GCHQ Found -- and Disclosed -- a Windows 10 Vulnerability

Now this is good news. The UK's National Cyber Security Centre (NCSC) -- part of GCHQ -- found a serious vulnerability in Windows Defender (their anti-virus component). Instead of keeping it secret and all of us vulnerable, it alerted Microsoft.

I'd like believe the US does this, too.

Posted on December 19, 2017 at 6:06 AM • 94 Comments

Comments

MousekitDecember 19, 2017 6:33 AM

What this probably means is that they have already hoarded a sufficient number of exploits that they're not worried about releasing a few of them in bulk.

meDecember 19, 2017 7:31 AM

@Mousekit
or... that they saw it exploited in the wild and so it was useless for them.
for sure it's not because "user are at risk", they don't care at all about users

PeterDecember 19, 2017 7:38 AM

"due to the risk of Russian cyber-spies using it as a backdoor."

Right, because only the Evil Soviets would ever do such a thing...

AlejandroDecember 19, 2017 8:05 AM

I still don't trust DEFENDER especially because it's phoning home 24/7. My logs are saying "key logger". Same for most of the other AVs. Kaspersky doesn't help the reputation of AVs much, either.

fredDecember 19, 2017 9:19 AM

Windows 10 is a back door! In the terms of service they state that they can grab any file off your computer at any time without notification.

This isn't Windows bashing it is data mining bashing. You never know if the "suggested update" is to help you or them.

anonDecember 19, 2017 9:32 AM

Who'd have thought that taking data from anywhere, like the internet, and scanning at a system level could lead to compromise!


AV in and of itself is a symptom of an "infection". Software that puts publishers before users, whilst the publishers insist the user is first (that is just a sales trope. If the users are first, release as FOSS).

Petre PeterDecember 19, 2017 9:44 AM

@Mousekit

hoarded

Hoarding in stockpiles it’s not hoarding and stock.pilling on an indexed hard.drive it’s not stockpiling - it’s just a difficult transition from search and delete to save and search.

Clive RobinsonDecember 19, 2017 10:06 AM

@ Fred,

This isn't Windows bashing it is data mining bashing. You never know if the "suggested update" is to help you or them.

There might be a way to guess if it's "to help you or them"...

Consider the issue as to how it effects the organizational bottom line directly or one or two steps removed...

As has been observed "If there is no profit in it, theb it's either for good will or make work".

This sort of relates to "time to fix" and "resources on hand".

So the shorter the gap between discovery and fix the more likely it is to have effected their bottom line, not yours.

The bottom line issue does not have to be an immediate loss, but a predictable catastrophic loss. Thus something that might bring down the wrath of government or via the judiciary for class action etc.

But the less time taken to fix remains indicative of how the organisation sees their risk not yours.

fredDecember 19, 2017 10:15 AM

@Clive
To clarify my point. The real question is, does the "suggested updates" contain an OS/App fix/upgrade OR it does it contain a new means to data mine? Most OS's don't even tell you what's in the upgrade anymore. Even worse is the push upgrades that you don't even know it is going to happen.

We all know that "free" isn't!

Happy Feet December 19, 2017 10:49 AM

@fred has it right. This is about pretending that Windows 10 is a secure environment (it's not) than it is about helping users. I've never understood @Bruce's willingness to defend the Windows ecosystem and its not because I think that Linux or Apple is somehow better. It's because I don't think any of them are secure so why act as if some are more secure than others? Computer security is an oxymoron.

Oh sureDecember 19, 2017 11:53 AM

"Right, because only the Evil Soviets would ever do such a thing..."

Nobody said "only" Russia hacks. Try to obtain a grip.

From the perspective of GCHQ, that's their #1 or 2 threat. Deal with it snowflake.

Russia is a state sponsor of hacking teams and they've achieved a level of success at that.
I don't see why you'd stick your little neck out to defend that regime on this point.

Security SamDecember 19, 2017 11:59 AM

Safety trumps security
Using vulnerability
That provides ability
To monitor mobility.

oh sureDecember 19, 2017 12:21 PM

There are in-band updates, which are planned and include the telemetry and major platform updates, and there are OOB updates that are scheduled on the fly to fix serious vulns that crop up outside of the planning/release cycle. It's possible they could put telemetry in a hotfix to address a Defender vulnerability, but that would make the hotfix take longer and be a tangent to the point of the OOB update. And people would notice.

People DO look at these updates and r-engineer them after the fact to find out exactly what it is MS did. That's part of how we found the telemetry in the first place in some of the mid-stream updates.

So yes, Windows 10 is spyware out of the box, and no, not every single update to the windows platform includes telemetry.

Look at your cost/benefit of being afraid of all Windows 10 updates by default :

You already have Win10 or you wouldn't need them, right? X-Defender has a big vuln.
So your choice is to continue using Win10 with a major remote vuln, or patch it.
Pretty straightforward.

Now you can debate the quality of thoroughness of the patches, but then you'd need specifics.

oh sureDecember 19, 2017 12:36 PM

"This is about pretending that Windows 10 is a secure environment (it's not) than it is about helping users"

They're closing off a remote vuln. Sure there are other vulns, but they are closing this one.

I don't think anyone is going to read "Previously unknown major W10 flaw fixed" and think gee, that platform sounds extra-secure as 'advertised' - even if they have read nothing else about W10, which is unlikely for anyone at this point.

The "news" angle of GCHQ informing them doesn't extol their current security model anyway, it's acknowledging a flaw that can be exploited is now being fixed and that they didn't detect it themselves initially. Not exactly a big PR brag.

Sometimes a patch is just a patch.

albertDecember 19, 2017 1:53 PM

@Peter,
The quote you used was about Kaspersky AV, not Windows Defender. You should know by now, it's always going to be Russia, China, North Korea, or Iran. Live with it.
.
@Clive,
"...Thus something that might bring down the wrath of government or via the judiciary for class action etc...."

I don't know about the UK, but that will -never- happen here. Software providers have -no- liability. It's a legal contract called a EULA. If MS (of any other s/w co.) was liable in any way, they'd have been out of business years ago.

I would venture to say that this situation will -never- change in the US. YMMV.

. .. . .. --- ....

oh sureDecember 19, 2017 3:11 PM

"You should know by now, it's always going to be Russia, China, North Korea, or Iran"

... Or Vietnam, Singapore, Indonesia, Estonia, Slovenia, Ukraine, Saudi Arabia, Israel, Turkey, Belgium, Germany, Finland, Norway, Netherlands, not as much Japan, but definitely also South Korea.

Why pretend they're the only ones? Nobody is actually saying that. It's your straw man.

It's an unreasonable fallacy intended to discredit the fact that we CAN attribute a lot of attacks to China and Russia, and it's not as if nobody ever looks at or suspects other nations at all.

You're pushing a doubly-false narrative to reinforce the position that Russia and China aren't hacking #1 and #2 threats from the perspective of western companies and national bureaus. Pretty pointless.

If you're going by headlines alone then I can understand your confusion, but it is your own fault.

Try to find someone saying Russia/China = 100% of the threat, you will not find it.
Stop shaking straw men.

IsmarDecember 19, 2017 3:14 PM

Have you ever wondered what OS GCHQ might be using and if indeed was Windows 10? This might change the perspective on what their motivation might be for informing Microsoft. Also there is the PR side of things as well which might be even more important given their damaged reputation.

albertDecember 19, 2017 4:21 PM

@oh sure,

"...It's an unreasonable fallacy intended to discredit the fact that we CAN attribute a lot of attacks to China and Russia..."

Congratulations! You have found the secret of absolute attribution.

Russia, China, North Korea, and Iran are -official- enemies of the US. It will always be so, right up to the collapse of The Empire.

"...Why pretend they're the only ones? Nobody is actually saying that..." Neither am I.

"...Try to find someone saying Russia/China = 100% of the threat, you will not find it..." I neither implied that nor stated that.

You're arguing with yourself.

. .. . .. --- ....

echoDecember 19, 2017 4:55 PM

I tend to agree with Clive on this issue. I have experienced too much cavalier or coercive behavior for career or organisational benefit to believe the UK state sector has on all occasions the public interest at heart.

Matters of public knowledge are judges throwing a foot stamping hissy fit at doctors for flouting court judgements which outlawed a certain kind of business as usual inadequacy and the police caught red handed no-criming. GCHQ has observed the letter of the law with respect to withholding serious allegations against public figures because the information they obtained was not within their remit of national security yet took advantage when they perceived they could flout good will and the law for survellience purposes. There is also very good policy evidence and incidents which indicate local government is seeking to evade responsibilities which results in harm against vulnerable people for fiscal reasons. At least one issue caused by this is subject to an inquiry during this last year.

I remain positive but overcoming beaurocratic cynicism at times requires a lot of faith and handwaving.

AlexT December 19, 2017 5:07 PM

I don't buy it... If they did what is claimed here it is solely because they had good reasons to. In other words it was most likely because they knew that it was about to be exploited by some adversary. Or it might be some sort of PR move. But there is exactly zero chance that it happened because it was the right thing to do on a moral ground. And as much as I despise what the 5 eyes agencies are doing I understand their thinking.
To be honest I'm surprised the Bruce would even consider this to be an honest move...

RostDecember 19, 2017 5:22 PM

In all likelihood they saw the Russians exploiting this vuln and decided to publicly release word of it to patch up the hole the enemy nation was using as well as give themselves good PR.

I do not for a moment think this was done out of any desire to make Windows a more secure Operating System in general and to protect the public. This was done to disempower Russia. Period.

oh sureDecember 19, 2017 5:23 PM

If you're going to allege there are shadowy phantoms afoot, POINT TO THEM.
What's so dishonest about it? The fact that GCHQ was mentioned?

If you're cultivating some internally narrated doubts without a direct basis in documented fact, that's called crackpotism or creative writing depending on your audience and intent.

GCHQ has an interest in PR, but they're also partners with US LEO, as MS is also.
If they were found to be sitting on something like this it would be an issue.

"it was most likely because they knew that it was about to be exploited by some adversary."

That's how 0-day remote access vulnerabilities work. You discover and patch them before exploited.

Maybe GCHQ discovered this as a result of watching some group's code snippets, maybe.
We don't know. What difference would it make - and how would that be dishonest?

@ Albert

Sure this is a big conspiracy to implicate honest Russia, comrade. 'strovia

"Russia, China, North Korea, and Iran are -official- enemies of the US"

Russia and China are considered ADVERSARIES, and NK and Iran are considered hostile.

None of those are "official" designations because the only way to make a nation "officially" an enemy is to declare war, and the US hasn't "declared war" in quite a while if you notice.

Clive RobinsonDecember 19, 2017 6:36 PM

@ Albert,

Software providers have -no- liability. It's a legal contract called a EULA.

Actually it's a form of lease, however it is subject to the areas of the law concerning "unfair contracts". What has not happened yet is somebody seriously challenging it in court for a couple of reasons. The first is the main software companies have deep pockets and house lawyers. The second is the companies "by off" the few they consider serious thteats.

In effect the likes of Microsoft have bribed and threatened countries but back up when pushed by certain governments that have sufficient control on their home markets.

Microsoft are far from invincible as they have lost to both US Federal and EU Courts on a number of occasions. Thus either their high payed house lawyers are no good or they are breaking the law in various ways.

At some point they will get push back from the EU, they've had a tap on the shoulder from various EU nation data protection commissioners already as have Facebook and Co. So their respective cards have been marked and EU judiciary is not favourably dispossed to the US Corps due to their track record on amongst other things tax evasion. If a case of the right sort goes against them in the EU then the judgment and evidence can be used in a US Court. Thus there is a risk that someone will push hard and not be bought off at which point the US Software Corp Castle might be shown to be a house of cards.

C U AnonDecember 19, 2017 6:40 PM

@Oh sure:

Give it a rest, either your angst will give you high blood preasure, or your life must be as water passes, under a bridge.

oh sureDecember 19, 2017 7:52 PM

@ C U Anon

Sleep if you need to but your advice column isn't winning any Pulitzer's either.

If you want to be paranoid that's your right. If you want to have a factual basis, that's cool too.

oh sureDecember 19, 2017 8:03 PM

@ Clive

Frankly THANK GOD for the EU, they're the voice of reason from across the pond.
The US is in full sellout mode as far as protecting the public trust.

I'm not saying the US should adopt everything about the EU but a spine could still be helpful.
The xenophobic trolls who sold you Brexit are the same traitors who sold us Drumpf's FCC, EPA, CFPB et al.

Even if it's just a fine here or a finger wag there, that pushback is a refreshing reminder of what it used to look like when government attempted to look after the rights of individuals versus corporate encroachment and abuse. It's like laws still matter there, have teeth. The lying VW exec actually WENT TO PRISON. I'm nostalgic for that.

MAKE AMORAL GRIFTERS ACCOUNTABLE!

Clive RobinsonDecember 19, 2017 9:18 PM

@ Ismar,

Have you ever wondered what OS GCHQ might be using and if indeed was Windows 10?

In all probability not many are running Win10. UK Gov purchase schemes tend to assume a seven year replacment cycle at best with lowest cost equipment (ie end of life tech). Which is why some folks still have/had MS WinXP when that ransomware came a knock knock knocking.

I'm aware that some Gov Dept's want to go back to a core server and thin client system with no local storage or printing. It's only inpart due to the security advantages, most are desperate to cut back on maintenence and infrastructure costs. Thus a thin client with a noname *nix base and graphics display no connectors and no HDs etc could run effectively maintanence free for a decade or so, or untill it's motherboard or display died. At which point it could just be binned with little end of life security cost. The group based core servers can be managed centrally, locked away in a server room and use SAN etc for storage and backup. Or atleast that was the idea before the business market swung towards laptops from desktops etc.

Which is one of the differences between Gov and business. Businesses are looking to minimise floor space to save costs Gov up untill recently has not cared to much about floor space so workers get standard desks not coffee shop perches and the dred "hot desking" (with those under desk crotch heat detectors[1] some UK newspapers tried and got humiliated over).

As for the GCHQ technology specialists at one time they were fond of certain *nix boxes and even mainframe solutions. I suspect that whilst they may get higher end tech they to have gone down the COST route and thus have generic personal computing based on Intel platforms.

The real question is how they get sufficient segregation as most kit in the past decade has come with various radio and connector based data interfaces as standard. If the leaks from the NSA are anything to go by the it's by draconian threat and fingers crossed behind their back by senior managment.

From the early "naughties" and the first UK Gov belt tightening and immature fiscal policy. The UK Gov has little in the way of leverage to get deals and suppliers know this, thus they avoid going even an inch let alone a mile out of their way for Gov contracts. And those in "the service industry" that specialise in them appear to be either getting out or doing ethically and morally questionable things.

Thus the net result is most UK Gov computing is below standard in most respects, with large parts on "life support".

[1] http://www.occupeye.com/wp-content/uploads/2016/04/OccupEye-deployment2.png

65535December 19, 2017 10:29 PM

@ fred and others

“The real question is, does the "suggested updates" contain an OS/App fix/upgrade OR it does it contain a new means to data mine?”-fred

I think you may be on to something.

At first I thought this “out-of-band” a positive demonstration that the GCHQ was working to protect citizens from various virus threats. But, then I began to wonder about the meaning of “out-of-band” and then came thought this also demonstrates the hole or backdoor to Microsoft systems. I belive MS has done this once or twice in the past with XP/Server 2003 where if you have the computer plugged into the internet you get a silent update that cannot be removed.

For example if the NSA/GCHQ could use this very same “out-of-band” system to plant spyware on an certain high placed government official or even on multiple computers. Microsoft is under the jurisdiction of the NSA. The NSA could issue a secret order to implant spyware on certain computers for “National Security” reasons and spy on Microsoft customers.

Taking a look at MS support page, for the most part the “out-of-band” update cannot be uninstalled.

Affected Products:

Microsoft Forefront Client Security
Microsoft Forefront Endpoint Protection 2010
Microsoft Forefront Security for SharePoint Service Pack 3
Microsoft System Center 2012 Endpoint Protection
Microsoft System Center 2012 Endpoint Protection Service Pack 1
Microsoft Malicious Software Removal Tool
Microsoft Security Essentials
Microsoft Security Essentials Prerelease
Windows Defender for Windows 8
Windows Defender for Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2
Windows Defender Offline
Microsoft Intune Endpoint Protection

"This update cannot be uninstalled from Windows XP or Windows Server 2003. This update can be uninstalled from Windows Vista and Windows 7.

"This update cannot be uninstalled when you are using Microsoft Forefront Client Security.

"Microsoft Forefront Security for SharePoint... This update is automatic and does not require a restart... This update cannot be uninstalled.

"System Center Endpoint Protection... This update cannot be uninstalled.

"Forefront Endpoint Protection... This update cannot be uninstalled.

"Microsoft Security Essentials... This update cannot be uninstalled.

https://support.microsoft.com/en-us/help/2510781/microsoft-malware-protection-engine-deployment-information

I notice that Win 7 and Vista machines with Micsoft Security Essentials the patch cannon be uninstalled after itis applied. That covers the majority of MS products.

What exactly is MS “Out-of-Band” instillation process?

Can it be stopped...other than airgapping/or energy gapping the box?

Is this a “patch” or a hole [backdoor]?

What do you say?

hmmDecember 19, 2017 11:07 PM

The NSA has demonstrated the capability not only to intercept the packaged physical computer systems/components on their way to you and install untraceable "data miners" if they want to, or just quantum_insert some low-level "data miners" into any binary you download, monitor your ISP and most major sites for your activity which is catalogued forever and cross-indexed and whatnot... and you think they need compromised Windows updates (with full user knowledge and consent no less?) to deliver the killing blow? Ha.

Windows 10 is already a massive dragnet. You think they'd need out of band updates to make surveillance happen that they don't already have? Go ahead and try to harden it. They own the keys, they've got the low-level, IME + Hard drive fileless persistent bugs, they stockpile hundreds of 0-days that they would never think of wasting on your data.

They have your data. They won't bother to look at it unless there's a reason to. They'll just use it to profile you and determine how much your life is worth to their system. Chances are they could give a crap about you and your whole neighborhood. No offense intended.

Those updates can't be uninstalled because their build is cumulative. If you uninstalled one that another depends on it breaks badly. Sure in utopian theory it would be nice if everything were modular and they did the N-th degree regression testing of every possible combination of hotfixes and updates, but that's fantasy land. They're humans, lazy and on an imposed budget that basically results in their destruction and failure seemingly by design.

Really there is no way to keep yourself off the radar without major life changes, most of us.
Think about it that way when you get wary of out-of-band updates from known data miners.

Imagine your every footstep, fingerprint or breath were visible and in fact glowing in the dark.
That's about right.

MeerkatDecember 20, 2017 1:29 AM

@Bruce

Didn't Snowden say a while back that the NSA was the entity that divulged the Juniper Netscreen Firewall mangled-up-username backdoor administrator account?

WaelDecember 20, 2017 4:37 AM

Root cause: violation of 'Least Privilege'. Anti malware processes need not have write privilege. Also a violation of 'Separation of Domains': Anti malware processes need to be containerized so vulnerabilities are local to their container. New architectures need to be explored.

On the subject proper: disclosing one vulnerability doesn't imply all were or will be disclosed. As others mentioned: don't attribute to honesty what can be attributed to poverty :-)

What likely happened is GCHQ is scraping the barrels. They needed some money, so they went for bug bounties and cashed in one of their 'investments'.

I'd like believe the US does this, too.

GCHQ is not the UK!

PeterDecember 20, 2017 4:56 AM

"Only the evil Soviets ..."

I just find it amusing with all the Russia-paranoia- We are talking about WINDOWS and people worry about some third-party program when they are using operating-systems that practically don't even have a front-door ?

한국어December 20, 2017 5:23 AM

@Peter

Evil Soviets

Haven't you heard? Today it's no longer the Soviets, but North Korea, that is blamed for anything evil.

North Korea is the new Soviets, the new Osama bin Laden, the new Adolf Hitler, the new Emmanuel Goldstein.

Clive RobinsonDecember 20, 2017 7:40 AM

@ echo,

With regards the,

    University of Michigan team aims to create an unhackable computer

The idea is far from new, in fact readers of this blog have discussed the same and better protections when mulling over the "Castle-v-Prison" or "C-v-P" idea.

More recently some academics from UCL have taken some of the ideas and built a product around them idea...

It will be interesting to see what the UoM team claim as "original insight" if anything...

Clive RobinsonDecember 20, 2017 7:52 AM

@ 한국어,

North Korea is the new Soviets, the new Osama bin Laden, the new Adolf Hitler, the new Emmanuel Goldstein.

You left out,

    the new little hands

Bong-Smoking Primitive Monkey-Brained SpookDecember 20, 2017 8:24 AM

@C U Anon,

I C U R getting cold on that side of the pond. Keep them feet warm and watch out for the big bad wolf, lest he huffs and puffs in his bong ;)

Say high to the Godfather ;)

Clive RobinsonDecember 20, 2017 9:18 AM

@ Albert, and others,

It appears that the EU is making the major US Software Corps nervous to put it mildly...

The EU GDPR 20million or 4% of global which ever is the greater, has woken more than a few up.

According to a screen shot in this article,

https://www.brentozar.com/archive/2017/12/gdpr-stopped-selling-stuff-europe/

Microsoft has pulled atleast one product due to the GDPR maybe more.

Facebook have just received another thwack or two from Germany and France, and smaller US Corps are saying "no thank you" to EU customers due to VAT and GDPR and other expected issues...

I suspect things will keep changing up untill May 2018 when GDPR activates then fingers will get crossed untill the first couple of cases go to court etc...

Then it's anybody's guess what happens next. I suspect smaller US Corps with only a few% of revenue from the EU will stear clear. Others will try putting "resellers" or other fire breaks in to protect the main part of the organisation. As for the big boys some will go to war others into avoidance either way it depends on how much revenue they make or expect to make in the EU.

The question then is if we will drop into the old "Trade Talks" nonsence of "Tit for Tat" legislation to hurt the other guy more. The problem is Trump effectively killed off the Obama Trade Deal process which had slowed to a stop due to congress.

TTIP like the other Obama trade deals had a real sting in it's tail via the process known as investor-state dispute settlement (ISDS). Which can prove not only very lucrative ways of raising funding for expansion, but more importantly kill off inconvenient foreign nation sovereignty... Thus from a US Corporate and Political asspect it might now look like a bad idea to have let the oppoetunity slide. Because it became public knowledge that the US tried very hard to keep secret, thus not just secret from citizens but their politicians as well. With the result US trade proposals are now treated with suspicion if not out right hostility by citizebs and politicians alike.

That said various countries are now refusing for very good reason to have anything what so ever to do with trade treaties with investor protections in them such as ISDS. And surprise suprise it does not appear to have any effect on foreign investment those nations attract...

I guess we will have to wait and see what happens after May.

https://www.theguardian.com/business/2015/jun/10/obscure-legal-system-lets-corportations-sue-states-ttip-icsid

echoDecember 20, 2017 9:34 AM

@Clive I was too lazy to think through a response to the UoM news plus I don't know enough about what attacks are possible. I also sat on UK IT industry policy and EU directives because I felt I was yacking too much.

NK, the big victim, boo hooDecember 20, 2017 12:49 PM

"Haven't you heard? Today it's no longer the Soviets, but North Korea, that is blamed for anything evil"

Why do we have goons in here shilling for the despotic regime of North Korea?

Nobody accused NK of anything NK didn't actually do, and if you have evidence otherwise, share it.

Until then? Get back on your side of the line and dig your dinner out of that rock pile.

albertDecember 20, 2017 2:36 PM

@Clive,

I agree with @oh sure on this:
"...Frankly THANK GOD for the EU, they're the voice of reason from across the pond.
The US is in full sellout mode as far as protecting the public trust...."

You are correct about MS deep pockets. IIRC, some time ago, they paid USD 1.4 billion in one year for legal expenses (including patent fights). That seems like a lot, even for a big company. From it's beginning, MS has been a poster-boy for the New Business Ethics, that is, anything you can get away with is OK. MS still has a de facto monopoly in business systems, so it's unlikely that they will ever be sued by their giant corporate customers. Pressure from the EU might help in this regard. As I've said before, most of my 22-year career as a programmer was in a MS environment. In my day, MS had sterling, though rather expensive, developer support.

Liability for software products would result in an immediate improvement in software security (or bankruptcy, either is acceptable to me) but I don't see that happening here.

Practically every sector in US manufacturing is subject to liability lawsuits, except software. Why should this be so?r S****y s/w is now in a position where it can be an existential threat to us citizens.

Here's hoping EU privacy laws are the first nail in the coffin.

. .. . .. --- ....

Clive RobinsonDecember 20, 2017 6:42 PM

@ bttb,

Perhaps the North Korea discussion is OT here

The meme of the "US Existential Enemy" is something that pops up on many threads here as a running joke. 한국어 (Korean Language)[1] and myself were just hamming it up in a satirical fashion.

The sad reality is some one in the US Government by design or otherwise appears to be playing according to the George Orwell "1984" play book and has been since atleast the 1990's.

In ICT it realy got going after 9/11 with the "China APT" making China the existential enemy of the time. Then swaped with Iran, North Korea and Russia. All got a turn in "The existential enemy barrel" on which the political critters could bang their sticks one or more times, in that faux patriotism they practice.

The point is it's all faux nonsense for the purpose of technically illegal "US government propaganda run on it's citizens", to keep them distracted from what a failure the US IC is in general.

The big clue to this is that there is only one "existential enemy" at a time. The second is the "enemy" are far away and frequently racialy different. This makes it easy to give the masses something so simple that they can fixate upon it under repeated instruction via the US MSN and chant the slogans etc (remember "Cheese eating surrender monkeys" etc?).

Logically an enemy does not be friend the foe then friend again in short order, they are not drunken bums down at the local hoch hovel falling in and out of a bottle alternately shouting eternal friendship then enmity alternatly as the bottle is passed. They are either enemies most of the time or they are not. So with China APT the P is a give away in that it stands for "Persistent" yet they came and went came and went depending on which way the US Political wind was blown. Either the government if faking it up or they don't belive that the citizens of capable of understanding more than one thing at a time.

So yes we take the rise out of it whilst others sadly appear to believe what the MSM has fed them...

[1] I'm told that 한국어 is actually South Korean not North Korean...

four72December 20, 2017 10:10 PM

@oh sure

"... Or Vietnam, Singapore, Indonesia, Estonia, Slovenia, Ukraine, Saudi Arabia, Israel, Turkey, Belgium, Germany, Finland, Norway, Netherlands, not as much Japan, but definitely also South Korea. "

... or the United States, or Canada.

... or just a regular civilian from anywhere just looking to screw around for completely selfish, unpatriotic reasons.

oh reallyDecember 20, 2017 10:12 PM

"The big clue to this is that there is only one "existential enemy" at a time."

Well, that hasn't been the case for a long time in US foreign policy. Several decades.

oh reallyDecember 20, 2017 10:20 PM

It's kind of nonsense to say they're picking "one at a time" but flipping through them constantly.

These things wax and wane, but the point of it is we're fighting on multiple fronts, all the time.
People worked on it the entire time, most of the people don't switch out with administratinos.
They didn't suddenly make it up.

NK existed in 1996, 2001, 2005, 2011, and now. It didn't just "become" our focus.
MSM doesn't "feed" the threat to us now, it's been a threat the entire time.

Now you can hide head in sand and say the MSM is lying about everything, but I consider the well-covered prospect of the hermit kingdom getting nuclear weapons or bioweapons and the capability to deliver them as something to take seriously.

This penchant for pretending none of these things are real or valid, it's weird. Unbecoming.

Clive RobinsonDecember 21, 2017 7:46 AM

@ oh realy,

Well, that hasn't been the case for a long time in US foreign policy. Several decades.

Firstly I did make it clear I was talking about ICT only not other domains... So the question of why is it different for the phoney war zone known as "cyber"...

You are kind of making my point for me.

But you go on to say,

It's kind of nonsense to say they're picking "one at a time" but flipping through them constantly.

Which is exactly what the US Gov are doing... If you look far enough back on this blog you will find I was making the point that all states that could do what you might call cyber-espionage were at it against every one they could when ever they could[1]. This was well prior to the silly "China APT" nonsense. Back then the US espoused view of North Korea was it was a backwards hole in the ground full of paddy field stampers... Then suddenly they are cyber-warriors of an existential nature... And so the nonsens went on.

Which brings us to,

Now you can hide head in sand and say the MSM is lying about everything, but I consider the well-covered prospect of the hermit kingdom getting nuclear weapons or bioweapons and the capability to deliver them as something to take seriously.

I would suspect that many Americans know that the US MSM is very supine when it comes to spouting the US Gov line, thus their version of the truth would be likewise warped. It's true in most countries thus most sensible people tend to take the MSM with a very large pinch of salt "about the size of Lott's Wife".

As for the "Hermit Kingdom" they are not realy "Hermits" they just do what 2/3rds of the world has done in the past century which is stop their population upping sticks and moving else where for various reasons.

Their was an old joke about three scientists sitting having a cup of coffee at an international scientific conference in the 1950s. Where an American and Russian scientist were arguing about the benifits of Capitalism and Communism, whilst a little old Israeli scientist sat their quietly looking introspectively in his cup. Eventually the Russian and American paused, at which point the Israeli scientist said,

    "My friends you know I've lived under both Communism and Capitalism for long enough to realise they have much in common"

Both the Russian and American looked not just supprised but questioning so the Israeli went on,

    I know you find it hard to believe, but it's true, think about what you claim to love the most? You both lock them up, you Americans do it with banks, you Russians with gulags.

If you look at the history of Korea from the end of the Pacific war untill today you will note a few things. Firstly they were a slave nation for the Japanese and at the last moment Russia joined the Alies against Japan to get a share of the spoils of war, thus they fell under Russia. The USA and Russia used Korea for a proxie war, and then Russia dumped the whole lot in China's lap. The US got roundly defeated several times thus the US commander in the field killed over a third of the Korean population by bombing and crop destruction. China made it abundantly clear the US could not win the war with numbers of soldiers in the field, so the US commander demanded that nuclear weapons be used to blast not just the Koreans but Chinese back to the stone ages. Wiser political heads vetoed the idea and the Koreans and Chinese pushed the US back down the peninsula. Eventually a cease fire was agreed. However since the 1950s the US War Hawks have tried to stir up another war. The Korean's now divided acted in different ways but one thing is clear the North Korean's unlike the US have behaved as "Rational Actors" towards US irrational behaviour. The reason that NK has developed some two and a half thousand tonnes of chemical weapons, thousands of liters of biological weapons and now nuclear weapons has been always as a response to US behaviour. As for their rockets, those developments go back to the Vietnam war again in response to US military behaviour. The NKs realised quite rationaly they could not compeate in terms of aircraft and carpet bombing with chemical weapons, and that back then there was no defence to balistic missiles. So they did what any rational actor would do in the face of a very real existential threat... If you look at the history of it the US has unarguably made North Korea what it is today.

The Solution to North Korea is relatively simple, which is to keep the US IC etc out of the area and let the North and South slowly sort themselves out. They've started out on this a number of times, then some idiot in the US decides it's time to stir it up again. In part because it's not the North that realy frightens the US but the South. Have a look at their economic development to see why, then imagine what would happen if the north supplied the increased manpower and space and the south the business and industrial accumen... That thought scares not just the US but Japan and now China, especially with Putin looking favourably at NK in terms of being a favourd recipient of resources and market. It's also part of the reason China is pushing it's behaviour over the South China Seas and want the US well out of the area. Because if the US pushes and provokes to much it will find North Korea has both China and Russia standing right behind, and that's a war the US can never sensibly win. Especially with China having so much control on the US economy.

I don't know how old you are but US behaviour with respect to the likes of the Middle East and South China seas has been of some concern thus I've taken it seriously for three decades now...

The real problem is the US is in decline in status and economicaly was becoming an irrelevance. However like all aging alpha males, they are not going to go quietly. As with most Empires they are destined to die out, the only question is how much damage they will do on their way down, historicaly few Empires have gone quietly. However since WWII with world communications being what it is Empires are going more quietly than in the past.

[1] For instance the French publicaly admitted they committed acts of economic espionage back in the 1980s as it was cheaper than R&D, a policy we know they continue. The US has been caught out doing it against Japan but won't admit it, which makes them hypocrites at best, especially with their history of IP theft from the 1700s onwards.

echoDecember 21, 2017 8:35 AM

@Clive

Yesterday, I was reading up on historical world economic growth. Some interesting issues can be noted from the data. The industrial revolution for the first time unlocked growth from population growth. Both the UK and US economies at their height produced sizeable peaks compared to equivalent countries. The story broadly speakign is once the cat is out of the bag the economics tends to level as other countries catch up.

World poverty obviously remains an issue. My personal view is this is a "loss of opportunity" and why I believe penal attitudes towards economcially disadvantaged people is both unfair and counter productive.

World population and sustainability are additional political factors.

https://en.wikipedia.org/wiki/Economic_history_of_the_world
http://www.visualcapitalist.com/2000-years-economic-history-one-chart/
https://ourworldindata.org/economic-growth

I have found reading documents relating to UK military doctrine (and Soviet now Russian military doctrine) and US military doctrine quite interesting in how the various blocs perceive threats.

oh reallyDecember 21, 2017 11:56 AM

"As for the "Hermit Kingdom" they are not realy "Hermits"

Slaves? Captives? Goods and services contestants in the game show that is NK's despotic governance?
Call it what you will but starving men with bellies full of parasites are risking death to leave it.

I just find it a bit silly to say that because the US government has a motive, and because the MSM helps that motive be accomplished in a general sense, that therefore anything the MSM reports can be expected not only to be unsupported, but actually is a "plot" to sow disinformation so the peace-loving people of NK can be subjugated by CocaCola.

"The Solution to North Korea is relatively simple, which is to keep the US IC etc out of the area and let the North and South slowly sort themselves out."

Well that IS a relatively simple PLAN, but you don't include any contingencies for NK's nuclear program, anthrax-on-ICBM's, etc. NK is an outsized weapons manufacturer and exporter - it's by far their #1 export despite sanctions.

Now yes of course the US history of regime changes and marionette-governance is a valid point, and I'm not saying the US gets a pass for everything it did or does. At all. Both Iraq wars were bullsh*t. I think many learned lessons from that misadventure apply.

I just don't see alpha-males or US decline as the reason why this is coming to a head right now.
There's just no great intrinsic motive for the US to attack NK. The upside is small.
If the US saw resources or possible victory in NK, it would be bombed already.


albertDecember 21, 2017 12:54 PM

@oh really,

"... that therefore anything the MSM reports can be expected not only to be unsupported, but actually is a "plot" to sow disinformation so the peace-loving people of NK can be subjugated by CocaCola. ..."

That issue is more subtle than you indicate. 'The MSM' is run by the editors/owners. 'News reports' may be written by underlings or higher ups. Any or all participants in an individual news service, may know or have knowledge of 'the Truth' of a subject, in spite of the approved (published) version of the Truth. If the 'approved' version is a lie, then that makes them at least, hypocrites. Probably (I'm guessing) some actually -believe- the approved version, hence the term, "useful idiots". History has shown that propaganda preceding the war in Iraq was a conspiracy at the highest order, and that most (but not all) of the MSM was complicit. This is not journalism. In journalism, plausible deniability is an excuse for not doing your job. But that's not the main issue.

As long as the MSM remains a spokesman for the government, the situation will not improve. You can call it what you want. Labels are simply useless at this point.

"...There's just no great intrinsic motive for the US to attack NK...".

Motives are psychological, reasons are rational. An attack on NK would result in the deaths of millions, including US ground forces. If NK even lifted a finger against anyone, they would be wiped out of existence, and they know it. As I see it, it's a stalemate.

Now we find "NK has chemical weapons". Is this just like "Iraq has chemical weapons"?

We need some rationality in our elected leaders. Even the most ignorant among us should see that this is a watershed moment in US foreign policy. Who's going to rise up and face this challenge?

. .. . .. --- ....

oh reallyDecember 21, 2017 1:56 PM

"If the 'approved' version is a lie, then that makes them at least, hypocrites."

A lie REQUIRES the knowledge of itself. That's Trump's defense, anyway.
You have to prove intent to deceive and contrary knowledge beforehand. Not trivial.

"History has shown that propaganda preceding the war in Iraq was a conspiracy at the highest order, and that most (but not all) of the MSM was complicit."

I don't think "most" people reporting on yellowcake knew it was or wasn't there.

Judy Miller and a few actual moles did commit journalistic suicide but "most" did not.
Many expressed doubts about it - not loud enough to get fired, but they did.
Saying "most" implies we have %'s. We don't.

Colin Powell I'm not even fully sure about. SOMEONE knew, but who exactly? Aha.
This is where/why conspiracy 'theory' falls apart - ground-level attribution.

"Complicity" is hard to establish also. If the 3rd Reich had janitors, are they complicit?
If a cop is ordered to arrest someone, they don't get to decide if it's a just warrant.
If a TV anchor is given a script, RARELY do they have any authority to alter it.


Here's a different thing : PROOF that a media company lies per plan to do so.
http://gawker.com/5814150/roger-ailes-secret-nixon-era-blueprint-for-fox-news

What is done about it? Nothing, because the people crying about MSM integrity give Fox a full pass.
With all the condemnation of the MSM, NONE OF IT IS FOCUSED AT FOX. Ever ask why?
They're easily the #1 mainstream lie promoter. They have the highest ratings.

Because some people do not mind being lied to and in fact demand it. The market exists.
That's not the "fault" of the MSM en masse. That's the fault of society en masse!


"In journalism, plausible deniability is an excuse for not doing your job."

Journalism is a tough job and plausible deniability actually does factor in.
If a journalist can't prove something beyond it, they can't report on that.
They'd risk being sued personally or organizationally, destroyed.

(Think Alex Jones on Kobani yogurt)

Ultimately journalism that covers government or military stuff, it runs up against a wall of verifiable information. At some point they are taking the word defacto from the powers that be, there is no option to independently verify. Good reporters can offer possible counter-narratives in addition to reporting what they're given, but they can't just ignore the given narrative or pull counter narratives out of nowhere.

Though we had inspectors in Iraq saying the nuclear program was dismantled, there was no objective 'proof' of that. There was a doubt. There was possibility. When an authority decides to lie about something and they control all avenues of independent verification, you can't blame the audience for not having proof to the contrary. You can't blame the telephone for repeating what is said by authority into it.

I think the issue isn't the fact that a lie is repeated. That will always happen.
The issue is that the lie is not corrected AFTER KNOWN. That nothing is done about it.

We know the US government lied since before Pearl Harbor. But we didn't know it in REALTIME.

We know the US government lied about Tonkin Gulf, about yellowcake, about this and that.

What did we do about it? Nothing. Protests came and went, that was the resistance.
That was our recourse, that and voting towards our interests for a change of leaders.

This culminates in Trump, the ultimate unaccountable leadership. This was not the fault of the MSM, they reported on Trump's lies. Every day more lies are proven, we're in the 500+ on-record lie area in the first 300 days. That's worth realizing. The MSM is doing the job, but ultimately if nothing is done about the lies how is that their fault?

The media has problems, there is plenty to clean up there - but the fish rots at the head first.
We've allowed liar culture to become acceptable in SOCIETY, the media didn't invent that.

So don't take any single party or group or network's word on matters of fact, it's the aggregate.


"Now we find "NK has chemical weapons". Is this just like "Iraq has chemical weapons"?"

In fact Iraq *DID* have stockpiled chemical weapons. We could have gone to war on that basis, in truth.
But the authority decided that truth was not compelling enough for cassus belli.

AFTER the fact, this lie has been exposed for what it is - by the MSM, no less.

If you distrust any single source of information, that's wise.
To distrust all in favor of one's gut is much less wise. Rant over.

oh reallyDecember 21, 2017 2:17 PM

"As long as the MSM remains a spokesman for the government, the situation will not improve"

This is the fallacy.

The MSM has to report, that's the only job it has in our profit-driven system.
If you want veritas you have to remove the profit incentive and reward truth instead.

The media did not create this problem though it is mindlessly dragged by it :
Our society has declined in rewarding truth in favor of popular convenient lies.

This was true stealing land from Indians, this was true on the "day of infamy" and "Mission accomplished"

Don't shoot the messenger. Don't distrust your telephone. They work as they always have.

Take your beef to the source.


RatioDecember 21, 2017 2:27 PM

@oh really,

Did April Glespie say it was “bullsh*t”? Or are you saying she is to blame for what Saddam did and what followed (which in your view is aptly described as “bullsh*t”)?

So far, I'm thinking “taurine excrement”.

Clive RobinsonDecember 21, 2017 4:05 PM

@ oh realy,

Slaves? Captives? Goods and services contestants in the game show that is NK's despotic governance?

No they are citizens by birth subject to the laws of the country they were born and still live in.

Which differs from the US where if you are born there you remain subject to it's laws where ever you are (see US tax on ex-pats etc).

We can go on shoving this backwards and forwards as much as you like but "Hermits" they are not by any accepted meaning of the term you will find in a dictionary. Further as I pointed out many other countries have or had similar laws as NK about it's citizens trying to emigrate over the past hundred years, so they are not unique by any means.

Those are what you might describe as the basic facts of the situation without emotional over tones. As for the state the NK Citizens live in you can actually find worse in quite a few places around the globe.

What differentiates NK from other countries in a similar state is the US Government attitude to them. Historicaly this is nothing new it is US foreign policy to pick on and demonize other nations for various reasons such as business economics. Have a look at the history of Cuba, Iran, Chile, Venezuela and of course there was Manuel Antonio Noriega who was a Panamanian politician and military officer, his history might make your eyes open up more than a little bit.

Your concern is that whilst these other nations get trampled on with impunity by the US because they can not effectively defend themselves against illegal US military incursion, NK now has the means to do so to a limited extent. So pardon me if I'm dubious about your motives.

The US had numerous oportunities to have peacefully settled things with NK. They made diplomatic agreements with NK, NK upheld it's end but it became clear as with Iraq and for that matter Iran as with Cuba before the US at some level does not want peace, they want war. Thus any diplomatic agreement gets scrubbed by the US not the nations concerned. As I've pointed out the only rational behaviour when dealing with that sort of behaviour is to find a suitable deterant. The fact that NK did not realy threaten SK, Tiwan, Japan or the Philippines but increased the range of their deployment system to the US mainland tells you rather more than you appear to be taking on board

The US is used to being "exceptional" in various ways, one of which was that it was protected by the Atlantic and Pacific, thus felt invulnerable even during the Cold War by accepting the MAD idea of the Rand Corporation. To back it up the US burnt it's way through much of it's natural resources in a couple of hundred years on "high living" and later military expenditure at a ludicrous rate. Then a rude shock came along a small group of individuals turned US "High Tech" against the US by flying US aircraft into various politically and economically significant targets. 9/11 was insignificant on terms of deaths and even destruction compared to that the US were inflicting in other parts of the globe either directly or indirectly. But the chickens had come home to roost the feeling of invulnerability was kicked out from underneath the US psyche...

The US became hysterical in it's response, alowing pre prepared legislation of all colours to just get waved through and the US was put on a war footing, but with no enemy to attack. So in typical US style one was invented to cover other business interests. As long as the US remains on this war footing way too much bad legislation and executive orders get slid through on the wave of the flag and some patriotic clap trap.

As for,

There's just no great intrinsic motive for the US to attack NK. The upside is small. If the US saw resources or possible victory in NK, it would be bombed already.

The US is trying as it has been for more than sixty years to force the issue. The US regards SK as a toe hold against both Russia and China and another convenient point for staging etc if things should go wrong with either China or Russia. If NK can be forced into some kind of action against SK then the US has every excuse it needs to "settle unfinished business" and build up a very large military prescence. Neither China or Russia could directly respond because it could be made to look like they were,using NK to attack SK. If however the US screw it up as they have done so often before, they will be on the wrong end of a very dirty stick. NK know this rather more than the US does. Hence the supprise and some what forlorn response of the ex US ambassador now working for the UN, when NK treated him as of no real interest and if anything to little to be bothered with. NK knows it's absolutly pointless listening to US inspired overtures as they are worse than compleatly usless they are a waste of time and resources that the US will try to manipulate for the home audience.

Oh as regards,

NK is an outsized weapons manufacturer and exporter - it's by far their #1 export despite sanctions.

So what, it's a standard economic export, it's how the US gets some of it's petro dollars back from the middle east, and the US certainly sells arms not just to places under UN embargo but actually to it's alkedged enemies like Iran.

The fact that NK is doing what all super powers do, as well as the UK, France, Germany, Israel, Australia, Canada, Belgium and just about any other nation, does not make it any less illegal, but puts it in the norm of countries and arms exports.

As for what NK will do with it's NBC weaponry, probably nothing what so ever if the US keeps of the grass. A lot of people forget NK is not doing this weapons development in secret, they want the US and more importantly US citizens to know that there will be consequences if the War Hawks get their way. They know that if they do launch against the US there is little real harm they can do, they are certainly not going to kill or injure more than 0.25% of the US in return for which they will be nuked back into the stone age if not the precambrian. But that's not the point it's their version of MAD and you had better believe they are acting very rationaly about this unlike the US. The only thing the US citizens should be asking is where the NK seniors decide to put the cross hairs... Maybe you should have a chat with your congress critter if it worries you, because the chances are good it will be a response to US action not a preemption.

Oh and remember not only does NK have nukes, it has bottom sitting submarines. Thus the US carrier fleet is not out of range if they push their luck to far again. Contrary to what many think a carrier fleet is a liability these days their moment was at the end of the Pacific war of WWII. In fact most naval vessels are not realy of much use these days if you look back to the Falklands war in the 1980's you will see why. About the only power they project these days is drunken sailors in port of any country that has the ability to deal with them by cruise missile with twice the range of the aircraft carried or nuclear torpedo's or mines or ICBMs... So only third world and some second world countries regard them as a major threat. You can consult Janes if you want to know which countries can not deal with carrier groups. Oh and speaking of arms sales have a look at those neat little combined torpedoes and missiles they realy are fun, provided you are not on a ship... Then they are a real nightmare.

oh reallyDecember 21, 2017 4:40 PM

"The US is trying as it has been for more than sixty years to force the issue."

That undercuts the idea that the "MSM" just suddenly came up with the idea then.

NK has nuclear weapons as of only recently. You can say that's being used as an excuse, but the fact is those weapons are dangerous and in the hands of a country like NK that is already living in near-Armageddon conditions, there's way too great a possibility of them being used - or sold. It's legitimate in a way that Saddam's nuclear program wasn't. The cassus belli that was used for Iraq actually DOES apply in NK, and it's verifiable. Nobody argues those magnitude 5 quakes under the mountain are natural. Nobody.

Also, the US has plenty of 'stimulus' war going on already. The MIC doesn't need more reason to create fighter jets, bombs, ships - they can't meet the demand AS IS, if you notice. The armed forces need a rest. Nobody is itching for a war that would result in millions of people dead in minutes, which is the reality of the topography of Seoul.

So the idea that NK is a wag the dog situation (for 60 years) and the MSM is perpetuating lies about them to try to force us into a conflict situation, frankly I'm not seeing that and I'd call into question the specific insights of those who would claim to see that here and now.

Which isn't to say that you're not correct generally, the MIC is not trustworthy. But if you're going to contradict them on specifics, you had better have them. If you're going to hold them accountable for the Yellowcake lie or similar, you need to have compelling evidence of your own in hand to prove that. And when you do prove it, you need to take it all the way to the conclusive action that prevents its recurrence.

We never do get that far. We can expose the lie after the fact, but nothing comes of it.

That doesn't, however, prove that everything they ever said was a lie.
Propaganda only works if the majority of it is true on some level.

So what you want is an independent, well-heeled, risk-taking muck-raking MSM.

What you don't need is a single-source propaganda mill that was devised from the inception as a way to allow Neo-Conservative propaganda to get onto American television screens, even going so far as to have a manifesto outlining it directly.

http://gawker.com/5814150/roger-ailes-secret-nixon-era-blueprint-for-fox-news

"The fact that NK is doing what all super powers do"

NOT ALL SUPER POWERS PUT ANTHRAX ON ICBMS OR THREATEN THEIR USE. I reject that, for all they do that is illegal or immoral, not all countries emulate North Korea.

That's just a fallacy.

Clive RobinsonDecember 21, 2017 7:43 PM

@ oh realy,

They've already tried to sell it. No more excuses.

Actually nobody is sure what is going on there. Despite what some US MSM might alude to.

The UN report referes to an advertisment only. Further the advert originated in China not NK and was fake in many respects, in that the contact details were phoney etc. About the only real thing about it were two "prescribed" and "sanctioned" names which would almost certainly guarantee the advert would get picked up by various IC entities thus passed back to the UN...

So it could just as easily be a false flag operation, much like the yellowcake incident, and fake mobile anthrax labs (actually hydrogen generators for filling barage balloons that the UK had sold to Iraq thus knew exactly what they were but said nothing to let the deliberate lie spread).

The real question is who would buy the enriched lithium in the first place. Because on it's own it's not realy a lot of use.. thus the answer appears to be "no likely suspects" which makes it all the more suspicious.

Yes NK has transfered both nuclear materials and missile technology in the past. Uranium Hexafloride was sent to Pakistan, as part payment to A.Q.Khan who had sold NK the centrifuge technology. A.Q.Khan then sent that on to Lybia to fulfill a contract he had with them. That shipment was intercepted and the equipment as far as we know ended up first in the US then Israel where it formed part of a lab that was used to develop Stuxnet. Unfortunately for the US who's primary target was not Iran but NK, the NKs had changed the type of centrifuge control system and the centrifuges to an improved version.

The reason the US pushed Stuxnet into Iran was so that it would get transfered to NK. Iran had a technology swap agrement going where NK was transfering medium range delivery system technology to Iran (the range would cover Iraq which Iran was having continued hostilities with). It was well neigh impossible to get into NK it's self let alone the region where they have their nuclear fascilities. The US incorrectly believed that Iran was swaping type 2 centrifuge technology to NK, thus saw Iran as a potential entry point into the NK nuclear systems. As it turns out NK had no need of Iran's centrifuge technology as UN weapons inspectors were to find out much to their suprise and US embarrassment.

Shortly after the Stuxnet story made it into the MSM NK summoned UN inspectors to an old plutonium plant that had been decommisioned in an agrement with the US that the US had reneged on. So the NKs refurbished it for uranium enrichment the UN inspector was absolutly astonished to see thousands of centrifuges at work. However the NKs made it perfectly clear to the UN inspector they knew darn well that Stuxnet had been aimed at them, and further the control and logging equipment for the centrefuges was under no circumstances available to be viewed. It was in effect the NKs giving the US the bird very publicly to make their failure apparent to anyone who had functional eyes to see with.

The fact you have to be cognizant of is that the UN inspectors are not as independent as you would expect, they have many closer than they should have relationships with various parts of the US IC, and Stuxnet made this a little to obvious for many. Oh the Iranian Centrefuges were quite legal and being monitoted by the UN the level of enrichment was as described sufficient for reactor use for energy production and a very long way short of weapons grade material.

Both the US and Israel have an interest in preventing middle east countries developing nuclear power generation. Put simply the plan is to strip the middle east of it's energy reserves to leave them in a state of dependency such they in effect become vasal states in the same way as used to happen with water rights issues / wars for the past four thousand years at least (it's about as far back as the preserved written word goes back).

Many states wish to develop nuclear power to get them over the energy hump where idustrialisation becomes possible, thus they don't have to sell their raw resources at pitifully low values. This very obviously upsets certain corporate entities who see the harm it will cause to the US economy and exceptional standard of living (ten times average and highest in the world according to various organisations) US citizens --supposedly-- enjoy. As most historians know war has in the past been an effective way to boost the home economy and standard of living, IF the raw resources and importantly force multiplier energy are also available.

Thus US political stability and in turn National Security rests on the ability to gain access to raw resources well below their real value as well as controling the world energy market. And as European history shows the battle for resources leads to some quite terible conflicts...

As it happens NK is sitting on some quite usefull raw resources which if they became effectively industrialised with SK would make them a significant player in the world economy. It's something the US realy does not want for a whole host of reasons.

Put overly simply the US needs third world countries to stay in their lowely places so that it can gain the benifit that gives rise to the US populations standard of living. US politicos realy do not want the standard of living to rise in the rest of the globe because the US standard of living would have to drop... Thus rob other countries of the potential to generate energy sufficient to get over the energy hump means they stay third world and can be exploited in the usual ways, which the CIA amoungst other US entities have been doing for about a lifetime now.

Any way enough I'm not hear to provide you with an education you did not get whilst growing up, and this steadily Off Topic is taking up to much space as it is.

oh reallyDecember 21, 2017 8:36 PM

"So it could just as easily be a false flag operation"

If it were the first example of NK trying to or actually selling illegal arms, I'd give them the benefit of the doubt.

It isn't.

oh reallyDecember 22, 2017 12:34 AM

"Or are you saying she is to blame for what Saddam did"

No. It was unclear what the US would do. Glaspie probably knows whether he was mislead or not.

I don't.


oh reallyDecember 22, 2017 12:46 AM

"Any way enough I'm not hear to provide you with an education"

I suppose that's true.

I enjoy your misspellings you know. I read you as a poet who doesn't know it.

Were we to be comparing brain folds or appendage girth, I'd cede rather than have you measure me so fervently against yourself as if one or the other of us were going to prove something to the other against their will. It was not my intention.

I was trying to get you to agree to a common ground, that NK is not comparable in all respects to superpowers or western democracies. You have a certain easy equivocation of somewhat dissimilar things that I push back against on the merits. I'm sure you would say the same of me.

But if you keep responding to someone who you're going to accuse of being off-topic, further deviating from the sacred topic focus that you're yourself a ways off from also, that's just the kind of contradiction that I look for when I'm evaluating logical statements - or illogical ones.

"Put overly simply the US needs third world countries to stay in their lowely places so that it can gain the benifit that gives rise to the US populations standard of living."

I'm not arguing that, I agree with you.

But we're not at the level of nuclear war with Venezuela.

Not all things that are similar in one dimension are the same in all. Equivocating them is folly.

I have my follies also.

justina colmenaDecember 22, 2017 1:22 AM

I'd like believe the US does this, too.

Uh huh. That vulnerability "equities" process. MSFT stock options are somehow involved.

RatioDecember 22, 2017 4:04 AM

@oh really,

It was unclear what the US would do. Glaspie probably knows whether he was mislead or not.

April Glaspie's cable about the meeting was declassified in 1998, and was later also published by Wikileaks. Does her account read as her having tried to mislead Saddam Hussein to you?

(I somehow misspelled her surname above. Nothing I can do about that now…)

Tariq Aziz had this to say in reponse to a question on any “mixed signals sent by the U.S. during the run-up to the invasion of Kuwait” in an interview with Frontline:

There were no mixed signals. We should not forget that the whole period before August 2 witnessed a negative American policy towards Iraq. So it would be quite foolish to think that, if we go to Kuwait, then America would like that. Because the American tendency… was to untie Iraq. So how could we imagine that such a step was going to be appreciated by the Americans? It looks foolish, you see, this is fiction. About the meeting with April Glaspie—it was a routine meeting. There was nothing extraordinary in it. She didn't say anything extraordinary beyond what any professional diplomat would say without previous instructions from his government. She did not ask for an audience with the president. She was summoned by the president. He telephoned me and said, “Bring the American ambassador. I want to see her.” She was not prepared, because it was not morning in Washington. People in Washington were asleep, so she needed a half-hour to contact anybody in Washington and seek instructions. So, what she said were routine, classical comments on what the president was asking her to convey to President Bush. He wanted her to carry a message to George Bush—not to receive a message through her from Washington.

I think I'll call “bovine feces” on your “bullsh*t”.

Clive RobinsonDecember 22, 2017 5:55 AM

@ oh realy,

I was trying to get you to agree to a common ground, that NK is not comparable in all respects to superpowers or western democracies.

For various reasons NK is not directly comparable to any other nation. Likewise the supposed super powers are not realy comparable or for that matter Western democracies.

You say,

But we're not at the level of nuclear war with Venezuela

No, and I doubt we are with NK either. But have you stopped and thought what the difference is between Venezuela and NK?

One area that Korea has that is unique, is it had more than a third of it's population wiped out by US action, they are also the only country to be threatened by the US with WMD, not just whilst being occupied by the US and other Western forces, but also after reaching a cease fire. The US forced a partition of the country into an unstable position that requires continuing occupation, repeated threats, war games and propaganda against not just the North but against significant parts of the South. Even today Donald Trump has made it clear the WMD option is very much on the table, as did one of his predecessors did to Iraq. Further the US has repeatedly practiced war games in waters and other places the US claim as disputed territory, even though the ceasefire indicates the opposit. Despite the continuing provocation by the US NK rarely responds with anything other than words. In fact anything other than words get top billing on the evening news the world round.

From the rational actor point of view the North Koreans are behaving as you would expect to continued and mounting bullying. The US have made it clear no matter what NK does the US will not alow them any sovereignty and fully intend to starve NK to death to get what they want. But what the US want is not going to be allowed vy either China or Russia so can only lead to regional conflict as was seen in the past with Vietnam and the Middle East. So the US position is not rational from all but one perspective (the profit seeking MIC rules the roost).

It's become quite clear there is a considerable disinformation campaign going on that has ramped up over the past couple of years. The unanswered question is by who when and why...

As I noted the supposed lithium sale was almost certainly a false flag operation, but nobody asked by whom or why. Enriched Lithium is easier to produce than enriched plutonium which in turn is easier to produce than enriched uranium. But unlike plutonium or uranium enriched lithium is of little or no use unless you already have working nukes...

That is it can boost yield and reduce the size of the physics package at a given yield. It would also be required to step up from fission to fusion but still require a working fission device as the match. Thus the market for enriched lithium is about as close to zero as possible. Which means the most likely false flag operation is one of bluffing the US by NK that it has more fusion capability than it requires...

As for the recent anthrax story I would likewise be very cautious about it there is zero confirmation of the story, it's a "mate of my mate heard it in a bar" level story. But again it realy does not make practical sense. Anthrax like all bio weapons realy is a waste of delivery mechanism. All super powers and much of the West has tried to weaponise it and failed in well over fifty years of research. It's known that NK are having reentry issues that would fry nearly anything to ashes. It's actually suspected that the next real objective of NK is the political mile stone of "maned space flight" for the publicity and status factor. So expect a few dogs/rabbits/monkeys to get fried alive first.

As I said NK knows that the amount of harm they can do with their rockets is actually quite small and they also know that the US would retaliate irrespective of what China or Russia might do. Thus they rationaly know that for them their nukes and ICBMs are in all reality a death sentance if used. Thus as I said they are a form of MAD to keep the US off of the grass.

If you ask any European or other Western nation politician and they are prepared to confide, they will tell you that it's the US leader and military that scares them way more than the NK leader and military. It is the US they will tell you is not behaving rationaly.

With regards,

But if you keep responding to someone who you're going to accuse of being off-topic,

I in no way accused you, I stated two facts,

1, The subject is off topic
2, It's discussion is taking up to much space.

Both of which are true and neither is directed at any individual.

bttbDecember 22, 2017 11:10 AM

@Ratio

"April Glaspie's cable about the meeting was declassified in 1998, and was later also published by Wikileaks. Does her account read as her having tried to mislead Saddam Hussein to you?" ...

Thank you for pointing us to the above sources regarding the Gulf War. I remember, a long time ago, talk or stories about this controversy.

oh reallyDecember 22, 2017 11:51 AM

"One area that Korea has that is unique, is it had more than a third of it's population wiped out by US action"

Clive,

NK started that "action" by invading SK. Let's face that fact now.

The US didn't invade NK.

oh reallyDecember 22, 2017 12:18 PM

@ Ratio

"Because the American tendency… was to untie Iraq. So how could we imagine that such a step was going to be appreciated by the Americans?"

The fact is the cables themselves very much WERE mixed signals, whether or not Saddam was manipulated by them as Aziz opines Saddam wasn't fooled and wouldn't have been because America was untrustworthy from their perspective generally. That doesn't mean there were no mixed signals even as he opines that, in fact it implies the opposite, and that they rejected them.

They had a written statement from the US Ambassador saying the US was not interested in military intervention if they went into Kuwait. That's a mixed signal. Fact. Deal with it ratio.

Yes, this is documented both at the time and after the fact, and it's not based on 1 person's casual verbal opine years later. Aziz was facing execution for several years and finally died in confinement in 2015 after judges refused to execute him.

Here's a shovel, better clean your stall out. If you think everything is cut and dry based on 1 source of information then there's no reason you wouldn't also have supported the Iraq invasion on that basis also.

Anonymous2dDecember 22, 2017 3:42 PM

@Oh really

"They had a written statement from the US Ambassador saying the US was not interested in military intervention if they went into Kuwait. That's a mixed signal. Fact. Deal with it ratio."

Source, reference or footnote please.

Or can anyone interpret State Department cable(ese) speak to support the above quote.

oh.... reallyDecember 22, 2017 10:51 PM


http://foreignpolicy.com/2011/01/09/wikileaks-april-glaspie-and-saddam-hussein/

A simple google search turns that right the heck up now doesn't it?

http://213.251.145.96/cable/1990/07/90BAGHDAD4237.html

That's the document you're looking for, unfortunately the server is no longer pinging.
Still curious? Go find it. Now you at least know it exists and a pretty good analysis.

Careful not to accuse someone of lying and then ask for a citation -you just might get it.

65535December 23, 2017 1:05 AM

@ Wael

“Root cause: violation of 'Least Privilege'. Anti malware processes need not have write privilege. Also a violation of 'Separation of Domains': Anti malware processes need to be containerized so vulnerabilities are local to their container. New architectures need to be explored.”-Wael

I think you on to it. The “anti-virus” has too many privileges and can do basically anything to files or an OS. There should be separate domains probably in way the OS handles AV products.

I would like to visual indication when Kaspersky, Symantec, Avast and others strip SSL/TLS. Possibly a different style of lock or color of Icon.

The SSL/TLS stripping is a real problem with no good answers. The methods of SSL Stripping are being questioned because they affect the browser certificate store and the OS certificate store.

[Beeping Computer on Symantec certificates]

“Google Chrome engineers announced plans today to gradually remove trust in old Symantec SSL certificates and intent to reduce the accepted validity period of newly issued Symantec certificates, following repeated slip-ups on the part of Symantec. 2015 Symantec-Google.com incident also played a role… In September 2015, Google also discovered that Symantec issued SSL certificates for Google.com without authorization. Symantec blamed the incident on three rogue employees, who it later fired. The results of this investigation…was more than Google was willing to accept.

[Google]

"These issues, and the corresponding failure of appropriate oversight, spanned a period of several years, and were trivially identifiable from the information publicly available or that Symantec shared. [...] On the basis of the details publicly provided by Symantec, we do not believe that they have properly upheld these principles, and as such, have created significant risk for Google Chrome users.

[Beeping computer]

"For starters, starting Chrome 61, Google plans to limit the accepted validity period of newly-issued Symantec SSL certs to nine months… but not least, Google also plans to strip Symantec certificates of Extended Validation (EV) status "effective immeditealy," for at least one year, "until Symantec is able to demonstrate the level of sustained compliance necessary to grant such trust."…EV HTTPS certificates support multiple domain names and obtaining such a certificate requires passing through numerous steps. Based on its investigation, Google does not trust Symantec to comply with this longwinded verification process anymore.”- Beepingcomputer

https://www.bleepingcomputer.com/news/security/google-reducing-trust-in-symantec-certificates-following-numerous-slip-ups/

[StackExchange discussion on SSL stripping]

"Should antivirus HTTPS scanning be left on? Is it secure? Some antivirus software MitMs, or through other methods, HTTPS connections in order to scan for malware, for example, Avast, and maybe other vendors too.

"Is the method they (let's say Avast as an example) use secure? Is their claim that the datThe main emerging security problem is that whoever knows the private key for the generated root certificate can encrypt your traffic. That's why they create a unique one for every machine and don't send it anywhere else:

[Avanst]

"We want to emphasize that no one else has the same unique key that you have from the installation generated certificate. This certificate never leaves the computer and is never transmitted over the internet.

"That's a good practice and in theory guarantees that they can't easily plot with your ISP to decrypt your traffic from remote. Also note that all certificates will still be checked against the local Windows certificate store so a self-signed certificate will be identified as such and won't be "covered" by Avast's root cert and displayed as trusted.

"Another security concern to be aware of is that you can't inspect the original certificate details in your browser anymore. You can be sure that it's verified but the displayed properties (authority details, encryption algorithms, ... will be those of the Avast cert, not the original ones.

"is the probability of getting such malware from an HTTPS secured website high enough to enable this feature?

"Subjectively, I'd say the majority of malware is still served over plain HTTP. But with free certificate providers like Let's encrypt it's not much effort for an adversary to switch to HTTPS. Serving malware over HTTPS has some advantages for the attacker - the padlock makes it appear more legitimate and it's harder to inspect. Malware over HTTPS will certainly become more likely in the future.
Also note that there are other, less intrusive approaches to protect you from malicious websites such as Google Safe Browsing.

[and]

"This is certainly the first I've heard of avtivirus software scanning inbound HTTPS connections.

"I'm aware that Avira's antivirus solution will scan cache content as Firefox writes it. Some secure sites will ask for contents not to be written to cache, so obviously scanning will not take place under that circumstance.

"But turns out that yes, in fact it is replacing web certificates with its own root CA certificate and then using that in place instead of the website's certificate. This is how Man in the Middle (MitM) attacks are carried out.
From Avast's Website:

[Avast]

"Avast is able to detect and decrypt TLS/SSL protected traffic in our Web-content filtering component. To detect malware and threats on HTTPS sites, Avast must remove the SSL certificate and add its self-generated certificate. Our certificates are digitally signed by Avast’s trusted root authority and added into the root certificate store in Windows and in major browsers to protect against threats coming over HTTPS; traffic that otherwise could not be detected.
Avast whitelists websites if we learn that they don't accept our certificate. Users can also whitelist sites manually, so that the HTTPS scanning does not slow access to the site.

"Further goes on go to explain:

[Avast]

"... Avast WebShield must use a MITM approach in order to scan secure traffic, but the important difference is that the “middle man” we use is located in the same computer as the browser and uses the same connection. Since Avast is running with Administrator rights and elevated trust on the computer, it can create and store certificates that the browser correctly accepts and trusts for this, and only this, machine. For every original certificate, Avast makes a copy and signs it with Avast's root certificate, located in the Windows Certificate store. This special certificate is called “Avast Web/Mail certificate root” to clearly distinguish who created it and for what purpose.

"An important note about this:

[Avast]

"Our customers’ privacy was our first concern when planning the implementation of HTTPS scanning. That’s why we created a way for whitelisting, or ignoring, the connection when Avast users access banking sites. Our current list has over 600 banks from all over the world and we are constantly adding new, verified banking sites. You can, and should, verify the bank’s security certificate when using online banking sites. Once verified, you can submit the banking or other web site to our whitelist by sending us an email: banks whitelist@avast.com.

"What happens if I attempt to connect to a website with a self-signed certificate? Avast will detect this, and use an untrusted certificate signed by Avast, allowing for normal "insecure" browser behaviour. The browser will still warn the user that the connection is insecure.

"I don't see any mention of secure data being shipped off site, but be sure to read the software's privacy policy and end user licence agreement. The feature can be turned off, as explained Avast's website.

[comments]

"what happens if I attempt to connect to a website with a self-signed certificate? As far as I know it will become trusted" -That's wrong. Avast still checks with the Windows certificate store if the original certificate is legitimate. If it's self-signed, you will be notified in the browser. – Arminius Jan 15 at 1:30

"@Arminius So it's not signed by Avast, and the browser continues on as it normally would? – dark_st3alth Jan 15 at 2:03

1] Maybe I'm misunderstanding you. My point is that Avast will still detect invalid certificates. It won't silently hide untrusted certificates behind its own root certificate and present them to your browser in the same way it presents trusted ones. The verification step is effectively delegated from your browser to Avast but it's still done in the same way. – Arminius Jan 15 at 2:18

"... Avast first checks the original certificate against your computer's certificate store. If the original certificate is not valid, it will intentionally perform the stripping with an untrusted Avast certificate to trigger the browser alert. – tlng05 Jan 15 at 2:26

"@ tlng05 thank you for the clarification. I will update my answer. – dark_st3alth Jan 15 at 5:21

https://security.stackexchange.com/questions/148402/should-antivirus-https-scanning-be-left-on-is-it-secure

Back to the core problem of giving Anti-virus too many privileges is the huge trust issue of manipulating certificates and the browser/OS certificate store.

This part of the problem where classified document from an NSA/CIA contractor’s laptop landed on Kasperky’s servers.

Wael is right. We should not give powerful privileges to AV software without some review of the actual code and it’s ability to send our files back to the mother ship. That is what I call a big back door.

If you people feel this subject is better suited to the Friday squid thread let me know and I will move it there.

Please Excuse the long and possibly mangled post. The cert questions were constantly repeated so I tried to delete the excess text with some errors.

oh reallyDecember 23, 2017 1:07 AM

I think I'll call “bovine feces” on your “bullsh*t”.

Mind what you say lest you taste it again someday.

Clive RobinsonDecember 23, 2017 8:02 AM

@ hmm,

Noticing a problem at least shows awarness there is one and thus consideration for it's effects on others... irrespective of what else it might potentialy indicate to some one with a fist full of grant money.

There is however another solution when people won't stop and that is to take longer and longer to reply to them. Thus rate limiting alows others to atleast get in higher up the thread... So enjoy whilst you can it is the Winter Solstice Celebratory period after all so look on it as a little prezzie 0:)

Clive RobinsonDecember 23, 2017 11:33 AM

@ 65535, Wael,

I think you on to it. The “anti-virus” has too many privileges and can do basically anything to files or an OS. There should be separate domains probably in way the OS handles AV products.

It's both technically&security right but human wrong...

The majority of users who would get their own AV software either with the PC or as a subscription are often not at all technically savvy as they would need to be. Thus the AV needs the rights and privileges out of the box that the user has no clue as to why or how to give...

In larger organisations where tech savvy members of staff are likely to be found, then they should set up AV software more securely as well as locking down other aspects of the individuals "user" status on the PC.

Much though I wish it was different the "home PC" and "home Internet" industries are not realy two human generations old yet (that won't happen for maybe a decade yet...). Thus things are by no means settled in the UI area. Have a look at how long it took for cars and phones to get internationaly recognisable standard interfaces to users for example to guage how long we may have to wait...

65535December 23, 2017 10:31 PM

@ Clive R.

“It's both technically&security right but human wrong... The majority of users who would get their own AV software either with the PC or as a subscription are often not at all technically savvy as they would need to be. Thus the AV needs the rights and privileges out of the box that the user has no clue as to why or how to give... In larger organisations where tech savvy members of staff are likely to be found, then they should set up AV software more securely as well as locking down other aspects of the individuals "user" status on the PC.”-Clive R.

That sounds very reasonable. But, if a NSA contractor who works as a top vender for the NSA and is trying to re-vamp state sponsored malware gets his data sent to Kasperky then the level of “technical savvy” is red-ling the savvy meter.

It still looks like Wael is correct and ability of AV to write; manipulate files including certificates and send them to the mother ship is above the danger level. This is allowing the fox to patrol the hen house. Or, the hacker to man-in-the-middle all communications for your “safety” and their benefit.

Bruce S. hit upon this problem in 2013 to 2014 by writing the AV vendors and asking them if they purposely let NSA style malware go undetected. Only a handful said they did no such thing. AV could be considered the king of Ad on malware. Things must change. I think Wael is on the right track.

JDecember 23, 2017 11:58 PM

The more I read this Site, the more I realize I need to disconnect.
The Internet has proven to be more a Gov't boon and Master than a Freeing of the Average 9-5er.
What else should we expect from a Gov't creation.

hmmDecember 24, 2017 8:55 PM

"What else should we expect from a Gov't creation"

Government is a means to an end. It exists because society requires it.
That doesn't make all governments equal nor all constructs of any one equal.

"What is steel without the hand that wields it?" -Thulsa Doom

All technology has power to free you up or enslave you.

Of course disconnecting is a good idea though. Perspective comes with distance.

hmmDecember 24, 2017 9:34 PM

@Clive The sub-thread has under 100 posts total, there is plenty of room for ongoing conversation I should think. Nobody seems to be abusing that unreasonably in my view, nobody should be excluded or feel put upon I shouldn't think. I don't rather expect a timely response to my every comment either so take as long as you need, of course.

Besides, a little exercise for the page-up page-down keys keeps fingers lean and pointy.
Scrolling builds character.

Merry Chr.. happy.. wintertime.. festivals...

WaelDecember 25, 2017 12:01 PM

@Clive Robinson, @65535,

Thus the AV needs the rights and privileges out of the box that the user has no clue as to why or how to give...

This is a function of the design and architecture of the AV and OS. It should have little to do with user's savvyness.

Clive RobinsonDecember 25, 2017 2:58 PM

@ Wael, 65535,

This is a function of the design and architecture of the AV and OS. It should have little to do with user's savvyness.

Ignoring the AV for the moment, most OS's can be configured in a multitude of ways as can the apps that run on them.

Most traditional *nix admins are well aware of this and they decide not just how many logical drives there need to be but the space given to each logical disk, the number of inodes and the actuall block size used. Thus if you have thousands of small config files, you set the inodes high and the block size small to minimize wasted disk space. However for performance reasons you would set the block size large and inodes medium to low for video etc

These are standard admin tasks for *nix but not so much for MS-NT servers and rarely if ever for end user machines. This difference in ethos goes from the lowest levels through to the highest, thus *nix has significant advantages with admins where as MS is almost "pro-cracker" in it's vanilla deployment.

Much MS OS AV software for home users is written on the assumption of vanilla OS and app instals, anything mildly different and things die silently thus offer no protection or "blue screen" during downloads or backups. Whilst AV software takes a load off of inexperianced users, it can and has caused many down the line problems, when MS make even minor changes. Worse with MS OS AV Admins generally only get flexability with "Pro" versions, that generaly have instructions written in "elbonian"[1] or similar thus require "tech support" lines to translate.

Thus if your MS OS system is vanilla, you get some protection but at the expense of making a crackers life easier... That's before you get into issues of the AV working effectively at the highest priority and significantly increasing the attack surface.

The ideal solution is that AV runs at the lowest priority possible to the main OS, but for obvious reasons this has issues. One way around this is to run what is being checked and the AV software in a jailed environnent, the modern example being various container/silo techniques. This still has issues. Even at the simplest levels this is way beyond what an average user is capable of implementing...

Which brings us back to the savvynessof the box owner/operator.

Can AV software improve it's usability to reduce this issue. Well yes but for various reasons it's not currently in their interest to do so...

[1] http://dilbert.wikia.com/wiki/Elbonia

WaelDecember 25, 2017 5:11 PM

@Clive Robinson, @65535,

Can AV software improve it's usability to reduce this issue. Well yes but for various reasons it's not currently in their interest to do so...

You as a designer will have to factor in that users aren't security savvy. Thus you'll design the system to be secure by default. You'll also give enough capabilities to the more advanced users or admins through various tweaking controls. I don't know about "in their best interest" part. Seems they didn't think it through. It just so happens that the status quo is perceived to be beneficial under some circumstances.

65535December 26, 2017 11:34 PM

The issue of Anti-Virus [AV] the privilege level of the AV program and the OS combined with modern AV being able to SSL strip [SSL/TLS strip and send home to the mother ship] is important enough to move to the Squid thread.

I would like to hear from Public Key infrastructure experts on the means of AV and SSL stripping, the infiltration of files and the ramifications on experts in that area or more eye balls on the dangers of AV SSL stripping.

I’ll move the key post to the squid post on Friday December 22, 2017 with a brief explanation.

https://www.schneier.com/blog/archives/2017/12/friday_squid_bl_606.html#c6766664

RatioDecember 27, 2017 10:33 PM

@oh really,

The fact is the cables themselves very much WERE mixed signals, whether or not Saddam was manipulated by them as Aziz opines Saddam wasn't fooled and wouldn't have been because America was untrustworthy from their perspective generally.

So now you’re claiming Saddam had access to Glaspie’s diplomatic communications with Washington. Intriguing. Any evidence for this latest gem?

That doesn't mean there were no mixed signals even as he opines that, in fact it implies the opposite, and that they rejected them.

Let’s say all of that follows logically—because, sure, whatever, pass the bong—now we have proof there were definite mixed signals, but Saddam’s not fooled by any of it.

And you know all this… how? (“Glaspie probably knows whether [Saddam] was mislead or not. I don't.” Remember saying that?)

They had a written statement from the US Ambassador saying the US was not interested in military intervention if they went into Kuwait. That's a mixed signal. Fact. Deal with it ratio.

Deal with it? I’m trying, but it’s rough, I’ll tell ya.

Aaanyway… that written statement you’re claiming Saddam had would be the cable Glaspie sent to Washington, published by Wikileaks, and at some point available from http://213.251.145.96/cable/1990/07/90BAGHDAD4237.html. “That's the document you're looking for, unfortunately the server is no longer pinging. Still curious? Go find it. Now you at least know it exists and a pretty good analysis.” is what you said.

Why, thank you. Now that I know it exists, I’ll go back in time, find and read two versions of that cable, write a comment linking to the two sources, and ask a simple question that you’ll ignore: “Does her [i.e., April Glaspie’s] account read as her having tried to mislead Saddam Hussein to you?” But never mind that.

You may now point out where in that cable it says “the US was not interested in military intervention if they [i.e., Iraq] went into Kuwait”. It does say that, right? Right?

Ses conneries, monsieur. Bon appétit!

RatioDecember 27, 2017 11:10 PM

That should of course have been vos conneries. Credit where credit’s due: it’s all you.

oh reallyDecember 28, 2017 11:25 PM

"So now you’re claiming Saddam had access to Glaspie’s diplomatic communications with Washington"

No, you're reading into what was written based on unintended form.

Which is typical and completely related to my actual point.

Yes, you demonstrated it.

RatioDecember 29, 2017 11:12 AM

@oh really,

"So now you’re claiming Saddam had access to Glaspie’s diplomatic communications with Washington"

No, you're reading into what was written based on unintended form.

I see, mixed signals without access to the signals. Good stuff.

Still…, you said: They [i.e., Saddam and company] had a written statement from the US Ambassador saying the US was not interested in military intervention if they went into Kuwait. That's a mixed signal.”

When asked for a “source, reference or footnote” by @Anonymous2d, you reply:

http://foreignpolicy.com/2011/01/09/wikileaks-april-glaspie-and-saddam-hussein/

A simple google search turns that right the heck up now doesn't it?

http://213.251.145.96/cable/1990/07/90BAGHDAD4237.html

That's the document you're looking for, unfortunately the server is no longer pinging. Still curious? Go find it. Now you at least know it exists and a pretty good analysis.

The document you're referring to is described in the Foreign Policy piece as “a cable recounting Saddam Hussein’s infamous meeting with U.S. ambassador April Glaspie” that was released by Wikileaks. Wikileaks has a copy of cable 90BAGHDAD4237 for anyone to read.

(The IP address 213.251.145.96 seems to have been used for the wikileaks.ch website at the time. http://www.wikileaks.ch/cable/1990/07/90BAGHDAD4237.html was the URL of the cable there.)

In summary: one of your claims is that Saddam had access to cable 90BAGHDAD4237, a document that is part of what I described as “Glaspie’s diplomatic communications with Washington.”

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.