Friday Squid Blogging: Squid Catches Down in Argentina

News from the South Atlantic:

While the outlook is good at present, it is too early to predict what the final balance of this season will be. The sector is totally aware that the 2016 harvest started well, but then it registered a strong decline.

Last year only 60,315 tonnes of Illex squid were landed, well below the 126,670 tonnes landed in 2015 and the 168,729 tonnes recorded in 2014.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on March 17, 2017 at 4:27 PM • 176 Comments

Comments

Ben A.March 17, 2017 4:33 PM


Wiretapping End-to-End Encrypted VoIP Calls: Real-World Attacks on ZRTP

https://www.ibr.cs.tu-bs.de/papers/schuermann-popets2017.pdf

Other papers:

https://petsymposium.org/2017/paperlist.php

HN Thread:

https://news.ycombinator.com/item?id=13895614

They note, correctly, that Signal is no longer using ZRTP in favour of their own protocol.

"The new Signal voice and video beta functionality eliminates the need for ZRTP. The "signaling" messages used to set up the voice/video beta calls (offer/answer SDPs, ICE candidates, etc) are transmitted over the normal Signal Protocol messaging channel, which binds the security of the call to that existing secure channel. It is no longer necessary to verify an additional SAS, which simplifies the calling experience."

https://whispersystems.org/blog/signal-video-calls/
https://whispersystems.org/blog/signal-video-calls-beta/


Advanced Web Scraping: Bypassing "403 Forbidden," captchas, and more

http://sangaline.com/post/advanced-web-scraping-tutorial/


How Classical Cryptography Will Survive Quantum Computers

http://nautil.us/blog/how-classical-cryptography-will-survive-quantum-computers


Extracting All Your Secrets: Vulnerabilities in Android Password Managers

https://team-sik.org/trent_portfolio/password-manager-apps/


US-CERT Warns HTTPS Inspection May Degrade TLS Security

http://threatpost.com/us-cert-warns-https-inspection-may-degrade-tls-security/124375/


Dormant Linux kernel vulnerability finally slayed

A race condition in the n_hdlc driver that leads to double-freeing of kernel memory (CVE-2017-2636) has been fixed after eight years.

http://www.theregister.co.uk/2017/03/16/linux_kernel_vuln/


US will 'not repeat' claims GCHQ wiretapped Donald Trump

GCHQ rejected allegations made by White House press secretary Sean Spicer, that it spied on Mr Trump, as "nonsense".

http://www.bbc.co.uk/news/uk-39300191


Google Chrome Stable Channel Update for Desktop

The stable channel has been updated to 57.0.2987.110 for Windows, Mac, and Linux.

https://chromereleases.googleblog.com/2017/03/stable-channel-update-for-desktop_16.html


Forensics Jonathan Zdziarski joins the Apple Security Engineering and Architecture team

https://www.zdziarski.com/blog/?p=7016


Patch Tuesday Return; Microsoft quiet on postponement

https://threatpost.com/patch-tuesday-returns-microsoft-quiet-on-postponement/124309/

CR FanMarch 17, 2017 5:14 PM

' Squid catches down in Antarctica.'

Why does a Squid want to catch down? And how did the down get there - did it escape a scientists sleeping bag?

on more serious note, re: the gmail phishing. Ublock Origin ad-on will almost certainly block an attack of this nature. Ublock Matrix also useful - although it breaks sites so regularly, and can be tricky to operate granualarly, people seem to just turn it off site by site whenever something doesn't display. Unfort.

the underlying reality is that anyone security minded is cautious *anyone* sending a link or an attachment. End of story. Those two things being the most common and effective phishing methods. So, in many respects nothing new here


MrOutcomesMarch 17, 2017 5:32 PM

A naive question from a total non-expert: if a sophisticated hack team can break into someone's network and extract data from it, is there any reason they cannot lay a false trail pointing to another hack team from another country?

Who?March 17, 2017 5:55 PM

Restricting Intel firmware (BIOS, UEFI, AMT, ...) to a management network

Just a crazy idea has been bugging me for months, so I would like sharing it with you to know your opinion —would it make sense adding a second NIC to desktop computers and use this card, instead of the integrated one, to connect to external networks? May it be a way to block firmware "management features" like AMT, some dangerous BIOS features (remote firmware upgrade) and PXE from reaching other networks?

If it works, may the integrated NIC be used to build a management network, isolated from the public networks, to run, let us say, PXE?

MrCMarch 17, 2017 6:02 PM

@ Who?
I too have wondered if simply using a PCI ethernet card would bypass the nasty Intel ME. Anyone have a definitive answer?

My InfoMarch 17, 2017 6:34 PM

http://www.bbc.com/news/world-us-canada-39297439

There are "no indications" that Trump Tower was under surveillance by the US government before or after the election, a Senate committee has said.

Wow! What a preposterous lie! A bunch of r-r-riiich folk NOT under surveillance by the Mob! You've got to be kidding me. Nothing but a bunch of good old boys in the Senate, creeping and spying on Kellyanne Conway's legs out of hidden cameras in the hotel.

What else are they up to?

Clive RobinsonMarch 17, 2017 6:42 PM

@ MrOutcomes,

... is there any reason they cannot lay a false trail pointing to another hack team from another country?

None what so ever...

All you have to do is what any impersonater or forger needs to know, which is enough of the targets characteristics to look as though you are them.

As the AV and intrusion companies make a big noise and report lots of characteristics and the code used often becomes available...

It's also why atribution on such observed characteristics is not a safe tging to do. And in effect madness if you decide to kinetic respond which the US once talked about.

Who?March 17, 2017 7:49 PM

@ Sancho_P

I am sure most people on this forum knows the efforts to neutralize the Intel ME firmware. This one is not the question I am asking. I am interested in a less intrusive approach that works on a wider set of machines and covers not only the management engine but also other features that may be exploitable like PXE or remote BIOS upgrade without permanently disabling them. PXE may be a useful feature on upgrades and AMT may be useful for management, but I do not want management features like these ones available outside an isolated management network.

I am just asking for experts opinion about https://software.intel.com/en-us/articles/intel-vpro-technology-faq:

System Design and Manufacturing Questions of Intel® vPro™ Technology


Q1: Are multiple Network Interface Cards (NICs) supported on Intel® vPro™ technology PCs?
A1: Multiple wired NICs are not supported by Intel® vPro™ technology. Intel® Active Management Technology communicates only through the onboard network interface of Intel vPro technology. However, certain wireless NICs are supported in notebook platforms and with these wireless NICs, many of the Intel vPro technology capabilities are available. See the matrix below for features available over wireless in Intel vPro technology notebooks.

My InfoMarch 17, 2017 7:54 PM

@Sancho_P

Just following your link... https://libreboot.org/faq/#intelme

Introduced in June 2006 in Intel's 965 Express Chipset Family of (Graphics and) Memory Controller Hubs, or (G)MCHs, and the ICH8 I/O Controller Family, the Intel Management Engine (ME) is a separate computing environment physically located in the (G)MCH chip. ...

... Like the AMT application, these DRM applications, which in themselves are defective by design, demonstrate the omnipotent capabilities of the ME: this hardware and its proprietary firmware can access and control everything that is in RAM and even everything that is shown on the screen.
...
The Intel Management Engine with its proprietary firmware has complete access to and control over the PC: it can power on or shut down the PC, read all open files, examine all running applications, track all keys pressed and mouse movements, and even capture or display images on the screen. And it has a network interface that is demonstrably insecure, which can allow an attacker on the network to inject rootkits that completely compromise the PC and can report to the attacker all activities performed on the PC. It is a threat to freedom, security, and privacy that can't be ignored.
...
Due to the signature verification, developing free replacement firmware for the ME is basically impossible. ...

In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely. Since recent versions of it can't be removed, this means avoiding all recent generations of Intel hardware.

¡Te quiero!

There is an old word in Swedish that perfectly describes this: PÖVELEN, "the Mob," i.e., "the drunken, unruly crowd of common folk." The word is a corruption of the French peuple (m), "people," and rendered in more modern Swedish as PÖBELN.

Take it to the bank, folks.

Down with INTC. That's another word in Swedish: HÖGFÖRRÄDERI.

ThothMarch 17, 2017 8:08 PM

@Who?, MrC

Maybe the post on Intel's SGX insecurity have not made the issue clear enough and probably the salivas that myself and @Clive Robinson have spent is not enough, just stop using a single Intel for your sensitive word. Split things up.

The first direction to look at is Ledger Blue and Nano S device as a high assurance secure encryptor which is physically separate and tethered via USB. They have Github source codes as well and trying hard to make their hardware open source.

Link: https://www.ledgerwallet.com

My InfoMarch 17, 2017 9:41 PM

@Lazy Larry

Police got search warrant for everyone who Googled Edina resident's name http://www.startribune.com/search-warrant-issued-to-edina-police-raises-privacy-concerns-of-internet-users/416442113/

What a sick joke this all is. Just put her name in the newspaper to protect her privacy.

I think they did that to me when I Googled some gal who had gone into WitSec or something like that, and then there was another gal who worked as a court reporter and was in some kind of address confidentiality program from the state, and her address showed up, too, only partially concealed and the details could still be worked out....

These days there is no witness but open witness, and no testimony but open testimony in any U.S. court, as far as confidentiality from the Mob is concerned. Meanwhile the general public is barred from most courthouses, which have been reserved for criminal defendants, drunken frat-boy attorneys, and judges with greasy palms.

Nick PMarch 17, 2017 10:22 PM

@ especially Clive Robinson, Wael, and Thoth

Accidentally stumbled on a great survey of high-assurance, separation kernels published in 2017. Given all the discussion on them in the past, you might enjoy reading or skimming the paper since it does the following:

1. Describe the goals and main techniques of the method. Also attempts a taxonomy. That includes differentiating between microkernels, partitioning kernels, and separation kernels.

2. Lists many kernels with specific details on how they were verified. I didn't know about the one done in Event-B.

3. Goes into various categories or goals of verification listing which separation kernels went with them.

4. A bunch of tables doing comparisons between them along all these lines that I kind of skimmed. Where they stopped at and what properties were good information.

So, collectively a nice paper. To me maybe an ending to my prior foray into separation kernels. They're still a good, interim solution for damage limitation. The paper barely touched on the concept of securing information flows between partitions which is a whole security field in its own right. The future will be wise combinations of hardware, OS's, software, and compilers with various enhancements and verification methods. Hybrids. Meanwhile, enjoy the look back. :)

Although I haven't been reading much, user carapace on Hacker News posted in a thread about how he/she got their mind blown & new perspective about how software could be engineered. Said it was a James Martin book that detailed Margaret Hamilton et al's methods. At $6, I had to get it for historical reading and tribute if nothing else but hopefully to understand the method better. It had plenty filler and repetition. However, the sections on requirements, specification, the Hamilton methods (HOS), and their basis were great. I wish the prior paper similarly just said it was binary trees of abstract functions w/ three, verified primitives operating on nodes top-down then right-to-left. Also that other control primitives could be composed from those three correct-by-construction. That would explain its automation power and tough usability instantly. The author had a lot of hits for a mid-1980's book on how to do certain things right and what we should be doing for verifiable, maintainable software.

ThothMarch 18, 2017 12:53 AM

@Nick P

Sadly, we are still light years away from an realistic security enhanced separation microkernel and the likes. We are still stuck on monolithic kernels with OpenBSD having the highest security standards and I am not seeing how this will change anytime soon despite so many warnings in the failings of monolithic kernels since aeons ago.

The Linux flag waving parties and fanboism from FSF and the likes and one good example is TAILS. Why not do TAILS on OpenBSD at the very least or maybe on a Qubes via it's Whonix setup ?

The sad answer is most part of the community doesn't care.

Signal and TOR fanbois, continue to propagate more crapcurity. Linux fanbois, continue to spread crapcurity of Linux being inherently secure.

More crapcurity in a minute basis forever :) .

Best to focus on solutions that can be used to fill your stomach and get your income first before trying hard to reverse the ill effects that we have brough upon ourselves as a whole.

Clive RobinsonMarch 18, 2017 1:11 AM

@ Nick P,

You forgot to mention that the survey paper is more like a chapter of a quite advanced text book... At 35 densely typed pages long it's about 750words to a page it's knocking on the thirty thousand word door. Adimitedly seven of those pages are refrences and there's a few information dense tables and diagrams to knock it back a thousand words or so. But it's still going to be a "put a day asside" to read it (experience suggests it was probably a two man-month effort to just write / revise / check at the refrence density).

So don't be expecting indepth comments this weekend ;-) especially as I've a hundred page Rand Report on zero days to read :-(

You forgot to mention if the book technical content was worth the 6USD or original publish price, I'm guessing that at over thirty years since publication you got it second or third hand?

As with all "methods" I'd be as interested to read about it's failures as I would it's successes, as they kind of tell you more.

Clive RobinsonMarch 18, 2017 1:54 AM

@ My Info,

From your quote is this snippit,

There are "no indications" that Trump Tower was under surveillance

Did you notice the "faux news" element where the subject had been shifted from "Trump was under surveillance" in general to jusg the tower block his office was in...

As I've already noted, the chances were very very high that Donald Trump's phone calls were picked up and recorded by both the US and UK SigInt agencies. For three reasons.

The first one is "he made calls out of the US" and those either went through or were terminated in the UK.

Secondly Trump owns large tracts of land in Scotland and it has proved quite controversial and there is "blood in the water" there.

Thirdly he had close relationships with the then Scotish First Minister Alex Salmond [1] which would have automatically made him a person of interest in the UK especially to the Conservative Party in Westminster who hate the Scots, and the Scots hate them in return as you might have noticed in the news about Brexit (if you've been following UK news).

But I suspect Trump made himself quite a target in the US to amongst others the Secret Service when he was on his hunt for Obama's birth certificate etc. Thus in all probability he had been under surveillance as a person of interest back then if not earlier due to hos political and business interests.

As for Obama asking GCHQ that is a bit of a nonsense. However due to the UKUSA "special relationship" as a person of political interest GCHQ info on Trump would have been seen by the UK Cabinet Office and in all probability was sent back or made available to one or more US IC agencies. UK Prime Minister David Cameron and US Pres Obama supprisingly did have a close relationship. And Donald Trump would almost certainly have come up in conversation as he was an obvious thorn in both their sides. Therefor it is quite likely information was shared in that Cameron asked for info to be passed over to Obama. Thus to some toward the bottom of the heap it might well have looked like Obama asked GCHQ, even though he could not have.

But whatever the actual details I would be much more surprised if Trump was not under surveillance by both US and UK SigInt agences than if he were...

[1] http://www.bbc.co.uk/news/uk-scotland-scotland-politics-38397644

Clive RobinsonMarch 18, 2017 2:31 AM

A couple of BBC reports worth reading,

http://www.bbc.co.uk/news/world-us-canada-39312176

http://www.bbc.co.uk/news/world-asia-39269783

The first is from the senior NSA civilian on trump, make note on his IoT stance, but read between the lines.

The second is about if the North Korean leader is rational or not. Note the Russian in South Korea academic's comments, his thoughts are about what I would assume is fairly close to the truth.

The only bit he does not mention that is important is the killing of the half brother. I still suspect there is a lot more behind that than is apparent currentky about the relationship between North Korea and China. The half brother was definitely in fear of his life and had been for a long time, and had sought and been given protection by the Chinese government. Whilst it would be rational to kill of a compeating blood line, it's not rational to anger your neighbour who's good will you are dependent on.

As expected China retaliated by cutting of coal imports from North Korea. But again there is a bit more behind it than first appears. China has been cutting back a lot on using coal as an energy sorce recently[1] and thus actually does not need NK coal... Which should give people pause to think about China's behaviour in the South China seas.

[1] This cut back on coal usage, along with a similar one in the US is why the world "green house" emmisons have balanced out against the increase in developing nations.

Who?March 18, 2017 5:31 AM

@ Thoth

Sorry, I do not understand how a cryptocurrency wallet is the answer to my question. How does it makes these "management features" not reachable over the Internet?

I am not using Windows, nor Linux, nor OS X, iOS, Android, DOS... only OpenBSD (usually -current), will the wallet work with all operating systems?

We can buy only two microarchitectures and risk to brick these computers while neutralizing one of their management features (AMT) or we can buy anything the market sells and try to isolate all these features (AMT, PXE, remote firmware upgrade, WoL) on its own physical network so they do not reach (and cannot be reached from) the Internet. I certainly prefer the latter.

The third choice (accepting the world is unfixable and drop all technology) is out of question to me. I try to be as positive as I can.

ThothMarch 18, 2017 6:24 AM

@Who?

If you ask this question, that means you have never tried to open it's Github page for a look and it's features.

It has an SDK for you to write your own applets and install them on your own. It uses a ST31 smart card chip embedded for security and STM32 for generic interactions.

Dig up their information, read more and visit their Slack page (https://ledger-dev.slack.com) and ask questions on how to write custom applets first.

Use the search bar on Schneier's website to find all the post me, @Clive Robinson, @Nick P, @Figureitout et. al. wrote on different solutions via a separate device to provide a physically separate secure enclave.

WinterMarch 18, 2017 6:26 AM

@Clive
"Did you notice the "faux news" element where the subject had been shifted from "Trump was under surveillance" in general to jusg the tower block his office was in..."

The accusations made by Trump are:


Terrible! Just found out that Obama had my "wires tapped" in Trump Tower just before the victory. Nothing found. This is McCarthyism!
— Donald J. Trump (@realDonaldTrump) March 4, 2017

Is it legal for a sitting President to be "wire tapping" a race for president prior to an election? Turned down by court earlier. A NEW LOW!
— Donald J. Trump (@realDonaldTrump) March 4, 2017

How low has President Obama gone to tapp my phones during the very sacred election process. This is Nixon/Watergate. Bad (or sick) guy!
— Donald J. Trump (@realDonaldTrump) March 4, 2017

So, the accusation is that President Obama ordered the wire tapping of Donald Trump in the Trump Tower.

The accusations are directly waged against Barack Obama. There is absolutely no evidence at all that President Obama ordered this wire tapping and that any ordered tapping of Trump's wires took place.

If he was observed, spied upon, or his wires were tapped because of other reasons, that is of no relevance to his accusations. What he has to prove is that Obama ordered wire tapping and that this was actually done according to this order. It would also help if he could give any evidence that Obama even got informed about any of his communications.

Personally, I think he is just throwing a fit because his predecessor is more liked than he is.

ThothMarch 18, 2017 6:39 AM

@lazy people et. al.

For those people of the above category, my method (more relaxed than @Clive Robinson) to have a physically separate Secure Enclave that is portable and commercially available at this moment in time without much restrictions to obtain would be to use smart card chips as SEE environments with a secure screen and input attached to the smart card chip.

One product that is commercially available to everyone and has a bunch of Github repos with attempts to open source their hardware and software and listens to the community are the Ledger people with their Ledger Nano S and Ledger Blue product.

Essentially you do not run your sensitive applications on your laptop or desktop. Assume that it is compromised. These laptops and desktops are useful as network gateways. You run a network enabled client software on the laptops and desktops and these data would be downloaded and sent to the Ledger devices to decrypt. You do not enter the PIN codes into the compromised laptop or desktop but instead the Ledger devices provide buttons and touchscreens for secure input.

The best option would be the Ledger Blue device since it features a pretty big touchscreen. This would allow you to run graphics applications on it. Imagine the laptop or desktop act as the Internet gateway to fetch your Instant Messaging messages and then pipe them to the Ledger Blue to decrypt and display on the Ledger Blue's touchscreen. When you want to send a message, you compose a message via Ledger Blue's touchscreen and send it off. The bad thing is you don't have access to your usual documents and pictures on your laptop and desktop so you are pretty much stuck to text based messaging which is a very secure option anyway.

Who?March 18, 2017 6:46 AM

@ Thoth

Thanks for the tip. I will look for more information now.

Following your advice from last summer about using SmartCard technology for authentication was the best improvement on security I have seen since I moved from Solaris to OpenBSD fifteen years ago. Will look at the github repository and look for your posts on this blog, perhaps these small devices will be my next step on security.

Thanks!

ThothMarch 18, 2017 6:59 AM

@Who?, Clive Robinson

I have decided to allied myself with a security hardware designer that uses smart card chip technology (not just the Ledger guys) and help them with ideas and use cases and at the same time a business opportunity for myself to expand and explore beyond my local environments.

I have decided to enter into business myself and left my job of a HSM Engineer but it's still in the same sector of secure hardwares and Secure Execution Environments.

If "all the stars align" correctly, a commercial hardware based Secure Enclave for laptops and desktops should hopefully be commercially available. Yes, it is commercial but I may have the intention to release a possible open source variant under BSD 3 Clause for community use as well without the commercial blobs.

WinterMarch 18, 2017 8:22 AM

@Thoth
"I have decided to enter into business myself "

I really hope you succeed, and succeed well. I am growing tired of reading that there is no computer security possible.

We can predict at least two things if you succeed:

1) You will be accused of helping terrorists/pedophiles/criminals

2) Your devices will be intercepred in transit

WinterMarch 18, 2017 9:11 AM

@J4G
"a nice data visualization - "what is seen and what is unseen""

From the link:


The dropoff from #1 to #100 is significant. Google.com has 28 billion visits, but a website like Citi.com (ranked #98) only has 53 million visits a month. That’s a 500x difference!

That is not surprising at all. Actually, this is the same phenomenon that makes that the hundred most frequent words make up a lot of the content of a text.

Such phenomena tend to follow Zipf's law which falls off quite steep.
https://en.m.wikipedia.org/wiki/Zipf's_law

SES -4March 18, 2017 9:25 AM

Good catch by Clive: panty-sniffing creep Richard Ledgett peeps out of his voyeur's hideout to lie like a rug about blanket NSA surveillance.

"Each side, he said, was prohibited from asking the other partner to carry out acts that they were prohibited from doing."

The way to interpret this is to recall that the NSA stuffed the PCLOB with third-rate asskissers who would ignore any awkward provisions of US supreme law and put them through the professional equivalent of forced wanking at Abu Ghraib. Having seen 2 six-word power point slides on that disgrace, Ledgett brought to bear the keen legal reasoning skills he got from his fake army-grunt degree from The Close Cover Before Striking School of Laws and Stuff, and deduced that the bought and blackmailed pedophiles of HMG would never do it unless it's OK.

Remember, NSA is the military. They don't pick them for their brains. If Ledgett weren't a gullible dipshit he would have washed out long ago.

http://www.svt.se/ug/read-the-snowden-documents-from-the-nsa

"In 2004 – several years before the Swedish Riksdag finally passed the so-called FRA Law by the smallest possible margin, giving the FRA authorisation to listen to fibre-optic cables – the American NSA, the British GCHQ and the Swedish FRA signed an agreement allowing the NSA to collaborate directly with the FRA"

ThothMarch 18, 2017 10:12 AM

@Who?, Winter, JG4

Thus releasing an open source community version that can be used on regular smart cards without any special setup is the focus of most of my Secure Execution Environment.

It should be capable of running off most decent smart cards without too much problems. It's just the speed that might be a problem as usual.

Clive RobinsonMarch 18, 2017 11:47 AM

@ Who?,

Sorry, I do not understand how a cryptocurrency wallet is the answer to my question.

As you dig down or peel away security you find that ultimately components individually are not nor can they be secure. That is it is how we put components together to make "Systems" where one of the design criteria is "Security" just as it is to meet "EMC Regulations" and other "Standards" especially those we use to link larger aggrigates of components into systems.

Part of that process is to design a secure nexus from which you can extend security outwards in various ways.

Things such as cryptocurancy wallets are designed to be more general purpose than their name suggests, thus they can be repurposed for other security functions such as password wallets or even encryptors.

Part of security that has been long established is "segregation" of the secret "plaintext" and the transmissible cryptotext. As a rough rule of thumb the better the segregation the better the security. When it comes to encryption there are infact three parts the plaintext, the keytext and the ciphertext. when used as an encryptor you can have your keytext quite well segregated from the computer that only sees plaintext or cryptotext not the keytext.

We can buy only two microarchitectures and risk to brick these computers while neutralizing one of their management features (AMT)

Hmm do you mean Intel + AMD or x86 + ARM?

Neither is actually true there are quite a few other architectutes. For instance the PIC32 from Microchip, as a single chip is more capable than the MicroVax or later PDP11's. They cost about 1USD and can run an earlier BSD on the Microchip development board. The also make available a whole array of prebuilt interfaces that plug in, so designing a four user *nix board little bigger than a couple of credit cards is well within a the capabilities of many "Maker" or "Home" constructors.

The downside is of course "CLI" usage on a terminal, but that is not exactly the handicap some people try to make it out to be.

or we can buy anything the market sells and try to isolate all these features (AMT, PXE, remote firmware upgrade, WoL) on its own physical network so they do not reach (and cannot be reached from) the Internet. I certainly prefer the latter.

I would and have --endlessly along with Thoth and others-- recomended that "segregation by air-gap" be used. However about a decade ago I pointed out that you needed to consider how energy might leak information. Since then it's become clear that air alone does not surfice and you need to consider "energy-gapping" and correctly issolating your security end point (think SCIF). Likewise how you necesseraly communicate across the "gap" where "printer and scanner" are probably the easiest way for most people to "police the channel" otherwise if you go electronic you have to instrument the channel and that is far from easy.

Clive RobinsonMarch 18, 2017 12:03 PM

@ Winter,

ve not been keeping up with who said what after the original accusation. That was not made by Trump or his team, and the sbippet that was was put out on the BBC news was a general accusation not one of a specific place or start time that I remember.

I think we can both agree that neither the NSA or GCHQ have much of a reputation for openness or even honesty about all their operations. And in the case of the NSA seniors have lied under oath or changed the meaning of words to suit the set of their sails. We also know that there have been leakers after Ed Snowden, and also from the rumors about the NSA cracking RSA1024 that the actual truth is kept a very closely confined piece of knowledge (ie they probably had cracked Diffe-Hellman not RSA but that gave them the RSA keys).

Nick PMarch 18, 2017 12:09 PM

@ Thoth

"Sadly, we are still light years away from an realistic security enhanced separation microkernel and the likes."

They're deployed in production in a lot of systems. Mostly embedded. We definitely aren't. There's also FOSS projects such as Genode, Qubes, Muen, and Redox with enough features & traction to show it's doable there. More a problem of lack of interested developers or need a CompSci team maintaining it on the side of their paid research. The last is the niche that groups such as Sirrix serve with their virtualized desktops. A good sales team with enterprise connections hanging out at places such as RSA conference could probably generate some sales for a commercial product or even enhancement of FOSS ones above.

So, definitely potential here. It's not going to be a $1+ billion a year company. It can succeed as a commercial product or FOSS project, though. It's why I want people to keep it in mind.

"The Linux flag waving parties and fanboism from FSF and the likes and one good example is TAILS. Why not do TAILS on OpenBSD at the very least or maybe on a Qubes via it's Whonix setup ?"

Exactly. I thought of putting it on OpenBSD myself with a safe configuration plus a random set of Tor nodes that are *estimated* at low risk. That plus automatic updates available from a locked-down, OpenBSD box at the project itself. This would knock out much misconfiguration & 0-day risk that the majority of attackers will be hoping for. The protocol-level stuff can't be helped much but it at least gets more peer review & fixes than about any other.

"Best to focus on solutions that can be used to fill your stomach and get your income first before trying hard to reverse the ill effects that we have brough upon ourselves as a whole."

Hence my recommendation of doing startup businesses that bake just enough security in to be profitable before gradually doing better with the cash flow. Of course, this requires a different set of skills on top of the INFOSEC knowledge: business skills. :)

@ Clive Robinson

"You forgot to mention that the survey paper is more like a chapter of a quite advanced text book..."

It is. I read it all on my lunch break, though. I figured rest of you could handle it easily. Only thing I did to save time was skim over the tables whose key data was mostly in the text already. Then I selectively looked at specific ones to confirm or reject what I thought I knew about them.

Now, that will give some good information. It will still take a week or so of spending some time here and there thinking on it, looking up an interesting reference, skimming/reading that, and so on. It does pack a ton of info in there. That's how survey papers work, though. It's also why the word survey is one of my favorite search terms when I'm trying to discover new information on a sub-topic in IT or INFOSEC. :)

"especially as I've a hundred page Rand Report on zero days to read"

Not to knock it but is there really anything new to learn on that topic? I mostly stopped reading reports about bugs or 0-days since the patterns on where they show up, how to counter them, and what gets hit in companies are pretty much same as 10 years ago. A lot of that far as software lifecycle is same as Fagan, Mills, and Hamilton wrote about years ago. Hell, the advice in the book I just read on requirements, specification, and *sort of* on coding is mostly accurate today since the problems the solution counters are fundamental & timeless. All solutions have to counter or survive them.

So, I'm just curious what about the report caught your eye. That is a lot of pages to be reading about bugs. ;)

"You forgot to mention if the book technical content was worth the 6USD or original publish price, I'm guessing that at over thirty years since publication you got it second or third hand?"

It was. Remember that I'm mostly buying it for a look back at history and of the methods for the woman whose team independently invented software engineering. I was curious to see what she came up with later hopefully in a way I'd understand this time. Also thought I could loan it out or donate it to a library to maybe inspire the kids wondering if actual "engineering" of software really exists. The title is provocative enough for somebody to peruse it. ;) Book was crystal-clear on her methods. I read it in just a few hours since I could skip a nice chunk on Databases, Modeling, and Implementation 101 (basically). I think it was common tangent in 1980's computer books. I did note the HOS method modeled all of it easily, could automate some of it, and integrated it into rest of application w/ safe interfacing. Maybe why he felt it important. The rest was a quick read with a decent, writing style [on good parts...] with lots of helpful examples. Bad parts were plenty of filler, repetition, and evangelism. My brain just went (skip, skip) once I got used to spotting when he was doing it. Probably spared me 50+ pages worth of content lol.

The best parts of the book aren't even the methodology. They are the parts that justify why you'd want one to begin with. Author does the usual examples of failures with their causes. Then, the author talks about common problems that lead to failures in requirements and specifications with many corporate and government examples. They're still true. The author talks about what methodology to counter them would need in terms of making perfect requirements or specifications. Part of this is biased as a setup for HOS since he's evangelizing it. I could chop those parts off with rest still being great advice for people developing formal methods for those problems. Stops to highlight these in bulletpoints. Proves stuff about defects or correction costs at various parts of lifecycle with nice charts from real-world software. Another good thing is recommending to systematically produce code from formal specs in ways that preserve their behavior. Simple structuring for easy analysis, embedding order of execution for safe concurrency, embedding timing properties, use of proven primitives (esp mathematically), reuse in libraries, and correct-by-construction transforms or controls. These are components of Hamilton's method I just abstracted into their essential, timeless nature that probably should remain in minds of people developing robust software or tools for it.

Then the author spends much of a book showing how to accomplish everything above with HOS methodology. It's *much* more debatable. ;) It's really weird-looking [for programmers] & limiting in expressiveness. On purpose, though, as I remember from studying formal verification how low-expressive languages (eg Prolog) are easy to handle automatically but highly-expressive (eg Isabelle/HOL) required lots of manual proving. It's declarative like SQL but *way* simpler. Just a handful of concepts expressed as text or charts likely made it easy for laypersons. The NASA review I posted before said it had severe usability & performance issues. name.withheld noted it kind of does things like UML does today which should also give us hints. I also just found a report by David Wheeler he did for government a *long time ago* that confirmed it's similar in strengths and weaknesses to other CASE tools of the 1980's due to graphical features with limited expressiveness. All together you basically got to shoehorn your problem into its limits with code generation happening at such an abstract level it can't optimize as well as hand-coded, low-level code. It's not really made to, though, as it's focus is on productivity like most CASE tools & more correctness. So, it might be more suited to non-performance-critical things you see in business or adminisrative scripting. Esp CRUD apps or business process management which many examples were in the book. That's my best attempt at explaining what my intuition says about its usefulness.

The thing I find neatest about it is how it's so reductionist where all systems, the what and how, can be described with basically 7 primitives and functional decomposition combining them in various ways. Then, they consistency check it all and turn it into code in any language (about four supported). It kind of reminds me of early LISP where it similarly can handle about any problem with composition of just a few primitives. You also know reading McCarthy's paper & examples it's going to be weird and slow. ;) Yet, the simplicity & power is kind of beautiful at the same time. Unlike LISP, this method handled requirements and design specs while eliminating most of the coding phase. Automatic tests and traceability from specs, too. So, impractical or not, what it gets done with so few primitives and principles is neat to me. Time has taught we can't replace the low-level coding so much as produce a series of primitives for various use cases that high-level coding plug in and test out like legos. HOS method *does that* (foresight) but was wrong about how much coding it could eliminate (hindsight). Mixing high-level for productivity with low-level for efficiency is probably as good as we'll ever get for high-performance, correct systems. The partial correctness with things like SPARK and Rust plus interface checks gets us quite the way there on low-level stuff, though. Not all a loss.

Also interesting about the book were all the little nuggets of wisdom in it. I knew they got them from practical application. One was that they said a methodology like this will be easier for non-programmers to learn. Programmers had a hard time learning HOS or formal methods since they had to unlearn prior stuff before learning this. Non-programmers didn't. Got it quickly. Another was how separate systems supposed to work together on the same job might represent same data different internally in a way where interactions cause failure. That Mars failure with miles vs kilometers come to mind. The method's integrated style with abstract, data types connected to formal specs with consistency checking of all of it & code generation is supposed to prevent that [along with all interface errors]. He carefully noted the garbage-in-garbage-out principle: feed incorrect requirements or specs into a correct-by-construction tool results in implementation that perfectly does the wrong thing. Happened to CompCert. Another weird thing worth exploring or countering is that he said Occam's benefits boil down to three, main operations (this true?) that are largely equivalent to the three primitives of HOS. *If true*, that would be amazing foresight by Hamilton's team given Occam's concurrency power, that it was invented in 1983, and that HOS was done in mid-to-late 1970's. Both primitives simply specify which functions must be sequential and which can run independently with tools themselves able synthesize code for single core, multi-core, clusters, etc with no changes to original code.

So, there was a lot of neat stuff like that that was fun to read despite the filler, evangelism, and outdated methodology. He sure as hell didn't talk about the failures. I thought about trying the methods on some toy problems later on to spot them. Doesn't really matter, though, as modern stuff in formal methods is getting good. What I can do if any of you are interested is post some of the bullet point sections on requirements and specs so we can discuss it. What's still good, what to chop off, any new things that were learned, and so on. Might be interesting. Also, maybe some of those little nuggets of debatable wisdom. There were some failed predictions that were laughable, too, that I can post. I at least enjoyed myself for a few hours for $6 plus got another take on reference points on requirements, specs, and correct-by-construction code. It was worth the money. :)

Nick PMarch 18, 2017 12:24 PM

@ Clive

EDIT to ADD:

I should've already checked this with the above post. I just wrongly assumed the language description might be too hard to groke in the few minutes I have left before leaving for work. It wasn't: Wikipedia article is short and simple. Author is correct about HOS and Occam similarities. Here's the commands:

HOS - Join. Combines two nodes (expressions, input, or functions) under the parent function in sequential order from right-to-left.
Occam - Seq. "List of expressions evaluated sequentially."

HOS - Include. Does same as Join but nodes below can be executed independently (aka in parallel).
Occam - Par. "Begins a list of expressions that may be evaluated concurrently."

HOS - Or. Basically a Join with Boolean conditions to determine which path to take. Boolean's act as guards for correctness. HOS's If-Then-Else.
Occam - Alt. "Specifies a list of guarded commands. The guards may be a combination of a boolean condition and an input expression... One of the successful alternatives is selected for execution."

Whoa! I wonder if Occam's authors read on HOS back then. Hamilton and Zeldin (other main designer) seem to have invented the Occam model for concurrency as a side-effect of making a simple, spec language for safe composition of functions. That means the ladies' method of safe development predates SCOOP, Ravenscar, Occam, and at similar time period as Hansen's Concurrent Pascal. He or his contemporaries' work on ordering & specs built into language might have inspired them, though, via publications in late 60's to early 70's. I'm curious if they drew on any of that. I'd have to dig out the ACM papers on HOS. Maybe another time... Haha.

ab praeceptisMarch 18, 2017 12:51 PM

Thoth ("own business")

I partly agree and partly I don't.

I agree that *today* a solution like the one you want to build would be *very* desirable.

I disagree insofar as the premise is unhealthy and detestable. Well noted, not yours but the current situation. In a healthy word (i.e. a post us of a one) we would have at least some reasonably safe OSs and hardware. In the current (largely us of a defined) world, however, we don't; we have a stinking pile of crap that had only two purposes, a) to make some corps. rich and b) to turn the world into a panopticon.

So, we need *both*. Your approach as an urgently needed "bandaid" as well as a general change in many fields, i.a. lots of work to create generally better systems.

I wish you good luck and if there is anything I can help with, let me know.

WinterMarch 18, 2017 1:17 PM

@Clive
"ve not been keeping up with who said what after the original accusation. "

Trump is not complaining he was wire tapped. He is criminalizing Obama for ordering it

This is not about eavesdropping, but a direct attack on Obama.

You know when Trump&GOP are in trouble, they start attacking Hillary and Barack. Ready is ready to sink the US for his vanity.

Who?March 18, 2017 1:21 PM

@ Clive Robinson

As you dig down or peel away security you find that ultimately components individually are not nor can they be secure. That is it is how we put components together to make "Systems" where one of the design criteria is "Security" just as it is to meet "EMC Regulations" and other "Standards" especially those we use to link larger aggrigates of components into systems.

Yep, I know, it is security in depth. I was just asking about the possibility of isolating management features provided by firmware in the last twenty years on its own network. My proposal is far from being perfect, but I certainly prefer all these dangerous (even if somewhat useful) features available on its own network —if any— instead of sharing the same links used for other traffic.

Disabling AMT is counterintuitive, as it seems it requires enabling it in BIOS:

https://software.intel.com/en-us/forums/intel-business-client-software-development/topic/563988

Indeed, it sounds crazy. Perhaps Bruce should focus on this official Intel forum's thread in the future. This one is the reason I would feel better isolating traffic coming from all these management technologies from other, sometimes public, networks.

Part of that process is to design a secure nexus from which you can extend security outwards in various ways.
Things such as cryptocurancy wallets are designed to be more general purpose than their name suggests, thus they can be repurposed for other security functions such as password wallets or even encryptors.

I see, then a "wallet" is just a general purpose security device usually targeted to the cryptocurrency market. I would be really interested in using one as an off-line password vault and, if possible, as an encryptor. It sounds great, I will look at your achievements. By now I am just learning how Ledger Blue and Nano S work, but have a lot of questions:

  • Is it compatible with OpenBSD?
  • I have read about a mechanism to restore a configuration... I understand it is completely off-line, not requiring access to a remote Ledger SAS server, am I wrong?
  • Will encryptor and password vault features be provided by Ledger's firmware?
Part of security that has been long established is "segregation" of the secret "plaintext" and the transmissible cryptotext. As a rough rule of thumb the better the segregation the better the security. When it comes to encryption there are infact three parts the plaintext, the keytext and the ciphertext. when used as an encryptor you can have your keytext quite well segregated from the computer that only sees plaintext or cryptotext not the keytext.

It is not different to what SmartCards do right now, am I wrong?

Hmm do you mean Intel + AMD or x86 + ARM?
Neither is actually true there are quite a few other architectutes. For instance the PIC32 from Microchip, as a single chip is more capable than the MicroVax or later PDP11's. They cost about 1USD and can run an earlier BSD on the Microchip development board. The also make available a whole array of prebuilt interfaces that plug in, so designing a four user *nix board little bigger than a couple of credit cards is well within a the capabilities of many "Maker" or "Home" constructors.

Sorry, I was not clear here. I was talking about the Sandy Bridge and Ivy Bridge microarchitectures, the only ones that currently seem to have some chances to be disabled. However, disabling ME does not avoid other management technologies, like PXE, from being exposed to external networks.

I want something that isolates the full spectrum of management technologies developed since the 90s to its own physical network (in case I want to make them available on any!). I like some of these technologies (PXE is useful to upgrade the Alix and Soekris appliances), but not reachable from other networks.

The downside is of course "CLI" usage on a terminal, but that is not exactly the handicap some people try to make it out to be.

The BSD command line is, perhaps, the best interface to communicate with a computer. It is elegant, simple and well documented.

I would and have --endlessly along with Thoth and others-- recomended that "segregation by air-gap" be used. However about a decade ago I pointed out that you needed to consider how energy might leak information. Since then it's become clear that air alone does not surfice and you need to consider "energy-gapping" and correctly issolating your security end point (think SCIF). Likewise how you necesseraly communicate across the "gap" where "printer and scanner" are probably the easiest way for most people to "police the channel" otherwise if you go electronic you have to instrument the channel and that is far from easy.

An energy gap on a computer that has two network interfaces is not possible. In fact, I would not consider that set up even an "air-gap", it is just something I am considering to make the Intel management features more difficult to reach for outsiders. It is just another security layer, but I am not sure if it will work or it will be just a crazy idea.

keinerMarch 18, 2017 1:39 PM

@Winter

The orange, little-handed guy is a case for the psych department, not for a truth commission or a security blog. Deal with it. We have a psycho in the White House.

AlanSMarch 18, 2017 2:10 PM

@Clive

One would imagine that GCHQ has had the SNP under surveillance given that the SNP is perceived as a threat to the British state. So given that Trump has had quite a lot of communications with the Scottish government, which has been run by the SNP for a decade now, it doesn't seem out the realm of possibility that his communications to Scottish ministers might have been recorded.

This was quite a momentous week for the Scottish government. The political play by the Scottish First Minister on Monday morning, calling for renewed independence referendum and preempting the British PM's A50 notification, may yet turn out to be one of great plays in UK political history. It appears to have caught the British PM by surprise and she has now, true to her authoritarian nature, made a number of miscalculated responses. I have been convinced for some time that the breakup of the UK was inevitable but the speed at which it is happening is a little surprising. Brexit seems to have acted as a super accelerant to a process that had been to that point a slow but steady fracturing over a period of decades. Northern Ireland also came back into play this week after the election earlier this month and the call for a border poll hours after the Sturgeon announcement. This means that America's fawning puppy in Europe is likely to eventually lose it's Security Council seat and Britain's nuclear weapons will get the boot from their home in the Clyde. While Tories dream of Empire 2.0 and a new royal yacht, it seems likely that what we are seeing is the last gasp of Empire 1.0.

CzernoMarch 18, 2017 2:55 PM

Re: Future of the UK - GB - England and relatives. Just curious, @Alan, @Clive and other Britons, please clarify: IF Scotland were to part from England : would the queen/king of England keep the Scottish crown in addition to that of England (and Wales?), or would the Scots go fetch an offspring of the Stuarts and descendant of Mary queen of Scots ? Or else, horresco referens (=I can hardly imagine,) are they meaning to have a ... Republic ?

AlanSMarch 18, 2017 3:52 PM

@Czerno

I don't think kings, queens and lords, the past Britain of Empire and all that, fits into the vision of a progressive, outward looking, independent Scotland that's being articulated by the First Minister. Scots will be voting for an escape from the relationships of the past. From her speech today:

Often, in these times, I am reminded of our dear friend, the late Bashir Ahmad. Bashir came to Scotland from Pakistan in 1961 to work as a bus driver. 46 years later he became Scotland's first Asian member of our national Parliament. The first time he addressed an SNP conference, Bashir articulated this simple message. 'It's not where we come from that's important...' he said. 'It's where we are going together." Today, with the forces of intolerance and xenophobia seemingly on the rise across our world, Bashir's words have never seemed more appropriate. Let us rededicate ourselves, today, to the spirit of that message. Inclusion, tolerance, diversity. Let's make these the foundation stones of the better Scotland we are seeking to build.

ogMarch 18, 2017 4:33 PM

@ Nick P and others

Although I haven't been reading much, user carapace on Hacker News posted in a thread about how he/she got their mind blown & new perspective about how software could be engineered. Said it was a James Martin book that detailed Margaret Hamilton et al's methods.

Satisfying my curiosity with some saturday evening squid blog lurking, you quite got my attention with the above part. As a little engineer I am always looking for approaches which might give new insights. Some of my best learning experiences have in fact been from rather old books, so naturally I just had to google the book...

So, I was pleasently surprised that the E. W.Dijkstra had written something about the author(s), respectively their texts. Let's just say he was not a believer... :)

ab praeceptisMarch 18, 2017 5:28 PM

og

Thanks a lot. That was a great read and a nice example of how to slaughter a stupid pig *elegantly* (well, up to a point. Stupidity tends to strongly limit the level of applicable elegance).

And your checking was well done. Simple rule of thumb: If Dijkstra, Hoare, Wirth, or Meyer think it's shit then it *is* shit.

Ergo SumMarch 18, 2017 5:43 PM

About Intel ME...

In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely. Since recent versions of it can't be removed, this means avoiding all recent generations of Intel hardware.

That might be a bit overstatement, or maybe not...

Questions...

If the ME is such a security/privacy risk, shouldn't be there some sites with list of IP blocks to prevent ME connecting over the internet? After all, a hardware firewall should have no issues blocking the IP subnets. Maybe my search for such wasn't the best, but I couldn't find it...

The ME also has network access with its own MAC address through an Intel Gigabit Ethernet Controller.

If that's the case, shouldn't I see the ME MAC address and the DHCP assigned IP address in the list of the devices in my router? I certainly don't see it...

Intel does have a platform discovery utility, intended to discover Intel devices, including ME:

https://downloadcenter.intel.com/download/25776/Intel-SCS-Platform-Discovery-Utility

Some of the results from my system:

Hardware version="Intel(R) Management Engine - 8.1.0.1248
Software name="Intel(R) Management Engine Interface " required="true" available="true" version="8.1.0.1263"
Solution uuid="045964d1-6e6a-421a-b161-fd539f14f21f" name="Intel(R) WiDi" exist="false" managed="false" state="not supported"
Hardware version="Intel(R) Core(TM) i5-3350P CPU @ 3.10GHz - 000xxxxx"
Hardware version="Intel(R) Management Engine - not present"
Hardware version="AMD Radeon HD 7800 Series - 16.150.2211.0"
Hardware version="WiDi compatible Wi-Fi Card - not present"
Software name="Microsoft Windows 8.1 Pro N 64-bit" required="true" available="true" version="6.3.9600"
Software name="WiDiApp not installed" required="true" available="false"
Software name="WiDi Graphics Package not present" required="true" available="false"
Software name="WiDi compatible Wi-Fi driver not present" required="true" available="false"
FrameworkPlugin available="false"
Solution

I can easily install a 3Com or Realtec NIC and disable the onboard network card. I could also leave the onboard card connecting to a switch going nowhere. Is it really worth for the trouble, especially, when I don't see any ME activities in my router?

TIA...

Clive RobinsonMarch 18, 2017 6:36 PM

@ Thoth,

I wish you well in your aims and objectives.

I suspect it will take you six months or more to get much more than a demo product. But on the bright side the market is changing it is becoming a lot more security aware than it was back last Sept.

Going out on your own has it's ups and it's downs, you need to make sure you can cover your bases whilst you get started... I hope you like coffee shops, because young founders spend a lot of their time using them as offices via the free WiFi etc. Spy out the ones where you can plug your computer charger in (and in a sports bag or similar have chargers for all sorts of things arranged so you can amongst other things charge your tooth brush and flash light).

Because life for startups without finance or income is expensive... Thus find if you can a from alternative payed employment part time to cover your basic living expenses. For obvious reasons do not incure personal debt of any kind especially "borrowing", even if it means living in a camper van, with your other stuff in storage somewhere.

I don't know wjat the rules are where you are but knowing an accountant can save you a lot both short and long term.

For instance a friend used to make "Directors loans" into his start up on a monthly basis and the startup payed for his lunch and quite a few other things you will need and he rolled interest payments back in as another loan. That way when the startup did start earning money he could take an income back not just tax free but also earning him interest tax free as well.

On the business side you will probably also need a range of other products to sell whilst you develop the more complex products. Which means realistically you will need to get some simple products under your belt that you already know people will buy. Either products you design or products you buy in and badge label etc.

But one piece of advice you need to remember is "Look after Bumber One" which means eat right excercise right and most importantly sleep right. It's all to easy to let those slip and then you start getting colds etc much more frequently. I know I shouldn't realy say this but make sure you get atleast one ten hour sleep a week, even if you have to induce it via mad excercise or some such. Mad excercise is actually very important, because stress causes the "flight or fight" hormones to build up and they are far from good for you, mad excercise burns them up (Dirk probably knows something about this). Oh and half a day a week has to be "me time" go see a film read a non work related book etc and don't burn the midnight oil unless you are a night person do your creative work in the hours you work best at not others because they are quiet. Also spend a day a week "networking" your contacts, even if it's just to say hello and ask how they and their family are doing, gosip a bit they are likely to be the people who will directly or indirectly get you your first sales etc and build your personal brand (ordinary marketing tends not to work as well for start ups).

It's hard but fun when you are young and you will get lots of valuable experience. But unless you want to become a serial entrepreneur become human again before you get to old...

Any way best of luck and don't dig yourself into a hole.

POTUS authorised monitoring Merkel in 2013March 18, 2017 7:34 PM

The eavesdropping truth according to British & German newspapers.
Little did they realize it would become extrermely important in 2017.

From 2013:
President Barack Obama was dragged into the trans-Atlantic spying row after it was claimed he personally authorised the monitoring of Angela Merkel’s phone three years ago.

The president allegedly allowed US intelligence to listen to calls from the German Chancellor’s mobile phone after he was briefed on the operation by Keith Alexander, director of the National Security Agency (NSA), in 2010.
http://www.telegraph.co.uk/news/worldnews/europe/germany/10407282/Barack-Obama-approved-tapping-Angela-Merkels-phone-3-years-ago.html

GCHQ recent response of obeying laws is laughable. For them there are no laws. GCHQ legally eavesdrops on huge numbers of law abidding Americans - ironically authorized by the NSA.

GCHQ continues to use data mining techniques outlawed in USA
https://www.theguardian.com/uk-news/2015/jun/08/privacy-international-gchq-data-techniques-outlawed-usa-freedom-act

This is the horrific end-result of when security people are put in-charge. They will lie every time when they think they can get away with it!

ThothMarch 18, 2017 7:36 PM

@Clive Robinson

I have been quietly working on my own since 2 years ago when I left my job as a HSM Engineer and started my own business. I have gotten a basic platform and POC for creating smart card farms with load balancing capability and have been discussing with @Nick P for advises while I was developing my project.

The smart card load balancing and clustering feature that I would be pushing out into the market after close to 2 years of development would allow multiple smart cards to act as Secure Execution Environments on servers.

For starters, I have added a bunch of features like password encryption and verification on loaded balanced smart card hardware for the initial project launch (est. in 3 weeks time). I have my brochures, engaged artists for artwork, have a batch of USB smart card dongles with custom serial number engraved preparing for my applet to load).

The next version would be to allow Dynamic Scriptlet loading (the Secure Enclave for Smart Cards - The VM-in-a-VM approach I mentioned a few months back) that I mentioned above so that users can just load tiny scriptlets on the fly without needing to erase and then upload a program all over again in a traditional smart card setup.

Since running a scriptlet on a single smart card would be slow (i.e. financial scenario), this is where my load balancing for smart cards I have developed for close to 2 years come into the scene to allow multiple smart cards to be dynamically loaded with scriptlets and executed in parallel.

Accountants and secretaries are actively knocking on my "door" via letters for new startups to hire. I have collected a bunch of those advertisement for accountants and secretary and probably would sit down and pick the firm I am interested in.

I have been very health cautious to a point that I have changed my lifestyle since I started this project. This should not be a problem as I make it a point to have sufficient exercise and careful planning of my own health and nutrition. In fact, my change of lifestyle sparked my parents to improve their lifestyle as well.

I have a very rigid working schedule where I tell myself that after 5 pm, it's time for some workout or some cardio exercise :) .

Thanks for the advises and concerns.

While spending my ~2 years developing the project, I have stumbled quite a lot and saw a lot as well. It has been a rewarding journey spending 2 years behind my current project.

Nick PMarch 19, 2017 12:03 AM

@ ab praeceptis

"Simple rule of thumb: If Dijkstra, Hoare, Wirth, or Meyer think it's shit then it *is* shit."

Dijkstra's stuff was bested many times later. His predictions about software engineering were hit and miss. Meyer's work on concurrency implied Hoare's was shit. Wirth's philosophy clearly opposes a design such as Ada. Shared-nothing model outperformed Meyer's in NonStop & Erlang. Two of your folks argued with each other constantly about fundamentals. And so on and so forth.

Easily refuted claim. They're smart people but it's a complex field with many angles. They were also prone to being selective when there were strong opinions or preferences. Dijkstra is an interesting choice because he was an extreme example of both smart observations in his write-ups and ego-centric dismissals with comments that came off as an asshole. The review you're responding to does both. Let me get to it.

@ og

Well, I appreciate the opportunity to peer review Dijkstra. Looks like I'm about to destroy his ass at least partially. First the smart observations:

"Instead of closing their eyes for all the problems they encountered they have studied them and analyzed their origins, asking themselves all the time how these problems could have been circumvented. In the course of the 70’s they show symptoms of proposing a remedy."

"Their first proposal has very much the form of an applicative programming language with identified intermediate results." (lists good things)

"It is, in fact, often hard to figure out what the papers are about."

"Once every n sentences (for rather small n) one has not the foggiest notion what the authors are writing about and the reader’s self-respect can only be saved by the probably correct assumption that they wrote about nothing."

"(the weird programming stuff here. most of it.)"

Those are the good and the bad that were correct. I asked another person on this blog what the hell it was about since I was seeming too slow to get it from original papers on USL etc. Good to see Dijkstra had a hard time, too. It was just shitty writing. This could be a sign of bullshit but I'll note the same criticism was applied widely to Ada and IBM's tech. Both used their own terminology for stuff that had standard terms. This caused a lot of confusion that led many to avoid the tech or prefer to for that reason. Many veteran programmers or admins wouldn't even read it believing the inconsistent terminology was a sign of incompetence by the sources. I haven't ruled these out given Martin used familiar concepts in his descriptions. As in, if you read *his* work, the methods of system construction are more understandable and sound like other stuff you'll have read about. I actually thought they got the idea from Dijkstra himself since it was similar to his work. That makes part of his review so friggin funny. Let me illustrate why first.

In the THE multiprogramming system, he makes the following claims about the verification part that I'm going to paraphrase side-by-side with HOS for the similarities:

1a. Dijkstra has a new methodology for building systems so they will have no major errors. Their design will be provably correct a priori.
1b. HOS people have a methodology for building systems that don't allow interface errors. The internal consistency is provably correct a priori.

2a. Dijkstra uses a hierarchical scheme for composing primitive components with rules about how they synchronize. They learned "the art of reasoning" that components composed according to those rules would basically have no concurrency errors and interface as expected.
2b. HOS people have a hierarchical scheme for composing primitives with strict rules about order of operations to prevent concurrency and interface errors.

3a. Dijkstra claims the only errors were coding errors in modules that their methodology didn't produce. Everything their method did was correct. Resulting system ran long time without failures. Any failures must have been the hardware. Take his word for it. He does not publish the specs, proofs, or code for 3rd party review of verification results.
3b. HOS people plus some customers claim to have written all kinds of systems with the methodology. They claim it worked as advertised for productivity & correctness. They published some gibberish, the formal parts, and one newcomers can get by Martin on how it works.

They sound pretty similar to me! In the paper we're about to look at, Dijkstra speaks negatively about HOS people for doing the same damn thing he did. The only difference is that Dijkstra unscientifically provided no information at all about how his verification of THE worked or evidence to peer review that it met its claims. The HOS team provided a mixed bag of evidence. Then it was used by 3rd parties. Dijkstra has no room to talk about making strong claims with no formal data or evidence to back them up. Like with HOS, it was similarities to other proven work that made me think he might have done some degree of what he claimed. It's why I did research on both methods. Let's let him talk though.

"both [0] and [1] proudly mention the development of ..... a flowcharter! "

It's not a flowcharter. The book spends a segment talking about how those can help but says avoid them due to their problems like lack of formal, provable consistency. It has a graphical notation that can *optionally* produce flow-charts to aid human understanding by those with flow-chart experience. Also a text notation that's it's primary one. Also a way to input flowcharts, convert them to HOS, spot inevitable problems they have, and work from there. Also can do that with text forms. Many front ends for things they were clearly against using in isolation due to inability to preserve consistency or stop interface errors.

"It has about as much technical content as an average tract of Jehova’s Witnesses."

It's written for everyone from laypeople to programmers. Most aspects of correct software development are done in requirements and spec phase with a logical notation. The CASE tool eliminates the coding phase entirely except for primitive, building blocks (think low-level libraries). Verification method is built-in like a type-system or static analyzer. Surprise: a description on using the spec part doesn't talk much about coding or formal verification. Over two thirds of the pages have examples of using the technique on boring problems business people would love.

"Instead of applying ad hoc programming constructs, it applies only constructs which are built with mathematical axioms and proofs of correctness. A library of provably correct operations is built. The operations manipulate precisely defined data types by means of provably correct control structures. [...] Most important, the mathematics is hidden from the typical user so that the method is easy to use."

"The functions, thus, decompose into primitive functions which are mathematically rigorous. The means of decomposition itself is proven to be correct in terms of the three primitive control structures which are mathematically rigorous. The data types used by the functions are mathematically rigorous. From these three mathematical bases, great cathedrals of complex logic can be built."

Dijkstra doesn't understand this. It is a bit ambiguous. Although Dijkstra speculates on his skill, the author even says straight up he's not a verification engineer in the book: he's trying to put into plain English what the HOS people are telling him as he writes it. I understood what they're doing, though, because it was like what all kinds of other people were doing *including Dijkstra!* Shocks me he has no clue outside of applicative programming. Let's look at a few similar things so you can see there's some sense to these concepts:

1. Cleanroom methodology was empirically shown to produce low-defect software with about no interface errors. They represented software as functions that were decomposed into other functions until "primitive" functions at bottom were hit that required actual code. These optionally could be verified correct. There were verification rules for a select, few constructs for control flow that ensured the composition of functions wouldn't introduce errors. CASE tools showing visual boxes were developed to do this. Does it seem like you just read this in the Martins quote?

2. There's a style of theorem prover called LCF that's prefered today for highest confidence. It splits activity between untrustworthy, proof exploration and trusted checking of proof terms in simplified checker following simple logic. The usual technique starts with a few primitives that are axiomatically specified and rigorously verified. Typically the logic, checker (ideally mere hundred lines of code), and production rules. The latter are rules for how proof terms can be combined to produce other proof terms in correct-by-construction way. The process is done in such a way that it enforces consistency & correct interaction in the proof process as the user (or program) attempts a proof. Simple logic + abstract, human-entered specs + proven primitives + proven rules for combining them = proven correct software. Reading Richards, I immediately thought I was seeing an ancient, LCF-style prover turned into a programming environment. People later did that with Coq (CompCert) and Isabelle/HOL (CakeML) to build all kinds of software.

3. Hardware is often specified in propositional logic. The basic components, like AND and OR gates, are a few primitives that are hand-built & verified by analogue engineers. These can be composed to form arbitrary, complex logic. They can be transformed for optimization. The verification involves things such as (a) consistency of use of that logic per rules of that logic, (b) equivalence checks on individual components being transformed, (c) provably-correct transforms, (d) checks on order/timing of interactions, or (e) correct-by-construction generation of timing (ie clock trees). They use such a simple, hard-to-use logic because automated tools can handle both synthesis of the code & verifying it. Kind of like HOS which uses Sequential-AND, Parallel-AND, and OR. Only gotcha on this comparison is the name: higher-order logic is the kind you can't automatically verify. Whereas the method is actually more like propositional or first-order logic in level of expressiveness and automation. Marketing fail...

4. There's quite a few languages such as data-flow languages that combine individual components with interaction rules for producing software. Claim advantages in productivity, parallelism, and verification of correctness. Some come with formal proof for individual components (primitives) or interaction strategies. One, Esterel w/ SCADE, has a certified code generator. AdaCore actually invented their tool like that because a large customer canceled their subscriptions because they weren't coding anything but the low-level primitives anymore. Rest all done in MDE tools that let you enter a formal model, check it, and generate code from it. HOS & most formal, CASE tools were doing that in the 1970's-1980's.

That's just four examples that I've seen done industrially that sounded a lot like Martin's description. That Dijkstra had no clue what he might be talking about means he's either an idiot in verification or just in full dismisal mode looking at writing he's opposed to. As in, he's not trying to understand. He's clearly not an idiot so I lean toward the later. We see it again when he keeps questioning the formal basis when he cited that's in his reference 0. Book includes it in the end. Looking at it now, it starts with an illustration of binary-tree-based control, the primitives of set theory, axioms of their method, and then a bunch of theorems and proofs in both English and set theory. Some I get and can confirm like with the priority stuff that's probably for real-time. Some I don't understand either because the writing sucks, they're full of shit, or I'm not that formal. If you take this Dijkstra review at face value, there was *nothing* in there at all describing their method formally with any accuracy. Too bad he didn't actually read it as a *real* review by someone like him of the axioms, theorems, and proofs against description in Martin would be valuable in determining confidence in or rejection of their foundations. I don't think he really reviewed it, though, given he missed all this stuff I noticed but should've seen it having done similar things himself. With less evidence.

"I have never had reasons to consider James Martin as a competent computing scientist, but that he is a competent salesman I don’t doubt: he must have seen a market for [2] at $200 apiece."

This much is true. I noted his evangelism and repetition as a negative for the book. Conflict of interest was fine, though, as the book & my goal was about understanding their method more.

"The book is so terrible that that is a depressing thought."

The same book could've been written with a better methodology such as Cleanroom. That combo would still be true today minus just two changes to Cleanroom. As in, the justifications, requirements, spec, and composition sections were good. The methodology failed despite some decent ideas. Take the good half combined with a methodology with similar benefits that worked. *Maybe* drop everything on databases. You got a good book then. I got a halfway-decent book that enlightened me about a historical method plus had some great points for $6. It's about what I hoped for. I think poor Dijkstra read a book on a CASE tool for amateur audience expecting to see piles of code & formal proofs written for experts. That was terrible *expectations*, not a terrible book. ;)

Nick PMarch 19, 2017 12:09 AM

@ What?

"how airgap website?"

You sign the individual pages of the website with files they can access in same directory with same name but different extension. That way they can verify it before passing it to renderer. You edit the website on an airgapped, electrically-isolated machine in faraday cage. It has one-way, optical transmission outside cage that has the cache that actually processes requests. Make sure the computer serving the cache is simplified machine whose components can't physically screw with the airgapped machine. Remaining risk is denial-of-service attack on overall service.

I don't have available time or energy to tell you how to counter that. There's ways to protect the cache machine, though. It's lot of effort since it will take all forms of attack directly. However, a client validating the content won't accept its lies so long as the client itself is safe from attack by the same compromised cache. Oh my, is this fun!?

ab praeceptisMarch 19, 2017 1:39 AM

Nick P

I'm afraid we are getting boring. Once more you attempt to convince and for a good part you succeed - except for the fact that this is no battle of having read about things or who can recite more bits from more papers.

My interest is safe and reliable systems. Simple as that.

Meyer's work on concurrency implied Hoare's was shit.

Bullshit. Much of Meyers work was based on Hoare triples. But O.K. you focus on Meyers (little) progress in the temporal area. Interestingly though you seem to "forget" that pretty nobody has achieved major success in that field as far as languages are concerned. And even in modelling there is regrettably little. About the best is to be found in Uppaal.
And btw, to have designed and given birth to one of the very few reasonably safe languages would be easily good enough for a lifetime award. In my minds eye even more importantly Meyer is delivering on another front, too: He inspires software engineers and very well so.

Moreover I didn't say that those 4 men are the peak of human wisdom or that they know everything and never did wrong. What I said is that when one of them calls something shit then that almost certainly *is* shit.
And indeed Dijkstra was *obviously* perfectly right when he sliced and slaughtered with ease and well deserved the poor work that you put on our reading list.

I could go on but it is not my interest to show the weakness of much you suggest. My interest is in safe and reliable systems and I will gladly listen to you when you offer something of tangible practical value for the real world.

I stick to what I said.

The work of those 4 men weighs much heavier than not 1.000 but more than 10.000 blabla grant carousel papers.
Similarly the work of Abrial weighs heavier than many of the attempts of others who attempted to walk but ended up stumbling (e.g. promela, what a joke!).

And the work of those men has something else in common: It addressed real world needs and offered real world and usable - and recognized and widely used - solutions for real world problems. B, for instance, is one of the gold standards in the field.

Another reason, btw. to like Clive Robinson; he talks mainly about his own and concrete experiences. Or Thoth whose struggle against crap one can almost feel; he is working hard toward the goal of better systems.

Oh, and: while I personally am not much a fan of tla[+] (and hardly use it) I do recognize, respect, and value the work of lamport, a us-american if I'm not mistaken.

SpookyMarch 19, 2017 1:49 AM

And then there were two... (small on-die cores, with firmware inaccessible to the end-user; not Samael, the Hound of Resurrection):

Intel "Innovation" Engine

The Innovation Engine is a small Intel® architecture processor and I/O sub-system that will be embedded into future Intel data center platforms. The Innovation Engine enables system builders to create their own unique, differentiating firmware for server, storage, and networking markets.

Some possible uses include hosting lightweight manageability features in order to reduce overall system cost, improving server performance by offloading BIOS and BMC routines, or augmenting the Intel® Management Engine for such things as telemetry and trusted boot.

Intel, my problem child... This is exactly what the world did not need. More unsupervised cores running other people's code on MY hardware. Apparently, OEMs will now have their own private CPU (in conjunction with ME) with which to run their buggy, in-house firmware. Oh joy. A better world for us all. Superfish IV in 3, 2, 1...

* data center hardware platforms (for now, at least).

Cheers,
Spooky

CluelessMarch 19, 2017 2:04 AM

What is gained by using blockchains in this way, with a central authority? https://threatpost.com/nyu-students-apply-blockchain-solution-to-electronic-voting-security/122382/
Isn't the main risk of fraud with electronic voting machines that a few machines in swing states can be hacked into giving false results?
Wouldn't the blockchain just prevent them from being hacked after the election, after they had given good results? Isn't that already prevented by unplugging them after the election? I'm obviously missing the whole point.

SpookyMarch 19, 2017 5:08 AM

@ Ergo Sum,

If the ME is such a security/privacy risk, shouldn't be there some sites with list of IP blocks to prevent ME connecting over the internet? After all, a hardware firewall should have no issues blocking the IP subnets. Maybe my search for such wasn't the best, but I couldn't find it...

The actual TCP ports used for inbound connect attempts are specific to the revision level of ME present on your system (thus, they can differ between systems). Documentation for your particular revision of ME should list some of the port numbers used. The docs should be available on the Intel website.

Here are some quick references:

* An older comment, describing some ME behaviors.
* A useful exchange on Serverfault, with examples of version-specific ME port assignments.


Cheers,
Spooky

Who?March 19, 2017 7:42 AM

@ Spooky

Intel, my problem child... This is exactly what the world did not need. More unsupervised cores running other people's code on MY hardware. Apparently, OEMs will now have their own private CPU (in conjunction with ME) with which to run their buggy, in-house firmware. Oh joy. A better world for us all. Superfish IV in 3, 2, 1...

In a perfect world I would not see this design so bad. OEMs have a chance to decide what doing with these "features," datacenters staff have a chance to decide what builders they will choose to fill their racks. As Clive Robinson says, "the market is changing it is becoming a lot more security aware than it was back last september."

The actual TCP ports used for inbound connect attempts are specific to the revision level of ME present on your system (thus, they can differ between systems). Documentation for your particular revision of ME should list some of the port numbers used. The docs should be available on the Intel website.
Here are some quick references:
  • An older comment, describing some ME behaviors.
  • A useful exchange on Serverfault, with examples of version-specific ME port assignments

The TCP/UDP ports range used by AMT seems restricted to 16992 up to 16995:

    amt-soap-http   16992/tcp       # Intel AMT SOAP/HTTP
    amt-soap-http   16992/udp       # Intel AMT SOAP/HTTP
    amt-soap-https  16993/tcp       # Intel AMT SOAP/HTTPS
    amt-soap-https  16993/udp       # Intel AMT SOAP/HTTPS
    amt-redir-tcp   16994/tcp       # Intel AMT Redirection/TCP
    amt-redir-tcp   16994/udp       # Intel AMT Redirection/TCP
    amt-redir-tls   16995/tcp       # Intel AMT Redirection/TLS
    amt-redir-tls   16995/udp       # Intel AMT Redirection/TLS

These ports are in the list of ports not allowed for dynamic allocation by OpenBSD. I understand the difference noticed in ports assignment is related to workstations/servers using HTTP versus HTTPS.

rMarch 19, 2017 7:53 AM

@mostly harmful,

You've obviously not been around here long enough if you think a mere set of wire clippers are going to get the job done. ;-P

Nick PMarch 19, 2017 8:24 AM

"But O.K. you focus on Meyers (little) progress in the temporal area. Interestingly though you seem to "forget" that pretty nobody has achieved major success in that field as far as languages are concerned."

Hoares work was the manual, pencil-and-paper use of primitive logic on each function. Meyers SCOOP function let users basically just use a keyword or two to have code free of race conditions. Ravenscar model did for Ada with severe limitations. ParaSail from Taft does a lot more. Recently, using linear logic, Rust delivers safe concurrency for system code. The user just has to get it to compile. HPC field had several languages for it. Yeah, it's a solved problem that got way better than manually proving function invariants.

"4 men weighs much heavier than not 1.000 but more than 10.000 blabla grant carousel papers. "

Still trolling with that meaningless line.

"And the work of those men has something else in common: It addressed real world needs and offered real world and usable"

Trolling confirmed. Dijkstra's style was academic as hell. Hoares was useful in the real world with tooling by *others* eventually making it practical. Wirth's solution was rejected by the real world as oversimplified, underdeveloped, and constantly changing at language level. Properties he put there intentionally. Meyers got stuff done in the real world by being pragmatic. Just one of them.

"I could go on but it is not my interest to show the weakness of much you suggest. My interest is in safe and reliable systems and I will gladly listen to you when you offer something of tangible practical value for the real world."

Yet, you commented on the opposite: a discussion of historical work we're not promoting as a way to build reliable systems today. Although, they did get a few things right. We're still doing some of those today.

Clive RobinsonMarch 19, 2017 8:39 AM

@ What?

how airgap website?

There are various things you can do to "air-gap" or more correctly "Police the channel" not "Police the message".

The point of air-gapping originally was "total segregation of data" and as the old joke went "Put the computer in a hole in the ground and back fill with rebar and concrete..." it is not very usefull as nothing gets out but nothing gets in thus no work gets done.

Computers are about information which in turn is about three things,

1, Communications.
2, Storage.
3, Processing.

With a little thought you can see that "Processing" is dependent on "storage" and both are dependent on "communications".

That is to be of any use you have to communicate information into and out of your segregated computer. No if's, no but's no maybe's because the laws of physics require it for "work" to be done.

Thus even the power cord in and heat coming out are communications channels through which information can pass (which is why I talk of "energy-gapping"). The basic theory of communications is the "Shannon Channel" which is basically some kind of medium into which information is put and information taken out. But importantly the channel has characteristics and multiple information sources and sinks which have interdependencies and coupling.

Which brings us back to the difference between "Policing the channel" and "Policing the message". The "message" is the intentional communication of information in the "channel" not the other information that is in the channel or caused by the channel characteristics. You have to police both the channel and the message but what you do is different for each.

When you "police the channel" your intent is to achieve issolation for the message so that what you transmit is what you receive without issue. That is to ensure your message goes from the intended information source to the intended information sink, without the message sink also receiving "interferance" from other sources, or other sinks receiving part or all of the message "leaking" from the intended source. To cut the verbage down engineers talk about "In Band" and "Out of Band". The message should be only "in band" and not cause interference "out of band" or be susceptable to "out of band" information/interferance intentional or otherwise.

The message however is what you send to the information source to be transmitted, and if the channel is properly policed the only thing that is received that comes out of the intended information sink.

The message however is it's self another information channel it has both correct and incorrect information and correct and incorrect timing etc. Thus policing the message is about what to do about not just correct information but the order it arives in and alowable values as well as alowable time frames.

If you have a read of this, their "security" is based on partly "Policing the message" not "Policing the channel". It works mainly by "mitigation"

https://paragonie.com/blog/2017/03/how-we-engineered-cms-airship-be-simply-secure

Thus there is a lot they are not doing which gives attackers "wriggle room".

The difference between what they are doing and what you are asking to do is often refered to as a "choke point". Both of you want to connect to a totaly untrusted environment. Their security is by at best partial mittigation of the message without a choke point. Your aim is to introduce a choke point to Police the channel between your server and the internet.

The reason they only mittigate the message is that is realy as far as they can reach. Because they do not control the systems their software is deployed upon by others. That is the responsability of the software opperator to get from the system administrator / provider / owner. Because in these days of "cloud computing" operators rent from service providers who likewise rent from others etc...

Golix?March 19, 2017 8:40 AM

By chance (I use py_daemoniker by the same author) I stumbled upon the github repo of the py_hypergolix project, described as the 'Programmable Dropbox for secure IoT'. It's based on the Golix protocol (doc-golix on Github, 'PGP-like encryption + torrent-like addressing + blockchain-like enforcement of data expiry'). I lack the technical knowledge to evaluate the claims, and nothing comes up searching the blog for golix. I figured some of the knowledgeable people here may have an opinion. Below is an extract from the readme on github.

Golix is a cryptographic protocol:

It's a set of rules
that computer programs can agree on in advance,
which mathematically prove (with a few assumptions)
that a piece of data comes from a specific person,
and that the data cannot be seen by any third-parties.

It is trustless and self-authenticating:

Unlike Google or Facebook, large companies built on Golix cannot see your data
Unlike Google or Facebook, you "log in" to Golix once locally (on your computer, not over the web), and that proves to everyone else that you are who you say you are
You don't need to contact a third party to log in, so it works (for example) within your home wireless network, even if your internet connection goes out

It is fully social:

You can share and re-share data, at any time, with anyone
Unless and until you explicitly share something, it is provably private

It is especially well-suited to the "Internet of Things" (IoT):

Golix works regardless of your internet connection
It is substantially simpler to develop on than existing IoT frameworks
It is designed to work with many, many more total devices than exist on the internet today
It doesn't expose your IoT devices to the "outside world"

Ergo SumMarch 19, 2017 10:08 AM

@Spooky...

The actual TCP ports used for inbound connect attempts are specific to the revision level of ME present on your system (thus, they can differ between systems). Documentation for your particular revision of ME should list some of the port numbers used. The docs should be available on the Intel website.

Thanks for the info...

The Intel system in question is behind a hardware firewall, that has Stealth mode on the public side. Yes, I did scan the external interface from the outside. Again I did not see traces of outgoing ME connection in the firewall logs, unless ME actually used the system IP/MAC address, in which case I've missed it.

It does not seems to be the case that ME would periodically initiate a "call home". If this is true, there isn't really a security/privacy issue with ME in most cases. After all, most systems should be behind a hardware firewall or at very least, it should have a software firewall that blocks incoming connection attempts.

In order for the ME to be reachable from internet, the firewall would need a configuration for a NAT/virtual server/port forwarding for the system in question. Be that corporate/small business/home use...

Who?March 19, 2017 10:41 AM

@ Spooky

It does not seems to be the case that ME would periodically initiate a "call home". If this is true, there isn't really a security/privacy issue with ME in most cases. After all, most systems should be behind a hardware firewall or at very least, it should have a software firewall that blocks incoming connection attempts.

There are two security/privacy issues —both are comparable here— related to Intel ME:


  1. There may be bugs in the overly complex ME architecture exploitable by people with access to the source code or lucky enough to find them when testing the ME firmware as a blackbox.
  2. There may be backdoors. The easiest one I can imagine is a digital certificate embedded in the firmware that allows the NSA "manage" any remotely reachable AMT-enabled computer.

Think on the Intel ME technology as a sleeper agent. No need to "call home".

schiroMarch 19, 2017 10:47 AM

Stop intentionally making download signature verification difficult.

According to https://blog.torproject.org/blog/tor-browser-numbers
1. There are 100,000 downloads of Tor Browser per day.
2. But only 5000-7000 signature verification is done per day.

93%-95% Tor Browser downloads remains unverified at all.
This is because users only have 2 options:
1. Use GPG to verify and expose their true IP.
2. Not verify at all.

Proper checksums for unsigned raw download has been requested many times, but every-time Tor Project response with the same excuse with a stuck up attitude:
"What if Tor Project get hacked and you download the wrong sig?"

Listen, this is only a valid excuse for providing a better method (The GPG method), this is not a valid excuse for not providing even basic sha256/sha512 checksum at all, because they're not mutually exclusive, you can check both.

Look around, from Linux OSes to bitcoin software, everyone provide sha256 checksums. Somehow Tor Project think they are better than everyone despite a dismal 95% unverified rate. Worse, they have a head-in-the-sand attitude regarding this basic but critical matter.

What Tor Project need to do:
1. Provide sha256/512 checksum for the raw download like everyone else.
2. Make GPG signature verification easy, and possible over tor itself, current guide doesn't cover how to use GPG to verify over tor, thus expose your true IP.

Tor Project developers, stop thinking in ideals and look at the reality.
Take your head out of the sand and actually look at what is happening (95% downloads not verified), not what you want to happen (everyone use GPG to verify).

If Tor Project can't do that, then stop pretending you guys care about user's security and anonymity...

ThothMarch 19, 2017 11:10 AM

@schiro

re: TOR Project

Not sure if you realize that TOR is mostly a walk-over for TLAs and ICs. One reason is they are in their own bubble and try to do things different which does not help the situation. There isn't a need to break the protocol. Just requires defeating the endpoints and software which has been done many times and has always been the headache that has never been solved.

TOR and TAILS try to do things differently with TAILS making it difficult for a direct download and TOR makes verification difficult by simply dumping a screenshot or CLI-shot of the GPG list of public key hashes. Not the brightest idea and the GPG key server traffic is unprotected by some sort of traffic analysis by the way.

Many of us regulars have been wasting our salivas by warning of the dangers of TOR and TAILS but fanboism prevails.

If they really cared about security, they would create a distro from ground up based on a stripped by OpenBSD with security enhancement and TOR browser inside in a Live CD and make the signature easy to verify and easy to obtain. Thing is, these ideas I mentioned have been on this forum for years but look at the disaster with TAILS and TOR. I guess that's just life where the pain hasn't sunk deep enough for people to wake up.

Dirk PraetMarch 19, 2017 11:56 AM

@ Thoth

If they really cared about security, they would create a distro from ground up based on a stripped by OpenBSD with security enhancement and TOR browser inside in a Live CD and make the signature easy to verify and easy to obtain.

Without even addressing all of Tor's weaknesses (@Clive has done so in-depth and on many occasions), that would indeed be a more than reasonable first step. For what it's worth, I think the folks behind TAILS and Whonix are sticking with Linux not just because of the absence of *BSD version of TBB but primarily because of better Linux hardware support. Same thing for Qubes and Subgraph.

@AlanS

'It's not where we come from that's important...' he said. 'It's where we are going together."

Hear, hear.

@ Czerno

Or else, horresco referens (=I can hardly imagine,) are they meaning to have a ... Republic ?

+1 for quoting Virgil. Never fails to draw my attention.

Ergo SumMarch 19, 2017 12:55 PM

@Who?...

I don't disagree, but for argument sake...

There are two security/privacy issues —both are comparable here— related to Intel ME:

There may be bugs in the overly complex ME architecture exploitable by people with access to the source code or lucky enough to find them when testing the ME firmware as a blackbox.

There may be backdoors. The easiest one I can imagine is a digital certificate embedded in the firmware that allows the NSA "manage" any remotely reachable AMT-enabled computer.

The ME firmware is not accessible from within the operating system, hosted by the ME. Even if it could be, it would require local administrator access from the Windows OS, similarly to BIOS/EUFI updates from within the OS. If the hacker (state or private) has local administrator access to the system, there are more serious issues than worrying about ME.

As for the NSA, or Not Secure Anymore agency... If they want to reach my system, there are easier ways. Either, get all my files from Microsoft, or just use the Windows 8.1 telemetry connection(s) for monitoring in real-time. While I don't have MS OneDrive account, nor do I store any of my data in the cloud, I am pretty sure that MS has:

•Lot's of "goodies" about me
•The OS calling home a number of times per day

And yes, the calling home "feature" can be disabled, but it breaks certain functions of the system.

I seriously doubt that NSA would be interested in my system. I am just an average guy, who knows a little about computers and security. I may know more than the average guys, but that's a subjective view.

Hackers on the other hand might be interested, if nothing else for high speed internet access. That worries me more than the NSA....


Who?March 19, 2017 1:46 PM

@ Ergo Sum

The ME firmware is not accessible from within the operating system, hosted by the ME. Even if it could be, it would require local administrator access from the Windows OS, similarly to BIOS/EUFI updates from within the OS. If the hacker (state or private) has local administrator access to the system, there are more serious issues than worrying about ME.

Intel ME works exactly the opposite way. It does not need to be accessible from within the operating system. Intel ME is completely autonomous, works even when the computer is turned off (on a desktop/server the computer must be connected to a power source) and has full access to the computer hardware. It is like having a completely autonomous computer plugged into the busses of your computer, reading the memory and accessing the HDD. Very nice set of features for remote management, but frightening ones in the wrong hangs.

But I agree with you... if you are running Windows then you have worse problems than Intel ME right now.

Ergo SumMarch 19, 2017 1:55 PM

@Toth...

Many of us regulars have been wasting our salivas by warning of the dangers of TOR and TAILS but fanboism prevails.

That reminds me of some definition, incorrectly attributed to Einstein... :)

While I for one appreciate the efforts...

I am pretty certain that the "fanbois", or at least some of them, do know that TOR is not secure. On the other hand, TOR is more secure than any other browsers. Or at least, it provides more privacy than other browsers without much of an effect on viewing pages.

Are there "dangers"? Certainly, just like there are for any other apps. It's a trade off between security and ease of use/convenience. The same trade off that had made the Microsoft OS the most popular desktop platform.

Ergo SumMarch 19, 2017 2:13 PM

@Who?...

That had been my initial understating of Intel ME. Basically, a standalone firmware with pretty much full access to the end user installed OS, be that Windows, MacOS, Linux, etc.

And if I understood correctly, in order to use the ME (malicious or other purposes), it requires local/remote network access. Having local access to ME is game-over anyway and the remote access is iffy at best in most circumstances. Hence the reason I've stated that this may not be high level security/privacy risk.

But I agree with you... if you are running Windows then you have worse problems than Intel ME right now.

Or, if I run MacOS and Linux, which I do... :)

Who?March 19, 2017 2:17 PM

@ Ergo Sum

Or, if I run MacOS and Linux, which I do... :)

I must admit that you are very good at making poor operating system choices. ;-)

Who?March 19, 2017 2:25 PM

@ Ergo Sum

Intel AMT can be remotely configured if you have the right digital certificate, and it works even on a computer that has been turned off and whose drive has been completely wiped.

albertMarch 19, 2017 3:04 PM

@Clive, et al,

Re: our last conversation regarding squid.
That squid 'harvest' (60,315 tonnes) is about 133 -million- pounds. The equivalent weight of water would occupy a cube 128.6 feet on a side.

These numbers a barely imaginable.

Like everything else on this planet, renewable resources are not infinitely sustainable.

A word to the unwise goes unheeded.

. .. . .. --- ....

FX8800PMarch 19, 2017 3:29 PM

Noting some discussion here about Intel ME...Last summer to avoid out of band management on a new laptop I purchased an HP Envy m6-p114dx with an AMD cpu FX8800P (FM880PAAY43KA) which doesn't support AMD out of band management DASH (its sister cpu Pro A12-8800B, FM880BAAY43KA has full featured DASH) I upgraded the memory to 16GB and the HD to 2TB and removed the wifi/bluetooth card from the motherboard.

Anyway it would only run win10, I couldn't get any linuxes to install (or win7) nor any live linux distros to boot with the exception of gparted live 0.22.0-1 (latest gparted won't boot) so I gave up for a while. Tried again to today with knoppix. It wouldn't boot either and I had been coming to suspect the AMD Radeon R7 graphics open source drivers being the culprit which now definitely seems to be the case since I just tried boot options

boot: knoppix nomodetest nocomposite no3d 3d

for bad and problem graphics cards and low I'm thrilled as now it boots. If I could only port the options to say the opensuse leap 42.2 install disk then boot to runlevel 3 after install and get the proprietary radeon graphics drivers.

So now I'm hearing Tor is bad and tails is bad (and no boot options to change) and linuxes are bad --> go with open bsd blah blah. Opensuse has got to better than win10 though.

Also how do the usual suspects find any time to do all the hardware hacking they speak of in this blog when they seem to spend all of their time writing long long posts in this blog? ;)

Ergo SumMarch 19, 2017 3:52 PM

@Who?...

I must admit that you are very good at making poor operating system choices. ;-)

These are not poor choices, I call them practical in selecting the least resistance. ;-) I have no time, nor inclination to spend days or weeks for establishing a marginally more secure system with limited functionality. Maybe when I get older and my grand kids grow up and don't want to spend time with me, I'll change my mind...

Intel AMT can be remotely configured if you have the right digital certificate, and it works even on a computer that has been turned off and whose drive has been completely wiped.

Yes, that had been my understanding...

Having the right digital certificate is a big if, provided you don't count NSA and/or LEOs in general. But even then, there's a need for local/remote network access. We covered both type of accesses and agreed, that:

A. If the local access is available, game over anyway with these platforms
B. Remote access is not possible without enabling port-forwarding for the system on the hardware firewall
C. Access can be gained to my systems through the platform easier than through IME

As such, IME isn't a "low hanging fruit" for me. On the other hand, it is interesting to read about and understand how it works.

My conclusion is that there are more and more large corporations in the US that implement solutions that are "double-edged sword" to phrase it mildly. Like there have not been enough... Yes, these solutions could be useful to end users. On the other hand,cynically, the original intent is to create a backdoor, the usefulness is "dressing up the the emperor"...

ab praeceptisMarch 19, 2017 4:01 PM

Nick P

Scoop? Pardon me, but that must be a joke, no? Scoop is but Eiffels me-too of what some Modulas and, of course, Ada (tasks) have since eternity. Sure, à la Meyer but still that's about it.

Moreover I was talking about something quite more complex than "We now have multithreading in the language, too". I was talking about temporal complexity.

As I seem to have not made that clear enough, let me quickly summarize the situation (not perfectly correctly but good enough to understand what I'm talking about):
Code and flow analysis can now be considered as mastered. The remaining two hard nuts are space and temporal. There are approaches for both - but: Meanwhile the world has gotten much more complicated. We don't simply have space but we have layers and classes of spaces spread all over the place. To make it more funny there is temporal complexity involved, too (see eg Pliessens, Jacobs et al).
And then temporal complexity, where time actually is often just the perspective axis we chose and causal complexity is in the game, too.

As if that wasn't bad enough, another ailment still creeps along, namely the fact that pretty much all architectures (and established ways to perceive a system and the related problems) are like "Well, a processor is a large instruction processor plus needed housekeeping and data pumping".

Too bad because while that may have been true decades ago, today a central processor is but one of many and the whole system is a (largely insane, one might think) very complex ballet of event processing. *That* makes our lifes hard, not multithreading or pointers as many still think.
Gone are the days of instruction workshops, even of multiple workshops. Today we have very complex systems of event driven reactors and often enough it is *not* the processor that defines the power of the system.

To give you a meaty demonstration: epoll, kqueue and colleagues as still rather friendly (because highly abstracted) event systems. Lots and lots of problems there, e.g. up or down edge triggered or level triggered.
And there the distance between math. models and hardware is still frighteningly large.

To make it even funnier we today often deal with whole systems which are basically event reactors and, well noted, with the events being largely "random"; not really, but being external(ly controlled) we must look at them as if they were random.

Back to the languages: Scoop? Boring. Rust? but a (granted, half-way decent) attempt at keeping pointers from cluster-fucking the system. H3? Absolutely valuable and great but a hammer where fine pliers are needed (unless we find a way to properly transpose them into that domain).
What's left? Pony and Ada. Pony looks *very* promising; should actually rather be called race-horse - but quite focussed on (insane amounts of) events. Which leaves us with Ada again. Why? Because it not merely gives us "multithreading in the language, somehow" but it gives us a whole task toolset (with e.g. timeouts and guards). Plus protected data. And the whole she-bang verifiable. Ada is about the only actually practically useable and productive application of H3 in the space and temporal complexity domain I'm aware of.

"4 men, 100 papers" - while you continue to hit on that and to call it meaningless, trolling, whatnot, I keep saying it as long as you talk from the 1.000 papers ivory tower. If you continue calling me trolling I will sooner or later have to provide you a link to Feynmans famous "knowledge vs. understanding" ...

"Dijkstra's style was academic as hell" - says Nick P. I don't agree but that aside, so what? academic style or not, he still addresses real problems and offered real solutions; the fact that he didn't offer them in the form of a language doesn't change the basic statement.

"Hoares was ..." - So what? H3 was and still is one of the, possibly the fundamental building block.

"Wirth's solution was rejected by the real world" - it seems, your real world and mine are rather different. Maybe because I work in it. Wirth's work can be clearly found in Ada and in many others. Moreover "the world /= us of a". In Russia, for instance, Wirth was and still is revered as one of the biggest and at least in my world there are about 1.000 times more leaks and bugs and problems known from the western world than from Russia.
Pissing against Wirth always and reliably ends up with the acting one wet and Wirth dry and clean. There are *very, very few* in the same league as Wirth. I named a few.

"Meyers got stuff done in the real world by being pragmatic" - You would be amazed about the far reaching and complex thinking of Meyer. In fact, nowadays I consider his (usually amusing to read) thought excursions as more important than Eiffel.

As for the "historic work" (suggested by you as reading material), do yourself a favour and let go quietly. Not only is a debate about "dijkstra against who the fuck?" ridiculous (at the expense of who the fuck) but even more, Dijkstra was *obviously* right and who the fuck shouldn't have published his nonsense. Simple as that.

And yes, I was serious and honest when saying that there are things I enjoy Nick P offering. I consider you an intelligent man and one who can often contribute valuable information to a discussion. But I also see you as someone who does not always chose wisely when and what to say. I'd love to get more from the understanding side and less from the knowledge reciting from you. It's one of the few things we humans still do much better than googles data centers. Understanding.

Nick PMarch 19, 2017 9:03 PM

@ ab praeceptis

"Scoop is but Eiffels me-too of what some Modulas and, of course, Ada (tasks) have since eternity. Sure, à la Meyer but still that's about it."

Your trolling is even more evident. The Modulas didn't have concurrency safety. It was the stuff you can mess up easily like all the others. The Ada Ravenscar profile is a huge PDF of all kinds of restrictions and methods to achieve safety in static, embedded programs. So burdensome it was usually avoided in favor of RTOS's or external schedulers. The Eiffel method is race-condition-free by design working on *normal* programs. The Rust version works on normal programs, too. That's a quantum leap in usability & applicability.

" let me quickly summarize the situation"

You're talking about a lot of things peripheral to the original conversation. Your original claim was a troll statement that anything negative four people say should be considered true. I disproved it easily. Also in your reply was a mistake on memory and temporal errors which are already covered by existing, deployed languages. Mainly Ada and Rust but also static analysis tools. This stuff is deployed in production. epoll, kqueue, etc weren't designed using methods of obtaining strong correctness. They ended up hard to do correctly. Whole shebang of Ada verifiable you claim despite fact that nobody has ever verified it at code or compiler level. Its complexity made Praxis throw out most of it in form of SPARK that worked on static programs. Seems like a bunch of strawman points that are irrelevant to original claims of "something is wrong because people said it is w/ no evidence." Also the comments don't address positively or negatively the fundamental techniques in the topic of conversation at all. Might be helpful in some other conversation.

"long as you talk from the 1.000 papers ivory tower."

Comment follows with a lie you often repeat about a guy that was a hacker, programmer, builder, listened to shitloads of people in many trenches, did operations side of grueling businesses, and read lots of papers by most accomplished in CompSci and industry along the way. Your ivory tower guy who only read some papers is another strawman. You use it when dismissing critiques or complaints about your trolling.

"As for the "historic work" (suggested by you as reading material), do yourself a favour and let go quietly. "

Those that ignore history tend to repeat it. Usually badly. Many people enjoy the historical digging I do. I've also found ideas in it. You've merely shown you'll drop tangents, strawmen, ad hominems, and other things over posts your don't like. While not addressing the content of the posts' claims. Meanwhile, I'll continue to dig good ideas or at least those fun to read about out of history like I did with safe CPU's of Burroughs and once upon a time a safe language called Ada people told me to ignore since it was a relic of history. You don't even practice what you preach about ignoring things from the past that aren't widely used. So, I surely shouldn't buy into that.

ab praeceptisMarch 19, 2017 10:11 PM

Nick P

That last post of yours is not even worthy of a comment. It's *obvious* that you do not understand quite some of what you read (and then talk) about.
I'm interested in reliable and safe systems and security. Whenever you really have something to contribute in that regard (which sometimes happens) I'll listen.

Have a nice evening

Clive RobinsonMarch 19, 2017 11:39 PM

@ Ergo Sum,

That worries me more than the NSA....

You probably know the saying "From little acorns mighty oaks grow".

Well it applies in other ways. Somebody I know when a little boy used to annoy his parents by throwing acorns from the oak tree in their garden up against their house. Being "modern parents" they would sit him down and tell him why he should not do it (this was long before the "naughty step" idea). He however just carried on... After a while his parents gave up sitting him down and telling him why he should not do it. Then one day there was a loud crash followed by one of those silences writers like to talk of for dramatic licence. The small boy had for some reason thrown not an acorn but a pebble and had hit the stairway window and broken it. Due to the size and the fact it was an "art deco" design house the repair bill was large... Apparently his parents became a little less "modern" and he stopped throwing things against the house, but he did not stop throwing things. As he grew he took up various sports but finally settled on doing the various "Highland Games" sports one of which involves throwing what are in effect "tree trunks"[1].

The point is the NSA are currently "throwing acorns against the wall" and the US gov appropriations and legislature are being not modern but "negligent parents" and giving them everything without question let or hinderance. Thus the NSA are flexing their muscles and will grow into rather more than throwing pebbles through windows.

[1] You can blaim Dirk Praet for bringing this story back to mind because the little boy when not so little did at one point go "retro punk" and wear a kilt and have a mohawk hair do, though bright purple not green, something his wife tells me she is not going to let their own now not so "little boy" do (though his kicking a football against the garage door hard enough to break it is still a sore subject).

Clive RobinsonMarch 20, 2017 12:11 AM

@ FX8800P,

Also how do the usual suspects find any time to do all the hardware hacking they speak of in this blog when they seem to spend all of their time writing long long posts in this blog? ;)

Check the time stamps and where known cross refrence the author location.

Where I am it's just after five in the morning.

Whilst not suffering from "Trumpism"[1] some of us don't sleep as well as our doctors would like, my doctors put it down to "stress" and keep telling me I have all the signs and symptoms.

Basicaly for some reason they think I'm a chronic worrier, can't think why that would be...

[1] A new name for the odd habbit of tweeting whilst sitting on the toilet at three in the morning. A sort of modern day equivalent of priapism.

MaestroMarch 20, 2017 1:31 AM

the following rarely happens as everyone carries on regardless but you all deserve it:
I wish to acknowledge the community here and particularly the spirit. The overall theme is one of honesty, sharing, support, patience and inclusiveness. Thanks for being a mature, friendly bunch all working together and extending themselves to anyone in need. It's unusual and refreshing. Kudos to Bruce Schneier and his indomitable instincts.

A quick shout out to Wael, one of the longest continuous members here (Clive and Dirk and Nick P appear to be the others) The sum total of this place would absolutely be worse off had not Wael been contributing all this time.

Wael, we are very sorry to hear you are unwell, our communal care bear stare is all lined up beaming you healing electrons and uplift. We declare you healed. It is so.

Oh and Jennifer Grout is sneaking in an extra lovin' spoonful

WaelMarch 20, 2017 3:11 AM

@Maestro, @Clive Robinson, CC: FX8800P,

We declare you healed. It is so.

I think lack of sleep has finally got to me. I'm feeling better now... thanks!

A sort of modern day equivalent of priapism.

How so?

WaelMarch 20, 2017 3:14 AM

@Nick P,

Accidentally stumbled on a great survey of high-assurance,

I didn't have the chance to read it. Perhaps another day, I have a ton of crap (work, that is) to finish.

Who?March 20, 2017 3:55 AM

@ Ergo Sum,

These are not poor choices, I call them practical in selecting the least resistance. ;-) I have no time, nor inclination to spend days or weeks for establishing a marginally more secure system with limited functionality. Maybe when I get older and my grand kids grow up and don't want to spend time with me, I'll change my mind...

Calling OpenBSD "marginally more secure" than Windows, OS X or Linux is like calling NSA a bunch of script kitties.

To own an Intel ME computer it is enough controlling a single computer on your internal network. Your Windows computer is compromised right now. Why? Do you remember when Microsoft sent a wrong patch than blocked Windows Update a few years ago? They "fixed" it on millions of computers by removing the wrong update remotely, without user intervention. I am surprised no one cared then, when Microsoft took control massively of Windows installations.

No one cares if your computer is behind a firewall. Is it Windows-based and does it have access to Internet? Then it is compromised. Period. Not to say if your "firewall" is just a home router whose best protection is that it runs NAT.

keinerMarch 20, 2017 4:45 AM

@Who

If the malware (MS OS, whatever) is on the LAN, there is virtually nothing you can do with a "firewall" to stop it from sending home whatever it wants. Nothing. Except blocking all traffic to WAN at all (hopefully...).

And if your BSD-based firewall resolves (DNS) MS-telemetry domains on WAN without ANY clients on LAN you loose the believe in any kind of firewall at all...

quackquackwhatMarch 20, 2017 4:48 AM

Fun fact: as of right now duckduckgo.com in the Tor Browser returns 0 hits for "obfuscate" "tor protocol" but lots from a non-tor Firefox. Changing Tor circuit makes no difference. Ideas?

Dirk PraetMarch 20, 2017 5:14 AM

@ Wael

I think lack of sleep has finally got to me. I'm feeling better now... thanks!

Sounds familiar. When I was younger, I could easily go with an average of four hours a night, but those days are long gone. Same thing with recovery time from a hangover.

@ Who, @ Ergo Sum

Is it Windows-based and does it have access to Internet? Then it is compromised.

Yup. But your Intel ME-inside OpenBSD machine is probably just as compromised, assuming you got it to install in the first place. From an anti-theft, remote monitoring and control vantage I am all for this type of technology as it offers quite some interesting features. I only wish it could be entirely and positively disabled by just flipping a couple of dip switches. Allowing third parties to sneak their own stuff in is only making things worse. So far, Intel ME and the like meant your machine was no longer your machine. It would now seem that it is not just your machine any more, but pretty much everybody's machine but your own.

Myself, I am using Windows, MacOS and Linux too, Android being the only platform I completely shun and displace because it is broken beyond repair and from a security vantage impossible to even mitigate. As an IT engineer, you just can't afford not to because most, if not all your clients have it and you need to stay proficient in them in order not to appear out of touch. Unless you have the good fortune to work for customers that don't have these at all (like who?), you will need to deal with them and be asked to somehow lock them down as to prevent them from being used as jump hosts to compromise your secure infrastructure. Although arguably an uphill battle, not every private individual or organisation is up against resourceful state actors, and there really are lots of strategies and methodologies you can apply to make these operating systems significantly less insecure than their default setups, even if only to demonstrate industry standard best practices and due diligence to external parties investigating an inevitable breach.

@ keiner

If the malware (MS OS, whatever) is on the LAN, there is virtually nothing you can do with a "firewall" to stop it from sending home whatever it wants.

It's an exercise in futility indeed. As much as you can sinkhole known telemetry hosts or block both ingress and egress traffic on known ME ports, you can simply not defend against outgoing connections tunneled over http/https unless somewhere on your WAN you are using a couple of expensive DPI appliances.

@ FX8800P

Also how do the usual suspects find any time to do all the hardware hacking they speak of in this blog when they seem to spend all of their time writing long long posts in this blog?

I can only speak for myself, but I generally write very fast. Even back in the days at high school or uni, I delivered 50+ page papers in just a couple of days whereas it took most of my colleagues weeks or more.

ab praeceptisMarch 20, 2017 5:21 AM

Who?

Depends. Seen from a certain viewpoint, Ergo Sum isn't all that wrong.

Sure, 5 is much more than 2 if you put them next to each other, and similalry OpenBSD is much more secure than windows.
If you put 2 and 5 on a scale from 1 to 100, the difference becomes insignificant. Similarly, putting OpenBSD and windows on an axis from zero security to really secure, the difference between them seems much less significant.

Moreover one should see that many things are simply outside of the OS's realm. ssl is an example. No matter, how secure the OS is, running anything based on ssl (or tor, or ...) you are f*cked.

Finally, as much I detest microsoft, we have to see that they have put very considerable resources (that OpenBSD and others simply couldn't have available) at work in the field of safer code. And it seems reasonable to assume that they apply at least in small steps what they have learned and available to them.

Furthermore one might argue that using any of the major processors, in particular from intel and amd, the nsa people probably aren't that concerned about OpenBSD, which almost certainly just makes their job a little harder if that.

I myself value the work of the OpenBSD team highly and, of course, a system is more secure with OpenBSD than with windows but unfortunately *both* have to be considered unsafe.

Curtailing Devious Reverse TargetingMarch 20, 2017 5:31 AM

Another great article from the NYT:
To address the threat to American privacy from incidental collection, the government applies what it calls “minimization” rules. Names of Americans must be masked in intelligence reports disseminated by the agencies, but there are exceptions: Officials can request that the names be unmasked to help understand the reports, and the names are available to criminal investigators.
There is also the possibility of what is called “reverse targeting” — say, eavesdropping on Mr. Kislyak, ostensibly to find out what the Russian ambassador is up to — but with the REAL GOAL of catching Mr. Flynn. Reverse targeting is prohibited by law, but Ms. Goitein points out that it is difficult to prove because it requires showing what was in the eavesdropper’s mind.

...few Americans are aware of the extent of the incidental collection of their emails and calls.
David Medine, who was chairman of the Privacy and Civil Liberties Oversight Board from 2013 to 2016, is a supporter of stricter rules that would require court approval for such searches. He noted that the normally five-member board, which by statute has subpoena power and access to even the most classified material, currently has only one member and is awaiting nominations from Mr. Trump before it can resume its work.

Solution
“If the president is concerned about surveillance by the intelligence agencies,” Mr. Medine said, “one thing he should do is appoint new members to the board.”
https://www.nytimes.com/2017/03/19/us/politics/trump-wiretap-accusations-privacy-debate.html?_r=0

Devious: adjective. 1Showing a skilful use of underhand tactics to achieve goals

Clive RobinsonMarch 20, 2017 6:15 AM

@ Wael,

How so?

I'm assuming you can use the internet to find out the obvious symptom, and it's secondary effect. It often interfears with other bodily functions causing the secondary effect to increase significantly thus giving rise to utterances in the night time that can cause disturbance far and wide and bring condemnation on the utterer. Now if you use the slang word of the part effected by the primary symptom you should be able to put it all together. But can I suggest based on similar previous enquires that you consider the progression of sunset which goes from yellow to red that is the warning for the blackout of night.

ThothMarch 20, 2017 6:29 AM

@Is OpenBSD more secure than Windows, Linux and Mac when running on modern Intel chips et. al. ???

Just go dig a hole and build yourself a Faraday's Cage and your own power generator using coal.

Don't touch anything with microchip (i.e. modern cards, modern ticketing and transport ...).

Instead of debating what's better, open a Github account if you haven't, and start helping out by contributing code reviews and do something useful.

Busy ? If everyone's busy, then we will just continue to sink deeper in this endless mud pit for eternity and there's no one to blame but ourselves.

Go and help Genode make their framework more mainstream. Go and help Redox OS become more mainstream. Go and help RUST and whatever high assurance tools and languages you believe so much in to go mainstream.

Enough said ... get something done already ...

Clive RobinsonMarch 20, 2017 6:46 AM

@ Who?

Is it Windows-based and does it have access to Internet?

Which brings us to the question of "How do you know it does not have Internet access?"... Which in turn brings us back to the question of "If you don't control it do you realy own it?" which mobile phones and Intel and AMD "managment engines" brings up... As has been pointed out in the past you can put a mobile phone electronics all in a quite small chip such as a SoC. Further as is well known you do not need a SIM --physical or software-- to use the network world wide, the most obvious being emergancy calls but there are other tricks. Also where a software SIM can be used to dial home on reverse charges or simply connect to a free phone number used for data connectivity, much like a broadband mobile data dongle.

So the idea that a "firewall" will stop Micro$haft and their "instrumentation" or others getting at the managment engines is quite old fashioned technology wise. And if history teaches us anything about humans it's "If it can be done, it will be done, and usually for the worst possible motives first". Oh and as we should all know by now the defence of "National Security" forgives any and all sins committed against the people by those in government.

Who?March 20, 2017 7:07 AM

@ Clive Robinson

Very true, we cannot be sure the scenario you outline is not happening right now.

Our only hope to think it is not happening —or at least it was not happening a few years ago— is that NSA spent a lot of effort developing a set of hardware implants that can exfiltrate information from other computers, as shown in the ANT catalog. Things can change quickly, however, and any computer with an innocuous Wi-Fi antenna is a good candidate to hide a covert communication channel.

Ergo SumMarch 20, 2017 7:09 AM

@Clive Robinson...

Those, who live in glass houses, or have garage doors :-)

The point is the NSA are currently "throwing acorns against the wall" and the US gov appropriations and legislature are being not modern but "negligent parents" and giving them everything without question let or hinderance. Thus the NSA are flexing their muscles and will grow into rather more than throwing pebbles through windows.

The question comes up... Is that "negligent parents", or they have intentionally allowed and may even encouraged "throwing acorns against the wall"? The little boy (Dirk?) in your example, was he encouraged by the parents throwing acorns and later stones at the neighbors house? Maybe the parents did not like the neighbors and having the little boy do the deed avoided direct confrontation with the neighbor.

Much of the same can be stated about the US appropriations and legislature. They might be negligent, or they just want to have full control. The government (deep state) has NSA and other IAs do the dirty work and in the meantime, it tries to pretend working for the people. Private companies such as Apple, Google, MS, etc., had made collection of data a lot easier, in exchange for tax breaks and relaxing regulations for them. The end result is the same as it was in your story...

WaelMarch 20, 2017 7:15 AM

@Clive Robinson,

I don't need the Internet for that. Other commercials make the four hour thing clear. I like the slang part :)

But can I suggest based on similar ...

Of course! You can suggest anything. But old habits die hard.

Who?March 20, 2017 7:27 AM

@ Thoth

I am doing my best to improve the huge technology problem we are facing now. I will not go into details, but I am a developer at a software project closely related to computer security since a decade ago. Sometimes I try to educate people, even if most times it is fighting a losing battle, or suggest random ideas like "isolating the management engines on its own physical network" in the hope they will work and slightly improve the current security madness.

By now our best hope is that NSA is just "another intelligence agency," even if the most powerful and advanced one, but things are becoming worse very quickly and the world must learn this fact before it is too late. EU sanctions against the United States and terms like "safe harbor" are not the answer. In the long term we need truly technological independence from the United States based on open hardware, software and standards. We need independence from the evil corporations and governments too, but I am not sure it can be done.

Clive RobinsonMarch 20, 2017 7:35 AM

@ Albert,

Like everything else on this planet, renewable resources are not infinitely sustainable.

No they are not, which is the problem with voracious predators, they upset any kind of natural balance.

Whilst this particular spiecies of squid has not been too much of a problem, some like the Humboldt / red devils have. What used to keep the Humboldt numbers under control were the likes of whales, sharks and other apex predators, which man has over fished to the point of extinction and beyond for some species.

Thus the question of how to redress the balance. Humboldt have incredibly short life spans and to grow to the size they do in a year often involves cannibalism. Which has been shown with the examination of stomach contents. Something like 4 out of 9 examined Humboldt have parts of other Humboldt in them. But through most of a Humboldt's life it is a food source to other predators which it in turn predates as it grows, the problem being the other predators have a slower rate to sexual maturity than the Humboldt. With the larger apex preditors removed the Humboldt has an increased advantage. which as perhaps the most voracious preditor known to man means other species get decimated. It appears that the only real control on Humboldts when they are more than a foot or so in length is south American fishermen who export much of their catch to southern Europe. But they are not keeping ontop of the numbers, so the Humboldt range is steadily increasing northwards, threatening new marine habitats. Hence my comments in the past that we should eat more Humboldt.

However that in it's self is problematic, in that once mankind gets a taste for a particular species it tends to fish it to excess. Stopping this is quite problematic in that the "quota system" you see in Europe, has as most political solutions do, secondary consequences. That is most fishing techniques are not species specific, thus when the nets come in maybe one third of the now dead fish in it are the intended catch species, thus if the quota has already been reached on another species in the net it gets dumped over the side...

Ergo SumMarch 20, 2017 7:38 AM

@Who?...

No one cares if your computer is behind a firewall. Is it Windows-based and does it have access to Internet? Then it is compromised. Period. Not to say if your "firewall" is just a home router whose best protection is that it runs NAT.

I have a feeling that you don't like Windows... :-)

Windows is compromised by whom, hackers (private or state) or by Microsoft? Windows, like any other platform, can be reasonably protected against malware. Maybe not against state pushed malware...

Protecting Windows from Microsoft is not using Windows. The same as with other platforms, such as MacOS, Linux, Chrome, Android, iOS, etc. aren't that much different. If anything, some of the other platforms had been doing it long before Windows. Microsoft is just late to the data collection bonanza.

Or for that matter, applications aren't that different either. Nowadays, all come with built-in telemetry that calls home all the times. Security solutions are even worse, they do call home as well and the top of that they have admin/system level access to the platform in question.

To paraphrase your statement... Is the platform and/or app connected to the internet? Then it is compromised... Trailing periods :-)

Clive RobinsonMarch 20, 2017 8:05 AM

@ r,

Re:diode implementation

A look at the article shows,

    Genua is showing its Data Diode.

But does not mention the price, which I suspect will be way beyond that of a SOHO or Home User. Who will want the price to be not to disimilar to a "home router" to be interested in acquiring.

A point I've made before when we have talked about using TOSLINK parts to make your own data diode.

It's why I've suggested people not just think about it but actually manufacture as a combined product which will sell to both the "home musician" and "home security" markets. Nearly all the electronics side is documented quite freely on the Internet as are PCBs. The only missing part is the enhancments to the existing software.

But back to the Genua as described in the article,

    ... it allows the transfer of data... ...into a network at up to 3 Gbit/s, while ensuring that only the necessary protocol status messages are sent back.

I'm hoping the journalist is only reporting one or two features because I would want to see one heck of a lot more security features for the data diode not to be considered a "jump on the bandwagon gimic".

gnoshMarch 20, 2017 8:58 AM

Everybody wants to forget about it now, since it flopped, but Russian-hacking idiocy just got even more embarrassing. Turns out the Russian spies hid from their own Russian spy agency but not from the Americans. They used their super ninja spy skillz to communicate over Yahoo, which is perfectly transparent to US intelligence but hard for FSB to surveil.

https://www.emptywheel.net/2017/03/18/why-would-an-fsb-officer-use-a-yahoo-email-account-to-spy-for-russia/

Russia had the US mole in their crosshairs the whole time he was 'hacking the election' for Dem dupes, and now they rolled him up. Oops.

JG4March 20, 2017 12:08 PM


@Clive

I'd be quite happy with a few hundred kbits per second if I only am using the optical diodes to transfer encrypted messages back and forth to an energy-gapped machine. The Digikey catalog has plenty of parts that would allow you to cobble something together for a few tens of dollars. It would make a nice open source project and could hew to the TOSLINK standards.

BTW, any medium-sized enterprise can defeat traffic analysis of their phones by using the technique that you described as an alternative to TOR. I missed the terms of art, but it was some kind of ring that passes around what amounts to noise with occasional bits of signal mixed in. The secure audio hardware passes encrypted audio to the phones, which all dial in frequently to the secure central server. Most of the time they are transmitting and receiving noise. This system could be open sourced. One problem is that defeating government surveillance will open the door to abuse by private-sector criminals. Of course, the private-sector criminals already work hand-in-glove with the public-sector criminals, so that may not be as bad as it sounds. The best case scenario on the old blue marble of entropy maximization may be a profoundly dynamic balance of terror.

There were a few good links at NakedCapitalism on Saturday. This is all that caught my eye today:

Why does WikiLeaks keep publishing U.S. state secrets? Private contractors. WaPo
https://www.washingtonpost.com/posteverything/wp/2017/03/16/the-reason-wikileaks-receives-so-many-u-s-state-secrets-private-contractors/

it's not a bad idea. during the telecom mass delusion there was an outfit that was going to do this between buildings. I gather that this implies doing it indoors

Infrared light could someday deliver super-fast WiFi Engadget (Furzy Mouse).
https://www.engadget.com/2017/03/17/infrared-super-fast-wifi/


SeanMarch 20, 2017 1:07 PM

Interesting news out of Jordan today. Royal Jordanian Airlines is banning most electronics on-board, effective tomorrow March 21. The only devices you'll be allowed to carry are cell phones and medical devices.

They claim it's due to advice from the US Gov't:

https://twitter.com/RoyalJordanian/status/843860881947725825

Any thoughts anyone? I'm not hearing anything from anywhere else. Misinterpretation? Hollywood Plot? ?

Dirk PraetMarch 20, 2017 3:26 PM

I know @Moderator has asked for restraint in discussing bipartisan US politics, but since the issue of alleged Russian election meddling has come up here more than once, has anyone watched today's House intelligence panel hearing starring Comey and Rogers ?

Interesting revelation by Comey that the FBI was already on it in July last year, just didn't bother to tell anyone for months. The highlight however was Trump's mischaracterizing commentary tweets being debunked in real-time. As expected, all parties confirmed there was no evidence whatsoever for Trump's allegations that Obama had him wiretapped.

ab praeceptisMarch 20, 2017 10:00 PM

Dirk Praet

From what I understand, Moderators comment was targetted at the normal (non friday squid) threads. Here in friday squid we are, I understand, free to discuss whatever we please, albeit preferably matters in relation to security - which "has Trump been wiretapped?" is.

As for the matter itself: I suggest to wait and see. Early reports about Trumps stupidity might well turn out to be premature and exaggerated.

For one Trump has a good argument on his side, namely a nyt report about him/his team beeing "wiretapped". Second either his team has some rats or they have been "wiretapped" because otherwise certain information (e.g. phone conversations) couldn't have been published.

Third, and probably most importantly, there *is* a "deep state" in the us of a. That is well known since JFK who went against the cia and also since hoover all but openly blackmailed the highest levels of government.
Moreover it is well established that major media a) are fed by the deep state and often act as mouthpiece and b) that i.a. the cia quite openly said (already years ago) that they exert considerable control over the media.

Which all in all creates a situation in which Trump must, and, so it appears, already does fight against (parts of?) the deep state.

Moreover there is a political-strategic dimension. The deep state and clinton have all but declared open war against Trump and they chose as one major weapon to paint him again and again as a Russian asset. It was hence a necessity for Trump to bring up something against that, something that potentially destroys the narrative of clinton and deep state - which is his "we have been wiretapped". Looking tactically at it, it is not a weakness but a wanted effect to keep this open for a while and even to let the opponent feel that they have won.

I might be utterly mistaken and fallen victim to weirdo theories while actually we all live in happy lala-land. If I'm even just vaguely right, however, then we are currently experiencing a war that might be widely invisible to Joe and Jane Everybody that, however, is nevertheless brutal and particularly dangerous as it is raging inside the country (us of a).

Bong-Smoking Primitive Monkey-Brained SpookMarch 20, 2017 11:07 PM

@Maestro,

one of the longest continuous members here

Clive, Nick P, and Dirk Praet have been here long before "him".

Nick PMarch 20, 2017 11:53 PM

@ Bong-Smoking Primitive Monkey-Brained Spook

Your animal instincts were correct. There's an old crowd, a newer crowd, and an intense psy-op from newest crowd. ;) Wael is apparently just getting some fan recognition from his contributions here. Good for him.

Clive RobinsonMarch 21, 2017 12:35 AM

@ Daniel, Bruce,

If you read the paper you will find that the first analogy on page 23 is wrong.

The authors should not have used breaking a car window to get around the lock, as an analogy of a weak encryption design.

Using a slide hammer against the lock, or drilling the lock out, would have been more appropriate.

Smashing the window is the equivalent of an "end run" attack around the lock or crypto algorithm.

furloinMarch 21, 2017 1:37 AM

Looks like anyone suicidal for both compsec and personal safety by entering the US of A will begin having a even more difficult time. now http://www.zerohedge.com/news/2017-03-20/us-bans-laptops-ipads-anything-bigger-cellphone-flights-13-countries

@ergo sum

"Protecting Windows from Microsoft is not using Windows. The same as with other platforms, such as ... linux, ...."

I am curious. Who is it that I am protecting linux or openbsd against? Is it linux/openbsd devs themselves? Is it the distribution maintainer that you would fork an OS from? Is it all the GNU subtleties within it? Same questions for openbsd. I was not aware of any built in and/or passive telemetry for either of these platform's OS layer unless you use something uneccessary like chrome with them.

WinterMarch 21, 2017 4:31 AM

A story with a lot of interesting angles:

'Sorry, I've forgotten my decryption password' is contempt of court, pal – US appeal judges
Claiming you can't remember your passphrase to unlock data is willful defiance
https://www.theregister.co.uk/2017/03/20/appeals_court_contempt_passwords/

Among other things, I was puzzled by this quote:


Forensic examination of the computer indicated that the device had been used to visit known child exploitation sites and to download thousands of files with the same hash values as known child pornography files.

Note, the files themselves were not found. How did the forensics find the hashes of the downloaded file? Where are these stored?

mostly harmfulMarch 21, 2017 5:54 AM

@Winter

Based on the limited information in that article, I speculate that the cops found .torrent files[3] on the defendant's Mac when they decrypted its internal hard drive. The defendant may have stored most content files on the external drives (which the cops haven't been able to decrypt, apparently), but kept .torrent files (which are relatively small) on the internal hard drive.

A .torrent file is a meta-info dictionary that includes SHA1 hashes of (fixed-size blocks of a concatenation of) its associated files (the content files like mp3s, or videos, or whatever).

Now, just because the defendant's Mac's internal hard drive contains a .torrent file associated with a certain collection of files, this does not by itself prove that the defendant ever downloaded that collection.

However, it is quite normal for a bittorrent client to keep track of the state of a given download. So for each .torrent file the defendant's bittorrent client knows about, the defendant's bittorrent client may have kept notes in an additional metadata file, which "testify" as to what proportion of the files had been downloaded.

Those additional metadata files, used by the bittorrent client, might well have been on the internal hard drive as well.

Anyways, if there's any truth to the prosecution's claim, that's my best guess regarding its basis.

[3] http://bittorrent.org/beps/bep_0003.html

Dirk PraetMarch 21, 2017 6:48 AM

@ ab praeceptis

It was hence a necessity for Trump to bring up something against that, something that potentially destroys the narrative of clinton and deep state - which is his "we have been wiretapped".

While there most probably is something like a "deep state" in pretty much every country around the world, it's kinda doubtful that in a US context this would somehow be a Democrat-only thing.

Extraordinary claims - especially when coming from a sitting president openly accusing his predecessor of a felony - require extraordinary proof. And for which there apparently is none. Trump has been shown to be a serial liar all throughout his campaign and he is just staying the course. His misleading interpretations of Comey's and Rogers' statements during the hearing just add fuel to the perception that either he has no clue whatsoever what he is talking about or is just trying to bend reality to fit a narrative that ony exists in his mind and was put there by questionable media like Fox News, Breitbart and Heat Street. Same thing goes for his allegations of Germany owing NATO and the US a ton of money.

You often hear that we should take his statements seriously, but not literally. That's not how things work in the real world, as recently shown by the Hawaii judge who struck down his second travel ban by taking at face value some of his and Rudy Giuliani's previous statements on a Muslim ban. The man is obviously incapable of any type of restraint and seriously delusional in his perception of reality. To see both traits in a US president is downright frightening.

Comey's divulging of a Trump-Russia connection investigation they were already looking into as early as July last year is troubling on more than one level as they obviously didn't have any problem bringing out in the open the Clinton email affair with hints at new information only shortly before the election. As the FBI in general is reasonably fast with conclusions and attributions - particularly with cyber incidents - an investigation that is now in it's 9th month to me indicates that there is more than just a wee bit of smoke.

@ mostly harmful, @ Winter

Based on the limited information in that article, I speculate that the cops found .torrent files[3] on the defendant's Mac when they decrypted its internal hard drive.

That's a reasonable explanation. If true, it just goes to show (again) how dumb some people are. Most folks torrenting stuff that may get them into trouble do so using a VPN, subsequently offload data files to an external drive or appliance, then delete all torrent, data and log files from the machine they downloaded them on.

While the ruling in itself isn't surprising, it is kinda discomforting to learn that the judge again used the ancient All Writs Act to compel the suspect to decrypt his devices, just like the FBI tried with Apple in the case of the San Bernardino perp's iPhone. It would be a good thing if eventually one or more of these cases would go to SCOTUS for a definitive ruling on forced decryption.

WinterMarch 21, 2017 7:26 AM

@mostly harmful
"A .torrent file is a meta-info dictionary that includes SHA1 hashes of (fixed-size blocks of a concatenation of) its associated files (the content files like mp3s, or videos, or whatever)."

Sounds plausible. It just did not appear to me that they would use torrent files for distributing material. But that indeed makes sense.

@mostly harmful
"Now, just because the defendant's Mac's internal hard drive contains a .torrent file associated with a certain collection of files, this does not by itself prove that the defendant ever downloaded that collection."

But it is incriminating and would be enough to justify a closer look. Together with the other evidence, e.g., a witness who saw the pictures, this does meets rather stringent standards of proof for a warrant to search his drives.

I suspect that we either will have to live with judges that can order suspects to divulge passwords or else we will see a lowering of the standards of proof in criminal cases to work around strong encryption.

I see this as yet another example that shows that security and privacy can only be solved at the political level, and not the technological level.

ab praeceptisMarch 21, 2017 9:57 AM

Winter

a) I'm not interested in the kind of purely partisan fights you seem to like.
b) politico? Try again when you are ready to accept Breitbart as acceptable source.
c) h. clinton has changed position (which people like you obviously don't call lying) on even major issues so often during the years that I wouldn't believe her, if she told me the time of day. Next to a clock and a notary.

Have a nice day

WinterMarch 21, 2017 3:49 PM

@ab
"a) I'm not interested in the kind of purely partisan fights you seem to like."

If empirical evidence is partisan, you really have entered the realm of fantasy.

ThothMarch 22, 2017 1:50 AM

@all

It is taking the community too long to denounce the business model of Online Password Managers like LastPass.

Another problematic script allowing exploitation of LastPass.

Self-proclaimed or media-proclaimed "Crypto Experts", "Security Experts" and so on including organisations like ACLU, The Guardian Project and so on need to actively denounce and warn users of the insecurity of such Onine Password Managers instead of advertising them (if exists).

Link: http://www.theregister.co.uk/2017/03/21/lastpass_vulnerabilities/

JG4March 22, 2017 6:52 AM


I am a firm advocate of the right to repair. It is a logical implication of the first sale doctrine that applies to devices built under patent.

https://motherboard.vice.com/en_us/article/why-american-farmers-are-hacking-their-tractors-with-ukrainian-firmware

This will make the hair on the back of your neck stand up.

http://www.zerohedge.com/news/2017-03-21/kagans-are-back-wars-follow

Some interesting history.

https://consortiumnews.com/2017/03/21/david-rockefeller-october-surprise-case/

All from the usual compendium.

Dirk PraetMarch 22, 2017 7:02 AM

@ Moderator

It would appear that a number of comments by @ab praeceptis and myself in this Squid thread and involving current POTUS have been removed.

If we have transgressed against recently introduced forum policy to not discuss US partisan politics any longer, I apologize for doing so. I would however have appreciated a small heads-up what exactly constitutes said definition as to avoid either future repetition or unnecessary self-censorship.

@ Thoth

It is taking the community too long to denounce the business model of Online Password Managers like LastPass.

Exactly. Cloud-based password managers are a stupid idea. Full stop.

ab praeceptisMarch 22, 2017 7:43 AM

Dirk Praet, Moderator

I'm, of course, not happy with seeing posts being removed - but - thinking about it I support that decision anyway. It will help this blogs comment section to stay focussed on security rather than politics.


Dirk Praet, Thoth at all

As I'm having some (mostly virtual) servers, mostly as a hobby, I'm also in a forum "waterhole" for hosting providers. That enables me to provide you all a glimpse into a world that one would assume to be reasonably professional and at least not plain ignorant of security.

Well, bad news. Just these days I has a really hard time to defend my position that lastpass (which happened to be the topic) and similar services are utterly insecure and basically just crap. Some there even went to far as to ride ad hominems against me, the evil guy who disturbed their happy comfortable world in which security is just a question of subscribing to some "secure" service for some $.

Which btw. also confirms Bruce Schneiers (and others, incl myself) position that the human factor is a major one and possibly even the more decicive one.

It was clearly evident to me that those people aren't just clueless or stupid. Many of them, in fact, try to stay up to date and to be well informed about the current "weather".
Gladly there are some positive habitudes, too, mainly the wide spread understanding that one should keep the servers OS up to date. That, however, must come cheap; some clicks or one or two lines of commands is about the maximum investment most are willing to make.

Unfortunately, there is a terrifying part, too: Most of them quite uncurably believe in the model of somehow buying security. Indeed, one of the major arguments against me, the evil heretic, was that people like lastpass *obviously* know what they are doing and that buying their services somehow equates to being safe and secure.

And please keep in mind that we are not talking about just any Joe or Jane but about the people who run the companies where your servers are hosted. Frightening.

Clive RobinsonMarch 22, 2017 8:03 AM

@ JG4,

I am a firm advocate of the right to repair. It is a logical implication of the first sale doctrine that applies to devices built under patent.

You and me both.

Whilst John Deer are getting attention the likes of Amazon are not, and there's enough info out there to suggest bying electronics off of Amazon is a bad idea. Whilst independent companies use Amazon if their product becomes popular Amazon have launched a compeating product that in effect kills the original product. Worse Amazon has launched products pulled in buyers then dumped the product and those who bought it without recompense.

Then there are the "walled gardens" I have a couple of "pads" with keyboards I obtained second hand due to battery issues. I thought I'd dump the battery build in my own supply and mod the OS so that USB CDROM and USB cabled networking would work. Whilst I did finally get the powersupply issue resolved it's not an easy thing to do. However trying to get a USB CDROM to work with them has not yet happened. If I get that far then USB cabled networking will hopefully be the easy hurdle before getting "home entertainment and VoIP" up and running.

Back when I was a young engineer there was a lot of talk about how manufacturers were killing of the TV&Radio repair business. Then "Planed Obsolescence" reared it's ugly head. Then the nonsense with ink jet and other printer cartridges, it's actually illegal in the EU and other places but you don't see the overly well payed Eurocrats actually doing anything to stop it. It appears every opportunity to give short life and higher profit and backhanders to legislators is taken by manufacturers today to keep bleading the consumer dry.

Dare I mention the killing off of the DVD and similar market. It used to be you bought a film and you could watch it as often as you liked in a whole host of systems. Now the push is for locked downloads at a similar price or worse pay per view "online" where five or so views would have paid for a DVD. The problem of course with those locked downloads is the now very short life of your pads and phones etc your download is locked to.

It's a slow war of atrition the consumer looses out to each little step of the way...

Dirk PraetMarch 22, 2017 11:39 AM

@ ab praeceptis

It was clearly evident to me that those people aren't just clueless or stupid

You are probably aware of the classic C-I-A triad in security: Confidentiality, Integrity and Availability. Less known is its dark C-C-C counterpart: Cost, Convenience and Complacency. Where Complacency sometimes even devolves in Carelessness.

FX8800PMarch 22, 2017 3:04 PM

@House Intelligence Chairman: Trump Claim Verified

Nunes was just handing Trump some cover for his BS. Every call from Trump Tower or by any US person to a foreign national is incidentally collected and sometimes the names are unmasked. Nunes said Trump organization calls were incidentally collected. He couldn't say who's calls were or whose names were or were not unmasked. All qualified with a big maybe. A lot of inuendo qualified with a lot of maybe.

Also he as much as admitted the collection was legal and under FISA. I didn't know that he would be allowed to blather anything covered by FISA warrants. I guess that's why he said "maybe" and we "can't say for certain" so many times. Pretty damned fuzzy press conference. So many conditional statements he could give Erich von Däniken a run for the money.

The only take away from Nunes comments is that only congressmen, politicians and elites have privacy rights and should be accorded legal 4th Ammend. rights and immune from IC spying.

"Former Trump Campaign Head Manafort Was Paid Millions By A Putin Ally, AP Says"
http://www.npr.org/sections/thetwo-way/2017/03/22/521088772/former-trump-campaign-head-manafort-was-paid-millions-by-a-putin-ally-ap-says

WinterMarch 22, 2017 3:12 PM

@House
No, the claim was specifically that Obama ordered the surveillance. Nothing here about Obama ordering the surveillance.

Clive RobinsonMarch 22, 2017 5:42 PM

@ Winter,

No, the claim was specifically that Obama ordered the surveillance

That is actually an irrelevant point.

As I've said before, the calls abroad would have been collected by the NSA and if routed through the UK by GCHQ.

These calls would have been subject to some level of analysis by both the NSA and GCHQ because Trump was most definitely "a person of interest" to both the US and UK IC and Security Services. In the US because of the "Obama was not a US citizen" movment of which Trump was one of the prime movers. In the UK because of Trump's close relationsgip to the then Scotish First Minister Alex Salmond. The UK Conservative Party hates the Scotish National Party (SNP) of which Alex Salmond was the leader because they resulted in the Conservatives loosing all but one Scottish seat. Thus the UK "Cabinet Office" under David Cameron would have been taking a very very close interest in Donald Trump.

Thus Trump would without doubt been under quite a high level of surveillance on both sides of the puddle.

What you appear hung up on is the idea that Obama did or did not give a specific writen order. You should be aware that politicians can give orders for which plausible deniability exists and ever since Nixon got caught out the politicos have been some what careful to ensure they have full deniability.

We know that Obama was a "control freak" of the first order, we have good reason to believe he launched a number of witch hunts looking for those he thought were disloyal and had journalists subjected to a very full and invasive surveillance on what was in effect a personal vendetta, of the sort you would expect from a tyrant rather than a democratic leader.

We also know that Obama an Cameron had a very close relationship, thus I would expect them to have discussed a mutual problem like Trump. Thus I would be very unsurprised if information on Trump changed hands under the much vaunted "Special Relationship".

The problem with collecting intel on individuals is those collecting and analysing will be able to work out on whos behalf information is being collected by the tyoe of analysis. What they won't see however is on who's original order it was done. Thus a UK intel officer would know if the information analysis was in effect for Obama or those close to him, but not who actually originated the order. Because that is the way these things work. If that information was leaked to a journalist it would be very easy to see how they might assume it was a direct order from Obama to GCHQ, when infact it may well have originated from the UK Cabinet Office, Secret Service / MI6, MI5 or even parts of GCHQ it's self.

It's extreamly unlikely that the information will ever come out inside of the Hundred Year Rule.

And as has been pointed out it was a journalist that made the claim that was then picked up by others.

So on the balance of probability, the claim that Trump was indeed under surveillance for/by Obama / Cameron is almost certainly rather more true than the Russian's caused Trump to be in office, or even the original claims on the DNC hack, (which for some reason the DNC did not want the FBI to be able to investigate in that they refused them access to the effected servers).

So for the sake of how people view you stop pushing the "the claim was specifically that Obama ordered the surveillance" line it's not going to get resolved in your or my lifetime if ever, and you should be cognizant of that. So your continued push for that which is in effect impossible to prove effects your credability.

AnuraMarch 22, 2017 5:59 PM

@Clive Robinson

The reason the Obama thing keeps coming up is because it's the only point that's actually in question, and the only point that anyone actually cares about. We know there were FISA warrants requested for members of his team, we know he probably got caught up in bulk surveillance - no one brings it up because it's not in question. The only thing that has ever been in question is whether Obama ordered surveillance on Trump, and there is no evidence that's the case. Whether it's possible or probable is irrelevant to the main point being made, and that is that the President needs to choose his words carefully, and not tweet every little piece of bullshit he hears from right-wing media. I mean, we may need to ban the President from speaking his own words for that to happen, but we cannot have the President just accusing people of crimes without evidence.

Dirk PraetMarch 22, 2017 7:34 PM

@ Anura, @ Clive, @ Winter

The reason the Obama thing keeps coming up is because it's the only point that's actually in question, and the only point that anyone actually cares about.

I tend to agree. But there's an additional question: in what kind of banana republic does the chairman of a parliamentary investigation committee take allegedly new but evidence-free information pertaining to that investigation to the media and the parties actually under investigation instead of to the investigators themselves?

I'll just stop here before my comments are removed again.

Clive RobinsonMarch 22, 2017 8:55 PM

@ Anura,

The reason the Obama thing keeps coming up is because it's the only point that's actually in question...

So you are saying nobody cares if Donald Trump was under significant active surveillance during the Obama administration, which Obama almost certainly have been aware of at the very least, and had significant "previous" with regards others?

That they only care who can be proved to have ordered the surveillance, when it is known that information will not be released under US legislation?

It's an interesting viewpoint to take. It's the equivalent of telling somebody else who has been subject to significant surveillance that because those doing the surveillance willfully withold information the person has "no standing" and should justifiably be not just denied justice but vilified as well...

You go on to say,

but we cannot have the President just accusing people of crimes without evidence.

Why ever not? After all Obama did it repeatedly did he not?

Oh and remind me again how did those journalists get put under significant surveillance? what was it they were accused of to justify it?

Maybe it's me but what appears to be the case is that although Obama was responsible for quite a few unpleasent behaviours including puting journalist's under quite significant surveillance people think that it should not be mentioned.

Let me be clear he may have been given a Noble Peace Prize but he was most certainly no saint. Untill people get to take their blinkers off and actually try to look with an unbiased eye then the problems in the US will not just get worse they will get dangerously so.

Oh and remined me again what is the evidence that Putin ordered the DNC hacked?

Me I care not for Obama, he failed to keep his election promises, and significantly increased the surveillance capabilities of the IC against not just those who didn't vote for him, but also for those that did vote for him. What are they accused of?

I also care not a lot about Trump, however it was the US voting system that put him in the White House not some magic from the Kremlin.

What I do care about is the dangerous behaviour of not just the neo-cons, but the liberals as well who basically think the way to solve the US's problems is at the point of a gun in another country. It's not and has not been that way for Seventy years. The way to stop most international problems is by equitable trade not by wanton destruction and oppression, that just encourages blow back from the disaffected.

Because we now live in an era where people can bring their grievances by conflict to the door of a seat of Government. Governments can nolonger play their own idiotic versions of the Victorian "Whiteman's Game" with impunity.

AnuraMarch 22, 2017 9:42 PM

@Clive Robinson

The revelations from today were about incidental surveillance, meaning there is still no evidence whatsoever of any targeted surveillance against Trump - speculations matter not. No one should be surprised by this. Trump does a lot of business with a lot of corrupt people in a lot of corrupt countries. Michael Flynn was found to have spoken on the phone to the Russian Ambassador - if it wasn't recorded, would you say our intelligence agencies were doing their job?

On top of that the surveillance in Trump Tower was in a private suite, not owned by Trump, targeting the Russian mafia in a gambling probe.

Further, Trump's campaign staff had a number of people with heavy political and business ties to people in corrupt countries, so it's only natural that some of them would be caught up in surveillance too, and if they were shady it could result in a FISA warrants against them.

This kind of stuff nobody in the US media really cares about. They care about the ties, but don't have a problem with the spying.

If Obama ordered surveillance on Trump, and there is evidence, then that's a scandal, and that's a different story entirely.

As for the DNC leaks, honestly, if it wasn't for the fact that Trump showed contempt for pretty much any leader who wasn't Putin and any country that wasn't Russia, and who didn't have a campaign manager with ties to pro-Russian government officials in the Ukraine, and if he didn't have two appointees lie about speaking to Russian officials, and if he didn't have so many people surrounding him with Russian ties, then this would probably die.

Do I think Russia hacked the DNC? I don't know. But given that Trump has significant business interests in Russia, and probably ties to the Russian mob from his casino days, could they have worked with Trump or someone close to him to hack the DNC and leak information? Absolutely. Could they have ties to the Kremlin? Absolutely. Is Trump a puppet of Putin? Doubtful. If someone close to Trump was involved, was he aware of what was going on? Hard to say, it's possible, but he doesn't seem aware of much these days.

As for Obama having evidence - at the very least, he was backed up by the FBI and CIA. So, regardless of your lack of trust in those agencies, that's pretty much as much evidence as we can expect, and if Trump had that much evidence then we would be seeing a real investigation into Obama.

RatioMarch 22, 2017 10:28 PM

Trump has claimed the following:

Terrible! Just found out that Obama had my "wires tapped" in Trump Tower just before the victory. Nothing found. This is McCarthyism! [source]

Is it legal for a sitting President to be "wire tapping" a race for president prior to an election? Turned down by court earlier. A NEW LOW! [source]

I'd bet a good lawyer could make a great case out of the fact that President Obama was tapping my phones in October, just prior to Election! [source]

How low has President Obama gone to tapp my phones during the very sacred election process. This is Nixon/Watergate. Bad (or sick) guy! [source]

So far, however, he has not offered any evidence for these claims.

</just-the-facts>

Clive RobinsonMarch 23, 2017 3:29 AM

More on London Terrorist Attack

A so far unnamed attacker rented a 4x4 vehicle in the Middlands UK. Yesterday he drove the 4x4 at speed on the pavement across Westminster Bridge seriously injuring and killing some. One of the seriously injured was flung over the side of the Bridge into the River Thames.

Coming of the bridge the attacker crashed into the vehicle entrance at the Palace of Westminster (Houses of Parliament). He got out of the vehicle and tried to get further into the estate. An unarmed police officer tried to apprehend the attacker who stabbed him many times. The attacker was shot by two armed police officer. Though CPR was given to the police officer he died of his wounds.

So far the police have arrested seven people from six addresses in London and the midlands.

Three killed on Westminster Bridge 29 injured some seriously of several nationalities, the French have flown over night by military flight the families of some school children who are critically injured.

The knife wielding attacker who stabbed to death the unarmed Police officer died after he was shot three times by two armed police officers.

Dirk PraetMarch 23, 2017 5:08 AM

@ Anura

You aren't talking about the comments from this thread are you?

No, not that one. I was referring to another discussion with @ab praeceptis in the recent Argentina Squid thread. Some comments I made about the Intelligence Committee investigation turned into an analysis of certain character traits of current POTUS, a reply to which stated his election opponent exhibited similar behaviour. At which point both were removed.

@ Clive

Re. London Terrorist Attack

The conclusions of which are always the same:

1) Whatever level of mass surveillance, there is exactly nothing society can do against a lone wolf who decides to wreak havoc on innocents.

2) The attacker and his inner circle were known radicalized elements with confirmed or suspected ties to Daesh, that had been under surveillance for a while but against whom no action had been undertaken because no laws were broken and there were no signs of any imminent threat.

ThothMarch 23, 2017 5:42 AM

@Dirk Praet, Clive Robinson

The conclusion to the conclusion would be law makers would become even more dumber and the Military-Intel-Defense-Govt-LEA Contractors would take this chance to push more of their fear stoking and products for sales. New stupid and authoritarian laws would be made that would make people more pissed and insecure.

ApologyMarch 23, 2017 5:57 AM

Dirk Praet:
"Whatever level of mass surveillance, there is exactly nothing society can do against a lone wolf who decides to wreak havoc on innocents."

The best security prevention (against mass-murder) is to deny the high-risk access into the country.
I apologize for using simple common sense.

AnuraMarch 23, 2017 7:11 AM

@Apology

It's not so much common sense as an indication that you are completely new to the debate and haven't paid attention to the fact that most of the terrorists that have carried out attacks in Europe were not immigrants, and those that were immigrants were not radicalized at the time they originally immigrated, and that it would likely do very little, if anything at all, to make people safer.

Dirk PraetMarch 23, 2017 7:18 AM

@ Clive, @ Thoth, @ Apology

The best security prevention (against mass-murder) is to deny the high-risk access into the country.

It would appear that the London attacker (again) was a home-grown terrorist born in Britain. It really is a persistent myth that somehow all (wannabe) terrorists are refugees or recent immigrants from predominantly Muslim countries.

New stupid and authoritarian laws would be made that would make people more pissed and insecure.

The usual knee-jerk security theater reaction that indeed only serves the political and economic agendas of the usual suspects, but that for all practical purposes doesn't make anyone more secure. The only thing you can actually do against such people is selectively taking them out of mainstream society, but which is a really tough societal choice the debate over which has hardly even begun.

JG4March 23, 2017 7:32 AM


@Clive

"You go on to say,
but we cannot have the President just accusing people of crimes without evidence.
Why ever not? After all Obama did it repeatedly did he not?"

I'd go a step further and say that Obama murdered people without evidence, both because metadata do not meet the standards of evidence for summary execution, and because he killed a lot of noncombatants, otherwise known as innocent bystanders. at least, his Nobel peace prize was for killing only a half million, whereas Kissinger's was for killing 5+ millions, the job was only finished several years after his award.

this will make the hair on the back of your neck stand up. if you've got a trillion dollars (in today's money), you can afford to think big. unfortunately, it is not well known that most US corporations were in bed with Nazi industry before the war and quite a few corporate leaders openly admired the Nazis. there are some interesting analogies between computing systems and living systems. DNA could be construed as the hardware definition layer and various regulatory schemes from epigenetics to enzyme-mediated feedback are the control registers and loops. It is quite difficult to observe in real-time either type of system, although a lot of progress has been made. You can compare the problem of finding a bug in some register or memory cell to finding which apartment in a large city is occupied by a criminal. fundamentally, living systems are adaptive, and the slowest adaptation layer is DNA, followed by epigenetic control, which acts within a single generation, to protein expression, which is faster, to intelligence, which acts roughly at the speed of thought. Since Bernays, who may well have been on the Rockefeller payroll, media systems have been used to control thought.

The Meaning of Life (Part I)
https://www.independentsciencenews.org/health/the-meaning-of-life-part-i/
March 21, 2017 Commentaries, Environment, Health 10 Comments
by Jonathan Latham, PhD
Many people date the DNA revolution to the discovery of its structure by James Watson and Francis Crick in 1953. But really it began thirty years before, conceived by the mind of John D Rockefeller, Sr. Thus it is fitting that DNA is named after him. DNA stands for DeoxyriboNucleic Acid and ribo stands for Rockefeller Institute of Biochemistry (now Rockefeller University) where the chemical composition of DNA was first discovered in the 1920s. The Rockefeller Foundation had become interested in DNA because its trustees feared a Bolshevik-style revolution. Intense public resentment had already compelled the break-up of their Standard oil Company in 1911; so the Foundation sought ways, said trustee Harry Pratt Judson in 1913, to “reinforce the police power of the state”. They intended to find the ultimate key to human behaviour which would allow the resentful and envious mobs to be effectively managed.

Clive RobinsonMarch 23, 2017 8:42 AM

@ Apology,

The best security prevention (against mass-murder) is to deny the high-risk access into the country.

There are two problems with that.

The first others have addressed above, the second is more fundemental.

If you were born, raised and have been a resident of a country all your life, and importantly not commited any crimes, who should the authorities treat you?

There are more than 60million people living in the UK the majority of whom were born here. The number of terrorists by comparison is vanishingly small. What test exists with the sensitivity to detect a proto terrorist out of the other innocent citizens of the country?

And on the assumption that no such test can be perfect --because humans evolve-- what do you do with those who have been falsely identified?

And what would you do if you were falsely selected?

Have a think on it before you reply, because many here have thought about it for some time now, thus easy or ill reasond guesses, will have almost standard replies.

@ Dirk Praet,

Whatever level of mass surveillance, there is exactly nothing society can do against a lone wolf who decides to wreak havoc on innocents.

Whilst you can not stop all lone wolf types or those that have some kind of mental breakdown there are some things that can be done about some of them.

Part of the mentality of people who commit acts of martyrdom is a deep rooted desire to be recognised. That is they are in effect looking for recognition as a person that they don't currently receive. Often the reason for their lack of recognition is due very much to their own failings. In the modern era it is often due to academic failure and compleate lack of life prospects. Often they are easy targets to recognise and radicalize.

There are a number of things you can do about this.

The first is to stop them failing academicaly and thus ensure they have life channces. Unfortunatly due to politicians there are way to many "faith schools" in the UK. Whilst many are not just good but outstanding, some are diametrically opposite. Some such schools in the Birmingham area have been highlighted in the past, for compleatly failing to prepare those in their care for the national curricula, or even teach the basic tools they need to survive in a multicultural society. There is the legislation in place to deal with it, but it rarely if ever gets used for the sake of political mantra.

Secondly there are cultural issues. In many parts of the world the family system is very different to that in the UK. As with many things transitioning from one culture to another throws up significant problems. What can be done about this is very limited.

Third and perhaps worse, second and third generation children of imigrants get a "misty eyed" view of the culture their ancestors came from that nolonger exists for very good reason. But the view backwards gets somehow remembered for the illusion of glory rather than the cold hard reality of the brutish nature it was. Mad as it might sound this "misty eyed" behaviour can effect anybody, as can be seen by those who want "make England great again" via Brexit. I lived through what came before the UK entry to the European trading community, and I can assure anyone it was far from pleasant, and you'ld think nobody in their right mind would vote to go back to it... But sufficient did. Thus this is very much a human condition, that only acurate --where possible-- teaching of history can resolve. Part of it is the host nation being honest about it's past, but most nations fail to be honest for many reasons thus a culture clash will happen as globalisation continues.

There are other issues, but there is one area that can be reappraised that might well be of benifit. Which is to remove recognition for the lone wolf. In the past we have named individuals and thus given faces to terrorists and in a sense give them a sense of immortality. Not naming them robs them of the recognition they desire, thus their martydom will be in effect silenced and only the infamy of their acts remain in the societal memory and history. Further such anonymity will hopefully provide their families with reduced risk and a chance for them to in effect continue their lives in privacy. Because as evidenced in other parts of the world action against the family only leads to further radicalisation which is counter productive.

Dirk PraetMarch 23, 2017 11:42 AM

@ Clive

The first is to stop them failing academically and thus ensure they have life chances.

Spot-on. A friend and former neighbour of mine is the headmistress of a large secondary school in Antwerp hosting pupils of no less than 50 different nationalities, and we have discussed the issue on more than one occasion. She's also an EU Advisory Board Member of the Counter Extremism Project and Co-Chair of the EU Commission's Radicalisation Awareness Network Education Working Group. She rose to prominence in Belgium when successfully introducing and defending a headscarf ban for Muslim girls because it was a creating a politically and religiously divisive environment and there was no such obligation for it in the Quran anyway. Despite heavy flak (and threats) from leftists and Islamists like the later outlawed Sharia4Belgium group, she stood her ground and successfully restored a school policy adapted to diversity but based on core western values.

There are a lot of reasons children with a non-indigenous background fail their academic careers. The first of which undoubtedly is inadequate school policies (and budgets) for coping with children that do not speak the local language at home. Which in my home town is a staggering 60%. Other contributing factor are ghetto schools in concentration areas teachers drop and indigenous parents pull their children out off as they can no longer cope with the super diversity of classes lowering the overall quality of education and jeopardising future higher education paths. Short of a massive increase in education budgets to cater for every specific migrant group - and they are by no means a homogeneous group - the only practical solution is a better distribution of migrant groups across a host nation's entire territory.

One of the most decisive factors in a child's school career, however, is the direct involvement of both parents. Families where neither of the parents decently speaks the local language and often have never finished secondary school either are unable to monitor or help with junior's school career. It's a long-known recipe for disaster, providing they already care to show up at school meetings or if junior goes to school at all. Whereas undoubtedly society and school play a huge role in providing quality education for all, it is unreasonable to expect that any societal effort can be a substitute for the equally important role a pupil's parents have therein.

Third and perhaps worse, second and third generation children of immigrants get a "misty eyed" view of the culture their ancestors came from that no longer exists for very good reason.

Which, I think, is driven by a feeling of not belonging, subsequently exploited by
AQ and Daesh groomers. Which is not just driven by the ubiquity of racism and discrimination - as the political left always claims -, but just as much - like you say - by personal failures and a misguided sense of entitlement, often propagated over generations by cultural beliefs that in a western context put you in the same corner as a green mohawk and a Scottish kilt in Saudi Arabia.

For way too long, us here in Western Europe have failed at decent migrant assimilation programs and the rooting out of racism and discrimination. But one of the most prominently missing elements therein is a clear narrative that core western values are non-negotiable and that non-acceptance thereof is the societal equivalent of defecating on the dinner table. If for whatever reason, someone cannot or will not fit in to the point that he or she turns to jihad, then the only logical course of action is to either move somewhere else or be removed.

Not naming them robs them of the recognition they desire

There is indeed too much media attention for these clowns. Simply portraying them as the utter losers and traitors to their own religion they are in my opinion too would be more than sufficient.

One-new-name-every-timeMarch 23, 2017 12:11 PM

@Apology
"The best security prevention (against mass-murder) is to deny the high-risk access into the country."

I am an immigrant myself. The best security is to 1) allow in your country only those who can contribute at least as much as the average native - real, tangible contribution, no fluffy talk of cultural enrichment from semi-illiterates. 2) allow yourself and your military into other countries only when invited. Basically, don't harm others but also don't feel as if you owed anything to anybody. The future of any kid should primarily be his/her parent's responsibility - tough but sustainable.


@Clive, Anura, Dirk

Even if most terrorists are home grown, not all are. The Nice and Berlin guys were born in Tunisia, just for some recent examples. Why were they even in Europe when they had no job and even had an established criminal record?

Security is never absolute. Fixing one known issue helps even when other issues still stand. Especially if fixing one issue today reduces the number of potential issues tomorrow. The parallel society in which a large number of muslims (even several highly educated ones) segregate themselves is one of Europe's big issues. No other demographic shows the same pattern across different nationalities so the simplest explanation points to their own culture. But this is taboo, generalizing is forbidden except for 'we' as western people being responsible for all evils. Better destroy what freedom, equality and welfare we achieved than calling things with their name.

In those European countries where the national statistics agency are allowed to report such inconvenient facts (e.g. Danmarks Statistik), being 'non-western foreign born' correlates strongly with higher unemployment, crime rate, welfare dependence and lower school grades, even after each of these are corrected for socio-economic disparities. Even worse for the second generation, barely or no better for the 3rd. Of course many of these are chicken and egg problems, but it doesn't change the fact and I don't see why I should be expected to take up any share of that burden.

and-another-nameMarch 23, 2017 12:33 PM

@Dirk
'If for whatever reason, someone cannot or will not fit in to the point that he or she turns to jihad, then the only logical course of action is to either move somewhere else or be removed.'

Isn't it more fair, less life-wasting and easier for everybody to face reality and limit as much as possible at least the arrival of new people from countries/religions/cultures/whatever that experience show are difficult to integrate. I'm aware some would call it racism, but in fact it is respect for different cultures being - well - different! It's making a disservice to those pupils to pretend their disadvantage is because of the language they speak at home or their parent's education. It's in large part a problem of cultural impermeability, so to speak. Migrants from Eastern Europe, the Far East etc. face much the same linguistic and oftentimes social/income difficulties, still they don't pose nearly the same integration challenge.

It's not even that there is scarcity of poor people in the world who would come to Europe and build a life for themselves while also contributing to their new country without undue burden to and resentment against their new country.

Now an AcknowledgementMarch 23, 2017 3:00 PM

Nearly all countries already practice strong to extreme vetting including the no-fly list. The high-risk are in-fact quietly being denied nentry. Even Canada(!)

These process are no-doubt effective. However its hard to take credit for terrorism incidents never being allowed to spawn months, years or even decades into the future.

Its rather telling that 30 countries are refusing to take citizen criminals back from the USA.

In this instance I’m compelled to congratulate our Immigration and Intelligence workers for making our world a much safer place. Due to their efforts I don’t have to train to carry a loaded gun around.
I could/would not fly without strigent security oversight as planes would otherwise be grounded.

Clive RobinsonMarch 23, 2017 3:10 PM

Republican's Kill FCC Internet privacy rules

Congress by a small margin vote's to kill Internet Privacy rules the FCC so ISPs can become as bad news as Alphabet and co.

https://www.washingtonpost.com/news/the-switch/wp/2017/03/23/congress-is-poised-to-undo-landmark-rules-covering-your-internet-privacy/

I can see the likes of privacy networks becoming rather more popular as people begin to understand the repercusions of this.

For instance potentially it alows ISPs to force adverts on you against your wishes as they can just dump you if they detect "anti-add" technology or anything else that stops them inflicting their new "business models" on you.

Dirk PraetMarch 23, 2017 3:42 PM

@ and-another-name

Migrants from Eastern Europe, the Far East etc. face much the same linguistic and oftentimes social/income difficulties, still they don't pose nearly the same integration challenge.

It's indeed a cultural thing. I have known Polish immigrants in my street who spoke decent Dutch after only six months, whereas my then Moroccan next-door neighbor and his wife after 15 years in Belgium still only spoke French and Arabic. Guess whose children did fine at school, and whose didn't. The Asians - with the exception of Afghans - generally suffer too learning Dutch, but most of them speak English well and, remarkably, tend to pick it up swiftly once their children start going to school.

What we see here is primarily an attitude problem. Some folks find it but normal to learn the language of their new host country as soon as possible. Others apparently can't be bothered. The solution to which is not selectively stopping folks at the border, but making an extended stay and full access to social benefits dependent on mandatory language learning for everyone and integration classes for non-EU nationals, including Muslim women and girls whose men on so-called religious or cultural grounds want to keep them ignorant, veiled and at home.

We should have implemented such a policy decades ago, and it's really beyond me that certain ideologically frozen idiots on the left are still crying bloody murder when even suggesting it. A couple of days ago, we had a lawyer for a state-funded equal opportunities organisation making a lot of noise over the burqa ban we have here infringing on the rights of women who "wish to lead a spiritual life outside of mainstream society and preparing for the afterlife". Such people aren't helping anyone. They are just perpetuating a pointless debate and a circle of missed opportunities, ignorance and poverty.

The Nice and Berlin guys were born in Tunisia, just for some recent examples. Why were they even in Europe when they had no job and even had an established criminal record?

Mohamed Lahouaiej-Bouhlel, the Nice attacker, had married his way into France, where he had been living for more than ten years. He was a typical loser who had totally screwed up his life and eventually became radicalized. Anis Amri, the Berlin terrorist, was a Tunesian refugee who had already spent several years in a Greek or Italian jail before heading to Germany where he had his asylum application turned down but couldn't be returned to Tunesia because the Tunesian authorities refused to take him back. Amri is the epitome of everything that is currently wrong with EU refugee and immigration policies.

But this is taboo, generalizing is forbidden except for 'we' as western people being responsible for all evils.

For years, it was considered politically incorrect to even suggest that at least part of the problem was with specific groups of immigrants and their culture. Fortunately, that is slowly changing. We should however be careful not to fall into the trap of contemporary populists claiming it's actually all their fault and that they are all criminals and invaders seeking to establish an Islamic Caliphate in Europe.

and-anotherMarch 23, 2017 4:01 PM

@Clive, all

Regarding the whole online advertising industry, and the news about less privacy from ISPs: can this be a sign that the current online ads are so ineffective as to be unsustainable? Do you know of recent and credible studies showing what is the average return of different types of online advertising?

I may not be representative, but I doubt I ever clicked on a banner or (recognizable) sponsored link more than perhaps once or twice in a month, and virtually only when I'm already on a subject-specific site that I reached intentionally. Like being on digikey and clicking on some new chip featured on the home page. Even then, I may buy a couple of samples every now and then out of curiosity, but I don't remember any of those ever making it into a real product design. So, wasted money for the advertiser. There is also a limit to just how much people can be expected to buy online no matter how relevant and persistent the ads become. The most relevant and targeted ads I ever got were for some well known German made sandals which I bought online on the first day I searched for them - I kept being served ads for the same model through the most diverse websites for more than a month but clearly I wouldn't buy another pair of sandals. Wasted ad money again.

Online ads seem a huge thing right now, but excluding the few in the position of monetizing what and in what order search engine display (basically, Google) could all the rest be just an expensive fad?

Clive RobinsonMarch 23, 2017 4:27 PM

@ JG4,

big news day

You've probably seen my previous comments as to why I think it highly likely that Donald Trump was under significant surveillance on both sides of the puddle.

I suspect that many did not want to try and think about things in a detached way. Hence I suspect many will go into denial and I am "coloured unsuprised" by this.

The real question of course is what has happened to those hard drives of evidence, and did he keep copies hidden away somewhere as "insurance". Because he is still technically a "whistleblower" not a "traitor" etc thus has some protection, but it's a question of how long the powers that be can sit on the data by various excuses keeping him in limbo. At some point the powers that be are going to need to be nudged, to "bring it back from the long grass".

Of course this also has implications for another "secret data collector" Mr Martin with his trove. What's the betting there is other evidence of malfeasance in that trove? Hence the way they are treating him...

It should be dawning on people that for several years now it's been an "anything goes data orgy" in the IC and now the IC leaders are waking up to the hangover that always follows such excesses...

Clive RobinsonMarch 23, 2017 5:08 PM

@ ,

Of course many of these are chicken and egg problems, but it doesn't change the fact and I don't see why I should be expected to take up any share of that burden.

Have you heard the saying,

    A rising tide lifts all boats

To put it another way Western Culture realised in the 1800's that you need a mainly literate population, because it makes amongst many other reasons the use of man power etc considerably more efficient. In the early 1900's some societies realised that providing what you might call welfare stopped a lot of societal problems and also cost less to run than "poor houses" etc. It was also found that ill people made otherwise healthy people around them sick as well. Thus having a healthy sufficiently educated population was better all round. You see this also in pension provision for those to old or infirm to be productive, likewise social housing of a sufficient standard that stopped "Slum-lords" making society in general considerably worse off.

It matters not the colour of your political persuasion, some things society has to do for society to work and thus you need to do them not efficiently but effectively.

Look at it another way let's assume for arguments sake you are the worst form of libertarian that is little different to anarchistic in outlook. Who is going to provide the roads etc for you to transport goods and services? History shows us repeatedly that the most effective and often least costly is to collect a fixed fee for the vehicle type and put it into a central fund that then distributes it according to need etc. You might not agree with what is considered most in need but by and large you can see that the process is mainly fair. Likewise the Police, Postal services and similar.

That is society has in effect two parts the "social" and the "individual". For the individual to be most effective there needs to be a series of social goods in place.

It's an argument that is free from politics in the general but individuals tend to whinge when they have to pay their share of the social cost. However that is in part because it's in human nature to whinge, but also because many do not understand what it takes to provide and maintain society in a viable way.

Babble-on-ian Brotherhood of genetically engineered human-extraterrestrial reptiliansMarch 23, 2017 5:10 PM

(slightly off-topic)
@JG4
Me! Me! Finally, a topic I'm an expert on!
The "ribo" in deoxyribonucleic acid stands for the sugar ribose. Ribose was named in 1891 in Würzburg, Germany, not New York, by the chemist Emil Fischer. The "rib" part of the name comes from the word "Arabic", as in "gum arabic", one of the first natural sources of ribose to be identified.

This has chilling implications: It means that the shape-shifting reptoids could see into the future, since David Rockefeller wasn't born until 1915. It means the reptoids can perform mind control, engineering the Rockefeller R into the word "Arabia". It also means that mooslim terrrrurists have already seized control of our genetic material, and possibly even poisoned our body fluids with fluoride.

Or something like that.
Sorry, the extreme level of woo that enters most laypeople's discussion about molecular biology and epigenetics really gets my goat, since I'm a scientist.

In other words, I value your contributions, I often learn a lot from them, but occasionally you post something that leaves me baffled what you're on about.

Anyway, it is true that Henry Ford played a central role in supporting and financing Hitler's rise to power, that many US business leaders admired the NSDAP, and that IBM provided technical support to Germany's cataloguing of Jews in preparation for the Holocaust.

It's part of why many Germans today are wary of any centralised collection of personal data.

When bizarre, nonsensical theories get wide circulation, it's frustrating that realistic concerns get dismissed as nutty conspiracy theories. Concerns about how telecommunications and computer technology can be abused, for example.

Dirk PraetMarch 23, 2017 6:15 PM

@ Clive, @ JG4

You've probably seen my previous comments as to why I think it highly likely that Donald Trump was under significant surveillance on both sides of the puddle.

However much that would make perfect sense after all we learned from Snowden and other leakers, I would really like someone to finally come up with tangible evidence of either Trump-Russia collusion, Russia DNC hacking or IC Trump surveillance. I've pretty much had it with all the unsubstantiated accusations and allegations that are confusing the living daylights out of everyone. They are starting to remind me of these irritating low-budget horror films in which everybody goes totally bonkers over a monster you never see but everybody claims is somewhere out there. To cut a long story short: the show is getting boring and I'm about to zap to another channel.

RatioMarch 23, 2017 6:43 PM

@Dirk Praet,

[...] I would really like someone to finally come up with tangible evidence of either Trump-Russia collusion, Russia DNC hacking or IC Trump surveillance.

But we're having so much fun discussion everybody's pet theory while pretending it's factual!

I've pretty much had it with all the unsubstantiated accusations and allegations that are confusing the living daylights out of everyone.

So treat unsubstantiated allegations as such: pics or it didn't happen!

many-namesMarch 23, 2017 6:55 PM

@Clive

In fact welfare, together with freedom and equality, was one of the achievements I listed as in danger of being sacrificed on the altar of denial. Denial of what really matters for integration in a new country, which is the culture of the person being integrated (or not). There is no way around integration being primarily the task of the immigrant. Either you want to become integrated or no amount of effort by the host country will ever integrate you. I'm an immigrant myself, I know it's not easy. But I came here of my free will, why should I expect the natives to go out of their way for my sake? And I came just because of a better job, so I expect an even bigger effort and good will from people allegedly escaping war and famine. It is common sense, not populism to remark that in the same way somebody came, they are free to move on if they dislike where they are.

So, I'm in no way advocating that large swaths of the population should be left under-educated, poor and marginalized. Because as you say, I too stand to benefit from their progress. I'm fine with carrying that burden, as log as it is sustainable. Even just that will take generations and enormous resources human and financial (again, Danmarks Statistik has some interesting numbers). What I do not want to carry is the unsustainable burden of lifting forever more of the same people carrying with them more of the same bigotry, poverty and semi-illiteracy from North Africa and the Middle East. We know for a fact that due to their culture, religion or whatever else it may be, they are so much more difficult to integrate than a Vietnamese, a Colombian or pretty much anybody else, so just - why bother?

Clive RobinsonMarch 23, 2017 7:06 PM

@ JG4,

With regards the 1930's and the German National Socialist Party.

They were much admired in most of the Western World for various reasons.

Primarily the world had fallen into economic stagnation because there was little or no economic churn. That is few were buying, so little was manufactured, so jobs were few etc and the wealth that there was became tied up uslessly in things like bullion and land. The former having no intrinsic value only scarcity, the second only worth what you could grow upon it or rent it out for, as there was no money supply and no jobs land was not producing any returns and was thus devaluing. In other places there was hyper-inflation with basic items such as food stuffs doubling in currancy cost daily at one point. Those on fixed or salaried income found what had been a respectable income for a month would nolonger meet the direst of needs for a day or so, thus they fell back to bartering etc. Whilst those that were daily waged fared better initially they to quite quickly fell into dire straits.

Part of Adolf Hitlers success was to do a variation of the pre-christian Rome "Bread and circuses" by promising, food availability, jobs and self respect again. He delivered on this by witholding reperations monies and starting building and other works. He effectivly boot strapped the German economy. One trick was to recast German treasury gold bullion holdings by adding around 10% lead.

The fact he got the German economy restarted which knocked on into other countries made Germany one of the few places companies of any kind could do business with.

It also made him look like a man of direction and power that could be befriended for reflected glory. A mistake many many people made.

Also there was what was seen as the "roma problem" throughout Europe. Basically there was a significant prejudice. In Sweden for instance there was a policy of arresting them on any pretext and harshly sentencing them, and offering them early release if they agreed to be sterilized. Likewise other nations had sterilization programs including the US some of which were still running long after the end of WWII. Thus contrary to what many get taught in school Germany was initially little different to many other Western nations.

It's important that people do not demonize Hitler or the National Socialists because that makes them look like the infamous exception rather than being much closer to the norm of their time. Because not learning this will blind many to the same or similar happening again.

Another thing to be carefull of is the myth of "Immoral Trade". Immoral is a relative word, that implies something is beyond the acceptable or fringe norms of society. People forget societies mores thus morals move constantly often with a leading liberal edge and trailing conservative edge (though this does reverse from time to time). Thus things like slavery, corporal punishment, execution etc were once normal to society thus not immoral. Which is why it is important to remember there is and always wilk be trade. Of which some trade that is normal today may be immoral tommorow. Likewise some of what may be immoral today will become normal in society tommorow and immoral again the day after. Trade is normally independent of the goods and services immoral or otherwise. What you have to watch for is when the actuall process of trade lacks morals or ethics which was the primary cause of Financial Crisis One in 2004 and Financial Crisis Two in 2008. Those that lack morals and ethics in trade, will try to hoodwink others into beliving that it was not their lack of morals or ethics but that of the immorality of the goods and services, or failing that the actual markets themselves. A failing that many a politically inspired regulation will succumb too. Thus the immoral and unethical trade practitioners walk away effectivly scott free, to set up new often faux markets to carry out exactly the same immoral and unethical trading practices...

Clive RobinsonMarch 23, 2017 7:39 PM

@ Many Names,

There is no way around integration being primarily the task of the immigrant. Either you want to become integrated or no amount of effort by the host country will ever integrate you.

True but it hides another issue.

Integration is actually about "immersion" and if you "sink or swim". If you are on your own in another culture you have no choice you have to integrate or sink without trace. It is the "total immersion" route, that can be eased by a host nation ensuring that there are the resources available to help you in the right direction. However if you go to a new country but rather than go it alone, form a community then you are not imnersing and thus not integrating. In effect you are not swiming with direction and purpose but rafting thus drifting aimlessly. That is not only are you not integrating, you have little or no incentive to integrate.

In the UK we have many such "communities" that more rightly should be called ghettos (but without some of the negative associations). In effect they are often closed enclaves with people looking out in fear and likewise people looking in in fear. The fear causing further issolation.

What I want when people go to another nation is to learn the language and live within the predominate culture. But as importantly I do not want them to lose their sense of identity either, I want them to in effect export some of their culture such that there is not just integration from one side but a fusion from both sides such that both cultures gain by it. Thus we trade a little of ourselves and by trade we come to appreciate more what each has to offer and society moves on.

I am quite conscious that the English language is not just a lazy language, it is the child of a hundred cultures, and changes ceaselessly such that the generations in a family do not actually speak the same language. But more importantly the language we think in effects our outlook, thus the way we think and how we move forward. Thus the danger of English is also that it can create a monoculture, which is dangerous because it lacks hybrid vigour.

Clive RobinsonMarch 23, 2017 8:18 PM

@ Dirk Praet,JG4, Ratio,

I would really like someone to finally come up with tangible evidence of either Trump-Russia collusion, Russia DNC hacking or IC Trump surveillance

That's three wishes you've asked for there. But two are realy two level wishes. Because "Russia" is a collection of entities. It is quite possible to show data going to a server in Russia, but on who's behalf? A freelancer, a Russian IC entity, Vladimir Putin, the North Koreans, the Chinese, Israel, UK, etc etc. As I've pointed out a few times since the US first kicked of China-APT atribution requires both omnipotence and omnipresence which even the NSA do not have. When it comes to false flag operations, what might look like a clear sunny day may well be a projection on the smoke and mirrors of tradecraft.

What I can say is that the DNC behaviour is not one of honesty or openness, which makes all their actions suspect to hidden motivations.

Of your three wishes the last might come true if a whistleblower or leaker release the dirt, which they might just have done...

Dirk PraetMarch 23, 2017 8:23 PM

@ Clive

But as importantly I do not want them to lose their sense of identity either, I want them to in effect export some of their culture such that there is not just integration from one side but a fusion from both sides such that both cultures gain by it.

That's why I prefer the word assimilation over integration.

In the UK we have many such "communities" that more rightly should be called ghettos (but without some of the negative associations).

They're all over Europe and the result of poor or non-existing distribution and (re)settlement plans.

tyrMarch 24, 2017 12:31 AM


@Clive

http://www.tomdispatch.com/post/

Sometimes a little review of the broader context
makes the current state of the world make sense.

I like you prefer enlightened self interest as to
be surrounded by sick, poor, and illiterate people
created by policy makes no sense at all. I fail
to see how it contributes to security for anyone.

ThothMarch 24, 2017 6:10 AM

Google has decided to reduce the trust for Symantec Certificate Authority issued TLS Certificates.

Before we start to flame away at how untrustworthy the CA infrastructure and idea of PKI is, we have to look at the perspective of a CA console if anyone have ever operated an Enterprise CA before or attempt to setup an Enterprise CA.

The setup phase and administration phase for most CAs are a headache and a search on whichever technical forums (i.e. StackOverflow et. al.) will immediately reveal a ton of issues with managing and using CAs.

The user interface itself for almost all the CAs I have used (i.e. EJBCA, MS CA, IBM's commercial CA), all of them have a very narrow view and is hardly usable at all. The user is given a long form to fill in and the approver's view is at best primitive without much "intelligence" to aid the approver in making decisions.

Before we start to say "ditch PKI and CA", we have to look at the possible replacements, the possible tools, time it takes to replace and gain adoption ...etc... which makes almost all use cases unlikely. It is the same as asking AES to be replaced just because the NSA et. al. picked it. Yes, the NSA picked it but the reality is moving away is almost impossible due to the amount of stakeholders involved. Similarly, PKI is almost impossible to get rid of because of the ICANN and so on who are controlling the processes.

The best we can do for now is not make mistakes on our side in our implementations and to have alternatives in the form of Protocol-within-Protocol where the TLS traffic at best is used only for light obfuscation.

Link: http://www.theregister.co.uk/2017/03/24/google_slaps_symantec_for_sloppy_certs_slow_show_of_snafus/

ThothMarch 24, 2017 7:33 AM

@Enrisque Fabricado

re: LEAs Extracting Seized Smartphone Data

If they brought a phone there knowingly that the LEAs and ICs are capable of extracting the smartphone data be it in "Secure Apple iPhones" or "Encrypted Androids", they are still gone even with strong passwords and the likes.

There are so much flaws in the kernels of modern smartphone OSes and the chips (ARM chips) which I have warned many times are problematic and can be served as a backdoor because of the ARM TrustZone architecture existing in every single ARM A series chip ever produced by every IC manufacturer.

A search on my rants on ARM TrustZone would yield the problems of hardware backdoor I have been warning within every single smartphone that exists be it Apple, Samsung, HTC or any smartphone as long as they run some sort of ARM A series chipset.

JG4March 24, 2017 9:07 AM


Thanks for the helpful comments on yesterday's news. I like the idea that the billionaires are bankrolling science since the time of David Rockefeller's grandfather John D., and probably long before that. In a sense, it doesn't matter what their motives are, because the scientific process, given enough iterations, always produces understanding.

this will make the hair on the back of your neck stand up
https://theintercept.com/2014/02/24/jtrig-manipulation/

It might be a good time for me to mention again the topic of network disruption by the us of AI agents to spoof your signals. That alone is a compelling reason for robust encryption running on hardware that is energy-gapped with data diodes.

I think that Trump has grounds to fire Comey in light of his perjury this week.

Clive RobinsonMarch 24, 2017 10:35 AM

@ JG4,

I think that Trump has grounds to fire Comey in light of his perjury this week.

Unfortunatly he can't due to the level of evidence it would require, which I suspect he does not yet have (depends on a whistleblower's level of evidence).

Further I suspect "The Dough Gnarled" has heared the saying "Keep your friends close, but your enemies closer. If he does get his hands on sufficient evidence, then it's probably wiser to do a "J Edgar Hover" on Comey. That is effectively neuter Comey and make him compliant by holding the evidence over his head. Comey then has a very reduced freedom of movment, with very limited choices.

Nasty, but definitely the sort of comeuppance many think Comey deserves. Also there would be a stratigic time to drop it on Comey, it's not long before the next major public vote comes along and there are a number of trade offs that can be made with such evidence.

Which brings us to the GCHQ JTRIG article in which there is this,

    Harvard Law Professor Cass Sunstein, a close Obama adviser and the White House’s former head of the Office of Information and Regulatory Affairs, wrote a controversial paper in 2008 proposing that the US government employ teams of covert agents and pseudo-”independent” advocates to “cognitively infiltrate” online groups and websites, as well as other activist groups.

The UK Metropolitan Police ran teams of "covert" and "pseudo-independent" agents against various UK protest movements. It ended very badly in the end due to the agents behaviour such as "fathering children" with some of the protesters and deserting them, not paying child maintanence and other civil and criminal behaviour including perjury. It ended up in court and got quite messy to put it mildly.

The thing is such agents are often prone to non typical mental behaviours which in effect makes them believe that their actions are justifiable at all times in order to maintain their legand/cover. Thus they frequently cross boundries they should have not just seen coming but actively avoided. Because they should have known that such activities would destroy not just their credability but that of their colleagues and superiors as well as killing any legal process stone dead.

The thing is these types of activity can and do unravel at which point excessive harm happens. Thus whilst they might look good to some academic in his head or on paper they most likely have no experiance and possibly Walter Mity type thinking. Thus they are like those juggling with bottles of Nitroglycerin, the end can be quite explosive and you have no idea where the shrapnel will go.

Backstopping a deep/longterm legand is frought with difficulties. Where agents live will get found out. For someone who is switched on a glance around an agents living space will say a lot. Most people have a mixture of very old, old and newish things some of which will be "personal" equipment will have signs of ware and serial numbers. All of these things have to be right including the purchase history which serial numbers will alow to be traced etc etc.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.