Friday Squid Blogging: "How the Squid Lost Its Shell"

Interesting essay by Danna Staaf, the author of Squid Empire. (I mentioned the book two weeks ago.)

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on October 20, 2017 at 4:24 PM • 103 Comments

Comments

ttsOctober 20, 2017 11:08 PM

Regarding an old windows 7 notebook:

1) Since it hasn't been updated since around 2015 or 2016, is there a way to partially update windows 7 security updates to a point short of excessive telemetry in a straightforward manner?

2) It is already trying to upgrade mse.

3) Should I leave it as is, image the partitions with dd, and then check for malware with malwarebytes, and subsequently access the internet partially with guests in virtualbox (in other words not bother with trying to partially patch security updates from Microsoft)?

4)Any ideas of what you would do to a fairly nice, approximately 2012 intel box, that you don't plan to have anything important on, but use for surfing the web at coffee shops, demos, chatting with family, friends, and clients and so on.

4b) I guess I could duo boot or triple boot with it, but I am trying to "kiss" so I am tending towards running other oss from usb thumb drives or maybe by swapping out the hdd.

5)Krack could be a pain in the a$$ regard ing this, or need it be, if I try to only use windows 7 to access a wifi hotspot (with ff or chrome, etc., if necessary) and then use the guest vms for further access to the web.

6) Of course I could always boot from knoppix, lps, etc., for web access and mainly keep Windows offline and just install libreoffice, password safe, kepassx, gpg4win, virtualbox, and so on for offline use.

7) Programs and Features show an Intel ME program. The notebook is a consumer device (I think). Any best reference for how to deal with me or amt type issues?

I look forward to hearing from you.

TatütataOctober 21, 2017 7:02 AM

According to the German language ZDnet, more than 1000 different sites impose the cryptocurrency-mining Javascript "Coinhive" unto their visitors, commandeering their power and computing resources looking for "Monero"-coins, therefore constituting a form of malware.

A link to a server called "http://whorunscoinhive.com" is included, which allows its users to check whether a given site is loaded with that crap. There is also a list of previously detected domains, which seems to consists of porn, clickbait farms, file sharing directories, and suchlike, but also including the occasional "serious" site.

There is a possibility that this payload could be foisted on the multitudes in a malvertising campaign, but this wasn't searched for.

Virus scanners don't look for this payload, but a few ad-blockers apparently are.

I'm a bit surprised that in this age of custom-built miners and asphalt-scorching GPUs that using Javascript running mostly on power-limited smartphones could even be seen as a workable proposition, even when the purloined resources are "free". Maybe what wouldn't work for BitCoin anymore still might Monero?

TatütataOctober 21, 2017 7:33 AM

I came across several other links this apparently recent trend of hijacking user resources for cryptocurrency mining.

CallMeLateForSupperOctober 21, 2017 8:35 AM

Previous post mysteriously edited.

It should have read something like this:
Yet one more case of malware that absolutely relies on Javascript in order to infect your system. Simply DIS abling Javascript from running in your browser will deny a growing list of nasties from getting a foothold.

TatütataOctober 21, 2017 9:10 AM

"infect your system" isn't exactly the right way to put it, as the pest dies as soon as the browser window is closed.

A countermeasure might be to disseminate phony scripts to pollute the server with phony results.

IIRC, SETI@home had to include proof-of-work and anti-spoofing measures to counter just that problem. There was apparently a kind of hall of fame for significant contributors, and some people were vain enough to vandalize the facility just to get on that list.

Of course, checking a returned hash is much less computationally demanding than verifying the integrity of a batch of FFT computations, so it might not be very effective.

If mining-for-play really is a viable model, then let's bring this out in the open, with an efficient application running in the background that barters access to sites with computations.

But this would bring proof-of-work issues. Even if the work was performed, if one found a nugget of cryptocurrency while panning hashes, why wouldn't one keep it for oneself, while only turning in fruitless scans?

Simply DIS abling Javascript from running in your browser will deny a growing list of nasties from getting a foothold.

Yeah, sure.

To the incredibly obvious I will add my own incredibly obvious:

This would render a whole sh*tload of sites unusable, including, alas, many government services, banks, etc., for which there is no substitute.

I don't understand why it is so difficult to throttle resources between browser threads, or shutting tabs and windows them down when they're not in the foreground.
Opera seems better at this than other browsers.

MikeAOctober 21, 2017 10:37 AM

@Tatütata
-----
This would render a whole sh*tload of sites unusable, including, alas, many government services, banks, etc., for which there is no substitute.
-----

Alas, this is indeed true, but need it be? If your bank started imposing ever more onerous requirements for doing business with them:

ATMs "gamified". Odds of successful withdrawal, or acknowledged deposit, set in favor of the house?
Formal wear required for non-ATM transactions?
Only serve accounts ending in an odd digit MonWedFri, even digits TueThurSat?
Nude selfie must be provided on account opening?
Withdrawals over (unpublished and subject to change without notice) limit require "in person verification" of above?

At what point do you consider switching to a non-hostile bank?
Not that this solution is available in re government. Even if you can move, the set of non-hostile governments is shrinking at an alarming rate.

albertOctober 21, 2017 11:52 AM

@Tatütata,
"...Opera seems better at this ..."
Before Opera drank the Chromium-aid, it allowed you to kill/unkill Javas*** from within a webpage (F12 was the key)

My banks site uses Javascript (Adobedtm is also used, but I don't allow it, and the site functions without it). It's probably safe to allow a legit site to use its own script, but I don't allow any others.

@MikeA,
"...At what point do you consider switching to a non-hostile bank?..."
I'm only familiar with my banks online presence. Are there others that use Facebook, Twitter, and other BS scripts? I don't use a phone or wifi for banking. That's simpler then switching banks, especially if you have a business, and 21 bills to pay each month:)

. .. . .. --- ....

Clive RobinsonOctober 21, 2017 12:26 PM

@ MikeA, Tatütata,

Nude selfie must be provided on account opening?

I always remember the Futurama episod "A Fish full of Dollars" from the first series,

Fry walks into "Big Apple Bank" to see if his old account was still valid. He hands over his card and the young lady says "We don't have your retina or rectal scan on file, do you remember your pin number"...

The thing is the irony of 'ass'uming the equivalence of the "something you are" (rectal scan) compared to "what you know (the price of a cheese pizza and soft drink at the pizza parlour he worked at and used as his pin number).

TatütataOctober 21, 2017 12:34 PM

At what point do you consider switching to a non-hostile bank?

Pray tell me, are there any?

And how do you choose a bank in general?

You can't really assess their online banking before you actually have an account. Asking the plastic droid with a tie about, say, whether their site is festooned with Google Analytics links (mine is, yech) won't get you very far.

It may sounds like a strange connection, but thinking about it, I became a customer of my current bank fundamentally for the reason that my great-grandfather was a corporate lawyer 120 years ago.

RatioOctober 21, 2017 5:19 PM

A Suspected Network Of 13,000 Twitter Bots Pumped Out Pro-Brexit Messages In The Run-Up To The EU Vote:

Researchers have uncovered new evidence of networks of thousands of suspect Twitter bots working to influence the Brexit debate in the run-up to the EU referendum.

The findings, from researchers at City, University of London, include a network of more than 13,000 suspected bots that tweeted predominantly pro-Brexit messages before being deleted or removed from Twitter in the weeks following the vote.

The research – which is published in the peer-reviewed Social Science Computer Review journal and was shared exclusively with BuzzFeed News – suggests the suspected bot accounts were eight times more likely to tweet pro-leave than pro-remain content.

[...]

The new evidence of bot activity comes at a time of mounting concerns in the UK and US around campaigns of election interference. Last week, [Conservative MP Damian] Collins announced he would call representatives of social media sites into parliament to answer questions on whether Russia or other actors influenced the Brexit vote or general election through fake news or similar means.

Separately on Thursday, Labour MP and former culture secretary Ben Bradshaw called for a parliamentary inquiry into whether Russia had influenced either 2016's Brexit vote or 2017's general election, either through online efforts or "dark money".

(Clearly British academics and MPs have been recruited and are now propagating the manufactured hysteria of the American MSM campaign Reds Under the Bed.)

justina colmenaOctober 21, 2017 5:34 PM

https://www.cnbc.com/2017/10/20/us-laptops-in-checked-bags-pose-fire-explosion-risk.html

homeland security is so paranoid that they are once again freaking out of their minds about laptop computers on airplanes — i know these people — they are not concerned about explosion or fire — absolutely not: if that were a legitimate concern, the manufacturers of said laptop computers would be even more paranoid of the potential civil liability — no, what the government is really scared about is information, cryptology, cryptography, freedom of speech, and freedom of the press — these things must be repressed under the [Alt]+[–>] white nationalist regime of the united states.

now i'm ready to start looking for keyboard scan codes for such a politially explosive key combination.

Clive RobinsonOctober 21, 2017 5:58 PM

@ Ratio,

Clearly British academics and MPs have been recruited and are now propagating the manufactured hysteria of the American MSM campaign Reds Under the Bed.

Hmm, honestly does that article sound like "Reds Under the Bed" "hysteria"?

The article only mentions Russia twice, once in the quote,

    ... whether Russia or other actors influenced the Brexit vote or general election through fake news or similar means.

The second time in a named link.

Further it may be worth your while searching out information on Peter Theil and one of his affiliated entities "Cambridge Analitica" who apparently claimed they were involved in influencing the BREXIT vote...

Personally I'm going to wait for the researchers paper and look at it before I make real comment.

Whilst there has been US MSM "hysteria" over Russia if you want to call it that. It appears to actually be aimed not at Russia but the current somewhat controversially elected President. We have actually seen clear attempts (Steel dossier funded) by both main parties to "dig and dish dirt" on Donald Trump during the election run up.

The thing is there are many claims "Russia did xxx" or "Russia did yyy" but as I've consistently noted there is little or no relevant evidence. Unless evidence can be shown wgo it was it could have been any one of several other Nation States. The list is long but China, Iran, North Korea could just have easily been "fingered". The simple fact is that there is a concerted effoet to point all evils at Russia recently. Not long ago it was North Korea and prior to that China, with Iran being an ever present "second favourit".

What we need is both Research and Evidence that can be tested and in effect proved to a "beyond doubt" level. We've not had this at all whilst Obama was President, nor so far since Trump has been President. It all just boils down to what is in effect "play ground name calling". Which I think many would agree is not the way to run a Nation State that makes many claims about it's "Democratic" and "justice" processes that it has stated it wants the world to adopt...

ClipperOctober 21, 2017 6:22 PM

What do you think of HAP bit setting to disable Intel ME? I am tempted to buy a modern laptop and give it a try.

Now I wonder if there is something similar for the computrace trojan most business laptops come with.

RatioOctober 21, 2017 7:21 PM

@Clive Robinson,

Whoosh?

Personally I'm going to wait for the researchers paper and look at it before I make real comment.

Knock yourself out: The Brexit Botnet and User-Generated Hyperpartisan News by M.T. Bastos and D. Mercea, as accepted by Social Science Computer Review.

So much verbiage, so little initiative. (Journal name + "brexit botnet" ⇒ pay dirt.)

JonKnowsNothingOctober 21, 2017 9:09 PM

This article claims a company has removed some "annoying aspects" from Intel CPUs. I'm not familiar enough with their claims and how it all works but I was surprised to see anything at all being offered on this hardware level.


ht tp://www.theregister.co.uk/2017/10/21/purism_cleanses_laptops_of_intel_management_engine/

(url fractured to prevent auto-run)

Purism CEO Todd Weaver characterized Intel's Management Engine as "the bane of the security market since 2008."

His company is offering its Librem 13 XXXXXX and Librem 15 XXXXX laptops with the Intel Management Engine verifiably turned off, something it has been able to do because its machine run the open source coreboot firmware and because of findings published by Positive Technologies in August. The Librem laptops, by the way, feature physical switches that electrically disconnect the microphone and webcam, and Wi-Fi and Bluetooth hardware, from the rest of the computer as a privacy defense.


Handle_xOctober 21, 2017 9:11 PM

@ Ratio

It's in the interest of the anti-western trolls (including Putin) to financially cripple the UK while driving a wedge in the EU (and thus NATO). Yes, they tried to do this.
It's in their interest to attack US diplomats in retaliation for other attacks on them.
There is an ongoing investigation into how they did this.

It's also in their interest to drive a wedge between American society and its government, between races and ethnicities and religions, and sow doubt into our Democratic processes. Yes, they did this. There is evidence of the attempt.

The US has plenty of boogeymen right now in case you somehow missed it. If the government were simply looking for a way to drum up a crisis for war funds, North Korea seems the obviously looming choice, followed by Iran, Syria, and a bunch of other places. Your hypothesis has no intellectual spark plug from which to ignite anything.

If you one more time try to pretend Russia isn't interested in hacking, propaganda, destabilization, expansion, weakening of NATO and other competing alliances, I will one more time call you intentionally daft. Yes, Russia funds hacking and other things.

Deal with reality on reality's terms, read more. Pretending this is all "fake news" is a *-ing moron's journey towards an incredible reckoning of prison-sized proportions.

handle_xOctober 21, 2017 9:17 PM

@ Jonknows

"The Librem laptops, by the way, feature physical switches that electrically disconnect the microphone and webcam, and Wi-Fi and Bluetooth hardware, from the rest of the computer as a privacy defense."

That by itself is a reason to support them. Now I want one.

RatioOctober 21, 2017 10:30 PM

@handle_x,

If you one more time try to pretend Russia isn't interested in hacking, propaganda, destabilization, expansion, weakening of NATO and other competing alliances, I will one more time call you intentionally daft.

Looking forward to it.

Russian troll factory paid US activists to help fund protests during election:

Russian trolls posing as Americans made payments to genuine activists in the US to help fund protest movements on socially divisive issues, according to a new investigation by a respected Russian media outlet.

On Tuesday, the newspaper RBC published a major investigation into the work of a so-called Russian “troll factory” since 2015, including during the period of the US election campaign, disclosures that are likely to put further spotlight on alleged Russian meddling in the election.

[...]

“The task wasn’t to support Trump,” one of the factory’s employees told RBC. “We raised social issues and other problems that already existed in the US, and tried to shine as bright a light as possible on them.” The employee said that because Clinton was part of the current regime, she was also a target.

(Uh-oh, Reds Under the Bed has made it to Russia. Clearly this respected Russian newspaper in reality is a front for the US MIC.)

ClipperOctober 21, 2017 10:41 PM

Purism, the company behind librem, have been working on this so they could get an ME-free laptop along with coreboot. Now they are trying to produce a phone with a similar concept.

Obviously their librem laptop has many optimizations, but you can give me_cleaner script a try yourself and see if you can disinfect your laptop from ME. Usually this requires some electronics skill and some modest equipment.

handle_xOctober 21, 2017 11:07 PM

@ ratio

Now I'm curious, what do you think your recent submission there proved or disproved?

What sweeping general takeaways do you suggest we'd all glean as a result of your single point of nameless-foreign-"hacker"-source consumer-grade data there?

That Putin is a big fluffy misunderstood puppy, or Trump isn't actually being manipulated?
You seem to think your single unnamed source claiming something proves it is in fact true.

I'm not trying to change your mind if you're unable to read about these things in depth and breadth and only then come to a more nuanced and deliberative conclusion.

If you're going to believe what any single attributable or unattributable source says in contravention of a massive wall of reality proving otherwise, good for you!

Trump needs your type desperately, keep the faith and I'm sure he'll reward you with a high level cabinet position before this charade is over.

That changes nothing about Putin's capabilities or intentions, which some of us still would like to discuss at length and in detail, that is, if it's alright with you denialists?

OtterOctober 21, 2017 11:09 PM

@ handle-x

To answer your question: I am intentionally daft.

To elaborate: But I know that. Do you?

Handle_XOctober 21, 2017 11:18 PM

Bruce asked to keep the 2-party politics out of this. Nigh-impossible but we must try.

So here's basically a common sense line being drawn in the sand :

Talking about Russia's hacking capabilities vis-a-vis US security infrastructure failures IS NOT POLITICAL - until someone extrapolates a 1:1 political argument about that.

THE PROVEN FACT that Russia's ruling pseudo-apparatchik uses cyber-assets for offensive purposes IS WELL DOCUMENTED AND ALSO APOLITICAL.

"Oh the Russian boogeyman" - is a well documented meme for reasons both true and false.
Asserting it's one way or the other in some desperate political smokescreen is pathetic.
NONE of this has ANYTHING to do with Donald Trump or Republican dishonesty UNTIL someone out-of-hand denies that any of this is possible, offering nothing, claiming everything, proving nothing, and attempting to shut down or poo-pooh all discussion on it thus.

It's one-dimensional to think that POLITICS are the important consideration here!

THINK MORE.

handle_xOctober 22, 2017 12:01 AM

From previous no-detail article:

"Lee, chief executive of cyber-security firm Dragos said the report appears to describe hackers working in the interests of the Russian government. Dragos is also monitoring other groups targeting infrastructure that appear to be aligned with China, Iran, North Korea, he said.

The report said that hackers have succeeded in infiltrating some targets, including at least one energy generator, and conducting reconnaissance on their networks. It was accompanied by six technical documents describing malware used in the attacks.

Homeland Security “has confidence that this campaign is still ongoing and threat actors are actively pursuing their objectives over a long-term campaign,” the report said.
The attacker was the same as one described by Symantec in a September report that warned advanced hackers had penetrated the systems controlling operations of some U.S. and European energy companies.

Cyber-security firm CrowdStrike said the technical indicators described in the report suggested the attacks were the work of a hacking group it calls Berserk Bear, which is affiliated with the Russian Federation and has targeted the energy, financial and transportation industries."

@ Ratio

If you can help locate this "mongering" report from DHS so we can find detailed flaws in the imperialist American "logic" attributing this to Russian actors, that'd be great.
I'd love to prove my assumptions wrong on this along with the entire intelligence community that obviously made all of this up from whole cloth.

handle_xOctober 22, 2017 2:23 AM

@ Clive

"The simple fact is that there is a concerted effoet to point all evils at Russia recently."

I disagree with the characterization/premise. You are old enough to remember the 60's, yes?

Russia as "recently" is lead by an ex-KGB hardliner with known links to organized crime.
The last 3 US administrations have had trouble with Putin's actions. It's not recent.

What is recent is Putin saying "America should respect Trump" -verbatim. Yesterday.
What's recent is the House intel committee being hijacked by a "recused" troll.
There are lots of things much more recent than the Russian blackhat APT effort.

You seem to be unsatisfied with the "rest of the world's" analysis, and I respect that -
on a certain level that's wise - if you have specific knowledge the world doesn't.
To doubt something out of hand without a specific axe grinding is just ye ol' bias.


Let's look at the null hypothesis for insights :

How reasonable is it that Putin built a nationalist old-guard power base with links to organized crime and proven APT hacker group relationships carrying out campaigns against enemies of the state for literally decades... but it'd be somehow verboten for him to "meddle" in the American electoral system now denoted by its ability to be bought, because Democratic mandates really are THAT important to him?

>SOCHI, Russia (Reuters) - "Russian President Vladimir Putin said on Thursday President Donald Trump should be respected because he has a democratic mandate."

Well, I guess that proves me wrong, Putin's a stand up guy. Putin for Prez.
I had my doubts but I guess they were unfounded, he just told me so.

Wesley ParishOctober 22, 2017 3:58 AM

@Clive Robinson

The thing is there are many claims "Russia did xxx" or "Russia did yyy" but as I've consistently noted there is little or no relevant evidence.
Attribution is always a dicey question is matters like this. Fortunately there is a solution:

How Not To Treat The Tooth Fairy
http://pandora.nla.gov.au/pan/10063/20120704-0000/www.antisf.com.au/the-stories/how-not-to-treat-the-tooth-fairy.html

Later that night a massive explosion woke Auckland residents. The morning news showed a huge hole taking up most of Harry's street. His house was no longer there.
Some speculate the gangs did it. Others blame Al Qaeda or some other terrorist group. Yet others point the finger at some nameless foreign government.
They say fairies are energy beings — I blame the tooth fairy.
I'm surprised more people don't blame the tooth fairy.

Bob Dylan's Empty WheelOctober 22, 2017 12:06 PM

http://www.supremecourt.ohio.gov/rod/docs/pdf/1/2017/2017-Ohio-8242.pdf

In many ways this is just another typical 4A case but what caught my eye was the following.

In addition, Cincinnati Police Officer Timothy Bley of the fugitive-apprehension unit
testified that his unit had “access to a lot of computer programs and databases that
the average police officer wouldn’t have access to and we use those sometimes to
track people [and] try to locate them.” He testified that on the morning of February
7, 2014, using information from various databases, police were able to track phone
calls to XXXX, and “by tracking those people backwards,” were able to
identify Buck as the user of the cell phone. This involved linking people and their
connections to each other by the use of various databases. In analyzing this
information, the police were able to connect Buck as the user of the phone.

In order words, using a burner phone does not stop police from using correlation attacks on its metadata to uncover your identity. The kidnappers mistake was to use the same phone for the ransom demands as they used for other non-kidnapping related purposes.

Data stream isolation. Learn it. Practice it.

albertOctober 22, 2017 12:54 PM

@tts,

Interesting that you should mention LPS. It's lightweight (boots off of a CD (DVD not required) or thumbdrive, and the deluxe version has LibreOffice. IIRC, I couldn't get it to write to a USB device. Is that true?

@It's Russia Or It's Not Folks,

1- Truth by assertion is no truth at all.
2- Attribution is difficult or impossible.
3- Deep down, the US vs Russia thing goes way back to the anti-Communist Crusades. The Old Fossils who ran the Council on Foreign Relations established the the policy. It still exists.
4- Read Kissinger and Brzezinski in the 90's about the pivot toward Asia. Russia and China are important obstacles in that pivot. BTW, present US foreign policy on Asia and the ME is a textbook example of the worst way to do it.
5- Only fools believe Social Media, therefore, if SM influences 'elections', don't they get the kind of government they deserve?
6- The MSM and the DNC are pissed because they blew the election and they know it. They act childish and petulant. It's sad.

To dispute an assertion based on another assertion is just stupid. I'd also like to point out that there are no innocent parties among the Worlds governments. -Everybody- does it. So there is no right or wrong, no moral high ground, nothing to based your fantasies on.

There are plenty of other places where y'all can peddle your BS. Go somewhere else. You're soiling the waters here.

. .. . .. --- ....

handle_xOctober 22, 2017 3:07 PM

@info-finder

Thank you, that seems to be it.


@albert

YOU should read the link info-finder pointed out. It wasn't written by HRC, funny enough.

"2- Attribution is difficult or impossible."

Attribution is difficult always. Impossible is a word that we can't really apply.
There are unknown efforts/methods we have no way of evaluating from userland.

" Only fools believe Social Media, therefore, if SM influences 'elections', don't they get the kind of government they deserve? "

Yes, unfortunately WE ALL go down the drain WITH them. It's death by proximate idiots.
A vulnerability that affects 1/3 of the country is a problem. There's no denying it.

"The MSM and the DNC are pissed because they blew the election and they know it. They act childish and petulant. It's sad."

You're pretending the DNC has complete control of all 14 US intel agencies + Pentagon.
These are 14+ massive agencies chock full of Republicans also. ~10 million folks.
(The difference is that US.mil Republicans DO THEIR DAMN JOB and not for politics)

HRC did not invent Russia's hacking effort to explain her loss. It existed previously.

It was documented, even if you decided not to read about this for whatever reason.
We have evidence, it is attributable, and you don't even bother to read about it.
Your professed doubts are but fluffy white clouds over an actual war zone.

Why are you so implausibly unwilling to admit the fact that Trump's constant denials of involvement with Russia are constantly being disproven, that there was a substantial portion of his cabinet that LIED ON THEIR CLEARANCE FORMS, (or you know, sudden mass amnesia) and that if Trump had nothing to hide from the investigation his efforts to obstruct and publicly ridicule it only poured gasoline and lit matches under him?

Donald Trump has done more to see himself investigated and impeached simply by his public statements and illegitimate, possibly illegal actions than ANYTHING Hillary, Al Gore, Bob Ross, Fred Rogers or any other "Liberal" could ever hope to bring at him.
There's no conspiracy to impugn Trump's credibility - unless he's himself in on it.

None of this proves or disproves Russia's APT actors are involved in various campaigns to undermine US interests including our fungible election system. We have evidence.
You have bupkis, unreasonable and dishonestly presented pseudo-doubt.

I don't care who you vote for or what direction your flag blows.
Stop making excuses for known bad actors. It's just cowardly.

handle_xOctober 22, 2017 3:42 PM

"I'd also like to point out that there are no innocent parties among the Worlds governments. -Everybody- does it. So there is no right or wrong, no moral high ground, nothing to based your fantasies on."

Actually there IS still right and wrong AND moral high ground, ongoing.

This IS NOT a morality-based investigation into righteousness of hacking, Putin, Trump.
This is an investigation into high crimes and in fact treason, obstruction, et al.

You will not make it all go away by pretending that it didn't happen, can't be proven, and ultimately doesn't matter because ALL THREE of those are plainly shown to be false. If an autocratic regime can influence the outcome of US elections then our system is broken.

How we acknowledge, assess and repair this situation ongoing is the important part of it.
It would be nice to have people wanting to help that rather than obstruct it for politics.

"Don't look at voting systems or even acknowledge they're vulnerable, everyone does it."
"Don't investigate emoluments, corruption, blackmail angles from foreign adversaries."
"Don't look into the reason the leader of the free world is provably lying, daily."

That's not good enough for MY politics and it's also not good enough for YOUR politics.
NOT GOOD ENOUGH, DAMMIT.

Maybe someday, if your trope and mine both work together towards an accountable gov't,
instead of undermining that for political gotcha points as if that were the real goal,
maybe then we will be in a position to agree to disallow the evil, morally indefensible things
our gov't does abroad in favor of more democratic ideals.

But only if you actually want that right?

Final wordOctober 22, 2017 4:36 PM

"There are plenty of other places where y'all can peddle your BS. Go somewhere else."

Go stick your head in something warm and dark to hide from reality Albert.
We'll be here even if you have nothing of any value to add.

Clive RobinsonOctober 22, 2017 4:38 PM

@ Handle-x,

It's in the interest of the anti-western trolls (including Putin) to financially cripple the UK

It's also in the unelected EU councils interest to not just cripple, but bankrupt the UK, as they have with Greece and will probably start to do with Spain.

I won't go into the details because whilst it is of some security interest it's more about certain kleptocracy views being pushed to further other agendas. The simplistic view would be "do as we say or else".

Before I get incorrectly accused of being a Brexiter, which I am not, it's clear that certain things most definitely have to change at the undemocratic top of the EU and urgently otherwise things are going to go wrong very wrong.

But at this point there is more evidence to be found against certain US corporate individuals and the companies they control than there is against Russia or any other super power. Maybe they are less polished than the super powers or maybe they do not care if they are found out or not.

But with regards super powers, they interfere with elections in other sovereign nations as standard. It's been going on for so long now that it realy should not be attracting such rabid pointing of fingers. Especially by those in the US where interference in the politics of other nations has been going on for god alone knows how long atleast since the 1812-14 war. Then there is all the stuff in South America from Mexico down to Chile and all stops in between. Then there's the Middle East and Asia with supporting puppet regimes. The US likes to belive it's "The Worlds Policemen" others see it as backing corrupt dictators, police states and thus the disappearance or death of millions, stealing natural resources and sending corporate private armies much like the "strike breakers" and "Union Busters" they let lose on ordinary US citizens and still do to a certain extent. Thus many many people world wide see the US as "Evil to the core" with what appears good reason, and the reality of it is there's little the US can say against such a view point as there is more than enough historical examples that can not be argued against.

The point is it's not just Russia it's many nations where,

It's also in their interest to drive a wedge between American society and its government, between races and ethnicities and religions, and sow doubt into our Democratic processes.

Put simply if the US is fighting the US they are less likely to be interfering in other Nation States.

The problem as I've frequently noted is that of "attribution". For instance it's now clear beyond reasonable doubt that the US IC has tools for "false flag" operations against the likes of China, Iran, North Korea, Russia and others. Likewise other national SigInt agencies like the UK and Israel definitely have similar tools.

It's also easy to see that the US and other West IC/SigInt agencies have all been inside other sovereign nations systems. Thus claiming that it's nation XYZ is problematical, as any evidentiary value is at best strongly tainted if not totaly invalid as it would be quite reasonable to claim it was from "false flag" activities...

Which brings us to,

but it'd be somehow verboten for him to "meddle" in the American electoral system now denoted by its ability to be bought, because Democratic mandates really are THAT important to him?

I see no reason why President Putin or others in Russia or any other nation did not meddle in the US election in some way. It would not have been possible to not do so with the various International news agencies. Thus the real question is not that meddling happened but to what extent and can it be uniquely and definately traced to President Putin. Or can we definitively rule out all other nations who could have carried out a false flag operation, as well as the many corporations. For instance have a look at Peter Theil and his shadowy companies like Cambridge Analytica, that have actively promoted the fact they can swing elections and have claimed Brexit as a success...

The fact that Putin says,

"President Donald Trump should be respected because he has a democratic mandate."

Is not contraversial in any way, if the UKs PM Theresa May said the same thing nobody would express any surprise what so ever.

The simple fact is that by the US version of a "democratic" electrol system Donald Trump was made President. Many people may not like the result but the US democratic system produced the result. Thus the President of the US is entitled to the respect the office carries, and it realy is pointless arguing other wise.

The fact that some people in the US regard anything President Putin says with deepest suspicion and ascribe hidden meaning, kind of says more about them than it does President Putin, or any other head of state treated by them in the same way.

Neither President Trump or President Putin are "shining angels", however there are worse elected heads of state around. Any way pragmatically you are unlikely to find any angels as elected heads of state let alone shining ones.

The problem I have is that of "Rational actors", in the case of China, Iran, North Korea and Russia, their heads of state are acting as "Rational actors" in the face of US behaviour. Which has not exactly been rational for at least 70years unless you consider a permanant state of war funneling US tax payer Dollars in eye watering amounts to the MIC rational. Like it or not President Obama recognised that the US was diminishing and tried to put in place trade agreements that would have slowed the rate in various ways. Well he's gone so have any possibility of trade agrements, and the US carries on diminishing...

Under Margaret Thatcher, she and her ministers espoused the idea that the UK did not need a manufacturing industry as it was becoming a world leader in the service sector. That was the 80's the Intetnet was yet to be and now we know that the service sector moves rapidly to where there is cheap labour...

The US has likewise suffered from a major jobs drain and in effect turned it's self into a "hollowed out nation" in the process. Comming back from this state is going to be a difficult proposition. The advantage the US has with the current President is he is in reality not aligned with either of the two main US parties in outlook, so he does not carry the party baggage as such...

Thus the question of if he will be alowed to do his job unhindered. Or more likely be forced into failure by all the "reds" hysteria we see currently in the US...

Sancho_POctober 22, 2017 5:12 PM

Re “The Russians did it” (e.g. the troll factory).

OK, guys, but we must face the truth,
in this case the attribution is easy: *** Paying oligarchs are from Russia. ***

There’s no way an American oligarch would do that.
America’s very rich businessmen with political influence are too greedy.
They don’t even pay taxes.

They wait for Uncle Sam to jump in using John Doe’s taxpayer money.

Have a secure week ;-)

handle_xOctober 22, 2017 5:38 PM

@ Clive

Oh come now. I don't know what you've got dripping, but that's ridiculous.

"It's also in the unelected EU councils interest to not just cripple, but bankrupt the UK"

Ironically Brexit makes that so very, very much worse for them. Ask Boris even.
NATO and EU and UK weakened and uncooperative in one stroke. Genius - whose? Unknown.
A disastrous turn for all involved - but a gift to Putin's efforts. A pure gift.

https://www.theguardian.com/technology/2017/may/07/the-great-british-brexit-robbery-hijacked-democracy

Greece and Spain are very different economies... anyway. You're right no point there.
I agree the EU needs change - even that the Brexit campaign pushed it a tiny bit.
There were other options besides unfettered isolationism! There always were.

Point to one economist who said breaking 30-40 years of trade agreements overnight with nothing to replace them in relation to 27? nearby trading partners all at once was wise economic policy, and I'll show you a diploma mill that took his/her money.

People listened to liars pushing nationalism, intentionally faked math, ginned "facts" and it was largely a foreign funded operation. Similarities exist, some actors too.
Think about it in terms of cost/benefit. Who benefits.

https://www.independent.co.uk/news/uk/home-news/david-jones-pro-brexit-ukip-twitter-account-russia-fake-bot-troll-trump-disinformation-followers-a7920181.html


"But at this point there is more evidence to be found against certain US corporate individuals and the companies they control than there is against Russia or any other super power"

I don't know where you're drawing your charts from. You haven't seen 2% of it.
Let's be realistic and specific. International law + spycraft = room for ambiguity.

"super powers, they interfere with elections in other sovereign nations as standard."

In the "old days" we went to shooting war over it, yes. It's that serious. Realize it.


"Many people may not like the result but the US democratic system produced the result. Thus the President of the US is entitled to the respect the office carries, and it realy is pointless arguing other wise."

FALSE. There are allegations of complicity with an illegal hacking attempt, and Donald Trump saw fit to illegally try to obstruct that investigation - a high crime, in fact. In addition there are MANIFOLD legal issues with his actions in terms of propriety, Constitutionality, legality, and honesty. To deny this reality is to deny reality, full stop. Talk about pointless.

I don't want to beat a dead horse for politics. Stay back, horse corpses! I warn ye.

"Neither President Trump or President Putin are "shining angels"

Jesus Christ! Just the fact that you put them on the same pedestal for comparison...
Both are good pals with Steven Seagal I guess?

Vlad Putin is EX KGB INTELLIGENCE. Trump is blackmailed bankruptcy @FBI investigation.
Vlad Putin launches massive campaigns of destabilization. Donnie has Twitter feeds.
Vlad Putin sends assassins to poison enemies. Trump shields himself with Kelly's son.

Trump entered the election expecting to enrich himself from the losing campaign, says his confidants. He's completely underwater on his properties, he's losing money hand over fist according to Forbes business analysis, his son in law is basically trying to blackmail Qatar into bailing out his billion dollar skyscraper fails at 666 5th Ave.

You want to overlook all of this and pretend it's normal = YOU WANT TO NORMALIZE IT!
None of this is acceptable. This Neville Chamberlain act has got to stop.

Just because things have been allowed to be unaccountable in the past DOES NOT EXCUSE unaccountability ongoing nor is it a defense of it in the future. I accept none of it.

"Thus the question of if he will be alowed to do his job unhindered. Or more likely be forced into failure by all the "reds" hysteria we see currently in the US..."

Honestly Clive?

You must not read anything about this if you don't see that the reasons Donald Trump is about to be indicted and impeached ARE HIS OWN DOING, PERIOD. The single reason a special prosecutor was assigned was his FIRING of an investigator. Trump lied about it.

Even Republicans in this country, even Trump supporters are admitting that he blew it.

It's HILARIOUS that you'd sit from some other country under US protection and try to pretend that this kind of treason is normal and should be allowed to continue. Absolutely it's ridiculous. I don't question you for an occasional typo, but your logic fails. To say this is all "red scare" is just completely retarded and unsupportable.

I have to question your motive in saying it. I am compelled.

Do you believe in free and fair elections, to the best of our capacity as republics?

Or are you representing something that I cannot respect?

handle_xOctober 22, 2017 5:59 PM

"The US likes to belive it's "The Worlds Policemen"

I fully agree with this sub-point.

What's your alternative? Unchecked lawless evils worldwide, because that's "sovereign"?
Allow hacker groups to undermine democracies worldwide because we did in Iran once?

International cooperation is the only way. That is the purported reason why the US bothers to build coalitions when we do these unpopular things around the world.
That's why we need to hold ourselves to high standards and stop LYING.

Brexit and Trump are two major attacks on this notion funded by foreign propagandists,
pushing nationalism and isolationism and bad math and commonly tweeted falsehoods.
They prey on exactly the same small thinking victims of propaganda and racism.

You will find exactly zero real economists or patriots backing either one in any depth.


EvilKiruOctober 22, 2017 8:02 PM

@Humpty: Only sites that ask for your personally identifiable information need to be secured via HTTPS and even that won't make them non-hackable.

Requiring all sites to use HTTPS is just heavy-handed bull-shit.

tyrOctober 22, 2017 8:03 PM


@Clive

What I find positively amazing is those
folk who watched the last USA election
and decided 'only one thing' messed it
up. The whole thing was a comedy of errors
and dirty deeds across the board. No one
involved could be classified as sane or
rational by anyone with working neurons.

You historical analysis is correct and no
amount of mealy mouthed whitewash or
believing nationalist propaganda will
make the ugly facts go away.

Propaganda usually turns out to be lies
we wish were true that can be used as a
substitute for observations of the world
as it is.

Hope you're doing well or at least getting
better.

ShitologistOctober 22, 2017 9:12 PM

From Troy Hunt

This is the classic misconception that HTTPS is only about confidentiality and it ignores the value of both integrity and authenticity. I really don't want any of my traffic being modified by a man in the middle (such as an ISP or airport wifi) or redirected to a malicious site courtesy of dodgy DNS somewhere.

Douglas CoulterOctober 22, 2017 11:04 PM

@Clive - hope all's well with you these days. I tend to agree with your insights, and am lately seeing a lot of failure to see the big picture in those (to put it as kindly as possible) desperately trying to convince you of what we know isn't really true/important/what is going on. I'd wear it as a badge. They don't put in the effort with those who don't have an argument or a view worth attempting to tear down...What I'm seeing here seems pretty childish...of course some players are bad. That doesn't make another one good..From 30k feet, mankind has some problems, and it's no easy fix (to paraphrase Douglas Adams).

@Bruce
On the forums I run, we have a semi-unique feature that may be of some help here with this crazy politics stuff. Since it's way off base in mine - mine's about sci/tech - I can just wipe it and the IPs it comes in on...but there's a somewhat gentler way.

We made a sub-forum we call the water cooler. A thread is automatically wiped whenever there are no posts on it for awhile. Emptied like the office trashcan. It's effective to just move the crud to such a place, and let the people who aren't getting the message fight it out among themselves. When they get tired, it all blows away like smoke - and there's no one to point to at fault for that - obviously they lost interest and there's no question it was off-topic. We mods just move the fighters to their own spot, same idea as "get a room". Dunno how you'd do that here...but it's working for me.

My forums have been invite-only for some time as I'm trying to keep a certain signal to noise ratio, and a lot of people see that, and assume if all the noise is just them, the pros at my place will divert their efforts into tutoring noobs. (again, putting it kindly - I'm sure you're aware of those who ask questions only to fight about how the answer you gave is wrong...or worse, put up some argument by assertion that say, the earth is flat or there's some magic energy that would change human nature if we'd just build the gear to generate it - after all, their thinking is obviously worth more than my time money and expertise in the lab...and it's of course real since we don't have time to debunk every fool thought there is - so we're the bad guys who won't be true believers).

It's not how things work...

So we also created a subforum called the playpen.. with the same characteristics. Unlike the board as a whole, we let anyone join - but only post there, and only if they seem worth it do they get promoted and allowed to post on the main board.

It kind of stinks to have to do that.. and I'm not sure what would work here, but I thought I'd share a thing that works for us (and saves the mods a lot of work) in hopes it might help here.

JG4October 22, 2017 11:06 PM


I suggested previously that tribal living pushed human brain size into conflict with bipedalism. turns out that there is more evidence for large brain size in social groups.

Big and brilliant: complex whale behaviour tied to brain size Reuters (David L)
https://in.reuters.com/article/science-whales/big-and-brilliant-complex-whale-behaviour-tied-to-brain-size-idINKBN1CL314

I probably already posted this with some ranting about Bernays, Goebbels, Atwater and Rove. it's all psyops, all the time.

The Legacy of Reagan’s Civilian ‘Psyops’
https://consortiumnews.com/2017/10/13/the-legacy-of-reagans-civilian-psyops/

this response may vary according to density of dangerous snakes. I had noticed the response in a kid who had never seen a snake or heard the word.

Itsy Bitsy Spider…: Infants React with Increased Arousal to Spiders and Snakes
https://www.frontiersin.org/articles/10.3389/fpsyg.2017.01710/full

further proof that the FBI are dirty and always have been. the guy has had some high profile clients.

http://news.wgbh.org/2017/10/17/silverglate-how-robert-mueller-tried-entrap-me
...
Mueller walked into the room, went to the head of the table, and opened the meeting with this admonition, reconstructed from my vivid and chilling memory: “Gentlemen: Criticism of the Bureau is a non-starter.” (Another lawyer attendee of the meeting remembered Mueller’s words slightly differently: “Prosecutorial misconduct is a non-starter.” Either version makes clear Mueller’s intent – he did not want to hear evidence that either the prosecutors or the FBI agents on the case misbehaved and framed an innocent man.)

further proof that the FBI always have been dirty

http://news.nationalgeographic.com/2017/10/elizebeth-friedman-codebreaker-nazi-spy-fagone/
...
Jason Fagone rescues this extraordinary woman’s life and work from oblivion in his new book, The Woman Who Smashed Codes. When National Geographic caught up with Fagone by phone, he explained how Friedman, like Alan Turing, broke the Enigma codes to expose a notorious Nazi spy, how J. Edgar Hoover rewrote history to sideline her achievements

further proof that the FBI are dirty, in a non-partisan way

https://www.judicialwatch.org/press-room/press-releases/fbi-finds-30-pages-clinton-lynch-tarmac-meeting-documents-wants-six-weeks-turn-docs/

Israel's six former heads of Shin BetOctober 23, 2017 4:31 AM

@ Israel's Rocket Man

"A knowledgeable assessment of nation-state cyberwarriors from one who knows"

Interesting

From https://www.democracynow.org/2013/1/29/the_gatekeepers_in_new_film_ex

"Amidst a spate of killings by Israeli forces of unarmed Palestinians in the occupied West Bank, we turn to the stunning Oscar-nominated documentary, “The Gatekeepers.” The film brings together six former heads of Israel’s internal security agency, the Shin Bet, collectively speaking out for the first time ever."

ttsOctober 23, 2017 5:12 AM

@Albert

"Interesting that you should mention LPS. It's lightweight (boots off of a CD (DVD not required) or thumbdrive, and the deluxe version has LibreOffice. IIRC, I couldn't get it to write to a USB device. Is that true?"

Some thoughts ablout LPS:

https://en.wikipedia.org/wiki/Lightweight_Portable_Security
https://spi.dod.mil/LPS-Public_for_DoD.htm

I know a retired veteran, well past 65 years of age, who was having all sorts of problems with windows malware. I gave him an old version of LPS and he was off and running, except for losing "everything" every time he turned off his computer.

IIRC, especially since I have neither used LPS lately nor the current version of LPS, :

LPS might have "phoned home" somewhere on boot-up, at least when used as a guest in virtualbox.

I was unable to get to root or use sudo.

Back then the documentation may have required a windows machine to make a portable usb thumbdrive.

Does anybody have more current experience with the current version of LPS?

Does anybody know the best practices for the layman to wipe, test or prepare a usb thumb drive for installation of a read-only OS on it?

Regardless Tails and LPS may be worth considering for amnesiac systems with an aim to disallow malware to the installed pc hardware.

CassandraOctober 23, 2017 7:00 AM

@Clive

I hope you are, or will soon be, out of hospital and well again.

Re: Before I get incorrectly accused of being a Brexiter, which I am not, it's clear that certain things most definitely have to change at the undemocratic top of the EU and urgently otherwise things are going to go wrong very wrong.

I agree that the EU needs some reform, and tend to think it is easier to reform from within (as one of a group of members) than from outside. But that aside, it made me think if an interesting security-related question this poses: Is it possible for a small nation state alone to secure its, and its population's, information in this data-intensive, always online age.

Participation in a the current international economy appears to demand profligate use of hard-to secure information. A possible counter-example is North Korea, but I'm not sure many would aspire to the standard of living of the median North Korean.

I get rather depressed at the state of security and privacy for the ordinary person, and am reminded of the restatement of the Laws of Thermodynamics

  • 0) You must play
  • 1) You can't win
  • 2) You can't even break even
  • 3) You can't leave the game.

I believe the same rules apply to securing information, and security professionals are performing Sisyphean tasks.

RachelOctober 23, 2017 8:53 AM

Captain Clive Robinson
study on police body cams

I have not looked at it. There was a fairly in depth readers comment at Naked Capitalism basically stating ' look at who ran the study. look at who their clients are. and look at said company running study with their slogan ' we put the agendas of our clients first- we disappear' something like that. They said World Bank was listed as a client

JG4October 23, 2017 9:25 AM


@Rachel - good show with the conflict of interest analysis. another red flag is the fact that the previous study had shown dramatically different results. it may be that the demographics/culture of DC is so out of sync with the rest of the US that the data cannot be used elsewhere

I remember as if it were yesterday getting mainlined with Demerol in '74. it was a warm feeling trickling from my left arm into my heart. had snapped both the radius and ulna across a brick edge about 3 to 4 cm back from the wrist joint. the doc pulled them apart by grabbing the wrist and forearm and wiggled them back together. the Demerol didn't do much to take the edge off that, but it was quite pleasant. you probably won't grow enough addiction neuronal pathways from one injection to make a difference. not sure if we've seen any discussion of the volatility of fentanyl, but it is famous for two reasons. one is the Russian theater rescue where it was applied to a crowd, and the other is that many anesthesiologists inadvertently became addicted, because of the fumes from patients. it's another matter to exploit the cognitive limitations of the most of the medical establishment. perhaps they should be required to try some of these things before prescribing them to patients. a fascinating read. very much in-line with how the tech industry, corporations and governments exploit the cognitive limitations of the populace

http://www.esquire.com/news-politics/a12775932/sackler-family-oxycontin/
...
In court documents, the company said it was “well aware of the incorrect view held by many physicians that oxycodone was weaker than morphine” and “did not want to do anything ‘to make physicians think that oxycodone was stronger or equal to morphine’ or to ‘take any steps . . . that would affect the unique position that OxyContin’ ” held among physicians.


handle_xOctober 23, 2017 12:24 PM

@Tyr

"What I find positively amazing is those
folk who watched the last USA election
and decided 'only one thing' messed it
up"

Except nobody said that. Certainly not here.

Even Clinton herself had dozens of reasons.
HRC was a flawed candidate, so was/is Trump.

That changes nothing about what Putin's APT teams did.

So speaking of mealy-mouthed whitewashing,
why obfuscate as if the two are equal?

Why pretend Russia's election meddling is non-serious ongoing?
I guess you're not an American, no skin in the game. Yet.

handle_xOctober 23, 2017 12:39 PM

Here's the thing, and again, this is apolitical and affects all democracies:

Whether or not Russia "changed the outcome" of the election is unknown, but what is known is they tried and had some reasonable successes in manipulating our societal dialogue.

They stole emails belonging to one candidate and published them. They stole emails belonging to the other candidate and sat on them. Generally myself, I'd prefer any public official's emails ARE put out there one way or another. AND TAX RECORDS. Along with education information, whether they beat their dog/wife, the whole thing. I'd like to know at any cost, because elected leadership is what our society is based on.

(I found both candidates unsupportable and voted for neither. That's my disclosure.)

What Russia was able to do, they MAINTAIN THAT CAPABILITY. It's not a closed vuln.

It further educated them for future attacks. Their success was unexpected perhaps initially but now it's basically unthinkable that they WOULDN'T do this again.

There was ZERO opposition at all from the Trump administration, he called the entire notion of Russia hacking "fake" even as evidence piled up around his obese caustic manchild frame. He basically gave Putin free reign, do it again without consequences.
He literally vocalized his support of hacking elections. LITERALLY.

I don't want to see HRC "instated" as POTUS, what I want to see is election integrity maintained and improved for next time. That REQUIRES an assessment of what happened.

And if you can't manage an honest look, then you just don't belong in this effort.
And if you're an anti-US leaning European who enjoys watching DC burn under Trump?
Then you REALLY don't belong in this effort and I hope you wise up someday.

"Oh, everyone does it." = Go jump off a bridge.


handle_xOctober 23, 2017 1:21 PM

@ Coulter

"convince you of what we know isn't really true/important"


The only person who can convince you of anything is yourself.

Specifics make a case. Opine makes a gut. Resisting specifics with opine makes a mule.

Democratic process integrity is considered pretty important by most people in the world.
YMMV, do enjoy your own value criteria, but it's no more "really true" or "important"
than anyone else's, unless you'd like to be specific about why you think so.

I'd hear you out if it's not just more "nah, red scare" opine without flesh attached.
That's just gut flora.

RachelOctober 23, 2017 3:07 PM

JG4
hey, friend. Thanks for feedback. that study, It's a twist on the bodycamera angle anyway as it never occured to me they were supposed to be for protecting the civilian. I thought they were for documenting the civilian.
I did read that article already yes. nothing i can add to your comments; appreciated. very depressing! I recall the russia theatre incident - wow thats right mass dosing of hostages - because i was working in a theatre at the time coinciding with russian dignitaries actually attending the performance so there was a bit of a deal.around security. a lot of people were saying it was a set up to frame Chechyna but I'm not the person to ask.

Clive wishing you good humour rest recovery no paib and a rapid trip back home to the dead tree cave

EvilKiruOctober 23, 2017 3:29 PM

Re: Troy Hunt

I certainly learned a bunch of "new to me" things today about HTTPS.

handle_xOctober 23, 2017 3:33 PM

"is there a way to partially update windows 7 security updates to a point short of excessive telemetry in a straightforward manner?"

WSUS Offline Update + you have to individually pick out the telemetry KB's.

KB2952664 Compatibility update for upgrading Windows 7
KB2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows
KB3021917 Update to Windows 7 SP1 for performance improvements
KB3022345 Update for customer experience and diagnostic telemetry
KB3035583 Update installs get windows 10 app in Windows 8.1 and Windows 7 SP1
KB3068708 (replaces KB3022345) Update for customer experience and diagnostic telemetry
KB3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7
KB3080149 Update for customer experience and diagnostic telemetry
KB3068707 - Customer experience telemetry points
KB3050265 - Windows Update service updated to accept upgrade to W10
KB2977759 - W10 Diagnostics Compatibility telemetry
KB3044374 - W8,8.1 Nagware for W10

Or use a batch script to remove the bad ones all at once.
https://gist.github.com/xvitaly/eafa75ed2cb79b3bd4e9

AlexOctober 23, 2017 5:09 PM

Has anyone seen David Jones' (EEVBlog) latest post/rant about US government watch lists? (https://www.youtube.com/watch?v=jtTwxs8dlnQ )

He's an Australian electrical engineer who has a YouTube channel on all things electronic.

So, in 2014, he ordered from an Australian electronics parts outfit for local pickup. He places his order online then drives to the warehouse pickup counter. His order's on hold. Why? Because his name is similar to that of someone on a US government watch list. He's Australian, the company he's ordering from is Australian and is a subsidiary of a UK company. He's not importing/exporting parts outside of his country...yet isn't able to pick up the parts due to a US government list.

Fast forward to 2017, different supplier, and he's getting the same pushback.

This whole thing just shows how ineffective and overreaching these watch lists have become. It's worse than McCarthyism.

Treadwell CovingtonOctober 24, 2017 1:01 AM

@ all

I have seen the future of Bruce's blog and it's handle_x. No thank you. After having a benign comment about Google and Russia deleted, I see that actual political polemics still survive if they go along with a certain political persuasion. I will continue to receive Bruce's email security updates as I have since its inception but I won't waste time sorting through this mess any longer as it's starting to resemble the ZeroHedge comment section with its paid shills from the DNC, Media Matters and other "Consequence Fest & Vehemently-Expressed Strong Differences Of Opinion Symposiums".

hmmOctober 24, 2017 3:47 AM

"After having a benign comment about Google and Russia deleted"

Bruce doesn't tend to delete benign comments in my experience.

If Bruce represents your MSM fears, you have jumped several sharks.

perhaps you meantOctober 24, 2017 4:01 AM

"someone disagreed with me and had widely accepted references included, I'm leaving"

That's a shame?

RachelOctober 24, 2017 6:19 AM

Friendly Moderator

I was hoping you would have stepped in to attend to 'handle x' , i also appreciate you have a life. The entity in question is familiar to long time readers

in light of the juvenile behaviour.
Mr Schneier perhaps one option is to put the blog on hiatus. Keep it up and available but with a message advising it will return on a certain date.
Perhaps it needs fresh energy, a new name - keep the same url. Have all the archives there for everyone to peruse. Maybe just a pause and a spring clean to rejuvenate

By the way @JG4 has been interested in a SoS offline archive. What about making a CD and retailing it? You could even include a search function that works better than the duckduckgo one. If the price was low - US$10 ? - you'd do very well indeed. plus everyone would appreciate it. If you bundled it you may sell some more books along with it

ModeratorOctober 24, 2017 7:39 AM

@hmmm, @handle_x, old-timers can be hard to recognize, especially when they're excited. Thanks for acknowledging the need to take a breather.

@Rachel, thanks for acknowledging that the moderator has a life. But no hiatus needed. Conversational overheating happens (especially over the weekend), then the focus shifts, usually without intervention.

CharlesOctober 24, 2017 9:30 AM

In today’s world, big-data has gained too much power over the masses.

So what technology subjects are off-limits in this blog? Which are considered too toxic?
How much push-back/email has their been in the affecting the moderators professional life? Is the site independent of IBM or politics or contracts?
How much personal data is now being collected? Were is the privacy policy?

Note: i do not participate in Tower of Babel political discussions except to highlight hoodwinking, deception and coverups using convenient Internet technology. For example no political or official should be using a personal email server or unsecure phone.

---
The sad fact is the most important trends in mischievous use of technology are seldom discussed, increasingly because people are on 'half-there' or are increasingly becoming afraid. We need lawmakers to write legislation preventing easily identifiable future abuses.
Look at best security practices in other countries. For example what steps is China, Russia and India taking to prevent hacking of IOT?

Who detests being forcibly cemented into the fourth quadrant where we are forced to react to daily security crisis. Is this how we want to live our lives in chaos putting out hellish fires?

We have the intelligence to rise above the selfishness and arrogance of allowing uncontrolled technology to data-rape away our privacy. The USA sadly place last here in a desperate effort to keep the economy ‘running’.

The most important first issue is to make a households fixed IP address sensitive personal data.
The second is to follow Europe’s General Data Protection Regulation (GDPR) lead in restoring citizens rights.
If America does not change course them I’m going to severely limit Internet usage.
Its consuming my life and worse its too predictable and boring.

Without new checks and balance laws, independent management and regulations which curtail greedy big-data, this trend will destroy our families, society and institutions. Is this Silicon Valleys rulers unstated goal? Society needs to debate THIS (and not mindless politics)!
http://www.eugdpr.org/

Vincent L GambinoOctober 24, 2017 9:36 AM

@Tatutata re: "This would render a whole sh*tload of sites unusable, including, alas, many government services, banks, etc., for which there is no substitute."
In Mozilla browsers one may turn all scripting (including JS) off by default by means of exensions such as NoScript and RequestPolicy, then selectively turn back on for domains when accessing a page that requires scripts to function adequately (fewer than you might think.) Not foolproof, requires experimentation, and can be tedious, but it is an at least partially effective workaround.

@justina colmena re: "homeland security is so paranoid..." You had me agreeing with you until you put the blame for the US Security State apparatus and abuse thereof solely on zealots on the right hand side of the political seesaw. An objective analysis would show you that there is no lack of interest suppressing dissent and/or free will from those on the other end of that lever.

@Clipper re:..."the computrace trojan most business laptops come with." I used CT and Absolute Manage for my employer for over a dozen years before I retired. There is no question that a dedicated C&C tool in the BIOS creates a high potential for abuse should it be compromised. It is also true that early on, CT had some serious issues with password management and authentication. However, business computing requires compromises, and the balance between manageability and security from non-employees is one of those. For example, from the owners' (the business) POV a machine that has disappeared for parts unknown falls far short of "secure." If you have evidence that supports your classification of the current version of Computrace as a "trojan" I'd like to see it (and no, I don't have any financial or other business connection with Absolute Software.)

Clive RobinsonOctober 24, 2017 10:54 AM

@ Z80,

That Matthew Green link is a good one the thing that stood out about attacking the VPN embedded device was,

    Next, the attacker must have access to some VPN or TLS traffic. It’s important to note that this is not an active attack. All you really need is a network position that’s capable of monitoring full two-sided TLS or IPSec VPN connections.

That "passive" approach is what the SigInt agencies love as they don't have to show there hand...

Some years ago I pointed out on this blog that PRNGs crypto-secure or not would be a major area of research for them. Especially embedded CS-PRNGs. Because they would "give you the keys to the kingdom"...

Of course the real question is how did the fixed key (k) get into the ANSI specification in the first place... I suspect it's another case of "finessing" the only question is by whom and how many...

It's also nice to see @Bruces old work mentioned afresh for a new generation of programers etc.

hmmOctober 24, 2017 3:46 PM

Off topic but fun :

Advice on two notes written by Albert Einstein describing his theory for happy living has sold at an auction house in Jerusalem for $1.56m (£1.19m).

The Nobel Prize-winning German-born physicist gave the notes to a courier in Tokyo in 1922 instead of a tip. He told the messenger that if he was lucky, the notes would become valuable.

http://www.bbc.com/news/world-middle-east-41742785

AlejandroOctober 24, 2017 10:03 PM

Purism has now completed its crowdfunding campaign for a FOSS smartphone, bringing in an impressive $2.1M.

https://puri.sm/shop/librem-5/

While this is no doubt sufficient to create a working Librem 5 phone, whether it will be enough to create a truly competitive brand over the long haul is another matter. Usability is the main issue that keeps most people from FOSS products. Will Todd Weaver and the Purism team take this into account? Without the ability to run Android apps in sandboxed isolation, it is very unlikely that Librem 5 will ever go mainstream. If Android apps can run in secure isolation smoothly, Purism may be able, with the right marketing, to be the one who can finally take on Apple and Android and bring a real competitor to the smart phone market.

Some people would be happy with Librem 5 being successful but obscure: having a phone that appeals to ultra-niche techies, but which can’t get mass appeal. But this flawed attitude is the very thin that keeps FOSS obscure compared to the big corporations. The reason why closed source is so much more successful than open spruce in getting market share is because the closed source developers tend to focus on utility (meeting user demand), while FOSS developers tend to focus on what they think the user should do (pushing supply on the user whether he wants it or not).

What’s more, so long as FOSS developers have this attitude, they won’t code products that will be adopted by the masses and therefore millions of people (including people who need it most) will be deprived secure, free software. That means journalists, political dissidents, and others with high security requirements will end up using non-FOSS tools because those will be the tools that actually do what they need.

Will Purism break free of the curse of the FOSS developer: perpetual obscurity? Or will Todd Weaver lead his team to revolutionize the global smart phone market? Time will tell, and so will the sales figures.

handle_xOctober 25, 2017 1:56 AM

2.1M isn't so impressive but it's a start. I hope they get some well heeled donors without the usual strings needing to be attached. It's a necessary product, 2.1M is chump change for a project of scale. Call Woz. Make the rounds. This is worthy.

"Usability is the main issue that keeps most people from FOSS products. Will Todd Weaver and the Purism team take this into account?"

Or we'll never hear from them again.

Clive RobinsonOctober 25, 2017 3:25 AM

ZDnet has an article that makes interesting reading. Titled,

    Hackers are attacking power companies, stealing critical data: Here's how they are doing it

It looks at recent attempts by a group that has left both French and Russian text strings in their attack tools. Further it appears the attackers appear to be highly organised and currently in an information gathering phase.

They are being "linked" to a group that has been doing things for quite some time with attacks assumed to be theirs going back over seven years at least.

The alert (TA17-293A) from US-Cert[1] relating to the attacks gives headline details of,

    "This alert provides information on advanced persistent threat (APT) actions targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors." and "DHS assesses this activity as a multi-stage intrusion campaign by threat actors targeting low security and small networks to gain access and move laterally to networks of major, high value asset owners within the energy sector. Based on malware analysis and observed IOCs, DHS has confidence that this campaign is still ongoing, and threat actors are actively pursuing their ultimate objectives over a long-term campaign."

With quite a bit of other more indepth explanation about how the attackers are working their way along the supply chain etc.

However the ZDnet article is a more comfortable read,

http://www.zdnet.com/article/hackers-are-attacking-power-companies-stealing-critical-data-heres-how-they-are-doing-it/

The US in particular is actually much more susceptible to this type of attack activity than many other nations infrastructure. The reason is the short term thinking by the managment of the infrastructure companies where excessive cost cutting in what are seen as "non core costs" has given rise to poor security consideration.

[1]https://www.us-cert.gov/ncas/alerts/TA17-293A

ss2dOctober 25, 2017 12:14 PM

handle_x

"WSUS Offline Update + you have to individually pick out the telemetry KB's.

KB2952664 Compatibility update for upgrading Windows 7" [...]

Thanks

For now I just took out the hdd; proceed independent of Windows Update trust.

I might boot from usb thumb drives, not just cds or dvds, however. In other words, what is the best practice for layman? How about delete partition, create partition, write 0s to the usb thumb drive, all in Tails, and then install, say *kali*, to it. Is there a straightforward way for the layman to see if the usb thumb drive firmware is fishy?

ssdOctober 25, 2017 12:26 PM

In Windows 7 Professional I am trying to delete some printer driver install packages or files. As admin I can't take over of ownership from SYSTEM. This pc came preconfigured and setup, eg. with Libre Office, etc., and may have some domain or registry stuff tweaked. Any ideas about quick and dirty ways to take over ownership of file like "c:\windows\system32\driverstore\filerepository\deletecrap.*" from SYSTEM as Administrator?

Thanks

Clive RobinsonOctober 25, 2017 2:39 PM

@ Update,

I hope Clive can walk back his opposition to the Russian involvement in the NSA worker getting his tools detected by KAV

I'm not sure I understand you.

When you say "Russian involvment" I pointed out no evidence had been offered to suppprt the claim, and I pointed out that Kaspersky's phone home would be an attractive target for SigInt agencies. It certainly was for the Israeli SigInt agency if the stories about them inside Kaspersly's systems are true.

I also suspected that if there was involvment with a Russian security service, it would be very minimal to prevent leaks.

Interestingly the link you give for Kasperskys report is not working for me.

GrauhutOctober 25, 2017 2:42 PM

Well, if this is true, what else could Kaspersky have done?

Stop producing working anti-virus software? :)


"- One of the infections in the USA consisted in what appeared to be new, unknown and debug variants of malware used by the Equation group.

- The incident where the new Equation samples were detected used our line of products for home users, with KSN enabled and automatic sample submission of new and unknown malware turned on. ...

- The last detection from this machine was on November 17 2014.

- One of the files detected by the product as new variants of Equation APT malware was a 7zip archive.

- The archive itself was detected as malicious and submitted to Kaspersky Lab for analysis, where it was processed by one of the analysts. Upon processing, the archive was found to contain multiple malware samples and source code for what appeared to be Equation malware.

- After discovering the suspected Equation malware source code, the analyst reported the incident to the CEO. Following a request from the CEO, the archive was deleted from all our systems. The archive was not shared with any third parties."

https://usa.kaspersky.com/about/press-releases/2017_preliminary-results-of-the-internal-investigation-into-alleged-incident-reported-by-us-media

Tamper TentroomOctober 25, 2017 7:09 PM

Submission omission commission or covert mission through EULAgy.

If an anti virus keeps you sleeping peacefully at night when the 99.9% it tracks is rootkits and trojans then you're prolly asleep at work.

When's the last time one caught a virus? Yada yada yada "that's a symptom of file system controls."

possible standard operating procedure- OS malware scanningOctober 25, 2017 7:32 PM

@Grauhut, @Dirk, @Clive, @Wael, @Figureitout, @Thoth, @ab praeceptis, @Sancho_P, Albert, etc.

'"Stop producing working anti-virus software? :)" please Kaspersky', said the USG.

For individuals in the land where Trump is currently president, what do you, or others, think of this operating procedure

a) image the hdd

b) download, intstall, whatever Kaspersky's free software, and scan

c) print-out results

d) restore back-up image of hdd to hdd (without free Kaspersky)

e) continue using Microsoft Security Essentials, Defender, (or perhaps nothing on Windows, BSD, Linux, or MacOS) as usual

a-e) above is similar to how, nowadays, I run Malwarebytes free, anyway

The threat model includes zealous LEOs or CIA, NSA, etc., spooks, foreign and domestic hackers and foreign LEO or spooks, and maybe more since searching for the words Tails or Tor, or using them, may be enough to
make one a person of interest.

OT, Wonderful, now I can look forward to being hacked back at, presumably, in addition to trying to fend off FBI, etc., NITs as a small business or individual user.


gordoOctober 25, 2017 11:00 PM

As of this writing, there are no NYTimes, WaPo or WSJ bylines about this morning's release by Kaspersky Lab, of its Preliminary results of the internal investigation into alleged incidents reported by US media. NYTimes does have an AP byline story posted and a Reuters byline story posted; WaPo has the AP byline story posted; and WSJ has no stories posted.

In addition, none of the above news organizations, as yet, have posted any stories on today's U.S. House Committee on Science, Space & Technology's Subcommittee on Oversight Hearing - Bolstering the Government’s Cybersecurity: Assessing the Risk of Kaspersky Lab Products to the Federal Government.

-------

NSA bloke used backdoored MS Office key-gen, exposed secret exploits – Kaspersky
Ooh, IT just got real
By Iain Thomson in San Francisco 25 Oct 2017

Analysis . . .

Asked if other security vendors were equally at risk from hacking, [Sean] Kanuck declined to answer, saying that these hearings were about Kaspersky, not other vendors. Another fact – that yet another NSA staffer took top-secret work home and lost it, which is a criminal felony – was outside of the committee's remit, according to Representative Barry Loudermilk (R-GA).

https://www.theregister.co.uk/2017/10/25/kaspersky_nsa_keygen_backdoor_office/

-------

Found on the back of a crumpled up napkin:
✓ Viability curve
✓ Anonymous sources
✓ Targeted leaks/open-source reporting
✓ Expert opinion/public opinion
✓ Plug leaks/go dark
✓ Deed done/move on

Clive RobinsonOctober 25, 2017 11:27 PM

@ mostly harmful,

Thanks for the other link.

Having read through it the only thing that strikes me as "oddly worded" is,

    Following a request from the CEO, the archive was deleted from all our systems. The archive was not shared with any third parties.

The first thought is "Why delete it?"

If taken along with,

    As a routine procedure, Kaspersky Lab has been informing the relevant U.S. Government institutions about active APT infections in the USA.

Then it's not going to take long for various journalists to notice and start building another story line about Kaspersky and the USG...

Time to get out the popcorn maker ;-)

Clive RobinsonOctober 26, 2017 2:10 AM

@ gordo,

The Associated Press (AP byline) piece on NY Times site you linked to is worth a read.

Especialy the last four paragraphs making the most interesting read about Kaspersky deleating the file,

    Even if some questions linger, Kaspersky's explanation sounds plausible, said Jake Williams, a former NSA analyst and the founder of Augusta, Georgia-based Rendition InfoSec. He noted that Kaspersky was pitching itself at the time to government clients in the United States and may not have wanted the risk of having classified documents on its network.


    "It makes sense that they pulled those up and looked at the classification marking and then deleted them," said Williams. "I can see where it's so toxic you may not want it on your systems."

    As for the insinuation that someone at the NSA not only walked highly classified software out of the building but put it on a computer running a bootleg version of Office, Williams called it "absolutely wild."

    "It's hard to imagine a worse PR nightmare for the NSA," he said.

Yes especially as the NSA appear to have brought the "PR nightmare" on it's self... Thus the question "Why did they do it?" springs to mind.

Clive RobinsonOctober 26, 2017 3:32 AM

@ gordo,

Having looked on the Intercept to see what it had said. I read,

https://theintercept.com/2017/10/25/nsa-workers-software-piracy-may-have-exposed-him-to-russian-spies/

If you look at both it and the AP article from the NYT you find the same sort of quotes from a Mr Williams...

Thus it makes you wonder how Mr Willams came to the attention of two different journalists...

However the notion of the NSA setting up honeypots to try to trap Kaspersky does suggest something else is going on...

If the Kaspersky time line is correct then the NSA somehow found out about it's "take home work bod" fairly quickly.

But more importantly it was able to get hold of IP addresses in the same range as the take home bod's ISP. This suggests either collusion with the ISP or the NSA doing things to the network upstream of the ISP. Knowing the how of what the NSA did would be quite interesting from not just a security asspect...

GrauhutOctober 26, 2017 7:59 AM

@Clive: There is another easy to miss detail - 7zip.

Poor little Igor Pavlov, now the world knows his packer is in use on NSA systems and the rest of the world will try to weaponize his software! :)

gordoOctober 27, 2017 1:13 AM

@ Clive Robinson,

Regarding Mr. Williams, a.k.a. Malware Jake, emptywheel sourced his analysis of The Shadow Brokers laundry list earlier this year.

Why a PR nightmare? Data leaks or 'freeflow' are a property of the internet. Choke points are extant and more are under construction. Internet balkanization as foregone conclusion breeds proxy fights.

Honeypots in the same IP range as the take-home bod's seem to have been designed to send a message.

JG4October 27, 2017 7:59 AM


some good content on nakedcapitalism.com today including this

https://motherboard.vice.com/en_us/article/ne3zwz/lg-vacuums-hacked-homehack

Karl has some excellent rabid up about the FBI and various scandals including email and dossier. I could have included it as a fourth part of proof that the FBI are dirty and always have been. he's blocked most TOR nodes, so I don't have the detailed link, but I'll try to remember to post it later

http://market-ticker.org

I think that someone pointed out yesterday that most folks in law enforcement are good guys. I agree, and I'd put the number at 80%. the problem, if it hasn't been articulated clearly, is that group loyalty requires those 80% to go along with the 20% when they engage in sociopathic and psychopathic activities. I won't give the examples today, but they are easy to find. a classic is Serpico, and there are countless others. group loyalty is a feature, not a bug.

RachelOctober 27, 2017 9:25 AM

JG4
your 80/20 perspective.
I have heard a theory relating to large organisations.which first came up when discussing a similar context to yours above. The rule of thirds. One third of employees are just doing their best to make it through to 1700, cut corners whenever possible, take advantage of others and stay under the radar. One third strive for promotion, to improve their surroundings and do more than is asked if them..
One third, is Goldilocks third bowl of porridge: the boring middle way just meeting expectations.

Be a team player said the spider to the flyOctober 27, 2017 11:05 AM

Force them to backdoor their products, perhaps, from

https://www.emptywheel.net/2017/10/24/ron-wyden-is-worried-the-government-will-use-fisa-process-to-force-secret-technical-changes/

"Ron Wyden and Rand Paul just introduced their bill to fix Section 702. It’s a good bill that not only improves Section 702 (by prohibiting back door searches, prohibiting the 2014 exception, and limiting use of 702 data), but also improves FISC and PCLOB.

The most alarming part of the bill, though, is Section 14. It prohibits the Attorney General and Director of National Intelligence from asking for technical assistance under Section 702 that is not narrowly targeted or explicitly laid out and approved by the court."

[...]

"This suggests that Wyden is concerned the government might use — or has used — FISA to make sweeping onerous technical demands of companies without explicitly explaining what those demands are to the Court.

The most obvious such application would involve asking Apple to back door its iPhone encryption.

As a reminder, national security requests to Apple doubled in the second half of last year."

[...]

"We would expect such a jump if the government were making a slew of new requests of Apple related to breaking encryption on their phones."

RachelOctober 27, 2017 1:26 PM

JG4
cc: potentially Clive and others also

You have mentioned Secret History of Silicon Valley a few times. I have not seen it. But I found this page

steveblank.com/secret-history/ which has a very long list of all the source material. Some very interesting reading there

JG4 I look forward to your Magnum Opus in print. Just include a slim chapter on Squid and whack one on the cover so Bruce will review it.
I am reminded of the autobio Overworld by Larry Kolb. As agent or manager for Mohommad Ali he describes arriving at a place where he can access literally any person in the world on the phone. The Agency repeatedly attempt to employ him as a contracter for this reason. His Dad was also high up in the Agency. Anyway Mr Ali only lets him write the book if he includes ample time writing of his time with Mr Ali. ( that was my Squid/Bruce ref.) Kolb got caught up in the Iran Contras. Its an extremely interesting read

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.