Friday Squid Blogging: Squid from Utensils

Available on eBay.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Posted on March 24, 2017 at 4:06 PM • 172 Comments


Ben A.March 24, 2017 4:10 PM

1Password announce a snake-oil $100,000 crypto comeptition

It's bad for several reasons and, despite them being a commercial (subscription-based) product, they refuse to pay for professional auditing.

Why such competitions are a bad idea

Just weeks after 5 vulnerabilities were discovered in 1Password

And a separate, serious, 'cloudbleed' vulnerability discovered by Tavis Ormandy affecting 1Password et. al.

1Another Password data leak discovered by a Microsoft software engineer

LastPass: Security done wrong

Google Talk Discontinued [farwell XMPP, hello proprietary]

What's the general consensus on here regarding XMPP? I find XMPP inconvenient as not all end-users support OMEMO meaning fallback onto OTR. XMPP is tricky to configure properly and few servers support all the features. I know others prefer decentralised solutions like Tox and the rest use Signal.

Reassuring our users about government-backed attack warnings

The Encryption Debate in Europe

Good comparison of different approaches to encryption

Paper Spells Out Tech, Legal Options for Encryption Workarounds

More coverage of Bruce's paper

Google takes Symantec to the woodshed for mis-issuing 30,000 HTTPS certs [updated]

The Administration's New Electronics Ban Is a Case Study in Credibility

Instagram Adds Two-Factor Authentication

It's disgraceful how long it's taking popular services to adopt 2FA/2SV

eBay Asks Users to Downgrade Security

'Windows 10 destroyed our data!' Microsoft hauled into US court

Hinky PoinkMarch 24, 2017 4:39 PM

Yet another judge smacks down the FBI's Playpen NIT. Some people have been noting that it remains a minority of judges who have suppressed the NIT. This is true but misses the larger story. The Supreme Court pays attention to how debates are unfolding in the lower courts and the more dissenting judges there are the more pressure the Court will feel to step in and resolve the debate. Further, the more judges suppress the more it makes the FBI think twice about the utility of deploying NITs. So yes it is true that a minority of judges chose to suppress but it would be wrong to draw the conclusion from that fact that such dissents do not matter.

ThothMarch 24, 2017 6:52 PM


"Comey said: “I don’t want to be any part of chasing the innovation from this great country to other places."

Well, he already did so by actively promoting decryption, insecurity and backdoors.

The funny thing though is the more the corrupted World Govts try to push for more backdoors and frontdoors, the more stronger protection mechanisms and encryption would become mainstream. In fact, "they" made the wrong move by "beating the grass to scare the snake" in the sense "they" increased the visibility and publicity by pushing for their agenda.

It has to be known that he mentions "all countries will essentially agree to weaken the security in their vendors’ tech products" but he forgets yet again that most security software written are usually taken from Open Source projects ... not vendors ... and good examples like DMCRYPT used for FDE for Android, Linux and so on are Open Source and OpenSSL, OpenSSH, GPG, NaCI ...whichever you name it... they are almost always Open Source and it is these Open Source security that the corrupted World Govts are facing problems with, not the commercial vendor stuff.

Yet again, it shows that Comey doesn't know what he is talking about and simply opening and closing his mouth as a distraction.

Imagine that these Open Source products were to be outfitted with a discreet backdoor as Comey wants (say a manipulated CSPRNG seed) and the FBI were to use it for their internal uses carelessly, that would also bite back at them really hard. The lessons from Juniper, Cisco et. al. issues on "backdoored appliances" have not taught the US war-mongering and fear-spreading Govts a good lesson that they can be bitten by the very insecurity they introduced. Not to mention, adding such weaknesses would be a total boon and a very nice present for the Russians and Chinese to conduct even more and even stealthier espionage into US and NATO infrastructures which have already existed by the use of your enemies created backdoor would add more cover to the operations.

In short, Comey is a huge threat to US and NATO Security himself by giving such suggestions since it is known that the US and many Govts heavily relies on commercial and Open Source implementations and weaknesses in such systems will hit back against US and NATO systems.

Another thing is his revelation of his investigation of Trump and the Russian connection have probably put him on Trump's crosshairs for removal anyway.

rMarch 24, 2017 6:58 PM


On the topic of being back-bitten, we don't yet know how these dated (un)certified implant activities came to light.

Under handedMarch 24, 2017 7:29 PM


Your political analysis of it may not be deep enough yet. It seems tho me that there is still room for this to be an attempt @ssaving grace.

Clive RobinsonMarch 24, 2017 8:53 PM

@ Thoth,

As for "finding a Terrorist manual" that describes how to run people down with a vehicle... Why bother?

I could start with the Daily Mail Online coverage of earlier attacks and just read what they have said about earlier terrorist attacks. Or any number of history books that describe how various Roman and Medieval war engines work. Even book on physics for early teens will give you sufficient information.

And I would make a small bet that you could find anynumber of "boy racers" "Drifters" and "Doughnut pullers" who could tell you in less than a minute just about every thing you need to know (low gear, heavy foot for high torque and heavy vehicle to keep inertia working for you)...

As for politico's going on about extreamist postings they as usual do not know what they are talking about. Many Christian and other religious books especially the likes of the "Old Testiment" come across as extreamist writing. As do the likes of Norse legends, poetry, history, fiction, music and many other parts of art and culture and academic papers. The volume of traffic is just to high to police, let alone effectively... And anyone suggesting some kind of A.I. Is definitely out over the fringe...

SystateMarch 24, 2017 11:38 PM

Keep your passwords offline. Try and do that as much as possible and if it needs to be online, encrypt.

@Clive, Thot and et all
With congress eating away at my privacy. Letting ISPs mine me dry literally. Openvpn and Tor?
They are really pushing people to change their online habits.

Also with the current state of the internet, would it be better to
browse or download/scrape what i want.

I remember Richard Stallman stated that he never connects to the internet directly. Even he takes opsec serious

ThothMarch 25, 2017 12:02 AM


If you are fine with downloading webpage on one computer and then putting them into a flashdrive to carry to another air-gapped (and hopefully energy-gapped) computer running on OpenBSD LiveCD to view the downloaded webpage, that will be all good for now if you are OK with the tedious work.

Sure, do not connect to the Internet directly. That means no smartphones and a ton of things you shouldn't be using if you are fine with that.

ISPs get the green light to sap dry your user data and web histories to sell them or hand them over to interested parties is the norm and they have been doing that a long time ago. Ever wonder how that salesperson contacted your phone without you revealing your details ?

OpenVPN and TOR ? If I were to be strict, those are just small hurdles and nothing much. The FBI, NSA, CIA, DOD ... have their ways to compromise TOR and OpenVPN if they want to without too much trouble. The computing base (kernel, hardware ...etc...) are problematic.

You are desperately trying hard to protect your and so are we as well.

Things don't happen overnight. Sadly, the direction of cybersecurity is moving along the lines of cat-and-mouse by trying to patch every bug and hole found instead of proactively plugging problems (i.e. using security-centric separation microkernels). The likes of careless monolithic codebases for kernels are still common (Windows, Linux, Android, Apple ...). Low assurance code qualities are still rampant. These are but a few I just named.

Good luck in your endeavours.

Vault7HeavenMarch 25, 2017 12:45 AM


I share your view re: spook capabilites against Tor and VPNs. However, they are doing privacy a favor in the very long term game. Without their egregious crimes we would not have seen the acceleration towards encryption in all spheres, huge interest in decentralized protocols, open source hardware and software, and greater public awareness of the threat posed by intelligence agencies gone wild.

Fast forward several decades and i expect post-quantum crypto, vms, hypervisors, open source hardware, verifiable computing bases, network topology and ubiquitous encryption will make the golden age of surveillance a distant wet dream for police state authoritarians in vogue right now.

Of course anybody can reclaim their privacy in the meantime by logging off and refusing to play when possible. OTPs will still defeat anything the spooks throw at it.

It is a delicious fact that this seemingly innocuous post could in fact be providing details of a cache of whistle-blower documents to a reader of the blog (unknown recipient, perfectly deniable, perfect encryption), and there is nothing the feds could do about it, even if the system is tainted at the kernel/firmware level, has keyloggers installed etc. Indeed infection by the whole vault7 toolset would be useless.

Aint math a bitch.....

SystateMarch 25, 2017 1:02 AM


Putting the technical aspect aside(I have other ideas) the main problem i once faced was discipline. Nothing beats booting your box and going faster than the speed of light on the internet with no protection. Security in its current form is quite tedious. I have seen some suggestions here that are nice but again software is a joke if i have no control over my hardware. Which i am pretty sure is a much juicier and easier target. The computer apocalyse is coming quite fast.

Or like Clive always says go through paper for security but that kind of defeats the purpose of the internet since it is just one huge landmine.

On Comey i think he knows he messed up big time. And with the healthcare that died today, if Trumps behaves like he said during his campaig about taking revenge on people who wrongged him, he and Paul Ryan need to watch out. Big Cheetos might explode on them.

Jonathan WilsonMarch 25, 2017 1:22 AM

In regards to the ban on electronics, airports around the world have super-expensive x-ray and scanning machines. Is the US government really saying that these x-ray/scanning machines (plus other measures like taking your laptop out of its case and turning it on etc) can't tell the difference between a laptop and a bomb in a laptop case?

Or are they saying that the security setups at these airports in the middle east aren't good enough compared to the security at western airports?

The fact that the US ban doesn't apply to US carriers but does apply to other carriers makes me wonder why a US carrier is somehow safer when all the passengers on all the airplanes will be passing through exactly the same screening...

Every time I hear about some new security measure affecting US/UK/etc airports or flights into the US/UK/etc, all it does is make me less likely to want to travel to those countries. It does nothing to make me feel any safer about flying or going to/through an airport.

name.withheld.for.obvious.reasonsMarch 25, 2017 1:42 AM

The “general reasonableness,” or “totality-of-the circumstances,” test requires a court to determine the constitutionality of a search or seizure “by assessing, on the one hand, the degree to which [a search or seizure] intrudes upon an individual’s privacy and, on the other, the degree to which it is needed for the promotion of legitimate governmental interests.” Samson v. California, 547 U.S. 843, 848 (2006).

This continuous perversion of the language is given example from the paragraph above. These texts appear in many legislative drafts, court documents, memorandum, or policies and directives across government(s). Used a the lever to suggest that constraints under the fourth amendment to government interests (the fourth amendment is anything but a statement of the "government's" interest). "Reasonableness" as expressed in the 4th amendment is the subjective adjective of the act of government breaching privacy reserved to the citizen. It is the suspicion requirement that is being subverted--the first requirement that the government must prove, not in abstention or under some form of apriori.

This is my motivation to suggest the following (exercised over several months)

Deconstructing the statute(s) in law regarding "Unwarranted" and "Suspicion-less" eavesdropping, monitoring, and surveillance of United States Persons (and others not specifically protected from governmental abridgement, for example lawful persons engaged in lawful activity irrespective of "citizenship" status) is indeed a task--but far from daunting.

Some background information further clarifying how legal "artists" (I'm being kind) redefine meaning by subverting the language ("Newspeak"; 1984, Orwell) in a deliberately deceptive and arguably in an illegal manner stated as "under the color of law".

It can be demonstrated an/the intent to subvert constitutional constraints in law is premeditated and orchestrated. We do not have a permissive form of law in which government is given propriety and priority to act as if absent the citizen or under suspension or repeal of superior law regardless of the language within a statute or ruling. This language employed can be formalized contextually; legal and functional analysis as an extrapolation from a series of legislative text.

To establish the case I will provide a step-wise process to enumerate legislative activity as an instrument to circumvent a number of legal foundations in civil, criminal, and constitutional law. I will argue that the subversion by corrupt and criminal persons that subjugates the citizenry to the status of "subject", not sovereign, is largely the result of the political class carrying water for others to whom citizenry is affirmed and of propriety.

Phase one, describe the language specifically used to undermine public and civil law. Under phase two map the legislative cross contanimation; public law and instruments, use of DoD directives and policies, Executuve policy and memorandum, Joint Publications and Directives (has international implications), Authorization and Appropriations. Phase three is identify the "Owners", "Players", "Referrees", and their organizational relationships, many of these networks are visible but unless the phase one and two elements are specified it is difficult to understand "Crypto-fascism for Dummies".

1. Definitions:

"Electronic Communications" - anything (in whole or part) electro/mechanical/optical or engaged as a common carrier operating a facility (a business operating as a network provider is under this definition a "electronic communication).

"Electronic Tracking" - acquisition of the "content" or "substance of an electronic communication sent/received or is intended to be received by a person in the United States through the intentional targeting of "persons" where person's has a reasonable expectation of privacy. WARNING WARNING WILL ROBINSON

"Electronic Surveillance Program" - A program to engage in "Electronic Tracking" (where it is not feasible to name every person, address, or location subject to...)

"electronic tracking". The programmatic and autonomic nature of surveillance is established, what the language is stating is a means to have programs live and die in the course, size, and scope of a single conversation. Try and get a FIOA request for something like this...

Electronic Surveillance is the effective gathering of "intelligence information"

ThothMarch 25, 2017 3:17 AM


Issuing certificates (and going through so many CSRs) in a single day in the name of being an efficient CA is a huge problem. One thing to note that Let's Encrypt certificates are not EV or OV certificates and it's the normal tier certificates called the DV type.

Since most certificates are the "Domain Validated" (Normal tier) type, they only guarantee the ownership of a domain but does not go into Organisational Validation and Extended Validation tier which are more expensive and requires more validation efforts. What it means is as long as you possible a valid domain and can proof to Let's Encrypt, you will get Let's Encrypt certification under DV type.

Most DV tier certificates are issued automatically as long as you pass some sort of domain ownership challenge as it's not the CA's job to ensure domain links to valid organisation which is of a higher tier.

Is there anything wrong with Let's Encrypt's method of issuance of the DV type certificate. Technically no because Let's Encrypt does exactly what a DV validation requires which is to valid a domain to a certificate's claim and that's all it needs.

It such events happen on the OV and EV tier, then it's unacceptable.

What can be done is to expedite certificate revocation under certificate issuance misuse rules if they have any in place. There is nothing that can be done unless Let's Encrypt wants to upgrade all it's certificate offering to OV and EV tier which means it will not be able to issue free certificates anymore as OV and EV certification requires more time and effort via physically identifying a company or organisation and their claims.

Should this be a surprise ? Not at all either since it's a free service and who doesn't like to hitch a ride on a free certificate issuance service ?

DD-WRT Firmware CompromisedMarch 25, 2017 4:25 AM

Recent legislation allows ISP to quietly sell customer search, web history and application usage. The plan is to insert advertising into consumers browsers just like Google and Facebook.

As the NYT documents, companies like AT&T have collecting our communications data since 1980. They have a huge number of contracts with law enforcement and the NSA.

As a solution is to use household DD-WRT router. This allows for a VPN client to run within the router and encrypt ALL communications.

So you think your safe? I did this and recently discovered I was still compromised. Here’s how:
People at the DD-WRT forum state that user Kong’s router builds are better tested and more stable than those from the DD-WRT website. So I went to the Kong site in Germany to download his ‘special’ firmware for the Linksys WRT-1200AC router.
Using PaleMoon browser I flashed the Kong DD-WRT firmware to a factory fresh modem never connected to any network. Upon reboot ublock Origin reports blocking ‘’ Again the router is only connected to an isolated computer.

Firefox also reports at the WRT login Then I reflashed using an ‘official’ DD-WRT build and was gone. I conclude that i was steered then my network compromised.
Thanks go to the ublock Origin developers.

ThothMarch 25, 2017 5:52 AM

@DD-WRT Firmware Compromised

Maybe you should open the source code (if available) and review it. I wouldn't put much trust in conventional routers for anything secure. Consider every single open source and closed source routers compromised without exceptions. The reason is the likes of Cisco, D-LINK et. al. are all in bed with the ICs and LEAs.

Ever considered the possibility of hardware backdoors in your router chips :) .

I would prefer going for a RaspberryPi as a router and firewall than a conventional router.

Also, do not do anything sensitive on any Internet devices. Leave those to the air and energy gapped devices to handle the security heavylifting.

MarkHMarch 25, 2017 8:15 AM

Authoritarian Attitudes Threaten Liberty and Privacy

Note: I was inspired to this by some comments on Bruce's post about commenting ... and judged that this squid-post would be more fitting. I apologize for lack of citations, time and energy being limited. Please pardon my America-centered perspective; the US is the country of my citizenship, has unmatched power to do good or harm abroad, and is in anxious straits.

Note 2: If you are offended by political commentary here, then for Pete's sake either don't read the following, or if you do, blame yourself!

1. By authoritarian, I mean an approach to government sacrificing individual liberty in favor of obedience to a strong central power (most often, a single person). Distilling to a few words, whereas enlightenment thinkers tended to favor a government of laws not men, authoritarians believe in government of men not laws -- or rather, the Word of the Strong Man is the Law.

2. At least in those parts of the world with cultural traditions associated with Islam and Christianity, authoritarianism is plainly on the rise. Most impressively, it is rapidly gaining popularity in such countries as France and the USA, where (I would have supposed at least) traditions of political culture should have rendered it repugnant.

3. I've noticed that many writers have been using the words "autocratic" and "autocracy" in connection with Trump. Fortunately, the US system doesn't lend itself to autocracy (yet, anyway), as the events of recent days plainly show. No doubt Trump would love to be an autocrat, but he already is -- by temperament, predilection, style of leadership and self-concept -- an authoritarian.

4. To what extent was Trump elected because of, or in spite of his authoritarian tendencies? We have interesting data on this, which dates back to before the US election. Psychology actually defines a sort of cognitive authoritarianism (preference for an authoritarian order of things), and offers a simple diagnostic which claims to measure it. In pre-election surveys, a high score on this test for authoritarianism was found to be the single best predictor that an individual would support Trump.

5. What I've been thinking about lately, is the extent to which Trump supporters in the US have expressed fury in the wake of his victory. They are the sorest winners I have seen! This was brought into focus by a recent meeting with old friends who I suppose consistently vote Republican. Though it was expressed rather mildly (they are very self-contained people), I got a distinct impression that they also were seething with resentment.

It seems that those who admire Trump are really deeply angry that the majority of their fellow citizens who didn't want him, are not bowing down in adoring obeisance to their Lion-Maned Strong Man. I've been around a long time, and never saw this before in the wake of a US election. The essence of democracy is that a great many people don't get their way a lot of the time, and that as a civil contract we must agree to disagree.

The apparent judgment by Trumpistas that protest (or even disapproval) is just WRONG, is the exact opposite of democratic spirit.

The simplest hypothesis I have found to account for this exceptional phenomenon, is an authoritarian outlook on the part of Trump's admirers.

So what, if anything, does it all mean?

For those who care to look, the destruction of political rights (and civil rights, which necessarily come along for the ride) by Putin and Erdogan is plainly apparent. Any who care about individual liberty must prefer governments to be administered by those who cherish liberalism (in the classical sense).

Leaders who aspire to comparable heights of authoritarian triumph (Orban and Trump spring to mind) can be expected to wreak similar destruction, if allowed to run riot.

But these individuals are, I fear, only a symptom of the underlying poison: it lies in the populations, and their political cultures.

In my country, bleating acquiescence to the "Patriot Act" and a plainly contrived war of aggression showed the cancer at work more than a decade before the recent election.

Sadly, I don't have remedies to propose (nor have I yet seen such from others). I write this to focus my thoughts, and perhaps to inspire the interest of others in this dread development.

SystateMarch 25, 2017 10:14 AM

Openbsd? Not Qubes?
Why use a raspberry pi? Isnt it in an even shakier boat than consumer routers?

WinterMarch 25, 2017 11:18 AM

" At least in those parts of the world with cultural traditions associated with Islam and Christianity, authoritarianism is plainly on the rise. "

Also in China and India.

Martin BlancheMarch 25, 2017 11:37 AM

Re "It's bad for several reasons and, despite them being a commercial (subscription-based) product, they refuse to pay for professional auditing."

There's no such thing.

You can use tools or pay for code analysis services, but that doesn't verify crypto. You can dump $100k on any one of a few different crypto experts but no one guarantees anything. All they can do is give you an opinion. What do they verify? Implementation, that is all. If you do anything differently at all, absolutely no one can be paid to validate your code.

It is an extremely bad place to be. As desperately as innovation is needed, if you build something new in crypto you are in Hell's Kitchen. The gov't will oppose you, competitors will oppose you, drive-by diss blogs like this one provide a venue for anyone to attack the new thing with impunity, people who can't read and don't know what they're talking about can attack openly pretending to be an expert.

And you're saying...a product or service is no good because someone didn't pay for professional auditing? I'm going to wait until another discussion breaks out on this blog about a new idea for a HW or SW something then attack it as snake oil because they didn't pay $100k to have it professionally audited, whatever that is.

.March 25, 2017 11:41 AM

@Martin Blanche

It proves they're damned if they do and damned if they don't. Something new? Push it out and it's attacked, invite open eval even offering to pay? Attacked again.

ThothMarch 25, 2017 11:44 AM


Good luck with meddling and getting as much details from consumer routers for inspection.

OpenBSD and Qubes are actually not very high in security assurance but still, best to make do with whatever is available. OpenBSD is around and have been time tested. Would prefer to stick to something that have been proven for decades to be built with pretty high quality of codes and security. Qubes is still rather new when compared to OpenBSD.

MatthewMarch 25, 2017 11:54 AM


We know more about the hardware internals of all models of the raspberry pi than any consumer routers.

Furthermore raspberry pi's are sold without a case so there is no need to dismantle anything to inspect the circuit board.

The only way NSA, GCHQ can put any eavesdropping component is to ask the manufacturers to hide within the chips.

Unlike consumer routers which uses propriety firmware and OS, many free OSes have been ported to the raspberry pi so we can choose the most secure OS which is OpenBSD as Thoth recommends.

Although raspberry pi also has propriety firmware to boot the OS, the hobbyist community has made great strides to reverse engineer it. I believe in the near future we can replace it with open firmware like what libreboot does for PCs.

I think Qubes is not ported to raspberry pi because it requires 4GB ram. Maximum ram for raspberry pi is 1GB for the raspberry pi 3 model.

rMarch 25, 2017 12:52 PM

Except openbsd in its current form does not support pi, it supports beaglebone.

I'm not up on arm internals but I'm sure it's not a horrendous caveat.

FlasherMarch 25, 2017 1:21 PM

Has anyone, suggestions about flash Android, meaning USB hub passed to sys-usb, and run the adb/fastboot from there, on the QubesOS? My desktop crashing when assign the USB hub.
With all of BADUSB and IrateMonk(bad SATA), scared to connect anything to the Ubuntu, definitely not smartphone... much too backdoor and trojaned.
Do not care which distro will flash, any them much better compared to carrier trojans.

Am using Google Translator, sorry if not good English.

I read about a SubgraphOS also GenodeOS, but they seem not ready normal users yet. If you have advice for any OS like that though, I appreciate it a lot. Any "isolation kernel" probably close in safety to any other "isolation kernel". I just need basic DE and "security through isolation".

May you all having good days! ^o^

ShacharMarch 25, 2017 1:54 PM

Question about let's encrypt. They do nothing (Zero, Zilch, Nada, Mafish, Nil, Gurnisht) to verify ownership over the domain. If you can route the IP that the DNS points to (or poison the DNS), you're good for a certificate.

I asked in the forum, and the answer I got was "use DNSSEC". This solves the poison option, but not the connection hijacking one.

From the beginning, doing email verification to issue certificates seemed to me like a major weakening of the entire certificate model (though browser's highlighting when the entity is also signed did some good in that regard). At least there, you do verify that it's the domain owner that signed the certificate (even if you don't know who that owner is).

In this case, I feel that the let's encrypt certificates give no more security than self signed certificates.

I'd like to hear people's opinion on the subject.


Nick PMarch 25, 2017 6:35 PM

@ Shachar

They support Certificate Transparency. That means 3rd parties worried about their names in a domain can just write scripts to check the logs. Then notify them of a problem. This might even be automated if it happens enough. In any case, it pushes the tracking of domain certificates to their owners instead of a free service have to validate all of them on their own.

I think Lets Encrypt should put checks in to flag domains with high likelihood of fraud like those containing PayPal or eBay.

Ah the intrigueMarch 25, 2017 7:16 PM

"Devin Nunes Vanished the Night Before He Made Trump Surveillance Claims"

Assuming that whoever gave it to him was authorized to have that information, he would have had to have visited a SCIF [Sensitive Compartmented Information Facility].

Did this leak come from the White House or was it an Op to see what Nunes would do etc.

"Ex-CIA chief [Woolsey]: Michael Flynn's firm discussed removing Turkish cleric from U.S."

Woolsey dotting his i's and crossing his t's? Aside from burning Flynn? Flynn has lawyered up which is why he belately registered as a foreign agent (incidentally including Woolsey's name in the registration)

"Time for 'J. Edgar' Comey to take his leave"

Robert Wasinger served in senior advisory and liaison roles in President Trump's campaign and transition team

A desperate attack piece. Looks like the sabotage is getting deeper. Aside from Nunes cancelling the open hearing of the House Intelligence Committee which would have featured Hayden, Clapper and Brennan

Follow the money etc

Do Trump surrogates anticipate future financial reward from Trump org for "loyalty" to the President? Quid pro quo Quid pro quo.

ThothMarch 25, 2017 7:18 PM

@all, Shachar

re: Let's Encrypt

Go and read my above comments on Let's Encrypt. Also, read about how and what is DV, OV and EV certificates and their validation criterias are.

Understand the processes of running an Enterprise CA which any CA that is public facing are considered so, before you or those "Security Experts" start talking about them.

Bwfore yet another person starts to say Let's Encrypt is now untrusted just because of a news article, let me state clearly that their level of issuance is only at the basic level of checking which is a DV certificate. DV certoficate means as long as your domain proof ownership, you will be given the certificate. OV and EV levels are more stringent and those are NOT ISSUED by Let's Encrypt.

I am not affliated with them but due to my previous work of helping CAs with their HSM deployments, I get to share and see their pains as well.

gordoMarch 25, 2017 7:52 PM

How technology tramples on freedom
Rapid advances in biometric technology mean the public is surveilled – and their movements recorded – more than ever before. If this technology spreads without limits, it could soon impinge on basic rights.
By Dan Geer | The Christian Science Monitor | March 22, 2017

And we assume without proof that biometric systems have or will move from conveniences into infrastructure. Where today's deployed systems largely use biometrics to verify a claim of identity, as technologies (and therefore observability) advance, identity ascertainment will cease to be an assertion ("My name is Dan") followed by some sort of verification, but will be merely a direct observable fact ("Sensors say that this is Dan").


The conundrum of how to avoid unmitigatable surprises underscores a societal change well under way, namely the public's demonstrated willingness to trade (the risks of) data retention for convenience (always) and security (much of the time). Biometric identification is certainly a discussable example of that societal change. Perhaps what heretofore we have known as confidentiality is becoming quaint. And irrelevant. Perhaps policymakers will have to reposition confidentiality within some new paradigm that prioritizes a right to integrity over a right to confidentiality, particularly as points of observation for biometric data proliferate. That proliferation coupled with increasing standoff distances at which data can be collected are likely to soon make the majority of biometric observation not a choice on the part of the individual. Biometrics thus eclipse the principal paradigm of privacy, the right to selective revelation.


There is more discussion to be had on the scope, scale, and implications of "biometrics," yet for the moment we will close with the logical truth that no people, no society need rules against behaviors that are impossible, but the ballistic trajectory of biometric capabilities is such that constructing prohibitory rules before something is possible has become wholly essential. Probabilistically, enumerating forbidden things must fail to anticipate some dangers hence the policy tradeoff is whether to nevertheless attempt that enumeration or to switch over to enumerating permitted things. A free society being one where "that which is not forbidden is permitted" and an unfree society being one where "that which is not permitted is forbidden," whether we can retain a free society by enumerating forbidden aspects (of biometrics) is now at question.

JG4March 25, 2017 9:11 PM
Big Brother Is Watching You Watch
The Multibillion-Dollar U.S. Spy Agency You Haven’t Heard of Foreign Policy
New Cold War
Trump was right after all about the Obama administration wiretaps Jonathan Turley, The Hill. Linking to this again, since I’m stunned that Turley would write this, given the Democrat stance that intelligence agencies are the Republic’s only safeguard against tyranny. (OK, I exaggerate. But only a little.)
Alexa Are You Connected to the CIA?


authoritarian governments are on the rise around the globe, including the two most populous countries
One of the largest illegal migrant groups in the US is from India. In this modern era, India’s crisis will not stay limited to India. As is the case with those from other eastern religions and societies, once they arrive, Indians vote to mirror what they left behind in their home country, often unknowingly — as the virus of totalitarianism is deeply ingrained in the culture of irrationality.

Jonathan WilsonMarch 25, 2017 10:56 PM

There are any number of boards out there that run chips that are more open than the one in the Raspberry Pi.
Things based on TI chips like the BeagleBone Black are more open and documented than the Broadcomm part in the Raspberry PI (the exception to that is the PowerVR GPU but for a router the GPU isn't an issue). Also AFAIK the amount of hidden or secret code required for the TI parts is a lot less than for the Broadcomm stuff.

ThothMarch 26, 2017 12:01 AM

@DIY Home Router et. al., Nick P, Clive Robinson, Figureitout, Dirk Praet, ab praceceptis

Some ready to purchase boards for your DIY home router.
- Beagleboard (TI [US])
- Banana Pi (Allwinner [Chinese])
- $9 CHIP (Allwinner [Chinese])
- STM32 Discovery Board (STM32 [France])
- Cubieboard (Allwinner [Chinese])

Anymore suitable single board computers with pretty open firmware, codes and designs can be added here. Operating System wise have to depend on the board itself.

ab praeceptisMarch 26, 2017 3:13 AM


I agree. Actually, I think that self-signed certificates are no less and probably even more secure than let's encrap in many situations if one has taken care of making ones fingerprints visible to ones audience.


A let's encrap "certificate" prooves pretty much nothing other than the owner being naive and gullible. But - and that's the *real* decisive factor - with let's encrap one gets a lock icon in the users browsers.

Cacert, whose model was certainly no worse than the CA based one, failed for many years and up to today to find acceptance and support from the browser mafia. Suddenly let's encrap which is much worse does get acceptance and support and even in turbo mode.

let's encrap is basically just a logical extension of the rotten by design PKI model, namely by saying "everybody knows that the certs don't care a rats a**. Their DV is purely proforma and ridiculous. So, hey, let's just do the next step and not even blabber about verification but rather hand out them DV certificates right away and for free".

There are two real problems:

a) the PKI model and the CA mafia that got rich with it.
b) the browser mafia who colluded with let's encrap.

Both problems must be solved. We need browsers which are not built with "let's get rich!!!" in mind but with the users (and their security) in mind. Leaving aside the "we are free, we are MPL, etc" noise aside, *all* of the major browser builders have done maily one thing: They have tried to create a parallel "world" within our systems with any and every capability big business (plus intelligence agencies) might need and want - and they didn't care a rats a** about our safety (except making lots of noise).

The Truth is simple and ugly: All oft them have sold us out.

ThothMarch 26, 2017 3:29 AM

@ab praeceptis

It is not just applicable to Let's Encrypt DV certificates. All DV certificates are problematic as it ties a domain to a certificate but who owns the domain is never checked and this is the default industrial practice and is part of the design for "cheap certificates" or free ones.

You literally get what you paid for in terms of security.

Wesley ParishMarch 26, 2017 4:08 AM


I've been reading Colonel David H. Hackworth's biography About Face and found something quite interesting in Chapter 17, Corporate Headquarters, pg 598:

I found myself searching wildly for a magic solution. [...] In the stacks of the Pentagon library I found dozens of after-act reports covering the French experience in Indochina, 1946-54. The French had well documented every operation; translated into English, their frustrations, failures, and lessons were exactly the same as those that U.S. troops were experiencing in '67-'68. Yet a lot of people really must have believed the American four-star general who suggested that since the French hadn't won a war since Napolean, nothing could be learned from them -- judging from the un-marked "due date" form in the front of each book, not one of these French after-action reports had ever been checked out.[...]

Now I have something to ask from librarians at the Pentagon and likewise at other such military institutions in Europe including Russia, France, UK and Germany, in India, Pakistan, Iran, Egypt, China, and across the globe. There is a fair chance there are books in your shelves and stacks that may be likewise on the level of vital state and world interest. We can't do anything about the problems they may expose unless we know about them. And in military and suchlike state forces where featherbedding is of prime importance, the military themselves will not be willing to acknowledge them.

What I ask is that you [re]publish on reputable world archive sites such as and ibiblio such texts. (It is too much to ask that the oil companies publish the scientific studies of earlier decades that reportedly proved that climate change was real and which were reportedly suppressed a la Stalin to prevent the truth impacting profit levels. But I expect honesty from librarians.)

ab praeceptisMarch 26, 2017 4:18 AM


(list of boards) - won't work because most don't have the needed know-how. They'd simply install a linux on the board and also bring along all their bad and careless habits. Hint: Look on the web; many use ubuntu with their little boards.

Plus: Most of these boards don't have dual ethernet. Sure, usually that can be added somehow (e.g. shield) but most won't know how to, let alone how to do it properly.

That said, one might add the Infineon STM32 to the list. Nice boards and dirt cheap.

Note: According to vault 7 the arm cpus should be considered tainted too (I guess, you, Thoth, aren't surprised at all ...).

"DV certificates" - True, but let's be realistic: OV and almost certainly EV aren't much better except for some bureaucratic mumbo jumbo.

Moreover, even if one of the CAs were doing their job well and properly, so what? Thanks to the rotten by design PKI model any shitty CA can hand out certs for your EV-"secured" domain, too ...

The real discussion shouldn't be about this or that CA but rather about closing down *all* the CA after creating a sensible and properly designed PKI system. NTW the knowledge to do it right *was available* but it was done the way it was done anyway. Would I be a conspiracy theorist if I assumed that the PKI structure was designed so poorly for a reason and intentionally? After all, it just so happens that the "intelligence community" (aka the a**holes giving a rats a** about constitutions or civil rights) can be and is very, very happy about the current system.

Clive RobinsonMarch 26, 2017 5:37 AM

@ Thoth, ab praeceptis,

You literally get what you paid for in terms of security.

There are a number of problems with Certs, and a number of problems with CA's and likewise browser manufacturers. Some are for the reasons suggested but in the main because,

    Users do know what it is they want to do nor do they generally give a rats a55 about it as long as they can click and go.

      PubKey Certs are a building block or component like a brick or bolt, whilst they require care in their design they are of themselves of limited utility. That is they are of of not much use in of themselves without other components. Thus a pile of bricks is not a wall or a building, bridge etc, and a bag of bolt's is likewise not a bridge or engine etc.

      Thus we should consider what it is we are attempting to build with them that is at fault not the PubKey Certs themselves. Otherwise we will throw the baby out with the bath water.

      What users want is something they themselves can not define, and when they try they invariably get it wrong because they see it nebulously. They are looking for "trust" but they arm wave when you ask them what they require of trust...

      PKcerts can be used to build systems that establish secrecy, privacy and trust. But to be of use you have to first be able to define what you want in a measurable and relevant way. Thus be able to establish testable boundaries not just on limits but function.

      An examination of many systems using PKcerts is that they have ill defined objectives and lack testability. Further the users of such systems have no understanding of the function or the limits of the function. Thus when a warning is given few users have understand what it means.

      Thus the systems are usually a failure in perception thus specification, design, construction and use.

      As a general rule of thumb, when peoples perception is based not on what something should do, but on what it should not do, you need to go back and start again.

ShacharMarch 26, 2017 5:38 AM


The problem is that unlike normal DV certificates, that tie the certificate to the domain, Let's encrypt doesn't do even that. They tie the certificate to the IP.

Certificates tied to a domain have their uses (even if I agree that they are much less useful). Certificate tied to an IP is no more secure than a self signed certificate.

I used to own a company that (tried to) set up a backup service. If you learned to use our product at (not the real URL), then having a certificates that secures that domain (i.e. - you have reached the real would have been useful to you even if you did not know who Lingnu Open Source Consulting Ltd. was. A regular DV certificate gives you that, while the Let's encrypt certificates don't.


Clive RobinsonMarch 26, 2017 5:46 AM

@ Thoth, ab praeceptis,

My appologies for mucking up the formating of my above. The indenting should have gone back to normal after "click and go".

rMarch 26, 2017 7:00 AM


(Quote)Note: According to vault 7 the arm cpus should be considered tainted too (I guess, you, Thoth, aren't surprised at all ...).(/quote)

Link please, since i know full well you've been deep diving the archives.


ThothMarch 26, 2017 8:31 AM

@Let's Encrypt Crap Certs et. al. && DIY Home Router et. al.

If Let's Encrypt is not properly tying the certificates to domains, file a report. Worst case, contact WebTrust and file a complain to call for an investigation for revoking Let's Encrypt's CA operating licenses. Link is below. I suspect WebTrust would simply dump out your email and ignore :) .

If all measure fails, we can worry as much as we want but does that make a difference ? Do we have the resource and political power to change the situation ? Those with political power are unwilling and corrupted. Why would they even bother about these issues.

If you are interested, you can find a way to remove Let's Encrypt Intermediate CA certificate from your Trust Store or Certificate Store whichever browser and OS you are running. This will solve the issue and trusting Let's Encrypt issued certificates.

The PKI model is problematic but do we have a practical and ready replacement ? Answer is none at all. All those in power (i.e. ICANN et. al.) listening to advises to find a way to improve the Interwebs ? Nope either. There will be too much disruption and infrastructural changes for everyone and those enriched by the CA business wouldn't give up without a fight.

What is the best solution here ?

As @Clive Robinson and myself have been banging all the time SEPARATE YOUR SECURITY DOMAINS !!! One for Internet connected crap infected outside the DMZ zone network. Another computer running OpenBSD or some sort of Qubes or even a Genode Framework as the Security Gatekeeper and what @Clive Robinson loves to call a Security Pump. In fact, if anyone is serious about security, OpenBSd and Qubes would instantly fail as being TCBs for the Security Gatekeeper's kernel. The only option is either a Genode running the seL4 mode or the NOVA hypervisor mode and then emulate some userspace kernel OS. Redox OS which is another microkernel written in Rust is still a valid option. In fact, both Redox and Genode are not fully ready for such roles so that will have to fall back to OpenBSD and Qubes for the Gatekeeper OS.

What about the CPU running ? This brings us to the topic of DIY-ing your own home routers. As we all suspect, most ARM chips (the ARM A series specifically) have TrustZone which is not visible to userspace and maybe running silently behind the background and allowing a hardware backdoor, the other option would be the ARM Cortex M series which is what the STM32 is based on and so far there isn't any known backdoors as ARM Cortex M does not have TrustZone.

If you are running ARM Cortex M chips (i.e. STM32), you can look at Zephyr OS which is another microkernel by Linux Foundation but it's not ready yet anyway and now you have a problem. You want a more trusted chip but you may have to write your own Gatekeeper kernel because Linux doesn't cut it (and is too big) while other microkernels are not ready for "Show Time".

This brings back the C-v-P topic yet again. In fact, we have been stuck at this problem for ages.

Assuming your Gatekeeper works fine and is as you envisioned, difficult to compromise, you would still have to setup separate domains behind your Gatekeeper. Probably the use of data diodes behind the Gatekeeper would be possible if you can make them yourself. For the most sensitive stuff, it will need to be energy gapped, air gapped ... just use your feet to shuffle between two computer screens and manually copy the bytes probably on a scrap paper and remember to burn the paper later on.

It all boils down to the security level you want. Choose and plan your own security instead of running into panic mode without a plan in mind on how to incrementally increase your security.

Sitting here and reading whatever we said is pointless. Start tinkering and doing something. One example is @Clive Robinson not allowing wireless connectivity in his home if I remembered correctly.

If you don't like Let's Encrypt and don't trust them, just remove the Intermediate CA cert and that's about as much as you can do for now.

If you want a custom DIY router, be prepared to create everything from scratch including your own firmware binaries and looking for boards with chips that you are certain you can trust.


AlanSMarch 26, 2017 8:54 AM

@Ronny Andersson

No surprise the London incident would be used in this way. Here's a longer clip of Amber Rudd, British Home Secretary, on the Marr Show attacking encryption and demanding backdoors.

This is the Rudd that wanted British firms to create registers of foreign employees so they could be named and shamed and who is a cabinet member of a government that would like to undo the European political project, is risking the breakup of the UK, that is oblivious to the damage being done to the Good Friday Agreement, has fantasies of Empire 2.0, and whose PM spends a lot of her time sucking up to dictators and authoritarians. Makes you wonder who really is the enemy of the people, peace and security.

jaja...March 26, 2017 9:07 AM

@Shachar 'The problem is that unlike normal DV certificates, that tie the certificate to the domain, Let's encrypt doesn't do even that. They tie the certificate to the IP'

All my Let's Encrypt certificate are tied to my domain name so this is FUD.

ThothMarch 26, 2017 9:35 AM

@Let's Encrypt Crap Certs et. al.

I just opened a few websites that uses Let's Encrypt and they are all tied to Domain Name as well. Not sure how yours ended up with IP Address being tied though.

Ha rrrr pyMarch 26, 2017 9:49 AM

@Thoth, Clive, All

Do not discredit niche applications where NetBSD is applicable or hobbyist operating systems that are directly verifiable (byte for byte wise, not counting potentially [s]proofed C projects like Sel4) 100% assembler.

Secure ComboMarch 26, 2017 11:17 AM

The latest BeagleBoard is delayed pending NSA and NIST certification:

Combine with the worlds first 12TB Secure Helium Drive:
When compared to the previous-gen Enterprise Capacity HDD’s, the new ones support RSA2048-signed firmware with a secure download and diagnostics (SD&D) feature that prevents unauthorized access, modification or installation of a tampered firmware.


ShacharMarch 26, 2017 11:46 AM

@Thoth & @jaja,

I may have misspoke a little. What I meant was not what the certificate says (which is, indeed, that it is tied to the domain), but what the verification process verified (i.e. - that the IP I claim the host name has is really routable back to the host).

Whatever LE's certificates are tied to, the only thing they verified was the IP address. This is unlike the usual DV procedure, which also verifies that the domain owner knows about the certificate being issued. That step simply does not take place in this instance.

I should also point out that I've been sitting on saying this for a while now, and happened to grab the first squid post that was available to say it. Only after Thoth reacted the way he did I notice Let's Encrypt was in the news.


Nick PMarch 26, 2017 12:00 PM

@ Thoth

You get those from that list on Hacker News? There were a bunch of embedded computers posted. I was looking at them for what cost under $100 with right combo of chips and stuff. The ideal one will have a decent CPU to cover cost of mitigations, crypto acceleration, onboard Ethernet, wireless as a separate component that can be mitigated, and full support for FOSS implementation. I put the wireless requirement in there since those stacks are more likely to be hammered than serial or Ethernet. Expect malware getting into it. Drop a subset of OpenBSD on it until things like Genode are in shape for it. Or mCertiKOS.

"If Let's Encrypt is not properly tying the certificates to domains, file a report. "

I haven't read a ton on the situation so I might be off. What I've seen is they're tying domains to certs but people are coming up with bullshit domains. It's mostly a social engineering thing where people are making tricky domains. Let's Encrypt does its part, including a Certificate Transparency log, whereas uneducated users are convinced to click on domains that harm them. They could do more about this but it's a recurring problem. I'll add that you don't see Paypal, Ebay, etc offering a pile of money to CA's to help them with cost of protecting Paypal, Ebay, etc from social engineering. Looks to be an externality on both sides to me.

Let's Encrypt is overall a net positive. The reported problems come more from how Internet allows anyone to get on regardless if they know how to do it safely. I keep revisiting the driver's license for Internet concept thinking it's nice. Have to avoid it since it would inevitably be abused for silencing dissent or implemented way too poorly. In U.S. anyway. ;)

@ ab praeceptis

"(list of boards) - won't work because most don't have the needed know-how. "

It will work if there's a secure, OEM image available with simple installation instructions. Maybe installed by default by reseller if we're talking extra-lazy customers. A brilliant commenter that used to be here would help laypeople on the NoScript forums all the time. He said there were plenty that went through the trouble to learn that painful tech. Whereas, just plugging something up and following some steps would probably help a lot more. It will remain niche but doesn't have to be so niche as to have no significant adoption.

@ Shachar

Their site says the verification is essentially done by proving you control the machine, domain, and IP. You have to set up a DNS or HTTP server for it. I'm guessing you also run their software on it. Hmm. It is worth some wargaming in the future.

ab praeceptisMarch 26, 2017 12:17 PM

Nick P

I fully agree. But for the moment there seem to be no such sources. To make it worse most "hackers" (people liking to play and experiment with stuff) having the know how seem to be rather adverse to writing tutorials for less tech-savvy people.

Plus (and I do not at all mean that cynical): One would have to trust some third party again.

And as I already mentioned, most people would (for a router) need a board with 2 ethernet ports - which are rare.

To end on a positive note: One ready to order, unpack, and use alternative might be routerboards from mikrotik. The OS coming with those (routeros) is linux based and feeling somewhat weird but those boards work and, a big plus, they are usually based on processors that are not among the classical targets for nsa and accomplices. Actually, one can even chose; there are (or were?) atheros based ones, powerpc based one and others.

From what I remember, routeros is closed source but them boards using reasonably well known chips (some even supporting sd-cards and the like) it should be feasible to make them run with some other OS or at least some linux with source available and secured as well as possible.

ThothMarch 26, 2017 12:23 PM

@Nick P

I did not get the list from HN. I simply searched the Interwebs and came up with my own list. You can say our brains entered into a sync mode of sort. Lol.

As I have pointed out, running a CA operation is not easy but as per usual, when there's a problem, it will turn into a "Witch Hunt" instead of a problem fixing session. Nothing can be done to improve the environment.

ab praeceptisMarch 26, 2017 1:37 PM


Yes, those.

BUT: a) I clearly suggested to mistrust the preinstalled routeros linux and to replace it if any possible, and b) kindly note that the problem was *not* specific to those routers; they just happened to be a preferred target. The problem was *users* not at all or very carelessly configuring their router and, so it seems even keeping the default password.

Sancho_PMarch 26, 2017 2:10 PM

@ab praeceptis

This is always the problem:
Vendors / manufacturers are not liable + users are careless, helpless and vulnerable.

It’s like selling a hammer where the head is only virtually fixed to the handle.
The user is responsible.
Only that with a hammer the vendor / manufacturer would have a problem.

Dirk PraetMarch 26, 2017 3:24 PM

@ Nick P

Their site says the verification is essentially done by proving you control the machine, domain, and IP. You have to set up a DNS or HTTP server for it.

I have created quite a bit of Let's Encrypt certificates using several different clients. The generated token and verification process requires you to have a http server running on the (virtual) host you are requesting the certificate for as to prove that indeed it will be used on said host. The only way to work around that procedure is by somehow spoofing (or hijacking) the domain.

Looking around, you indeed stumble across folks complaining Let's Encrypt certificates were issued for sites like "". The problem here is not with the verification process but with the user's understanding of the domain naming system. Some more creative criminals also use a technique known as domain shadowing, i.e. somehow gaining control over a subdomain of an otherwise valid domain name, such as in . Neither of these two are Let's Encrypt specific, and any CA automatically issuing certificates to such subdomains without throroughly checking ownership will equally be vulnerable to domain shadowing.

Let's Encrypt is a really fine poor man's solution for folks wishing to get rid of clear text transmissions on their web sites, but that's just about as far as it goes as the entire CA system is broken beyond repair, and which we have discussed ad nauseam in the past.

AnuraMarch 26, 2017 5:26 PM

I'm not certain, but I believe DANE allows you to run your own intermediate authority that is trusted both through DANE and a separate root CA. If that's the case, what we can do is have a non-profit group run a CA that issues free certificates after retrieving a CSR via DNSSEC, which authenticates that you own the domain in a much better manner than most CAs do today (at least with their cheap certificates). You then run in parallel with your certificates trusted either via DANE or the root certificate and eventually when every client supports both methods we can move to self-signed certificates via DANE.

JG4March 26, 2017 5:33 PM

"What's your threat model in a world run by liars, thieves and murderers?"
Big Brother is Watching You Watch
US Senate votes to let internet providers share your web browsing history without permission Verge (furzy)
Fake News
How US Flooded the World with Psyops Consortiumnews (furzy)

Clive RobinsonMarch 26, 2017 5:53 PM

@ AlanS, Ronny Andersson

No surprise the London incident would be used in this way

No it's not, it would be nice to say that Amber Rudd was laying it on thick because the MPs were in shock that the incident happened on their own front door. But as it's the same mindless drone for each and every opportunity most people should by now be aware that it's actually a pre-prepared attack on the Internet and ordinary peoples freedoms that gets rolled out at every opportunity.

For those that actually know anything about the history of encryption, the carefull use of codes, ciphers and stenography has always worked one way or another for thousands of years no matter how loud a tyrant shouts, rants or throws the furniture about.

Put simply you can only stop something if you can observe it in progress. Likewise you can only recognise it as such if you have the ability to tell if a message is encrypted within another message or not. Which if people are carefull you can not.

A well thought out and used code is indistinguishable from ordinary plain text. Which is something Amber Rudd appears not to be cognizant of[1].

For instance a simple "Let's meet for a coffee?" can be expressed in many way's you could change the comestable to tea / beer / cupper or bite / sandwich / lunch etc. Or you could say "how about we" instead of "Let's" etc. With a little thought you could get thirty or more quite natural variations each one having a potential hidden meaning. Likewise the carefull use of "idle subjects" such as the weather or sport. One old trick is to use a switch word or phrase, which turns the use of hidden meaning on or off, thus if you did not give the "on word" you could quite happily talk about the weather or sport etc quite naturally with both parties knowing that there was no hidden meaning. An evesdropper however would not know thus would be unable to find a correlation between the conversation and any subsequent actions carried out by either party.

How ever such things can go wrong as wittnesed by one evesdropper when one party yalked about making a cake and the other party said "you mean the bomb"...

But their are other ways HTML tags can be nested within each other in any order without effecting how the information is displayed thus the use of the order of the 'B'old and the 'I'talics flags can be BI=0 and IB=1 thus a single bit of information at the start of the block and another at the end of the block. Or the first tag pair BI=no message and IB=message with the second tag pair giving a switched one bit of info.

There are a vast number of other methods and tricks, and channels to hide them in that are too numerous to be detected.

So the bottom line is the likes of Amber Rudd are either not correctly advised or are deliberatly misleading people for other reasons...

[1] This will not surprise readers of "Private Eye" who have dug into Amber Rudd's background and her Father.

CassandraMarch 26, 2017 6:44 PM

@Clive Robinson would be nice to say that Amber Rudd was laying it on thick because the MPs were in shock that the incident happened on their own front door. But as it's the same mindless drone for each and every opportunity most people should by now be aware that it's actually a pre-prepared attack on the Internet and ordinary peoples freedoms that gets rolled out at every opportunity.


So the bottom line is the likes of Amber Rudd are either not correctly advised or are deliberately misleading people for other reasons...

I wonder if this is the hand of Charles Farr and sympathisers at work. Sufficient people who really ought to know better, given the positions they occupy in the UK government, use the same playbook when talking about encryption. There is something distinctly odd going on.

AnonMarch 26, 2017 9:48 PM

While the media are busy reporting how "ENCRYPTION IS THE ROOT OF ALL EVIL!!11111!!", most people won't notice the absence of reporting about not knowing WHO he sent the message(s) to (I thought it was one message seconds before the attack, but some news reports read as if there was more than one within a few minutes).

There is so much disproportionate reporting happening the last few days regarding this message, it raises the question of "what are they hiding"?

ThothMarch 26, 2017 10:11 PM


If they don't like encryption and security, they are free to do so. When the corrupted War-Mongering Govts start kicking their doors and pointing assault rifles in their faces , snatching their smartphones, force a PIN code or fingerprint and make them write false testimony, waterboard them or best of all, summary execution without trial ... then they will start to regret and slowly wake up.

For now the worst have not come so it really doesn't matter how much we rave and rant. They gotta feel the pain to learn their lessons (or maybe they wont learn because they are already dead 6 feet under in some remote island detention center).

AnonMarch 26, 2017 11:47 PM


I'd like to say "I hope it doesn't happen", but the fact they are apparently hell-bent on removing privacy from electronic communications tells a different story.

The Sun (generally a useless rag) has perhaps the most disturbing headline of any: "WHICH SIDE ARE YOU ON, WHATSAPP?". If provision of privacy in an app is going to be met with this kind of reaction, then how long will it be before a company offering secure products gets prosecuted, shutdown, or FISA'd (or the British equivalent - I'm sure there is one) into either removing the security, or back-dooring it to the point it is useless?

We know this is already happening with some products, but I think it could be a matter of months before this applies to all products.

One way to counteract it would be to not update software, but that could be countered by altering any server-side support structures to break the applications. Applications that don;t have a server component would be immune from this kind of block.

I only see extremely draconian actions being taken against applications and their developers at this point.

Do these people have any concept of what no or meaningless privacy/security would have to something like the internet? I'm only going to end up repeating what we already know.

FigureitoutMarch 27, 2017 1:24 AM

--There's thousands of dev boards too that would probably work. I'd be more interested in the firmware (of which there's a ton w/ chips of that magnitude) and architecture (what has direct access to what if you flip some bits, any attempts to isolate parts in chip, etc.). Far as boards, I really want a UPS for my RasPi, something cheap, easy, robust (can only choose 2 or maybe 1 eh? :p).

Off topic but on embedded security, in my school studies, have a project (which is kinda done, as long as I get LCD working), anyway got to thinking about security...So even the 16X2 LCD screens have at least one MCU in them (think one memory chip, think..don't know enough why they'd need 2). So firstly if you don't configure the LCD to only receive (put R/W pin to ground), that's a way in your MCU. Then there's up to 10 more pin connections which a potentially infected LCD has write access to your MCU (it shouldn't if you put R/W to ground, but maybe a backdoor). But there's I2C modules (another MCU) and even serial modules (another MCU, but can isolate) to allow interfacing w/ an LCD. Came across this: which I think you could use a data diode on. Basically you have a data diode off your MCU to this module, and there's a little more assurance the LCD is just receiving commands (not sure why you'd want to read from LCD MCU, not a lot of use cases).

I may try that sometime. One of my dreams is having a functioning computer that has all it's parts nicely isolated, making it very hard to infect the whole thing. This may be able to isolate a screen, but doesn't do anything about a hidden radio. Keyboards on the other hand...always need to send data inwards...can't have a computer w/ no input.

Dirk PraetMarch 27, 2017 2:08 AM

@ Anon, @ Thoth, @ Clive

If provision of privacy in an app is going to be met with this kind of reaction, then how long will it be before a company offering secure products gets prosecuted, shutdown, or FISA'd (or the British equivalent - I'm sure there is one) into either removing the security, or back-dooring it to the point it is useless?

The British equivalent thereof is the Investigatory Powers Act - also known as the Snoopers' Charter - that was signed into law in November last year. It's unfortunately worse than FISA(A), EO12333 et al as it also covers the exact kind of backdooring proposed in the (for now) failed US Burr-Feinstein bill and which can be found in sections 254-256 thereof.

Technically, the UK already has the legal authority to force ISP's, service providers and software companies (even foreign ones) into introducing backdoors and crippling encryption on behalf of Her Majesty's Government. I'm pretty sure both Rudd and May are very aware of this and that the recent statements on WhatsApp by Rudd and The Sun are just media spin to warm up the general public to such actions. Important to note is that the affected ISP, service provider or whomever else it applies to is gagged from revealing this to its users (as in a US NSL).

In practice, any "technical capability notice" has to pass at the office of a cabinet minister - probably the Home Secretary, i.e. Rudd - , who then needs to consult the Technical Advisory Board to examine proportionality of the request, after which it gets forwarded to a "Judicial Commissioner" for legal scrutiny. A refusal by this commissioner can be overturned by the Investigatory Powers Commissioner (IPC), appointed by the PM.

What this boils down to, is that if both the PM and the Home Secretary want a backdoor, it is going to happen, no matter what fight the IPC and the affected company put up, and unless said company is willing to pull out of the UK market.

keinerMarch 27, 2017 2:24 AM

The looming economic crisis is going to wash away all savings, all pension funds etc. So major uprising ahead, better to stop a Facebook-overthrow of the governments from the very beginning...

ThothMarch 27, 2017 2:37 AM

@Dirk Praet

"What this boils down to, is that if both the PM and the Home Secretary want a backdoor, it is going to happen, no matter what fight the IPC and the affected company put up, and unless said company is willing to pull out of the UK market."

Not sure if the Govts are stupid enough to not notice that their equipments are heavily COTS reliant and backdoors would simply enable China, Russia et. al. to walk through their defenses and grab their documents with ease.

The argument should be re-focuses by "Security Experts" to point out that things like OpenSSL, OpenSSH and E2EE protocols and implementations once backdoored would be a boon for foreign spies and adversaries. If the argument is along the lines of personal security, the debate immediately loses. If the argument is along the lines of "backdoor == major national security breach", then it stands a chance of fighting.

So far, most arguments are along the line of individual security and privacy which in most general public's eyes is still a negligible issue where they can shrug their shoulders and say they have nothing to hide and once that is done, the Govts simply comes in and does it's things to make backdoors everywhere and the consequence would be boon for foreign spies and adversaries as well.

One imaginary example is to backdoor the ECC implementation in OpenSSL where the BigInteger calculations would have some whitening procedures to prevent certain classes of side-channels but in fact the whitening might surreptitiously introduce a sort of backdoor function with hard-coded parameters to cause the ECC calculations to contain exflitrated data in the name of side-channel prevention whitening. Let's imagine this exists and is used to backdoor OpenSSL cryptolib but also frequently found in COTS products deployed in Government systems.

The above would be a more convincing scenario of sorts when used in debates to show that backdoors are not necessary the best idea especially when Governments rely on COTS so heavily these days.

Clive RobinsonMarch 27, 2017 2:43 AM

@ Cassandra,

I wonder if this is the hand of Charles Farr and sympathisers at work. Sufficient people who really ought to know better, given the positions they occupy in the UK government, use the same playbook when talking about encryption.

You might want to look at the "glove puppet" spin doctor of PM Theresa May, Fiona Hill --formerly Cunningham-- who worked at one time for Sky News. She is known to have been very passionate about Charles Farr.

But like a number of others close to UK Priminister May the hand that realy controls with a light touch is that of wanabe King Maker Rupert Murdoch. Who is known to have a "thing" about certain types of Women like Fiona and Rebecca Brooks. Some have said rather more than his own daughter Elisabeth, who was at one time married to Mathew Freud "spin doctor extraordinaire" and were part of David Cameron's "Chipping Norton set".

Rupert Murdoch is known to not have any respect for peoples privacy or let a minor nuisance like British Law stand in his way (look into phone hacking). He also has been building up significant Internet based interests that would benifit from various legislative changes. His behaviour in British Politics has alarmed many for over thirty years and it has been said that the character "Elliot Carver" in the 1997 James Bond Film "Tomorrow Never Dies" was based very much on him and his attitudes. A look at his family tree and that of other senior political families might make your chin drop a little. Further the loyalties of those he has "shown interest" in appears as strong as ever which casts quite a large web of influance.

And he very much scares people, one of the few to talk about it was Charlotte Church, who sang at his weding to Wendi Deng. Apparently she was "made an offer" of do it or get bad publicity for a life time.

As you say,

There is something distinctly odd going on.

ThothMarch 27, 2017 2:46 AM

@Dirk Praet

In fact, I would like to refine my statement. Why not use of argument of backdoors on the ECC, AES and RSA implementations of mbedTLS library ?

It would be really fun if backdoors on thew BigInteger and AES maths are done due to the fact many embedded devices (i.e. routers, , IoT devices, encryptors and so on) heavily rely on mbedTLS due to it's tiny footprint and is the industry's favourite when it comes to embedded TLS library.

This will be a more convincing argument since most Governments and Corporates rely on hardware Secure VPNs, hardware routers and other hardware-based implementations which have very tiny footprint for cryptography and mbedTLS is the natural choice.

Who?March 27, 2017 3:37 AM

@ ab praeceptis,

To end on a positive note: One ready to order, unpack, and use alternative might be routerboards from mikrotik. The OS coming with those (routeros) is linux based and feeling somewhat weird but those boards work and, a big plus, they are usually based on processors that are not among the classical targets for nsa and accomplices. Actually, one can even chose; there are (or were?) atheros based ones, powerpc based one and others.

MikroTik's RouterOS is vulnerable to the ChimayRed exploit, than can be used to upload a generic payload to these routers.

My choice would be an PC Engines Alix or APU, a Soekris or even a Firebox running OpenBSD. All these boards have simple BIOS on them that should be relatively lockable (a WG Firebox does not even support PXE).

Dirk PraetMarch 27, 2017 3:47 AM

@ Thoth

The argument should be re-focuses by "Security Experts" to point out that things like OpenSSL, OpenSSH and E2EE protocols and implementations once backdoored would be a boon for foreign spies and adversaries.

I agree. Every marketeer, salesrep and politician knows that a compelling narrative - however false - will always beat strictly rational arguments. We have seen time and time and again that the general public will gladly give up any sort of privacy or civil liberties as long as it is hammered hard enough with horror stories of terrorism, foreign invaders or pedophilia.

A while ago, our host pointed out the importance of infosec folks getting involved more with legislation, policies and procedures. The same thing can be said about marketing our story to a layman's audience and focusing on what resonates with them. Debunking the NOBUS myth IMO would indeed play a huge part in that. As much as I would on general principle oppose a narrative of Russians, terrorists and pedophiles in phones, TV sets and national powergrid infrastructure because of government mandated backdoors, perhaps we should consider it. And about which, technically, we wouldn't even be lying.

We already have an annual movie plot contest on this forum. Perhaps we should add an annual infosec marketing narrative contest, or combine both.

ThothMarch 27, 2017 6:54 AM

@Dirk Praet, Bruce Schneier

Problem with the current debunking of NOBUS myth is it's too individual / personal security related which makes it easy to shrug off as it does not connect the dots properly to how NOBUS access can lead to China, Russia et. al. to access critical Government systems of other Governments.

What we need is marketing and contest on who can make the best NOBUS myth with the tone of how NOBUS can severely impair National Security (not just personal security) and create as much marketing and scare stories (like those snake oil "security" salesmen) but this time for the good of trying to increase more awareness on the impact of NOBUS access to connect the dots to National Security and not just National Security but Inter-Government and International Security.

ab praeceptisMarch 27, 2017 9:11 AM


("mikrotik") - Again: I myself said that I dislike routeros and that it should be replaced.

Also note that my point (and the context) was *not* to in any way propagate mikrotik. I merely mentioned them in the context of "what boards could be used?", particularly after a list of boards was mentioned that typically are arm based and that has but a single ethernet port (if that).

The mikrotik boards offer alternatives to x86 and arm and they usually have multiple ethernet ports as they are designed for networking, plus they tend to be cheap. Simple as that.

The "no x86 and no arm networking board" question is one that I looked at for years and it's not an easy one, as typically one or more major problem blocks the road. Either they are way too expensive or they have just a single network port or ...

The routerboards (the boards - not the OS) in my minds eye hit a sweet spot in that most of them are cheap, the company isn't large enough to afford a lot of closed blobs, let alone special chips, is easily available and in many configurations (e.g. with SD card), etc.

So, would I recommend to buy a mikrotik box? Probably not. Would I recommend to unpack it and use it right away? Certainly not.
But I would recommend to look at the *boards* as one of quite few reasonable bases to build something upon with reasonable efforts and a budget within reach for many.

ab praeceptisMarch 27, 2017 10:02 AM


No need to apologize. I took it as a misunderstanding, no in any way as an offense.

May you suggest something? Certainly. I see no reason whatsoever why our host wouldn't want us to make suggestions.

As for Cavium I personally, subjectively and without any scientific basis am strongly mistrusting and tend to reject that for diverse reasons.

For one, one simply doesn't need that kind of chips/power unless one is leaving the realm of typical home and (not quite large) office use. Another reason is that OS support isn't too great and even the OSs with support typically have chips like those as tier 2 or even 3.

Price, of course, is also a factor to think about. Cavium boards are probably not easily available in the sub 100$ range.

Moreover those chips are usually based on/an extension of some base architecture. In the case of Cavium that currently is arm if I remember correctly. Not exactly a dream coming true ...

Maybe most importantly we should a little more and come up with a good understanding of what we want to achieve. I might be wrong but my understanding is that for security we'd prefer simple chips over complex ones.

I'm pretty much with Thoth in that I think that we should not trust *any* modern, wide-spread (x86, arm) architecture and/or that we should put "trusted security core functionality" on a secondary device/small board (I disagree, however, on anything involving any kind of java).

So, considering all factors (incl. that most of us aren't millionaires and don't have serious electronic lab at home) my currently favoured approach is to use a well established, not too new and reasonable well documented/known architecture that is readily available as boards and to add a secondary board/device as the security core.

Example: A mips based board with some ethernet ports and some GPIO points (or (ab) usabeable as such), uart and or spi, no usb or one that can be disabled, and to then add some secondary device (Thoth would probably suggest something w/smartcard) for passphrase and priv_key storage and for *core* crypto. Note: I don't care wether that secondary device delivers results in 10 ms or in 3 seconds ("very slow").

Another important factor (at least for me) is the absence of large "you must trust me" blobs and perversions such as the insane-perverts-zoo typical for x86 architectures.

Unfortunately I don't have the time right now to work on that but I would prefer to completely exclude the whole BIOS, boot loader, OS she bang at least for the secondary device. I'd strongly prefer to build my own software core or get one built by a trustworthy group of professionals (i.e. ones not fumbling with C++ or java or visual basic).

And at this point you probably should stop listening to me because one of the top priorities on my list would be to avoid the whole ssl/tls cancer, too, as well as the (no offense to Thoth) smartcard "trust me" blob.

Nick PMarch 27, 2017 11:03 AM

@ Thoth

"You can say our brains entered into a sync mode of sort. Lol."

Looks like it.

@ ab praeceptis

I do like Mikrotik a bit for this. Mainly because sell decent hardware with good margins on a large, install base. They could absorb the upfront costs of the first port of secure OS. They could also dedicate a small team to maintaining it. Such a supplier might improve security of their products as a differentiator. Large install base means large impact. It would take buy-in from the executives, though. They seem 100% focused on the money. ;)

@ Dirk Praet

Appreciate the elaboration. Yeah, it's a decent method for a free solution.

ab praeceptisMarch 27, 2017 11:32 AM

Nick P

I can't comment on that as I know next to no nothing about mikrotik as a company, let alone about their management.

For the rest I agree with you but I'm doubting that they will do what you - quite reasonably - suggested.
It's weird; one would think that any company coming up with a network box that could reasonably and credibly (or even provably) be called secure would earn loads of money - yet no company seems to do that.

My (probably utterly wrong and misguided) explanation is that one needs to have quite a lot of knowledge of a technical/mathematical nature to understand the problem and to judge whether some approach is promising or not. Management, however, pretty everywhere seems to tick very differently and to moreover prefer marketing over reality. In other words, management tends to think in terms of insurance prices being lower (or not), bureaucratic standards (like pci), and most of all, security to them is what one can sell as security.

But luckily mikrotik (or any other existing board/boxes company) isn't needed. One could as well create a new company around a secure software stack for e.g. mikrotik boards, buy them with volume discounts, and sell them as "XYZ secure router" (xyz being the new company).

And we *do* have quite some building blocks and tools available. I certainly don't need to give you examples; you probably know more kernels, OSs, libraries, etc. than anyone here.

So, all in all, I think that would be an achievable - and very worthwhile - goal and mikrotik boards might be a reasonable, easily available and relatively cheap hw. base.

JG4March 27, 2017 11:59 AM

appreciate very much the discussion of inexpensive, secure platforms. I may have some useful thoughts on the energy gapping. you won't beat the price of plywood or aluminum window screen, which also can be backed with foil. my favorite foil is 0.005" thick. the screen helps insure contact between sheets.

the answer to the threat model question that I posed (yesterday?) is Spookwerks West. they'll sell any information that they harvest to anyone, anywhere in the world, for any purpose, without regret. and you won't even know it happened
Big Brother IS Watching You Watch

New WikiLeaks dump: The CIA built Thunderbolt exploit, implants to target Macs Ars Technica

Blissful bathrooms: smart showers, magic mirrors and fun loos keep you connected at all times SCMP. Creepy– even absent a mention of a camera-containing microwave.

see also:

"Much Worse Than Watergate", Former CIA Officer Admits Trump 'Wiretapping' Likely True

long popcorn futures, short US equities

rMarch 27, 2017 12:13 PM


Mythbusters did a feradyne episode, steel screening beats bronze hands down for their measurements. I'm not sure whether aluminum was tested? I don't think I've ever seen it irl.

readerMarch 27, 2017 12:39 PM

Who keeps track of nefarious purposes for which loud outdoor power tools can be used? Or are there none?

Ah the intrigueMarch 27, 2017 2:36 PM

Devin Nunes Met Intelligence Source on White House Grounds

Then he held a press conference. Then He raced back to the White House to tell President Trump. Then he held another press conference at the White House. Then he apologized to the Commitee for not telling them first. Then he cancels public hearings Clapper and Brennan and Sally Yates...O Brother

A Hero Seeking TruthMarch 27, 2017 2:59 PM

House Intelligence Committee chairman Devin Nunes, it should be said, has a history of cultivating independent sources inside the intelligence community. He made contact, for example, with the U.S. intelligence contractors who ended up saving most of the Americans stuck in the Benghazi outpost when it was attacked on Sept. 11, 2012. More recently, Nunes has reached out to his network of whistleblowers to learn about pressure inside the military's Central Command on analysts to write positive reports on the U.S. campaign against the Islamic State.

In this case, Nunes had been hearing for more than a month about intelligence reports...

Clive RobinsonMarch 27, 2017 3:12 PM

@ Figureitout,

Basically you have a data diode off your MCU to this module, and there's a little more assurance the LCD is just receiving commands

Err why add another MCU?

That little board contains a PIC MCU. You could solve the 4/8 bit databus issue to the MCU on the LCD controler in a lot simpler way, and potentially improve your system response as well not slow it down and add unneeded code.

Simply add a buffer or latch in the parallel data path to the LCD. In most cases it can be a 74C or 74LS part without any problems. If you use a very highspeed MCU in the main part of the design, the addition of a 7474 dual latch turns it into "Letterbox buffer" where you can step the data rate right down so you can use a longish length of ribbon cable etc without "Cattle trucking" your main MCU data bus every time you want to do a bit of "User Intetface I/O".

If you are going to add an extra MCU atleast make it work for you. That is get it to not just drive the LCD but also some LEDs, read in all the user controls such as buttons and potentiometers etc. Even provide a number of proper serial port interfaces which can be current loop or voltage based also I2C bus etc. It's what I tend to do in all but the smallest of designs because it becomes a "reusable part" you can just pull in knowing it will work for you. Further it gets rid of a lot of "bit banging" and "debounce" code you would have to redo and test each time you produced a new design.

Ah the intrigueMarch 27, 2017 3:40 PM

@ A Hero Seeking Truth

Since he was a campaign and transition team member, perhaps Devin Nunes is himself a US Person incidentally collected, possibly unmasked, or one of the subjects of the FBI investigation into Trump-Russia ties. Perhaps he shared sensitive or classified info with other members of Trump's team that was then shared with foreign persons or simply inapropriately shared. Further the language that he used to explain the location where he received classified intelligence last week is cautious. He said he went to the White House to view the info to be in "proximity" to a secure location, thus apparently not actually inside a SCIF [Sensitive Compartmented Information Facility] which would be required. Got to love this nonsense!

rMarch 27, 2017 5:55 PM

@Ah the intrigue,

Actually, that sort've makes sense if it was Numes that was the incidentally collected individual.

I'd go tell the president 'my bad' too if that were the case.

TedMarch 27, 2017 6:25 PM

Just a quick comment on the United Airlines leggings controversy that was touched on in other threads.

If you read the fine print you will note that these girls were traveling on employee passes. My brother in law was an exec at a major US carrier and he always had to "dress up" for flights. I have many memories of my nephews protesting having to wear pants (as opposed to the omnipresent cargo shorts) and a button down shirt for flights. It's very strange to me that most of the press has buried this pertinent fact at the bottom of their coverage.

This incident did bring to mind a truly troubling incident I observed while traveling with my wife from a mid sized US city's airport. A girl whom I estimate was about 14 years old was at the TSA checkpoint and was being subjected to additional screening. She was wearing yoga pants and a tank top (the relevance will be clear shortly). She also had an insulin pump. Smaller than a pager and with a tube going into her body. The TSA inspectors stared at it as if it were the "demon core" from Los Alamos. They patted down every surface of her body despite the fact she was wearing skin tight clothes that she could not have concealed a handkerchief in let alone a nefarious device. They patted down her scalp though she had perfectly straight, flat shoulder length hair. After twenty minutes of this her father who had been very patient started to become vocal about the excess and the TSA finally dismissed her.

There are abuses going on in air travel but they are not employee dress codes.

Ah the intrigueMarch 27, 2017 8:03 PM

"Donald Trump's team 'wiping their electronic devices' in case they have to give evidence -- Allegations come just weeks after government lawyers ordered president’s aides to preserve materials that could be connected to Russian interference in 2016 election."

For what good it'll do since the metadata and collect it all...

"Senate Committee to Question Jared Kushner Over Meetings With Russians" (but not under oath)

(NYT in process of updating the story with new developments)

Ambassador Kislyak arranged meeting between Kushner and "Sergey N. Gorkov, the chief of Vnesheconombank, which the United States placed on its sanctions list after President Vladimir V. Putin of Russia annexed Crimea and began meddling in Ukraine...Mr. Gorkov is a graduate of the academy of Federal Security Service of Russia, a training ground for Russian intelligence and security forces." The White House has characterized these meetings as courtesy calls and a part of his ormal assigned duties as a part of the transition team. However now according to the NYT, the Russian Bank has described these as business meetings between it and the Kushner Companies. Speculating either for the bank to gain favor from the Trump Admin or for Kushner to enrich himself.

Of course we also have Manafort, Carter Page, and Roger Stone volunteering to be interviewed by the Congressional committees (but who knows when and probably like Kushner not under oath)

Nick PMarch 27, 2017 10:47 PM

@ ab praeceptis

" One could as well create a new company around a secure software stack for e.g. mikrotik boards, buy them with volume discounts, and sell them as "XYZ secure router""

I was focused on using their substantial capital instead of my ramen-level of funds. ;) That is possible, though. They make money per unit. They'd want to maximize it. The secure outfit will *not* be high volume. They will have to make enough profit to cover their expenses. Mikrotik will want to make their profit on devices that probably already cost decent money given their market segment. The price ends up being so much higher than original that it will be hard to justify it to customers in any serious volume. If just reselling their hardware, an OEM discount or license would be necessary just to survive.

I did consider having Shenzhen clone their hardware with non-Chinese components, though. Then you just have to buy a few units for your partners overseas. Then they rip you off turning it into their own business. Darn. Back to negotiating with people such as Mikrotik. ;) Seriously, though, there's probably EE's in various places with cheap labor that would happily tear one down to help clone the hardware. Thanks to The Embedded Muse by Jack Gansle, I have archived some places that do PCB's dirt cheap. Still need the software stack, though. Easiest start is cut down or enhanced OpenBSD as the GENUA did. Or hell, maybe just talk to them instead since we speak the same language. But I doubt they'll come down on price. Nope, nope. Not a successful, defense contractor.

FigureitoutMarch 28, 2017 12:57 AM

--Argh, did you read that link? That's close but it "flickers" when charging so that's already out, that's exactly what happened to my packet sniffing pi twice, it's very damaging when it doesn't shut down properly. Then it also would just die if you leave your pi running on it.

But yeah, maybe something like a car battery would work, but it's just clunky.

Clive Robinson
--Well it's what I have most experience w/ right now, it's generally pretty quick, less components to deal w/, and at least serves as a PoC. My analog EE skills are basic. I haven't worked w/ those kinds of components a lot (buffers, logic gate IC's, etc.) but want to of course. Where's the galvanic isolation of the LCD w/ just a buffer or latch though?

I'd be treating that MCU talking to LCD as a bit untrustworthy, if I'm assuming an LCD module is infected (very rare, I think...probably way way over paranoid). I just want it to forward commands and data to LCD it receives from "master" and the control channel is isolated, so if there's errors at least it doesn't spill backwards. I'd maybe add an external crystal and clock it to maybe remove a time-based side-channel.

Adding all that functionality may increase attack surface based off what you've mentioned in past (writing serial data to memory in an MCU thru an LED, I want to see it before I believe it). Plus if you tried to squeeze every last bit of functionality out of today's chips you'd be constantly working.

Clive RobinsonMarch 28, 2017 5:49 AM

@ r, JG4,

... steel screening beats bronze hands down for their measurements ...

From the screaning point of view there are two major considerations.

Firstly the "effective" surface conductivity, to stop the "E field". Which due to something called "skin effect" means that at what would normally be considered RF frequencies the material thickness is not likely to be relevant. But at low frequencies such as you have with mains hum and older Switch Mode Power Supplies it is (approximately two and a half inches at fifty Herts).

Secondly is "effective" magnetic volume which limits the "H Field". Magnetics is a much more complicated subject and metal sheets are in many cases considerably less effective than ferrite materials. In general you need to consider the materials relative permeability and magnetic susceptibility to judge if it is to make an effective shielding material. However there are a couple of things to note, firstly the nonlinear behaviours of magnetics including frequency responses and saturation etc and secondly the relationship of "bulk" or "volume" effects. Magnetic materials don't "block" magnetic fields what they do is provide a path of lower resistance to the magnetic flux thus diverting it.

Further you have to be carefull with magnetic materials due to the way they work. Essentially they have domains that if alligned provide higher permeability than if not aligned. For instance iron has permiability down in the low thousands, however add nickle, cobolt, chromium or other metals and it goes up dramatically. One such is mu-metal where the permiability can be up to a hundred thousand, but... if you bend, stretch, form or "work" mu-metal in any way it's permiability can drop to around 2% of what it was. To get the permiability back you need to aneal it after working in a hydrogen atosphere to "aline the grains". Most other metal magnetics need to be similarly aligned after being worked on... Something I suspect Mythbusters would almost certainly have not taken into consideration, likewise the permiability of the steel they used, some stainless steels have much higher permiability and susceptability than others, and I'm guessing they will not have used an "Evens Balance" to measure their materials.

I've not seen the Mythbusters in question, but I suspect that with the price difference between steel and bronze there was probably a material thickness issue with bronze in that would have been closer to foil than plate. Thus it's volumetric component would have been quite small. Second the magnetic properties of bronze are quite low compared to iron and it's alloys with certain other metals.

Further I have seen other Mythbusters where Jamie showed a compleat lack of knowledge about electrical effects above that of house wiring, and nothing of AC theory or RF safety. Likewise his compleat lack of knowledge about how to make RF and EMC joints and casings. The clasic being his behaviour with microwave ovens, where he is very lucky he did not get visable injuries.

Which suggests to me that what they were measuring shielding wise was low frequency EM, of the sort you get from powersupplies and audio electronics, not the RF frequencies you get from radio equipment and computers which have harmonics well up into the microwave bands.

I could say a lot more on the matter for instance 1/(x^2) fall off for surface related effects and 1/(x^3) for volumetric effects. Which also effect the design of shielding systems as well as Faraday Cages / SCIFs and also why some TEMPEST rules are what they are.

Clive RobinsonMarch 28, 2017 6:02 AM

@ reader,

Who keeps track of nefarious purposes for which loud outdoor power tools can be used? Or are there none?

Most powertools are designed to do a simple function well. But can be used for more complex or unexpected tasks.

When you say "nefarious" that covers a lot of ground...

For instance a "thermic lance" can be used by those wishing to get into strong rooms without using the keys. Further the XKCD $5 wrench interrogation tool, shows a "creative repurposing" of a tool outside of it's design specs. As does a soldering iron for "Thermo-rectal" interogation, or as was said in the film RED as a "Potty trainer".

You will need to be a little more specific on what area of "nefarious" you are thinking of...

Who?March 28, 2017 6:28 AM

@ Clive Robinson

Please tell me where do you live, so I can avoid getting closer than a thousand miles from your home!

Bob PaddockMarch 28, 2017 7:35 AM

@Clive Robinson

"... you have to be carefull with magnetic materials due to the way they work. Essentially they have domains that if alligned provide higher permeability than if not aligned. ..."

Other than the high costs what is your view on Amorphous Metals such as Metglas[TM] as extreme shielding material?

The most succinct explanation of exactly what is meant by Amorphous Metals comes from NASA's Microgravity research program office in the paper:

--- Containerless Production of Bulk Metallic Glasses (74-49) -

"When a metal or alloy solidifies, it usually divides into many small crystals. The atoms in each of these crystals are arranged in a periodic fashion known as a crystal lattice. Certain metal alloys, however, can be cooled so fast that the atoms do not have time to arrange themselves in a regular fashion but are instead arranged in a more or less random fashion like the atoms in ordinary glass. Such disordered materials are termed amorphous and have very different properties from the same material in a crystalline state. Present techniques for fast cooling of metals on Earth require that the metal be in very thin ribbon form so that heat can be extracted quickly."

Amorphous metallic alloys (metallic glasses) have, in the past, been prepared by (1) splat cooling, (2) roller quenching, and (3) quenching in water. Methods 1 and 2 induce quenching rates on the order of 10^4 to 10^6 ¡C/sec, while method 3 usually results in a quench rate of 10^2 to 10^3 ¡C/sec. It was, therefore, proposed that the elimination of container walls, which can act as nucleation sites for crystalline growth, could allow production of metallic glasses with slower cooling rates (less than 10^2 ¡C/sec). In a reduced gravity environment where such containerless processing is possible, "..the metal can be cooled below its usual melting point so that when freezing does finally take place, the liquid will be so viscous that the atoms in the liquid cannot rearrange themselves into a crystal." The ultimate result of this process would be an amorphous metal produced in a bulk form." ---

With today's obsession with smaller, faster, lower power, sometimes we need every little bit of help we can get. One area of power supply design and shielding that has not made it to the main stream is the use of Amorphous Metals.

"This material offers the potential of reducing the core losses of motors and transformers by more than 70%" - Applications of Low Loss Amorphous Metals in Motors and Transformers by L.A. Johnson, E.P. Cornell, D.J. Baiely, S.M. Hegyi; 81 TD 641-0. A paper recommended and approved by the IEEE Transformers Committee of the IEEE Power Engineering Society for presentation at the IEEE PES 1981 Transmission and Distribution Conference and Exposition.

"Fundamental 60 Hz core loss for the amorphous iron stator was approximately 1W. The corresponding silicon iron core loss was 5W, and common iron core loss 10W. This clearly demonstrated that the low reported core loss of amorphous metal can be achieved in a motor." - Test Results on A Low Loss Amorphous Iron Induction Motor by G.M.Rosenberry, P.G.Frischmann, R.E. Tompkins; Manuscript of August 14, 1981.

Also related to security is something that gets little attention is the power supplies running all the boards being discussed.

Saturable Reactors / Mag Amps are power supplies to use in extrema environments like high radiation, which also use Metglas[TM] cores, when failure is not an option.

Saturable reactors utilize the large change between unsaturated and saturated permeabilities of their cores to delay current for a preset period of time. Similarly, once saturated in the forward direction, they act as a diode temporarily blocking current in the reverse direction. A Mag Amp is a good example of how to use a Saturable Reactor.

Also by using a saturable reactor in series with either a semiconductor or thyratron switch, the circuit designer can reduce losses in the switch and extend its life. The saturable reactor is designed to hold-off current until the switch becomes fully conductive

This delay reduces the overlap between current and voltage in the switch, thereby reducing power absorber in the switch. Higher di/dt's to the load are safely achieved by waiting for full conductivity in semiconductor switches. This prevents spot heating of the Gate [1], again for designs when failure is not an option. The diode-like characteristic of a saturated reactor provides time for switch recovery.

Hitachi Metals America and Allied Signal under the Metglas[TM] name are the primary suppliers of these components.

"Most powertools are designed to do a simple function well."

No one buys a 1/2" drill because they need a drill. What they really need is a 1/2" hole.

[1] Spot Heating failures:

A common problem I see in message boards is that someone's circuit failed and went up in smoke. People in the more esoteric realm's blame this on things like "Subtle Energy" overload and other such minutia. Here is the far more realistic explanation:

The very old "GE SCR Manual" goes into all of the Gorey details of what is happening inside the part, when the "Magick smoke comes out", as it is unlikely you have the Manual at hand, in a nut shell:

What lets the Magick Smoke out of IGBTS, FETS and SCRs in most cases is turn them on to slowly, causing 'Spot Heating' of the die.

Think of a FET as hundreds of thousands, possibly millions, of very small resistors all in parallel, where each one can be turned on and off individually. The 'resistors' closest to the gate turn on first, and as the gate potential spreads across the die the rest turn on. The ones farthest from the gate turn on last.

With a slow gate turn on, a few of the small resistors nearest the gate are trying to carry all of the load, which they can't do, so they burn up, but the device does not fail quite yet. The next time the device is turned on, which may be only milliseconds away depending on your switching frequency, or days away depending on the application, some more of the resistors further in burn up. When the point is reached that there is simply not enough of the 'resistors' left to carry the load is when the Magick Smoke escapes, and the part dies a catastrophic death.

This is why the parts generally run "for a while" before failing. If it fails as soon as you fire it up the first time, you either had a catastrophic short in the load, possibly shorted caps that take a bit of time to 'wake up' before they hold a charge, generally fixed with 'Soft Start', or the gate drive REALLY SUCKED big time.

There needs to a be a few *amps* of current pumped in the gate of the larger parts, for short periods of time, to get the gate potential to spread across the entire die as fast as possible.

You also want to get the thing turned off as fast as possible.

If you are not familiar with the concept of Magick Smoke, this is where all electronic parts run on Magick Smoke, because once the smoke comes out of the part, it no longer runs...

Bob PaddockMarch 28, 2017 7:50 AM

@Nick P

Have you looked at the obscure XMOS parts? They have found their niche in High End Audio. Nothing limits them to that.

"xCORE Multicore Microcontrollers deliver scalable, parallel multitasking compute; high performance digital signal processing and the ability to customize interfaces and peripherals to create a solution that exactly matches the designers requirements."

The peripherals are 'soft' so backdoors can be looked for.

While the architecture is different they are a decedent of the Inmos Transputer.

To take things to extreme one can build a CPU or most anything else out of an (E)EPROM, a 74(HC)574 8-bit latch and a 555 as a clock sources.

Take the data output from the (E)EPROM as the input to the 574, the 574 output feeds back to A0->A7. The higher address lines are inputs to the State Machine.
Parallel EEPROMs/latches etc to get more bits or more outputs.

The 555 clocks the latch so that the system is not oscillating uncontrollably.

vas pupMarch 28, 2017 8:12 AM

Tag: future of surveillance:
Controlling turtle motion with human thought:
The research demonstrates that the animal guiding scheme via BCI can be used in a variety of environments with turtles moving indoors and outdoors on many different surfaces, like gravel and grass, and tackling a range of obstacles, such as shallow water and trees. This technology could be developed to integrate positioning systems and improved augmented and virtual reality techniques, enabling various applications, including devices for military reconnaissance and surveillance.

vas pupMarch 28, 2017 8:50 AM

Tag: Future of CBI:
Elon Musk creates Neuralink brain electrode firm:

The company will develop so-called “neural lace” technology which would implant tiny electrodes into the brain.
The technique could be used to improve memory or give humans added artificial intelligence. According to the Journal , leading academics in the field have been signed up to work at the company which is being funded privately by Mr. Musk.

My guess that has potential for IC, military, security as well - kind of universal soldier.

Clive RobinsonMarch 28, 2017 9:55 AM

@ AlanS, Bruce and the usuall suspects,

Ed Felton on issues UK and US law enforcement agencies would have to address if they actually wanted "to have a grown-up conversation about encryption mandates".

The problem I have with these conversations is they almost always start from the wrong point.

The first thing everbody should recognise is that "Properly encrypted data from one algorithm should not be distinguished from another algorithm". That is if I give you a laege block of cipher text you should not be able just from the cipher text to tell what algorithm was used.

More importantly you should not be able to tell from the resulting ciphertext, if what went into a crypto algorithm was,

1, Plaintext,
2, Random data,
3, Ciphertext.

This is something nearly everybody ignores when talking about "getting at the plaintext" for lawful --or otherwise-- intercept.

This is as important as understanding the difference between codes and ciphers.

If I backdoor an encryption system so that it's input can be recovered, does it actually achieve anything?

The answer is both yes and no and is dependent on who designed the compleate communications system not just the encryption at one small part of the overall system.

If a system designer is aware that an algorithm they might use could have a backdoor in it they have two basic choices,

1, Take a risk and use it as is.
2, Mitigate the backdoor and risk.

Anyone with half a brain knows what the most likely answer will be, and that is if possible "mitigation".

Which means the first over-riding question in a "grown-up conversation about encryption mandates" is,

    How do we prevent mitigation?

If the answer is "You can not" then the whole purpose of a "a grown-up conversation about encryption mandates" fails at that point.

Not just because there is no guarantee about getting at the real plaintext / meaning of an encrypted message but the side effects.

It should be clear to most readers here that certainly the UK government will not brook any argument against mandatory access. Worse as past legislation shows they will not flinch from breaching human rights to get at their objective. By alowing for those who innocently or otherwise can not or will not give them what they want to suffer unjust punishment of extrodinary order.

What we are seeing with "WhatsAPP" and Amber Rudd / Theresa May is the beginings of a Mexican Stand Off, as went further with FBI/DoJ-v-Apple. In essence it's going to become a "Pi55ing Contest" which will hemorrhage hundreds of millions trying to achive what is not possible.

To avoid this legislators will "get cute" and put in place draconian penalties against those encryption product producers who can not produce "Plaintext on demand" as with current legislation there will in effect be no real defense against such charges. Even though as I pointed out you have no way of knowing if you are seeing Plaintext/Random Data/ciphertrxt.

Whilst judges may have discretion, they are not seen on mass as being very capable when it comes to technology. Which means that you would be unwise trying to explain the finer points of complex technical systems to them as a defence. Especially if you are going up against "the establishment", who can use dirty tricks to privately brief the judge against you. By for instance claiming "National Security" and "Classified methods and sources" that you are not cleared to see (we have seen this before with terrorist trials etc).

Now ask yourself as a designer of such equipment what will you do,

1, Close down your business.
2, Try to lawyer up.
3, Use a technicaly simple backdoor.

I suspect the actual answer would initialy be option 3.

The problem with option 3 is that like most simple things in life others will find out about them fairly quickly... Which means the world and his dog will find out, which means others will get access one way or another...

Option 2 of lawyering up is generally a very bad idea in that it will cost more than many small countries GDP to fight, and you will not get the money or years of time back. Further even if you win you will lose as there are many many ways the UK or US governments can put a company out of business.

Option 1 is what will eventualy happen one way or another. Which will turn the UK and US into places which people will avoid by prefrence even as "airside stopovers". Likewise people will not use UK or US products by prefrence and that will have very significant "National Security" issues. Because talent is generally not stupid and will move where possible to where they are not under threat. When that is not possible they will switch into other careeers etc. The UK certainly will lose big time over such stupidity. Which Rudd / May do not appear to grasp, but they are both Brexit friendly so I guess it's just one more failing they have on a lengthing list.

Thus the real economic issue over backdoors is not what crime it will stop (next to none). But what the producers of crypto kit will do and the knock on effect of a government directly threatening technical "talent". Back in the 1970's unwise tax policy was seen by "talent" as a threat / attack on them and they voted with their feet and we had what became known as the "Brain Drain" I can envisage such draconian legislation as May / Rudd will be responsable for will have a similar effect.

Further it can be shown that having backdoors in encryption will actually make the various Intelligence Entities and Law Enforcment entities less effective. Worse any attempt to resolve this will end up with very simple and weak backdoors, that will end up helping certain types of criminal...

So very much negatives all round, which makes you wonder why May / Rudd are so desperate to do something so utterly stupid?

Ah the intrigueMarch 28, 2017 10:23 AM

"Trump administration sought to block Sally Yates from testifying to Congress on Russia"

So the White House tried to block Yates' testimony to the House Intelligence Committee by invoking executive priviledge. She indicated her intention to testify regardless, since priviledge was waived due to the White House's public comments on matter of Flynn in January. That same day Fri the 24th Nunes abruptly canceled the the scheduled House Intelligence public hearing where Brennan and Yates were expected to contradict White House statements. Comey canceled his appearance at the closed door hearing since Nunes will run to the WHite House with details of the FBI investigation, and now Nunes won't proceed with the public hearing untill the closed door hearing with Comey and Rodgers is rescheduled. Speaker Paul Ryan has every confidence in Nunes ability and won't replace him probably to stay on the good side of Trump in order to keep his own job.

Clive RobinsonMarch 28, 2017 11:30 AM

@ Nick P,

To take things to extreme one can build a CPU or most anything else out of an (E)EPROM, a 74(HC)574 8-bit latch and a 555 as a clock sources.

I actually used a very high speed "Byte-Wide" RAM chip with a PIC microcontroler to load it up on reset to make a "universal mixer modem" for both use in a receiver as the 10.7Mhz IF-Demodulator and a transmitter as a modulator with either a 10Mhz or 100Mhz output.

It was a reasonably quick way to test new modulation modes in the 1990's before other parts caught up from thr likes of Analog Devices.

You could look on it as a transition point into what we would now call Software Defined Radio.

It still surprises me that most people do not know you can use a D-Type latch as a mixer. Which you can feed into a counter and thus a D-A converter to get a realy pure sinewave out of....

Dirk PraetMarch 28, 2017 12:18 PM

@ Ah the intrigue

Re. "Trump administration sought to block Sally Yates from testifying to Congress on Russia"

To a European like myself, all of this reeks of banana republic diversion tactics and cover-up attempts. For US citizens, it's partisan politics, so we better not discuss the issue any further unless our host first touches on it himself.

ab praeceptisMarch 28, 2017 1:16 PM

Nick P

("mikrotik" - building secure router) - I can't comment a whole lot on that as I lack the needed knowledge on the business/finances/economy side.

Either way, those boards might indeed be a reasonable and available basis, I fully agree.

Ah the intrigueMarch 28, 2017 2:10 PM

@Dirk Praet

That discussion, though it relates security, tends to devolve down a contentious path. We've cultivated an angry (xor ambivalent) crowd in the US (easier to run off the cliff). Losing face is a big deal here. I wish they would teach logic, rhetoric and propoganda, skepticism and critical thinking in our basic educational curriculum for everyone. Abraham Lincoln forgot to mention that you can fool enough of the people enough of the time.

Sancho_PMarch 28, 2017 5:14 PM

@Clive Robinson, AlanS
"to have a grown-up conversation about encryption mandates"
(from Ed Felton’s article)

Following the analysis (first) part of your (Clive's) posting there must not be any difference between random data and ciphertext for the observer.
There must not be any hint that the data is encrypted data.
There must not be any hint to the algorithm, if any.

So the main question to be answered as a prerequisite for a grown-up conversation would be:
What is encrypted data? What is the definition of it?
Is it simply “data we do not understand is encrypted”?

Or would May / Rudd be satisfied if they still can’t understand decrypted data?

Until this isn’t solved there can’t be a discussion.

ab praeceptisMarch 28, 2017 6:18 PM


...there must not be any difference between random data and ciphertext for the observer.
There must not be any hint that the data is encrypted data.
There must not be any hint to the algorithm, if any.

Indeed, that is what one strives for (and note that the 2nd. implies the third).

That said, given that an algorithm is sufficiently strong, the above must actually not hold (but are still desirable).

And indeed quite often the involved algorithms often *are* known. The Kerckhoff principle at work.

It might help to keep in mind what encryption is about. It is about an opponent getting at the ciphertext (which is always assumed) being unable to in any way get to the plain text (through the ciphertext).

Having an encryption system generating an encrypted message that is indistinguishable from a random block is desirable but not necessary.

AlanSMarch 28, 2017 6:39 PM

@Clive, Sancho_P, Others

I read Felton's marks as implying that if politicians were forced into a grown-up conversation about the issue, they would quickly be forced to conclude that what they were proposing was technically impossible to accomplish without trade-offs that are considered unacceptable in a democratic society and therefore politically impossible to accomplish. I think Comey is just grandstanding, probably knowing all too well that he's not going to get what he's asking for but using it as a stick to beat tech companies into cooperating in other ways. Rudd is another matter. She knows nothing but works for a nasty authoritarian PM who shows precious little respect for democracy and so far has faced mostly ineffective opposition to the destruction she seems intent on.

furloinMarch 28, 2017 8:26 PM

Well since we are talking about american politics lets reel this back into security. This article stood out to me as the three or four letter alphabet agencies running into physical or virtual space limitations. Or they made this a long time ago and are just now releasing it to the public. Because seriously who is going to handle that much space on windows/mac. More likely a *BSD or *nix box is appropriate if your not going to do program everything yourself.

"who shows precious little respect for democracy"
Well if only they would come out of the closet and just declare themselves dictators. Let us get back to security topics.

JG4March 28, 2017 8:43 PM

it'd be interesting to calculate the lower bound of size, weight and power for a useful audio recorder. if you dig in deeper they mention the button camera. this is as close to ethical behavior for anything I've read about the FBI liars, thieves and murderers in the past few years. it's encouraging that they do the right thing once in a hundred times
[inline quote: They gave him a set of keys with a hidden recorder and realistic-looking Starbucks gift cards that recorded audio]
...[Dick Cheney is an act of war on all that is decent on your planet]
New Cold War
Cheney: Russian meddling possibly ‘an act of war’ Politico. So will Cheney become a liberal icon now, like Bush?
...[too late on the browsing history - now your only choice is VPN]
Big Brother is Watching You Watch

You have one day to stop Congress from giving away your web browsing history The Verge

NYPD sent video teams to record Occupy and BLM protests over 400 times, documents reveal Vice (MR).

A sign of the times: Merrimack River deluged with syringes Boston Globe (BC). America is already great.

...[Asimov nailed it with a little help from Gibbons]
...[Asimov must have been pretty well read; he wrote over 400 books]
Authored by Jim Quinn via The Burning Platform blog,
“The fall of Empire, gentlemen, is a massive thing, however, and not easily fought. It is dictated by a rising bureaucracy, a receding initiative, a freezing of caste, a damming of curiosity—a hundred other factors. It has been going on, as I have said, for centuries, and it is too majestic and massive a movement to stop.” – Isaac Asimov, Foundation

--end Naked Capitalism, begin Zerohedge --

too much at zerohedge to do a proper job. they are among the quickest to call bullshit on any emanation from the fever swamp or Wall Street. you have to trade off a little accuracy for speed and the emotion helps sell clicks

[...repeat mantra that Dick Cheney is an act of war on all that is decent, like genociding a million people to get no-bid contracts]

Beelzebub writes the checks and the devil calls the tune
...[this is overwrought, but thought-provoking]
Duncan professes with shame that he worked on “Voice of God” weapons for the US Department of Defense, weapons which can make people think they are hearing voices in their heads in an attempt to control them. He says such weapons were tested back during Desert Storm and were quite effective at getting Iraqi soldiers to lay down arms without a shot fired.

[...the concensus seems to be that your money is safer in the US]

AlanSMarch 28, 2017 9:52 PM


"Let us get back to security topics"

I don't share your narrow understanding of the term security.

Thomas_HMarch 29, 2017 3:05 AM

Now (or very soon) on sale on the USA:

Your browsing history (if you use an American ISP)

I wonder when they'll realise the kind of consequences this could have for any kind of business-related innovation activity. Have a new idea and need to check online whether anyone came up with it before you? Your competitors could very well be buying your search data from your ISP to bring out a product before you can. Larger competitors could be filing patents based on your search activities. China could be buying your search data via a shell company.

I'm sure this is going to contribute to making America really great again...

Dirk PraetMarch 29, 2017 4:36 AM

@ AlanS, @ furloin

I don't share your narrow understanding of the term security.

Political, legislative and regulatory contexts/frameworks by any definition are an intrinsic part of any security related discussion.

It's hardly a surprise that the outcome of the US elections and extremely divisive personality of POTUS is stirring up emotions all over the globe, reflected in discussions over whatever subject. From a five-mile high view, it's also hard to deny how a potential collusion between current US administration and the Kremlin - if confirmed - would not have major national security implications, and, somehow, would not belong here.

Further, and to quote from Charlie Stross's moderation policy, "folks expecting an SF writer who's into conservative values are probably on the wrong blog".

The fact of the matter however remains that touching on either subject almost immediately devolves into highly contentious exchanges that can derail pretty much any thread. Which is why our host has recently asked us to avoid bringing up or debating stuff that in a US context is considered "partisan politics".

@ Ah the intrigue

I wish they would teach logic, rhetoric and propoganda, skepticism and critical thinking in our basic educational curriculum for everyone.

I would even say that failure to do so fails the entire point of education, unless the goal thereof is to merely create docile citizens who will never question either the system or its leaders.

JG4March 29, 2017 7:41 AM
Big Brother is Watching You Watch

The Surveillance State Behind Russia-gate Consortiumnews (martha r)

House Rep. Pushing To Set Back Online Privacy Rakes In Industry Funds totaling at least $693,000 Vocativ (Dr. Kevin)

Facial recognition database used by FBI is out of control, House committee hears Guardian (Dan K)

Imperial Collapse Watch

Military Complexity: Lasers or Longbows? NoTech (resilc)

Dirk PraetMarch 29, 2017 9:55 AM

@ vas pup

US internet privacy law scrapped

It's a self-inflicted wound. The American people voted into office folks they knew were going to roll back environmental, health care and other policies installed by the previous administration. They only have themselves to blame (or congratulate) for it.

AnuraMarch 29, 2017 10:24 AM

@Dirk Praet

The American people voted

That's the kind of highly divisive statement that I don't think is allowed anymore.

Dirk PraetMarch 29, 2017 11:31 AM

@ Anura

That's the kind of highly divisive statement that I don't think is allowed anymore.

You're right. I should have phrased it as "a majority of registered US citizens who exercised their right to directly vote for congressional representatives and other US officials, including the delegates for the Electoral College that elected the US president".

Any which way you turn it, politics influenced by corporate lobbying *IS* the elephant in the room here. The same goes for climate change related issues, and which I believe to be a much bigger security threat to the entire planet than fantasies of Wladimir Putin being behind everything that goes wrong in the world or the DPRK testing ICBM's. There's just less money to be made off it, but I know you're probably the last person I have to convince of that.

Clive RobinsonMarch 29, 2017 3:17 PM

@ Dirk Praet, Anura,

It's a self-inflicted wound. The American people voted into office folks they knew were going to roll back... They only have themselves to blame (or congratulate) for it.

Not entirely true.

Those that did vote, did not have a free vote. They were given a "selection of candidates to vote upon" and had no control over that initial selection process.

Even if the Electrol College did not exist the vote was effectively rigged.

Many years ago Douglas Adams pointed out this problem with a throw away story line about a planet that was unaccountably ruled by lizards. Arther Dent asked why they voted for them and Ford Prefect replied "to stop the wrong lizard getting in".

It's why I've said over the years that ballot papers should have against the last check box "None of the above" and it should be absolutly binding.

As you know a government can run relatively effectively for quite long periods without elected politicians, effectively mucking things up.

On a smaller basis some Swiss Cantons used to run effectively by referendum. Anybody could propse an idea, and on a given day all those who were allowed to vote, went into the town square and voted on each proposal by "show of hands".

Whilst it does not stop corruption, it does reduce the sort of corruption that effectively goes on in the pre-selected candidate vote systems. Where with rare exception you need wealthy "vested interest" backers with pockets deep enough to pony up a billion dollars or so, just for "advertising".

AnuraMarch 29, 2017 4:19 PM

@Clive Robinson, Dirk Praet

There's a few other problems. One, this vote passed with 215 out of 415 votes cast; There are 435 voting members of the House, 20 abstained. Thus, this passed by Congressman that represent 49.4% of the congressional districts. Within those districts, however, we can only say that a plurality voted for them. So we are probably looking closer to 30%. Even then, however, not really because of the gerrymandering there are more Republicans per vote than Democrats per vote (it takes about 28% more votes to elect a Democrat than it does to elect a Republican) and this was almost entirely along party lines with only 15 Republicans voting against it. So really, I mean, only a minority of American voters actually cast a vote for these people. Probably less than 30%, maybe closer to 20%, and more than likely more people voted for candidates that voted against it than that voted for it.

When you take this along with what's already been said, I would say that this system only appears to be democratic at times due to the uneven political demographics.

Oh, and has it been said that if you are one of the millions of people living in Washington D.C. then you have no voting representatives in Congress, at all? They are still taxed, however.

AnuraMarch 29, 2017 4:27 PM

Also, as an LA-area native, I find it difficult to wrap my brain around the idea of a city with a population smaller than a million, so I automatically assume all cities have millions of people in it.

AnuraMarch 29, 2017 5:42 PM

@Tel Nq

I actually did not vote. If I attempted to register to vote, I would have been committing election fraud because I moved states and fell between the cracks of residency requirements for voter registration.

Sancho_PMarch 29, 2017 5:59 PM

@ab praeceptis, @AlanS

Thanks, but I think I couldn’t make my point clearly visible, as both your replies do not come close to my very basic question:

What is the (esp. what is their) definition of encrypted?
Is it simply “data we do not understand is encrypted”?

No, I don’t want to discuss algorithm-fingerprints or random data, good or bad encryption, let alone discuss trade-offs of unknown “solutions”.
This is not at the core of the issue (in my opinion, at least).

Let me try again:

Let’s assume there is a perfect solution:
We have perfect encryption, total privacy, with additional frontdoors for law enforcement:

Worldwide, each of the LEOs have their own key, no jealousies, only those responsible, Chinese, American, British, German, Spanish, Kongo, NK, …, in their jurisdiction or their worldwide responsibility, depending on the situation, for each and any service provider and app worldwide, they good guys can read our decrypted data - of course except for protected politicians and all other VIPs -
but they can never write / alter / inject data.
Obviously, with such a perfect solution, the crooks (+Putin) would
be out forever!

Halleluja! Halleluja! Halleluja!

Now LEO can insert their key and present the decrypted message (WhatsApp, Signal, …), mind you, this is the cleartext, e.g. to Theresa May, or to Mr. Comey.

But what …

But what will happen if that cleartext still doesn’t make sense to them?
Judge to Sancho: “Brabl dabl blabu - are you serious?”
Sancho: “Yes, your honor, this was the message I got”.

What would happen, the perfect solution not delivering what they want to see?
What is the goal of the perfect solution?
What do they expect to read?
Until which point am I guilty?

ab praeceptisMarch 29, 2017 6:27 PM


Please, do not take it personal (it isn't) but I don't want to discuss, Pardon me, rather weird what-if scenarios.

Moreover I generally refuse discussing scenarios having "Putin is evil" within their premise, as those are obviously flawed ab origine and illogical.

I strongly suggest to not mingle professional considerations with questions of guilt (presumed or factual), let alone with personal prejudice.

As for questions like "what is encryption?" we have, I think, a quite good and well established understanding and I see no need to doubt that. I'm open, however, to questions that *reasonably and logically* challenge it or seek to refine it - which, however, is not the case here from what I see.

AnuraMarch 29, 2017 7:02 PM

After the privacy restrictions go, next is net neutrality. Why a world with no privacy restrictions and strict crackdowns on attempts to evade them would be great for jobs:

First, it creates entire lines of products that people can sell. All of your service providers have loads of data about you. You need people to market that, sell that. Then the data aggregators buying them would have to have people running client portfolios to report on and help massage the data.

Now, these data aggregation companies will have to have their own salespeople, selling to various advertisers who work with various companies and political groups. These advertisers and aggregators will also work with the content distributors to provide you advertisements that are both informative about the products, candidates, or ballot measures, and what they think you will find is the honest to God best product, news article, or political party for you.

The amount that the advertisement and marketing agencies, as well as political groups will employ could be massive. Not to mention, how useful this will be to law enforcement and intelligence. And imagine how many people we could employ in the private prison industry, now that we will be catching all those criminals.

I can't think of any better use for our workforce than that. America is going to be back to making the only thing that actually matters to a majority of the politicians in this country*: the all-mighty dollar.

*And that the majority of the rest prioritize over all else

Nick PMarch 29, 2017 7:02 PM

Interesting find:

mcTLS - TLS with Trusted Middleboxes

Good for people to analyze or standardize such things since it happens all over the place in deployment. Especially for compliance or auditing purposes.

CRlite - A scalable system for pushing all TLS revocations to all browsers

The revocation problem isn't handled properly. The methods suck. This fix is quite efficient.

Make Your Own LISP

The slides are a great read. The author knows learning topics such as programming are hard. Decided to let them do a small LISP in their existing language broken into a series of steps for reward aspect. The thing that caught my attention was my human-verifiable, builds concept needs a small language easy to understand and build at the bottom. A LISP (esp a Scheme) was one method. This could be great for bootstrapping. Another idea due to Wheeler was using something like Bash that would definitely be on their system. They already have a bash implementation. They have a ton of them. 64-way modular redundancy of output checking haha.


Another one I found on same sub-topic. It's tiny at a few Kloc. Not sure how readable it is but kept it in case it was useful in building one of the compiler-compiler phases.

Clive RobinsonMarch 29, 2017 11:53 PM

@ Tel Nq,

th regards the history of "wiretapping" you might want to read,

In the article from 1966 you will find half way down Emanuel "Manny" Mittelman being used as a source.

Manny was an interesting character, he invented the "Harmonica Bug", it is said for the Mafia to spy on the FBI, long before they returned the favour. In fact some have said it was Manny's little devices that gave them the idea...

You might also want to read the first half of Peter Wright's "Spycatcher" it will tell you a lot about the real "Spy-v-Spy" games carrieb out by Britain's MI5 in the 1950's. Some of which was based on the work of the Radio Service which was part of MI8 which caught German agents in Britain fairly quickly and handed them on to the so called "20 Committee", because 20 in Roman numerals is XX which is also a "Double Cross"[1]. One technique was actually based on a method used by the German Radio Service during WWII to identify, direction find and capture/kill --now called Find, Fix and Finish-- Special Operations Executive (SOE) radio operators. What did not help was that the British Secret Service[2] had foisted the "Poem Code" system onto the SOE which needed a message length of between two and three hundred letters to be secure. Thus keeping the operators "on-air" for way way longer than they should have been.

[1] Such puerile humour was still prevelant in the British IC into the 1990's with those in the DWS refering to the senior police officer in the country as "Sir Met". Pronounced as "cement" as in "concrete overshoes" or boots the police were supposed to "plod" along in whilst on the beat. Likwise as many know the head of the British Secret Service was known as "C". Well those in the DWP refered to him as "Sir C" actually pronounced as "Cerce" the wicked witch / enchantress of Greek Mythology who failed to imprison Ulysses via one of her "Honey Traps"... I often wondered if the British IC spent more time in-fighting and denigrating each other than actually doing what they were payed to be done.

[2] The British Secret Service hated Churchill's SOE and did just about everything they could to not just prevent them, but also it appears to indirectly assist the German's in catching them...

Clive RobinsonMarch 30, 2017 12:07 AM

@ Sancho P,

What do they expect to read? Until which point am I guilty?

You are guilty when they say you are... Your only defense is to try to prove the actuall message is NOT some kind of code. Which is impossible for two reasons,

1, You can not prove a negative.
2, Much ordinary speach is infact a code and is often called "slang".

They on the other hand do not have to prove you are using a code, only convince a judge in secret from you that you might be...

The way UK legislators work for the likes of Theresa May PM / Amber Rudd Minister for the Home Office, is to codify you are "guilty" into legislation with only a pretence you can defend against it. Having got away with it in both RIPA and the Snoopers Charter, the chances are they will use exactly the same trick against encryption system producers. Which is what you can see with the build up over WhatsApp.

65535March 30, 2017 12:45 AM

@ JG4, vas pup, Thomas_H and others:

US internet privacy law scrapped:

‘"I have a simple question: what the heck are you thinking?" Rep. Michael Capuano (D-Mass.) said in debate on the House floor. "What is in your mind? Why would you want to give up any of your personal information to a faceless corporation for the sole purpose of them selling it? Give me one good reason why Comcast should know my mother’s medical problems."’- Representative Michael Capuano via Arstechnica

Does any one have any more comment on the USA side on ISP’s selling all of your browsing history?

I would guess that would allow complete “front-door” access to household individual’s browsing history, and even small business browsing history.

I think this is a move to fire an economic volley at Silicon Valley’s hold on people’s private information for sale while at the same time blowing up most privacy – both Dem and the Repub’s privacy. The Republicans are sort of hoisting there constituency by their own petard, so to speak.

I wonder is this law will allow ISPs to use NITs or the ability to plant key loggers and viruses on customers computers via a broad NSL from the FBI or other three letter agencies.

@ Clive Robinson

“…regards the history of "wiretapping" you might want to read,”

I have a lawyer brother who also has side Private Investigator business. He says that the bugs of today are quite small nasty and effective. They are very hard to detect.

In the past I have suggest the bugging items the NSA/CIA/FBI used yesterday will eventually trickle down to local Private Investigators. It looks like that notion is partially true – after taking a look at the items in your linked article [probably from a SoCal PI agency].

Nick JMarch 30, 2017 2:03 AM

There's some buzz in the investment community about India's Aadhaar project, which in conjunction with another project called India Stack, is putting the entire population of India into a centralized database linking identity with biometric data (fingerprints, iris scans). The political goal is to move to a cashless society.
Of course, this will also be a society without privacy: the government controls the centralized database, so it will know everything about every citizen. Great for tax collection.

Has anyone looked at the security aspects of this?

Clive RobinsonMarch 30, 2017 2:08 AM

@ 65535,

He says that the bugs of today are quite small nasty and effective. They are very hard to detect.

True and not so true. I've designed quite a few such devices in my time and as for the stuff in the TAO catalog, lets just say it was quite old hat compared to what was available in the commercial market, quite a while before they put ink to paper...

As to detecting them you need to consider the basic laws of physics, they all use energy and they can not be 100% efficient, which means they will radiate/conduct out the loss (or destroy themselves). Further they all use "transducers" that have "characteristics" that can be detected in various ways, the most obvious being the "red eye" effect of optics. Similar applies to all transducers, that are in effect "a limited bandwidth load on a transmission line". The same applies to the devices output. One of the oldest detection techniques was to emmit a signal in the device input band and look for correlation in the output band.

Modern designs use MCUs etc to implement compression and "store and forward" techniques to reduce the probability of intercept. However even if powered down the input and output characteristics will betray the device. But so will the "thermal mass" issues.

I've mentioned these things before, the secret is how to make them effective, and that's what you pay the right people for. However how to tell the difference between the right and wrong people is the rub, there is one heck of a lot of snake oil you would have to swim through to get there. The first touch stone when trying to decide is "the laws of physics" if they allow then it may not be snake oil...

Clive RobinsonMarch 30, 2017 6:29 AM

@ The usuall suspects,

Hands up who can say they not only know what the US NGA is... But also what it does?

Suprisingly for a money pit that is on par with the NSA and CIA few have ever heard of it... But some may know it's poor cousin the NRO.

To find out more about the NGA you might want to read,


Tel NiquistMarch 30, 2017 6:38 AM


Found it at goodwill, piqued it up for 25 cents. Posted that article as an addendum to your prior line of comments, thanks.

Clive RobinsonMarch 30, 2017 8:50 AM

@ Figureitout, Nick P,

We've had a few discussions over the years about "supply chain poisoning" in the production of semiconductor wafers.

There is a known technique for seeing into crystalline structures at the atomic layer and that is X-Ray crystallography. But it has a problem the time to carry out the procedure goes up to a power of the feature complexity. Thus even a simple circuit scan will look slow compared to glacial creep. One reason that it is so slow is the X-ray density for any given area combined with the density and thickness of the object being viewed and the size of the features to be viewed.

Well there appears to be a way of upping the X-Ray density with a "Free Electron Laser",

Dirk PraetMarch 30, 2017 10:41 AM

@ Clive

Hands up who can say they not only know what the US NGA is

I think I saw that name on US TLA lists a couple of times, but had no idea whatsoever what they were doing. Makes you wonder just how many intelligence agencies one single country actually needs.

@ 65535, @ Anura, @ Clive, @ JG4, @ vas pup, @ Thomas_H

I wonder is this law will allow ISPs to use NITs or the ability to plant key loggers and viruses on customers computers via a broad NSL from the FBI or other three letter agencies.

I guess it's only a small step from passive data collection over ad/tracker injection to NIT implants. Probably depends on how FBI and FISC interpret the legalese and to which extent that would be public.

@ Anura

... and what they think you will find is the honest to God best product, news article, or political party for you.

I have asked myself many times how many people - if any - decide to buy a product or service based on targeted ads. I for one have never done so, or at least not that I was aware of. Conversely, I do know quite some people that are massively creeped out when after buying something online suddenly see themselves stalked everywhere with ads for similar products, and as a consequence never buy anything online again.

Probably less than 30%, maybe closer to 20%, and more than likely more people voted for candidates that voted against it than that voted for it.

I'll refrain from commenting on such a weird voting system, and just change my previous statement to "a decisive number of Americans voted ...".

@ Clive, @ Anura

Those that did vote, did not have a free vote. They were given a "selection of candidates to vote upon" and had no control over that initial selection process.

However much I agree, I know of precious few democracies where that is different. Over here, you can actually vote "blank" (i.e. none of the above), the sum of those votes being repartitioned proportionally over the other parties/candidates. So voting blank in practice means voting for whoever gets the most votes.

That said, even if the electorate didn't know what each specific candidate stood for, it was pretty obvious that the overall Trump and Republican agendas were about repealing any and all accomplishments of the previous administration. So I kinda stay with my claim that they really did it to themselves.

Clive RobinsonMarch 30, 2017 11:23 AM

@ Dirk Praet,

However much I agree, I know of precious few democracies where that is different.

The difference is actually "funding limiting" --something the current UK incumbents have just been fined for-- in some places there are no campaign spending limits, thus in the US I'm told the entry price for the presidency is a billion plus dollars which means few if any can make it without getting contributions from those who expect significant legislative changes to make multifold returns (hedge funds etc).

Those places with caps so the maximum spend is small open up the opportunity to self funding independent candidates etc.

The other thing with spending caps is you get less gratuitous attacks on the person and more attention to policies etc.

AnuraMarch 30, 2017 11:50 AM

@Clive Robinson, Dirk Praet

Those places with caps so the maximum spend is small open up the opportunity to self funding independent candidates etc.

That's one way to do it, but it has a problem in that people who are already known have the advantage, and the people who are already known tend to be wealthy. I think making a functional system comes down to making it as easy as possible to get elected. If it takes too much money for an average citizen to get elected, it means your requirements for getting on the ballot are too tough or there are not enough seats to compete over.

If you are attracting that amount of money, it also means that the benefits must be higher than the payments. Part of this is because you only care about the margins - if you have 98% of what you need to control the government, then you only need to focus on that other 2% and it allows you to more directly target the voters, meaning that campaign spending can make huge differences in the outcomes.

So in order to make a system that is actually democratic, you need to make sure that you have enough seats that you can expect an average person to run and have a decent shot, and once they win they should have no explicit power over any other legislator. The less power they have, the less effective campaign spending is, and the less money those positions attract to begin with. Proportional representation also helps by reducing how much you can shift the political alignment by getting one candidate to win over another.

I'd also like to limit the power of political parties - I feel they have way too much influence within the legislature. I prefer multi-winner voting methods like STV for this because it doesn't make the party itself an explicit part of the voting system. Ideally, for me, unaffiliated legislators would exceed members of any other party, and local political parties to have more seats than national political parties so they are forced to work together on interests and not party lines. Obviously, you can't force this on people, but a multi-winner system is the only method of PR I find realistic to allow for this.

Dirk PraetMarch 30, 2017 12:28 PM

@ Clive

The difference is actually "funding limiting"

Very much so. We got rid of the evil that is corporate funding of political parties in 1989. Ever since, they get annual government grants based on their latest election results. Although obviously such a system favours traditional parties, it effectively deals with corporate take-overs of government. As a useful side-effect, it limits the possibility of landslide victories by fringe parties and candidates. Another element that generally stops extremists from seizing power overnight is the system of mandatory voting we still have.

There used to be a time that to get elected you needed a lot of money to print leaflets, advertise on billboards, buy TV time etc. Today, what you need is a catchy message and a small team of social media and SEO experts to get you started. Unless you are already a celebrity, it will probably not get you the presidency, but it should still significantly lower the threshold to secure a local mandate.

rMarch 30, 2017 5:09 PM


That's sort of how I've been leaning: "off with the head" like how the supreme court is divided.

FigureitoutMarch 31, 2017 12:52 AM

Clive Robinson
who can say they not only know what the US NGA is...
--Wasn't that the group w/ the octopus (this image: ) about how they "see everything" but then when MH370 went missing they couldn't help locate it..? Pretty poor image choice, sounds like they're a worthless leech or something...of course we can never hear about the "successes" or "worthwhile operations", can never be independently verified that it's actually useful b/c "the enemy" could infiltrate those oversight agencies and somehow use that to gain some advantage to covertly attack the country. That's the problem w/ governance today, the intel agencies have completely screwed it up. That and humans aren't capable of governing more than local communities.

RE: supply chain poisoning
--Can't really say anything, if these attacks are too easy then I say electronics as a whole is corrupted. This goes so deep as measurement equipment (why would oscilloscopes, logic analyzers, vector analyzers, etc. be spared?), medical equipment, manufacturing equipment... Imagine that all corrupted w/ viruses either bricking them or just causing random annoying issues "for fun". The engineers in these fields *have* to have the morals to look out for these things and keep it out, expose it. Corrupts our profession, the trust in us to do the right thing. It's no secret, we're a proud bunch, b/c we work our asses off. Have to keep the scum out.

RE: covert cache channel
--Yeah checked that out, looked like something nice to try. It's for VM's on same local system. RTOS or less on isolated MCU cuts that off.

Clive RobinsonMarch 31, 2017 2:35 AM

Banksters at it again

According to Bloomberg the "Masters of the Universe" are using the likes of WhatsApp etc to carry on their antisocial and illegal activities just like "The Good Old Days" when they were driving the world into recession,

As some know the Republicans single handedly tore up the FCC Privacy for Internet users from their Internet Service Providers. But it appears that many have forgotten that anything your ISP collects on you becomes a "Business Record" etc thus available without let or hinderance to the FBI under existing legislation. So yet another "law of unintended consequences" that the likes of Comey and Co are absolutely salivating over,

Thus in the US if you want a modicum of privacy you should now look at using areliable VPN from your computer off to another jurisdiction and then onto the Internet.

Even though I would not normaly recommend Tor because of it's quite problematic technical deficiencies, what the Republicans have single handedly voted for suggests that you start using Tor to stop your ISP recording everything it can about you.

Because the US ISP's will almost certainly "backlash" and block all Tor nodes, you need to be using it before they bring the hammer down.

Thus mad as it may sound you may need to use a cross jurisdiction VPN service to access Tor fairly soon...

It realy is time we start taking the idea of "Web2.0" or "Internet2.0" --which ever name you prefer-- very seriously very quickly.

Clive RobinsonMarch 31, 2017 3:34 AM

@ Figureitout,

Wasn't that the group w/ the octopus

They are a part of the NRO which is a little brother of the NGA.

As for the MH flight, there are two main arguments for that. The first is they did record it but for secrecy have said nothing, secondly like humans, the NRO can reach most places but not all at the same time. As the old saying goes "Pays your money, takes your choice". There is of course the sub argument to the first, but that is conspiracy theory territory.

With the supply chain poisoning your observation of,

Can't really say anything, if these attacks are too easy then I say electronics as a whole is corrupted.

With regards main line CPUs from Intel and AMD, the ME is "supply chain poisoning" by design... The question then devolves down to ARM where @Thoth has noted some are likewise poisoned by design. What the situation with MIPS is is anybody's guess right now. Likewise with high end DSPs and other MCUs.

The concern is where it is not poisoning by the designers, but by others. That is if you had the funds to design and get fabricated your own 64bit CPU via crowdsorcing and the like you would not want "inserts" happening by "test add ons" etc due to the mask supplier getting lent on by an IC agency etc.

The simple fact is that the mask manufacturers etc now knowing that you can "check" will be more reluctant to poison on demand by an IC agency. Look at it this way, if nobody audits the cash register/petty cash/expenses then the barrier to temptation is very low, auditing does not stop theft but clearly shows it happened and when if not by whom. As the old saying has it "locks are to keep the honest honest". Such checking ability will help keep those down stream of tape out "honest", and that may be enough.

With regards the cache covert channel,

Yeah checked that out, looked like something nice to try. It's for VM's on same local system.

Whilst it might sound "limited" it's still of use in multi-user environment and as a learning tool to expand outwards to the likes of network traffic. Also you can use it as a test harness / instrumentation when writing your own code to try and reduce your code susceptability. Thus I tend to think of it like a bolt or a brick, you would use it as a component in another system.

Dirk PraetMarch 31, 2017 4:44 AM

@ Clive

Even though I would not normally recommend Tor because of it's quite problematic technical deficiencies, what the Republicans have single handedly voted for suggests that you start using Tor to stop your ISP recording everything it can about you.

It's what I've been saying all along. Although Tor and VPNs may be futile against resourceful state actors you have become a person of interest to, they do protect against certain classes of other adversaries US ISPs have just become one of. And I suppose it's just a matter of time before similar legislation is passed in other countries where big business trumps privacy.

Reading up on the subject matter, it is now generally recommended US citizens use a combination of HTTPS, Tor and VPNs to shield themselves from ISP snooping and data collection. A fourth, less known, complementary tool is DNSCRYPT-PROXY, and which to DNS is what HTTPS is to HTTP. In essence, it protects your DNS traffic from eavesdropping and MITM attacks by third parties. It's available on most COTS platforms.

People who still prefer traditional MUAs over web interfaces should check they've been configured with TLS (if your ISP supports it). Thunderbird users can install the TorBirdy add-on to route their email over Tor, be it that many ISPs already block SMTP traffic originating from Tor exit nodes.

For instant messaging over Tor, there is Tor Messenger and the likes of ChatSecure on mobile platforms. And Signal, of course (E2E ; no Tor).

And the usual reminder: avoid anything Facebook, Google or ISP/carrier issued Android stuff like the plague.

Dirk PraetMarch 31, 2017 7:43 AM

@ iPhone 5/5C owners

If you're wondering why your phone is not upgrading to iOS 10.3, it would appear that Apple for fun and games has pulled the over-the-air update for iPhone 5 and iPhone 5c. Workaround: update over iTunes. That still works.

In the same context, it would seem that Apple may drop support altogether for iPhone 5, 5C, 6C and iPad 4 (32bit devices) on iOS 10.3.2 and up. I guess that's really good news for all people that still have such older devices and once again can fork out $600+ for something new. And that's less than 10 months after iOS 10 had already dropped support for iPad 2, everything below iPhone 5 and iPod 5th generation. The iPhone 5 was released in September 2012. Those devices are not even 5 years old, and the 6C is even more recent.

Now that's what I call some seriously aggressive sales and marketing strategies. As a comparison: Micro$oft discontinues support for its much hated Vista operating system on April 11th. It was originally released early 2007.

Clive RobinsonMarch 31, 2017 7:59 AM

@ Dirk Praet,

... many ISPs already block SMTP traffic originating from Tor exit nodes.

It appears that the number of ISPs blocking not just inbound but outbound Tor traffic is rising. Likewise some of the larger Internet companies are known to make using their services via Tor difficuly.

I can see a time when you will have to use a VPN to get access to an anonymity network like Tor...

Also I can see ISPs not just adding "tracking tags" to your out bound traffic, but also forcing you to use their HTTPS proxy service so they can get to your plaintext.

We need more anonymity / Mix networks just so that we have the resiliance of hybridization.

Likewise we need not just secure DNS servers for server IP address finding but also a mobile connectivity IP address resolver server. So that we can reduce the dependence on application based servers for mobile clients.

Because as we are starting to realise the authorities will target the likes of WhatsApp etc to force the collection of keys etc. If we had just a client IP address and port number resolver then there would be no keys to collect. Thus anybody could build a simple application to do a D-H key exchange at the peer-to-peer level and use the resulting key to set up a secure tunnel between the user devices through which they could use any plaintext or cryptotext based applications.

Dirk PraetMarch 31, 2017 10:16 AM

@ Clive

Likewise some of the larger Internet companies are known to make using their services via Tor difficuly.

Not just the large ones. There's more and more sites actively denying access to Tor exit nodes, and everything Cloudflare is throwing these pesky Google captchas.

Using VPN -> Tor is not recommended, only Tor ->VPN is (eg. starting your VPN in a Whonix workstation that is already torifying all your traffic over a Whonix gateway). In TAILS, you cannot combine Tor and VPN.

Tor is somewhat designed to deal with ISP censorship through OBFS bridge relays that hide that you are using Tor, but they still don't protect you from DPI.

Any which way you turn it, if the rest of the world follows the US example, I can easily see some near future in which the entire internet has become nothing more than one massive surveillance and advertising platform in which usage of any anonymizing mix, p2p or mesh networking tools will be sufficient to put you on some LEA radar.

Nick PMarch 31, 2017 10:50 AM

@ Clive Robinson

It's an impressive advance. However, it reinforces the notion that physical verification will be cumbersome, highly expensive, and use tools w/ chicken-and-egg problem. I imagine X-ray lasers or whatever come from few enough suppliers that they could all be poisoned. They're more complex than many chips in existence where fully understanding them would be hard. My belief remains to be that we need tons of solutions to tear down chips at various nodes with extra work on anonymous ordering, transport protection, and so on. Or even, as I planned to, trying to barter or pay for specific, used machines owned by third parties.

Clive RobinsonMarch 31, 2017 11:12 AM

@ Dirk Praet,

Any which way you turn it, if the rest of the world follows the US example, I can easily see some near future in which the entire internet has become nothing more than one massive surveillance and advertising platform...

I suspect that before that happens you will see the balkanisation of the Internet in two ways. Firstly at state level countries will "link around the choke points/hub" to get out from under the US thumb and FiveEyes etc surveillance. Secondly at the user level you will see the adoption of various "network on a network" (NoN) systems where fixed rate signaling, mix routing and store and forward nodes will give greater anonymity etc. Many states will not like the idea of users doing NoN but will see it as preferential to US and FiveEye surveillance, and US Corp take over. Users will also see a reduction in cross jurisdictional Internet fraud crime with NoN, as the current PKI system will also get changed due to NoN behaviour bringing in more "human" type trust models.

I suspect we will also see a second "Internet Crash" not to disimilar to the DotCom crash, as the bubble of hype over Internet marketing bursts, which there are clear signs of starting to happen. Whilst people will say "No not possible" etc etc, history shows that you get three or four bubbles and bust with new technology of significance (see UK canals, steam power, railways, telegraph, electrical supply US similar including telephones and the various wireless technologies).

Hopefully the result will be Internet2.0 which will have a lot less of the current problems and will become not just more scalable but better suited to the ways humans behave.

WhatsEffMarch 31, 2017 12:21 PM

What's Eff up to?

president trump ran as a populist after all. What is he now? Surely he could support the little guy once, at least, and with single-payer health care, and earn a capital letter, or two.

Is Eff planning a campaign to petition or call the white house, with or without interested partners or others, regarding things like:

for a presidential veto if it's not too late.

No Eff, I don't expect you to take on single-payer healthcare, but maybe some powerful players somewhere might.

Let us hope that trump is not a chump.

WhatsEffMarch 31, 2017 12:28 PM


Someone might point out to trump that that fighting 'getting f**ked by surveillance' here could be an easy win for him; and with congress having to overcome a veto, i think, a chance for trump to put some positive points on the board.

ab praeceptisMarch 31, 2017 1:05 PM

Clive Robinson, Dirk Praet

Funny. If I may quote myself from yesterday:

Short: It can be considered as certain that states, will do pretty everything to be able to listen in and to deny everyone the capability to communicate confidentially.

I'm not too concerned about that new law although I agree that something similar might go around major parts of the globe like an infestation wave. I'm not too concerned because it's anyway just a repackaging; I do not see any basis to reasonably assume that they didn't track, hack, and eavesdrop the citizens before.

What *does* concern me is two things. a) google and the other giants who would have the power to stop that, didn't. So much for their "we are the good guys". b) that the whole game is rigged. tor, ssl/tls, signal, etc.??? Hahaha!

Do they act out of pure evilness? I don't think so; certainly in part and because that's the way the tick, but I think that the major driver behind that is Snowden, Wikileaks, and lots of other events, up to the current "everyone eavesdrops on everyone". But that's just the symptoms; the cause is mainly the attribution problem.

From what I observe states have no problem per se with the fact that crimes, spying, and eavesdropping occur; after all they are the worst perpetrators. But states do have a problem when their event - reaction machinery stutters in impenetrable fog.

They need a basic pattern of "A does evil thing T and throwing our whole machinery (e.g. fbi) at it we can solve the puzzle and or develop a defense depending on how important it is to us". They don't have that in the internet.

One, probably the major culprit is that attribution is extremely hard, if not impossible. Reason: source IP means nothing.

The way states tick they absolutely must have the ability to connect a communication with legal entities, preferable even with a small set of persons (like a family). With the internet they can't.

Unless one does considerable changes on the IP level - which is not practically feasible - they are left to "walk towards the sources themselves", which translates to link the ISPs into their spying and lea machinery.

The idea, I bet, is to somehow tag traffic as early as possible so as to be able to follow it backwards to the source. Things being how they are that's also not easily feasible and so they do "virtual tagging" by collecting relevant bits and pieces everywhere. Which probably is also one of the reasons for the utah complex.

Oh and btw: Once that is in place it's a simple act of some politicians to come up with a law that prohibits tor or encrypted connections, etc. Not completely, of course, as banks and businesses still need e.g. the ssl/tls security theater but for many cases.

Most of us made the generals error: generals serve to implement strategies but to understand the opponent one must understand the political level.

As we come up with ever better encryption and funny toys like tor they do not accept that challenge but rather change the game setup. Enter the world of steganography and be prepared for "friendly" google and the likes to "helpfully" provide us with tools.

JG4March 31, 2017 1:34 PM

from the usual compendium. perhaps everyone quitting the internet for a few months would be a an appropriate protest against the ISPs

'Just Use A VPN' Isn't A Real Solution To The GOP's Decision To Kill Broadband Privacy Protections

Meet the Midwestern Contractor That Appears Hundreds of Times in the CIA WikiLeaks Dump

Browsing Histories
Metadata Explorations

CENTCOM chief: 'Vital US interests at stake' in Yemen

Trump Signals He’s About To Blow His Foot Off

When Warrioes Put On the Badge

tyrMarch 31, 2017 3:55 PM



Juncker almost made me choke on my popcorn.

Since the majority of the US taxpayers money
that supported the EU project was used by the
CIA to talk Britain into the EU. Can I get a refund ?

Clive RobinsonMarch 31, 2017 6:39 PM

@ tyr,

The US has had way more than it's pound of flesh out of Britain in more ways than just money grubbing.

They would have to have spent it in bribing the French... As it were they that blocked the UK'd initial attempts to join. The story is a certain French General who sat out a large chunk of WWII in Britain decided that the British were, unsuitable to be Europeans... As it was the French again forced the UK to break away with the Commonwealth that had once been the British Empire. They also tried very hard to break the "Special Relationship" with the US, but did not succeed because of the British "War Debt" to the US (rumour has it the French reneged on their share of War Debt due to claims that the Government that owed it was not "The French" Government). Maggie Thatcher got rid of the British War Debt and then turned her Guns on the EU to reduce what the UK paid into the EU in part in revenge. The French were horrified as many of their citizens were milking the Common Agricultural Policy for all they could get. By claiming they were farmers when they had land less than a lot of British "back gardens" with a few chickes scratching around that they might sell the eggs from and maybe a few veg in the local town market (I suspect any French readers will now be somewhat annoyed). The actual problem was that the French like other southern European countries had what was in effect was "equal division on death" medieval inheritance laws that resulted in farms getting progressively smaller and smaller. It's in part why the Euro Zone went horribly wrong in southern Europe and why some EU citizans were made destitute and at one point some were starving and being made homeless.

@ Nick P,

However, it reinforces the notion that physical verification will be cumbersome, highly expensive, and use tools w/ chicken-and-egg problem.

True but you are not thinking it through in a cost for cost way. You don't need to test every chip just a quite small sample. That is the cost of producing two "mask sets" from the tape out, one with the "IC extras" and one without would be prohibitively expensive, and the "reputational risk" cost would be way way to high to contemplate.

The trick is you do something equivalent to,

Put a PUF or similar on the chip to make the equivalent of an unforgable electronic serial number seed and a fusable link ROM to hold the actual serial number. You take "all fab output" and you then generate a digitaly signed version of the PUF with a "salt". You blow the signiture into the ROM. You laser etch into the chip package the salt value. The salt is used to ensure that even on the very low probability that two chips have the same PUF value the resulting ROM signiture is unique. You then put the signiture in a Database that can be accessed if there is doubt about if a chip package is real or fake.

That way if somebody does get a mask made with an "IC extra" in it and chips made and packeged up they would not be able to produce a valid salt/serial without access to your signing key...

ThothMarch 31, 2017 7:55 PM

@Clive Robinson

re: PUF chip

How is the signing key used in the PUF capable chip ?

Does the chip create a unique PUF output mixed with salt and then I use my private key to sign the salted unique PUF output then burn it into chip ROM ?

What is this "all fab output" ?

Or maybe you meant I load the salt into the PUF capable chips, make all the chips generate salted PUF signatures then personally sign all PUF signatures altogether ?

Not sure I understood your PUF construct.

Clive RobinsonApril 1, 2017 4:41 AM

@ Thoth,

How is the signing key used in the PUF capable chip ?

Ignoring the salt for the moment.

When you get the chips back from the FAB you read out the PUF value and sign it with your PrivKey and write the resultant value into the ROM. Thus when a customer gets a chip they can tell if it's come from you because they can take your PubKey decrypt back to the value you signed and verify it against the PUF value.

The salt is there for a number of reasons. But primarily whilst the Physicaly Unclonable Function (PUF) is --supposadly-- "uncloanable" and the output invarient[1], there is no guarentee it's output value is unique, just very probably so.

Thus you append a salt that is randomly selected and around 96bits in length. If you find that your salt+PUF gives the same value as a chip you've already issued you just change the salt to another random (or CS-PRNG output) value, so the resultant signed value is unique.

You laser etch the Salt value to the chip package in Base64 ASCII characters so that a customer can read it by eye (maybe with the help of a magnifying glass ;) and type it into a web based program or read it phonetically down the phone.

Thus an end user can verify --within reason-- it came from you.

You put the values of the salt, Puf and ROM in your database. The salt should likewise be unique --and used as a primary key to an oracle-- and due to it's size difficult to guess as a value, which means you can give it certain security values, as long as the database is kept secure.

[1] The reason for this is that I'm not totally convinced about PUFs or fusable link ROMs when it comes to ion beam tools and the like.

65535April 1, 2017 6:13 AM

@ Clive, Dirk Praet, JG4, vas pup, Thomas_H and others:

I had a very busy week and will try to comment on some of the important issues of US internet privacy laws getting scrapped, NGA, and local Private Investigators using old tricks from the NSA/CIA/FBI/and so on.

See you in the new Squid thread [assuming my weekend doesn’t get clogged with work].

ab praeceptisApril 1, 2017 2:58 PM

Clive Robinson, Thoth

I was interested in PUF very much but got stuck. No so much because the research is slow in terms of useable output but because the problem class that is addressed is rather limited.

Here is my case: I'm working on some network project where I would strongly like to have something like a unique environment fingerprint. One classical case is goon taking a server out of the rack to examine it or as evidence or whatever. That's a tough nut and most of the approaches that seem obvious are useless or very weak.

As for PUF as it's currently understood, I find it interesting (research-wise) but assume that most will simply go the "use a serial id in hw and be done" approach which, in fact, is sufficient for most cases.

Actually I even see a dangerous potential insofar as intel and accomplices might just hash up their weird zoo and say "see. Secure!" - and Joe and Jane will accept it and happily feel somehow secure.

I'm mentioning that because PUF is *not* (reasonably) about PUF/hash, be done. The problem class beneath that, namely the weird firmware and devices zoo, is to be addresses differently (preferably by extinguishing it).

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.