Friday Squid Blogging: Squid Season May Start Earlier Next Year

Squid fisherman in Argentina have asked regulators to start the squid season earlier in 2018.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on November 10, 2017 at 4:18 PM • 141 Comments

Comments

albertNovember 10, 2017 5:02 PM


"Why is a pun like the fluid in a snakes eye?"

"Because it's the lowest form of humour."

"In Medieval Times, how were punners punished?" (see what I did there)

Answer in the next Squid Blog.....

. .. . .. --- ....

Who?November 10, 2017 5:13 PM

I completely agree with this blog entry. Standards must be open to anyone so they can be reviewed by coders and better understood. Standards are the core of our communication networks and operating systems:

https://www.privateinternetaccess.com/blog/2017/11/paywalls-drive-mass-surveillance-and-give-the-nsa-an-advantage/

I would add standards must be open to anyone so they can be correctly implemented too. Sometimes implementation mistakes remain hidden because most developers do not have access to specifications. Hardware specs should be in the same boat as standards.

nobodyNovember 10, 2017 6:05 PM

So the powers that be want crypto that they can break at will. All of us want strong crypto, cause we know anything less, and everyone, from foreign governments to crackers, will constantly be breaking in. It seems like only one side can prevail.

I'm just wondering: Why don't we chain strong crypto?

Alice & Bob each have their own public/private keys. Alice is the only one with her private key. Bob is the only one with his private key. Private keys are kept strictly local. Okay, so far so good.

Now what if Alice & Bob's locally-kept private keys are stored a second time, this time encrypted with BigCompany's public key, and the encrypted result is cached strictly locally in some accessible manner if you have physical hardware access?

BigCompany now has the ability to obtain Alice & Bob's private keys. It might mean sending Alice's phone back to BigCompany just to access the protected enclave and read BigCompany's public key encrypted version of Alice's private key data, and you'd certainly have to send Alice's phone back to BigCompany to decrypt it, but it could be done.

And if there was a compromise of BigCompany's private key, they could rekey every phone (or whatever) with an over the air update. They wouldn't have to decrypt anything, just re-encrypt the already encrypted private key with a new public key.

I know a lot of folks won't like the idea of big brother being able to force open their phones. On the other hand, when we lose our keys, we're all really grateful to the locksmith who can let us in. For a fee, and completely legally aboveboard, of course.

Okay, I know there's a reason folks don't do this. I'm just not entirely clear as to what it is... Oppressive regimes maybe?

IggyNovember 10, 2017 6:13 PM

Further to the convo started at https://www.schneier.com/blog/archives/2017/11/daphne_caruana_.html#comments

@Clive, Rachel, et al:

Clive said:

Thus the soloution --of first resort-- is a manual power cycle. As this can be done in seconds it's in effect "a standard featute" to regain control. And such a proceadure should be found in one of the many aircraft manuals.

Agree. However: how many planes have been downed by a transponder fire in the last two decades? A convenient fix (the increasingly common thread in many default policies across many fields, an unforced error in all securities) --the manual cycle on/off-- is increasingly an insufficient default, as we now all know, terrorists will exploit it, at, I suspect, about the same rate as fire (I don't know where to find the stats for transponder fires, but I'd love to look at them). Old habits die hard, but die they must.

There should be, at a minimum, a demand for transponders that never spark fire and remain persistent. Redundancy, while not perfect, remains the default for NASA, with excellent reason. The same should be mandatory for passenger aircraft, of all sizes. We make landing gear mandatory, no matter how expensive. We can do the same for modern transponders.

There are at least several solutions out there to such fears, so to continue to rely on the fallback that allowed four modern commercial passenger aircraft to be commandeered to effect mass murder is, in a word, malpractice. Stubborn devotion to a facile god right makes it too easy for the industry and regulators to just keep shrugging on the status quo.

They don't call the FAA the The Tombstone Agency for nothing.

Jerome FosaaenNovember 11, 2017 9:05 AM

An interesting update to a discussion in a previous Schneier blog post about the security of autonomous automobile systems:

https://www.rand.org/blog/articles/2017/11/why-waiting-for-perfect-autonomous-vehicles-may-cost-lives.html

At MCO last night there was an incident involving a Lithium ion camera battery exploding in the vicinity of the security checkpoint, which created a panic and subsequent cascade of disruption:

https://www.forbes.com/sites/christinenegroni/2017/11/10/battery-in-bag-explodes-havoc-at-orlando-airport-ensues/#5bb19aed49cb

albertNovember 11, 2017 10:21 AM

@mostly harmful,
Incorrect, but an excellent guess!
..
@Iggy,
You might try an ntsb.gov search for transponder fires. Aircraft have multiple redundancy on critical systems. GPS will eventually serve provide redundancy for the ATC systems.

However, the pilot is still king of the aircraft, and we are subject to his/her decisions (or indecisions). Sometimes you get heroes (Sully), and sometimes you get death (pilot error, suicide by crashing). It's the human factor. The FAA is basically driven by the airline industry, just like the energy companies drive the EPA, and the chemical/drug companies drive the FDA.
. .. . .. --- ....

@ IGGY NUTNovember 11, 2017 1:11 PM

TRANSPONDERS BEING TURNED OFF DID NOT CAUSE 9/11 IN ANY APPRECIABLE WAY.

GET OVER IT.

IggyNovember 11, 2017 1:17 PM

@albert, @mostlyharmful's guess made me chuckle. Isn't there a pun festival somewhere, where punsters throw down?

I should have been more specific re redundancy. I do know that aircraft carry many redundant systems, but not in transponders, or so I understand. That GPS will eventually serve as its redundant is the very approach the 9/11 Commission decried: the eventually..when it meets the business criteria, not the safety of the passengers, not the contribution to defeating terrorists, but always the business bottom line. Thinking about the state of the pilot pool—flying too many hours, sleeping in time-shared closets, pay not commensurate with skill, experience, duties and obligations—do you think it reasonable or humane to lay yet another burden on pilots' shoulders by not remediating a problem? More and more aircraft increasingly take away god rights from pilots with computers (an arguably questionable development). Have the pilots refused to fly them?

Accepting humans warts and all, in all fields of endeavor is, of course, unavoidable. Terrorism is also a human factor.

If a pilot ruled landing gear wrong for his flight, we'd respectfully kick that pilot out of the cockpit, no matter their primacy over vessel. If pilots, airlines and the FAA would stop guarding manual override as if the baby Jesus, then superabsorbent polymer gel coated, locked transponders that self-dim upon takeoff/landing, would have happened 15 years ago.

I know: instead of fighting to make transponders less incendiary, such that it can't be used as a rationale, then why not just yank the damn things out? Glue a stinking iPhone to the instrument panel FFS.

I'm looking at the NTSB site now, which is highly interesting but so far, I'm not finding anything yet referring to “transponder fires”, though I am easily finding “engine fires.” The night is young....

IggyNovember 11, 2017 1:24 PM

@IggyNut, what they did was make finding them and interceding in any way impossible. Trolling me is not going to silence me. Don't like my comments? Then move along.

Stop the madnessNovember 11, 2017 1:30 PM

They were literally tracked by radar almost the entire time. Read about it.
Transponders did not cause 9/11. It's not close. You are debunked.

That's not the only way they track aircraft in any case.

You don't seem to see how opening old wounds related to a massive terrorist attack and injecting falsehood is going to irk some folks.

Nothing personal but you need to get a clue on this topic.

Stop the madnessNovember 11, 2017 1:34 PM


People died and you're saying transponders caused it and insinuate it could happen again because transponders still exist in the same capacity.

It's nuts. It's insulting. It's stupid. I'm trying to be nice, but you are just not concerned with what you're putting out there.

Nobody wants to silence you, you need to exercise a little self restraint.
You're not cracking open cold cases here. You're writing fiction.

Stop the madnessNovember 11, 2017 2:09 PM

FAA regulations have a kill switch on every major circuit.

Or you know, grand conspiracy pyramid stories.

Stop the madnessNovember 11, 2017 2:23 PM

"so long as anyone can flip the switch, right?"

Not anyone. Not you. Not Osama. THE PILOT OF THE AIRCRAFT. The guy in charge already.

The guy who already is responsible for all the lives on the aircraft, and can kill them any number of ways by abusing any of his responsibilities.

Don't like this arrangement, where you're at the mercy of a human being's decisions?
Then don't fly and certainly don't take a cab, boat, train, bus, or weinermobile.
If the pilot of any of those wants to kill the passengers, expect to die.

Stirring up 9/11 crackpot-ism as if it were caused by transponders having an off switch is just mindless.

Do not feed the trollsNovember 11, 2017 2:25 PM

Sometimes it is very hard but it worth it, resisting the urge to correct some controversial contributions.

Its difficult to distinguish between the person who intentionally wants to maliciously persecute others and someone who has dogmatically holds onto irrational beliefs.

The antidote may be to dilute the controversy by ignoring it and use your knowledge and expertise to engage in something one really feels fulfilled by sharing with others who are willing to correct you if you are wrong or learn from you.

We can't guarantee the accuracy and integrity of how the intended messages reach others but we choose not engage when we notice extremest views. The provocateur may be out maliciously persecute folks who he/she doesn't agree with.

Stop the madnessNovember 11, 2017 2:34 PM

"Its difficult to distinguish between the person who intentionally wants to maliciously persecute others and someone who has dogmatically holds onto irrational beliefs."

This is true.

Clive RobinsonNovember 11, 2017 6:03 PM

@ albert,

In Medieval Times, how were punners punished?

How about "Without im-pune-ity"

I've several more, but this sort of word play is something @ Wael usually jumps on like a kitten to a laser pointer spot so I'll give him a little room first

Maybe it's because he's "all bananas" at the moment due to having fingering difficulties and explaining it all away to another dialect-ic...

Note to self : "Must stop repeate, must stop otherwise people will start com-pune-ing"...

Clive RobinsonNovember 11, 2017 6:33 PM

@ nobody,

Now what if Alice & Bob's locally-kept private keys are stored a second time, this time encrypted with BigCompany's public key, and the encrypted result is cached strictly locally in some accessible manner if you have physical hardware access?

There are a couple of problems that immediately spring to mind.

Firstly "cached strictly locally" is unlikely to be a reality. Most modern devices are designed such the "communications end point" covers the whole device, thus there is no "locally" at any level unless there is a genuine strictly user enforcable "energy gap".

Secondly the user has no way of checking that the BigCompany Public Key is not "backdoored" in one of very many ways. See the Klepto-cryptography stuff developed by Adam Young and Moti Yung... It will make you think "What the heck". Or the more recent "Coppetsmith renewed" attack on the Estonian e-ID card which ATS Trchnica reported had already been improved upon bringing in not just more cards but at a lower investment per PubKey recovered as well...

When you tie the two issues together you get a realy big "Big Brother" feeling. In essence you know that if there is any legislative or technical trick available to the IC they are going to use it for access to the signed key, no if's, but's or maybe's, it's a definate. Which actually makes the idea worse than a centrally held "Key Escrow'...

Clive RobinsonNovember 11, 2017 6:42 PM

@ iggy,

There should be, at a minimum, a demand for transponders that never spark fire and remain persistent.

The original ida for IFF was a "purely passive" system. In essence it was a length of waveguide with slots cut in it at vaious points. When the radar pulse hit the waveguide the slots caused it to produce multiple echos to the radar receiver thus giving a "main return" position fix with a ghost IFF tail of pulses. It could be put in an aircraft in a place where only "ground crew" technicians could get access to it, never by anybody when the plane was in the air.

echoNovember 11, 2017 8:00 PM

I have been sold on the idea of energy gapping and degrees of assurance. I do wonder though if a systemic style of thinking can lead people into becoming trapped in other ways. Orginally, I wanted to comment and supply links to articles by prominent women on policing and social disorder but was unable to frame my comments in a way which placed them within a more reconisable security context. In a convoluted way, I suppose, I'm trying to articulate that all systems leak information and that assurance is comprised of onion rings of systems of which people are a component.

I'm none the wiser but these videos and papers were very entertaining.

Please tell me if I have strayed too far off topic.

Black Holes: the hackers of the universe?
https://www.youtube.com/watch?v=J_Mxf4X_SA4

Vlatko Vedral: Everything is information
https://www.youtube.com/watch?v=QfQ2r0zvyoA

Information Security From an Art to a Science
https://www.telematik.uni-freiburg.de/ehrungen/festkolloquium/information-security-from-an-art-to-a-science

SoK: Science, Security, and the Elusive Goal of Security as a Scientific Pursuit
https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/scienceAndSecuritySoK.pdf

Claude Shannon lecture by Prof Emeritus Robert G. Gallager
https://www.youtube.com/watch?v=neA0NJNUEfM

WaelNovember 12, 2017 4:23 AM

@Clive Robinson,

...usually jumps on like a kitten to a laser pointer spot

Need to relax my eyes a bit. Been reading for a long time, and I'm seeing triple now!

AlejandroNovember 12, 2017 6:24 AM

On Tuesday, Parity (bitcoin software creator) confessed all of its multi-signature Ethereum wallets – which each require multiple people to sign-off transactions – created since July 20 were "accidentally" frozen, quite possibly permanently locking folks out of their cyber-cash collections.


Meanwhile, "Parity updated the multi-signature wallet software following a $30m robbery...."


http://www.theregister.co.uk/2017/11/10/parity_280m_ethereum_wallet_lockdown_hack/

After considerable effort years ago I set up a bitcoin wallet, bought some Bitcoin, spent some bit coin and had a balance of $8. Then BC took off for the moon and my $8 was worth $185. I tried to cash out, but the wallet was frozen.A bug they said. The software creator went out of business. hmmmmm. My $8...gone!

So I feel the pain of those dabbling in BC and derivatives who routinely lose millions if not hundreds of millions of dollars to bugs and scams. Seems BC theft has become a worldwide bustling multifaceted criminal enterprise and no one cares, except maybe the victims. I am not seeing how BC et al could ever be real money, ever. Yet, it flies high all over the world.....?

I would also like to report my flower pot containing loose change worth, maybe, $30, is full to the top, unmolested, and if need be I could spend down at the corner store.

Isn't that what money is supposed to be: tangible, portable, widely accepted, safe tokens of exchange?

Clive RobinsonNovember 12, 2017 9:20 AM

@ Wael,

Need to relax my eyes a bit. Been reading for a long time, and I'm seeing triple now!

Hmm shouldn't that be "I'm seeing tripe now!" if you have offal eyesight ;-)

IggyNovember 12, 2017 3:29 PM

@Clive:

It could be put in an aircraft in a place where only "ground crew" technicians could get access to it, never by anybody when the plane was in the air.

That matches what I've heard from others in aviation. Thanks for the additional info, my gearnerdgeek self ran off to read up.

Per usual, the most reliable and sturdy impediment to all security fixes is the human.

JG4November 12, 2017 3:30 PM


I mentioned at least a few things that I've been slow to post. Self-defense, travel and the right to engage in commerce are so fundamental that they barely rate mention in the Constitution. They are well-established in common law as well. Protecting data and attack surfaces therein also is a fundamental right.

Self-defense is a constitutional right
https://www.washingtonpost.com/news/volokh-conspiracy/wp/2014/12/26/self-defense-is-a-constitutional-right

The Second Amendment Case for the Right to Bear Crypto
http://motherboard.vice.com/read/the-second-amendment-case-for-the-right-to-bear-encryption

I think that Nick P. posted this bread crumb

High Assurance Challenges
http://fm.csl.sri.com/LAW/2009/dobry-law09-HAP-Challenges.pdf

which could be followed to here and a lot more

https://pal.sri.com/Plone/framework/Components/learning-applications/probabilistic-consistency-engine-jw

Formal Composition Technology for Time-Triggered Systems
http://www.csl.sri.com/projects/mobies/

PVS Specification and Verification System
http://pvs.csl.sri.com/
*NEW* PVS 6.0 is now available - see the download page for details. *NEW* http://pvs.csl.sri.com/download.shtml
PVS is a verification system: that is, a specification language integrated with support tools and a theorem prover. It is intended to capture the state-of-the-art in mechanized formal methods and to be sufficiently rugged that it can be used for significant applications. PVS is a research prototype: it evolves and improves as we develop or apply new capabilities, and as the stress of real use exposes new requirements.

who can buy those?
https://gdmissionsystems.com/cyber/products/trusted-computing-cross-domain/trusted-multilevel-computing-solution

justina colmenaNovember 12, 2017 4:07 PM

bank acct hacked.

along with that "authenticator" app, a banking app disappeared off my cell phone, and my bank balance shrinks without any transactions to account for the change in balance. my online "view" of the transaction history does not include the fraudulent transaction, and the previous balance history is falsified to make up for it.

this has been going on for years and years at pretty much all banks in the u.s.

"thieves in law," not all of them russian or eastern european, are skimming off the banks. they have sufficient access to and control of banking databases, that the banks must comply with their demands for the "cream:" ransom or "protection" money.

the bankers are complicit in this "tax," because they also receive personal "protection" from the thieves in law.

CassandraNovember 12, 2017 4:18 PM

@MK. @Iggy

Try looking for fires generated from damaged insulation on energised wiring looms. The issue is not necessarily the transponder, per se, but also the wiring going to it. 115V/200V 400 Hz* 3-phase AC can be pretty energetic if it gets to the wrong places.

The 400 Hz can be nominal, and on some aircraft (e.g. Airbus A380) it varies from 360 to 800 Hz, depending on engine speed. Each of the four generators on an Airbus A380 (one per engine) can output up to 150 kVA.

Much equipment is powered by a 28V DC, which can also be at high current, and as any electrical engineer knows, DC is not self-extinguishing*, so you need properly designed breakers on DC circuits.

The Boeing 787 has 4 250kVA generators (2 per engine), 235 VAC, 360-800 Hz.

There is a lot of power that can potentially get into the wrong circuits on a modern commercial airliner. You do not want equipment on circuits that cannot be de-energised.

*AC conveniently crosses zero voltage frequently, so any sparks (plasma) tend to extinguish. DC doesn't cross zero, so a spark (plasma) can be maintained by the continuous current. This is why you need specially designed switches for DC which move the contacts quickly apart, and far enough apart to minimise spark generation. Using AC switches on DC circuits kills the switches quickly.

justina colmenaNovember 12, 2017 4:31 PM

This is why you need specially designed switches for DC which move the contacts quickly apart, and far enough apart to minimise spark generation.

That depends on the current and on the amount of time it takes the plasma from the spark to de-energize and dissipate: if the thickness and volume of the conductive plasma is sufficient, then it will remain in place and continue to carry current in the reverse direction after the zero crossing.

Some switches have their contacts submerged in oil for spark suppression.

JohnTNovember 12, 2017 4:34 PM

The 11/12/17 NY Times Magazine shows a caution road sign labeled SQUID. It's an arrow pointed up with the left and right lanes merging into a center lane.

IggyNovember 12, 2017 4:58 PM

@albert:

"In Medieval Times, how were punners punished?" (see what I did there)

'dey was punctured.

Clive RobinsonNovember 12, 2017 6:52 PM

@ Anders,

nearly every intel cpu since 2008 found vulnerable

Maybe people will now understand why I repeatedly talk about using pre 2005 or even 2000 hardware for security reasons in "energy gapped" security mode.

But people need to consider it's not just Intel playing this dirty game... Which is also why I talk about making diodes / pumps / sluices using very low cost microcontrolers and old ASCII based file formats like TXT, CSV, RTF etc.

But I'm not the only one @Nick P used to say pre 2010 PC hardware and a number of people have talked about using USB-2-serial converters and microcontrolers to do protocol checking etc.

Whilst you can not catch eveything, you can catch most "low hangong fruit" attacks and quite a few advanced attacks, rven from State level and above attackers. Because when you write your own checking code and rules you blind side tje majority of attackers (yes it's a form of security by obscurity but that can work in your favour in bespoke / unique devices).

WaelNovember 12, 2017 6:55 PM

@albert,

"In Medieval Times, how were punners punished?"

They got pounded on a Judas Cradle!

see what I did there

Punner and punish?

WaelNovember 12, 2017 7:13 PM

@Clive Robinson,

"I'm seeing tripe now!" if you have offal eyesight ;-)

The puns are killing me! I have offal eyesight, but not for tripe! I think it ranks just below cauliflower and fried Cockroaches in my book.

I had previously linked to this pun-full video. Can you count the number of puns there? Oh, wait a second! I need to find a transcript for you.

Clive RobinsonNovember 12, 2017 7:31 PM

@ Iggy,

Per usual, the most reliable and sturdy impediment to all security fixes is the human.

Also known as "(ab)users", "Custards" and similar well earned derogatory names ;-)

Or as a couple of old sayings have it, "The trouble with fool proof systems, is you can never find any fools to operate them" and "There are few things more dangerous than a user, with wire cutters and the root password".

@ Cassie,

115V/200V 400 Hz* 3-phase AC can be pretty energetic if it gets to the wrong places.

Oh if only it were at audio or lower frequencies...

Modern high efficiency light weight PSUs now run at frequencies into the bottom of the HF bands. Some used in transport vehicles like trains take in 600V DC at 1000 Amps and by using "series resonant PSUs" running in excess of 1.5MHz have realy tiny "magnetics" but at immense power densities up in the 1KW/cm range...

The problem is these RF low end HF frequencies can as an arc easilly cross five to ten times the distance that audio frequency signals can. Worse they also tend to cause break down from parasitic effects very much more readily (thus a circuit breaker when open is just a low value capacitor not an Open Circuit).

However when it comes to power switching "arcs" are plasma, that like any good conductor bend in magnetic fields. Thus a contact surounded by a suitable electromagnet can be self quenching even for DC high voltage and power, or as in the days of old mercuary vapour rectifiers[1] caused to jump from one contact to another to "ground out" etc.

[1] If you have never seen a mercury vapour arc rectifier in use you have truely missed one of the "mystic delights" that high power engineering can offer. The arc is a rich violet colour with very high UV content, and flickers like a living creature under torment over the mirror like pool of mercury. It's a very primal sight that is usually locked away in closed cabinates as it can like a welders arc or looking directly into the sun fairly quickly damage your eyes.

mostly harmfulNovember 12, 2017 10:24 PM

I have three questions about business practice norms, in certain sorts of business, and government-issued identity documents:

  1. What benefit could an employer whose business activity lies beyond the legal regime of the day (ie, a criminal employer) gain by insisting their employees present government-issued identity documents as a condition of employment?
  2. How frequent is this practice in extra-legal businesses?
  3. Are there categories of extra-legal business where this is a characteristic and prevailing norm?

I emphasise that I am asking only about extra-legal/criminal businesses requiring the presentation of government-issued identity tokens.

To lay my head canon out on the table:

  • It is my understanding that the State issues identity tokens because such tokens are indices into databases it controls, and when an agent of the State demands one be presented, there is no great mystery.
  • Likewise, when an employer conforming to the legal regime of the day demands such a token, there is no great mystery; they are thereby complying with some regulation or other, enabling the State to enforce one or another of its laws.
  • But why a party not acting on behalf of the State would demand such a government-issued token, I find this difficult to pin down.

Clearly, I lack imagination. Any clues appreciated.

RachelNovember 12, 2017 10:25 PM

the Guardian has an article about a new documentary on film actress Hedi Lamarr (?) whom filed a patent on technology that informed our gps, wifi and bluetooth She also inspired the idea behind frequency hopping as a response to allied signal operators being caught by Germans. What a gal

Clive RobinsonNovember 13, 2017 12:20 AM

@ Anders,

I hear you. Actually i'm currently writing this answer to you on 1998 PC running Windows 2000.

I still use Win2K very occasionaly because a development diagnostic tool I spent good money on, did not work on XP unless you handed out a big hunk of cash... As I only used the tool for supporting work people were running on Win2K and earlier --and in a couple of cases still are on creaky old instumentation hardware running Win3.11[1],-- I saw no reason to enrich either MS or the tool developer.

[1] This is not the oldest kit/OS I still support code I have written for. There is UCSD "P" Pascal on Apple ][ hardware going back to June 1980... Again because of instrumentation hardware that was eye wateringly expensive when it was purchased as it was built to last a quater century or more --as HP used to do back then,-- and nobody has made similar since... Oh and the equipment has "nixie tubes" in it which amazingly you can still get "new" as a guy "hand makes them" for "retro clocks" in a Czech Castle of all places,

http://www.daliborfarny.com

Clive RobinsonNovember 13, 2017 2:00 AM

@ Rachel,

... has an article about a new documentary on film actress Hedi Lamarr (?)

It's been a while since she was last mentioned here.

If memory serves correctly Hedy Lamarr's co-inventor was a concert musician and the 1940 patent application was for what we would now call "Frequency Hopping Spread Spectrum". Due to the wartime secrecy the patent although issued not just remained secret, it was also applied for in her real not stage name, thus it was only many years later that the connection was made. It turns out she was "not just a pretty face" but had a very active and fertile mind and invented many things.

She was at one time a house hold name, which is why Mel Brooks took the micky out of her in his film "Blazing Saddles" (which is very much non PC these days, and mostly remembered for "Mungo" and the "campfire bean eating" scene).

What is not clear is if she also had a hand in the invention of Direct Sequence Spread Spectrum, which was used as part of the BR-US Hotline used by Winston Chirchill to talk securely to Roosevelt. Called SIGSALY it was developrd by amongst others Alan Turing for AT&T and it went into service in 1943. It used two precisely aligned turntables to play records of "noise" and was in effect a One Time Pad cipher system.

65535November 13, 2017 3:42 AM

@ Anders and Clive Robinson

Good links and information!

I'll say that techsphot article is concerning and somewhat confusing.

Headline and sub-headline:

"Nearly every Intel CPU since Skylake found vulnerable to USB based attack
"Attack allows execution of unsigned code via USB"

"....ntel Management Engine goes unnoticed by most users, but the subsystem plays a very important role in Intel-based systems. Since 2008, nearly every CPU released by the company comes with the IME which some call a computer within your computer... Positive Technologies, can execute unsigned code on nearly any computer running the IME through USB. The attack works by exploiting the JTAG debugging ports built into the computer. Many devices including the IME and USB are connected to these ports, but they are supposed to be segmented. The researchers have discovered a way to get past these barriers and execute their code from a USB stick....[Yet] For now this is just a proof of concept that only affects Skylake (2015) and newer platforms." -Techspot

https://www.techspot.com/news/71836-nearly-every-intel-cpu-since-2008-found-vulnerable.html

The title indicates Intel ME or AMT out of band management engine is hackable since 2008 but then the writer states it only affects/effects Skylake processors starting in 2015. Do you see the contridiction in the Title and the last part of the article?

I will say this JTAG or Joint Test Action Group and it's IEEE "... Standard 1149.1-1990, entitled Standard Test Access Port and Boundary-Scan Architecture.... The interface connects to an on-chip test access port (TAP) that implements a stateful protocol to access a set of test registers that present chip logic levels and device capabilities of various parts... JTAG allows device programmer hardware to transfer data into internal non-volatile device memory (e.g. CPLDs). Some device programmers serve a double purpose for programming as well as debugging the device. In the case of FPGAs, volatile memory devices can also be programmed via the JTAG port, normally during development work. In addition, internal monitoring capabilities (temperature, voltage and current) may be accessible via the JTAG port... JTAG programmers are also used to write software and data into flash memory. This is usually done using data bus access like the CPU would use, and is sometimes actually handled by a CPU, but in other cases memory chips have JTAG interfaces themselves. " -Wikipedia

https://en.wikipedia.org/wiki/JTAG

Maxim Goryachy's twitter post with a picture of a cmd shell open and reading code from Intel's Management engine are impressive but also concerning. If Intel does get the patch out soon some real damage could be done. It looks like he used python to grab the data.

https://twitter.com/h0t_max/status/928269320064450560/photo/1

I see that the Intel management engine can contol about every aslpect of the system from passwords, to Certificates [Intel developers blog]:

"...Intel AMT functionality is contained in the ME firmware (Manageability Engine Firmware).
o The firmware image is stored in the Flash memory.
o The Intel AMT capability is enabled using the Intel® Management Engine (Intel® ME) BIOS extension as implemented by an OEM platform provider. A remote application performs enterprise setup and configuration
o On power-up, the firmware image is copied into the Double Data Rate (DDR) random-access memory (RAM).
o The firmware executes on the Intel ME processor and uses a small portion of the DDR RAM (Slot 0) for storage during execution. RAM slot 0 must be populated and powered on for the firmware to run. Intel AMT stores the following information in the Flash (ME Data):
o OEM-configurable parameters
o Setup and configuration parameters such as passwords, network configuration, certificates, and access control lists (ACLs)
o Other configuration information, such as lists of alerts and System Defense policies
o The hardware configuration captured by the BIOS at startup
o Intel AMT also manages third-party data storage (3PDS).The storage area can be allocated by independent software vendor (ISVs) for local storage of information critical to their applications.
o The Flash also contains the BIOS executable code (BIOS), as well as the executable code for the Intel® 82566DM Gigabit Network Connection (GbE Ntwk FW).
...Flash is protected against unauthorized host access by a hardware mechanism activated by the OEM during manufacturing.
...PCH (replaces MCH and ICH from pre Intel AMT 6.0) holds the filter definitions that are applied to incoming and outgoing in-band network traffic (the message traffic to and from the CPU). These include both internally-defined filters and the application filters defined by ISVs using the System Defense and Agent Presence capabilities...Intel® 82566 Gigabit Network Connection identifies out-of-band (OOB) network traffic (traffic targeted to Intel AMT) and routes it to the Intel ME instead of to the CPU. Intel AMT traffic is identified by dedicated IANA-registered port numbers...
elements interact with Intel AMT:
o The BIOS can be used to initialize Intel AMT or to reset it to its initial state. It captures platform hardware configuration information and stores it in NVM so that Intel AMT can make the information available out of band.
o The PCH sensor capability detects the state of various platform sensors, such as temperatures, fan status, and chassis integrity. Intel AMT can be configured to store and/or forward an alert when the state of any selected sensor changes or crosses a threshold.
o Software Agents (typically written by management ISVs) executing on the CPU can register with Intel AMT and report their presence to Intel AMT and to a management console using “heartbeats”. Intel AMT monitors the heartbeats and can take action when there is a problem with Agent execution.
o ISV Applications on the CPU can communicate locally with Intel AMT using dedicated drivers that are compatible with the host operating system." -Intel

https://software.intel.com/en-us/blogs/2011/12/14/intelr-amt-and-the-intelr-me/

That covers almost everything in a box and it is "Game Over" if hacked. What a headache.

I also see that Intel cleverly swiped a stripped down version of MINIX for spying from Andrew S. Tanenbaum via a confidence game:

[Tanenbaum's blog]

"Thanks for putting a version of MINIX inside the ME-11 management engine chip used on almost all recent desktop and laptop computers in the world. I guess that makes MINIX the most widely used computer operating system in the world... I got another clue when your engineers began asking me to make a number of changes to MINIX, for example, making the memory footprint smaller and adding #ifdefs around pieces of code so they could be statically disabled by setting flags in the main configuration file. This made it possible to reduce the memory footprint even more by selectively disabling a number of features not always needed, such as floating point support. This made the system, which was already very modular since nearly all of the OS runs as a collection of separate processes... Note added later: Some people have pointed out online that if MINIX had a GPL license, Intel might not have used it since then it would have had to publish the modifications to the code. Maybe yes, maybe no, but the modifications were no doubt technical issues involving which mode processes... Second note added later: ... If I had suspected they might be building a spy engine, I certainly wouldn't have cooperated, even though all they wanted was reducing the memory footprint (= chip area for them). I think creating George Orwell's 1984 is an extremely bad idea, even if Orwell was off by about 30 years. People should have complete control over their own computers, not Intel and not the government. In the U.S. the Fourth Amendment makes it very clear that the government is forbidden..."

http://www.cs.vu.nl/~ast/intel/

I'd say Tanenbaum made MINIX the most used OS but for Intel own ends and general spying by TLAs. He was scammed by Intel - and good.

Now to the Windows 2000 advantages:

"why I repeatedly talk about using pre 2005 or even 2000 hardware for security reasons" -Clive

'I hear you. Actually i'm currently writing this answer to you on 1998 PC running Windows 2000. Most modern malware don't even start on W2K.' -Anders

The is an interesting way of securing yourself. I actual have a semi working Window 2000 sp4 box but HDD is dying.

What browser and anti-virus are you using if any? Can you give us a hint on how to build such a machine? I know the Windows 2K Pro had 4 service packs and a ending rollup service pack. What level of Win 2K are you using?

[and qualapps blogspot]

"I built a C++ application to see what functions are actually being called. When examined in DEPENDS under Windows 2000, these are the functions that are undefined:
• DecodePointer
• EncodePointer
• ReleaseActCtx
• CreateActCtxW
• ActivateActCtx
• DeactivateActCtx
"...interesting thing is the DecodePointer and EncodePointer are documented as only being available in Windows XP Service Pack 2 or later. This means that the minimum system requirements for an application generated by Visual C++ 2010 is WinXP SP2, or Windows Server 2003 SP1 for server versions of Windows." -qualapps

https://qualapps.blogspot.com/2010/04/visual-c-2010-apps-dont-support-windows.html

I not the qualapps blog comments are fairly interesting. One thing is I do remember a few virus on Win 2k Pro. So, how do you deal with those old viruses?

*excuse the spelling and grammar errors. I was banging this out before work.

Clive RobinsonNovember 13, 2017 5:20 AM

@ 65535,

Can you give us a hint on how to build such a machine? I know the Windows 2K Pro had 4 service packs and a ending rollup service pack. What level of Win 2K are you using?

I use the server version, that I patched up then using a list of services (that's nolonger on the Internet) stripped it right back of most of the uunneedrd background crap. Then using "Tom's Info" made a version that would run from CD with the tool and a couple of other apps. This way it was "turnkey" for most hardware using a standard display and PS2 keyboard. Much the same sort of thing as various organisations did with NT4 through XP for making the front end for test instruments and medical equipment.

The problem is that it want's PATA not SATA and USB support is crap. The SATA 2 PATA problem involves the use of adaptors you used to be able to get to backup laptops to extetnal drives.

As for web browsing I don't do it from any of my development machines as they are most definatly not Internet connected in any way. If I need to read "marked up" on them I generaly print it out via a postscript to file device on a modern host. then move the PS file to either text (PS2ASCII or PS2RTF) using standard filters. This I then transfer via one of my instrumented serial data diodes then use the appropriate editor/viewer (W2K versions of vi and ghostscript etc).

AndersNovember 13, 2017 7:21 AM

@65535

This all depends for what purpose you want to use your w2k.
There's still lot of good software that run on w2k - HxD hex editor
for example.

Regarding browsers things are not too good as modern browsers don't
natively support w2k any more. But there's workaround if you really,
really need to browse modern web from w2k.

Here you have a list of browsers that support w2k in the way or another.

http://www.msfn.org/board/topic/175185-list-of-working-web-browsers-on-windows-2000-nt4/

But if i need to access some modern web site from w2k i use rdp or vnc to
some VM that have decent modern firefox and later i restore VM so it's always clean.

JG4November 13, 2017 9:02 AM


the latest outrage

The Issue IS NOT What's Being Discussed
http://market-ticker.org/akcs-www?post=232564

Note the talk-talk in this article:
http://www.foxnews.com/tech/2017/10/09/ubers-app-can-secretly-spy-on-your-iphone.html

The Uber app for iOS has been given a unique privilege on the operating system which allows the app to spy on the iPhone’s screen, a researcher has discovered. ZDNet reports that the Uber app can read the screen buffer in iOS, allowing it to view and potentially record anything on your iPhone’s screen without your knowledge.

The security implications are outrageous. While passwords usually aren't displayed (sort of), usernames almost always are, and if you "unmask" a password it is as well.

...[plenty more rabid follows]

HermanNovember 13, 2017 10:24 AM

The IME can be disabled with some effort, but I would very much prefer that Intel didn't do this.

Clive RobinsonNovember 13, 2017 10:42 AM

@ JG4,

ZDNet reports that the Uber app can read the screen buffer in iOS, allowing it to view and potentially record anything on your iPhone’s screen without your knowledge.

So if Uber can do this it's a fairly safe bet that various SigInt agencies and possibly even Law Enforcment Agencies as well...

Thus with that level of access to the User Interface they can read what you can and potentialy what you types as well in most cases.

Thus I wonder what the designers of Signal and WhatsApp and other communications secirity applications are going to do to stop this End Run attack right past the security end point to the plaintext in the User Interface...

Thus Uber have pushed past the phone users security end point with their communications end point.

Which kind of makes the security these apps have, fairly pointless from the total system security point of view...

Guess why I'm not supprised by this?... Could it be I've just explainrd the problem yet again less than a week ago on this very blog,

https://www.schneier.com/blog/archives/2017/11/cybercriminals_.html#c6763673

Maybe now people might just start taking this issue on board...

MartinNovember 13, 2017 11:04 AM

Old Windows - 2k, XP, etc. permitted reading and writing raw disk sectors. W7 restricted reading and writing sectors to limited number of logical sectors only, no longer could you write raw sectors from the app layer. Even with admin privileges. This had been a huge security hole.

This was likely the real reason TrueCrypt shut down. It's now considered amateur to try and hide information in unformatted partitions. And if you plug in, say, a USB drive to a W10 machine you could lose the information. Depends on how long it is attached and the amount of activity.

Bob PaddockNovember 13, 2017 11:54 AM

@Martin

"...if you plug in, say, a USB drive to a W10 machine you could lose the information. "

If you don't turn off Windows Indexing of USB devices it can brick some embedded devices that are not expecting arbitrary files to be written to them. This is one of those great "features" of Windows, started with Windows 8.1 and 10 still does it. Denial of Service attack in a way.

AJWMNovember 13, 2017 12:31 PM

Even if transponders didn't have an off switch, there are over 4000 possible codes the transponder could be set to. Good luck tracking an aircraft where the pilot is changing the codes every few seconds, especially if he's using some goofball codes which the ATC computers will usually ignore.

echoNovember 13, 2017 1:51 PM

Google is threatening removing apps from the app store which misuse Accessibility Services.

https://www.xda-developers.com/google-threatening-removal-accessibility-services-play-store/

While the use of Accessibility Services are known to cause quite a bit of lag, the real reason why Google is starting to crack down on these apps is likely related to the growing issue of exploits that take advantage of a11y. Although the apps that I mentioned above use a11y for beneficial purposes, they can easily be exploited by malicious developers for nefarious purposes. For instance, an Accessibility Service can be used to implement a keylogger, ransomware attack, or phishing exploit.

Who?November 13, 2017 1:56 PM

@ Anders, Clive, 65535 and of course anyone that wants to participate

With relation to the Intel ME bug on Skylake and later microarchitectures.

This bug reads like the one Positive Technologies will outline on next month's Black Hat conference.

Looking at the [short] description available right now, it seems that a firmware upgrade (i.e. a new UEFI BIOS release) will not fix the problem. It seems the problem is at a lower level. Our newest computers will need a microcode update at least—hope it will be possible.

Sancho_PNovember 13, 2017 5:04 PM

@Martin, Bob Paddock

”… plug in, say, a USB drive to a W[10] machine you could lose the information.”

Call this an advantage if you know about it … It’s not a bug, it’s a feature!

Clive RobinsonNovember 13, 2017 6:11 PM

@ Martin, Bob Paddock,

It's now considered amateur to try and hide information in unformatted partitions.

It always was a daft thing to do in an immature file system that originated with a single user single tasking ethos that more or less is still in place.

We saw the problematic ethos from befor day zero with CP/M which MS-DOS was effectivly based/copied on/from. But it should have died with the Ia286 transition and PC-AT architrcture... But no "backwards compatability" was the main driver so a hugh tsunami of not just technical debt but irresolvable technical issues built up. Which we still see and curse about to day. Which we tend not to with other OS's...

Even today Microsoft still has problems with the notion of storage devices being swappable (ie fixed drive letters like "C:" onwards, single user/process thus no OS managment with removable media as "A/B" drives etc built in). Thus the sensible ideas of mountable / unmountable drives and multiple File System Types and the locking etc that goes with it, is still fundamentally alien to MS OS's at the places and processes it should be in the computing stack.

As for having support for different file systems for different purposes, it's still nowhere near, which makes MS-OS's "non prime time" at best. You only have to look at the likes of Oracle that in effect "managed it's own drives for appropriate behaviour and response" to see just how immature MS and it's storage ethos still is and why (think high availability issues).

The fall out from the "single user single process no mountable drives ethos" remained a "legacy issue" from then onwards. Even after the demise of MS-DOS...

The NTFS system was not much better due to flaky journaling behaviour. But the hidden issue behind it was down to "Dave Cutler and Co" with the whole "Better Unix than Unix" claim that gave rise to NT it's self and how legacy issues badly compromised it[1].

The NT Kernel has always been very bad at secure or robust process managment, and relied on processes "cooperatively" telling the kernel what they were doing... Which with a moments thought most people will realise is a real no-no security wise (as malware writers could easily hide malware from the NT kernel and thus any other supervisory process, and not only did they... they still do).

Which ment the required "locking" that alows for corretly functioning mounting / unmounting and altetnative file systems and access methods could not be done where it should be... So MS chose to ignore the issue which is just one reason Local Area Networking file systems / file servers, Optical Drives, tape drives etc were something that Microsoft had to play the desperate "keep up game" to try and stop the competition. Which resulted in the fundemental issues not being addressed where they should be, but repeatedly "wallpapered over" very badly at inappropriate levels in the computing stack.

Thus the whole "non demountable" drive issue is still there today along with other newer nasties... Of which,

If you don't turn off Windows Indexing...

Is just one part of the problem.

MS baked in an ethos into it's Kernel due to past failings to address issues in a mature manner. Thus vast cancerous lumps of "quick fix" mainly "cludge code" are festering in there and other OS helper services (it's one reason why one exe/dll gets so baddly "overloaded" functionality wise). Thus it's why obsoleate or inappropriate functionality can not be exorcised, replaced, or upgraded by third parties as required to support new technology. And often not by MS either without considerable issues due to "new technology" in the hardware or communications, Solid State Memory and USB being just two examples.

As now we are in the era of "user space I/O" to get around performance bottle necks the MS OS is looking not just tired but one wheeze and a gasp from the nackers yard. For all it's hype MS is still very much in the "Desktop computing" mindset at fundemental / foundational levels. Which might account for why it's jumped on the "Cloud" and "Data rape for profit" ideas well behind it's competitors.

It's sad but MS is not realy "integrated" as a sensibly functioning organisation. Whilst it does do leading edge research, it often does not get into it's products in sensible ways if at all. So the work is lost to the organisation unless a competitor picks it up and runs with it. When "New for Microsoft" --old for others-- things do happen they are usually 50% hype, 30% catchup with / steal from compettitors / take them over, and 15% "cludge it on quick" and inappropriately, with 5% --if you are lucky-- something worthwhile.

But as the original teardrop network attack and more recent WannaCry ransomware showed MS don't actually "clean the stables" with major OS releases they just slap new UI paint on with a bit of plastering where unsightly cracks appear... Whilst in other circumstances this might be considered appropriate for stability, it's frequently legacy "technical debt" for MS and this is hurting them. Thus the real question is when will the share holders notice or care? Bill Gates did once and tried to get the code base cleaned up, but the fundemental / foundation issues are mainly still there and it shows when you know where to look.

[1] This is not my first comments on these MS OS issues on this blog... This one back in July 2010 was of note for other reasons but you will get the idea,

https://www.schneier.com/blog/archives/2010/07/internet_worm_t.html#c449919

Or,

https://www.schneier.com/blog/archives/2009/01/interview_with_10.html#c347942

(let me know if you want more ;-)

Clive RobinsonNovember 13, 2017 7:13 PM

@ Who?, All,

It seems the problem is at a lower level.

There is a part of me that thinks "the problem" is not so much "an accidental bug" but "a deliberate feature" for certain well heeled and legaly persuasive entities. Who let's be honest would happily kill for such a usefull "problem".

In effect every Intel CPU sit's over it's own "Hell mouth" just waiting for the demons to come bursting up underneath any security feature a normal owner/user could put in place[1].

It just has all the same benifits of Rowhammer but oh, oh so much more without any of the hassle.

And the over paid powers that be still pretend there could realy be NOBUS backdoors, which would not get found and exploited by others...

[1] Let's be honest here "a microcode update" is not going to realy fix the problem. Because "what one update can fix another can unfix at any time". The only people who are not going to be potentially vulnerable are those who practice "energy gapped" computing in a physically high security environment. Which means "a deep hole" in the ground and "guys with guns" standing around being seriously nosey about your person. Oh and with the added bonuses of having a compleat sense of humour failure and --next to-- no legal restraint when it comes to investigating "persons of interest" to them... i.e. Just what every low end "Mall Rent-a-Cop" has dreams about.

WaelNovember 13, 2017 7:46 PM

@Clive Robinson,

"energy gapped"

Security = isolation. And we lived happily ever after. End of story.

65535November 13, 2017 10:27 PM

@ Clive Robinson and Anders

Clive, those were great posts. Yes, I have the server version with sp1 to sp4. Thanks.

Anders, you did a good job. I still wonder if an old Chromium or Firefox will work on the net. The good thing about Win 2k is it probably in not going to run into license issues [I guess that why Iran used it as centrifugal controls for it centrifuge cascades].

@ who

I will be look for it. A backdoor of this nature will eventually be used by hackers. Thanks.

Nick PNovember 13, 2017 11:02 PM

@ JG4

I posted about HAP but maybe not that video. The workstation is here. The Dell Optiplex was also used for the Secure Consolidated Solution as it was called that ran INTEGRITY-178B. Over in Germany and Australia, they were building on L4-style kernels. One, FOSS attempt at something between is Muen separation kernel that gets its assurance from being coded in SPARK Ada. The firm secunet uses it in their products. Finally, Redox was an OS in Rust with fairly-active community last I checked. It could potentially be improved.

@ Clive

I said pre-2004 hardware for mass collection or 2000 for targeted. I was right on the money as a recent article put TAO at being formed in 1999. I'll be impressed if they got a CPU-level subversion in within their first year of operating when their SCI catalog was had a lot of low-hanging fruit. The pre-2004 was about trying to get a machine actually worth a shit in terms of GUI and CPU.

@ All

The guy that did a scheme conceptually similar to mine with trusted CPU's checking untrusted CPU's is at it again with this one:

A Touch of Evil: High-Assurance Cryptographic Hardware from Untrusted Components

I haven't read it past the abstract and a little skimming. I just remember Vasilios seemed alright when I ran into him on Hacker News over other paper. Inspiration for my scheme for 350nm CPU checking faster ones goes to mix of Clive's Prison concept, RobertT making me hopeless about trusting what I can't see, and formal methodists doing untrusted generation of proof terms checked by tiny checkers.

For the crypto people, a variant on old S/Key that turns it into timed solution with no secrets on the server.

In Deterministic Browser, the authors try to apply concepts from physics to mitigate timing channels that break browser anonymity. Such work might be useful if there was hope the few, dominant browsers would accept any changing in their timing other than FASTER!

These are just a few highlights from this collection of security papers. I see a lot of good stuff there with a lot of chaff to filter as well. Credit to fro on Lobste.rs for bringing it to my attention. Got a measly one upvote from me. Deserved a bit more. Gotta backlog a bit of it cuz I'm sleepy for tonight. Later.

tyrNovember 14, 2017 12:55 AM


@Clive, et al

When MS stole CP/M and hacked it the best part
was when they discarded Kildalls hooks to do
multitasking. It has been all down hill from
that point. Their developement cycle was so
bad that I would not run their new versions
until the next one came out. By skipping over
the worst f**kups it saved endless aggravation.

Business threw them lots of money and they got
bigger which added a whole new layer of problems
that will be fixed Real Soon Now.

Nobody has sense enough to back off far enough
to ask 'is this the way to do computing'.
I doubt it will get fixed anytime soon.

And Clve puns are fun
till someone loses an i

Clive RobinsonNovember 14, 2017 3:34 AM

@ Nick P, All,

The guy that did a scheme conceptually similar to mine with trusted CPU's checking untrusted CPU's is at it again with this one:

Thoth pulled a similar paper up a while ago,

https://www.schneier.com/blog/archives/2017/08/friday_squid_bl_587.html#c6757771

For what is plagiarism of the CvP Prison / Trusty / Warden hypervisor concept and use of Voting Protocols to gain a security advantage which gave rise to the idea of "Probabilistic Security".

In both cases there is a co-author "George Danezis" who is currently at University College London and previously at Ross J. Anderson's Cambridge Computer Labs is included. As I previously noted George Danezis is well aware of this blog as he linked to it on his own blog in the past[1] and also the Cambridge Computer lab blog "lightbluetouchpaper" on which he had authored posts.

[1] George Danezis also has a newer blog,

https://conspicuouschatter.wordpress.com/2017/07/21/thoughts-on-oft-target-hotpets-17/

Which likewise repeates a lot of what I've said on this blog numerous times... Maybe I should get him to be my "Ghost writer"...

Who?November 14, 2017 3:44 AM

@ 65535, Clive

In a few days we will see if this serious weakness in current microarchitectures is an "accidental bug" or a "deliverate feature." I think Black Hat talk will illuminate us. IC has enough self confidence as to not care about hiding their NOBUS backdoors in firmware as accidental bugs, so a deliverate weakness in these microarchitectures should be easy to spot as is.

I agree with Clive, a future microcode update may reintroduce this bug or a replacement one in our processors. Ok, reintroducing the same bug again will be dangerous because it will be rediscovered but a new one is a worrying possibility. Energy gapping our systems? I wish it will be another choice, but the truth is that our systems are too compromised at the physical level.

Right now I am happy using ALIX, APU, Firebox and Soekris computers (all running OpenBSD) as firewalls, all these computers have "90s" architecture, but at some time we will be short of these "old" machines and UEFI-based machines will be our only choice. I shudder with horror each time I think on a modern architecture computer exposed to the Internet acting as a firewall.

Clive RobinsonNovember 14, 2017 4:04 AM

@ tyr,

Business threw them [MS] lots of money and they got bigger which added a whole new layer of problems that will be fixed Real Soon Now.

MS got the money via three basic tactics.

1, Promise the best features, but do not deliver, to kill more honest competition.

2, Steal others ideas to kill the competition, knowing the court case would take forever.

3, Use the old "nobody got fired for bying IBM" phone the boss tactic.

It was the third trick that got them the most money via big contracts. Put simply they would as policy send in a team to beat up on anyone who did not buy MS. They did not care if they lost money on the tactic as long as the rest of the industry saw the person destroyed, as it "sent the message".

As time went on they developed a fourth traditional tactic practiced by monolithic uncompetative organisations which was "Build the patant portfolio" and use it "offensively". When Sun started out they were mindfull of this sort of tactic and had put defences in place. One day IBM rocked up and "demanded rent", Sun showed the IBM execs that what they were claiming was false and told them where the door was. An IBM exec just sat there and effectively said "pay us or else" indicating that IBM had thousands of patents and they would find something, and even if they did not they could bankrupt Sun via litigation anyway.

Thus in many respects MS stole the IBM business plan as well...

With regards,

And Clve puns are fun till someone loses an i

Especially if you C"leave it out" etc etc so three puns for the price of one ;-)

WaelNovember 14, 2017 4:19 AM

@Clive Robinson, @Nick P,

For what is plagiarism of the CvP Prison / Trusty / Warden hypervisor concept and use of Voting Protocols to gain a security advantage which gave rise to the idea of "Probabilistic Security".

Long time ago I asked the question: (to paraphrase) define the protection profile. What will the prison protect against? How would it help against something like ME, or CarrierIQ for that matter? Security, as you very well know, isn't limited to integrity; confidentiality is what's in the news these days. Unless the system is EG (Energy-Gapped) as you like to call it, the castle and prison are virtually useless in some areas (pun intended.)

Remember: there is a layer; the so-called ring -3 sitting at a place that none of your CPUs, HW, or FW has access to. Ring -3 is actually a misnomer as it's sitting at an invisible parallel layer. Probably Ring -1' (prime) is a better description! If you'd like to give it a cosmic name, then hyper-ring or I'm sure you can come up with a better name. Ring -3 is arguably a plain wrong description of (modern iterations) of ME that run on a separate CPU with a separate OS.

WaelNovember 14, 2017 4:32 AM

@tyr, @Clive Robinson,

Especially if you C"leave it out" etc etc so three puns for the price of one ;-)

And...

Especially if you C"leave it out" etc etc so three puns for the price of one ;-)

Must be pun-month! Here are two of my favorites:
Pun Contest and The Mexican Magician.

I have an idea: November is pun month, and January is limerick month :) I forgot which month @Bruce designated to be Movie plot Month.

WaelNovember 14, 2017 4:54 AM

Heh! Wrong blockquote...

And Clve puns are fun till someone loses an i

My queue to go to bed.

Clive RobinsonNovember 14, 2017 6:43 AM

@ Who?,

Energy gapping our systems? I wish it will be another choice, but the truth is that our systems are too compromised at the physical level.

In the end I can not see the loony right doing anything but backdooring hardware at the most fundemental levels they can, no matter what damage it does to society.

For them it is a question of "status" they would quite happily blow the world economy to hell and beyond back beyond medieval times. Damaging everybodies intetests including their own in the process, just as long as they got an increased "status gap" out of it... Many will just follow their lead without thought for all the "authoritarian follower" reasons such as jingoism, faux legitimacy, delegated power, immunity from legislation / responsability etc.

We've seen this in the UK with Brexit, and we will see it in other places in the near future. Our convivial host @Bruce has seen and recognised one facet of it and in effect called it a return to feudalism.

To be able to achive this end the loony right need to ensure they can enforce it which means coopting the "guard labour" and "judiciary" directly or indirectly. Which is why we are seeing the bad legislation being repeatedly thrown at the legislators, each time a little bit sticks and more freedoms are lost. As once noted long ago "The price of freedom is eternal vigilance" and lets be honest we have been either "asleep at the wheel" or "sleep walking over the cliff", rather than recognise the nightmare that is approaching.

However we still have some options currently other than just Energy Gapping our systems, but they may not happen or in some cases last. To see why we have to recognise that those involved are also "resource limited", thud their push to "backdoor" hardware is from the top down, whith just the high end procrssors currently.

As I've been known to note on the odd occasion "The future is parallel". Whilst some things are unavoidably sequential many things are not if you go about it the right way. Thus as I've pointed out with the Castle-v-Prison (CvP) idea you can use many low power CPUs to get similar user performance to a high end processor, but... You can also use it to mitigate much insecurity including the likes of backdoors, malware etc, almost for free in the process.

As you can see from the chat I'm currently having with @Nick P above,

https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764066

There is a company in the UK that calls it's self "Enigma Bridge" that has taken the ideas that Nick P, Thoth, Wael, myself and one or two others have invented and talked about here and without crediting the source knowingly used them to build such hardware...

But there are other limitations the loony right and Co suffer from, irrespective of how much they backdoor the hardware. There are the laws of physics and mathmatics that they --including the Australian PM-- can not legislate against no matter how much science fiction they watch.

Back in the 1990's I had an interest in improving financial transaction security. I realised then that it could not be done as long as attackers could see beyond the "security end point". Thus relying only on securing one of many communications paths was effectively pointless if an attacker could see beyond the channels security end point.

I saw two solutions to this. The first was to put the human in the security chain and thus extend the security end point off of the communications device through them. Thus they provided the "air gap" by in effect a variation on the 1980's idea of a "Sneaker net". The second idea was to use a secure side channel to authenticate each transaction in near real time using randomized tokens/nonces etc thus removing various attack senarios.

Others had thought of the randomised side channel but only used it to authenticate the user not the individual transactions via the use of "One Time Passwords". One such was the German TAN which was a printed list of passwords that the user received in the post. The problem was that it could and I belive did in practice fail due to Man In The Middle attacks. It could also fail to a KeyMat Copy Attack, where someone could intercept the individuals post, carefully open the envelope copy the list and put it back in the envelope and carefully re-seal it so that the user would be unaware of the tampering and copying when they finally received it in their post box. Which was why I looked at sending a TAN via SMS at the time of each transaction not authentication.

In effect I was looking at sending the equivalent of a One Time Pad in real time that the user used to make the individual transactions secure. Which is coincidently pretty much exactly what Quantum Key Distribution (QKD) does. QKD however should do it more securely due to the idea that it's not possible to copy quantum bits without it being detected[1]...

The point is the use of "One Time Messages/Phrases/Codes/Passwords" can be done with a couple of "code books" and pens/rubbers/etc to prevent "code reuse". And if the code books are correctly made and managed/used "theoretically" secure, and may even be indistinguishable by third party observers from harmless "open traffic".

Likewise the use of "One Time Ciphers/Pads" can be used with just pencil and paper and have the same theoretical security. However it's generally much harder to hide the use of an OTPad than OTMessage from a third party observer. However the OTPad has the advantage that it is only the PAD you need to agree in advance of the communication not the meaning of the codes.

Thus by using a human as a "firewall" to extend the security end point well beyond the communication end point that the attacker can use, you mitigate any backdoors or end run attacks they might come up with, within the communications system. Likewise any legislation that requires access to "message plaintext" if you use OTMessages correctly.

However that only solves the first two of the three basic information uses,

1, Communications,
2, Storage,
3, Processing.

Anything that requires more "processing" than an individual can do in a given time, brings us back to the use of technology. Thus CvP type systems or/and "energy gapping". Most likely in the future both CvP systems and some level of "gapping".

Oh one last thing to think about you don't need to use "plaintext" to process information. In the case of a stream cipher it is "additive" at the bit level. This means that you can change either the plaintext or the keystream to process the information. Back in the 1980's I had cause to think about this for storing secret information in volatile memory such that if an attacker ceased the memory powered up they could not recover the secret information. Thus having to over write information in memory or ensuring there was no residual information held in memory even though powered down both of which are time consuming were not issues.

The way I did it was with what I call "data shadows" essentially you don't store "plaintext" you store data as many parts or shadows thus the data value "23" could be stored as the sum [+6,+7,-12,+10,+50,-25,-9,-4]. If any one of the values was unknown to you, you could not get back the data value, the same for an attacker. There are several ways you can do this which I won't go into but just mention the idea of "secret sharing" you can look up.

The point is I could have several sub tasklets that could each change just one of those data shadows. Thus to change the data value I only need to inform one of the tasklets at some point in time. From this it can be seen that you can actually spread thr data shares and tasklets across as many CPU/Memory units as you wish and these need not even be in the same building or country. Thus you can put things beyond any one countries juresdictional reach. @Nick P and myself have indirectly discussed this in the past to deal with things like getting across boarders etc.

[1] Whilst the QKD system is secure in theory there are two issues. Firstly theory does not make practical systems people do, thus human failings can open up side channels that can leak information. Giles Brasard who built the first QKD system was acutely aware of this due to the high level of sound the polarizing filters made he could tell what state the Quantum Bit was in. Secondly theories are not reality they use assumptions and mathmatics to describe the real world and approximately model it. Whilst this is normally "not a problem" such as Newton's laws on motion and gravitation being less precise than Einstein's theories on relativity. The same is not true when it comes to security, where less precision means "wriggle room" which is why mechanical locks can be picked. Thus a cautious view point needs to be used when assessing the new, and yes some real QKD systems were successfully broken...

Clive RobinsonNovember 14, 2017 6:52 AM

@ Wael,

Unless the system is EG (Energy-Gapped) as you like to call it, the castle and prison are virtually useless in some areas (pun intended.)

Have a read of my above to @Who? hopefully it will answer that.

If not rephrase and I will try again.

A bored student, p.s. Thank you reddit user shittymorph for the memeNovember 14, 2017 10:14 AM

@ albert aka Old MacDonald(?)

"In Medieval Times, how were punners punished?"

~ Setting: Medieval Turkey, near Göksu, our unwitting sinner of massive punnery begins his path to the fiery inferno in an ice-cold, hip-deep body of interest-ing water...

Our sinner sitting atop his High horse, Ness, musing about the holy war to come:
"Thank the pope, I can finally go back and try again. Third times the charm Fred! I'll finish passing over this fowl country, cross this desert and by the moon's waxing crescent I'll be in Jerusalem! For the glory of Lord our G-d and Jesus Christ may he bless our journ-... shh, do you hear that? No? Really? It's this, ..., this buzzing noi-.... Ahh, my arse! **Splash** A glug glug glug, a glug glug."

And so he passed.

His guards were being questioned left and right, port and starboard! An unending stream of questions! As the men understood what had occurred they said their prayers. Some jumped over the boards right into the beer boats and took off; many of the men had started to drink what was left behind before the guards had even finished sealing the barrel on our sinner. It was an ordinary barrel, rather basic I should say. As some of the more unstable men stumbled forward with rather pointed questions and rather blunt butter knives, the crowd started to verge on the edge of rioting. Faster than light the news spread through the encampments, a black-hole in the stomach of the guards started to develop. All hope was thrown into an unending blackness in a sea of blinding light, as if looking into G-d's own eye. The captain cried out, "Why must we suffer your foolish drunken conspiracies? I wasn't expecting an inquisition!"

*Thunder & Lightning*A Random Gasp*

"Nobody expects the Spanish Inquisition!" said the fiendish man in the red suit, equally fiendish, perhaps even devilishly so, "The people were made to suffe-rrr, by finge-rrr painn-ting! And other arts. They were made to suffer by two things, finger pain-ting & other arts. Crafts! They were made to suffer by, oh bugger it....
It was... the... Jews...? Yes! The Jews! No! .... Uhm, yes-uhm-yes! The truth is that was set up just like nineteen ninety eight when the undertaker threw mankind off hеll in a cell, and plummeted sixteen feet through an announcer's table."


As we all know, art and suffering go hand in hand. Why else would it be called painting?

I've never commented before and doubt I will again, therefore I don't want to invest time creating a unique user name that I feel tied to because of social norms I would attribute to a face to face conversation, yet it will invariably represent some part of my being. Like my Psychology teacher said in high school the truth is that was set up just like nineteen ninety eight when the undertaker threw mankind off hеll in a cell, and plummeted sixteen feet through an announcer's table.

^ A freebie that fits into any and all situations.

I hope everyone has an excellent day, free of evil thoughts and actions. I know I'm late to this Friday Squid Blog but I'm racking my mind over what the possible answer is to our pun quiz. My official answer is finger painting. Next Friday can't come soon enough.

P.s. - At no point in time do I endorse, nor will I ever endorse, hate against any particular person for his or her beliefs, so long as they're religious and don't involve them messing with another person's freedoms. If the Muppet's have taught me anything, it's that people are people. No matter what you do, how you doin' it. People. Are people.

Clive RobinsonNovember 14, 2017 10:51 AM

@ Wael,

With regards "The Mexican Magician". I know a better version involving,

A couple of secret agents in training had been tasked with learning the art of tailing and slipping a tail. The most experienced is like glue and he's tailing the inexperienced girl every where all around London. Finally as she looks like she's about to give up she turns onto Oxford St and as the guy slips round the corner after her she is nowhere to be seen. He looks around every where but she has most definitely disappeared without trace.

On getting back to the training center after a fruitless search he decides he is realy in need of a drink. So he goes up to the canteen and there, much to his supprise, she is as bold as brass drinking a cup of tea. So he gets a cup and a bun and goes over and sits down opposite her, and says to her "How did you give me the slip?"

She puts down her cup and smiles and says "Easy I used every spys dream". The guy looks at her and say's "You what?". She pauses sips and the replies over the rim of her cup "Well you know that part of Oxford street?" and the guy nods, she continues "Well it's full of travel agents and airline companies" and the guy nods again. She then puts her cup down and turns on a huge smile and says "Well I slipped into the one on the corner and came out the side door behind you" and the guy looks puzzeled and says "Ok, but why is that every spys dream?" she laughs and says "Because I vanished into Finn Air"...

RatioNovember 14, 2017 12:35 PM

On Their Way to Syria — The Journey of Foreign Fighters (infographic):

In the context of understanding the complex phenomenon of violent religious radicalization, this map details the journey of ISIS’ foreign fighters to the territories of the Caliphate, as well as of those who return. Starting from publicly available data, additional layers of information show how this phenomenon relates to the distance of each country from the destination, its total population and Islamic population.

(Warning: excessive consumption of this infographic may be harmful to your narrative.)

RatioNovember 14, 2017 1:56 PM

The Prison Fight Between ISIS And The Muslim Brotherhood:

After watching the Islamists have the run of his prison in the Fifth Settlement district of western Cairo, Ahmed Abdullah, the liberal activist, had had enough. He approached some wealthy businessmen inside the prison and arranged for them to bribe guards to allow in some books. He launched a reading group using Arabic translations of world literature and philosophy. They read Franz Kafka to understand the nightmarish nature of Egypt’s bureaucracy, George Orwell as an illustration of brutal authoritarianism, and Jean-Jacques Rousseau as an introduction to democratic governance and the social contract. To his delight the other prisoners were receptive; even some of the Islamists would attend the talks.

Suddenly, security forces stormed in and seized the books, loudly accusing Abdullah, who is a professor of engineering at a university in Cairo, of poisoning the minds of the inmates. He was transferred to a dank solitary confinement cell, without a towel or blanket. After three days he was released from jail. He said authorities must have calculated he was more trouble inside prison than outside.

“When we have a chance to compete we win,” said Abdullah, smoking flavored shisha at a cafe in central Cairo. “The inmates were really excited with what we had to say. But it turns out our government considers secular activists more dangerous than the Muslim Brotherhood, or ISIS.”

(كتب > قطب. Now watch while we keep ignoring this.)

WaelNovember 14, 2017 4:56 PM

@Clive Robinson,

Have a read of my above to @Who? hopefully it will answer that.

In a way it does.

WaelNovember 14, 2017 5:28 PM

@Ratio,

No. I'm referring to: what's the point? What are you trying to say? Give an opinion or a point of view to the long article you posted.

Clive RobinsonNovember 14, 2017 6:26 PM

@ Wael,

In a way it does.

Don't yah just hate that...

It always leaves me thinking "How could I have been clearer / more to the point / etc."

So you know what I'm going to ask and then do... So you might as well trot it out and save us both time ;-)

WaelNovember 14, 2017 6:44 PM

@Clive Robinson,

So you might as well trot it out and save us both time ;-)

Right! EG works well for ME. For a mobile device equipped with CarrierIQ, EG isn't an option as it renders the device useless for Communications. How would the warden work under these strenuous conditions?

RatioNovember 14, 2017 7:23 PM

@Wael,

I'm referring to: what's the point?

Well, first there's the story summarized by the headline. (This ideological struggle isn't limited to those two, or to the inside of prisons, but that's the extent of this particular article.) Second, the part I quoted shows another battle of ideas.

It's not a big, visible story like the BBC reporting how hundreds of ISIS fighters escaped from Raqqa, or one reporting how Al-Qaeda Has Rebuilt Itself—With Iran's Help, but to people who'd normally only notice those big stories it may be a bit of useful background information on dynamics behind the news they do read. Hence the comment.

WaelNovember 14, 2017 7:54 PM

@Ratio,

Well, first there's the story summarized by the headline. (This ideological struggle isn't limited to those two, or to the inside of prisons, but that's the extent of this particular article.)

That's definitely true. Applies to all societies, by the way.

it may be a bit of useful background information on dynamics behind the news they do read. Hence the comment.

The Sayyid Qutb comment? I asked you to tell me his story before, but you didn't. Would you like to see another perspective, going back in history to say around World War II?

Clive RobinsonNovember 14, 2017 8:15 PM

@ Wael,

For a mobile device equipped with CarrierIQ, EG isn't an option as it renders the device useless for Communications.

Err not quite true.

For communications to happen one or more Shannon Channels need to be established between two end points. That is an individual Shannon Channel is assumed to have a transmitter at one end and a receiver at the other. Importantly the input to the transmitter and output from the receiver although being Shannon Channels in their own right are assumed not to put any constraint on the Shannon Channel under consideration between the transmitter and receiver.

So,

}==(a)==[TX]---(b)---[RX]==(c)=={

a = input channel to transmitter TX
b = Shannon Channel under consideration
c = output channel from receiver RX

From the security perspective the TX and RX points can be considered the communications end points for an observer of the Shannon Channel at (b). Thus the observer at (b) can not see traffic at points (a) or (c).

The question you are thus asking is if the TX and RX points pass the desired communication between the parties "a" and "c" where is the energy gap EG?

Well a Shannon Channel can carry another Shannon channel inside it so we get,

}=(a)=[EC|TX]--(b)--[RX|DC]=(c)={

EC = EnCryptor
DC = DeCryptor
| = Energy Gap

The energy gap is crossed by the passing of a piece of paper that has the same text written on it that the observer "b" can see in the energy in the Shannon Channel. But importantly the observer "b" can not observe the pieces of paper that cross the energy gaps |. Thus can not see the security end points EC or DC. That is the security end points are beyond the communications end points for the Shannon Channel that the observer "b" has access to. But the Shannon channel into the EnCryptor EN can be seen by "a" and likewise the Shannon Channel out of the DeCryptor DC can be seen by "c".

Now depending on your definition of "usable" the delay in the filling out, passing across the energy gap and reading of the piece of paper may be intolerable.

In which case you replace the energy gap with a choke point of an instrumented Data Diode. Provided the design of the Data Diode meets the EmSec requirments it acts the same way as the Energy Gap. The important thing to note is that the information going across the Data Diode is the same as observer "b" can see in the communications Shannon Channel. That is the ciphertext not the plaintext that parties "a" and "c" can see at points (a) and (c).

I hope that helps clarify... Which just leaves,

    Any Questions?

WaelNovember 14, 2017 8:38 PM

@Clive Robinson,

For communications to happen one or more Shannon Channels need to be established between two end points.

Naturally! But with a small twist: CarrierIQ is the one creating the channel within the channel, not the user ;) LOL.

Thus the observer at (b) can not see traffic at points (a) or (c).

The observer 'b' is sitting right smack at points a and c, ma man!

Any Questions?

Yes: To design a system from scratch is one thing. To defend against a built-in Snitch (inside your virus infested smart phone) that sits at points a and b is a different problem, and that's the one I am asking about. Shannon, eh? :)

RatioNovember 14, 2017 8:45 PM

@Wael,

Applies to all societies, by the way.

The existence of ideological struggles (in general)? Of course! People are people, after all. I think I've made this point from time to time when other commenters seem to ehm… “forget”. Should I look up some examples or do you remember I'm not one of those?

The Sayyid Qutb comment?

Heh. I meant the whole thing, without my parenthesized remark on Qutb (or just qutb), kutub, and the rest.

I asked you to tell me his story before, but you didn't.

His life story? I thought you were talking about the episode in Greeley I'd mentioned (or أمريكا التي رأيت as a whole)? You've read the booklet, so there's not much of a point in me telling you what you already know. But it's still in the pile, and I can make a summary or give you my impression when I get to it, if you like. (I got sidetracked, sorry.) Or what are you saying?

Would you like to see another perspective, going back in history to say around World War II?

Sure. Shoot.

WaelNovember 14, 2017 9:06 PM

@Ratio,

Should I look up some examples or do you remember I'm not one of those?

I know you're not.

Qutb (or just qutb), kutub, and the rest.

I'll take that as a pun in Arabic. Clever. lol

You've read the booklet, so there's not much of a point in me telling you what you already know.

I read most of his books. Some of them were very hard to undertstand. When I complained to one of my old friends that I didn't understand the book (which I had borrowed from him,) he laughed and said neither did I; you need a PhD in social sciences to understand this book. This isn't just about the "booklet"! This is a bout the era he lived during and the "dynamics" of the time.

Sure. Shoot.

Here: a small sample...

General Reinhard Gehlen, and operation paperclip.
Gerhard von Mende, Radio Free Europe (broadcasting from Munich, Germany) and the Islamic Center of Munich... A Mosque in Munich.

WaelNovember 14, 2017 10:03 PM

@Clive Robinson,

But importantly the observer "b" can not observe the pieces of paper that cross the energy gaps |.

But we don't use our phones for SMS, IM, and emails only! How will that paper help in securing Audio/Video communications, or how would it help us preserve other 'meta-data', location, BT Mac addresses, nearby WiFi hotspots, books and articles we read, photographs,... That's what I meant by the previous comment about 'protection profile'.

It's sufficient to EG a desktop or a laptop. But the same can't work with a mobile device unless we loose significant functionality, if we depend on an EG solution.

RatioNovember 14, 2017 10:48 PM

@Wael,

I'll take that as a pun in Arabic.

The pun was hard to resist, but it was also about those books versus MB or ISIS or … (قطب as Qutb and as “leader”). I say the books win every single time, and my guess is the Egyptian government, among others, agrees. They needn't worry: we'll just keep ignoring this little detail as we've done for decades, for reasons we just discussed.

This isn't just about the "booklet"! This is a bout the era he lived during and the "dynamics" of the time.

Well, you're not going to make me read all of his stuff. I could be reading Naguib Mahfouz (as I've been meaning to for years), you know? :-P

Anything in particular? Maybe a book on Egypt you'd recommend?

Here: a small sample...

I'll have a look. (There's a whole history around the Islamic Center in Munich. Let's see which part you've got there.)

WaelNovember 15, 2017 12:10 AM

@Ratio,

Anything in particular? Maybe a book on Egypt you'd recommend?

Hard to find a single book on a country with 7000 years of history. Tell you what: go for a visit and make up your own opinion. But now is probably not a good time to go. Anyway, the book recommendation will depend on your area of interest.

I could be reading Naguib Mahfouz...

Only read one of his books: The Thief and the Dogs. Mahfouz, imho, is a dwarf compared to Taha Hussein or Abbas Mahmoud El Aqad who reportedly read seventy five thousand books (Wikipedia says 70K.) and authored many books.

RatioNovember 15, 2017 1:02 AM

@Wael,

Hard to find a single book on a country with 7000 years of history.

I'd dispute that. I can easily find several books on Egypt within 30 feet. ;-)

Tell you what: go for a visit and make up your own opinion. But now is probably not a good time to go. Anyway, the book recommendation will depend on your area of interest.

I thought I could maybe read a book on the relevant period of Egypt's history, more or less the timeframe that Egypt was under British rule, in the meantime. Less restricted in time and / or space is okay, too.

Mahfouz, imho, is a dwarf compared to Taha Hussein or Abbas Mahmoud El Aqad

And now I've got more writers to choose from. Thanks!

(The bad news is that my pile of unread physical books is even bigger. Someday…)

WaelNovember 15, 2017 2:09 AM

@Ratio,

I can easily find several books on Egypt within 30 feet. ;-)

You can find a book.

RatioNovember 15, 2017 2:23 AM

@Wael,

You can find a book.

That's… less helpful than I'd hoped for. Thanks anyway, I'll keep looking. :-)

WaelNovember 15, 2017 2:38 AM

@Ratio,

I meant you can find a book within 30 feet. Problem is it may not be the book you want.

Clive RobinsonNovember 15, 2017 4:54 AM

@ Wael,

To defend against a built-in Snitch (inside your virus infested smart phone) that sits at points a and b is a different problem, and that's the one I am asking about

If you are saying that you need to use an insecure device for both communications and security end points, then as I've frequently said it's not going to be secure no matter how secure the application may be, they will be able to do an End Run attack to the plaintext.

The only way to have a chance of opperating securely is to have the security end point YOU "OWN" thus fully control, past the reach of the communications end point THEY "OWN".

Thus with a Smart Phone etc that means you need to extend the security end point OFF OF THEIR DEVICE and ONTO YOUR DEVICE.

The simplest way to do this as I've said for years with banking transaction authentication is to put the human in the security path to act as a natural firewall on the secure channel between the comms end point and the security end point. The easiest way to do that is to read ciphertext off of the smart phone display, and write it on a piece of paper. Then either manually decode it (OTP etc) or type it back into a token or computer that does not have communications ability, just a simple UI. Thus if the token does not have any other transducers (like microphones or LEDs that can act as photodetectors) and is properly screened then it is Energy Gapped (unless the user lets the Smart Phone camera see the token screen or user typing).

But as I said

    ... depending on your definition of "usable" the delay in the filling out, passing across the energy gap and reading of the piece of paper may be intolerable.

Thus you need to replace the Energy Gap with a mandated choke point that is instrumented. So,

}==(a)==[EC}-(i)-{TX]--(b)
--[RX}-(i)-{DC]==(c)=={

}-(i)-{ = Instrumented "i" choke point.

Note that the choke point is in the ciphertext path which contains the same information that the eavesdroping party "b" can see. So if they perform an end run attack at TX or RX communications end points they learn nothong they did not already know at point (b).

So whilst they own the TX and RX communications end points, they don't own the security end points EC and DC so they can not end run around them to see the plaintext.

With regards,

But we don't use our phones for SMS, IM, and emails only! How will that paper help in securing Audio/Video communications, or how would it help us preserve other 'meta-data', location, BT Mac addresses, nearby WiFi hotspots, books and articles we read, photographs,... That's what I meant by the previous comment about 'protection profile'.

We use "THEIR" device as though it is "OUR" device at our peril. Also the "richer" the information we send the harder it is to secure.

Thus common sense says we have to give up the beads, baubles and froth services that whilst nice are of no real importance in communicating information in the general case. Thus Email and Audio / SMS only for stuff that needs to be kept secure, by keeping the security end point off the device they own.

The problem with communications in general is hiding the Transmitter from observation by a hostile entity. As was once dryly observed about the very large transmitter masts --that ended up being used for "Home Chain Radar" during WWII-- and German bombers [1].

    There are only two ways to hide a big tree, chop it down and burn it or put lots of other big trees around it. You do the former and you don't have a big tree any longer, the latter you have a forrest, but it does not stop people stumbling into the big tree when running through the forrest. All you can hope is they are either hunting rabbit or being chased by tigers, thus don't care about the trees, other than to avoid them.

Admiral Karl Donitz had similar thoughts about the transmitter problem and giving away the location of U-Boats. Which he partially solved with his "Fleet Broadcast System". Which I've mentioned before as an idea that can be significantly enhanced as a method of resolving some of Tor's fundemental failings. In that you cannot hide the transmitter but you can hide who is receiving it, and if everybody forwards / transmits at the same rate of traffic then identifying who is communicating with who becomes very difficult if not impossible.

There are two basic methods of communicating information securely, as prearranged meaning codes and ciphers with prearranged KeyMat.

One advantage of a code is that it can be made to "look innocent", another is it can do a degree of compression or word length hiding. The major downside is you can only communicate message meanings you have already agreed. A further down side is correlation attacks, that is if you use a code message more than once an observer can start to correlate messages with subsequent actions.

The main advantage of a code is that it can be slipped in with a general conversation. Thus it can be used like stego under the nose of an observer. Thus with care codes can remove the need for energy gapping or choke points.

How you go about things is defined by situational OpSec. There is no "one size fits all" solution. What offers an advantage in one situation is a disadvantage in another situation... Advice that is often given is "You can not have everything in life" thus you have to look for choices and work out of those you have what is best.

Osama bin Laden was a believer in the use of "high tech solutions" such as Satellite Phones. Because that is what the CIA had tught him when he was fighting the Russians in Afghanistan. What he was told by the CIA was only partialy true, that is the Russian's at that time could not track satellite phones, but the US could. He got the rest of the education / message a few years later when a "beam riding" missile killed a general who the Russians wanted badly, when he was using his satellite phone. Shortly after that Osama realised that the way to fight the US was to use their technology against them when attacking and not to use their technology when defending. Thus he went very low tech for his communications but turned passenger aircraft into intercontinental missiles. He then started to use the Western technology in a propaganda war. Knowing that the US drones could be used to "Find Fix and Finish" mobile phones and those using them a simple plan was devised to exploit the US over confidence in meta-data. Known targets would use a mobile phone a few times using sufficient OpSec that they would not get an immediate call down of a hellfire missile. Then the mobile phone would be passed on to a group of innocent civilians. They would use the phone in the normal way, thus the US would fly in a drone and "Finish" the mobile with a hellfire and kill a whole group of civilians. The US then gey very bad publicity and OBL and Co get a juicy piece of black propaganda to not just humiliate the US with but also use to recruite new members...

Thus you must always evaluate your OpSec and methods continuously, and be prepared to change methods and tactics in an instance.

The only thing that is definitely clear is that at the State Level of attacker any electronic device is "theirs" unless you can show othereise. You can not do that with most modern technology due to the level of integration and the way most civilian communications systems are mandated to work. Thus your only available solutions are Mitigation and Issolation and to what level you use them and when.

The other thing State Level attackers know is humans get tired and humans make mistakes and mistakes kill. It's the reason for "store everything" the NSA et al have built a virtual time machine, that alows them to go back in time and find and follow mistakes and build connection maps. The idea for this originated from Bletchly during WWII and it became known as "Traffic Analysis". The only way to not get caught by this game is as the 83 movie had the WOPRA computer say "Strange game, the only way to win is not to play". But overwhelmingly people "do want to play, and play big" and thus they are their own worst enemy as we get to read every day over and over and over...

If you want security then you have to play by securities rules, and they change as technology changes, thus "air gap" became "energy gap" your only touch stone is the laws of nature. Or as was once said about sailing in the antarctic seas, "Prepare for the worst that nature gives, and hope for the best".

[1] For her sins my mother was present at the meeting this was said to Robert Watson Watt, and she hated the man with avengence thus took joy in seeing him taken down a peg or three. Her viewpoint of the man was "he invented nothing but stole credit for everything". I've spoken to others who had personal contact with him and they said similar, one went as far as to suggest a new place to locate his knighthood...

RachelNovember 15, 2017 5:32 AM

Ratio

Book :

Lonely Planet Guide to Egypt
everything you need to know in one concise volume. Problem SOLVED

or, if you really need freedom of choice, liberty justice and truth band the American Way - ; you can have a second option. Ready?
The Rough Guide to Egypt
( everything you need to know in one concise volume)
SORTED! Dont say we dont look after you here.

For your interest, these titles include
i) hostels for less than 10 euro a week
ii) No funny squiggles- ENGLISH CAPTIONS

ps Not allowed to choose both. They are competitors in the genre

pps They come highly recommended

WaelNovember 15, 2017 12:37 PM

@Clive Robinson,

We're aligned on the concepts of ownership and control. That's how I got into the C-v-P discussion a few years ago. But now we need to think of other solutions.

Do you remember the other question about "Is all Cryptography based on a secret", and using keyless Cryptography that uses channel characteristics to secure the insecure channel? This is a data on transit / protocol type solution that addresses only one aspect. End run attacks are still possible until complete, exclusive, assured control by the owner is attained. We discussed that aspect on many occasions.

AnuraNovember 15, 2017 2:31 PM

For those of you that use Firefox, be aware that with the latest update many extensions, including NoScript, will no longer work and will be silently disabled.

tails 3.3 releasedNovember 15, 2017 2:34 PM

Panopticlick.eff.org results from a "free" wifi ap:

Unsafe Browser- within our dataset of several hundred thousand visitors, one in approx. 1,900 browsers have the same fingerprint as yours.

Tor Browser- within our dataset of several hundred thousand visitors, one in approx. 100 browsers have the same fingerprint as yours.:

Clive RobinsonNovember 15, 2017 8:50 PM

@ Wael,

Do you remember the other question about "Is all Cryptography based on a secret"

I suspect you've left a word out there, otherwise the answer would always be yes.

... using keyless Cryptography that uses channel characteristics to secure the insecure channel?

We've had quite a few over the years involving phased near field systems and MIMO type systems.

More recently I've proposed extentions to the "something you know" factor such as "place and time"[1] to prevent judicial coercion. They also have the advantage of having an entropy level way higher than that of things like random passwords when the human memory is involved.

However as you say,

But now we need to think of other solutions.

So far most of the new ideas have come from re-examining "accepted facts" to find the hidden assumptions that make the "facts" just "customs". By examining the assumptions limitations can be removed or changed etc.

For instance with the extension to the "what you know" factor. Nearly every one assumes on hearing "what you know" that it is the equivalent of a pass word/phrase... A small number will when pushed include a concious bio-metric or "muscle memory" such as signature or a gesture. But in all cases I've asked people they have never thought about why there are other better "what you know" factors, that very effectively get around attacks thought up by others.

That said there are limitations on what we can give people using common technology. But they likewise have to realise that they have responsability as well...

As someone noted on the thread about Facebook and revenge porn,

    If you don't alow compromising photos to be taken then they can not be used against you.
That is there is no opportunity for the breach of trust which underlies revenge porn.

In general people are very very bad at "trust", thus they indulge in risky behavioir, which can and sufficiently often does go bad. There is no technology out there that can force people to behave responsibly. Only the absence of technology removes the opportunity of it being used in a risky way.

People are also "lazy" or "contrarian" if you tell them "do it this way", then as sure as roosters don't lay eggs, they will do it "their own way".

So we need to add an observation to the laws of nature,

    You can not fix human or even limit it...

Which if it's not mittigated during design of something new, means it will not go the way it should...

[1] I can easily remember many places I have only ever been to once in my life to the nearest half metre and the time of day I visited them even after nearly fifty years. And I know they are very very unlikely to change in my life time. Although I've not been there those that have can probably tell you the time of day they "kissed the Blarney stone", but more importantly they can also give you a less obvious location near it like where they had a cup of tea, or where the coach stopped or some point around the hotel they stayed in the night before. What I can not tell you for love, money or on pain of death is the random eight character password I used for a central server admin account from the last month working for my previous employer. Nor for that matter the current random admin password on my own server thats built into the safe in my workshop (though it is on a couple of post-it notes tucked away at locations I know should I ever need to know ;-)

WaelNovember 15, 2017 9:25 PM

@Clive Robinson,

I suspect you've left a word out there

Won't be the first or perhaps last time. What did I miss ?

They also have the advantage of having an entropy level way higher than that of things like random passwords when the human memory is involved

Too bad you don't watch YouTube. There is this cute video about randomness and entropy. I like it, but I'm not sure I agree with everything there.

"what you know"

Should be "what you only know". And after you forget it, it should be: "If I only knew" ;) Hence your post it notes.

If you don't alow compromising

An application of: avoid being a target. Some call it "Risk Aversion".

contrarian

You called me that once upon a time!

means it will not go the way it should...

We don't know the way it should go. Therefore changing the unknown produces unknown!

I can easily remember many places I have only ever been to once in my life to the nearest half metre and the time of day I visited them even after nearly fifty years.

Unless you use that in an innovative way, this is just detail of how you may generate a pass phrase.

We need to utillize new phenomena for security. Something that hasn't been done before. How about: "Something you smell" :)


65535November 16, 2017 1:06 AM

@Who?

"In a few days we will see if this serious weakness in current microarchitectures is an "accidental bug" or a "deliverate feature." I think Black Hat talk..."

I hope so. Have you heard anything?

"I am happy using ALIX, APU, Firebox and Soekris computers (all running OpenBSD) as firewalls, all these computers have "90s" architecture, but at some time we will be short of these "old" machines and UEFI-based machines will be our only choice. I shudder with horror each time I think on a modern architecture computer exposed to the Internet acting as a firewall."

That is a good point. What do you think of the old SNORT project as a firewall? Do you know of any semi-modern alternatives to it?

Because of the ME backdoor problem I have changed some of my client's laptops to use Legacy BIOS. I don't know if this will stop UEFI/ME/AMT problem. There seems to be no change for Windows clients.

JohnnySNovember 16, 2017 10:49 AM

@Bruce Schneier

I listened to your excellent keynote at SecTOR yesterday: Thanks very much!

I just want to comment on what you said about the Smart TV backhauling the audio back to the manufacturer for speech-to-text conversion and how it was somehow "cheaper" than doing it locally on the TV which had more processing power than the Space Shuttle. I suggest you can go even further and note they do it not because it's "cheaper" but because it's "more lucrative" as they make money selling the data in this era of "ubiquitous surveillance" as the Internet's business model.

I also think we're entering into an era where the ubiquitous surveillance will go from something avoidable to being on every possible product you can buy to serve a task: When ALL the products in a category insist that they must have Internet access and the right to stream your data before they do the task, that's just making "privacy" and "the right to own your data" into impossibilities.

I do wonder if there's a "Black Swan" coming around privacy and our rights to own and control our data. I hope we're ready for it.

WaelNovember 17, 2017 4:22 AM

@Wulf,

Amazon Key looks wrong on so many levels:

Concept: deliver merchandise to an absent customer to guard it from theft, if left outside the house in the open.

Design: ummm... give access to the delivery person into the house. That's right! Cameras, cloud, access control... we're covered! Ship it!

Concept is ok. design is flawed

...and drink Soylent meal replacement instead of eating real food,

Bingo! The root cause. Cabbage-eating fools and Soylent-drinking schmucks ought to run their ideas by someone who eats real food before they market the idea (to a similar VC that lives on the same diet.) That's the problem with silicone (implants) valley.

RatioNovember 17, 2017 7:17 AM

@Wael,

Find a book on the topic by Mohammed Hassanein Heikel.

Made a note. (My books were mostly on pharaohs and pyramids…)

silicone (implants) valley

ITYM “Silly Con Valley”.


@Rachel,

Lonely Planet Guide to Egypt [… XOR …] The Rough Guide to Egypt

Not my current interest but maybe later, thanks.


@Where is the popcorn maker?,

Trump, Jr. - Wikileaks stuff

Thanks, I'll have a look when I get a chance. I'd been waiting for your OT to connect.

65535November 17, 2017 7:47 AM

@ Clive Robinson and Anders

Given Bruce's post on leaked tools and the discussion of "New White House Announcement on the Vulnerability Equities Process" and the dissucion of using WinK2 Pro or Win2K Server what are the options of using "End of Life" Operating Systems directly on the internet, behind a home NAT'd router or in a DMZ serving over various ports and filters?

Key quote from following Bruce's posts:

"Mozilla is pleased with the new charter. I am less so; it looks to me like the same old policy... NSA used EternalBlue "for more than five years," which implies that it was discovered after the 2010 process was put in place. It's not clear if all vulnerabilities are given such consideration, or if bugs are periodically reviewed to determine if they should be disclosed. That said, any VEP that allows something as dangerous as EternalBlue -- or the Cisco vulnerabilities that the Shadow Brokers leaked last August to remain unpatched for years isn't serving national security very well. As a former NSA employee said, the quality of intelligence that could be gathered was "unreal." But so was the potential damage. The NSA must avoid hoarding vulnerabilities."-Bruce S

https://www.schneier.com/blog/archives/2017/11/new_white_house_1.html#comments

[and]

https://www.schneier.com/blog/archives/2017/06/wannacry_and_vu.html

[Rapid7]

"What about that IIS 6 box we have on the public internet?"
"It is very easy for commentators to point fingers and say that anyone who has legacy or unsupported systems should just get rid of them, but we know that the reality is much more complicated. There will be legacy systems (IIS 6 and otherwise) in organizations that for whatever reason cannot just be replaced or updated. That being said, there are some serious issues with leaving systems that are vulnerable to these exploits publicly accessible. Three of the exploits (“EnglishmanDentist”, “EsteemAudit”, and “ExplodingCan”) will remain effective on EOL systems and the impacts are concerning enough that it is really not a good idea to have internet-facing vulnerable systems... "

https://blog.rapid7.com/2017/04/18/the-shadow-brokers-leaked-exploits-faq/

Clive R.
https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6763981

Anders
https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6763985

Clive R.
https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6763996

65535
https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764001

Clive R.
https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764006

Clive R.
https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764007

Anders
https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764011

Clive R.
https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764049

Wael
https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764052

65535
https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764059

Nick P
"@ Clive: I said pre-2004 hardware for mass collection or 2000 for targeted. I was right on the money as a recent article put TAO at being formed in 1999. I'll be impressed if they got a CPU-level subversion in within their first year of operating when their SCI catalog was had a lot of low-hanging fruit. The pre-2004 was about trying to get a machine actually worth a shit in terms of GUI and CPU."

https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764060

Wael:
"@Clive Robinson, So you might as well trot it out and save us both time ;-)"-Clive

"Right! EG works well for ME. For a mobile device equipped with CarrierIQ, EG isn't an option as it renders the device useless for Communications. How would the warden work under these strenuous conditions?"-Weal

https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764113

Clive R.
"Err not quite true"
https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764118

Wael
"It's sufficient to EG a desktop or a laptop. But the same can't work with a mobile device unless we loose significant functionality, if we depend on an EG solution."

https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764126

Clive R.
"If you are saying that you need to use an insecure device for both communications and security end points, then as I've frequently said it's not going to be secure no matter how secure the application may be, they will be able to do an End Run attack to the plaintext."

https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764145

Returning to Clive R's Win2k server box:

"I use the server version, that I patched up then using a list of services (that's nolonger on the Internet) stripped it right back of most of the uunneedrd background crap. Then using "Tom's Info" made a version that would run from CD with the tool and a couple of other apps. This way it was "turnkey" for most hardware using a standard display and PS2 keyboard. Much the same sort of thing as various organisations did with NT4 through XP for making the front end for test instruments and medical equipment."-Clive R.

https://www.schneier.com/blog/archives/2017/11/friday_squid_bl_600.html#c6764006

@ Clive R. and Anders

With all of the above said, the question remains could you use Win2k Pro or Win2K in any small business or home behind a fire wall? Using Win2K of any version seems to possibly be less risk than say a new Windows phone on the network or even Windows 10 Pro on the network. Is the risk/reward favorable to using Win2k behind a NAT firewall? Yes? No?

[please don't say it depends or maybe - take a change with yes or no]

Excuse the typos, spelling and grammar, I banged this out before work after reading Bruce's Equities post.

JG4November 17, 2017 8:05 AM


this looks important

https://www.emptywheel.net/2017/11/16/the-implicit-threat-in-julian-assanges-ambassador-tweet/

just another day on the blue marble of crapification, where you pay more and get less. in this case, less vegetation trimming. I've done a little bit of work on power security.

https://www.nakedcapitalism.com/2017/11/pge-causes-wine-country-fires.html

I second whoever said that Bruce could contribute to the discussion of blockchain and its progeny.

https://www.bloomberg.com/view/articles/2017-11-17/p-g-could-use-the-blockchain-in-its-next-proxy-fight

https://thenewinquiry.com/bail-bloc/

AndersNovember 17, 2017 11:45 AM

@65536

"With all of the above said, the question remains could you use Win2k Pro or Win2K in any small business or home behind a fire wall? Using Win2K of any version seems to possibly be less risk than say a new Windows phone on the network or even Windows 10 Pro on the network. Is the risk/reward favorable to using Win2k behind a NAT firewall? Yes? No?"

YES

W2K pro is even without patches more secure than modern win 10 since it's no target any more for modern attacks - there's no even powershell that modern attacks use for lateral movement.

The only problem is - do you have software for your tasks that still run on W2K pro?
I have set of software for W2K pro and i can do all my work on the w2k pro even today. All i can do on win 10 i can do also on W2K and i feel more secure, without any AV.

WaelNovember 17, 2017 4:22 PM

@Nick P,

So, the KVM switch and separation kernel idea

And yet they gave you no credit. BAU ;)

Clive RobinsonNovember 17, 2017 6:43 PM

@ 65535,

With all of the above said, the question remains could you use Win2k Pro or Win2K in any small business or home behind a fire wall?

You did not state how the firewall would be setup or used, which is kind of critical.

As I've frequently said my machines are not connected to any external networks and I use instrumented data diodes of my own design that only alow a strict subset of file types (ie they are all human readable like TXT RTF CSV). The development machines are in the main only connected via Serial lines in some cases because they have neither network hardware or software stacks.

Almost the first question I ask when talking about security is "Why do you have external network connections?" and it quickly becomes clear --after the "flappy bird" impersonations finish-- that for by far the majority of PCs there is no valid business case for them being connected and the few that do it's for the likes of Email that can be proxied in a much more secure manner or PCs that do not require connection to both an internal or extetnal network. Thus a seperate locked down storageless "thin terminal" solution for Internet connection for the very few that need it is what I suggest. Which means a non MS Win OS / Application can be followed. Whilst I stop short of saying "You must be mad to connect MS to the outside world" you can quite quickly make a case for significant cost reduction as well as increased security and stability, which at the end of the day businesses want.

So you have to consider a couple of thing when you connect an older OS and apps through a fire wall. Outsider attackers have three basic ways to get a toe hold,

1, Phishing and bait drops.
2, Application vulnerability.
3, OS vulnerability.

It's perfectly possible to run an OS with known vulnerabilities providing you can either disable them within the OS or you can block access via the firewall. However you have to know what to block and how. Many of the alledged NSA TAO group tools exploited quite old vulnerabilities that the general ITSec community were compleatly unaware of.

Thus you are looking for a very non permissive effectively "Deny All" rule set on the firewall including blocking all but certain white listed IP addresses and ports, and the most minimal of services. Oh and keep your fingers crossed.

There are however other things you can do such as using two firewalls from entirely unrelated designers/suppliers in series and heavily instrument the gap between them looking for odd ingress amd egress signitures that if found will "open circuit" the data path automatically.


65535November 17, 2017 7:14 PM

@ Anders

Thank you. That is straight forward answer.

Good going.

@ Clive R.

I know that said firewall was not defined. I would put the firewall as at least a NAT device with no UnPnP turned on. The uses for internet it business mostly are indeed email and some txt messages or even using a low use phone line for computer/fax.

Most of my customers do check their bank accounts weekly or daily but usually don't bank electronically. That is every batch of payments and Account Receivables are done via a trusted person. This person usually brings back a physical deposit slip or a paper list of disbursements.

Yes, the in long run, email and attached documents are majority use of the internet [my customers use spam and fishing filters and are on the look out of spear fishing attacks].

"...my machines are not connected to any external networks and I use instrumented data diodes of my own design that only alow a strict subset of file types (ie they are all human readable like TXT RTF CSV). The development machines are in the main only connected via Serial lines in some cases because they have neither network hardware or software stacks."-Clive R.

Here is where you get into a gray zone. How does the average small business or person setup your semi-pro data diode? Do you have any specific hardware [serial ports and db9 pin cables] and software you use?

Thanks.

Acid-Trippin-SpookNovember 17, 2017 9:31 PM

@Clive Robinson,

As I've frequently said my machines are not connected to any external networks

An acid trip gives one more profound perspective on life than rolling those high bags.

uh ohNovember 17, 2017 11:34 PM

@whomever

You did not state how the firewall would be setup or used, which is kind of critical.

Ok, although:

options of using "End of Life" Operating Systems directly on the internet, behind a home NAT'd router or in a DMZ serving over various ports and filters?

Perchance DMZ means a different thing to other people, but I'm frequently worried that some of those clients are actually real.

Clive RobinsonNovember 18, 2017 8:33 AM

@ Nick P, Wael,

So, the KVM switch and separation kernel idea...

Kind of burns a little the first time somebody takes an idea and runs with it without acknowledging it. Eventually it gets to the point where it is just irksome[1].

But I still think a KVM / sep kernel idea is a little bit of over kill for most applications. So I still favour a striped down graphics system running on a striped down (C2 *nix) running isolated serial lines with either terminals or modifed VNC viewers for the display, for less exacting purposes.

It's something you could reasonably expect a "home tech" or reasonably competent sys admin that has "down n dirty" experience to do.

[1] Wael, it appears there is a new word "erksome" coming into vouge with some, that is some what more emo than "irk". How long it will last is anybodies guess, but hey some people still understand phlegmatic which could by the antonym or "kryptonite" of erksome ;-)

Clive RobinsonNovember 18, 2017 10:15 AM

@ 65535,

Here is where you get into a gray zone. How does the average small business or person setup your semi-pro data diode? Do you have any specific hardware [serial ports and db9 pin cables] and software you use?

For the right sort of person it's fairly trivial to do. But like hens teeth that sort of person is rarely found on the ground. You kind of have to look at Hard Science and Electronics graduates not people with a General CS background.

In essence you look for a micro controler development system for an MCU with at least two serial ports, or a USB and serial port or two USB ports. With a large chunk of RAM and ROM and a 16bit or above CPU that has atleast a 20MHz clock[1]. You then cut the code in assembler and blow it into the MCU.

Don't aim for the moon the first time around or even to jump over low walls ;-) Just learn to get things working and to do something simple like converting different "End Of Line" formats (say CR/LF to just LF and back again). Then get basic hardware and then software flow control working. Then buffering and working at differnt input and out put baud rates on the two serial ports etc.

Having got it reliable to that point then you can start looking at stripping out control chars changing parity etc or converting 7bit ASCII to another character set and the other way around.

Then when you've got solid foundation you can look working on more than a couple of chars at a time through to simple file formats to check they are error free.

The next step up is "store and forward" where you take in chunks of files and work on them in more depth before outputing them. This means getting to grips with memory cards etc. You can even get it to speak to various secure cards etc as Thoth was looking at doing and Marcus had done for similar hatdwre resons but totaly different objectives.

If you are looking to go down this road I will mention as I have in the past that MicroChip make 24bit and 32bit MCUs --some with DSP-- that are around 1-3USD and they also have some relatively cheap prototype boards with peripheral boards to do memory cards and smart cards etc as well as serial cards. So you can buy in everything you need as a series of ready made parts.

These MCUs are realy "Computers on a chip" and there is a project that has ported an early version of BSD onto one of them which gives you an idea of their power (think microvax etc).

If you want to build them as products then you will need to have some manufacturing skills, even if it's just building nice cases. However for more than ten units you'ld be loking at electronics design and manufacture, which includs the usual fine tip soldering skills but also designing and building PCBs. If you don't have these skills they are not hard to learn, but just like any craft you need to put the hours in to get reasonably good. That said you can often find via Hack-a-Day and similar stuff thats already been designed and built such as USB1 to RS232 converters RS232 V24 signal level converters down to 5V or 3.3V and a whole bunch of similar boards including project boards that have a couple of serial ports etc, so for low volumes it definitely pays to look around.

Another advantage of MicroChip is they have a lot of application notes and reams of pre-developed software for talking to USB and Memory / Smart cards etc and even network adaptors.

Finally though you need to think seriously about "Security by Obscurity", it's normally considered a "dirty subject" in ICTsec but not Physical Security.

You have to accept that all code has bugs, thus a potential for usable vulnerabilities exists. However if you develop your own code an attacker has a much much harder time attacking it. Especially if you set things up so that they can not reach it electronically and hopefully not physically as well.

In effect you have shifted the attack problem close to the top of the tree, well away from the low hanging fruit that is the usual fodder of the day to day attackers you will normally face. They are in effect "Opportunists in a target rich environment" thus unless they have other reasons to target you, they will quickly move on to where the cost reward metrics are way better.

It's only if you or your customers have a very very different cost reward metric will you attract state level or equivalent commercial attackers. If you have or are likely to have high value IP etc that will attract them --as many small companies do-- then you realy need to be thinking physical security and system issolation as a starting point. Working your way upward to totaly issolated systems in physicaly hardend SCIF like environments. From experience I can assure you working in that sort of environment is not fun (been there done that have the sweat bleached T-Shirt and "night-club suntan" to prove it). Building such places starts with rather more than a back hoe as anyone who has built a fallout habitat good for months will tell you and that's before you consider the SCIF and other energy / EmSec requirments.

[1] You can do most of the basic stuff on a lesser CPU/RAM/ROM spec, I've used 8-bit/2K/32K parts with "bit banging serial" in the past but you very quickly run out of head room to do the higher level stuff. As the way more powerfull MCUs are only cents more it would be a false economy to use lesser parts unless you were going into large scale manufacture of 10K and up parts in one production run.

WaelNovember 18, 2017 11:15 AM

@Clive Robinson,

it appears there is a new word "erksome" coming into vouge...

I haven't seen it recently. But I like it more than "bothersome".

65535November 18, 2017 7:54 PM

@ Clive R.

When is USB1 or USB2 or USB3 over a serial connector such as the straight DB9 [DE9] null modem or straight, better considering the building complexities of USB? I have many other questions.

I am going to link this post forward to the new Squid thread so more eyeballs can look at it.

See you on the new Squid.

hint?November 21, 2017 8:04 PM

@Wael

Does that specific location happen to be a place that is noticeably lush when compared to regional deserts?

WaelNovember 21, 2017 8:17 PM

@Hint?,

It's a place that has stoned animals.
Big white ones that roam in the dark.
Beautiful dark skies where you can see the Milky Way.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.