and programs required” will make an item exportable and importable. Of course if one explicitly load codes for the purpose that falls into the Security Appliance and Cryptographic items category, it may be inspected but if the PCB is simply a bunch of optocouplers, some CPU with memory that has no specific programs at all, it is considered a consumer electronics and not subjected to ITAR or relevant laws since it falls into the category of generic consumer items category.
65535 • December 12, 2016 7:09 PM
@ Sancho_P
Out Of Band Management is a real problem. HaHa, KVM to Intel i5 or i7 core pro computers… admin and P@ssw0rd… That is original /
We have talked about this problem in prior posted. Intel is really wrecking their image and so is AMD.
“With Core processors Intel introduced Active Management Technology (AMT) 6.0 which introduced a slew of new features including Keyboard Video Mouse (KVM) Remote Control. This means that with the right hardware configuration you have full remote access to your computer no matter what state it’s in.”-howtogeek
‘Note: If “admin” does not work as the default password you can also try “P@ssw0rd” because that is the default password in Intel’s configuration documentation.’-howtogeek
http://www.howtogeek.com/56538/how-to-remotely-control-your-pc-even-when-it-crashes/
I will give cryptomator a go when I have time. It looks interesting. The datadiode at imgur looks interesting, but a lot of Apartment dwellings do not allow a solder iron and flux/lead, the flux make a bad odor. That is kind of a draw back.
terrance • December 12, 2016 7:58 PM
No more tobacco smells in a can does wonders.
Old remote web interface variant on new Netgear routers, maybe older netgear routers, and likely many other routers.
http://www.itnews.com.au/news/stop-using-vulnerable-netgear-routers-cmu-cert-444333
“Attackers can exploit the vulnerability remotely by tricking local users into clicking on similar command injection links.
Although the CMU CERT said it was “currently unaware of a practical solution” for the issue, Dutch researcher Bas van Schaik worked out a way to temporarily stop the vulnerability from being exploited.
It is possible to use the flaw to turn off the vulnerable web server in the affected routers, van Schaik discovered.
Users can issue this command:
http://[IP-ADDRESS-ROUTER]/cgi-bin/;killall$IFS'httpd‘
Alternatively, most Netgear routers provide access to the management web server interface with this URL:
http://www.routerlogin.net/cgi-bin/;killall$IFS’httpd’
The CERT issued an advisory over the weekend for Netgear router models R6400 and R7000, with R8000 also believed to be vulnerable to arbitrary command injection.
Netgear firmware version 1.0.7.2_1.1.93 and earlier running on the above routers is vulnerable to the exploit.
Other models could also be affected by the flaw, which was discovered by a researcher using the moniker Acew0rm, the CERT said.”
As soon as the router is restarted it is vulnerable again, until an openWRT alternative is installed by user, or manufacturers issue updated firmware that fixes it (along with the other half a dozen exploits from last couple years).
Drones of a different color. • December 12, 2016 9:14 PM
Far out man.
Daniela Aligheri Caruso • December 12, 2016 9:46 PM
@65535
2] What is best outcome or worst outcome for the privacy concerned citizen/reporters when using Gmail or Yahoo email?
3] What is the alternative to these big email services which ensure you cannot delete your prior emails?
proton mail is a very good option. Some of the more elite OpSec crew here will find it has flaws. From what I can see this is largely or primarily that its requires javascript to run client side encryption. The admins said there is no other way to do the encryption. This could mean having a MITM or spoofing attack on an individual. But apparently their userbase has gone through the roof recently. Could then all of those millions of users have their passwords stolen because of the javascript?
it has a lot of advantages that have never been achieved before in free public email, welded to a friendly user interface . To answer your question emails are unrecoverably destroyed after a certain time & they can be set to combust after any time the user chooses. Another component of this is they allow an encrypted email to be sent to someone with an email address outside the proton mail loop, again with the ability to have it combust after 12 hours or 2 hours or a week or whatever. Unlike gmail, these destroyed emails are entirely unrecoverable .If not intercepted en route (or an individual is targeted. )
With proton mail the attack surface and surveillance surface for non-state level actors is greatly, no, radically, reduced compared to regular email. And whilst for state level actors it would be easy for them to target someone individually, but does a mass surveillance attack on all proton mail users exist? It would require MITM everyone to steal all passwords.
PGP can be intergrated with it which is a big plus, based on everything Protonmail describe, the only way someone can read your email is if they actually have your password. So using a virtual machine or hardened OS to protect your client side is going to be fairly important, and the next step would be PGP incorporated externally via hardware or something like Thoths smartcard design. But then, if you’re going to those lengths you won’t necessarily have much a great need for proton mail as well. Unless perhaps a smart card can be used just to support your standard online proton log in – then you have usability and security merged quite nicely.
One thing that comes to mind is, as Ab Praeceptis said so well concerning Tor. Using Protonmail no doubt makes you attract attention from the TLA not matter what. Maybe thats not a good thing, maybe thats a really significant downside that outweighs the positives. We can’t say.
Note they have a well summarised blog post here on the snoopers charter, and if you have a look some other good posts on related issues
https://protonmail.com/blog/investigatory-powers-bill-email-privacy/
Daniela Aligheri Caruso • December 12, 2016 9:55 PM
@ Ab Praeceptis
grateful for your wonderful response, thank you very much
@ Figure It Out
Thank you for offering your advice and, – just as importantly – providing the reassurance that it drastically reduces the attack surface.
As you say this is familiar to many folk here, and it may be taken for granted as they have experience. But it’s good to remember there are many folk that do not have this knowledge, and while they have the ambition to protect themselves and assert their inalienable rights, they do not have the time and energy to commit to the extremely long and windy road of expert competence. They know they do NOT have a career as an OpSec professional but they deserve to have something of a start – if only they knew how to start. They know enough to realise that killing evercookies and using ‘https everywhere’ isnt going to cut it.
@ Figure It Out, explainations like the one you have provided are EXTREMELY appreciated. Fair enough that this blog caters to the elite crew. It can be very alienating however for new folk, as they may read here and realise that so much of what is discussed by Bruce or commentators is of lofty theoretical attacks – using Wi Fi to perceive body motions comes to mind – or things that are likely to be used against targetted individuals in extreme situations
(think of what poor Mr Assange has to endure every day – he’s no doubt learnt some very old school methods indeed)
So much of what is discussed here is not going to be relevant 98% of the time. As @ Ab Praeceptis said, more often than not it’s someone using a weak password and then it being shouted across the room by an employee somewhere.
To add to your words @FIO one could choose a pre – Intel ME chip and add some RAM etc to improve performance (Obviously @ Clive has elaborated at length )
And a long range Wi Fi dongle or antennae.
And also @ Clive suggested compartmentalisation of work and play, different emails, different live CD’s / USB’s for different parts of your life. If one is using doing anything identifable. One could indeed have two set ups as you describe, one anonymous, one not anonymous
It would be great to see a list of practical actionable steps to counter recent ‘legal’’ (cough) developments, such as what you’re described, as an action plan for the general non OpSec savvy public, in a permanent location.
@ Bruce feel like creating a page here? And an antidote to the ‘use Tor and you’re fine’ advice found elsewhere like The Guardian Project
Such a location can include advice about implementing @ Clives paper, paper, never data precept. An energy gapped computer and using printed cards to transfer data across.
I get that most people don’t care. It’s not good enough for the well informed to say ‘fuck them, I know, but they don’t, so it’s their choice’. What affects one affects everyone and if you are in the 1% minority and you know something that can help everyone, you have a responsiblity.
I don’t mean to sound harsh because everyone here is extremely generous and even patient with people like me. But, getting back to the general population – some people DO care, or can learn to care, except they just get overwhelmed by the learning curve and need some strong practical advice laid out in a way they can actually grasp and apply. Once again @ FIO thank you.
Maybe it’s time move away from what some may call mental masturbation around theoretical models and attacks likely to be used in 1% of the time, and focus on information on practical reality based on things everyone can implement. Thoth said some nice things in this vein re: the cloudfare fucker.
Meanwhile the acronym continue to encroach further and further, and people who actually have the ability to support world to help are stuck discussing the implications of Turings feelings about chess in dial up telnet- in the year 2050 – and arcane abstract MIT mummery and poppery
Question for you and @ Nick P , @ Thoth etc
How do you folks, personally, over come the difficulty with obtaining a clean version of FOSS OS like openBSD, Qubes etc.
@ Clive Robinson. you said once you had been meaning to look at encrypted data content for paper storage to be stored in a filing cabinet but never got around to it. Now, THERE’s something people can really use. Any thoughts on practical implementation? Further to this I love the idea you and Thoth were discussing recently of stenography into plain text for transport and thus by avoiding suspicion is more important than anything
Nick P • December 12, 2016 10:30 PM
@ Clive Robinson
Interesting. Bookmarked for later review. The scheme actually isn’t new even if their discovery was. The concept was invented in high-assurance security where they noticed certain systems just didn’t get hacked. The Boeing proposal is an example I’ve linked before where their Survivable Spread on SNS Server reduces number of replicas necessary among other things. It’s an old high-assurance trick where we leverage the fact that we can make less of the endpoints, network, etc hostile with effort. Compromises should only happen about as often as protocol-level compromises vs 0-days in average implementation of them.
It’s worth further exploring. People just keep getting stuck in binary or fad-driven thinking.
@ Daniela
“How do you folks, personally, over come the difficulty with obtaining a clean version of FOSS OS like openBSD, Qubes etc. ”
I assume they’re all compromised as is this machine. Safest route would probably be to get the CD’s from the developers at conferences in person. Or download them with hashes or signatures compared from multiple machines on multiple internet connections with multiple mirrors if they’re available. On a LiveCD downloaded over HTTPS connection of legit site from random PC somewhere you don’t normally use. Hardware should be pre-2000 ideally but pre-2004 seems safeish. Buy it on Craigslist or at a flea market.
Don't have a compromise of well-being • December 12, 2016 10:57 PM
http://newyork.cbslocal.com/2016/12/12/quest-diagnostics-says-34000-customer-accounts-hacked/
At least it’s not live data, yet.
ab praeceptis • December 12, 2016 11:10 PM
Daniela Aligheri Caruso
For the sake of fairness and justice: It’s easy for me to look like the nice helpful guy, compared to, say, Nick P.
The reason is simple. Different persons here have different foci and priorities. Mine just happens to be very practical and largely guided by the fact that the vast majority of the people don’t have a nsa tao team as adversary but rather curious colleagues or scriptkiddies.
People like Nick P are looking for perfection and for security in even absurd scenarios. It’s important to understand that their approach is a very important aspect, too. It just so happens that the vast majority of people will never be in a situation where some opponent infrared laser eavesdrops on the them or runs a highly detailled power consumption profile against their encryption.
For banks or state agencies, however, those seemingly absurd scenarios are tangible and it’s good that we have people like Nick P, too, who worry about those.
I’d like to come back on your question and add a point. Pretty everything can be interpreted in diverse ways. “Privacy” is an example. I took it to mean (in your context) that the remote end, e.g. a web site, shouldn’t know who you are.
Others took it to mean something more general and that’s a valid point. The question is how far one wants to go down that road. You see, one might as well argue that the advantage of tor over a vpn solution is rather limited, if the opponent were a state agency; they could, for instance, do pre-/-post matching, get at your isp and then to you anyway, even if we would assume tor to be secure (which I personally definitely do not).
So, next step: use tor but on top of a public wifi entry point. Oh, gee, no, because your tablet could be identified. So, next step, use a throw away tablet – how many of those can you afford?
But that’s still not good enough considering all the cameras in public spaces that would allow to identify you. Well, next step, let’s use bombs … and all of that gets even more ridiculous considering that the vast majority of “I need security!” Joes and Janes forget to look at the cost/benefit ratio. Which leads us back to “against what to you want to defend yourself?” Plus:” Are you sure that you attribute the values correctly?” Plus: “Do you even understand the involved problem field and threat classes well enough?”
And all of that, well noted, in a given realistic context which happens to be that we are not victimized because, oh “aes-128 was to weak, had only we used aes-256!” or because oh “had only we used our computer in a faraday cage mesh!” – Nope. We get victimized because we (way too many of us) are using crap OSs on crap systems running crap software using crap libraries. And as that isn’t bad enough we can’t bothered to use reasonably secure passwords and reasonably many of them plus way too many have an attitude of “I want 3-D bling bling with stereo sound effects to click on in my browser! plus “security? Hey, there are laws plus I shelled out 30$ for Symerski2000 AV gateway, firewall, anti-evil”.
Sorry if I sound rude but the most important advice I have for most people is simply “Avoid idiocy! Use your brain, think before acting and, very important: complexity is your enemy. Of all available reasonable approaches use the simplest one, one that you understand if any possible”.
ab praeceptis • December 12, 2016 11:17 PM
Nick P
You evil twin (in mind)*g
Yes. An old pentium with Oberon (in a recent incarnation) on it will carry you a long way if you want a reliable basic communication and reference system.
Another reason for me to second what you say is that, yes, x86 should be looked at with very mistrusting eyes but it’s what’s easily available (still have my beloved T-22 plus a couple of mainboard and a reserve TFT, hehe) and what’s not too high an entry barrier for many less experienced users.
Clive Robinson • December 13, 2016 3:36 AM
@ Nick P, ab praeceptis,
When it comes to formal software verification, the place it most frequently meets the harsh road of reality is in Real Time systems. Such as control systems for vehicles and other moving objects. The faster they move the more important that the timing be got right not on average, nor to five 9s but every time all the time. In many cases the soloution has been not to use even Real Time Operating Systems (RTOS) but “An MCU per function” or FPGA or ASIC, where timing especially response timing can be tightly controled. Usually such designs are “over engineered” and thus grossly inefficient in many ways, which adds another dimension to the engineering issues as vehicles such as electricaly powered mini drones “for delivery” and high altitude comms relay drones for “Wide area wireless networking” hit the commercial sector. Thus more efficiency is required as is the much lower costs of SoC devices with full blown conventional FOSS or commercial OS’s.
All of which means Systems with Timers And Clocks (STAC) represent not just a bit of a challenge but a rapidly increasing demand for formal verification, even in fine grained RTOS systems but FOSS OS’s such as Linux.
The Software,Engineering Institute at CMU has an interesting take on this using Hore Triples at ISA level,
https://insights.sei.cmu.edu/sei_blog/2016/12/verifying-software-with-timers-and-clocks-stacs.html
Having spent a chunk of my working life on STAC and RTOS embedded systems I’m aware of just how much “fun” is involved.
Czerno • December 13, 2016 6:41 AM
@Daniela Caruso, @All :
re: secure, encrypted email.
While not critcizing Protonmail – indeed, I have an account there – I think your praise of it is excessive, it still has defects, the crucial one being centralization.
My recommendation for secure, encrypted, untraceable email that I’ve been mentioning earlier on this blog is Onionmail ( http://www.onionmail.info ) via Tor, plus user-to-user encryption ( GPG or similar). An additional advantage of Onionmail which I haven’t stressed yet is that their anonymous mail servers will delay the retransmission of the mail by a random tide (the maximum delay is user configurable, one hour being a possibly good compromise and, I think, default). This, which impedes a global adversary’s attempts of “temporal correlation attacks” is but one point of a very thoughtfully implemented system (open source by the way).
I wish you all had a look and deigned share your appreciations and critics of Onionmail…
Thoth • December 13, 2016 7:15 AM
@Czerno
TOR is not foolproof. It is pseudo-anonymous and more troublesome to trace. It does not impede NSA et. al. significantly which have considerable resources at hand and recent rise in TOR usage would naturally place TOR as the top few targets to attack by any TLAs out there. Similarly, PGP/GPG/SMIME and such with their high userbase and the lack of efforts to make PGP/GPG/SMIME messages deniable by not leaking too much from the headers (i.e. BEGIN PGP MESSAGE header and OpenPGP formatting). Probably Signal might come to the rescue ? Signal still relies on a centralized server for it’s session keys although these session keys are signed. Due to Signal seeing an increase in uptakes, would the NSA et. al. simply leave it unchecked ? I doubt so either. They could find ways to penetrate into the computer systems used by the devs or even into Github, steal their signing keys quietly by some backdoors but refuse to use the stolen data until when necessity arise …
Too much things going on with too much holes requiring fixing and few actually bother to go to the extend of the extra mile to secure themselves anyway.
The most Signal, PGP/GPG, SMIME, TOR can do is make lives a little harder until one becomes a selected target out of the crowd (i.e. security application developers, researchers, journalists et. al.).
Kelvin • December 13, 2016 8:49 AM
@ ab praeceptis wrote,
“They offered you a nice fairy tale (“democracy”) and you took it, hook, line, and sinker.”
A real democracy would never work because it can never be formally verified. There are just too many aberrations and practicality. IMHO, the closest we have to real democracy is mob-run, as we’ve seen in the latest two prime candidates; a real estate casino magnate and a family with ties to international charity and unexplained accidental deaths to close associates. I have no examples nor facts to back it up, however.
Interesting times…
C U Anon • December 13, 2016 9:28 AM
@Kelvin:
…and unexplained accidental deaths…
Appears to be a common factor in “US Political Families”… Which should make the US voters pause for thought.
Even though the US has some of the highest supposed “accidental” death rates per head of population of developed Western nations, it’s still a significant aberration…
Just another reason to avoid putting foot in the “Good Old Boy, US of A”.
r • December 13, 2016 10:28 AM
It’s funny you mention the casino magnate thing, cuz a lot of older people out here voted that way because “he is going to save medical marijuana.”
As dubious as that sounds it’s the reason I tore into the supervisor this season, because they wanted to disqualify someone’s vote over a statement like that with ZERO signage warning the public of the legal ramifications.
vas pup • December 13, 2016 10:57 AM
@all respected bloggers provided their opinion on recent election, POTUS-elect DJT and his relationship with (1)establishment of his own party and (2)alphabetic soup LEA/Intel:
On (1):”A politician thinks about next election[establishment-vas pup]. A statesman, of the next generation[POTUS-elect – vas pup]- James Freeman Clarke.”
M.Pence looks like decent person and would not play their game to replace POTUS-elect through ‘dirty’ tricks – just gut feeling.
On(2): alphabetic soup decided that they keep monopoly on patriotism, and their only vision is the best for the country. E.g. POTUS J.Carter was denied(!)information on UFO requested from CIA Chief, then POTUS J. Bush (senior).
They currently understood that such thing is unthinkable on any information/action requested by recently POTUS-elect as Commander in Chief within his authority/Law. Yes, they use to switch focus of Presidential decision making by providing him with selectively filtered information. Basically, the illusion was that decision was made by President, but input was one-sided/partisan. That could be fought easily by assigning two Intel analytical teams which will conduct independent research on subject matter one for pro and other for contra, and then provide their finding to the President for evaluation as ‘Chief Judge’. But, to be objective, Intel was used to provide information to support already made political decision (invasion of Iraq as example). Such practice demoralize best analytical forces of Intel Agencies, and counterproductive in the long run.
Conclusion: neither establishment nor Intel will get/obtain position of ‘puppet master’ of POTUS-elect. That is their mutual main concern. All is about control at the roots.
Uncle Joe Stalin • December 13, 2016 11:15 AM
Found who hacked the elections! Round up the usual suspects.
OK, we got’m, now get a rope.
IanashA_TitocIh • December 13, 2016 11:23 AM
I have been enjoying this thread regarding OpSec like issues for journalists or others.
Eff.org’s SSD series has info about evaluating your threat model. FWIW OpSec IMO is extremely difficult to get right and maintain.
Threat-model: long term Tor user who thinks, among other things, that he may attract more attention stopping the use of Tor relative to continuing to use Tor.
As an Apple fan and since the old saying don’t leave $20 on the table FYI:
1- Apple (refurbished) routers are often available here:
http://www.apple.com/shop/browse/home/specialdeals/mac/mac_accessories
wikipedia links
https://en.wikipedia.org/wiki/AirPort
https://en.wikipedia.org/wiki/AirPort_Extreme
I find these routers relatively plug-in, setup, and forget (except for restarting and periodic firmware updates). Settings to tweak appear to be relatively limited, however. In addition, I am interested in technical, opinions and/or other reasons not to buy current Apple Routers for us 99%ers.
2- Apple (refurbished) Macintosh computers are available here:
http://www.apple.com/shop/browse/home/specialdeals/mac
Recently, it appears that the 2012 Macbook Pros, the ones with built-in dvd drives and Intel Ivy Bridge i5 or i7 chips, I think, were discontinued but still are available sometimes used from Apple for around $830 and up (search for superdrive w/in refurbished Macs above).
wikipedia link
https://en.wikipedia.org/wiki/MacBook_Pro
For example,
http://www.cultofmac.com/405009/why-is-apples-ancient-2012-macbook-pro-still-so-popular/
and earlier today this one was available for $1050
http://www.apple.com/shop/product/G0MT4LL/A/refurbished-133-inch-macBook-Pro-29ghz-Dual-core-Intel-i7
I enjoyed reading about the Thinkpad t22
http://www.compukiss.com/computers-and-tablets/ibm-thinkpad-t22.html
but for a more late model laptop might the 2012 non-retina Macbook Pro be a reasonable choice?
Again, I am interested in technical, opinions and/or other reasons not to buy a used 2012 Non-retina Macbook pro for us 99%ers.
Misc. Info:
Around this time of year, I think purchases made now don’t have to be returned until around 2 weeks after 25 December for a full refund. Usually the return policy is 2 weeks.
With these laptops I assume it is straightforward to remove the hdd and perhaps other stuff.
Intel specs, I think, for the relevant i5 and i7 chips, respectively:
http://ark.intel.com/products/67355/Intel-Core-i5-3210M-Processor-3M-Cache-up-to-3_10-GHz-rPGA
http://ark.intel.com/products/64893/Intel-Core-i7-3520M-Processor-4M-Cache-up-to-3_60-GHz
FWIW the earlier 2011 Macbook Pros, not the 2012 models above, appear to have used Sandy Bridge processors; perhaps a plus for open firmware like stuff
From Qubes website regarding hardware compatibility:
https://www.qubes-os.org/hcl/
search 3210 for some input regarding an old Macbook Pro and Qubes installation input from around 2013 (Asus and Lenovo, I think also had hits for the 3210 and 3520 chips)
Misc. Questions:
A) Do 2, 4, or 8 gig sdram modules matter perhaps regarding rowhammer in the above PCs? Are there any preferred memory vendors to perhaps avoid rowhammer issues? Is it probably safe to assume buying non-Apple ram is fine?
B) I assume a firmware password and FDE for the Apple partition makes sense?
B1) Do multiple partitions of the hdd sound reasonable?
C) Does it make sense to use USB 3 thumb drives for storage w/o the internal hdd installed?
C1) Does it make sense to only use the internal CD/DVD device?
D) Is it better to use bluetooth or USB keyboards and/or mice for ergonomics? Or should one stick with the built in keyboard and trackpad?
E) Apple says used PCs can be reset to factory specifications. Might it make sense to periodically take used Apple PC hardware in for full resets if possible?
E1) How about periodic iOS device factory resets by Apple as opposed to “Erase All Content and Settings” available under settings?
F) Is it reasonable to assume that things like firmware malware would not be present in Apple refurbished hardware? For example, as good as new minus wear and tear.
G) Should one avoid using the built-in Nic (Intel Nic type issues)?
H) Anything relevant that I forgot to ask?
I look forward to any input.
PS. Of course, if interdiction is in your threat model, Apple refurbished stuff might not be for you.
CallMeLateForSupper • December 13, 2016 11:57 AM
Anybody notice their PrivacyBadger is trashed?
My PrivacyBadger on Firefox (Linux) is apparently broken. Opening it shows the Badger logo, the question-mark and options icons, and three empty boxes (where trackers are usually displayed). It was working earlier today; I looked at trackers while on a web site I visit daily. 4-5 web sites later, I was on Motherboard when I noticed that there was a problem.
Uninstalled PrivacyBadger
Re-installed PrivacyBadger
No joy.
Uninstalled PrivacyBadger
Shut down and rebooted
Updated Ubuntu OS
Re-installed PrivacyBadger
No joy.
tog toor • December 13, 2016 12:21 PM
A prism splits light without a noticeable delay, creating a completely separate stream that can be fed to selectors to identify identifiers, stored by priority (lowest defaulting to let’s say two years) and written over as needed, higher priority being directed to suitable operations. Appropriately modified, and served up or utilized at a given time, once all your hashes have been through the super brute.
Rather than POST, your browsers “like” to use GET requests frequently, which many servers “like” to log with, and also many like headers, star-date, IP, domain+host+port and system info and ID. The list of tracking software and any number of machines at any one time collecting statistics on a variety of your networks behaviors being very large. Some servers and domains have the same root for a long time if you check back very, very, occasionally every 4 or 5 years at least for uncomfortable enquiry.
Microsoft COM+ Services Meta Data
%systemroot%\system32\clbcatq.dll
Might help with analyzing certain data, and put to use for both end users and not some agency. It’s well entrenched and windows does need COM+, so once it’s added to by “security” update roll ups to older operating systems some time ago, it’s not coming out and there are a lot of systems that use COM+ so router blocking is not going to solve everything too easily.
A reinstall with an older image and carefully selected security updates from the updates catalogue could help, but that is a lot of updates. Any service packs and roll up short cuts will contain the stuff you wanted to avoid and it’s not like you can read the source for the others anyway. Some of this stuff has been there a while. A lot of software services like to collect meta-data or telemetry, there is probably even a policy somewhere.
Politics seams very similar in many nations, despite their moniker.
A small group absolute for a time, and unexplained deaths (or explained as suicide through unknown 3rd party accidental car injury, or falling off something with a little help). Evidence sometimes finds itself into the wrong property, sometimes it falls from a detectives pocket or hand into the exposed back of tradesman’s work vehicles.
Most people having nothing to worry about, – assuming safety in numbers, luck, no one wants any of your property, identity, doesn’t like the look of you being happy or content, your grass is greener, you are in the way of development that generates revenue for someone or kick backs for someone else, they don’t like your hat, or you don’t know you might possibly saw or heard something, someone else “owns” your networked devices, or human\machine error, random cosmic events.
The benefit of solar panels is that you can run really low powered stuff and get off the grid if you are practically of it anyway and don’t really need to communicate that often, except with someone from your local government authorities (or friends) so they can collect money for the services that don’t exist in your area, and also have a look at your neck of the woods in case they see a use for it that your puny mind and irrelevance could not ever possibly grasp, check the data on your gross income.
65535 • December 13, 2016 1:51 PM
@ CallMeLateForSupper
“Anybody notice their PrivacyBadger is trashed?”
No, but my sacrificial box is an old xp box converted to vista and the chipset doesn’t support areoview which leaves a silver start bar that is not translucent [aeroview is now mostly deprecated in win8/8.1 to 10].
Did you make some changes in about:config?
I break FF with too many about:config changes. But, that is short lived because I reinstall FF or a newer version number is available… Which seem to obliterate my changes to about:config – much to my discomfort.
I have broken sites [sites will not load with Privacy Badger configured with the sliders all red on all sites]. I just re-set privacy badger.
[Continuing with the tracking issue]
@ tog toor
“Rather than POST, your browsers “like” to use GET requests frequently, which many servers “like” to log with, and also many like headers, star-date, IP, domain+host+port and system info and ID. The list of tracking software and any number of machines at any one time collecting statistics on a variety of your networks behaviors being very large.”
%systemroot%\system32\clbcatq.dll
Ok, is this get v. post deal changeable at the browser level. I use Fire Fox is it changeable in the about:config settings [most of our boxes are dual browser].
Is is only changeable at OS level?
I can use “post” instead of “get” when using searches with ixquick/startpage. But, that just covers internet searches and not the actual website sessions when I connect to said website.
By the way, what is your opinion on the effectiveness of Privacy Badger?
[next is tracking]
Emptywheel believes tracking now done by the ISP/phone company. I believe that also to be the case but a supercookie or extra string is attached certian packets or cookies to ID sessions for each customer [I could be wrong].
In the past is was done by the DistantFish
“ Project DISTANTFISH was created to target terrorist traffic on the Internet by providing two important services. First, it provides a database for discovering account identities for known terrorists to use as strong selectors (i.e. login names, e-mail addresses, or other elements that can be associated with a particular individual). Second, it provides information on which the same user generated computer sessions. Thus, if one session contains a strong selector for a terrorist, then all sessions can be collected. At the heart of this capability is an association service that can track an individual computer by the way it generates packets… From this association service, the DISTANTFISH team members were able to determine that the terrorist generated 107 computer sessions over eleven minutes, thus separating this traffic from that of the other 16 people in the web café. As most of the supporting software is still under development, the data was manually examined resulting in the discovery of two additional MSN Messenger accounts and two Yahoo web mail accounts that the terrorist used…”-SIDtoday
“SIDToday newsletters the Intercept released today describes how a key tool to correlate identities, DISTANTFISH, works.” –emptywheel and the Intercept
https://assets.documentcloud.org/documents/3233073/Targeting-Terrorist-Internet-Traffic.pdf
“…the USA Freedom Act requires “phone” companies, broadly defined, to turn over “session identifiers” under the guise of call records. Any such session identifier can be used to correlate identities in this fashion. I have long argued that is the point of USAF: to get tech companies to do correlations with a near perfect degree of accuracy rather than (in fact, in addition to) having the NSA correlate the IDs.” -Emptywheel
https://www.emptywheel.net/2016/12/07/distantfish-and-correlations/
65535 • December 13, 2016 2:37 PM
@ Daniela Aligheri Caruso
Sorry for the late reply. I had started the work week.
Yes, I just set up a free proton mail account. Proton mail looks promising. I see it does require java script [so does the old hushmail]. I also see it has two passwords: one for opening the one’s account and another for unlocking ones email.
I did not quite catch how to PGP could be integrated with proton mail. Can you recommend some software that would do the job?
I am correct to understand that proton mail must be opened once a month [a better option that hushmail’s free version which requires opening once every 3 weeks and to set up requires a smart phone capable of texting – which proton doesn’t require].
Proton mail looks easy to use and safer that hushmail. Thanks for your recommendation.
The question is the problem of having Gmail with a Rule 41 virus/rootkit spyware [poison mix]. Could just opening the Gmail account spread the FBI’s Rule 41 virus/rootkit spyware?
The reason I ask that question is the amount of ransom ware and NSA/Equation malware in the wild documented by Bruce S.
“A group of hackers called “The Shadow Brokers” claim to have hacked the NSA, and are posting data to prove it. The data is source code from “The Equation Group,” which is a sophisticated piece of malware exposed last year and attributed to the NSA. Some details:
“The Shadow Brokers claimed to have hacked the Equation Group and stolen some of its hacking tools. They publicized the dump on Saturday, tweeting a link to the manifesto to a series of media companies.
“The dumped files mostly contain installation scripts, configurations for command and control servers, and exploits targeted to specific routers and firewalls. The names of some of the tools correspond with names used in Snowden documents, such as “BANANAGLEE” or “EPICBANANA.”
https://www.schneier.com/blog/archives/2016/08/major_nsaequati.html
[and]
“A new, powerful strain of the notorious Duqu malware appeared in the wild after going dark in 2012. The so-called Duqu 2.0 was the malicious agent used against the security firm and many other targets worldwide.”-infosecinstitute
http://resources.infosecinstitute.com/duqu-2-0-the-most-sophisticated-malware-ever-seen/
[and]
Ransomeware Meets Multi-level Marketing
https://www.schneier.com/blog/archives/2016/12/ransomware_meet.html
APT
https://en.wikipedia.org/wiki/Advanced_persistent_threat
It’s seem evident that Duqu 2.0 could be adjusted to deliver key loggers, ransomware, and root kits [APT] via gmail non-eraseable email. This code appears to be in the wild and will be perfected for FBI use or other nasty uses.
The question is:
Should gmail be considered an APT in that each device you open gmail on could possibly infect your computer, laptop, iPad, iPhone?
What do you say?
Anon22 • December 13, 2016 2:40 PM
@Sancho P,
Intel released a program that communicates with ME? Interesting. I think that is a big blunder. That program can probably be reverse engineered much easier than ME. Anyone want to release a buffer overflow exploit that patches in alternate firmware for Intel ME? If the alternate firmware is not persistant after reboot, maybe a small device that sends the packets every time it starts up?
ab praeceptis • December 13, 2016 2:52 PM
Clive Robinson
I have mixed feelings about that article/approach.
My first issue is reading about “thread scheduling”. IMO that hints at a rather wanton premise. Now I don’t know about car systems (he mentions those) but in my world anything beyond about 10 usec is a no-threads-land.
So, frankly, Clive, I’m under the impression that you are talking about serious stuff where any OS, even an RTOS might introduce complexities or uncertainties that are not acceptable, while that article talks about lala land (comparatively speaking), about a world with multithreading and presumably in an rtOS (small r ~ “kind of vaguely real time”).
I’m also amazed again and again about how Frama-C is (mis)understood. Yes, frama is a ver nice and helpful tool (and one ofthe very few which are actually useable in the first place) but: No matter how happily Frama-C paints your code in green, what your compiler sees, interprets, and does might be a different thing.
What I did like though was that he understood and mentioned the “sister” of that problem, namely the divergence between UPAAL (he mentioned that) spec/modelling and language/code.
Spec/modelling is about algorithms. Whether these are properly implemented is a quite different question.
He’s using H3s? Great. Cute – and completely meanigless without concrete examples.
@CallMeLateForSupper,
Not near a desktop currently but double check the folder your xpi’s are installed in, if you’re using a live CD I’ve noticed some of them keep noscript in /usr/lib/firefox/extensions as soft links to /usr/lib/mozilla/extensions when firefox doesn’t seem to understand the concept of cross linking file systems. I tend to move them into /etc/skel accordingly so they’re slotted and upgradeable per user.
Sorry, swype.
…slotted? I forgot what that was suppressed top say.
But!
It could be permission related too figure out where ~/.mozilla? Is.
Clive Robinson • December 13, 2016 3:28 PM
@ IanashA_TitocIh,
long term Tor user who thinks, among other things, that he may attract more attention stopping the use of Tor relative to continuing to use Tor.
The human brain and many computer algorithms are sensitive to movement or changes in movement especially when they are abrupt.
Thus the trick is to make slow changes and withdraw a bit at a time.
So I would suggest first replacing any questionable viewing with less questionable viewing whilst keeping the traffic levels about the same. Then when all the traffic is of the sort not to raise questions if visable as plain HTTP slowly transfere viewing from Tor to https. This latter stage can be speeded up if say a new machine is purchased, by simply not installing Tor. The fact that the machine is new will be sufficient excuse not to download and use Tor.
Then of course there is the “legacy issue, of what would be left from when questionable content was viewed. Untill relatively recently the process of “clean up” would have been copy off to other media that which was not questionable and was to be kept, then securely erasing the hard drive reformating it and disposing of it as second hand etc by upgrading to a bigger drive or switching over to a solid state one.
Now however the knowledge of how to hide identifiers and the like in the Flash ROM of other parts of the system is well established due to the likes of BadBIOS and Lenovo trying to stop their spy/malware being removed. Thus it’s almost certainly going to be used by someone for tracking/tagging purposes even if it’s just sleazy site operators and their blind eye turned by a few pieces of silver to the third party adverts containing spy/track/tag/malware.
But worse still is the issue of Solid State Drives… They are difficult at best to clean without special “manufacturer only” tools and the fact that they are now the “storage media of choice” for black box recorders, should give you an idea of just how difficult they are to destroy… Personaly I would not use them for anything I would not let my worst enemy see…
All of which brings me to your question of,
Is it reasonable to assume that things like firmware malware would not be present in Apple refurbished hardware? For example, as good as new minus wear and tear
No it would be unreasonable to expect Apple to replace firmware on parts it purchased in. Consider the three or for ARM CPUs in SoCs on hard drive controlers, I doubt that Apple would re-flash these.
If you want an idea of just how many places that have Flash etc that would have to be re-written find a copy of the photographs that the UK Newspaper The Guardian published after they had a visit from tweedle dee and tweedle dum from GCHQ on their “day trip to London to see the sights, do some shopping” and to erase any potential security risk from the Apple computers the Guardian had used for the Ed Snowden document trove. You can see which chips have been “ground off”, and there are quite a few.
65535 • December 13, 2016 3:32 PM
@ IanashA_TitocIh
I am by no means an Apple expert but since nobody has answered your questions I give it a go.
“A) Do 2, 4, or 8 gig sdram modules matter perhaps regarding rowhammer in the above PCs? Are there any preferred memory vendors to perhaps avoid rowhammer issues? Is it probably safe to assume buying non-Apple ram is fine?”
I believe rowhammer depends upon ddr3 and it density of memory cells which in used in most Mac i5 to i7 machines. Hence, you’re at risk.
“8GB of 1866MHz LPDDR3 onboard memory
Configurable to 16GB of memory”
Rowhammer:
“The opportunity for the row hammer effect to occur in DDR3 memory is primarily attributed to DDR3’s high density of memory cells and the results of associated interactions between the cells, while rapid DRAM row activations have been determined as the primary cause.”-Wikipedia
https://en.wikipedia.org/wiki/Row_hammer
In theory all DDR3 machines has vulnerability to rowhammer. But as other people on this board note, rowhammer may just brick the device instead of extracting keys.
For over all security of Apple products see Apple’s Differential Privacy by Bruce S.
https://www.schneier.com/blog/archives/2016/06/apples_differen.html
[and Apple’s Differential Privacy raises concerns amoung experts]
http://www.technobuffalo.com/2016/06/15/apple-differential-privacy-privacy-security-data/
“As an academic researcher and a security professional, I have mixed feelings about Apple’s announcement.” –crytographyengineering
https://blog.cryptographyengineering.com/2016/06/15/what-is-differential-privacy/
Basically, you either trust Apple or you don’t trust Apple.
I have answered the first question so I’ll let other answer the others.
@Clive,
//You can see which chips have been “ground off”, and there are quite a few.
Who did the grinding?
The ‘Tweetles’ ??
Even if it was them such a fluting may have been largely cautionary.
Clive Robinson • December 13, 2016 4:48 PM
@ r,
Who did the grinding?
As far as I am aware, from the Guardian “weekend” article it appeared in, it was Guardian technicians and other staff under the direction of the tweedles, except where the use of tweedle equipment (I suspect industrial strength degausing kit) was needed.
Whilst I’m aware they may well have “over-egged” the pudding by grinding off a few extra chips, the point is it’s highly unlikely they left any reprogramable chips out.
Thus it’s possible to find the subset simply by getting the chip data sheets or probing them out via their Jtag pins.
Sancho_P • December 13, 2016 5:44 PM
@Czerno re: Onionmail time delay
Their documentation is not fit for an ESL noob, I think I couldn’t set it up to try.
Sancho_P • December 13, 2016 5:46 PM
@Uncle Joe Stalin
Oh it seems you still did not get it, let me try again:
It was Putin himself, only Ed made it appear to come from elsewhere / DHS.
We know that because we know that we know that.
Sancho_P • December 13, 2016 5:52 PM
@Anon22, @65535
Um, I think ME / AMT was made with the best intentions in mind.
It’s a very complex comfort function, apparently with standard pwds, debug info and bugs, as always.
Since 2010 it’s built into the (which?) chipset, also working wirelessly, can be initiated from the client (event driven) or remotely.
See: “Fast call for help” (CIRA)
http://itpeernetwork.intel.com/intel-amt-6-0-new-features/
and
https://software.intel.com/en-us/articles/fast-call-for-help-overview
– If enabled by software (no jumpers, of course).
So the problem is: It can be abused.
First will be the known agencies,
and one day later other criminals will follow as all systems leak like sieves.
Due to “security by obscurity” most of the legitimate users of such systems don’t know or can’t clearly disable / exclude such functions because SW is deemed vulnerable.
Only we don’t know if it’s today also in other chipsets but not advertised as such for marketing purposes.
This is the reason why some would call it a backdoor.
However, if known, the international acceptance of such products will diminish.
It’s not surveillance, it’s naivety.
Now let’s play the national anthem and hope that no one will step in, forever.
@Clive,
Yeah no doubt, it’s certainly not a very comforting to become aware of that’s for sure.
I wonder if they ground the chips inside of the attached monitor[s]?
^_^
davidh • December 13, 2016 6:08 PM
re: second thoughts on Intel management engine
@Thoth on hidden ROM codes
It strikes me that if the Intel Management Engine firmware can be zero’d, it can be altered to anything you want it to be.
Great way to bring in a device, clamp on a PROM programmer, and put in whatever malware you want to have in place.
The malware would be like “Evil Maid” but it would be more cleverly hidden in the autonomously executing Management Engine.
https://yro.slashdot.org/story/16/12/13/2219247/a-typo-led-to-podestas-email-hack-says-report
I programmed the ECU on my Ford to communicate with Morse code over my horn, problem solved.
My Info • December 13, 2016 7:02 PM
Nuo suomalaiset rakentavat rakentamaisillaan, rakentaakseen rakennuksia….
How many is this for McAfee?
https://packetstormsecurity.com/files/140150/Ubuntu-Security-Notice-USN-3155-1.html
Firefox vulns
@Thoth,
Good week:
https://packetstormsecurity.com/files/140138/Gentoo-Linux-Security-Advisory-201612-39.html
A vulnerability was found in the way Bash expands $HOSTNAME. Injecting
malicious code into $HOSTNAME could cause it to run each time Bash
expands \h in the prompt string.
A remote attacker controlling the system’s hostname (i.e. via DHCP)
could possibly execute arbitrary code with the privileges of the
process, or cause a Denial of
Service condition.
There is no known workaround at this time.
…
That being said, dhclient can’t not send the hostname requirement???
Clive Robinson • December 13, 2016 8:45 PM
@ Sancho_P,
Um, I think ME / AMT was made with the best intentions in mind.
There is an old saying that springs to mind,
Importantly though is the point I make on the odd occasion or three,
Engineers by and large are problem solvers not politicians, they often care not for fame, fortune or even thanks. However those of a political persuasion can not look at a problem without thinking how to benifit themselves from it, or disadvantage one or more close allies. As a spiecies politicians actively seek power through self aggrandizement, which rarely bodes well for others.
Thus an engineer will build a bridge so that two peoples may meet and trade to the benifit of both. However a certain type of politician will see it as an oportunity to more easily send in the tanks…
Clive Robinson • December 13, 2016 9:02 PM
@ r,
I wonder if they ground the chips inside of the attached monitor[s]?
I don’t remember if they showed photographs of the screen PCBs.
What I did look for but did not see was the Apple “battery pack”. You might not remember but somebody worked out how to potentially hide malware in the flash of the microcontroler inside the battery pack that talked to the motherboard to keep a record of charging and other characteristics. So it is possible somebody missed a trick or maybe the photos were not very good. I must admit even in my more gung ho days I would not have gone around grinding up Li batteries, as they can contain as much energy as a small explosive, and have been known to set fire to wooden doors and furniture.
Something certain new smartphone users realy should take to heart when they get that recall notification. I still shudder when I see women shoving their phones under their bra straps or worse under their headscarves tight up against their ear whilst they use their hands for other things. If the phone they have there poped and burned, there is no way they would avoid nasty burns.
Thoth • December 13, 2016 10:17 PM
@r
That’s why I call TrustZone as TrashZone for many of my recent post and have heavily discouraged the use of such a closed door technology that only via NDAs and huge sum of cash for licensing fees would get you access to the hardware manufacturer’s implementations of TrashZone.
Sure there are open source versions and open standards but the chances of vendor lock-in is too high.
Time to trash the TrashZone. No wonder Samsung KNOX only had CC EAL 2 for it’s bronze sticker (not even golden sticker).
Kids are smart these days and I am pretty sure there would be a day where little kids could break into “High Assurance” systems like a walk in the park.
65535 • December 13, 2016 10:32 PM
@ Sancho_P
“I think ME / AMT was made with the best intentions in mind.”
True. So was Unified Extensible Firmware Interface (UEFI) but it can be pwnd.
I think the more harware Add-on’s and lines of code you add to a system – just increases the attack surface area. Unfortunately, both ME/AMT and UEFI happen to be large holes you could drive a truck through.
I am sure the NSA/FBI/CIA and the rest of the TLAs have rootkit/spyware or nice worded “Network Investigative Technique” to hack/rootkit/keylog about any consumer device.
Sadly, this information has trickled down to police, ransomware makers, private investigators [Private Cops] and even to some degree scrip kiddies.
Once, the internet becomes weaponized it will be very difficult to un-weaponize. That seems to be the path we are on.
r • December 13, 2016 10:49 PM
It’s the path we’ve been on since the 80’s, since the morris worm, since the subverted compiler chicken and the egg papers.
Communication is a weakness to control, information wants to be free @65535.
We don’t live in a society where free communication is safe, you and me can conspire to do a sit-in, Wael could be building a fission bomb and nuclear pile from talking to a geometrician.
The free exchange of information is a double edged sword, we must guarantee responsibility of dual use technologies.
In sum, [not en sum this time] we must ride the razors edge of enabling whistleblowers and thieves/spies until the time that we can trust each other.
Until we can implicitly trust everyone and everything.
Figureitout • December 13, 2016 11:08 PM
65535
–That problem isn’t limited to gmail (kinda like the whole internet and every protocol and application connected to it, and the road’s 2 ways), so not sure what you’re getting at…
Walking down the street w/ your back turned to oncoming traffic, a driver could have a diabetic coma, plow thru the curb and squish your body thru the fence on side of road. I recall a story where someone was just walking, that happened and it took a leg off (physically separated…). Should you even walk outside?
I showed digital radio working w/ my 1980s radio (much easier w/ other ones) if you want an alternative (file transfer is possible-ish). Just bits in standardized patterns. Directly connected to you thru the airwaves and not a cable or ad/search engine company.
Markus Ottela
It’s possible but then there’s the interdiction issue, court orders, supply chain security
–Problem already exists anyway w/ current TFC (RasPi’s not truly open, computers not truly open, and all the same issues building up proto versions of TFC; they don’t go away ever). Point is promoting your work and making it easier to use, a simple board w/ simple components is not too hard to pretty fully evaluate, will be as good as looking at components themselves. I’m not planning on making any actual money on it, I’d be just covering operating costs if I laid out a board.
What is your idea?
–Idea about what? Not sure what you mean. The realistic risk is likely very minimal. There are 1-wire protocols, power line protocols, all kinds of other protocol hacks so enforcing true isolation is just the right thing to do for a security project.
Sancho_P
The Mini-B USB needs to be pushed / pulled
–What?
And I’ll solder caps directly to pins, close enough?
Cryptomator looks good btw, how do they make their money though.
Daniela Aligheri Caruso
–Thanks, there’s a long way (I have high expectations) to go but that’ll get you a long way. Few pretty bad fundamental problems remain that security people will be talking about for millenia. Opsec right now, it’s about avoiding current surveillance enough, it’ll keep changing so you have to stay frosty. Agree w/ your points, I probably started worse off than you. After about 2-3 years sitting around talking, I got real antzy.
You can’t sustain those high levels (there’s still quite a few more levels above of course) for long though. Burn out will happen.
There’s no way to verify images beyond what we have now. It’s why my main strategy now is to reduce attack surface as much as possible and monitor for abnormalities. It’s the realistic strategy…
Will talk again when I get some hopefully good news.
IanashA_TitocIh
–I wouldn’t count on a large company to really have your personal security needs at heart. Unless it’s like small MCU’s (where company won’t want to give you more functionality w/o more money so they’ll be restricted). Manufacturers get firmwares sent to them and they flash them and put them on board.
But do your own thing, no one said we need to all do the same thing. You probably know the answers to a lot of your questions too eh?
Wael • December 13, 2016 11:58 PM
@r,
could be building a fission bomb and nuclear pile from talking to a geometrician.
You trying to get me in trouble, agent r? Be careful what you say now that I am behind the “panda’s dinner” curtain for a few days!
r • December 14, 2016 12:17 AM
No sir, I see fully now that my speculative habits and tendencies can cause irreparable harm.
Also, that as fair as I try to be (and believe that I am) there’s 2 separate times I’ve made potentially racial connotations at someone I view as a friend.
I’ve got alot of growing to do.
Wael • December 14, 2016 12:28 AM
@r,
I’ve got alot of growing to do.
Lol! Don’t worry about it. Neither comment bothered me. Just be careful this week, though. I have very high tolerance for jokes, but some TLA’s don’t have any sense of humor. Or they have a twisted sense of humor 😉
Thoth • December 14, 2016 12:53 AM
@Figureitout, r, HW interdictions et. al.
Same sentiments of producing the PCB for TFC. What I really hope is not to make money out of it but simply to cover cost of PCB productions and the mass production of the PCB is to ramp up interest in TFC and get more people secured and experimenting in that direction.
For those who are worried that the production of this PCB would be considered as arms export, designing it only consist mostly of optocoupler and some transistors and probably a battery unit. No RaspberryPi with the software comes with it so how would that be considered a “dangerous” item that may face interdiction ?
There are so many stuff out there that are better targets for interdiction, why would any nation state do interdiction on a PCB with an optocoupler, battery holder and transistor which used by itself is meaningless. There are many open source secure hardware projects like ORWL that is clearly a security appliance by every means according to ITAR and Wassenaar Arrangement rules.
Also noting that creating the PCB in other countries (i.e. China) would be much lower on cost and not restricted by US EAR (export control crap) and then use non-US/UK storehouses as distribution points.
The circuitry for the single directional data diode itself is rather simple and very easy to spot problems (i.e. supply chain pollution) since there is no micro-processor. You can mass produce the single directional communication PCB with ease since there is very little that could go wrong on such a simple circuit.
If your intentions are to create not just the single directional PCB but also to include a CPU of sorts, this will be more complex and if the correct CPU is used (mostly CPUs with good documentations – STM32, PIC32 …) it should be fine as long as the entire design is clean and open.
Before anybody goes about waving their hands … hey what if they could interdict this or that … how about sitting down and think about which part(s) of the board or circuitry they could interdict and the likelihood of success.
David Cooper Field • December 14, 2016 2:35 AM
How do you pull a robot out of Iraq?
Undereavesdropper • December 14, 2016 5:04 AM
@My Info
I’d been under the impression that the Finns migrating to the States had settled in the town of Hullu, East Texas, following the great Hulkkonnen, and settling down to domestic the wild Western Spaghetti Monster. I was obviously mistaken. Thanks for correcting me on that. Now if they’d named that TV series Hullu instead of Dallas … but that would’ve been too obvious, wouldn’t it? We can’t let people see that the King is naked, can we?
Who? • December 14, 2016 5:52 AM
@ Thoth
I was just thinking about the possibility of doing a serious public audit of ME source code. Releasing the keys used to sign the firmware will allow us to completely overwrite the Intel ME, but it will put those that choose running this firmware on their computers on serious risk too. In short, reading the ME source code so we know for sure if it has either backdoors or unintentional vulnerabilities on it. It would be nice answering for sure the question about the possible existence of backdoors in our current computing technology, something that has been suspected for years, and develop the right countermeasures iff confirmed.
Of course owning the keys will allow us completely overwrite the ME firmware without bricking our computers.
I have no doubts these keys are in the hands of intelligence agencies around the world right now.
65535 • December 14, 2016 6:00 AM
@ Figureitout
“[@]65535
–That problem isn’t limited to gmail (kinda like the whole internet and every protocol and application connected to it, and the road’s 2 ways), so not sure what you’re getting at… I recall a story where someone was just walking, that happened and it took a leg off (physically separated…). Should you even walk outside?”- Figureitout
My senses indicate to me the probabilities getting infected by gmail/yahoo/aol and so on, by a TLA or LE is much higher that most people suspect. It seems like a quick an easy way of implanting spyware for mass surveillance.
To be more precise, the question is the possibility/or reality of gmail/yahoo/aol becoming a favored method of Rule 41 spyware implantation, or kindly put, “Mass NIT” operations or “collect it all” or what every you want to call mass spying – via huge free email platforms [which just happen to keep your confidential data forever].
I am getting at the “perfect storm” problem as in a combination of weather fronts combines to create a hurricane which could make walking out side inadvisable – so to speak. If you are in Florida you know when not to walk outside during a Hurricane.
But, if the storm is extremely quick or invisible to the eye one could get caught in it. Those fronts would be gmail/yahoo/aol and Rule 41 and its powers to implant spyware. That is the perfect storm.
Another way of looking at is say, the average Joe, years ago opened a gmail account and trusted gmail to only skim his email for “advertising” revenue and nothing else.
But, during at long trusting period of the average Joe using the free email system, corruption occurred where it became profitable to keep all his email and to make him the “product” to be sold to not only ad companies but to credit rating agencies, background checking companies, politicians, and the NSA/CIA/FBI.
The storm becomes stronger because the average Joe is conditioned to only use “handy, convenient, free” email systems to exchange information. Then a certain class of people in power places find it useful to monitor all handy, free communications systems for theoretical “National Security” or “Anti-Terrorism” such as NSA.
The final step is to turn National Security Agency customer is no longer Generals and Nuclear Button Pushers but vice style law enforcement => all the way down to police patrolling the streets. This all the tools a tyrant would need maybe in place. Again the perfect storm.
The main question still is:
Should gmail be considered an APT in that each device you open gmail on could possibly infect your computer, laptop, iPad, iPhone?
Which then can be further broken down into:
1] How technically probable is this gmail/yahoo/aol/Rule41 spyware combination likely to infect your devices?
2] Are all the technical components [hardware,software, and EULA deception] there and what is the probability the “collect it all” mentality of the FBI/DEA/Local Police will use it in the States and/or other civilized countries?
What do you say?
[Next is opinion]
My guess to the first breakdown question is 40% and the second breakdown question 50%.
Once the questions are better answered the next step is how fast to migrate away from gmail/yahoo/aol?
My guess is if you are a high risk reporter or privacy rights lawyer the answer is move way now. But, that is only a guess.
Thoth • December 14, 2016 6:21 AM
@Who?
There is no way to seriously audit a source code that we have no idea how it truely looks like. As I have mentioned, would they simply give you the ability to wipe “the ME firmware” just like that ? I am very doubtful. I believe there might be more than that like some sort of ROM code or something.
Grabbing the ME keys is like the crown jewels to Intel. They wouldn’t allow you or anyone anywhere near it unless they have approved the access.
WOP • December 14, 2016 9:07 AM
This business about Tor making you a target is fundamentally wrong-headed.
There’s fundamental fallacy of composition to it. Of course Big Brother can undermine your privacy if they throw enough money at you. TAO interference on this commenter would take maybe three staff years, at significant risk of getting noticed at an early stage. But that doesn’t mean resistance is futile and you should just get naked to appease them. Everybody decides whether to be the soft target. As more and more people take countermeasures, the cost of privacy interference rises. Why not make them pay for it, sweat for it, go through lots of trouble? That’s a collective, ‘political,’ decision, and you can’t exclude it from the scope of the technical question.
But your defense isn’t perfect!Q! So what? Plugging every teensy chink is impossible in the physical world too. So people do security differently, and it works fine, with serial barriers and parallel sensors. The onion-skin concept, they called it, before security got all OCD and paralyzed by perfectionism. The probability of compromise declines. What more could you want.
So go ahead, use Tor. Use lots of other things too, complements and supplements. Then you can undermine an overreaching state a lot, and still not be worth the trouble of tailored surveillance.
My Info • December 14, 2016 9:16 AM
@Undereavesdropper
We can’t let people see that the King is naked, can we?
No. We have to make them look at an ugly obscene logo of an emasculated lion plastered on a Finnish flag.
Sancho_P • December 14, 2016 10:11 AM
@Figureitout
Try to plug in / pull out the Mini-B USB plug to / from your converter when it’s on your table – you have to grab it hard with at least 2 fingers and to wiggle the plug. This heavy but necessary force will be an extreme stress to the solder points and copper traces on the opposite side of the USB when it’s mounted in a case, so they will break.
Not immediately, but for sure when you don’t want it.
Also to fix the converter boards in a case is not trivial because of that force. You either screw them down or the board with the opto-coupler, but not both, to avoid additional stress.
Professional builds may use flex-prints or band cable connectors, you should use flexible wires.
This is one of several reasons why I do not favor that overly simple PCB for the coupler, and there’s no way to include the USB converter(s) onto that PCB, nearly no one could solder them at home, and probably needs only one converter side because the other side is native TTL UART (which is the better option for a TCB).
Caps: Yep, because your adapter-board doesn’t provide holes to fix them and you should avoid any right – angle turns in that path, just to be sure not to form a perfect antenna so your family can watch TV without sprinkles on the screen.
CallMeLateForSupper • December 14, 2016 10:12 AM
@65535
“Did you make some changes in about:config?”
Not since late October. PrivacyBadger looked and acted normal on 12 DEC and through an hour or so of browsing on 13 DEC. Then it was suddenly toast. I made no changes in anything yesterday…. was simply catching up on my usual dozen blogs.
Curious • December 14, 2016 12:52 PM
“Photojournalists and filmmakers call on camera makers to include encryption”
http://www.zdnet.com/article/photojournalists-and-filmmakers-call-on-camera-makers-to-include-encryption/
“Over 150 documentary makers and reporters signed an open letter by the Freedom of the Press Foundation, asking for camera makers — including Nikon, Sony, and Canon — to ensure that their work is protected while often “attempting to uncover wrongdoing in the interests of justice.”
Related slashdot thread: https://hardware.slashdot.org/story/16/12/14/1535230/150-filmmakers-and-photojournalists-call-on-nikon-sony-and-canon-to-build-in-encryption
Amped • December 14, 2016 1:23 PM
Grabbing the ME keys is like the crown jewels to Intel. They wouldn’t allow you or anyone anywhere near it unless they have approved the access.
I don’t know, given enough time I don’t think you can discredit Geohot.
furloin • December 14, 2016 6:06 PM
@65535
“My senses indicate to me the probabilities getting infected by gmail/yahoo/aol and so on, by a TLA or LE is much higher that most people suspect. It seems like a quick an easy way of implanting spyware for mass surveillance.”
If I were a large corporation and wanted to infiltrate all web browsers quickly in a perfect storm like manner. I would use a javascript exploit hooked to google services and code execution in images. Puts telemetry on a greater amount of the internet(that did not already have it) within a few hours if they use proper exploits and blackbox storage locations.
Also does a Adruino with a risc-v processor built yourself by hand with openbsd/hardened linux = more secure than built yourself adruino with opensparc+openbsd/hardened linux?
This is all assuming safe/trusted transportation of software(read not hardware for the sparc, cables, monitor, peripherals, etc.). Although then it makes me wonder is my storage medium secure. Maybe I just dream in wonderland.
Thoth • December 14, 2016 7:26 PM
@Amped
Note that the Sony LV0 keys (probably when you referred to Geohotz) had stupidly embedded the private ECDSA key and AES key inside. To make it even worse, the compromising of a console would yield all the keys since everyone’s using the same keys.
The proper technique would have been for the chip to generate it’s own keypair in the factory and the corporate’s HSM to issue a certificate to the chip’s keypair. The certificate for each chip is burnt into the chip and the public key of the corporate’s HSM and also the certificate chain are also burnt into the ROM image or a signed link to a Flash memory certificate chain that has been signed or a network link. This way would create certificate pinning and whenever a new software is to be loaded, the certificate would also be signed by some corporate HSM and when loaded, it would be verified before loading.
In essence, the Intel ME and AMD PSP follows the ARM TrustZone. In such a scenario, I have given the effective steps in an abstract manner (above) on how things are done. The root public key would be burnt into the chip (ROM) and the chip itself would effectively not be able to boot or update/upgrade because it has a “Trusted Boot” process.
Attacking the Intel ME, ARM TrustZone, AMD PSP … isn’t magical. What has been commonly done is to exploit signed codes to use the weakness of signed codes as stepping stones. You don’t need to steal the root keys or alter anything. All you need is to look through all the signed codes for weakness (since signed codes != secure codes) and then leverage it. Most people are bad at writing secure codes anyway so it shouldn’t be too hard too review those signed codes for an entry point.
As @r has pointed out recently, even Samsung KNOX which is certified to CC EAL 2 and adopted by US DoD for it’s Android platform with ARM TrustZone (used as the basis for the KNOX secure workspace) fell under a BufferOverFlow attack by the “trusted applets” and who would have expected since it was supplied and signed by Samsung 🙂 .
PJ • December 14, 2016 7:28 PM
I’ve just seen a security risk I’ve previously overlooked. Like a lot of people I have a small weather station that has its own web page. Typically these show a number parameters, including indoor and outdoor temperature.
Today, for the first time, I encountered a page for a home weather station (not mine) that appeared to show that the owner was away, and had been for a few days.
The graph of indoor temperature resembled the edge of a saw until a few days ago, showing that the temperature was thermostatically controlled. Then, suddenly, it was switched off and the temperature plunged and remained low.
Many stations’ web pages have links that permit their precise location to be determined.
I hadn’t considered before that the combination could effectively constitute an invitation.
Probably many who have weather stations also have alarms and CCTV but…
Clive Robinson • December 14, 2016 7:59 PM
@ Figureitout, Markus Ottela, Sancho_P, Thoth,
You may not need to build any PCBs at all, as there is existing kit out there you can make an “optical data diode” from.
I suspect many of you have or has audio devices such as Sony CD / DVD players, Home Entertainment Systems etc with a strange looking square connector that is marked S/PDIF or EAJ Optical.
The Sony / Philips protocol is a low cost version of AES3 or AES/EBU optical audio used in professional recording studios. The specification for both is covered by IEC 60958.
The S/PDIF optical links are actually TOSLINK (Toshiba Link) connectors and sockets etc. You can by the parts very cheaply with the plastic light pipes already made up and available in higher end home entertainment outlets.
Each link is unidirectional and the low level signal is a binary stream that is Manchester Encoded prior to driving the TOSLINK IR LED.
As both AES3 and S/PDIF actually get used in recording studios there are quite a few converter units floating around.
Importantly AES3 uses XLR connectors and the actual hardware interface is usually implemented using RS-422 line drivers and receivers. You will if you look around find AES3 to S/PDIF Optical converters, giving you unidirectional pre-built TOSLINK to RS-422 unit and RS-422 to TOSLINK units.
As I’m fairly sure one or two of you know interfacing RS-422 to a microprocessor hardware is fairly trivial as is writing the code to transmit and receive Manchester Encoded data.
Thus building your own S/PDIF interface cards and Raspbery Pi drivers would have a much much wider market appeal.
From a users perspective building a galvanicaly issolated optical data diode is just implementing one TOSLINK data path. As the bits are all very standard kit you would find with a “band” or “Sound engineer””audio blogger” or many many other hobbyists from those making professional sound recordings of birds, trains etc etc the kit is of low suspicion if any to any authorities.
So my view point would be if you are going to develop a PCB make it a simple ~TTL input to TOSLINK and TOSLINK to ~TTL in the Raspbery Pi / Adrino “shield” format. It will have a market in it’s own right, and you may find others quite happy to develop the low level driver and higher level Python library software for you.
Any way it’s up to you folks but I would urge you for everybodies sake to look at things from a much wider perspective than just a “data diode using opto-couplers”. Oh and there would not be a patent risk etc going down the TOSLINK interface route, because the boards are just an interface, not a data diode, it’s how the user plugs in the optical cables that makes the data diode not the interface cards.
P.S. By ~TTL I mean the variety of hardware status line voltages you find on low cost single board computers like the Raspbery Pi, Beaglebone etc etc.
Clive Robinson • December 14, 2016 8:27 PM
@ PJ,
The graph of indoor temperature resembled the edge of a saw until a few days ago, showing that the temperature was thermostatically controlled. Then, suddenly, it was switched off and the temperature plunged and remained low.
Yup it’s a waveform that is a serious giveaway.
Oh and further consider that the “temperature wave form” is in effect an integration of the “Power Usage wave form”…
Now you know why I think “smart meters” with access from peoples phones etc are such an evil…
@Clive,
Thank you for covering the TOSLINK, after some comments last week I was wondering about those fibreaudio links for that exact reason.
Thank you.
The Last Saviour Sucked Somewhat Less • December 14, 2016 9:57 PM
Thank the Ghodz, Robinson Caruso is back again to save the day. Not very long after testing the waters did the dream team return en mass to prevent us from ever thinking about any unpure thoughts. Ghu only knows what we’d ever do without them!
Figureitout • December 15, 2016 12:18 AM
Thoth
–Yeah the main concern is if someone rips off TFC and starts selling it, that’s BS. Hard to really prevent in today’s world (preventing it fully may be worse than letting it be and just exposing the fraud). I was thinking more of funding a small production run for a board and verify they work, then just posting the board files on the internet so you can get your own made.
65535
–Tune your senses to include the rest of the internet, which for some reason you won’t do; just being difficult. Also you know of a easy persistent exploit on a live system w/ HDD removed? Their servers could be hacked as always.
Calculating the probability (some conditional probability of multiple “random” variables, some joint probability density function probably) is a bit involved, once you solve it the answer probably changes. Not my cup of tea at all anyway.
I say I’ve already been thru the shellshock of those realizations. Experienced some pretty insane hacks over the past 8 years, I wasn’t prepared to capture evidence of them (happen when you don’t want it etc., hence why I’m into dataloggers a lot lately). Some of it is over-exaggerated quite a bit, things break down in the real world, not always smooth sailing. From attackers and defenders perspective.
I don’t use gmail for privacy (we can argue security, try to hack a gmail account not using any of the usual tricks) too btw, I use it for email that works and keep the spam down.
Sancho_P
–Yeah I just did. You must be really living up to your nickname “the crazy Spaniard”, or even better “el loco”. You workout bro? :p Put the protein shake down. The connector is soldered in 4 places and, I was telling Thoth awhile back, I cringe at loose ports, I’m very careful plugging in etc. I’ve seen broken usb ports but it got very heavy and rough abuse.
But yes, of course, laying out a board those decisions will have to be made. Find some w/ screw holes would be easiest. A dirty hack would be to use like 4 of the pins, soldered to isolated spots on the board (not connected to GND of course), it won’t move then. Even dirtier is some “very high bond” tape; I wouldn’t do that though. Could just copy the circuit onto the board (choosing the converter chip is a decision too, using FTDI is supported everywhere and easy but they left a bad taste in my mouth (FTDI gate)). The spacing on these likely aren’t the same, so just leaving pins so anyone could plug whatever one they want likely won’t work.
Know all the big vendors have usb chips too, could just make one from scratch, but that’s work on something’s that done already…
Yeah they make these USB chips w/ so many pins, I need to find out why…takes high soldering skills to do it by hand, not a lot of people have soldering ovens and paste.
So even a simple project on the surface gets muddy real quick if you want to make it the best it can be.
Clive Robinson
–Cool (pretty random/crazy lol) but seems “hacky” if it involves taking apart older electronics. Is there a legitimate benefit to this or just more options?
You say “keep it simple” but there’s more work porting that when we have a working multiple data diodes already.
OT small question
–The TI link protocol requires an ack from receiver before next packet is sent, something like spoofing acks on itself might make comms “unidirectional”? Otherwise there’s some other projects where I could connect my ti calculator to an arduino (daughter board or “shield” w/ a bunch of 2.5mm audio jacks), then from there do the data diode. I like my calculator[s] as a trusted place.
Clive Robinson • December 15, 2016 1:36 AM
Yahoo gets on the Foreign Gov Band Wagon…
In the UK BBC Radio 4 7AM news said Yahoo has said that over a billion customer account details were taken, prior to the half billion they talked about back in Sept.
Apparently the Yahoo’s are claiming it was “state sponsored” but will not say who…
So anyone care to lay bets or set odds on it being anounced China, Iran, Syria, North Korean, Russia, UK, France, Isreal, or somebody new… How about Iceland (they do prosecute bankers afyer all) or maybe the Republic of Ireland (they apparently defy US Judges requests for data on MS servers).
Oh and in other news… The UK ambassador to the EU advised the UK Government that other EU politicos realisticaly can NOT see a Brexit agreement within a decade, and some EU Countries (hint the big ones) will never agree to trade deals (as punishment / hubris). The response of the loonies in charge of Brexit in the UK “The UK Government does not recognize this advice” and “Artical 50 will be signed as planed at the end of March”…
So what now appears to be a “protest vote” against the loonie politicos in the UK is now guarenteed to become, as a European leader once said, Our nation finds it’s self on the edge of a precipice and we must boldly step forward… You could not make it up if you tried…
Thoth • December 15, 2016 2:22 AM
@all
Freedom of the Press Foundation have created an open letter to digital camera makers to incorporate data encryption technology to prevent state actors and so on from reviewing and then deleting data evidences.
Links:
– http://www.theregister.co.uk/2016/12/14/photojournalists_say_cameras_need_encryption/
– https://www.documentcloud.org/documents/3238288-Camera-Encryption-Letter.html
tyr • December 15, 2016 3:46 AM
@Clive
You got that right !!! Nobody could make up what
passes for media news these days. I saw where
Putin supposedly was personally involved in the
hacks of USA. Obviously he has nothing better to
do with his spare time.
The best thing about “fake news” is that there does
not seem to be any other kind to the discerning
among us. Maybe we can bring back the goode olde
dayes where everyone believed the mainstream BS
without asking embarassing questions about news
stories.
All in all, we live in very interesting times,
so stocking up on popcorn while maintaining a
reasonable level of cynicism seems like a good
plan.
RS 422 should be useful, as I recall there were
some instrument systems that used it to pass a
fairly high speed data stream around. Back when
Tektronix and HP were building lab setups.
Clive Robinson • December 15, 2016 5:27 AM
@The Last Saviour,
Thank the Ghodz, Robinson Caruso is back again to save the day.
Hmmm, not sure what to say to that other than I’m not realy yet back.
Apparently I have developed “acute walking pneumonia” from a sore throat a couple of weeks ago, and in the resulting coughing fits done some muscular skeletal harm 🙁
The upshot is whilst I’ve been “coughing for Britain” and registering on seismometers I’ve done damage to core muscles and some kind of back/spinal damage. The result, sitting up is near impossible and an obvious lump on the side of the spine, which causes post cramp like pain from the waist down through both my legs if preasure is put on the lump.
So sleeping on my back, side etc or reclining in a chair is out and if tried for a short while the pain (which I can stand) is followed by loss of control of the legs (so I can not stand). Thus sleeping is a tads difficult, and night pacing in circles etc appears to be the new game. Hopefully I will find out soon what the actual lump/prob is and what the solution is. But first the vomiting and squitters has to have stopped for 48Hours (just in case I also have the galloping winter noro bug).
Oh and a merry festive season to all who have read this far, I hope to raise a smile or atleast a festive hot concoction at some point…
Clive Robinson • December 15, 2016 6:36 AM
@ Figureitout,
You say “keep it simple” but there’s more work porting that when we have a working multiple data diodes already.
You are looking at it from the “Techie” not Commercial/Political “Sheeple” view.
As we know there are a myriad of “techie” projects out there that never sell as they don’t have sufficient interest to get classified as a “Techno Toy” let alone a “Consumer Product”.
Thus you have at best a market for maybe 10 units in the US… Then there is the problem that Sancho_P has raised which is just one of many potential “not fit for purpose” problems which mean refunds, return / repair costs etc. You and others are aware of the “Throwing star” vampire tap / data diode, but have you actually investigated it’s “fit for purpose” status? Are you aware there are a number of issues involving “keep alive” signals etc for a number of people? And that is just a PCB with a couple of passives and connectors on it.
But you also have to consider the political wind and the legal mess it drags along behind it… I can easily see “security products” getting “legislative restriction” such that like many other products you have to fit into a “licence regime” and have a licence to “sell and operate” which you will not get (look at the way UK legislation is going). Further export restrictions, clasification as munitions etc etc. Even designing such equipment unless licenced to do so may well become a serious crime. As with the DMCA the law will not specificaly state things, just be broad enough for the like as the DOJ or NYC DA to send you an early morning SWAT team to drag you in for a chat, with the promise of 150years+ unless you backdoor etc etc.
Having a S/PDIF AES3 ASE/EBU system 100% compatable with an existing Industry Standard that is nothing to do with the security industry is going to create one heck of a lot of Industry Friction and push back from what has proved to be a very vocal community politically.
Further as I said you will not be building/selling a security product, but an audio equipment interface product that provides galvanic and RFI issolation, thus electrical and radio safety etc for artists and studio technicians etc etc.
To turn it into a security product “the user” not “the supplier” will have to “make it in that configuration”. It’s the same difference between “selling a shotgun” and “selling a cut off shotgun / whippet”. The first is legal and above board, the second gets you a lot of heat from the Feds who will nail your hide to a tree if they can… But as you will find if you Google [cut off shotgun whippet] there are very many sites excercising their right to free speech and telling / showing you exactly how to do the convertion on many models of shotgun…
Thus it’s a game, play it by the rules and walk tall, play it wrong and join the disappeared etc.
Have I spelt it out sufficiently under the “free speech” laws for you to grok which way the world is going faster than most can comprehend?
With regards,
OT small question
–The TI link protocol requires an ack from receiver before next packet is sent, something like spoofing acks on itself might make comms “unidirectional”?
Whilst I have a number of TI calculators, to play with, they have been sitting in a “box in the loft” for so long now that they’ve probably got birds etc nesting on it. It’s something I keep meaning to get around to but don’t.
So the “generic answer” to all such “ACK” based protocols questions, is “Is the ACK a constant, or dependent on sequence number, packet checksum etc?”. Knowing the answer to that will enable you to cut a little code for a very cheap microcontroler. The ACK could be more complicated but is unlikely to be outside of a security requirment (such as code protection etc).
CallMeLateForSupper • December 15, 2016 9:36 AM
The Guardian urges “Eight things you need to do right now to protect yourself online”. (Perhaps the current Yahoo dumpster fire got their knickers in a twist?)
“7. Enable full-disk encryption
[….]
What’s wrong with that, you ask?
Answer: It does not help users who run something other than Mac or Windows.
A few minutes ago I heard from a friend – a Windows know-nothing since v3.0 – who had recently agreed to try Linux for a while (on the condition that I personally provide 24/7 Linux support … and swap in his Win10 HD when he asks for it). After reading the Guardian article this morning, he rang me and huffed, “IF Linux is so secure, why can’t it do full disk encryption??”
It does, of course, but the article – by omission – leads one to conclude that it does not. Again, my point is that incomplete security advice is neither rare nor fully helpful.
65535 • December 15, 2016 12:00 PM
@ furloin
“If I were a large corporation and wanted to infiltrate all web browsers quickly in a perfect storm like manner. I would use a javascript exploit hooked to google services and code execution in images. Puts telemetry on a greater amount of the internet(that did not already have it) within a few hours if they use proper exploits and blackbox storage locations.”
That is an unsettling idea. Don’t give them too many ideas – the TLA’s might just use them.
Java script and email is another exploit route [or part of a malware kit]. I agree that java script is a powerful tool against windows boxes. But, many people are using no-script and other java scrip disabling mechanisms. Then again the average Joe is not.
It seems email has been the tool of choice to infect targets by the NSA [with the exception of Stuxnet which was hidden in booby trapped thumb drives and some times CD handed out at Tech conventions].
I don’t know what NIT Tools the FBI has but I would guess they are many and powerful. Say a recycled duqu rootkit with a key logger and ability to call home.
I would also guess with Rule 41 in place The FBI will use rootkit/spyware/fishing on social media platforms including email. The FBI’s expansive Rule 41 will be used in its “NIT rootkit spyware operations to a vast amount. We will just have to wait and see what comes our way.
Tsardine • December 15, 2016 2:43 PM
Tech workers pledge to never build a database of Muslims (latimes.com)
http://www.latimes.com/business/technology/la-fi-tn-tech-oppose-muslim-database-20161214-story.html
https://news.ycombinator.com/item?id=13187505
My response?
AI pledge to build database for All.
Sancho_P • December 15, 2016 4:32 PM
@Figureitout
Ha, my friend, thought you were a greenhorn, but then this:
”… but that’s work on something’s that done already…” 😉
@Clive Robinson Re: Toslink as data diode
I’ve been playing with Toslink for data transmission in the past, it’s usable but there are several disadvantages to overcome (or simply to accept).
– Generally, good optical cables are a bit pricy, bending and unprotected plugs / sockets (use caps, @Figureitout’s backpack …) are not helpful in respect to reliability.
Indeed you can produce data errors by squeezing the (cheaper) cables, best is to install, test and don’t move, also the plugs are a mechanical problem unless it comes to expensive, heavy professional equipment.
I think this is the main reason why there was no breakthrough in consumer products.
– The original protocol is made for 2 channel audio data, which is suboptimal for simple data transmission (overhead, synchronizing), yes, feasible.
However, one must not use it:
There are naked sender and receiver modules available in small quantities, but not very common, at the moment I’d have to wait until the end of March to be able to order the sender module (receiver in stock).
The input / output is already TTL compatible, though (e.g. TOTX1952 / TORX1952).
– The duty factor (optical signal) is specified at 25 to 75%, the auto gain amplifier in the receiver will increase noise if it’s heavily outside. That’s a challenge for the transmitted patterns.
– Power filtering is required at receiver module in noisy environment.
– Both modules have a conductive plastic case, esp. the receiver is very susceptible to noise and needs shielding / distance from spiky traces.
– When soldering, flux gases must not enter the module, no liquid flux cleaning allowed.
Again, it would be usable, but for TFC there is another disadvantage:
At something like a RasPi (TCB = RxM and TxM) it is feasible to integrate the modules to the existing TTL UART (as a shield), but at NH (any simple COTS machine) there will be USB, but nothing below.
That means the Toslink module must be converted to USB, this would be an additional mechanical block (probably + USB cable) in the transmission line, because integrating such a block into e.g. a laptop wouldn’t be possible.
Maybe I’m blind, but at the moment I can’t see the advantage(s) compared to the simple opto-coupler solution?
(Not even sure if any “ready to take” solution would find a broader audience, the endpoints are so diverse, who needs … what? Security?
People want fun, so if we could add porn, murder and war in any form …)
Czerno • December 15, 2016 5:18 PM
@sancho P.
« Do they add + split content or will be the output similar to the input? »
Dissimilar, due to how Tor (“onion” routing) works : on the emitters side (‘input’), data (and metadata) are wrapped inside of (three layers of) encyption. In addition, nothing tells a snooper that a particular bunch of encrypted data is email rather than the more common web traffic, even the destination TCP port itself (smtp) is hidden under the three onion skins, so this email won’t stand out from the packets comprising regular TOR web traffic, say.
By contrast, on the recipients side (‘output’), our hypothetic snoopers will see the nature of the traffic, but not the contents nor the mail headers since onionmail uses startTLS encryption over POP3.
Even assuming Alice and Bob both were targetted by coordinated snoops, it would still be difficult to prove B. received an email sent to him by A.
The very worst situation would be if one of the onion email servers involved were “owned” by the snoops. They could then use modified onionmail software in order to access decrypted contents, headers and all (because startTLS is not user end-to-user end encryption). This is why serious security-minded users MUST use their own strong sender-to-recipient encryption (PGP, S-MIME, OTP… whatever) in addition to the multiple layers of encryption implicit in the onionmail system itself.
Hope this answers part of your questions.
P.S. At the moment, uncharacteristically, a significant part of the public federated onionmail servers are down – not responding, have been for several days. The pessimist in me wonders whether a large scale attack by the usual suspect TLAs is being carried (amended rule 41, anyone?)
Sancho_P • December 15, 2016 6:21 PM
@Czerno
Thanks for detailing.
As I am convinced that serious snoops would have access to Alice’s IP behind STARTTLS (I mean they are inside the IP) Alice would upload encrypted email.
However, 3.4MB are 3.4MB, doesn’t matter if understandable or not.
So I’m afraid that Bob’s provider (and the same snoop, lets call it GCHQ, they will trade info to both countries) is going to receive 3.4MB from any Tor exit node and link it to Bob’s account.
Not only the size, also the (hopefully unreadable) content will be the same, otherwise it would be useless to Bob.
A time delay doesn’t change that.
The only remedy would be inside Tor (or any transport system) inflating and splitting the content into equally sized packets, sending them to Bob at random order and delay.
Bob, knowing that, would select (hopefully all) the parts and having his decryptor try to make sense of the mess.
Obviously there may be other (parts of) messages in between, but it should be feasible for a software to find, e.g. by trial and error, all parts (and ignore others), fix them together and display the plaintext in seconds.
Ideally the sending encryption would insert some indexing (?).
I’m convinced Tor won’t die, they need it themselves,
but they don’t want you to use it.
https://news.ycombinator.com/item?id=13190464
^_^
Tom Wheeler resigns from FCC, man on Comcast views future Net-Neutrality issues through lens of skepticism.
IanashA_TitocIh • December 16, 2016 9:11 AM
Thanks
fyi, besides Window’s patch-Tuesday updates
https://krebsonsecurity.com/2016/12/new-critical-fixes-for-flash-ms-windows/
numerous other security updates are available for iOS, macOS, Firefox, Tails, etc., including an iTunes security update for Windows.
JG4 • December 16, 2016 9:42 AM
https://image-store.slidesharecdn.com/c61cd452-b331-4684-8ec0-2c85a4012287-large.jpeg
PROT 415: Time-Domain Line Protection
When: April 26-27, 2017
Where: Vacaville, CA
Mum • December 16, 2016 10:52 AM
https://coreos.com/blog/rkt-detect-privilege-escalation.html
Long term state machine for detecting privilege escalation outside of a VM?
Clive Robinson • December 16, 2016 2:50 PM
@ Mum,
Long term state machine for detecting privilege escalation outside of a VM?
It’s not a new idea, I propsed a similar but more extensive system some years ago on this blog, and it was discussed for quite some time.
Have a search for “Castle -v- Prison” or “C-v-P”, if you want to know more, @Nick P, @Wael and @RobertT participated in various parts of the conversation which spread across way to many of the threads on this blog, which our host Bruce graciously alowed.
DeeDee Brinkmeyer • December 16, 2016 3:30 PM
we might think of the new ‘laws’ allowing hacking, to be a case of them choosing a target and attempting to inflitrate.
but, let us consider they are lazy, opportunistic, and their resources and capacity are variable.
so, thus, let us consider:
honey pots are probably a primary tactic for them. lure as many in as possible then sort through whatever data becomes available this way
start thinking about ways to mitigate the existence of honey pots that may be encountered in general browsing
Wael • December 16, 2016 5:00 PM
@Clive Robinson,
There is no way to reason your way out of it with logic. (Closed thread)
And …
participated in various parts of the conversation which spread across way to many of the threads on this blog,
At the time I didn’t know it, but…
Gödel specifically cites Richard’s paradox and the liar paradox as semantical analogues to his syntactical incompleteness…
Oh, the tea here (Yinchuan) is very light. Street signs are in Chinese, English and Arabic. Lots of history here… learned a few things including some word origins 🙂
Weather is very cold, and the tea becomes “colder than a witch’s tit” in no time.
Figureitout • December 16, 2016 11:04 PM
Sancho_P
–Ha, yeah I am a bit green but got some of my first products starting to hit the market (I was in charge of firmware mostly, consulted on some hardware changes), we’ll see how it goes. Apparently some customers are dying to buy them, which relieves me.
Clive Robinson
–I’m not really trying to sell it like that since it’s not my original idea. I could talk in private w/ Sancho how much he’d care if I were to move forward w/ a board w/ Thoth. The margins would be so tight one would have to sell millions to be talking real money when this is very much a niche product.
I’m not too concerned about the scenarios you laid out, that horse has left the barn. Likewise I’d hope to counter-sue for any damages (mentally and otherwise) a swat team causes and will calmly inform their dumbasses they’re asking the wrong person as I don’t know how to backdoor an optocoupler that won’t be caught by a $5 multimeter.
So no you’ve not really scared me if that was what you intended. If everyone in the world lived like a coward accepting bullsht, can you imagine how shtty the world would be today? The more desperate they become, they know their relevance is waning. Time for the old fuddie duddies to get accustomed to the new world, where the worst malware ever could be slithering around via 2-way comms unrestricted. Time to stop it cold. Computer security is becoming too important today.
RE: ti ack
–Ok, it’s dependent on each packet, next packet will not be sent w/o an ack. I know via an RF protocol (slight vulnerability I found) that sending acks w/o any authentication will make original TX obliviously send like normal.
@FigureItOut,
If the margins are that tight I will tell you the same thing I tell every small business owner: hand brakes are you friend, pad the cost an extra dollar if you know about how much it’ll actually cost.
There’s hardly ever a reason for a business to cut their own throat, you might feel that it’s the right thing to do but it will never help in the long run.
Pump the price, just a little – and then you can give discounts to others later. Works pretty good being able to give some wiggle room.
If anything, after you sell a couple at +1 you could always dump the remaining balance after production back into @Thoth or @Sancho_P.
Clive Robinson • December 17, 2016 6:39 AM
@ Figureitout,
So no you’ve not really scared me if that was what you intended.
No, not my intention at all.
The device would be a tool, and the best tools most frequently used are those that are both simple and have multi-uses (and no I’m not talking “hammers and everything looks like a nail” metaphors). And if you think about it one of the reasons things like Smart Phones are so popular.
But also I’m aware that many people would not want to have a box marked “Spies R Us” in black on yellow on it or similar red flag. As our political friends say “Plausable deniability, is usefull”.
Whilst from a security aspect minimal highly focussed is generally good, that only applies to the actual function, not the number of uses you can put it to. Likewise you design secure systems, from component parts that are not inherently secure individually the security comes from designing the system to mitigate each aspect.
Thus, whilst a “data diode” is a system the electrical to optical and back again transducers are component parts, from which the system is built. To see this consider that the transducers whilst converting low frequency data signals to light and provide good galvanic issolation, as PCB’s they do little to stop EM radiation from fast data edges. It’s the screening box you put them in and the filter components on the electrical inputs and outputs that achieves that.
So, think of them as components with clear specifications, not a finishrd system system.
Clive Robinson • December 17, 2016 9:25 AM
@ Wael,
Oh, the tea here (Yinchuan) is very light.
It may be “white tea” made with the tip of the bush sprigs that you would “pinch out” in other plants to cause groth of fruit etc.
If I remember correctly Yinchaun was in the news some time ago becaise it’s become a “cultural hub” with a permanent business venu for Chinese-Arab relations, which might account for the road signs. It was apparently a big thing for what was a mainly agriculturaly rich region, with the only heavy industry being coal mining for other industrialised regions power generation. I also remember it being described as being in a western province, but looked almost center on many maps.
Industrial or not however I know I’ve one or two commestable products from there in my kitchen I use from time to time when cooking.
Figureitout • December 17, 2016 11:46 PM
Clive Robinson
–Yeah it’s a tool, w/ a specific purpose (and is NOT a silver bullet whatsoever, there’s some stainless steel bullets, but no silver); that only those interested in deploying high-level personal opsec will be interested in. And smart phones…simple? Uh huh…
Yeah that mindset is what plagues the older generations, now I can have a bunch of hacking tools, that are meant for pentesting aka breaking into system defenses, at my fingertips w/ ease. Has the world crumbled down yet? Nope. Whether it’s a rubber ducky usb stick, all the tools on kali and other pentesting distros, or rfcat on a yardstick one (legal RF chip specifically meant for hacking, but could make custom protocols too).
The parts at their simplest aren’t inherently secure (a resistor?) but not very threatening by themselves too.
And the whole point of doing things open is if people have a good idea for an easy filter for RF noise it can be added in easy. Both Sancho_P and Markus Ottela have indicated they haven’t had problems w/ errors (which may not be “errors”…). Also, my point of having this be a little module you can just put in your backpack, and transfer files between laptops in a car or in the forest, or in a field; not be stuck w/ your breadboard and wires on your desk.
Sancho_P • December 18, 2016 5:44 PM
@Figureitout
Just saw what you wrote @Clive (16, 11:04 PM) re opto – PCB.
Feel free to do what you want, no money / credit needed, I don’t care, it’s nothing.
I publish when I want to share.
Markus explicitly asked me to cite GNU FDL v1.3, dunno exactly why and what it would mean when you want to copy + publish text / images.
Btw. I’m a bit worried about @Markus Ottela, not sure what happened.
His last post here was https://www.schneier.com/blog/archives/2016/12/friday_squid_bl_556.html#c6740352
but no reply, he didn’t come back then, neither to emails.
Anyway, all the best to him and all of you trying to read here!
Figureitout • December 18, 2016 11:25 PM
Sancho_P
–Ok, doubt it would make money and be easily copied anyway.
Not sure what happened either, I’ve never chatted w/ him outside of here. He does tend to disappear for a long time then come back.
Tried the data diode today, wasn’t working then saw I need 8 jumper wires for this interface board, going to fix tom and try again. Figured I’d try just connecting ft232r’s one way. ExtraPuTTY didn’t work except for echoing keypresses (keypresses on TX appear on RX screen, can’t go other way). I was hoping not but expected that, neither ymodem, xmodem, or zmodem worked. Must expect an ack of some kind, think it looks for # of packets to send and code is written such that it won’t start until it sends it back to TX…That’s my initial guess. So then I tried RealTerm, and it was able to send contents of text file to screen of RX but “capture file” feature wasn’t working on RX, to save it to a file (I’d have to copy/paste).
Haywood Alex • December 16, 2019 11:19 AM
MikroTik manufactures routers, switches and wireless systems for every purpose, from small offices or private households to carrier ISP networks. There is a device for every purpose. In our product catalog you will find a complete list of our products and their functions. MikroTik Academies are educational institutions such as universities, technical schools, colleges, vocational schools and other educational institutions that offer their academic students semester-based internet networking courses with MikroTik RouterOS as a learning tool.
rezoo • February 4, 2021 9:14 AM
TemplateToaster Crack is Windows-based CMS web design software with which you can create impressive websites and templates in just a few minutes. TemplateToaster’s intuitive user interface allows you to design your ideas, themes, and templates for a variety of popular content management systems (CMS) such as WordPress, Joomla, and Drupal, including corporate platforms such as Magento, OpenCart, Prestashop, and VirtueMart.
https://protocrack.com/templatetoaster-crack/
Bootstrap Studio Crack is a powerful desktop application for designing and building prototype websites. It contains a large number of built-in components that you can drag and drop to create responsive websites. The application is based on the very popular Bootstrap framework and exports clean and semantic HTML. Bootstrap Studio has a beautiful and powerful user interface based on the simplicity of drag and drop. This makes it ideal for prototyping and designing websites and applications.
https://secrack.com/bootstrap-studio-crack/
KMS Digital Activation Crack: tool contains four different activation techniques. Inject km, virtual, KMS / 2038 & Digital & Online Activation Suite. When creating this script, reference is made to the abbodi1406 script. Thank you very much. Some protection programs delete flaming files that are fake due to the km emulation.
https://thiscrack.com/kms-digital-online-activation-suite-crack/
@ Moderator,
The two above from “Haywood Alex” and “rezoo” are both unsolicited advertising for questionable services.
jojoooo • February 11, 2021 5:36 PM
Final Cut torrent Crack It is a professional video editor and production software. Designed according to the expectations of professionals. It is a professional skills modifier. Final Cut Pro Torrent Crack Windows 10 is only accessible for advanced systems. Because it offers a more attractive and fluid workflow on advanced systems. Final Cut Torrent Crack Full Version Free Download:
Then you can ask him about these tools. The software provides you with these tools quickly. In this situation, you do not have to interface with new functions. Final Cut Pro Serial Key can reconnect all offline promotional videos. It is located on the avenue of the directory. As the first offline marketing video. This is connected with it again.
toto • February 11, 2021 5:38 PM
ApowerMirror Crack is an excellent and very fast software with which the user can advertise the display of his Google Android or iOS mobile phone with a PC. ApowerMirror Crack Full Version Free Download naturally offers other equally cool features, including the ability to save much of the video tutorial video too carefully. ApowerMirror 1.4.7.35 Crack 2021 is the ultimate screen mirroring tool. With Apowersoft ApowerMirror 1.4.7.35 Crack, you can enjoy many Android apps on your PC. ApowerMirror Torrent full version,
Crack dj • March 25, 2021 1:01 PM
Microsoft Office 2019 Crack is Microsoft’s newly released office automation software providing you with office that is expert for document processing.
Cybers Pc • March 25, 2021 1:03 PM
Kaspersky Total Security 2019 Key gives protection & performance to your PC. Today’s Internet threats are more cunning than ever before.
Wishes Quotes • March 25, 2021 1:04 PM
Blood-related or not, you will always be my brother. You surpass that of any friend and I see you much more like family than a mere friend. Happy Birthday Bro Wishes
unique-star • March 25, 2021 3:56 PM
Your one-stop solution for powerful and reliable hosting. Personal Shared Web Hosting your website on a plan that features 99.9% uptime and 24/7 tech support.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Uncle Joe Stalin • December 9, 2016 4:57 PM
http://www.politico.com/story/2016/12/obama-orders-full-review-of-election-relate-hacking-232419
Obama to order “report” on election hacking. An echo of the manipulated “intelligence reports” about Iraq WMD with Bush-Cheney or slow news day? It looks like we are about to go to war against Wikileaks, Russia, China. Then the government will blame “faulty intelligence” again when it goes inevitably pear shaped as we waste our national resources making the rich richer by war.