Friday Squid Blogging: Squid Communications

In the oval squid Sepioteuthis lessoniana, males use body patterns to communicate with both females and other males:

To gain insight into the visual communication associated with each behavior in terms of the body patterning’s key components, the co-expression frequencies of two or more components at any moment in time were calculated in order to assess uniqueness when distinguishing one behavior from another. This approach identified the minimum set of key components that, when expressed together, represents an unequivocal visual communication signal. While the interpretation of the signal and the associated response of the receiver during visual communication are difficult to determine, the concept of the component assembly is similar to a typical language within which individual words often have multiple meanings, but when they appeared together with other words, the message becomes unequivocal. The present study thus demonstrates that dynamic body pattering, by expressing unique sets of key components acutely, is an efficient way of communicating behavioral information between oval squids.

News article.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Tags: ,

Posted on May 5, 2017 at 4:05 PM265 Comments

Comments

Ben A. May 5, 2017 4:12 PM

CRITICAL Security warning for users of Mailvelope in Firefox

German secure email service Posteo paid for a security audit of Mailvelope “a critical vulnerability was found in the interaction between Mailvelope and Firefox.”

https://posteo.de/en/blog/security-warning-for-users-of-mailvelope-in-firefox

CRITICAL Intel Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability Escalation of Privilege

https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf

Eurocrypt 2017 – Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model

http://bristolcrypto.blogspot.com/2017/05/eurocrypt-2017-parallel-implementations.html

Eurocrypt 2017: On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL

http://bristolcrypto.blogspot.com/2017/05/eurocrypt-2017-on-dual-lattice-attacks.html

A low-resource quantum factoring algorithm

https://eprint.iacr.org/2017/352.pdf

Revised Draft Trump EO on Cybersecurity: May 2017 Version

https://www.lawfareblog.com/revised-draft-trump-eo-cybersecurity-may-2017-version

Leaked: The UK’s secret blueprint with telcos for mass spying on internet, phones – and backdoors

Real-time full-blown snooping with breakable encryption

https://www.theregister.co.uk/2017/05/04/uk_bulk_surveillance_powers_draft/

http://www.revk.uk/2017/05/is-end-to-end-encryption-banned.html

After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts

http://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/

https://arstechnica.com/security/2017/05/thieves-drain-2fa-protected-bank-accounts-by-abusing-ss7-routing-protocol/

Dark-web pedo jailed after FBI and co use vid trick to beat privacy tech

https://www.theregister.co.uk/2017/05/04/pedophile_snatched_on_dark_web/

https://arstechnica.com/tech-policy/2017/05/creator-of-infamous-playpen-website-sentenced-to-30-years-in-prison/

Affidavit:

https://regmedia.co.uk/2017/05/04/website19.pdf

Qubes kicks Xen while it’s down after finding ‘fatal, reliably exploitable’ bug

https://www.theregister.co.uk/2017/05/03/xen_bugs/

More Android phones than ever are covertly listening for inaudible sounds in ads

https://arstechnica.com/security/2017/05/theres-a-spike-in-android-apps-that-covertly-listen-for-inaudible-sounds-in-ads/

http://threatpost.com/ultrasonic-beacons-are-tracking-your-every-movement/125484/

Not-so-secret DOD “spy drone” footage, live on the Internet

“Kenneth Lipp, a contributor to the Daily Beast, was doing what amounts to a random search on the security search engine Shodan when he discovered what appears to be a Web console for full-motion video feeds from two Predator drones.”

https://arstechnica.com/information-technology/2017/05/not-so-secret-dod-spy-drone-footage-live-on-the-internet/

Director of National Intelligence Releases 2016 Transparency Report

https://www.lawfareblog.com/director-national-intelligence-releases-2016-transparency-report

The Promises and Perils of Emerging Technologies for Cybersecurity

https://www.lawfareblog.com/promises-and-perils-emerging-technologies-cybersecurity

Louisiana DA’s Office Used Fake Subpoenas To Trick People Into Talking

“If defense lawyers did this, you can bet the local prosecutor’s office would be there in an instant to file charges. But since it’s a prosecutor’s office doing it, local prosecutors see nothing wrong with lying to witnesses to obtain testimony.”

https://www.techdirt.com/articles/20170428/20250437262/louisiana-das-office-used-fake-subpoenas-decades-to-trick-people-into-talking-to-prosecutors.shtml

Password reuse, credential stuffing and another billion records in Have I been pwned

https://www.troyhunt.com/password-reuse-credential-stuffing-and-another-1-billion-records-in-have-i-been-pwned/

Proposed NIST Password Guidelines Soften Length, Complexity Focus

http://threatpost.com/proposed-nist-password-guidelines-soften-length-complexity-focus/125393/

TLS verification vulnerability in LibreSSL 2.5.1-2.5.3

“LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if SSL_get_verify_result is relied upon for a later check of a verification result, in a use case where a user-provided verification callback returns 1, as demonstrated by acceptance of invalid certificates by nginx.”

http://seclists.org/oss-sec/2017/q2/145

A Trick That Hides Censored Websites Inside Cat Videos

“The technique uses popular sites as camouflage for banned ones.”

https://www.theatlantic.com/technology/archive/2017/04/a-system-that-hides-censored-websites-inside-cat-videos/524247/

OWASP top ten – Boring security that pays off

https://blog.malwarebytes.com/security-world/2017/05/owasp-top-ten-boring-security-that-pays-off/

Google Doc phishing story takes some bizarre turns

https://nakedsecurity.sophos.com/2017/05/04/student-claims-google-docs-blast-was-a-test-not-a-phishing-attempt/

https://nakedsecurity.sophos.com/2017/05/05/google-phish-thats-a-worm-what-happened-and-what-to-do/

https://www.theregister.co.uk/2017/05/05/google_paid_bounty_for_bug_behind_docs_drama_five_years_ago/

https://arstechnica.com/security/2017/05/google-phishing-attack-was-foretold-by-researchers-and-it-may-have-used-their-code/

Don’t panic, Florida Man, but a judge just said you have to give phone passcodes to the cops

https://www.theregister.co.uk/2017/05/03/florida_passcode_unlock_phone_cops/

Sextortion suspect must unlock her seized iPhone, judge rules

https://arstechnica.com/tech-policy/2017/05/judge-miami-reality-tv-star-must-unlock-her-iphone-in-extortion-case/

AsusWRT sends network traffic data to Trend Micro if certain features enabled

https://ctrl.blog/entry/review-asuswrt

Edge displays “123456” in PDF but prints “114447”

https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/11896203/

Adware the series, part 1 and part 2 [part 3 coming soon]

https://blog.malwarebytes.com/puppum/2017/04/adware-the-series-part-1/

https://blog.malwarebytes.com/puppum/2017/05/adware-the-series-part-2/

How to explain zero-knowledge protocols to your children

http://pages.cs.wisc.edu/~mkowalcz/628.pdf

ab praeceptis May 5, 2017 5:07 PM

Ben A

Thanks for providing a lengthy and interrupting the flow rehash of HN. I’m quite enthusiastic also about the mix: just about everything ranging from meaningless (to the world) internal bowel movements of the us of a (“district attorney found picking her nose!”) to meaningless (“double Block Korkine Zolotarev against LWE”). I particularly enjoyed the source of a wikipedia bit on ZK.

If I may I’d like to add a wee bit of criticism: there is no apple pie how-to.

ab praeceptis May 5, 2017 6:27 PM

Grauhut (May 5, 2017 5:49 PM)

The evil Russians (TM)! That was the evil Russians (TM)!!1!

Who else (besides all of the nato countries spook agencies) would do such an evil thing?
And how handy! macron hasn’t hardy finished vomitting his accusations about evil Russians (TM) hacking him, et voilà, it happens.

I’m wondering, though, how the evil Russians (TM) do evil hacking. After all, as everybody in the west knows, them Russians are always drunk and if they have computers at all then they are rusty and from the seventies!

I bet it was their navy seals! -> https://www.youtube.com/watch?v=0-unYZ6ltfI

Thoth May 5, 2017 6:34 PM

@all

re: Mailvelope vulnerability

JavaScript crypto at it’s best and also it shows the problem of browser technology. Mailvelope is essentially not suitable for real world circumstances and many PGP software aren’t equipped to handle advanced real world threat of having their private keys read out. The option of OpenPGP smart cards have existed for ages and its’ applets exist in many flavours of implementations ranging from closed source (official OpenPGP card that supports GnuPG) to open source JavaCard formats which even I have worked on some parts of it.

We can continue to cover our own eyes and use systems and solutions not designed for making attackers life much harder or we can at least start to adopt more higher assurance methods and improve our personal security and privacy by moving away from implementations that clearly not only do not yield security benefits but may result otherwise.

Mailvelope will be added to Hoilydays list too.

ab praeceptis May 5, 2017 6:47 PM

Thoth

I’m somewhat bewildered to see that you dignify a firefox plugin/add on clusterf*ck with a response at all.

Isn’t that exactly what all those add ons and plugins are created for -> clusterf*ck?

Note: This post was written using the firefox plugin protector plugin. Will soon be part of systemd.

My Pet Goat May 5, 2017 9:54 PM

RE: website 19.

I don’t know why The Register is pretending that this isn’t Playpen, it is obviously Playpen. For those who are interested in more details the FBI recently posted a document containing many statistics about its investigation.
Summary at this link:

https://twitter.com/bradheath/status/860534812192493570

As usual, the FBI offers no sources for its data so take it with a healthy dose of skepticism.

My Pet Goat May 5, 2017 9:59 PM

Obviously the FBI is the source of its own data. What I meant to say was that there is no independent confirmation of the FBI data so take it with a healthy dose of skepticism–the FBI is not a neutral, disinterested party.

Spooky May 6, 2017 12:40 AM

I did not see it in the vomitus disgorged above… but there was a leaked technical draft in the UK detailing how their spooks intend to put the citizenry over a barrel. All telcos and ISPs will soon be required to give up the goods (all data collected by mandate, as well as all data collected for commercial purposes) on any citizen within 24 hours of an official request being made. There was also a bit of gibberish about outlawing the commercial use of end-to-end crypto, which I find a bit odd because it already exists and is already widely used. And has been for many decades, esp. by the banking and military sectors. If it is forbidden in commercial products, will it be forbidden to individual citizens to manually encrypt their own communications? It’s pure rubbish. The the current U.S. administration would love to have similar legislation on the books, rest assured.

Ah, one nice story from above: it’s good to see people finally starting to publish useful attacks against those early implementations of lattice algorithms (one alleged post-quantum computing replacement for current public key algorithms, which are expected to be greatly weakened once widespread qc resources can be cheaply directed against them {factoring with Shors, etc} ). It is not esp. clear to me whether all current algos are at necessarily at risk, tho–discrete log and ECC have both managed to avoid significant qc-exploitable attacks, yes?

And finally that old chestnut, Intel ME. “It’s not a backdoor.” “It’s a backdoor.” “No, it’s not.” “Wait, crap. Yes, it is.” Sigh. It never should have been put there in the first place. I am quite happy using my older pre-ME hardware (thanks to BSD and Linux), it looks as though the service life of that old kit will be extended by another decade…

Cheers,
Spooky

Ben A. May 6, 2017 9:18 AM

@ab praeceptis

Many of those articles weren’t published on “HN” although, even if they were, not every visitor to this site will read HN and/or may not necessarily be aware of them hence me posting the ‘best’ stories. In my post I have included links with additional/differing commentary to help readers appreciate both sides.

@Grauhut

Good Twitter account. I see he reposted Tavis Ormandy’s most recent discovery –

“I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way.”

https://twitter.com/taviso/status/860679110728622080

@Spooky

The UK story is there and here’s the link to the leak:

https://regmedia.co.uk/2017/05/04/technical-notices-draft-ipa.pdf
https://www.theregister.co.uk/2017/05/04/uk_bulk_surveillance_powers_draft/ [Source]

The Intel vulnerability affects vPro processors. Prosumer devices use them but the majority of consumer devices don’t. Ironically this’ll affect businesses more than consumers but there are other known [and unpatched] vulnerabilities.

@Thoth, @All

Whilst Mailvelope is a browser add-on it’s a very popular one at that and it’ll affect a number of people. GnuPG is more difficult for the average person to use and whilst Javascript crypto is far from ideal it provides a workable solution for many.

I only discovered the other day, hidden in the depths of the GPG man verbiage, that there’s an option to “–list-packets” for debugging purposes. The amount of options “–dump-options” is mind boggling so I’m not surprised people want the convenience of a browser add-on.

“We can continue to cover our own eyes and use systems and solutions not designed for making attackers life much harder or we can at least start to adopt more higher assurance methods and improve our personal security and privacy by moving away from implementations that clearly not only do not yield security benefits but may result otherwise.”

Mailvelope does make an attackers life much harder because they have to find a way to break into one of the endpoints instead of ‘just’ breaking email TLS. That’s a good level of security and I wish everybody would use PGP even if just through a browser add-on.

You’re never going to get the masses adopting higher assurance methods and that’s a barrier to adoption. If fewer people adopt PGP then it turns the suspicion on those people who care about security because the traffic looks more suspicious.

Look at WhatsApp. Everything is now encrypted and that makes using it not suspicious. Those who want to further encrypt their messages (OTPs) can do so within an already encrypted application. Let’s not start about the inherent insecurity of the mobile stack because I’m outlining the main issue of day-to-day adoption of encryption.

WhatsApp have made everybody more secure by making encryption mainstream. A few year back that would have been unimaginable.

Compare WhatsApp usage to people who use smartcard implementations. Virtually nobody. I know few people who bother to even use a password manager; I don’t know anybody who uses a Mooltipass (smartcard based password manager).

Also smartcards don’t work with the majority of mobile telephones although that’s a separate discussion. Some people do use PGP via their mobile and having a smartcard would disrupt the flow.

Little steps is what’s needed.

KISS May 6, 2017 10:59 AM

@tempid

Thank you for your concise and thought provoking response regarding transitioning or choosing email providers:
https://www.schneier.com/blog/archives/2017/04/friday_squid_bl_575.html#c6751385

One link led to another link and this from Tom Leek:

“Here is a dramatization of how the communication goes, when a mail is received anywhere.

Context: an e-mail server, alone in a bay, somewhere in Moscow. The server just sits there idly, with an expression of expectancy.
Server:
Ah, long are the days of my servitude,
That shall be spent in ever solitude,
‘Ere comes hailing from the outer rings
The swift bearer of external tidings.
A connection is opened.
Server:
An incoming client ! Perchance a mail
To my guardianship shall be entrusted
That I may convey as the fairest steed
And to the recipient bring the full tale.
220 mailserver.kremlin.ru ESMTP Postfix (Ubuntu)
Welcome to my realm, net wanderer,
Learn that I am a mighty mail server.
How will you in this day be addressed
Shall the need rise, for your name to be guessed ?
Client:
HELO whitehouse.gov
Hail to thee, keeper of the networking,
Know that I am spawned from the pale building.
Server:
250 mailserver.kremlin.ru
The incoming IP address resolves through the DNS to “nastyhackerz.cn”.
Noble envoy, I am yours to command,
Even though your voice comes from the hot plains
Of the land beyond the Asian mountains,
I will comply to your flimsiest demand.
Client:
MAIL FROM: barack.obama@whitehouse.gov
RCPT TO: vladimir.putin@kremlin.ru
Subject: biggest bomb

I challenge you to a contest of the biggest nuclear missile,
you pathetic dummy ! First Oussama, then the Commies !
.
Here is my message, for you to send,
And faithfully transmit on the ether;
Mind the addresses, and name of sender
That shall be displayed at the other end.
Server:
250 Ok
So it was written, so it shall be done.
The message is sent, and to Russia gone.
The server sends the email as is, adding only a “Received:” header to mark the name which the client gave in its first command. Then Third World War begins. The End.

Commentary: there’s no security whatsoever in email. All the sender and receiver names are indicative and there is no reliable way to detect spoofing (otherwise there would me much fewer spams).”

https://security.stackexchange.com/questions/9487/how-can-paypal-spoof-emails-so-easily-to-say-it-comes-from-someone-else?noredirect=1

Other links regarding email include:
https://www.eff.org/who-has-your-back-government-data-requests-2015 ; sort-of out of date
https://en.wikipedia.org/wiki/Comparison_of_webmail_providers
https://prism-break.org/en/categories/windows/ ; search “email”

Grauhut May 6, 2017 11:01 AM

@ab praeceptis:

“Send mails only according to that maxim whereby you can, at the same time, will that it should become universally leaked.”

(Kant on email 🙂

Hopping Mad May 6, 2017 11:03 AM

… males use body patterns to communicate with both females and other males:

In other news, so do male humans from inner cities. Namely, young males are observed to to walk with a certain gait called a swagger, (no — never a sway &mdash that would be too feminine,) wearing boxer shorts, chains on their wallets, and low-slung jeans, sometimes with a bandanna of a certain color hanging out of their back pocket.

Teenage high-school girl-level research.

Back Door Man May 6, 2017 1:28 PM

Thanks for the heads-up, Mister Preceptis! The crack spies of TAO will assuredly bump these high-value Xen exploits to the very front of the queue. No doubt TAO will get right on it after they’re done with their top priority XKeyscore search on the selectors Ivanka and mulatto_cock

Ben A. May 6, 2017 1:50 PM

The hijacking flaw that lurked in Intel chips is worse than anyone thought

Turns out Intel didn’t publish an additional authentication bypass;

“With a little help of the local proxy at 127.0.0.1:16992, which is
meant to replace the response with an empty string, we’re able to manage the AMT via the regular Web browser as if we’ve known the admin password”

https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/

Clive Robinson May 6, 2017 2:29 PM

@ ab praeceptis,

In other words: There is no such thing as a “secure OS” on an insecure hypervisor.

Now follow that thought down through the assembler, CPU, memory, down down untill you get lost in those quantum events…

It’s why I keep talking about the next level down in the compuring stack and bubbling up attacks.

You realise that for mear mortals securing a single instance of a computing stack is not possible. Thus you have to “mitigate” by other means.

‘s why I realy do not take seriously most of the secure computing initiatives / projects because they are –nearly– all currently based on false assumptions.

It’s why I can take OpenBSD moderatly seriously but qubes not at all and have said as much in the past. As for the woman in charge, she appears to realise the game is up as she spends way way to much of her time networking at seminars etc, rather than sort out qubes…

I’m sure there will be those that disagre and say something along the lines of “we’ve got to work with what we’ve got” without realising the invested time/effort effect. Make do only leads to lack of momentum thus we get stuck with what might have once passed as adiquate long long after it’s become not just a liability but in effect a cell on death row.

ab praeceptis May 6, 2017 4:00 PM

Clive Robinson

Two quick remarks.

I see a considerable danger in qubes and similar as they risk to lull users into an utterly wrong perception of being secure.

And: Yes, it’s a long and ugly way (largely thanks to stupid, careless, greedy profit driven people, usually in the us of a). And yes, creating, say a really safe OS seems useless as the whole stack, hardware and software, must be safe to get a safe system.

On the other hand that’s a classical problem; Each of A, B, C, D, and E pointing at the others and saying “it’s not sensible anyway to do my part well as without all the others doing too we won’t arrive”.

My (and certainly not just my) response: “Fck you! *All of us will work and each bit of work that is done is some progress that also positively influences the other parts!”

And btw, man does it feel good, to have even just a small block, say prng of good quality, modelled, examined over the full domains and ranges, and implemented in spark’ed Ada!

YearOfGlad May 6, 2017 4:10 PM

All,

I have lurked on this site for a while, and really appreciate reading all the comments, especially the Friday discussion threads.

I’m posting this because it relates to IoT, a popular source of security problems, and because I seem to remember this story or one similar making the rounds of the tech press a few months ago, and wondered if anybody could confirm.

SO ==> This story from IEEE Spectrum is about a former AMD engineer whose startup has developed a kit of clip-on sensors that attach to all the breakers in an electrical panel, and collect extremely fine-grained data about electricity usage, claiming to be able to ID brands of appliances and predict things like electric motor problems.

http://spectrum.ieee.org/view-from-the-valley/energy/the-smarter-grid/want-to-know-whats-happening-in-a-building-listen-in-at-the-breaker-box

How it relates to this blog:

1) The story says this guy started working on this because of suddenly high electric bills right after a new smart meter was installed at his house. Wasn’t there a spirited discussion in the Friday Funnies here some months ago, inspired by a clickbait-ish story about how “Smart meters” were systematically overcharging customers worldwide?

2) This seems like the first useful consumer-level IoT application I have ever heard of. Although actually, it is less IoT than “Private Administrator’s Internet of Carefully Controlled Things” But wasn’t part of the previous discussion about how very granular sampling by a “smart meter” could identify exactly the kind of device info he’s claiming. Also wasn’t there discussion of being able to ID specific programs playing on Smart TVs?

3) Reading the story, did there seem to be some rather large holes in the reporting, like what the sensors actually attached to, and whether electricity goes “in” or “out”, things like that? is this typical of IEEE articles? Was this written by somebody with a journalism degree and not an engineering degree.

Any responses are appreciated.
Thanks,
YoG

Clive Robinson May 6, 2017 5:06 PM

@ YearOfGlad,

I’m the person who usually makes noise about what a smart meter could do…

With regards,

what the sensors actually attached to, and whether electricity goes “in” or “out”

The sensor is a “current transformer” where you clamp it around the cable coming from the local substation that goes into the smart meter “head”.

What they usually are is a split ferrite ring, with between ten and a hundred windings going into the electronics. The cable that carries the actual supply current in effect forms a single turn. Thus just as with a conventional transformer the single turn primary causes magnetic flux in the ferrite core. This flux in turn cuts the output windings which drive a current into a precision load, and the voltage and phase are read out.

Inside the actual smart meter there is not just a current transformer in series but a voltage transformer across the supply. By rapidly sampling both the current and voltage the total power can not just be detected but also the “power factor” as well. Something I dont think the sensor pictuted can do.

Any way Kirchhoff’s (1st) current law based on the conservation of charge, indicates that the sum of the currents entering a node must equal the sum of the currents leaving the node.

Or more simply, measured at any instance the individual electrons flowing through the power supply cable must equal the electrons entering all loads. Therefor you end up with a waveform that is the complex sum of all the individual waveforms. By Fourier analysis you can characterize the “equipment signature” of every active load in the housevand thus not just recognise them but be able to subtract them from the complex wave form. Thus know what equipment is in use at any point in time.

The thing is some loads are not constant such as the number of active transistors in an LCD pannel. A movie or other video signal that constantly changes has a well identified power signiture by which the film etc can be identified, thus an evesdropper can tell what film is being watched. It’s easier to see in smart televisions due to the “high efficiency” ratings the designers want. Thus the power supply in the television has a high “information bandwidth” back to the cable that comes from the street.

Im just supprised that outside of the readers of this blog it has taken solong for other engineers to notice the issue and actually talk about it.

007BSD May 6, 2017 5:15 PM

Re: Qubes bashing.

Yawn. 4 critical Xen bugs in 8 years affecting Qubes that would have enabled an advanced attacker to take over the system.

Hardly time to panic. Plus, Xen can be switched out for any other hypervisor as per the design specs in the future if/when a better option is available.

Meanwhile, we have OpenBSD with it’s whole 35 users this month on bsdstats (opt-in for data collection) vs 25,000 Qubes users and counting.

Maybe the 007BSD doesn’t get the interest of general security researchers (like those focusing on Xen), because, well, nobody uses it? So the claim of “super-secure sauce” is probably unjustified.

Also, Qubes is switching to hardware-based virtualization (HVM) in release 4.x which will solve the problem of PV exploits.

So keep calm, and carry on propagandizing.

Orwel.. I mean Oreo May 6, 2017 5:16 PM

Marshmallow has task manager apps and builtin Apps->Running screen.
I understand Nougat blocked the 3rd party apps for security, but why remove builtin Apps->Running screen? How to know if something is running when it shouldn’t be, like spyware?

ab praeceptis May 6, 2017 5:43 PM

007BSD

Yawn. 4 critical Xen bugs in 8 years affecting Qubes

a) No. 4 critical bugs that are publicly known.
b) Being based on xen was a bad decision. Probably not the only one.
c) The relevant criterion isn’t 4 bugs or 40 or 400. It’s zero bugs. Anything else isn’t secure but in the best of cases less insecure.

Xen can be switched out for any other hypervisor as per the design specs in the future if/when a better option is available.

Iff that happened tomorrow morning first thing that would still be after 4 critical bugs.
You may like it or not but last time I looked qubes still is fixed on xen.

Reminds me of “Sorry, Ma’am, your husband is dead, yes, but rest assured that according to our good intentions that was not supposed to happen”.

Oh, and btw, look up the term “specification”. Hint: It’s not about some PR bubbles.

propagandizing

So, presenting evidence that qubes is not secure is “propagandizing”? No surprise then that qubes is insecure …

Grauhut May 6, 2017 7:50 PM

@007BSD: “OpenBSD with it’s whole 35 users”

Thx, now i know i’m fckn 1337! 🙂

es MaUg May 6, 2017 8:33 PM

In this corner we have ab preceptis. In that corner we have Ed Snowden, who not only uses Qubes but endorses it. Snowden, the guy who made fools of NSA. Before defending our rights he did not choose to wait for ab preceptis to perfect everything. Because by temperament and intellect he’s able to take calculated risks. And in that corner, we have the tag team of Shadowbrokers and Vault 7, who also did not wait for ab preceptis, they went ahead and showed you why you do not have to be paralyzed by fear in a degenerate illegitimate police state like the USA.

Nobody May 6, 2017 8:34 PM

Experian holds a patent on Time Data Linking. They Bought a startup called The 41st Parameter that developed a browser/machine identification tool using this Time Data Linking (tdl). They use the clock within your computer to issue a “fingerprint” of your machine. They claim this tool can work after a completely different OS or hard drive are installed. IT was once marketed as cookie-less tracking. Sorry to be the one to confirm your suspicions.

maymem May 7, 2017 1:50 AM

I can understand the criticism of QubesOS, but please don’t just right it off as “insecure”. It has many other properties, like preventing a misbehaving program from taking out the whole system. An attacker who compromise my everyday VM does not immediately get all my data. It would be interesting to see what other alternatives is out there that is actually usable.

65535 May 7, 2017 2:11 AM

@ Ben, Scissors and others

This is just wonderful!

It would seem that some Three Letter Agency really got its huge Front Door into the majority of American made computers for Business and individuals. Thanks a lot Fort Meade and Intel!

“Intel has confirmed a Remote Elevation of Privilege bug (CVE-2017-5689) in its Management Technology, on 1 May 2017.” –Wikipedia

See an 1/8th of the way down page:
https://en.wikipedia.org/wiki/Intel_Active_Management_Technology

This type of front door/Back door control and spying/fishing into American made Technology really shakes my faith in American built products. As most of the regular commenters know we have been talking about the Intel vPro and Active Management Technology [AMT] problems for years.

Now, Arstechnia is showing, ‘[Update, 5:40pm EDT] A query of the Shodan security search engine found over 8,500 systems with the AMT interface exposed to the Internet, with over 2,000 in the United States alone”… Arstechnica

See about a third down page [Note the actual Shodan link doesn’t seem to work]:
https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/

And this line left me gasping for air:
“Authentication still worked” even when the wrong hash was entered, Tenable Director of Reverse Engineering Carlos Perez wrote. “We had discovered a complete bypass of the authentication scheme.”…-Arstechnia See above link

Now, that the dung has hit the fan, I am still trying to figure our several things:

1] How far back in the Intel chip set line go? Broadwater [sp Broadwell?] or before? I know it not the actual Chip set series but the embedded micro-controller in the Management Engine that is the problem.

https://en.wikipedia.org/wiki/Intel_AMT_versions#Versions
or
https://en.wikipedia.org/wiki/Intel_AMT_versions

2] Who at Intel decided that this flimsy backdoor should cost Intel’s customers money? Was it Intel or the Three letter agencies with their wealth?

“…iAMT may be included for free in devices sold to the public and to small businesses, the full capabilities of iAMT, including encrypted remote access via a public key certificate and automatic remote device provisioning of unconfigured iAMT clients, are not accessible for free to the general public or to the direct owners of iAMT equipped devices. iAMT cannot be fully utilized to its maximum potential without purchasing additional software or management services from Intel or another 3rd party independent software vendor (ISV) or value added reseller (VAR)… a developer’s toolkit software package which allows basic access to iAMT, but is not intended to be normally used to access the technology… Only basic modes of access are supported, without full access to the encrypted communications of the complete purchased management system.” -Wikipedia

https://en.wikipedia.org/wiki/Intel_Active_Management_Technology#Non-free_service_access

3] Does this Intel tool really help work? Or, is it just a stop-gap method to keep customers suing them? How much telemetry does the “tool” spew and can it be used as a backdoor?

“The INTEL-SA-00075 Detection Guide will step you through multiple processes to detect INTEL-SA-00075. For more information, read the Public Security Advisory.”

See: https://downloadcenter.intel.com/download/26755

Does Tenable’s tool work and is it more preferable?

See:
https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability

4] Does disabling Intel’s on board eithernet controllers [wired and wireless] stop the problem? Can you just replace the intel on board NIC with a generic NIC from anyone like Broadcom or netgear? What about laptops and tablets with difficult to impossible to replace on board NICs?

In summary, this news is not good. Further, I shall start to look for open source machines and OSes for my Business customers who seemed to require Wintel boxes and laptops. This Wintel cartel is turning into a big scam.

AlexT May 7, 2017 2:35 AM

I muss say that the AMT story keeps getting scarier by the day… And some of the already exposed issues (such a non existent authentication) are simply unforgivable.

I’d say it deserves (at the very least) a blog post by itself.

Thoth May 7, 2017 2:39 AM

@65535, ab praeceptis, all

“In summary, this news is not good. Further, I shall start to look for open source machines and OSes for my Business customers who seemed to require Wintel boxes and laptops. This Wintel cartel is turning into a big scam.”

It is not just the Wintel cartel. Anything running Intel, AMD or ARM A series chipset is in a highly dangerous position.

It all boils down to the super duper root or Ring -10000 dangerous situation that I mentioned many times. Intel’s AMT/SGX follows the ARM TZ and AMD SP follows both Intel AMT/SGX and ARM TZ and ARM TZ is the granddaddy of them all.

ARM TZ architecture of having a “Secure Partition” that have super duper root privilege on a hardware level was used as a basis for Intel and AMD and many other “Secure Partitioning via a single chipset” architecture and probably might also be dangerous when used on multiple separate chipsets.

In essence, anything that runs on top of Intel, AMD and ARM A series chipsets are totally busted and the proof that the ARM TZ architecture where the “Secure Partition” is implemented and the inner workings are known mostly behind closed industry doors with tonnes of NDAs is an absolutely problematic issue that many in the industry are still turning a blind eye to because of the “milking of the marketing and cash cow” via ARM TZ and it’s variants and spin-offs.

I have mentioned about pervasive NIT exploits similar to the likes of pervasive network eavesdropping and manipulation but most people who architect security simply only are able to see the “if I use proper crypto algorithms I am fine” and simply toss out the idea of “how do I make sure the algorithms are done in more trusted and assured manner” with the excuse that network interception and manipulation are more critical when the real world fact is the opposite where a somewhat more robust and more assured Root of Trust is required and also with ability to verify execution, execute in secure manner, detect tamper in execution and also importantly the correctness of the execution (i.e. avoid logic execution flaws) or at least to segregate the executions into their own enclaves whereby there is no such thing as a super duper root. All these are covered in my topics regarding Secure Execution Environment (especially via smart cards using open standards like JavaCard, MULTOS and ISO compliant platforms).

Secure Execution isn’t enough as there are problems like hardware backdoors and so on where the likes of @Clive Robinson’s Prison architecture is to be used but for now, we haven’t had some form of Secure Execution Environment for the masses so the best thing is to do it step by step and I have already started to design and dig into implementing some sort of my own Secure Execution Environment.

C Sum Ding May 7, 2017 3:24 AM

@esMaug:

we have Ed Snowden, who not only uses Qubes but endorses it. Snowden, the guy who made fools of NSA

Some claim he’s an NSA plant to mislead everybody. What if that is true… How would you feel to know you’d not just been tricked but violated by the NSA with the rest of the Five Eyes Googling in?

Oh and if you believe the US of A public announcements the Russian’s and Chinese as well…

Clive Robinson May 7, 2017 4:39 AM

@ .,

It’s a one-half turn primary, not a single turn

Err no, it’s a one turn with a ferrite ring core. Where only the part of the turn that goes through the ring cause flux in the core. It’s why ferrite ring core transformers have virtually replaced all other power transformers in audio equipment and the like.

The business of half turns does apply to some other core structures, specifically the inbalance caused in the flux in the older style three limb soft iron plate transformers as well as ferrite “binocular” and more hole cores.

Who? May 7, 2017 4:51 AM

@es MaUg

In this corner we have ab preceptis. In that corner we have Ed Snowden, who not only uses Qubes but endorses it. Snowden, the guy who made fools of NSA. Before defending our rights he did not choose to wait for ab preceptis to perfect everything.

Snowden is just a guy that stole a set of classified documents from a huge government agency that has thousands of employees and even more subcontractors. I am not saying that he had no merit —he had— but he had some advantage on the days before documents exfiltration too, as no one was expecting what came on the next months.

Is he clever? Sure, but I am sure a lot of people in this forum —where ab praeceptis is a good example— are smarter than him. Please, understand that I have a very limited knowledge about both Snowden and the members of this forum, but I would say that ab praeceptis is usually more knowledgeable than Snowden. Snowden made a lot of OPSEC mistakes and suggested the use of insecure tools to journalists (Tails is a good example, as it is any “secure chat” running on Android or iOS). He ignored multiple times that you cannot expect privacy without security, suggesting poor choices from a security perspective. I noted once that he should have recommended operating systems like OpenBSD, at least to the more knowledgeable journalists, but people here said to me “wait, he is talking to journalists and OpenBSD is not something we can expect they will use.” Lots of times he suggested something comfortable instead of something secure, not a good decision if your life is in danger. On the other hand he recommends the use of PGP, a tool that is not exactly “comfortable” nor easy to use for people without a technical background. So “being comfortable” does not look like the criteria he is using on his recommendations.

Are you expecting ab praeceptis to perfect everything, really? This is not the way it works. Security is a process, not a product. A lot of members on this forums are making big improvements by means of small steps. This is the way it works, even if you do not like it.

Who? May 7, 2017 5:41 AM

@ AlexT

I muss say that the AMT story keeps getting scarier by the day… And some of the already exposed issues (such a non existent authentication) are simply unforgivable.

I’d say it deserves (at the very least) a blog post by itself.

Agreed, when I announced this bug (on last week’s friday squid blogging) the last thing I was expecting was that a simple proxy was able to bypass authentication. This bug not only deserves a blog post, it also deserves a deep research by both Intel and OEMs and a fix being made available for ANY AFFECTED SYSTEM. I do not care if it means releasing firmware upgrades for ten years old computers. This bug must be closed.

Again I do not know if AMT is a backdoor or not, but its architecture is too complex to be considered secure. Security requires simplicity. AMT is exactly the opposite. So, even if it is not a backdoor, we are doomed with our current technology.

ab praeceptis May 7, 2017 7:57 AM

Thoth

You can preach that all day long – in vain. Don’t get me wrong, you are perfectly right and maybe one shouldn’t just preach but beat it into the people …

The problem is largely a “cultural” and social one. People have been educated to expect that a) they can buy (or get for foss “free”, often signing away their soul), and b) there is some kind of assortment available from bad to mediocre to good (and safe).

What they are not willing to do is to be responsible themselves. Ergo the always coming up question “What alternative should I buy/use?”. After enough failures I experienced when patiently explaining I nowadays just answer “your brain!” Which, of course, will rarely happen.

In a way the people, who basically have been educated to be mere consumers in one way or another are like cornered animals when we tell them that all widely processors, OS, etc, are cluster-f*cked-up.

To get out of that corner they’d need a brain incl. some useful contents – which, however goes against both corporate and state interest (as does being able to communicate securely).

I thought – and obviously erred – that my position was somewhat more comfortable than yours because after all I’m talking to “professionals” (haha). Nope, I’m not; I’m merely talking to the same people like you except that my target audience likes to call itself “professionals” (based on whatever …).

I’m a human, too, and so I find myself more and more often sarcastic and recommending them to to use the newest cpu plus anti-virus. Both of that is obviously utterly nonsensical but not much more nonsensical than recommending linux on arm (8 core, of course, bang bang!)

But there is some hope. This time the europeans and asians didn’t sleep over everything, this time they picked up Risc-V quite early and maybe, just maybe this time we won’t arm-intel-cluster-f*ck the whole thing up with trustzones, remote management and similar cancers.

ab praeceptis May 7, 2017 8:08 AM

@Who? @es MaUg

That whole Snowden vs ab praeceptis thing was braindead in the first place and on multiple levels.

We know little, very little about Snowdons capability to create more secure systems. At the same time ab praeceptis isn’t working for the spooks and almost certainly knows quite little about the spook universe. Short, he and me are living and acting in completely different universes.

I didn’t read es MaUgs post but I guess it went along the line “ab praeceptis is a nobody and snowden is the demi-god who singlehandedly f*cked nsa and is still alive and in freedom, hence whatever Snowden used or said is like gods word and everybody caring about security must use qubes!11!!!”.

But there is that ugly little thing called reality in which qubeos was found at least 4 times to cluster-f*ckup. And that is not even surprising as “snowdens favourite golden-sticker-secure OS” bet on xen.

Does that tell us that Snowden is an idiot? Certainly not. But neither does “Snowden uses qubeos” tell us that qubeos is secure.

We need a golden “secure!” sticker for qubeos. Plus a Symersky security center app.

Clive Robinson May 7, 2017 8:20 AM

@ Nobody

Experian holds a patent on Time Data Linking. They Bought a startup called The 41st Parameter that developed a browser/machine identification tool using this Time Data Linking (tdl).

This is almost certainly based on known prior-art, from an award winning paper from a researcher at the UK Cambridge Computer labs.

As I pointed out at the time that even then prior-art as I’discussed it on this and other web sites.

They use the clock within your computer to issue a “fingerprint” of your machine. They claim this tool can work after a completely different OS or hard drive are installed.

It actually uses the characteristics of the XTAL (sunthetic quartz crystal) and it’s mismatch to the in IC components that makes it oscillate. Because it acts as the primary refrence by which all the logic in the ICs on a motherboard are clocked it is fundemental to the operation of any given computer irrespective of what software is being run. What you measure is the clocks frequency drift or “delta”.

Whilst it is –as far as we know– unique to each motherboard the differences be they absolute or relative are very very small. Thus you have to integrate over long periods of time against another clock of much greater accuracy.

However all you need to do to make a measurment is send a single network request very infrequently to see the clock “drift rate”.

IT was once marketed as cookie-less tracking.

Whilst you can use it for this it has other more nefarious and serious security issues.

As I told various members of the HoneyNet Project, it makes it very easy for the fake honey network using VM software extrodinarily easy to detect with what would be ignored as a “simple script kiddy enumeration attack”. Thus the sort of attacker who comes up with zero day attacks would to extend the length of time their zero day remained “unknown” to others use such an attack to detect honey nets. Unsuprisingly the HoneyNet project members developed the “Don’t kill the golden goose” / “Not invented hear” syndrome…

But there is another use for such an enumerating attack to find the base computer that runs multiple VMs. Many hosting and cloud sites share computers for unrelated users. Sometimes one users instance may be more secure than another users instance. Thus you can use the weak instance as a method to get a toe hold to get at the strong instance in various ways. The problem is how to identify the common mothetboard… Which this enumeration attack alows.

This might be of more interest currently due to weaknesses discovered with the FOSS VM Hypervisor XEN…

Sorry to be the one to confirm your suspicions.

I should apologize for making it worse than you originally thought…

Clive Robinson May 7, 2017 8:50 AM

@ Nobody,

I suspect that this patent may be the one,

http://www.google.com/patents/US20110082768

I can not say for certain as I’ve not read it. I simply used a Google search to find 41st patents and time etc key words.

The reason I’ve not read it is US law which tripples penalties if you have “knowingly” –ie read– as opposed to accidently violated the patent. Apparently this still applies even if you can show you have prior art and that the patent is not valid. Thus you can tell what sort of lawyer came up with that, it’s the sort that makes “ambulance chasers” look good.

ab praeceptis May 7, 2017 9:04 AM

Clive Robinson

Or maybe it’s one of them “public money pays research but when the project is finished, we cash in via a spin off” …

Who? May 7, 2017 9:21 AM

@ ab praeceptis

I guess it went along the line […] snowden is the demi-god who singlehandedly f*cked nsa and is still alive and in freedom, hence whatever Snowden used or said is like gods word and everybody caring about security must use qubes.

This one is the problem! Snowden never suggested using truly secure operating systems like OpenBSD, nor suggested airgapping computers. He never said something like “not all devices must be connected to the Internet just because they have some sort of network plug.” He had not said either that customers should buy devices designed to be secure. He never said “beware with the information you share on Internet.”

Instead he suggested using Tails (an operating system that had been stagnant until he provided free publicity to the project, a few days later it reached “release 1.0”). Now it is at release 2.12 and continues with its record of security holes:

[...]
https://tails.boum.org/security/Numerous_security_holes_in_2.10/index.en.html
https://tails.boum.org/security/Numerous_security_holes_in_2.11/index.en.html

Most of these security holes definitely compromise privacy.

He suggests using PGP, a tool that is challenging for people without a background on cryptography or, at least, technology and is very easy to use in a way that compromise communication. He recommends using secure OTR messaging with apps that run on unsecure devices manufactured by U.S. corporations that participate in the PRISM program like Apple and Google.

He is good at OPSEC, it is obvious that he knows how moving around the world evading surveillance (at least until he reached Russia), but he makes mistakes like not turning off notifications when he opened his twitter account making a lot of traffic that can be easily tracked down.

Agreed, he is being seen as a god able to evade surveillance by the most powerful intelligence agency on the planet, but his advice may easily compromise journalists and activists around the world. Hopefully these OPSEC mistakes will help government chase a few pederasts and wrongdoers too, but the truth is that a lot of people will blindly follow Snowden advices.

The right movement for Snowden would have been releasing all technical data about vulnerabilities with security experts around the world, instead of giving the docs to a few journalists that only want sensationalism, ashaming the United States intelligence community (that in most cases is doing a honest and hard work), instead of trying to fix the problems on our current technology.

Who? May 7, 2017 9:27 AM

@ ab praeceptis

Or maybe it’s one of them “public money pays research but when the project is finished, we cash in via a spin off” …

Do not forget that in the middle you will find the scientific publications that will get money for accepting the papers written during the research process (as you say, paid with public money), and will get even more money from selling the incredibly expensive subscriptions to other members of the research community. This one is a perfect and healthly business model.

Hopping Mad May 7, 2017 9:38 AM

@Who?

Snowden never suggested using truly secure operating systems like OpenBSD, nor suggested airgapping computers.

Who is to say that OpenBSD is truly secure, especially when the underlying hardware, and especially peripheral devices with privileged Direct Memory Access demonstrably are not?

Airgapping? A term without a definition. Please don’t play the blonde bimbo airhead on me. Oh, that’s right. You put your computer in “airplane mode.” The WiFi is off. You can’t get any bars of reception. It must be secure. Riiight.

Do you have a Faraday cage and a motor-generator to prevent communication by EMF?

Sneakernet only? Oh, riiight. BadUSB and all. Multi-gigabyte storage on a mini-SDHC with a form factor the size of a thumbnail.

Who? May 7, 2017 9:55 AM

@ Hopping Mad

Who is to say that OpenBSD is truly secure, especially when the underlying hardware, and especially peripheral devices with privileged Direct Memory Access demonstrably are not?

Where have I said using Intel/AMD or ARM architectures? OpenBSD runs on lots of architectures. Oh, yeah, as a few modern architectures have been compromised we must accept the world is unfixable and we can run Linux everywhere. Who cares? It is a lost battle! By the way, it is not just me who says OpenBSD is secure. It has been used in the real world for decades. It would be certainly funny seeing the IC using the hardware backdoors massively because software backdoors are closed now as it would be seeing hardware manufacturers trying to explain why their architectures have these hardware backdoors ready to be exploited on them.

Airgapping? A term without a definition. Please don’t play the blonde bimbo airhead on me. Oh, that’s right. You put your computer in “airplane mode.” The WiFi is off. You can’t get any bars of reception. It must be secure. Riiight.

Sorry, I did not know you need a definition for that term. And, no, “airplane mode” is not the same as airgapped.

It is difficult to believe the number of trolls who are participating in this forum in recent months.

es maug May 7, 2017 10:17 AM

@Who, “This is the way it works, even if you do not like it.”

The way it works is, people who need to defend their rights do what they need to do and take their chances.

What Snowden did worked. He exposed NSA crimes and got away with it. There are many ways to do that. It’s silly to second-guess him because he didn’t recommend your pet operating system. And why should he use extra super duper OPSEC against an adversary he knows better than you?

“in most cases is doing a honest and hard work” Right, beavering away with adamantine integrity at crimes against humanity, breaches of peremptory norms, and the highest crime, aggression.

@a.p. Do not get all ego-involved when someone mentions Snowden and you in the same breath. The point is not that Snowden is a Demigod, or better than you. The point is that NSA are clowns and Snowden knows that.

And when the next guy exposes US state crime and gets away with it, it won’t be because she uses energy-gapped systems with EAL 8 unikernel software on RISC chips. It will be because the floodgates have opened – as they do when a state is discredited and disgraced – as they did in the Warsaw Pact. Then everybody leaks for shits and grins and the FBI Stasi can’t do anything about it.

Who? May 7, 2017 10:27 AM

@ Hopping Mad

And, no, there is nothing wrong in airgapping a computer without using a “Faraday cage.” Reading radio and electrical signals leaks requires an expensive equipment and being physically near the target so it will be “targeted surveillance,” something I consider acceptable. It is massive surveillance what I think is against the most fundamental human rights. There is nothing wrong in targeted surveillance. It is what intelligence agencies like the NSA are expected to do.

So stop trolling.

The world needs fixing technology weaknesses in the same way this forum needs stop trolls. I had been considering leaving this forum forever if we are unable to return to the quality it had last year.

A note to Bruce Schneier:
Bruce, until recently your forum was a great source of information, a nice place to learn and share knowledge, a community of collaborative and knowledgeable members comparable to how Internet, and some parts of that network like Usenet, were until mid-90s. Now it is an hostile place full of trolls. It has been a recent change, a few months at most. I understand the value of allowing anyone to post anonymously on this forum, but at the same time I am very sorry for the current state of affairs. Hope things will improve in the future without compromising privacy for the members of the forum but, to be honest, I cannot imagine how it can happen.

Who? May 7, 2017 10:51 AM

@ es maug

What Snowden did worked. He exposed NSA crimes and got away with it. There are many ways to do that. It’s silly to second-guess him because he didn’t recommend your pet operating system. And why should he use extra super duper OPSEC against an adversary he knows better than you?

What Snowden did worked, indeed, but until recently (i.e. Shadow Brokers leak of NSA attack tools) thousands of bugs remained unpatched. IC should not collect zero-days or other widely available vulnerabilities, they should find and fix these bugs in the same way they should not allow backdoors in hardware or software. They should contact manufacturers (even if no U.S.-based!) to fix these vulnerabilities because a weak device may damage the integrity of a network, sometimes even computer networks used in critical infrastructures inside the United States. I am thinking on Siemens SCADA systems.

Snowden should be aware he is considered a reference in the security field for millions of technology users. His comments will have more impact on the community than anything the members of this forum can say. He, as it happened to Mr. Green a few months ago, has a responsibility to provide good advice. Suggesting a “secure” app that runs on backdoored hardware and/or poorly secured operating systems is bad advice. And bad advice from someone like Snowden will automatically be amplified and become a “universal recommendation” for millions of users, including journalists in countries that do not respect the most fundamental human rights.

Right, beavering away with adamantine integrity at crimes against humanity, breaches of peremptory norms, and the highest crime, aggression.

The intelligence community should be accountable for their actions. Mass surveillance is illegal, targeted surveillance is not if scrupulously supervised. Of course, IC is made of human beings; this one is the reason they should be accountable.

I stand fast on my opinion about most members of the U.S. intelligence community doing the right work in a honest way, but as another human community there is people in the IC that acts in the wrong way blackmailing, leaking emails to interfere in the result of elections in countries like the United States or France (it only can become worse over the years), or doing financial or technological espionage. This one is the reason all members in the IC should be accountable for their actions.

ab praeceptis May 7, 2017 10:52 AM

es maug

Sorry but it seems that you completely failed to understand the field and events you’re talking about.

Snowden was successful because nsa is insecure in many ways, too. In other words, nsa could be hacked and plundered pretty much for the same reason the local bakeries systems are hacked and plundered.

Obviously the creation of safe and secure software and not being successfully attacked are related to a degree, but Snowdens success wasn’t due to him using qubeos, tails, or whatever – it was due to nsa being utterly vulnerable, i.a. due to lousy OpSec.
Add to that the bigmouth bragging factor and the “security by bureaucracy” factor so commonly seen with (not only) us of a agencies.

And then there is another, somewhat related, but basically entirely different question, namely how Snowden escaped and how he stayed in contact and exchanged information with diverse people. Snowden doesn’t look exactly shiny in that regard. Keep in mind that almost certainly he could be tracked to HongKong and to the airplane out of HongKong because he had excessively lousy OpSec himself; striking example: Inviting journalists and having his face over TVs around the globe while not yet at his final destination and (hopefully) in security.

Now, does that say that Snowden is stupid? Not necessarily; he might have acted that way because going public seemed more important to him than staying secure.

Oh and kindly refrain from calling me “ego-involved” when I react on a post explicitely mentioning (or addressing) me.

Who? May 7, 2017 11:16 AM

I stand fast on my opinion about most members of the U.S. intelligence community doing the right work in a honest way.

I will be more precise. Most members of the U.S. intelligence community I have meet in the last decade are extraordinary workers that try to improve the world (not only for the U.S., also for allies) doing a humble and honest work. I have very good friends in that community, that have helped me in the past (even years after finishing our official collaboration) and that I am willing to help in the future if I can.

Of course, there are wrongdoers too (as Snowden himself has shown when he revealed industrial espionage to allies and “loveint”, just to note two examples). This one is the human condition, and the reason they should be accountable. You know, as spiderman says “with great power comes great responsibility.”

Nick P May 7, 2017 11:28 AM

@ 007BSD

“Re: Qubes bashing.

Yawn. 4 critical Xen bugs in 8 years affecting Qubes that would have enabled an advanced attacker to take over the system. ”

I told her years ago on the mailing list about all the other systems with microkernels, small TCB, and user-mode Linux she could’ve built on. I warned her that Xen wasn’t designed for security. That they didn’t care and efforts to retrofit it failed so far. I listed some other features she needed like trusted path (secure GUI). She fiercely defended her decision acting like other projects didn’t exist. Years later, she has a trusted path and is blasting the Xen mailing list about how they have so many security problems they need to get their act together.

There’s a more serious problem here. Qubes team don’t know how to engineer secure systems. They weren’t even aware of prior work in same area. They’re just good hackers with some secure coding experience and random assortment of other problems. You should think of Qubes as comparable to sandboxing technology albeit with less attack surface and less leaks than a full GUI/OS. A bit better than running hardened Windows on Xen which relies on same foundation.

es maug May 7, 2017 11:35 AM

Very sensible, what you say. Maybe take it easy on the standing fast, though, Who. You do realize that if the intelligence community were accountable, the top four echelons of NSA and CIA would go to Scheveningen prison for ten years, along with three quarters of the NCS? (JSOC would all go to Leavenworth for life under the War Crimes Act.) Not just for unlawful surveillance but for systematic and widespread torture and murder, drug and child trafficking, violent coercive interference, and aggression by sending of armed bands or irregulars in manifest breach of the UN Charter? Because in a criminal enterprise like the USG, surveillance is simply a means of committing grave crimes in universal jurisdiction. Don’t stop with 5th-grade civics, look it up.

Nick P May 7, 2017 11:36 AM

@ 007BSD

EDIT to add: Example from 2001 of architecture from high-assurance security compromising a bit on assurance to add features and integrate legacy stacks. One of the things she could’ve copied. These techniques ended up in Sirrix commercial products and Genode FOSS framework. So, it’s definitely doable but just not done for mainstream INFOSEC to use proven approaches.

@ All

re Snowden

Snowden had no training in highly-assured systems. Those are done in private sector and CompSci with Booz Allen Hamilton and CIA… his employers… doing about none of them in my memory. He would instead have been exposed to mainstream security advice that was getting smashed by the NSA. His only value in INFOSEC is that he knows what the NSA had tools to break in his time of employment. They weren’t attacking QubesOS then because nobody uses it hardly. Similar to why Mac’s never got viruses for a long time despite terrible security. Qubes is certainly better than Mac security but I’m saying it benefits from obscurity. Snowden trusting Qubes is his personal opinion on something he knows they didn’t have attack tools from. It’s not expert advice on a system designed to resist nation-states which he would know nothing about building or evaluating.

Also, if you’re worried about spy agencies, that Snowden is using Qubes is a strike against its users even if it was otherwise a good solution. The reason is that Snowden, possessing who knows what info or connections today, is using Qubes. That means all the spy agencies and some private parties will develop attacks for it to try to go after him. They’ll also reuse those attacks on other targets. It’s kind of like guilty by association where popular targets using a tool almost guarantee that tool will be compromised if it’s possible.

Ed Howard's Dummy May 7, 2017 12:29 PM

“if you’re worried about spy agencies, that Snowden is using Qubes is a strike against its users even if it was otherwise a good solution.”

So… security measures reduce security because knowledgeable insider threats adopt it and then states undermine it? No wonder you guys are so dejected all the time.

The argument doesn’t work in categorical form, but it might, if it encompassed the process of state predation and civil society response. That process is a matter of degree, greatly complicated by emergent properties of technical and social systems. So a Qubes or a Genode platform may or may not help at any given time. The question is political, not technical.

kurt May 7, 2017 12:51 PM

I should make the CSSLP certification of (ISC)² but I am very sceptical about value.
Also the NDA and certification-agreement look a bit ‘strange’ to me (special for non-US) – feels like one gives up all its rights.

I really appreciated some comments from the experts.

Thanks.

Nick P May 7, 2017 2:58 PM

@ Ed Howard’s Dummy

Let me restate it. He has no experience designing or evaluating stuff NSA says resists attackers like them. Also, no important targets were using Qubes when he did SIGINT because it was mostly unknown. So, his opinion on whether it’s good against NSA is irrelevant. Further, it’s built on 2 things that NSA broke in the past and regular researchers keep finding vulnerabilities in. So, double no.

Now other angle. People wanting to dodge remote attacks copy Snowden. Snowden is high-value enough that they’ll build attacks for anything he saysche relies on. Therefore, if avoiding NSA attacks, it’s best to avoid imitating what their too targets are using. Make more sense now?

Hopping Mad May 7, 2017 4:40 PM

@Who?

And, no, there is nothing wrong in airgapping a computer without using a “Faraday cage.” Reading radio and electrical signals leaks requires an expensive equipment and being physically near the target so it will be “targeted surveillance,” something I consider acceptable.

Cheap proprietary 802.11xxx WiFi equipment is omnipresent everywhere these days, and the proprietary 802.11xxx wifi chip on your “personal” computer not only has privileged Direct Memory Access but doesn’t really turn off when it is supposed to be “off.” Wake-on LAN and DMA means my computer is pwned the moment I let it out of its Faraday cage.

Targeted surveillance is not acceptable either without the legalities of due process, a warrant, probable cause, the oath or affirmation of a witness, a particular description of what you are looking for, and some consequences for overstepping the authorization of a warrant.

Otherwise, for one thing, we are back at the LOVEINT problem, where the “target” is another human being who is cyberstalked for motives of sexual gratification by NSA employees overstepping their legal and constitutional authority. This LOVEINT is starting to piss me off. We have 50 shades of grey, and so many perverted interpretations of the law, and all these gangsta dudes (who claim to work for NSA) looking online for their next Anastasia Steele.

No. This is not true love. This is just: “Get off my cabbage patch before I get out my shotgun!”

It is massive surveillance what I think is against the most fundamental human rights. There is nothing wrong in targeted surveillance. It is what intelligence agencies like the NSA are expected to do.

So stop trolling.

The world needs fixing technology weaknesses in the same way this forum needs stop trolls. I had been considering leaving this forum forever if we are unable to return to the quality it had last year.

We are so much at odds by now that I presume you mean “weaknesses” in the Mafia’s ability to gain arbitrary access to targeted computers in order to obtain coveted personal and private information. Without some fundamental agreement on basic principles and goals of computer security, or at least some openness and honesty as to where we stand on these matters, it is very difficult to discuss technical aspects of security.

Ed Howard's Dummy May 7, 2017 5:14 PM

It does. Snowden’s know-how is certainly aging – though we should never underestimate the path dependence and sheer inertia of a quasi-military bureaucracy like NSA. Also, Snowden has access to Binney, who’s still very plugged in thanks to people who are slightly less disgusted or redoubtable than he is.

What are those 2 things you mention that NSA broke?

Your counsel on not walking or quacking like a duck is wise, with the proviso that collectively going dark on FBI is well worthwhile. Every medium of association benefits from crowds to hide in. Some public-spirited marketeer should make the current hardest target a lifestyle totem, like those stupid apples on computers.

Nick P May 7, 2017 5:51 PM

@ Ed

He was never a security engineer and Binney’s best stuff would be same stuff Im talking about. IAD, the part of NSA with security engineers, will tell you same stuff as me since it’s their criteria Im citing. NSA’s own recommendations are to avoid what they classify as low assurance since the security breaks so much. Then they broke most of it in the Snowden leaks.

Far as the two things, that’s Xen itself and the Linux in the Dom0. NSA and others regularly smash those. Even if you secure it now, they’ll add some complex stuff with little attention to security that breaks it. That’s why high-assurance uses microkernels designed for security pushing all else into user-mode apps.

Thoth May 7, 2017 6:03 PM

@ab praeceptis

“We need a golden “secure!” sticker for qubeos. Plus a Symersky security center app.”

Got it. Will be added to the Hoilydsay list.

Hmm… Symersky … that means render a blend of both. Image should look interesting.

Ed Howard's Dummy May 7, 2017 6:21 PM

Linux adaptations of regin and turla, that rings a bell – though a rehash of cd00r.c wouldn’t do much for them in dom0. But what did NSA do to Xen? I’m not aware of any leaked classified malware or any Xen attacks in the wild attributed to NSA.

ab praeceptis May 7, 2017 6:23 PM

Thoth

I’m looking forward in excitement!

And I have an idea I’m immensely proud of (but do not intend to ask for it to be included on the holyday card. You have already enough to do.

But I will introduce it anyway because it’s strikingly obvious that my idea will bring “true 100% bulletproof cyber security” to a whole new level. Not meaning to lack modesty but I’m convinced that my idea will contribute no less than RSA did at their time to our holy quest.

Here it is:

Who tells me that a golden “bulletproof cybersecure!” sticker isn’t fake? If it is, the wonderful product I’m using might be just 94% secure (like, say, linux)!

What we need and what I hereby officially introduce is a) certificate based signed stickers and b) a golden lock symbol on stickers that are secured in that way.

Just imagine! One could purchase a license for, say, “crap-office”, javascript based and running in the browser and have that cozy secure feeling to know that not only is one protected by a golden sticker but that that sticker is trustworthy, too!

All one needed to do was to download the “crap gold-guard” browser add on plus the “crap gold guard” android or iphone app with which one could get an image of the golden sticker which then is transferred to “gold sticker guardians” web service which ocr’s the signed sticker id which then can be sent to symersky to be verified who then, if authentic sends back a des encrypted “OK” which then makes the golden lock symbol on the sticker blink 3 times to signal that that golden sticker is authentic and not some evil trick sticker from evil Russians (TM) or evil Chinese (TM).

Just imagine the confidence boost one would enjoy when using crap-office in ones browser being strongly assured that the golden sticker is authentic!

For the moment, though, kindly keep my idea private. I wouldn’t want to see “qubeGold” before I’ve signed the contracts with Symerski.

Meglo Maniac May 7, 2017 7:06 PM

https://www.reddit.com/r/TOR/comments/68ufx7/an_odd_tor_node/

[–]hackerfactor[S] 3 points 5 days ago

If you can't figure out who the appropriate maintainer is, get on IRC and ask.

In my over 30 years of security research and open source development, I can honestly say that the Tor Project is the first group that I have ever encountered where they turn vulnerability reporting into a scavenger hunt. “Try to find the right developer!” “Write to this mailing list that doesn’t exist!” and now “Try IRC!”

I’d rather follow ISO/IEC 29147:2014. The vendor (in this case, the Tor Project) should have clear guidelines for reporting potential vulnerabilities. There should be a single public contact point. If the report needs to be forwarded to the correct subgroup, then the single public contact point should route the request. I, as the person reporting the problem, should not need to spend hours tracking down a specific person at the Tor Project.

And if you don’t like an ISO standard from 2014, then try common best practices from 2006 (https://www.first.org/resources/papers/tc-jan2006/flanagan-tara-slides.pdf), 2004 (https://www.dhs.gov/xlibrary/assets/vdwgreport.pdf), 2002 (https://tools.ietf.org/html/draft-christey-wysopal-vuln-disclosure-00) … They all basically say the same thing: vendors need a well-defined contact point; no scavenger hunts.

permalinkembedparent

[–]system33-Distinguished Contributor 4 points 5 days ago*

So tell the Tor Project they need to have better guidelines. /r/tor isn’t run by the Tor Project and they don’t monitor it.

You’ll probably have the best luck talking to them about their terrible vulnerability reporting guidelines on #tor-project on OFTC.

edit: to be clear, I think you’re right that things should change. And you certainly seem to have the motivation to try to get them to change.

Nick P May 7, 2017 9:56 PM

@ Ed

You’re getting increasingly specific in these questings but missing the bigger picture. Neithet Linux nor Xen care about security much. They both keep having problems. They also keep adding problems due to demand for problematic stuff in their userbase. So, solutions built on them cant be trusted if the enemy will probably find and target those problems. And this enemy has $200+ million a year budget to do that internally or with black market goods.

That simple. Also, why the trusted solutions in high-assurance security are rigorously verified and tiny. The former reduces defects a ton, reduces their severity, and latter puts upper bound on amount of stuff the enemies might find.

YearOfGlad May 8, 2017 9:52 AM

@ Clive Robinson

Clive, Thanks for the extended backgrounder, starting roughly at the place I started to check out during 2nd semester physics.

While it seems logical, and possible to tease out the frequency and signal of every single load in a household from just the Utility CO. feed coming in to the meter, the article seems to say their package is different:

…since 2008, a few companies had come out with electricity analyzers that installed in the circuit breaker box.

And later:

…a magnetic sensor that clips on the outside of the wires leading into the circuit breaker box. It works by sampling changes in the magnetic field around the wires at a rate of 8 kilohertz. These types of sensors already existed, but most operated at lower frequencies and are larger—too large to fit on every wire in the tight space inside a typical circuit breaker box.

Certainly selling a big pile o’ sensors would bring more revenue, but seems impossible to maintain or get installed correctly by a home user.

I’m sure their solution is to read from the main utility supply. It seems like a pretty essential point to get wrong though, but I’ve seen similar vagueness in articles from IEEE before.

BTW, I always appreciate your contributions. I’ve learned a lot ….

YoG

Ed Howard's Dummy May 8, 2017 11:39 AM

@Nick P. Your bigger picture has merit. That NSA could do a thing is good to know.

We look forward to opposing the mighty enemy with high-assurance software when it becomes useful as well as impregnable. Meanwhile civil society will make do with primitive expedients that should not work, as General Giap made do with bamboo stakes in pits and won. As it says in the little red book of high-assurance software development, the people may be likened to water the human rights defenders to the fish who inhabit it. She must move amoungst the people as a fish and you are building her a Typhoon-class submarine. The people salute your supreme effort in ceremonious gratitude.

Sancho_P May 8, 2017 5:50 PM

@Who

”… because a weak device may damage the integrity of a network, sometimes even computer networks used in critical infrastructures inside the United States. I am thinking on Siemens SCADA systems.”

What is the cause of your thinking re (esp.) Siemens SCADA systems?

Nick P May 8, 2017 7:27 PM

@ Grauhut

Aside from the security fail, one should also remember what a top cause of fires in houses is. One that was that way when the components were damn-near too simple to crash and burn. Unlike NetBSD.

And great wisdom by the devs? Someone should forward this to the OpenBSD devs lol.

JG4 May 8, 2017 9:19 PM

deja vu

http://www.washingtonexaminer.com/pressure-builds-on-fbi-to-explain-garland-terrorist-attack/article/2622312

In May 2015, two radicalized Islamic extremists, Elton Simpson and Nadir Soofi, went to a “Draw Muhammed” event in a car loaded with firearms and ammunition. They opened fire at a security checkpoint at the perimeter of the parking lot, and were quickly shot and killed by a traffic officer on the scene before they could reach the building in which the event was being held. Bruce Joiner, a security guard on the scene, was shot in the leg and survived.
A report by 60 Minutes, however, showed a remarkable level of involvement by the FBI on that day. An undercover agent was in the car immediately behind the two attackers, and was taking pictures of the scene just seconds before Simpson and Soofi opened fire. The undercover FBI agent had been in touch with Simpson for weeks prior to the shooting, and even texted him the message “Tear up Texas” weeks before the attack. And just after the pair began their attack, the undercover agent tried to flee the scene.
When Johnson first queried the Justice Department for information that could help him understand what happened that day, he said the response “contained little specificity and ignored several important questions.”

Jacob May 9, 2017 1:09 AM

Too Big To Fail: Symantec

During the past few months, Google’s Chrome Security in charge of Chrome TLS cert ops listed numerous violations of the BR (Basic Requirements) of certs generation procedures and issuance at Symantec, in a way that severly undermined the trust of relying parties (i.e. the users).

Closely after the initial announcement by the Chrome team, the Mozilla team who oversees the BR/CA forum joined the Chrome team and listed their grievances re Symantec too, demanding full and complete answers.

Both Chrome and Mozilla teams expected to get the full cooperation from Symantec – details, explanations, remedial action proposals – but never got it as requested. Consequently, both teams proposed a remedial/penalty action on Symantec future certs ops – just like they did with WoSign/Startcom.

Yesterday, Symantec responded by declaring that there are now some high level discussion going on between executives at Google and Symantec in order to reach for an “acceptable proposal”, and “please wait for the outcome of those discussions”.

This latest twist in the plot doesn’t bode well for the whole TLS certs ecosystem.

Clive Robinson May 9, 2017 2:32 AM

@ Jacob,

Google Project Zero team found out that anyone can compromise your default Windows (8 and later) system

Apparently Win 7 as well… I suspect that it may actually go back further… But why should MS mention publicaly anything about code it nolonger openly supports.

Clive Robinson May 9, 2017 2:49 AM

@ Jacob,

This latest twist in the plot doesn’t bode well for the whole TLS certs ecosystem.

The certs ecosystem has been “A dead mam walking” for some time now.

Various browser organisations played their fiddles whilst Rome burned. The result so many CAs with zero or less oversight were just doing their thing and the browser teams just stuck those CA root certs in without any questions. Worse they made it very difficult at best for ordinary individuals to remove the root certs of CA’s they would have no reason to trust, hence breaking the trust model…

Now they are belatedly trying to start sorting out the mess they alowed on their watch. But sadly in about the most ineffective way they can.

Clive Robinson May 9, 2017 3:20 AM

@ Sancho_P,

What is the cause of your thinking re (esp.) Siemens SCADA systems?

There is a long list of reasons why you might want to be cautious with Siemens in general but their SCADA systems as well.

It’s no secret that there has been and still is a strong bond between Siemens and various parts of the German Government. Specifically the German IC and Communications agencies. Whilst there are other electronic component and systems suppliers for which this is similarly true like for instance Motorola and IBM, their bonds are more covert than Siemens.

The thing about Siemens SCADA systems is that they are in effect a global standard and get used world wide. Thus they are going to be a target not just for industrial but other forms of espionage, much in the same way MS Win is a target for malware developers. More importantly from the Gov level IC agencies Siemens ICS parts or compatible parts are on the “restricted country list” for amongst other things nuclear proliferation. Which makes their interest to such agencies even larger.

But Stuxnet showed that not only were Siemens a “potential target” but an “actual target” of various countries IC communities.

So yes Siemens should be on your “treat with caution” list. The degree of caution / mitigation you employ over and above all SCADA and ICS equipment is upto you.

Winter May 9, 2017 7:39 AM

A much more intelligent analysis of the hacking of Emmanuel Macron’s campaign:

How Russia’s hacking and influence ops help Putin
https://www.pri.org/stories/2017-05-08/how-russia-s-hacking-and-influence-ops-help-putin

If we for the moment ignore accusations that the Western state are launching suicide attacks against themselves*, the next best suspects are Russia and China. As Russia is friends with Le Pen (they financed the campaigns of the FN), lets take Russia as the most likely culprit. It also fits with the evidence and the name of the Russian author found in several of the “leaked” documents.

Why would Russia do this? Here is a nice starting point for speculation from the link:

Allenby identifies two audiences who might see the leak as a win: the “alt-right,” both in Europe and the United States, and the Russian public.

“I think what [the Russians are] doing, is, they’re creating more of a long-term narrative in the West and for their domestic population,” Allenby explains, “to the effect that the democratic processes are flawed and are inferior to the kind of strong leadership that President Putin provides.”

Russia also wants to be seen as a major player that needs to be reckoned with.

“If you think about what Russia’s doing,” argues Allenby, “they’re a weak petro-state. They have very little economic clout. But they have managed to be in the headlines for how many months? And they’ve done so without any real damage to Mr. Putin, certainly in terms of his domestic standing. So I think most people would say that Russia has played this game very, very well.”

If the message is about the weakness of Democracy, that does not seem to work that well. And we should keep remembering that outside of its armed and cyber forces, Russia is a completely inconsequential state. As Allenby says they’re a weak petro-state. And there are elections shortly, and unrest is brewing about the failings of Putin’s rule.

*Note that there have long been strong suspicions that Putin does this kind of suicidal things when it suits him. Just before the elections that brought Putin to power, some hundreds Russians were killed in widespread and random Apartment bombings that were never solved. The Russian state has always stonewalled any investigation of these bombings. And then there are the Nord-Ost and Beslan hostage takings where the Russian army was willing to kill hundreds of civilians to get at the hostage takers.

Winter May 9, 2017 7:43 AM

I forgot to add this link:

Russia’s meddling in the French election has backfired spectacularly
https://qz.com/978011/russias-intervention-in-emmanuel-macrons-election-campaign-was-a-foreign-policy-screw-up-of-astronomic-proportions/

And yet, buoyed by its alleged intervention on behalf of US president Donald Trump, the Kremlin couldn’t help itself. As Macron’s upstart candidacy gained traction in February, Russia unleashed an extraordinary propaganda and cyber campaign against the centrist insurgent. This ranged from the crude (publishing baseless claims that Macron is secretly gay), to the silly (state newspapers saying he is a “psychopath” with “fishlike, slightly bulging eyes”), to the very smart (allegedly helping spread fake documents claiming that Macron has an offshore bank account).

Systate May 9, 2017 9:49 AM

Winter
The intel community can say Russia al they want but that still doesnt make it proof. The US election everybody screamed Russia and now they are saying that the evidence is secret.

I need to say it again accusation != proof. The ODIN report is a joke. The EU is going through a crisis and do you know what ou do, blame Russia.

Nick P May 9, 2017 10:25 AM

@ All Programmers

I just saw a very interesting slideshow about development environments. On each page, it shows an environment that represents a specific style of doing development. Goes from early ones such as Smalltalk to Hypercard to VB to Eclipse to Scratch and so on. The idea is to see all the different concepts that have been implemented to assess what combo might make the ideal environment for writing, extending, and maintaining software.

Gallery of Programmer Interfaces

Winter May 9, 2017 10:39 AM

@Systate
“accusation != proof”

You mean Russian media did not write:
“This ranged from the crude (publishing baseless claims that Macron is secretly gay), to the silly (state newspapers saying he is a “psychopath” with “fishlike, slightly bulging eyes”),”

Winter May 9, 2017 12:05 PM

@systate
“The EU is going through a crisis and do you know what ou do, blame Russia.”

The interesting aspect of Russia’s actions is the broad fake news war campaign they wage against their unchosen candidate. And the ineptitude of the campaign. I am almost driven to see it as directed solely at their own popularion.

Russia is really doing its damnedest to defeat Macron and make Le Pen president of France
https://qz.com/977028/russia-is-doing-its-damnedest-to-defeat-emmanuel-macron-and-make-marine-le-pen-president-of-france/

On the other hand, Russian state actions have a history of going off into full blown disasters.

ab praeceptis May 9, 2017 12:45 PM

Winter

a) Russia needs no dirty tricks. They have a very capable military to deal with any nato countries having funny ideas. Moreover, they have a capable president who would actually get more votes in quite some nato countries than their own regime people.

b) Which part of “repeating allegations over and over again does not constitute proof” did you fail to understand?

Have a nice day, Mr. mc cain’t jun.

Tail Gunner Joe's Big Fat Liver May 9, 2017 12:47 PM

@Winter, thanks for the latest on the beltway mass hysteria regarding Russia. It is interesting to follow because it all stems from US loss of international standing or influence, and increasingly obvious military impotence.

https://willyloman.wordpress.com/2017/05/09/the-yatesclapper-hearing-proves-truth-is-treason-in-an-empire-of-lies/

Russia bears the brunt because they together with the G-77 they cut the US government’s balls off with superior force projection, competent diplomacy, and more developed human rights.

??? May 9, 2017 1:21 PM

Every article even vaguely relevant seems to be gone, but there was a somewhat functional interface between a camera and a 100% blind person, many years ago.
More recently there is work on controlling drive-by-wire cars through BCI, and a concept airplane with most of the cockpit covered in OLEDs that feed from external cameras, essentially giving 360 view.
My questions are: is there any work on interfacing a non-RGB camera to the brain (e.g. that captures wider bands of frequencies(e.g. adding IR and/or UV), or more than 3 bands(quadchromacy)? Or narrower overall, but not a subset of RGB (e.g. LIDAR, or RADAR)? How about completely false color, like sending a sonar image to the visual part of the brain instead of the sound part?

Second question; what about tints or lenses that compress the EM spectrum? e.g. making FLIR look dark red, making NIR look red, making red look light red, making UV look violet, making violet look light blue, etc? I understand that in cataract surgery part of the eyeball also called a lens, is replaced with one that blocks less UV than the natural one, but I’m asking about a lens in eyeglasses, contacts, telescopes, or microscopes. Unless it’s replacing the human lens with one that actually changes the frequency to enable seeing wavelengths that the cone receptors can not ordinarily detect.

Systate May 9, 2017 1:29 PM

Winter
The question is what proof do they have that it was Russia who hacked Macron. The article also said

“An internet security firm reported nearly two weeks ago that Macron had been the target of a hack (paywall) by the same Russians who attacked the Clinton campaign in the US, though as of now there’s no established link between that hack and the emails leaked today”

What does the above mean? They know Russian hacked them but cant prove it. Richard Burr can say all what he wants but that doesnt make it proof. I dont like repeating matras. Russia media can say whatever they but that does not mean theirlking point are true. We can say what we like but that doesnt make it true either. If i am going to condemn a nation state i need information, i am not going to repeat spies talking point.

Oh and the New York article that links to also say this
“But the report’s findings gave some credence to the “strong suspicions” voiced weeks before Sunday’s voting by Mr. Macron’s digital director, Mounir Mahjoubi, that Moscow was the source of what he said had been a barrage of “highly sophisticated” efforts to gain access to the campaign’s email accounts.

Mr. Mahjoubi said in an interview Monday and earlier in April that he had no proof of a Russian role, but that the nature and timing of so-called phishing attacks and web assaults on the Macron campaign had stirred worries that Russia was repeating in France what American intelligence agencies say was a concerted effort to undermine Hillary Clinton’s campaign”

When there is something tangible and we can sit down and discuss call me till then all this is hearsay.

Winter May 9, 2017 2:33 PM

@systate&ab p
You focus on the hacks, but they are just the tip of the iceberg. The fake news campaign against Macron has quite visibly been waged in Russian controlled media. And no one has denied that Russian banks financed campaigns of the FN. Russia have very visibly tried to influence the French elections, and they failed.

And the hacks? Opportunity, motive, evidence, and a history of similar shenanigans (e.g., in Ukraine) are more than enough reason to put them on top of the list of suspects.

@ab p
“Moreover, they have a capable president who would actually get more votes in quite some nato countries than their own regime people.”

You are joking, aren’t you. “Your” president is so capable that all opposition leaders are murdered (one on his doorstep), jailed, or fell victim to suspicious accidents and unsolved “random” attacks. Even the oppostion living in exile dies of mysterious poisoning and hit jobs.

For the rest, Russia is a petro state with half the economy in one city, and poverty in the rest. Its industry is not worth mentioning. And that last fact is the direct consequence of Putin’s economic policies.

ab praeceptis May 9, 2017 2:59 PM

@Winter

I want to thank you for amusing me and also for ample evidence why the “american century” is ending prematurely and irrevocably.
Please, feel welcome to entertain me with more of your wisdom!

@Ratio

To show good will and fairness and as I just once more happened to suffer from it:

One disadvantage of the Wirth and derivative languages is that some important binary ops are no operators but functions (provided by the rtl or the compiler).

Rather than saying “a := b << c;” one is forced to say something like “a := Shift_Left(b, c);”

While that is of little concern for most application development, it’s a major pita in the crypto field; it not only feels unnatural but it actually forces the developer to think in a “bent” way and worse it goes against the law of readability.

Not bad enough to stay away from those languages but certainly more than a small nuisance.

Silent Bob May 9, 2017 3:12 PM

Also, Qubes is switching to hardware-based virtualization (HVM) in release 4.x which will solve the problem of PV exploits.

With Intel Active Management that really makes me less nervous.

ab praeceptis May 9, 2017 3:27 PM

Silent Bob

Don’t worry. Soon there will be a “protect OS and CPU against themselves browser plugin”.

Probably joanna is already working on (and then soon leaving) it.

[You know that you cluster-f*cked up when praying to the flying spaghetti monster seems to be a comparatively promising and reasonable approach vs. secure OSs and products…]

Czerno May 9, 2017 3:57 PM

@Winter : I think you have made you point amply known by now. Will you please stop it now ? thanks !

Nick P May 9, 2017 4:35 PM

@ ab praeceptis

There are already several of those in CompSci that use trusted, execution mode of CPU. Also some hypervisors. Isn’t funny when industry is such a joke that it’s always making our jokes a reality?

ab praeceptis May 9, 2017 5:52 PM

Nick P

Absolutely – if only there wasn’t the ugly downside of millions upons millions of people being totally f*cked.

ab praeceptis May 9, 2017 7:15 PM

btw,

“You are stuck with me for another 6.5 years” turned out to be yet another wrong guess.

Bye bye Mr. cyber-com(ic|ey) …

Sancho_P May 9, 2017 7:15 PM

@Clive Robinson re ICS

Can you name any industry / business giant which doesn’t have “a strong bond” to it’s ‘home land’ (naZZional) government / politicians?
It’s not only the revolving door or direct financial ties (shareholders, board of directors), from the very beginning naZZional security will be in the game if a company is growing (going multinational).
Or any nation which is not naZZionally thinking? UK? 😉

I think Siemens was the actor because their ICS was used at Natanz. AFAIK the vulnerabilities were in the used OS (Mi$o) [rumors have it that Siemens were pressed into using a ‘modern’ OS, their systems before WinCC/S7 were running on Unix].
The Siemens ICS just did what it was made for: Being programmable.

The alleged ‘bug’ is a well known feature (similarly present in other ICSs) which is widely used for simulation of defective sensors and commissioning + operator training. The only issue I have is that the cause of the centrifuge damage was not properly investigated by the manufacturer or their insurance (who would rely on the ICS’s sensors and system in a disaster probe?) or local technicians but that may have different, political roots.
Insecure OS and open networking are common ingredients in severe malfunctioning. We can expect severe consequences with modern auto update systems (you can’t have them air/energy gapped any more) in all areas, it would take decades to get more security.
Only we don’t have the time.

Thoth May 9, 2017 9:55 PM

@ab praeceptis, all

As per promised, here’s ‘Hoilyday – Vesak Day 2017 edition’.

Vesak Day is one of the most important days to commemorate the birth, enlightenment and parinirvana/death of the Lord Buddha. On this extremely auspicious occassions, I would like to wish everyone a merry and enlightening day Vesak 2017.

Contemplate on the words of the Lord Buddha especially on the teachings on Impermanence and how it is so true in the field of cyber-security where we thought we have gotten our setup right and the next moment someone comes and simply shreds it all up.

Now we have seen huge names fall as per those labeled in the image. How many more security assumptions will continue to fall as time passes ?

Sadhu sadhu sadhu !!!

Link: https://askg.info/hoilydays/vesak2017/hoilydays-vesak_day-10_05_2017.png

Scrubd May 9, 2017 10:38 PM

@Winter,

The long term narrative will almost certainly not be that Russia staged an AQ attack on the motherland and pinned it on the CIA and the greater US of A bank rolling terrorist groups operating in Syria and Turkey.

ab praeceptis May 9, 2017 11:26 PM

Thoth

THANKS YOU! I’m overwhelmed and filled with joy.

You have created a true masterpiece, a mons olympus of true 100% bulletproof giga-safe security!
Attaching that powerful sticker to anything, even windows on on xen on x86-amt will immediately turn it into a truly golden symerski-secure system.

Happy Vesak 2017 to you, too

and: cyber! cyber! cyber!

ab praeceptis May 9, 2017 11:29 PM

@Moderator

I just saw that you merged my correction into my post. How kind of you – thank you very much, helpful friendly “ghost” 😉

Spooky May 10, 2017 12:21 AM

@ ab praeceptis, Nick P

By chance, do either of you have any direct experience with the seL4 microkernel? There has been at least one attempt to port Qubes v3 to run on seL4 (instead of Xen). It looks like an extremely attractive option to manage the bare metal, and I’m wondering why it has not attracted more attention. If better security could be fairly said to lie at the intersection of useable environments (with abundant apps and drivers, most of which were not written with security in mind), solid layers of software-enforced isolation, more than a cursory nod to formal methods of assurance, and hardware that comes without intentionally designed backdoors, would the ideal stack be: A Qubes-like layer (perhaps with Subgraph-like App VMs) + seL4 as Dom0 + RISC-V? Impossible to obtain at the moment, but the future certainly seems ripe for such a combination…

Cheers,
Spooky

ab praeceptis May 10, 2017 12:50 AM

Spooky

Sorry, no, not beyond playing around with genode and looking at the sel4 source. It doesn’t make much sense for me to gain more experience because neither sel4 nor qubeos are with the frame of my interest/needs.

And btw, it should be kept in mind that putting something insecure (OS or applications) on top of a mu-kernel and/or hypervisor doesn’t make the whole thing somehow secure (but it can mitigate to a degree). Which boils down to “qubeos is not secure but less insecure” – I strongly advise people to keep in mind that “less insecure” <> “secure”!

If you want safety (or at least something much closer than e.g. qubeos) you should get a good quality product of the kind of software you need, say a http[s] server and put that directly on top of the mu-kernel.

Doing that you would also burn into your mindset one of the few actually relevant and helpful rules, namely “keep it simple and small!”. The fewer loc the higher your chance to get something actually safe.

To stick to the web server example (which probably is not uncommon to be desired) what you want to do is to find one of reasonably good quality (which usually translates to “not utterly crappy”) and to then a) strip the source down to the minimum functionality actually needed, b) run the rest through some actually useful analyzers (e.g. predator) and c) to “armour” the code to be able to statically verify it.

From what I see all the common and luxurious “put OS [whichever, say qubeos] on top of hypervisor and/or XYZ” don’t bring you really safety and (funnily, that’s quite consistently ignored) to make that work will quite probably be more and complicated work than to create safe versions of the few critical services needed (like e.g. http).

And attempts to make any full inbl. kitchen sink OS somehow magically secure by putting a hypervisor and/or mu-kernel beneath seems quite futile to me.

Kindly note that my advice is also in a way yet another version of the classical “When you talk about ‘secure’ be sure to be able to properly specify your situation, need, and threat scenario!”.

Making linux secure is a futile undertaking. They’ll never even catch up with OpenBSD (which again is not secure but considerably less insecure than most).

Creating a system that provides well specified and not too many and complex services in a reasonably secure way, however, is feasible for a small group with some experienced leads knowing the field and the tools and ways. In that case sel4 might be one of a few sensible choices to build on.

Clive Robinson May 10, 2017 2:03 AM

@ Thoth,

You forgot to mention that a part of the celebrations –as my Korean friends remind me– is to make special effort to bring happiness to the unfortunate like the aged, the handicapped and the sick.

Thus I thank you for your gift, and in return wish you a peaceful and thoughtful day, and may you long continue to do so.

Winter May 10, 2017 3:06 AM

@Scrubd
“The long term narrative will almost certainly not be that Russia staged an …”
@Czerno
“I think you have made you point amply known by now. Will you please stop it now ? thanks ”

Sorry to have bored you. Contrary to the obsessions of many commenters, my interests are not in the Russian (or Chinese, or Iranian, or whatever) connection.

But this is a blog space devoted to security. For years we have all been discussing the ways in which the NSA/CIA ao TLAs from the USA and elsewhere are subverting our hardware, software, and the internet.

Meanwhile, some crude disinformation campaigns on social networks combined with elementary hacking have broken up the EU, derailed politics in the UK (with a breakup looming) and have put a psychopath with fascist sympathies and connections with an enemy state in the white house. The economic and political damage of these two changes are likely to run in the many thousands of billions of dollars.

In this light, all the computer and internet security talk sounds so much like putting and armored steel door in a house build of plywood.

What fascinates me most is how different communities react to these challenges, and how some seem resilient (France?), and some show to be vulnerable (USA, UK). In Europe, we pretty much have more need in discussing how to protect our democracies from being subverted than in how to prevent the NSA from eavesdropping on our facebook posts.

Clive Robinson May 10, 2017 3:23 AM

@ Spooky,

[Qubes on seL4] looks like an extremely attractive option to manage the bare metal, and I’m wondering why it has not attracted more attention.

Actually a stripped down OpenBSD on seL4 would look more attractive, but only if you stuck with multiple terminals.

The route to security is via,

1, Managed and reduced complexity.
2, Segregation / issolation.
3, Strong control of interfaces.

Not just at one or two layers but across the whole stack. Otherwise you will have the issue of bubbling up attacks from further down the stack or attacks through “common components” such as the user interface at higher levels.

The fact you make the bits in the middle more secure does not make the system more secure unless they harboured the weakest links. As is often pointed out “It’s the weakest link in the chain that lets you down”.

Ways to strengthen the below CPU level are known and starting to come back into fashion. However “efficiency” keeps getting in the way. Thus we end up with shared memory and other components without sufficient segregation / issolation thus the likes of RowHammer etc can still cause problems. An intermediate solution to this is tagged memory where the tagging is controled not by the main CPU(s) but by a hardware hypervisor system. However the level of tagging would have to be sufficient to not just ensure that code remained code and data remained data etc but that it was also tagged by process ID and IPC stream ID as well. Unfortunatly whilst tagging might stop unauthorised access it will not stop side channel attacks.

I could go on about below CPU attacks and mitigations but I hope you get the general idea.

Related is shared resources such as IO on both sides of the software stack as well as top and bottom. Of interest as an example is the top or user interface. These days we expect to have tens if not hundreds of processes running on what are single user systems. Most if not all these processes have a way of communicating information and importantly errors and exceptions. These go to shared files and user displays where without significant care information will be leaked from one process to another process. It’s difficult to prevent with log files and as for window based User Interfaces, just don’t go there the complexity is probably beyond what we can make secure in current systems.

When it comes to UI’s we were better off in the past security wise with multiple VT52/100 serial terminals or serial switches…

But as a side note, even if we did get a window based system secure, users would be unhappy. At the very least they would want cut-n-paste to work across ALL windows, and would end up subverting any system that attempted to stop it.

Again I could give other examples of why a secure computer is difficult if not impposible to obtain with current COTS components.

But to make a final point about the security issues Qubes fails security wise like all OSs secure or otherwise fail with applications like Web Browsers. Even if the OS and all below it have taken strong segregation measures Browsers and their like kill it by creating “shared space” within the application environment. Thus they in effect short out all the work the OS and underlying hardware security measures.

As others will nodoubt point out for the foreseeable future the way of computing is the web, so in all honesty the first set of weak links that need fixing are the applications… It’s a point I’ve brought up in the past on a number of occasions including one possible solution as part of what I called Castles-v-Prisons.

Thoth May 10, 2017 3:47 AM

@Clive Robinson

“is to make special effort to bring happiness to the unfortunate like the aged, the handicapped and the sick”

I personally don’t see Vesak day as a day reserved for additional efforts along the line of charity or practice which most Buddhist have such mentality (and yes I am Buddhist) where many of us will try to “be good because that is Buddha’s holy day”. In fact, I see everyday as something one has to be “accountable for” eventually whether it is a holy day or not.

“Thus I thank you for your gift, and in return wish you a peaceful and thoughtful day, and may you long continue to do so.”

Thanks 🙂 .

I have many things going through my mind even on a holiday including how to build a VM-in-a-VM and how to make it simple enough but not too feature-less so that users can get something meaningful out of a VM-in-a-VM style Dynamic Secure Execution Environment.

Also trying to adjust the complexity and simplicity of the operands and how the bytecode instructions for my VM should work when running them in resource constrainted smart cards.

@ab praeceptis

I have deliberately added one of my logo, certified by Thoth, within the Vesak Hoilydays image by the way 🙂 .

Thoth May 10, 2017 3:58 AM

@Clive Robinson

Another thing about my VM-in-a-VM-on-a-smartcard design also takes into consideration pairing of the smart card chip with some sort of embedded screen with simple display and thus my VM language has a command to create a simple display format which a displaying MCU that understands the simple display format can be used. This create a way to setup a secure display from the very outset of the design instead of some sort of add-on as an after-thought.

Clive Robinson May 10, 2017 4:41 AM

@ Winter,

What fascinates me most is how different communities react to these challenges, and how some seem resilient (France?), and some show to be vulnerable (USA, UK).

I would suggest you do think further on that especially in who benifits the most, and false flag operations.

In the case of France Le Pen getting in might arguabbly have been in Russian interests, but not by a lot. However if Le Pen had got in it would have been very bad for the EU following Brexit. The potential break up of the EU concequently would actually have been bad for Russia.

Now look at certain US Billionaires who have certainly been medling in EU and UK politics. It’s in their interest to have the UK out of the EU as that brings them more in line with the neo-con viewpoint. But also they don’t actually want the EU to fragment as they want the UK to be “piggy in the middle” politically aligned with their thinking but economicaly dependent on the EU thus to act as a buffer / conduit, rather than the UK increasingly being more independent of the US.

Importantly you need to be able to distinguish between “home media” and “foreign intervention”. If you look at most countries their MSM reporting of events in foreign nations is generally negative in some way as this bolsters the “we are better than them fealing” of the home audiance. Often it’s subtle by applying bias to reporting, such as heavily reporting crime accidents etc whilst ignoring other issues. Sometimes it’s crude and unpleasent.

For instance in the UK MSM there was a quite deliberate showing of pictures not of Marine Le Pen or Emmanuel Macron but of his wife Brigitte Trogneux. Usually in an unflattering light or pose, or mention she used to be his drama teacher and lover, is nearly a quater of a century older than Emmanuel or give her age as sixty four with his of thirty nine. All trying to make out Emmanuel as an effete toy boy and she much worse, thus imply it will be she rather than him who will in effect run France from behind the throne. They have also played the “we are going to be invaded by hords of terrorists” card in several ways over Emmanuel Macron’s support of the German “Open doors” viewpoint to immigrants.

You will find similar “we are better than them” or “they are going to harm us” stories in most nations MSM. Thus it’s a “pot calling a kettle black” to use it as example of one nation deliberatly trying to change the opinion of the citizens of another country. Unplesant as it is jingoism is the current public face of the xenophobia that is basic human tribalism, which is used as a tool as much by businessmen as it is by politicians, in either case it strengthens their hand against the unwitting citizens.

The movment of the more base basic human behaviours onto the Internet is not exactly a surprise. Thus we should expect corporations and the billionaires behind them to have no regard for political borders in their aims and objectives. Many already in effect “own nations” one way or another, thus you would expect them to enlarge their outlook and influence.

I can see the wheel going full circle again back to the times of Cecile Rhodes etc where they actively formented proxy wars to not just bolster profits but gain effective control of resources by political control. You only have to look back at what happened in 1994 during the Rwandan Genocide, in which an estimated 800,000 people, mainly Tutsi, were killed by Hutu extremists as a direct result of “corporate control” as pushed by Cecile Rhodes.

Winter May 10, 2017 5:20 AM

@Clive
“I would suggest you do think further on that especially in who benifits the most, and false flag operations.”

Certainly. But I am less interested in who wants to achieve what (unless it affects me personally) than in how messages are spread and how people react to them.

What struck me in the French responses is their institutional depth, e.g., two rounds, upholding the laws on campaigning, and the way the parties moved together against the outside threat. Something similar was seen in the Dutch elections, where there was less (or no) outside meddling.

In the UK and USA, the parties and voters were very easy to divide against each other. A genuine Divide and Conquer.

Cui Bono? It is my believe that if there is an opportunity to interfere, someone will step in to do the interfering. Someone somewhere will benefit from one outcome over the other. In this it is no different from terrorism.

Spooky May 10, 2017 5:21 AM

@ ab praeceptis,

Thanks for your extensive commentary. In looking at seL4, I saw the microkernel not so much as a panacea for poor security but as a useful, lower-level building block with a minimum of trusted, verified code (some smaller microkernels only have about 32-48k of trusted code; less is usually more, but performance should be predictable and the API provided should not violate the Geneva conventions for torture). If it could be made to run well on clean, open-spec hardware then it might provide a stable base for whatever system you choose to layer on top. Once I finish up all of the work currently in my queue, I’d like to start doing some test builds of seL4 and taking a really, really close look at their source (particularly their implementation of standard IPC mechanisms).

Cheers,
Spooky

Hopping Mad May 10, 2017 8:37 AM

Re: “AIRGAPPING”

@Who?
Sorry, I did not know you need a definition for that term.

Yes, we do need a definition for the term. Otherwise, it’s a buzzword, like, you know, some barber who thought you needed a buzz cut because he thought, you know, you were in the Air Force or something like that.

PEN4 May 10, 2017 9:48 AM

OpenBSD is less insecure, that’s evident. It’s also utterly useless for anyone who aspires to do anything but fart around with a computer. That makes OpenBSD worthless to people for whom the computer is a means to an end – such as the people who most need protection from state surveillance and repression. It seems unlikely that the system’s radical uselessness is a necessary result of its security. Since it’s insecure anyway, someone might want to ask which is the binding constraint.

Patriot COMSEC May 10, 2017 11:17 AM

Look, there is no way we can understand squid communication. You can read David Hume all you want.

We are in deep water here. Their encryption is worse than two fish arguing.

Dub Liners May 10, 2017 11:48 AM

looks interesting. 24 October 2017

http://cyberthreatsummit.com/

‘Now in our seventh year, this year’s Cyber Threat Summit will have a very European focus. The largest event of it’s kind, it will attract cyber security experts from all over Europe to discuss all aspects of cyber security including issues such as GDPR, the NIS Directive and of course BREXIT.

We have three distinct streams running concurrently; “Strategic”, “Operational” and “Technical”. 2017 will also see the introduction of a Cyber Startup Zone giving innovators a chance to shine and network with potential investors. ‘

Shout Outs to the Heroes May 10, 2017 11:52 AM

Schneier On Security Hall of Fame

HEROES ROLL CALL!

Clive Robinson!
Nick P!
Thoth!
Ab Praeceptis!
Dirk Praet!

Those About to Rock – We Salute You!

Hopping Mad May 10, 2017 12:08 PM

@PEN4

OpenBSD is less insecure, that’s evident. It’s also utterly useless for anyone who aspires to do anything but fart around with a computer.

Yes. OpenBSD is less insecure. The “uselessness” stems from (1) lack of resources to support various peripheral hardware, and (2) the refusal to support such hardware in a manner that would compromise the security of the operating system itself.

Some of this is moot, because the only security an O/S like OpenBSD can achieve is a “not-on-my-watch” security. We have lost the game already when we buy proprietary hardware that is inherently and irremediably insecure. We really have no alternative to buying such hardware, because that is all that the high-tech cartel will sell us.

ab praeceptis May 10, 2017 12:21 PM

Thoth

I have deliberately added one of my logo, certified by Thoth, within the Vesak Hoilydays image by the way 🙂

I confess, I was too much in golden 100% bulletproof security nirvana to notice that.

But obviously that “certified by Thoth” adds yet another layer of golden security. Symerski can pack and leave because I now have the real gold sticker.

Maybe one day we’ll find the time to add a signature to that. rotl13 plus rsa16 might be an attractive combination; about as secure as Symerski certificates but faster. Do you know how to professionally create buffer overflows in java? After all, we want a real world certificate with the full Symerski and openssl feature set. If java doesn’t lend itself well to that we can still use of the many severe bugs on offer in openssl and slighty change it to avoid copyright infringement.

I printed your holiday card and have it near myself to always guide me on my path to security. Thank you very much again!

ab praeceptis May 10, 2017 12:33 PM

PEN4

I feel that you are too hard on OpenBSD. Had you said the same about Minix3 I would accept it. But OpenBSD is a quite complete OS – which is actually bad. Let me explain:

Obviously the OpenBSD people can’t tell you much, let alone give anything even remotely looking like a guarantee, about the plethora of third party applications. But it’s that which makes an OS seen from the user perspective, particularly with the kind of “I just need to get stuff done” users.

What OpenBSD can do – and does try hard to do – is basically two things: a) a good posix kernel and b) at least some mitigation or prevention attempts for misbehaving or insecure third party software, say libreoffice.

That said I feel you are unfair because OpenBSD offers pretty much the same set of application stuff that linux offers. Somewhat less but all the basics are there.

If I’m to chose between running libre-crap-office on linux or on OpenBSD I’ll chose OpenBSD every day of the week and twice on sundays.

CarpetCat May 10, 2017 12:36 PM

http://viewfromthewing.boardingarea.com/2017/05/04/french-woman-flew-united-san-francisco-boarding-pass-said-paris-airline-says-oops/

Airport Security, post nine eleven:

  1. Foreign National, check!
  2. Little to no english speaking, check!
  3. Wrong aircraft, check!
  4. Wrong seat assignment, other passenger in seat, check!
  5. Dark skin for good terrorist measure, check!

If any of us regulars on this newsletter wanted bad things to happen, if we were so disturbed, you can bet your bottome dollar we would be massively successful. If just a few of us could cause so much disturbance/destruction, why don’t these enemies of us do the same?

Answer, there really are no credible threats agaisnt us. There are people who mean to do us harm, but there are no powerful, in knowledge, arms, or otherwise, people who can/will attack us. So ask yourself, self, what is going on? Why am i afraid all the time? Why must I open my life and my body and my papers and my effects at any and all times? What am I secure from?

The problem isn’t that you, the people, need to be secured from threat. You are already the most protected, most survielled, most contained people on the, and in the history of, the planet. The situation, the reality, is that YOU are the threat.

But if the bad people aren’t the brown skinned terrorists, aren’t the Russians or the Chinese, then who are the bad guys?

You’re the ones packed like cattle, for your protection. You’re the ones stripped down, and scanned and tagged, for your protection. You’re the ones who are clearly the evil bad guys, according to THEIR perspective. The fact that THEY make you think it’s us against them, is but an illusion. There is no other side. THEY want you to peacefully get IN the plane.

The farmer doesn’t tell the pigs they’re going to the slaughterhouse. You are the product, who’s using you, and to what end?

Dirk Praet May 10, 2017 1:15 PM

@ Hopping Mad, @ PEN4

OpenBSD is less insecure, that’s evident. It’s also utterly useless for anyone who aspires to do anything but fart around with a computer.

I have three elderly, single core laptops (without Intel ME) running OpenBSD 6.1 with FDE and all hardware functioning except for a cardbus issue on one laptop and a minor screen resolution problem on another. None of which are showstoppers. They’ve got all the software I also use on Windoze, Linux and MacOS, and even wireless works. Contrary to some other legacy machine I recently refurbished with Linux Mint 18.1 Cinnamon, no rocket science whatsoever was involved.

Feel free to ping me anytime if you run into trouble installing/configuring/running OpenBSD on anything but bleeding edge new hardware. Hint: always check hardware compatibility first. I’m not going to do that for you.

r May 10, 2017 1:31 PM

Who put the 2c in PEN4?

How is obsd less secure than it’s nearest and distant cousins?

Excluding, less eyes and or less knowns (who is “they” or “them”).

When you can formulate a response I eagerly await.

Don’t forget a recent remotely exploitable client side WiFi attack targeting an obsd specific impl.

We await your digestion and excretion.

ab praeceptis May 10, 2017 1:39 PM

Spooky

I’m not sure you’ll like what you see. Not that seL is bad or something, there are just lots of buts. Running on “modern x86” (which usually translates to intel atm) and Cortex A (read Thots remarks about trustzone …). Much of what you would probably strongly desire only available in experimental stage, etc.

Plus uncomfortable (but understandable) assumption like “No DMA”, i.e. all verification is based on a set of assumptions which are reasonable from their POV but certainly not what most actual users want.

Well noted, my statements are not in any way anti-seL4! You will make quite similar experiences with other mu-kernels and proven correct stuff, too. What I want to say is that there should not be an expectation to compile and install sel4 as a base block and to then simply add software.

(Based on my own experience with another mu-kernel) the reality is more like “find, get, and build some basic dev tool chain, port vital drivers, and do lots of (not at all funny) cross dev (typically with C and ASM only). Plus, of course “learn about all the ins and outs nooks and crannies of the mu-kernel”.

Unless you have lots of experience and lots of time I strongly suggest to start building at a higher level, maybe something like genode.

Finally, keep in mind what Liedkes work (and hence the whole L kernels) ware about and that those kernels were basically research projects. That does not mean they’re unusable in real world but it certainly means that a lot of work is to be done. Liedkes quest was “can mu-kernels be made less painfully slow? If so, let’s do that”.

Finally, keep in mind that their whole proof system is not software but math centered and about the most painful way to verify software correctness unless you happen to have a math department and plenty phd and master candidates down the floor …
However, you must keep the “proof chain” alive through everything which translates to your part of the work getting painful and inefficient.

Those are some of the “little details” one needs to know for such adventures. One such detail I learned is to be sure that I can live and work well with the spec and verif toolchain of a given project.

My advice: Wait a little bit. I quite sure that soon there will be a tla+ verified [mu-]kernel around. That’s a much better and more efficient basis.

Gerard May 10, 2017 2:44 PM

@ Clive Robinson,

I would suggest you do think further on that especially in who benefits the most, and false flag operations.

So who really has something to gain, I mean right in the pocket, with this “blame the Russkies” framing? That’s of course two groups, one it’s “hard line” politicians, and second the MIC. These have a lot to gain, and they are gaining, think about the “2%” NATO “agreements”.

Clive Robinson May 10, 2017 3:28 PM

@ Hopping Mad,

Re: “AIRGAPPING”

Yes, we do need a definition for the term.

There are already not just definitions for various parts of what we would regard as making up “energy-gapping”.

The problem is they are all technically secret in the West (TEMPEST etc) so maybe we should look at the Russia equivalents.

Failing that, for any given RF channel the noise floor is generaly accepted as -174dB / Hz and you need screening / shielding to get you down to within XdB of that at distance Y. As a rough rule of thumb using the same sort of tests as used for EMC testing but with the acceptable masks being 10-20dB less will be a starting point.

Similar types of tests can be carried out for mechanical vibration and acoustic emmissions.

However doing susceptability testing for active EM/acoustic Fault injection attacks is going to be somewhat harder. Especially if looking for “cross modulation” where the signal you transmit gets modulated by activities within the Device Under Test (DUT), as these can be at harmonics or products of the injecting carrier or frequency it is modulated with.

For instance you might use an Xband source of between 10-11GHz 100% Amplitude Modulated (AM) with 300MHz. The idea being the Xband signal will get through ventilation slots or gaps in the case, where it gets “envelope detected” by any semiconductor junction and produce a 300MHz carrier inside the case that gets radiated from one wire to another where it gets cross modulated with information. Harmonics and mixing may well produce other Xband signals that radiate out of the ventilation slots or case gaps to be picked up by a suitable receiver where the information impressed upon it via cross modulation can be decoded.

Writing a spec for that sort of testing will be quite hard.

Spooky May 10, 2017 3:46 PM

@ Clive,

Thanks, I was just starting to seriously look at seL4 nearly seven years after I first played with an early, L4-based demo. You make some excellent points, though I’m not sure that all of these issues have potential solutions on the horizon. Side-channel attacks seem nearly impossible to prevent, since anything that can be modulated could also be used to transmit data. Stated more generally: if state change is possible, side-channels are possible. And rapid state change is also, unfortunately, what makes computers so useful. 🙂

But I think you have mentioned the whitening/buffering/batching of I/O to try to minimize the existance of side-channels in the time domain, if memory serves.

Row hammer is particulary nasty problem; mitigations are out there, but I think my favorite approach is using old computers with significantly lower memory densities and memory clocks too slow to ever pull off a successful attack. By the time I eventually upgrade, hopefully they’ll have this issue sewn up (and no doubt replaced by others).

Agreed, the user interface issues are complex and numerous although once again, people are working on partial solutions to the problem (with varying degrees of success). It may never be perfect without cautious, mindful users at the helm and they’re a pretty rare breed in my experience. Microsoft could probably be blamed for a lot of that click-happy carelessness, but people in general are just not particularly thoughtful. I would not say that a textual interface is necessarily better in this regard; in fact, it’s considerably easier to forge, without separate physical terminals (or multiplex switch) for each discrete area of segregation (as you listed). Although, I’d be perfectly content living out the remainder of my days in a VT100 terminal; it’s a very comfortable interface and it feels perfectly natural to me, without the affectations of “cute” icons, color, rodents and unreadable fonts. So much wasted effort for stupid baubles. I remain voluntarily trapped in amber, haha.

I’m a bit puzzled re: your distaste for Qube’s approach to using VM-isolation. One of the useful defaults post-install specifically allows you to run the web browser (through which most machines are compromised) inside a throw-away VM. Because of this, your attacker not only needs a browser exploit and local PE, they also need a VM escape targeting Xen (sadly, not too difficult to find these days). When the window is closed, the entire VM and its resources are permanently discarded, limiting persistence. It may not be setting the bar much higher but it does represent incremental progress towards better isolation, and any consumer-grade hypervisor you might use today risks similar outcomes. It makes me wonder if people feel that using VMs somehow negates the need for better security through proper design? I have no doubt that some people do feel that way, but I do not see the two approaches as being mutually exclusive. I’ve always regarded VMs as a safety net, more than anything else, for that set of applications that will never (in my lifetime) be rewritten with security as the dominant, guiding principle. We can insist that it should not be this way, and in time it may change, but for now expediency and profit are the dominant guiding principles, landing us in the mess we currently have… 🙁

Cheers,
Spooky

Clive Robinson May 10, 2017 3:49 PM

@ Gerard,

That’s of course two groups, one it’s “hard line” politicians, and second the MIC.

In the past 100-120 years they would have been those who would be most likely.

But now as back over 150 years ago I would include what we might well call “Corporate venturers”. Those that deal with interstate commerce of all forms have much to gain by manipulating the peace to disturb trading to their benifit. After all who made most on ISIS selling oil to China? Probably the Turkish middle men and other international facilitators.

As was once remarked “Not a thing leaves the NY docks without somebody getting a cut”, the game just got larger and international and would probably include some well known banking names and finance houses along with other well known corporate names. As those sorts of sums of money do not get moved as truck loads of paper or semi-precious commodities when a handfull of electrons is way safer, quicker and with a shell game or two much less traceable.

People have to remember back in the first banking crisis the only liquidity in the US banking system was due to money laundering of drugs and similar money… The pay off for the politicians was that they were not hanging by their thumbs or toes from street lights up on the hill lit up by the light of burning government buildings, as significant civil unrest has been known to do in the past.

Skeptical May 10, 2017 4:43 PM

@Gerard, ab, Winter, others:

“Whose gain?” is not precisely the correct question.

“Who, from their perspective, believes they would gain” is closer.

Autocratic regimes – leading personalities of which are necessarily obsessed with maintaining their grip on power indefinitely and continuously – draw upon their own experiences, values, and context to understand others. Historically, they tend to view democratic countries as highly vulnerable to chaos, lack of national cohesion, and an unwillingness to sacrifice to maintain or to gain power.

By exacerbating forces of chaos, division, and distrust in democratic societies, an autocratic regime can weaken:

-the ability of those societies to coordinate effectively with one another, a deep source of power and influence for such societies;
-to design rational national and allied strategies and to adequately resource those strategies; and
-to grow the very resources which are crucial to most national and allied strategies.

So from the perspective of an autocratic regime that believes it was humiliated by a morally inferior enemy, and who believes that the ideology and leverage of that enemy threatens the continued personal power of those at the helm, the potential gains from these information operations are quite large.

The long-term objectives of the information operations lie in the shaping of the international environment to one more conducive to interests of the autocratic regime: less pressure to democratize, more skepticism of democracies, less willingness to confront the regime.

But there will be targets of opportunity along the way, and the information operations can be focused on those targets as they arise, so long as such targeting is consistent with the ultimate objectives and rationale for the campaign.

The realization of potential retaliation from the US for the particular Russian information operations during the 2016 election year is an example where it may have appeared that a near-term focus on a very tempting target might spark a confrontation that will jeopardize the ultimate objectives of the larger campaign.

It was with that sudden awareness that they may have triggered an unexpected response that an aggressive information campaign was launched against the US organizations immediately responsible for cyber intelligence and warfare. The purpose of this aggressive information campaign seems to be to the generation of confusion, loss of morale and cohesion, and cognitive overload among those within those organizations, while simultaneously weakening the confidence of those political authorities that would be relying on the information gathered by such organizations and upon – should retaliation be ordered – the capabilities of such organizations to retaliate effectively while dissuading or defeating counterstrikes.

From the outside, it seems rather probable to me that every intelligence organization – whether American, Russian, Chinese, German, etc. – will have suffered breaches and compromises over the years. The Russian information operation seems aimed squarely at magnifying the perception of the degree to which American capabilities have been breached and compromised.

This fits, as an intermediate objective, with the further objective of minimizing American and allied retaliation for Russian actions during 2016 – particularly in light of the 2018 Russian Presidential elections.

But if the foregoing is true – and it’s all speculative – then this is a sign of weakness and vulnerability.

Worse, it indicates a worrisome misunderstanding of the nature of American political culture. If one assumes that Americans and other democratic nations are decadent, riven with the division that comes with rampant self-interest and the lack of a strong leader to harness national energies to national goals (which may overlap with personal goals, but what’s wrong with that, right?), then one might assess this information operation as an intelligent maneuver.

But if those assumptions are wrong – as they have been wrong by every autocratic regime that has relied upon them for its policy-making – then it simply confirms to the Americans that they are threatened.

And while one may have some luck in persuading the Americans that one does not seek to threaten them, one will not have any success in persuading the Americans that they lack the capability to prevail in a conflict forced upon them.

The FAR more rational approach was that taken by the PRC when the US signaled that state-sponsored commercial espionage had reached a point where the US believed a conflict was being forced upon it and that it would escalate its responses to extinguish the threat. By choosing accommodation, the PRC avoided a costly confrontation to the benefit of both nations.

I am hopeful but increasingly pessimistic that the Russian Government will play as prudently. The game need not be zero-sum, but it can be made so.

Spooky May 10, 2017 5:47 PM

@ ab praeceptis,

You’re certainly right about that–managing DMA is a serious PITA. It is one of those broad capabilities that harkens back to the early days of single user systems with a global trust model. Trying to integrate something like that into a fine-grained, modern framework that greatly constrains trust relationships might be impossible without invalidating your own model (clearly, seL4 believes this). But if you want realistic device performance, you have to take the bull by the horns and start making strategic compromises; invariably, mistakes are made that lead to a total system compromise; patch and repeat, forever. Tough call. For myself, using CPU-based block transfers would probably be fine, since I’m interested in running seL4 on an older CF-based Geode board (where DMA support was never guaranteed, and the r/w speed of the older flash media is likely to be the primary bottleneck). For anyone wanting high performance with tons of I/O, they have a long road ahead.

It’s interesting that the approach you mentioned in your earlier comment sounded quite a bit like the exokernel concept; winnowing the whole system down to microkernel, support libs and the application itself (no OS formally present). And then spending the time to verify all of the components and their interactions, in accordance with the spec. Have you done this before in an actual project (that you can talk about)?

If seL4 is using formal mathematical proofs for verification, they might very well be beyond me. I can read and understand basic proofs but my set theory skills are extremely rusty at this point (as in, 25+ years rusty!) so, I’ll have a look and see how deep the rabbit hole goes. It’s no permanent obstacle to using their source on a trial basis but, if it becomes a long-term thing, I would have to sit down and work through the entire set of proofs, just to be sure that I thoroughly understand their approach and assumptions. And as you say, the inevitable modifications and extensions needed to turn seL4 into a useable system for me would require extending those proofs in a way that does not invalidate the core assumptions that underlie the security of the whole system. Lots of work.

I’ll definitely check out Genode. I came across them sometime in the distant past but for some reason, I never did end up downloading their source. Time for another look.

Cheers,
Spooky

ab praeceptis May 10, 2017 6:58 PM

Spooky

Have you done this before in an actual project (that you can talk about)?

Yes I did, and no, there are quite tight limits talking about it. But hey, no problem, as long as what I say can be found on the internet.

Based on what you tell about yourself I strongly advise you to stay away from HOL and coq proving. Your interest is software so I suggest strongly to spec with tla+ or B and to use C plus ACSL/Frama. You’ll be rewarded with very major differences in productivity. Although, frankly, I cheated a little on that one because particularly for low level stuff you certainly want to use separation logic which adds considerable complexity. But you might get away if you stay away from the kernel itself.

As for DMA things are much worse. The “system” (the proc) itself isn’t the major issue. Many say “there’s an mmu for that” and are wrong, especially in modern systems with a plethora of processors.

Which leads us (once more, Pardon me for insisting) to the big practical equation:

You see, Nick P and Clive Robinson are perfectly right, but: Well, we don’t have the possibilities to build the perfectly secure system; even large corps fail (or find it way too expensive).

But need we? I say “almost always No”. Our problem isn’t that we don’t have 100% security. Our problem is that we have not even 20%, maybe not even 10% with what 99,99% of people use (linux, windows, … on Cortex A, intel-amt, …).

Let me remind you of an almost vulgar and profane fact: crypto is almost never hacked (outside labs). It needn’t. The OS, libs, and apps offer plenty ways to simply walk by the crypto and not touch it!

THAT is our real problem, that is how nsa and accomplices enter our systems. Hence, that is what we must work on.

Ergo the probably most important security advice I have to offer is “Cut the crap!”. Cut out all those monster crap apps. Don’t install apache + mysql + php for the neighbour bakeries website. Don’t. Install a small verified webserver and use a small strongly typed scripting language (if you need that flexibility).

Throwing out all that crap and boatware and “made for nobrainer by nobrainers” crap enhances security of the average server BY FAR more than mucking around with seL4 and whatnot.

Second holy rule of ab praeceptis: The higher up you go on the safe/secure scale the slimmer the system must be.

On the normal server level what I said above will bring you quite far. On one or two level higher up you cut even more crap and it’s there where mu-kernels are a useful – and adequate – building block. But on that level you don’t think in terms of OS but rather in terms of service, as in e.g. encrypting gateway.
Yet another level up everything is fully specified and formally modelled, written in Ada, parasail or the like, and fully verified.

Hence, my advice is to think economically and to drive security from, say 10% to 80% with quite little effort rather than fumbling with experimental seL4 mu-kernel (and you will end up with an experimental version if you want to go that way!).

Maybe this also explains why I like OpenBSD quite well. You get all the goodies and candy of a posix OS, reasonable quality (as opposed to, say the linux toy box) and even – and that’s VERY important – quite some stuff above the OS, things like all the OpenXXX stuff from the OpenBSD people.

Final remark to show the weirdness of the whole field: Everybody and his dog want hypervisors to do more. Well, I sometimes intentionally chose one that does very little.

security has something in common with elegance. It’s not about adding what can possibly be added but it’s about cutting out what can be possibly left away.

Figureitout May 10, 2017 9:53 PM

Hopping Mad
Re: “AIRGAPPING”Yes, we do need a definition for the term.
–It’s pretty simple if you bother to look it up. Really not a difficult concept to wrap your head around. The difference here amongst the “usual suspects” is air-gapping is assumed to remove other transducers that you can infil & exfiltrate data (speakers, microphones, cameras, wifi/bluetooth, and the RF side channels from all the PC peripherals). I don’t think we need a new term like Clive Robinson’s “energy-gapping”, if there’s a remote way into the system it is not air-gapped. And it’s not a buzzword unless you have an idiot parading it as so; it’s common sense in the security world.

Spooky
close look at their source (particularly their implementation of standard IPC mechanisms).
–Yeah I’d be curious about how processes communicate too. Here on line 101 looks like it (message passing?): https://github.com/seL4/seL4/blob/master/src/kernel/thread.c , it’s not normal C, probably lots of typedefs, so it’ll take a bit of digging…doesn’t look like an overwhelming mass by any means though. We did a project in an OS class and chose to do it in C++ over pure C. It was a b*tch creating actual new threads (that needed to be “nodes” that could “produce” a message and “consume” it), then we screwed up and had 1 mutex for all the threads lol…that’s what we think is the problem. We were burnt out from so much programming and they really pushed you on the project…got an A on it anyway.

Dirk Praet
–You can’t really do FPGA dev on OpenBSD can you? Virtual machines coming. What about laying out a PCB? Looks like just kicad, not eagle. I don’t use it much, but LTspice? MPLABX? I know it won’t do Atmel Studio.

I’m preaching to the choir, but that is the kind of work that needs to be supported. Using my Pickit3 on OBSD w/ a nice graphical interface would be ideal. I’d rather flash my MCU’s (more easily, w/ pleasure, being able to click on files I want, not “ESC, :wq, cd .., ls, vi file_I_want.c”) on OBSD than worrying about a malware squeezing in and locking itself in via windows, ubuntu, raspbian, or debian; wasting my time. I’ve got an epic bug on my hand that reeks of something fishy…

gordo May 10, 2017 10:35 PM

@ Skeptical,

Regarding “cohesion”, the subtext, i.e., the old media model in the USA (and many places elsewhere) is gone: Three or four national broadcast networks, a few nationally recognized newspapers and magazines, a couple of local newspapers, and a handful or two of local TV and radio stations have together, if not altogether, lost their collective sway.

In short, the gatekeepers ain’t what they used to be. https://www.schneier.com/blog/archives/2017/05/facebooks_obser.html

This vulnerability, as we’ve seen, in both the USA and elsewhere, has exceptional consequences.

As Marshall McLuhan put it in 1970: “World War III is a guerrilla information war with no division between military and civilian participation.” Therein lies the rub. In a word, control; feigned or otherwise.

Slightly on-topic (enjoy):

Video Killed the Radio Star – The Buggles (1979)
(Original video; includes subtitles; MTV/1981):
https://www.youtube.com/watch?v=ZPEwluSNzgc [3:40]

The Buggles – Video Killed the Radio Star
(This is the fifth in the series; The Music Video: As Art. Utility Productions, LLC. 2011)
https://www.youtube.com/watch?v=3hs4Gg7RDnc [3:32]

Regarding Chinese espionage, my reading is that their approach is no longer as indiscriminate as it once was, i.e., it’s now more targeted and disciplined.

With respect to influence operations, as defenses and deterrents improve, not to mention the challenge of filter bubbles and information literacy, so, too, will the targeting and discipline—in general and regardless the actor.

https://sites.google.com/site/aviationinamerica/_/rsrc/1418671810785/home/how-aviation-increased-the-effectiveness-of-psychological-warfare-in-the-war-with-japan-during-world-war-ii/image.jpg

??? May 10, 2017 11:36 PM

Following up on my question about the lens/film (my brain-computer-interface question doesn’t have any problems that I can think of).
I know that energy can’t be created or destroyed, but can’t two 1400mhz photons be made into a 700mhz photon, or one 200mhz made into two 400mhz ones? Or is there some other fundamental law of physics I’ve forgotten?

Spooky May 11, 2017 1:41 AM

@ Figureitout,

That’s it, you got it. I think most older microkernels tended to suffer significant performance losses from the considerable message-passing overhead but the L4 guys have spent quite a bit of time looking at ways to optimize various messaging scenarios; I believe they use registers to pass shorter messages between sender/receiver. Ah, there in the source, line 156 in doNormalTransfer() is the expected callout to getRegister(). I wonder what else they’ve been up to in the last several years? I am really looking forward to digging into this source. It promises to be an education for me, at the very least. I’ve never spent any significant time noodling through the source for a modern microkernel design, though I have played with the OpenBSD kernel source and the older 2.2/2.4 series of Linux kernels.

Oh man, debugging threads is such a pain. Total respect for those with a talent for it. That giant mutex was just a solid wall of thread contention, eh? Glad you guys still managed to get good marks. Well-managed concurrency (without obvious deadlocks, races, etc) is like some hard-earned superpower that is only granted after years and years of strident suffering…

Cheers,
Spooky

Dirk Praet May 11, 2017 3:17 AM

@ Figureitout

You can’t really do FPGA dev on OpenBSD can you?

Not exactly my area of expertise. I know Xilinx has an IDE on FreeBSD, but I don’t know if that would also work on OpenBSD. It’s a matter of demand, I suppose, since there’s just very few people out there actually using it.

Kinda sad, though. It’s really the ideal platform to refurbish old hardware with, which I think Theo & co. should be promoting more aggressively to increase adoption. There is absolutely no point in throwing away old laptops or keeping XP/Vista on them when you can easily give them a second life as an up-to-date, reasonably secure 2nd machine for more private/anonymous stuff. And even more so because a growing number of Linux distributions are dropping 32-bit support, while others are sneaking in more and more applications that require SSE2 extensions, thus making it impossible to run them on older processors.

A while ago, it took me almost a week to figure out why a freshly installed 32-bit Linux system was crashing all over the place without even a hint of what was going on. It was just “illegal instruction” everywhere, which initially sent me on a wild goose chase thinking there was a problem with the RAM or video driver. Until I found out that the Synaptic Firefox, Flash and Chrome binaries required SSE2, which the machine’s old AMD Athlon XP processor didn’t support, and for which – of course – no warning was given. I eventually removed all three, replaced Flash by Gnash and Firefox 53 by Firefox 45 ESR. At which time I suddenly had a perfectly working system. On OpenBSD, I have never encountered this problem (yet).

Clive Robinson May 11, 2017 6:58 AM

@ Bruce,

I suspect this may become a subject of interest that journalists may start sniffing after,

https://twitter.com/GambleLee/status/862307447276544000

After all why would an Oslo pizza joint need face recognition in it’s advertising display?

Note the “N-MATCH” and “Y-MATCH” the implication is not just recognition of person type and length of time looking at the advert, BUT actually remembering a customer over time. Thus this could easily be tied into the sales register to check buying prefrence and if an advert changed the prefrence or not… Thus even “cash buyers” lose anonymity and become “involuntary test subjects”.

PEN4 May 11, 2017 8:07 AM

@ M. Priet, having wasted varying intervals of time with BSD over the course of years, one lacks your saintly patience. Hardware is the least of it. Battening down stupid defaults with vi in helvetica 0.04 to give some minimal network security before searching in vain through innumerable unreachable mirrors with random naming conventions that do not have what’s advertised, guided by vaunted documentation that veers wildly between information and vague jargon, when it’s not just false. The definitive pearl of wisdom was some guy who advised, just recompile it all whenever you update. Thank you for your kind offer, but life’s too short.

Figureitout May 11, 2017 8:27 AM

Spooky
–Huh, interesting. Wonder the performance increase. Yeah me either, figure it’s best for me to get experience w/ other kernels in general before I try a supposed “secure” one. Would be nice to get this up and running, just to see. Looks like they use VM’s quite a bit to run it.

Oh yeah it is…especially when you have a group, and someone goes off, makes some progress, but writes in some nasty bugs…floating point exception was a b*tch to find, then the occasional seg fault (tracked that down too, another bug added in). Yeah, we had to parse a file that let us know how many threads to create, and what the threads “neighbors” were. They could only talk to their neighbors, and we had to pass messages thru nodes and send an acknowledgement back and note the roundtrip time. Every project built on the last, there was 6. There’s more but I won’t indulge. Yeah, when you had like 3 threads, it was more obvious, but running 57 threads, you couldn’t see it as well (and would be dumb trying to track down). 1st thread held rest hostage, hogging CPU lol. That nasty piece of crap needed to be re-designed and re-written quite a bit, probably won’t put on my github lol. :p Would be nice to get into a better design.

Dirk Praet
–Me either, just dabble. But would be nice to know I could install when I want it. Every program has to get built just for OpenBSD right? Agreed, it worked nicely for me on an old computer, and having close to the bare minimum on a fresh install is something that should be far more common. But if I get a nice huge fast fresh computer I’m putting on Windows or Ubuntu b/c I can do the most w/ it. Point is, my newest PC’s get Windows or Ubuntu, relegate old PC’s for OS’s I can’t do as much with…

Nice bug find, at least you got a hint eh? :p

Clive Robinson May 11, 2017 9:03 AM

HP Laptops have keylogger built into audio driver

Although it’s thought it might be a “bug” or “poor design” the result is that for quite some time every key-stroke was getting logged to file including login details. Thus if you had cloud backup enabled, your every keystroke has escaped you.

https://thetechportal.com/2017/05/11/hp-laptops-audio-driver-keylogger-bug/

It will be interesting to see what claims are made by HP et al, especialy as disabling the key-logging also removes user functionality…

Little r May 11, 2017 10:37 AM

@PEN4,

What ‘secure’ by ‘defaults’ have you been altering in ‘Helvetica’ from vi on obsd to the point of derision?

ab praeceptis May 11, 2017 12:35 PM

Clive Robinson

Thanks for the link. Not that there weren’t enough other reasons to show that linux is not the solution but the problem, but that is a particularly nice one.

That AF_PACKET bug really demonstrates on multiple levels what an utterly incompetent toy lab is behind the sectarian linux “geek” kindergarden with plenty rich and careless corp parents involved, too.

The most nightmarish thing about the whole linux thing is that they still do not even begin to realize what a gigantic cancerous waste dump they’ve created.

JG4 May 11, 2017 3:33 PM

2:00PM Water Cooler 5/11/2017
http://www.nakedcapitalism.com/2017/05/200pm-water-cooler-5112017.html

Imperial Collapse Watch

“NYU Accidentally Exposed Military Code-breaking Computer Project to Entire Internet” [The Intercept]. “The supercomputer described in the trove, “WindsorGreen,” was a system designed to excel at the sort of complex mathematics that underlies encryption, the technology that keeps data private, and almost certainly intended for use by the Defense Department’s signals intelligence wing, the National Security Agency.”

https://theintercept.com/2017/05/11/nyu-accidentally-exposed-military-code-breaking-computer-project-to-entire-internet/

Clive Robinson May 11, 2017 4:31 PM

@ ab praeceptis,

Not that there weren’t enough other reasons to show that linux is not the solution but the problem…

The problem with “cult status” especially where large amounts of sponsorship money is involved, is “expectations” leading to “image has to be maintained”…

Which we have recently seen demonstrated with grsecurity not unexpectedly taking their bat and ball home after parts of the Linux Foundation did a NIH but tried to steal the code anyway under the auspices of the KSPP.

The problem is that the kernel is now larger than any one benevolent dictator can keep in their head no matter if they are a 10x 100x or 1000x programmer.

Not being nasty, but people need to start asking “what if” / continuation questions about accidents and individuals, such as “what happens to the project if the benevolent dictator becomes incapacitated or worse?”.

But that aside, I’ve always had a dislike for monolithic code bases that are all but impenetrable to analysis, because at the end of the day it’s not the way engineers do things.

In the past I’ve had to write my own BIOSs and OSs for ICS and embedded systems and device drivers not just for them but *nix OSs as well. In all cases the “blue screen of death” was not an option, irrespective of what went wrong short of a crack in the ground opening and swallowing up the plant.

The result is I look at even uKernel code and think “Why is there all this crufft?” or worse. Almost invariably you can tell it has not been written to be reliable.

I know Nick P is a bit of a fan of design by contract and you likewise want type checking built into the source code so that an enhanced tool chain can verify it. But you rarely see this, often you are lucky to find meaningful returns that are checked let alone acted upon…

So yup I’m not much of a fan of monolithic development or even ukernel systems unless they are designed in an engineering like fashion.

Dirk Praet May 11, 2017 4:39 PM

@ Figureitout

Every program has to get built just for OpenBSD right

Since OpenBSD no longer supports Linux, I guess porting would be the only way. But no worries, Theo & co. only scrutinize the base distribution 😎

Nice bug find, at least you got a hint eh?

For a while, everything just blew up like crazy without any error messages anywhere. Even the MDM display manager, so I had to log in on a console and start X manually. Once there, Firefox, Thunderbird, Chrome, GUFW, the software manager and countless other apps did zilch. The first clue I got was an illegal instruction message when starting up the MDM theme emulator. On a hunch, I eventually removed Firefox, trying to replace it with a download from Mozilla. Still no luck, but starting it from a terminal finally threw a more meaningful message, saying it required SSE2 extensions, which I knew my Athlon hadn’t.

I subsequently replaced it with FF 45ESR and 48 versions without SSE2, but they still bailed out, even in safe mode. Until I read somewhere that the Adobe Flash plugin had this requirement too. After I had removed that from the system, a lot of stuff suddenly started working. This stupid crap plugin had hooked itself into everything webkit-based, causing all the crashes. It is beyond me that this is not better documented, and every vendor providing such apps should throw meaningful error messages instead of just crashing out, leaving anyone but a very patient expert completely clueless as to what is happening.

It was unfortunately not the only bug I hit on Mint. Compiling out-of-tree kernel modules is just not possible because they forgot to include the Module.symvers file in the headers, and which you can’t even recreate because a ‘make modules’ in the source tree blows up with scores of missing sources. All of which is pretty amazing for a distribution that prides itself on being very “user friendly”. Suffice it to say that I have pretty much given up on Mint for now.

@ PEN4

Battening down stupid defaults with vi in helvetica 0.04 to give some minimal network security before searching in vain through innumerable unreachable mirrors …

I have – with respect – no idea what you’re talking about. When was the last time you looked at the BSD family? Ten years ago?

ab praeceptis May 11, 2017 5:24 PM

Clive Robinson

Well, there’s a reason for (not just) my holy rule to keep it tight and slim.

And, yes, I posit that any not small (and I mean tiny) code/project body not using formal methods is bound to become a trouble generator. And that’s exponentially so the bigger a project gets.

But I do also understand that one needs existing developers and existing, established languages with good tools available. That’s one of the reasons why I’m lenient re. OpenBSD.

But the problem with linux goes way deeper, it goes down to the mindset and sectarian level. Just remember linus, the young student arrogating a position from which he attacked Tanenbaum, a well respected and experienced professor (and developer with lots of code under his belt). Or think ab esr and his utterly absurd anti-cathedral paradigm that, certainly not by coincidence, was to be found at the heart of linux, too. Or think about all the political activism incl. i.a. fights for something like a women quota and other idiocies that would be expected in a mental asylum but not in a major project with billions of $ in its back.

linux is the opposite of engineering. It started in the mistaken and arrogant believe of a youngster that ignorance, chuzpah, and social activism could somehow achieve a better OS than experience, a properly trained intellect and proper engineering.
It’s cynically funny that “evil microsofts” chances to sometimes come up with a reasonably safe OS are BY FAR greater than linux’ chances. But then microsoft has engineers and they have understood what’s the wrong way and what’s the right way, and they threw very, very much money at the problem and at building better tools.

In the end it’s simple: We need to use adequate languages and, at least for the core (kernel, drivers, core libs), we need to use formal methods. Anything else is irresponsible. Moreover we must avoid mega monsters and rather design with modularity in mind,

Btw, I’m right now working on some academic crypto code by a (otherwise very intelligent and capable) professor whose code – like so often in academia – is obviously written as a hated but necessary task. The math is brillant but I’m working on repairing the 3rd major error by now! It’s about bit fiddling with an unsigned 64-bit integer which should result in a 32-bit integer to be fed to the next stage. Well, the value actually passed is a 36-bit integer …
Chances are they never noticed it because C (it’s written in C) happily eats sht and produces sht without any complaints.
My Ada implementation immediately threw an exception and told me the exact reason. Gladly the error is just based on carelessness; the algorithm itself is correct (theoretically) so I could repair it.

Three lessons to learn (minimum): a) a professional compiler for a professional language is a powerful assistant, b) C should be used only by experienced, responsible developers and only where necessary, and c) if there are problems then I, the developer, should be confronted with them, not the end user. In other words: Catch problems and errors early! The earlier the better (which is yet another reason for proper modelling, which they didn’t do).

PEN4 May 11, 2017 7:13 PM

Ten years, I wish. This is last month. For most of us, there comes a point where you’re ready to stop dealing with the computer and get back to dealing with human beings. With OpenBSD that point never comes. It’s a matter of degree. Linux requires a lot of tinkering under the hood to mitigate the worst threats to your privacy. But then you can get on with your life. OpenBSD’s incremental security is not worth the time suck.

Pluriculture in software raises the cost of mass surveillance, so the more the better. May openBSD squeeze linux out. Has anyone put up a desktop iso that had a longer lifespan than a mayfly?

Cold Hard Truth May 11, 2017 8:05 PM

@Dirk Praet, PEN4

The inherent and irremediable insecurity of all computer hardware on the market today has already been discussed ad nauseam on this very forum. OpenBSD’s best effort is that “This operating system will not be the cause of your system’s insecurity.”

I can put an ever-so-secure lock on my front door, but if the bricks in my foundation are loose, thieves can still break in.

Just one example: Cheap 802.11xxx wifi hardware, required by federal law to be proprietary, hardware and firmware defects not repairable by the end user, with privileged Direct Memory Access to the main system.

Another example: BadUSB, similar issues.

Sure, I’d like to deal with people rather than computers, too, but the goals of the people who are designing and building hardware and programming software are not the same as the goals of the end users of that hardware and software.

I’d like to do my own thing and work on my own research and my own documents on my own computer, but unfortunately my computer, like all others on the market, enables universal 1984-style mandatory NSA surveillance, and I don’t have the resources to practice an airgap with a Faraday cage, sneaker-net data-diode discipline, and so forth. A modern PC, especially a laptop, is like a toilet stall under constant video surveillance. You can’t even keep your business away from your competitors without an “intellectual property” gentlemen’s agreement.

tyr May 11, 2017 9:00 PM

@the usual suspects

Thoughtmaybe has a video up called ZeroDays.

Covers a lot of the territory about Stuxnet.
I was quite interested in what Chien from
Symantec had to say about it.

@Clive

That HP catch was a remarkable example of a
lazy programmer unable to see past the part
of the code he was working on to unintended
consequences. A user interface should never
allow anymore than what is necessary to be
collected and used. That’s why it is the
hardest part to get right and most school
trained programmers avoid it in their quest
for shiny new algorithmns that display their
sense of being a brainiac.

Unintended. Yeah, Right. May 11, 2017 9:54 PM

No way the HP keylogger is a mistake. Conexant is the corporate successor of Rockwell – that Rockwell, the defense contractor. Conexant happens to be beavering away on all the things CIA is turning into disguised surveillance devices: IoT, set-top boxes, voice recognition. And their audio firmware logs every keystroke, by mistake? How stupid do they think we are?

This is one of Comey’s front doors. Comey as FBI capo spent all his time selling surveillance and war on Russia for Lockheed Martin, his real job. In this case the eavesdropping unit comes from Lockheed-Martin sub Conexant. We will find many more of his Big Brother bugs.

The test will be whether HP sues the crap out of Conexant for demolishing the integrity and reputation of its brand. If HP fails to do, anyone who ever buys an HP box again is an idiot.

Figureitout May 11, 2017 11:46 PM

Dirk Praet
–Hah, darn they need to support Linux again. C’mon Ted, c’mon King Theo! :p I mean my main uses for OpenBSD would be for my airgapped crypto machine that I’m ok w/ using an Intel or AMD chip (what secrets have remained hidden…) and exposing to lots of peripherals (I get to use stronger crypto), and as a router w/ built-in firewall. Can make MCU systems now that have less side channels though, just weaker crypto and main risk is just flashing from endpoints like windows or ubuntu. We all know the trusting trust thing too, for decades everyone’s started by downloading some binary, that ran on some pre-built computer. Have to get to programming your computer w/ buttons and LED’s which are good for nothing but basic authentication devices or toys to get closer to the magic of computing…

everything just blew up like crazy without any error messages anywhere
–Feel your pain, nice track down and solution. Bet it felt good. 🙂 We don’t get error messages or exceptions in embedded, usually only morse code LED blinks we add in… :p My bug is different power consumption levels w/ same code and every test point we check on board checks out (so I’m suspecting something internal…hardware errata. Especially since the amount of excess current corresponds to the amount of current this oscillator consumes…somehow an internal oscillator control bit gets flipped thru power cycles…that’s my crazy hunch but I don’t know how to confirm my suspicions…). I got a workaround to get powerlevels down, way down, yesterday, so I was pretty happy, just got to retest etc. Still, one of the few bugs I hone in on, and it completely eludes me…kills me like none other. Start obsessing over it, etc…

every vendor providing such apps should throw meaningful error messages instead of just crashing out
–Yeah that probably shows not enough testing, or test cases never reached that state. But being an app that should run on lots of platforms, this should’ve been a concern to be mitigated.

Never tried Mint, tried a bunch, got burned a few times when to upgrade I have to download an iso onto a disk and reinstall everything…If I had complex installs I don’t want to do again and again…f*ck that. ubuntu gives me shell I like, linux environment, and has all the software I’d usually need. There’s an infinite number of dev boards and the like for simpler applications and systems if I need it.

Clive Robinson May 12, 2017 1:41 AM

@ Cold Hard Truth,

Cheap 802.11xxx wifi hardware, required by federal law to be proprietary, hardware and firmware defects not repairable by the end user, with privileged Direct Memory Access to the main system.

You are mistaking “cause and effect” with “required by federal law to be proprietary”.

It’s a trick that various state IC agencies have pulled over the years on standards committees and they call it “finessing” which is a term from thr card game “Bridge”[1]. The excuse is almost always what we would classify as “Health and Safety” which few would argue against.

The “required by federal law” part only applies to what radio engineers call “the air interface” hence the “Reverse SMA” from the early days and the more recent requirment to prevent tampering with the radio transmission frequencies and modulation types.

On the face of it, it appears a reasonable idea as some people had worked out how to change the frequencies to give themselves extra channels that are not covered by the “end user licence exempt” exemption. There are a number of ways they could have mandated this, but they went illogically after the software that drives the air interface electronics not the electronics it’s self which would have been the usuall method a decade or more ago.

On highend equipment with multiple independent CPUs you will –in theory– still be able to change the other software. However in single CPU SoC type systems which have been the target for the FOSS AP etc software then the chances are no you will not be able to change things because it will be easier for the manufacturer to be compliant. For obvious reasons this will be a “soft lock” via code signing etc. Which means that there will be ways around it for those who know or can calculate the key, or more likely have the correct jtag equipment.

Hence the finess has worked for the majoroty of not just US but world citizens and they are locked into whatever bad software you get given and any nasties it might contain from the supply chain.

Serious criminals however will not be worried by this “soft lock” they will find people to either break it or more likely mitigate it in some way as I’ve mentioned in the past. So welcome to “Prison USA” it’s a shame the rest of us had to get dragged in as well.

[1] The usage of the word “by the US IC agencies in this context apparently came from Bletchly Park back in WW2 where bridge was a major pass time brought down from Oxbridge Unis.

Clive Robinson May 12, 2017 2:34 AM

@ tyr,

That HP catch was a remarkable example of a lazy programmer unable to see past the part of the code he was working on to unintended consequences.

Hmm without wishing to appear to be “seeing shadows everywhere” I’m suspicious. It’s got all sorts of built in “deniability” that looks “oh so reasonable”. I’m jist waiting for either “the subcontractor” or “summer intern” did it excuse to confirm it as being deliberate. Not forgetting the “debug code left in” or “code reuse from a different project” excuses.

Thus if a “finesse” the question is from whom did it come from, when and how.

The important thing to note is that it’s a “two parter” that is it writes to a file, which would not be a lot of use if FDE is in use, (but would be if not). But the second part gets around FDE by backing up the “plaintext” to a cloud opperator. Thus exfiltrating it in a covert maner to a third party who can be served with nothing more than an NSL.

But importantly if a “company” laptop of the US IC, Mil or Gov it can easily be fixed by one of several simple workarounds.

So it looks like it’s aimed at the citizens and their “free backup” or “Cloud” accounts.

Anonymous Coward May 12, 2017 6:14 AM

@Dirk Praet

Not exactly my area of expertise. I know Xilinx has an IDE on FreeBSD, but I don’t know if that would also work on OpenBSD. It’s a matter of demand, I suppose, since there’s just very few people out there actually using it.

Kinda sad, though. It’s really the ideal platform to refurbish old hardware with, which I think Theo & co. should be promoting more aggressively to increase adoption. There is absolutely no point in throwing away old laptops or keeping XP/Vista on them when you can easily give them a second life as an up-to-date, reasonably secure 2nd machine for more private/anonymous stuff. And even more so because a growing number of Linux distributions are dropping 32-bit support, while others are sneaking in more and more applications that require SSE2 extensions, thus making it impossible to run them on older processors.

Lots of discussion in various articles here about replacing Windows/Mac/Linux with microkernels and hypervisors, as well as OpenBSD.
But that’s the first time I saw FreeBSD mentioned.
How do its jails compare to other methods of isolation, if you run just 1 program per FreeBSD vs 1 OS per program in a hypervisor or one user per program in a microkernel, security-wise?

@ab praeceptis

the problem with linux goes way deeper, it goes down to the mindset and sectarian level. Just remember linus, the young student arrogating a position from which he attacked Tanenbaum, a well respected and experienced professor (and developer with lots of code under his belt). … linux is the opposite of engineering. It started in the mistaken and arrogant believe of a youngster that ignorance, chuzpah, and social activism could somehow achieve a better OS than experience, a properly trained intellect and proper engineering.

Isn’t that like saying that Microsoft should be avoided, just because MS-DOS was originally written by one person with no professional experience? And is offering criticism about someone’s idea really the same as “attacking” them? Isn’t “attacking” better used to describe the false imprisonment by armed people of unarmed political activists and journalists?

Or think ab esr and his utterly absurd anti-cathedral paradigm that, certainly not by coincidence, was to be found at the heart of linux, too. Or think about all the political activism incl. i.a. fights for something like a women quota and other idiocies that would be expected in a mental asylum but not in a major project with billions of $ in its back.

Are you saying that political correctness is limited to Linux? Aren’t such “affirmative action”/”equal opportunities” required for non-profit status is certain jurisdictions? Is it really a problem with Linux and not with some questionable governments?

<blockquoteIt’s cynically funny that “evil microsofts” chances to sometimes come up with a reasonably safe OS are BY FAR greater than linux’ chances. But then microsoft has engineers and they have understood what’s the wrong way and what’s the right way, and they threw very, very much money at the problem and at building better tools.Are you seriously dissing the entire Linux ecosystem just because there are some Linux fanboys who speak nonsense such as “evil microsofts”? Why not then diss everything Microsoft since Microsoft employees have called the GPL an evil “virus” that needs eradicated?

But then microsoft has engineers and they have understood what’s the wrong way and what’s the right way, and they threw very, very much money at the problem and at building better tools.

So when academics work on Linux, it makes Linux bad because “That’s why it is the
hardest part to get right and most school
trained programmers avoid it in their quest
for shiny new algorithmns that display their
sense of being a brainiac.”, but at the same time Windows is superior to Linux simply by virtue of being for-profit and only hiring engineers with golden stickers(college degrees)?

<

blockquote>In the end it’s simple: We need to use adequate languages and, at least for the core (kernel, drivers, core libs), we need to use formal methods. Anything else is irresponsible. Moreover we must avoid mega monsters and rather design with modularity in mind,
Are you saying that Windows is more modular, that it’s easier for somebody to modify one part of it without having to touch tons of other files before it can be recompiled and pass integration tests? I thought that it awas closed source. Doesn’t that somewhat hinder this? Isn’t it easier to write a portable module for Linux since the source code is available? Or are you simply talking about how many Linux drivers are statically linked to the kernel executable for performance reasons, as opposed to all of them being separate files that are dynamically loaded? The latter can be done in Linux too, it’s just that the most common drivers are usually included into the kernel for performance reasons. People can and do write modules for Linux without statically linking them into the Linux kernel.

Btw, I’m right now working on some academic crypto code … the algorithm itself is correct (theoretically) so I could repair it.

Isn’t it harder to repair errors in Windows, since you have to do it without the source code (RTFB)?

@Cold Hard Truth

The inherent and irremediable insecurity of all computer hardware on the market today has already been discussed ad nauseam on this very forum. OpenBSD’s best effort is that “This operating system will not be the cause of your system’s insecurity.”

Just one example: Cheap 802.11xxx wifi hardware, required by federal law to be proprietary, hardware and firmware defects not repairable by the end user, with privileged Direct Memory Access to the main system.

Another example: BadUSB, similar issues.

The insecurity required by federal law is actually not based on valid laws in most countries. It goes against most common law interpretations, US constitutions, UK human rights laws, etc.
PGP was in the same place as OpenWRT is now. It wasn’t illegal, but corrupt politicians used illegal means to persecute its community.
As for giving up and abandoning all hope because of “completely impossible to fix” hardware attacks… BadUSB is prevented by various Linux scripts that you can search for easily, and is blocked by default in QubesOS if an IOMMU is present (it runs fairly securely without an IOMMU, but more so with it).

I can put an ever-so-secure lock on my front door, but if the bricks in my foundation are loose, thieves can still break in.

Are you saying that unless your house is indestructible that it shouldn’t have locks?

Thanks for the link. Not that there weren’t enough other reasons to show that linux is not the solution but the problem, but that is a particularly nice one.

That AF_PACKET bug really demonstrates on multiple levels what an utterly incompetent toy lab is behind the sectarian linux “geek” kindergarden with plenty rich and careless corp parents involved, too.

The most nightmarish thing about the whole linux thing is that they still do not even begin to realize what a gigantic cancerous waste dump they’ve created.

Are you being sarcastic, or do you genuinely believe all of those things about Linux just because of one zero day? You are aware that Windows has had and continues to have zero days, right? And that most of the closed source Windows security companies have vowed not to defend against state sponsored attacks, for example saying that they will not add signatures for malware created by GCHQ/NSA/PLA?

Clive Robinson May 12, 2017 6:39 AM

Cloudfare -v- Troll lawyers

This may well turn out to be an interesting one to keep an eye on and even worth three bowls of popcorn.

https://m.theregister.co.uk/2017/05/11/cloudflare_patent_trolls/

Put simply a firm of lawyers have quite questionably set themselves up as patent trolls by buying in patents and littigating themselves. Thus they save the usuall legal fees and cautious behaviour using an extetnal law firm that would normally be required. This is at best a questionable thing to do and could result in the lawyers concernrd getting sanctioned.

The lae firm has tried to hit Cloudfare with a payent that technicaly does not match what Cloudfare do and there is clear prior art predating the original patent filing by two years.

Thus you would think that it would be an open and shut case, but as anyone who has had the misfortune to get involved with civil litigation, it’s full of bovine scat up to your neck and often beyond, at a thousand dollars a shovel full. And mostly the jury members see “performance art” and vote for the filmstar looks as in most cases they haven’t got a snowball in hells chance of understanding the technical merits as they are obsficated at best and perjured at worst as part of the performance. Many judges are no better than the juries but they tend to side with “the thickness of the script” each side submits…

Dirk Praet May 12, 2017 6:58 AM

@ Cold Hard Truth, @ Clive

Cheap 802.11xxx wifi hardware, required by federal law to be proprietary, hardware and firmware defects not repairable by the end user, with privileged Direct Memory Access to the main system.

Err, OpenBSD – contrary to Linux – does not accept proprietary firmware blobs. They reverse engineer them instead and are actually doing quite a good job at it.

@ Clive, @ tyr

That HP catch was a remarkable example of a lazy programmer unable to see past the part of the code he was working on to unintended consequences.

I refer to Hanlon’s razor. Even if it was just stupidity on his behalf, there’s a really good chance that some resourceful agency has an exploit for it, as a consequence making it indistinguishable from malicious intent. When I get hit by a car and sustain GBH while crossing the street, I don’t care whether that driver did it on purpose, was blind drunk or just not paying attention.

@ PEN4

OpenBSD’s incremental security is not worth the time suck.

If not hardware, then I think it’s more of a PEBKAC problem. I’ve known plenty of people who gave up on their guitar because they couldn’t sort the instrument on their own. Others just took some courses to get them past their issues. They eventually became skillful players.

Clive Robinson May 12, 2017 7:57 AM

@ Dirk Praet,

Err, OpenBSD – contrary to Linux – does not accept proprietary firmware blobs.

Whilst that is true, it does not effect the FCC ruling on the “air side interface” restrictions they imposed not so long ago.

Thus if you have WiFi cards that plug directly into your PC Bus that run entirely from the main CPU and work with OpenBSD I’d put a few in stock.

In most USB devices, PC Cards and even laptop etc motherboards, the WiFi is done via a SoC which contains it’s own CPU. So Open BSD would talk to this the same way that Windows, Linux, MacOS and other *nix etc OS’s would do.

Where the real pain comes is with those extetnal network APs that you can buy for $/€ 30 which hobbiests have had a habit of entirely striping back to install their own linux OS and tools like OpenWrt.

In theory OpenWrt etc will still be possible but they would have to include the crapy code blob for the air side interface components from the hardware manufacture / entity “placing on the market” for it to remain FCC approved thus legal for use in the US without other licencing provisions.

Not that, that will be of any concern to “experimental wireless” licence holders such as Ham/Amateur operators. Their trick is to take the output of a Wifi device and band shift it with a passive double balanced mixer then feed it into a circulator or equivalent to provide both a more sensitive “RX amp” and more powerful “TX amp” and matching into other antennas.

For fun some time ago I band shifted a 2GHz Wifi down into the old UHF analog TV band to use to test the possability of “whitespace usage” I found that the DVB TV recevers in televisions and set top converters I tested were fairly immune to it.

It’s the sort of thing you can “hack together” in a workshop in a day. Although the system I used was a little more complicated as I used a transmission line cell to do the tests rather than radiate into free space along with specialised antenuaters and test equipment.

Thoth May 12, 2017 8:04 AM

@Figureitout

“I mean my main uses for OpenBSD would be for my airgapped crypto machine”

Use a STM32F or something along that line to build your own HSM. Integrate your own screen, keypad and smart card reader into your own board and now you have an airgapped HSM.

Need AES, SHA, RSA and ECC ? The STM32F have accelerators for your use.

Need secure key storage ? Find those Atmel smart cards or some PKI smart cards to store the keys inside.

Fully purpose built from scratch by hands would be much better than having a full blown *NIX or Windows OS running on top with all their nonsense.

Clive Robinson May 12, 2017 11:52 AM

UK NHS Network hit by Ransomware

According to the BBC the UK National Health System network (one of the worlds largest distributed networks) got hit by ransomware,

    NHS Digital said the attack was believed to be carried out by the malware variant Wanna Decryptor.

http://www.bbc.co.uk/news/health-39899646

It appears to also have effected some NHS (VoIP) phone systems as well.

PEN4 May 12, 2017 11:52 AM

PEBKAC, no doubt. I’m evidently part of an enormous problem encompassing almost all mankind. The functional specs do not include protecting humans from overreaching states, so technically that’s no big deal. It’s a remarkable innovation that is not subject to diffusion.

Clive Robinson May 12, 2017 2:56 PM

@ Who?, Bruce and the usual suspects,

It is worse, there are currently 74 countries affected

And it’s getting worse by the minute…

Apparently the ransomware is using a reporposed NSA Cyber-Weapon, that Microsoft is well aware of and has patched in it’s more modern OSs.

But… Many large organisations such as most Governments around the worls have not been able to upgrade their systems. Due in the main to Microsoft bloat and existing proproatary back ends needing certain Microsoft products. Thus Microsoft blackmailed these large organisations into handing over a kings ransom to continue supporting XP. But Microsoft has not patched XP for this known NSA Cyber-Weapon…

So this could get real nasty real fast for Microsoft…

For more on the UK side,l The Register has this,

https://m.theregister.co.uk/2017/05/12/nhs_hospital_shut_down_due_to_cyber_attack/

@ Bruce,

This looks like it’s getting news worthy real fast, time to brush up on your NSA / CIA Cyber-Weapons chat 😉

tyr May 12, 2017 3:19 PM

@Clive

Stay healthy until they get this mess sorted.

Storing in the cloud still looks marvellously
inept. It has the signature thought pattern of
‘all those keystrokes might fill up local
storage, I know I’ll put them in the cloud and
move on to the next problem of how to tie my
shoelaces’.

I appreciate the level of paranoia but I find
that betting on stupidity has a remarkable level
of winning in the moderne worlde. That cloud is
the perfect adjunct to expand stupidity on a
global scale.

@Dirk

This reminds me of the Battle of Cambrai where
the new massed armies encountered modern rifles.
They immediately threw down their guns and started
digging holes to hide in. I’m not sure how to
dig a trench in cyberspace but he idea is starting
to have merit until the ordnance stops flying
around. I do not appreciate the TLAs and FLAs
going around poking holes in all of the defenses
much at all.

One weird question ? Is there enough Bitcoin to
pay the ransom across 70+ countries ?

ab praeceptis May 12, 2017 3:32 PM

Anonymous Coward

Isn’t that like saying that Microsoft should be avoided, just because MS-DOS was originally written by one person with no professional experience?

For a start, bill gates wasn’t alone. Moreover he didn’t build Ms-Dos but had a pre existing base. But that isn’t the point. The point is one of attitude and competence.
Well noted (and I ocassionally mentioned that here) I wasn’t any better than linus when I was 20 or so. Probably with 20 or so pretty everyone is more or less condemned to be an idiot in a way. I certainly was one. Unlike linus, however, I did listen to my professors (well the competent ones …) and I would profoundly think about it before going against established wisdom.

“Attack” – yes, linus attacked Tanenbaum. He basically told him that he was yester-decade and wrong and that he, linus, knew much better.

But my point isn’t linus. My point is what all of that (incl. his arrogance and cluelessness) led to.

Are you saying that political correctness is limited to Linux? Aren’t such “affirmative action”/”equal opportunities”

I don’t care. That’s political and sociological bullshit. Good technical products need good engineering, period. That said, I don’t care what’s between the legs of a capable colleage nor about his sexual, religious, or political preferences. I became quite good friends with a quite high up woman at IBM; I didn’t and don’t care and I never excluded women, yellow or whatever people or lesbians or … – I did, however, always look for competence and brains.

If some weird regulations demand quotas, oh well, then one creates a looney bin for the legal requirements and a workshop for the actual work. Unfortunately many projects mix that up.

Why not then diss everything Microsoft since Microsoft employees have called the GPL an evil “virus” that needs eradicated?

Front up and well noted: I was known to be a fervent microsoft hater for decades. That said, they were damn right with was just quoted and I wholeheartedly agree.

The gpl is a major evil and a major culprit ruining the software landscape and businesses. It basically says “the stuff is free but you will be subdued slaves of our ideology”.

Well noted, I’m not against libre or oss. In fact I have given away code decades ago under what would today be called a bsd license or similar. I’m against gpl specifically.

So when academics work on Linux, it makes Linux bad because “That’s why it is the hardest part to get right and most school trained programmers avoid it in their quest for shiny new algorithmns that display their sense of being a brainiac.”

Bullshit. You mix up two things. a) Very many, probably most, linux developers are incompetent amateurs (even if they happen to be good C “hackers”). Mastering some PL doesn’t make one a good software engineer. b) Many, if not most, software written by academics in their field and linked to some research project and/or paper is lousy or at best mediocre. That’s no attack from me but an observation. I can even feel with them. Writing an implementation of their stuff is probably emotionally similar to us being forced to to bookkeeping; must be done but we don’t like it.

at the same time Windows is superior to Linux simply by virtue of being for-profit and only hiring engineers with golden stickers(college degrees)?

Not at all. But – and that’s an important but many tend to ignore: When hiring engineers for money one can demand some things like for example that they work professionally. In an oss project one (usually) can’t. Moreover the value systems are entirely different.

Isn’t it harder to repair errors in Windows, since you have to do it without the source code (RTFB)?

A rather theoretical question as usually it’s people with access to source who do that. Also, please, do not equate microsoft = windows. When I speak of microsoft nowadays I’m talking about the company who (finally!) has see the light and is investing big money into research in all fields that are relevant to safety, reliability, security. And about a company that seems to have understood that an OS (or other major and sensitive project) should probably not be written in C/C++/java and the like.


ab praeceptis May 12, 2017 3:38 PM

Thoth

Fully purpose built from scratch by hands would be much better than having a full blown *NIX or Windows OS running on top with all their nonsense.

Right. That’s the point.

And it’s the reason that ticks me off when I see idiots playing with “real time linux”. That’s insanity to the cube.

For some safe and secure device with a specific task one (well, a grown up engineer) wants as little OS and libs as any possible.

gordo May 12, 2017 9:00 PM

More from The Register on the WannaCrypt, aka WanaCrypt aka Wcry, ransomware:

74 countries hit by NSA-powered WannaCrypt ransomware backdoor
Everything you need to know – from code and samples to survival
13 May 2017 at 00:16, Iain Thomson

Fortunately, a kill switch was included in the code. When it detects that a particular web domain exists, it stops further infections. That domain was created earlier today, halting the worldwide spread of the nasty.

https://www.theregister.co.uk/2017/05/13/wannacrypt_ransomware_worm/

… and from BleepingComputer:

Wana Decrypt0r Ransomware Using NSA Exploit Leaked by Shadow Brokers Is on a Rampage
By Catalin Cimpanu, May 12, 2017 01:07 PM

UPDATE [May 12, 2017, 08:58 PM ET]: While the spread of the worm has been temporarily stopped by MalwareTech’s registration of one of the hardcoded C2s, this is just a temporary measure. It would be trivial to modify the ransomware to use different domains and the process starts again. As BleepingComputer and MalwareTech state, the only solution is to make sure you have all your Windows security updates installed!

https://www.bleepingcomputer.com/news/security/wana-decrypt0r-ransomware-using-nsa-exploit-leaked-by-shadow-brokers-is-on-a-rampage/

Gleaned from the above BleepingComputer article, “MalwareTech … even created a live map showing new Wana Decrypt0r victims infected in real time”:

Live map: https://intel.malwaretech.com/WannaCrypt.html

Thomas_H May 13, 2017 1:23 AM

Apparently there are X-ray machines that run on Windows:

Unpatched Windows, and they’re hooked straight to the LAN

I’m not sure what scares me more: a potentially deadly machine running on an OS that explicitly prohibits such use in its terms and conditions (last time I looked), or the sheer stupidity of having such a machine wide open on the local network. Both should be liable for criminal neglect, IMHO.

Back at uni we had an old electron microscope of which the imaging software could only run on Windows XP at the latest (the microscope itself was basically prehistoric from a computing point of view and only accepted serial connections), and that was shielded from the main network precisely for this reason.

Clive Robinson May 13, 2017 2:10 AM

@ gordo,

That updated Register link contains an interesting snipit,

    Health Secretary Jeremy Hunt cancelled a pricey support package in 2015 as a cost-saving measure.

This is the “Kings Ransom” support contract –$300 a seat– Microsoft were asking to continue to support XP…

I was not aware that Jeremy Hunt cancelled the contract, he is usually in the news for his lunacy towards NHS front line staff in, in his attempts to prove he’s got a bigger pair and turn the NHS into a ripe plum to sell off to his cronies to profit by at everyone elses expense, thus get his nest feathered in the future as a slice of the action.

Hopefully a lot of noise will get made about this as the clock is ticking down to the UK General election in just a few weeks…

Clive Robinson May 13, 2017 3:53 AM

@ gordo,

An update on my above…

As noted Jeremy Hunt MP UK Minister with responsability for health cancled the XP support contract with Microsoft because he considered it too expensive. But importantly did not alow other protection to be taken because that was in his view too expensive as well. So the UK National Health Service got hit quite hard by the ransomware.

This morning Amber Rudd MP UK Home Office Minister was interviewed on BBC Radio 4 and troted out the line that,it’s all the users fault for not installing security patches…

And just repeated it like a mantra. Unfortunately the interviewer either did not know or for bias reasons did not challange Amber Rudd on her colleague Jeremy Hunt’s descision to cancel the MS support contract nor his decision not to take other required steps…

So in the UK atleast the current political incumbents are desperatly trying to lie there way out of a “National Emergancy” of their own creation…

Ho hum “Situation Normal All xxxx Up” (SNAFU).

Clive Robinson May 13, 2017 5:51 AM

Microsoft Try to avoid the Sh1t Storm over XP etc and Ransomware

Several years ago Microsoft wanted to kill of XP amd other older OSs but found the user base was way to large and embedded. Eventualy they resorted to blackmail to gey their way. They made the support of these OSs extrodinarily expensive on a year by year basis. As we know when that failed they tried the enforcrd update to Win10 that also did not give them what they wanted.

Now many countries and importantly their government agencies have been hit by this repurposed NSA Cyber-Weapon it looks like there will be a lot of negative publicity for Microsoft. Thus whilst there is a little breathing room due to the ransomware having an inbuilt “kill switch” which has been activated Microsoft are trying to avoid the crap that is to follow, especially as it would take only a binary editor and a copy of the ransomware to get it going again as badly as it did yesterday but without having the kill switch to stop it…

They have thus made patches for this Repurposed NSA Cyber-Weapon available to the older OSs.

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/?utm_source=t.co&utm_medium=referral

However as can be seen in the Microsoft blurb there are conditions,

    We also know that some of our customers are running versions of Windows that no longer receive mainstream support. That means those customers will not have received the above mentioned Security Update released in March. Given the potential impact to customers and their businesses, we made the decision to make the Security Update for platforms in custom support only, Windows XP, Windows 8, and Windows Server 2003, broadly available for download

Thus they are going to try to stop governments etc pointing out the “Kings Ransom” Microsoft were trying to blackmail out of their tax payers…

As always when “Supping with the Devil take a long spoon”.

JG4 May 13, 2017 8:19 AM

see also:
http://www.zerohedge.com/news/2017-05-12/what-happens-internet-minute

Links 5/13/17 | naked capitalism – Tor Browser
http://www.nakedcapitalism.com/2017/05/links-51317.html

Global Hack

Hackers use NSA tools in worldwide cyber attack Financial Times

https://www.ft.com/content/e96924f0-3722-11e7-99bd-13beb0903fa3

NHS cyber-attack: GPs and hospitals hit by ransomware BBC. Lambert: “Tories -> Budget cuts -> No upgrades -> Hacking […] -> Privatization of the NHS.”

http://www.bbc.com/news/health-39899646

74 countries hit by NSA-powered WannaCrypt ransomware backdoor The Register. Richard Smith: “The NHS is thought to have been particularly hard hit because of the antiquated nature of its IT infrastructure. A large part of the organization’s systems are still using Windows XP, which is no longer supported by Microsoft, and Health Secretary Jeremy Hunt cancelled a pricey support package in 2015 as a cost-saving measure.”

https://www.theregister.co.uk/2017/05/13/wannacrypt_ransomware_worm/?mt=1494656020687

Global cyberattack holds Britain’s NHS and businesses worldwide hostage Euronews (furzy)

http://www.euronews.com/2017/05/12/global-cyberattack-holds-britain-s-nhs-and-businesses-worldwide-hostage

Cyber-attack hits 99 countries with UK hospitals among targets – live updates Guardian. Martha r: “Live blog of current ransomware cyber attack.”

https://www.theguardian.com/society/live/2017/may/12/england-hospitals-cyber-attack-nhs-live-updates

Ransom Hackers Who Hit Hospitals Dealt Setback; May Return Bloomberg

https://www.bloomberg.com/news/articles/2017-05-12/ransom-hack-racking-up-victims-with-hospitals-most-at-risk

Top NSA Whistleblower: Ransomware Hack Due to “Swindle of the Taxpayers” by Intelligence Agencies George Washington

http://www.washingtonsblog.com/2017/05/ransomware-hack.html

Clive Robinson May 13, 2017 9:27 AM

@ JG4,

NHS cyber-attack: GPs and hospitals hit by ransomware BBC

It’s interesting to note that he BBC that has a legal requirment not just for impartiality but unbiased reporting is doing the opposit on this unlike other media outputs (like The Register article you link to).

I’ve commented to the BBC on the page you link to, pointing out the two sailient points of Jeremy Hunt cancaling the support and not providing alternative funding for upgrading the thousands of PC’s in the NHS that were stuck on XP. And the second poibt that medical equipment and telecommunications equipment running XP could not ne upgraded.

It will be interesting to see if it passes “moderation” or not.

Figureitout May 13, 2017 11:48 AM

Thoth
–Doesn’t even have to be a STM32F, plenty other options, just matter of putting the grunt work in (making a board, software). Would be fun. Almost what you describe can probably be found on hackaday or adafruit/sparkfun. 🙂

Some MCU on a breadboard w/ external oscillator (or single layer PCB) would be nice too, for storage (encrypted on a eeprom) or transfer. Chips galore! 🙂

Working on something else for time being, hope it’s successful…and your products too. :p

Thoth May 13, 2017 12:31 PM

@Figureitout

“Working on something else for time being, hope it’s successful…and your products too. :p”

Thanks. Same to you too.

blue bayou May 13, 2017 12:51 PM

From Eff.org :
https://dearfcc.org/
On how to contact fcc about net neutrality.

Don’t give up. Your input may matter.
http://www.newyorker.com/magazine/2017/03/06/what-calling-congress-achieves

For those who understand technology and the way of the world, please consider acting now or soon. With malware literally in the headlines your technical expertise may be listened to more at present.

To be or not to be a banana republic. Your technical expertise may be leveraged; think lazy, but for maximum impact perhaps.

gordo May 13, 2017 1:44 PM

@ Clive Robinson,

SNAFU is SOP, it seems, everywhere.

Drain the swamp of public goods and the alligators propagate.

Regarding Microsoft XP custom support, there’s no small irony in the $300 per-seat unlock/decryption figure charged by WannaCrypt, to say nothing of the harms done to the people served by the NHS. Amber Rudd and privateers like her remind us of why the ballot box matters.

This begs the question of the terms that dictate end-of-life support. I suppose they’re the result of monopolistic, perpetual-beta, proprietary lock-in and who’s beholden to whom.

If one considers organizations like the NHS critical infrastructure, then a higher standard of support applies. As so, such public goods might in fact foster true innovation in how such security spaces are actually managed. Are critical infrastructures designed for made-to-last, decades-long shelf-lives/service or designed-to-fail, five-year business plan/election cycles?

Clive Robinson May 13, 2017 3:03 PM

@ gordo,

Amber Rudd and privateers like her remind us of why the ballot box matters.

Unfortunately if you look at UK MSM you see they are in most cases very very clearly biased. Including the BBC who have a legal duty to be fair unbiased and present both sides of news. Supprise supprise they gave Amber Rudd a compleat pass on her stupidity and asked no questiins as to why it was her and not the Minister of State for health Jeremy Hunt, who was unavailable even to attend a COBRA meeting for a National Emergency he without doubt created.

To give you an idea of just how pathetic the JHunt is, he had been repeatedly warned by many people not just in ICT Security but the NHS clinicians and Microsoft themselves that the NHS was wide open to malware such as Ransomware and atleast one predicted it would happen within a year. The JHunt however decided that a cost of less than 10cents (~9pence) per person in the UK per year was a cost to far to pay (approx 5.5million GBP)…

The estimated clean up cost has already been given by some as >100million before loss of life, loss to the economy costs due to permanently lost critical medical records…

You might find this of interest,

http://anotherangryvoice.blogspot.co.uk/2017/05/exposing-amber-rudds-lamentable.html

Sancho_P May 13, 2017 5:55 PM

Wanna Cry,
based on ”… a cyberweapon developed by the N.S.A., funded by American taxpayers …” (NYT),
lost by ‘American (NOBUS) Hypocrites’,
substantially improved by Russian hackers (read: Putin and Snowden, the hater and the traitor),
damaged mostly Asia and Europe,
but could be stopped in an heroic act just (!) before trashing America,
due to an epic blunder of the adversaries.

Now the latter is the evidence:
The Russians did it, no one else would be that stupid.

Let’s make America great again!
Eiter by damaging the rest of the world,
or by crippling the old, no more supported systems (yup, Mi$$$$$oft, now, what an opportunity to deliver the real TLA kill switch …),
or better by both.

Let’s see if our “intelligence” will backfire!
[Signed by: The Pony]

ab praeceptis May 13, 2017 6:34 PM

@All

Ad “intel amt”

Suppose intel amt were not bad enough and some insane jerk wanted to turn it into an even higher risk lottery. How? What to do?

I’m glad to inform you that intel has found a solid way to make the amt cancer by far worse. In case you couldn’t already guess it: Yes, there is java, too.

The looney bin of idiot corp at your service!

gordo May 13, 2017 8:19 PM

@ Clive Robinson,

Thank you for the link. The interview of Home Secretary Rudd on the BBC has been posted out on YouTube. After watching it, the thought of defending negligence due to incompetence came to mind.

GE2017 Amber Rudd clueless on IT security and NHS ransomware attack (13May17)

Published on May 13, 2017
Over promoted failure home secretary Amber Rudd, proving her history is worthless, knows nothing about computer security, let alone the NHS ransomware / malware attack exploiting backdoors that the CONservatives want in every computer system and encryption application for the state. Someone using The State’s own created criminal tools against itself.

Recorded from BBC1 HD, BBC Breakfast, 13 May 2017

https://www.youtube.com/watch?v=UCFNOK8N2DU [08:38]

Who? May 14, 2017 4:57 AM

@ ab praeceptis

Re: Intel AMT

A few good news with relation to Intel AMT. It seems that at least Lenovo will patch ALL its vulnerable systems. It means releasing firmware upgrades to ancient (i.e. ten years old) computers like the first T-series and X-series ThinkPads with AMT 6.x. Good for them!

Of course it does not solve the fundamental problem with this technology: even if AMT has not been designed as a backdoor it is too complex to be trusted (as shown multiple times in the last years) and has been written by people that is not very good in the security field. The key to security is minimalism. Only something as simple as to be understood can be secure, and even in this case we need public access to source so the entire community can participate in the audit process.

I continue using my old non vPro, computers, as I think these are more secure. Not to say these few computers whose firmware can be write-protected by means of a switch (a few old, mid-90s, Pentium style computers and SPARC64 systems). Most recent systems are either in an airgapped network or connected to a network that has strong egress and ingress filtering rules (e.g., not allowing HTTP/HTTPS traffic in either way, only name resolution and SSH).

Who? May 14, 2017 5:17 AM

Most recent systems are either in an airgapped network or connected to a network that has strong egress and ingress filtering rules (e.g., not allowing HTTP/HTTPS traffic in either way, only name resolution and SSH).

…I should have written: allowing only outgoing SSH connections, of course. I think a three networks setup (one network with just a single firewalled computer that has less strict egress filtering (it allows HTTP/HTTPS) and complete ingress filtering, one network with a more strict egress filtering (e.g., HTTP/HTTPS not allowed in either way) and an airgapped network, each network using different colour cabling to avoid mistakes, and of course different network switches, works for me. I see no need to allow HTTPS traffic to/from more than just a single computer. Of course, AMT ports (623/udp, 664/udp, 16992/udp up to 16995/udp, and 16992/tcp up to 16995/tcp) are never allowed in either way. vPro systems are either in the highly firewalled network (no HTTP-style traffic allowed) or, if possible, on the airgapped one only.

Firewalls are either simple, non vPro, appliances (Soekris Engineering, PC Engines ALIX/APU systems, or even WatchGuard Fireboxes, or small SPARC64 computers, all running OpenBSD -current).

It does not fully solve the Intel vPro nightmare, but it is the best I can think.

Who? May 14, 2017 12:34 PM

@ Clive Robinson

Thus whilst there is a little breathing room due to the ransomware having an inbuilt “kill switch” which has been activated Microsoft are trying to avoid the crap that is to follow, especially as it would take only a binary editor and a copy of the ransomware to get it going again as badly as it did yesterday but without having the kill switch to stop it…

It is a one byte change. Just replace the dot in “.com” with any other character; my guess is no one will be able to register the new domain.

While here, I would like to note that I can hardly understand why corporations and universities had been using Microsoft software in the last decade. In most cases there is no need to run that software. Iff there is a need, these machines should under no circumstances be allowed to access Internet. This advice is so nineties… cannot believe I am saying it again!

ab praeceptis May 14, 2017 12:51 PM

Who?

Well, so so. Sure, it’s nice from Lenovo to patch older products, too, but a) that doesn’t make amt somehow better and b) that also backports the newer perversions those older systems didn’t yet suffer from.

We must look deeper to understand.

Probably some now will lament again how much of an us-american hater I am. No, I am not. I do not hate “the us-americans”, i.e. the people, the vast majority there. What I do utterly reject is their system, the 1%, and their unholy corporatocracy – deep state alliance.

And the whole thing is not merely a question of personal likes and dislikes. They did i.a., which is relevant for us, completely (and brutally) control vast portions of IT and particularly the processor technology. Other countries were completely dependant – and kept dependant – on the us of a masters.

There are but 3 exceptions: The Russians (earlier), the Chinese (only later), and the french (which is a story in itself. The french understood the threat and had both the capable intelligence services and the capable academia to always be somewhat behind but not utterly dependent. Think, for example, Inria and ST).
Everybody else had but 1 way, namely to beg – and dearly pay – the us of a for IT basics, in particular processors.

Another “coincidence”: Oh, please, feel absolutely free to buy alternative products! Unfortunately, it just so happens that there are none. You want an alternative mainboard with an alternative processor? Good luck. You’ll end up either with plain x86 or arm or with something using a processor from a fabless company, typically built on some us or uk patent and manufactured in a us-controlled fab (and with little and exotic OS and driver support). But there is powerpc and sparc, you say? Look at the companies behind that and think hard …

The “marriage” behind that thriller is a unholy as it is lucrative in more than one sense. The corporation make billions upon billions in profits (btw: Does anyone seriously think they won’t dance 100% to the deep state tunes and risk losing those wonderful billions and private jets?).
But the real Bang is what the deep state gains: A panopticon world, “citizens” (read working, consuming, tax paying herds) that are completely transparent and easy to manipulate. Every dictators wet dream!

But there are still universal laws and they still hold. One painful (for them as well as for us, if for different reasons) example: Unbounded greed always spawns children with lots of defects. The very “let’s cut corners” and “sloppy is good enough” greed attitude that promises even more profits (3 cents here and 2 cents there) also creates holes in the wall. To some degree that was even desired as those holes were attractive and useful for the spooks but there is another factor they either didn’t see or didn’t care about: The us of a system is mercilessly dumbing down people – and that’s also true for their own goons.

Also important: You don’t win that war staying with its mindset (the producer/consumer/market mindset). The solution is not to buy something alternative. First, there is no real alternative (well, there is, but neither the Russians nor the Chinese will sell it. It’s far too strategically, tactically, and operationally important). Second, you’d simply end up with the same problem (maybe slightly less obvious) in another colour. Because, you see, you’ll want to run software on your alternative hardware. Tell me: How is running crapian OS on architecture B more “secure” than running it on arch. A? And the libraries or, say, ssl/tls, is that somehow magically more secure on architecture B?

You win that war by using the weakness of the enemy against him and the strengths you (hopefully) have for yourself. As this war happens to be one fought in purses and minds, the human intellect can be a sharp sword and a mighty weapon that at the same time weakens the enemy and strengthens us.

It’s about properly thinking, properly designing, properly implementing. That is our strongest and most promising approach and weapon.

For more than one reason, btw. Example: A well educated and intelligent human will by nature tend to be against oppressive systems. Which translates to at least a considerable part of the us of a intelligentsia (all 5 of them, haha) being on our side.

But back to the core matter. Any war with untrustworthy communications is a lost one. We MUST be able to communicate confidentially.
To achieve that goal under very poor circumstances (with pretty much everything set against us) we must first fully and correctly understand the problem. “have everything airgapped” isn’t good enough. That may be good advice to Jane and Joe but to win (or even fight in first place) the war we absolutely need a clear and full understanding of the problem as well as of the situation.

The mindless “obscurity is not security” sectarian blabbering is an example. Let me offer you a concrete and simple example, a prng: such a thingy has 2 stages, namely a state change stage and an output stage which (hopefully) decouples the output from the state. In other words, there is an obscurity stage!

Why am I hunting that matter down so vehemently? Because a war is lost if the enemy succeeds in defining your thinking space and way of thinking. The truth is, in fact, that obscurity has been and still is a very major element in warfare. Sometimes as simple as hiding your tanks under “naturally looking” fabrics or even tree branches and brushes, sometimes as complicated as frequency hopping with multiple factors (not just the frequency) being prng controlled.

And yes, all of that also means that to not be condemned to loose the war we must understand that we are in a war and not in some comparatively cozy small village problem like Joe and Jane being eavesdropped on by the evil village cop.

Who? May 14, 2017 12:52 PM

More to come… https://wikileaks.org/vault7/#AfterMidnight

  • “AfterMidnight” allows operators to dynamically load and execute malware payloads on a target machine.
  • “Assassin” is a similar kind of malware; it is an automated implant that provides a simple collection platform on remote computers running the Microsoft Windows operating system.

It certainly does not sounds good for Windows users.

Czerno May 14, 2017 12:58 PM

@who, Clive, …
about : hex- editing the URL inside the binary malware.

If the binary is cryptographically signed – which, I believe, is compulsory to install and run on recent Windows editions – then modifying that hard-coded URL might not be quite so simple.

Who? May 14, 2017 1:56 PM

@ ab praeceptis

I certainly do not think you (or any other member of this forum) is an U.S.-american hater; on the contrary, I think your hard work on this forum show you are true patriots (even if more in the sense of “world and/or freedom patriots” than “U.S. patriots”).

I understand why you do not think patching AMT is enough. I do not think it is enough either, but at least Lenovo shows that it cares about known vulnerabilities even on ten years old products. It is good for all of us, but certainly the real fix would be allowing us to fully remove the management features from our computing architectures. However, can we trust backdoors will not remain? Perhaps in case Intel and AMD allow complete access to the processors schematics and microcode up to the point of allowing other companies to build their own fully compatible alternatives, but it will never happen.

Indeed, I know architectures like alpha and powerpc cannot be trusted either. Their manufacturers are U.S.-based corporations. On the other hand SPARC64 has public specs and anyone can build its own processors with the right manufacturing plants (Fujitsu is, sadly, the only current alternative SPARC64 manufacturer, and Sun Microsystems was a U.S.-based corporation). We have a serious problem here, but at least it seems the OpenBOOT PROM has no remote management features, it just looks like an advanced forth-based firmware and my Ultra systems have a physical write protection switch on their mainboards. It is the best we can have right now.

I understand your approach to combat current global surveillance model. I am certainly not against the “obscurity as security” model but I do not trust a lot on it either. What you describe is “guerrilla warfare.” It certainly works, and when correctly implemented works well, but sadly it does not scale. One cannot preserve “obscurity” when his communication requirements grow. It works for small teams.

My approach is more like “use the current techonology and protect it as nicely as you can using our current knowledge about how it works.” Hopefully we are seeing a lot of technical leaks now (thanks to Greenwald and Poitras, Snowden leaks were more embarrasing than technical, it was really sad and unfortunate as these leaks did no good for us but they damaged the U.S. reputation). Right now we have quality, and very technical, leaks. It seems that only some limited attacks against UEFI firmware are possible now, and the community has known for years the affected implementation (Apple) was incredibly buggy and remained unpatched. By the way, Apple did a poor and buggy implementation of OBP on their powerpc computers two decades ago too, up to the point the OpenBSD project choosed to ignore that firmware output where possible. So there is nothing really worrying here (yet!); just a bad software developer whose products are being exploited by a powerful intelligence agency.

We will see what “AfterMidnight,” “Assassin” and in some way “Archimedes” too mean for the community over the next weeks (probably another “WannaCry”). But at this point I expect nothing more than clever hacks.

Current leaks show that technology, roughly speaking, “works as intended.”

By the way, the Spanish CERTSI has identified at least two WannaCry variants (uninspiringly named “WannaCry.A” and “WannaCry.B,” the latter is the one that affected Telefónica). MalwareTechBlog warns about an unstoppable variant of this malware:

https://twitter.com/MalwareTechBlog/status/863626023010750464

No one will say “I was not expecting it.”

Who? May 14, 2017 2:03 PM

@ Czerno

It is a good point! I really hope this malware is cryptographically signed, but consider that the unusual way EternalBlue works makes it not a requirement. Why would someone follow the hassle of signing a binary when this vulnerability allows just dropping the binary in the target system without following the usual installation steps?

ab praeceptis May 14, 2017 2:28 PM

Who?

“obscurity as security” model but I do not trust a lot on it either.

Then throw away all crypto because crypto is obscurity done professionally (well, more or less …).

You see how deep seated the brainwashing is? Logic tells us one thing but psychological mechanisms (like ever repeated “obscurity isn’t security” incantations related ones) keep as mistrusting, just as was desired.

“guerrilla warfare.” It certainly works, and when correctly implemented works well, but sadly it does not scale. One cannot preserve “obscurity” when his communication requirements grow. It works for small teams.

Partly yes, but not at the important core. That’s the beauty of verifiable and proven algorithms and implementations. They work on any scale.

But I agree insofar as I myself occasionally find something (e.g. here in this blog) that seems to be a major problem but I happen to see a solution and keep it for myself as telling it would also hint the enemy, Which leads us back to what I exclaimed to be the conditio sine qua non -> We absolutely need confidential (and trustworthy) communications!

Moreover we must not forget that even the very core, crypto algorithms, are not to be simply trusted. One current reminder is the logjam attack, the paper on which just resurfaced these days. One of the take aways? “tls is broken”. “Funnily” (or not so at all) that paper did not even mention the plague of “probable primes”, upon which major parts of crypto are based. “Probable primes”, to make that clear, are an open invitation to nsa and accomplices to f*ck us; one reason being that that kind of problem class boils down to “who has the big resources will be using it and who has small resources will be the victim” (as is also visible with logjam, btw).

Frankly, crypto has become a) omnipresent, b) vital, and c) not or even misunderstood by 99+% of the people and users. And that not-understanding is virtually all encompassing. Example: I rarely see a proper threat analysis; quite usually the approach is “protect! somehow. and against something. whatever. protect!” – which, of course, is bound to fail.

Just look at the ssl/tls nightmare. nsa are laughing their a**es off while Joe and Jane dutifully (and cluelessly) update their software and firmware – and nobody uses common sense it seems. Example: Just look at the tls 1.3 presentation. 10 minutes of excited stuttering by that boy on stage and everyone with some healthy common sense should know, even without any crypto knowledge at all, that tls 1.3 is continuing the clusterf*ck tradition (those with crypto knowledge should have a carpet ready to bite into).

Who? May 14, 2017 2:43 PM

AfterMidnight… d’oh! I got the joke as soon as read implants are called “Gremlins.” The joke is worse than the vulnerability itself, it is just another service DLL (it seems service DLLs are the key to achieve persistence in Windows) implanted by means of HTTPS. It opens the usual “encrypted storage area” (as described in the CIA’s NOD Cryptographic Requirements) in the target system.

r May 14, 2017 5:06 PM

@Czerno,

If you recall, last year it was disclosed that the inbuilt cryptographic signatures Microsoft employed within its offerings were haphazardly checked and applied as there were windows allowing modifications.

gordo May 14, 2017 6:00 PM

Microsoft on the Issues
The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack
Posted May 14, 2017 by Brad Smith – President and Chief Legal Officer

Finally, this attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.

The governments of the world should treat this attack as a wake-up call….

https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/

Thoth May 14, 2017 9:23 PM

@all

Hoilydays entry is now open for the new Hoilydays “Golden Sticker” brands to participate.

New addition:
– JSON Web Token a.k.a Critical Vulnerability RFC-ed Token on problematic platform and format(RFC-7519)

ab praeceptis May 14, 2017 9:46 PM

Thoth

I’m enchanted to see that you are already thinking about the next “golden 100% cyber bullet proof sticker” round! And it’s needed. The only thing that can protect us is golden stickers, preferably let’s encrap signed ones!

But aren’t you too stringent proposing JSON Web Tokens? Shouldn’t we just generously include the whole “web 2.0” creepy looney bin?

moz May 15, 2017 3:07 AM

@Thoth;

The vulnerability is quite old and has been on their web site for a time. The “work around” is very simple – whenever you validate a JWT hard code the algorithm to match the algorithm that was used to generate the JWT. If you have to accept more than one algorithm then make separate hard coded code paths for each one with the key selected in that code path.

Libraries that want to fix this should accept and store separate keys per algorithm and implement their check so that they select the key that matches the declared algorithm.

N.B. Other fixes that have been attempted are unlikely to be trustworthy.

Orpheus Rocker May 15, 2017 5:52 AM

One thing about the damn NSA-origin threat is it seems to have galvanized Microsoft’s anti-viral and anti-malware services. A friend running MS Win 8.1 gets regularly bugged to update his Defender install; most times he’s tried, Microsoft have done bugger-all.

After this NSA software atrocity got “up-dated” from the rest of the Dark Side, he got bugged as usual, and it installed sweet-as, no hassle.

Who? May 15, 2017 4:36 PM

Kaspersky links the WannaCry ransomware to the Lazarus group. May it be North Korea?

THE Lizard King May 15, 2017 5:35 PM

I’m thoroughly surprised nobody yet has offered a deeper set of questions regarding the strncpy utilized by the listening end of the Intel AMT.

Ars has a light breakdown in the comments, how many of you have looked?

Intern or no?

ab praeceptis May 15, 2017 6:02 PM

THE Lizard King

No, I did. It’s, however, speculation as we don’t known intels strncmp implementation.

Chances are, I think, that it’s an unhappy mixture of different factors, one of which probably (but not certainly) is the function implementation; another one is the misguided design of at least many strncmp implementations which (mis)take length 0 to always match.

Another reason why I didn’t take a closer look (and also didn’t write about any details) is the fact that I take someone doing that kind of job in C and then adding java to the mix to be such an utterly stupid and incompetent f*ck that a closer look at his “work” is neither needed nor merited.

moo May 15, 2017 6:25 PM

Well, I guess we now know why the U.S. is banning laptops in the cabin on inbound flights from Europe.

http://www.reuters.com/article/us-usa-trump-russia-idUSKCN18B2MX

“U.S. President Donald Trump disclosed highly classified information to the Russian foreign minister about a planned Islamic State operation during their meeting last week, two U.S. officials with knowledge of the situation said on Monday.

One of the officials said the intelligence was classified Top Secret and also held in a secure “compartment” to which only a handful of intelligence officials have access.

After Trump disclosed the information, which one of the officials described as spontaneous, officials immediately called the CIA and the National Security Agency, both of which have agreements with a number of allied intelligence services, and informed them what had happened.

While the president has the authority to disclose even the most highly classified information at will, in this case he did so without consulting the ally that provided it, which threatens to jeopardize what they called a longstanding intelligence-sharing agreement, the U.S. officials said.

During his Oval Office meeting with Lavrov and Kislyak, Trump went off-script and began describing details about an Islamic State threat related to the use of laptop computers on aircraft, the officials told the Post.”

Wael May 15, 2017 8:10 PM

@Markus Ottela,

The perfboard and breadboard…

You put a lot of effort into this. I hope you’re able to commercialize it soon. Such devotion! Thank you! …

Ratio May 16, 2017 2:59 AM

@ab praeceptis,

[…]; another one is the misguided design of at least many strncmp implementations which (mis)take length 0 to always match.

What does this mean?

ab praeceptis May 16, 2017 3:35 AM

Ratio

You consistently abused (not only my) friendliness and patience. I’m not interested in your games.

JG4 May 16, 2017 7:56 AM

I think that this was in the usual daily compendium

https://www.rand.org/blog/2016/05/out-of-line-how-to-better-protect-airports-from-terrorist.html

Murdered DNC Staffer Seth Rich Was In Contact With Wikileaks Says Former DC Homicide Detective
http://www.zerohedge.com/news/2017-05-16/murdered-dnc-staffer-seth-rich-was-contact-wikileaks-says-former-dc-homicide-detecti
In the aftermath of the Seth Rich shooting, his family hired a private investigator, Rich Wheeler, a former D.C. homicide detective who says evidence on Seth Rich’s laptop suggests he was in contact with WikiLeaks prior to his death. Of note, Wheeler does not have possession of the laptop in question – however he said specific information will be released on Tuesday

Confirmed: DNC Emails LEAKED … Not Hacked
http://www.zerohedge.com/news/2017-05-16/confirmed-dnc-emails-leaked-%E2%80%A6-not-hacked
by George Washington – May 16, 2017 1:47 AM
Murdered DNC Insider Was the Source …

Dirk Praet May 16, 2017 8:21 AM

@ Clive, @ Chris Abbott

  • Moved to Squid because OT –

I think that kind of covers what you need to know…

One of the main takeaways of recent events would indeed seem to be the ease with which utterly irresponsible politicians and company execs are getting away with management practices that in essence boil down to criminal negligence. I know of no security compliance framework in which inadequate patch management or continued use of unsupported networking devices could somehow miraculously pass even an amateur audit without raising dozens of red flags.

Now unless the NHS, Telefonica and the like for unknown reasons would be exempt of full compliance with government mandated regulations, the simple question being raised here is what was in those audit reports and who – both on behalf of company management and auditor – signed off on them. Because whoever did so in a SOX context is personally accountable either for giving a clean bill of health or for not following up on a failed audit.

But Microsoft doesn’t exactly go free either. However much they are well within their right to discontinue mainstream support on technologically obsolete products, and however much they are correct that WannaCry should be a wake-up call for everyone, the simple fact of the matter remains that there are still entire legions of XP/Vista machines spread over the entire planet, and owned by folks that for a variety of reasons can’t or won’t move on.

While M/S legally is in the clear when these are massively turned into zombies, weaponised or otherwise hijacked, the resulting damages are very real, in essence leaving M/S with two options: remotely terminate them or continue to provide security patches, especially for vulnerabilities known to be exploited in the field by whatever player. There was no reason whatsoever for them not to issue that SMB-patch for XP the same way they did for their other operating systems in March. Although eventually they did when WannaCry broke out, it was way too late.

Not that this is a Microsoft-only problem. The same goes for Apple, Google and countless other technology vendors that over the years have made tons of money with products that are now obsolete and no longer supported, but still widely used and a liability both to their owners and everyone they connect with. The entire ecosystem of outdated iOS, Android, Symbian and Blackberry OS tablets and smartphones is particularly vulnerable to criminals and state actors alike, and a disaster just waiting to happen.

Last but not least, the IC and their overlords should finally start to realize that hoarding and weaponizing vulnerabilities eventually blows up in everyone’s face and for all practical purposes is the digital equivalent of chemical or biological warfare.

gamer May 16, 2017 4:48 PM

Is there a more recent game in the crackme/tiger-team-vs-blue-team genre than Redcode-i386?

Singularity Institute May 16, 2017 5:49 PM

What would stop someone from making a general AI and putting breakpoints around anything that could lead to it trying to figure out if it has phenomenal consciousness and just forcing such things to return true even if they weren’t?
How could it detect such tampering? How could one know that such a thing wasn’t being done to it?

Ratio May 16, 2017 10:22 PM

@ab praeceptis,

The charitable thing to do when someone says something that doesn’t seem to make any sense is to ask that person what the statement means.

[…]; another one is the misguided design of at least many strncmp implementations which (mis)take length 0 to always match.

Let’s see what you seem to be saying:

  • When you say “match” you apparently mean “compare as equal”.
  • Your mention of “length 0” suggests confusion on two issues:
    • That strncmp deals with strings that have a length.
    • That the size_t argument of strncmp expresses a length. (Or alternatively that in your opinion strings of length 0 shouldn’t compare as equal. I can’t imagine you’d say that, so I will go with the other option.)
  • You seem to think that implementations where strncmp(s1, s2, 0) always returns 0 (for all valid values of s1 and s2) are misguided.

In reality, strncmp is part of the C standard library and its behavior is specified by the C standard. The latest publicly available version of the C11 standard says:

7.24.4 Comparison functions

The sign of a nonzero value returned by the comparison functions memcmp, strcmp, and strncmp is determined by the sign of the difference between the values of the first pair of characters (both interpreted as unsigned char) that differ in the objects being compared.

[…]

7.24.4.4 The strncmp function

Synopsis

#include <string.h>
int strncmp(const char *s1, const char *s2, size_t n);

Description

The strncmp function compares not more than n characters (characters that follow a null character are not compared) from the array pointed to by s1 to the array pointed to by s2.

Returns

The strncmp function returns an integer greater than, equal to, or less than zero,
accordingly as the possibly null-terminated array pointed to by s1 is greater than, equal to, or less than the possibly null-terminated array pointed to by s2.

(The exact same text can be found in earlier versions of the standard: in 7.11.4 and 7.11.4.4 for C89/C90, and in 7.21.4 and 7.21.4.4 for C99.)

Given that, let’s reread your statement:

[…]; another one is the misguided design of at least many strncmp implementations which (mis)take length 0 to always match.

It should now be obvious that that is all wrong.

Now, maybe I say it’s all wrong because what you meant by that statement wasn’t what I took it to mean. In that case, others may also be confused about what you’re saying. Why not clarify what you meant?

A much less charitable explanation would be that I understood you correctly, and that you said something that’s blatantly false either because of ignorance (but you claim to have multiple decades of experience with C?) or because you deliberately claim that things you know to be false are in fact true (trolling?).

Once again I’ll assume the most charitable explanation is the correct one, and ask you what you meant by the text I quoted.

ab praeceptis May 16, 2017 11:25 PM

Ratio

For a start: I don’t care a rats a** about the C standard. In my world, PL standards follow logic and not vice versa.

And matchingly (g) you make the error of assuming that what I said was possibly related to a C standard. It is *not – other than saying that they got it wrong (as was to be expected). Plus, of course, they invited people to mistake the whole matter.

A string, i.e. an array of chars, is matching another string, when both arrays have the same length plus the same content. That can be expressed as a proposition:

let A and B be strings (arrays of chars)
let La be the length of A; let Lb be the length of B

La != Lb => A != B

(Iff La = Lb then) A[n] == B[n] for each n \elem 0..La

If that holds A and B match. End of story.

But C being C they, of course, had to create arbitrary definitions and add some confusion to that. Like the xxxncmp bunch. What is that ‘n’ to mean? The desired comparison length (let’s not ask for reason …)? Or is it to protect against senseless or even dangerous “compare over the length of the longer string” operations? “But”, you say, the funny “standard expressly states that the comparison stops anyway at \0”? So what? Who says those strings are terminated? “But”, you say, that’s wanton!”? Nope, not more arbitrary than “compare n chars of two strings”.

To finally clusterf*ck it up, they add yet another layer by comparing for “less” or “more”, too. Well, that’s a completely different playing field but than, we are talking about C and cramming additional functionality, no matter how nonsensical, is a strength of C after all …

The result? Worthless crap whose major real functionality is to create confusion and bugs, it seems.

Let me provide you with a glimpse into a much better (and more elegant, too) world. Assume caller passes in a buffer and a starting index at which callee is to hex “print” a desired number of bytes of something, say of a 64-bit unsigned int.

In C lingo:
// hex print ‘len’ bytes of ‘value’ into ‘buf’ starting at buf+’idx’ …
buf_hex_print(char *buf, unsigned int idx, uint64_t value, unsigned int len)

Oh no, wait, according to “good C practice” we should add the size of ‘buf’. So, let’s create buf_hex_n_print with an additional size_t telling callee about the size of ‘buf’- I wish you fun implementing that properly.
Well noted, I know pretty much nothing about ‘buf’ and I’m depending on quite some premises like buffer being large enough or properly \0 terminated and caller not telling me lies (maybe unintentionally; happens easily in C).

In Ada lingo:
procedure buf_hex_print (buf : in out String; idx : Integer; value : Unsigned_64; len : Positive)
with Pre => (buf’First <= idx) and (buf’Last >= idx + len * 2);

Et voilá, now I know – and can verify – i.a. that:

  • ‘buf’ is not null
  • ‘idx’ is not before the start of buf
  • ‘buf’ is large enough for the job (hex needs 2 chars per byte)
  • ‘len’ is > 0, i.e. I won’ttry to print 0 or even a negative number of bytes.

Note that ‘buf’ may start at 0 (C), or 1 (typ. Ada), or even at -22 and my procedure will still work fine.

ab praeceptis May 16, 2017 11:28 PM

Grrrr blog formatting …

The “with Pre” line above should be

with Pre => (buf’First <= idx) and (buf’Last >= idx + len * 2);

ab praeceptis May 17, 2017 12:19 AM

P.S.:

Any formatting stupidity of myself is not my stupidity but the evil Russians (TM) did it!!1!

Or maybe, for the sake of fairness, it’s the evil North-Koreans (TM) did it!!1!

You don’t believe me? Wait for the washington post or cnn or new york times picking it up! In fact, they make a living with “the evil <insert evil nation du jour> did it!!1!”.

Addendum: I’m sorry to inform you, evil Mr. Trump (soon trademarked), that you are only in third place. Maximum. But with a little patience and a an occasional polite sentence to some russian statesman you might overtake evil North-Korea and reach #2 right behind evil Russia….

JG4 May 17, 2017 6:45 AM

Links 5/17/17 | naked capitalism – Tor Browser
http://www.nakedcapitalism.com/2017/05/links-51717.html

Not Going Online Is the New Going Online Vice

https://www.vice.com/en_us/article/what-the-digital-resistance-movement-might-look-like


Global Hack

Focus Turns to North Korea Sleeper Cells as Possible Culprits in Cyberattack New York Times. Bill B: “‘Similarities exist between the ransomware used to extort computer users into paying the hackers and previously deployed North Korean malware codes.’ And now we know why the NSA recycles malware created abroad.”

https://www.nytimes.com/2017/05/16/world/asia/north-korea-cyber-sleeper-cells-ransomware.html

Is Microsoft to blame for the largest ransomware attacks in internet history? The Verge (resilc)

https://www.theverge.com/2017/5/15/15641198/microsoft-ransomware-wannacry-security-patch-upgrade-wannacrypt

Tales From the Crypto Community Foreign Affairs. Resilc: “Moldy oldy. USA USA is the leader in exporting chaos around the world.”

https://www.foreignaffairs.com/articles/united-states/2013-10-23/tales-crypto-community


Imperial Collapse Watch

Jigsaw, Beyond the CIA and Soros Near Eastern Outlook (Micael). Warning: this piece makes some very strong claims which it does not prove. So I would take it as a hypothesis worth considering, as opposed to something to be relied upon.

http://journal-neo.org/2017/05/16/jigsaw-beyond-the-cia-and-soros/

Was Israel behind US laptop ban on Mideast airlines? Al Jazeera (resilc)

http://www.aljazeera.com/news/2017/05/israel-laptop-ban-mideast-airlines-170517013320611.html

David Vine, Trumping Democracy in America’s Empire of Bases TomDispatch. Resilc: “What we do best, instead of promoting a Silk Road 2.”

http://www.tomdispatch.com/post/176281/tomgram%3A_david_vine%2C_trumping_democracy_in_america%27s_empire_of_bases/

Navy Chief Says U.S. Needs More Ships Quickly to Stay Credible Bloomberg (resilc)

https://www.bloomberg.com/politics/articles/2017-05-16/navy-chief-says-u-s-needs-more-ships-quickly-to-stay-credible


Fake News

One Day, Three Serious News Stories That Turn Out To Be False Moon of Alabama (Huey Long)

http://www.moonofalabama.org/2017/05/it-is-fakenews-day-on-north-korea-syria-and-the-us-president.html#more

New fake news dilemma: sites publish real scoops amid mess of false reports Guardian

https://www.theguardian.com/media/2017/may/16/fake-news-sites-reports-facts-louise-mensch

tyr May 17, 2017 8:29 PM

@Clive

Better order more popcorn.

Muller is back from retirement as the point
man in Trump investigation.

At least they managed to get Putin to laugh
today. That’s hard to accomplish in todays
world.

Clive Robinson May 18, 2017 12:05 AM

@ tyr,

Muller is back from retirement

Break out the Wintergreen and saddle soap with a side order of Sanatogen…

The thing is that there are so many ways we will never get to hear the results (even if he recomends peosecution, the DoJ can just sit on it) I get the feeling this is going to boil down to “a punt into the long grass”.

Because Pres Trump has had business dealings with Russian entities in the past he’s not going to come out as “unblemished”. That’s simply because of the way business operates in Russia, if it’s more than a few rubles somebody of dodgy / shady reputation is going to get in on it somehow.

However what everybody will be keen to avoid is a repeate of the report the Ex MI6 staffer produced. As somebody put it, it’s “definitely twitchy and that includes the author and the readers”. That report became a must read for it’s ludicrous sensationalism, pure political “Mills and Boon” bodice ripping level entertainment.

Thus I would not be surprised if it dragged on for months if not years…

Ratio May 18, 2017 12:43 AM

@ab praeceptis,

For a start: I don’t care a rats a** about the C standard.

You can’t discuss C in any meaningful way if you ignore the standard that defines what C is and isn’t. Any statement that disregards the standard is by definition not a statement about the C programming language.

(You can substitute “Ada” for “C” if that helps you to understand the point.)

[…] you make the error of assuming that what I said was possibly related to a C standard. It is *not* – other than saying that they got it wrong (as was to be expected).

Who do you think you’re kidding? @THE Lizard King wrote:

I’m thoroughly surprised nobody yet has offered a deeper set of questions regarding the strncpy utilized by the listening end of the Intel AMT.

Ars has a light breakdown in the comments, how many of you have looked?

Intern or no?

And you responded:

THE Lizard King

No, I did. It’s, however, speculation as we don’t known intels strncmp implementation.

Chances are, I think, that it’s an unhappy mixture of different factors, one of which probably (but not certainly) is the function implementation; another one is the misguided design of at least many strncmp implementations which (mis)take length 0 to always match.

Another reason why I didn’t take a closer look (and also didn’t write about any details) is the fact that I take someone doing that kind of job in C and then adding java to the mix to be such an utterly stupid and incompetent f*ck that a closer look at his “work” is neither needed nor merited.

(Emphasis in both quotes is mine.)

You were talking about the C function strncmp that Intel used. The C standard defines both the language and the function you were commenting on. In fact, you can’t say anything sensible about this function without (indirect) reference to the C standard.

I’ll get back to your claim that they got it wrong later.

A string, i.e. an array of chars, is matching another string, when both arrays have the same length plus the same content. […]

That’s strcmp(s1, s2) == 0. Note that strcmp and other …cmp functions are about comparison, not (just) equality.

But C being C they, of course, had to create arbitrary definitions and add some confusion to that. Like the xxxncmp bunch.

Two (strncmp and wcsncmp) is an impressive bunch.

What is that ‘n’ to mean? The desired comparison length (let’s not ask for reason …)? Or is it to protect against senseless or even dangerous “compare over the length of the *longer* string” operations?

The n argument indicates the maximum number of pairs of (wide) characters that are to be compared. (Wide) characters past the null (wide) character that terminates a (wide) string are never compared.

“But”, you say, the funny “standard expressly states that the comparison stops anyway at \0”? So what? Who says those strings are terminated? “But”, you say, that’s wanton!”? Nope, not more arbitrary than “compare n chars of two strings”.

The standard explicitly mentions this, referring to a possibly null-terminated array instead of a string (see my previous comment).

To finally clusterf*ck it up, they add yet another layer by comparing for “less” or “more”, too. Well, that’s a completely different playing field but than, we are talking about C and cramming additional functionality, no matter how nonsensical, is a strength of C after all …

There is no added layer of comparison on top of checking for equality. Besides, equality can be defined in terms of comparison but not the other way around.

The result? Worthless crap whose major *real* functionality is to create confusion and bugs, it seems.

Yeah, I mean, it’s all like so complex when you try and make it all confusing and stuff.

If you can’t understand something that’s at the level of complexity of strncmp you have no business programming your VCR (that probably has been blinking “12:00” ever since the eighties), much less anything else.

Now to your assertion that they got it wrong when they decided that strncmp(s1, s2, 0) should return 0 for all valid values of s1 and s2. Here’s the moral equivalent of strncmp in two lines of basic Haskell:

strncmp s1 s2 n = compare (take n (str s1)) (take n (str s2))
  where str xs = takeWhile (/= '\0') xs

Any guesses as to what strncmp s1 s2 0 evaluates to for any legal values of s1 and s2? LT, EQ, or GT?

Let me provide you with a glimpse into a much better (and more elegant, too) world.

I see little point in comparing languages if it can’t be done based on facts instead of on statements that are the result of ignorance or are deliberately misleading (to say the least).

If your latest comment was supposed to answer the question what you meant when you talked about the misguided design of at least many strncmp implementations which (mis)take length 0 to always match, I’ll now be forced to look at one of the more uncharitable alternatives as an explanation for that statement.

ab praeceptis May 18, 2017 1:35 AM

Ratio

You obviously don’t know what you are talking about re. more and less. Hint: more and less need meaning, equality tests don’t.

Moreover you – not at all surprisingly – largely avoided my C vs Ada example. In my Ada version I have everything I need to avoid whole classes of bugs while in the C version I have but some promises that can be (and often are) lies.

As this place here happens to be about security I do care much more about security relevant aspects than about your mindless C standard citing.

Oh, and btw. the function I used as an example came from current work on implementing some interesting crypto stuff in Ada or, more precisely, from the crypto stuff whose original author has an error in his C reference implementation which he didn’t notice because (I did test that) C happily compiled it where Ada immediately complained and clearly told me about the error.
Which in the given case means that his math is correct, his reference implementation, however, is not. Congratulations to all the happy reference implementation users whose prng has a significant bias due to C being a clusterf*ck. nsa and cia will be pleased.

But don’t you worry, just continue your private preaching and “I know better!” crusade – just not with me. I’m not interested in your mindless blabbering.

Dirk Praet May 18, 2017 2:51 AM

@ Clive, @ tyr

I get the feeling this is going to boil down to “a punt into the long grass”.

I guess we’ll just have to wait and see. The appointment of Mueller (a former FBI director) as special counsel however is a writing on the wall that at least some Republicans are breaking rank and the tweeter in chief despite his best efforts cannot make this go away. To be continued, I’d say. But let’s replace the popcorn by something less fattening.

Clive Robinson May 18, 2017 3:31 AM

@ Dirk Praet, tyr,

But let’s replace the popcorn by something less fattening.

FATTENING????

I’ll have you know that my Zero-Gal Everlast Golden Maid Corn that is Poped, remains fresh no matter how damp the bowl. Whilst having zero nutrition or usable calories due to it’s unique production methods. It comes straight from the same production line in our organic packing line of chips, to be found in an Internet shipping box near you 😉

P.S. All jokes aside, there is actually a formular for turning healthy and eddible corn into a form of expanded plastic that can be used to make packaging material that even a hungry rat would not eat. And yes whilst in theory “Green” it’s about as bio-degradable as old rubber flooring :-S

ab praeceptis May 18, 2017 3:53 AM

Clive Robinson

I’m enchanted to see that there are green stickers, too. And they seem to work just like the golden ones. Great!

tyr May 18, 2017 5:12 PM

@ Wael, et al

This looks interesting.

https://www.wolframscience.com/nks/

@ Clive, Dirk

Since his 10 seconds of fame ended with the
frantic hospital visit to Ashcroft with his
crony Comey. I had forgotten his name has
an e in it. Mueller.

I always thought that the way to make corn
inedible was called corn syrup, a favourite
ingredient in most of USAs junk food. Hard to
avoid and really bad for you as well.

Popcorn like politics is mostly hot air, the
fattening occurs after the taxpayers are
swindled.

I’d like to see the Rus hysteria tracked back
to MI6 since they have been at it for hundreds
of years. Making the Rus out to be invincible
Bond villains who have such a stranglehold on
the American Heartland that they control 45
of the continental states electoral colleges
is stretching the credulity a bit. Even Stross
won’t buy that as a storyline.

Clive Robinson May 18, 2017 7:33 PM

@ tyr,

I’d like to see the Rus hysteria tracked back to MI6 since they have been at it for hundreds of years.

MI6 has not been around for hundreds of years, they kind of started out with Admiral Cunningham’s –hence “C”– “Passport Officers” at the begining of the 20th Century. However the British have been “at it” in Europe one way or another since Tudor times. It’s even been shown that the coup de grace shot in the supposed skull of the “Mad Monk” Rasputin came from a British Officer’s Webley Revolver. Because it had an odd caliber of 0.455 which was effectively unique. The only question is was the finger that pulled the trigger British, to which the answer is apparently “Most likely” and a name suggested. Oh and of course the end of the Victorian era saw the likes of Karl Marx etc put forth their political philosophies, that would change Russia in ways few would have predicted. However few were realy interested in Russia much before the 19th Century because it was seen as a distant land of peasents that were living in bogs and swamps infested with the likes of mosquitoes. Further the last person back then to enter Russia with armed forces saw very few return to their French homelands.

Wael May 18, 2017 7:41 PM

@tyr,

This looks interesting…

Looks like it. I do trust your book reccomendations. May take me some time to get to it. Thanks.

Ratio May 19, 2017 4:06 AM

@ab praeceptis,

You obviously don’t know what you are talking about re. more and less. Hint: more and less need meaning, equality tests don’t.

What it means for two objects to be equal needs to be defined just as much as what it means for an object to compare as less than, equal, or greater than another object. (For example, you decided to define what it means for two strings to be equal.)

If you want to talk about equality, equivalence, total order, and all the rest, do let me know.

Moreover you – not at all surprisingly – largely avoided my C vs Ada example. In my Ada version I have everything I need to avoid whole classes of bugs […].

What is the point of a comparison that isn’t factual about the things being compared?

So Ada (since Ada 2012?) has preconditions and postconditions; that can be useful. Anything else that you wanted me to note about that example procedure signature (or whatever the correct term is in Ada lingo)?

As this place here happens to be about security I do care much more about security relevant aspects than about your mindless C standard citing.

You can’t get security right with a combination of muddled thinking and alternative facts.

Oh, and btw. the function I used as an example came from current work on implementing some interesting crypto stuff in Ada or, more precisely, from the crypto stuff whose original author has an error in his C reference implementation which he didn’t notice because (I did test that) C happily compiled it where Ada immediately complained and clearly told me about the error.

So let’s see the relevant parts of the C and Ada implementations with your commentary about the preciss nature of the error. That would be a lot more interesting than a (straw man) comparison of the signatures.

Which in the given case means that his math is correct, his reference implementation, however, is not. Congratulations to all the happy reference implementation users whose prng has a significant bias due to C being a clusterf*ck.

So your colleague made a mistake when coding up an algorithm in C, and this never happens to you because you use Ada. I propose a platinum sticker for this logic. (Yes, it’s better than old, but it’s still hilariously wrong…)

But don’t you worry, just continue your private preaching and “I know better!” crusade – just not with me. I’m not interested in your mindless blabbering.

chuckle Well, okay then!

Ratio May 19, 2017 4:11 AM

@ab praeceptis,

Typos:

the preciss nature of the errorthe precise nature of the error

it’s better than oldit’s better than gold

ab praeceptis May 19, 2017 2:54 PM

Ratio

answer to multiple times disqualified person not deserved.

Have a nice day.

Ratio May 19, 2017 9:08 PM

@ab praeceptis,

answer to multiple times disqualified person not deserved.

Now, now, don’t be too hard on yourself.

Here, have another Platinum Security® sticker! Don’t you just feel so much better already?

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.