Friday Squid Blogging: Squid and Chips

The excellent Montreal chef Marc-Olivier Frappier, of Joe Beef fame, has created a squid and chips dish for Brit & Chips restaurant.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on May 26, 2017 at 4:12 PM • 76 Comments

Comments

Ben A.May 26, 2017 4:16 PM


Cloak & Dagger

"Cloak & Dagger is a new class of potential attacks affecting Android devices. These attacks allow a malicious app to completely control the UI feedback loop and take over the device — without giving the user a chance to notice the malicious activity."

http://cloak-and-dagger.org/


Laptop Ban Reaction to X-Ray Equipment Stolen by ISIS

https://professional-troublemaker.com/2017/05/22/exclusive-laptop-ban-reaction-to-x-ray-equipment-stolen-by-isis/


How to build your own VPN if you’re (rightfully) wary of commercial options

Not a good option from an anonymity point of view.

https://arstechnica.com/gadgets/2017/05/how-to-build-your-own-vpn-if-youre-rightfully-wary-of-commercial-options/


Windows 10 Enterprise ignores various privacy settings

https://twitter.com/m8urnett/status/866353982217699328
https://news.ycombinator.com/item?id=14389441


In a throwback to the ’90s, NTFS bug lets anyone hang or crash Windows 7, 8.1

https://arstechnica.com/information-technology/2017/05/in-a-throwback-to-the-90s-ntfs-bug-lets-anyone-hang-or-crash-windows-7-8-1/


Crysis ransomware master keys posted to Pastebin

https://nakedsecurity.sophos.com/2017/05/26/crysis-ransomware-master-keys-posted-to-pastebin/


Samba exploit – not quite WannaCry for Linux, but patch anyway!

https://nakedsecurity.sophos.com/2017/05/26/samba-exploit-not-quite-wannacry-for-linux-but-patch-anyway/

http://www.fireeye.com/blog/threat-research/2017/05/smb-exploited-wannacry-use-of-eternalblue.html


Trump’s Dumps: ‘Making Dumps Great Again’

https://krebsonsecurity.com/2017/05/trumps-dumps-making-dumps-great-again/


Why are hidden files with a leading tilde treated as super-hidden?

"If there is a hidden file whose name begins with a tilde, then Explorer treats it as if the system and hidden attributes are both set, causing the file to be treated as super-hidden."

https://blogs.msdn.microsoft.com/oldnewthing/20170526-00/?p=96235

JG4May 26, 2017 4:27 PM


wishes everyone who observes Memorial Day a sobering reflection on the human condition

another nice data visualization, including times when the US was a better place to go than to leave

https://blueshift.io/

I have to be careful here, because the only four countries that I know are better are unaffordable to the average wage serf. if they call my bluff and throw me out, I'll end up in a worse place

https://www.newscientist.com/article/2132748-monkey-mafia-steal-your-stuff-then-sell-it-back-for-a-cracker/

https://www.theverge.com/2017/5/26/15701776/chipotle-restaurants-hacked-credit-card-malware

http://www.nakedcapitalism.com/2017/05/200pm-water-cooler-5262017.html
...
Big Brother is Watching You Watch
‘[Matthew Crawford] was prompted to write [The World Beyond Your Head] by a profound sense of unease over how the ‘attentional commons’ was being hijacked by advertising and digital media. One day, he was paying for groceries using a credit card. He swiped the card on the machine and waited for a prompt to enter his details to appear on the screen. He was surprised to find that he was shown advertisements while he waited for the prompt. Somebody had decided that this moment — the moment between swiping your card and inputting your details — was a moment when they had a captive audience and that they could capitalise on it. Crawford noticed that these intrusions into our attentional commons were everywhere. We live, after all, in an attentional economy, where grabbing and holding someone’s attention is highly prized’ [Philosophical Disquisitions].
...

http://www.zerohedge.com/news/2017-05-26/google-about-start-tracking-your-offline-behavior-too

http://www.zerohedge.com/news/2017-05-26/fisa-court-warned-fbis-apparent-disregard-rules-illegally-shared-spy-data-private-co

https://techcrunch.com/2017/05/25/creative-destruction-lab-quantum-machine-learning/

http://circa.com/politics/declassified-memos-show-fbi-illegally-shared-spy-data-on-americans-with-private-parties
...[another perjurer]
In his final congressional testimony before he was fired by President Trump this month, then-FBI Director James Comey unequivocally told lawmakers his agency used sensitive espionage data gathered about Americans without a warrant only when it was “lawfully collected, carefully overseen and checked.”
Once-top secret U.S. intelligence community memos reviewed by Circa tell a different story, citing instances of “disregard” for rules, inadequate training and “deficient” oversight and even one case of deliberately sharing spy data with a forbidden party.

DanielMay 26, 2017 5:29 PM

https://philosophicaldisquisitions.blogspot.com/2017/05/the-right-to-attention-in-age-of.html

That is the link to the quote about attention in the above post. It is a good read and to a large extant I agree with it. The one place I disagree is the pretense that attentional warfare is something new and that technology bears the central blame. Nonsense. Technology may have made attentional warfare more "in your face" but it has been going on as long as humankind has been going on.

SystateMay 26, 2017 6:21 PM

Ben A
Do you know what i find extremely funny? I scrolled to the bottom and found this gem

"Current — All the attacks discussed by this work are still practical, even with latest version of Android (Android 7.1.2, with security patches of May 5th installed).

So
August 22
September 22
October 22
November 22
December 22
January 22
Febuary 22
March 22
April 22
May 22
....
....
....
???????

lol
I guess the security fix is get their next top line product and ship it into the sun.

Ben A.May 26, 2017 6:29 PM

Totally agree Systate. Android security is a joke compounded by Google's poor update policies (not forcing OEMs to push out the update). Grab a copy of Kali Linux to see the multitude of working Android exploits.

Here's an article that discusses the sorry state of Android encryption:

Android Encryption Demystified

https://blog.elcomsoft.com/2017/05/android-encryption-demystified/

Unrelated: Google Chrome extension to bypass paywalls

https://chrome.google.com/webstore/detail/xray/dgkdfehohjdbmnldpcegekjakcdjlnkg

SystateMay 26, 2017 9:22 PM

Ben A
You want security you have to pay. Alot. Kali linux is cool and all but the only thing i barely understand is fuzzing.

This is a disclamier to Clive Robinson, Nick P and et all
That article contains strange words such as Secure Enclave and Trust Zone.


But from that article it is safe to assume that most android phones arent even encrypted. So you have to pay them for security. Why make a device that takes a performance hit when envryption is enabled in the first place? That encryption 1102.

From a business standpoint, it makes perfect sense.

RatioMay 27, 2017 3:27 AM

Terrorist attack on Coptic Christians in Egypt:

Egypt has carried out airstrikes in Libya after at least 26 people, including children, were killed and 25 wounded in a gun attack on a bus carrying Coptic Christians south of Cairo, the latest in a series of terrorist incidents targeting the religious minority.

Local media reported witnesses saying that between eight and 10 gunmen, dressed in military uniform, carried out the attack. Egypt’s interior ministry said the attackers, travelling in four-wheel-drives, “fired indiscriminately” at a car, bus and a truck in the al-Idwah district outside Minya, about 135 miles (220km) south of Cairo.

[...]

Children aged two and four were among the victims, according to a list of victims released by the governorate of Minya.

Clive RobinsonMay 27, 2017 6:18 AM

@ AlanS,

One smile deserves another,

https://twitter.com/adamstoon1

@ Bruce,

Brit & Chips

Hmm, I wonder if he knows that "Brits" are either "tough and chewy" or "slack and flabby" depending on where you catch them. Though at this time of year you will find washed up examples on beaches turning from pasty white to lobster red. I guess the old nursery rhym of "Fe Fi Foe Fum, I smell the blood of an Englishman..." did not warn Mr Frappier that some do have teeth ;-)

TatütataMay 27, 2017 8:04 AM

Re: slot machine hacking

Looks like someone actually managed to implement the hallowed Infinite Improbability Drive.

Maybe this is why Portland Mud's casinos managed to lose money? (Or he couldn't organise a p***-up in a brewery). Now the Rooskies are making it up to him by appointing him as launderer in chief.

I have an intense feeling of déjà-vu. I thought the dateline on that Wired link is in the future, but then I realised that the date was written in the wretched MMDDYYYY format preferred in the US, and the item is in fact from February.

Clive RobinsonMay 27, 2017 12:03 PM

@ Tatütata,

Looks like someone actually managed to implement the hallowed Infinite Improbability Drive.

Or a "Perpetual Motion Machine" at the payout slot ;-)

When you read it you realise that those thinking up the system had a bit of a quandry about OpSec.

Casino's have an allergy to electronics on punters as they regard it as being for what they see as defrauding them by "cheating the system" (though how they can say that with the tricks they pull on punters has always supprised me).

Thus whilst casinos originaly tried to ban mobile phones, they eventually had to relent because the "Whales" and similar suffered from "separation anxiety" and this was bad for casino business.

Thus being able to get a smart phone in has made this sort of thing possible, it caused problems, in that they had the choice covert or overt usage. Overt usage requires nothing other than a phone and a suitably innocuous app. Covert use however requires modified clothing etc that will alow the phone to film but not be easily seen. The downside of covert usage is if you are pulled and searched then the modified clothing raises suspicion that can not be talked away.

So the operators went for what they considered to be the safer method. Presumably because they did not think the casinos would realise a more wide spread operation and start going through large quantities of surveillance footage looking for comminalities in behaviour.

By the way I guess it's not much of a secret as I've mentioned it befor and further since a certain Israeli University published how to use a mobile phone to pick up "Compromising Eminations" from a laptop to use a time based side channel to extract key info, but all those gaming machines have compromising eminations, even those shiny new ones with their "crypto protection" methods...

Back in the 1980's long prior to EMC regulations I discovered something interesting, not only does electronic equipment suffer from Compromising Emissions (TEMPEST radiation) it also suffered from a "susceptability" issue (technically an EmSec not TEMPEST issue). More correctly a "cross modulation" problem, which later was one of the reasons the likes of mobile phones were baned from secure areas.

Basically whay you do is "illuminate" the Device Under Test (DUT) with an EM carrier which by the process of cross modulation directly or by reciprocal or harmonic mixing gets modulated by --confidential/secret-- compromising information. Then by using an appropriate receiver you pick up the carrier or it's harmonics that are now modulated with compromising information, and demodulate it and decode it to recover the internal state information.

Further what you often get is much more sensitive compromising information from deep within the DUT, not the TEMPEST emissions that the designers might have tried to protect at the periphery of the DUT such as it's I/O lines.

But better still by adjusting the frequency, direction of propagation and amplitude of the EM carrier you could be selective about what information you could get out of the DUT. Though more correctly an EmSec susceptibility attack, it is sometimes called a "TEMPEST Hijack" attack or "TEMPEST in a Teapot" attack by various sources on the Internet, if people want to find further info on it.

But it gets better still... what I also found back in the 80's was that there was a reverse trick. That not only was the DUT susceptible to cross modulation, but by modulating the EM carrier you could change the computer behaviour by actively injecting a fault into it.

I demonstrated these problems back then on an "Electronic wallet" --for Europe-- prototype and on a "Pocket gambling device" --for far eastern casinos-- much to the anoyance of the designers (who went ibto NIH / "golden goose" denial mode). Luckily the wallet was way to early for public acceptance so died from a lack of market interest after a couple of trials. Whilst the pocket gambling device did go ahead it was clunky and did not give the payout rush, so was not popular with the target audience, thus died as well.

But I went further and discovered other interesting things. Whilst the basic active fault attack could be made ineffective by using a metal case, such cases have problems. Basically unless you weld up or solder all gaps in the metal case an EM carrier of much higher frequency can still get in. Thus edges around access pannels and ventilation slots not only let in an EM carrier they can be very susceptible due to certain effects (look up "slot antennas" and "waveguide filters").

Thus you can get EM energy into the case, but it is generaly of too high a frequency to be of as much use as the lower frequencies. A few years back a couple of researchers as the UK Computer labs rediscovered this and squirted 10GHz at an IBM 32bit TRNG and pulled the entropy down from over 2^32 to less than 2^7 which makes guessing / brut force attacks realy trivial... But they also missed a trick or three.

If you CW modulate the EM carrier you can still get basic fault injection attacks to work. But you can also use a more complex waveform to be rather more devistating. You can AM modulate a 10GHz signal with a sinewave upto about 1/GHz and this will get "envelope demodulated" by the protection diodes built into silicon chips to protect it from transients on the inputs and outputs. If an IC input is connected to a Printed Circuit Board (PCB) trace the demodulated sinewave now more like a full rail square wave will be on this trace which will then act like an antenna and radiate the signal and it's rich complement of harmonics inside the case. Thus you can tune the frequency of the sinewave to make it more readily picked up by other PCB traces or equipment wiring. Further if you then modulate the sinewave with your fault injection signal you've got it inside the case "doing the nasty" big time to the DUT electronics...

Analog circuitry is particularly sensitive to fault injection attacks especially TRNG circuits and the likes of low frequency or base band / direct convertion receivers / demodulators currently gaining popularity with Software Defined Radio (SDR). Oh and also things like touch screen and capacitive key input devices, which have the bad habit of being filtered / decoupled at the distant end of the trace or wire, not the IC pin end...

All that said what I can further assure people is that some managment types never learn and many gambling machines have both emission and susceptibility issues by the shovel full, that have yet to be exploited in anger.

Thus the question arises as to how long it will be before the likes of the Russians mentioned in the article download a copy of the "pita receiver" paper from the Israeli University and firstly start using it to "pickup" the compromising emissions time based side channels to pull out the PRNG state or transitions?

After all it would not be hard to design the antenna to look like a very fashionable bracelet to make it covert. By adding a non obvious connector this could hookup to what would look like a mobile phone ear bud etc...

If there are any Casino Security Personnel reading or likewise gambling machine designers, you might want to start thinking about how you are going to stop such attacks. But remember the Smart Card Industry spent a lot more than just millions trying to stop the EmSec issues they had to get their security ratings...

Happy holiday weekend to those who get an extra day to "do your thing" B-)

Joe SixpackMay 27, 2017 1:48 PM

'Google and Facebook lobbyists try to stop new online privacy protections'

...also includes "Amazon, Dropbox, eBay, Microsoft, Netflix, PayPal, Reddit, Spotify, Twitter..."

https://arstechnica.com/tech-policy/2017/05/google-and-facebook-lobbyists-try-to-stop-new-online-privacy-protections/

Basically, the anti-privacy lobby wants to make sure a rule requiring user consent and a tangible "opt-in" to data sharing gets killed dead, dead dead.

Meanwhile, Google and Facebook are jostling to become the new world order in charge of internet censorship with their magical algorithms, only slightly assisted by a few well heeled CEOs.

Well, I guess that's alright. They certainly have the money to make it happen, not to mention real world control of the www.

But, I wonder what would happen if the people who use the internet were given a vote or some internet rights....OK, that's not going to happen. I get it.

Captain Jack SparrowMay 27, 2017 7:03 PM

Lubuntu 17.04 & Current Debian LiveCD's Missing Critical Utilities

The Lubuntu 17.04 Desktop/Live CD(ISO) is missing:

Package: net-tools[1]

It's pathetic when you use a LiveCD today and discover
you don't have something as simple as netstat and other
important tools available.

It's also quite pathetic to discover the recent Debian LiveCDs
are missing UFW[2].

[1] "This package includes the important tools for controlling
the network subsystem of the Linux kernel. This includes
arp, ifconfig, netstat, rarp, nameif and route."

[2] "The Uncomplicated FireWall is a front-end for iptables, to make managing a Netfilter firewall easier. It provides a command line interface with syntax similar to OpenBSD's Packet Filter. It is particularly well-suited as a host-based firewall."

AlanS May 27, 2017 7:33 PM

@Clive

Thanks for the smile! Both Trump and Theresa appear to be rapidly coming unstuck. Yet more to smile about.

PandoraMay 27, 2017 7:41 PM

@ Clive Robinson:

Is it possible to detect anything from the old "dumb" wrist watches which many stores continue to sell today? Do they spill any details which could be used to monitor/track people?

Is it possible to "poison" a SATA Controller and utilize the LED light for nefarious purposes? I recently disabled a noisy one in BIOS because it wouldn't shut up.

bullfrogMay 27, 2017 7:43 PM

@ Clive Robinson:

Is it possible to detect anything from the old "dumb" wrist watches which many stores continue to sell today? Do they spill any details which could be used to monitor/track people?

Is it possible to "poison" a SATA Controller and utilize the LED light for nefarious purposes? I recently disabled a noisy one in BIOS because it wouldn't shut up.

RatioMay 28, 2017 4:52 AM

Tainted Leaks: Disinformation and Phishing With a Russian Nexus:

Key Points

  • Documents stolen from a prominent journalist and critic of the Russian government were manipulated and then released as a “leak” to discredit domestic and foreign critics of the government. We call this technique “tainted leaks.”
  • The operation against the journalist led us to the discovery of a larger phishing operation, with over 200 unique targets spanning 39 countries (including members of 28 governments). The list includes a former Russian Prime Minister, members of cabinets from Europe and Eurasia, ambassadors, high ranking military officers, CEOs of energy companies, and members of civil society.
  • After government targets, the second largest set (21%) are members of civil society including academics, activists, journalists, and representatives of non-governmental organizations.
  • We have no conclusive evidence that links these operations to a particular Russian government agency; however, there is clear overlap between our evidence and that presented by numerous industry and government reports concerning Russian-affiliated threat actors.

Slime Mold with MustardMay 28, 2017 5:09 AM

@ Clive Robinson

(continued from previous squid thread)

Re: SS Richard Montgomery
https://www.schneier.com/blog/archives/2017/05/friday_squid_bl_578.html#c6753253

Good Sir;

I undertook to look into this shipload of ordinance sunk in the Thames Estuary and was surprised to find yourself (especially) much in error. Less in that you misstated the quantity of explosive, but in that of its potential effects on the heart of London(Canary Warf et al) for even a half megaton blast. You have certainly forgotten much more about physics than I ever knew. Yet you gave some sort of credence to such a blast damaging "Canary Warf" (whether the district, the building or the tube station you did not specify) some 40 kilometers distant. I have little used the inverse square law in the last few decades. We have something similar at my firm that we call "diminishing returns".

I did look at the "London Clay" for liquification possibilities. The easily available material does not list depths of strata, thus I remain ignorant of the mass, yet the law of inverse square still applies.

I considered hydrostatic shock and waves, until I saw Gravesend (retirement village?). Fluid shock waves don't do corners.

Most especially, if you can bring yourself to use JavaScript, the third illustration at this site
https://www.quora.com/How-lethal-are-Pakistans-nuclear-weapons-How-much-area-would-be-immediately-destroyed-in-a-single-attack

From a 500 kt ground burst:
Moderate damage to commercial buildings at 5.76 kilometers, and light damage to 9.3 kilometers

Of course, the SS Richard Montgomery contains something closer to 1400 long tons of bombs. The bureaucrats mislead: Roughly 40% of a bomb's weight is explosives. 560 tonnes of stuff. The phosphorous being quite the hazard if:

Londoners bought into a bit of the hype about the nearby Grain Island LNG plant. The Army taught me about something similar. All a can say is that, although the danger is not zero, in the unlikely event the SS Richard Montgomery fully exploded, the risk to people near the gas plant is overwhemlingly from the ship, not the plant.

Sheerness, port and village, would suffer quite a lot. I really ought to exploit the Fear Uncertainty and Doubt for financial gain (real estate), but every time I cross a border, I need more (business) lawyers. Slime Mold recoils in horror at their uncleanliness.

All that having been said:

FIRST CLASS MOVIE PLOT!!!

Clive RobinsonMay 28, 2017 5:35 AM

@ Bullfrog,

You didn't cover this serious bug.

There is realy not much to say about the Microsoft "New Technology File System "Master File Table" bugs They have been around for some time (late 90's onwards). Many of them end up destroying your file system so you have to do a compleate reformat. One such is that the $MFT grows but never shrinks and can soon fill a volume if you know how to exploit it (can be done with a .bat file)

It also appears that if you can get access to the NTFS file system on a MS Vista, Win7-8.1 OS computer and try to open the $MFT special filename as a folder similar problems arise.

More specifically, an attempt to open the $MFT special filename are normally blocked by the OS. However in a similar way as trying to open the "con" device back in the 16bit windows days, the special file handling rules are incompleate. So if the the special filename is used as if it were a directory as in c:\$MFT\123—then the NTFS driver takes out a lock on the file as though it were an ordinary access. But imoortantly unlike normal it never never releases the block, so no other process can be started, and existing process will "block" --pending the release which will never come-- when trying to access the file system. The result is the computer will fairly quickly hang or bluescreen...

Apparently, just to be a nuisance if you embbed the $MFT in a URL image link for instance, and your browser is Micr$haft Intetnet Exwhorer the browser will "do the nasty" to your computer... I've not tried it so YMMV.

With regards,

Is it possible to "poison" a SATA Controller and utilize the LED light for nefarious purposes? I recently disabled a noisy one in BIOS because it wouldn't shut up.

Yes and No, it depends on the underlying hardware. But these days due to trying to save every fraction of a cent they can then it's more likely to be yes than no.

But...

Is it possible to detect anything from the old "dumb" wrist watches which many stores continue to sell today? Do they spill any details which could be used to monitor/track people?

They are very low power devices and are not usually General CPU systems but State Machines to reduce the gate count as low as possible to minimise drain on the battery.

But they contain a 32KHz beta cut crystal that runs continuously. From a very short range this can be picked up with a coil very close to the watch electronics. It used to be done so that a production line operator could adjust a tiny trimmer capacitor in the back of the watch to set it to the correct frequency.

Thus "in theory" if the watch body alowed the signal to radiate when the back was on it might be possible to pick it up with a suitable antenna... And again "in theory" it's frequency could be used as an approximate identifier if you could receive it for long enough... And again "in theory" the change in the state machine to update the display etc could be modulated onto that signal as well alowing other ways to enumerate the watch.

But that said "good luck" trying to make that work. You would probably have more luck reading an RFID for "stock keeping" that might be embedded in the plasic strap or under a lable on the back of the watch...

Bobby BMay 28, 2017 7:52 AM

If it walks like a duck......

http://www.bangkokpost.com/news/general/1257538/computer-glitch-grounds-ba-flights

The largest UK airline BA had IT issues leading to a cancellation of all flights, so far so bad, but the article states : " Last month Lufthansa and Air France suffered global system outages that prevented them from boarding passengers."

Sounds a bit strange that suddenly airlines have the same type of issues, but of course there was no cyber attack asking for some bitcoins....

will keep on watching ..

:)

Pressure from Wall StreetMay 28, 2017 7:56 AM

How are airline passengers and data-mining companies have in common?
They both treat their customers like cattle. Both will push the envelop until citizens become aware.

Here is a great article from the NYT:
“Relentless pressure on corporate America is creating an increasingly Dickensian experience for many consumers as companies focus on maximizing profit. And nowhere is the trend as stark as in the airline industry, whose service is delivered in an aluminum tube packed with up to four different classes, cheek by jowl, 35,000 feet in the air.”
https://www.nytimes.com/2017/05/28/business/corporate-profit-margins-airlines.html?_r=0

The analogies are numerous. The four classes of passengers for is also why net-neutrality is being removed. To make room to increased prices for classes of data.

Google just bragged they are tracking 70% of purchases in physical stores. This includes customers who have never agreed to Google’s invasive terms of service. Or even have Google accounts. All in the relentless drive to maximizes profit.
https://consumerist.com/2017/05/23/google-following-your-offline-credit-card-spending-to-tell-advertisers-if-their-ads-work/

The root cause is intense pressure from the billionaires on Wall St. Frequently psychopaths, they've manipulated to become leaders of our government. Does unchecked greed benefit society?
In their hands, the strategic misuse of data-mining technology (to maximize shareholder value) always degrades the quality of human life.
The Art of The Deal is really The Scam of the Deal

Related Note: Internal Eavesdropping/Data Mining wars has left the government paralyzed. Meanwhile the terrorist cells continue unabated. Go figure!

HermanMay 28, 2017 1:28 PM

@Just asking: I live in the Middle East. Yes, the Muslim Brotherhood, Daesh and Al Qaida are very real problems, especially over here. Over in the UK, not so much. Yes, there are a bunch of rich idiots funding them, mostly Arabs. In essence it is a Muslim power struggle or civil war, that is spilling over borders.

Q-shipMay 28, 2017 3:12 PM

Bringing a sign to a gun fight.

Leaked Documents Reveal Counterterrorism Tactics Used at Standing Rock to “Defeat Pipeline Insurgencies”
https://theintercept.com/2017/05/27/leaked-documents-reveal-security-firms-counterterrorism-tactics-at-standing-rock-to-defeat-pipeline-insurgencies/

"Internal TigerSwan communications describe the movement as “an ideologically driven insurgency with a strong religious component” and compare the anti-pipeline water protectors to jihadist fighters. One report, dated February 27, 2017, states that since the movement “generally followed the jihadist insurgency model while active, we can expect the individuals who fought for and supported it to follow a post-insurgency model after its collapse.” Drawing comparisons with post-Soviet Afghanistan, the report warns, “While we can expect to see the continued spread of the anti-DAPL diaspora … aggressive intelligence preparation of the battlefield and active coordination between intelligence and security elements are now a proven method of defeating pipeline insurgencies.”

More than 100 internal documents leaked to The Intercept by a TigerSwan contractor, as well as a set of over 1,000 documents obtained via public records requests, reveal that TigerSwan spearheaded a multifaceted private security operation characterized by sweeping and invasive surveillance of protesters."


Besides the very disturbing (but not at all surprising) glimpse into how those attempting to defend the public good in lieu of established financial interests are colluded against by state actors (to the point of being treated as terrorists by mercenaries), the article gives a good overview as to the modus of such efforts - if one's interested in such things. Or you know, if one engages in such defense of the public good, it would probably be a good idea to familiarize yourself (and everyone else involved) with the tactics of those that will be conspiring against you (if you're not already doing so).

Screaming Fat PigMay 28, 2017 5:41 PM

zerohedge is closer to koolaid than the truth on most topics.

it's quite a blend of make-believe and reality.

SwimfanMay 28, 2017 6:49 PM

@Screaming Fat Pig

Tru dat. ...much like The New York Times - except far less aligned with DC's talking points. ;)

But like Pravda, there's often value to be had between the lines. As is true here, as there, as everywhere.

Clive RobinsonMay 28, 2017 7:00 PM

@ Slime Mould...

Less in that you misstated the quantity of explosive, but in that of its potential effects on the heart of London(Canary Warf et al) for even a half megaton blast.

I actualy said 5 kilo tonne not half a megaton (500 thousand tonnes). Interestingly though your estimate is,

something closer to 1400 long tons of bombs. The bureaucrats mislead: Roughly 40% of a bomb's weight is explosives. 560 tonnes of stuff.

Which is 560, thousand kilograms...

The thing about iron bombs, is that the case serves two purposes, the first is to increase the peak pressure the second is to get better transfer of energy into kinetic objects. Which makes the explosive much more effective.

The figure I gave was from memory of a televison program about the ship some time ago, the most impressive part of which were their graphics and the Uni wave models.

The problem with "inverse square law" only, is it only applies when the area covered increases by the square of the distance. If you assume a trough of uniform cross section then the area goes up as the multiple of the distance not the square. But the Thames is not a trough of uniform cross section it actually narrows towards London therefore you would expect the area to decrease per unit of distance, thus the covered area would go up at less than the multiple of the distance. Which would also cause the depth of water to increase in the same way as a tidal bore or surge.

Tidal bores such as the one in the Seven estuary are not a self-reinforcing solitary wave or soliton, but the equivalent of a shock wave. It traps the energy in the wave front, because the wave front is travelling faster than the wave speed in water above the bore. The same occures with a high explosive shockwave, where the energy gets trapped due to the difference in propergation speed behind and infront of the wave.

In the case of the Seven bore, it quite happily goes around the bends in the river and if the weather conditions are right travels up and over the top of the weir at Tewkesbury over 80Km upstream. You can see video of surfers riding the bore for long distances, and in my much younger days, I rode the Seven bore in a canoe for some distance which was quite a buz.

The wave model they showed on the program looked much like the bore surge to start off with and started to break over the banks at the Greenwhich peninsula where the O2 centre is.

Beyond that I can not say much about it's accuracy as I have no easy way to model it myself. But having ridden the Seven bore it did look believable.

ThothMay 29, 2017 5:29 AM

@Jacob

Very high chance that they might not just attempt to negotiate backdoors or uilize backdoors with "Internet Companies" but also go down to the hardware level and hse existing hardware backdoors installed into all ARM A series chips capable of ARM TrustZone which is as good as al smartphones.

AndyMay 29, 2017 5:35 AM

@clive robosion and bullfrog.
Mostprogram have code in them that accept command line argument, there is a bug with ="? / stuff like that, I but it's how you can pass it to the program before strip.
Iss have the same problem, five chars causes a error speckle, backslash, equals, two numbers.

The security by obscure is make these bugs not get fixed as a fuzzer want notice anything, but and for obvious reasons Microsoft doesn't make it easy to debug.

JacobMay 29, 2017 6:13 AM

@Thoth

I doubt that a backdoor, if indeed this is the case, will be implemented in the ARM HW core:
Although the core design in controlled by a UK company, all the mobile CPUs companies who license and use the core are made by non-UK companies.

Therefore, for this backdoor to work, you need to convince non-UK companies to implement the new core, and even if you are successful in that, it will take at least 3-4 years from now to get the backdoored core designed, disseminated to CPU vendors and go into the next smartphone design and marketing cycle.

No politician looks that far into the future...

ab praeceptisMay 29, 2017 7:11 AM

Jacob

I think you are wrong and Thoth is right. Let's look at a realistic 2 part model example:

a) Cortex A (and some M, too, btw) offer basically 2 processors, the normal one and the trusted one. Hence, we can look at it from a spi calculus perspective as simply 2 communicating processes, with the trusted one "knowing" a secret (either firmware or even mask wired) and the normal one needing to prove that it also knows the secret.

b) "The secret". Example:
let hwsec be a 256 bit number within the trusted part
let diff be a number such that sha256(some_128-bit_hash(uid (96 bit)) + mod256 added diff) = hwsec.
put diff into 4 64-registers prior to calling into trusted proc

Et voilà you have shown knowledge of hwsec and, say, get access to all trusted memory.

The perfidious part is that such a mechanism will survive even tough inspection with all but 100% certainty (2^256-1 to 2^256) while at the same time reliably giving away all your secrets - and - staying in full control, i.e. having a nice albeit very dark reveniew source (with british authorities looking the other way thanks to a nice free spy budget at Arm...).

2 to 3 years? No! A simple "Dear partner/licensee, this is Arm. We spotted a small but severe bug in the microcode. Please update urgently from attached link".

Iff they don't have already something like that built in.

RatioMay 29, 2017 7:34 AM

@Jacob,

Although the core design in controlled by a UK company, all the mobile CPUs companies who license and use the core are made by non-UK companies.

And the UK company itself (ARM Holdings) is owned by a Japanese company (Softbank).

AnonymousMay 29, 2017 7:40 AM

@ Swimfan
Thank You. The want of a keystroke could have had this Yank looking between Land's End and Scapa Flow.

@ Clive Robinson
Re: SS Richard Montgomery
I have decided to defer to your knowledge regarding the ability of fluid shock waves to "turn corners" (hyper-simplification). My previous impression was guided by government training in making a mess of things. I also have many times observed that the mildest shield yields disproportional protection from the waves (certainly not debris).

I know about channeling. I simply believed Tilbury Ness at Gravesend (is that NHS HQ?) would deflect. I also have a hard time comparing a 5 or 500 kt blast to the weight of the geoid North Sea. Anyone amused by such exercise is welcome to it.

My citation of 500 kt was reductio ad absurdum .

My interest is piqued by the fact that the wreck was the subject of a television program. Although I think that only people in Sheerness should care at all, the situation screams "movie!". Do you suppose we might get our host to revive that?

Thank you for your attention to this matter. I clearly need the education.


Clive RobinsonMay 29, 2017 7:49 AM

@ Jacob, Thoth,

Although the core design in controlled by a UK company

Err "was" "a UK company" ARM Holdings accepted a £24.3bn offer from Japanese group SoftBank...

Interestingly SoftBank was majorly in debt at around 90billionUSD so you have to ask a couple of questions. Firstly why were they adding more debt to take them upto around 100billion in debt. Secondly where is the money/backing comming from.

Well although nominally Japanese SoftBank is a major player in China they own a third of Alibaba through which most of China's tech exports happen. Further they havr bought into much of China's up and comming businesses, which to be honest is very very odd in that it's not something China usually aloes unless they have strong controls in place.

Which is why some consider the purchase of ARM Holdings a two step process to give China the semiconductor industry it does not currently have and secondly another strangle hold[1] on the defense and consumer technology of the West.

[1] China has adeptly manipulated the scarcity of "Rare Earth Metals" which are key to modern defence and consumer technology development and in the process brought into China a lot of trade secrets in manufacturing that just a few years ago would have been National Secrets. As I've said before China plays the long game whilst the West plays the short game, and usually the short game is a medium to long term lossing

YossiMay 29, 2017 9:28 AM

Interesting discussion about illegal US violation of diplomatic communications.

http://turcopolier.typepad.com/sic_semper_tyrannis/2017/05/httpswwwwashingtonpostcomworldnational-securityrussian-ambassador-told-moscow-that-kushner-wa.html?asset_id=6a00d8341c72e153ef01b8d286be89970c

But why are they so sure that NSA can break Russian secure channels?

In Snowden's disclosures we've got NSA bragging about its eavesdropping: on allies, on private individuals, on 3rd-world UN delegations with no military axe to grind, on Save the Children - the softest of soft targets. Most of it's illegal under Vienna Convention Article 27, so NSA has no inhibitions about admissions against interest. They put any and every cheap trick into their bureaucratic dog-and-pony shows.

Where do we see NSA bragging about violating Russian diplomatic communications? That would be actually be something to brag about, from their perspective. Yet there's no word of it, at any level of generality.

It seems more likely that the "intercept" came from domestic surveillance in NYC, which has long been secretly rationalized as espionage against the UN, and has recently become virtually ubiquitous.

Clive RobinsonMay 29, 2017 9:35 AM

@ Jacob, Thoth,

The other thing is Amber Rudd MP Home Office Minister is not exactly what you would call "an honest person". Although it is usually more on the lines of "lie by omission" than by invention.

Her boss and Prime Minister of the UK Theresa May MP used to be Home Office Minister and appart from other harms her "legacy policy" is the "Snoopers Charter". Thus she put Amber Rudd in her old position to look after her legacy.

Then May gambled and called an early election. And to be polite it's not realy running her way. One journalist has even suggested that the Manchester Bombing did her a favour because for a few days electionering stopped and with it her downwards appear to the electorate.

Thus May is desperate realy desperate for credibility, and to protect her legacy. Thus Amber Rudd knows when it's time to step up to the plate. She did it for Jeremy Hunt Health Minister over the NHS gets hit by WannaCry, so now it's time to do it for May...

Thus as Rudd's statment contains no factual information just suposition, it's a safe bet it's probably a load of B.S. she knows she's not going to get called on till after the balot count.

Look at it this way, the tech companies know that if May and Co do not get back in this time around the Snooper's Charter is probably going to get "back burnered". Thus it would not be in their interest financially or politically to do anything but smile and nod politely and play for time.

Thus unless real "facts" come to light I would assume Amber Rudd is not telling the truth, deliberatly to not just cover for others but to get IOUs she can cash in at a later date. As given any real power her past and that of her family suggests she will make a compleate and utter mess of it, and cause considerable harm not just to herself but those around her.

JacobMay 29, 2017 2:02 PM

@ Clive

Thanks for the real-world analysis.

We tech people tend to see every statement by people of power as a statement of fact, and then proceed to analyse possibilities and implications, whilst all along the most probable explanation is that they are either lying or twist the facts for a political purpose.

martinMay 29, 2017 3:01 PM

@ Clive

Simplistic question. What does "MP" represent after the names of Rupp and May. I'm sure I'm missing a simple title. I did live in a Common Wealth Nation for a few years and picked up a lot of British English, but "MP" slipped my me.

And, yes I live in the much maligned U.S.A.

Clive RobinsonMay 29, 2017 3:11 PM

@ Martin,

What does "MP" represent after the names of Rupp and May

MP = Member of Parliament
PM = Prime Minister

There are a few others for Scotland, Wales and the EU.

Oh and it's Rudd as in rudderless, not Rupp as in ruptured even though she's a bust ;-)

CAFEBABEMay 29, 2017 5:13 PM

Why are cryptographic collisions used as Proof of Work in bitcoin and in certain anti-spam systems, instead of a useful PoW such as Folding@Home? Are the collisions actually of certificates and such, and the NSA is having everyone crack that stuff for them?

JacobMay 29, 2017 11:41 PM

@ CAFEBABE

The "cryptographic collisions" to be found are not of certificates but of reduced length hashes. It is not actually a search for a collision, but for a message that will produce the specified hash (the so-called preimage attack). No value to the NSA.


PoW of Folding@Home is not as deterministic as preimage attack, and one can not rely, for a long term operation, on a distributed social project that in 5 years from now may be folded (no pun intended).

tyrMay 30, 2017 2:44 AM


@Clive

I get the distinct impression that the current
administration is suffering from 'warm body'
syndrome. Most of them seem to be placeholders
who are remarkably clueless about their data.
Rudd said 80% of phone users have moved to
encrypted apps. My BS meter peaked on that.
She seems to think there's a vast horde of
terrorfolk all communicating in great secrecy
hidden from the forces of law.

That sounds like the same sort of crap that
was being peddled in the 1950s, with commies
hidden under every maiden aunts bed.

Ammo ships can cause some horrendous difficulties
if they let go. The incompressability of water
makes for interesting possibilities for the
shock wave as well. The world has some odd
leftovers from the wars that may surprise the
unwary. A few years ago there was a railroad
yard expansion that uncovered a bombload that
had been dumped during WW2 from a train. They
had just buried it and laid new tracks over the
top. Forgotten until someone dug down and hit
a 500 pounder, fortunately it didn't go off.
There's still an enormous mine placed under
the WW1 trenches in France that the records
have been lost on. One of them went off in 1955
which scared the crap out of people for miles.

Clive RobinsonMay 30, 2017 3:24 AM

@ tyr,

The world has some odd leftovers from the wars that may surprise the unwary

Yes... I won't give the exact locations but school playgrounds end up having much underneath them that the parents might be shocked about.

As you may know there are places in London that have "plague pits" where those unfortunate souls who died of the Black Death etc are buried in mass graves. The most famous is "Blackheath" in East London which people now play golf on amoungst other things. But there are others, some "old schools" with church connections have been found to have lead lined coffins underneath them... Another school has a nuclear warfare command bunker under it. In other parts of the country playing fields are over the tops of disused mines that get "house eating" sized sink holes appear suddenly. But my favourit is about a 1930's "brick works" that was effectivly abandoned prior to WWII, that the local home guard moved into during the war. According to the memories of one of them they hid a cache of weapons including ammunition and hand grenades in there, but the people that knew the exact location got killed. So after the war they buldozed the brickworks into the ground and some years later a school was built next to it and the old brickworks got turffed over and became a playing field. Due to political mantra, the playing fields got sold to a property developer who put up nearly a hundred "tiny boxes" houses ontop of it... Well within a couple of years problems have started to appear and some of those houses have had to be underpined as they started to suffer "movement". What some of the older folks who know about the arms cache have half jokingly said "Let's hope a house warming party does not go with a bang"... Of course if it does happen then the politicos that pushed it through will "not be blaimed"... Mind you this problem is getting worse, we are now getting high rise luxury flats being built in places like Deptford and Greenwich on land beside the river Thames that was heavily bombed during WWII. The odds of unexploded ordinance it quite high, the only question I guess is how it will at some point come to light.

Many high explosives can be regarded as nitrated organic molecules, that like other organic chemicals will at some point decay in one way or another, lets hope it's the quiet way.

Clive RobinsonMay 30, 2017 3:45 AM

@ Jacob,

It brutal out there.

Did you notice where the the break came from?.. Yup the NSA's toy of pleasure NIST...[1]

The thing is what they were trying to do is kind of the Holy Grail of cryptography, in that of the information triad of Communication, Storage and processing we have the first two covered but not yet the third and that is the biggie as it's realy the only way forward for "the secure cloud" idea.

Which as you can imagine there are quite a few political and other government interests as well as big data hunters who would not want to see it happen...

[1] That should get some conspiracy theorists tongues wagging faster than a litter of happy pupy dog tails ;-)

Champs-ElysseesMay 30, 2017 4:04 AM

@Captain

[1] "This package includes the important tools for controlling the network subsystem of the Linux kernel. This includes arp, ifconfig, netstat, rarp, nameif and route.

It all or nearly all has been replaced by the iproute package.

65535May 30, 2017 4:19 AM

@ Clive and others with knowledge of OLED video/sound screens.

How does Sony’s “Acoustic Surface technology” work?

“Sony has created the world's first television which can emit sound from the screen itself, removing the need for separate speakers. Unveiled at CES 2017 in Las Vegas, the A1 BRAVIA OLED series features a unique "Acoustic Surface", which sees the sound being emitted from the whole of the screen …transmits sound through two transducers which are located on the back of screen. These generate vibrations onto the area of the screen that's required to transmit the sound… Currently this sound technology can only work with OLED TVs…” –mirror

I see this same technology in mobile phones. Could the “transducers” be used as a microphone?

Could some 3 letter agency make a TV or smart phone screen into a microphone and record conversations?

http://www.mirror.co.uk/tech/sonys-new-tv-emits-sound-9573145

Clive RobinsonMay 30, 2017 7:57 AM

@ 65535,

I see this same technology in mobile phones. Could the “transducers” be used as a microphone?

Not sure how the transducer being used works --needs a little research-- but if it uses say the piezoelectric effect then yes it would be bi-directional in a similar way to electret mics / speakers.

However the larger a panel is the lower it's natural frequency response, with it's upper frequency response defined by it's bandwidth which is likely to be a small percentage of the natural frequency. But... It will also respond to harmonics as well thus the frequency response across the audio band is going to be quite complex. What this will do for it's efficacy as a microphone I'm not sure.

Clive RobinsonMay 30, 2017 8:29 AM

@ 65535,

A little more on the Sony Bravia A1...

It would appear the display comes from South Korea's LG Display (wich is independent of LG). Which you may remember was in the news a couple of years ago with Israeli based industrial espionage geting caught in the act.

The Sony "Acoustic Surface" works in principle the same way LG's "Crystal Sound" works by having a number of actuators attached behind the screen. However Sony claim there version is patent pending. Which I'm guessing is due more to the driver electronics and DSP software rather than the actuators or the way they attach to the screen.

The photo of one of the four actuators looks very like the coils you would find on other "thin" or "low profile" speakers.

You can read a bit more at,

https://www.theverge.com/ces/2017/1/10/14222986/sony-bravia-oled-lg-display-ces-2017

Clive RobinsonMay 30, 2017 8:33 AM

@ All,

Are others having "Internet Problems" currently, I've had four CloudFare appology screens come up in the last quater of an hour (14:15-14:30 BST).

ab praeceptisMay 30, 2017 8:50 AM

Clive Robinson

I tend to take it as positive when cloudflare is malfunctioning because their servers not working is about the safest status they can possibly have ...

Clive RobinsonMay 30, 2017 8:59 AM

@ ab praeceptis,

[CloudFare] servers not working is about the safest status they can possibly have ...

+1 ;-)

CallMeLateForSupperMay 30, 2017 10:59 AM

@Clive re: "Internet Problems"

Funny that you ask now. The last "down" site I encountered was Krebs On Security, last year. This past weekend, Spiegel[dot]de was unreachable from here for most of a day. None of the other dozen or so sites I check every day was unreachable or even slow that day. Late that same evening (eleven-ish) I found Spiegel "up". In the mean time, using search engines for answers - even an acknowledgment of a problem - gave no joy.

A TADMay 30, 2017 2:12 PM

@TS
Rather big security issue in google chrome, that google thinks is "not that big an issue"

well duh, nothing is an issue to Google unless it damages their own selves. If it hits their wallet, for example...

Google Search just got a lot more personal
http://bgr.com/2017/05/30/google-search-personal-results-tab/

Google already tracks everything you do while inside any of its online services to make money off your data...The Personal tab might not be immediately obvious to users, but it’s right there on Google Search, buried inside the More option....

65535May 31, 2017 1:45 AM

@ Clive

I took a look at your link and the flat surface acting as a “speaker” is a bit of a puzzle. One would assume a laser monitoring the sound surface would be one possible way. The others is via some software linked to transducers. This is a big question when it involves smart phones. Thanks for your input.

Clive RobinsonMay 31, 2017 8:33 AM

@ JG4,

th regards the BBC expose on the unpalatable behaviour of Facebook on how they steal peoples data and private files via the Facebook Apps. I found the last two lines quite funny,

    Follow Technology of Business editor Matthew Wall on Twitter and Facebook

proconMay 31, 2017 8:40 AM

Hackers publish private photos from cosmetic surgery clinic
https://www.theguardian.com/technology/2017/may/31/hackers-publish-private-photos-cosmetic-surgery-clinic-bitcoin-ransom-payments

Hackers have published more than 25,000 private photos, including nude pictures, and other personal data from patients of a Lithuanian cosmetic surgery clinic, police say.

The images were made public on Tuesday by a hacking group calling themselves “Tsar Team”, which broke into the servers of the Grozio Chirurgija clinic earlier this year and demanded ransoms from the clinic’s clients in more than 60 countries around the world, including the UK.

Nick PMay 31, 2017 8:41 AM

@ All

I previously shared a presentation on Combinatorial Testing with N-combinations ranging from 2 (pair-wise) to 6. The report indicated that 3-way testing found 90+% of defects in major products that couldn't be more different. That means it might be fundamentally effective in some way. NIST says ACTS tool is free but it's not open source yet. Need one for FOSS on C/C++ apps for BSD/Linux at the least.

So, I dug up another report giving more information for anyone considering building something like that. I'm also going to ping some people doing testing tools to see if they want to take a stab at it. Maybe the guy behind this tool for property-based testing of C programs. I'm sure the guts of the testing framework of combinatorial are about same as whatever these people have already built. Just gotta switch the algorithms for processing the code and producing the tests themselves.

ab praeceptisMay 31, 2017 4:08 PM

Nick P

I know about that approach but I'm mistrusting. The main reason for my mistrust is that testing, which by itself is insufficient anyway, when combined quickly reaches state and complexity dimensions that are simply unrealistic to deal with.

Keep in mind that even for simple testing (and for some verifications methods, too, btw) many domains are way too much too handle (which is usually "solved") by looking at intervalls and boundaries only.


It might, however, be a useful approach in that it may help to post factum look at existing code bodies, particularly as a "compass" to spot code regions deserving a more intense look.

Donald J. TrumpJune 1, 2017 1:12 AM

You may have heard hints of this, but now I am pleased to announce my brand new cryptographic hash function, Convfefe:

https://pastebin.com/VhveAF8S

Convefefe was designed by me, personally, to defend America from the forces of corruption.

#FakeNews media will say this appears to have been rushed in the last few hours, but I assure you that this has been in the works for a very long time. In fact, top cyber analysts at the NSA have looked it over for months and have concluded that this is not only the greatest cryptogtaphic hash every made, it's also the only hash function that cannot be broken by our enemies. The NSA is currently being audited, however, but once that is completed the full analysis will be released. In the mean time, I have a certified letter from a ten year old stating that it is perfectly fine to use in production.

JG4June 1, 2017 7:04 PM


Supreme Court Lexmark Patent Decision A Win for State Right to Repair Legislation
http://www.nakedcapitalism.com/2017/06/supreme-court-lexmark-patent-decision-a-win-for-state-right-repair-legislation.html

Posted on June 1, 2017 by Jerri-Lynn Scofield

https://www.supremecourt.gov/opinions/16pdf/15-1189_ebfj.pdf

By Jerri-Lynn Scofield, who has worked as a securities lawyer and a derivatives trader. She now spends much of her time in Asia and is currently researching a book about textile artisans. She also writes regularly about legal, political economy, and regulatory topics for various consulting clients and publications, as well as scribbles occasional travel pieces for The National.

The United States Supreme Court on Tuesday in Impression Products v Lexmark International struck down restrictions a patent holder sought to place on subsequent use of its products after they are sold. This landmark patent decision has implications for the right to repair movement.

http://www.nakedcapitalism.com/2017/05/apple-spends-big-thwart-right-repair.html

I’ve written about the topic of state right to repair legislation previously in Apple Spends Big to Thwart Right to Repair in New York and Elsewhere and Waste Not, Want Not: Right to Repair Laws on Agenda in Some States. It is on the consequences the decision implies for these and other right to repair initiatives that I intend to focus in this short post– rather than delve into the minutiae of patent law. (Readers interested in a more comprehensive summary of the decision’s importance– particularly for the doctrine of “patent exhaustion”– might find useful this Scotusblog account, Opinion analysis: Federal Circuit loses again, as justices categorically reject enforcement of post-sale patent restrictions.)

http://www.scotusblog.com/2017/05/opinion-analysis-federal-circuit-loses-justices-categorically-reject-enforcement-post-sale-patent-restrictions/

...

anonyJune 2, 2017 3:40 AM

RFID tags on the new Intel Skylake and Kobylake processors...

http://www.gamersnexus.net/news-pc/2936-intel-i9-7900x-delidding-cpu-package-thermal-paste

"There appears to be an RFID chip in the corner of the Intel i9-7900X that we looked at, which would lead us to believe that the chip is capable of storing user information. Der8auer’s theory is that this could be used to store user overclock data, e.g. maximum stable OC. Such a chip could also be used for RMA processes, theoretically."

ThothJune 2, 2017 5:42 AM

@ab praeceptis, Clive Robinson, Nick P

After looking through at "Secure OSes and Frameworks", I have decided to redefine what I think as secure and safe environments and what are not.

This definition would not consider bubble-up attacks as it is something rather difficult to defend against and I have not gotten around that far for now.

What I have noticed with modern computing systems is the amount of physical and logical interfaces in the form of network access and display, logical inter-process access and so on are just too many that turns into a "too many gates to guard" problem and this can create lots of vulnerabilities and bugs. Trying to keep a system's codebase lean is one thing but not being able to have as many of the interfaces locked down and acting in a predictable manner is another thing. Due to the problem of "too many gates to guard", a Secure Execution Environment would require highly limited and restricted interfaces that have rigidly defined functions, access conditions and resources to not only ensure that they can be predicted in a safe and also secure fashion.

Thus, even with microkernels and microhypervisors equipped, the system might many interfaces attached which makes it difficult to track the resources and accesses thus microkernels and microhypervisors deployed on general purpose computers and systems cannot be considered safe nor secure.

In short, general purpose desktops and servers hoping to use microhyerpvisors and microkernels or such frameworks or OS distributions are probably not going to be as effective as a purpose built system and cannot be safely described or labelled as safety and security capable at all.

ab praeceptisJune 2, 2017 6:54 AM

Thoth

While I agree with your view I'd extend it by saying that it's not really hardware that is the problem but the users.

I see that also with my own current approach, where users *can* have their usual fat bloat box but where confidential data is to be entered, edited, and viewed with a secure "mini station".
I get pretty much but complaints. There is fully blown GUI with X but just a simple one, it obviously doesn't support ms office and not even pdf, it doesn't support usb (for obvious security reasons), etc.

What 99% of the users really want is their crap box with some magic security add-on app.

Whis a major pita because it drives the market and both intel and arm are in a race to bring ever more and faster hardware gadgets which typically don't care at all about security.

I'm afraid that situation won't change anytime soon. With billions to be earned by selling snakeoil and dumbed down users it's just far, far more attractive to milk the herd by selling snakeoil and ever more gadgets.

Even with the clients only the most security sensitive are willing to make compromises. Most clients start the discussion asking for "maximum security" but water their wishes down towards what they typically name "usability". About the only segment where they don't ask me to water it down is "closed boxes", i.e. industrial controllers and systems that have no or little user interaction. And, well noted, that's the sensitive market niche.
You'd probably be surprised where windows and ubuntu (and wide open usb ports) are to be found .(ATM being but one example).

It's akin to what Bruce Schneier often describes as (e.g. tsa's) security theater. And he is sadly right. Most people *strongly* prefer theater (e.g. a golden sticker "security" app and being able to click with their mouse and watch youtube videos) over real security.

Just look how they accept being herded and treated like animals by tsa "for security". That system works for a sad and simple reason: theater (the feeling) is what 99% really want.

FigureitoutJune 2, 2017 11:48 PM

Thoth
I have noticed with modern computing systems is the amount of physical and logical interfaces
--On some ARM Cortex M0+ chips, there's something new I've never heard of, an "event system". I bet this is on a lot of ARM chips and this raises all kinds of red flags in my head (as if you'd seriously consider such a chip if you had stringent security requirements, but I could see defensive measures using these capabilities). It allows peripheral-to-peripheral communication without CPU intervention or using RAM or traditional system buses. A peripheral could include a UART (which can operate in the deep sleep modes! Backdoor!) It can't be disabled, only reset (I could envision, if you were forced to use such a chip and had security requirements, a tasklet that continuously resets the event system, which clears registers to initial state and cancels ongoing events).

This is how the chip is able to reset a watchdog timer w/o turning on the main CPU.

At a minimum, bare bones MCU's need to be used in secure environments, but additionally we can get some to most of the peripherals needed and split them up. For instance there's "supervisor" chips that can be an external watchdog on a system. And there's low dropout regulators w/ chip enable lines that can turn on and off different parts of the system, a backdoor would be much harder to hide...

Clive Robinson
--Curious if you've ever hacked a low dropout regulator or "supervisor" chip? The point for an attacker would be mostly DOS-style attacks preventing something from being turned off or on (or preventing a reset if needed w/ the supervisor). I'm not sure the internals of the chip enable line but at least it would fairly obvious fairly quickly something's wrong if it were attacked.

Ministry of TruthJune 4, 2017 4:32 PM

Regarding the public image of anonymity software such as Tor, and the policy some governments have of targetting Tor users. @moderators Is this shortened enough? Is talking about anything related to computer security banned here?

Firewalls, antiviruses, GPG/PGP, LiveJournalwarning! clicking this link classifies you as a Muslim extremist, Tor, TAILS and anything else that makes it harder for people to damage your computer or to steal your personal information is an offensive weapon, a cyber munition that causes mass destruction.

On the other hand, things such as network exploitation techniques, viruses, spyware, Denial of Service tools, sabotage of NIST security standards standards which must be secure to protect the secret service from being murdered, preventing -day vulnerabilities from being fixed, and so on, factor into "defense". These defensive strategies do not put civilians at risk.

These things are for your protection. It makes perfect sense for Anonymous to wear Guy Fawkes masks while DDoSing any dissidents/anyone else who is against Big Brother.

The government is above being hacked, so you should trust them with your mind body and soul. Failure to accept their mark will result in exclusion from all types of commerce, so accept it for your own good. Make sure to protect your children from peeping toms and stalkers by warning them not to use privacy software.

Also, it has recently been found that safety features in computers and cars can benefit terrorists, so all anti-viruses and airbags in Internet connected vehicles, which all new vehicles must be, "to protect the children" must have an easy, fast, sure way to be remotely disabled without alerting the occupants.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.