Friday Squid Blogging: Squid Can Edit Their Own RNA

This is just plain weird:

Rosenthal, a neurobiologist at the Marine Biological Laboratory, was a grad student studying a specific protein in squid when he got an an inkling that some cephalopods might be different. Every time he analyzed that protein’s RNA sequence, it came out slightly different. He realized the RNA was occasionally substituting A’ for I’s, and wondered if squid might apply RNA editing to other proteins. Rosenthal, a grad student at the time, joined Tel Aviv University bioinformaticists Noa Liscovitch-Braur and Eli Eisenberg to find out.

In results published today, they report that the family of intelligent mollusks, which includes squid, octopuses and cuttlefish, feature thousands of RNA editing sites in their genes. Where the genetic material of humans, insects, and other multi-celled organisms read like a book, the squid genome reads more like a Mad Lib.

So why do these creatures engage in RNA editing when most others largely abandoned it? The answer seems to lie in some crazy double-stranded cloverleaves that form alongside editing sites in the RNA. That information is like a tag for RNA editing. When the scientists studied octopuses, squid, and cuttlefish, they found that these species had retained those vast swaths of genetic information at the expense of making the small changes that facilitate evolution. “Editing is important enough that they’re forgoing standard evolution,” Rosenthal says.

He hypothesizes that the development of a complex brain was worth that price. The researchers found many of the edited proteins in brain tissue, creating the elaborate dendrites and axons of the neurons and tuning the shape of the electrical signals that neurons pass. Perhaps RNA editing, adopted as a means of creating a more sophisticated brain, allowed these species to use tools, camouflage themselves, and communicate.

Yet more evidence that these bizarre creatures are actually aliens.

Three more articles. Academic paper.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Tags: ,

Posted on April 7, 2017 at 4:16 PM92 Comments

Comments

Ben A. April 7, 2017 4:21 PM

Anomalous keys in Tor relays

Our experiments revealed that ten relays shared moduli, and 3,557 relays—most part of a research project—shared prime factors, allowing adversaries to reconstruct private keys. We further discovered 122 relays that used non-standard RSA exponents, presumably in an attempt to attack onion services.

https://nymity.ch/anomalous-tor-keys/

https://nymity.ch/anomalous-tor-keys/pdf/anomalous-tor-keys.pdf

A Las Vegas algorithm to solve the elliptic curve discrete logarithm problem

In this short paper, we develop a probabilistic algorithm for the elliptic curve discrete logarithm problem. This algorithm is not generic in nature, it uses some properties of the elliptic curve.

https://arxiv.org/abs/1703.07544

Pandavirtualization: Exploiting the Xen hypervisor

http://googleprojectzero.blogspot.com/2017/04/pandavirtualization-exploiting-xen.html

Ask.com’s server-log is exposing your searches to everyone in real-time

https://thetechportal.com/2017/04/07/search-engine-ask-server-log-exposing-searches-real-time/

https://news.ycombinator.com/item?id=14058265

Official list of phoned-home info revealed by Microsoft

https://technet.microsoft.com/itpro/windows/configure/basic-level-windows-diagnostic-events-and-fields

https://technet.microsoft.com/itpro/windows/configure/windows-diagnostic-data

https://www.theregister.co.uk/2017/04/06/microsoft_windows_10_creators_update/

WikiLeaks just dropped the CIA’s secret how-to for infecting Windows

https://arstechnica.com/tech-policy/2017/04/wikileaks-just-dropped-the-cias-secret-how-to-for-infecting-windows/

https://wikileaks.org/vault7/document#grasshopper

Why isn’t US military email protected by standard encryption tech?

https://nakedsecurity.sophos.com/2017/04/07/why-isnt-us-military-email-protected-by-standard-encryption-tech/

Baseband Zero Day Exposes Millions of Mobile Phones to Attack

Weinmann said the baseband vulnerability is within the HiSilicon Balong integrated 4G LTE modems. Hisilicon Technologies is a subsidiary of Huawei Technologies.

https://threatpost.com/baseband-zero-day-exposes-millions-of-mobile-phones-to-attack/124833/

iCloud extortion racket nowhere near as epic as we thought it might be

https://www.theregister.co.uk/2017/04/07/icloud_wipe_threat/

https://www.troyhunt.com/heres-where-the-apple-accounts-hackers-are-threatening-to-wipe-came-from/

Samsung Tizen Security ‘Feels like 2005’

https://threatpost.com/samsung-tizen-security-feels-like-2005/124841/

Nine Questions to Ask after a Terrorist Attack

https://www.lawfareblog.com/nine-questions-ask-after-terrorist-attack

U.S. has withdrawn its request to identify a Trump critic

https://www.washingtonpost.com/news/the-switch/wp/2017/04/07/the-u-s-government-has-withdrawn-its-request-ordering-twitter-to-identify-a-trump-critic/

https://www.lawfareblog.com/twitter-drops-complaint-against-dhs

Bankers to get 1Gbps free Wi-Fi in City of London deal

https://www.theregister.co.uk/2017/04/07/bankers_to_get_1gbps_free_wifi_in_city_of_london_deal/

Full Page Screen Capture

Capture a screenshot of your current page in its entirety without any extra permissions

https://chrome.google.com/webstore/detail/full-page-screen-capture/fdpohaocaechififmbbbbbknoalclacl

My Info April 7, 2017 4:57 PM

“non-standard RSA exponents”

As opposed to “standard” RSA exponents such as 3 or 65537 decimal (0x3 or 0x10001 hexadecimal)?

Just asking.

My Info April 7, 2017 5:04 PM

Obviously the RSA standard does not require such “standard” keys or they wouldn’t work at all.

How does anyone know these Tor node operators have not provided copies of private keys to various sovereign government authorities, either through overt act or by lax security?

Nothing anomalous would have to be noticed in the keys.

ab praeceptis April 7, 2017 5:05 PM

Ben A.

How dare you doubting wonderful tor based on nothing but utterly lousy crypto implementation and usage which is all but worthless and broken??!1! You evil guy! Didn’t they tell you how wonderful tor is and how important?! Plus its developers have nice hair, too.

As for the las vegas algorithm against the elliptic curve discrete logarithm problem:

Haha, nice joke. That’s but somewhat less random poking in the fog at extreme cost (under their very favourable assumptions it’s O(2 * 10^46)) for n prime = 25 and t = 5 (which is ridiculously low)).

I’m shivering in fear.

John Galt April 7, 2017 5:18 PM

[[[ Why isn’t US military email protected by standard encryption tech? ]]

Because Google for Government skims it and gives free copies to friends and sells to foreign governments and mercenaries.

r April 7, 2017 5:21 PM

500 million years ago we last shared an ancestor with the cephalopods, their shelled tentacled relatives don’t possess this novel adaptation.

Our divergent evolution took that long to reach a similar capability, alien?

Life is full of wonder.

Ben A. April 7, 2017 5:29 PM

@My Info

As opposed to “standard” RSA exponents such as 3 or 65537 decimal (0x3 or 0x10001 hexadecimal)?

From the text:

“To our surprise, we found more than 3,000 keys with shared prime factors, most belonging to a 2013 research project. Ten relays in our dataset shared a modulus, suggesting manual interference with the key generation process. Finally, we discovered 122 relays whose RSA exponent differed from Tor’s hard-coded exponent. We believe that most of these relays were meant to manipulate Tor’s distributed hash table (DHT), presumably in an attempt to attack onion services.”

@ab praeceptis

TOR is a really useful tool if/when used correctly. It’s often subject to unfair criticism but we need projects like them.

Providing people understand its limitations and use it sensibly – in conjunction with a good VPN and security-focused OS – it’ll provide a high level of privacy/anonymity.

Tangentially relevant and interesting:

Challenging Government Hacking in Criminal Cases

https://www.aclu.org/report/challenging-government-hacking-criminal-cases

https://www.aclu.org/sites/default/files/field_document/malware_guide_3-30-17-v2.pdf

Ergo Sum April 7, 2017 5:37 PM

@Fred…

The Brikerbot may not mean much of an issue in the US, where most of the cable companies actually provide and manage the WiFi router. Of course they do, they want to provide free WiFi access via your router… 🙂

For those, who use their own and allow remote access over the internet with default admin credentials… Well, they’ll either learn, or keep exchanging the router after the Brikerbot hits them.

I blame the manufacturers… What is the reason that telnet access enabled on the public side with default credentials? I can understand that people, who don’t know much and just “plug-and-play” the new device. But manufacturers? They should know better…

ab praeceptis April 7, 2017 5:47 PM

Ben A.

… a really useful tool if/when used correctly …

Reminds me of ssl/tls – which just so happens in the vast majority of cases to not be configured and used correctly. Just like what you just told us about wonderful tor ™.

Anyway, no need to preach to me; I’m converted and now a big big fan and sectarian believer in tor.
Certainly all those problems that you told us about above are mere coincidence. As are the successful fbi raids and the tor users in jail.

I believe in wonderful tor ™, no matter how many more ugly problems come up, yay!

Moreover, how could a project that runs a witchhunt against one of its major figures based on nothing but some women inventing stories be in any way doubtful? Unthinkable!

Let us not tolerate any criticism whatsoever of wonderful tor ™! Those who engage in such actions are but black and white engineers and generally evil persons (probably russian!), no matter how much more comes to light!

tor foreva!!!

My Info April 7, 2017 8:06 PM

@Ben A.

Providing people understand its limitations and use it sensibly – in conjunction with a good VPN and security-focused OS – it’ll provide a high level of privacy/anonymity.

https://tor.eff.org/about/overview.html.en

“Individuals use Tor to keep websites from tracking them and their family members, or to connect to news sites, instant messaging services, or the like when these are blocked by their local Internet providers.”

This much is probably fine.

“Journalists use Tor to communicate more safely with whistleblowers and dissidents.”

More safely. Relatively. No absolute or unqualified claims are being made at this level.

“A branch of the U.S. Navy uses Tor for open source intelligence gathering …”

Open source. Not for classified use. When we get to this level, it’s a research project only, and of none other than theoretical interest.

Mohan NiralalalalaIcanthearyou April 7, 2017 9:06 PM

Those Princeton guys are doing historical research on Carnegie Mellon’s pointless cyber-prank. The Silk Roads were infiltrated to saturation following DPR’s floundering public-domain makeover as a shadowy criminal mastermind. There were so such mobs of cops up the poor chumps’ butts that featherbedding DEA guys were moonlighting at theft, fraud, and extortion. CMU never caught anybody. They were tits on a bull, academics trying to cash in on the Stasi boom. But now of course, like everything else in the universe, CMU’s toy proves to Resistance-is-Futile fanatics like ab padabbadoo that Tor &c. sucks and give up, the hobnailed boot will be stomping on your face forever.

So, did they pin Shadow Brokers on Hal Martin yet? Gee, can’t imagine why they wouldn’ of…

r April 7, 2017 9:13 PM

@Sir Mohan Mohan,

What’s the deal with the APB? I don’t think I’ve ever once scene the two of you even so much as wink at each other.

Btw, installment seven is still unimpressive – I patiently await 8pt.

John G April 7, 2017 10:57 PM

Does the recent repeal of the internet privacy laws allow ISPs to sell the identity of a person based on IP address to people/companies who pay for it?

Input: Date+Time+IP address
Output: Name+Address

All this done in real time.

I see a lot of talk of selling browsing histories, does that include identity as well? Or is it up to the buyer of browsing histories to figure out the identity tangentially. I could see a model for selective pricing of internet commerce possible if such information was available in real time.

Thoth April 8, 2017 6:37 AM

@Drone

Go opportunity to uninstall the garage door mechanism and switch to manual ones without needing to worry about backdoors and bricking anymore.

Winter April 8, 2017 12:36 PM

@Slime Mold with Mustard
“XKCD seems to have misconstrued some of the advice dispensed around here…”

Note: “Only read content through tor.com”
Nice touch.

Eldoran April 8, 2017 5:04 PM

On the new Shadow Brokers leak – this is even on Wikipedia.
The only news article on the subject I have found so far is from <href=”http://www.zerohedge.com/news/2017-04-08/hacker-group-releases-password-nsas-top-secret-arsenal-protest-trump-betrayal”>zerohedge.

Truly Survival of the Fittest April 8, 2017 5:31 PM

Warning Sign
The most invasive privacy policies always start:
‘Your privacy is important to us’

Just try to get a job or insurance if you suffer from any of the following:
Windows 10 Privacy Excerpt
“Health-Related Ad Targeting. In the United States, we provide interest-based advertising based on a limited number of standard, non-sensitive health-related interest categories, including allergies, arthritis, cholesterol, cold and flu, DIABETES, gastrointestinal health, headache / migraine, healthy eating, healthy heart, men’s health, oral health, osteoporosis, skin health, sleep, and vision / eye care. We will also target ads based on custom, non-sensitive health-related interest categories as requested by advertisers.“
https://privacy.microsoft.com/en-us/privacystatement

Corporate Rulers
As if DIABETES is non-sensitive. Or your IP address is not personal data. Ridiculous
The younger the person the more harm potential throughout their long professional carrer.
No help from 0.1% on-the-take lawmakers. Sadly here is zero public outrage (as people become stupider).

Translated: in the USA there are few laws to protect your privacy. We in Big-Data now need to monetize your medical afflictions. Congress is on our side to now exploit patients. Big-Data is Truly Survival of the Fittest scoring with zero empathy.

Only in the United States
Never input medical info at doctors office into an LCD touch pad. Data is going straight to Wall St and (ssshh) Google analytics. Doctors get secret incentives to cooperate. After 70 screens of HIPPA data they ask the tired patient for SSN and credit card to positively ID. Then sweetly ask permission to use your most personal medical data for unspecified analytics. Of course 98% of dumb Americans blindly ACCEPT with zero thought of the consequences.

r April 8, 2017 5:57 PM

@survival,

It’s very very very scary, I’m afraid for the future with concern to medical privacy data mining profiling etc.

Truly scary, Google’s “don’t be evil 2.0”.

r April 8, 2017 6:45 PM

@survival,

Something I’ve noticed in recent years maybe benignly related is that some offices give discounts “for cash”.

Maybe it’s related tho billing and insurance hurdles but in the longest of runs it may be advisable in the face of any potential interconnected discrimination.

Class Action April 8, 2017 7:08 PM

Lawsuit just waiting to happen. I can’t count how many times I’ve heard, “Sign this to say you have been made aware of and understand your privacy rights as a patient.” Read the document, but it says “I agree to sign away my HIPPA rights for the benefit of you, data aggregators, and advertisers.” Um?

Ergo Sum April 8, 2017 8:38 PM

@Truly Survival of the Fittest…

Only in the United States
Never input medical info at doctors office into an LCD touch pad. Data is going straight to Wall St and (ssshh) Google analytics. Doctors get secret incentives to cooperate. After 70 screens of HIPPA data they ask the tired patient for SSN and credit card to positively ID. Then sweetly ask permission to use your most personal medical data for unspecified analytics. Of course 98% of dumb Americans blindly ACCEPT with zero thought of the consequences.

I doubt that Wall St. would need any of the HIPAA data and I yet to see touchpad based patient info collection. The chances are that there are some, but not as prevalent as you seem to suggest.

Obviously, in order to receive treatment, one needs to provide name, address, medical/prescription history and insurance information in the US. There’s no need to provide SS#, email address, cell# and other unrelated information. Some people do, others don’t…

Where Google gets in the picture is with the passing of the HITECH in 2009, that requires establishing and sharing EHR (Electronic Health Record) across the land in the US. HIPAA regulations are damned… Google had been and is everywhere during the establishment of the EHR. It does not need to provide “secret incentives” to the providers to cooperate, all the data flows through Google anyway.

Most people get their panties in a bunch at the doctors’ office and blindly follow directions. That’s mainly due to the conscious/subconscious trust in the medical professionals in a time of need. This is no different in any of the other countries around the world. Singling out the US and calling 98% of its people dumb shows your real color…

Example: Data Mining at the Doctors Office April 8, 2017 10:10 PM

“Phreesia does NOT sell, rent or disclose protected health information to anyone or use it without patient authorization”
http://www.phreesia.com/overview/

Frequently no one is there in the waiting room trained to advocate for the sick patient. Are they being exploited. With paper forms you get review every page first.

All it takes is one careless YES on the 73rd screen and the patient loses ALL HIPAA protections. That is the law. The patient is not given a copy of what they signed either.
They should ask this up-front and on paper. The current lopsided system indicates proof the doctor does not REALLY care and may be inflicting harm on their patient. Only in the USA do they bring legal forms right before elective surgery. You can’t even read the fine print!

This is playing medical hardball. A contract is between two parties and each has the right to modify it. I always write in ‘any services not covered by insurance requires prior patient authorization’. Not possible with these LCD screens. The LCD tablet has a built-in card reader so I’m giving in essence a blank check even though the doctor is in network. This SSN is also required for instant loan approval too if your card is maxed out. They think of everything!

The Odds Favor Data-Miners
Here are the specialties that you are ‘unaware of’. Each offersz a gold-mine to steer expensive, alternative treatments sweepstakes and promotions. At every visit you will be asked to sign away your HIPAA protections. Sooner or later even the most diligent will make a fatal mistake. There is no confirmation screen. This also implies to train family members who frankly aren’t nearly as interested.

Cardiology

Community Health Center
Dermatology
Endocrinology
Gastroenterology
Multi-Specialty
Neurology
Nephrology
Obstetrics/Gynecology
Oncology
Ophthalmology
Orthopedic Surgery
Otolaryngology
Pain Management
Pediatrics
Primary Care
Pulmonology
Rheumatology
Sleep Medicine
Urgent Care
Urology
Vascular Surgery
Do not give the doctors office (Wall st) your email. This opens the door to more third party surveys, sweepstakes and promotions. Let them use postal mail. My long term solution is when calling the doctors office for the initial appointment, to ask if patients are required to use a tablet.

Front Line Against Data-Mining
Lastly the most interesting page is the FAQ. However Google REALLY wants to data-mine me before showing the answers. That is, they need to identify who is on-their-trail.
http://www.phreesia.com/faqs/#

“Singling out the US and calling 98% of its people dumb”
I did not state that. I don’t actually know how many are dumb and who easily misunderstand…but…Bruce is a nice host!

MarkH April 9, 2017 5:51 AM

Dallas Emergency Sirens Reportedly Hacked

An apparent radio signal attack against emergency sirens in large US city.

Significantly, this incident:

  1. Continued for more than an hour
  2. Provoked thousands of public calls to emergency dispatch
  3. Resulted in an extended shutdown of the system, because its operators don’t know how to stop retriggering

In olden days, radio activated systems like this might have had no security precautions at all. It would be bizarre if Dallas is using such dinosaur tech … but after all, it is Texas.

I sure would like to learn more about what kind of signal is capable of triggering the sirens.

If the design is stupid enough, it might not have been hacking at all, but rather an inadvertent effect of some equipment operation.

Whatever happened, a denial of service has in effect already resulted: when this system is activated in future, many will doubt whether it means anything.

Who? April 9, 2017 6:20 AM

@ Eldoran

I can confirm this password works. The auction file is a mix of open source tools like 7z, documentation, exploits and implants. Someone should look at ~/Linux/bin/default_key.txt:

Private-Key: (2048 bit)
modulus:
    00:9c:de:4a:7b:cb:7c:48:9c:87:01:d2:77:46:fa:
    5c:11:d5:9e:41:ce:62:48:16:87:58:db:3f:1a:85:
    e1:a6:44:e7:c5:31:76:f9:83:36:78:95:74:24:5b:
    0d:c5:0b:98:c4:dd:91:27:2f:6c:33:16:ba:de:b0:
    50:81:e6:78:c5:32:48:dc:b0:36:af:12:f9:b6:7a:
    ce:c5:a8:72:a7:a9:9c:41:d4:92:a1:6c:b4:41:77:
    84:a1:fd:f7:67:c3:2a:70:55:73:46:4c:50:a8:4a:
    ad:dd:d1:30:dd:fd:9e:d0:5d:b3:5b:70:f5:d1:e2:
    cd:af:83:1b:44:08:eb:00:df:f4:b4:7e:be:96:55:
    e3:e7:a8:35:e4:fa:d5:f8:e3:78:1f:5a:63:a6:22:
    df:3f:c3:96:cc:4a:b4:68:62:74:09:5a:fe:bf:58:
    9b:89:79:a1:27:79:79:6c:63:79:da:fb:52:1b:12:
    8f:85:5a:52:e4:4c:f0:57:c5:ba:25:c6:e8:7f:6b:
    8e:c2:92:b0:27:89:e5:49:fe:7a:9e:10:c0:4f:72:
    6f:8f:e5:ce:6f:43:6b:ad:c6:a8:4a:8b:f7:0d:7e:
    8e:88:fa:af:af:a4:45:a6:34:39:bd:86:33:a0:93:
    48:a2:d1:f0:e6:af:7d:d4:fb:66:51:49:5c:6f:a7:
    fe:29
publicExponent: 65537 (0x10001)
privateExponent:
    47:9f:8b:3c:98:bd:27:5e:28:9a:61:61:4a:8c:17:
    2b:a1:70:7f:b5:5e:d4:71:4c:dc:fa:46:06:b3:28:
    43:45:64:d9:79:6b:4c:23:67:e4:88:c0:9d:b4:e1:
    45:9d:b4:e3:f6:12:47:64:f4:af:22:ea:b1:b0:a9:
    21:96:7c:7f:f5:24:a5:76:e3:90:ee:46:0b:d6:68:
    c0:80:d7:d0:cb:b5:67:ad:4a:41:e0:23:31:5d:03:
    b6:ff:01:4e:64:22:e5:65:6e:9b:a3:4e:94:78:7c:
    88:31:f2:70:f9:52:e0:ea:57:71:21:d3:6b:40:76:
    0f:73:fa:28:07:36:5d:90:2c:e5:68:7f:5e:97:ee:
    8d:8d:fa:7f:42:f9:61:f0:38:35:fa:a8:ba:d3:17:
    ec:e3:d4:da:80:b4:74:ff:19:67:a6:0a:1b:36:21:
    28:ef:8a:b3:7b:05:c9:90:3b:16:f9:54:09:c1:b2:
    15:58:3b:3b:d4:37:91:35:17:81:97:93:12:66:a5:
    bf:1d:19:ef:6f:0c:2b:2f:bf:8e:65:c4:7f:58:4f:
    26:79:67:c2:2a:c8:5b:19:f5:92:24:76:ea:34:18:
    38:e8:0f:92:fe:2b:90:32:b4:2d:02:2d:d4:11:02:
    b5:9e:cf:c7:73:ad:d8:ed:44:cd:fd:93:dd:43:2d:
    01
prime1:
    00:ca:b4:f7:a5:7a:bf:ec:d5:fe:76:64:7e:c9:75:
    52:71:45:1b:3b:5b:c8:37:20:ef:aa:da:ca:31:21:
    1f:5b:b7:d1:61:bb:a5:31:4f:b4:df:17:d3:e8:d0:
    3e:6c:cd:28:62:ba:db:f5:ea:75:85:ed:0a:96:0b:
    e2:88:19:af:9c:fb:2b:ea:2b:3a:a6:08:b0:27:73:
    9e:d7:4a:08:0d:e4:18:20:a1:11:62:bb:5b:0b:27:
    b8:bf:d7:e1:72:f0:88:cd:60:ec:72:4c:de:e7:c7:
    4c:97:79:7f:bd:ea:04:90:76:71:4d:52:a9:de:89:
    12:2b:e1:b8:d3:79:70:10:49
[...]
exponent1:
    30:78:7b:6b:27:61:f3:48:ec:52:f5:0e:d8:2f:64:
    aa:4f:23:06:db:98:91:8e:1f:a1:14:36:1a:ef:57:
    a7:3f:da:22:6b:93:41:aa:54:8e:b0:0c:ec:f3:b6:
    a9:9f:99:13:9a:a8:f4:31:bf:2e:6a:13:08:f4:08:
    94:10:c8:4c:5a:47:12:f4:89:4e:a0:6f:36:cf:cf:
    e0:9d:04:36:06:1f:ba:d5:a8:e9:99:f1:58:46:84:
    47:e3:60:36:72:cb:d3:88:64:a1:a4:3d:fc:e0:4c:
    31:40:4d:4a:65:45:f8:21:4a:50:79:fe:c2:86:b6:
    40:a5:f5:e3:23:7b:a7:79
[...]
coefficient:
    00:be:c8:57:62:ed:65:c8:11:a3:34:ed:2a:e0:45:
    80:9f:81:d2:02:c8:23:07:f6:30:95:ec:59:a8:82:
    55:2f:db:da:95:9a:bf:fb:0b:6e:93:17:c5:c9:ef:
    f6:06:a8:91:34:dd:48:f9:8e:84:6f:53:91:16:f0:
    e5:de:b1:40:71:77:c9:3c:71:3d:99:07:96:6b:06:
    11:a4:76:23:a1:2f:1f:42:34:2f:5b:52:2c:f7:40:
    86:f5:53:78:0a:4a:fa:8f:79:00:b6:27:6a:90:66:
    d0:35:c6:c0:d2:7d:e8:32:ab:8b:52:58:1a:32:0b:
    d4:93:c9:6f:1f:f6:89:ec:4f
clientAuth:
  8cf349bba8cf971b48e28d1a4f396f31
serverAuth:
  394bbe9f3b75cb51a6d145d49ff76421

Slime Mold with Mustard April 9, 2017 7:16 AM

My wife is a doctor, and two thirds of the above is true. The average clinician sees several sales people a week. You’ve seen the coffee mugs and pens – “Sodium Cyanide – for Depression” from the pharma reps. The data miners are more ruthless “your data could help yield the next breakthrough in compulsive nose picking!” Most of these offer some anonymization of the records (search this blog “deanonymization”) or Wikipedia https://en.wikipedia.org/wiki/De-anonymization
but others offer “patient service opportunities”.

My wife was sitting in her own doctor’s office when she was approached by a woman in a lab coat. Surely she would give a blood sample for a study that measured the effectiveness of her medication against certain genetic markers?

Too bad I was waiting in the parking lot, because I have not seen one of her epic fits in some years. Why the hell did Abbott Labs have her medical records?The original consent form for the doctor covered no such thing. Such studies always require specific consent. She later read the MD the HIPPA (riot) act, and that practice stopped participation.

I am convinced that all human DNA records are will ultimately be stored in Utah, and not by the Mormons.

Ergo Sum April 9, 2017 8:36 AM

@Example: Data Mining at the Doctors Office…

“Phreesia does NOT sell, rent or disclose protected health information to anyone or use it without patient authorization”
http://www.phreesia.com/overview/

Thanks for the link… I was not aware of this company, maybe because my PCP (Primary Care Physician) is still using paper records…

“Singling out the US and calling 98% of its people dumb”
I did not state that. I don’t actually know how many are dumb and who easily misunderstand

I did not state that you did, but I disagree with your second sentence. People do misunderstand what they read at times and they may unreasonably get offended by a posting not directed at them. Just like you did…

JG4 April 9, 2017 8:54 AM

Thanks for the discussions of TOR and Phreesia. I’ve been trying to figure out how the Phreesia scam works and how to opt out of it after the fact. Luckily I’m pretty healthy.

when is perjury capital treason? when the streetlamps are festooned with the bodies of the criminals

http://www.cjr.org/first_person/cia_michael_hayden_expert.php

It doesn’t matter what cable channel you prefer (CNN, MSNBC, or Fox News), what talk show you watch (The Late Show with Stephen Colbert, Real Time with Bill Maher), or website you read (The New York Times, Washington Post, or The Wall Street Journal), Hayden is everywhere, commenting on the day’s news, while inevitably being portrayed as Mr. Reasonable: a post-partisan straight shooter who will tell you How It Really Works.
But members of the media who play along with this fantasyland portrayal of Hayden should be embarrassed. Hayden has a long history of making misleading and outright false statements, and by the estimation of many lawyers, likely committed countless felonies during the Bush administration. It is something of a wonder that someone responsible for so many reprehensible acts is now considered a totally above-the-fray, honest commentator on all issues intelligence.

file under no rights, including no right to repair

The iPhone 7 Has Arbitrary Software Locks That Prevent Repair Motherboard
https://motherboard.vice.com/en_us/article/iphone-7-home-button-unreplaceable-repair-software-lock

I think that this detail of the Shadow Brokers position was overlooked yesterday

http://www.zerohedge.com/news/2017-04-08/hacker-group-releases-password-nsas-top-secret-arsenal-protest-trump-betrayal

The article begins with the group explaining why it is displeased with Trump.
Don’t Forget Your Base
Respectfully, what the f**k are you doing? TheShadowBrokers voted for you. TheShadowBrokers supports you. TheShadowBrokers is losing faith in you. Mr. Trump helping theshadowbrokers, helping you. Is appearing you are abandoning “your base”, “the movement”, and the peoples who getting you elected.
Good Evidence:
#1—Goldman Sach (TheGlobalists) and Military Industrial Intelligence Complex (MIIC) cabinet
#2—Backtracked on Obamacare
#3—Attacked the Freedom Causcus (TheMovement)
#4—Removed Bannon from the NSC
#5—Increased U.S. involvement in a foreign war (Syria Strike)

Cowabunga Dude April 9, 2017 10:07 AM

@Ben A.

https://nymity.ch/anomalous-tor-keys/pdf/anomalous-tor-keys.pdf

That was attention getting but not for the reasons one might expect. What is fascinating is the identity of the four websites attacked. The biggie? Silk Road.

There was much speculation at the time of Ross’s trial that the case the government put on was an example of parallel construction. Many of the details about the way his identity was uncovered didn’t add up in the minds of sophisticated observers.

That research is powerful evidence that this speculation was true. Now we know the real story.

Winter April 9, 2017 12:23 PM

@Slime Mold with Mustard
“She later read the MD the HIPPA (riot) act, and that practice stopped participation.”

Meanwhile, industry and health care in the EU are scrambling to get their privacy in order for the 2018 start date of the General Data Protection Regulation with draconian punitive dammages for sloppy security. Sharing private data without written consent has become a crime.

https://en.m.wikipedia.org/wiki/General_Data_Protection_Regulation

It will be interesting to see the clash between the US and the EU on this point. And later, China.

Who? April 9, 2017 1:56 PM

@ Winter

I really like the GDPR. Hope the EU will be able to retroactively impose this regulation to protect european citizens from the crazy people-as-a-product business model.

an_attempt_to_be_useful April 9, 2017 3:38 PM

I am planning to, or at least am thinking about, setting up a Tor bridge or relay.

my existing choices on a lan include:

1) osx sierra (i5, 8 Gig ram), modify the tbb torrc

2) osx sierra w/virtualbox and guest Whonix

3) osx sierra w/virtualbox and guest fill-in-the-blank

4) windows 7 (relatively slow dual core, 32 bit; 3 Gig ram) , modify the tbb torrc or maybe install virtualbox w/guest not needing much ram

osx and windows 7 are used by people for other stuff, too, so the above setups would be shared. I like the idea of using one of the above computers, but have some old 386 computers available. also raspberry pi, or the like, is on option for heat issues (the area gets warm). i would rather not use things like snort for an ids, but i could isolate sublans with apple routers, i think

in short i have limited expertise, but have been reading the literature at torproject.org

a K.I.S.S. (keep-it-simple-stupid) recommendation would be nice, or things to consider, or recommended links.

i understand this might attract hacking and scrutiny, but don’t know how much in the usa.

i plan to learn more about port forwarding (portforwarding.com).

the isp is comcast so throughput will probably be relatively low.

Thanks in advance

Markus Ottela April 9, 2017 9:32 PM

I’m happy to announce the next version of TFC (0.17.04) is now available.

@Nick P:

You asked me long time ago to split the program into multiple parts. Learning how to do that took a while but it’s done now. Crypto-related primitives has it’s own file, key exchanges have another etc.

@Ratio

“You may want to check out pip and virtualenv”

Installer now makes use of requirements.txt file that also features pinned SHA512 hashes. The installer creates separate virtual environments for NH and Transmitter/Receiver.

“The globals, they burn. ;)”

This should now be fixed.

@Sancho_P

I switched to your fantastic data diode design (currently the wiki only has a guide for building the bread board model, but perfboard version will follow soon). I also rewrote the serial listeners for much greater stability. I’m getting practically no errors with 1M baudrates.

As you requested, Reed-Solomon now displays a warning when it corrects any errors. This allows user to detect eminent hardware failure.

@ab praeceptis

“Wouldn’t there be more attractive KDFs/Hash ratchets (e.g. Argon2 (PHC winner))?”

TFC now uses Argon2i (threads and memory scale with system performance) to generate master encryption key and PSK encryption keys.

“You might want to look into mypy (http://mypy-lang.org) which allows “lite type annotations””

TFC now features PEP484 type annotations for static type checking with mypy. Mypy check still shows a few types of errors so it’s a work in progress.

@ All:

I practically rewrote the entire program in Python3 (3.6 for TxM/RxM and 3.5 for NH as the upcoming Tails 3 features it by default.) Python3.6 is the first one to feature GETRANDOM syscall, and with flag 0, it guarantees keys generated have at least 128 bits of entropy. Since that’s a bit low, during startup TFC waits until entropy_avail file indicates internal CSPRNG state is at least 512 bits. I learned that with Linux kernel 4.8 the SHA1 compressor was changed to ChaCha20. Together these mean that CSPRNG is now trustworthy even on live distros, therefore the HWRNG (originally meant for OTP generation) has been deprecated.

I found no repository for Python3.6 for Raspbian, so support for the SBC is on hold.

PyNaCl library has included my pull-request for DH shared secret getter, therefore fork of library is no longer needed.

The hash ratchet now chains and mixes digests from SHA3-256, blake2s and SHA256. I presented my conjecture of the security benefits here. I’d be intersted in hearing any critique the community might have.

The fingerprints are now base 10 just like Signal. Compared to previous hexadecimals, this is less error prone (3, b, c, d e and g sound alike at least in English language).

Figureitout was working on file transfer with data diode on Windows platform. I finally implemented something similar to TFC. “/fe” command now opens prompt for user to select a file. Transmitter program (I’m thinking of ditching the Tx.py/Rx.py terms) then compresses the file and and encrypts it with random key. The ciphertext is ouput to NH in one continuous transmission which is a lot faster than sending file in pieces over Pidgin messages. NH’s plugin program stores the ciphertext under a random file name. User can then send the file to as many contacts as they want over preferred method (Ricochet will soon transfer files), but key should always be sent over TFC. Once they receive the file, they issue command ‘/fi’ to TxM that then tells nh.py to open prompt and select the file. The program will then send it to RxM where Receiver program asks contact to enter decryption passphrase. The downside is, there’s no way to hide the fact file data was output; The upside is both users can independently transfer the data over data diode with varying speeds and error correction settings until no errors occurred.

There’s now a pair of commands (“/passwd {tx,rx}”) that allows user to change master password for Transmitter/Receiver program.

All settings are now in their own encrypted database that is controlled with command “/set setting_name setting_value”. All settings, their current/default values and descriptions can be viewed with command “/settings”. NH side settings are not encrypted because system is assumed to be compromised.

I separated keys to separate database so that e.g. changing nick does not block the sender process from storing key during trickle connection. Sender process no longer logs messages by itself, but instead it forwards them to multiprocessing queue for separate log writer process to write.

Transmitter program uses multiprocesses regardless of trickle. This allows priorisation of output packets when trickle is disabled: Files are being output if no messages are being output, and message is not sent if there’s a command waiting.

I finally figured out how to automatically authenticate installer with one-liner that relies on public key fingerprint. For example, TxM/RxM configurations are now installed with

gpg –keyserver pgp.mit.edu –recv 861BD0CE1E47A9D29F03C4F54064F05A4D17DE97 && wget https://raw.githubusercontent.com/maqp/tfc/master/install.sh{,.asc} -q && gpg –verify install.sh{.asc,} && bash install.sh tcb

gpg –recv and gpg –verify do not return 0 if key that matches fingerprint is not found or if installer signature verification fails, thus piping install.sh to bash was easy to make secure.

TFC has had a decent amount of tests for some time, but finally there’s some metrics available — namely, Travis CI with code coverage report (81% is good a start).

These are again just highlights. The rest can be found from the update log.

ab praeceptis April 9, 2017 10:51 PM

Markus Ottela

Sounds quite good! And I’m glad that I could help with some suggestions.

As for your security conjecture I’m sorry but I’m not at reddit, so let me offer my comment here:

While xor is cheap and seductive I’d strongly prefer prime clock arithmetic to link the hashes, e.g. by multiplication modulo some prime. In the given case (256 bit hashes) for example 2^256 – 189 should come handy as a prime. Alternatively you can make use of the fact that 2^127 – 1 is a Mersenne prime which would offer very nice computational properties. Both the MSB and the LSB needed to be taken care of independently but that is a rather simple problem. (One cool thing I love about prime clocks is that one never encounters the div by 0 problem).

Kudos, nice project and well done.

Figureitout April 10, 2017 1:36 AM

Markus Ottela
–Nice features. Yeah that was a PoC on Windows w/ lots to be desired (file encrypted, compressed, and finally base64’d on a linux/bsd PC, Windows PC is a transfer PC), but will be a nice PoC for anyone who wanted to see a really bare bones data diode working.

I haven’t tried yet, but I’m 99% sure it will work on most any MCU standard UART. Going to try eventually. Got a little serial module for LCD’s that I control w/ 1 line off MCU, highly unlikely it’d even work to send anything back when I configure a port as TX, but being able to isolate the display from your “TCB” is useful.

Next experiment (when I get time, which is very limited these days) for me is one-way channels for file transfer between normal media (like SD cards, FAT filesystem). This could be used on any system then.

Dirk Praet April 10, 2017 3:45 AM

@ Markus Ottela

I’m happy to announce the next version of TFC (0.17.04) is now available.

Nice work!

@ an_attempt_to_be_useful

a K.I.S.S. (keep-it-simple-stupid) recommendation would be nice, or things to consider, or recommended links.

I do not recommend setting up a Tor bridge or relay in your home LAN as it may draw unwanted attention. If you do anyway, put it on a dedicated device (e.g. Raspberry Pi) and on a separate subnet. You may wish to consider spinning one up on Amazon EC2 or similar cloud platform. There used to be a Tor Cloud initiative that provided images for doing so, but it was unfortunately discontinued about two years ago for lack of a maintainer.

But there’s still plenty of how-to’s for easy-to-deploy bridges or relays, like Ansible Tor or cirrus.

@ John Galt

To repeat from the other thread regarding Comment Policy …

Since it’s not your blog, the only rules of engagement applicable here are those of our host. Anyone who doesn’t like them can start there own.

Markus Ottela April 10, 2017 7:29 AM

@Slime Mold with Mustard:

My guess is those are in-line encryption devices for teleconferencing. The device has a plug for headset and all. Iovine seems to confuse encoding with encryption but other than that, I second their guess.

an_attempt_to_be_useful April 10, 2017 8:13 AM

DuckDuckGo search: tor relay operator arrested in washington state

results included:

https://www.schneier.com/blog/archives/2014/07/nsa_targets_pri.html

https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html

DuckDuckGo search: tor activist operator arrested in oregon by fbi

results included:

http://www.ibtimes.co.uk/seattle-police-raid-home-privacy-activists-who-maintain-tor-anonymity-network-node-1552524

https://www.wired.com/2014/08/operation_torpedo/

https://mylegalhelpusa.wordpress.com/2017/04/09/fbi-informants-inside-geek-squad-may-have-compromised-child-porn-case/

Tatütata April 10, 2017 9:44 AM

@MarkH :

Where do you see that the penetration occurred via a radio channel, and not by a open port somewhere on the internet, e.g. over a glorified web interface inviting to “click here to trigger all sirens” and protected by the super-mega-ultra-secure ID pair “admin/admin”?

I tried to find out myself, but haven’t found anything yet on this subject, except statements to the effect that the authorities believe they know how the attack happened, but won’t divulge it in the interest of public safety.

The CD sirens where I grew up were taken down soon after the (provisional) end of the cold war. I kind of remember an incident back in the 70s/80s when one went off accidentally (the controlling circuit was a telephone private line), but nobody in the public knew what to do in such circumstances. Ah yes, duck and cover… Civil Defense was an absolute charade.

There are plenty of radio-activated systems out there.

Some railway safety alarms are broadcast by radio, allowing a shutdown in case of an emergency. The technical details are available in public EU documents, in order to allow interoperability between operators.

I think that GSM-R brings an improvement, but how many kilometers of track are still using national legacy analog FM systems?

One thing puzzles me about those Dallas sirens. In the videos you can clearly see a light beam grazing the bottom of the horn for which I have no explanation, apparently from a laser mounted in the housing. Anyone knows what it’s used for?

I tried looking up in patents (e.g. Federal Signal), but found nothing to the effect. My previous knowledge on sirens went back to AT&T/Bell Labs patents and BSTJ papers from circa 1942.

MarkH April 10, 2017 10:22 AM

@Tatütata:

My reference to radio is based on my inferences, which may well be mistaken.

A city spokesperson was quoted as saying, “We do believe it came from the Dallas area because of the proximity to our signal you need to have in order to pull it off.”

It is the word “proximity” which suggests to me that the system was believed to have been activated by a radio transmission.

Also, the statement that “Dallas had reached out to the Federal Communications Commission” was suggestive to me. The FCC’s purview includes telephones and data networks, but I’ve never heard of anyone asking the FCC for help with an internet hack.

In contrast, the FCC is the natural agency to think of in an event of harmful interference with a radio channel.

That being said, I can’t rule out that the triggering was believed to be via telephone line, and that “proximity to our signal” meant that the spurious telephone calls or transmissions seemed to be from the Dallas area …

… though “proximity to our signal” would seem a most unexpected turn of phrase in such case.

I think our best chance of understanding this better, will be if we can hear something from a person who has worked on the design, installation or maintenance of the Dallas system or a comparable warning siren installation.

PS My mentor once took charge of a small broadcast station that had previously been operated by someone who didn’t know what they were doing. The station had a history of jamming police radio (not welcomed!) and, as I dimly recall, triggering some emergency system … it was a long time ago, and I hope that nobody is still using such primitive tech for a safety-critical application :/

JG4 April 11, 2017 6:14 AM

I could have put a finer point on my connection of perjury to capital treason. When the perjury serves to mask a conspiracy to subvert the constitution, the perjury is treasonous, deserving of a harsh sentence.

Links 4/11/17
http://www.nakedcapitalism.com/2017/04/links-41117.html

Syraqistan

A multi-level analysis of the US cruise missile attack on Syria and its consequences The Saker (YJT). Today’s must read. I sometimes have doubts about the Saker, but this strikes me as sound. The one point where I think he may be giving Russia too much credit is in the Tomahawk diversion thesis (as in if they could do it, why in part but not in full? To freak out the US types that their pricey weapons are horribly unreliable To test their tech without showing their hand too much? To send a warning, since some cooler heads might think it was likely that Russia had this capability, which in turn might lead to a rethink on some courses of action?)

http://thesaker.is/a-multi-level-analysis-of-the-us-cruise-missile-attack-on-syria-and-its-consequences/


New Cold War

Britain defies allies on Russia sanctions The Times

https://www.thetimes.co.uk/edition/news/britain-defiant-on-sanctions-56g26gjtm

Snowden on NSA and Cyberwar Defend Democracy

http://www.defenddemocracy.press/snowden-on-nsa-and-cyberwar/

Imperial Collapse Watch

Exclusive: Spyware firms in breach of global sanctions Aljazeera (Bill B)

http://www.aljazeera.com/news/2017/04/exclusive-spyware-firms-breach-global-sanctions-170405102959191.html

Selection and maintenance of the aim Irrussianlity (Chuck L)

https://irrussianality.wordpress.com/2017/04/10/selection-and-maintenance-of-the-aim/

Big Brother is Watching You Watch

Computer hack sets off 156 emergency sirens across Dallas Reuters (EM)

http://www.reuters.com/article/us-texas-sirens-idUSKBN17B001

Snowden on NSA and Cyberwar Defend Democracy

http://www.defenddemocracy.press/snowden-on-nsa-and-cyberwar/

Russian arrested in Spain ‘over mass hacking’ BBC (Chuck L)

http://www.bbc.com/news/technology-39553250

Symantec attributes 40 cyber attacks to CIA-linked hacking tools Reuters (EM)

http://www.reuters.com/article/us-cia-wikileaks-symantec-idUSKBN17C1FK

vas pup April 11, 2017 10:32 AM

@Class Action • April 8, 2017 7:08 PM.
On waiving your rights set up in any Law including Constitution:
That practice is invented by US corporate Lawyers. The idea of waiving your rights is just judicial trick to deprive you usage of your rights in favor of big business (e.g. privacy policies, terms of usage banking accounts, example you had provided in particular, class action participation, jurisdiction and laws governing conflict resolution, arbitration only for conflict resolution, etc.).
As you can see out of all those examples we have initial power imbalance on the sides of the contract agreement. Average Joe/Jane (sick in case of HIPAA in particular) on one side and corporate legal department with team of high qualified and paid lawyers on the other side. ALL those terms deprive you power/protection you have by Law/Constitution in favor of big business. You have zero chance to win in any conflict. My opinion is all those conditions could be valid if and only if both parties of the contract are of equal(at least comparable power), e.g. two corporations, two businesses with equal financial and legal resources when conditions of the contract could be negotiated before signing, not the case when we have pro-forma service contracts set up by law department of big business. You have only chance to sign it as a whole or avoid service of that company altogether. When company (e.g.recent situation with medical insurance companies) dominates market, you have only one option.

CONCLUSION: average Joe/Jane rights/protection established in the Law cannot be required to be waived as condition of service. If such contract signed, such waivers should be considered non-enforceable and legally meaningless,

Clive Robinson April 12, 2017 6:51 AM

@ r,

… kelihos taken down from Alaska.

Not exactly “from” but what looks like a case of “Justice Tourism” by the authorities, looking for a compliant magistrate to sign the paperwork…

This os something we will see much more of in the near future with Internet related activities.

Similar “Justice Tourism” caused considerable concern in the judiciary with the likes of Apple and Samsung over their leagal disputes over copyright etc. It also led to considerable concern that the US Patent and IP protection systems were being abused in ways not intended, rather more than Patent Trolls did as it directly effected economic activity by consumers.

JG4 April 12, 2017 6:53 AM

Links 4/12/1
http://www.nakedcapitalism.com/2017/04/links-41217.html

Imperial Collapse Watch

D.C.’s war madness The Week (Sid S)

http://theweek.com/articles/691356/dcs-war-madness

Who’s Playing The Long Game–and What’s Their Game Plan? Charles Hugh Smith (Chuck L). He overstates some of his points. Stuff like “The Neocon camp has also ordered its media arm–the corporate-owned mainstream media– to go into full attack mode” is cringe-making. But if you discount the hyperbole, there is some good stuff in here.

http://theweek.com/articles/691356/dcs-war-madness

Big Brother is Watching You Watch

The relentless push to add connectivity to home gadgets is creating dangerous side effects that figure to get even worse. MIT Technology Review (martha r)

https://www.technologyreview.com/s/603500/10-breakthrough-technologies-2017-botnets-of-things/

see also:

http://www.nakedcapitalism.com/2017/04/united-passenger-removal-reporting-management-fail.html

this is fascinating legal analysis of the recent Gestapo action. the jury will love the part where the police officer had a long and storied history of breaking legs in Chicago Police Department before he was shuffled off to harass and maim people in airports. he must not have been good enough to make the FBI witness assassination team

John Galt April 12, 2017 10:22 AM

@ vas pup

That practice is invented by US corporate Lawyers. The idea of waiving your rights is just judicial trick to deprive you usage of your rights in favor of big business (e.g. privacy policies, terms of usage banking accounts, example you had provided in particular, class action participation, jurisdiction and laws governing conflict resolution, arbitration only for conflict resolution, etc.).

CONCLUSION: average Joe/Jane rights/protection established in the Law cannot be required to be waived as condition of service. If such contract signed, such waivers should be considered non-enforceable and legally meaningless,

You are correct.

“Waiver of all rights” == Voluntary Slave

A long time ago, I got a ticket for running a yellow light… and was “convicted” on the trumped up charge.

Afterwards, the judge asked me to sign a document “waiving all my rights”. Of course, I refused. (He asked all the other assembly-line traffic criminals to do the same thing.)

We had a Civil War in 1860-1865 over the slave issue and according to official numbers, 15% of White Americans died to free the slaves.

Guess what? Slavery never went away. Today, EVERYONE is a slave. Color doesn’t matter. Even the soldiers in the Civil War were slaves … but, didn’t know it. They died for nothing? Nope… the slavers got their rocks off ordering their slaves to become deathmatch gladiators.

Slavers are conmen in expensive suits and enjoy the perks of high office. Lawyers are the instrument of slavers.

Clive Robinson April 12, 2017 6:38 PM

@ Thoth, Nick P and other usuall suspects,

You might find this of interest,

https://blog.acolyer.org/2017/04/07/sgxio-generic-trusted-io-path-for-intel-sgx/

It discusses a paper about Intel’s SGX security enclaves and IO channels. Over and above the usual DRM nonsense we get endlessly.

@ Bruce,

One you might want to add to your reading list,

http://dl.acm.org/citation.cfm?id=3029837

It’s a paper from CODASPY17,

“If you can’t beat them, join them: a usability approach to interdependent privacy in cloud applications” by Hamza Harkous & Karl Aberer.

It covers the privacy loss issues of third-party applications available to axcess the likes of Dropbox and Google Drive. Nearly two thirds of these applications request greater privileges than they require. But as the authors show even when the don’t you can still lose a lot of privacy unexpectedly when you colaborate on a document with another person who does use such applications. As a practical step they have come up with the idea of a “Privacy Indicator” that displays extra information to a user when the decide on an application.

Clive Robinson April 12, 2017 7:49 PM

@ The usual suspects,

You may find this paper of interest,

http://dl.acm.org/citation.cfm%3Fid%3D3029836%26CFID%3D740755237%26CFTOKEN%3D24369842

As you might know AMD are bringing out processors that for “privacy” encrypt main memory, which is a relatively cheap process. However the processors will not authenticate memory which is comparatively expensive process.

This ommission opens up the possability of using DMA etc to actively inject a fault into a processes memory space.

This paper discusses the use of the active fault injection attack and a cache hit/timing attack to recover a GNUPG key from a different process[1].

What the paper does not cover is other ways of actively injecting a fault such as RowHammer.

Whilst such a class of attacks is obvious from prior art, as with many security vulnerabilities history shows that “The obvious is ignored untill it is inconvenient”. Similar tricks will almost certainly work with other CPU families that have a suitable cache and memory encryption. In fact such an attack will potentialy work in any shared memory system where timing is sufficiently fine that the results of an injected fault will cause observable results to another process or CPU.

[1] As the AMD SME parts were not available at the time the research was carried out they simulated it by modifing parts of the Linux kernel.

ab praeceptis April 12, 2017 10:54 PM

Clive Robinson

Your link doesn’t work.

And I’m afraid that you became a victim of a form of academic clickbait. That issue is, as far as I can see, nothing to do with the new AMD processors – but putting (“selling”) it that way creates more attention.

As for the “problem” itself, I take that to be but a classical case of “xyz is worthless because it doesn’t solve 100% of all problems”.

Btw. I’m strongly doubting that anyone encrypts the (on die) cache as this would pretty much kill it’s raison d’etre.

Also, looking closer I have to ask: How is the processor responsible for the memory (and the house-keeping, separation, etc) of processes?
Sure, there are schemes (mostly on paper) to tag memory but even that needed to be managed by the OS. That whole issue also opens up other cans of worms, like for instance: Do we want, would it be accepted to introduce additional overhead in cache management?
Plus: That was simply not the goal of the AMD engineers providing for memory encryption (ergo, see my above judgement).

John Galt April 12, 2017 11:39 PM

@ Clive…

As you might know AMD are bringing out processors that for “privacy” encrypt main memory, which is a relatively cheap process. However the processors will not authenticate memory which is comparatively expensive process.

SO…. you don’t think your computer with your antimalware software is slow enough, yet?

Funny. Buy a new computer and the bloatware and a/v and now memory crypt make it slower than a 1977 TRS 80.

The Army will buy anything, tho.

Clive Robinson April 13, 2017 4:49 AM

@ ab praeceptis,

Your link doesn’t work.

Hmm, yup the link is correct if you do the %xx conversion back to an ASCII char… Sorry I missed it last night (trouble with being unwell yet again and during the holls).

For those who do not have a HEX-ASCII converter/chart to hand, try,

http://dl.acm.org/citation.cfm?id=3029836&CFID=740755237&CFTOKEN=24369842

With regards,

And I’m afraid that you became a victim of a form of academic clickbait.

Yes and No,

The paper was vetted not just by the ACM usual rules but also by the CODASPY17 paper vetting pannel.

Is the paper weak, by my own experience “yes”, but… academic papers on “Fault Injection Attacks” usually are. Also being as rare as “hens teeth” as well (see the papers citation list and you have about two thirds of the ones I know of in there).

As I noted they did a simulation of the AMD chip because the chips were not on the market. So as the paper belabors they based the simulation on the past year or so of AMDs released paperwork.

Importantly however the thing about nearly all active fault injection attacks is the “that’s bleeding obvious” response you get when you tell people. However no matter “how obvious” it is to them afterwards, they did not see it befor hand in every case I’ve found in the past. Thus they made no attempt to mitigate such attacks in their designs, which makes them vulnerable.

The thing is Cache timing attacks have been known for a couple of decades now “academicaly” and longer in the engineering community along with other fault injection attacks since atleast the 1980’s. Yet they keep appearing in new designs as do many other active falt injection attacks. The AES competition in 1988 and the resulting published code being the classic example of the cache timing problem visable across a network. Which still plagues us today over a decade and a half later and will probably continue to do so for another decade or three (I still blaim the NSA as NISTs advisors for this issue as they would certainly have known not just about cache timming issues prior to the competition starting but time based side channels in general, but they said nothing…).

I have explained a number of times on this blog and other places about why fault injection attacks work so easily with devastating effect[1]. But still they get designed in “With nary a thought” in new products year after year, presumably much to the delight of SigInt agencies around the world.

I suspect the late Douglas Adams was well aware of the cause of such problems with his joke –back in the late 1970’s– about the “Somebody elses problem field” that whilst it did not make things invisible, it stopped people seeing them for what they are.

And it’s not just me seeing this connection, whilst chatting to someone from the UK’s Cambridge Computer labs a while back, I mentioned the issue, and they told me that one of the Reader’s there, Prof. Alan F. Blackwell “also has the same bee in his bonnet” over the SEP issue.

I guess at the end of the day active fault injection attack mitigation is a question of “problem ownership” when products are implemented. The theoretical guys say “no problem with the algorithm”, the software guys just cut the code to “reduce the overhead” and the test guys “don’t have test software” that can check for it. So it drops through the crack that is “implementation issues” that in reality is so vast it makes the Grand Canyon look like a “shake in a piece of wood” in comparison.

Our host @Bruce once wrote a book about implementing crypto in practical systems with Niels Furguson (Cryptography Engineering). It’s been a good few years since I read it, but I don’t remember anything specific about this issue, hopefully he will correct me if I’m wrong.

And likewise most other books on cryptography code cutters are likely to read never mention time based side channels let alone active fault injection attacks…

[1] Just search for “efficiency-v-security” or “clock the inputs and clock the outputs” and “fail hard and long on error” which explain the “system transparancy” problem and why such things as standard error correction techniques become active fault injection attacks.

JGS April 13, 2017 5:06 AM

@ ab praeceptis

“@John Galt

Maybe it’s just me and I’m too picky but I feel that Clive Robinson deserves some more respect when addressing him. He is always polite, always knowledgable, always constructive.”

+1 squared.

Clive gets a kiss!

Clive Robinson April 13, 2017 5:29 AM

@ John Gault,

SO…. you don’t think your computer with your antimalware software is slow enough, yet?

I wouldn’t know, I don’t have antimalware “bloatware” on the majority of them, and the one that does has all sorts of non-standard antimalware running on it and is quite an old machine (no Flash ROM and runs from a CDROM not a hard drive).

I should mention at this point the computers are “hard gapped” because many run very old OS’s going back to MSDOS 5 because I still have to support some people who run my code in industrial control and CAD/CAM systems, talking to even older Vaxen etc. I keep telling them that they need to upgrade, and even “Listen guys that hardware and me are both going to die one day” does not appear to move some of them.

Speaking of old computers like the TRS80, I was asked to sort out an Acorn Atom that had an intermitant fault a kittle while back. Turned out the electrolytic caps had gone dry and thus had lost capacitance and gained ESR. Sadly they were not old enough to “regenerate” so I swapped all of them with new ones that looked sufficiently retro, and problem solved, so it could go back on display. It’s fun to see kids eyes open wide to the computer games etc of those 80’s home computers whilst some of the older dad’s get a little misty eyed.

Another problem with keeping them going is televisions… Yup they are now all “high def DTV” and you’ld be hard pressed to find a computer monitor that will take the input of old PAL or NTSC video.

So as the old saying has it “All good things must come to an end”… I guess even my white Apple sweat shirt from 82 will someday fade even though it’s kept out of the light.

Clive Robinson April 13, 2017 6:06 AM

@ John Galt,

Opps my appologies, I accidently added a “u” in your surname above.

Out of curiosity did you know that there was a Scottish novelist by the same name, who it is believed by some that Ayn Rand modled her “copper haired” protagonist on?

Tatütata April 13, 2017 7:50 AM

This seems to fit the theme of this blog: Spam attempts to trigger IoT device through air-gap.

Washington Post, 12.4.2017: Burger King thought it had a great idea. Instead, it ended up with a Whopper of a problem.

Privacy concerns about voice-activated speakers and the connected home have been on the rise as more companies have introduced these products, putting pressure on the makers of voice-operated security systems and door locks to ensure that their devices can’t be triggered by unauthorized voices.

Slime Mold with Mustard April 13, 2017 8:26 AM

@ John Galt
@ vas pup

Although I am not a lawyer, I think I might have more civil court experience. A lot of those clauses put into customer contracts do not have the legal weight of photons. They are designed to scare off and discourage people. They often do not survive contact with a judge. If you feel wronged, you need an attorney with very specific experience in the area. The corporations know that this is often a losing proposition for you. The big law firms will take on class actions, and a decade later you get your $34.

@ Tatütata

So it begins…
I know I’ve seen the potential discussed here before. It seems what can be weaponized for monetization will be.

John Galt April 13, 2017 11:52 AM

@ Slime

[[[ If you feel wronged, you need an attorney with very specific experience in the area. The corporations know that this is often a losing proposition for you. The big law firms will take on class actions, and a decade later you get your $34.]]]

Nah…. Lawyers are the problem. They are like insurance. They sell little pieces of paper for $1000 per page per year. To enforce that little piece of paper will cost you $300 per hour plus expenses to argue about the definitions of every word on every page for the next 5 years. Then settle.

Wanna know what the real solution is? Reinstitute Trial by Combat. Watch all the weaselly, wormy rat lawyers scurry into their rat holes. You think a lawyer is willing to risk his own skin? Nope.

See… that’s the essence of today’s corporate system. Always use hundreds of layers of paper (like a phonebook) as a shield.

@ Clive

[[[ I wouldn’t know, I don’t have antimalware “bloatware” on the majority of them, and the one that does has all sorts of non-standard antimalware running on it and is quite an old machine (no Flash ROM and runs from a CDROM not a hard drive). ]]]

Actually, I didn’t mean “you” in a literal sense. I was actually being sarcastic.

THE INSANITY of “weaponizing” a computer system and then asking people to do business in their insane war zone is… frankly… insane. I mean,… come on… Encrypting MEMORY!!!!

Businesses cannot do business in a combat zone…. unless you’re a prostitute.

:0

[[[ Out of curiosity did you know that there was a Scottish novelist by the same name, who it is believed by some that Ayn Rand modled her “copper haired” protagonist on? ]]]

Actually,… you wanna know the secret to understanding Shrugged? Galt represented Tesla … the “copper hair” came from the likes of this guy stepping on his head: Francisco d’Anconia, the copper miner, is actually an anagram for a real company.

Who was she referring to? (You’d be shocked when you realize it.)

John Galt April 13, 2017 7:25 PM

@ Clive…

Who was she referring to?

https://en.m.wikipedia.org/wiki/Anaconda_Copper

GIVE THAT MAN A CIGAR!

Tesla died a relatively poor man because of the Rockefeller Klan. Demonized, too. They even made cartoons about him where he was the villian.

Why?

Tesla only needed copper cores for his coils… not an entire network of billions of miles of copper cable that burns holes in you when you touch them or blows off your heals and hands. JPMorgan said that Tesla’s ideas sucked because it couldn’t be “metered.”

In Montana, the Anaconda-owned politicians were known as Copper Collars.

Bad scene. Goes way back to the banking panic of 1907 the foundations of the Federal Reserve as a result… excess War Profits investigated by Congress after WW I, etc….

Tesla’s name is revered, today. Reagan’s “Star Wars”

Nick P April 13, 2017 8:32 PM

@ Markus Ottela

Good work on your latest release. A review and low-level implementation of it is still on my long-term agenda.

@ Dirk Praet

“You may wish to consider spinning one up on Amazon EC2 or similar cloud platform. ”

OVH is popular option. I don’t know their actual trustworthiness, though. One of the things I like about cloud platforms is a Tor user might get lost in the traffic. Unless they’re being paid to monitor for that specifically. We know certain countries do that sort of thing. Now, we’re back to finding out which European or Nordic countries aren’t doing that with what hosts there have shown integrity in the past. Ideas?

@ Clive Robinson

The SGX for trusted path is interesting. It’s interesting because it looks somewhat similar to stuff I read about in secure HW architectures that predate Intel and TrustZone. I also swear either Thoth or someone else sent me one doing a trusted path on TrustZone. Reminds me of it a bit. So, them all converging on something similar means it’s worth further investigation by someone trying to build on those. Devil will be in the details with this, though, where you really want to trace how each component interacts and might screw one another up. Plus covert, timing channels. I doubt they’ve addressed that at all although I haven’t read the technical details.

“However the processors will not authenticate memory which is comparatively expensive process.”

Oh my God this shit never ends. The authentication was necessary in many prior works. They got the overhead decent in some of them. There’s always a hit but people who don’t want it could disable the crypto. Or make it a dedicate product for people that will sacrifice some hundreds of MHz. I won’t be buying that shit if it’s in my threat profile.

@ All

A few things I stumbled on.

How I Made My Own iPhone in China

Uptane – Secure, Update Mechanism for Automotive Systems

Charging your phone from proximity to power lines (terrifying!)

Parody on technical interviews. Read the top link to prior story first.

Saltpack – Modern, NaCl-based format for encrypted messaging

Tag-Protector – An Effective and Dynamic Detection of Illegal Memory Accesses through Compile-Time Code Instrumentation

John Galt April 13, 2017 9:04 PM

@ Nick…

[[[The SGX for trusted path is interesting. It’s interesting because it looks somewhat similar to stuff I read about in secure HW architectures that predate Intel and TrustZone. I also swear either Thoth or someone else sent me one doing a trusted path on TrustZone. ]]]

Can you spell “Microcode Based Rootkit”?

An honest man will blink when confronted in a sales situation. He might not want to admit something, but, he won’t lie about it.

Conmen will lie to your face without blinking.

JG4 April 14, 2017 1:11 AM

@John Galt

those lyrics did make the hair on the back of my neck stand up, but the inclination to control what people think is much older than technology. in the time of Anaconda Copper, Edward Bernays was just getting started with how many millions could be killed with fake news via radio. can’t recall if it was pointed out here, but the printing press pretty much ended a thousand-year-old and profoundly effective thought-control program. only yesterday, it was pointed out on nakedcapitalism that older people in Ireland treated newspapers with scorn, fully realizing that they are and always have been a propaganda channel

Clive Robinson April 14, 2017 2:53 AM

@ Nick P,

Oh my God this shit never ends.

Probably not, especially with semi-mutable memore like magnetic/Flash storage.

Take the problem of FDE via IME you have a primary requirment that you have sector to sector write through. That is if the computer file system device driver says sector #XXXXX then the IME must read/write from/to that actual sector. As the sectors are of fixed size where do you put the extra authentication data? Without overly effecting performance, or in the case of SSDs wearing out other sectors by a vastly increased erase&rewrite cycle?

The point many people don’t grok is that authentication MUST be done before decryption on a read cycle, otherwise you will likely get timing side channel issues which if sufficiently fine grained can be used to leak key information.

As they say “All good clean fun… NOT” 😉

John Glat April 14, 2017 3:42 AM

@JG4

[[[ those lyrics did make the hair on the back of my neck stand up, but the inclination to control what people think is much older than technology. in the time of Anaconda Copper, Edward Bernays was just getting started with how many millions could be killed with fake news via radio. can’t recall if it was pointed out here, but the printing press pretty much ended a thousand-year-old and profoundly effective thought-control program. only yesterday, it was pointed out on nakedcapitalism that older people in Ireland treated newspapers with scorn, fully realizing that they are and always have been a propaganda channel ]]]

Or, “The Song Remains the Same.” The same psychos on the top of the poop pile just come up with a new marketing slogan for the same-o, same-0.

Like Marx. When you read it… it can be appealing to “lesser minds”… not realizing that “dictatorship of the proletariat” just means “dictatorship.”

Who would want that?

For example,…

Would you like:
— a guaranteed job? NEVER BE FIRED?
— free housing?
— free groceries?
— free utilities?
— free child care?
— free transportation?
— free education?
— free entertainment?
— free email?
— free Facebook?
— free Google?
— free health care?

Would you like to come work for me on my brand new federally-funded cotton plantation?

Oops.

Then, there was Orson Wells 1938 broadcast of War of the Worlds that DID cause mass hysteria and injuries. Then, there was 9-11. 😉

You might be interested to know that Rush was inspired by Ayn Rand’s work — especially Fountainhead and Atlas Shrugged throughout most of their earliest works — especially 2112 and Hemispheres. “Farewell to Kings”… etc.

You’ll also have to go on Youtube and watch Alex Lifeson mock “The [Music] Establishment” when they were finally inducted into the R&R Hall of Fame.

Dirk Praet April 14, 2017 6:28 AM

@ Clive

It’s fun to see kids eyes open wide to the computer games etc of those 80’s home computers whilst some of the older dads get a little misty eyed.

You can still play all of these classic games on your TV with Retropie and a Raspberry Pi or ODroid C1/C2. Plenty of places where you can get the ROMs too. Ideal to get even the most annoying kids quiet at social gatherings with friends or relatives, and an SD card copy is easily made.

vas pup April 14, 2017 12:32 PM

@Slime Mold with Mustard • April 13, 2017 8:26 AM and @John Galt.
Thank you for your opinion. Unfortunately, Pope recently in his speech in UN clearly stated that currently there is no justice for poor (I’d rather say not wealthy) person in the world. That applies to all countries with particular degree. I guess you can NOT monetize justice meaning your access to civil/criminal justice systems should not mainly depend on your resources. @Slime, you right that class actions basically provide small $ amount to the participant, but substantial amount to ‘instrument of slaves’.
But in US if you do have enough financial resources you could move your case through court system up to SCOTUS, and sometimes even get justice, but usually cost- benefit analysis in not working for your benefit: money spent will not balanced with money obtained by trial outcome(civil). In criminal case you need very determined and financially viable person who will fight on your behalf through all hoops because usually access to all your assets is blocked by prosecutors – so you can’t pay for qualified law service even you do have assets. At the end of the day, current legal system (US) provided due process, but not justice.
What is the solution?
Clear and fair laws with level of understanding of high school graduate when law targeted general population. When law targeted big business (oil drilling, set up big corporation, international taxation, etc.) which by default has team of corporate lawyers, then law could be precipitated by legalize and be subject of interpretation of professionals.

Clive Robinson April 14, 2017 12:36 PM

@ r,

With regards,

    researchers develop master fingerprints that can break into smartphones

Fingerprints are only presumed to be unique, just like snow flakes. However that does not preclude matches, especially when you take metrology into account.

How you measure, and to what accuracy is important. If for instance you look at a banknote made with organic material (paper/cloth) under a microscope you can see the fibers, the patterns of these are likewise presumed to be unique. However to do the comparison between a hundred thousand or more banknotes at that level of magnification requires a quantity of data that few of us could comprend in real terms.

As you pull back on the magnification two things happen to the measurment. Firstly the resolution of the fibers goes down and secondly the uncertainty goes up due to both sampling and noise. The upside though is the level of data drops significantly. Pull out further and the fibers are not visable, however by shadowing etc the still produce discerable features depending on the angle of lighting, the same happens with the bank not inks, this is sometimes used as a security feature. Eventually you get to the equivelent of a foot or so from your face, where you can only resolve to about one part in two thousand or about two one hundreths of a square millimeter. Which is good enough to see the finer print details but not without much ability to compare between notes.

Fingerprints suffer from the same problem, as well as a whole lot worse due to the crap we pick up on them that would also get spread over the sensor. Thus the actual details used are not very fine, thus the quantitisation is low and thus the chances of getting a false positive is way way higher than you might expect.

In some early systems I worked on (and got fired over showing how to fake fingerprints with less than a dollars worth of common household items) you would get false positives in groups of less than a hundred people…

So I’m not surprised that this problem has arisen.

John Galt April 14, 2017 12:43 PM

@ vas pup

We almost agree.

[[ At the end of the day, current legal system (US) provided due process, but not justice. ]]

All slaves got “due process.” The process is:
1) Club them over the head (or make them read 100,000 pages of regulations)
2) Bind their hands and feet (force them to hire an attorney so they can’t speak for themselves as is with every slave in history)
3) Put them on a boat (blame the jury)
4) Ship them to whereever (the attorney got his money and a lien)
5) Sell them for whatever they have left. (kick them in the ass on their way out)

[[[ What is the solution? ]]]

Clear and fair laws with level of understanding of high school graduate when law targeted general population.

More paper?

Laws are usually written by lawyers — who play Scrabble and Argue for a living.

More Arguments?

Clive Robinson April 14, 2017 1:30 PM

@ Dirk Praet,

You can still play all of these classic games on your TV with Retropie and a Raspberry Pi or ODroid C1/C2.

You can, but you don’t want to fake a historic exhibit unless you have to.

As for the Raspberry Pi they get to play with those further down.

r April 14, 2017 5:29 PM

@Clive,

Re: historic exhibit,

Nostalgia definitely has educational and perspective values for our up-and-coming.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.