Friday Squid Blogging: Giant Squid Caught Off the Coast of Ireland

It's rare:

Fishermen caught a 19-foot-long giant squid off the coast of Ireland on Monday, only the fifth to be seen there since 1673.

Also the first in 22 years.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on May 19, 2017 at 4:12 PM • 94 Comments

Comments

Ben A.May 19, 2017 4:16 PM


Virtual German Lorenz code machine implemented in the browser

You may need a big screen to see everything!

http://www.lorenz.virtualcolossus.co.uk/LorenzSZ/


We Did It Again: Deleted Notes Extracted from iCloud

Apple have been caught lying again about the data they upload to iCloud.

"It mentions bookmarks but not browsing history; no information on storing call logs is provided; and it is said that deleted content is cleared. Oh, really? I’ve got some bad news for you: this is far from truth."

https://blog.elcomsoft.com/2017/05/we-did-it-again-deleted-notes-extracted-from-icloud/

https://blog.elcomsoft.com/2017/05/on-apple-icloud-security-and-deleted-notes/


OpenVPN Audits Yield Mixed Bag

https://threatpost.com/openvpn-audits-yield-mixed-bag/125694/


How did the WannaCry Ransomworm spread?

https://blog.malwarebytes.com/cybercrime/2017/05/how-did-wannacry-ransomworm-spread/

https://threatpost.com/available-tools-making-dent-in-wannacry-encryption/125806/

http://blog.talosintelligence.com/2017/05/wannacry.html


VMware Patches Multiple Security Issues in Workstation

New version is: 12.5.6

http://threatpost.com/vmware-patches-multiple-security-issues-in-workstation/125805/


Google wants to share your photos with your nearest and not-dearest

https://nakedsecurity.sophos.com/2017/05/19/google-wants-to-share-your-photos-with-your-nearest-and-not-dearest/


Extending Microsoft Edge Bounty Program

Microsoft are extending the end date of the Edge on Windows Insider Preview (WIP) bounty program to June 30, 2017

https://blogs.technet.microsoft.com/msrc/2017/05/16/extending-microsoft-edge-bounty-program/


Let them paste passwords

https://www.ncsc.gov.uk/blog-post/let-them-paste-passwords


Phishing scum going legit to beat browser warnings

"...since the two browsers started to berate HTTP-only operations, phishing sites added an extra layer of credibility by adding HTTPS."

https://www.theregister.co.uk/2017/05/19/phishing_scams_adopting_https_to_beat_browser_warnings/

Chubby OneMay 19, 2017 4:59 PM

http://gizmodo.com/ice-agents-are-using-stingray-surveillance-tech-to-capt-1795377902

The US Government is deploying more than 120 Singrays to catch illegal immigrants

http://www.prnewswire.com/news-releases/researchers-unveil-new-password-meter-that-will-change-how-users-make-passwords-300452470.html

A new password checker has been released.

It is here:

https://cups.cs.cmu.edu/meter/

Sadly, most of the advice they give is silly or plainly wrong. My favorite is their claim that using a number as the middle digit makes the password stronger. Oi vey.


Ergo SumMay 19, 2017 5:09 PM

@ Anon from May 13, 2017 8:41 AM...

I found out that Micro$haft had a patch for XP at the same time as more modern OSs back in march.

But it was only available to those paying a kings ransom ($300/year according to some sources) to get the continued XP support.

Thanks for the clarification...

Ben A.May 19, 2017 5:23 PM

@Chubby One

I tried two passwords and that meter reports them both as "strong" -

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
111111111111111111111111111111111111111111111111111111111111111111111111111111111111111

Lawrence D’OliveiroMay 19, 2017 5:25 PM

I’m curious to know people’s opinions about this article describing a new system for emergency services to locate those who make 111 calls from mobile phones. It doesn’t require any special software installed on the phones, yet it seems able to get GPS-equivalent location accuracy. This level of accuracy is only available on Android phones, not Apple ones.

How would it work?

Ergo SumMay 19, 2017 5:26 PM

@Ben A...

How did the WannaCry Ransomworm spread?

Quote from the Malwarebytes link:

Claims of WannaCry being distributed via email may have been an easy mistake to make.

It's nice to know that the security experts' knee-jerk reaction is blame the end user... :) Like they had been doing since the beginning of time...

ThothMay 19, 2017 6:46 PM

@all

Google's Android Things (a.k.a Google Persistent Backdoor).

Youtube video (for those who hate their own privacy) on Google's promotion of Android Things (i.e. highly vulnerable and buggy monolithic kernel promoted as "Secure IoT" and on top of that uses ARM TZ for persistent hardware backed backdoors).

Better off running Zephyr microkernel on a non-ARM A series chip (i.e. STM32F Cortex M, Atmel SMART ARM Cortex M ...etc...) and forego the entire "hardware backed keystore" since technically what "hardware backed keystore" actually means is a bunch of OTP bits/fuses blown into the chip for it's root key and you could actually do those as certain chips may have OTP bits storage areas.

Links:
- https://developer.android.com/things/hardware/index.html
- https://www.youtube.com/watch?v=U4QBI4PJj8Y

ab praeceptisMay 19, 2017 8:30 PM

Thoth

Two quick remarks.

zephyr? Really? I don't trust the linux foundation any further than I can throw a T-72 tank.

As for security I personally like to go the route of using an STM32 as main proc. and an additional ti 430 basically for security plus funny useful services. While the ti 430fr2 and siblings have got security quite well I trust neither of the two and use them merely for my own way to do things (the triangle, see below).
Of course both can be cracked, particularly by a resourceful opponent but then I can't build my own chips and have to chose from what's available.

Here's what I basically do: I set the STM32 to rdp1 and/but treat it as untrusted device. I use the 430 as poor mans secure chip (which it does way better than the stm32), close it completely down so as to refuse anything and everything (incl. new bootcode) and have it to hold part 1 material of a 2 part algorithm (the second being on the stm32). Additionally all sensitive operations are 2 part, too. As a free throw in I (usually) use the analog circuitry for TRNG generation.

The third part of my triangle is algorithmic. Cracking either one of the chips gives you nothing but a probably bricked chip. Another nice feature of the 430s is the cap lines which enable cheap and simple - and fingerprint or temperature pattern free! - code input by a human. All of that for less than two $ is not to complain about.

Side note: Pretty much all major chip companies nowadays offer /usually expensive) "security chips". I don't trust them. About the only real added value they offer is even better tamper resistance but that isn't worth much to me because an opponent able to crack the chips in my triangle either in or very little below the league that also cracks "security chips". And with my own poor mans solution I *know* the implementation of the algorithms is a) solid and verified and b) not java crap.

ThothMay 19, 2017 9:01 PM

@ab praeceptis

Zephyr is mentioned as it is the "lesser of two evils". Theoretically, it is best to write an application specific firmware and constrain it but as per most developers, they will pick the easy way out and comparing a totally busted Android kernel with who knows how much hidden stuff we don't see compared to a much leaner microkernel, thus the lesser of two evils would still be Zephyr.

Of course to fully avoid the situation of "lesser of two evils", the devs have to "create from scratch" their application specific firmware but that is unlikely to happen knowing how most modern devs are whereby they will definitely choose to easy way out.

Just use a smart card in SIM form factor if security is required for tamper resistant storage. The RNG key generation are done by the STM32/TI chips while the tamper resistant keystore is done by SIM card. The encrypt/sign function can be done via SIM card or STM32/TI depending on paranoia levels.

ab praeceptisMay 19, 2017 10:01 PM

Thoth

As for zephyr I guess I'll have to agree. Sad situation.

As for "paranoia" solution, I was a fan of "security chips" for quite some time. What made me change my view was mainly two factors, namely a) java plus the need to trust, and b) all them funny protection measures are crackable in pretty every uni lab.

Which leads me back to a). How and why would I trust utterly profit driven corps to do it right rather than just adding "security" mumbo jumbo layers? From all I've seen, profit greed seems to be one of the arch-enemies of security. Them managers will invariably come down on the tech guys and demand what basically boils down to "listen, we don't need to sell security but the image of security which btw is also much more cost effective".
Plus keep in mind that them security chips are an extremely attractive target.

What I do see as an advantage is the "something I have" factor of a sim card. But that needed to be separate from the board and connected only when needed, e.g. at startup.

But then my use cases are different from yours. For your case which I losely summarize as "people, here's something that offers you some decent safety level. Stop entrusting sensitive stuff to your android or windows box!" I do agree with you.

Btw. I wish you success with your company and product! Your work deserves to be rewarded.

ab praeceptisMay 19, 2017 11:35 PM

Maybe let's encrap should have first tried "let's learn parsing urls".

ssl/tls and family - the plague that just never stops providing demonstrations of incompetence ...

(Yes, I'm waiting for someone smart to bring up the "commercial CAs are crappy, too!" 'argument'. As if sh*t-for-free were any tastier than sh*t-for-money)

ThothMay 20, 2017 1:15 AM

@ab praeceptis

I have mentioned in the past the problems with CAs be it open source or commercial. I think it is not a surprising problem and nobdoy should be surprised either as we know that like any software without lots of thoughts into modelling the entire system for higher assurances.

Just slap together a smart card for the CA admin to login and a HSM to store the root CA signing key and ot becomes magically secured. That is the train of thoughts of most projects.

ab praeceptisMay 20, 2017 1:26 AM

Thot

Maybe it's my strange mixture of stupidity and friendliness but I vaguely assumed that after quite some problems, usually introducing critical risks, with url/uri processing the happy members of the ssl/tls mental asylum might have woken up and started to work more carefully at least regarding things that had already bitten them multiple times ...

Obviously I was too optimistic, indeed.

mostly harmfulMay 20, 2017 6:40 AM

A new virginity checker has been released.

Oh, wait. Wrong forum.

As you were.

RachelMay 20, 2017 6:40 AM

regardless of how one feels personally about julian assange, it's staggering to read in the Guardian, the ongoing smear campaigan and absolute bias regarding him and his legal situation. Lies. No other word for it. why let facts get in the way of good story?

mostly harmfulMay 20, 2017 7:24 AM

@Rachel

Calumny can be a recommendation:

https://wiki.dothraki.org/Season_Six_Dothraki_Dialogue

[Daenerys is presented to Khal Moro.]

Akho: For you, my Khal. The white-haired girl we found in the hills.

Bloodrider #1: Look at those lips, blood of my blood.

Wife #1: Blue-eyed women are witches.

Wife #2: It is known.

Wife #1: Cut off her head before she casts a spell on you.

Khal Moro: Even if I was blind, I’d hear my wives say, “Cut off her head,” and I’d know this woman is beautiful.

RachelMay 20, 2017 7:35 AM

@ mostly harmful

what on earth are you talking about? Wishing you a speedy and complete recovery supported by the appropriate methods.

Please refrain from any further non-security related posts.

mostly harmfulMay 20, 2017 7:56 AM

@Rachel

I had considered pointing out explicitly that truth, in an artistic domain, is sometimes represented by beauty.

But then I thought, "Nah, too obvious".

WaelMay 20, 2017 10:04 AM

@r,

What the hell is this?

An anachronism

How does that even qualify as a article?

A somewhat informative article, but missing a lot of information.

Am i missing something with JavaScript disabled??

You're missing nothing; move on.

Patriot COMSECMay 20, 2017 10:48 AM

https://www.clsa.com/special/onebeltoneroad/

This was the week in which China's "One Belt, One Road" plan made the news in a big way.

This ambitious trade scheme has huge security implications for the future. As China becomes increasingly powerful in the region, they build communications infrastructure in partner countries. Can you guess who collects the data?

A host of security-related projects go hand-in-glove with One Belt, One Road, such as China having their own GPS system. All of this is aimed at reducing the influence of the U.S. NATO-like security agreements have also been spoken about, and I think this is what the future holds for China in Central Asia-- and perhaps beyond.

RachelMay 20, 2017 2:43 PM


@ Dirk Praet nursing a sore head and slam dancing to the 'werk
@ anyone evangelising Open BSD

Here's a great concise easy to imbibe piece by a minimalist (the founder of CD Baby incidentally) about why he uses Open BSD and why everyone should. Note: he doesn't maintain that the security features are the reason to use it.
It seems to be a useful piece for sharing with windows users or anyone you feel needs convincing to try harder.

https://sivers.org/openbsd

@ Patriot Comsec

i could say I'm disapointed in your sudden cathartic-emetic surge of ethics- transparency but, to be honest, you completely lost me (and everyone else whose opinion is worth something) a few weeks back when you made out Snowden was a hybrid of McVeigh and that guy framed for the John Kennedy whatsy. You do an adequate job of articulating yourself. Thats about it.


DorothyMay 20, 2017 3:45 PM

@Rachel
Re: https://sivers.org/openbsd [ https://www.openbsd.org/ ]

It's probably not for you.

It's not for beginners. Beginners should use Ubuntu. [ http://www.ubuntu.com/desktop ]

Look. We've all been using computers as part of our daily jobs for years and years now, for essentially every task that involves mental rather than direct manual labor. We're not in Kansas anymore, and we're not listening to a street preacher on Matthew 25. I hate men who call themselves virgins.

BSD lets the DAEMONS loose !!!!!!!

AndyMay 20, 2017 4:26 PM

It's a bit soap box but I think I earned it. Donald trump just make a policy when the media ask for comment, just don't turn up and leave a message your got a country to run

albertMay 20, 2017 5:00 PM

@Patriot COMSEC,

Chinas "One Belt, One Road" initiative is remarkable, and very smart indeed. They build billions in infrastructure and become 'partners' (i.e., part owners) in the ventures. Unlike the Wests 'bankrupt, bail, and buyout' strategy, China reaps benefits along with its partners.

The psychopaths in the USG are worried. There is no option* to counter this except the only one they know: military action. Say what you want about Bill Clinton, he said as much years ago: The era of US preeminence is coming to an end.

--------------
* Well....there is another option. It's called 'beating them at their own game'.

P.S. Having ones own GPS system has military as well as strategic advantages.

P.P.S. China collects the data. Users think twice about stirring up revolutions. Instability is bad for business, China doesn't roll that way....as yet. They are only sniffing the Wests Kool-Aid.

. .. . .. --- ....

Patriot COMSECMay 20, 2017 5:52 PM

@ Rachel

It is OK not to agree with others on this blog. Minority opinions can be interesting.

I worked for the puzzle palace for a long time--retired--and so my view about Snowden is informed by that. If a devastating attack against the US happens again, and you were hurt, and it is proven that Snowden enabled it, please send me a message here.

It just... sits there like a pet rock!May 20, 2017 6:42 PM

@Rachel, thanks for the classic OpenBSD hobbyist plug from Sivers: Do what I do! Execute the forty thousand consecutive commands in the 80 Meg zipped file I can't be bothered to put on the web and give OpenBSD a thousand bucks and if you want something that actually accomplishes work in the human world, ask them for it and do it for them. Cause it's best!

Patriot COMSECMay 20, 2017 10:38 PM

Wikileaks is at it again, and this time we get to hear more about "Assassin" and "Athena".

https://www.wikileaks.com/vault7/document/Athena-v1_0-UserGuide/

In one of the documents there is an ominous remark. To paraphrase it: you can destroy the universe with this, so use it with discretion. (How nice to let it out!)

It is important to remember that we do not know if the documents have been doctored, nor do we know if the material is even true, partly or in whole.

The Russians are laughing, literally. That too is in the news.

tyrMay 21, 2017 3:10 AM


OT

@Clive

That's interesting about Rasputin. Since the
usual Rus revolvers made on contract were
called 44s (429 diameter slug) and Colts
of that approximate size were 456-458. A
455 would stick out like a sore thimb.
There are fairly arcane reasons for all
of this having to do with militarys
who preferred matching slugs for rifles
and pistols. Moderns can afford multiple
machinery for arsenals so that has gone
the way of the dodo. People who make
their own still like that idea.

That may have been a family inspired hit.
If the Crown had noted the bad publicity
of Rasputins hold over a cousin.

There's a real problem in not seeing the
Russians for what they really are because
it leads people into dangerous fantasies
about them. The worst mistake USA made was
to believe the crap peddled by the Gehlen
apparat and their Tsarist stooges. Once
the U2 overflights failed to see the massed
bomber fleets it should have been apparent
they were lying through their teeth. Once
they have peddled it as gospel, no one
wants to admit that their secret squirrel
information was all a perpetrated hoax.
That might cause a horrible consequence
like a budget cut.

Bitter OldmenMay 21, 2017 3:22 AM

All them funny protection measures are crackable at home as they are operated by humans.

tedMay 21, 2017 3:54 AM

The squid kept yapping about U.S. NATO security agreements and DIY.

Microsoft distributed fixes for long outstanding flaws in their OS and have not completely abandoned them. Only when it is financially convenient, one lever that operates certain practices. Another, when defense of business name or trade marks matter.

PhilMay 21, 2017 5:36 AM

Lawrence: I imagine the more accurate Android location is being provided by this service: http://www.eena.org/press-releases/aml-in-android#.WSFsdtXytD8

I believe the way it works is that when you dial an emergency number that a modern Android phone recognises (112, 111 etc) it turns on the GPS & sends that data to a custom mobile data endpoint which is shared across mobile providers that implement the service. That data is then passed on from the mobile network to the emergency services & matched up with the voice emergency call.

RatioMay 21, 2017 5:41 AM

@Dirk Praet,

(Moved here, because OT.)

[...] these huge arsenals of WMD's they found in Iraq and for which an entire region of the planet was set ablaze?

The entire Middle East is on fire because of the Iraq War? Is that what you are saying? Doesn't that view strike you as just a tiny bit facile?

(That whole comment wasn't quite as understated as it could have been, if you don't mind me saying so.)

JG4May 21, 2017 6:38 AM


@Rachel

I missed the comparison of Snowden, McVeigh and Oswald n days and weeks ago. It is an interesting topic that bears on security at multiple levels. All three served the US military, McVeigh and Oswald as enlisted troops, and Snowden in his civilian employment. All three are thought to have/had patriotic leanings, Oswald's pink sheepdip notwithstanding. Oswald certainly was recruited by one or more quasi-governmental agencies. The claim has been made that McVeigh also was recruited, but that leads to some very dark possibilities that I'd rather ignore. Not because they are unpleasant, but more because the evidence is very thin and mixed with too much misinformation and disinformation. You can waste a lot of time and energy trying to separate fact and fiction. I feel the same way about their psychological profiles - there is to much noise with whatever the signal was. Perhaps with the arrival of civilian AI, some of those mysteries will get untangled. A staggering effort has been made to untangle Oswald's history, with limited but interesting successes. Not one expert shooter has ever replicated Oswald's purported feat of marksmanship in numerous attempts to recreate the events of Dealey Plaza. Oswald claimed that he had been framed, by saying on national TV "I'm just a patsy." It may be that Oswald was framed and that substantially all of his activities were directed by a shadowy mix of characters inside and outside government. BTW, Oliver Stone's movie is quite good, but difficult to follow if you haven't read the books. If Oswald's mindset were patriotic, he and Snowden are not so different. The key difference apparently is that Snowden was self-directed, although that is not guaranteed.

http://www.zerohedge.com/news/2017-05-20/10-crazy-conspiracy-theories-became-conspiracy-facts

The Second Gulf of Tonkin incident is missing from the list. I've said before that the greatest fear of the highest-ranking US POW in Hanoi was that his captors would discover that he knew that the whole war was fabricated, break him and parade him on TV to tell the truth. He's a lot tougher than I am, because he beat his own face with a stool so badly that they couldn't put him on TV. A healthy skepticism about government policy is a good starting point for any discussion.

Patriot COMSECMay 21, 2017 7:10 AM

@ JG4

Snowden and McVeigh both tried to make it into Army Special Forces, and both got injured and failed.

McVeigh blew up a building in Oklahoma City, Snowden did the same amount of damage, metaphorically, to a building in Maryland. I contend that both were losers motivated by hate.

Dirk PraetMay 21, 2017 8:02 AM

@ Ratio

The entire Middle East is on fire because of the Iraq War? Is that what you are saying?

That is exactly what I'm saying. The destruction of Iraq as a nation, the regional power vacuum it left, the subsequent rise of Daesh, the ongoing proxy wars in Syria and Yemen, the resulting refugee crisis and wide-spread famine can all be traced back to the misguided and ill-conceived invasion of Iraq by the US and its "coalition of the willing" (most of whom, with the exception of Tony Blair, realized fairly quickly it was a total mistake). An error that was later repeated in Libya, creating yet another failed state and opening up an additional door to Europe for hundreds of thousands of African migrants.

To top it all off, you now have a president that has just concluded a $100 billion arms deal with the country that not only is one of the most prominent players in those conflicts, but also the cradle of Daesh philosophy, supplier of the majority of 9/11 AQ terrorists and whose role in 9/11 to date remains a topic of debate. In return for which he is lauded by its feudal leaders and Islamist clergy as "a bringer of peace".

You can the deny the US's responsibility and accountability for what's going on in the Middle East as much as you want, blame the EU, Russia and Iran instead, but - whether you like it or not - that's pretty much how the entire world sees it and how it will go down in history.

JG4May 21, 2017 8:22 AM


@albert

China builds a new world in which *it* is the great power
https://fabiusmaximus.com/2017/05/16/china-infrastructure-one-belt-one-road/
Summary: US borrows trillions to wage war in foreign lands. China helps build other nations’ transportation infrastructure to connect them for mutual trade. Which program will work better? Their secret advantage over America is seen in every day’s news headlines.

The Chinese scale may be too large to be sustainable, but "It is too early to say." The US clearly is doing some unsustainable things, particularly spending at WWII rates.

@Patriot COMSEC

Your hypothesis is plausible, but it's pretty clear that Clapper and countless others lied in a way that subverts any semblance of democracy. That is not just perjury, but includes conspiracy to violate countless laws and capital treason. It now has been repeatedly proven that the safeguards are wholly inadequate. In what is purportedly a democracy, ignoring recent election events, particularly Seth Rich's death, it is impossible for people to elect good leaders without accurate information. If Congressional and public oversight of the intelligence agencies isn't possible, that has rather dark implications. Snowden's actions (and Wikileaks and Shadowbrokers) shed some light that is critical for oversight. That eventually will lead to information that allows business intellectual property to be developed and used without concern that it is being stolen faster than it is created. If we need to look for reckless disregard for security that endangered US lives and millions of others, we wouldn't have to look any further than Hillary Clinton and her Benghazi and email scandals. The first was sufficient grounds to fire Comey and indict Clinton. The second has a lot to do with the shocking conditions in both Libya and Syria.

o Your Corporate Dependency HealthMay 21, 2017 8:42 AM

In the land of excess the human race appears spinning out of control. Profit driven Dependency Technology brings out the worst in human behavior as corporations exploits human weaknesses to maximize profits. Trust to do the right thing is replaced by pushing the envelope and forced sharing.

Effective Security ultimately depends upon trust and keeping the need-to-know loop as small as possible. Increasingly trust is evaporating as Big-Data insatiable appetite to know everything. The recent Wanna-cry solution logic offers a great example.

Every Computer Will Fail
Creating a bit-perfect images of a stable boot drive and having off-line backups is essential to speedy recovery of your computers health. Even the most serious threats can easily be recovered from. Of which malware is just one and frankly rare (don’t engage in risky behavior).
Knowing what exactly caused the failure is of secondary importance. Its typically solved by examining at the usage time-line. Any good IT department maintains these stable disk images to automate new or reinstall of ‘hosed’ computers. If it occurs several times then they replace the computer.
---
Note: In a high risk surveillance environmence restore the stable image using a new SSD periodically. Boot images are built from a computer never connected to the Internet. DRM-free Linux can become unpredictable by using different combinations of hardware. Then when connected feed computer configuration disinformation through the browsers User Agent Spoofer. Success is when Amazon and Google challenge. By using this, uBlock Origin and disabling Javascript they bad guys won't know WHAT to attack.
Note2: VPNs are only useful against corporate surveillance due to NSA black-budget sponsorships.

Why I Quit Windows
Instantly see the secret MS tracking files locations. Sort by time. Add locations to CCleaner custom: http://www.voidtools.com/faq/

More Corporate Excess: Blimp Manufacturing
http://www.businessinsider.com/amount-of-sugar-in-fast-food-beverages-2017-5#

Trust? Just Eliminate Humans Entirely
http://www.businessinsider.com/tesla-completely-inhuman-automated-factory-2017-5

PMay 21, 2017 9:11 AM

The Election Comission of India is holding a challenge where they will let political parties attempt to manipulate the votes it registers. The catch is that they cannot open up the EVMs to tamper with the hardware, but wireless interaction is admissible. With that restriction, manipulating them seems impossible to me as these are neither wireless nor network capable.
Here is the link to the challenge rules PDF document: http://eci.nic.in/eci_main1/current/ChallengeEVM20052017.pdf

War GeekMay 21, 2017 11:39 AM

And here's the latest for the 12 O'Clock news. Tin Commodities are Up!

Who?May 21, 2017 11:50 AM

@ Rachel

Thanks for sharing that information about OpenBSD.

I agree, OpenBSD is not just a secure operating system. It is a well written one too. It strictly follows standards, so it is usually a good platform to write and test portable code too (not to say, manual pages clearly mark when an extension is not portable and suggest lots of secure practices when using dangerous library functions). In my humble opinion, one of the best features of OpenBSD is its documentation. It is very nice being able to install and configure it using its manual pages and examples only, without looking for additional information on the Internet each few minutes. Quality documentation is very useful when you are working on a computer that cannot be connected to public communication networks.

Who said that a secure operating system must be difficult to use or limited on its features? OpenBSD is secure but, at same time, it is one of the best server, desktop and embedded operating systems available right now. When I used OpenBSD first time, fifteen years ago, I was not looking for a secure operating system, I was looking for a stable, well documented and easy to use operating system. Now I see security is the most important feature of OpenBSD, but it is not its only "selling point."

I know, there may be more secure operating systems out there. Some are really secure ones (e.g. Genode OS), others are just considered secure by media (Tails, Qubes OS). OpenBSD has not only been tested in real world since mid 90s, where it has demonstrated "security" is not just a buzzword, it is being used to do real work too.

OpenBSD is one of the few operating systems that had found a good compromise between security and functionality.

RachelMay 21, 2017 12:11 PM

@ Who

thankyou for the feedback. I enjoy all your contributions.
You identified particulars of so called secure OS, for example 'secure va media' in the case of Tails. Other commentators have pointed out Tails was virtually in Beta when Snowden 'revived' it; @ Ab Praeceptis has pointed out its a Debian box so should be filed under 'I' for Iron Maiden (painful death/Run For The Hills, depending)

I wonder if there is a checklist style comparison of security oriented OS in the fashion EFF.org compare features and detriments of messenging apps. In fact, just a flat out point for point comparison would be valuable. A chart like this would bring some necessary transparency to the flaws in Windows and iOS

RachelMay 21, 2017 12:18 PM

seeing as we are on the subject. it's easy to simply skim over the vast range of comments, absorbing without fulling imbibing or enquiring further.
Which was my inital take on two of the replies to the Open BSD article. I realise it's worth following them up:

@ Dorothy

I don't understand your response about the OpenBSD article I posted. Except that, potentially, you don't agree with the sentiments therein . Can you extrapolate or more clearly define your stance?

@ it..just sits there like a pet rock

You were clearer in your objections, but your post would also benefit from futher clarity. If you feel so inclined, I would value it (as maybe would others)


SamMay 21, 2017 4:53 PM

Sorry if this is off-topic,

I was wondering if you had any thoughts on the verifiability of recorded content.
We're not there yet - unless nation states are keeping it secret, but we are rapidly headed towards the point where genuine recorded video and audio is going to be indistinguisable from simulated content.
There are in this major implications for the use of video and audio as evidence that an event either did or did not occur.
The only solution that I can think of right now is the inclusion (on device) of a private key signed by the manufacturer - but that solution is only security by obscurity, and would require both that the manufacturer is trusted and that any attempt to extract the device's private key would fail one way or another.

JG4May 21, 2017 5:00 PM


some doom-porn to brighten your day

http://www.zerohedge.com/news/2017-05-20/kim-dotcom-goes-all-i-knew-seth-rich-i-was-involved

this is some of the most brilliant snark that I've ever seen on your planet. I would have included earth-crossing objects in the short list of problems to worry about, and to their credit, the billionaires have too

Class Warfare
“Notes from an Emergency” [Maciej Cegłowski, Idle Words].
http://idlewords.com/talks/notes_from_an_emergency.htm
This is really a must-read; it’s an angle on the tech world (and Haygood’s Five Horsemen) that we rarely see. Here’s a sample, and save us from squillionaires with bright ideas:
Given this scary state of the world, with ecological collapse just over the horizon, and a population sharpening its pitchforks, an important question is how this globalized, unaccountable tech industry sees its goals. What does it want? What will all the profits be invested in?
What is the plan?
The honest answer is: rocket ships and immortality.
I wish I was kidding.
...
As happy as I am to see Elon Musk and Jeff Bezos fired into space, this does not seem to be worth the collapse of representative government.
...
Now, I’m no fan of death. I don’t like the time commitment, or the permanence. A number of people I love are dead and it has strained our relationship.
But at the same time, I’m not convinced that a civilization that is struggling to cure male-pattern baldness is ready to take on the Grim Reaper. If we’re going to worry about existential risk, I would rather we start by addressing the two existential risks that are indisputably real—nuclear war and global climate change—and working our way up from there.
But real problems are messy.
World-class invective, but Cegłowski has serious and interesting policy concerns and proposals as well.

see also:

http://www.newyorker.com/magazine/2016/10/10/sam-altmans-manifest-destiny

http://www.newyorker.com/magazine/2017/01/30/doomsday-prep-for-the-super-rich

Milo M.May 21, 2017 5:34 PM

@Lawrence D’Oliveiro & @Phil --

New Zealand government pages on the feature:

http://www.mbie.govt.nz/info-services/sectors-industries/technology-communications/communications/emergency-call-services/ecli

http://www.mbie.govt.nz/info-services/sectors-industries/technology-communications/communications/emergency-call-services/ecli/ecli-faqs

Google announcement cited in the EENA post:

https://blog.google/topics/google-europe/helping-emergency-services-find-you/

"Jul 25, 2016

. . . we created the Emergency Location Service in Android. This feature, when supported by your network, sends location from your phone to emergency services when you dial an emergency number. This uses the same location technologies available to apps on your phone, including Wi-Fi, GPS, and cell towers, to produce a more reliable emergency location both indoors and outdoors.
This feature is solely for the use of emergency service providers, and your precise location is never seen or handled by Google. It is sent from your handset to emergency services only when you explicitly place an emergency call, either directly or through your mobile network.

Emergency Location Service is supported by over 99% of existing Android devices (version 2.3 out and upwards) through Google Play services. The service activates when supported by your mobile network operator or emergency infrastructure provider.

Our service is already live today for people with Android phones in the UK and in Estonia. We’ve collaborated with several mobile network operators and emergency services to make this possible."

SkepticalMay 21, 2017 9:14 PM

@Dirk: the ongoing proxy wars in Syria and Yemen, the resulting refugee crisis and wide-spread famine can all be traced back to the misguided and ill-conceived invasion of Iraq by the US and its "coalition of the willing"

Treating the Iraq War simply as a fact, leaving aside judgment as to its prudence or justice, you are mistaken in giving it place of primary cause for the Syrian Civil War and the Yemeni Civil War.

Syria: These are the series of events that precipitated the avalanche. In March 2011 a group of teenagers painted anti-regime slogans on the wall of a school in Deraa. As is SOP for the brutal regime clinging to power, the teenagers were detained and tortured. As happens from time to time when a dictator who relies on brutality to suppress most of the population, the action provoked mass protests. As might be expected, Syrian security forces fired into the crowds. But the protests continued, and grew, and in areas where the regime had inadequate forces or hatred of the regime burned particularly bright, resistance became organized, and violent.

Or do you wish to trace the entirety of the protests of the Arab Spring - including Tunisia and Egypt - to the invasion of Iraq as well?

The factors that foretell the danger of a failed state - lack of national cohesion, lack of institutional loyalty and legitimacy, brutal deprivation and suppression of a majority of the population by a minority - are present throughout the Middle East to varying degrees. They were particularly prevalent in Syria.

As to the larger global order... there is a reason why liberal democracies are close allies - even during the unpleasant exchanges prior to the Iraq War, French and German Governments furnished considerable assistance - and will continue to be. Shared political values matter - this is something difficult for those in highly corrupt systems to see or understand.

And there are reasons why authoritarian governments can be particularly dangerous.

I don't agree with all aspects of US foreign policy, UK foreign policy, or that of any other nation on earth or in history.

But what I do know is this. The West has built the most robust set of global trading institutions, and has protected and expanded democratic values and human rights against an adversary that sought - and lately still seeks - to undermine belief in such values and rights.

No society is perfect; nothing human is perfect. Compared to an ideal of perfection, all shall show poorly.

But we must be practical in our comparisons, and consider viable alternatives. Right now, I would take the human rights practices of any Western democracy over that of Russia or China, and it would be an uncommon fool who would not.

One can critique aspects of the West, and its framework, and foreign policies, without losing sight of the fact that it holds the best promise for the future of humanity.

All nations are a product of history, endowed with particular strengths, weaknesses, blindspots and insights. And - regarding the discussion of patriotism and nationalism on another thread - part of the strength of the US is the ability to form credible alliances with others, to seek positions of mutual self-interest, and, perhaps befitting a nation largely populated by immigrants and the descendants of immigrants, also the ability to understand not only the particular strengths of other nations, but to be sympathetic to the feelings of national pride the people of those nations hold.

The caricature of the American scornful of other nations is just that: a caricature.

Granted, I speak in generalities, and exceptions abound. I assure you I can find chauvinists of great ignorance in every land - they're usually just pains in the ass unless they happen to be a dictator running an aggressive and high-risk foreign policy.

ThothMay 21, 2017 10:04 PM

@ab praeceptis, Nick P, all

New (JVM/JS) programming language (Kotlin) has been added to Android as a first class (JVM/JS) language.

Not a safe language and compiles to either run on JVM via Java bytecodes or JavaScript platforms (i.e. web browsers). Bad choice of runtime environment despite claiming to be a "safe language".

Will be added to the list of the next Hoilydays nothing that although Kotlin has been labeled as a safe language, the platforms it runs on (JVM, JS Intepreters and web browsers) are a totally bad choice.

Lawrence D’OliveiroMay 21, 2017 10:14 PM

→Phil, →Milo M -- thanks for the info. So it is tied specifically to the dialling of an emergency number. That would make it difficult to exploit without, say, setting up a spoof cellphone tower.

I wonder how hard that would be ...

ab praeceptisMay 21, 2017 11:13 PM

Thoth

From my point of view kotlin is just worthless crap on a large pile of jvm/java related crap that does not even deserve a place on the golden sticker holiday cards.

mere mortalMay 22, 2017 12:26 AM

@Dorothy

Very correct. Thanks for that mention of the much more friendly Ubuntu.

This comment is for those that follow this blog (and intuitively understand the importance of the discussions here) but at the same time have day jobs and don't otherwise have time to become engineers - but still desperately want to leave MS Windows. My advise is to skip Ubuntu as a first choice and instead install Linux Mint - https://linuxmint.com/.

Although Mint might not the *bestest* choice security wise (which can equally be said for Ubuntu - in fact, Mint is built off Ubuntu), it does - in the meantime - provide an intuitive interface (i.e., an end user experience very similar to Windows) that makes it the perfect "gateway OS" for switching from Windows.

So, if you want to switch from Windows, do Mint first. For no other reason than it's the easiest/most intuitive way to do so. Once you're comfortable with Mint, then look into other OS's as time allows. I'm not a technical genius, but I do care. Deeply. I'm not at all inept, but just switching from Windows to Mint took me time. But it happened. Now I'm on to other, not perfect, but *better* practices. It's hard and frustratingly slow given everything else I've got going on. Sometimes it even seems ridiculously impossible. But I just keep going, project by project, as time allows. And that's how you can do it too.

Give yourself time, be patient. This stuff can get confusing. Don't give up. Remember, you're not a terrorist. You're not a politician. You're not a dissident. You're not a criminal. You're just someone who believes that there is such a thing as legitimate secrets/privacy. Don't let the TLA/commercial/political propaganda/lies get you down. Take back your privacy. Take back decency. Take back your home. Simply do what you have time to do to put sand in the gears of the illegitimate criminal violation of your 4th Amendment rights that is mass surveillance.

PS - Beside business clients/gaming machines, I'm 100% *OFF* Windows OS. Yea! Finally. After the Win10 fiasco, I will never, ever, trust any MS product again in my lifetime (I know, slow learner). I know this might seem "cute" to many of the regulars here, but it was not at all an casual endeavor or something I think everyone is equipped to do. But it can be done. By you. Good luck brother.

PSS And yes. OpenBSD is in the works.

ab praeceptisMay 22, 2017 12:59 AM

Thoth, all

Indeed. Good that you warn them.

I'd like to add something. If for some reason you absolutely have to use linux - which I strongly advise against - do NOT use any linux with systemd!! A quick search will show you alternatives that are at least not systemd infested.

If you can avoid linux my advice depends on your level of knowledge and time to learn. If you can go the OpenBSD route then you should. If that is too tough for you there is still FreeBSD which is less security focussed than OpenBSD (but still much more secure, solid, and reliable than linux) and quite friendly. Also note that there is even a clickediclick version (I think it's called PC-BSD). Plus, FreeBSD runs most linux programs, too (although with thousands upon thousands of FreeBSD packages you will probably not need any linux stuff).

Again: If any possible avoid systemd infested linux (which is most distributions)!

Clive RobinsonMay 22, 2017 1:26 AM

@ Thoth,

Not a safe language and compiles to either run on JVM via Java bytecodes or JavaScript platforms (i.e. web browsers). Bad choice of runtime environment despite claiming to be a "safe language".

It's no better or worse than any other language that either compiles down to CPU native executable code or gets interpreted down to native executable code. Eventually it all meets an interpreter at some point be it the Microcode in the CPU that converts to the Register Transfer Language/logic that moves the bits around or a F/J/P code machine that produces CPU native executable code.

Computer Data Security --not EmSec / side channels-- when all is said and done is about "providing constraint" on the movment of bits between mutable memory locations be they registers, cache, core memory or semi-mutable storage.

As I've noted before type-safety is in effect an illusion or conjuring trick by sleight of hand. The ALU in a CPU realy only understand the types they are built with and these days that is mainly register width words (arithmetic instructions) or subwidths there of we call integers and bits either in integer widths or as individual special function flags. From a combination of these all other data types and their methods are built up by either the CPU microcode interpreter or executable code under a programmers control.

And Type Safty thus boils down to "providing constraint" on a "programmers control" in a given code image produced by the language tool chain. Importantly "no more and no less" it's an imperfect contract based on many assumptions that may or may not hold further down the computing stack.

That is type safety stops at a point quite far up in the tool chain in the source code analyser in the front end of the compiler or interpreter.

Due to very real resource limitations in the early days of computers it was usually not possible to produce an executable code image in core memory. The solution was to break the source code into pieces and reduce each piece to an object file that contained executable code that could be linked together either to produce a final executable file (staticaly linked) to be loaded at run time or a series of files that got loaded and linked at run time (dynamic linking). It quickly became clear that in a resource constrained environment dynamically linked files offered a number of significant advantages. However there was a hidden disadvantage two different code files could link to share a block of memory that holds a non primitive type. All that got shared was a pointer to a memory location, thus it was and still is possible for the two code files to treat the contents of the block of memory differently... Thus to try to ensure this did not happen further tricks such as header files etc were added. With them came more complexity which of course opened up more edge / corner cases and loop holes to catch the unwary programmer.

And as we know treating a signed integer as an unsigned integer either implicitly or not causes problems. From what has been said this appears to be the problem that WannaCry exploited in the SMB / CIFS code that goes back to the early still collaborative days of IBM and Microsoft...

ab praeceptisMay 22, 2017 1:55 AM

Clive Robinson

I contradict.

For one, the jvm is known to be particularly lousy.

More importantly, however, your argument is flawed in that it boils down to saying that making 1 element in a chain stronger is meaningless. This is grave insofar as it is one of the major common excuses to not care at all.

Looking logically the strength of the chain we're interested in is like with any chain defined by its weakest element - which usually happens to be the link between algorithm and, say, intermediary code.

True, with the way processors and compilers (with all their stages) work the a.m. link is certainly not the only one that is less than perfect; it is, however, usually by far the weakest one. Hence, language (a compiler) that makes it hard rather than easy to produce crap makes the whole chain stronger by a considerable factor.

Just compare the rather rare Eiffel or Ada f*ckups vs the very common C/C++/java f*ckups.

That said, you are right insofar as we certainly need to invest a whole lot more care and work in the other chain links. Happily this has at least begun as efforts in e.g. chip spec/design tools show (e.g. Chisel).

Clive RobinsonMay 22, 2017 2:36 AM

@ ab praeceptis,

More importantly, however, your argument is flawed in that it boils down to saying that making 1 element in a chain stronger is meaningless.

It was not my intent to argue it that way, but to point out that the problem is something that needs attention all the way down the stack.

However as you point out the more constraint applied on the programmer the less likely there are to be errors.

But there is another issue to think about as well, which is how we deal with the issues of dynamic linking. The easiest way would be not to have pre-compiled object or library files that get linked at run time. These days where resources are not realy a limitation, just including all source code at the precompiler point in the tool chain makes more sense as type checking amongst other things becomes easier. Also it takes the burden off of the programmer, thus would reduce errors further.

Alternatively we could go another way compleatly. Which is to go down the "scripting" route. That is we have two types of programer, those who have the skill sets and mindset to code securely using low level languages and write "tasklets" and those who script together the tasklets into applications.

The advantage is that the scripting framework can provide strong monitoring and control at the communications interface between the tasklets. In effect you do in software what EmSec designers do in hardware. That is you use strong segregation and enforce a secure message passing mechanism between them to give high issolation. Idealy each tasklet runs in it's own process space so it can not get at other tasklets memory or resources.

Whilst it's not going to win any "speed demon" prizes it will make for faster application development with much higher levels of security.

CassandraMay 22, 2017 2:38 AM

Re: Google's Android Emergency Location Service (ELS)

https://blog.google/topics/google-europe/helping-emergency-services-find-you/

Unless Google have done something magical to enable fast (and I mean fast) lock on to the satellites, if you do not have the GPS already operating, it will take longer than the average Emergency Services call for a device to work out its location via GPS from cold. http://gpsinformation.net/main/gpslock.htm

This has two implications

1) This is not as useful as made out. Or, at least, make your emergency services call after you have enabled GPS and got a lock. Which might need walking outside a building. Google do have their Wi-Fi map to speed things up if they have a Wi-Fi signal in view of the device. That presupposes you have Wi-Fi turned on, too.*

2) Possibly, GPS might be enabled permanently by this, 'for emergency use only', even if your Android settings explicitly have it disabled.

Of course most folk (readers of this blog excepted) probably have GPS and Wi-Fi on all the time anyway, because it is useful and/or the default.

*Location from mobile phone transmitter masts, if your device can see signal from more than one, would also help finding an approximate location that could be fed into the GPS location calculations. This can be network-based, which requires the mobile phone service provider to work out where you are and send the info to you, or handset based, which requires the handset to have the appropriate software, which in the case of Google's Android, it could well have - See https://en.wikipedia.org/wiki/Mobile_phone_tracking and https://en.wikipedia.org/wiki/Multilateration and https://en.wikipedia.org/wiki/Trilateration

Lawrence D’OliveiroMay 22, 2017 5:27 AM

systemd-haters here, of all places? Where you would expect a quality of comment a cut above the usual blowhards who hang about elsewhere?

Tisk.

Dirk PraetMay 22, 2017 5:36 AM

@ Thoth, @ mere mortal, @ Dorothy

Currently, Linux Mint have acknowledged this lock screen issues and are working on it.

That's bug 1652489. It would appear it is still not entirely fixed. I also refer to some other woes plaguing Mint, as in not appropriately warning users trying to run the i386 version on (older) machines with processors not supporting SSE2 extensions, rendering major parts of the system unusable instead.

That said, Mint/Cinnamon indeed is a very user-friendly distribution, well-suited for Linux greenhorns. I do hope they get above mentioned stuff fixed as soon as possible. Others that come to mind for Linux first-timers are Ubuntu, Fedora and OpenSuSE.

@ ab praeceptis

Also note that there is even a clickediclick version (I think it's called PC-BSD)

It's called TrueOS nowadays. 64-bit only, and requires at least 2 Gb. of RAM to run kinda comfortable. Despite excellent hardware support and many cool features, the update/upgrade routines remain highly problematic to the point that I regularly end up with broken systems which for a novice are beyond repair. Which is why for now I definitely recommend against it for this category of users until this is fixed.

@ Rachel

@ Ab Praeceptis has pointed out its a Debian box so should be filed under 'I' for Iron Maiden (painful death/Run For The Hills, depending)

(Chuckle) They also recently played here. Great show. I'm not entirely sure what @ab's problem is with Debian based distributions. I don't find them particularly more cumbersome than the rpm based family.

JG4May 22, 2017 6:47 AM

http://www.nakedcapitalism.com/2017/05/links-52217.html
...
Big Brother IS Watching You Watch

Revealed: Facebook’s internal rulebook on sex, terrorism and violence Guardian

California Authorities Are Failing to Track and Prevent Abuse of Police Databases TruthOut

Trump Administration Deploys a Controversial Tool in Its Immigration Crackdown Truthdig

Police State Watch

The cruel but usual conditions inside two Georgia immigration detention centers The Hill (Phil U)

A predictable nuclear accident at Hanford Bulletin of the Atomic Scientists

Hanford contractor finds radioactive contamination on worker’s clothes The Oregonian

How a US Non-Proliferation Failure Became a Global Cyber Security Threat The Wire

https://thewire.in/137220/wannacry-cyber-security-threat-us-non-proliferation/

Disable Linux TrackingMay 22, 2017 8:37 AM

Linux distributions typically track user activity too.
Unlike Windows, the tracking can easily be disabled.
However attempting the straight-forward method of uninstalling packages will fail because of dependency issues.

I’ve recently disabled tracking in Fedora and Ubuntu by simply renaming the tracking executables. The following example is for Ubuntu.

Disable Ubuntu Tracking
Rename /usr/bin/zeisstopnm to zeisstopnm.bak and zeitgeist-damon to zeitgeist-damon.bak
Then delete the contents of /home/’user_name’/.local/share/zeitgeist/
Create a bookmark here in the Nemo filemanager and check occasionally

Linux Desktop Selection
The Linux kernel is common to all desktops and where the latest generation of new hardware gets is supported. For instance Kaby Lake processor optimizations.

Fedora’s ecosystem is better suited for business or corporate environment with paid support contracts. Popular consumer applications may be unsupported.

I rejected Mint because fixes and updates in technology are too slow and spotty. Debian (while stable) is worse as features can take two years to show-up. Ubuntu is just about right with two combined desktop and kernel updates a year.

Highlights of Ubuntu
Effective kill switch. Unlike Windows, disabling the network is convenient. I disable the network during boot.

Good support for Nvidia and Intel graphics drivers

The easy-to-use yet powerful Synaptic Package graphical Manager greatly expands upon the Ubuntu Software Center

A wonderful resource for improving the default desktop and applications http://www.omgubuntu.co.uk/

Kernel/driver news: https://www.phoronix.com/scan.php?page=home


Nick PMay 22, 2017 10:33 AM

Datashield: Configurable Data Confidentiality and Integrity (2017)

A lot of work has gone into automated safety of C/C++ programs. They've looked at memory and control flow especially. The remaining weakness is attacks based on clever abuse of data flows in the program. There's only been a few attempts at total solution of that problem that I'm aware of. This work transforms C/C++ programs to preserve data confidentiality and integrity with a reported 30-40% hit on performance. If their model is proven sound, then that's good news given moving key checks to hardware would probably knock that into single digits or unnoticeable given results with other, more-complex schemes.

Bootstrapping Wiki

This project by rain1 on Lobste.rs is collecting examples of compiler bootstrapping. The focus is on the simplest stuff esp that can tie in to defeating Karger's compiler-compiler attack that Thompson wrote about. In addition to what rain1 had, I've added a bunch more within the following requirements:

1. We need several since users will come from imperative (esp C/Java), scripting (esp Python/Perl), Scheme, and functional (esp ML/Haskell) backgrounds. What's easy to grasp for them depends on the background. So, one of each style. That they'll work so differently will also add a diversity benefit if the same application is run on each with equivalence check of output.

2. The target might be software already on major distros (eg bash, awk, Perl), assembly, or machine code. It might be input by hand onto an OS or by hex onto a board. Need something for each.

3. It must be small and simple enough for a non-expert to understand with as little effort as possible. This is an unknown as both the problem space and what each tool can handle set a lower bound on the complexity of the implementation. The main solution, other than simplistic algorithms, will be using the language/tools in as standard a way possible with lots of documentation on what each thing does.

We already have a nice list. The next thing we need are assembler and especially linkers coded in simple as possible way with great explanations of what they're doing. I had one assembler/linker in Python that was perfect for this but that bookmark disappeared at some point.

Empirical Study on Correctness of Formally-Verified, Distributed Systems

In high-assurance systems, certification usually mandates that many forms of verification are used since one might catch problems others missed. Sometimes, the problems are in the verification tools themselves. The authors review tools that seem to have only used formal verification on select aspects of their distributed systems. The added techniques of code/doc review, observing things in debugger, component-based testing, and network/file fuzzing caught a bunch of problems.

Interestingly, the verified code did exactly what the spec said it would. Like with CompCert, the formal verification made the implementation flawless in terms of conforming to the spec. The spec errors were mostly at interfaces as the founders of software engineering found in the 1960’s. I always say to bulletproof those by throwing everything you can afford to at them. That numerous components didn’t work the way the authors guessed reinforces why high-assurance software always lists everything in the Trusted Computing Base (TCB) along with what was verified and how. If you don’t fully understand a 3rd-party component, then there’s no way you can say your own component correctly uses the other one. This is also why projects such as deepspec.org are going from hypervisor code all the way down to the hardware. An example of a lightweight method is to build monitors for 3rd-party components that watch traces of its execution to spot inconsistencies with specifications that reflect user’s expectations. This has been used in both embedded (Copilot) and enterprise (NonStop) systems.

Why Writing Correct Software is Hard by Ron Pressler

The video and text are interesting. Ron Pressler (pron on Reddit or Hacker News) has been advocating methods such as TLA+ on the basis of formal verification being too hard, costly, time-consuming, and for small code. There's counterpoints to that with all the advances being made but he argues further that correctness does not compose. Interestingly, there's relatively recent work in mathematical proofs showing that. If true, it means mathematics isn't powerful enough to handle full correctness of large software no matter if we use modules, objects, etc to try to hide the complexity. Certain classes of problems could be verified to certain degrees in certain ways. His recommendation is empirical study of code patterns and correctness strategies to find piles of ad hoc ways of dealing with it.

I'd really like to see this work looked at by the likes of DeepSpec etc. I countered his points on inherent difficulty of *any* real-world application and lines of code so far. The first comes from fact that formal methodists keep making tools that let us automatically apply verification to protocols, algorithms, data structures, and so on. Using just the automated or low-cost stuff on what we can will help by letting us verify other stuff with verification budget saved. Far as lines of code, he's right that most projects seem to max out around 10,000 lines of code or so. This doesn't tell us anything, though, because most projects like DeepSpec have been scaling *down* to cover more and more low-level details. For all we know, they might have scaled up the same distance. I do want to see efforts attempted at 100Kloc with a bunch of interacting components to see what they end up accomplishing. Microsoft tried on Hyper-V getting about 20% verified in VCC but I haven't heard anything since.

His good points, aside from mathematical proofs, are that the challenge to respecify/verify old problems tool almost the same size and effort in each tool that was used. That hints at intrinsic complexity instead of it being a tool problem. Also, students who work on things like seL4 often say it was one of the most painful experiences they had. Many get disallusioned by the experience. That's for a tiny system, too. So, this problem of how much global correctness can compose is worth tons of study by mathematicians to see if we're just wasting our time past a certain point.

Now, all that said, I disagreed with him that all hope was lost. The recommendation of high-assurance has always been to use simple, easy-to-analyze components as much as possible. In security, we leverage a small TCB whether it's prevention, detection, or recovery. The TCB's are almost always small enough for formal verification to handle. Even if Ron is right, my recommendation of Design-for-Verification would seem to hold where you do what you can on new code, design it simple enough for current tooling to handle, and people can plug in a verified version of that TCB code later if it's deemed worthwhile. Guard functions, model-checking, and testing strategies can help with the stuff that explodes in state space.

Quick note on empirical side. What he suggests the field should do has been going on for decades under the likes of Software Engineering Institute. They got so impractical that most programmers will reflexively stay away from anything that looks like it. This could be another AI winter in our field where we'll have to very-carefully introduce empirical work to programmers that are clearly useful. The one above is a good example. I think another is that combinatorial testing paper from NIST since it showed the error distribution in N-way testing was the same for several, diverse types of applications. Just 3-way got 90+% of bugs with no more found at 6-way. I didn't expect that. I intuitively think it's quite significant with other things to teach us. Another example might be analysis of subset rules for things such as C and Java vs bugs found in real-world code to see what's helpful, when it is, and what was just bullshit guessing.

Mister T Pities the Fool jangle jangleMay 22, 2017 12:45 PM

Here's Skeptical engaging in prissy sniffing at uncommon fools that know their rights. Perhaps Skeptical can explain to us why all the common fools prefer their bowdlerized US human rights though they fail to meet the world standard of institutionalized human rights subject to independent international oversight, The Paris Principles. Russia meets those standards, how come the US can't?

No doubt Skeptical can speak for all the common fools who can explain to us why the Human Rights Committee directed the USG to interpret the ICCPR in good faith, and why the Committee Against Torture directed follow-up on multiple urgent breaches of the convention, and why systematic and widespread torture meeting the threshold of crimes against humanity is good enough for US proles.

Oh, and while you're at it, explain to us why the US government has failed to accede even to the core human rights commitments. Be sure to cite the paragraphs in the relevant documents that substantiate your heartwarming patriotic pride.

http://tbinternet.ohchr.org/_layouts/treatybodyexternal/Download.aspx?symbolno=CAT/C/USA/CO/3-5&Lang=En

http://tbinternet.ohchr.org/_layouts/treatybodyexternal/Download.aspx?symbolno=CERD/C/USA/CO/7-9&Lang=En

http://tbinternet.ohchr.org/_layouts/treatybodyexternal/Download.aspx?symbolno=CCPR/C/USA/CO/4&Lang=En

http://www.ohchr.org/EN/Countries/LACRegion/Pages/USIndex.aspx

mere mortalMay 22, 2017 3:43 PM

@Thoth, Dirk Praet, Clive Robinson, ab praeceptis, et al.

Thank you all for your feedback and commentary. I very much appreciate it.

As I mentioned, I consider Linux Mint a "gateway OS" - for those otherwise busy folks who's immediate desire to leave Windows outweighs their current technical skillset - and not as an acceptable end state OS. My most recent foray towards such an end state was Cubes. When I was initially deciding which OS to try next, I narrowed it down to a choice between Cubes and FreeBSD. I went with Cubes because I'm a sucker for the *idea* of compartmentalization (Clive, you did that - instilling the appreciation for "compartmentalization" that is, not Cubes). But given recent events/discussions here, it's becoming apparent to me that I should have went the BSD route. Oh well.


@Disable Linux Tracking

Will do. Thank you.


@...to any other, as Dirk Praet so graciously described us, "Linux greenhorns/first-timers"...

Don't let the realities of the grim state of digital security/privacy (or your *currently* lacking technical skillset) discourage you. Everyone has to start somewhere. I've been a lurker on this site since Snowden and the conversations here - although often very technically intimidating - have helped guide me to a point that I don't even recognize who I was when I first got here.

So my advise to you is this; "trend towards".

Most of us will probably never achieve the technical prowess of the regulars here. So what? That doesn't mean we can't benefit from their advice/observations for the directional value it provides. If you're not a spook, politician, criminal, guarding trade secrets, in litigation against the state/big corp, criminal, etc., then you probably enjoy the luxury of a relatively relaxed threat model. Although one (or twenty) poor technical decisions might get your bank account emptied, they're unlikely to get you killed. So use the advice here as an ideal to "trend towards", and incorporate it - to the degree you're able - into your own best practices over time.

Don't have the chops yet to take on OpenBSD? Okay, just get off Windows for now. Using the default texting app on your phone? Switch to Signal instead. Surfing the web while logged into your Google account? Stop that. Do you use a "free" commercial email service? Switch to a provider that offers a higher likelihood of respecting your privacy. Post every little detail of your life on Facebook? Stop that. Buying into the Internet of Things? Avoid it like the plague. Do you financially support the efforts of NGO's like EFF and EPIC? If not, send some cash their way. Etc. Etc. Etc. ad nauseum.

Now the regulars here will be quick to point out the inadequacy of all that (and it would be foolish not to carefully consider what they have to say), but by doing each one, you would have put yourself in an incrementally more secure/private position than where you were before. So instead of having sads because you're not bulletproof, take pride in throwing what sand you can into the gears of the illegitimate, immoral treachery that is mass surveillance. If you're reading this, you are the resistance. ;)

Milo M.May 22, 2017 6:20 PM

@ Cassandra:

Assisted GPS or Aided GPS (A-GPS) has been around for over 20 years. There are a lot of variations on the theme, but the essential concept is to send a lot of data to the mobile to speed up the navigation solution.

The navigation solution may even be accomplished at a base station and linked to the mobile.

This is 15 years old, but the two lead authors were with Global Locate, one of the pioneers of so-called Assisted GPS (A-GPS):

http://gpsworld.com/innovation-assisted-gps-a-low-infrastructure-approach/

http://www.gpsworld.com/wp-content/uploads/2012/09/gpsworld_Innovation_0302.pdf

"the real reason for implementing AGPS is customer satisfaction when using locations or E-911 services. With AGPS, the position can be computed more quickly, on the order of a few seconds."

Broadcom bought Global Locate in 2007.

More recent story, , with location times ranging from seconds to a minute:

http://gpsworld.com/emergency-112-calls-in-europe-saving-lives-with-gnss/

From the European Commission:

https://ec.europa.eu/digital-single-market/en/news/implementation-european-emergency-number-112-results-tenth-data-gathering-round

"In 2015 the UK was the first Member State to deploy AML, improving accuracy levels to up to 4000 times. The solution does not ignore the Cell-Id information that already existed but rather supplements it with either GNSS information (GPS) or Wifi information taken from the handset. AML was subsequently implemented in Estonia where the accuracy is less than 50 meters in 80% of the cases. As part of the HELP 112 project financed by the European Commission, the HELP112 solution, that is based on the AML architecture, was tested in UK, Lithuania, Austria and Italy. As a result the handset based location solution was deployed in Lithuania and parts of Austria. It is to be noted that the Advanced Mobile Location solution is available only on smartphones using the Android operational system. Latvia and Norway are planning to deploy AML location in 2017.

When an emergency call is made with a smartphone that is AML enabled, the phone automatically activates its location capability (GNSS or Wifi) during 20 seconds to establish its position and sends this information via a text message to the emergency services. The radius is 50 meters or less for most calls in about 85% of locations. This is a life-saving improvement when compared with Cell ID location that can have a radius of tens of kilometres in rural areas."

Before Global Locate, there was Snaptrack, founded in San Francisco in 1995. In 2000 they were bought by Qualcomm. Snaptrack technology, or its descendants, is in lots of Qualcomm mobiles.

https://en.wikipedia.org/wiki/SnapTrack

https://www.fcc.gov/pshs/services/911-services/enhanced911/archives/snaptrack.pdf

http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.200.4439&rep=rep1&type=pdf

AnonMay 22, 2017 7:52 PM

@Nick P:

Code Correctness: "Hiding complexity" in classes etc.. is I think a good way to end up hiding bugs, because if the complexity is hidden, so too are the traps and programming errors!

It is impossible for one programmer to understand an entire system (if anyone wants to get anything done) so this is where there seems to be a major disconnect in software development - no-one wants to talk to the guy who developed/wrote the code in the first place.

When I'm working on large systems, I talk to someone who knows something about the code I'm working with. If I spot a problem, I chase it back to the source until I get someone's attention.

It seems to me that too many programmers are taking code, accepting that it is a "black box", and not asking any questions. When it blows up, they don't ask why - they try and mask the problem with more complexity, instead of digging into why it failed.

"Root cause analysis" seems to be an alien concept to most people. It doesn't help that systems today represent the 50th layer of a broken design.

ab praeceptisMay 22, 2017 11:23 PM

mere mortal

You are welcome. It seems that my advice re. PC-BSD/TrueOs was bad as, so it seems, the "friendliness" has a high price in memory (Sorry, read about it but never used it myself). I can tell you, however, that I have practical experience with running FreeBSD in 128 MB or even less (no X). With or without X, no matter, FreeBSD will not need more memory than linux.

As you love "compartmentalization" (as you call it) you might find it interesting that FreeBSD not only has jails of fame but also it's own virtualization, "bhyve" with which I have made very good experiences. It might, however, not yet be the right thing for newbies. For them the good virtualbox support might be more attractive. Also note that virtualization seems to be one of the weak points of OpenBSD.

As for gui/desktop stuff I can't tell much because I'm utterly ignorant in that area and gladly use jwn. I know, however, that XFCE and other typical desktops are available out of the box with FreeBSD (plus there is quite a lot of guides, tutorials etc. for newbies).

ab praeceptisMay 23, 2017 12:19 AM

Nick P

"Datashield" - it's still more of a POC than something useable for production. Also note that for C they provide musl as "standard lib"; now, musl is certainly attractive but it's also rather exotic in terms of being certainly not in wide-spread use and.
Let me quote one paragraph from the paper:
As expected, without DataShield protection the client’s heap was corrupted, but with protection the attack caused a bounds violation and termination of the program.

Well, in many cases a dead server might be more desirable than a vulnerable running happily and ignorantly, but still, that's not really what a good solution looks like.

What I do like, though, is their pragma approach rather than the typical comment approach.

"Distributed System" - largely irrelevant but interesting. My personal advice would be to read it with the eyes of network software security people as the problems are often similar. A future version of cryptoverif, for example, might profit from it.

"ron pressler" - I even took the pain upon me to watch some minutes of his youtube musings. So I certainly demonstrated good will ...

Ron Pressler ... has been advocating methods such as TLA+ on the basis of formal verification being too ...

Uhzm, tla+ is for spec, not for code verif, ...

If true, it means mathematics isn't powerful enough to handle full correctness of large software no matter if we use modules, objects, etc to try to hide the complexity.

I do not see pressler in any position to credibly make statements like that (I try to avoid saying "bullsh*t!").

(also for the rest) Granted, I have not yet done really large projects with my current tool set but that doesn't even matter. And btw. all in all my productivity has not been lower but about the same or even somewhat higher than before working in, say, naked C (plus lots of experience). Simple reason: One must look at the *complete* dev. cycle - which in normal (e.g. C) development usually doesn't even end at GA because de facto the end users typically are doing the final beta test ...

As for the students hating a formal dev. approach, so what; they lack experience and, importantly, they are a product of rather poor education and the habits and views developped there. Looking properly at it one can't but notice that at some point in time one just has to properly spec, so why not doing it right in the first place?

RatioMay 23, 2017 4:35 AM

@Dirk Praet,

The entire Middle East is on fire because of the Iraq War? Is that what you are saying?

That is exactly what I'm saying.

Then could you tell me, country by country, what fires are/were there in Bahrain, Cyprus, Egypt, Iran, Iraq, Israel, Jordan, Kuwait, Lebanon, Oman, Palestine, Qatar, Saudi Arabia, Syria, Turkey, the United Arab Emirates, and Yemen that you think are due to the Iraq War? How would you explain the causal link in each case?

Again, isn't what you're saying a bit facile?

As you apparently think it's okay to just pretend I said more than I did, to compensate I'll go ahead and pretend you said less than you did. (Please don't do that.)

CassandraMay 23, 2017 6:24 AM

@Milo M.

Thanks for that.

Note that the enhanced speed and accuracy of location services described for the EU are for Android phones only, and AGPS also requires external input to the phone - in the implementation described, several SMS messages. It's not impossible that the Android ELS is getting AGPS-style augmentation messages when activated.

I keep location services disabled on my Android devices, even though the software continuously nags me to turn them on, as I prefer to choose when I make my location available to software I do not control. Most people don't bother. It is truly astounding how people have accepted having their location tracked.

Thanks again for the additional details.

Cassie.

JG4May 23, 2017 7:01 AM


I think that it's pretty clear that the US and others helped to destabilize Libya, Syria and Ukraine. I am skipping over the ancient history where the Shah was installed in Iran and Saddam Hussein was hand-picked and trained by various intelligence agencies. Speaking of hand-picked, it's hard to believe that Idi Amin was a good choice, but the bright young psychopaths get things done. US, European, Japanese and Chinese monetary policy had a role in driving up the price of grain, which destabilized Egypt and Tunisia, and other places where people live on $2 a day. It even caused riots in Mexico.

http://www.zerohedge.com/news/2017-05-22/dnc-affiliates-increase-involvement-seth-rich-case-after-wheeler-claims

Clive RobinsonMay 23, 2017 8:22 AM

Terrorist bombong Manchester UK

The UK Manchestr Police have confirmed that a bomb that exploded in the foyer of the Manchester Arena last night was by a terrorist suicide bomber. It is still unknown if the person was working alone or not, however another 23year old man has been arrested from the fallow feild district and a controled explosion was carried out.

The audience at the concert by American singer and actress Ariana Grande were mainly teenagers / young people, some children as young as 8.

So far reported are 29 dead and 59 injured some very serious, many are still reported as missing. The bomb exloded towards the end of the concert.

https://www.theguardian.com/uk-news/live/2017/may/22/manchester-arena-ariana-grande-concert-explosion-england

The media are making special note of the "American artist" and that it is the worst terrorist attack in the UK since 7/7. Some are making an "American" link between this attack and that which occured at the Eagles of Death Metal concert in the Bataclan theatre in Paris a year and a half ago.

TatütataMay 23, 2017 8:55 AM

@Wael:

Aaargh!

I thought I had been diligent enough in checking out this story, but I forgot to look here. The story is even older than I thought.

In my defense, I was rather ill at the date this item came through, so I may not have seen it back then.

Last night I wanted to get my daily dose of trump madness from US media, but got instead the coverage of the Manchester murders. There was the usual assortment of babbling torsos filling up the time between erection pill commercials with their "wisdom" and "expertise", and the continuous looping of video snippets. Why am I watching this? Then came on a particular torso who said that this was a consequence of communications "going dark" because of that treacherous non-patriotic un-American "encryption" stuff.

At that point I switched off the telescreen and tried to go back to sleep.

Google is a has-beenMay 23, 2017 10:26 AM

World's largest advertising company is running out of ways to increase shareholder profit.

Shouldn't be much of a surprise considering that the company does not produce much of anything of "value", except adverts and corporate PR articles (like those about Google IO 2017 that portray lame AI solutions as "intelligent").


Google starts tracking your offline shopping — what you buy at stores, in person
http://www.latimes.com/business/technology/la-fi-tn-google-ads-tracking-20170523-story.html

AlanS May 23, 2017 11:50 AM

Special relationship: I've seen various comments that British government briefing US counterparts on Manchester investigation and details immediately leaked to US media.

AlanSMay 23, 2017 11:59 AM

Guardian:

Police confirmed the 22-year-old’s identity after officials in the United States passed it to news reporters, apparently against the wishes of the police and security services in the UK.

SystateMay 23, 2017 1:49 PM

Google is a has-been
When you thought shit couldnt get any realer from google. I am pretty sure this system can be beaten with cash. But i am pretty sure that is somewhere on their chopping block list. Once cash is gone you have 2 options, get with the program or live in the caves.

Clive Robinson
Sad but what do you expect. And i am pretty sure their response is and has always been the same. More bombs.

GahMay 23, 2017 2:40 PM

@qb preceptis, mere mortal, turns out FreeBSD needs a snazzy sticker of its own.

https://vez.mrsk.me/freebsd-defaults.txt

On the other hand, it's somewhat usable until something updates and it explodes. (c.f OpenBSD, which is so gosh-darn secure that people just never update it.)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.