Friday Squid Blogging: 1874 Giant Squid Attack

This article discusses a giant squid attack on a schooner off the coast of Sri Lanka in 1874.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Tags:

Posted on January 13, 2017 at 4:52 PM185 Comments

Comments

Eddie January 13, 2017 5:28 PM

Keepass 2.35 has been released with a number of bug fixes but also support for Argon2 (hashing) and ChaCha20 (encryption). It also introduces version 4 of their database format KDBX.

http://keepass.info/news/n170109_2.35.html
http://keepass.info/help/kb/kdbx_4.html

A comparison of Argon2 written by one of the commentators on here:

https://pthree.org/2016/06/28/lets-talk-password-hashing/
https://pthree.org/2016/06/29/further-investigation-into-scrypt-and-argon2-password-hashing/

Microsoft are updating their telemetry settings in their Windows 10 Creators Update “…Just a little snooping – or the max”. A new privacy dashboard has been introduced online as well.

‘Security’ level is still only available to Enterprise, Education and IoT SKUs
The amount of ‘Basic’ telemetry is being reduced (and will be available to all users)
The amount of ‘Full’ telemetry is being increased (all will be available to all users)

http://www.theregister.co.uk/2017/01/11/microsofts_new_windows_telemetry_manager/

Also, “Win10 Home appears to be getting the “Pause Updates” setting”, potentially allowing Home users to pause updates for up to 35 days.

https://www.askwoody.com/2017/win10-home-appears-to-be-getting-the-pause-updates-setting/win10-home-pause-updates/

Will January 13, 2017 6:50 PM

WhatsApp vulnerability allows snooping on encrypted messages

WhatsApp has the ability to force the generation of new encryption keys for offline users, unbeknown to the sender and recipient of the messages, and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered.</>

https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages

https://blog.kaspersky.co.uk/whatsapp-security-hole/8249/

Moxie Marlinspike needs to comment on this as it was Open Whisper Systems who helped WhatsApp implement the Signal protocol.

r January 13, 2017 6:54 PM

@Will,

^_^ WOOPS, hypothetically if that’s true could that be part of what’s eluded to within the 10pt transparency report with the only qualifying redactions on pg 34?

Eye wonder. 😉

Will January 13, 2017 6:59 PM

@r

It could be! If you read the questions asked by the journalists WhatsApp dodged the question.

There are two related Guardian articles and one refers you to their transparency report.

Also, just published:

https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/

What I find shocking is that only the sender gets notified of the encryption key being changed and only then if he has explicitly enabled the relevant option. That’s a bad design flaw.

I Wish You Were Here January 13, 2017 8:51 PM

I repeat myself when under stress.
I repeat myself when under stress.
I repeat myself when under stress.
I repeat myself when under stress.

I repeat…
The more I look at it,
The more I like it.
I do think it’s good.

The fact is..
No matter how closely I study it,
No matter how I take it apart,
No matter how I break it down,

It remains consistent.
I wish you were here to see it.

I like it.

Figureitout January 13, 2017 10:51 PM

Schneier on Security Writeup, Practical Things You Can Build Yourself
by: Figureitout

USB-To-Serial Data Diode and Secure File Transfer Method For Windows PC’s

This was a fun project. Computer security is a big hobby of mine. There’s a thing called a “data diode” ( https://en.wikipedia.org/wiki/Unidirectional_network ) which is meant to enforce one-way communication from an isolated and relatively secured node to an unequivically unsecured node (you can have multiple “secured nodes” if you want, to make tracing back to source PC for what will generally be encrypted files, more difficult). I had been wanting to build one of these for a long time but never knew how! Markus Ottela in his Tinfoil Chat project built one but I just wanted the data diode, not the chat program. ( https://github.com/maqp/tfc ) Whichever device you use to transmit, needs to be as secured as you can possibly make it, no malware, no side-stepping the data diode via wifi, bluetooth, audio, optical, or other RF channels. From the insecured node you connect to a network like the internet and transfer the file to another receipient, and they push the file one way to a receiving computer. The purpose of doing this is keeping malware off machines which you transfer files to and from. Also, mainly for doing encryption and zipping of a file not on a networked device, which could be keylogging the plaintext material. If there’s a keylogger on your offline PC but you’ve managed to mitigate other typical compromising side channels, it would have to encode that information into the encrypted and zipped file, which sounds feasible but would probably be noticeable. It becomes much harder when you just take away the network aspect (internet). Requires some fancy end-run attacks.

The design I was testing was this one located here, I’ll link some of the pictures on this blog post too: imgur.com/a/5Cv19

Very simple, nice design. I won’t repeat much of what’s there. The optocoupler used was an Avago HCPL 7723, this is the most important part enforcing isolation of TX and RX pins, to deal with potential of pin-remapping on USB-Serial converters (highly unlikely but probably possible). If you can do this with discrete parts and not an IC, it would be easier to verify and catch potential hardware backdoors in the optocoupler. There is a design here for such a thing: ( http://homepage.divms.uiowa.edu/~jones/voting/diode/RS232tech.pdf ). The other part is an FTDI232 USB-serial converter board. You can get those really cheap, like $6 for 2. The optocoupler seemed unnecessarily expensive…$22. I just used that one since that was original design called for, any optocoupler would work I believe. I would like a cheaper optocoupler.

My small contribution here though was I wanted file transfer, that’s useful. The guy who made this design (moniker he goes by in link above) only did some basic experiments (for time reasons I think) and sent some characters over the data diode and checked with an oscilloscope to verify it worked. I was pretty confident some terminal programs would work to send full files over it. Thankfully one terminal program did work, Realterm. ( https://realterm.sourceforge.io/ ). The problem for me is I want to know exactly how the file is being sent and it’s not very clear in the Realterm docs and I couldn’t get access to the code just yet.

So first off you need to install any FTDI virtual comm. port drivers if you don’t already have some installed (don’t need this on Linux usually as these drivers usually get included in the kernel, but I haven’t tried Realterm via Wine on Linux). Then you need to install Realterm on each device. Next you’ll need to build the data diode. For now, I just soldered wires directly to the optocoupler pins, as well as soldering the 47nF capacitor again directly to the pins (the capacitor acts as a low pass filer, it’s a necessary component according to the datasheet ( https://www.broadcom.com/products/optocouplers/industrial-plastic/digital-optocouplers/high-speed-cmos/hcpl-7723 ). Refering to this picture is nice ( http://i.imgur.com/CduzEfh.png ), and you connect +5V and GND pins from each USB-serial converter, and ONLY the TX pin on the TX side, and the RX pin on the RX side. This is very important, in essence you have 2 things that are enforcing the isolation of transmitting one way. First, by not even connecting an RX pin back to TX, then the enforcing of the unidirectional path for data flow with the optocoupler which has an LED on one side, and a photodiode on the other. Tranducers are bidirectional however, a simple experiment to try is to take an LED, attach a digital multimeter to it, and shine a flashlight on the LED, you will see some voltage. Depending on the strength of the flashlight it may get up to 1.3 or even 2V, which may be enough to do something. It may still be possible (though highly highly unlikely) to inject enough power via RF or optical channels to turn the photodiode into a transmitter and the LED will receive that, but I think it would be a ridiculously high level. I’m not sure, that’s an experiment to try sometime.

Be careful that you do not connect anything to pins 3 or 7 on the optocoupler, or it will not work. I can tell you that for sure.

I used the male-female wire connectors that you typically get with an Arduino kit, however you wire it up is up to you, but I do want to make a simple PCB for this. Once you have your data diode made, connect each side to your TX computer and RX computer, you’ll need some mini-to-normal USB cables for this as well of course. Create some make up file, for this example I’ll transmit this text file I’m making and take pictures for the blog post.

Once file is created, open up Realterm (installing Realterm on Windows should be very easy so I’m skipping over that). Click on the “Port tab”, let’s keep the baud rate at the default of 57600 (but I’ve tried it 115200 and it still worked), now you need to see what port your USB Virtual Comm. Port is at, it can be different numbers. You need to find which one it is, for me it’s #3. Leave all the other settings alone, they’re fine. Once you have your port setup, you click on the “Change” button with the green check mark. Now setup your RX side, same thing, set the baud rate at 57600, find what USB Virtual Comm. Port you use, for me it’s #11, then go to the “Echo Port” tab, and use the same settings for baud rate and the Port, click on the “Echo On” and the “Monitor” check box, then hit the “Change” button with the green check mark. For some reason the “Capture File” feature wasn’t working for me, so you don’t even need to mess with that. Now go back to the TX side, go to the “Send” tab, and look at the “Dump File to Port” text at the bottom. Click on the box with 3 dots, and search for your file you’ve saved on your PC. Once found, hit “Send File” and you should see text start showing up on the RX side terminal.

It’s really not too bad once you’ve done it a couple times.

What you need to do is then copy/paste that text into another file and save it to some file on the RX side. This is the one thing that really irks me about this setup, I wanted “Capture File” feature to work but it wasn’t. But in all honesty, if you’re doing this level of setup for your secure file transfer, it won’t be that bad to do this manual transfer. Now that you have a file from an offline secured PC onto a less secure networked PC, and the networked PC could not send any malware to the offline machine via the channel used during file transfer, you’re set.

Another use case is to type out some message to someone you want to keep secret on your offline PC. Next you can base64 that file (it’s easy on Linux), then encrypt that file with GPG or OpenSSL, then base64 that file again so it’s a nice ASCII text string. There may be issues with some of the characters in encrypted files. Then save that to a text file and send it over. Next you could send that file as an email attachment, exchange public keys and encrypt a message with the key to the file to whoever you’re talking to. That’s a nice secure method of sending something you want to keep secret to someone.

Limitations:
1) Must run Windows (for Realterm)
2) Not sure how files are being sent via Realterm (not good for security, that needs to be clear)

Wishlist: I want the following features…
1) Linux support with a terminal program, I may try Realterm on Wine.
2) No drivers to install (aka drivers already installed in OS or kernel, can’t escape drivers).
3) Sending directories/folders of material instead of just contents of one file, with a drag-n-drop GUI application. A project in it’s own right.
4) PCB made up and you just need to solder components to board and nice case made. Small project, hope to get that done eventually. I’m crazy busy now.

Pics:
1: https://postimg.org/image/3p826jv3j/
2: https://postimg.org/image/bzx36dr0n/
3: https://postimg.org/image/jtg3phv5v/
4: https://postimg.org/image/re6kwdur7/

Thoth January 14, 2017 1:21 AM

@all

Singapore Customs exercises search powers on immigrants’ mobile devices that leads to discovery of “ISIS-related images” which leads to detention and deportation of “suspected radical preachers”.

It’s about time to start using OpenPGP smart cards at the very least with Yubico’s variant (no self-destruct PIN) and my modified variant (with self-destruct PIN).

I have been extremely busy with work related stuff and thus the progress on GroggyBox has been delayed for a while. Current features being implemented includes Secure Channel Protocol (between card and host PC), login and self-destruct feature and reset card feature whenever there is a little time on hand.

Links:
https://sg.news.yahoo.com/8-deported-from-singapore-over-isis-images-freed-by-indonesian-police-082632857.html
https://github.com/thotheolh/ykneo-openpgp/ (With Self-Destruct PIN)
https://github.com/Yubico/ykneo-openpgp (Without Self-Destruct PIN)

Thoth January 14, 2017 1:36 AM

@Figureitout, Markus Ottela

Naming of the USB-File-Transfer-Data-Diode-Long-Named-Secure-Setup-Systems-For-Windows-PC.

Well, ain’t the name too long ?

Since @Markus Ottela uses the Tinfoil Chat (TFC) for a Data Diode Secure Chat setup, then for the purpose of sending files, the best name for your Data Diode Secure File Transfer should be named Tinfoil Send (TFS/TFSend).

Grauhut January 14, 2017 3:29 AM

@Figureitout: “data diode”…

Why not just a burst of source ip spoofed UDP packets to a listener script called from inetd?

Prins van de Schemering January 14, 2017 4:14 AM

Somewhat OT but rather funny:

In all the hoo-haa over the recent allegations about Trump’s Russian-assisted election win, the said Donald – according to my Aussie friends – begins to look like a character from one of John Lawson’s more popular stories, The Loaded Dog. Which character? The Loaded Dog himself.

Read it for a laugh. How’s fishing?

Dirk Praet January 14, 2017 5:08 AM

@ Nick P, @ Will

Re. WhatsApp

Excellent reply by @Moxie : “Since the story has been published, we have repeatedly reached out to the author and the editors at the Guardian, but have received no response.”

Whoever wrote that article should have contacted @Moxie BEFORE publication. Isn’t that what responsible journalism is all about?

@ Figureitout

Re. USB-To-Serial Data Diode and Secure File Transfer Method For Windows PC’s

Great work, mate. Now pour yourself a nice Duvel. You’ve earned one.

@ Thoth

the best name for your Data Diode Secure File Transfer should be named Tinfoil Send (TFS/TFSend).

Unles @Markus Otella objects, I concur. And both should do whatever is necessary to make sure those names are sufficiently protected against future patent trolls.

Singapore Customs exercises search powers on immigrants’ mobile devices that leads to discovery of “ISIS-related images” which leads to detention and deportation of “suspected radical preachers”.

While I am all for the detention and deportation of hate preachers (and preferably to Mars), you don’t need to be a genius to understand where this is eventually going.

@ Grauhut

Why not just a burst of source ip spoofed UDP packets to a listener script called from inetd?

I don’t know. Sounds reasonably vulnerable to port spoofing attacks.

JG4 January 14, 2017 10:23 AM

I’d be interested to see any critiques of this analysis

http://www.nakedcapitalism.com/2017/01/gaius-publius-whos-blackmailing-president-arent-democrats-upset.html

the set of facts is getting unwieldy for an individual. the time is ripe for an open-source AI tool for managing and analyzing news. not sure if it has been mentioned here, but cameras are getting close to the point of being able to pick up the detail required to analyze the mental state of someone speaking at a press conference, in a way that is complementary to a voice-stress analyzer. which would be handy for analyzing what is said on other voice channels. that could be used to weight various inputs for accuracy

http://www.nakedcapitalism.com/2017/01/links-11417.html

Big Brother Is Watching You Watch

Obama Opens NSA’s Vast Trove of Warrantless Data to Entire Intelligence Community, Just in Time for Trump The Intercept. Once again, watch what Democrats do, not what they say. Either Democrats don’t believe Trump is a fascist (or Putin agent, take your pick), else why hand over this data to him, or they do, and they’re fine with that.

https://theintercept.com/2017/01/13/obama-opens-nsas-vast-trove-of-warrantless-data-to-entire-intelligence-community-just-in-time-for-trump/

Intelligence community publishes all classified material online to stop leakers Duffel Blog

http://www.duffelblog.com/2017/01/intelligence-community-releases-all-classified-material-to-the-public/

Putt N. Tame January 14, 2017 10:34 AM

Facebook buys Whatsapp, which is then secretly back-doored. FB says the exploit works as intended.

Also see: “A Backdoor in Skype for Mac OS X”

“Trustwave recently reported a locally exploitable issue in the Skype Desktop API Mac OS-X which provides an API to local programs/plugins executing on the local machine. The API is formally known as the Desktop API (previously known as the Skype Public API – Application Programming Interface) and it enables third-party applications to communicate with Skype.”

https://www.trustwave.com/Resources/SpiderLabs-Blog/A-Backdoor-in-Skype-for-Mac-OS-X/

Seems like a pattern of big corporations to back door alleged secure communications.

Grauhut January 14, 2017 12:18 PM

@Dirk: “Sounds reasonably vulnerable to port spoofing attacks.”

Its pretty secure if used on a direct crossover connection and it doesn’t need any soldering. If you dynamically spoof the mac and outgoing ip address on your secure device, by packet injection into a software bridge for instance, its quite hard for an attacker, who took over your public device, to exploit this connection. Bonus: If configured well any logged & blocked attack attempt from your public device will show you it was taken over. 😉

PJ January 14, 2017 1:50 PM

The latest winner of Ireland’s annual “Young Scientist” award (for high school students) is a teenager, Shane Curran, who has developed what he calls a post-Quantum cryptographic algorithm called qCrypt (www.getqcrypt.com is a stub). Published details are thin, but there is a github repository with a core bit of code for a method called “weaving”: https://github.com/narruc/TripleWeave.js

I’m not qualified to judge if it’s any good (which may well have been the case with the judges too) but it’s a sign of the times that kids are doing crypto.

Figureitout January 14, 2017 2:06 PM

Thoth
–You can call it banana for all I care lol. If I got some of my wishlist items taken care of and it became more of a polished product, I’d maybe call it “Tinfoil Transfer”. I may try to carve out the data diode code in TFC and just have a data diode portion, since that’s working on linux. If a lot of people won’t do GPG then why would they setup TFC? Maybe one of my engineering friends would, maybe lol. If I have gigabytes of material I want to move, that’s not possible right now, I hit Realterm’s buffer limit w/ a decent sized text file. Only works for small files now. Lots of room for improvement.

Grauhut
–Raises questions on my end. Got a PoC I can build and probe? Is that mostly software/protocol-enforced isolation? Can firmware on either end affect directionality of data flow? If such an attack happens on this (pin remapping), you’ll have a decent start where to look, the FTDI chip. I know for fact I can modify GPIO config files on MCU’s and make a UART port w/ TX and RX pins into just generic GPIO. Also digital input or output.

Dirk Praet
–Thanks mate, this wasn’t too challenging a project, and it’s not done at all. Like when things work out how I envisioned (a bit lol). Got one of those Duvel kits w/ glass and beer for my dad for birthday, hasn’t drank it yet lol. Much more coming in next few years unless life says otherwise. All my classes this semester are project-based (and I got work projects…), my fave but I won’t have time for personal stuff.

Ted January 14, 2017 2:57 PM

The Senate Armed Service Committee held a hearing on January 5, 2017 to discuss “Foreign Cyber Threats to the United States.”

Video, transcript, member statements, and joint witness statements are available here:
http://www.armed-services.senate.gov/hearings/17-01-05-foreign-cyber-threats-to-the-united-states

Opened by Committee Chairman Senator John McCain (14:15) and Ranking Member Senator Jack Reed (21:40).

Witness statements provided by Marcel Lettre II (27:15), James R. Clapper (34:15), and Admiral Michael S. Rogers (42:15).

Further discussion and testimony among witnesses and senate committee members (47:15).

At minute 20:30 (or line 9, page 7), Senator John McCain calls for the development of a policy to more effectively “resolve the long list of basic cyber questions that we as a nation have yet to answer.” He says that the committee plans to hold a series of hearings over the next two years to explore recent and future questions with regards to establishing a strategy for cyber deterrence and credibility.

Grauhut January 14, 2017 3:26 PM

@Figureitout: “Got a PoC I can build and probe?”

Audit the netcat source and then make all && make install! 🙂

Or do you want a documentation of a complete setup? Linux, other os?

Figureitout January 14, 2017 4:56 PM

Grauhut
–I don’t see where you deal w/ pin remapping or corrupted firmware whereever TCP/IP stack is located. In Sancho’s, it would just break data diode if pins get remapped. Yeah, as complete as possible, picture would be nice.

Clive Robinson January 14, 2017 5:28 PM

@ Figureitout,

If you want to go further have a look at Serial Line IP (SLIP). The code is small and the serial driver code –used to be– is simple enough to get your head around in half an hours reading of the Driver-HOWTO. If you do a little hunting there are older “Serial Driver” examples given as an intro to building a character driver.

The underlying solution to your file size problem is two fold. Firstly use a simple method to break the file into lines with a CRC appended, thus if there is a transmission error it can be reasonably easily spotted on the other side of the diode, and thus flagged up, so that a hand/manual patchup is all that’s required. You can improve this by adding Forward Error Correction.

The second issue is to use a file transfer program such as Xmodem-CRC without the ACKs.

The Wiki page on Xmodem might make fruitful reading,

https://en.m.wikipedia.org/wiki/XMODEM

JG4 January 14, 2017 6:16 PM

can’t recall if this particular article was linked, although I think that this point was clearly made

https://theintercept.com/2017/01/04/the-u-s-government-thinks-thousands-of-russian-hackers-are-reading-my-blog-they-arent/

“I found out, after some digging, that of the 876 suspicious IP addresses
that the Department of Homeland Security and the Department of National
Intelligence put on the Russian cyber attacker list, at least 367 of them
(roughly 42%) are either Tor exit nodes right now, or were Tor exit nodes in
the last few years.”

Grauhut January 14, 2017 6:45 PM

@Figureitout: “as complete as possible”

I hope to find some time.

As a starter: Simply abuse the monitoring port of a cheap managable switch as a “network diode”.

Configure the switch to copy incoming traffic on port 1 to monitoring port 2. The switch will block incoming traffic on port 2 then.

Connect a secondary eth of your public box to port 2 of that switch and your secure box temporary to port 1, whenever you want to transfer something. And nothing else.

Log&Block any incoming traffic on the secure system, just in case the miracle happens that an attacker manages p0wn your public box and to reconfigure your switch via a copy port (would make my day).

Set a static arp entry containing ip and mac of the transfer eth of the public system on your secure system.

Start netcat server on public and sender on secure system, have fun having up to >100 MByte/sec transfer on a gig switch.

nc -u -l 1234 > my.zip # not so “public” server
cat my.zip | nc -u 10.0.0.1 1234 # secure sender

Depending on your os on the secure system and the network settings you may have to play with the bridging code to make sure outgoing eth frames from the secure system to the public are transfered via the switch (on Linux see man ebtables and brctl).

Thoth January 14, 2017 11:11 PM

@Clive Robinson, all

Codec2 project produces an initial 700bits/s audio codec. GSM operates at 13 kbits/s. It should be small enough to fit into GSM packets. On top of that, stream ciphers like ChaCha should be able to encrypt the small packets and send them over GSM ? Anyone have a testing GSM module setup to see if the Codec2 with the 700bits/s with ChaCha would work decently ?

Jen Gold Stockholm January 15, 2017 1:30 AM

@ Bruce Schneier @ Modeator (in case you are the same being)

your next, urgent book project

Compile the commentators wisdom, attributed to them.
The bulk of the task would be sorting them into topics or themes and creating some vague sense of narrative structure. Although the topic of your blog post already creates a theme so the work is half-done already.
The comments would be kept in full, so they would meander necessarily inside the scope of the topic. You would need to keep them in full for context, readability, and to prevent your task taking a lifetime.
You have years and years of gold on your server! make use of it for everyone to appreciate!

avoid all the political lahlah. Keep it squarely focused on security – practical opsec largely, as that is where contributors greatly shine. Hell, just @ Clive Robinsons posts, alone, would be a great book. Organised purely by date, That would be enough!

@ Clive said on the two fish post:
“”It’s something that has been discussed on this blog in some considerable depth before, usually towards the bottom of threads.

You can find it by searching for my name, Nick P, RobertT, Wael, Figureitout, Thoth with the first names being in the discussions since the begining.

Wael usually comes up with links if you ask him to, as I think he’s bookmarked a few for refrence. Then there is Nick P and his “link farm”.”

@ Thoth said on the twofish post:

As @Clive Robinson have mentioned, search our names and there is a ton of discussion we have already put in place and some of us have active projects in place while others have link farms for scholarly references and some have tonnes of experience to give advise to us.

The answers to lots of security woes is a couple of search away. We have given a lot here already.

Figureitout January 15, 2017 3:05 AM

Clive Robinson
–I do want to take it further, as is the “standard of engineering” is not up to my personal standards. I just wrote about it since there’s nothing like it on the publicly searchable internet. W/ the right people (not that many), right vendors, this could get polished up real nice, real quick. If I didn’t get a terminal program to work, I was looking at simple xmodem implementations, like this: https://gist.github.com/zonque/0ae2dc8cedbcdbd9b933 and just removing any ack’s/nak’s etc. Still lots of large header files included and functionality of transferring directories of material still unwritten.

Grauhut
–We’re all busy. Hope it’s simpler than Sancho’s design, if not that’s attack surface expansion (and something I’d call distraction surface expansion, meaning attacks could hide easier which trust me is a nightmare).

Clive Robinson January 15, 2017 4:30 AM

@ Jen Gold Stockholm,

this is a bit old but may be of interest

PrivaTegrity was talked about a couple of times [1][2] on this blog (as you might expect 😉 But the backdoor issues were felt to make the shared secret holders significant targets.

However it was not an original idea for Chaum, both @Nick P and myself had discussed the idea of distributed holders of shared secrets in multiple –preferably conflicting– jurisdictions, long before that. We came up with the idea with regards the crossing of borders with hostile customs officers, where for your own safety you might need to prove to a judicial standard that you did not hold the encryption key to files on any computing/storage device you were carrying.

However, PrivaTegrity can never be a secure system on commodity computers, due to “end run” attacks possible in the devices (which the IC etc would do instead, by prefrence).

If you think about it the security end point is in the device communicating, all an attacker has to do is use the same communications path, and put a shim between the plaintext side of the application and the screen/keyboard or speaker/microphone. Such an attack is trivial on the likes of an Android Mobile phone by atleast three parties, the phone manufacturer, Google and the network provider who’s SIM is in the device.

To be secure you have to take the security endpoint beyond the autonomous unmonitored communication path endpoint.

I’ve been banging on about this since the 1990’s when I realised the side channel authentication by SMS I helped pioner was a bust for various reasons (and is now so broken on smart phones etc it’s ceased to be even a joke).

More important you need the human to be the last stage inside the secure security comms loop, immediately prior to the security endpoint device. Although I’ve been more recently looking at how to instrument and thus monitor that part of the communications path (have a hunt on this blog for “garden path” to get an idea).

You can find various comments I’ve made on this blog in the past about getting the human in the loop and the ideas (including failed) that I had to get around the issue with an immutable token to do the actuall transaction –not the comms channel– authentication.

[1] https://www.schneier.com/blog/archives/2016/01/how_the_us_is_p.html

[2] https://www.schneier.com/blog/archives/2016/01/the_internet_of.html

Clive Robinson January 15, 2017 4:38 AM

@ Thoth, All,

Codec2 project produces an initial 700bits/s audio codec. GSM operates at 13 kbits/s. It should be small enough to fit into GSM packets.

More importantly it’s of sufficient low bandwidth that it can be turned into an audio signal that will get through the GSM codec sufficiently well to make data transmission possible that way.

If you look way back to when JackPair first started asking for money, I made it fairly clear that what they were aiming to do was difficult for exactly this reason. And from the still non-delivery of JackPair, I guess they are still trying to resolve that problem.

Thoth January 15, 2017 5:08 AM

@Clive Robinson

It’s abit late to recommend to JackPair project to use the new Codec2 700C codec and to top that off it’s experimental although I was listening to the sample audios found on the link I posted which is encoded with 700C and those audio seems to be decent quality.

I have done some rough calculations for a ChaCha and HMAC-SHA256 digital audio based off 700C.

Due to the small packet size of GSM and 700C, ECC have to be used as a preferred asymmetric key algorithm.

Key Exchange:
– Protocol Synchronization Pre-amble (0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88 – 8 bytes)
– Curve25519 ECDHE Public Key (32 bytes)

Packets:
– 700 bits data (87.5 bytes -> round off to 87 bytes/696 bits)
– 32 byte HMAC-SHA256
– 16 byte IV
– Total Size of 135 bytes (1080 bits which is lower than 1300 bits/s GSM packet)

It seems to have enough redundancy suitable for a GSM based encryption experiment.

Grauhut January 15, 2017 6:34 AM

@Figureitout: “We’re all busy.”

I am not even sure if i want to publish it in detail, since i use this for transmission of big disk images. And i am really anal with this channel.

Btw., if you just want to transfer small files or text, the most proven secure one way channel is imho ir, i would play with irda / lirc parts. Its not trivial to reprogram a led to a photodiode and vice versa… 😉

Wael January 15, 2017 6:39 AM

@Jen Gold Stockholm, @Clive Robinson,

Now Chaum has returned with his first online privacy invention in more than a decade. And with it, he wants to bring those crypto wars to an end.

Sorry, @Jen Gold Stockholm. This is prior art invented by truly yours! See that object in front of him? It infringes on my ultimate anonymity apparatus, the Salad Bowl patent! I’m “thick” and tired of people stealing our ideas without giving credit!

r January 15, 2017 6:59 AM

I wonder how they’re going to ‘dark room’ AI self-coding and assisted-coding exercises?

Will GPL mysteriously find itself being included by a naive machine?

Will training a machine on GPL code automatically violate dark room requirements?

Wael January 15, 2017 7:01 AM

@r,

the worst kind’ve thieves

Right on, Bro! They are also sitting near you at work. By the way, it’s “Kind of” — not “Kind have”. Wake TFU and smell the flowers!

r January 15, 2017 7:05 AM

@Wael,

Point taken, now let’s see if I can curb my habitual use of that contraction.

Also,

the worst kind’ve thieves

This is not necessarily untrue in the face of large[r] competitors.

I’m out though, I’m covered in bruises and heading to the store for some Braunschweiger.

My Info January 15, 2017 8:18 AM

I’m trying to investigate connections between RIAA and MPAA (collectively, the “MAFIAA”) and North Korea. The North Koreans have a cult worship thing going on with their dear leader Kim Jong-Un as with previous leaders, and they tend to relate that to the celebrity worship in Western popular culture with an effect of forcefully influencing politics and law enforcement.

North Korea is very much into Western movies, the movie-making process, getting close to the “stars” and directors “behind the scenes,” and similarly with the music industry. (Recall the Sony hack, for instance.)

Hence the copy protection rackets, “taxes” on blank media, the difficulty of “consumers” to access stable writable media to store their own files, the rabid search for child pornography and copyrighted “content” anywhere and everywhere, the planting of the same on suspects’ computers, and so on and so forth.

How do we best combat these strategic goals of North Korea which are in opposition to those of the people of the United States?

My Info January 15, 2017 8:23 AM

These are North Koreans, the forgers of undetectable fake $100 “superbills” among other documents.

JG4 January 15, 2017 9:20 AM

a new term of art: “a novel phylum of law,” which can be neither fish nor fowl, is a remarkable parallel to the “new” surveillance paradigm. it also touches on the internet of sensors, particularly ones owned and operated by the liars, thieves and murderers for the liars, thieves and murderers. I sent this to Ken White of Popehat in the hopes that he will comment on it.

That Time I Turned a Routine Traffic Ticket into the Constitutional Trial of the Century
http://www.thepublicdiscourse.com/2017/01/18093/

Yet traffic cameras do not always produce probable cause that a particular person has committed a crime. To get around this “problem” (as a certain law-and-order president-elect might call it), several states have created an entirely novel phylum of law: the civil violation of a criminal prohibition. Using this nifty device, a city can charge you of a crime without any witnesses, without any probable cause determination, and without any civil due process.
…[the entire article is brilliantly written, in a style not far off Popehat]
On cross-examination, I established that:
– He was not present at the time of the alleged violation.
– He has no photographic evidence of the driver.
– There were no witnesses.
– He does not know where Adam MacLeod was at the time of the alleged violation.
And so on. I then asked the question one is taught never to ask on cross—the last one. “So, you signed an affidavit under the pains and penalties of perjury alleging probable cause to believe that Adam MacLeod committed a violation of traffic laws without any evidence that was so?”
Without hesitating he answered, “Yes.” This surprised both of us. It also surprised the judge, who looked up from his desk for the first time. A police officer had just testified under oath that he perjured himself in service to a city government and a mysterious, far-away corporation whose officers probably earn many times his salary.
The city then rested its case. I renewed my motion to dismiss, which the judge immediately granted.

Ted January 15, 2017 9:49 AM

Tomorrow is MLK Day.

The King Philosophy ( http://www.thekingcenter.org/king-philosophy )

• Triple Evils
• Six Principles of Nonviolence
• Six Steps of Nonviolent Social Change
• The Beloved Community

Six Steps of Nonviolent Social Change:

INFORMATION GATHERING:To understand and articulate an issue, problem or injustice facing a person, community, or institution you must do research. You must investigate and gather all vital information from all sides of the argument or issue so as to increase your understanding of the problem. You must become an expert on your opponent’s position.EDUCATION:It is essential to inform others, including your opposition, about your issue. This minimizes misunderstandings and gains you support and sympathy.
PERSONAL COMMITMENT: […]

Dirk Praet January 15, 2017 11:17 AM

@ Grauhut

I am not even sure if i want to publish it in detail, since i use this for transmission of big disk images.

Oh, come on, I’m actually quite interested too. Sharing is caring! It doesn’t have to be over a public channel. We can also work with keybase folders. There’s at least four of us here who have a keybase id. Just ping me if you want an invite.

Holmes January 15, 2017 1:30 PM

“Former Microsoft Employees Who Say They Were Forced to Watch Videos of Child Abuse, Sexual Assault and Murder, Sue the Company Claiming PTSD”

The workers say they had to watch “inhumane and disgusting content. By Michael Arria / AlterNet January 12, 2017”

http://www.alternet.org/labor/former-microsoft-employees-who-say-they-were-forced-watch-videos-child-abuse-sue-company-claim

Employees of the MS Safety Team claim PTSD after being required to view extreme pornography as part of their job.

The part that interests me is this statement about one of the team members:

“At the time of Soto’s transfer, he claims he had “god-like” status as a monitor and that he,

“could literally view any customer’s communications at any time.”

Is this the smoking gun?

MS Windows generates thousands of SSL outbound data packets everyday on every user. Are those packets reviewed by a safety team, collected, stored, shared and acted on? Because: Security?

“Customers” imply owners of MS software. But, could it be cloud server users? Hard to say.

Did I read this wrong?

I think MS should explain how their employees can have “any customers communications anytime”.

Figureitout January 15, 2017 1:40 PM

Grauhut
–That’s fine, I’m taking a much more “tight-lipped” stance towards paid work, just not worth it to talk about NDA stuff and need to be trusted to keep things under wraps. Like Dirk said, you could find his pub key on a key server, or find on keybase. I prefer just giving my pub key after a small email exchange, don’t like it on the key servers.

I mean, it’s an IR LED and a IR receiver diode, pretty similar to what I’m doing…Could make something w/ 2 nanos and IR library but probably won’t.

r January 15, 2017 2:13 PM

@Holmes,

You’re right about that being a very loose assertion, hopefully it’s not accurate. I don’t think I’d have a problem with ML/DL checking images and forwarding them on to superiors kind of like how we know the hash detection stuff works but that sentence implies and forwards/backwards ability doesn’t it?

albert January 15, 2017 2:52 PM

@Figureitout,

Thanks for the detailed info. That optocoupler is rated at 50MBd maximum. I know you were going for simple and cheap, and definitely succeeded there.

Are there any ways to speed up this setup?

. .. . .. — ….

Sancho_P January 15, 2017 3:46 PM

@Grauhut, Dirk Praet (re data diode, UDP)

That’s something I’m thinking of. The data diode actually is done by the serial output of the TCB, the optical coupler provides (only) the (mandatory) galvanic isolation.
I don’t like cable connections, though 😉

So using the serial output (Tx) of the TCB as the logical data diode, a ESP-01 (ESP8266) sending UDP packets would do the same galvanic isolation and not provide a back or side channel.
I think UDP is the way to go because of one way (broadcast) transmission.

The data is already sent encrypted through the TCB serial output, so a inetd could handle that to the chat (or file) receiving app or whatever on the (insecure) networking machine.
For sending a steady stream of encrypted data (to avoid side channel info which part is data) the inetd – solution may not be ideal (?), but I’m a noob when it comes to any OS SW.

What is “port spoofing”, how could it harm the content of the transfer?
(D)DOS is out of scope, it’s unavoidable but easily recognized and logged. Guess it’s also easy to identify the source.
We’d have to evaluate the appropriate threat level first, though.

However, I don’t fully understand @Figureitout’s use because the (untrusted) receiving side would need the key to decrypt the file, so the key would be deemed “public” – Or is it only to send that data to, say, a cloud service to store the data?

Re pin remapping, I understand the words but not why it should be a concern in a TCB.
Paranoia can destroy ya 🙂

Re IR LED and IR receiver: Not a practicable solution, forget it.

Sancho_P January 15, 2017 3:53 PM

@albert

The speed limit (theoretical 3 Mbits/s) is at the Full-Speed FT232 USB to serial converter (here the cheap and simple FT232R).
There are Hi-Speed converters (e.g. FTDI’s FT232H http://www.ftdichip.com/Products/ICs/FT232H.htm ) up to 12 Mbits/s.

However, be aware that their UART transfer buffer is 1 kBytes and the OS must accept that speed in your app over USB and virtual com port (when using UART mode), plugging in flash drives to the same USB controller may end in trouble.
But this is the same with the Full-Speed FT232R and 128 Byte Rx resp. 256 Byte Tx buffer), continuously sending without feedback will result in errors, FEC is mandatory (blocksize is then a challenge).

Figureitout January 15, 2017 7:02 PM

albert
–It’s definitely fast enough for the max file size you can do right now. So it’s not a problem yet until you could move directories, which would be a good problem to have. It’ll take like 1-10 seconds max (guesstimate, my max time was like maybe 3 seconds which is sufficient to send a decent sized base64’d file) to send the max file size (haven’t calculated). If 3 seconds is too long I don’t know what to say.

Sancho_P
the optical coupler provides (only) the (mandatory) galvanic isolation.
–Also if there was an exploit of pin remapping (probably a full flash would be required unless they find the exact bytes to change, which is a bit ridiculous..) it would break that line too. So it serves 2 purposes. Your data diode would just be broken, so DOS attack, not getting full on compromised w/ comms from RX back to TX.

I don’t think you’re understanding what we’re saying, talking about just “talking”, like GPG public keys. Not encryption on data diode.

And if I can make what is hardware-wise a UART on a micro, turn that into a generic GPIO, by just commenting out $UART_init() and a couple other things, I’m betting I could do similar on an TCP/IP chip unless hardware preventing me. Time-based sidechannels from TX to RX when it should already be a sanitized throwaway PC, that’s over-paranoid.

Jen Gold Stockholm January 16, 2017 2:26 AM

OT
@Clive Robinson
OT but we all care about your wellbeing

i mentioned there were two branches of cranial sacral therapy : bio mechanical and bio structural. They both have a place, yet I believed the latter may be more relevant for you. I am certain it will bring the resolution of the maladies you have described.

I made enquiries and received specific feedback for you. London is an major epicentre for this work

Bio-mechanical stream here: http://ccst.co.uk/

Bio dynamic can be found here via enquiring who is in London:
http://www.karuna-institute.co.uk/contact-us.html

Also find biodynamic practitioners by enquiring care of the overaching UK Association:
http://www.craniosacral.co.uk/

and a reminder about Atlas Profilax which only takes 5 minutes, once, and resolves heaps of things on many levels.
@ Wael , @ r , @ Ab Praceceptis, @ Nick P, @ Grahaut @ Dick Praet , @ Moderator, and some others, have all fed back positive experiences. Or maybe I’ve got an over active imagination. They’ll get back to you?

http://www.atlasprofilax.ch/eng/

thanks for patience everybody but then again y’all seem to endure a lot of rifting miasmic ‘side channel attacks’ in this forum so I’m sure I am fine 😉

Jen G Stockholm January 16, 2017 2:34 AM

@ Clive

Oopsies. I said:

“.. two branches of cranial sacral therapy : bio mechanical and bio STRUCTURAL. They both have a place, yet I believed the latter may be more relevant for you”

I meant to say :

“…bio mechanical and bio DYNAMIC…” [my emphasis]

Wael January 16, 2017 3:10 AM

@Jen Gold Stockholm,

it does turn out, the world is indeed full of [redacted].

Tell us something we don’t already know. What kills me is the saying:
‘There’s a sucker born every minute.’

I mean where the suck do they fit if the world is full of the ‘f’-type?

Hope you said thanks!

Thanks (from both of us, and I’m not implying @Clive Robinson here.)

Jen Gold Stockholm January 16, 2017 4:07 AM

@ JG4

“That Time I Turned a Routine Traffic Ticket into the Constitutional Trial of the Century
http://www.thepublicdiscourse.com/2017/01/18093/

legally, it’s too a large topic but essentially yes this is correct, a traffic camera is deciding a verdict of guilty and the defendant is forced to prove their innocence. Civilly and criminally it is unlawful regardless of which country one is in. In traffic camera offences corpus deliciti (the three parts of proof : victim, witness, crime) also doesn’t exist. people have stood in the court and called for the witness to the offence to appear for cross-examination – that being, the camera. A police officer appears instead and attempts to give evidence on behalf of the camera. Objection! Perjury! The officer was not present and is an interloper! Can the witness (and/or complainant) please appear for cross examination? The judge quickly dismisses the case.

keiner January 16, 2017 4:09 AM

NATO is obsolete. Aha.

Could someone buy your ape-elected a history book and read it to him? (not sure he is able to read and understand at the same time…)

Thoth January 16, 2017 8:36 AM

@Clive Robinson

Either do a proper multi-factor authentication from secure devices or add a tamper resisting via a TEE or Secure Element-based password entry limit mechanism or maybe a public key based protocol.

Passwords are long outdated but people are too lazy so that results in the disease still staying there for a long time.

Nick P January 16, 2017 10:51 AM

@ Clive Robinson

They’re reinventing your Prison Architecture minus a few features here.

@ All

Hardware-assisted Data-flow Isolation

New method already demonstrated on a RISC-V prototype to protect systems by checking at runtime that execution conforms to a static, data-flow model of the program. Tags are used to do so. The result is a lot of protection with a tiny, performance hit compared to the hardware version of Softbound + CETS. Authors in related work & extension sections did a terrific job about exhaustively looking into the possibilities. You’ll learn from other work since you saw this one. My favorite kind of report. 😉

Clive Robinson January 16, 2017 10:55 AM

@ Thoth,

Passwords are long outdated but people are too lazy…

It has been that way for over half a century. Meanwhile it’s not just attacking hardware/software that has moved, it’s legislation like the UK’s “Snooper’s Charter” and it’s preceding legislation. Thus secure authentication uses other factors such as tokens etc that even though supposadly protected by “what you know” as a passphrase/word are as we saw with Apple Phones etc subject to work around legislation.

Usually we think of only three factors,

1, What you “Know”.
2, What you “Are”.
3, What you “Have”.

Only the “Know” factor is still safe against the likes of the psychos in the US Doj. Thus we need another way to leverage “Know” factor.

In the past I’ve suggested that we need to also and sub factors of,

1b, Know “Where” to be.
1c, Know “When” to be Where.

This has the advantage of putting an imovable block on the “Know” in a similar way that “three tries and lockout” used to do when “Know” was inside your head as a passphrase/word.

This leaves the question of accidents and lifting the “block”. Obviously if this did not have a “Where” element the block lifting mechanism becomes the LEO legislative attack route.

This brings us back to the shared secrets in different jurisdictions idea, yet again. It also alows all sorts of other protection mechanisms to be added that fall into the 1a “Know” catagory such as “duress passphrases/words” but with out the infinate guess option open to those LEOs that belive they have over reaching powers.

Doing things this way alowes the use of more normal Technical Protection/security methods such as PK systems embeded in tokens etc to work in the way “the crypto-geeks thought” back thirty to fourty years ago.

When you think about it all legislation had it’s foundations in the religious and philisophical notion of “Free will”. That is you had a choice to be a criminal or a martyr, and there were places not just your mind that the law could not trespass hence “legal privilege” between you, your confessor, doctor or lawyer etc.

These days it’s clear that the “Guard labour” of society, wants to hold it’s self where it’s writ runs roughshod over such necessities of society such as “free will” and “legal privilege”. They try to remove them via legislation or technology for what they claim is “The common good” even though it is anything but. Thus those who have free will should have the same right to use legislation and technology to to maintain free will for themselves and others.

CallMeLateForSupper January 16, 2017 12:35 PM

@Clive

Fast hash algo; real words; few words; short words. Collectively those are a recipe for disaster. (You know that, I know.)

If one considers “horsebattery123″[1] as an easily remembered passphrase, then why not go the extra five feet and make it, instead, “horselich1/2/3/battery” or “1Horselich2GalvanicPile3” or …

Consulting my list of old passphrases, I see that they range in length from 20-53 characters, contain multiple “wordlichs”[2] each, and include digits and special characters and uppercase alphas.

Currently I have just 5 active passphrases, so entering one from memory is easy.

[1] From the article: …remembering the password “horsebattery123” is way easier than “GFj27ef8%k$39”

[2] “Wordlich”: my term for a bogus word created by free-associating or by misspelling an actual word, or both.

Clive Robinson January 16, 2017 2:04 PM

@ CallMeLateForSupper,

Collectively those are a recipe for disaster. (You know that, I know.)

Yes I do, but as you also know, non security types, especialy those who believe they are on the express elevator to walnut corridor, either don’t know, don’t care or won’t let security get in the way of what they are doing…

Thus the question of what will happen in practice and what will be the security “low watermark” not “high watermark” for any given system. As we both know attackers will take any toe hold they can get to form a bridge head into a system. So one weak password in a hashed list is enough…

x anon January 16, 2017 4:37 PM

“BBC Four” documentary on Stuxnet today, “Zero day: Nuclear Cyber Sabotage”, interesting discussions and consequences…

MikeA January 16, 2017 5:11 PM

About that 700bps voice: I have had no success so far getting BELL 103 style modem signals (0-300 bps, full duplex) over a “voice” channel. Not done a lot, and suspect that it is a combination of distortion from the GSM/CDMA codec (minor issue?) and phones punting on the echo-suppression-suppression specified for “real” voice lines (energy around 2100 Hz). But I’d love to get some guidance on other possible causes. (use case is transferring data from a “presumed not backdoored because old” computer via the formerly ubiquitous headset jack, so I can bypass probably backdoored “direct” connections to a mobile, and use any old burner at any given time).

Wael January 16, 2017 9:47 PM

@Clive Robinson, @Thoth,

Perhaps I should increase my signal to noise ratio… The moderator just chopped someone’s neck off…

Passwords are long outdated but people are too lazy

It’s got nothing to do with either the trend of the day nor how lazy or industrious people are. It’s got to do with reality.

Passwords are usually coupled with an identification. They are a representation of a proof that the person “knows” something pre-provisioned in the past, generally speaking. The three classic paradigms or so-called factors as @Clive Robinson mentioned, and as all know are: Something you know, you have, you are. Focusing only on these three factors, one cannot replace another without a price — nothing is free. Sometimes that’s ok and other times it’s not ok. One cannot categorically say passwords will be gone, or passwords are evil.

Take for example a situation where a mobile device is used to pay for a subway train (underground, tube, etc.) The lines are long, the trains don’t wait much, and people are in a rush. Would it make sense to mandate the user input a password to pay for a ticket at the gate, or even scan a fingerprint? No, things won’t work, so some solutions will require neither authentication mechanisms. However, there’ll be some other compensating controls in place to allow this use case to work. Limited use keys that require replenishing when the phone has data connectivity is an example. In this situation, the assumption is that both the terminal “POS” and the phone have no internet connection at the time of transaction.

Then there are other authentication dimensions. Device authentication is one which allows what I call Multi-Entity Authentication©. There are channels of authentication that use our if band methods for “diversification” of routes. Call it security through the expansion of search space. An attacker would need to monitor more than one channel to be able to compromise the system. The expanded authentication dimensions would be:

What you know
What you are
What you have

More than one of these is called Multi-Factor authentication. How original!

On what device you are coming from (is it an authenticated device?)
Location of the device (not necessarily the user, as the affinity is with the device: user can remotely control a device in a different continent and “appear” to be where the controlled device is located. This is a subtle but important distinction. The implication is one needed to make sure the device and the user are in the same location (won’t say much more about this, I’ll leave it for your imagination how to solve this one.) But why would location count as an authentication mechanism? It’s because of some geofencing policies that would say: the request can only come from this longitude and latitude coordinates. It’s not authentication, per se, but it can be though of as one, although it could also be an authorization control. Depends how the system is conceived.

Time and date are other control parameters: they aren’t really authenticating dimensions unless they are part of the authentication mechanism (secret codes and times – I don’t know what that means, but I’ll make something up if someone challenges me.)

There is a lot more to say. But passwords won’t go away anytime soon. One more thing, as mentioned a few times here in the past, one often neglects the user factor in threat modeling, and assumes the device is the only “entity” under attack. There are situations where both the user and the device are under control of an adversary. A password, depending on the courage, resilience, and determination of the user is more secure than the other two factors. That is until one can read minds, which doesn’t seem that far fetched, if you follow the erase arch in this area.

Aaaand an old limerick that predicted what @Thoth would say a few years later about passwords being long outdated! Dayum, I’m a visionary, but I still have a lot of work to do!

That’s all I have to say about that — Forest Gump.

Thoth January 17, 2017 12:20 AM

@Wael, Clive Robinson

Many websites are still not adopting simple 2FA methods (HOTP tokens or SMS tokens) despite them being around for sometime. Would that be laziness or some form of incompetance ?

Wael January 17, 2017 1:24 AM

@Thoth,

It maybe economics, lack of information, indifference, disinterest in ”percieved complexities’, etc…

Depends also on the nature of the site. If it’s a banking app, then not doing due diligence is probably neglect, chain of command incompetence, laziness? Maybe but not the most likely reason as they’re not too lazy to do other tasks. But maybe some are lazy. Who knows, maybe a survey can shed some light. Surely some surveys exist?

If it’s an email site, then the majority don’t use 2fa. Not necessarily laziness or incompetence. They just don’t see the need because operations are within their risk appetite range.

Clive Robinson January 17, 2017 1:25 AM

@ Wael,

It’s got nothing to do with either the trend of the day nor how lazy or industrious people are. It’s got to do with reality.

One man’s meat is another man’s poison, it’s a question of perspective, and the thing I hate most “Arguing back from a known effect to one or many probable causes”.

It’s an important point as it’s the effect of the users choices –Strong/Weak– that is the cause of the security vulnerability, not the system that alows the choice. If all users made strong choices then the system would not fail. The problem with the system is,

1, Choice type recognition.
2, Enforcment avoidence.

That is how do you build a system that can actually recognise the difference between a strong and weak password, and what it does when it thinks it is weak?

We know from cryptography weak plaintext, can appear as strong cipher text when encrypted with a weak determanistic algorithm (ie the persons name, stream cihpered using a LFSR KeyGen keyed by the date). The problem is as we know from black box RNGs examining the output can not tell between a determanistic sequence such as AES in CTR mode and a True RNG using a quantum source. The output is just bits with statistical properties that may or may not have 100% determinism, you just can not tell from the information the system has available. But an attacker who knows the users system is in like a rat up a drain it’s what Shannon’s maxim and Kerckhoffs’ principle warn us about.

But if the system does know a passphrase/word is weak, the user will as we know find another weak way that does, or change the something they “know” into something they “have” like a piece of paper with the passphrase/word on it. As I noted originaly only the something they “know” is protected under law, and that barely so.

So the object of the excercise is to ensure that even a very weak “know” can be put beyond what the law can achive technically if the users choice is not to tell investigators the “know”. It’s what Apple had tried to do on the iPhone that caused the FBI/DoJ to effectively tell “porkie pies” to a magistrate.

The lesson from the Apple case is that the “know” will fail if the “have” has a flaw or defect. Because if the “have” is in the attackers possession they can grind away at it via a technical means, unless there is a further limitation impossed on the technical means they can use.

So the “know” is limited by the capability of the average human brain, which due to evolution is realy quite bad at somethings. Specifically as has been shown the abillity to remember even very short random numbers such as PINs which are so weak they can be cracked by technical means in less time than it takes to push a button…

Thus the “know” has to play to human strengths not fail through their weaknesses.

So the “know” can be split into sub catagories,

1a, A “text” you know.
1b, A “place” you know.
1c, A,”time” you know
1d, …

They will each fail to a brut force attack after some period of time, thus the trick is to analyse what domain each is in.

The “text” you know is only in the intangible information domain it has no physical actuality. However the “place” you know has a physical actuality and the “time” you know has a temporal actuality. Thus they are in effect orthogonal to each other.

As we know brut force technical measures against intangible information is at the end of the day based on just how fast you can test untill you find the right combination of bits. With each additional bit doubling the test time at any given rate. Thus the aim of the game is to increase the number of bits beyond the resources of the attacker.

For a human a “place and time” are far easier to remember than a PIN and also have considerably more bits than a PIN. Thus the game is to design a sufficiently secure “have” that puts both the number of bits up and reduces an attackers test rate to negligable.

With regards,

Take for example a situation where…

What you talk about is a “function” of the device “in use”. What may people forget is that the security required for any given function is often significantly different. For instance the basic use of a phone to dial a user entered number in the general case requires little or no security. Thus we have the notion of allways being able to dial “emergancy numbers”. What has actually happened is there is no security on the phone use, but a “whitelist” has been put on the numbers that can be used in locked mode. Once you have a whitelist system implemented it’s very little effort to add a “blacklist” of numbers that require a greater level of security in unlocked mode. Thus the level of authentication required to go from locked to ublocked mode can be a lot lot lower than other functionality of the smart phone.

Which brings us to your point of,

There is a lot more to say. But passwords won’t go away anytime soon.

Yes there is, and no they will never go away, the trick is to augment them in a way that plays to the strengths of the human mind.

Finaly with regards,

That’s all I have to say about that — Forest Gump.

And the link to your prophetic poem. On that same page lower down is a post from you which is well within this authentication discussion, and well worth a re-read,

https://www.schneier.com/blog/archives/2012/06/friday_squid_bl_330.html#c782990

And says a lot more 😉

Location of the device January 17, 2017 1:26 AM

Time and date are other control parameters: they aren’t really authenticating dimensions unless they are part of the authentication mechanism (secret codes and times – I don’t know what that means, but I’ll make something up if someone challenges me.)

Depending on current state of the art in regards to image doctoring and detection, perhaps a time-sensitive photograph of the sky could be of use here (might be too easy to defeat, but I can find better supporting documents if someone challenges me.) May be better if you use RF triangulation as an additional factor too..?

Dirk Praet January 17, 2017 5:00 AM

@ What changed?

Taken over whom?

He means Russia took over both the military and diplomatic initiative in the region.

Wael January 17, 2017 6:09 AM

@r,

If the shoe fits… because of this expression: “misappropriate”?

It’s not the shoe, bubba! It’s the glove! If it doesn’t fit, you must acquit! You really need to start to blockquote something to give us a sense of what’s on your mind. You’re going to give me a stroke, r!

@Clive Robinson,

Funny how fast time passes. I may have a thing or two to say later.

Law of Averages January 17, 2017 6:15 AM

@Dirk Praet,

So that’s what he meant, but what do I/they mean?

@Wael,

I suppose it’s not fair to presume that the developer behind the innovations can’t just walk from one company to another with the technology his ‘brain on legs’ represents, but this isn’t the first musings behind facebook looking-the-other-way at misappropriated technology.

It’ll be interesting to see how this plays out, the point was sometimes they really are ‘sitting next to’ you.

@All,

RE: the link about paid vocabulary indulgences, I think one can draw parallels into the open source and scientific paper conversations that’ve been had around here with some of the Doctors good words.

Wael January 17, 2017 6:34 AM

@Law of Averages,

I suppose it’s not fair to presume that the developer behind the innovations can’t just walk from one company to another with the technology his ‘brain on legs’

Most companies I worked for required me to list patents, issued or pending at the previous company. They also explicitly say: don’t bring other companies’ proprietary work with you; we expect your work to be original. So it’s not fair to make that presumption, you are right.

the point was sometimes they really are ‘sitting next to’ you.

Yep! They are!

Dirk Praet January 17, 2017 7:25 AM

@ Law of Averages

So that’s what he meant, but what do I/they mean?

Unless you could be a bit more explicit, the question actually becomes “what do we care?”.

CallMeLateForSupper January 17, 2017 9:47 AM

@Clive

Amused to note that #22 – #25 on Keeper Security’s 2016 Most Popular Password List are what Bletchley called “cillies” and used to great advantage…. seventy-seven years ago! :-O

We have word of the year and passphrase of the year. I declare the following to be my question for all time: “When will they ever learn.”

Clive Robinson January 17, 2017 10:37 AM

@ r,

study-finds-link-between-profanity-and-honesty

I read a different article about the same paper (via HackerNews) and it made me smile.

If you think avout it people tend to swear/cuss in three ways,

1, As part of the way they speak, I know I’m probably going to get flamed but some Australians have turned cussing etc into a language in it’s own right.
2, Due to some immediate acident/shock/puzzlement.
3, For effect much like an actor would.

Of the three only the second would appear to meet the honesty criteria as it’s generaly an emotional reflex action.

Clive Robinson January 17, 2017 11:18 AM

@ CallMeLate…,

I declare the following to be my question for all time: “When will they ever learn.”

It might also be the song chorus of all time (if you are old enough to remember it the first time 😉 Though Barry McGuire’s Eve of Destruction is the song I’d plump for.

Bernard Marx January 17, 2017 11:26 AM

I am aware of how bad a human is at imagining random numbers. So I practice “password composition”. I don`t use a (pseudo)random pwd generator; I compose them, like poems. I take some three or more weeks to compose a pwd, capturing the entropy of various natural truely random sources, at random times [number of clouds in the sky on a given day, number of birds in a flock, number of people wearing a blue shirt in a photo of a flash mob gathering, number of rain drops in a sector of my window pane, etc, etc] and codifying them in a particular way to generate a totally random long string.

I dont think my method is easily hackable, and my personal experience is in accord [Ive never been pwd, ever.]

snur-pele January 17, 2017 12:15 PM

@MikeA
You are right to assume the speech-coder disrupts your attempts. Digital cellphones will not reproduce tones, clicks, silences, etc, because it is not Voice. There is however a non-trivial technical solution to transfer data over a cellphone audio channel. It is referred to as an ‘in-band modem’, and it is used in the european eCall system. I believe it is patented.

Clive Robinson January 17, 2017 3:20 PM

@ Q,

cyber attacks vs. squirrels.

I would have told my “dazed rat” story except…

At the bottom of the article there is a link to this story,

http://metro.co.uk/2017/01/13/swan-holds-up-train-by-waddling-on-the-track-for-two-miles-6380202/

The article is slightly wrong in that it is actually not a “Teddington Service” but a “Richmond loop Service to London Waterloo” (as you can see on the front of the train in the photo). The service normally stops at Kingston Railway Station for a timetabled 5-10mins anyway to allow for “late running” catch up to avoid Government imposed fines for late running as the service is so shoddy. The train operator SWT[1] also “runs them fast” cutting out stations like Norbiton, New Malden, Raynes Park for the same reason much to the anoyance of many commuters…

And Yes Kingston Railway station is one I use when traveling as there is a handy bus connection. And Yes “I was not a million miles away” at the time getting frustrated just like a lot of those commuters.

[1] SWT is owned by a brother and sister, who make themselves share “dividens” of up around $75million mark. The sister now owns a couple of Castles and much else besides, the brother is busy buying up scotish politicians with his share. All very much to the upset of commuters who pay the highest cost per mile, not just in Europe but the World for what is basically a very very shoddy service.

MikeA January 17, 2017 3:38 PM

@snur_pele

That (codec mangling tones) was my first guess, but when I asked a senior Qualcom engineer about this, he said it was unlikely, and that it “should just work”. I revived my experiments and no joy so far. But another data point: apparently DTMF gets through to Automated Voice Response systems, so it can’t be just “we don’t do tones” or even “we don’t do polyphony”. If I have to, I’ll go to something like DTMF or Weitbrecht (I think the patents are expired), but they add complexity, are half-duplex, and are lower bandwidth, so I’m hoping to get something purely analog and preferably passive. Imagine a slightly fat cable between a TRS80 Model 100 or equivalent and a 2.5 or 3.5 mm headset jack. Something like Lucifer or Snefru should be doable on an older machine 🙂 Either way, I’ll need Forward Error Correction (especially, of course, with encrypted payloads)

Wael January 17, 2017 3:48 PM

@Clive Robinson, @Q,

I would have told my “dazed rat” story except…

I’d rather be on a slow train delayed by a cute swan than on an airplane with a Ruppell’s griffon vulture in its engine at cruise altitude, any day of the year. These bad boys like to fly at 37,000 feet!

Other birds only strike planes during landing and takeoff, or sometimes at 20,000 feet to 28,000 feet.

Clive Robinson January 17, 2017 4:33 PM

@ Wael, Q,

I’d rather be on a slow train delayed by a cute swan than on an airplane with a Ruppell’s griffon vulture in its engine at cruise altitude, any day of the year.

Two things to note, firstly the vulture is where you would expext it to be, and I’m sure it realy does not want to end up becoming “Turkey Mince” done rare in a turbo fan engine. Secondly you could fly swans into trains all day long, with no chance you’ld bring the train down.

I’ve been told that US train regulations to design and construction make them more or less bullet proof…

Oh the other thing, you can atleast eat the swan as they are not a health risk unlike the vulture.

And before you ask, yes I have, and taste wise a swan is to goose what goose is to duck.

Clive Robinson January 17, 2017 4:45 PM

@ MikeA,

That (codec mangling tones) was my first guess, but when I asked a senior Qualcom engineer about this, he said it was unlikely, and that it “should just work”.

The codecs do mangle tones phase and amplitude. In some respects the codecs work like a cross between a vocoder and an audio processor / compressor. In the GSM system they were designed to be most efficient with a German male voice, which kinda differs from even the Bell 103 FSK tones by quite a margin.

r January 17, 2017 5:17 PM

I think I’ve actually heard about squirrels and power lines before, we had a block shutdown last year because of one?

Somebody should feed them to a CRISPr for insulated feet, give them a rubber gene.

r January 17, 2017 5:20 PM

Hopefully PITA doesn’t get involved, it’s not like they stop the brown squirrels from taking over their territory.

r January 17, 2017 5:32 PM

Nobody would even know until the grey squirrel 2.0 had taken over and it was too late, as scary as it sounds it’s I think alot smarter than trying to engineer a vulnerable or generation limited mosquito. How is it going to compete with the natural genetic pool going forward? Are they just trashing biodiversity on a local enviromental level or are they trying to put something forward that will propogate?

Rubberized gray squirrel is a human target that people will appreciate.

Wael January 17, 2017 5:58 PM

@Clive Robinson,

Yes there is, and no they (passwords) will never go away

Then Frank Stajano will never hire us 🙂

My primary research project, Pico, aims to make the world a better place by getting rid of passwords. Thanks to the European Research Council I recruited a team of brilliant researchers to work with me on this problem. Would you like to join my team? I’m hiring.

You think we should send him a resume for the fun of it along with some excerpts of what we said here about passwords? I’ll start my cover letter with the limerick. I wonder if he lurks around here!

CallMeLateForSupper January 17, 2017 8:10 PM

@Clive
“It might also be the song chorus of all time (if you are old enough to remember it the first time.”

If? IF?? Let’s just say I was old enough to vote.

I do remember “Eve of Destruction” (and some of the lyrics), but in those days I marinated in Janes Taylor. Joni Mitchell, Judy Collins, occasionally dipped a toe in drivel by e.g. Rod McKuen or Richard Harris. When I felt like breaking a face, I instead donned the Sennheisers and fired up either 2nd movement of Saint Saens’ Organ Symphony or any ripping Bach organ piece.

Clive Robinson January 18, 2017 1:57 AM

@ Wael,

Frank Stajano’s Pico, replaces something you “know” with something you “have” or… two somethings you have. Thus it removes your freedom of choice when the authoritarian guard labour comes along and takes the something you have devices away from you.

Frank Stajano is not going to like me saying it but he’s building the FBI Comey’s front door for him…

As I pointed out the only authentication factor the guard labour have not yet sequestrated in some way is “something you know”.

And yes there is a possability that at some point they will waterboard you or use a monkey wrench to adjust your nuts etc, hence the point of extending the “know” orthagonaly in other domains such as space and time, backstopped by out of jurisdiction recovery.

Anything less and Pico is a lot less will fail to technical measures.

Yes that may be harsh, but I think I’ve probably been thinking about it for quite a bit longer than Frank Stajano has. If you think –link– back to the description I gave of the banking transaction authentication token many years ago on this blog you will see it’s what the Pico is attempting to be.

You need the “something you know” to give you the freedom of choice otherwise society as we know it will fail inextricably into tyranny under the technical measures that the guard labour will aquire. So the something you “know” is going to stay with us, and the most likely method is by the passphrase/word. So no I can not see passphrases going away any time soon if ever (or they develop reliable brain imaging of sufficient accuracy).

Oh what’s the betting academic researchers start “fine graining” the “something you know” as I have done above as 1a, 1b, 1c, etc?

Clive Robinson January 18, 2017 2:08 AM

@ CallMeLate…,

I do remember “Eve of Destruction” (and some of the lyrics), but in those days I marinated in Janes Taylor. Joni Mitchell, Judy Collins,

Ahhh so you’ve “looked at life from both sides now” in a “Big yellow taxi” whilst outside there is “Fire and rain” 😉

It appears you are not the only one B-)

Wael January 18, 2017 2:21 AM

@Clive Robinson,

You need the “something you know” to give you the freedom of choice

That’s my belief too. They are three dimensions : x, y, and z. Can’t replace one with the other because they’re all orthogonal. Getting rid of any of them reduces the volume to a plane.

Thoth January 18, 2017 5:44 AM

@Clive Robinson

More accurately, something you know (PIN and passwords) should never be used alone and combine with other factors to prevent a single point of failure.

The main thing is to make it harder for the attacker.

Curious January 18, 2017 9:10 AM

Off topic I guess:

According to BBC, Chelsea Manning, formerly Bradley Manning, will be released from jail later this year.

“Chelsea Manning: Obama reduces sentence of Wikileaks source”
http://www.bbc.com/news/world-us-canada-38659068

“The 29-year-old transgender US Army private, born Bradley Manning, will be freed on 17 May instead of her scheduled 2045 release.”

Curious January 18, 2017 11:05 AM

“FTC Charges D-Link Put Consumers’ Privacy at Risk Due to the Inadequate Security of Its Computer Routers and Cameras”
https://www.ftc.gov/news-events/press-releases/2017/01/ftc-charges-d-link-put-consumers-privacy-risk-due-inadequate

“In a complaint filed in the Northern District of California, the FTC charged that D-Link failed to take reasonable steps to secure its routers and Internet Protocol (IP) cameras, potentially compromising sensitive consumer information, including live video and audio feeds from D-Link IP cameras.”

Figureitout January 19, 2017 1:07 AM

albert
–No prob. If you do decide to try it out, let me know. This is a project that any windows-pc user could do easy, for sure. What I didn’t get across though, is that I’m just sharing my personal experiments, this is not an engineered product I would stand behind yet. Needs lots of testing. Though look how many hacks people can post on it (none lol, have to use side channel which can generally be mitigated w/ strong, practiced OPSEC; I would love watching a skiddy try on RX trying to get to TX).

Jen Gold Stockholm
thanks for patience everybody
–We love to think we’re helping people who need the protection (I do too), that’s what motivates me. Most of us have been on the other side, some of us still reside there mostly (not me, but I will make occasional trips back to keep my skills up and “spy on the enemy” :p). All it takes is a decent amount of planning, OPSEC, and hiding behind others to attack undetected and you won’t ever get caught. Unsolved mystery.

But it doesn’t take much thought to realize, strong defense is the way forward for humanity. Attacking is for the mentally unstable/insecure usually. Imagine, say NASA or SpaceX having a rocket crash due to a diliberate hack from a human, that would be really sad. An example of one mentally unstable human ruining research and “a way out” for humanity.

Figureitout January 19, 2017 2:45 AM

Clive Robinson
–Poking a bit of fun, as you’ve made known, you have a bit of beef w/ CS programs as you feel they don’t delve down deep enough in hardware and miss some important concepts in doing so. Well a reddit post delivers a bit of gold, a CS student mentions a vending machine selling “fuses” is “mildly interesting” but there’s no fuses in the picture…Feel sorry for the guy but it’s all in good fun.

https://www.reddit.com/r/mildlyinteresting/comments/5otye0/the_vending_machine_in_the_engineering_department/

Thoth January 19, 2017 4:42 AM

@Nick P, all

Linux in IoT devices have been known to be insecure especially when running that bloated Linux kernel and not bothering to remove unwanted features/vulnerabilities.

Some security researchers have yet again brought up the issue and this time at the Linux.conf.au conference.

Nobody’s listening anyway since you could use Shodan and grab a whole ton of IoTs running .. Linux 🙂 .

Telling consumers to stop using IoT is impractical which the only way around is to hopefully force a switch of preferred IoT kernel/OS from the bloated Linux to a safety and security centric kernel/OS.

The only way to directly compete against Linux and hopefully ease the madness of insecure IoT devices is to have a viable alternative that’s easy to support and install and also have a big userbase with better security and all that stuff.

Security enhanced kernels and OSes doesn’t mean anything if the applications are crappy. Safer defaults and better user security and safety guides with ease of use and deployment wouldalso enhance such offerings.

Link: http://www.theregister.co.uk/2017/01/19/iot_will_get_worse_before_it_gets_better_dev_tells_linux_conference/

Thoth January 19, 2017 6:44 AM

@r

Re: Chelsea Manning & WikiLeaks.

That is exactly what Obama wants to do. He wants to screw over both WikiLeaks and Trump (since it was WikiLeaks who aided Trump and went against Hillary). What better than to make WikiLeaks look stupid and mess with it’s credibility by doing what WikiLeaks and the public least expected and at the same time hurt WikiLeaks real bad.

He made a really “brilliant” political move to get back at WikiLeaks and Trump and he doesn’t stand to lose anything by releasing Mannings since it’s his last day in office. It is Trump who had to handle Mannings once he leaves the office. If he wanted to be meaner, he do immediately pardon Mannings (probably too late now) and Assange will pe pertually trapped.

Clive Robinson January 19, 2017 7:42 AM

@ Figureitout and the usual suspects,

You might want to read abd bookmark this,

https://dmitryfrank.com/articles/how_i_ended_up_writing_my_own_kernel

r similar reasons I’ve written several BIOS and RTOS / OSs in my time for the same and similar microcontrolers and SoCs.

As I’ve mentioned before, each one you right for a new job or microcontroler teaches you a lot about what belongs in the BIOS/drivers, the kernel and user spaces and why the likes of circular buffers are better than other types of buffer as well as the importance of what goes in which interupt top and bottom handler.

Curious January 19, 2017 8:01 AM

Something NSA about something AES GCM SIV?

I don’t really know what this is, but perhaps it is somewhat important:
“[Cfrg] AES GCM SIV analysis”
https://mailarchive.ietf.org/arch/msg/cfrg/k2mpWgod4mbdOxsvN6EtXHb0BAg

“NSA’s Information Assurance organization did some analysis of AES-GCM-SIV, as described in “AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption”, dated August 29, 2016 [1]. We shared this analysis privately with the three authors of AES-GCM-SIV, who requested that we post it to the CFRG forum. The attachment describes the results of the analysis. We believe the authors will be posting an update shortly.”

So this links to a link for a pdf file I haven’t looked at.
Twitter: “NSA posts three key recovery attacks on current CFRG AES-GCM-SIV drafts”

Thoth January 19, 2017 8:15 AM

@Curious

If you want something more resistant to NSA, the last cipher on that least (assuming that legacy crypto export ciphers like DES and Skipjack isn’t used) would be AES.

As @Clive Robinson had mentioned, NSA could have picked something like Serpent cipher which is more robust in build but chose for the more agile and nimble but less armoured Rijndael that also “coincidentally” has so much of side channels (I don’t mean Serpent doesn’t have).

If you want to be on the safer side, time to go with ChaCha20 which was built from the ground up with side channel resistance in mind since day one.

vas pup January 19, 2017 8:46 AM

Korean Air used electric stun gun on five passengers:
http://www.bbc.com/news/business-38580804
Korean Air is believed to be the only major carrier to routinely have the weapons on board.The airline is ramping up training for staff using the guns after criticism for the way it handled a recent in-flight disturbance.
The carrier told the BBC it first introduced electric stun guns in 2002.It now carries at least one set of weapons on every plane, with two sets on its A380 jumbo jets.
The International Air Transport Association (IATA) said airlines were not required to inform them if they carried the weapons on board. Several major carriers contacted by the BBC declined to comment on whether or not they had Tasers on board, citing security concerns.
And while not ideal to use one on a plane, there is not thought to be any great risk to the safety of a plane if a Taser was activated.
Unruly behaviour on aircraft is a growing problem according to a study by IATA, with a sharp rise of incidents in 2015. Incidents of people getting in fights, being verbally abusive or refusing to follow cabin crew orders were up by 17%. In 11% of cases, there was physical aggression or even damage to the aircraft.
Are there still air marshals on planes? An air marshal is an undercover armed guard on board a commercial aircraft, to counter hijackings and other hostile acts. In the event of an imminent threat from a passenger, air marshals say they are trained to respond with lethal force. It is thought there are now several thousand marshals employed by the US Department for Homeland Security, compared with the 33 flying regularly pre-9/11.
Israel’s El Al has had armed marshals operating on its flights for more than 30 years.

Clive Robinson January 19, 2017 8:47 AM

@ Curious, ALL

In the page you link to,

There is a link given to the IETF, where the top level domain name is given as “.ort” not “.org”

Which may be because Deb Cooley at NSA IA hand typed in the link on a qwerty keyboard 😉

Clive Robinson January 19, 2017 9:17 AM

@ vas pup,

And while not ideal to use one on a plane, there is not thought to be any great risk to the safety of a plane if a Taser was activated.

I would not bet a tinfoil nickle on that, tasers work by beibg tiny EM Pulse generators and they can mess up a lot more than your nervous system.

Tasers are not EMC or LVD tested and scrape by on the “National Security” exemption, which means they should only be used by directly employed “guard labour” of a state. And that there are many places they must not be used like all hazards zones for chemicals such as gas station forecourts, many industrial plant areas, hospitals, likewise EMC sensitive areas such as anywhere inside an aircraft or control room for industrial plant or maritime etc vehicles.

To be legaly usable on an aircraft they would need to meet certain international standards on emmissions. The design of a taser precludes them meeting such standards. Thus their use on an aircraft constitutes “Deliberate endangerment of an aircraft in flight” bearing in mind what happened in NY on 9/11 and the number of people killed you can see why such behaviour is treated very gravely.

Not being funny the risk is probably less if a hand gun was discharged inside an aircraft body than a taser…

Nick P January 19, 2017 9:18 AM

@ Thoth

I keep thinking the best option is to automatically connect to every consumer device Shodan finds and disable them. Leave a message for the user that manufacturer intentionally left it open to attack with links to contact info for that manufacturer and products from competitors. That happens enough we might see some change. The DDOS attacks will drop a bit, too.

Dirk Praet January 19, 2017 2:51 PM

@ Nick P, @ Thoth

I keep thinking the best option is to automatically connect to every consumer device Shodan finds and disable them.

Probably not entirely legal, but not that hard to do. The Mirai worm, for example, kills Qbot and other types of competing malware once it has taken over a device.

Telling consumers to stop using IoT is impractical which the only way around is to hopefully force a switch of preferred IoT kernel/OS from the bloated Linux to a safety and security centric kernel/OS.

Consumers will buy whatever. They don’t know and (generally) don’t care. There’s plenty of excellent, even reasonably secure RTOS stuff out there with micro/nano kernels and very small memory footprint. Vendors just need some kind of motivation (or regulation) to adopt them. And a mandatory update mechanism with at least 3 years of guaranteed security updates wouldn’t be too much of a luxury either. Although I’d prefer something non-Linux too, I would already be very happy if something like Zephyr could make it to mainstream IoT.

Safer defaults and better user security and safety guides with ease of use and deployment would also enhance such offerings.

The average consumer doesn’t read security or safety guides. They just want the bloody thing to work out of the box when they turn it on. Safer defaults mean more stuff that potentially “doesn’t work”, ergo more unsatisfied customers and help desk calls.

There’s at least one piece of good advice the guy in the Register article gives: put everything IoT in your house on a different subnet. And disable uPNP. But I don’t know of any ordinary consumer who even knows what that means, let alone is able to do it without any assistance from the family or neigbourhood geek.

@ r

Your dignity is dead, long live your smug husk.

Sounds like an entirely reasonable move to me. Wasn’t there just a bill passed allowing any POTUS decision during the last 60 something days of his term to be reversed? It would be kinda daft for him to turn himself in and then have Trump or Congress reverse Manning’s pardon and send her back to jail.

vas pup January 19, 2017 3:53 PM

@Clive Robinson • January 19, 2017 9:17 AM.
Very good point! They should probably tested for safety by International Air Transport Association (IATA) for international flights and kind of FAA in each country only for domestic flights only.
Clive, do you remember when Russian ‘gassed’ to deep sleep terrorist and hostages in one of the Moscow Theaters several year ago. This ‘gas’ was initially designed for fighting terrorist attacks in air by pumping it into passengers area, but never implemented(because of kids, sick/old people, pregnant casualties on board.
I’d suggest for usage in close quarters development of air-powered hand gun with kind of darts as projectile loaded with high level of sedative/relaxant as first step of ‘pacification’ of unruly passenger (like putting into sleep tiger before tagging or treating him for illness in a wild).

Ratio January 19, 2017 4:25 PM

@Dirk Praet,

Wasn’t there just a bill passed allowing any POTUS decision during the last 60 something days of his term to be reversed?

Was there?

r January 19, 2017 5:37 PM

@Dirk,

I don’t know, if that’s true you’re absolutely right but considering the way Trump and Wikileaks are basically ‘the enemy of my enemy is my friend’ I don’t see that as a threat.

From what I thought I understood, was that those Potus decisions can be revoked anyways without a special rule because they’re not official as in congressional positions taken up.

What I expected to hear as a response was “it’s not a full pardon.”, and that’s not what happened.

r January 19, 2017 5:43 PM

@Dirk,

One thing I fully agree with Trump on is that the rule system is far far too complex, I don’t know if his whole “for every one we create we’ll remove two” wont cause problems on it’s own but it’s certainly a great idea to start inspecting and excising what’s actually on these books.

I think if he actually starts rifling through pages of on-the-books stuff he could get ALOT of people on board with his project in a very flattering way.

Wael January 19, 2017 8:46 PM

@ab praeceptis,

Just a sidenote (unrelated to biometric …).

Moving on…

Rather it runs a shell to do it (which, of course, for most happens to be bash)

Remember this!

Unfortunately, there is a pattern

That’s right!

Oh and: Why can’t we have a flash player in ssh?

Because ‘flash’ already has two thirds of SSL 😉

The other day you inquired about a term you don’t know. The word you were looking for is ‘slander’.

Thoth January 19, 2017 9:30 PM

@Clive Robinson, Nick P, ab praeceptis, Wael, Secure Virtual Machine Mode et. al.

Most kernels and execution stacks have too much of code to be called a lean TCB. In a scenario where there are use cases for Secure Execution, some sort of VM (for the more hard working ones) or either a commercially available hardened OS (i.e. stripped down Linux or OpenBSD stack for the lazy option) would be presented and the code would be loaded into the processor.

If I want to implement a Secure Execution VM on top of a kernel to accept lightweight jobs, would it be better to implement the usual whole stack of commonly used code (MOV, JMP …etc…) or would it be better if I were to only pick what I need and stick to high level languages ?

One example is procedural statement syntaxes or some high level languages with very limited features (just enough for the job) to keep the SEVM as light as possible and easier to verify with smaller TCB for the SEVM ?

Some ideas for instruction set based on high level languages and procedural statements I have in mind for the SEVM:

  • Usual 32-bit or 16-bit math operands: +, -, * ,/ , %, shifts and rotates, XOR, &, !, OR
  • Crypto: Hash, HMAC, Sign, Encrypt, Verify, Decrypt, Keywrap, Keyunwrapp, Key management stuff
  • REGEXP stuff
  • split, find, count, assignment of data to persistent or temporary memory, if-else flow, loop (for-each), lambda, dynamic linking to other procedural statement, compare

The Data Type would be simply bytes, booleans, short, int (if int support is available) and unix timestamp

A very simple sample would be:

boolean, int compareUserAccountNumber($inputAcct, $actualAcct, $errorCounter) {
if (compare($inputAcct, $actualAcct)) {
setReturn(true, 0);
setReturn($errorCounter, 1); — set error counter to 0 and indicates pos 1 for the int return
}
setReturn(false, 0);
setReturn($errorCounter += 1, 1) — found error and increment a stored errorCounter that maybe reused later on in another procedural statement
}

What are your thoughts ? Should a very limited scripting set of operands and commands be used or should something like a CPU microprocessor arrange be used ?

Ratio January 19, 2017 10:08 PM

@Thoth,

About the code sample: Return values are typed but arguments aren’t? Call by name or call by value? Why not have multiple return values (or a tuple type) instead of… well, that?

Wael January 19, 2017 10:09 PM

@Thoth,

What are your thoughts ?

There is more than one way to skin the cat. Whatever you do, make sure you don’t violate any security principle. I think I listed a dozen or so sometime in the past.

Try to look at LLVM and AIS: Architecture Indepdndent Instruction Sets. You can design your own instruction set (check with @”Nick, Mr. oh I love compilers so much P”. Some companies, that I can’t name, use this technique (which isn’t that new, by the way — and they certainly didn’t invent it, but to be safe, they’ll have to remain nameless.)

If I were to look at this problem, I would keep in mind that one of the challenges is: General purpose computing, and I would design (if I could) a set of special purpose computing ‘cells’ then… oh, wait a second! I infringed on @Clive Robinson’s ideas. I’d better let him finish this line of thought before he sticks me in a ziplock bag with some enzyme-laced detergent…

Wael January 19, 2017 10:13 PM

@Thoth,

Almost forgot!

if (compare($inputAcct, $actualAcct))

This line of code leaks too much information. I think I had a similar discussion with @Anura on this particular weakness. It’s vulnerable to a timing attack 😉

Wael January 19, 2017 10:16 PM

@Ratio,

About the code sample: Return values are typed but arguments aren’t?

Duh!!! Because @Thoth types return values and handwrites arguments!

Figureitout January 19, 2017 10:39 PM

Clive Robinson
–If I bookmarked everything I wanted, the bookmarks would get out of hand…I just try to remember key words for searching next time. The main value is reading the method of tracking down a bug for me. I get a lot of pleasure tracking down the craziest bugs (more so than writing “perfect” code). Not really interested in an RTOS or BIOS right now since unlike him I’m good w/ just a loop in main(), but I’m going to have to do it eventually. I’ve got so many projects this semester…it’s great but damn lol.

From my work I want to re-write my own RF application code, maybe tweaking the PHY and MAC layers. May get a chance to either port over to newer chips that have such awesome advances or get a fresh code base (which I want).

Thoth January 19, 2017 10:42 PM

@Ratio

Yea, that’s something I forget to add by typing the parameters.

Regarding the return value, all the CPU cares is binary and whatever it returns are essentially binary. Playing along that line, the sample only shows 2 return results but taking advantage of the fact that all returns are going to be in binary at the end of the day, I am thinking of setting up for as many returns as you like until the return buffer simply fills out and dumps an exception handling.

The target environment functions more like a request/response or client/server architecture. All the results are going to be loaded onto the outgoing buffer for response messages and if using multiple returns, it doesn’t know which return it should correspond to. Also, the return would allow multiple same type returns and setting an index on which of the multiple return value would be rather useful for higher accuracy without the VM guessing where the return is suppose to go.

One scenario is with this sample:

boolean, bytes, bytes encryptCredential (bytes $plainInput, bytes $keyAlias, byte $cipherMode) {
if(loadFromKeystore($keyAlias, $cipherMode) {
bytes $IV = secureRandom(16);
bytes $cipherText = encrypt($plainInput, $IV);
if ($cipherText != null) {
setReturn(false, 0);
setReturn($IV, 1);
setReturn($cipherText, 2);
}
}
setReturn(false, 0);
setReturn(null, 1);
setReturn(null, 2);
}

The return response would essentially be an array that looks like a single binary message output and sends out of the VM. If this were deployed over an MCU running I2C or even a HTTP webserver, you would have the convenience of a serialized bunch of data and the receiving end would most likely be able to de-serialize a binary string and then get the results as a binary string array and convert their types back since it’s not the VM’s job once the response is sent out.

@Wael

Maybe a few types of compare. One type for the usual object to object compare and another one for security procedures like PIN and password compare. Not everything requires side-channel protection since it would essentially be too slow to do side-channel mitigation for everything.

ab praeceptis January 19, 2017 10:46 PM

Thoth

I’m probably mistaken and not getting what you want but here are my thoughts based on what I understood:

  • a VM doesn’t offer you benefits unless you are about separation of environments or about some special OS bending (or checking) tricks.
  • OS/VM vs … I’d need to better understand what you want to offer some reasonable thoughts on that. As a kind of default I’d go with an OS that is as minimal as possible while offering what you need.
  • language. There are diverse views. I personally prefer the high level paradigm (oh, well probably what others would call the mid level one …). One major reason is that on an “assembler” level you don’t see algorithms but largely a stream of ops.
    So I’d suggest an imperative language but I would not build crypto or timestamps or suchlike into the language but rather into a runtime library.

Keep the holy rule in mind. Design and build tools that do one job and do it well (It’s a unix dogma but one that holds here, too).

Another tip: Think very well about data size, i.e. have a reasonable set of ints (8, 16, 32, 64) or a way to specify size. And/or ranges. I’ve seen language virtually die because they ignored that and, for instance, had only signed ints.

Avoid ambiguity like the pestilence! If in doubt have fewer features but be sure that what you offer means one and exactly one thing.

Also keep in mind that errors can be found easier when the code is readable. So no C syntax but Wirth like.

There would be much more to say (e.g. about pointers) but a) for that we should no more and more precisely what you desire and b) Why? What for? Be sure to not invest lots of work into reinventing the wheel.

Thoth January 19, 2017 10:57 PM

@ab praeceptis

If you still remembered, I proposed a SCROT scheme which I later renamed to SECROOT which is simply a more powerful smart card based keystore/TPM/root anchor thingy.

It is rather pointless to supply a cryptographic store and do some integrity checking and secure storage since things like TPM can already achieve all those except that my SECROOT idea includes symmetric encryption as well and arbitrary secret storage.

I wanted to add a very lightweight VM as @Clive Robinson suggested in the past regarding running a VM on a JavaCard VM. That’s going to be slow since essentially the JavaCard applet (SECROOT) would run on the JavaCard Java VM. So I would need something lightweight for this Lightweight VM in a VM. This is to allow loading of dynamic procedural statements into the smart card without needing to recompiling the card applet and in the process destroying all the keys and stuff and also be able to use the cryptographic capability.

The idea is to push closer to reality a sort of smartcard based dynamic Secure Execution besides just secure storage and crypto capabilities. The procedural statements can be encrypted and signed and left sitting on the hard disk and as needed, be sent into the smartcard for processing.

This would add capability of having a dynamic SEE in a smart card (besides a keystore and encryptor) and since it is removable, it is also portable and you do not need to trust the host CPU (which can be malicious). The portability of such scheme also opens the possibility of executing sensitive and dynamic codes while using possibly compromised platforms.

Wael January 19, 2017 11:02 PM

@Thoth,

I must have ESP or something! That latest link (timing attack) I sent you, also contains the principles I listed!

I think I listed a dozen or so sometime in the past.

Here is the post! Very spooky!

I recommend a methodical approach rather than ad hoc work.

Anura January 19, 2017 11:11 PM

@Thoth

Not everything requires side-channel protection since it would essentially be too slow to do side-channel mitigation for everything.

This is why we need to invent computers with unpredictable clock speed fluctuations.

Thoth January 19, 2017 11:16 PM

@Wael, Clive Robinson, ab praeceptis, Nick P et. al.

Yes, it would be strongly typed, bounded checks, fail safe, fail hard, methodological and all sorts. @ab praeceptis’s and @Nick P’s favourite (making it easier for verification) would also be considered.

It wouldn’t be feature rich but only have essential features enough for quick and lightweight procedural calls over the VM to decrease as much attack surface as well.

Once that is done, attach a commercial architecture I made for a scalable Secure Element farm and with that, all these would essentially be much closer to @Clive Robinson’s vision of running thousands of CPUs in parallel to execute calls.

That would put the situation at:
– Scalable and tamper resistant hardware via smart card chip farm (already exist)
– Execute with tightly controlled execution calls (planning)

What would be left out is the one final element to realize @Clive Robinson’s vision of multiple CPUs running in parallel and checking each other with some sort of MMU halting the CPU to checking the contents which would not be left to later dates.

Once all these are done, we would effectively be very close to @Clive Robinson’s vision for parallel multiple CPUs for security sensitive operations and for a bonus, they run off smart card chips and thus already are tamper resistant and security capable from the ground up.

Clive Robinson January 20, 2017 12:47 AM

@ Thoth,

would it be better to implement the usual whole stack of commonly used code (MOV, JMP …etc…) or would it be better if I were to only pick what I need and stick to high level languages ?

It depends on your assumptions about the capabilities of the developer and the attacker, and finding a usable range or sweet spot.

As an over generalized point the further up the computing stack a developer works the easier it is to stop their errors producing attack vectors.

Skilled attackers however will work as far down the computing stack as they can because that gives them the greatest control and access.

The trick is to pander to the developers failures whilst stopping the attacker reaching under to do their thing.

Or that was the way it was… I’ve mentioned inducing faults or behaviour changes by active EM attacks. To most such attacks are at best theoretical and thus ignored by all but a very select few. Then a large lump of the brown stuff hit the airconditioning and people are waking up not smelling the daisies, but the gut wrenching stench that goes by the name of RowHammer. Most are going through the grief process on this and “are in the denial phase”, but the lid is off the can as it were. If you think about what happened with BadBIOS through to ultra sound tagging and detection by malware marketers and how quickly it happened, you can get an idea of what might happen when such “reach down the stack attacks” become more practical.

Thus go as high level as you can to stop developers messing up, whilst implementing protections that check as far down the stack as you can.

It’s one of the reasons my model included the ability for a hypervisor to halt a prison CPU and inspect it’s memory for signs of illicit changes…

Ratio January 20, 2017 1:26 AM

@Thoth,

You could write your first example (returning a bool and an int) like this if you have a way of returning multiple values:

    if (compare($inputAcct, $actualAcct)) {
        return true, $errorCounter;
    }
    return false, $errorCounter += 1;

It’s not about the syntax, by the way. It’s the concept that matters.

The other issue was what the point was of the augmented assignment in the second return statement. (How are arguments passed?)

Thoth January 20, 2017 2:45 AM

@Ratio
Returned results are treated as an array buffer that would be returned where the second parameter in setReturn tells the VM which part of the return buffer to load which sub-result.

Imagine if you allow all the return data types to be the same, the VM needs to figure which slot in the return buffer array to load the data.

The ability to set return objects at multiple times of the procedural call is to allow setting of return buffer object at the best possible time so that the memory buffer holding certain objects can be freed early and reused.

ab praeceptis January 20, 2017 2:54 AM

Thoth at al.

If I may …

That whole idea of multiple return values is dangerous, inconsistent (with that kind of software), and anyway just – awfully expensive – sugar coating.

I strongly suggest to rather have well designed structure mechanisms (easy) and a well thought out solution how to approach the pointer question.

My suggestion: None at all (in the C sense) but implicit smart ones to allow callbacks, returning structures, etc.

Moreover, as you (Thoth) mentioned we are talking about not only a hopefully secure but also about a resource tight context (which speaks against sugar coating for gadgets).

More generally speaking, in language design there is probably more wisdom in deciding what not to have that what and how to have lots of features.

In case you feel like reading (almost) philosophical musings on the field I suggest P.B. Hansen, E. Dijkstra, (the later) Wirth, Hoare, and B. Meyer (of Eiffel). While one might not agree with everything I highly recommend having a good profound look at what they had/have to say.

Finally, if I had to point at a single worst reason we’re in the mess today then it’d be what I often call “us-american “thinking””, i.e. the (utterly unreflected, it seems to me) way they tend to add on and add on and add on yet more. Examples: ssl/tls, linux monolith, Pascal -> Delphi, etc.

ab praeceptis January 20, 2017 3:00 AM

Thoth

à propos “SetReturn”: Don’t.

I’ve seen many problems with that concept. Actually you yourself have an error in your example, namely an if without an else, where the code after if overwrites whatever was written within the if.

I strongly suggest to use the classical return(val) – it helps developers to understand and remember and to correctly code.

As for the control structures, actually I think that having an else pretty much everywhere is a good idea. Example: while … else … end while (with else taking care of the case that the while condition is never met).

Thoth January 20, 2017 3:20 AM

@ab praeceptis

Maybe it doesn’t even need return in the traditional sense.

What I am thinking is along the line of remote code execution (think of the web application and such). You send a POST or GET from a web form as a document and you get a bunch of response in the form of a document.

What can be done is to not have a return but to replace it with a end() call which breaks the procedural function call. The procedural call would always have a single output buffer which a setOutputBuffer() can be used to allocate the computation results into positions within the output buffer. When it reaches the end() statement, the procedural call would be wiped and the output buffer would be formatted to whatever output format (i.e. a HTML response) and sends out the response.

Since the execution engine does not have the typical init() or main() to begin with and is sort of headless and executes small procedural closures.

So essentially, the single output buffer would be considered as a single return of sorts.

Thoth January 20, 2017 3:29 AM

@ab praeceptis

Also, what I am trying to do is not have developers fiddle around with trying to find a way to format all the output results before loading it into the output buffer and returning the output buffer.

Imagine if the user have a bunch of results like a a byte array for some bank account number after computation and the user’s monetary balance as well, the user have to define their own format and then load them into the output buffer before written out of the CPU.

Giving the user a method like setReturn or setOutputBuffer would lessen their load and also the resource needed.

Statement like end() would give the user a way to control the end of the execution and break out of the procedure and send off the output buffer (only 1 output response per 1 request assumption).

Dirk Praet January 20, 2017 4:27 AM

@ Ratio

The Midnight Rules Relief Act is about regulations, not any POTUS decision. How is this relevant for Assange?

It passed by as a brief item on national TV over here a while ago. From what was said about it, it was not clear that it only applied to regulations, which is why I phrased it as a question in my initial reply to @r. It would seem that a presidential pardon (or commutation) in most cases is pretty much irreversible indeed. From an Assange perspective, the smart thing to do however remains to await the reaction of the new administration to Manning’s release in May, and which may hold some valuable clues as to what kind of treatment he can expect himself. That’s anyway what I would advise him.

Clive Robinson January 20, 2017 4:58 AM

@ Anura,

This is why we need to invent computers with unpredictable clock speed fluctuations.

We’ve tried this in the past and it usually creates more problems than it solves.

Take the instance of time based side channels, the most effective way to stop information leak is “to clock the inputs and clock the outputs and fail long and hard on error”. If you have a wide clock speed fluctuation in the processing system then you likewise have to have a wide acceptance all through the system from that point onwards. This creates transparancy in the following stages that alow a clock width / edge timing covert channel out of the system that can via spread spectrum techniques leak a lot of data.

The other problem as I pointed out to Ross J Anderson back in the last century is that “self timed logic” can be forced into synchronisation with an external EM source. That is it behaves like a loose-locked or injection-locked oscillator, gettibg “pulled” into synchronisation with the EM source.

Many Random Number Generators or other Random Generators suffer from this pulling into lock problem and it can be a compleat disaster for the security of a system.

Oddly perhaps this pulling/locking problem has been known about for three and a half centuries, thus long before we even had electrical systems. Back in 1666 the Dutch inventor of the pendulum clock Christiaan Huygens noticed that two pendulums mounted on the same rigid beam though starting differently would fall into sychronisation.

Thoth January 20, 2017 5:20 AM

@Gun

Lastpass deserved too much credit and publicity for the crappy security it provides. Now it shot itself in the foot with obfuscating with hex string the URL thinking nobody would figure since it’s a bunch of garbled stuff.

If it had some decency of hiding from the user that it is gathering data on it’s users, it should at least Base64 the hex string and of the URL and that would look more convincing. The reason why the author caught the URL is because it uses hex string and it stood out like a sore toe.

The article recommends Bitwarden. That’s like loading two buck shot rounds into a double barreled shotgun and discharging them all at once at one’s poor foot. No password manager held remotely is secure or privacy enhancing. They know your connections, who you are, the passwords and who knows what trick they are up to.

What is the best way to have a remote password manager ?

Get yourself a Dropbox account, get a MiniLock account which derives the private keys from your password and then encrypt (just like PGP but this time on a web browser plugin) the password file to yourself and store it in Dropbox or some web folder or email account.

Is this secure ? No. Still too many holes but it is better than any remote password manager hosted on someone else’s servers.

r January 20, 2017 5:22 AM

@ab,

Maybe other than a few European circles the concept of “boat-overloading” is pretty pervasive if you look at programming trends, maybe we should refer to it as ‘immature coding’ rather than ‘us-american’ ?

Czerno January 20, 2017 6:26 AM

@ r ; Re: protonirockerxow.onion/

“… I have concerns over the generation of these vanity names they require quite a bit of hardware/software to pull off and the name may have been purchased or subcontracted out to acquire. ”

Those 16-letter onion URLs are /just/ hashes of the hidden service key, base-64 (or base-some-number) encoded. There is nothing fishy nor any vulnerability induced by having a “vanity” onion name, generated by trial and error computation until reaching a suitable hash.

FYI next generation onions shall have stronger crypto and much longer URLs… since the existing hidden service protocol has been found to have definite weaknesses. Next gen onions is proposition #224 (if memory serves) on the Torproject’s todo list, and is reported to be well underway.

Clive Robinson January 20, 2017 9:04 AM

@ r, ab praeceptis,

… if you look at programming trends, maybe we should refer to it as ‘immature coding’ rather than ‘us-american’ ?

As far as I’m aware, neither of you have been around here long enough to have seen one of my explanations of why the majority of people writting software are not “engineers” but artisanal “code cutters”.

So a brief explanation about Stephenson’s “Ring of Iron” and Victorian birth of ebgineering.

Prior to the Victorian era one of the most complex pieces of design was the iron hooped spoked wagon wheel. It came about over several hundred years of artisanal craft passed down as trade secrets from master craftsman to journeyman craftsman in the form of a pattern. There was much tried and tested but no mathmatics behind it.

Then came steam power and boilers that would inexplicably expload and pump arms that would break. The solution was to keep an eye out for cracks etc, then “bolt a patch on”. The result was large ineligent, unwieldy, inefficient and above all fragile systems.

The increasing frequency of accidents gave rise to the English Parliment passing the first mechanical safety acts. The birth of engineering and a kick up the A55 for “gentlemen experimenters” who were the first experimental scientists. This gave rise to the notion of engineering institutions and the oath like that of a doctor to do no harm, and the ring of iron or steel to be worn as a mark of such circumspection, much like the masons masonic medal.

If you look at the software industry in the main there is no maths, no science and no engineering, just design patterns getting swapped and passed on (via cut-n-paste of the Internet) and the same artisanal “bolt on a patch” philosophy. Thus the result is large ineligent, unwieldy, inefficient and above all fragile software systems, who’s only saving grace is that the users can not see the full horror of the cludge upon cludge that lurks like a barely caged slavering beast behind the UI..

It’s long past time that software development became a proper proffession, but thr large US corporates don’t want that. Hence the current face in the dock of Oracal for questionable if not illegal employment ptactices, to join the likes of Google, Apple etc with their “no compeate” policirs to reduce the open market wage rises that would follow the “supply and demand” tenents of economics if it was not for their cartel like behaviour….

meitu January 20, 2017 9:22 AM

Megaviral Meitu “beauty” app’s data grab is anything but skin-deep
http://arstechnica.com/security/2017/01/meitu-anime-beauty-app-privacy-holes/

Meitu, an app which has been out for years on both iOS and Android in China, has shot to fame outside the country in the last few weeks, due to the “beauty” filters it can apply to people’s selfies. Among other functions, it can sharpen people’s jaws, put a sparkle in their eyes, and smooth out and lighten their skin.

The result? Meitu-filtered pictures are suddenly everywhere. The backlash, however, has been just as swift.

Almost as soon as infosec bods became aware of it, they found numerous serious privacy flaws and avenues for potential leaks of personal data. One eagle-eyed researcher found the Android version of the app asked users for dozens of intrusive permissions, and sends the data to multiple servers in China—including a user’s calendar, contacts, SMS messages, external storage, and IMEI number.

according to digital forensics expert Jonathan Zdziarski, the app secretly checks to see if a user’s iPhone is jailbroken—presumably to see if it can use that information to gather additional data…

Clive Robinson January 20, 2017 9:27 AM

@ r,

The slashdot thread says something about it may be related to a test that was performed while the satellites were still earthbound, hopefully it’s repairable or circumnavigable for them.

Each of the Galileo satellites has much much higher time keeping accuracy than the US GPS system and a Swiss company contracted by ESA supplies four atomic clocks for each satellite to the payload builder Surrey Satellite Technology Ltd (SSTL) in Guildford Surrey. When built and tested by SSTL they then get shipped to Europe to OHB Systems of Bremen to be integrated into the chasis (what you might call the airframe if it were an aircraft). When built this then gets put into what could be quite extended storage waiting for a launch platform either four at a time from ESA’s Guiana Space Cente on an Ariane 5 or two at a time from a Russian Soyuz out of Baikonur/ Kourou.

From some of the information available the very precise Hydrogen Mazers are suffering some kind of problem in the extended storage. Apparently the Swiss supplier is looking into what the very unexpected problems could be.

Current each satellite has one or more of each clock type functioning.

Ratio January 20, 2017 11:25 AM

@Thoth,

The ability to set return objects at multiple times of the procedural call is to allow setting of return buffer object at the best possible time so that the memory buffer holding certain objects can be freed early and reused.

Let’s assume that’s so (I’m not really seeing it).

What does calling your sample function look like? What goes to the left of the assignment operator? What is its type? How do you get at the (bool and int) parts of your result? Is there a getReturn?

... = compareUserAccountNumber($foo, $bar, $baz);

A tuple (struct, record, whatever) construct solves all these problems in a conceptually simple manner while being generally applicable. But it’s your bikeshed, so you get to paint it… 🙂

@Dick Praet,

From what was said about [the Midnight Rules Relief Act], it was not clear that it only applied to regulations, which is why I phrased it as a question in my initial reply to @r.

I had no idea what you could be referring to and with little to go on I figured I’d better just ask you. 😉

It would seem that a presidential pardon (or commutation) in most cases is pretty much irreversible indeed. From an Assange perspective, the smart thing to do however remains to await the reaction of the new administration to Manning’s release in May, and which may hold some valuable clues as to what kind of treatment he can expect himself.

Wouldn’t Assange have thought about all of this before making his offer? Which part of this makes it an unforseen scenario? Besides Manning getting out, I mean. And if that is what caught Assange off guard, then he was just grandstanding, wouldn’t you agree?

Nick P January 20, 2017 11:26 AM

@ All
(with interest on programming, correctness, and security)

I was trying to find a good introduction of refinement for a person who uses TLA+ with minimal background in math & logic. Most intros suck. Anyway, I found a whole book on refinement calculus whose first chapter is a must read for programmers really trying to understand things on a deeper level. It reduces all specs, language statements, interactions, architecture, etc to a few concepts centered on contracts between agents with angelic or demonic behavior. Its concepts and simple examples were mind-opening despite me not understanding the formalisms.

Refinement Calculus

Dirk Praet January 20, 2017 12:48 PM

@ Ratio

Wouldn’t Assange have thought about all of this before making his offer?

Probably not. I suspect his legal team had to point it out to him.

And if that is what caught Assange off guard, then he was just grandstanding, wouldn’t you agree?

Grandstanding is his middle name. To me he has always come across as a narcissistic git. Then again, there’s no telling how being holed up in an embassy in London for a couple of years would affect my psychology and behaviour. Probably not for the better.

Ratio January 20, 2017 1:38 PM

@Dirk Praet,

I suspect his legal team had to point it out to him.

That’s recklessness…

Grandstanding is his middle name. To me he has always come across as a narcissistic git.

… and vanity. Such a lovely combination.

Or maybe he miscalculated? Or maybe never meant a word of what he said? In any case, he shot himself in the foot bigly.

snur-pele January 20, 2017 2:32 PM

@MikeA
Actually, the cellphones do not transfer DTMF over the voice channel. They fake it. The DTMF information is sent as control signals over the control channel. On the receiving end the control signals are translated to DTMF that are generated locally. The “DTMF tones” you hear when pressing buttons are generated in the speaker part of your cellphone, solely as a user feedback.
I had this very conversation with the company cell phone expert, but from the other side, some years back when I wanted to send a tone through the voice channel to test the audio output amplifier. The only simple way to test the audio amp was to use the DTMF generator in the chipset, though you do not easily measure the amp bw or distortion that way;)
I think you still need to look into the in-band modem stuff. I like your idea though. Maybe there is someone more knowledgeable than me out there, who can be of assistance?

Curious January 21, 2017 12:34 AM

Off topic:

What is it with the damn pop ups on all kinds of web pages these days? I don’t remember seeing them with this frequency. I never click on “you won, claim your price” ads, and I 100% don’t want to click even the “close window” button for pop ups, and sometimes pressing the Esc key won’t help.

Markus Ottela January 21, 2017 11:28 AM

@Dirk Praet

Unles @Markus Otella objects, I concur. And both should do whatever is necessary to make sure those names are sufficiently protected against future patent trolls.

I don’t mind associating similar tools with TFC. But I think an opportunity to play with words is being missed here when FTP uses two letters of TFC, and even TFTP exists.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.