Friday Squid Blogging: Video of Squid Attacking Another Squid

Wow, is this cool.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on April 21, 2017 at 5:04 PM • 220 Comments

Comments

Ben A.April 21, 2017 5:09 PM

US surveillance court declined less than 2 per cent of applications

"2016 figures show only 35 of 1,752 applications were turned down in part or full"

https://www.theregister.co.uk/2017/04/21/us_surveillance_court_declined_less_than_2_per_cent_of_applications/


We're spying on you for your own protection, says NSA, FBI

"Except we're not, of course, because that would be illegal"

https://www.theregister.co.uk/2017/04/19/nsa_fbi_spy_on_us_for_our_protection/


Man sues Confide: I wouldn’t have spent $7/month if I’d known it was flawed

https://arstechnica.com/tech-policy/2017/04/secure-messaging-app-confide-sued-over-alleged-security-flaws/

https://www.documentcloud.org/documents/3674630-Auman-v-Confide-Filed-Complaint.html#document/p9/a349528


O&O ShutUp10 version 1.5.1389 available

It has many new options to block recently introducing telemetry functions including the ability to "disable advertising via Bluetooth".

https://www.oo-software.com/en/shutup10/update


Why Telegram Voice Calls Are Blocked in Countries Like China or Iran

Signal fixed this by using domain fronting over CDNs. I don't know why Telegram don't do the same.

http://telegra.ph/Why-Telegram-Voice-Calls-Are-Blocked-in-Countries-Like-China-or-Iran-04-19


Exception-oriented exploitation on iOS

http://googleprojectzero.blogspot.com/2017/04/exception-oriented-exploitation-on-ios.html


Stealing sensitive browser data with the W3C Ambient Light Sensor API

https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/


Linksys Smart Wi-Fi Vulnerabilities

Got one of these routers? You're vulnerable. EA2700, EA2750, EA3500, EA4500v3, EA6100, EA6200, EA6300, EA6350v2, EA6350v3, EA6400, EA6500, EA6700, EA6900, EA7300, EA7400, EA7500, EA8300, EA8500, EA9200, EA9400, EA9500, WRT1200AC, WRT1900AC, WRT1900ACS, WRT3200ACM


Google have eventually fixed the Punycode vulnerability in stable 58.0.3029.81

https://chromereleases.googleblog.com/2017/04/stable-channel-update-for-desktop.html


Discontinuing the hardened Tor Browser series

They've stopped having a "hardened" browser series and instead introduced the "Sandboxed Tor Browser".


Tails 2.12 is out

I2P removed because of lack of developers and Linux upgraded to 4.9.13

https://blog.torproject.org/blog/tails-212-out


DuckDuckGo are shutting down their XMPP service on May 9th, 2017 due to continual abuse

https://duck.co/blog/post/4/xmpp-services-at-duckduckgo


Taking your feedback on the Microsoft Security Update Guide

You can consume the Security Update Guide data in two ways: via the API with the CVRF feed (JSON or XML) or through the dashboard.

https://blogs.technet.microsoft.com/msrc/2017/04/21/taking-your-feedback-on-the-security-update-guide/


The Internet Archive is ignoring "robots.txt" files

http://blog.archive.org/2017/04/17/robots-txt-meant-for-search-engines-dont-work-well-for-web-archives/


Classic Mac OS and dozens of apps can now be run in a browser window

Lots of abandoned software and decent emulation with DOSBox - must be expensive to host.

https://arstechnica.com/apple/2017/04/classic-mac-os-and-dozens-of-apps-can-now-be-run-in-a-browser-window/

https://archive.org/details/software


Autoruns, SDelete and Sigcheck - three great, free, Microsoft application

A comprehensive list of what programs are configured to run during system bootup or login, and when you start various built-in Windows applications like Internet Explorer, Explorer and media players.

SDelete implements the Department of Defense clearing and sanitizing standard DOD 5220.22-M, to give you confidence that once deleted with SDelete, your file data is gone forever.

Sigcheck is a command-line utility that shows file version number, timestamp information, and digital signature details, including certificate chains. It also includes an option to check a file’s status on VirusTotal.

https://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

https://technet.microsoft.com/en-us/sysinternals/sdelete

https://technet.microsoft.com/en-us/sysinternals/bb897441


Simple, encrytpted, anonymous file storage

https://nofile.io/


Bruce's recommended encryption supplier, Jetico, are offering a 10% discount - use code "SpringClean"

http://www.jetico.com/about-jetico/newsroom/814-jetico-digital-spring-cleaning-save-on-data-wiping-and-encryption-software

https://www.schneier.com/blog/archives/2015/06/encrypting_wind.html

Robot? That’s not you, right?April 21, 2017 5:41 PM

Robot?
That’s not you, right?

Of course you're not, just assure us below.

Defenses are up – ReCaptcha blocked at the checkpoint
No Newegg shopping today...

https://www.newegg.com/Common/CommonReCaptchaValidate.aspx?referer=http%3a%2f%2fwww.newegg.com%2fProduct%2fProductList.aspx%3fSubmit%3dENE%26DEPA%3d0%26Order%3dBESTMATCH%26Description%3dWD%2b8TB%26N%3d-1%26isNodeId%3d1&why=1

The ‘us’ is Google as they seek to increasingly police and monopolize the Internet. In other words they still desperately need the advertising dollars when the customer (bypasses Google and) goes directly to the merchant’s web-site.
Bottom line is Google either gets their cut or they deny customer access to shop.

Amazon does not reveal what customers purchase. They truly respect customer privacy and have a wide selection of products and so reap the rich rewards (approaching the first trillion dollar business).

Ironically here are the trackers at the Wal-mart.com privacy page:
Double Click ad exchange, Facebook Connect, Google Analytics, Google Tag Manager, Linked-In Marketing Solution (MicroSoft), Adobe, fonts.goolgeapis
https://corporate.walmart.com/privacy-security/walmart-privacy-policy/walmart-privacy-policy-frequently-asked-questions# (tracking ref removed)
A world gone mad...

Clive RobinsonApril 21, 2017 6:44 PM

@ Nick P,

A little food for thought...

I noticed this on Hacker News,

https://github.com/elliotchance/c2go

It's purpose is to convert C source code to Go source code.

The thought occured that C is a weakly typed language and Go is strongly typed.

Thus such a tool would enforce stronger typing on the C source program than a C compiler would require.

gordoApril 21, 2017 7:01 PM

COLD WAR REDUX
Is There a Russian Mole Inside the NSA? The CIA? Both?
The latest leak by the Shadow Brokers hackers exposed classified information that could only have come from within the NSA, setting the stage for a Cold War ritual—the mole hunt.
KEVIN POULSEN 04.20.17

If Russia did have a mole inside the NSA in 2013, the most recent date of the documents, Schneier thinks it unlikely that it does now, or else the Shadow Brokers wouldn’t exist. “You only publish when it’s more useful as an embarrassment than as intelligence,” he said. “So if you have a human asset inside the NSA, you wouldn’t publish. That asset is too important.”

http://www.thedailybeast.com/articles/2017/04/20/is-there-a-russian-mole-inside-the-nsa-the-cia-or-both.html

Darryl DaughertyApril 21, 2017 8:04 PM

@ Ben A.
re: The Internet Archive is ignoring "robots.txt" files

To be fair they're only do this so far with .gov and .mil sites which feels appropriate. Taxpayers paid for that content and it should be available forever, even if a third party like Internet Archive has to do the heavy lifting.

Where it all falls down is in the mooted notion that this should someday apply to dot-coms and other privately operated domains. There simply aren't enough high quality and never before registered domain names under .com anymore. In the case where you must use a recycled domain name, being able to scrub the Wayback Machine of the prior and now-irrelevant (and perhaps dishonest, vulgar, etc.) content is a very valuable resource.

While admittedly an edge case, if I want to purchase and use johnnygazortner-dot-com as my email-only domain, being able to scrub the prior web content under old ownership is certainly desirable.

Taken to an extreme, you might see the value of previously registered domains begin to collapse when it becomes apparent that their web histories can no longer be sanitized. And as many webhosts are also domain registrars or resellers, you might see them start to block IA_archiver at the network level in retaliation. It wouldn't fix the problem, but starving the Wayback Machine of new content would be the only way to exert pressure on IA.

Darryl DaughertyApril 21, 2017 8:17 PM

Dear OFAC, How do I get off the sanctions list?
http://www.fcpablog.com/blog/2017/4/21/dear-ofac-how-do-i-get-off-the-sanctions-list.html

Notable in security terms because much of the biographical info on foreigners is woefully incomplete and out of date.

As regards Thai citizens particularly, there are listed numerous invalid nationality identity numbers, long-expired passports, inversions of family name and given name, etc. And several instances of firms listed which are defunct, incorrect addresses, firm names which have been changed and never updated, and so on.

ZackApril 21, 2017 10:08 PM

I'm doing a research project related to online censorship, which you can help with, by visiting https://research.owlfolio.org/active-geo/ in any reasonably recent version of Firefox, Chrome, or IE. (You must have JavaScript enabled. It doesn't work in Safari, which unfortunately means you cannot use an iDevice.) Press the Start button on the map, wait for it to finish, and then click the "Tell me more" button (which appears when it's done) and read the text and follow the instructions. It is especially helpful if you do this on a computer physically located somewhere other than Europe and North America.

The experiment is testing "active geolocation", which is when you try to figure out where a computer physically is by measuring how long it takes a packet of information to go round-trip between one computer and other computers in known locations. This has been studied carefully within Europe and the continental USA, but much less so elsewhere.

This is relevant to Internet censorship because, in order to measure Internet censorship, you need access to a computer within the sub-network run by a censorious country or organization. Commercial VPN services are one way to do this. Unfortunately, the countries that are most aggressive about censoring the Internet are also countries where it is difficult and expensive to host servers. I suspect that several commercial VPN providers' claims of widespread server hosting are false: they are placing servers in countries where it is easy to do business, and then adding false entries to commonly-used geolocation databases. If whatsmyip and the like tell their users that the VPN server is in the right country, that's good enough to make a sale...

I have run these measurements myself on many VPN servers, but I don't know how accurate they are, and the accuracy varies depending on the true location. By visiting this page, running all the way through a measurement, and then telling me honestly where your computer really is, you provide me with data that I can use to calibrate the VPN measurements. Again, data from places other than Europe and North America is especially helpful: I particularly want Asia, sub-Saharan Africa, and South America.

AndrewApril 22, 2017 12:42 AM

"SDelete implements the Department of Defense clearing and sanitizing standard DOD 5220.22-M, to give you confidence that once deleted with SDelete, your file data is gone forever."

That only refers to the overwritten data and number of passes. No matter what high level utility tool you use, the NTFS will still leave small files or part of files written in MFT entries. Even low level utilities like full disk format seems to fail sometimes... possible on purpose. DBAN seems to be among the few doing a good job.
Full disk encryption is the only way to ensure the data is deleted (properly overwritten).

sanitize ur own dirty web history?April 22, 2017 3:38 AM

re:Darryl Daugherty

There are pros and cons, but I suspect the need to preserve archives of web pages override the need to give an obsolete .com address a new life. There is a very important need to prevent the consequences like people attempting to do-it-yourself censorship by making discreditable publishings and posts disappear. And most importantly it would be overwhelmingly unreasonable to have persons make dirty history disappear from the important archives like internet archive

There are lots of creative ways to avoid going after addresses that might have some historic archives.

Need to preserve historic archives supersedes any value of defunct .com address as they are countless alternative domains to .com domain

Clive RobinsonApril 22, 2017 4:15 AM

Not a Squid but just as interesting

In these days of metal and fiberglass hulls, most know little about "shipworms" the aquatic version of woodworm with the damage ability of termites.

It was not just pluck and luck that defeated the Spanish Armada but ship worms and bad weather.

They come in all sorts of sizes including one very rarely seen five feet or more in length,

http://www.newyorker.com/tech/elements/the-loch-ness-monster-of-mollusks

Warning don't read before breakfast ;-)

Clive RobinsonApril 22, 2017 4:49 AM

After 2 decades Russian's still use Loki2

Wired had an article based on evidence kept in a safe in the UK for two decades.

Back in the 1990's the Russian's were getting into any system the could and quite a few in the UK were being used as staging points.

The Russians were using the Loki2 trojan, first published in the hacker zine Phrack in 1996. It had become a common tool at the time, but as with other tools and techniques of the time has faded from peoples memories, or if under fourty five have probably never heard of them.

It would appear that the Turla hackers assumed to have close ties to the Kremlin are still using Loki2. Kaspersky’s researchers performed an analysis on a toolkit the Turla hackers used three years ago against a Swiss tech firm RUAG, and found a version of Loki2 that had been modified over the years but was still recognizable.

https://www.wired.com/2017/04/russian-hackers-used-backdoor-two-decades/

supersaurusApril 22, 2017 5:24 AM

@Clive Robinson

in re translating c code to go code: I wonder how the translator would cope with things like unions and typecasting?

Ben A.April 22, 2017 5:26 AM

@Andrew

"That only refers to the overwritten data and number of passes. No matter what high level utility tool you use, the NTFS will still leave small files or part of files written in MFT entries [...] Full disk encryption is the only way to ensure the data is deleted (properly overwritten)."

You're correct although that quote was from Microsoft and, to be fair to them, it's largely true. With modern SSD drives you have wear-levelling which further reduces the usefulness of such tools which is why it's so important to use FDE from the start.

You can get utilities which remove almost everything when wiping a file: MFT records, directory slacks, NTFS transaction log files etc. (see picture below) but SDelete from Microsoft is free, command line based and very lightweight.

https://i.imgur.com/SCVsqAK.png

JG4April 22, 2017 8:26 AM


http://www.nakedcapitalism.com/2017/04/links-42217.html
...
Big Brother is Watching You Watch

Weeping Angel Wikileaks (Bill B)

https://wikileaks.org/vault7/#Weeping%20Angel

EFF Says Google Chromebooks Are Still Spying on Students Softpedia

http://news.softpedia.com/news/eff-says-google-chromebooks-are-still-spying-on-students-515015.shtml

Blank out: Why Facebook may be indefinitely banned in Kashmir Scroll (J-LS)

https://scroll.in/article/835310/blank-out-why-facebook-may-be-indefinitely-banned-in-kashmir

Frank WilhoitApril 22, 2017 8:43 AM

@ supersaurus: Unions and [explicit] casts are the easy ones! At least there are some breadcrumbs of intention. But it could not do anything with void *, unless it tried to trace the subsequent assignments of such pointers, even across compilation units.

Patriot COMSECApril 22, 2017 11:30 AM

This is not in the news, but it might be news to you: actually, the internet is not blocked in China.

If you want to use a VPN in China, then you can. I happen to be in China at the moment, and I have discovered that several VPNs work well. In fact, I am using one now even though that is not necessary.

Countermail works. Protonmail works. Hushmail works. www.schneier.com works. All without a VPN.

This is really interesting. If you are in a major hotel in a big city, then you have a VPN connection by default. In other words, the internet is not blocked. The Chinese do that to attract investors and Western people who are going to benefit the country. Elsewhere, just get a VPN. They are easy to block, but they are not being blocked.

If you talk to a Chinese person and say the internet is blocked, they look at you strangely: what the heck you talk about? From their view, they are being protected.

I have to admit it: I kind of like Google not being the boss.

ab praeceptisApril 22, 2017 11:49 AM

Winter

Murdering opposition activists in London

Evidence for "Russia" being involved?

the Crimea (those green men are not Russian soldiers)

a) Russia was there *legally*, based on a valid agreement with ukraine (and paying *lots* of money for it).
b) >95% of the inhabitants *welcomed* being saved from the nazis and voted that they *wanted* to become Russians again.
c) Crimea was *illegally* given as "gift" to ukraine. Hence legally it never was part of ukraine.

Georgia

All evidence says that it was georgia which started an *illegal* attack. Also note that Russia did *not* attack all of georgia but only fought back the illegal attacks in the attacked areas. Russian military arrived only 2 days *after* the attacks by georgia.

And btw: The criminal who was in charge, former "president" sakashvili, is now wanted for arrest by the georgian government, i.a. for wanton murder of oppositional citizens.

Ukraine

To this day there exists no credible evidence showing any russian military attacking ukraine. None, nada, zilch. There is, however, plenty evidence of ukro nazis wanton murdering ethnic Russians in Odessa and in the Donbass.

MH017

To this day there exists no evidence showing any russian implication. To the contrary, there is plenty evidence showing ukraine and accomplices lying, falsifying, and trying to avoid any serious investigation.
Just one example: It is meanwhile an established and provable fact that the only Buk System in the whole region was ukrainian, in ukrainian controlled territory and manned by ukrainian soldiers.

Helpng Assad with chemical attacks.

The - known to be faked - "evidence" for that bullsh*t comes from the "white helmets" which are known to be cia assets and a part of the al nusra terrorist group. Moreover, there is evidence that it's a lie and that there was definitely no sarin used.
And there is *no* evidence, none, nada, showing Assad to be involved.

And now I end that non discussion because you are not at all interested in nor delivering facts.

Bob Dylan's Waxed MustacheApril 22, 2017 11:50 AM

"From their view, they are being protected."

Which is entirely true in the same way that the draft horse is being protected right up until it is sent off to the glue factory. Then it is not being protected anymore. Then it is too late to complain.

I believe that the current meme is "but I never thought the leopard would eat MY face!"

WaelApril 22, 2017 12:09 PM

@Patriot COMSEC,

This is not in the news, but it might be news to you: actually, the internet is not blocked in China.

I was in China, too, recently. Google was blocked.

I happen to be in China at the moment, and I have discovered that several VPNs work well.

You have marginally shown availability. How about confidentiality and integrity? Basic common sense says: allowed VPNs are monitored and disallowed ones are too costly to reliably "MiTM". That's the assumption you need to work under. You'll need to wear one of these to understand, you poor soul. Got Straitjackets in Thailand or China?

You need to free your mind from the confines of the mental paradigm that VPNs cannot be (and are not) subverted.

Tell me how many trusted "rogue" root certificates are installed on your device? And that's just one vector!

albertApril 22, 2017 12:13 PM

"...“The Nation must prepare to mitigate an unpredictable global security and national emergency environment,” the White House said in a report to Congress this month.

The report, transmitted by President Trump on April 3, provided principles for reform of the selective service process by which young Americans enter the military. The report was required by section 555 of the 2017 defense authorization act....."

https://fas.org/blogs/secrecy/2017/04/unpredictable/

So what's unpredictable about more and bigger wars, more and bigger bogeymen, and more and bigger national security threats?

Watch for an 'existential threat to the US'. That'll be the trigger.

I feel a draft...

. .. . .. --- ....

MatthewApril 22, 2017 12:20 PM

@Patriot

The Internet is not blocked in China but it is being monitored and censored. Anything deemed a threat to the ruling party will blocked.

It is possible those VPNs allowed especially those offered by the hotels are crackable by the China government so they are still able to collect information and logins credentials.

By luring you into a false sense of security, they will see if you are a troublemaker from your internet activity and may arrest you at the airport upon leaving the country.

Most China citizens do not care about the outside internet because what they need is available with their own China internet services.

WinterApril 22, 2017 12:41 PM

@ab p
"It is meanwhile an established and provable fact that the only Buk System in the whole region was ukrainian, in ukrainian controlled territory and manned by ukrainian soldiers."

Dutch journalist have used data from human rights activist to trace the route of the Russian Buk systems through Ukraine. They back it up with eye witness accounts and pictures. The Dutch investigators have compiled a detailed report that shows unequivocally that Russian military drove the Buk into Ukraine and fired it.

https://www.om.nl/onderwerpen/mh17-vliegramp/presentaties/presentation-joint/

Btw, this was exactly the same procedure that they followed a week earlier when they shot down a Ukranian Tupolev.

MatthewApril 22, 2017 12:57 PM

@ab praeceptis

Your comment is weird. I am not sure if it is sarcastic. I cannot find Winter's post in this Squid post (Maybe you are replying to him last Friday).

For Crimea, I find it interesting that the pro-Russia Crimeans would suddenly rise up and declare themselves independence from Ukraine rule when the pro-Russia Ukraine President was overthrown by pro-Western citizens.

For MH17, it is very likely (90% probability) that Russia forces or pro-Russia forces shot down the Malaysian Airline plane. If it is a Ukrainian Buk missile that shot down MH17, they would have quickly pushed that story instead of blaming a Ukrainain SU-25 fighter jet which have a operational ceiling of 23,000 ft below that of MH17 filght ceiling of 33,000 ft. Furthermore Wikipedia detected a Russian IP address trying to edit SU-25 entry's operational ceiling to 33,000 ft.

In Syria, so far we know Assad forces possess chemical weapons. Russia even volunteered to removed them for safekeeping from Assad in a diplomatic discussion with Obama during the previous chemical attack on 2016.
So unless the rebels have busy making their own chemical weapons, it is likely (70% probaility) Assad forces attacked with chemical weapons.

WinterApril 22, 2017 1:00 PM

@ab p
"c) Crimea was *illegally* given as "gift" to ukraine. Hence legally it never was part of ukraine."

A) and b) are irrelevant and c) is simply not true.

Anyhow, Russian government lied with a straight face about the involvement of Russian soldiers in the annexation of Crimea. Which shows they did not believe this themselves. Just as they did about Russian soldiers in Ukraine. Even coming up with the excuse that their military take their weapons to fight volutary wars in foreign countries in their spare time is too ludicrous for words.

keinerApril 22, 2017 1:18 PM

...in addition:

The "Crimea was a gift to Ukraine" meme started 10 years ago by Russia. Recently Russia started meme "Baltic states were gift". So in some years the green man will infiltrate Baltic states and "grab them back" for the USSR?

Absolute nonsense in 21. century to change borders by war.

ab praeceptisApril 22, 2017 1:42 PM

Winter

Dutch journalist have used data from human rights activist

"dutch" - as in: The country that signed an agreement that a) ukraine - i.e. one of the suspicious parties - is participating in the "investigation" and b) - that's where it gets smelling and obvious - a final report must be agreed upon by *every* participating party, i.e. anything ukraine doesn't like will be kept secret.

"activist" - Pardon me but activists, as much as they are beloved, in the us of a dominated part of the world, and what they say, are *not* evidence.

How about THINKING for a moment? The dutch "investigation" is now going on for years and still they have only "preliminary reports"?
If they had anything that could and would be ripped apart they would have certainly presented it to the world.

A) and b) are irrelevant and c) is simply not true.

So, being there *legally* and 95% of the people there are irrelevant? So much for your attitude re. legality and democracy ...

C not true? How about, just for a change, once actually informing yourself?
Crimea was given by chrustschew as a gift to ukraine. That's a historic and verifiable fact. And that act was illegal in violating the constitution, but, of course, in USSR times nobody questioned the party leader.

Anyhow, Russian government lied with a straight face about the involvement of Russian soldiers in the annexation of Crimea

The one who lies here is you.

Russia, e.g. president Putin himself, not only did not deny having played a role in Crimea but he actually speaks openly and publicly about it. There is i.a. a film about it and some interviews with Putin. He *never* denied that russian troups were involved in securing Crimea.
Btw. what happened can not possibly have been an annexation because that would require it to have happened against the will of the people, >95% of which actually *welcomed* Russias involvement as well as becoming a part of Russia again.

Go and look up "annexation". Being at that also have a look at former Yugoslavia or even at Germany. In both cases the people have *not* been asked and there was *no* referendum.

It's over and over again the same getting boring story: If the us of a does something really illegal it's painted as nice and good whereas Russia could give away her oil for free and they would still be painted as evil.

ab praeceptisApril 22, 2017 2:01 PM

Matthew

I was referring to a discussion that had started in another thread. I took it over to the squid thread as that is the right one for off-topic discussions (and I informed Winter about that).

"pro Russian president" - well, not really. yanukovich is painted as pro-russian because he didn't dance to the western music. From Russias perspective he was a pain in the a**. Btw, Russia didn't paint him as an angel; they know quite well that he was an utterly corrupt oligarch.
That said, keep in mind that hardly any politician in any country cares much about what the people want. So some president walking this or that line usually tells little about what the people want.

"MH17" - I don't know on what you base your "90% likely", probably on propaganda. As for "would have pushed": Nope. No matter what Russia would have pushed, that would have been ignored. In fact, Russia went so far to test-fire the exact Buk missile type that allegedly brought down MH017 at an old airplane so as to prove what was possible and what was not and how that would look like.
The result? Nobody cared and most people do not even know about it, because the western medie completely ignored it.

"we know Assad forces possess chemical weapons" - no, you don't. Reason: All but 2 syrian factories and storage facilities for chemical weapons have been cleared by international groups and under international supervision. There was even an official UN report about that mission being completed.

The 2 facilities that were not cleared were in the territory under terrorist controi. So, if any chemical weapons are used in Syria they come either from the terrorists or from outside.

There is btw *proof* that the "chemical attack" was *not* sarin (as internationally aleged and spread by the media). Funnily that proof is i.a. in the "white helmet" material used against Assad.

Well noted, I do not care about Assad; I'm neither pro nor anti Assad. I do, however, care about truth and reality and fact is that all the "nice white helmet" guys would be dead if there was any sarin around. As everyone looking at those videos can see they are not dead.

Milo M.April 22, 2017 2:10 PM

@albert:

Interesting.

As noted in the letter, the commission was established by PL 114-328, text available here:

https://www.congress.gov/114/bills/s2943/BILLS-114s2943enr.pdf

See Sections 551-557 on pgs. 131-138 of the PDF.

The letter provided by FAS responds to Sec. 555(c) -- "the President shall establish and transmit to the Commission and Congress principles for reform of the military selective service process".

The letter seems to largely regurgitate language in the act, without adding anything. Maybe the job was assigned to a relatively low level staffer.

From the PL:

"Not later than 30 months after the Commission establishment date, the Commission shall transmit to the President and Congress a report containing the findings and conclusions of the Commission, together with the recommendations of the Commission regarding the matters reviewed by the Commission pursuant to this subtitle."

So the draft may not be imminent, but is clearly being considered.


Patriot COMSECApril 22, 2017 5:24 PM

@ Matthew

"Most China citizens do not care about the outside internet because what they need is available with their own China internet services."

That is exactly what I gathered from the local people I have spoken talk with.

@ Wael

Some VPNs work, but others do not. I took it that the ones I can use are subverted and monitored.

I often travel in China, and I have found that if I make any positive comments about the place, then I will be attacked and called names by some folks. Interesting.

The only conflict and nasty talk I read or receive is with English speakers (who I presume are mostly Americans) while chatting on blogs. For example, here. It is becoming normal, the expression of deep division.

WaelApril 22, 2017 6:07 PM

@Patriot COMSEC,

then I will be attacked and called names by some folks. Interesting.

I'm not calling you names! One needs to be paranoid so as not to drop one's guard. And if you're not in a straitjacket, then you're not paranoid enough. I'm paranoid; I have a staigtjacket and a tinfoil hat too ;)

Some like the Salad Bowl, others like a Faraday cage, yet others need a depleted uranium hat.

The straitjacket is the latest weapon in our arsenal...

Currently they are: Tinfoil hat, The salad bowl, the graphite fly swatter, Butter cookie can, and a straitjacket.

Relax! No one's calls me you names, dawg!

rApril 22, 2017 6:18 PM

What makes me nervous is what Clever referred to as 'sympathetic' oscillations...

Sympathetic to whom?

tyrApril 22, 2017 7:15 PM


@Wael

There's a theory that if you spray enough lead
around you can steal the oil and make a profit.
No one has ever made a profit by it, but hope
springs eternal.

Patriot COMSECApril 22, 2017 10:48 PM

@ Darryl Daugherty

"As regards Thai citizens particularly, there are listed numerous invalid nationality identity numbers, long-expired passports, inversions of family name and given name, etc. And several instances of firms listed which are defunct, incorrect addresses, firm names which have been changed and never updated, and so on."

Precision and attention to detail are not the strong points of Thai culture.

There are significant safety and security problems in Thailand, and our small company is glad to talk about them. As most people know, Thailand is a popular tourist destination. But what they might not know is that it has the second-most dangerous roads--for fatalities--in the world. Libya is number one, but the Libyans have a war going on. True, Thailand has an insurgency in the south, which sometimes spills over into other areas, even Bangkok, but the point is to be very cautious in Thailand--don't lose control of yourself by consuming too much alcohol. The roads are crazy dangerous.

Drivers with fake licenses on bad roads pumped up with booze or drugs can help turn your vacation into a one-way trip, especially in Thailand. After living in the Kingdom for several years, and seeing people hurt, and hearing of several killed, I decided that I should say something. Have fun, but be very careful. If anyone here wants travel advice about Thailand or Laos, write us at our blog and we will help you. We have a guy who has been in Isaan since 1970. We have deep experience about the country.

The security situation in Thailand is tightening against foreigners, which is sad to see. If you visit a forbidden website, a notice from the federal police will pop up on your browser. Rootkits are especially prevalent. Information security is done on the cheap, especially at most ISPs. It's a lush crimeware playground.

But Thailand is a nice place to visit, the overall security situation is stable--except in the far south, and violence against foreigners is still low--but it has seen an up-tick in the last two years. Some parts of the country are to be avoided; namely, Pattaya, which is crime central.

And I am very happy to warn everyone about malware in pirated software and identity theft attacks against Westerners who stay in hotels in Bangkok and Chiang Mai. Take that exotic vacation, but be careful and leave your laptop at home--especially if you are set on visiting Russian Mafiaville Pattaya. Not recommended.

jennifiveApril 22, 2017 11:34 PM

@ ab praeceptis
Winter
Matthew et al

re the Malaysian flight etc.
Clive Robinson and from memory Dirk and Anura, have commented upon this being the Age of Information. Within the context of security and this forum this discussion is relevant in that in bears upon the concept of attribution, and 'they whom own/control the narrative, wins'. Mr Assange can bear testament to this.

Ab Praeceptis, appreciate your sword-bearing, bringing revelation and discernment. You also owe me a new keyboard or three from the number of times I've spurted coffee out from laughter over your sarcasm/satire. Nice one.

It's hard for me to recall all the details but I read some very convincing pieces about the Ukraine aeroplane incident, and the lack of evidence that any plane was even shot down at all. I seem to recall the articles went even further and stated that the plane flight never existed to begin with. far too many erroneous data points. The footage is demonstrably of a, for example, 12cm model filmed in a studio, with logo perfectly intact and displayed on the tail. And those truely magical passports that remain undamaged and easily found, in an accessible location - every time that happens we know that particular false fl - I mean, absolute tragedy , was truly watched over by the gods. Keeping those passports pristine in order to identify everyone is just so special.
The facebook pages for the victims all had the same creation date of about a year prior.
There is also a trick whereby one can create new faces of new people by cutting a photo in half and merging it with the mirror image - did those people even exist at all? Further, the people whom apparently died had facebook photos that were mysteriously found to exist on facebook pages of victims from other tragedys such as the boston marathon event.

Anyway it all comes down to, if you can't trust the source, don't trust the narrative, and that essentially means questioning absolutely everything that appears in a newspaper or television report. And this is relevant to security. For the sake of staying OT that's all I'll say. x jen.

JennifiveApril 22, 2017 11:44 PM

@Dirk Praet
@ All

Dirk you have commented upon VPN's the last couple of weeks
Proton Mail has launched a beta of a VPN service, basically to provide the integrity that is hard to find elsewhere

https://protonmail.com/blog/

i provide the main blog page as there are a number of articles of interest.
See the footnote on the article about finding a VPN.

PS Dirk you offered your version of a windows code for verifying openBSD in your post about installation? And, thanks for taking the time to offer practical instructions like that. You are consistenly considerate like that. Sincerely, thanks for your presence here.
xjen

hermanApril 23, 2017 12:25 AM

@ ab praeceptis and Winter

I also read english.pravda.ru regularly. It is very entertaining.

Patriot COMSECApril 23, 2017 1:39 AM

I would love to see evaluations of browsers, email providers, search engines, cryptographic primitives, compression tools, PGP set-ups, etc., on this blog. For example, Hushmail. People talk about Hushmail, and then Mr. Schneier wraps it up and tells us what he thinks.

How secure is it? How can it be attacked? Does he recommend it? What is good about it, etc.

@ Jennifive

I am going to try that VPN out tonight, and since I happen to be in China at the moment, it might be interesting.

I like that Protonmail is end-to-end, that it has a lot of features, and it is based in Switzerland (O naive me!). I wonder which email provider the people on this site prefer.

People in our company only use Countermail, Hushmail, Protonmail, or Tutanota.

ab praeceptisApril 23, 2017 4:49 AM

@jennifive

Thanks for your nice words, particularly after all the bashing. And I am, of course, very pleased to hear that you like my humour. Gladly enough, president Putin not only has some propaganda underground factories in St Petersburg but he also has some special psychological institutions to help the poor Russians who suffer from acute laughing attacks after having read/heard the utterings of "senator" mc cain't and colleagues as well as diverse "newspapers".

It is there where I sometimes pick up things but get them wrong which then makes some people think that I'm funny.

But back to MH017 et al.

I'm on no side and I'm not at all interested in defending either side. What I am after is the truth.
You see, even if, just assumed, Russia did it. So what? Then the us of a would still be strongly in the lead of shooting down civil passenger planes (and not even apologizing). So, why should I try to blindly defend one side.

What regrettably many don't get is that *we ourselves* are the victims of propaganda. And *that* is the force driving me. My interest isn't to defend Russia; it is to not be brainwashed and lied to myself.

That said, I do not think that there was no airplane shot down (but just a model plane) or other theories like that. From what we know there *was* a civilian airplane shot down, namely MH017, and there have been plenty dead bodies.

Being at dead bodies, let me offer an example: There was film clip of a "russian separatist" (i.e. an ethnic russian in Donbass) who (allegedly) rummaged through the remains and personal belongings of MH017 victims, grabbed a doll, laughed dirtily and threw the doll away. That clip was played again and again and everywhere to make it well know what kind of savage subhumans the Donbass people are.

Well, following up I found the *full* video clip. That full clip showed the truth. The Donbass soldiers sifted through the remains under order and supervision of osce. They did their job and an ugly one at that. At some point one of them found this doll and painfully realized that there were dead kids too. He stood there, held that doll (carefully), almost cried, made remark along the lines of "what a cruel tragedy!", took of his cap as a gesture of respect for the dead, crossed himself, and finally carefully put the doll back down.

So, in reality that video tape showed a Donbass man who respectfully and almost crying did the ugly work for osce and who was evidently very saddened and deeply sorry for the dead kid.
The western propaganda whores, however, cut that video so as to turn it into the contrary and to make that man look respectless and like a beast.

And that pattern is repeated over and over again. We do not have much tangible information. But looking at the information and samples we do have that same pattern shows through the whole story.

Russia offered what they had and what they could provide, even confidential military data. The us of a offered *nothing*. They repeated over and over again that they had satellite evidence clearly showing what happened. Russia asked again and again for that information being provided but all they got was some vague image with hand drawn lines on it. Ridiculous and insulting everyones intelligence.


@herman

Well, enjoy your pravda. I personally don't read it because it's poor journalism. Pravda (nowadays) is very similar to western "news": worthless propaganda crap.

JG4April 23, 2017 7:16 AM


this barely scratches the surface of what's on naked capitalism today. Clive might find the bit about Ireland and Brexit interesting. there is an implication in the article that the soldiers had remote (laser?) listening devices for tracking conversations in vehicles. why Mexican immigrants are healthier doesn't mention why Japanese immigrants also are healthier and doesn't mention that they too fall prey to the Western lifestyle diseases after a generation or two.

Links 4/23/17 | naked capitalism - Tor Browser
http://www.nakedcapitalism.com/2017/04/links-42317.html

Will Scrabble Have the Last Word on the IQ Debate? The Unz Review (Chuck L)

http://www.unz.com/article/will-scrabble-have-the-last-word-on-the-iq-debate/

...[I love the quip yesterday about not applying sufficient violence]

There Will Be Blood: Left Prepares For War After Berkeley Beat Down With "Combat Training, Better Equipment, Guns..."
"Yes, we seemed to have lost today. The alt-right held their ground. If we wanna take action against them, we need to be better organized and better trained... A shocking number of our comrades went in there with absolute no combat training. We need to set up seminars..."

http://www.zerohedge.com/news/2017-04-22/there-will-be-blood-left-prepares-war-after-berkeley-beat-down-combat-training-bette

...

Big Brother IS Watching You Watch

A Window for Punishing WikiLeaks Bloomberg

https://www.bloomberg.com/view/articles/2017-04-21/a-window-for-punishing-wikileaks

First They Came For Assange: Trump’s War on Truth Will Kill 1st Amendment Free Thought Project

http://thefreethoughtproject.com/first-they-came-for-assange-1st-amendment-to-die-with-wikileaks-prosecutionlose/

...

Is It Time to Break Up Google? NYT. Yes. Next question? And if you haven’t yet read this Matt Stoller piece– linked to last week– do so now. The evidence is piling up — Silicon Valley is being destroyed Business Insider

https://www.nytimes.com/2017/04/22/opinion/sunday/is-it-time-to-break-up-google.html

http://www.businessinsider.com/the-evidence-is-piling-up-silicon-valley-is-being-destroyed-2017-4?

Is the Silicon Valley Dynasty Coming to an End? Vanity Fair
http://www.vanityfair.com/news/2017/04/is-the-silicon-valley-dynasty-coming-to-an-end

...

Our Famously Free Press

After ‘crisis of conscience,’ ex-Cigna exec hopes to set the record straight on health care Columbia Journalism Review

https://www.cjr.org/united_states_project/tarbell-health-journalism-startup.php

JG4April 23, 2017 7:24 AM


@ab

is it convenient for you to post links to the two versions of the Donbass video?

that would make a nice entry for naked capitalism under "Our Famously Free Press"

Ergo SumApril 23, 2017 8:59 AM

@r...

Whenever I encounter non-case sensitive password anywhere, it brings back memories of working on the mainframe....

I'd venture to say that the authentication for banks is done by IBM mainframe on the back end. The same place where the actual customers data resides. Some banks had changed the default "RACF SETROPTS" setting to enforce case sensitivity and enable special characters, while others did not.

Certainly, accessing one's back account over the web does connect directly to the mainframe, or at least should not. The chances are that the typical 3-tier web architecture applies, with LDAP authentication on the front end, verifying customer login credentials with the mainframe.

supersaurusApril 23, 2017 9:43 AM

@Ergo Sum

I never worked on an ibm mainframe, but I do remember when people thought using the password "qwerty" was good and innovative ;).

another stupid password scheme:

I use a password manager so long ugly passwords aren't a problem for me. I had reason to change the password on one of my online banking accounts. I don't recall the exact numbers, so I will make it up: I entered a 20 char password that used upper/lower, numbers, special chars, etc. the bank accepted the new password, but later when I attempted to login using the new password login failed (paste from the password manager recall, no typing involved). eventually I got lucky and just dropped the last 4 chars of my saved password by pasting it into an editor and chopping it, bingo. I assume what they did is truncated the proposed new password before hashing it, then stored the hash, but during regular login they hashed whatever you entered as-is and then compared the hashes...guess what?

like probably everybody else I (formerly) had an online bank login that had a minimum 8 char, multiple "special" chars forbidden, etc. that login simply rejected any password with forbidden chars or over maybe 14 char length.

on another account login fails the first time no matter what, then succeeds the second time (password manager recall, no typing involved). you could argue that is an improvement since *everybody* pays the double login time penalty, but it is hard to imagine trying to get in by guessing if the password rules are reasonably strict. I've never failed the second try so I don't know if they eventually cut you off and force you to reset.

Nick PApril 23, 2017 11:21 AM

@ Patriot COMSEC

That's very interesting. Hushmail was a company in Five Eye's whose design allowed them to eavesdrop. What we warned about happened. Countermail is similar kind of design except maybe on the offline client. Located in Sweden so theoretically better but they cave to U.S. on stuff. Tutanota comes off as stronger since they're in Germany: interesting combo of strong, spy agencies with stronger privacy/data protections. The design is better than some others but team is still trusted not to backdoor it. In Protonmail, there's similar risk but legal side is strongest and software is open-source.

So, these are all better than Gmail or something but all with major subversion risk. GPG with user-friendly, front end is still the strongest option. Alternatively, an open-sourced, native app for various platforms where both source and binary are available on web site of supplying company. Similar for browser side where JS can be downloaded locally or they use FOSS, browser plugin. Need to allow desirable amount of inspection plus limit the damage as much as possible.

Nick PApril 23, 2017 11:30 AM

@ Patriot COMSEC

Btw, when you submit your URL, get rid the WWW part of it. Just using the subdomain followed by WordPress eliminates the TLS error that shows up.

MatthewApril 23, 2017 11:36 AM

@Patriot COMSEC

Wael and I are just advising you to be careful.

Why are you shopping for different VPN providers? Furthermore why are you testing a beta service in the field?
Do you really want China, NSA and other agencies to scoop up your data? Just stick with the one that works.

DanielApril 23, 2017 12:14 PM

Break up Google? I've been arguing for the last decade or so that it is time to nationalize Google, at least Google search.

@DanielApril 23, 2017 1:42 PM

Break up Google? I've been arguing for the last decade or so that it is time to nationalize Google, at least Google search.

Here we go. Communism again. Totally unnecessary. Google's main money-making product, and their entire reason for existence, is Google Ads. Yes, I know. Google Ads are a dictatorship-class wholesale product. It's a faux pas, considered impolite to talk about them in proletariat retail circles, (by which I mean communist cottage industry and boutique retail.)

The thing I hate about Google Ads is the Google Analytics, which is the real intrusion on our privacy, and the driving force behind the algorithms that choose which ads to impress upon us lusers.

Break up Google?

Nothing more is really required beyond a good ad-blocker and an alternative free e-mail provider. Bruce has already distanced himself and his readers from Google Search by using DuckDuckGo.

Actually, a break-up is inevitable. When any large company has become too large and sufficiently corrupted itself, and this time they really did it with the GOOG/GOOGL stock split, being so coy about the voting rights, then one day they do their books and the shareholders find out that the books have been cooked in audits by the previous accounting mega-firm going back who knows how many years, and then it's all over.

Law and order and justice never go out of style.

Start-ups, alternatives, competition, new money from investors who are not satisfied with the status quo. New business. Get to work. Move on. That never goes out of style either.

My InfoApril 23, 2017 2:00 PM

Btw, when you submit your URL, get rid the WWW part of it. Just using the subdomain followed by WordPress eliminates the TLS error that shows up.

That may be true for that particular case, but let's be careful when generalizing it. In particular I have nothing against a "www" subdomain, which is perfectly appropriate for running a World Wide Web server; hence the abbreviation. People who run, say, file transfer protocol servers might use "ftp" or other subdomains such as "pop3" or "mail" for other common internet services.

And if you don't want to use "www" then don't. If "www" is part of the URL then it is, and if it's not, then it's not. It's no more complicated than that.

WallflowerApril 23, 2017 2:14 PM

Trump says Mexico 'eventually' will pay for border wall
http://www.reuters.com/article/us-usa-budget-trump-mexico-idUSKBN17P0QG

It's time for politicians to stop playing mind games and tell the truth.

Yes. Mexico will pay for this wall. To the last peso. In terms of lost human opportunity.

No. That payment will not reimburse the United States even one penny for the cost. Everyone loses with this one.

Time for some more truth. Law and order must prevail south of the border before that wall is ever going away. The rule of Mexican states by criminal cartels must be done away with. Sinaloa is a state within Mexico. Yet when people say "Sinaloa," they mean the criminal cartel which rules from that state. (Just like the Chicago Mob rules the auto manufacturing business in Michigan.)

More truth. We the people are in an inquisitive mood, and we need answers this time. Are we going to get serious about fighting our own criminal cartels within the Unites States, or is this just a turf war to protect Chicago / Las Vegas / New York Mob territory from the Mexican criminal cartels?

We the people do not believe what we are being told.

Dirk PraetApril 23, 2017 3:19 PM

@ Jennifive

... you offered your version of a windows code for verifying openBSD in your post about installation?

Here you go. And you're most welcome.

ThothApril 23, 2017 7:38 PM

@Ben A., ab praeceptis, all

re: Nofile / Yet Another Snakeoil

The promises of browser based file encryption (AES-128 ... why not AES-256 or ChaCha20 -> very fast cipher) via Javascript (which @ab praeceptis can go all day about it) and the fact that the Nofile webpage mentioned that it can remove flagged files but give anonymity ?

Hmm ... secret IP logging on untrusted Nofile server, HTTPS cert MITM by TLAs, ability to preview supposedly secure files ??? (via key escrow ???) ...

Totally lots of alarms going off now ...

I will add a new entry to my list of snake oil to add to my HOilyday Greetings for @ab praeceptis.

ThothApril 23, 2017 7:47 PM

@ab praeceptis

I would like to present the Hoilydays list as per below on my website :) . Even my URL in my name have been updated for the Hoilydays which is around the corner.

Should be a good guess of the theme of my next Hoilydays specials :) .

Link: https://askg.info/hoilydays.txt

ab praeceptisApril 23, 2017 8:03 PM

Thoth

Browser based javascript encryption? Brillant!

And after all, what could possibly go wrong entrusting your security and privacy to encryption done in a typeless language running on a bug zoo interpreter which again runs within a bug zoo browser? Excellent solution! Also saves nsa the trouble of starting up their toolbox.

I'd like to commend you for your decision to put no-brain-file on the holidays list! It's certainly well deserved.

If I may: It seems you have forgotten to put tls on the list (which will soon provide 'security' in the freakshow called 'your browser'!)

I want tls 1.3 done in javascript! For windows xp!

Very much looking forward to your card ...

ERApril 23, 2017 9:48 PM

With this sort of behavior (and everything else that company does) the question is, why would anyone still use Uber?


Uber tried to fool Apple and got caught
http://www.theverge.com/2017/4/23/15399438/apple-uber-app-store-fingerprint-program-tim-cook-travis-kalanick

Uber had secretly found a way to identify individual iPhones (with the help of fingerprinting), even once the app was deleted from the phone or if the phone had been reset, according to The New York Times.

In an attempt to hide this activity from Apple, Uber geofenced Apple headquarters in Cupertino, changing its code so that it would be hidden from Apple Employees.

Uber claims, as quoted at the end of the theverge.com article that "We absolutely do not track individual users or their location if they’ve deleted the app".

However according to New York times the reason why Apple's CEO had wanted to meet with him was to tell him to stop the practice.

Patriot COMSECApril 24, 2017 12:17 AM

@ Nick P

Thanks!

@ Matthew

Well, it all goes to the same places anyway, no matter what you do. Unless you are trying to be anonymous and are pro, using the internet is the same as running around naked. It is just an enormous collection platform and gladiator's field.

Our friends in China stole the true names and personal information of most people working for, or who ever had worked for (in a long time), the US Gov, and those documents were detailed. For example, they contain interview notes in which people must disclose intimate details of their lives. By the way, all of that information was stored in DC on an unsecure network. Utter apathy and stupidity. We talking here of a strict dictionary definition of the word DUM.

I often think that Mr. Schneier must really piss off the powers that be in the US, especially because of the biting comments he made in the preface to his excellent book "Applied Cryptography." Here is a better way to put it: true comments. In fact, I wonder if this blog pisses them off and I wonder if coming to this blog makes you a prime target. Did you ever wonder about that? Do you think they like to hear someone who is so respected say that their building with no windows actually undermines U.S. national security? Or that it drives distrust and pointless violence? No, they liketh it not. Let's track them all!

The point about China is that its racial division means very little and is concentrated far from the core of the country, that its core society is not distrustful and polarized like ours is in America. The OPM security disaster and the apathy that enabled it were driven by needing to put someone of a certain race and gender into a position of leadership at the OPM... no matter if qualified or not.. AND... as the CIO. China, I am sure, does not suffer from this kind of moronic carnival. Everyone is working, and working hard; there is a lot of professionalism and respect. Here is the clincher: a lot of respect towards Americans. That is the part that has really made me think. It is not fake. It is the focus on work, innovation, business, making things better. Everything points towards those things.

Thailand is different. Its a nice place to take it easy, but it is not a place to get people excited about working, inventing, innovating, etc. And it is actually not open at all culturally. Endemic corruption, severe and hopeless. I am not saying anything bad about everyday Thai people.

China has a strong business culture, a culture we can understand and share. If you have a business visa in China it is because you want to do something important, and China is about money, it is not about inward surveillance like North Korea. They don't need to be. There is not a climate of fear; instead, there is optimism. That might be a hard pill to swallow because it is comfortable to believe in the US no matter what, which I understand and share. But, as G.K. Chesterton put it, "My country right or wrong" is the moral equivalent of "My mom drunk or sober."

Patriot COMSECApril 24, 2017 12:43 AM

@ Matthew

About the why of doing things...

I am quite sure that you do this too: you play with technology because you like it. You find out, tinker, break, fix, break again.

I do a lot of breaking.

Some of the best times are when you don't know why, but you work on it--what you discover might be a lot more interesting than what you would gain if you had started out with a clear purpose.

WinterApril 24, 2017 3:09 AM

@Matthew
This discussion started on the Friday post and was moved to the Squid post:
https://www.schneier.com/blog/archives/2017/04/tracing_spam_fr.html#c6750937

This subject does have a connection to the themes of this blog. The MH17 investigations show what information can all be collected about the military movements of a hostile country by the courts and even by human rights activists. And it is also a case study for massive disinformation campaigns by hostile powers.

@ab p
""dutch" - as in: .... . How about THINKING for a moment?"

The "Dutch" as in the country that lost nearly 200 people in the MH17 disaster. I regularly pass the home of one family that was on that flight. One of the victims was a famous Dutch AIDS researcher that is still missed.

The Dutch press is very much interested in the real identity of the murderers that shot down that plane. They have extremely little interest in blaming some fall guys out of political convenience. That you really pose this as an option tells us a lot about you and your country.

@ab p
"The dutch "investigation" is now going on for years and still they have only "preliminary reports"?"

I know it is too much to ask you to actually read the reports. But this is all about the wheels of justice turning slowly. With such a massive disinformation campaign from the suspect(s), everything is done to get, check and double check all the evidence. And it works. For instance, it was proven beyond any reasonable doubt that the plane was shot down with a BUK missile. Something vehemently opposed by the Russian government.

@ab p
""activist" - Pardon me but activists, as much as they are beloved, in the us of a dominated part of the world, and what they say, are *not* evidence."

I know you detest mere mortals getting involved in the workings of the "real" world. But this international group has collected shiploads of evidence from eye witnesses, Russian social media and other sources that includes a lot of photo's and posts of the crew that drove the BUK missile to its destination in Ukraine. Evidence that allowed Dutch journalists to follow in the tracks of the missile and collect new eye witness records.
Here is the report of the journalists (in Dutch, but Google Translate has become very good nowadays):
http://www.volkskrant.nl/buitenland/heeft-u-hier-een-buk-raket-gezien~a4024652/
http://nos.nl/artikel/2035923-in-het-spoor-van-de-buk.html

Here is a summary in English
https://www.independent.co.uk/news/world/europe/mh17-russia-rebels-buk-missile-evidence-how-investigators-able-prove-ukraine-vladimir-putin-a7335621.html

When I have to chose whom to trust, Putin and his henchmen, you, or the Western free press, I prefer the Western free press every time. And the Russian government agrees about the free press. They want to have nothing of that in Russia:
https://rsf.org/en/russia

@ab P
"Russia, e.g. president Putin himself, not only did not deny having played a role in Crimea but he actually speaks openly and publicly about it."

I have a very clear recollection of president Putin being in front of a camera telling the world that these little green men that occupied the Crimea were NOT Russian soldiers. Only after all was settled and done did the Russian government come out as the perpetrator of the annexation. As usual, your words are as unreliable as Putin's.

Summary:
This is a blog where almost everyone is criticizing his or her own country on many fronts (as I am happy to do on my own country, the Netherlands). But ab p will not allow any hint of criticism about Russia stand. No error or fault is ever admitted, damned the evidence. On the other hand, no evidence is needed to blame the US for anything that might have happened anywhere.

In short, I do not trust any word ab p writes about Russia and its actions. Nothing she/he wrote went beyond regurgitated propaganda and nothing could stand any level of scrutiny.

RachelApril 24, 2017 3:35 AM

@ Winter

it only scratches the very surface but for your interest see item 3, about half way down the page

http://www.knowyourrightsgroup.com.au/conspiracy/

One suggestion was that the plane was full of AIDS researchers on the brink of something big, on the way to a conference to share their revelations, and that is why the plane was shot down.
What can be agreed is this event surpasses any other in terms of layers of misinformation, counter propoganda, and sheer incredulity. It is insane.
The only honest accurate response anyone can give is 'I don't know, and probably never will.'

for what it's worth, @ Ab Praeceptis, from what I can gather, is not Russian or even pro-russia. Maybe you knew that,I am not clear.

RachelApril 24, 2017 3:45 AM

@ Patriot COMSEC

appreciate your contributions. I also enjoy your writing style. It is different. Measured, yet definitive. Something like that.

Your email suggestions.
Jursidications aside as Nick P pointed to; Par for par, Proton Mail appears to trump Tutanota from a tech perspective. The various pages describing the minutae of their inner sanctum seems to indicate this. They are almost completely transparent about their hardware and setup - transparency being in their mission statement - and also allow their back end to be audited. considering they also insist the basic features will always be free to ensure people whose lives depend on it always have it, added all together it's quite impressive. I like how organised, clear, efficient and structured the whole package and systsem is.
Oh and they allow encrypted emails to be sent to parties outside of the protonmail garden. And theres the self destruct feature - do the others allow this, unsure. Do have a read through their many blog posts.

keinerApril 24, 2017 3:59 AM

@Rachel

In which parallel universe is @ab p NOT a VERY simple Putin apologist? Really, really very obvious who are the paid trolls in this forum, as @Winter pointed out...

MatthewApril 24, 2017 5:54 AM

@ab praeceptis

Sorry for late reply, hope you are still reading this Friday's squid thread.

I was trying to have a friendly discussion with you. I apologise if it feels like I am attacking you.

I have no disagreement with regarding Georgia invading Ossetia. I read about it from the mainstream media. Probably why George W Bush, despite making some diplomatic noise, did not put too much pressure on Putin.

Likewise for Ukraine and Crimea, no major disagreement there. I just wish Crimean held a referendum like in Scotland instead of armed revolt but then the Ukrainians overthrew their President so who am I to judge.

Just a explanation regarding the term "probability" used by me before I carry on. It is my way of estimating the probability or of me changing my belief in light of new evidence.
Again I am sorry for not making that clear earlier.

Good info about the Syria. This is compatible with Russia's earlier statement that a airstrike blew up a chemical weapons cache nearby.
However I chanced on this Wikipedia entry Use of chemical weapons in the Syrian Civil War.
It seems there are more chemical attacks used by various factions but was not picked up by mainstream media.
I have revised my probability or "likelihood" to 60% based on this new information. As you can see I still think the recent chemical attack is likely from Assad forces.

Regarding MH17, there is no change to my belief. The youtube video you linked just means that the rebels are not heartless. It does not prove they did not shoot down the airline.
Initially I believed that the pro-Russia rebels stole an anti-air missile from Ukraine and shot down the MH17. If Russia have counter-argued that the missile was fired from the Ukraine army, it would have became their word against the Western powers. Instead they proposed an unlikely theory that a Ukraine fighter SU-25 show down the MH17.
A website which sums up the reasons can the su 25 intercept and shoot down a 777
Furthermore a Russian TV channel went on to broadcast "satellite" photos which shows a Ukraine fighter launching a missile at MH17. 1 TV link. I find it very impossible a high altitude spy satellite to take a high resolution picture of two fast moving airplanes with one firing a supersonic missile.
This strongly hints to me that Russia had something to hide.

@jennifive
I am not sure if you are making fun of ab praeceptis.
Real people died including many Dutch HIV researchers.
Malaysian Airline suffered a huge hit to their bottom line with people avoiding to sit on their planes in the belief the airline was cursed. (Malaysia Airline lost another plane MH370 four months earlier in an unrelated incident.)

Ergo SumApril 24, 2017 6:16 AM

@r...

https://www.schneier.com/blog/archives/2017/04/surveillance_an_2.html#c6750731

Even if one decides that there's no need for apps, free or otherwise, all smartphones come with pre-installed ones. Some of them cannot even be uninstalled unless one has root access to the device. These pre-installed apps are just as bad, if not worse than any other free/paid ones.

That's not really "news", but something interesting took place following the links...

The link above has a link to the marketplace.ca, where the video in question would not play. Presumably, due to the NoScripts with the TOR browser, but it did have a link for watching it on Youtube. Ok then, let's click again since I rather watch it there than allowing every websites running scripts on my system.

So, temporarily allowing Youtube to see the marketplace video surprised me. The video started at 18:44 toward the end, instead of at the beginning. What the hell, where is that coming from????

There are no cookies allowed and the history is dumped when the TOR browser closed. I do know that Youtube is tracking users, keeps records, etc., but through TOR browser too? I did not know that.

Yes, some of you had been trying to convince people that TOR isn't really private that I didn't really believe much. Now I do. If Youtube can track TOR users, other websites can just as well.

Just curious, what technology Youtube is using?

ThothApril 24, 2017 6:17 AM

@Systate

Yes snakes produce oil and have been used in Asian traditional medicine by soaking dead snakes in alcohol so that their body fluids (i.e. snake oil) enters the snake potion which is said to be good for health and boost male vitality :) . It is also expensive stuff though if you don't know who you are buying the snake potion from in Asia.

ThothApril 24, 2017 6:19 AM

@Thom, ab praeceptis

Thank you (@Thom) for providing me an inspiration for @ab praeceptis to attempt to represent TLS with a golden sticker symbol. The headache is the TLS working group have no logos I can use and I guess ssllab's would probably be added to my list to represent TLS golden sticker.

Ergo SumApril 24, 2017 6:23 AM

Oops, I forgot to say that I did watch the video in question 4-5 days ego, but did not finish. Evidently, the video was stopped at 18:44...

JG4April 24, 2017 6:36 AM


I think that I asked about the best ten and best one hundred computer books. K&R must figure in that list. Can anyone suggest a good source for a Linux box, preferably in two flavors? The first being a run-of-the-mill version with the Intel management engine spying capability built in, and one with a more trustworthy CPU?

Links 4/24/17 | naked capitalism - Tor Browser
http://www.nakedcapitalism.com/2017/04/links-42417.html
...
Big Brother IS Watching You Watch

An Israeli startup armed with $45 million is taking on Google and Apple in the race to sell your personal data Business Insider

http://www.businessinsider.com/otonomo-sel?ing-car-data-2017-4

WikiLeaks releases top-secret CIA documents as US considers charges against Julian Assange Independent

http://www.independent.co.uk/news/world/americas/wikileaks-cia-files-smart-tv-phone-hacking-microphone-surveillance-julian-assange-a7698141.html

THE WIKILEAKS DETERRENT THEORY, AKA THE ARBITRARY OFFICIAL SECRETS ACT Empty Wheel

https://www.emptywheel.net/2017/04/21/the-wikileaks-deterrent-theory-aka-the-arbitrary-official-secrets-act/

As U.S. Preps Arrest Warrant for Assange, Glenn Greenwald Says Prosecuting WikiLeaks Threatens Press Freedom for All Democracy Now

https://www.democracynow.org/2017/4/21/glenn_greenwald_trumps_doj_prosecuting_wikileaks

JG4April 24, 2017 7:01 AM


I really like the low power CPU that was suggested about a week ago. I think that was from Clive.

DRUDGE REPORT 2017 (R) - Tor Browser
http://drudgereport.com/
...
____________________________________________________

SPY CHIEFS MEET IN NZ FOR 'FIVE-EYES' CONF...
http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11843668
PLANE-LOADS OF SPOOKS...
http://www.stuff.co.nz/business/91820615/cia-plane-lands-at-wellington-airport-ahead-of-five-eyes-meeting
Officials cagey over Comey visit...
http://abcnews.go.com/International/wireStory/fbi-boss-comey-arrives-zealand-ahead-conference-46965677
____________________________________________________

excerpts

A quick Google search of the registration number on the white, Gulfstream Aerospace's tail revealed United States Central Intelligence Agency (CIA) owns the jet.

Five Eyes is the name of the global spying alliance of the US, the UK, Canada, Australia and New Zealand.

Officials from the world's largest spy network are meeting in Arrowtown, near Queenstown, where a massive security operation is underway.

see also:

Uber Secretly Tracked Users, Spied On Lyft Prompting Tim Cook To Threaten Apple Store Expulsion
http://www.zerohedge.com/news/2017-04-23/uber-secretly-tracked-users-spied-lyft-prompting-tim-cook-threaten-apple-store-expul

HermanApril 24, 2017 8:59 AM

@Daniel - There is no need to break up Google. Google is going the same direction as Altavista. One already has to do a search then press page down four times to get to a real result. Soon a better search engine will emerge and Google will get sold for scrap.

Who?April 24, 2017 9:08 AM

@ JG4

This part of stuff.co.nz report is really funny:

Government officials are refusing to confirm details or provide names, but police confirmed no former head of state would be visiting, after the rumour mill tipped the visitor could be Barack Obama, with Microsoft founder Bill Gates' name also put into the mix.

ab praeceptisApril 24, 2017 9:19 AM

@Thoth

Who do I trust for rating SSL/TLS/..etc.. (in)security ?

That's simple: None of the above.

Why? For a start because they do *not* examine the security of ssl/tls but rather the way somebody employs ssl/tls implementations.

Or, in other words: ssl-labs et al. do *not* tell whether a given site is secure. What it does tell is whether the site (admins) at least try and hence and in conclusion whether they at least seem to care about security at all.

Sidenote: The admin I know who do test their own sites with ssl-labs or similar actually do it for completely different reasons. They do it because they know that some of their visitors/clients/customers do take that quite seriously. One worded it nicely "people wanna see much green, no yellow and absolutely no red".

@Dirk Praet

until - like @Thoth said - the availability of a microkernel based OS that is both stable and usable, or @ab praeceptis publishes the specifications of his personal high security set-up.

It might surprise some but I surf using linux (not Mint but anyway). *On a separate box* (using the miracles of a kvm switch). The reason is partly simple and partly somewhat less so.

For a start I do *not at all trust the web*. Not with and not without ssl/tls. Period. Hence a separate air gapped box which gets completely wiped (modulo some preferences and bookmarks) quite frequently.
Moreover, as some might know, I do not believe in the sectarian "obscurity is no security" credo. Quite the contrary; encryption *is* professional high quality obscurity. This also means that I know about the quite relevant power of "do not stick out like a sore thumb but swim within the masses".

For work I use a hardened FreeBSD. For the same reason I stopped using OpenBSD many years ago (although I liked and still like OpenBSD): More drivers, more software etc. It's simply the sweet spot for me, considering what I need for work.

Now to the more interesting parts ...

I'm very closely following Minix3. It's quite well done, albeit in C (keep in mind that Tanenbaum also created ACK which supported Pascal). I did not yet really test it as it's not yet in a state where I want to use it but judging from some "quick shot" test with cpachecker and predator code quality is quite OK.

As soon as I feel Minix3 is ready for serious use I'll switch my development over. 3.4 might be the version. I'll see (and do more tests).

Why: Because I consider Minix to be secure? No! But because I consider it far less vulnerable than the monoliths.

For cases where I need more security (than a "reasonable everyday box") I'm looking into muen with either minix or, when possible, rtems on it for the "public side" (say, a messenger client) muen wired to a secure minimal OS which does the sensitive parts.

The problem is this: Pretty everything out there is bloated and fat beyond hope. If a client needs, say, some highly secure link between some industrial sensors and actors in installations far outside his headquarters, that may sound complicated but is actually easy to do because I control both sides (and the bandwidth needed isn't high).
Where it gets ugly is when you do not control both sides (or, god forbid, not even one) and/or when you need the internet. there are simply too many abcesses and plague-spots. As far as I'm concerned it doesn't even make sense to try.

What the hell can you do when your client tells you that he needs to connect an old windows xp box (running some aeons old software that is critical and irreplacable for him) to, say, some linux box far away? No matter how well you design and code, you'll be fu**ed.

My solution is to use whatever there happens to be (say the win xp box) and to outsource security so as to make the win box never ever see clear text. In a way similar to what Thoth does, with the main difference being that I wouldn't trust even a half rotten penny to anything even remotely java infested.

Now, before some of you think that my way is better than Thot's: Nope, it isn't. It like so often in engineering, comes down to a decision, to a compromise. Thot's approach, for example, has the advantage of being much cheaper than mine and working with more off the shelf bits and pieces. Mine is quite probably more secure but quite expensive and only worth to do in either extreme security needs or very high numbers. I try to compensate that somewhat by trying to use widely available or cheap to design and build hardware (like simple no-TZ Arms) and trying to design my software as modular as reasonably possible.

Btw: For my own use I have decided to extend that to a triple stage solution, i.e. e.g. Minix for everyday work plus a Muen w/rtems plus secure Min(mal) OS, where all encryption is done within the sec. Mini OS and transferred through Hypervisor provided channels to rtems which I use e.g. for text entering, some storage (encrypted), text viewing, etc. It's in a way a secure terminal that can also e.g. server for secure messaging. If the results of anything are needed on the Minix "main workstation" I transfer it by SD card or similar (*not* usb).

That said, I'm obviously a weird paranoid security freak and my solution is almost certainly not what most of you would like for everyday use. For that I think what Dirk Praet said is a quite reasonable approach.

One final remark One of my rules (that unfortunately is not yet fully doable) is to only accept building blocks based on Ada or at least Pascal or Modula. But I'm getting closer. With some luck I'll find the time to redo Minix in Ada.

what's going onApril 24, 2017 9:23 AM

@Thom wrote: "
https://www.ssllabs.com/ssltest/

Ran this on the schneier.com site,. A rank. :)
Almost perfect."

UsingTails, with security level set to high, or with non-tor devices w/o javascript, enter in the above url address:

apple.com and separately then enter in the above url address:
https://www.apple.com

Any ideas of what's going on?

ab praeceptisApril 24, 2017 9:34 AM

Winter, Matthew

I did answer you but for whatever reasons the system here eat and vanished my post.
As I do not think that's mere coincidence I won't try again. Sad, sad thing but oh well, that's how things are ...

ThomApril 24, 2017 10:04 AM

@what's going on
Im going to guess, so many people have entered apple, that they stopped running every single request and started returning cached results for the day.

https://www.google.com

Has the same cached result.

ModeratorApril 24, 2017 10:24 AM

@ab praeceptis, your post encountered a profanity filter, nothing more. Please feel to retry with another example.

ravenApril 24, 2017 10:45 AM

unroll.me is a service that allows users to unsubscribe en masse from mailing lists, newsletters and other email annoyances. To do so, it requires access to the users’ inboxes, and permission from them to scan the data for unsubscribe links.

A completely idiotic service, in other words.

Esp. since they have been selling data from the users inboxes at least since 2014.

But what is even worse is the reaction of the company's CEO reaction to their customers feeling betrayed.

This is from The Guardian...

Unroll.me head 'heartbroken' that users found out it sells their inbox data
https://www.theguardian.com/technology/2017/apr/24/unrollme-mail-unsubscription-service-heartbroken-sells-user-inbox-data-slice


The chief executive of email unsubscription service Unroll.me has said he is “heartbroken” that users felt betrayed by the fact that his company monetises the contents of their inbox by selling their data to companies such as Uber.

Nick PApril 24, 2017 10:47 AM

@ Patriot COMSEC

"I often think that Mr. Schneier must really piss off the powers that be in the US"

Bruce was one of the people who fought the Crypto Wars against FBI and NSA to reduce regulations on strong crypto. The dissidents collectively succeeded. He's called out their BS for years. Later, he temporarily was in possession of the Snowden collection with posts about specific technologies. Between past work & Snowden leaks, you can bet everything he does is under automated surveillance with a bit higher priority. He's certainly given corrupt government headaches. :)

"They don't need to be. There is not a climate of fear; instead, there is optimism. That might be a hard pill to swallow because it is comfortable to believe in the US "

We believe what the Chinese visitors and immigrants tell us. They like it here better so long as they can get a job and be near similar people. I also see plenty of leaked videos from within China, testimony from human rights groups, and so on. The situation in China is a mix of optimism, too busy to worry about stuff (maybe the majority?), hopelessness or feeling stuck, and fear if dissenting. Until 2013, they even had a place for people trying too hard to change bad things:

https://en.wikipedia.org/wiki/Re-education_through_labor

There's certainly a narrative about China in American media. Let's not pretend it's all roses and excitement over there, though.

ab praeceptisApril 24, 2017 10:48 AM

Moderator

A profanity filter? Amazing. I don't have the slightest idea what could have triggered that.

As for your offer to try again: Thanks but thanks no. I do not indulge in lotteries.

@Winter, Matthew, et al.

I'll leave it at some short statements, namely a hint to some globally established principles of justice:

- accusations must be proven.
- one is to be considered innocent until proven otherwise.
- justice must be based on evidence and facts and not on emotions.

Is there any proof that Russia or the Donbass people have shot down MH017? - If yes, provide it; if no, shut up and stop slandering and smearing russian people who are to be considered innocent!

Who?April 24, 2017 10:48 AM

@ ab praeceptis

It might surprise some but I surf using linux (not Mint but anyway). *On a separate box* (using the miracles of a kvm switch). The reason is partly simple and partly somewhat less so.

This one is a(nother) question that has bugged me for some time. Can a KVM switch be used to connect to both airgapped and non-airgapped networks?

I know, Clive will disagree because KVM switches do not provide energy gap. Are there other concerns that must be considered?

WallflowerApril 24, 2017 11:29 AM

Is there any proof that Russia or the Donbass people have shot down MH017? - If yes, provide it; if no, shut up and stop slandering and smearing russian people who are to be considered innocent!

We know beyond a reasonable doubt that that plane was shot down in Russian-controlled territory. The Russians have not given us a satisfactory account of their "investigation" of it. Donald Trump stopped playing innocent a long time ago. So please stop playing the innocent debutante at that Russian ball to which the Americans were not even invited.

ab praeceptisApril 24, 2017 12:02 PM

Who?

I think that while Clive is right in principle, one must also consider the concrete situation. I was speaking about my surfstation and my work computer. While I obviously do my work on my work computer that doesn't pose any considerable risk. What could they do if, just assumed, they could e.g. watch my screen through the kvm switch? Nothing critical.
Reason: Keep in mind that I develop my software on my workstation but I do *not* use it for final compilation, let alone product hashes; that happens on a completely airgapped machine with encryption provided by the "security dongle" I described.

Similar with remote mgmt. of my servers where a) I do not use ssl/tls, b) ephemeral PKE is done involving the "security dongle", c) my servers do not even react to requests from other parties (basic connection establishment is done separately).

Finally, like in all wars there is always the cost/advantage factor involved. If, for instance, Russia can sink us of a carriers (value: billions of $) using "cheap" Oniks missiles(value: a million $ or so), i.e. the ratio is 1:500 or 1:000, the us of a is bound to loose the war.
Similarly, my setup must *not* achieve extremely high security. *Very much* driving up the complexity and costs for nsa/fbi/cia/ghcq on the one side while offering quite little on the other side (I have, after all no major state secrets on my systems) will make it all but certain that they won't hack me.

Of course, an indispensible factor in all of that is the crypto I use. If I did use ssl/tls (with rsa or nist ecc) they could simply start up a prepared toolkit (I strongly assume that that exists). If I used, say, NaCl/sodium I would already be in a much better position but still ... (maybe they already have quantum systems or the nsa mathematicians (do not underestimate them!) found some algo to crack ecc (discrete log problem) in polynomial time?).

In my case, however, they'd see a) that my ethernet port isn't running win, linux, or some bsd stack and b) a stream of pseudo random bits. So, their assortment of OS toolkits would fail and they had to rely on making sense of the pseudo random byte stream.

Trust me, being confronted with a PKE ratchet (as opposed to [E]DH) and guessing what algorithms I use (maybe goppa based? that's trendy) and even not knowing the system nor the prng(s?) used - and all of that not to gain access to the Kreml IT system but in the best of cases to some keys I use or maybe some nude photos - they were bound to loose the fight. Plus, another strong factor in my favour: Who the f*ck am I for them? An unimportant nobody. There's no way that they would start a quite sizeable effort just to break some nobodies secrets (which he may or may not have).

Which also demonstrates why we should be grateful for the work of people like Bruce Schneier: Creating security for some exotic paranoid nobody like myself is relatively easy. Creating crypto, however, that is perfectly well known to opponents and that is widely used (i.e. very cost attractive to crack) is very hard.

ab praeceptisApril 24, 2017 12:17 PM

Wallflower

(Funny, how many names are used ...)

For a start: No that territory is *not* russian controlled. That territory is controlled by ukrainians a majority of which happens to be ethnic russians.

I've read that there are many ethnic chinese in southern california. If one of them happend to, say, go on a killing spree, would that somehow make that a crime of China? I don't think so.

Moreover: Why did that airplane fly over a war zone in the first place? It just so happens that the air control in charge - who should have diverted the plane as it did with most others - was in a ukrainian (as in "not russian ethnic") city and under the direct control of a staunch supporter of the maidan (kolomoisky).

So: How come that the maidanists helpfully presented a target for the evil "Russians" to shoot down?

The Russians have not given us a satisfactory account

That's idiotic bullsh*t to the square! "The Russians" have to give no account at all.

You have no proof whatsoever that Russia was involved in any way. Moreover it is not the defendant who has to prove his innocence but the accuser to prove the defendants guilt.

That is a globally accepted principle of law which weighs a thousand times heavier than your emotional but empty-handed witchhunt.

Nick PApril 24, 2017 1:32 PM

@ All

NNCP - Secure, Store-and-Forward Software

It's an interesting project. It mixes aspects of UUCP, Sendmail and others with heightened security. The nice thing about it is support for sneakernet, dead drop, and air gaps. The peer-to-peer crypto is based on Noise, a framework highly recommended by cryptographers.

My InfoApril 24, 2017 2:01 PM

@Nick P

It mixes aspects of UUCP, Sendmail and others with heightened security.

That reminds me of uucpssh.org, a service formerly run in France: now the web page at that domain is full of Chinese text. The thing with the UUCP was that according to the instructions you would configure your machine's UUCP to execute remote commands from the central server; the only remote command that was supposed to be executed on your machine was "rmail," to distribute incoming mail. Sending mail was a special privilege through that system....

They took objection when I suggested

     uuxqt -c rmail

to restrict the arbitary execution privileges on the end user's local machine.

I am wondering if this is by the same people. Too many similarities to be a coincidence.

My InfoApril 24, 2017 2:18 PM

https://linux.die.net/man/8/uuxqt

I was listed in their sysadmin's KILL file for that....

Those Frenchmen hacked the DSLAM unit down the road from where I lived at the time, so that certain files always failed to download, and then some Frenchman named "Allais" sold me some point-to-point IEEE 802.11b internet service through a dish on the roof, which I only used until the phone company replaced the DSLAM unit about a year later.

Food and drink in my home were covertly drugged at that time, my family was subverted, and several attempts were made to murder me.

Now the "Femmes Fatales" (les chiennes françaises) have been set loose.

Let's just say sex does not impress me when the real object of the lust is a bloody gory death.

Nick PApril 24, 2017 2:42 PM

@ esp Clive, Wael, Dirk, Thoth, Markus Ottela

re Snowden leaks show mainstream security was wrong and high-assurance was right

Often claim you heard it first on Schneier's blog. Particularly, we looked at our prior recommendations after the Snowden leaks to find our recommendations would have stopped most of what's in there. I brought that up on Lobsters in one of my rants against ineffective, "mainstream" security. User "trousers" asked me for examples from this blog. Here's the summary I put together of high-security recommendations here vs mainstream security in terms of what got proven or disproven in Snowden leaks and vulnerability reports.

Me: "On Schneier’s blog, we took time to compare our solutions against individual leaks to assess that. Mainstream “security people” recommended stuff that didn’t survive. Most people didn’t use our stuff because they liked that other stuff mainstream laypeople, developers, and security people were using. No uptake of strong stuff. So, weak stuff fails and strong stuff ignored per Snowden leaks."

trousers: "Do you have time to go into this a bit more deeply (or a link to somewhere this was discussed) – specifically the mainstream recommendations vs security professional recommendations?"

My response and summary:

My essays and high-level designs were on his blog since the engineers there were great at the time and hosting free. In old-school fashion, I have two text files with links to them that I email on request. I’ll send them to you if you want. Far as examples of this topic, I’ll try to remember and describe a few since I doubt I saved that given we spoke generally since we had discussed the specifics for years. In order of memory not importance.

1. I emphasized massive FOSS investment into medium and high-assurance security for common or critical apps/services like taught in Orange Book B3/A1, Common Criteria EAL6/7, and NSA’s Type 1 devices. The assurance techniques along with a subset of features. Not red tape. The NSA pentesters often failed to breach them during pentests where they succeeded to varying degrees on most everything else. So, we recommended doing what worked. The security industry recommended Windows hardening, using Linux w/ hardening, etc. Most of that failed to regular black hats w/ anything popular smashed by NSA. Even after links & I show people, they still argue their ass off with a famous person saying, “But do the systems have web browsers?” Well, yeah, but is every use case a web browser or even need one? Servers come to mind…

2. I recommended that military-style we link-level encryption between any two nodes that combat covert channels by fixed-size, fixed-rate transmission with error behavior not leaking much. Fixed-rate where possible at least. Those deploying about any secure chat, VPN, or protocol didn’t do this outside it as a side effect of some streaming setups. Numerous flaws were found in systems that didn’t. They still don’t do it.

3. I noted that obfuscation on top of good security is very valuable since attackers must expend extra effort to attack. They sometimes even expose themselves in process, esp if your error-handling highlights that. Many security professionals, repeating what they were told without thinking thorough, dismissed it as security by obscurity. Some wiser ones countered on basic the obfuscations could break security itself. I clarified I mean obfuscations that don’t require security techniques to be applied in non-recommended way. No risk. Examples are unpopular ISA, PDF reader, distro’s, or web server that’s otherwise high-quality. Unusual port numbers or names. grsecurity-style stuff to a degree. And never tell attacker what you’re using combined with monitoring. It worked over and over against nation-states, even their main tool against each other in Cold War, but security professionals kept dismissing it with one site owned after another with one-size-fits-all attack.

4. I’ll note this as a special example since people always argued differently with it. Ages ago I did a polymorphic cipher that essentially combined known-good ciphers operating one after another in counter mode. I randomized which ciphers, which order, and any key/counters fed into them. Similar schemes for integrity or authentication with redundancy. The key was extended to encapsulate those. Crypto lovers and users argued about how the combination might cause problems at algorithmic level with no specifics past DES Meet-in-the-Middle. Whereas, constructions they recommended were periodically beaten with cryptanalysis or implementation attacks on one algorithm that would’ve been harder to chain. It wasn’t until TripleSec that I saw some approval of this. Most stuff still doesn’t do this, though, even though we have fast algorithms and hardware-accelerated ones.

5. Eliminating root cause vs tactical stuff. This pops up repeatedly with some motivation in terms of how bad things get optimized for by supply-side because optimizing for common case improves sales. Examples of bad things hard to retract were stacks flowing in dangerous direction, no bounds checks, languages hard to run through provers, setuid root, interpreted languages for productivity when productive, compiled ones existed, complex protocols/libraries vs minimal ones for minimal use-cases, and so on. Vast majority of INFOSEC goes with what I call tactical mitigations that try to counter each, individual thing while keeping the root cause. Justifiable for legacy systems or something with truly no alternative. We’ve been about fixing root causes, though. One example is where Trusted Xenix, first secure-ish UNIX in production, eliminated setuid vulnerabilities forever while maintaining compatibility with setuid apps. They just cleared the setuid bit whenever such a file was written to with admin (or update software in theory) needing to reset it after approving the change. Super simple but so ignored. Reverse stacks are another. Decimal over floats for basically decimal math. Language’s like Wirth’s with safety on by default with ability to turn it off per module for low-level or high-speed stuff. Safe concurrency or interface checks in Eiffel. Recently, use of a language that proves absence of flaws for code-injection (i.e. SPARK Ada) for stuff that shouldn’t have code injection. Opa or Ur/Web… even something like them but on normal languages… to do same for web. Bulletproof clustering or multiversion files for common systems like VMS or NonStop. So on and so forth. Little effort to fix root cause productively and efficiently vs tactical stuff that often fails due to clever bypasses.

6. Separation of trusted and untrusted computers. I said they have to be airgapped with tempest protection in a cage with a power filter. Old, NSA recommendation done in defense forever, esp for SCIF’s. Some buildings also had noise masking to stop words from getting out & solid since you could just record password or leak info through LED’s. Would’ve prevented numerous side channels. Clive Robinson, “man of many brains,” took it further claiming any sharing of matter or energy between machines might be a side channel. Coined the term “energy gapping” for blocking as many forms of it as possible to prevent “known unknowns” and “unknown unknowns.” That it might need to be done on a per-computer basis if it’s about malware. BadBIOS-like happened years later.

7. Building on CPU’s that make it easier to do security or reliability. That’s existing or homebrew. They’re currently weaker in a number of ways (esp performance and ecosystem). That’s because people aren’t using them! Buying them, building on them, and including them in security appliances (or anything justifying the price) will increase demand to improve supply side. Right now, there’s numerous CPU’s out there that are FOSS (eg Leon3) and/or improve security (SAFE, CHERI). Sometimes they just run a HLL directly (JOP) for no abstraction gaps. In any case, industry as a whole or FOSS groups with money should’ve funding ASIC’s made out of stuff like this for our most trusted stuff at least. Integrate it in a decent, expandable board. Keep ASIC & NRE cheap by reusing microcontrollers with on-board hardware for things like Ethernet, storage, HID, etc. Those are $2-30 a piece in volume with only a few needed. For most attacks, just gotta secure the software on them that we write. Alternatively or additionally, an IO/MMU. Almost all of security folks are pushing two, x86 vendors (a third had security enhancements early) and ARM in their solutions.

8. Separation kernels for mobile, browsing, and secure comms on untrusted architectures. It doesn’t cover everything but it’s a nice building block. The monolithic kernels never got the job done. One of easiest ways to improve Internet-connected or mobile devices is to virtualize the legacy OS in a VM on top of a secure microkernel with security-critical apps in own protection domains. The GUI (eg Nitpicker GUI), boot, update checks, and crypto at the least. Many systems did this with partitioning networking stacks, filesystems, and other stuff. Idea being they can compromise the crap out of most of it with secure stuff still invisible to that part or just can’t break it. Almost no effort doing this outside of maybe Genode with numerous, commercial implementations. OK Lab’s OKL4 was most widely-deployed but for baseband protection.

9. Physical separation. They tried to argue about cost and difficulty which was just really an optimization problem you could win splitting between powerful and embedded systems. My secure browsing was a KVM switch on several computers with controlled sharing. Bypassing that required finding a problem in the dead-simple switch or beating the one component required for sharing designed with principles like already mentioned. Way better than attack profile of VMM’s etc. This got cheaper and easier over time w/ me looking at piles of microcontrollers mixed with FPGA’s & standard CPU’s as next strategy. The mainstream security people are starting to come around after they rediscovered cache-based side channels, firmware attacks, and other things high-assurance dodged where possible since the 90’s. They’re really panicking on that stuff although root-cause solutions exist in literature to each. Sometimes in market but usually not cheap.

So, these are just a few categories of things high-security engineers and I discussed on places like Schneier’s blog over last 10 years. I preach similar stuff when related topics come up. Tools and techniques are better now than ever. Yet, mainstream, security folks will ignore it or argue till blue in the face while their methods keep getting compromised when ours succeeded. They’ll sometimes add new tactics to their already-broken methods to hopefully counter something in a cat and mouse game with smart enemies that they keep losing. They have yet to break the cycle to promote much of what I’ve described here. Rust on language side and resurgence in spec interest with TLA+ might be only counter-examples I can think of. So, I hope that illustrates things well on our side vs majority both pre- and post-Snowden.

Btw, here’s one of my design essays were I apply incremental, high-assurance security to Tor to counter as much of its threat model as possible. I’ll throw in the security framework I used to use for assurance since I made it public in 2013. I turned it into essay form in a conversation there.

https://www.schneier.com/blog/archives/2014/09/identifying_dre.html#c6678915

http://pastebin.com/y3PufJ0V

ab praeceptisApril 24, 2017 3:07 PM

Nick P

Ad "NNCP" and "noise", your recommendation:

Well, I had a quick look over some of their (noise) code and I was *very disappointed*.

For a start, there is not even an attempt of proper verification in their C code (which they themselves call the reference).

I picked a piece of noise code, namely protocol/rand_os.c, i.e. some piece that is well suited to gain some impression of their coding quality because there are quite some spots that can be done well ... or not. It's also often a good spot to look at because it has both unix and windows intricacies such as windows (of course!) not offering a reasonable and simple read_from_random_device functions but a weird construction. Note that right at the start the author promptly falls into that trap and #defines along the intricacies instead of properly resolving the problem.

(My annotations are the comments with 3 asterisks.)

#if defined(linux) || defined(__linux) || defined(__linux__) || defined(__APPLE__)
/*** arbitrary exclusion of BSDs! ***/
#define RANDOM_DEVICE   "/dev/urandom"
#endif
#if defined(__WIN32__) || defined(WIN32) || defined(__CYGWIN32__)
#define RANDOM_WIN32    1
#endif

/*** Would have been better to
const char* unix_rnd_dev = "/dev/urandom";

and then if #defined /*unices*/ #define RANDOM_WIN32 0 #else /* windows*/ #define RANDOM_WIN32 1
and later check for RANDOM_WIN32 being 0 or 1. If 0 then read from const'd file ***/

/**
* \brief Gets cryptographically-strong random bytes from the operating system.
*
* \param bytes The buffer to fill with random bytes.
* \param size The number of random bytes to obtain.
*
* This function should not block waiting for entropy.
*
* \note Not part of the public API.
*/
void noise_rand_bytes(void *bytes, size_t size)
{


/*** Grave problem: 'size' vs 'bytes' buf size unchecked! ***/
#if defined(RANDOM_DEVICE)
int fd = open(RANDOM_DEVICE, O_RDONLY);
if (fd >= 0) {
for (;;) { /*** Bad! At least use "while(1)". Better: loop over errorFlag being false like this:
ssize_t retVal = 0; while(retVal != -1) /* error flag */ retVal = read ...***/
int len = read(fd, bytes, size);
/*** Why int? return of read() is ssize_t on unices ***/
if (len == (int)size) {
/*** bad! First check for error, only then for other conditions! ***/
/* We have the bytes we wanted */
close(fd);
return; /*** Bad! Don't return out of loop! ***/
} else if (len >= 0) { /*** nonsensical ***/
/* Short read - this shouldn't happen. Treat it as "no data" */
break;
} else if (errno != EINTR) { /*** Bad: case comprehension ***/
/* Some other error than "interrupted due to signal" */
perror(RANDOM_DEVICE); /*** Bad: Assuming healthy OS state plus mixed reporting ***/
break;
}
/*** potentially de facto blocking - contrary to statement above ***/
}
close(fd);
} else { /*** Bad style. Always comment at least lengthy and stacked if cascades ***/
perror(RANDOM_DEVICE);
}
#elif defined(RANDOM_WIN32)
...
#endif
( I tried with pre tags. If I failed at formatting, apologies)

Note re. the grave buffer problem: Some might say "but 'size' was given in the param!" - Nope. At the very least it's dangerously ambiguous. 'size' is, in the given context, assumed to be the *desired* number of bytes and not the size of the buffer (which may or may not be related). Accordingly, good standard practice is to give *both*. A correct version would be "noise_rand_bytes(void *bytes, size_t buf_size, size_t req_size)".
Moreover, that being C, it should be assumed that buf_size must be >= req_size + 1 due to C needing \0 to determine string size.

Sorry, but from what I see noise (and anything based on it) can not be responsibly recommended.

Yeknom EdocApril 24, 2017 3:56 PM

@ab praeceptis
Re "noise"


/*** Why int? return of read() is ssize_t on unices ***/

The type of len is int to match the ssize_t coming out of read(). The type of size is size_t. The cast is necessary to assure the compiler that the signed to unsigned comparison is intentional.

Moreover, that being C, it should be assumed that buf_size must be >= req_size + 1 due to C needing \0 to determine string size.
This reasoning implies that the array of random bytes created by the function cannot contain '\0'. That is wrong. C requires '\0' to locate the end of a C-style string. The array of bytes pointed to by bytes is just that - an array of bytes, without any additional constraints imposed on them. It is not a C-style string.

You make some comments regarding style that I can agree with, but I would argue that they are nitpicks related to programmer preference and has no bearing on the quality of this function or Noise as a whole.

vas pupApril 24, 2017 4:01 PM

@all:
"Break Up Google?"
Only after most of other big corporations copy/introduce Google-type treatment of employees as a model.

la-z-boyApril 24, 2017 5:02 PM

Former Fox News Host Accuses Network Of Hacking And Online Harassment
http://www.huffingtonpost.com/entry/fox-news-andrea-tantaros_us_58fe4886e4b00fa7de16a37a

In the new suit, Tantaros alleges that Fox News executives resorted to illegal electronic surveillance and computer hacking to “intimidate, terrorize, and crush her career through an endless stream of lewd, offensive, and career-damaging social media posts, blog entries, and commentary, and high-profile ‘fake’ media sites which Fox News (or its social-influence contractors) owned or controlled.”

The interesting part is the "high-profile ‘fake’ media sites which Fox News (or its social-influence contractors) owned or controlled."

As to those "teenagers in Eastern Europe" who were supposedly making money from fake news during last US election...they could have been subcontracted by these "social-influence contractors"

Although, who knows for sure. But interesting that some media company like Fox has social-influence contractors.

ab praeceptisApril 24, 2017 5:13 PM

Yeknom Edoc

"The type of len is int to match the ssize_t coming out of read()" - that's probably what they thought, yes. But it's wrong. Look, where the int comes from: from the declaration of len (they initialized it with the read call). They could, however, as well have (correctly) made len an ssize_t.

Ad string size param and \0:

Sorry, that's wrong. The proper reasoning is As C strings (char arrays) do not have a length with them (unlike e.g. Pascal strings), one should *always* feed string parameter as a pointer plus length couple. This is also true for arrays in general, string just being one case of those.

Ignoring that lead to a *grave buffer overflow* problem. Very, very, very bad coding.

Ad "style" comments: Nope, those aren't about style; they are about readability which is directly related to safety. I do that even in Ada which is *much better readably anyway ("if foo then ... end if; -- foo").

Even more grave, one first tests for failure, i.e. something like "if retVal

Also, C having no error propagation (like exceptions) one would make that whole function return a status rather than void (which makes it a procedure). That again would help in designing the whole mechanism better.

WaelApril 24, 2017 6:32 PM

@Nick P,

Often claim you heard it first on Schneier's blog...

That's a long one! It'll have to wait for The Weeknd :)

ThothApril 24, 2017 6:36 PM

@Nick P

If the mainstream people does not understand or adopt the higher assurance security we have been talking about, then the possibility of pushing higher assurance security into mainstream in an attempt to shape how mainstream security look like by making mainstream security incrementally higher in security assurance is one step forward.

I am happy to announce that my project that I have created is now in the marketting phase. The next project would be an incremental update to the product line by creating the Dynamic Secure Execution Environment feature as an incremental extension to my product in an attempt to push higher assurance a tiny step closer to mainstream and reality for the secure computing segment.

What?April 24, 2017 6:50 PM

@ab praeceptis

Moreover, as some might know, I do not believe in the sectarian "obscurity is no security" credo. Quite the contrary; encryption *is* professional high quality obscurity. This also means that I know about the quite relevant power of "do not stick out like a sore thumb but swim within the masses".
Like to
In my case, however, they'd see a) that my ethernet port isn't running win, linux, or some bsd stack and b) a stream of pseudo random bits. So, their assortment of OS toolkits would fail and they had to rely on making sense of the pseudo random byte stream.

ab praeceptisApril 24, 2017 7:11 PM

What?

So?

Or am I supposed to guess what you mean or where you feel to so a contradiction?

What?April 24, 2017 8:06 PM

@Nick P

My secure browsing was a KVM switch on several computers with controlled sharing. Bypassing that required finding a problem in the dead-simple switch or beating the one component required for sharing designed with principles like already mentioned.
Which one component? The KVM itself? I know we've seen a potential vector through some LCD monitor firmwares, but I wouldn't be very surprised if a number of keyboards also had exploitable buffer overflows in their controllers' firmware.

@ab praeceptis

I thought that contradiction was self evident. Sorry, nevermind :-/

Clive RobinsonApril 24, 2017 8:26 PM

@ ab praeceptis,

That said, I'm obviously a weird paranoid security freak and my solution is almost certainly not what most of you would like for everyday use.

Welcome to the world of the surviour,

Where what is seen as paranoid today, will be cautious tommorow, best practice the day after, and "Man are you crazy that's so weak" the day after that ;-)

It boils down not just to the strength of the attacker today but the strength of the attacker at a future time. If what you are doing only needs to be kept confidential prior to a public anouncment/deal for a few months then todays best practice will probably still be OK when you go public. But if it needs to be kept confidential for more than a year then todays best practice is probably not good enough, and a little more care is needed.

The big problem is that many people don't actually see how long something needs to remain confidential. Take a software developer their work horizon is often the release date. But the code may be still in use ten years from now, either still in the original software release or more likely as part of a library of code being used in several successor projects. Thus it should be easy for them to see this much further out confidentiality horizon.

The problem is that most people have very close in work horizons measured in days not weeks or months. But the confidentialiry horizon of the IP etc involved could be decades out when you consider the likes of drug R&D etc.

From a security perspective the furthest out horizon we are likely to see is that of 99 or 1000year leases on land. Personaly I can not see any Public Key signature scheme lasting that length of time, therefore other methods of securing the agreement from being tampered with need to be considered (with certain metal inks on velum still being favourit).

Thus at the end of the day you have to decide how far out the confidentiality etc horizons are and act as best you can to meet them.

And lets be honest about this we have yet to see a comercial crypto product last a quater of a century. The nearest so far is RSA but the bit length has gone up from a couple of hundred bits back in the 1980s to 8000bits looking a bit iffy to last a further quater century.

Nick PApril 24, 2017 8:37 PM

@ ab praeceptis

It's Noise versus them rolling their own. The cryptographic choices and implementation of Noise are better than most hand-rolled cryptography. They have less to screw up. That's its intended use-case. If one needs existing use-cases, then quite a few libraries and protocols are available.

@ Thoth

"I am happy to announce that my project that I have created is now in the marketting phase."

Good for you and good luck to you. :)

@ What?

"Which one component? The KVM itself? I know we've seen a potential vector through some LCD monitor firmwares, but I wouldn't be very surprised if a number of keyboards also had exploitable buffer overflows in their controllers' firmware."

Good thinking. I was relying on obfuscation for that where hardly anyone would be targeting (a) a KVM switch and (b) my KVM switch. I later talked here about the risks KVM switches would have where you'd want one highly-assured. It's still a smaller component than assuring a whole, computing stack. Note that one also needs a guard device for file transfers between systems if not using write-once media.

Clive RobinsonApril 24, 2017 8:46 PM

@ Who?,

I know, Clive will disagree because KVM switches do not provide energy gap. Are there other concerns that must be considered?

It depends on the KVM switch you are using. Some use actual electromechanical switches others use pin diode matrixes others use obsfication via chips.

I've designed video switches that pass certain fairly exacting standards using pin diode switching and load resistors. The trick is not in breaking the signal path but in diverting the signal to ground etc so it's signal energy is not going anywhere other than into a load and producing heat.

Think of it as breaking the line in two places A and B,

SRC---(A)------(B)---SNK


The first break A actuall diverts the input signal from the SRC to a load and then shorts out the line going onwards to break B. The second break B shorts the line from A whilst open circuiting the line to the SNK. If the line between breaks A and B is actually a low value attenuator in the Pi configuration then it limits the effect of radiated information by effectively shunting them to ground.

Patriot COMSECApril 24, 2017 9:23 PM

@ Rachel

Thank you for your kind words! And I am glad you talked about Tutanota. Protonmail does look as if it trumps Tutanota, and so I recently upgraded. I like the features that you mentioned, and I also like their physical security. One can tell that they are trying to provide a truly secure system. The main point is that end-to-end encryption in one of the upper layers is surely the way to go, and so Tutanota is decent at the least. End-to-end in an upper layer removes or reduces so many attack vectors, especially one of the most important: putting cash in the hand of a traitorous company insider.

Hushmail is not very hush hush, I am afraid to say. Countermail is the most interesting one: why do they use TLS 1.0 with CBC? Why does their applet have an expired digital signature? Why are they using SHA1? I smell a rat.

I suspect Countermail to be fraudulent. I would like to hear what others have to say. I think that the current security situation in Sweden demands that they weaken that particular system. In fact, I have a hunch that there is a lot of traffic between Stockholm and places like Raqqa. I am not going to renew my subscription, nor am I going to recommend them to anyone. With so many undocumented refugees from Afghanistan, Pakistan, Syria, and Libya, Countermail is probably a national security risk. It is just my guess.


@ Nick P

Let's not pretend it's all roses and excitement over there, though. (China)

Yes, you are right. But the country has transformed itself, lifting millions out of poverty. Everything is focused on business and education. I stayed at a software park last year, and it was interesting to see how they integrate education and technology. Small companies have full-time workers who are also students: programmers, website designers, IT security specialists. They work, work, work.

In China, people have many financial responsibilities towards their family that we don't have, or that we don't have to the same degree; for example, saving money for your child's house. Kids work incredibly hard in school, most moms work (leaving the kids to be raised by grandparents), and everyone is thinking about money. It is not a bed of roses, but, like the U.S., it is a good place to get some work done.

Patriot COMSECApril 24, 2017 10:28 PM

@ Nick

About Countermail, Hushmail, Protonmail, etc...

I agree with everything you said, except that I have grave doubts about Countermail. I look at these providers as offering a wrapper that gives a certain level of security (signing, integrity, privacy). For most people, Protonmail or GPG with an interface will give them all the security they need.

There are many ways to go all the way and make sure that nobody on the earth ever sees or even thinks of breaking your message. There are normal people who need or would like that kind of protection, but there are also a lot of bad guys who want such a thing too.

After much thought, I have concluded that today's weakened systems and uninformed users (uninformed about real security) are actually the way it should be. If someone is good at making scarily-effective steganographic and cryptographic systems, it might be best to lose them and take up ballroom dancing or advising people to use Hushmail.

I have done a 180 because I see how enigmatic cryptography is: we need it to be strong and we need it to be weak. There are solid reasons we need it to be pretty strong instead of unbreakable, and those reasons are compelling, mostly having to do with terrorism, which is real.

RatioApril 24, 2017 10:30 PM

@ab praeceptis,

It like so often in engineering, comes down to a decision, to a compromise.

Oh, so you know about making trade-offs after all. I seem to remember mentioning this "being an engineer is about making trade-offs" idea a couple of weeks ago in some contex tor other where you seemed unfamiliar with this notion. Good for you.

One of my rules [...] is to only accept building blocks based on Ada or at least Pascal or Modula.

Why? What are the pros and cons of this (seemingly rather arbitrary) restriction?

Is there any proof that Russia or the Donbass people have shot down MH017? - If yes, provide it; if no, shut up [...]!

You realize that people like @Winter and @keiner will now of course demand that you provide evidence to back up all your accusations?

On your comments on protocol/rand_os.c:noise_rand_bytes:

  • for (;;) vs while (1): Meh. People like their idioms and every C programmer knows what for (;;) means. (Personally I #define EVARZ (;;), but that's just me.)
  • loop using while(retVal != -1): Ugh. You loop on short reads, and that's spelled while (len < size) or some such.
  • read() is ssize_t: Yeah, that's wrong. The definition of read used to be int read(int fd, char *buf, unsigned nbytes), so maybe that's the reason for the confusion?
  • passing a buf_size: What do you think that achieves? Comparing buf_size and req_size won't tell you the size of the buffer, so it's still the caller who is responsible for supplying noise_rand_bytes with a buffer that's large enough for req_size bytes.
  • buf_size must be >= req_size + 1 due to C needing \0 to determine string size: No, all the function noise_rand_bytes needs is an array large enough to hold exactly the requested amount of bytes. (It's just like read in this respect.)

RachelApril 25, 2017 1:08 AM


Patriot COMSEC
Nick P

But the country has transformed itself, lifting millions out of poverty. Everything is focused on business and education. I stayed at a software park last year, and it was interesting to see how they integrate education and technology. Small companies have full-time workers who are also students: programmers, website designers, IT security specialists. They work, work, work


I had an Australian colleague - and a real stereotypical beer drinking chain smoking far north australian - whom had spent 30+ years in China and was essentially considered an honorary chinese. Despite being 'just' an english teacher, he was embraced as a dear friend by high levels of society and government. He said they look after their own better than his native country. He gave an example of an earthquake that leveled a small city. As a teacher he was required to help and overnight they had mobilised taskforces from all over the country. There were massive amounts of resources and people flooding in. The official that woke him up to take him there, stopped off at a hardware store on the way to the airport and basically bought the entire shops inventory with a government chequebook.
He described arriving to the site the same day of the quake, see so many squadrons of hercules planes with supplies, they were stuck in holding patterns over the airport. They worked so hard and with so much help, in a month they had a levelled city basically operational again. They sold the newly built apartment blocks to the survivors for $100 up front then $5 a year for 10 years. Literal, genuine figures quoted there. Some years later they are now worth a great deal of course.
All the other destroyed area was given National Park status
There was another story, I forget the details, basically there was a concern about apotential rapist near a train station. The police cycled and drove around the area with a loudhailer for 24hours for 3 days, advising local women to be careful.
His basic sentiment was, you have no idea how much brainwashing there is about life in china and russia,


@ Patriot COMSEC
Protonmail also has its new dark onion Tor service. I would not use it. As opposed to their primary server, whilst one can be sure they have taken all care, one concern with this new service is that the secure location of their server is now an unknown quantity. Tor nodes themselves nonwithstanding.

RatioApril 25, 2017 3:17 AM

@ab praeceptis,

Correction to my earlier comment: the loop is not about short reads, it's about retrying if read is interrupted by a signal before reading any data. In that case read returns -1 and errno is set to EINTR.

(But then they decided not to retry if read is interrupted by a signal while reading data, resulting in a short read. That seems oddly inconsistent, but it's late and there's probably something I'm missing...)

ab praeceptisApril 25, 2017 4:28 AM

What?

You might also want to consider that the "contradiction" just appears to be one.

Ad: yor response to Nick P - There are almost certainly also bugs in keyboard firmware. To use them, however, one needed some useable access to that firmware. I don't say that's impossible or even difficult but it's a barrier.

Patriot COMSECApril 25, 2017 4:30 AM

@ Rachel

That was interesting. I am not an expert about China, but I have spent about 18 months total in various places around the country. I get treated with a lot of respect by everyone, and when I say that I am an American, they smile, give a thumbs up, etc. But if I were Japanese they would want me dead, not that I would blame them for that sentiment. If you ever go to Nanjing, stop and see the Museum of the Massacre. It is riveting. When security fails utterly, that is what can happen. By the way, there were several Americans who bravely helped the Chinese. In fact, they saved thousands of people. The Nazi who helped save thousands of Chinese in Nanjing during the invasion (starting in Dec 1937), later survived on food packets mailed from China to his home in Germany during the lean times of WW II and its aftermath.

ab praeceptisApril 25, 2017 4:58 AM

Clive Robinson

Indeed. I personally base my work on the assumption that both (anyway related) security reductions of both rsa and ecc will not survive the year 2025. That may happen due to quantum systems or due to other factors, mainly major progress in both math and computing power. Just think an 8000 core Risc-V system ...

Moreover, while most people (just as they are tought) assume NP-hard to be good enough, I do not at all. The step from NP-hard to doable in polynomial time might turn out to be a surprisingly quick - and devastating - one. What I'm looking for is NE or at least provably exponential complexity, preferably multivariate.

At the same time, we have to recognize that our alternatives (generally subsumed under "pq") are more or less fragile and usually also burdened with undesirable properties. And I'm absolutely not sure that our "smart" steps are really smart.

One example pretty much begging for attention is Ring-LWE, i.e. lattice based crypto that gains attractivity by having considerably smaller matrices thanks to generating the full matrix by a "revolving generator" over the first row (to create all other rows).
Obe problem immediately visible with that is that it obviously either limits r to r

Short, we do not have a good toolset for a post rsa/ecc time. We have approaches and some of them have attractive reductions of NE comnplexity but the way from "mechanism found and understood" to "well understood und implemented realiable crypto" can be a tedious and long one.

All in all I find myself to rely much on hope in the form of PKE ratchets that employ pq crypto that *look* realiable enough to me (and man could I be wrong!) along with good old Montgomery and Edwards curves. The hope is that, should the pq part turn out to be less strong than thought, curves might still still hold; at least they are reliable. Or, the other way round that, should the big bad pq monster rear its head surprisingly that the pq part is strong enough. Internally I call my solution "spq" as in "supposedly pq". grrrr.

But there are "friendly ghosts", too. Probably the most important one being my stubborn work on "security *is* obscurity, but professionally created. One paradigm I find very important and helpful again and again is a solid marriage between being anal and ultra-paranoid about random. Not all is well there, either. Most, for example, do not know (or care about, frankly) that what's called cryptographic prngs usually do *not* have the best properties in term of random quality. So I put quite some work into having a prng that both is cryptographically secure and at the same time delivering excellent random properties (unbiased, distribution, etc).

Granted, that's more in the seat-belt and airbag department than in the better steel car bodies but hey, not having ones own foundry and car production facility adding seat-belts and airbags might come in very handy if the crash comes ...

ab praeceptisApril 25, 2017 5:05 AM

@Nick P

"It's Noise versus them rolling their own." - Is it? Tell me difference between noise implementing crypto lousily and some Joe or Jane implementing crypto lousily.

And sorry, but an implementor sh*tting on the rules of the trade and fumbling buffer bugs is not something to mildly look at.

Case closed, death sentence stays.


@Thoth

Apologies, I'm somewhat late. Congratulations! May the amount of rubles, renmimbis, and euros be no smaller than but rather a multiple of the amount of work you put into that product! I wish you plenty success (and, yes, I'm of course exitedly waiting for the holiday card *g)

TatütataApril 25, 2017 5:14 AM

Did anyone notice that the squid that grabbed the other one by the BLEEP is wearing a golden toupee, and squirts gallons of black ink whenever it is short of an explanation?

And what about the jellyfish barristers that are waiting off-screen to negotiate a settlement? And the NSA-whale in the distance sucking everything up? And the Suchgore lobster lurking at the bottom to adjudicate on the decomposing scraps that eventually reach it?

Am I that freaked out?

ab praeceptisApril 25, 2017 5:29 AM

Ratio

(me) insist on ... Ada or at least Pascal or Modula.
(you) Why? What are the pros and cons of this (seemingly rather arbitrary) restriction?

Really? How many more times do I need to put that into the text box? Just look at the given case, the array parameter problem. I the languages I insist on (well, as far as any possible) an array or string always comes along with its size. Moreover iteration from First to Last can be done. Plus implicit domain specs, and much more.

for (;;) vs while (1): Meh. People like their idioms ...

That's a valid observation but also one (of many similar) that brought us to where we are - deep sh*t.

for and while are conceptually quite different constructs. One is about iteration, usually with some control of the iteration mechanism, while the other is about one condition being true or not.

You loop on short reads, and that's spelled while (len

Nope, not in security minded development. There the first question to ask is "was there a problem", which among other things also means "is any of the related variables (such as the one against which you'd like to test) even reliable and meaningful?"

Yes, len does happen(stance by some intentional or not design decision) to work with your construct but you ask the wrong question by asking two questions in one.

If you want safe and reliable code you first ask "did it work properly?", i.e. you test against -1 in the case of read.

Also note that the followup is quite different. If it did work you look for quite different information (such as len == size) than if there was an error; in which case you examine errno.

passing a buf_size: What do you think that achieves? Comparing buf_size and req_size won't tell you the size of the buffer, so it's still the caller who is responsible for supplying noise_rand_bytes with a buffer that's large enough for req_size bytes.

Already answered above. Using a buffer whose size is not known is playing lottery, simple as that. Moreover - read their comments! - it is unknown whether the buffer at least ends in \0 and all chars before the end are != \0. Hence we can not even reliably find out about it's size. We have to rely on the caller providing reasonable parameter - a bet that has been lost many times, even in "secure" code such as openssl.

Finally, the fact that C does not provide for using Hoare triples does - and should! - not mean that one should not internally work like that, at least in the mindset.

Security needs verifiably correct code. Unfortunately, usually it's rather in a grey zone. The worst case if if it's verifiably *not* correct - which I demonstrated for noise.

Also note (I'm surprised that it seems nobody took that seriously) my comment (in the code fragment) about being potentially being de-facto blocking while the header comments expressly assert it's not blocking.
One reason? The "for(;;)" construct you defended. This whole thing is effectively a uncontrolled loop based on not provably holding assumptions.






Dirk PraetApril 25, 2017 6:24 AM

@ Nick P

One of easiest ways to improve Internet-connected or mobile devices is to virtualize the legacy OS in a VM on top of a secure microkernel with security-critical apps in own protection domains.

Isn't that exactly what Qubes is trying to do? Xen is a type 1 microhypervisor. I guess there were probably better choices from a security vantage (Nova?), but from where I am sitting Qubes - however imperfect - is a really good step in the right direction (including the Whonix integration) for mainstream users who want to beef up their security profile all while continuing to use the COTS OS'es they are used to. I'm not sure why team Rutkowska went with Xen, but I suppose it was because it was open source, reasonably mature and with better hardware support than some others they looked into.

I actually kinda like @ab praeceptis's Minix3 microkernel + NetBSD userland setup, but however suitable for a specific task by a paranoid security geek (which I mean as a compliment), that sounds a bit like a dead end for a general purpose OS. A Nova/Genode combo or a separation kernel like Muen sounds interesting too, but I cannot shake the feeling that none of these are prime time ready, which both @ab praeceptis and @Thoth seem to confirm.

I recommended that military-style we link-level encryption between any two nodes that combat covert channels by fixed-size, fixed-rate transmission with error behavior not leaking much.

I suppose it's still not being done for bandwidth and latency reasons, which makes it vulnerable to traffic analysis. Same problem in Tor.

Separation of trusted and untrusted computers.

Since it's probably one of the easier controls to implement, it's kinda beyond me why this is still not standard practice.

Rust on language side and resurgence in spec interest with TLA+ might be only counter-examples I can think of.

And Rust on the OS side, as in Redox. I think I'll do a nightly build one of these days to see where they are.

JG4April 25, 2017 6:32 AM


As always, appreciate the excellent discussion by the usual suspects. One way to tally or catalog the history of the recommendations for books and hardware is natural language processing. The drift of the discussion over years could be graphed very nicely, in ways that are analogous to this:

Visualizing The Evolution Of The American Economy Over The Past 50 Years
http://www.zerohedge.com/news/2017-04-23/visualizing-evolving-american-economy-over-past-50-years

I think that it was pointed out before that a hypervisor is just a tool for visualizing states of a machine, as are the dashboard of a car and the instrument panel of an airplane. My buddy iced up badly in the mountains of the western US after FAA controllers vectored him into IFR conditions. He was on the way back from the funeral of his friend who died in an avalanche. As a VFR pilot, he was very fortunate that his hobby was Microsoft Flight Simulator. He transitioned to instruments and circled above a valley to avoid the mountains, then asked for permission to descend. As he descended on instruments the thick ice melted off. Eventually he got below the clouds and was able to land. He opted for the full confession option where you avoid FAA sanctions by telling the whole story. The right instruments can save your life.

Links 4/25/17 | naked capitalism - Tor Browser
http://www.nakedcapitalism.com/2017/04/links-42517.html
...
Big Brother Is Watching You Watch

Japan Made Secret Deals With the NSA That Expanded Global Surveillance The Intercept

https://theintercept.com/2017/04/24/japans-secret-deals-with-the-nsa-that-expand-global-surveillance/

When Spies Come Home Motherboard

https://motherboard.vice.com/en_us/topic/when-spies-come-home

Spying on Students: School-Issued Devices and Student Privacy EFF (full report).

https://www.eff.org/wp/school-issued-devices-and-student-privacy

Who?April 25, 2017 6:42 AM

@ ab praeceptis

Thanks a lot for providing so clear and detailed answer to my question about using KVM switches to access both connected and airgapped networks.

I see the point. All we must do is a risk assessment to identify the probability of an adversary to successfully collect information from our airgapped systems. If we are not a target for state actors —I hope this one is my case— then a KVM switch should be safe to use, even if it is not perfect.

ab praeceptisApril 25, 2017 7:08 AM

Dirk Praet

... Minix3 microkernel + NetBSD userland setup, but ... that sounds a bit like a dead end for a general purpose OS.

It's not meant to be (at least not by myself. Tanenbaum might have a different view; he since quite a while calls Minix3 "netbsd done right" (his meaning, my words)).

But then, nsa doesn't care about your gaming and you probably don't care about them knowing what music you're listening to. In other words: Not everything must be protected, at least not at the same level.
What needs to be protected? Some data, much of communication and (actually not much) browsing (like online banking).

An OS for that or what I call the "reasonable compromise system" must hence allow to store and organize data, to communicate, and to do some browsing and not much more. That's feasible, that's a reachable target.

...Muen sounds interesting too, but I cannot shake the feeling that none of these are prime time ready...

Depends again on ones needs. I use something like Muen (but not Muen) to keep the "reasonable compromise system" and the "security dongle" separated and at the same time connected through safe channels provided by the hypervisor (For hardcore security those 2 are separate hw systems but for my private use (as in "nsa has more attractive targets than me") a virtualized platform seems good enough and it's anyway dimensionally more secure than what's commonly used out there.

Also keep in mind *why* I'm looking at Minix. It's *not* because it's secure (it isn't). It's because it's not a monolith and Tanenbaum had safety as one criterion early on, so it's *much less vulnerable* and sh*tty than all the monoliths.

Some interesting side note: After some first worries I actually *like* the fact that there aren't that many packages available (about 5k or so) because that softly forces me to have a closer look at the source code of my favourite tools (which are *of course* not available as click and run packages). I've learned that properly designed ones will be ported (or simply adapted) without much hassle while badly designed ones, like e.g. strongly rooted in linux ones. will cause problems (and hence make me think about replacing them).

The Omega GloryApril 25, 2017 9:47 AM

@DirkP. "Isn't that exactly what Qubes is trying to do?"

Yes with TRYING being the operative word. Qubes has major problems.

(1) They went with Zen because Zen had a reputation as being a super-secure hypervisor yet as the ensuing years have showed that reputation turned out to be misplaced. Now the developers have a large investment in a hypervisor that did not live up to its reputation.

(2) They went with Fedora on the basis that Fedora was the most secure of the major Linux OS. This was true but what they overlooked was that Fedora has terrible hardware support compared other OS's like Ubuntu and Debian. This slowed down the adoption of Qubes and less people meant less money coming in from donations. As a consequence they have had to look for other sources of funds and that has left less time for Qubes development. The original time line for 4.0 was the beginning of this year and not only are they four months behind they refuse to commit to any future date. Rumor has it that there is some possibility we may not see 4.0 at all. Who knows...

(3) Finally, more than one gossiper has noted that Joanna seems to have lost interest in the project and is more keen to travel around Europe attending security conferences than she is actually doing work on what was her baby.

All of this is to say that is you are perceive Qubes as an example of what a successful project of this type looks like your perception is in error. Qubes may simply be going throw growing pains or it may be on its last legs. Time will show.

Who?April 25, 2017 10:11 AM

@ Clive Robinson

The one you describe is certainly a great design for a video switch.

Doing a careful search I see there are a few "secure" KVM switches on the market, like the Belkin OmniView series. A bit expensive, but may be worth the money if these devices provide some sort of obfuscation or limit the amount of radiated energy.

I do not think my work in a FOSS project is interesting to state actors (ok, it actually may be as its goal is increasing computer security and it is being widely used right now, but there are more profitable ways to break our security than attacking our computers). Will consider buying a not very expensive OmniView if I find one.

Patriot COMSECApril 25, 2017 10:32 AM

From: https://research.kudelskisecurity.com/2017/04/25/should-ecdh-keys-be-validated/

"So why would it make sense to validate ECDH public keys?"

"The first thing you learn in any infosec class is to reject invalid inputs, and check return values for errors, even if there’s no obvious exploit in sight. Doing this is sometimes called “defense in depth” or “best practice”.
The point of Diffie-Hellman is that both key shares should equally contribute to the shared secret, so that the protocol doesn’t allow key control, a desirable attribute of any authenticated key agreement protocol, as discussed in this MQV paper. If the protocol allows a peer to force the shared secret to be zero, or more generally to lie in a subgroup, then the said peer can surreptitiously weaken the protocol’s security (objection: “but why would a peer be malicious?”).
Points in small subgroups will leak information on the other party’s private key, and can allow for invalid curve attacks, depending on the curve that is used.
It’s costless: adding a zero check is ten lines of code tops, which is unlikely to introduce new vulnerabilities nor to hurt performance.
It reduces the risk of non-obvious attacks. Take Signal’s protocol, for example. If Alice generates all-zero prekeys and identity key, and pushes them to the Signal’s servers, then all the peers who initiate a new session with Alice will encrypt their first message with the same key, derived from all-zero shared secrets—essentially, the first message will be in the clear for an eavesdropper. Alice can deny being malicious, arguing that her PRNG failed. That’s just an example scenario—granted, far-fetched—but there might be others, and checking for invalid keys is probably easier than proving that they will never be exploited.

The bottom line is that omitting key validation may be fine in many cases, but with today’s complex protocols and scenarios it’s just playing with fire."

====================

I smell a rat.

ab praeceptisApril 25, 2017 11:21 AM

Patriot COMSEC

I don't care much about kudelski (meaning: I'm neither a fan nor do I dislike them) but I'm somewhat torn between different feelings about your post and their article.

For a start moxie and djb argue quite differently but the kudelski article throws that into one pot ("ECDH pub keys need not be validated"). Well noted, djb being the author of the crypto being discussed. moxies "argument" on the other hand is (not surprising for me) quite vague and dubious.

Some of what has been written is even nonsensical. Example: Even if, as (baselessly, I think) postulated, points in small subgroups a) is not a zero key and b) would need a massive amount of key exchanges/establishments before any not utterly insignificant chance of weakening arose.

Also note that part of the "arguments" (e.g. "both key shares should equally contribute to the shared secret, so that the protocol doesn’t allow key control") are dubious at best. Why? Because that's not how it works. the final sym key established will in any even half-way sensible implementation be computed based on both suggestions from both sides.

But there is lots more to take with more than a grain of salt. Example: "public keys" can mean a lot. djb, for instance, obviously speaks of ephemeral session keys (not of static or rarely changed ID or sig keys). Those, however, are highly random anyway unless one malicously uses a *very much* weakened implementation.

Which, btw, leads to a far more dangerous attack vector, namely the one which nsa through rsa corp indeed established: poor random (which reduces security of PK gravely). To paraphrase/abuse a famous rothschild saying "Give me control over your random generator and I care little about your crypto".

But, yes, insofar kudelskis point (albeit rather clumsily) was to call for sensible precaution in PKE, they are right. But then, Pardon me, we are not on day 1 of crypto 101 and I would like to assume that all involved parties know the basics (Yes, I know; that's an untenably optimistic assumption=.

Side note: "moxie" being involved in something has become a red flag for me and makes me stay away.

FreezingApril 25, 2017 12:08 PM

@Zack

Again, data from places other than Europe and North America is especially helpful: I particularly want Asia, sub-Saharan Africa, and South America.

Define South America. A diverse place where you can find almost perfect democracies along with some of the most despicable regimes on Earth. I would say some countries in SA now enjoy are more freedom than some of their European and North American counterparts [ex: Brazil, Argentina, Chile and Uruguay]. I`m not joking, unfortunately.

NickApril 25, 2017 3:35 PM

Is it true about the backdoors in all 2017 and later cars that allow rogue police and black hat hackers to remotely crash cars, drive them off cliffs, into hazardous material trucks, etc?
Or at least to disable cars during critical actions like lane changes, turning through intersections, etc?
In otherwords, will Die Hard 4 come true soon?
Have any of the backdoors for these semi-autonomous navigation computers been included in the latest Shadow Brokers leak, or Snowden leaks? If so what do they cost and what kind of paylouds are supported?
Is there a metasploit module for it yet?
In case there's doubt, I want to patch these vulnerabilities not abuse them, and without anything to reverse engineer it's hard to harden a system.

ThothApril 25, 2017 6:29 PM

@My Info

It is not surprising that neither US, Russia, China et. al. are telling the truth.

We are in the continuation of the Great Game that would be leading up to WW 3 sooner or later. It is just a matter of when the global threshold is reached before WW 3 breaks out and another new superpower would appear or the old superpower would remain the World Hegemon. Probably we may not even see the face of the Earth as possible option of using nuclear strikes are on the table from the view of the current Korean Peninsula tension and the tension in Asia.

@ab praeceptis

You mentioned Moxie which inspired me to add Signal and Whatsapp into the Hoilydays list.

Nick PApril 25, 2017 7:27 PM

@ Dirk Praet

"Isn't that exactly what Qubes is trying to do? Xen is a type 1 microhypervisor."

Sort of. It's like one of the old Compartmented Mode Workstations with the security domains as VM's on Xen. I blasted Joanna for not building on a foundation actually designed for security or integrating components like Nitpicker GUI that already did much of the work for her. She defended it with basically no evidence besides power management, claimed nobody was doing something similar, claimed overzealous sales reps at Green Hills never responded to her inquiries about the product, said using microkernels was like Mac OS, and some other nonsense. I called BS on all that with citations with no reply back. I decided to write it up as maybe better than a vanilla Linux but probably bad in the long term.

Some time later, she added a trusted path and was blasting Xen mailing list about their bad, security practices. (big-ass smile here)

"I actually kinda like @ab praeceptis's Minix3 microkernel + NetBSD userland setup"

That's vanilla Minix 3 that i can tell. It's a microkernel, some user-mode components, and a NetBSD userland. Interesting about ab praeceptis's overall setup is it uses most of the recommendations you see on this blog from Thoth and I. I haven't seen anyone else describe all of those at once since users cherry-pick. It's possible ab praeceptis adopted some good tech we posted. Either way, it's some good picks with Minix 3 improving things in the long-term for availability if nothing else. Reincarnation server restarts buggy stuff in the background. Neat stuff. Maybe integrity with less components running broken for long periods.

"A Nova/Genode combo or a separation kernel like Muen sounds interesting too"

Correct. The Genode people do have theirs running in a VM on specific hardware. The easiest solution is using the Mac model of combining good hardware with software bundle to eliminate [most] driver issues. There are commercial offerings that already do that albeit not aiming for the high end. INTEGRITY-178B, LynxSecure, VxWorks MILS, and Sirrix all have desktops with security-oriented microkernels on the bottom w/ legacy stuff in VM's. OKL4, now General Dynamics' company, did it for phones. Alternatively, you can do a driver VM like OKL4 did where you use drivers of foreign OS in a VM w/ that OS w/ every other function stripped out. Other apps, native or in other VM's, use virtual drivers that talk to that one.

"I suppose it's still not being done for bandwidth and latency reasons, which makes it vulnerable to traffic analysis. Same problem in Tor."

Most just don't know about it. From there, it might be good or might not. For instance, the leased lines that keep sending data on mission-critical services might do fine with this style. Likewise for stuff that takes low bandwidth but need to be always on (low-volume, text-only messaging). The rest might not be able to pull it off. Other obfuscations are available, though, where attacker is at least forced into a cat and mouse game.

"Since it's probably one of the easier controls to implement, it's kinda beyond me why this is still not standard practice."

I remember Grimes wrote against it at one point. Someone popular. They pointed out that there were many enterprises keeping separate networks. Eventually, they integrate them or pass stuff back and forth in a way that defeats the security. He just recommended not doing it. That's different, though, than doing controlled sharing like in cross-domain devices. In a number of scenarios, the information doesn't even need to move in both directions. That makes one-way links implemented by data diodes ideal.

"as in Redox. I think I'll do a nightly build one of these days to see where they are."

They did the right thing in a lot of ways. They also built it super fast. I gave them props when I saw them. Another one built by a high-assurance, security engineer on seL4 team is Robigalia. It's in alpha stage but will be like Nizza, Genode, etc stuff I share. All the components written in Rust except seL4 that stays same to preserve proofs.

RatioApril 25, 2017 8:53 PM

@ab praeceptis,

[...] an implementor [...] fumbling buffer bugs is not something to mildly look at. Case closed, death sentence [for Noise] stays.

Next up: your "death sentence" for POSIX when you realize that read has the exact same "buffer bug". So much for using Linux, hardened FreeBSD, OpenBSD, or Minix to name but a few...

Really? How many more times do I need to put [the pros and cons of limiting yourself to Ada or at least Pascal or Modula] into the text box?

Just one first time would be nice.

Yes, you've listed some things that are pros in your book ("an array or string always comes along with its size", "iteration from First to Last", and of course the evergreen "ranges"), but those are not exclusive to Ada, Pascal or Modula in any way.

And I'm not aware of you ever having mentioned any cons that are technical in nature. The downsides you mention are about lack of popularity and bad tooling. What about the issues intrinsic to those three languages?

for and while are conceptually quite different constructs

Stylistically, yes. Conceptually, no. while is a degenerate case of for: while (expr) is equivalent to for (;expr;).

Yes, len does happen [...] to work with your [looping] construct but you ask the wrong question by asking two questions in one.

You want to include 0 <= len? Fine.

If you want safe and reliable code you first ask "did it work properly?"

"First" is not a requirement.

[passing a buf_size] Already answered above. Using a buffer whose size is not known is playing lottery, simple as that.

Passing a buf_size does exactly zero to change that, while cluttering the code with another useless variable.

Moreover - read their comments! - it is unknown whether the buffer at least ends in \0 and all chars before the end are != \0.

(Which comments would that be?)

The buffer is no more than a block of memory of a certain size; its contents can be anything at all. Your failure to grasp this simple idea is worrying.

Hence we can not even reliably find out about it's size. We have to rely on the caller providing reasonable parameter - a bet that has been lost many times [...].

And yet you insist that adding a buf_size argument will change any of that.

WhiskersInMenloApril 25, 2017 8:56 PM

Nonprofits are beginning to be aware of security in a public way.

A press release "Supporting Cybersecurity for Nonprofits"
https://oe.packard.org/supporting-cybersecurity-nonprofits/

Points to:
"Digital Security & Grantcraft Guide"
https://oe.packard.org/resource/digital-security-grantcraft-guide/

Which points to a Ford foundation guide:
https://www.fordfoundation.org/library/reports-and-studies/digital-security-grantcraft-guide/

Tools and policies apply to all.

Patriot COMSECApril 25, 2017 11:41 PM

@ Dirk
"Since it's probably one of the easier controls to implement, it's kinda beyond me why this is still not standard practice."

People do not talk about air gapping very much, but it is crucial. How to break the trail of electrons in air-2-air is another issue that needs discussion.

@ The Omega Glory

"They went with Fedora on the basis that Fedora was the most secure of the major Linux OS. This was true but what they overlooked was that Fedora has terrible hardware support compared other OS's like Ubuntu and Debian."

I also think that Fedora is the most secure of the major Linux OS. It is good for your air gapped system, for storing and generating PGP keys, etc.

--------------------------------------------------------

A computer and OS and browser that have touched the internet are unsecure from that moment on, as you know. A computer with no USB ports, without audio input/output, without a NIC, without Bluetooth, with firmware that you flashed, without an antenna of any sort, without a printer or adapter, with no bells and whistles, and without a HHD, in a space with good physical security, is your friend.

The craze in IT has been driven by commercialism: more, more, faster, faster. It's like a porn show. Guess who is the main actor? People need to start thinking: less, less, safer, safer. Most people don't care about their security and they don't want to take the time or make the effort to have real security--even though it is not hard.

This game of trying to secure something that is fundamentally unsecure needs to stop, or at least we need to not take it seriously. The distinction between safe and unsafe needs to be emphasized, and we should not let these companies, big and small, lie to people and tell them they can have an expectation of privacy for $100.

We all know that there is one cryptographic system that can be proven to be unconditionally secure. Why then is it not being used? Yes, it has disadvantages, but those can be overcome. Coming from a truly air gapped system, compressed and wrapped in AES256 and in unweakened PGP--ain't nobody gonna break it--it's better than Churchill's quote about Stalinist Russia. I often wonder why this has not been popularized. Right now people are playing a losing game, but David actually has the tool to slay Goliath, and it is not expensive or complicated.

Yes, it is difficult to generate high-quality random numbers, but that can be done. If everyone communicated in this way, then there would be a big choice to be made: does it become illegal or do we just close the doors and turn off the lights in that building in Maryland with no windows...a curtain would descend. I have faith that they could deal with this problem, but the only way to do so is with surreptitious entry--which is expensive, risky, and time consuming. Mass collection will have come to a screeching halt, and the price of collection will then be astronomical.

WinterApril 26, 2017 3:23 AM

@ab p
"Is there any proof that Russia or the Donbass people have shot down MH017? - If yes, provide it;"

For proof, a lot of proof, see the links further up, especially this one:
"The Dutch investigators have compiled a detailed report that shows unequivocally that Russian military drove the Buk into Ukraine and fired it.

https://www.om.nl/onderwerpen/mh17-vliegramp/presentaties/presentation-joint/
"

Also the links to the journalist stories, who did speak to eye witnesses in the region, is there.

But I think we can make a different point. You are simply a hypocrite.

You have made countless accusations against the USA. When we criticize the US, you criticize the US. But when we criticize Russia, you criticize us.

Against Russia, your standards of evidence are unattainable, against the US your standards are non-existent.

ab praeceptisApril 26, 2017 3:53 AM

@Thoth

You mentioned Moxie which inspired me to add Signal and Whatsapp into the Hoilydays list.

Finally. And: Well done.


@Nick P

That's vanilla Minix 3 that i can tell. It's a microkernel, some user-mode components, and a NetBSD userland.

Correct. And as I repeatedly said I do *not* consider Minix3 to be secure. But it's a very major progress in terms of security as a microkernel has a dimensionally smaller attack surface. So it's *less insecure* (as I also repeatedly said).

It's possible ab praeceptis adopted some good tech we posted.

Wrong. I had my basic concept long before I started to read here. I'm also observing and playing with Minix3 since quite some years now.

Also, one must certainly not be a guru to come to the conclusion that microkernel is the way to go. Where one must, however, have some guru-quality is when *concretely* designing and implementing.

Moreover you, like quite often, tend to value knowing (of something) too high and *doing/implementing* something far too low.
Trying Minix or Fiasco is a no-brainer and so is using libsodium. Really understanding it is already somewhat harder - but still not enough for a good solution. To achieve that one must know much more, chose wisely, specify and design properly (with verif. in mind). Example: Alone the seemingly simple question of chosing a prng quickly turns quite complicated when looking (and identifying in the first place) all the relevant factors and also how to use them. Example: It is quite desirable for some kinds of projects to not use 1 but rather, say, 32 prngs, one of which is is used at any given point in time. How to chose that one? Using prng #33? Nope. For that you want to have a different prng type.

Let me be frank about my worldview and some personalities here:

I quite rarely read our hosts blog posts; I perceive them as gazette like (which is OK as many seem to like that; it's just that I subjectively am rarely interested in them).
You, Nick P, have that function for me; it's your posts that I read with the expectation others have at HN or here. You are quite good as news aggregator for the field I'm interested in, plus occasionally I find one of the papers you mention interesting.

Clive Robinson - no need for comment. He's the wise man with lots of experience, always polite and friendly and he usually damn knows what he's talking about. Lots of actual experience pay off.

Thoth I see as a brave sleeves up guy. I value that a lot. We need that kind of people who build swords to fight the dragon. Plus, based on lots of work (and studies, I guess) he also knows what he's talking about.

As for myself, I don't ask for advice and I very, very selectively take it. Nothing wrong with the people here; it's just that I'm wired like that. I want to know and to understand myself down to the damn bits. And I'm knee-deep in the matter practically.

Rest assured that I never ever took any idea from here. I highly value our hosts excellent work; after all, blowfish is still standing after far more than a decade, so Bruce Schneier has earned the golden stars on his chest. But even from him I did not take ideas; I do, however, think about his thoughts (insofar as they are about my field and not more or less political).

Don't get me wrong. You are a good quality has-read-about-a-gazillion-things man. As I said, I do value you as an IT security gazette but you are definitely not the source for anything I'm working on.








ab praeceptisApril 26, 2017 4:38 AM

@Nick P

P.S. Clive and Thoth are modest.(I'll stop it here. do the next step yourself, if you like ...)


@Ratio

Ah, my favoured enemy *g (Remember pink panther? You are the Asian who always attacks him; but all in all they were more friends than enemies).

Next up: your "death sentence" for POSIX when you realize that read has the exact same "buffer bug".

Those are all either very old or building on an old code base, when the skies were blue and a 4 letter password was good enough. Plus: Posix. No need to say more.
Note, however, that even in the more intelligent C circles nowadays "buffers always followed by size_t, please!".

noise, however, is relatively new and not bound to aeon old standards like Posix.

pros ... but those are not exclusive to Ada, Pascal or Modula in any way.

And I didn't say they were.

And I'm not aware of you ever having mentioned any cons that are technical in nature. The downsides you mention are about lack of popularity and bad tooling. What about the issues intrinsic to those three languages?

I see none. Sure there are things, like e.g. Adas love for new designations (e.g. tagged rather than object) but generally those are more nuisances than problems and most are of a more religious nature. One might argue that OO is bad or that more functional paradigms might be better or ... but practically speaking those languages are pretty close to perfect *for my field*.

So, in the end it comes down to tools and other pragmatic issues.

(me)for and while are conceptually quite different constructs
(you)Stylistically, yes. Conceptually, no. while is a degenerate case of for: while (expr) is equivalent to for (;expr;).

I understand you well; I was using C myself for decades and know the mindset well. But you are wrong.

while is about a certain state. Until that state or as long as that state is true something is done.
Think of it as the control structure to be used for railway control: while track is free .... and while track occupied ... - and note that the number of loops iterations is usually not relevant nor is it (often) even known or computable.

for, on the other hand, is about doing something *with something* about which we either know or can compute certain properties, in particular its size and the loop is about performing something for or per each x (usually 1) elements.

Again the Wirth languages and derivates come in handy: In Ada, for example, 'for' is typically parametrized by a range construct such as "my_array'First..my_arry'Last" while 'while' is always simply checking some state, typ. a bool.

Btw. the 'for' (word) in 'for' (german 'für') was chosen for exactly that reason. The logic is "for the elements of some data structure" (typically an array).

You want to include 0

No, I want to first check whether it worked (retVal > 0) and then check details of both branches - which are different! If an error happened than I must examine errno to decide how to proceed. If not I must examine the result buffer (mainly whether it's indeed full)

"First" is not a requirement.

Funny statement in the context of sensitive software. And a reason for many bugs.

Passing a buf_size does exactly zero to change that, while cluttering the code with another useless variable.

So microsoft, apple, MisraC, and others are all idiots who just love to clutter code with useless variables?

Do yourself a favour looking up strcpy, strncpy, strlcpy ...

(Which comments would that be?)
* \param bytes The buffer to fill with random bytes.
* \param size The number of random bytes to obtain.
*
* This function should not block waiting for entropy.

(you)The buffer is no more than a block of memory of a certain size; its contents can be anything at all. Your failure to grasp this simple idea is worrying.

(me)Hence we can not even reliably find out about it's size. We have to rely on the caller providing reasonable parameter - a bet that has been lost many times [...].

(you)And yet you insist that adding a buf_size argument will change any of that.

You obviously still need to learn a lot about software development and about creating safe code in particular.

The callee, i.e. this function, *can not possibly know* the size of the buffer, hence there is *absolutely no way* the callee can work in a safe manner and in particular avoid buffer overflow.
The relevant information is known only to the caller (or another caller higher up) who is in charge of the memory. Unless that information is passed down along with the buffer both the callers and callees are playing lottery.

The comment states it clearly: "\param size The number of random bytes to obtain."

Id est, the *desired* size - which may be equal or smaller or larger than the buffer size.

The often forwarded (also implicitly by you) argument "But I, who wrote that code, *know* that I do not ask for more bytes than my buffer can hold!" is proven many times to be wrong for diverse reasons like bad readability of C code or someone else changing the code later.


ab praeceptisApril 26, 2017 4:48 AM

Winter

Cute attempt.

Just one recent case: us of a accuses the syrian government to use sarin against civilians. Of course, like usual, the us of a does not provide any evidence (and lies). What it does provide is "information" from social networks (read: bla bla) and a "report" from the white helmets, a "humanitarian organization" - known and proven to be part of the terrorist groups. That report is *proven* false within days.

Yet, some days later the us of a attacks Syria, a sovereign country with tomahawks. That was a criminal act, simple as that; the international law is very clear about that. The proper and only legal way for the us of a would have been to turn to the un. To attack another state without a valid mandate from the unsc is criminal.

Patriot COMSECApril 26, 2017 5:15 AM

@ Mr. Schneier

"We all know that there is one cryptographic system that can be proven to be unconditionally secure. Why then is it not being used?"

Do you think that the answer to intrusive and illegal collection is hiding in the open, in Vernam Cipher?


_____________________________________________________________

Yes, it has disadvantages, but those can be overcome. Coming from a truly air gapped system, compressed (or not), and padded with garbage (or not), wrapped in AES256 with a strong password, and in unweakened PGP--ain't nobody gonna break it--it's better than Churchill's quote about Stalinist Russia. I often wonder why this has not been popularized. Right now people are playing a losing game, but David actually has the tool to slay Goliath, and it is not expensive or complicated.

Yes, it is difficult to generate high-quality random numbers, but that can be done. If everyone communicated in this way, then there would be a big choice to make: does it become illegal or do we just close the doors and turn off the lights in that building in Maryland with no windows...a curtain would descend. I have faith that they could deal with this problem, but the only way to do so is with surreptitious entry--which is expensive, risky, and time-consuming. Mass collection will have come to a screeching halt, and the price of collection will have become astronomical.

WinterApril 26, 2017 9:09 AM

@ab p
"Cute attempt."

I give you the evidence you want, you ignore it and switch the subject to something else altogether. But we know, short of a personal confession by Putin himself, no evidence is good enough against Russia. Against the USA, or any other country, no hint is too ephemeral to be treated as conclusive evidence.

From the report it is also clear why the investigation took a while:


For quite some time, between 100 and 200 investigators and other experts of the JIT have been working on the case and currently, on a daily basis almost 100 investigators, public prosecutors and other experts are still working on the case. During the past two years, dozens of containers with thousands of wreckage parts were examined in detail, piece by piece. Of those parts, 1448 were processed in a databank as being relevant to the investigation. Sixty requests for legal assistance were sent to more than twenty countries and we received reactions on many of them. Twenty weapon systems were examined. Five billion internet pages were recorded and assessed for their relevant content. Half a million videos and photographs were examined in detail and saved, and more than two hundred witnesses were heard. In addition, approximately 150.000 intercepted telephone calls were listened in on, summarised and assessed for their relevance and authenticity. After this, more than 3500 intercepted conversations were processed entirely, translated and analysed. All this was recorded in more than 6000 official reports.

Just go have a look at these 6000 official reports.

ab praeceptisApril 26, 2017 9:47 AM

Winter

Evidence? You did not provide evidence. What you provided was politically motivated blabla from some dutch ministry that utterly failed to even conform to the most basic rules.

The funny picture on the page you linked even shows it right away: the flag of ukraine as a member of the "investigation".

Every 10 year old with a brain knows that if A and B are suspicious and potentially involved in a crime then *neither* A nor B can be take part in the investigation.

It is assumed (and accused, depending on the party) that *both*, ukraine and Donbass might be involved in the MH017 mass murder, hence neither ukraine nor Donbass can be investigators.

About the only thing the is known for sure and not disputed by either side is that ukrainian air control was in charge and that it did divert almost all civil flights but not MH017 which was sent right into the war zone.

As you do not at all care about facts but merely repeat the official propaganda I suggest again to stop this non-discussion and to simply wait. The day will come when we'll learn what really happened (and also the day when netherland will learn how a micronation should behave towards a super power. Hint: a pinscher barking at a bear won't end up well ...).

Nick PApril 26, 2017 10:05 AM

@ ab praeceptis

"As I said, I do value you as an IT security gazette but you are definitely not the source for anything I'm working on."

It was a guess. Such can be on or off the mark. (shrugs)

"You are quite good as news aggregator for the field I'm interested in, plus occasionally I find one of the papers you mention interesting."

Fair description of a good chunk of what I do. That function is much like the survey of the field papers you sometimes get at conferences. People might wait years at a time for one depending on the subfield. I'm constantly publishing the good stuff in many sub-fields. And evangelizing, designing, etc on top of it.

ab praeceptisApril 26, 2017 10:34 AM

Nick P

Hahaha - indeed joyful. Thanks for bringing that hero to my/our attention!

I'd also like to mention that I think his comparing himself to a doctor working with chemotherapy is a good one. (not only) iot has indeed become a cancer.

NewbieApril 26, 2017 8:38 PM

@Ratio

The buffer is no more than a block of memory of a certain size; its contents can be anything at all. Your failure to grasp this simple idea is worrying.

Does that mean that c-style strings and any other kind of delimination based on NUL bytes or EOF doesn't count as a buffer?

NewbieApril 26, 2017 9:16 PM

@WhiskersInMenlo

Nonprofits are beginning to be aware of security in a public way.

A press release "Supporting Cybersecurity for Nonprofits"
https://oe.packard.org/supporting-cybersecurity-nonprofits/
From the link; "As I used to tell my students, the only completely secure computer system is turned off in a locked vault."

These might be easy for most people to find, but... where do you get a vault that destroys its contents if too many codes are guessed, or if you're tortured into giving a duress password, or if it's moved while locked, and doesn't have any backdoors?

Also, haven't all the most prominent pro-security organizations (EFF/Tor project/TAILS project/etc) been nonprofits? Don't you mean that FOR-profits are only just now starting to care, post-Snowden, as their customers have begun boycotting companies that practice shoddy security? I know I'm missing something obvious here, sorry.

RatioApril 26, 2017 11:03 PM

@ab praeceptis,

[...] in the more intelligent C circles nowadays "buffers always followed by size_t, please!".

Right, read and noise_rand_bytes don't do that. Such dumb circles. Wait, what?

  • ssize_t read(int fd, void *buf, size_t nbytes)
  • void noise_rand_bytes(void *bytes, size_t size)

Oh...

And I didn't say [those pros] were [exclusive to Ada, Pascal or Modula in any way].

Not in so many words, but then why do you only accept building blocks based on Ada or at least Pascal or Modula (as I asked initially)?

I see [no downsides intrinsic to those three languages]. Sure there are things, like e.g. Adas love for new designations (e.g. tagged rather than object) but generally those are more nuisances than problems and most are of a more religious nature. One might argue that OO is bad or that more functional paradigms might be better or ... but practically speaking those languages are pretty close to perfect *for my field*.

No flaws in their design? Not a single one? No trade-offs that could, and maybe should, have been made differently? You don't think that even the designers of those languages will point out imperfections or things they'd do differently now?

Any other languages that you think are that close those perfection (for your field, not withstanding terminology, etc)? Or is this it?

I understand you well; I was using C myself for decades and know the mindset well. But you are wrong [about the difference between for and while being stylistic, not conceptual].

(If, as you say, it's a question of mindset, there is no wrong. Saying someone's wrong is then short for saying that someone holds the wrong opinion, which doesn't have quite the same ring to it.)

while is about a certain state. Until that state or as long as that state is true something is done. [...] for, on the other hand, is about doing something *with something* about which we either know or can compute certain properties, in particular its size and the loop is about performing something for or per each x (usually 1) elements. [...] Btw. the 'for' (word) in 'for' (german 'für') was chosen for exactly that reason. The logic is "for the elements of some data structure" (typically an array).

I don't know how to parse some of that, but I think you're saying that you see a while loop as a block of code that is execute while a given condition holds, while you see a for loop as a block of code that will be executed once for each element of some data structure.

I mostly agree with that, but I'd rather think of a for loop as a block of code that will be executed once for each element in a sequence. (That sequence could be derived from a data structure, but it need not be.)

But C has a for loop of a different type. Among other things, it lets you specify the initial state, the condition, and how the state changes after each iteration in one place. It's not about executing a block of code once for each element; conceptually, it's more like a while loop. The choice between the two, and the resulting idioms, is then one of style.

You never realized this in your decades of using C?

No, I want to first check whether [the call to read was successful] (retVal > 0) and then check details of both branches - which are different! If an error happened than I must examine errno to decide how to proceed. If not I must examine the result buffer (mainly whether it's indeed full)

Everything before the last sentence is about code organization, which is a question of style.

That last sentence, though, is not even wrong. There is no need to examine the result buffer, and there is no way of determining if it's "full" (whatever the hell that's supposed to mean in this context). This is abject nonsense indicating a continued and fundamental misunderstanding of how a couple of lines of trivial C code work.

Passing a buf_size does exactly zero to change that, while cluttering the code with another useless variable.

[...] Do yourself a favour looking up strcpy, strncpy, strlcpy ...

What about them? noise_rand_bytes already has an argument that indicates (up to) how many bytes will be written to the buffer (as does read). You want to add another argument that indicates the size of the buffer, which would be like adding another argument to strlcpy to indicate the size of the destination. Note that strlcpy has no argument indicating the size of the destination!

(Which comments [show that it is unknown whether the buffer at least ends in \0 and all chars before the end are != \0.])
* \param bytes The buffer to fill with random bytes.
* \param size The number of random bytes to obtain.
*
* This function should not block waiting for entropy.

Those comments show nothing of the sort. On the contrary, they state that (guess what?) the buffer will be filled with random bytes: any address in the buffer could end up having any value. You'd think this type of thing would be obvious to anyone who can read.

And yet you insist that adding a buf_size argument will change [that the callee has to rely on the caller providing reasonable parameter].

You obviously still need to learn a lot about software development and about creating safe code in particular.

Well, obviously. Show me someone who doesn't.

The callee, i.e. this function, *can not possibly know* the size of the buffer, hence there is *absolutely no way* the callee can work in a safe manner and in particular avoid buffer overflow.

The callee can absolutely work in a safe manner: it's the caller's responsibility that the callee is passed valid arguments.

The relevant information is known only to the caller (or another caller higher up) who is in charge of the memory. Unless that information is passed down along with the buffer both the callers and callees are playing lottery.

No, they're playing lottery if the caller is playing lottery (passing invalid data). But as a callee you can't protect yourself from a caller passing invalid data by asking for more (redundant) data from that same caller.

The comment states it clearly: "\param size The number of random bytes to obtain."

Id est, the *desired* size - which may be equal or smaller or larger than the buffer size.

Yes, just like the strlcpy you thought I should know about.

The often forwarded (also implicitly by you) argument "But I, who wrote that code, *know* that I do not ask for more bytes than my buffer can hold!" is proven many times to be wrong for diverse reasons like bad readability of C code or someone else changing the code later.

That's not what I've been saying (explicitly or implicitly) at all. See above.

Anonymous CowardApril 26, 2017 11:05 PM

Nick • April 25, 2017 3:35 PM

Is it true about the backdoors in all 2017 and later cars that allow rogue police and black hat hackers to remotely crash cars, drive them off cliffs, into hazardous material trucks, etc?
Or at least to disable cars during critical actions like lane changes, turning through intersections, etc?
In otherwords, will Die Hard 4 come true soon?

Soon? It's been happening since 2014.
Source http://www.zerohedge.com/news/2017-03-07/wikileaks-hold-press-conference-vault-7-release-8am-eastern Also cars, suggesting that the CIA may have a role in the death of Michael Hastings:

As of October 2014 the CIA was also looking at infecting the vehicle control systems used by modern cars and trucks.
The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.
Mirrored at https://wikileaks.org/ciav7p1/cms/page_13763790.html.

Have any of the backdoors for these semi-autonomous navigation computers been included in the latest Shadow Brokers leak, or Snowden leaks? If so what do they cost and what kind of paylouds are supported?
Is there a metasploit module for it yet?

Probably. Have you tried searching? If it's not in the Shadow Brokers leaks it's probably in the Vault 7 torrent (which had its password released in response to totalitarian dictators persecuting Julian Assange and other journalists).
Also it's spelled "payloads" not "paylouds", did you even go to school?

In case there's doubt, I want to patch these vulnerabilities not abuse them, and without anything to reverse engineer it's hard to harden a system.
You can legally do whatever you want with them anyways. They are public domain and unclassified.
Source http://www.zerohedge.com/news/2017-03-07/wikileaks-hold-press-conference-vault-7-release-8am-eastern How the CIA dramatically increased proliferation risks

In what is surely one of the most astounding intelligence own goals in living memory, the CIA structured its classification regime such that for the most market valuable part of "Vault 7" the CIA's weaponized malware (implants + zero days), Listening Posts (LP), and Command and Control (C2) systems the agency has little legal recourse.

The CIA made these systems unclassified.

Why the CIA chose to make its cyberarsenal unclassified reveals how concepts developed for military use do not easily crossover to the 'battlefield' of cyber 'war'.

To attack its targets, the CIA usually requires that its implants communicate with their control programs over the internet. If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet. Consequently the CIA has secretly made most of its cyber spying/war code unclassified. The U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber 'arms' manufactures and computer hackers can freely "pirate" these 'weapons' if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets.

That doesn't mean you won't be assassinated if you close their holes though.

WaelApril 27, 2017 3:10 AM

@Ratio,

There is no need to examine the result buffer, and there is no way of determining if it's "full" (whatever the hell that's supposed to mean in this context).

Ratio, my friend! I know you have troubles with zeroes (your name.) It means zero isn't an acceptable random number, especially when that bad boy sits in the denominator :)

I prefer questions like:

What's the difference between x[y] and y[x] (and how you could use that), or what does !!x do (and why would you use it)... or more nebulous stuff that impress wet behind the ears programmers that often lead to security holes.

ab praeceptisApril 27, 2017 5:59 AM

Ratio

Right, read and noise_rand_bytes don't do that. Such dumb circles. Wait, what?

ssize_t read(int fd, void *buf, size_t nbytes)
void noise_rand_bytes(void *bytes, size_t size)

Oh...

The size parameter in both cases is the *desired* numbered of byte (*not* the size of the buffer). That may or may not have been chosen (wisely or not) in relation to the buffer size. Note that it is perfectly well feasible to call noise_rand_byte with an 8 byte buffer but desiring 20 bytes of random. noise_rand_byte wouldn't - and couldn't - notice or complain. They btw. also just assume that 'bytes' is not NULL.

but then why do you only accept building blocks based on Ada or at least Pascal or Modula

Multiple reasons, one being the properties I talked about. Let me put it by looking from the other side: I would do accept tools (not libraries) developed in e.g. Haskell or Ocaml. But I try to avoid C, C++, java, and even Rust because those using that translates to not having understood some important basic principles. I want to note for the sake of fairness that both Rust and java have understood at least part of the problem (but still not others, e.g. the importance of readability).

I'm willing to compromise, though, when such a project at least has (not toy) verifier annotation such as esc or acsl and I find those done well and knowledgable.

Finally, you see, I do this for a living (as well as with my heart in it). No matter how good (or not) I work, the end product will be lousy if the libraries are lousy. So, if I aim for a good quality result I just have to have reasonable quality criteria throughout the whole project.

No flaws in their design? Not a single one? No trade-offs that could, and maybe should, have been made differently?

Certainly. I actually mention some myself. Also Wirth *obviously* saw flaws in Pascal, so he created Modula, and in Modula-3, on which he advised but didn't fully join. I didn't say those languages are perfect - and that's not my position; my position is to chose the best tools out of an available set.

But to make you happy: I *hate* Pascals 'end[dot]' logic. It's perfectly logic from a theoretical point of view but not from a developers view. Ada does much better. I also dislikes Pascals file handling (e.g. "assign"); I find it unnecessary strange.

Modula-3, which I really love(d) had a problem that was grave enough to all but drop it. It has no real unsigned type. That's just an implementation error but one of such gravity that I came to the conclusion that I do not trust those implementers anymore.

I have learned a lot along my way and if I use pretty much exclusively Ada and C (heavily ACSL guarded and coding paranoically defensive) I have reasons for that. Example: Ada, unlike Modula-3, has a sizeable force behind it. I like brillant loners but to properly implement and keep alive a language one needs more (and good quality) people. As for C I still value it for jobs close to the hardware and as a meta assembler. But then, I have decades of experience and having collected enough "war wounds" I don't use it arrogantly or carelessly anymore plus I double- and triple-check and verify.

Any other languages that you think are that close those perfection (for your field, not withstanding terminology, etc)?

No, not really. I do value a few functional languages like Ocaml and generally ML but I accept them only in fields then lend themselves well to functional programming (best example: the PL and verif/analysis field). I highly value Prolog and Setl for reasoning, toying and domain guessing, checking and verification. I like Python insofar as it's the least dirty of the big script languages (and now even has static types available) but I use that only for really quick and dirty and basically throw away after use code. I would like Haxe/neko a lot more if they were not so obscenely flash oriented (also in tools).

For work, however, it's pretty much Ada and (paranoid, anally defensive mode and extensively checked and cross-checked) C.

If, as you say, it's a question of mindset, there is no wrong

Unfortunately there *is* a wrong. Just look at all the deep and wide sh*tholes the C mindset has landed us in.
And no, it's not about opinion. Re. opinion I'd agree with you, but in our case there is a ruler built in along which to measure. After all we're not talking as philosophers but as engineers and not as theoreticians but in the context of major gaping security holes.

Let us have that discussion again when you can tell me that using (widely available) communication channels that are provably secure and confidential (which includes trustworthy hardware, too). Until we have reached that point I will stay a paranoid, strongly principled, often unnerving a**hole and take the liberty of calling 99% of C/C++/java and the like developers irresponsible fumblers and gamers.

But C has a for loop of a different type. Among other things, it lets you specify the initial state, the condition, and how the state changes after each iteration in one place. It's not about executing a block of code once for each element; conceptually, it's more like a while loop. The choice between the two, and the resulting idioms, is then one of style.

One *can* look at it that way but I'd strongly advise against it. "Until the day that the sun will not rise in morning thou shallst ..." is a very different concept than "for each of the animals in thy herd thou shallst ...". It is the (mistaken) very C mindset to look at everything from the practical side (having or not having understood the concept and logic behind it).

The C mindset is "Often one has to do something for a series of something, e.g. adding 5 to it. Let's have a construct that allows for that with as little typing and fuzz as any possible". The C mindset is to say "well there's some kind of walker variable which changes after each step. Let's handle that effectively, too".

In the end C's 'for' is considered by most as a "tight comfort version of 'while' for array and suchlike".

Everything before the last sentence is about code organization, which is a question of style.

No. It's a question of logic and engineering. That's why I "underlined" that the two branches are quite different. Moreover, if the function didn't work the variable might be in an unreliable state, depending on how the called function works inside; read, for example might or might not make sure that any parameters (one of which is a pointer, i.e. directly accessible mem.) as well as its own internal state might be reasonable and consistent or it might as well just panic and throw -1 at you. Keep in mind that seen from read's perspective that -1 is all it ows you as errno was already set for more information.

"full" ... This is abject nonsense

Sorry, no. That just shows how mistaken the C mindset is. In C there is no guarantee and basically not even *anything* known about a buffer. And indeed - how surprising (not)! - the noise function we looked at does not even check for NULL.

To keep that unpleasant thing short: Your view pretty much comes down to social mechanisms, to developers acting responsibly and to not utterly f*ck up. Because C doesn't keep you away from creating a clusterf*ck.

From what I see, today C is more and more split into 2 camps. One, the e.g. Rust camp, understands that relying on programmers to not abuse the carte blanche given by C does **obviously** not work, so they try to create something like a more reasonable C. And then there is the other camp, who, so it seems, carefully stayed away from books about the underpinning theory and just seeks comfort in absurd assertions.

Which part of "we have arrived in a big and messy clusterf*ck in no small part due to C and C hackzors" do you fail to understand? Isn't it evident enough?
The noise code I looked at and put here is about as irresponsible, poor, messy and unprofessional as it gets. And you are defending C code that willingly "works" even with a NULL buffer? Absurd!

noise_rand_bytes already has an argument that indicates (up to) how many bytes will be written to the buffer (as does read).

NO. NO, IT DOES *NOT*. Stop already repeating that nonsense! The size parameter *expressly* (see comment) say how many bytes it **desires**.
That may or may not be related to the size of the buffer. FACT is that we now nothing about that buffer. Not its size and not even that it's existing. You rely on *utterly unproven assumption*, period. Yes, probably a caller would be sane enough to pass a properly sized buffer. But: Can you know it? No!

You circus has pushed us into a major clusterf*ck. That's the bloody reality. Your assumption circus has failed. And you still refuse to at least recognize it as an absurd assumption cabaret. No, you even defend it. In-f*cking-credible!

End of discussion.

Clive RobinsonApril 27, 2017 6:09 AM

@ Wael, Ratio,

It means zero isn't an acceptable random number, especially when that bad boy sits in the denominator :)

It's a bit more complex than just using \0 etc. The problem arose due to trying to consistantly handle subroutine return values, error values and exceptions when you can only return a single integer via the CPU accumulator register due to resource and similar limitations. The solutions suggested were many and varied but resource limitations snuck in every time (and still do with microcontrollers and embedded systems).

It was not just a simple choice between "In Band" and "Out of Band" signaling, but also how a subroutine that could be either a Function --that has no return value-- or a Procedure --that can have one or more return values-- handled returns without breaking the stack paradime or munging heap space and importantly also returns any error or exception indication.

This quagmire is such that it has never been satisfactorily resolved into a "One true way". Thus as is the way of things academic it's been given a name (Semipredicate Problem[1]) much like old maps and charts had "Here be Dragons" etc on them to stear you clear of troublesome areas or uncharted waters.

To see why, think about the way C works with stack memory and heap memory. When a subroutine is called parameters are passed on the stack and within reason the number does not matter as they get ignored when the stack is adjusted on return. That is any passed values and temp values used by the subroutine disappear on the other side of the adjusted TOS pointer.

Thus the question of how to pass back a variable from a procedure if it's both going to disappear behind the TOS pointer, but also get cleaned up to stop it becoming a memory leak. The easiest way is to have one value that fits within a CPU register, which was the original K&R C way thus it was always an integer and why chars were passed as signed ints to alow "in band" signalling via negative values with I/O subroutines.

Another way if it was not an integer or there were multiple values would be for the calling subroutine[2] to first allocate memory on the heap or in it's stack space and then pass the refrence --address-- as a value on the stack. There are multiple problems with doing this and the majority of programers make mistakes when dealing with non trivial cases. Which is why the passing of "Tuples" where the language takes care of the problems in the background is favoured in more modern languages designed to work on well resourced systems.

But there is an even worse way that would be seen in K&R C generation programs. Which was the called subroutine worked out the size of memory needed to return the value(s) and called malloc() filled the memory in with the values and passed the pointer returned by malloc() to the calling function as it exited. It was thus upto the programmer to not just free() it up after use, but also stop heap memory fragmentation issues.

At some point somebody realised that there was no way around the issue that error indicators would have to be returned another way other than "in band" in the int return value. Hence "Global Variables" on the heap became one way. However this introduced yet other issues as anyone using "errno" fairly quickly gets to find out.

It's all messy messy messy and more modern languages where resource issues are not a consideration tend to "Do it the Swan Way" which is to appear elegant above the surface, whilst thrashing away inelegantly below.

[1] https://en.m.wikipedia.org/wiki/Semipredicate_problem

[2] Even main is a subroutine of two hidden subroutines the compiler adds to be called by the OS. Which alows for both "comand line" and OS/shell "environment" values to be passed into the program via *argv[] and *envp[] respectively of execve(2).

WaelApril 27, 2017 6:44 AM

@Clive Robinson. @Ratio,

Which is why the passing of "Tuples"

One can also return a pointer to a structure. Say, is [0,0,0,0,0,0] an empty buffer or is it a buffer of six random numbers that happen to be zero?

Watcom, by the way, if I still remember, allowed passing parameters in registers. And there is the calling convention directive, too.

WaelApril 27, 2017 6:57 AM

@Clive Robinson, @Ratio,

Heap structure, not a stack one. Returning a pointer to a local variable is bad because local variables dissapear when the function goes out of scope, just sayin' but there maybe reasons to do that as well.

ab praeceptisApril 27, 2017 7:28 AM

Wael

One can also return a pointer to a structure. Say, is [0,0,0,0,0,0] an empty buffer or is it a buffer of six random numbers that happen to be zero?

It's 6 bytes of 0. The programmer and the language can consider it many things, i.a. as an initialized char buffer or even as a struct that happens to consist of 6 byte integers (in C parlance 'char'). The degree of - btw. usually dangerous - freedom is largely defined by the language. In C one can make pretty everything mean pretty anything whereas in, say Ada, one would be strongly limited by strong static typing.

It's good that Clive Robinson brought this up as this boundary (language - compiler code - hw) is indeed an important one. Plus, there are many other issues such as cache line sizes, available registers, etc.

Clive RobinsonApril 27, 2017 8:21 AM

@ Bruce, the usual suspects and any infrastructure engineers,

You are probably aware that I have gone on about products with poor security having quater century or more life times such as industrial control, medical implants, smart meters and other grid / infrastructure equipment.

Well here's an example of the latter with GE power transmission equipment getting on for a quater of a cenrury on with "homebrew crypto" and "embedded security tokens"...

https://www.theregister.co.uk/2017/04/27/ge_rushing_patches_to_grid_systems_ahead_of_black_hat_demonstration/

Basicaly researchers cryptoanalysed the devices and found the embedded tokens...

I would expect to see more of this arising now "there is blood in the water" other researchers looking to put a notch on their belt will start swimming in this water for other "easy kills", such is the way of the world.

What supprises me is the length of time it's taken to happen. As I've mentioned before the Utility companies in the UK are especially bad at this. In many places you will find little grey pillars set in the pavement. Inside of which is a UHF short range radio telemetry system. Let's say that anyone who can find the right frequency --which is very easy to do just undo a screw and lift off the cover activate the PTT line and have a pocket frequency meter in your hand or read a lable--, and can analyze the basic modulation --also fairly trivial-- will find that it's a "plaintext protocol" it would not be difficult as some have done to monitor the frequency and get all the other information they need to "own the system"... Similar problems exist for all the infrastructure systems water, power, gas, sewarage and telecomms.

Clive RobinsonApril 27, 2017 8:44 AM

@ Wael, ab praceptis, Figureitout

One can also return a pointer to a structure. Say, is [0,0,0,0,0,0] an empty buffer or is it a buffer of six random numbers that happen to be zero?

I think I mentioned to @Figureitout just recently one of the dirty dark secrets of wire wrapped main frames,

We are so used to 2's complement arithmetic we tend not to think about it's unbalanced range, or 1's complement having both positive and negative zeros.

Well the engineers that designed those systems were only to aware of them, and used them as "inband signalling". Which is why you will find them being used as null or unassigned values as a way to resolve the "0" / "unassigned" issue. C kind of did the opposite with calloc() where heap memory when allocated would be cleared to a known state, so that it did not appear to have an assigned value. But that of course gave us the "0" / "unasigned" problem back in heaps and heaps till it buried the unwary ;-)

One of the nice things about Pascal strings is that "0" in the length field tells you unambiguously that the string is not initialized, where as \0 in the first position of a C string does not (\0 / ASCII DEL issue).

gordoApril 27, 2017 5:00 PM

PassFreely Attack Bypasses Oracle Database Authentication
Equation Group Exploit Could Potentially Target More Than SWIFT Users
Mathew J. Schwartz • Bank Info Security • April 26, 2017

"The tool is related to Oracle and not specifically for SWIFT users," security researcher Tal Be'ery tells Information Security Media Group. "Using this tool, an attacker that already has high privileges on the Oracle instance can perform actions and queries that wouldn't be logged by the database."


...

To date, the bug doesn't appear to have been assigned to the Common Vulnerabilities and Exposures list.

...

This type of attack is not new. "For example, it was used in the 1990s to bypass copyright protections in games," Be'ery says. "In a sense, it's not an Oracle vulnerability, but more of an operating system feature that can also be used for good, for example, for debugging or developing 'friendly' security patches."

http://www.bankinfosecurity.com/passfreely-attack-bypasses-oracle-database-authentication-a-9868

GregWApril 27, 2017 9:35 PM

ha ha ha ha ha

"Antbleed", the 70%-of-todays-hashrate-vulnerable bitcoin ASIC firmware backdoor.

http://www.antbleed.com/

Defect was posted months ago but got a patch within 24 hours once a clever name and website went up, with profuse apologies, etc etc.

Somehow the combination of utter security sophistication foiled by such utter stupidity and naivete just cracks me up. It should be sobering but I find it scandalously hilarious. And poignant. Sigh.

FigureitoutApril 27, 2017 10:06 PM

Clive Robinson
One of the nice things about Pascal strings is that "0" in the length field tells you
--You know I don't like forth, and you don't like c++ (I didn't either til this class, now like it, but I like most any type of programming, just not super weird languages lol), but we made an array class that does same thing. If you just make an array with size 0, can't have anything in it, size is a size_t so unsigned, throws an exception if there's something in there and it's size 0. Made a templated queue class that does a lot of allocating/deallocating but I keep it real tight, and I'm going to put in my scrubbing the memory the prof didn't want. :p I'll have it on my github soon, but I want to try and clean it a little more, harden it, then try to fuzz the crap out of it and break it. I like using the classes we made over the std ones lol, more satisfying when you write the code (so boring as hell to look at others basic classes, especially if you don't like their style) but it's a fun exercise to get the "skeleton shell" (the hardest part of programming) and fill it in. So far my stack and queue work just as well as the std ones, just less methods. My codes better to look at than std code, bleh.

ThothApril 27, 2017 11:31 PM

@Clive Robinson

Thanks for contributing to my Hoilydays list with NOMX.

Looking forward to more Hoilydays snake oil target inclusion from everyone.

RatioApril 28, 2017 12:44 AM

@Wael,

I know you have troubles with zeroes (your name.)

No problem with them at all. They're just sort of bland, never positive or negative about anything. :-)

(Ratio in another sense of the word.)

@ab praeceptis,

The size parameter [of both read and noise_rand_bytes] is the *desired* numbered of byte (*not* the size of the buffer).

Sure, but is saying that read(fd, buf, 1024) means "read upto 1024 bytes into this buffer of unknown size" really any different from saying it means "read as much as you can into this buffer of size 1024"?

That may or may not have been chosen (wisely or not) in relation to the buffer size. Note that it is perfectly well feasible to call noise_rand_byte with an 8 byte buffer but desiring 20 bytes of random. noise_rand_byte wouldn't - and couldn't - notice or complain.

Calling noise_rand_byte with an 8 byte buffer and saying its size is 20 bytes isn't impossible either, you know? It's, unsurprisingly, the exact same thing.

They btw. also just assume that 'bytes' is not NULL.

Don't follow the link: OpenBSD's version of strlcpy.

[I'll skip your comments on the languages you don't complain about as if you just found out how horrible they are.]

Until we have reached [the point that there are (widely available) communication channels that are provably secure and confidential (which includes trustworthy hardware, too)] I will [...] take the liberty of calling 99% of C/C++/java and the like developers irresponsible fumblers and gamers.

Why not go for 100%? And include the developers of every other language while you're at it. It's not like they've managed to get us there either. (Sure you want to blame hardware on software people too? Ah, what the hell, they had it coming!)

"Until the day that [something, do stuff]" is a very different concept than "for each of the animals [do stuff]".

It's all stylistic, not conceptual, even when accepting your idea about what for and while are for:

  • "Until the day that [something]" is "for each of the [days/whatever] until something".
  • "For each of the animals" is "while there are unprocessed animals".
[The order of the branches is] a question of logic and engineering.

No, it's a question of style, or taste.

[...] if the function didn't work the variable might be in an unreliable state, depending on how the called function works inside

In general, a function could leave a variable in an unspecified (not "unreliable") state.

read, for example might or might not make sure that any parameters (one of which is a pointer, i.e. directly accessible mem.) as well as its own internal state might be reasonable and consistent or it might as well just panic and throw -1 at you. Keep in mind that seen from read's perspective that -1 is all it ows you as errno was already set for more information.

There are several classes of possibly interesting return values (-1, 0, between 0 and nbytes, and nbytes). In which order the branches corresponding to these different classes appear in the code is completely irrelevant from a correctness standpoint.

There is no need to examine the result buffer, and there is no way of determining if it's "full" (whatever the hell that's supposed to mean in this context). This is abject nonsense indicating a continued and fundamental misunderstanding of how a couple of lines of trivial C code work.

Sorry, no. That just shows how mistaken the C mindset is. In C there is no guarantee and basically not even *anything* known about a buffer. And indeed - how surprising (not)! - the noise function we looked at does not even check for NULL.

So let's assume you'd need to examine the result buffer. How does that work? You see a buffer with bytes in it. Whatever their values, they could have come from /dev/urandom. Now what?

Back to this: If [no error occurred] I must examine the result buffer (mainly whether it's indeed full). Here's a buffer of 4 bytes: [W, X, Y, Z]. How will you examine the buffer (not the return value from read, only the buffer) to determine that the buffer is "full" after read supposedly filled it with random bytes? What values do W, X, Y and Z have to have for the buffer to be "full"? What does it even mean to say that a buffer containing arbitrary bytes is "full"? It's always full of arbitrary bytes!

And finally, the notion that after a function call basically anything could happen is just insane. We're not talking cosmic rays or hardware failures here. We're not even talking about broken code (in which case, fix the damn code). Why would you even make a function call in that haze of voodoo logic? Who says your code will ever regain control! Or maybe the return values are all lies. Or maybe that function gets onto the net, into the guidance system of the nearest missile silo, points a missile at you, and fires! Hey, it could happen!

To keep that unpleasant thing short: Your view [...]

We're not discussing my view of C.

And you are defending C code that willingly "works" even with a NULL buffer? Absurd!

So absurd, in fact, it didn't happen.

noise_rand_bytes already has an argument that indicates (up to) how many bytes will be written to the buffer (as does read).

NO. NO, IT DOES *NOT*. Stop already repeating that nonsense! The size parameter *expressly* (see comment) say how many bytes it **desires**.

The number of bytes read always equals the number of bytes written. If you ask for (up to) 512 bytes, (up to) 512 bytes will be written to the buffer.

That may or may not be related to the size of the buffer.

Correct. The same goes for the value of the argument you want to add that should indicate the size of the buffer. It's exactly the same situation.

FACT is that we now nothing about that buffer. Not its size and not even that it's existing. You rely on *utterly unproven assumption*, period. Yes, probably a caller would be sane enough to pass a properly sized buffer. But: Can you know it? No!

And what you've been proposing still does zero to change that.

You circus [...]

Not my circus. I hear they're looking for a clown, though.

@Wael,

Say, is [0,0,0,0,0,0] an empty buffer or is it a buffer of six random numbers that happen to be zero?

It's a full of emptiness. It's a zen thing.

RatioApril 28, 2017 1:19 AM

By the way, there's a rather obviously erroneous statement with my name on it on this page. Yet nobody has called me out on it... Lots of disagreement, but not on that.

Useful experiment, though. Seems to confirm my hypothesis. I'll have to meditate on that.

WaelApril 28, 2017 2:08 AM

@Ratio,

It's a full of emptiness. It's a zen thing.

I'm asking the same question you asked:

Here's a buffer of 4 bytes: [W, X, Y, Z]. How will you examine the buffer...

But in a different (humorous) manner. Has nothing to do with cache sizes, hits or misses. Has nothing to do with bus architecture, subtractive decoding, or anything else... I don't need to elaborate further, it should be clear enough :)

WaelApril 28, 2017 3:29 AM

@Ratio,

By the way, there's a rather obviously erroneous statement with my name on it on this page.

Just one? Don't want to pick on small things -- vain talk, or Byzantine discussions as they say. Save your meditations for more lofty purposes: like the origin of the universe or something like: why did the woman laugh like a witch? :)

Clive RobinsonApril 28, 2017 3:41 AM

@ Figureitout,

If you just make an array with size 0, can't have anything in it, size is a size_t so unsigned, throws an exception if there's something in there and it's size 0. Made a templated queue class that does a lot of allocating/deallocating but I keep it real tight...

Keeping things real tight can be fun. Have a think about circular buffers and why you do the pointer increment and test in one order for read and the other order for write.

Then think about why you might want to do things differently with IO depending if it's a buffer to write to hardware or a buffer to write towards the kernel / slow interupt.

It can make your mind hurt a little, till you start thinking about it as data flows rather than as buffers.

Oh a word of warning there can be dirty tricks done by some programmers when it comes to buffers and their pointers. Normally you would thing of a structure which would be something like {Wcnt,Rcnt,Bary} but they programmer works with Bary[0] as the "pointer to the buffer" and use Bary[-1] to access the Rcnt etc. Thus the index needs to be a signed int whilst Rcnt and Wcnt are unsigned ints where increments are done mod n by the use of AND n-1 to save using compares and subs which are slow...

Thus there are hidden "go faster" tricks hidden away, which is what a good abstraction and encapsulation model should keep out of sight of a more mortal programmer ;-)

You could go further and have a simple pointer to type of buffer, where the buffer knows what type it is by it's structure. Such things are usefull for stack based languages and higher level languages where you only want to consider what type the buffer is at the time you create it thus pop from a LIFO/stack buffer is the same as read from a circular buffer or next from a linear buffer. With a little extra thought you realise that a circular buffer can actually fill in for the other buffer types and in fact make certain operations faster.

I know you don't like Forth, but stack based operations are fundemental to most languages, and although abstracted away they have real advantages that often do not get fully utilized.

RatioApril 28, 2017 4:30 AM

@Wael,

I'm asking the same question you asked: [...] But in a different (humorous) manner.

You were or you are? Were, I think? Anyway, no, my question didn't have that humorous wink. I'll try and do better next time. :)

Just one [obviously erroneous statement]?

Well, yeah. You have to take into account that I'm not aware of all the others. ;)

I'll rephrase and say "one intentionally erroneous statement". I'm tempted to say more, but let's not.

Save your meditations for more lofty purposes: like the origin of the universe or something like: why did the woman laugh like a witch? :)

Heh. I've since forgotten the guy's name, but his expression was priceless. :)

Point taken, and you're right. (I think we're even on the question of spending cycles on better questions?)

ab praeceptisApril 28, 2017 10:59 AM

Ratio

I'll skip over a lot of your fighting for the sake of fighting...

Sure, but is saying that read(fd, buf, 1024) means "read upto 1024 bytes into this buffer of unknown size" really any different from saying it means "read as much as you can into this buffer of size 1024"? ...
Calling noise_rand_byte with an 8 byte buffer and saying its size is 20 bytes isn't impossible either, you know? It's, unsurprisingly, the exact same thing....

followed by

Don't follow the link: OpenBSD's version of strlcpy.

Hahaha! So why then did OpenBSD (and wisely so) come up with strlcpy and friends?

Let me quote the funny part of their comment: "Copy string src to buffer dst of size dsize" (emphasis mine)

In other words: caller takes it upon himself to guarantee that 'dst' is of size 'dsize'.

Just what I postulated. OpenBSD understood it (no surprise; they care about security and are knowlegable). You didn't.

Why not go for 100%? And include the developers of every other language while you're at it.

Nope. I'm not into religious wars. As I already told I personally don't like functional languages (for good reasons) but it wouldn't come to my mind to call those who use them idiots. Simple reason: One *can* develop reasonably safe code in many languages; in some even seriously safe.

With the languages I mentioned that's different. Those languages are *known* for a high percentage of crappy code because they make it easy to create crappy code. OpenBSD, btw., being fixed to a large code base in C and to Posix, tries and works *really hard* to create good and safe code in C.

for and while

Sorry, I'll cut that. Obviously you are lacking the necessary knowledge and understanding. No problem, you probably have strong spots elsewhere, maybe in arabic (which I don't speak at all).

Same for "did work or not?" vs. "return (and side effect) values".

The point you seem not to get is that I know your position quite well from decades of practical experience in C. If you think I left C for the major part of my work and spent years first understanding what my problems where and what I would need to do better and to then finding and trying better solutions just for the fun of it, you are gravely mistaken.

I *know* the assumptions well. I had them myself. "*I* wrote the caller and so I damn know that the buffer to callee is allocated and large enough" for instance is an assumption that I made hundreds of times myself. Usually it was correct. But sometimes it wasn't. Maybe because in some other file some value wasn't checked for "insane" values and my callee wasn't prepared for that. Maybe because a colleage thought that nobody in his right mind would ever ask for more than a couple of thousand bytes of random in one call and so he used unsigned short for the buffer size, or ...

If we want safe code we must have clear prepositions and domains. We must know-for-sure and not "reasonably assume".

Just look at heartbleed or a gazillion of other problems. Usually the problem is a "reasonable assumption" - just like those you like.

If I hand over the size of a buffer expressly then there is a minimal form of a Hoare precondition. The callee is guaranteed (well, as far as one can guarantee anything in C) that buffer is of a certain size.

The difference between "reasonable assumption" (or "reasonable *looking* assumption") and "assured property" is the difference between heartbleed and safe code.

Not my circus. I hear they're looking for a clown, though.

Congratulations. You got that position and I have no doubts that you will fill it well.

FigureitoutApril 28, 2017 11:57 AM

Clive Robinson
--Yeah I want to make some more interesting data structures too, deque sounds interesting. Circular buffer wouldn't be too bad in c++. Ultra performance isn't an issue for my personal code, so I'm totally fine w/ zeroing out memory that's about to be deallocated and shifting all the elements around that would be unacceptably slow w/ "big data". Was interesting, heard that microsoft, thru research found that allocating 7 elements at a time everytime more space was needed, was most efficient. Don't have a reference on that, but me personally I only want to make space for purely what's in whatever structure (allocate one space when adding something), then remove (and ideally clean) that space if elements get removed.

Read something on hn other day where guy had an issue w/ a circular linked list, which are used in kernels a lot; was a bit of argument about using dynamic arrays over linked lists.

Yeah, seen some quite a few of these dirty/clever tricks, especially from embedded guys/gals, sometimes they're genuinely useful but don't really appreciate having to slog thru their tricks where they're just being smug & egotistical. If I get in an environment like that where people are "writing code for job security" then I guess I have no choice but to write some juicy nuggets of convoluted crap so they know how it feels. One of my group members in our senior project writes crazy code which he thinks is funny (has the cringey typos too that I hate) w/ no regard for anyone but himself so that's going to be fun cleaning up his bs...

I mean, when I reach for a calculator I don't go for my dad's RPN HP calculator, I grab my TI one and put in infix expressions and use parentheses. Same thing w/ programming, I'd rather just do the infix->postfix conversion then use stacks (if I have to) than have to operate like a computer. I'd just make those conversion functions in forth anyway so I didn't see much a point for me.

JG4April 28, 2017 5:41 PM


"the deep state is an adaptive system" it seeks to optimize power and money, without regard to body count.

WikiLeaks Reveals The "Snowden Stopper": CIA Tool To Track Whistleblowers
http://www.zerohedge.com/news/2017-04-28/wikileaks-reveals-snowden-stopper-cia-tool-track-whistleblowers

"The CIA Has Been Deeply Humiliated" - Ron Paul Interviews Julian Assange
http://www.zerohedge.com/news/2017-04-28/cia-has-been-deeply-humiliated-watch-ron-paul-interview-julian-assange-live

RatioApril 29, 2017 2:13 AM

@ab praeceptis,

You seem to have missed the point of my link OpenBSD's version of strlcpy in response to you saying that the authors of the function you pasted just assume that 'bytes' is not NULL.. Is there such a check in the version of strlcpy written by people who care about security and are knowlegable (or so you say)?

So why then did OpenBSD (and wisely so) come up with strlcpy and friends?

To make it easier for users of the function to get things right and harder to get things wrong. Ergonomics, if you will.

Let me quote the funny part of their comment: "Copy string src to buffer dst of size dsize" (emphasis mine)

I know what it says. I didn't point you there by mistake.

In other words: caller takes it upon himself to guarantee that 'dst' is of size 'dsize'.

(Or larger, but yes.) The caller could still be mistaken, though. The callee still has no way of knowing if the information passed by the caller corresponds to reality.

This is exactly the situation with read and noise_rand_byte where providing a buffer of sufficient size is the caller's responsibility. The callee has no way of knowing if the caller is keep up its end of the deal and has no choice but to assume it does. This may have come up repeatedly.

Just what I postulated. OpenBSD understood it (no surprise; they care about security and are knowlegable). You didn't.

That is what you've been postulating? Who said that the following?

Using a buffer whose size is not known is playing lottery, simple as that. Moreover [...] it is unknown whether the buffer at least ends in \0 and all chars before the end are != \0. Hence we can not even reliably find out about it's size. We have to rely on the caller providing reasonable parameter - a bet that has been lost many times, even in "secure" code such as openssl.

Leaving aside the nonsense about null characters, this is you saying the callee cannot rely on the arguments provided by the caller. What the caller says is the size of the buffer is as guaranteed to be the actual size of the buffer as any other argument's value corresponding to reality.

Also, note that there's no second guessing, no checking, no warning, no nothing inside strlcpy. The arguments the function receives are assumed to be correct! (I may have repeatedly mentioned this idea, but what do I know?) A bet that has been lost many times was your way of indicating your approval, I guess.

Why not go for 100%? And include the developers of every other language while you're at it.

Nope. I'm not into religious wars. [...] One *can* develop reasonably safe code in many languages; in some even seriously safe. [...] With the languages I mentioned that's different.

Developing reasonably safe code in C is not possible? Or is it harder?

And why do you (who is not into religious wars) decide to call 99% of C/C++/java and the like developers irresponsible fumblers and gamers until we have reached the point that there are (widely available) communication channels that are provably secure and confidential (which includes trustworthy hardware, too). Can't developers that follow your religion do anything themselves?

Sorry, I'll cut [the bit about for and while. Obviously you are lacking the necessary knowledge and understanding. No problem, you probably have strong spots elsewhere, maybe in arabic (which I don't speak at all).

You can't refute an argument made by a person who (you say) is ignorant and incapable of reason? You'd think those are the easy ones.

Same for "did work or not?" vs. "return (and side effect) values".

Pointing out just one factual or logical error in what I wrote there shouldn't be too hard. I'll even help. You seem to be referring to the part of this comment that starts with In general, a function could leave a variable in an unspecified (not "unreliable") state. and ends with Or maybe that function gets onto the net, into the guidance system of the nearest missile silo, points a missile at you, and fires! Hey, it could happen! Just the one.

I *know* the assumptions well. I had them myself. "*I* wrote the caller and so I damn know that the buffer to callee is allocated and large enough" for instance is an assumption that I made hundreds of times myself. Usually it was correct. But sometimes it wasn't. [...] If we want safe code we must have clear prepositions and domains. We must know-for-sure and not "reasonably assume".

And you say that you're saying what the OpenBSD guys are saying? There is no way the callee knows for sure that the arguments the caller has passed it are correct. There is NO OTHER OPTION but for the callee to "assume" they are, as you put it, and for the caller to be solely responsible here. I think I have mentioned this general idea several times now.

Just look at heartbleed or a gazillion of other problems. Usually the problem is a "reasonable assumption" - just like those you like.

We are not discussing my preferences with regards to C.

If I hand over the size of a buffer expressly then [the] callee is guaranteed (well, as far as one can guarantee anything in C) that buffer is of a certain size.

And that is just as far as when the caller is responsible for providing a large enough buffer. The guarantees are equally strong. Once you understand that point, the rest isn't too hard.

Not my circus. I hear they're looking for a clown, though.

Congratulations. You got that position and I have no doubts that you will fill it well.

They didn't think I was funny. Ist mir eigentlich auch völlig wursch.

Clive RobinsonApril 29, 2017 4:34 AM

@ Ratio,

The caller could still be mistaken, though. The callee still has no way of knowing if the information passed by the caller corresponds to reality.

That's because at the end of the day there is no computer language from assembler upwards that can make that guarentee. Even when the size of a data object is embedded in the object when it is created, it's still only "advisory".

To make such a guarantee the size of the data object would have to be fundamental to the design of the computer hardware and immutable.

Which brings us to,

Developing reasonably safe code in C is not possible? Or is it harder?

The answer depends on how you define "reasonably".

In safety critical systems on the hardware side it is axiomatic that things will fail. Further it is assumed that systems can be designed to "fail safe" in most cases, thus they should be designed that way. However this is based on a definition of how components "reasonably" fail. To compensate for this you are usually required to have two or three protection systems in series with limiting components inbetween. In effect it is a simple voting system, if any one series component fails Open Circuit then protection is achived. It would require all series components to fail Short Circuit for the protection system to fail. Thus if you look at "The operating modes" --not their probabilities of a mode-- then with two series components each has three states O/C, normal, S/C thus there are 3^2 modes only one of which will cause harm or ~11.1%, with three there 3^3 modes thus ~3.7% of harm.

You can look at software systems in the same way, that is you can add safety features that will reduce the odds of things failing "unsafe" which is one of the ideas behind "Design by Contract". Where you put multiple checks in the interface. Whilst it's not impossible for them to all go wrong, it does reduce the chance that it will not get picked up before harm is done.

ab praeceptisApril 29, 2017 7:27 AM

Ratio

openssl != OpenBSD plus: Being bound to posix, OpenBSD developers are limited.

As for caller(callee: getting bufsize from caller callee *can* make some basic checks. While, of course, the values given (usually) can't be proven to be correct, you can see them a two forms of communications. One between caller and callee where, of course, caller can lie but that's still better than "don't know. shut up, just trust". Plus a communication with the programmer who, by handing over a bufsize, is in the situation to expressly think about it.

Like thus: a) "Here's a buffer. Put x bytes into it. Don't ask, don't think, just obey" vs b) "Here's a buffer of size s. Put x bytes into it" (desirable: "and then let me know whether everything went OK").

"Developing reasonably safe code in C is not possible? Or is it harder?" - It is possible but not in the way C code is created and handled in > 99% of cases. noise is just another bad case.
Which brings me to my final point and maybe the reason why the two of us differ so strongly:

Reasonably safe code in C is - as far as I'm concerned - necessarily and unconditionally *verified* (annotated and checked) code. Which i.a. translates to "Yes, bufsize *can* be checked and *is*". It btw, also translates to the verifier shouting at you if you dare to not expressly give a bufsize. Being at that, so do even lowly Misra checkers and the like.

ab praeceptisApril 29, 2017 7:40 AM

Clive Robinson

Yes and no. 2n (or even more) + 1 hardware checks are something we hardly ever do in software (Yes there are exceptions). We rather tend to abstract code into a representation that is well digestible for tools which look at it somewhat like mathematical propositions, check domains (at least in intervals), etc..
Which is much more complicated than most hardware schemes in some ways and simpler in others.

One point that I personally find intriguing and interesting in digital hardware that nature isn't digital but analog, which, I'm sure is a funny (probably not so much for the engineers doing it *g) source of weird problems.

For software people the world is in a way ideal. There are 0s and 1s and that's about it. They just don't somehow magically switch or, god forbid, vanish.

On the hardware side the game is quite different. There one task is to even have those 0s and 1s stable which, to use a scenario rich in contrast, e.g. in high altitudes isn't an easy undertaking.

Plus, of course, a large zoo of other problem animals.

WaelApril 29, 2017 4:35 PM

@Nick P,

That's a long one! It'll have to wait for The Weeknd :)

Forgive me if I don't keep my word. The eyes are hurting and I need to give'em a break.

Nick PApril 29, 2017 5:48 PM

@ Wael

It's all good. I found something else interesting looking at current state of RTOS's. I somehow missed that one company managed to turn Windows into a RTOS by modifying its HAL. Kind of neat even if I'd go a different route. They almost made it to the concept of separation kernels + untrusted VM's. Close but no cigar!

RatioApril 30, 2017 1:24 AM

@Clive Robinson,

[The callee still has no way of knowing if the information passed by the caller corresponds to reality and that is because] there is no computer language from assembler upwards that can make that guarentee.

What I was aiming at was that there is still no way for the callee to know if the size of the buffer as passed as an argument by the caller corresponds to the actual size of the buffer.

To make such a guarantee the size of the data object would have to be fundamental to the design of the computer hardware and immutable.

Not sure what specifically you're referring to, but this whole discussion is about C at the language level and up.

@ab praeceptis,

openssl != OpenBSD plus: Being bound to posix, OpenBSD developers are limited.

What gave you the impression I thought OpenSSL and OpenBSD are the same thing? If it's the occurrence of the world OpenSSL in my latest comment, you can remove the part that says even in "secure" code such as openssl from my quote of one of your earlier comments if you like; it's not relevant for my argument.

The OpenBSD developers are not bound by POSIX when they design and implement a new function called strlcpy. You say that they care about security and are knowlegable, so it might be instructive to see what knowledgeable developers who care about security decide to do. As I mentioned in my latest comment, you'll see there's no second guessing, no checking, no warning, no nothing inside strlcpy. The arguments the function receives are assumed to be correct!

So (to finally circle back to the function you pasted that started all this discussion), what would it take to bring noise_rand_byte up to the careful, knowledge level of buffer handling of strlcpy?

  • Checking if the pointer to buffer argument actually points to a buffer? strlcpy doesn't do that.
  • Checking the size of buffer? strlcpy doesn't do that either.
  • Taking the size of the buffer as an argument? strlcpy actually does that.
  • Anything else? strlcpy doesn't do antyhing else.

So fixing noise_rand_byte consists of:

  1. Changing
    \param size The number of random bytes to obtain.
    to
    \param size The size of the buffer to fill.
    in the description.
  2. Changing the comment that says
    /* We have the bytes we wanted */
    to
    /* We have filled the entire buffer */
    (You know, to avoid any possible confusion.)

Voilà, noise_rand_byte with buffer handling like the OpenBSD designed and implemented strlcpy and not a single code change required.

WaelApril 30, 2017 1:48 AM

@Nick P,

turn Windows into a RTOS by modifying its HAL

Sounds familiar although I can't claim for sure I knew about it.

They almost made it to the concept of separation kernels + untrusted VM's. Close but no cigar!

Who's smoking the Cubans these days, then? Symbian or other capability based kernels?

Clive RobinsonApril 30, 2017 4:30 AM

@ ab praeceptis,

Yes and no.

It is ever thus, hence debate ;-)

Which is much more complicated than most hardware schemes in some ways and simpler in others.

It also depends on how you view it. Most descriptions of "voting protocols" are as you say 2n+1.. But they are viewed by most as being in parallel as that is the way they are usually presented, even in post-grad education.

The thing is there is a well known transformation from parallel to serial atributed to George Boole and his "Laws of thought (1854) and extended by Augustus De Morgan back in Charles Babbage's time. It can be easily seen by inverting the operator behaviour, thus any switch opening in a series string has the same effect logic wise as any short circuit to ground of parallel switches.

Mostly software is developed as a series of steps in a defined sequence for a single CPU core, and as such a sequence of checks carried out in series is as much a voting protocol as checks carried out simultaniously, by parallel hardware and software, just slower.

Similarly checking a variable is first above a given value and then below another value has the same result as a hardware analogue window comparator. Similar analogues can be made to all such systems of checks.

The important thing to note is some languages support the checking of ranges implicitly, raising an exception if a programer tries to assign an out of range value. In other languages the programmer has to explicitly do the high and low checks, which is usuall more error prone. Thus taking such things out of the programers reach has three advantages, firstly it's less "human error prone", secondly it "reduces the clutter" in the program source making other errors more visable, thirdly it can be verified correct with one simple test. These three advantages are just one set of reasons why high level languages with strong types are generaly not just better but faster in production than either low level languages or weakly typed languages. The downside however is executable code bloat and thus slower execution, both of which were very undesirable fourty to fifty years ago when resources were way more constrained than they are today.

It's an argument I've made befor about the types of programmers. Where you have those who's job is mearly to cut code into applications and get them feature rich to market in short order which favours the artisanal approach. And those who actually take a much more rigorous and formal engineering approach that produces correctness not just in normal code execution but in abnormal as well. I've further argued that as the latter is not just more time consuming it requires considerably more training and a mind set that is not common, they would idealy design and build "safe" components or widgets for others to "script together". That way you would increase general code safety / security whilst still keeping the market(ing) requirment for fast production cycles and feature rich code.

Clive RobinsonApril 30, 2017 5:02 AM

@ Ratio,

What I was aiming at was that there is still no way for the callee to know if the size of the buffer as passed as an argument by the caller corresponds to the actual size of the buffer.

The problem is not just a "buffer issue" it applies to all data types that are not explicitly implemented in the CPU hardware design.

Take something as simple as an unsigned integer, which is one of only two default data types in a CPU. If you have a 16bit register writing anything between 0 and 65535 using arithmetic operators is generaly not a problem (though logical / bitwise operators can be). Problems start when you have either large integers made of multiple 16bit words or you have signed integers or worse both.

Because when you pass values into subroutines there is no explicit metadata saying what type or part of a type they are, you are passing 16bit integers plain and simple. That then have to be interpreted by the subroutien by implicit metadata in the call handling code in the compiler.

That's the reality of what goes on at the assembler level and thus in all languages higher than that.

To forget that is asking to get bitten in the tail at some point in your programing career, the higher level the language the more poisonous the bite when it happens. Often it will lurk mostly unseen in some compound data type you build and only on rare / dificult to find occasions will it bite.

ab praeceptisApril 30, 2017 5:49 AM

Ratio

You can turn it all day long and still are not right. One reason is that you are looking too much from diverse perspectives, e.g. social ones, rather than from technical ones.

Example: What you just told about strlcpy. What you fail to recognize is that strlcpy *does have* both "desired size" and "buffer size" but the noise... function doesn't.
Why? Because the source strlcpy copies from *does have* a size because being a C string src it by definition has a length. If it hasn't due to a dev. error then that can be handled as a string too large (in relation to dst buffer.
The noise... thingy, however, doesn't. That's why the "desired length" parameter is a) *needed* and b) *not* just another or weird way to specify the size of the dst buffer.

So strlcpy needs just the size of dst. buffer while noise... thingy neeeds both, dst. buffer size - and - desired number of bytes.

Your bringing up OpenBSD strlcpy was mistaken in the first place.

it might be instructive to see what knowledgeable developers who care about security decide to do

Depends on their evolution, insight, and other factors. What OpenBSD developers do, i.e. developers who for whatever reason are stuck in C (the probable one being that their code base as well as their universe ("unix") is C/C-minded) is demonstrated i.a. in strlcpy which, btw, describes quite well another difference, namely the difference between solid, knowledgable, reasonable, and well intended unix developers vs. security obsessed software engineering (which may i.a. be applied to OSs).

Would I like to pick OpenBSD developers for a project to build, say, a better replacement for tls? No! Their whole mindset would be miles away from what I'd need. Would I pick those same developers if I were, say, to work over existing tls so as to make the existing C implementation at least reasonably well coded? Yes.

In other words: I do *not* consider OpenBSD developers to be high end security developers; that's just not their universe. But I do - and will continue to, no matter how you abuse it - call them a bunch of about the best one can get in the C world.

It also seems, btw, you somehow mistook OpenBSD as being a secure OS. It is *not* and, from what I know, it never strived to be. OpenBSDs goal, from what I saw, is to be a good and safe implementation of BSD (which they came nicely close to).

You might want to think over your post(s) again, now that I have shown you what you ignored re. noise... vs strlcpy. And again: That's still just the universe of "doing *not* secure design in the C world at least properly" and *not* the universe of safe and secure software.

ab praeceptisApril 30, 2017 6:06 AM

Clive Robinson

I seem to be the bad guy around here, the one with whom one likes to quarrel before taking any point, no matter how evident. You, on the other hand, are the well accepted, well liked, well (and soft) mannered, always friendly and patient (plus native english speaker) man with lots and lots of knowledge around here.

Maybe they'll take it from you. I'd hope so.

Thanks also for hinting that well designed languages aren't slow anymore. And btw. I remember the old Turbo Pascal times; yes, I could do somewhat faster code in C but generally speaking Turbo Pascal code was certainly not slow.
And frankly, those "If you need fast code you need a powerful hardcore language (usually meaning C) and not a whimpy safety obsessed one like Pascal" isn't exactly bright anyway. That attitude is quite similar to vendors showing performance graphs with a large offset so as to make their product look much superior when, in fact, the difference is rather small.

Why? I sometimes needed something (like e.g. md5) *really* fast. In those cases I invariably turned to ASM. Speed gains (vs. C -O2) were 5 to 10 times faster and even 50 times faster are not unheard of.

So, when putting things properly into perspective the difference between C and Pascal, Modula, Ada are ridiculous and insignificant anyway - but with C being one the ugly side in terms of reliable and safe code.

Being realistic and bringing the *real* costs of development and of bugs into the equation, Pascal or Ada shine and might well be the real winners.

RatioMay 2, 2017 3:50 AM

@ab praeceptis,

One reason [you are wrong] is that you are looking too much from diverse perspectives, e.g. social ones, rather than from technical ones.

My perspective has been mostly technical with some human factors mixed in; in the end it's not just about the technology but also how people use it. For example, you want to have annotated and verified code, and that's not because of computers but because of humans.

[...] strlcpy *does have* both "desired size" and "buffer size" but [noise_rand_byte] doesn't. [...] the source strlcpy copies from *does have* a size because being a C string src it by definition has a length.

The length of the source string isn't the "desired size"; it's the length of the source string (the one you've got), not the length of the destination string (the one you'd like to have).

If it hasn't due to a dev. error then that can be handled as a string too large (in relation to dst buffer).

Right, because the size of the destination buffer is a hard limit on the number of characters that will be copied.

[noise_rand_byte], however, doesn't. That's why the "desired length" parameter is a) *needed* and b) *not* just another or weird way to specify the size of the dst buffer.

The new noise_rand_byte has an argument to indicate the buffer size; it will try to fill this whole buffer with random data that it obtains from the infinite stream of randomness known as /dev/urandom.

It's like your example of a string without a length, but with an implicit source. And what would strlcpy look like with an implicit source to copy from? It would have two arguments instead of three: the destination buffer and its size. But ... that's exactly what noise_rand_byte looks like! Now, why would that be?

Your bringing up OpenBSD strlcpy was mistaken in the first place.

Not likely.

In other words: I do *not* consider OpenBSD developers to be high end security developers; that's just not their universe. But I do - and will continue to, no matter how you abuse it - call them a bunch of about the best one can get in the C world.

What language was noise_rand_byte written in again?

Schluss mit dem Quatsch.

ab praeceptisMay 2, 2017 9:17 AM

Ratio

I'll end this now. It's obvious that you keep on just to somehow "win" no matter what. Moreover, pardon me, it's obvious that you either haven't understood some relevant and important concepts or don't care about them.

You think doing safe, let alone secure software in C and in the "common C style" is great? No problem, I wish you lots of fun with noise, openssl, and other fruits of C hacking.
Have a nice day.

RatioMay 2, 2017 8:18 PM

@ab praeceptis,

I'll end this now.

Except you then don't.

It's obvious that you keep on just to somehow "win" no matter what.

Oh, how inappropriate of me, I used facts in response to your errr... "non-facts".

(Show me one factual or logical error in my latest comment. Just one. Go on.)

You know how I can't "win"? If you'd use actual facts and valid inferences from those facts. It would make for a more interesting discussion, too.

Moreover, pardon me, it's obvious that you either haven't understood some relevant and important concepts or don't care about them.

That's a nicely vague accusation that is irrelevant to the the discussion. A nice red herring / ad hominem combo.

Let's just stipulate I understand nothing and don't care about anything. Is the correctness of my statements affected by this state of affairs? No, it's not. Argue facts, not personalities.

You think doing safe, let alone secure software in C and in the "common C style" is great? No problem, I wish you lots of fun with noise, openssl, and other fruits of C hacking.

Same goes for Ada and the fireworks that were Ariane 5 flight 501. Or mathematics and 2 + 2 = 5. Or natural language and "the Earth is flat". (And what do these things have in common?)

Finally, I have not stated my opinion on the use of C for the development of software of any kind.

RatioMay 2, 2017 11:31 PM

I almost forgot...

echo -n $THAT_THING | sha256sum

should say

adf26fbabc03f4c2baed67edd8501b5b2ac7335998381604b083590561ea8215

Anonymous CowardMay 13, 2017 7:18 PM

@ab praeceptis

It also seems, btw, you somehow mistook OpenBSD as being a secure OS. It is *not* and, from what I know, it never strived to be. OpenBSDs goal, from what I saw, is to be a good and safe implementation of BSD (which they came nicely close to).
Unless a specification mandates backdoors, doesn't correctly implementing it imply not having any security issues?
Aren't most security issues (besides with specifications that require sigint enablement) bugs that can affect code not just with regard to security but also usability and/or reliability and/or availability?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.