Friday Squid Blogging: Squid that Mate, Die, and Then Sink

The mating and death characteristics of some squid are fascinating.

Research paper.

EDITED TO ADD (2/5): Additional info and photos.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on January 26, 2018 at 4:23 PM • 137 Comments

Comments

H-1B Visas 71% of Silicon Valley WorkforceJanuary 26, 2018 5:14 PM

H-1B: Foreign citizens make up nearly three-quarters of Silicon Valley tech workforce, report says:
About 71 percent of tech employees in the Valley are foreign born, compared to around 50 percent in the San Francisco-Oakland-Hayward region, according to a new report based on 2016 census data.

With this company sensitive data revealed, the employment puzzle finally makes sense. No wonder its difficult for Americans to land an engineering job in high-tech Silicon Valley.
https://www.mercurynews.com/2018/01/17/h-1b-foreign-citizens-make-up-nearly-three-quarters-of-silicon-valley-tech-workforce-report-says/

RonnieJanuary 26, 2018 5:43 PM

Voynich manuscript deciphered (again, for real this time, honest)

http://www.cbc.ca/news/canada/edmonton/computer-scientist-claims-clues-to-deciphering-mysterious-voynich-manuscript-1.4503571

They did a statistical analysis to identify the original base language which seemed to be Hebrew.

Its complete first sentence, according to computer algorithms, is "She made recommendations to the priest, man of the house and me and people."

It appears to be a reasonable basis for decoding at least to my uneducated eyes but time will tell ...

RhysJanuary 26, 2018 6:00 PM

Two approaches that offer 'post-hoc verification' of quantum computations were published today.

This was published (https://www.sciencedaily.com/releases/2018/01/180123112559.htm)

Post-hoc verification would step up the game quite a bit. Would enjoy seeing a discussion of acceptable error rate(s) (decoherence).

It's interesting to see how the use of fascinating has evolved in our society.

Too many Jesuit Latin exercises makes some (myself included) avoid its use. Followers of Fascinus pursue the magic it is supposed to elicit. And we seem to have so many competing to be THE Pater Liber these days.

DentonJanuary 26, 2018 6:07 PM

@Anders

That's pretty interesting, assuming it's true. I'm still waiting for a single shred of actual evidence so that I can verify it for myself. I simply don't trust "anonymous sources that we say are experts, trust us" or testimony from government spooks with an agenda.

GrauhutJanuary 26, 2018 8:16 PM

@Anders, Denton

Thx, this is so funny! :D

"... before a hacking attack, the Russians search the internet for any news about the oncoming attack ... this indirectly proves that the Russian government is involved in the hacks."

As we all know, da evil Russkys know the US has time maschines, so that they can search for news about later attacks and this is of cause evidence for their spying, cauze without espionage those Russkys could not know about these awsome US time maschines! :D

Ceterum censeo, #ReleaseTheMemo! :D

hmmJanuary 26, 2018 9:40 PM

https://www.cnbc.com/2018/01/26/japanese-cryptocurrency-exchange-loses-more-than-500-million-to-hackers.html

NEMcoin = 0.64% of the total currencies out there, one theft at one exchange pegs the whole gamut.

Name Sym Price$ M Cap Vol(24H) Total% (%/BTC) Chg(24H) Chg (7D)
Bitcoin BTC 11,079 $187.6B $9.64B 33.57% 1 -4.00% -7.81%
Ethereu ETH 1,052.0 $102.6B $3.49B 12.16% 0.09503 -1.66% -2.31%
Ripple XRP 1.1985 $46.6B $2.02B 7.05% 0.00010 -9.13% -22.29%
BTCcash BCH 1,588.6 $27.06B $586.88M 2.04% 0.1438 -4.32% -12.79%
Cardano ADA 0.60965 $15.8B $809.41M 2.82% 0.0000 -6.11% -8.83%
Stellar XLM 0.62216 $11.1B $742.52M 2.59% 0.0000 -3.24% +21.76%
Litecoi LTC 175.27 $9.6B $364.54M 1.27% 0.0158 -3.21% -11.24%
EOS EOS 14.2890 $9.0B $1.44B 5.01% 0.00128 -1.79% +15.40%
NEO NEO 137.00 $8.8B $316.31M 1.10% 0.0122 -2.53% -3.77%
NEM XEM 0.86531 $7.6B $183.51M 0.64% 0.00009 -9.42% -24.60%

NYOBJanuary 26, 2018 11:23 PM

http://www.wweek.com/portland/article-1616-rubbish.html-2

RUBBISH!

By Chris Lydgate, Nick Budnick | Published December 23, 2002. Updated December 11, 2017.

Portland's top brass said it was OK to swipe your garbage--so we grabbed theirs.

It's past midnight. Over the whump of the wipers and the screech of the fan belt, we lurch through the side streets of Southeast Portland in a battered white van, double-checking our toolkit: flashlight, binoculars, duct tape, scissors, watch caps, rawhide gloves, vinyl gloves, latex gloves, trash bags, 30-gallon can, tarpaulins, Sharpie, notebook--notebook?

Well, yes. Technically, this is a journalistic exercise--at least, that's what we keep telling ourselves. We're upholding our sacred trust as representatives of the Fourth Estate. Comforting the afflicted, afflicting the comfortable.Pushing the reportorial envelope--by liberating the trash of Portland's top brass.

We didn't dream up this idea on our own. We got our inspiration from the Portland police.

[Moderator: Too-long excerpt of 15-year-old article cut.]

AnnoymausJanuary 27, 2018 1:50 AM

https://www.bleepingcomputer.com/news/security/crooks-created-28-fake-ad-agencies-to-disguise-massive-malvertising-campaign/

A group of cyber-criminals created 28 fake ad agencies and bought over 1 billion ad views in 2017, which they used to deliver malicious ads that redirected unsuspecting users to tech support scams or sneaky pages peddling malware-laden software updates or software installers.

These fake ad agencies each had individual websites and even LinkedIn profiles for their fake CEOs. Their sole purpose was to interface with larger advertising platforms, appearing as legitimate businesses.

Ad security company Confiant, the one who discovered this entire operation, says ads bought by this group reached 62% of ad-monetized websites on a weekly basis.

All in all, Confiant believes that about 2.5 million users who've encountered Zirconium's malicious ads were redirected to a malicious site, with 95% of the victims being based in the US.

But don't despair, you can protect yourself by downloading THIS LINK to your hoard drive.

Hugino Kasperskeke
CEO Kasperskeke Bestpalware
:Download Vcard:

hmmJanuary 27, 2018 3:19 AM

https://www.theverge.com/2018/1/26/16932350/ice-immigration-customs-license-plate-recognition-contract-vigilant-solutions

The Immigration and Customs Enforcement (ICE) agency has officially gained agency-wide access to a nationwide license plate recognition database, according to a contract finalized earlier this month. The system gives the agency access to billions of license plate records and new powers of real-time location tracking, raising significant concerns from civil libertarians.

echoJanuary 27, 2018 4:33 AM

I read through the article claiming the Voynich manuscript had been deciphered. The first sentence didn't make sense to me. It was like those word salad scam pages designed to attract hits from search engines and entice people into downloading malware.

PetterJanuary 27, 2018 5:14 AM

Extremely poor cyber security for the F-35 ALIS system (logistics and planning. It can’t fly without it) that they should test the aircraft with its poor availability of 50% without connecting it to ALIS for extended periods of time...



The ALIS logistics and planning system remains vulnerable to cyber attacks, Behler writes. They and the threat to the system are so bad “the F-35 program and Services should conduct testing of aircraft operations without access to ALIS for extended periods of time.” Behler says the plane can operate up to 30 days at a time without hooking up to ALIS. We hear the program is doing all it can to plug the cyber vulnerabilities. While there is certainly an endless cycle of threat, fix, new threat, fix etc, ALIS has been identified as an important cyber vulnerability for the F-35 for years and the program must do something to alter this cycle.

https://breakingdefense.com/2018/01/f-35-problems-late-iote-f-35a-gun-inaccurate-f-35b-tires-threat-data-cyber/

http://www.dote.osd.mil/pub/reports/FY2017/pdf/dod/2017f35jsf.pdf

PetterJanuary 27, 2018 7:47 AM

Any ideas why the DOTE www.dote.osd.mil is actively blocking IPs originating from some countries from reaching the site while allowing sources from other countries?

Misconfigured firewalls or too aggressive IDS at OSD.MIL?
Or do they just dislike the countries? :)

A short test revealed following.

Blocked from:
Denmark
Finland
Georgia
Hong Kong
Latvia
Moldova
Serbia
Sweden
Switzerland
Ukraine

Allowed from:
Albania
Belgium
Bulgaria
Czech Republic
Estonia
Germany
India
Ireland
Italy
Norway
Poland
Portugal
Turkey
USA

CallMeLateForSupperJanuary 27, 2018 8:53 AM

"A new program dubbed Muslim Crypt tries to keep extremist communications secure."

The program is homebrew stegano.

(A "jehadist" wrote) “Sometimes you might need to have an option. And best is not to use kuffar [nonbelievers] program with all the spy looking into your communication. Unknown program with heavy encryption is good to go in times of trouble and no paper can be used.”

Yeah, that kuffer stuff is light-weight, alright.
A-lot-of-people-are-saying[TM] heavy encryption with no history nor audit trail is best in times of trouble when ya ain't got no paper.

Be afraid, IC. Be very afraid.

https://motherboard.vice.com/en_us/article/ne4x7w/muslim-crypt-jihadi-encryption-app

renaJanuary 27, 2018 10:29 AM

> But if the voynich manuscript is Hebrew and if it does only contain vovels... ...why does it contain so many different types of letter?

> It was like those word salad scam pages

And if you've really got a generic decryption mechanism, why not run it on the next few sentences? (Of course, this answers itself—it produced quasi-plausible word salad on the first sentence and complete gibberish on everything that followed, and you're not gonna get publicity if you admit that.)

WaelJanuary 27, 2018 10:36 AM

@CallMeLateForSupper,

A new program dubbed Muslim Crypt tries to keep extremist communications secure

Hard to believe.

(A "jehadist" wrote) “Sometimes you might need to have an option. And best is not to use kuffar [nonbelievers] ...

"Kuffar" (N., plural, masculine,) comes from the Arabic root-word "Kfr"-- Kafara, which means "to cover". Can you see the similarities between the words "Kafar" and "Cover"? That's right, the word "cover" comes from the Arabic "Kafar". Kuffar also means "Farmers", because they cover seeds they plant with soil. Similarly, Kafer (N. masculine, singular,) in Arabic means someone who covers truths with falsehoods. It's not a derogatory term as some say. This was the short, Cliff's Notes' explanation. The longer one is out of scope...

Be afraid, IC. Be very afraid.

I wouldn't be! First of all, the message seems bogus. This is not the sort of message that one communicates in the clear -- it's equivalent to publicly exposing a shared secret, that's number 1. Number 2: what's to say this is not a tool that was crafted by some else and attributed or distributed to terrorist organizations?

JG4January 27, 2018 10:50 AM


@Clive - I've mentioned before the value of having Bruce's ten closest friends write a book in the style of John Mauldin's "Just One Thing." I probably mentioned that John Mauldin is the son of the famous WWII cartoonist, Bill Mauldin. I was slow to realize that you already have written enough to fill several or many books. It wouldn't be wrong for you (or anyone else, as copyright is not asserted) to collect and edit your comments into a coherent whole. I've been too lazy and dysfunctional to tag my comments with "All Rights Reserved." If it weren't for dysfunction, I'd have no function.

BTW, I loved your story about the rubber gloves. Have you seen the story about putting a dozen chimps into a pen with a banana at the top of a ladder? Every time one of them goes up the ladder, the whole troop are doused with buckets of ice-water. They very quickly form a new social norm of never climbing ladders near bananas. Then the chimps are replaced one by one. When one of the veterans is replaced with a new chimp, it immediately scales the ladder, but has the crap beaten out of it by the other chimps before it can get to the banana. I think that the term of art is "enforcing social norms." Eventually none of the chimps has been doused with ice-water, but they invariably beat the crap out of any newcomer with the temerity to scale the ladder.

I've taken some good pictures lately and I can imagine taking some more excellent pictures of energy-gapping hardware. I have short-term memory problems, which makes it difficult for me to find and navigate to old comments. It would be handy if someone put together a navigation page to find book and tool suggestions. I think that the potassium and magnesium intake are going to help me program again. My minions used Eagle circuit board software back in the day. I'd like to have an entire suite of open-source or freeware design tools (including software, firmware, FPGA and hardware toolchains) that run under Linux to be able to design systems.

the usual daily compendium was quite rich this morning

https://www.nakedcapitalism.com/2018/01/links-12718.html

...

Vulnerable industrial controls directly connected to Internet? Why not? Ars Technica

Company shoots shiny orb into orbit and angers astronomers over ‘space graffiti.’ WaPo (The Rev Kev)

...[they screwed up the positioning of the link]

Ford Has An Idea For An Autonomous Police Car That Could Find A Hiding Spot Jolopnik (Chuck L)

Big Brother IS Watching You Watch

ARTIFICIAL INTELLIGENCE IS GOING TO SUPERCHARGE SURVEILLANCE The Verge (Chuck L)

Your Faceprint Tomorrow The Baffler

What Algorithms Can Learn from Journalism Inside Flipboard (David L)

Exclusive: ICE is about to start tracking license plates across the US The Verge (Chuck L)

...[one way to develop a security mindset and minimize the attack surface]

Traveling While Black WaPo

RatioJanuary 27, 2018 11:00 AM

@Anders,

Another article based on the same investigation:

Dutch intelligence first to alert U.S. about Russian hack of Democratic Party

(I mentioned the articles in the previous Squid, here and here.)


@Grauhut,

As we all know, da evil Russkys know the US has time maschines, so that they can search for news about later attacks and this is of cause evidence for their spying, cauze without espionage those Russkys could not know about these awsome US time maschines! :D

Reading comprehension fail? Here’s the passage:

According to one American source, in late 2015, the NSA hackers manage to penetrate the mobile devices of several high ranking Russian intelligence officers. They learn that right before a hacking attack, the Russians search the internet for any news about the oncoming attack. According to the Americans, this indirectly proves that the Russian government is involved in the hacks.

Sequence of events:

  1. NSA haxorz mobile devices of Russians
  2. at some point, Russians search for news on XYZ
  3. right after, attack having to do with XYZ happens

Die Russen haben offensichtlich ’ne Zeitmaschine! (Funny, huh?)

AndersJanuary 27, 2018 11:31 AM

@Ratio

Thank you very much for the links!
It's somewhat difficult to follow the older Squid comments.

Clive RobinsonJanuary 27, 2018 12:01 PM

@ CallMeLate...,

JAVASCRIPT. 'Nuf said.

I can remember back to when I told people here I had decided JavaScript was not just more trouble than it was worth, but a security risk...

Now a few years later, nolonger a lone voice singing in the dark, but a rapidly filling Cathedral with choristers aplenty ;-)

And all in tune B-)

I remember @Wael being supprised about my lack of U-Bloobing... Not seen so many posts out of him recently... I wonder if his computer is singing "Heigh-Ho, Heigh-Ho it's off to work we go with a bucket and spade and a handgrenade..."? (which dwarf do you reckon he's most like, I know it's not dopey, maybe Sleepy these days ;-)

RatioJanuary 27, 2018 12:19 PM

Kabul: bomb hidden in ambulance kills dozens:

A bomb hidden in an ambulance in Kabul has killed at least 95 people and injured more than 150, the latest in a string of high-profile attacks in Afghanistan.

The explosives were detonated at a police checkpoint where the streets are often crowded with people waiting to visit nearby offices, and vendors serving them. Witnesses said bodies were strewn across the pavement.

[...]

As ambulances raced to collect the injured, nervous security forces also had to watch out for possible secondary attacks, and the nature of the first attack meant even medical teams were suspect. [A national security official] said he saw police stop one ambulance and arrest three people inside.

[...]

The attack came a week after Taliban attackers stormed the city’s high-end Intercontinental hotel, killing at least 22 people, and four days after an Isis suicide bomber attacked the offices of the Save the Children charity in eastern Afghanistan.

WaelJanuary 27, 2018 12:50 PM

@Clive Robinson, @ CallMeLateForSupper,

maybe Sleepy[1] these days ;-)

Nope, that has never stopped me. It's a slew of things: work and other "issues". 'Sneezy' would be a closer description.

I rear-ended a car this morning... Not a good start of the day! The driver got out of the other car. He was... a dwarf! He looked up at me and said: 'I am not Happy!' So I said, 'Well, which one are you then?' And... that's how the fight started.

hmmJanuary 27, 2018 2:09 PM

http://www.newsweek.com/british-teen-accessed-top-secret-us-middle-east-ops-pretending-be-cia-director-786031

A 15 year old UK teen fooled Verizon into allowing him access to CIA director Brennan's email - from there he got into just about every damn thing else.


Initially, he could not get into Brennan's accounts as he could not recall the name of the spy chief's first pet. But he managed to persuade a call handler to change the pin and security questions he needed to access the email account in question, Britain's Daily Telegraph reported.

“He accessed some extremely sensitive accounts referring to, among other things, military operations and intelligence operations in Afghanistan and Iran,” prosecutor Lloyd-Jones QC said.

He even managed to remotely access the iPad of Brennan's wife.

This all happened from his bedroom in the English Midlands. The breach will raise questions that if a teenager from Britain can breach the highest levels of U.S. intelligence then why can't an intelligence operative of a rival power?

Bauke Jan DoumaJanuary 27, 2018 2:59 PM

@Ratio: Apparently the NSA hackers were competent enough to get into the Russki's mobile devices, however, said competence suddenly found its limit when they needed to leave a false trail that would point to them Russki's?

CallMeLateForSupperJanuary 27, 2018 3:25 PM

@Clive

It might well have been your exhortations re: JS that energized me to get off my duff and looking into it. Being a coder myself, once I learned that JS is essentially Code Cutting Lite for kiddies and for others we don't know and can't trust, I ripped JS out of my OS (by the roots!; no flag silliness).

"which dwarf do you reckon [Wael is] most like"
Since you ask: Doc. While I have not paired Clive with any Dwarf, the sight of the name here conjures .... a bearded Donald Sutherland. And I have no idea why that is.

CallMeLateForSupperJanuary 27, 2018 3:52 PM

Interesting. A search for "Brennan email hack" coughed up pages of links, while limiting the search to the past week coughed up only 2 pages. Most were blogs etc, Only a handful of newspapers, and all were British. Not a single American paper. I guess Brennan is no longer hot in USA.

GrauhutJanuary 27, 2018 4:17 PM

@ratio: if $XYZ == "oncoming attack" call $garbage_collector ;)

In your version da Russkys would be the most stupid time maschine inventors possible! :)

Bong-Smoking Primitive Monkey-Brained SpookJanuary 27, 2018 4:27 PM

@ Clive Robinson:

Heigh-Ho, Heigh-Ho it's off to work we go with a bucket and spade and a handgrenade..."

That would be me. I hate it when you drag me into this stuff, bud!

maqpJanuary 27, 2018 9:00 PM

Even quicker update on TFC Onion Service backend development

With the release of Tor 0.3.3.1-alpha, it is now possible to setup ephemeral / persistent v3 Onion Services under Stem although it's not yet officially supported. This is the result of collaboration with some friendly folks working with OnionShare. They were very helpful and in the end I was able to give them some assistance too.

The URL for single-computer testing on Ubuntu 17.10 I gave in last FSB still works. The TFC account is no longer Base58 as v3 Onion URLs feature internal checksum, and because carrying a note with regular v3 onion URL does not immediately reveal use of TFC.

The services are much more secure and they seem faster. However, there are some issues with directory servers rejecting descriptors if service with same key is created repeatedly. Hopefully these will be solved before IIRC April's stable Tor 0.3.3 release.

I've also switched to PyNaCl library's developer version and moved from XSalsa20-Poly1305 to XChaCha20-Poly1305-IETF. The reasoning here is I care more about djb's conjecture on increased diffusion than I care about eSTREAM badge.

Clive RobinsonJanuary 27, 2018 9:09 PM

@ JG4,

It wouldn't be wrong for you (or anyone else, as copyright is not asserted)

The law changed some years ago, I get the primary copyright as author implicitly, I would actually have to assign it into the public domain.

But @Bruce also gets a copyright because my comnents form part of a collection within his published work. Effectively a derived work.

The problem is the WTO rules and other legislation all vary from place to place...

As for,

I was slow to realize that you already have written enough to fill several or many books.

You need to remember the old saw,

    "Quantity alone does not a banquet make"

That is whilst somebody could scrape my comments, they are in the main responsive snipits to others comments etc. You would have to go through two mote distinct processes,

1, Strip out the essentials and sort/collate them.

2, Bridge them into a coheareant whole that gives them context.

As those who have written factual / technical books will tell you in the average book 10% or less is "the essentials" the rest makes them both readable and usefull to the widest number of readers.

In some cases it can be a lot less, think of the worlds most well known equation E=MCC just how many words directly and derivative works have there been?

(I've just added another 28 in the above, and I suspect a day does not go by when others are adding their's ;-)

Having written "education/training" guides for various organisations in the past, the skill is not in gathering the knowledge, but presenting it so that people of varying abilities can use it.

I'm actually in the process of writting traing information for my Son to kick his backside along the path of learning as an engineer. I might just publish it in a more widely available form the problem is the disemination even in just electronic form requires money to be spent. Which unless you are doing it for vanity means making a return, which acts as it's own barrier to disemination... Not quite a Catch22 but you get the idea.

There are also crazy crazy details you have to watch out for. Say I want to write a guide to wiring a plug for a domestic mains power socket. It's realy quite simple till you get to the illustrations... A quick hack would be to just photograph a plug as you do it add a couple of red arrows or similar to highlight what you are describing. But you cannot do that as somebody already has copyright on the plug and you would be required to seek their permission... So you have to either do something to the plug to make it sufficiently different to be "generic" or spend considerable time comming up with new drawings that you own the copyright on... Going down the "make it generic" route is quite risky, as it has it's own problems. Not just the investment in time but also some one will at some point make a claim it's not --sufficiently-- generic thus derived from their work just to be a nuisance... Which is why publishers are known to use "stock images" that only require a modest fee (look at the covers of paperback books to see identical images but under different colour washes etc). Oh and somebody else will also come along to claim you stole their idea of their guide etc. The better you do it the more likely this is to happen. It you know a successful popular author sufficiently well ask them about the perils of "fan fiction", "it's enough to make your beard white over night".

It's actually worse with technical guides, because of patents and processes. If you look in a School Chemistry book you will see formulars for turning one set of molecules into another. However when you go up a level you start talking about the processes involved with feedstock and efficiency etc. The clasic one you see is the Nobel Prize winning work of chemists Fritz Haber and Carl Bosch[1]. What you get given is "The Haber Process" which whilst it works is not "prime time" by any stretch of the imagination. It took the work of Carl Bosch to "industrialize" it into the "Haber-Bosch" process which was a very valuable "trade secret" at one point.

Which brings you into an interesting problem. Without going into technical information in depth you stymie your attempt to provide a usefull work to others so that they can learn. However if you do give detailed technical information you are in effect "revealing trade secrets" which in turn leaves you open to charges of "industrial espionage" in a number of countries of which South Korea has been notable in prosecuting and seeking to prosecute people.

And that's just some of the easy stuff, think about previous employers. Most don't care about previous employees and what they now do but some are greedy or vengful and have the attitude of the Devil in that they believe they own your soul in perpetuity.

I've experienced this a couple of times, one was a company designing electronic security devices. Specifically a very crap fingerprint reader. They were deaply unhappy about what I could do with red wax from Edam cheese, a fridge/freezer, WD40 oil an bottle of Copydex rubber solution glue and optionally a rubber glove finger. They have long since gone out of business. Another company was not happy about the fact that I had already designed built and tested a hybrid Class D/H RF amplifier that used Walsh Transforms to get rid of filter issues whilst working part time at a previous company. The "bossman" was not happy that someone had "Been there done that got the tee-shirt and a style award" but worse still had done it way better than he had thought up... For some reason people get NIH syndrome or worse "Kill the Golden Goose" syndrome. Why I have no idea because it's always both petty and realy short sighted, and in the long run hurts them more than anyone else...

[1] What you rarely hear about is that it was not Fritz Haber who actually did the work of coming up with the actual "Haber Process" he was kind of an ideas man. The real work of finding the actuall process was done by the British Chemist Robert Le Rossignol, as the patents actually show. Rossignol was unlucky in that he did his work in Germany before WWI and got intered by the German Authorities in 1914. To get out he had to work for the German's which in effect made him a traitor. He returned to Britain after the war and moved into designing electronic components for GEC (thermionic valves in particular) which became vital in WWII in which both his sons died.

hmmJanuary 27, 2018 9:21 PM

"Quantity alone does not a banquet make"

I searched google for this in various iterations, nothing. Not even ancient Chinese crickets.
Old saw my left bollocks.

Clive RobinsonJanuary 27, 2018 10:39 PM

@ CallMeLate...,

the sight of the name here conjures .... a bearded Donald Sutherland. And I have no idea why that is.

I'd love the voice, and be a little nearer his physique than my own. Also the charm and gentle whit would be improvments over my own.

As has been mentioned before I look a little worse than a Klingon having a bad hair day most of the time. Though my beard has both softened and aged my looks. And now with a little badger looks distinguished in a sort of Russian way as a charming Russian young lady told me at party a couple of months back while pulling on it gently ;-)

Like many physically large but not overweight people I used to be very light on my toes --when they were not broken-- and could sneek up on a mouse with little difficulty[1].

As quite a few people found out when I was "wearing the green" I could just appear as if by magic and the first they knew was a quiet cough or word from just behind their ear. One "roughty-toughty" officer had a close encounter I doubt he has forgoton. He was trying to sneek up on our position in the dark. He was not happy when crawling up on his belly to find a thunderflash with struck fuse land in front of his eyes and me saying quietly "You might want to do something with that". I don't think I've seen somebody roll over a few times and curl up in a ball so fast in my life before. He was somewhat enraged, and when it did not go off, lets just say he was not molified to find out it was one I had "modified earlier" so it would behave just as it did...

It was just as well he was enraged because he forgot to ask the obvious question of what I had done with the charge I had taken out of it, or the other five for that matter... His happy little squad did find out later as I'd wired them to the ignition systems of their land rovers... But as they say "all things are fair in love and war", so why should war games be any different ;-)

The MT staffie told me a few days latter I'd made a hell of a mess of the engine compartments and owed her a drink or three for cleaning up the mess... I said jokingly "make it dinner and your on" she said yes thus bonus points all round B-)

[1] Which always gives you a problem... having snuck up on a mouse and caught it, what do you do with it? Although I can look mean and ferocious and could actually kick your head off[2] I've a soft spot for small creatures and don't believe in harming or killing them without very good reason.

[2] I still can kick the tops of door frames but lack the power I once had when I physically broke a martial arts dummy with a single kick. I had made a half joking comment along the lines of "Do you call that a kick" to somebody I knew who was practicing their martial arts in their dads garage. Instead of treating it like the light hearted joke it was ment to be, they gave me the "If you think you can do any better" line... well I did and broke a couple of toes in the process, but did not let on (when you play rugby breaking fingers and toes is not an occupational hazzard but near normal occurance, often a source of pride of a game well played). I used to be a keen cyclist till ill health stopped me a few years back and cycling a hundred miles or so on a whim was a way of curing boredom, hence I had very strong legs. A girl friend of the time used to tell her friends that my thigh measurment was bigger than her waist, what she did not tell them though was how dam difficult it was to get trousers that would go around thirty inch thighs, hence my habit of wearing "work trousers" when not wearing shorts.

Clive RobinsonJanuary 27, 2018 11:04 PM

@ hmm,

Old saw my left bollocks.

Is that your way to let us know you are a polyorchid?

It's one of many variations on a them, where you will find,

    Quantity alone does not buy us happiness

And the more modern,

    Money can not buy you love

Somebody called it the "lasagna problem". They like lasagna a lot, especially their mothers, but they know if they eat to much then it will not be so pleasant.

Which is a similar theme to,

A little of what you fancey does you good...

But the real message behind it is Quantity and Quality should not be mistaken for each other.

Now if you can not find it on line, are you claiming I'm the originator of it?

If so, perhaps you should notify those publishers of quotes dictionaries, so I can sit alongside Churchill and the Python's and their respective "dead birds". It would be a claim on immortality...

Clive RobinsonJanuary 27, 2018 11:18 PM

@ Bong Smoking Primitive Monkey Brained Spook,

That would be me. I hate it when you drag me into this stuff, bud!

Hmm would that be "drag" as in smoking a bong, crossdressing or just pulling your stuff along?

There's an old joke about a bloke who has a dog with no legs. Somebody asks him why he calls it "cigarette" and he replies "Because every night I take it out for a drag".

Which is almost as bad as the one about a dog with no nose, when asked "How's it smell?" The owner replies "Terrible" (which before I am asked by "hmm" can be found on a Skiffle record by Lonnie Donegan called "My old Man's a Dustman").

Wesley ParishJanuary 27, 2018 11:24 PM

@Clive

I think if an illustration's of something that's produced as defined by a standard - eg, a power plug - any illustration of any company's power plug will do, because the company concerned has not made the required work to make it "unique". You can't make "unique" power plugs anyway, you can't give your designer a free hand to come up with something utterly creative and stylish and whatever, if you've got to fit it into a standard receptacle - consumers are notoriously unforgiving of things that don't work.

@usual suspects:

NSA expunges 'honesty' and 'openness' from its core values
ht tps://www.theinquirer.net/inquirer/news/3025331/nsa-expunges-honesty-and-openness-from-its-core-values

The NSA can't even be congratulated for being honest now, since it's not one of its "core values".

They're not being honest with us!!!

65535January 27, 2018 11:35 PM

@ hmm

NEMcoin = 0.64% of the total currencies out there, one theft at one exchange pegs the whole gamut.

“Japanese cryptocurrency exchange loses more than $500 million to hacker … Japanese cryptocurrency exchange Coincheck says Friday that around 523 million of the exchange's NEM coins were sent to another account around 3 a.m. local time.”

https://www.cnbc.com/2018/01/26/japanese-cryptocurrency-exchange-loses-more-than-500-million-to-hackers.html

I wonder if this is going to turn into Krapeles type of cash grab [or cash for good lawyers]. I don’t think Karpeles got the money. But, the same could happen above. Japan has some odd checks and balances.

“Mark Karpeles, the former head of the world’s biggest bitcoin exchange, is about to make $859 million from his customers’ funds, according to reports…. japanese police arrested Karpeles, whom former employees describe as a “maverick” and a “mindfu*ck,” in 2015 in connection to the loss of around 1 million bitcoins from the now defunct Mt. Gox exchange the previous year. At the time, the lost bitcoins were worth around $387 million; the price of the world’s most valuable cryptocurrency has since risen exponentially."-Newsweek

http://www.newsweek.com/bitcoin-mark-karpeles-mt-gox-exchange-cryptocurrency-709242

I am not happy about ICE getting a huge license plate reader database. I sounds like a huge abuse of power.

@ NYOB

“Portland's top brass said it was OK to swipe your garbage--so we grabbed theirs.”

That is mostly legal. But, the real reason could be that reporters want to sift through that trash for interesting information on top citizens. Pocket litter and trash make good evidence.

@ maqp

That sounds good.

Listened to your youtube link and it looks like Tor will embed keys in the url. Is that go or bad? [I hope youtube did not crypto mine my computer] Is this similar to the post v. get argument deal using http?

65535January 28, 2018 12:05 AM

@ Clive Robinson

‘ There's an old joke about a bloke who has a dog with no legs. Somebody asks him why he calls it "cigarette" and he replies "Because every night I take it out for a drag"’

Ha. Clive does have some jokes.

Did the dog loose its legs because it dragged over curbs, gravel roads and sewer grating?

“Come on girl, you can make it. We only have 11 more kilometers to go… darn, another leg fell off! I am going to have to call you the cigarette dog if this keeps up.”

maqpJanuary 28, 2018 12:09 AM

@ 65535

I do not yet fully understand the v3 spec as I have only skimmed it, but there's nothing that makes me think using the signature verification key itself as the address is bad.

Bong Smoking Primitive Monkey Brained SpookJanuary 28, 2018 1:23 AM

@Clive Robinson,

Hmm would that be "drag" as in smoking a bong, crossdressing or just pulling your stuff along?

Come on, bud! Clear as daylight!

hmmJanuary 28, 2018 1:49 AM

@Clive

"Is that your way to let us know you are a polyorchid"

You think I'd stop at 3?

Bong-Smoking Primitive Monkey-Brained SpookJanuary 28, 2018 1:56 AM

@Clive Robinson,

As has been mentioned before I look a little worse than a Klingon having a bad hair day most of the time.

What do you mean? We know about the beard. Tell us more about them eye-brows?

as a charming Russian young lady told me at party a couple of months back while pulling on it gently ;-)

No comments!

WinterJanuary 28, 2018 3:30 AM

@Denton
" I'm still waiting for a single shred of actual evidence so that I can verify it for myself. "

There is very little in the news you get actual verifyable evidence for. So, in the end, this approach means you will learn very little about the world.

In terms of cyber crime attribution, you cannot get much better than having security camera recordings of people doing the hack. So the speed with which these reports are dismissed look to me as a testimony of partisanship. The likes of "it must be false because I do not want it to be true".

As for the reliability and professional qualities of the journalists involved, they are excelent. These two, and their media outlets, are have a very good reputation.

As for why the "sources" leaked. That is simple. There is an upcoming referendum about legalizing large scale surveillance. The intelligence community needs a success story to tell as the anti camp is getting traction.

Clive RobinsonJanuary 28, 2018 4:21 AM

@ hmm,

You think I'd stop at 3?

Well you did imply more than one to the left... So if you were a balanced individual that would imply more than one to the right as well.

So yeah if my basic maths is right that's a "floor of four". Which would leave you looking like a poor mans Newton's Cradle, so you might go for five to get the swing right ;-)

JG4January 28, 2018 7:24 AM


Thanks for the great ideas and great discussion. Some of the history is pretty dark. A lot darker than this:

“We’d go down and lie to them consistently,” says former ... officer. “In my 25 years, I have never seen the agency tell the truth to a congressional committee.”

https://www.nakedcapitalism.com/2018/01/links-12818.html

...[firehawks again]

Australian raptors start fires to flush out prey Cosmos (furzy). Australia has badass wildlife! Note the behavior was reported earlier but no one seemed to have figure out why the birds were doing that.

...[the war party still are at it; from WWII levels of spending, we are going up 13%. always and everywhere, factions with ambitious people can be found and set against each other, thereby increasing the demand for product]

Imperial Collapse Watch

Why We’re Underestimating American Collapse Eudaimonia and Co. Resilc flagged this paragraph:

But that is America’s task, not the world’s. The world’s task is this. Should the world follow the American model — extreme capitalism, no public investment, cruelty as a way of life, the perversion of everyday virtue — then these new social pathologies will follow, too. They are new diseases of the body social that have emerged from the diet of junk food — junk media, junk science, junk culture, junk punditry, junk economics, people treating one another and their society like junk — that America has fed upon for too long.

Meet the CIA: Guns, Drugs and Money Counterpunch

Trump seeks to halt funding for International Space Station by 2025: report The Hill (furzy)

MSU scholars find $21 trillion in unauthorized government spending; Defense Department to conduct first-ever audit Michigan State University (Chuck L). Note in 2001, the DoD’s own auditors said it could not account for $2.3 trillion in transactions in a single year.

Big Brother is Watching You Watch

The War on Dissent Consent Factory (Romancing The Loan)

The American Family Today 2018 Walmart (resilc)

Thought Police for the 21st Century Chris Hedges, Truthdig. From last week, still germane. Bill B notes:

Facebook: “We believe that a key part of combating extremism is preventing recruitment by disrupting the underlying ideologies that drive people to commit acts of violence. That’s why we support a variety of counterspeech efforts.”

The Senate Hearing where Monika Bickert testifies can be found here:
https://www.commerce.senate.gov/public/index.cfm/hearings?ID=BD4A2005-ACBE-41C1-A01B-FEA3D625FB4A

This Custom-Made Jihadi Encryption App Hides Messages in Images Motherboard

...

No Wrinkle in Time Atrios. On robot cars.

...

Amazon’s New Supermarket Could Be Grim News for Human Workers New Yorker. Help me. See Leonid Berzinksy at Bloomberg’s take: Amazon’s Pointless Obsession With Cashiers. Plus shrinkage.

...

RatioJanuary 28, 2018 7:30 AM

@Wael,

That's right, the word "cover" comes from the Arabic "Kafar".

The verb “to cover” comes from the Old French “covrir”, from the Latin “cooperire”, a combination of the prefix “con-” (“with”, or “together”) and the verb “operire” (“to cover”, and by extension “to close”) meaning “to cover completely” or “to overwhelm” (the latter half of which also means “to cover”). For comparison, this is what “to cover” looks like in some Romance languages: “couvrir” (French), “coprire” (Italian), “cubrir” (Spanish).

A related word in English is “aperture”, which comes from the antonym of “operire”: “aperire” (“to uncover”, “to open”). Again for comparison, the verb “to open” in those Romance languages is: “ouvrir” (French), “aprire” (Italian), “abrir” (Spanish). “Opening” is: “ouverture” (French), “apertura” (Italian), “abertura” (Spanish).

(I’ll limit myself to linguistics. There’s another Squid in my TODO somewhere regarding the bigger picture. Someday I’ll actually get to it…)

RatioJanuary 28, 2018 7:39 AM

@Wael,

I forgot to include the English “overture”. English, French, and Spanish later all doubled up by borrowing “apertura” (“aperture” in French and English).

WaelJanuary 28, 2018 8:19 AM

@Ratio,

There is no requirement the path is direct. It could be Arabic → Latin → French or directly Arabic → English. Arabic predates English by thousands of years so the window of interaction is relatively narrow. Take for example the word 'أرض' in Arabic.

English: Earth
German: Erde
Latin: terra (there are similarities.
Hebre: כדור הארץ (listen to the pronunciation on the webs)

Do you really believe these are coincidences?

Same thing for water, etc. Take a gander at zis, which isn't a complete list:

The following English words have been acquired either directly from Arabic or else indirectly by passing from Arabic into other languages and then into English. Most entered one or more of the Romance languages before entering English.

Direct vs. indirect. We're on the same page, so far.

There’s another Squid in my TODO somewhere regarding the bigger picture. Someday I’ll actually get to it

Oh, I am intrigued. Which one would that be? The one with the 'nuggets' that you chose to pass on? Bigger picture, eh? I am waiting, baby!

Clive RobinsonJanuary 28, 2018 9:04 AM

@ CallMeLate...,

Being a coder myself, once I learned that JS is essentially Code Cutting Lite for kiddies and for others we don't know and can't trust, I ripped JS out of my OS (by the roots!; no flag silliness).

Just to give you the feeling you've made the right choice ;-)

Have a read of,

https://www.rdegges.com/2018/please-stop-using-local-storage/

Then ask yourself "What else could possibly go wrong in the hands of a school kiddy self learning to be a Web designer?" after all experience tells us the tools we turn to first are the ones we first learnt...

I won't prophesie doom on this, because as far as I can see it's a done deal with the Devil collecting wanabe code cutting lite souls already :-S

I think the designers of all that extended crap in HTML5 should have their feet turned to the fire untill they self combust.

But then I'm old fashioned "Fire and soul stealing" still have oldSkol style about them that never seams to age, like little black dresses and small imps in red with outsized toasting foks to prod buttock ;-)

CallMeLateForSupperJanuary 28, 2018 9:25 AM

I wrote: "Be afraid, IC. Be very afraid."
And failed to follow that with "Not."

@Wael posited: "I wouldn't be!"
Me too, neither. :-)

RatioJanuary 28, 2018 10:16 AM

@Wael,

There is no requirement the path is direct.

Right, but it would have to look like “cover” ← … ← “operire” ← … ← كفر. And between “operire” and كفر there very likely exists another, reduced, form (“operire” and “aperire” have the form prefix + root).

It could be Arabic → Latin → French or directly Arabic → English.

It’s not the latter, and if it were the former then “operire”, say, would have come from كفر.

Arabic predates English by thousands of years so the window of interaction is relatively narrow.

Old Arabic predates Old English by about 1500 years. But languages don’t spring into existence, they develop over time. If some people had only classified and named things differently we’d be having a different conversation.

Take for example the word 'أرض' in Arabic. [...] Do you really believe these are coincidences?

I don’t know what the relation between the Semitic and Germanic words for “earth” is, if there is any. But these kinds of things are likelier to be a coincidence between Semitic and Germanic language groups than within those groups. And how about this?

  • Arabic: ماء
  • English: water
  • German: Wasser
  • Hebrew: מים
  • Latin: aqua

Do you believe that is a coincidence?

The following English words have been acquired either directly from Arabic or else indirectly by passing from Arabic into other languages and then into English. Most entered one or more of the Romance languages before entering English.

You should add “cover”. ;-)

Also, that list includes words that are not Arabic (or even Semitic) in origin. Arabic then plays a role similar to the Romance languages of your quote. Examples from that page, as mentioned there: “camphor” and “candy” (Sanskrit), “caravan”, “check”, “checkmate”, “chess”, “exchequer”, … (Persian), etc. A language like French could add those to its own list of words contributed to English if they helped pass them on. :-)

The one with the 'nuggets' that you chose to pass on?

Don’t know which one that would be? I’ll get to it. (Don’t be holding your breath waiting, though.)

CallMeLateForSupperJanuary 28, 2018 10:38 AM

@Clive
"Just to give you the feeling you've made the right choice" (link)

Edifying - and nearly painless - articles. Tnx.

RatioJanuary 28, 2018 10:57 AM

@Bauke Jan Douma,

Apparently the NSA hackers were competent enough to get into the Russki's mobile devices, however, said competence suddenly found its limit when they needed to leave a false trail that would point to them Russki's?

“An American source” explains that “the Americans” claim the Russian government is involved in the hacks, and they know this because the NSA saw “the Russians” search for news on XYZ right before there was an attack related to XYZ. (I’m paraphrasing. I quoted the passage here.)

Your false trail would let them deceive … who, exactly? Themselves? In their own story?

I think you confused yourself while you were thinking of a reason why you didn’t buy all that. You could have just gone with the tried and true “anonymous American source talking out of his backside”. Much simpler, and doesn’t have the drawback of obviously not making any sense.

RatioJanuary 28, 2018 11:34 AM

@Grauhut,

if $XYZ == "oncoming attack" call $garbage_collector ;)

It’s obvious that the writer / translator tried to express that the NSA saw “the Russians” looking for news about something that would happen right after they had done that. (The conclusion is that they knew about the attack in advance, hence “the oncoming attack” in the article.)

The original article is Hackers AIVD leverden cruciaal bewijs over Russische inmenging in Amerikaanse verkiezingen (in Dutch):

Volgens één Amerikaanse bron lukt het hackers van de NSA eind 2015 om op de mobiele apparaten van enkele hoge Russische inlichtingenofficieren te komen. Daarop zien ze onder meer dat de Russen vlak voor een hackaanval op internet alvast zoeken of er nieuws over de aankomende aanval is. Voor de Amerikanen zou dit het indirecte bewijs zijn voor de betrokkenheid van de Russische overheid bij de hacks.

You could try Google Translate?

In your version da Russkys would be the most stupid time maschine inventors possible! :)

Yeah, well, I was working with the version that was actually in the article. ;-)

WaelJanuary 28, 2018 11:35 AM

@ CallMeLateForSupper ,

Me too, neither. :-)

Reminds me of a meeting I attended a few years ago where a non-native English-speaking individual said something like this: it applies to both three states. I got distracted for a few minutes and missed the questions and comments directed at me. I was thinking: is he joking? Looked at him... not a hint of a smile. Had to "speak" with him after the meeting.

@Ratio,

And between “operire” and كفر there very likely exists another, reduced, form

Brobably.

And how about this?

Arabic is an ensemble of languages - all proper Arabic. There are tribes that don't have a 'K' sound, 'K' is always pronounced as 'CH' (like Kirchhoff: some pronounce it Kirchoff and some pronounce it Kirkoff,) others pronounce it as 'S', yet others pronounce it as 'SH' (Like some Swedes pronounce some words that start with 'K',) among several other variations on other letters and words. You remember the 500 names of a lion? Same thing can be said about many words, and that's within one variant of the language. As for water, the word you want look up is the Arabic word for 'rain' -- mattar, then go from there.

Old Arabic predates Old English by about 1500 years

A lot more than that.

But these kinds of things are likelier to be a coincidence between Semitic and Germanic language groups than within those groups.

I don't believe in coincidences, especially if there are many of them. Funny you mention that! The poem I asked you about "Sawt Safeer Al bolbol", by Al Asmaa'i has a lot to do with that. What I care about is how these 'coincidences' came about. There are some references in older scriptures about this (Babylon, Genesis 11:1 "it is said that everyone on Earth spoke the same language".) You brobably need to revisit this comment from me.

You should add “cover”. ;-)

Na! You'll remove it shortly after ;) lol

Gerard van VoorenJanuary 28, 2018 12:54 PM

@ Wael, Ratio,

Please stay with me, I've got to say to this you guys. Would you two please contact with a different kind of technique? I don't know which kind or whatever, but your two are talking arabic all like the time like a couple of a newly married couple is kinda irritating me out. This is exhausting.

Now, I respect the two of you guys, but please, this is too much. And no exhausting email please too. Just keep it simple and stupid to me, please. You two can carry exchanges with any other kind of technique you like, as long as you ... please keep quiet and keep everything infomercial.

That's all.

WaelJanuary 28, 2018 1:28 PM

@Gerard van Vooren, CC: @Ratio,

Please stay with me,

I'm with ya!

is kinda irritating me out

Understood. Was not the intention.

Now, I respect the two of you guys

Likewise!

And no exhausting email please too.

I don't understand.

please keep quiet

We know how to do that alright. Apologies for the irritating topic - I'll try to cut back. Thanks for the feedback, I do appreciate it. I know you are right.

albertJanuary 28, 2018 1:38 PM

@H-1B,
Microsoft used to be the primary supporter of H-1Bs. They were always pissing and moaning about 'not being able to find good workers' here in the US. What they really meant was they couldn't find good CHEAP workers, i.e., PhDs willing to work for less than market rates. In those days, the plan was simple: work for cheap until you get citizenship, then go to work for some other company AT the market rate. And speaking of money, where does that $10k/worker go?

@Wael,
"...'I am not Happy!' So I said, 'Well, which one are you then?'...". LOL. Talk about setups! One should always appreciate wit, even at ones own expense!

Back in the pre-Cambrian Period, my high school English teacher once ask the class for the definition of 'homogeneous'. I immediately piped up with 'Truman Capote'. That one certainly made it into the teachers lounge.

. .. . .. --- ....

Gerard van VoorenJanuary 28, 2018 1:48 PM

@ Wael,

No I don't think you do. Please find a different kind of technique. That's all I have to say about this.

Clive RobinsonJanuary 28, 2018 2:11 PM

@ Nopeadope,

Comedy gold includes priceless jeering at the malaprop baby talk of Intel wannabes.

I don't trust google translate very far, it might be accurate it might not, thus I'm always cautious about it. Thus the simple fact is when the story was translated by it into what appeared like junk I put it down to Google. Because the stories conflicting aspects and general incoherence made it look "lost in translation".

It appears others do not, for good reason, there were other things I saw such as the bringing up of the shot down MH17 flight[1] that I could not explain.

Because "Where did it fit in with the story?". It clearly did not as far as I could see, which made things even more suspect for me that the translation was bad in some way...

Thus I assumed early on that Google translate had munged it up big time for some reason.

But then the US Harpies came out to play saying things that did not fit in with the translation I'd seen. Thus I again incorrectly assumed Google had munged up what it had shown me.

So like others I'm in the position of uncertainty, having not seen a translation I can trust to make any kind of judgment on...

But based on past experience of the US MSM and Harpies making baseless claims attributing stuff, there is obviously some nonsense in play. Thus their behaving like a flag flapping in a crosswind, blowing first one way then the other, back and forth, back and forth, with no consistancy should have set of alarm bells.

I just assumed people were "cherry picking" from what ever translation most favoured their view point. Which was my mistake, because there is a consistency in there. In that what sounds most against the nation that is the latest USG chosen "existential threat" FUD for Orwellian reasons is what we see.

So yes the whole story appears faux for FUD reasons to actually maximise a bit of patriotic flag wrapping for the Dutch Spookworks.

I guess it must be comming up to appropriations time and they are angling for an uplift. I guess to further slide the Dutch under the FiveEyes "cult like" control.

People have to remember that the FiveEyes is totaly unelected and apparently expects all suplicants to show loyalty to them and them alone. With the USA and UK playing the brawn on the throne and the brains behind the throne respectively. With Australia, Canada and New Zeland inducted as a conveniance to get access to communications choke points of the time. Since then communications has progressed greatly and new choke points have arisen, hence the lower tier inductees.

Thus the Dutch, like the Kiwi's will discover that though they pay their SigInt agency, the agency clearly has no loyalty to the hand that feeds it. But loyalty only to their FiveEyes leaders (as in any cult). Is it any wonder that those at the top of the cult who are brawn rather than brain build command centers that look like ScFi fantasy Space Ship bridges as their temples?

[1] Why bring up the Malasian Airliner shot down by a Russian BUK2 missile over the Ukrain whilst about two thirds full of Dutch People come into it [2]. I guess the "emotional pull" for the Dutch to get buy in to anotherwise nonsense story, explanation holds more water than the article it's self does. In that it brings up sentiment against Russia and thus elicits an almost Pavlovian response from Dutch readers that "Their boys are sticking it to the Russians". The old "wrap them in the flag and salut them" trick writ large.

[2] https://www.theguardian.com/world/2015/oct/13/mh17-crash-report-plane-partially-reconstruced-blames-buk-missile-strike

anonyJanuary 28, 2018 2:18 PM

A new randomness generator designed for counterfeit protection

"A piece of 'tape' pulls thousands of coloured grains of sand out of the bucket and is then attached to the product. The unique pattern created by the coloured grains of sand can be attached to products in a number of ways. The pattern, measuring only a few millimeters, can be impregnated into leather, embedded into glass or milled into metal. Because the grains of sand are so small, they cannot be removed individually and rearranged into another puzzle."

https://www.eurekalert.org/pub_releases/2018-01/fos--nmt011918.php

TS/SCI/DAPPERHATJanuary 28, 2018 3:09 PM


feelgood Astroturf bouncy castle accessnow.org manages to list its villians without mentioning anyone from NSA, CIA, JTRIG, 8200, or GCHQ. At that point you just page down to find the inevitable: Schneier on the board.

albertJanuary 28, 2018 3:44 PM

@TS/SCI/DAPPERHAT,

Hey, that's a good picture of The Brucester! I like the beret. And not because I wear one.

. .. . .. --- ....

Milo M.January 28, 2018 4:42 PM

https://www.washingtonpost.com/news/business/wp/2018/01/27/hackers-are-making-u-s-atms-spit-out-cash-like-slot-machines-report-warns/

"Hackers able to make ATMs spit cash like winning slot machines are now operating inside the United States, marking the arrival of “jackpotting” attacks after widespread heists in Europe and Asia, according to security news website Krebs on Security."

https://krebsonsecurity.com/2018/01/first-jackpotting-attacks-hit-u-s-atms/

"the U.S. Secret Service quietly began warning financial institutions that jackpotting attacks have now been spotted targeting cash machines here in the United States.

To carry out a jackpotting attack, thieves first must gain physical access to the cash machine. From there they can use malware or specialized electronics — often a combination of both — to control the operations of the ATM."

"a source close to the matter said the Secret Service is warning that organized criminal gangs have been attacking stand-alone ATMs in the United States using “Ploutus.D,” an advanced strain of jackpotting malware first spotted in 2013."

"The source said the Secret Service is warning that thieves appear to be targeting Opteva 500 and 700 series Dielbold ATMs using the Ploutus.D malware in a series of coordinated attacks over the past 10 days, and that there is evidence that further attacks are being planned across the country.

'The targeted stand-alone ATMs are routinely located in pharmacies, big box retailers, and drive-thru ATMs,” read' a confidential Secret Service alert sent to multiple financial institutions and obtained by KrebsOnSecurity. 'During previous attacks, fraudsters dressed as ATM technicians and attached a laptop computer with a mirror image of the ATMs operating system along with a mobile device to the targeted ATM.' "

Krebs link to 2013 story on Ploutus.D:

https://www.fireeye.com/blog/threat-research/2017/01/new_ploutus_variant.html

Diebold alert posted by Krebs:

https://krebsonsecurity.com/wp-content/uploads/2018/01/20180126-GLOBAL-SECURITY-ALERT-018-04-0005-Potential-Jackpotting-US-Update-on-017-34-0002-smaller.pdf

NCR advice to customers:

https://www.ncr.com/company/blogs/financial/are-you-doing-enough-to-defend-against-logical-attacks

https://www.ncr.com/sites/default/files/brochures/17fin5025_a_sec_rqts_protect_logical_attacks_wp.pdf


r espectfullyJanuary 28, 2018 4:51 PM

re: GvV

Frankly, I find the linguistics banter refreshing en lieu of other less confederate[d] remarks.

Clive RobinsonJanuary 28, 2018 5:36 PM

@ Anony,

A new randomness generator designed for counterfeit protection

The idea is not new, back in the days of SALT a similar system using strands of glass fiber and flecks of bright metal in a clear appoxy resin was talked about as a both unique and unforgable serial number.

GrauhutJanuary 28, 2018 5:54 PM

@Ratio: Google translate supports me! ;)

...dat de Russen vlak voor een hackaanval op internet alvast zoeken of er nieuws over de aankomende aanval is.

... that the Russians are looking for information about the upcoming attack just before a hack attack on the Internet.

Russian ic ops search for news about an attack before an attack has happened and this is indirect evidence of involvement? If they were involved, wouldn't they do such a search after an attack?

Still funny! :)

JG4January 28, 2018 6:30 PM


I thought that this guy had published a discussion, including pictures, of using convection of foil bits in heated water as an entropy generator (random number source). It may have used a webcam for readout.

https://www.av8n.com/turbid/paper/rng-intro.htm

http://www.av8n.com/computer/htm/secure-random.htm

I did a quick search of the comments for his domain name using the search tool at the top and came up empty-handed. He also has a nice discussion of an open-source lock-in amplifier software that runs under Linux. It may use the sound card that I suggested as an interface for something. The lock-in amplifier topic bumps up against Fourier transformation, demodulation and picking needles out of haystacks. It's a short step from there to using arbitrary projection operators manufactured from whole cloth by deep guessing. We kill people based on uneducated and very expensive guesses.

JonKnowsNothingJanuary 29, 2018 12:27 AM

re: Fitness tracking app Strava gives away location of secret US army bases

Data about exercise routes shared online by soldiers can be used to pinpoint overseas facilities

Lots of interesting details in those 3 trillion individual GPS data points plotted and published. Of course as the wearers all enjoyed the privacy of "NONE" there are sure to a whole lot of new views to find.

It's not actually surprising because these devices, like smartphones and other similar devices are targeting apps. What possible use would they be if they couldn't pin point you?

The Intercept article gives a pretty decent explanation of practical uses. And the Guardian gives a look at the sort of people who do this for a living.

“You see [enemy combatants] kiss their kids goodbye, and kiss their wives goodbye, and then they walk down the street,” said a squadron chief master sergeant. “As soon as they get over that hill, the missile is released.”

The Americans wait to fire, he says, “because we don’t want the family to see it”.

They don't want the families to see? What to they think (yeah oxymoron) happens when they go to look? Well, that's if they survive the double, triple taps?

How very thoughtful of them.

ht tps://theintercept.com/2018/01/27/a-4-year-old-girl-was-the-sole-survivor-of-a-u-s-drone-strike-in-afghanistan-then-she-disappeared/

ht tps://www.theguardian.com/world/2018/jan/23/the-kill-chain-inside-the-unit-that-tracks-targets-for-us-drone-wars

ht tps://www.theguardian.com/world/2018/jan/28/fitness-tracking-app-gives-away-location-of-secret-us-army-bases

Wesley ParishJanuary 29, 2018 1:56 AM

An interesting titbit of info on the noble art of sticking one's foot in one's mouth and shooting oneself in the foot(Don't try this at home, kids):

All your base are belong to us: Exercise app maps military sites, reveals where spies jog

h ttp://www.theregister.co.uk/2018/01/29/strava_military_base_locations/

Why am I suddenly reminded of Titus Groan? Gormenghast? Titus Alone?

WinterJanuary 29, 2018 5:08 AM

@Grauhut
"..dat de Russen vlak voor een hackaanval op internet alvast zoeken of er nieuws over de aankomende aanval is."

Your translation of this fragment is correct. But if you read the newspaper articles, you see that the Russians look voor news about the target of the upcomming attack.

Errors happen, even in press releases. Most people are able to understand that interpretations that are physically impossible would not be the intention of the writer. Some people cannot bring themselves to make that step.

WinterJanuary 29, 2018 6:04 AM

Btw, Dutch banks have been under a massive DDOS attack since yesterday. Must be a coincidence.

CassandraJanuary 29, 2018 6:15 AM

@Clive Robinson

Re: coloured-sand grains on tape

That was my thought too. As I remember the system, it used 'glitter' in transparent epoxy. Things that were to remain verifiably unopened were sealed with a blob of this epoxy, then photographed from two different angles (possibly stereoscopically) under controlled lighting. It was regarded at the time as technologically infeasible to reproduce the exact 3-D distribution of glitter in the epoxy, so the seal could not be broken and then remade without someone noticing things did not match up when new photographs were made at a later date when checking that things were undisturbed.

Oddly enough, I can't find a reference to this easily via Internet search.

CallMeLateForSupperJanuary 29, 2018 9:15 AM

Unforeseen Consequences. Unclear On the Concept.

"An interactive map posted on the Internet that shows the whereabouts of people who use fitness devices such as Fitbit also reveals highly sensitive information about the locations and activities of soldiers at U.S. military bases, in what appears to be a major security oversight.

"The Global Heat Map, published by the GPS tracking company Strava, uses satellite information to map the locations and movements of subscribers to the company’s fitness service over a two-year period, by illuminating areas of activity."
[...]
"The Pentagon has encouraged the use of Fitbits among military personnel and in 2013 distributed 2,500 of them as part of a pilot program to battle obesity."
[...]
"Adam Rawnsley, a Daily Beast journalist, noticed a lot of jogging activity on the beach near a suspected CIA base in Mogadishu, Somalia.

"Another Twitter user said he had located a Patriot missile system site in Yemen.

"Ben Taub, a journalist with the New Yorker, homed in on the location of U.S. Special Operations bases in the Sahel region of Africa."

https://www.washingtonpost.com/world/a-map-showing-the-users-of-fitness-devices-lets-the-world-see-where-us-soldiers-are-and-what-they-are-doing/2018/01/28/86915662-0441-11e8-aa61-f3391373867e_story.html

couchtaterJanuary 29, 2018 11:37 AM

@CallMeLateForSupper re: Stava map... According to the account I read, by policy these devices should be used in private mode only relevant personnel. Next might be heavier enforcement of that directive. So what might a before and after delta show?

bttbJanuary 29, 2018 12:56 PM

"Decades before he ran the Trump campaign, Paul Manafort’s pursuit of foreign cash and shady deals laid the groundwork for the corruption of Washington...

His work, the source of the status he cherished, had taken a devastating turn. For nearly a decade, he had counted primarily on a single client, albeit an exceedingly lucrative one. He’d been the chief political strategist to the man who became the president of Ukraine, Viktor Yanukovych, with whom he’d developed a highly personal relationship. Manafort would swim naked with his boss outside his banya, play tennis with him at his palace (“Of course, I let him win,” Manafort made it known), and generally serve as an arbiter of power in a vast country. One of his deputies, Rick Gates, once boasted to a group of Washington lobbyists, “You have to understand, we’ve been working in Ukraine a long time, and Paul has a whole separate shadow government structure … In every ministry, he has a guy.” Only a small handful of Americans—oil executives, Cold War spymasters—could claim to have ever amassed such influence in a foreign regime. The power had helped fill Manafort’s bank accounts; according to his recent indictment, he had tens of millions of dollars stashed in havens like Cyprus and the Grenadines..."


https://www.theatlantic.com/magazine/archive/2018/03/paul-manafort-american-hustler/550925/

Clive RobinsonJanuary 29, 2018 1:13 PM

@ Cassandra,

Oddly enough, I can't find a reference to this easily via Internet search.

Yes it's the problem with the "Colective amnesia" that Internet search engines have as searches look for older records.

You could try looking for either Simmons or Lampson and SALT I, as they should bring you into the "covert channel" work of Gus Simmons that came out through the SALT II discussions.

Clive RobinsonJanuary 29, 2018 8:01 PM

@ VinyG, Cassandra,

does this write-up bear any similarity to what you were seeking?

It's exactly the same idea as that from the 1970's proposed as part of the Strategic Arms Limitation Talks (SALT) to create tamper proof serial numbers that even State Level attackers could not forge.

Oh there are a couple of things missing from their description to ensure you get a suitable photograph. A datum point and a way of ensuring correct distance and that the camera and serial number blob are at the same physical relationship.

If you have ever seen one of the Minnox "spy" cameras, you might have seen the chain on them. The purpose of this was to ensure the correct focus setting quickly. It acts like a "plumb bob" to give the correct distance from the camera lense.

To ensure that you have the correct physical relationship you need a datum point for the plumb bob to point to and away of ensuring that both the camera and serial number blob are parallel to each other. As you are using gravity with the plumb bob you might as well also use gravity to ensure the that they are both level by using a "spirt level", (that you can buy in many photography shops). First to ensure the object with the serial number blob is "level" then on the camera to ensure it is "level", when the plumb bob hangs directly over the datum point mark.

RatioJanuary 29, 2018 8:34 PM

@Nopeadope,

Funny demolition of RatIO's weekly dose of illegal US war propaganda.

This week it’s a dose of illegal US Deep State propaganda. Please troll on topic.

If you think (parts of) the articles as published by Volkskrant and Nieuwsuur are factually incorrect, make unwarranted assumptions, draw logically invalid conclusions, or commit any other crime against reality or reason, maybe you’d like to point out the errors? Either way, good for you.

But if you think the pile of garbage you linked to is a well-reasoned takedown of those articles, you have my condolences on your clearly diminished mental faculties. And the sad thing is, that “rebuttal” isn’t even funny.

Now, if you’ll excuse me, I’m off to “SchnierBlog” for some “Schniering on Security”.

RatioJanuary 29, 2018 10:36 PM

@Wael,

As for water, the word you want look up is [REDACTED], then go from there.

This is starting to look a bit like taking words that look or sound similar, concluding that they’re so similar, and then asking if that’s a coincidence. No, it’s not, it was set up that way (false cognates being one of the problems).

A lot more than [about 1500 years].

Roughly 1000 BCE (for Old [REDACTED]) is about 1500 years before approximately 500 CE (for Old English) last I checked.

What I care about is how these 'coincidences' came about.

There’s this thing called historical linguistics… ;-)

(I won’t pursue this any further, as our off-topic banter has apparently upset some of the more sensitive commenters so much that… Well, you’ve seen it. It wasn’t pretty.)

WaelJanuary 29, 2018 11:39 PM

@Ratio,

We'll pick 'Dutch' up some other time ;) After our 'honeymoon' is over. It's an interesting topic to me, that's all.

22519January 30, 2018 12:10 AM

Speaking of squid: BBC Radio 4's widely-acclaimed program "In Our Time" will discuss cephalopods this Thursday morning at 9 a.m., London time.

http://www.bbc.co.uk/programmes/b09pjgrn

"In Our Time" is a fascinating program whose podcasts don't disappoint. The subjects are mostly from history, philosophy, culture, religion, science, and mathematics.

Two podcasts relate directly to cryptography:

"Random and Pseudorandom"
http://www.bbc.co.uk/programmes/b00x9xjb

"Cryptography"
http://www.bbc.co.uk/programmes/p004y272

RatioJanuary 30, 2018 4:53 AM

@Grauhut, @winter,

Google translate supports me! ;)

It does? (FWIW, I thought you weren’t happy with the translator’s prose. I’m guessing you could probably piece together what it says in Dutch, but Google Translate is less work.)

Russian ic ops search for news about an attack before an attack has happened and this is indirect evidence of involvement? If they were involved, wouldn't they do such a search after an attack?

After they think the attack has taken place: there could have been a miscommunication or maybe the attack was delayed.

But if you read the newspaper articles, you see that the Russians look voor news about the target of the upcomming attack.

Do you happen to remember where you read that?

Most people are able to understand that interpretations that are physically impossible would not be the intention of the writer.

But it isn’t physically impossible.

WinterJanuary 30, 2018 6:26 AM

"Do you happen to remember where you read that?"

In the paper version of the Volkskrant of 27 January. I happen to subscribe to that newspaper.

I cannot find the article I read online, but here is an article from the series about the hack. Under point 1 it says that the attackers would follow the target online before starting the actual attack:
https://www.volkskrant.nl/tech/unieke-inkijk-in-werkwijze-zo-halen-russische-hackers-gestolen-data-binnen~a4562176/

Trying to argue that the original articles claim the hackers would search for news about the attack before the attack would take place sounds rather daft.

RatioJanuary 30, 2018 7:23 AM

@Winter,

I cannot find the article I read online, but here is an article from the series about the hack.

It’d be interesting to see what the article you read says, but it looks like that’s not on the cards. The article you link to describes the hackers’ MO, which naturally includes the gathering of information on the intended target.

Trying to argue that the original articles claim the hackers would search for news about the attack before the attack would take place sounds rather daft.

That would be silly. But the couple of lines we’re talking about aren’t about the hackers (who do the actual work):

According to one American source, in late 2015, the NSA hackers manage to penetrate the mobile devices of several high ranking Russian intelligence officers. They learn that right before a hacking attack, the Russians search the internet for any news about the oncoming attack. According to the Americans, this indirectly proves that the Russian government is involved in the hacks.

“The Russians” are the same people as the “high ranking Russian intelligence officers”. Make sense?

echoJanuary 30, 2018 8:54 AM

Appeal judges have just ruled that UK blanket survellience is unlawful. Sadly this case isn't unique in the sense of political overreach and absense of safeguards or judicial oversight. This kind of instititional arrogance permeates the system as recent human rights and discrimination cases have highlighted.

https://www.theguardian.com/uk-news/2018/jan/30/uk-mass-digital-surveillance-regime-ruled-unlawful-appeal-ruling-snoopers-charter

The court of appeal ruling on Tuesday said the powers in the Data Retention and Investigatory Powers Act 2014, which paved the way for the snooper’s charter legislation, did not restrict the accessing of confidential personal phone and web browsing records to investigations of serious crime, and allowed police and other public bodies to authorise their own access without adequate oversight.

The three judges said Dripa was “inconsistent with EU law” because of this lack of safeguards, including the absence of “prior review by a court or independent administrative authority”.

and

The judges, headed by Sir Geoffrey Vos, declined to rule on the Home Office claim that the more rigorous “Watson safeguards” were not necessary for the use of bulk communications data for wider national security purposes.
The judges said the appeal court did not need to rule on this point because it had already been referred to the European court of justice in a case which is due to be heard in February.

WinterJanuary 30, 2018 12:01 PM

"They learn that right before a hacking attack, the Russians search the internet for any news about the oncoming attack. According to the Americans, this indirectly proves that the Russian government is involved in the hacks."

"“The Russians” are the same people as the “high ranking Russian intelligence officers”. Make sense?"

I start to understand what you mean. The Dutch reports say nothing about these high ranking Russians, as these were hacked by the NSA.

It is obvious that these high ranking Russians knew about the intended attacks, but not when they would be launched. If someone searches the net about news of an attack that has not yet happened, this is quite solid proof they knew what was happening. If I search the web for news about the specifics of a terrorist attack before it happened, I should have a very good explanation ready.

bttbJanuary 30, 2018 12:32 PM

Disinformation and the Steele Dossier, emptywheel from yesterday

"By all accounts, the House will vote to release the Nunes memo tonight, even while Adam Schiff pushes to release his countering memo at the same time. Perhaps in advance of that, Andrew McCabe either chose to or was told to take leave today until such time as his pension kicks in in mid-March, ending his FBI career.

Since we’re going to be obsessing about the dossier for the next while again, I want to return to a question I’ve repeatedly raised: the possibility that some or even much of the Christopher Steele dossier could be the product of Russian disinformation. Certainly, at least by the time Fusion and Steele were pitching the dossier to the press in September 2016, the Russians might have gotten wind of the project and started to feed Steele’s sources disinformation. But there’s at least some reason to believe it could have happened much sooner.

FORMER CIA OFFICER DANIEL HOFFMAN ARGUES THE NEAR MISSES ARE A MARK OF RUSSIAN DISINFORMATION
A number of spooks had advanced this idea in brief comments in the past. Today, former CIA officer Daniel Hoffman makes the arguement at more length at WSJ..."
https://www.emptywheel.net/2018/01/29/on-disinformation-and-the-dossier/
https://www.wsj.com/articles/the-steele-dossier-fits-the-kremlin-playbook-1517175564

The Steele Dossier is relatively short at around 35 pages, but dense reading and you can see it yourself
https://www.buzzfeed.com/kenbensinger/these-reports-allege-trump-has-deep-ties-to-russia

Clive RobinsonJanuary 30, 2018 7:01 PM

@ Thomas_H,

Subliminal messages in songs can hijack your connected device

I kind of get what the journalist is saying about the process.

But what makes my mind boggle is what it tells us about the limitations and ways of AI speach recognition.

Or to put it another way, just how far off the mark the AI algorithms are when compared to the way a human ear and brain work.

hmmJanuary 30, 2018 9:36 PM

"By all accounts, the House will vote to release the Nunes memo tonight, even while Adam Schiff pushes to release his countering memo at the same time."

Why should they want to release only 1/2 of the story deliberately?

Why should Trump have wanted to shut down the investigation 2100 ways to Sunday?

Why did Trump promise to answer questions under oath, now his lawyers say Mueller 'isn't qualified'?

Why? Because he's innocent and this is a witch hunt and he's unafraid and has nothing to hide.

We're not going to sanction Russia for the election hack as Congress voted, Trump decided. Too soon.

What a joke.


gordoJanuary 30, 2018 11:06 PM

(SOUNDBITE OF ARCHIVED RECORDING)

PRESIDENT VLADIMIR PUTIN: (Speaking Russian).

KELEMEN: "Look at this stupidity," Putin said, pointing out that the U.S. is blacklisting Russia alongside North Korea and Iran, at the same time, asking Russia to help solve those issues. Meanwhile, Russia's embassy here confirmed that the head of Russia's foreign intelligence service was invited to counter-terrorism talks in Washington. That had Senate Democratic leader Chuck Schumer fuming because Sergei Naryshkin is on a U.S. sanctions list.

https://www.npr.org/2018/01/30/581930161/trump-facing-criticism-for-not-doing-enough-to-punish-russia-for-election-meddli

. . . https://www.pri.org/stories/2017-12-18/russia-thanks-cia-tip-thwarted-terror-attack

Sometimes I reach for the popcorn and sometimes I just reach.

Anura (Vapor-Inhaling Transhuman Frog-Brained Coder)January 30, 2018 11:23 PM

@BSPMBP

Not a single mention that bitcoin uses elliptical curves that were pushed by the NSA itself? Better conspiracy theorists, please.

Bong-Smoking Primitive Monkey-Brained SpookJanuary 31, 2018 12:09 AM

@ Anura (Vapor-Inhaling Transhuman Frog-Brained Coder):

Not a single mention that bitcoin uses elliptical curves that were pushed by the NSA itself?

That would not be classified as conspiracy! It has another name, as someone likes to say.

Better conspiracy theorists, please.

Working on it and will make it a habit. Problem is these days I sit in front of the TV to watch news, and that's when I light my equipment to 'enhance the experience' -- you know, popcorn grew old on me. Problem is before I light it, I listen to the news and think: goddamn! I am alredy stoned... perhaps I'll wait for tomorrow. Been like that since last election year... Haven't lit my bong since. Seems the scorpion will live to see another day.

Spooksvile CatJanuary 31, 2018 1:45 AM

@ Anura (Vapor-Inhaling Transhuman Frog-Brained Coder),

Not a single mention that bitcoin uses elliptical curves that were pushed by the NSA itself?

Are you saying @BSPMBS is "way off the curve";-)

@ BSPMBS,

Today's conspiracy theory: Did the NSA Create Bitcoin to Usher in One World Currency? Excellent brand they smoke: I want some.

It's only "pulped $100 bills" from "banker st" with that finest "white Columbian" espresso still attached.

Think not "Blue mountain" pricing that's too down market but that "Kopi Luwak"[1] one that's passed by a Paradoxurus hermaphroditus[2] first pricing.

Only being a larger organisation the most the NSA do their thing not by targeting free ranging Civits but by Intensively developed Chianina[3] collection of their prodigious output to get "Copious Loo Whack".

Only when you see the ouput do you realise "just what a load" the NSA produce ;-)

[1] http://www.most-expensive.coffee

[2] https://en.m.wikipedia.org/wiki/Kopi_Luwak

[3] https://en.m.wikipedia.org/wiki/Chianina

Bong-Smoking Primitive Monkey-Brained SpookJanuary 31, 2018 2:58 AM

@ Spooksvile Cat:

way off the curve

Always... In front of the curve, that is!

Kopi Luwak

I know that brand. Thank goodness I never tried it. Not surprised you mentioned Kopi Luwak! With a name like yours, one could say: it's from "up your alley", no? ;-p

Here's another story about a couple of Japanese travelers that were investigated for smuggling thirty eight, 1-Kg. gold bars at Incheon International Airport. The officials bought their story!

I Believe if they were caught in a different country they'd loose the gold and spend some jail time.

RatioJanuary 31, 2018 5:52 AM

@Winter,

The Dutch reports say nothing about these high ranking Russians, as these were hacked by the NSA.

Right. The article suggests that this was an example of US intelligence shared with the Dutch.

It is obvious that these high ranking Russians knew about the intended attacks, but not when they would be launched.

Or the attack (singular) was delayed for some reason. (The phrasing is ambiguous, but I think the intent is to describe an incident, not a pattern.)

If someone searches the net about news of an attack that has not yet happened, this is quite solid proof they knew what was happening.

Exactly. And in this case that ties the (Cozy Bear?) hackers to high ranking Russian intelligence officers, a.k.a. the Russian government.

JG4January 31, 2018 6:37 AM


I applaud the efforts to keep deaths from terrorism in perspective. I was a young man when I realized that more US troops died from drunk driving in most years than were killed in the entire First Gulf War.

Can't recall where I spotted this

https://www.cbsnews.com/news/john-le-carre-ex-british-spys-double-life-as-a-famous-author-1/

the usual daily compendium has a lot of security-related headlines

https://www.nakedcapitalism.com/2018/01/links-13118.html

...

Facebook is banning all ads promoting cryptocurrencies — including bitcoin and ICOs Recode

Do NOT Use Bitcoin Assuming It Is Anonymous Ian Welsh

...

Secret govt files sold off in a cheap cabinet: Biggest security breach in Australian political history News.com.au (Kevin W)

...

Venezuelan Pirates Rule the Most Lawless Market on Earth Bloomberg (JTM)

...

Health Care

Amazon, Berkshire Hathaway and JPMorgan Team Up to Try to Disrupt Health Care New York Times (Kevin W). Beware of billionaires bearing gifts. And Amazon hates people, expect as appendages to wallets, when a great deal of the efficacy of health care is the result of trust in the health care provider. This serves as a reminder that I need to get serious about becoming an expat, although at my age and with my severely constrained time, I don’t have time or $ for the basics, like identifying “finalist” countries and paying visits.

...

Clinton–Obama Emails: The Key to Understanding Why Hillary Wasn’t Indicted National Review. Oregoncharles:

I can’t believe I’m sending you something from the National Review, but apparently we’ve come to this. It appears to be a densely factual (if correct) investigative piece.

...

Jackpotting’ hackers steal over $1 million from ATMs across U.S.: Secret Service Reuters. EM:

As interesting as the story is, it is useful to put things in perspective by comparing the amount cited here with oh, say, that stolen from investors in the run-up to the GFC via fraudulent mortgage securitizations (figure on the order of $1 trillion or roughly $1 billion per day for 3 years), or the amount stolen from hoi polloi via the subsequent QE and ZIRP regimes by the Fed and transferred to very same crooked bank cartels, or the amount stolen every day by way of civil asset forfeiture, a.k.a. legalized theft by law enforcement. At least the ATM-hacking crooks had to put some actual serious effort and cleverness into the scheme.

...

RatioJanuary 31, 2018 10:28 AM

@Winter,

And in this case that ties the (Cozy Bear?) hackers to high ranking Russian intelligence officers, a.k.a. the Russian government.

My guess was “Fancy Bear”, but I somehow managed to type “Cozy Bear”.

AnuraJanuary 31, 2018 11:58 AM

@Spooksvile Cat

"Kopi Luwak"

A coworker brought that in once. I tried it; it's not bad, but nothing I would spend real money on. I can buy a pound of fair-trade, all natural, organic, minimally processed, cage free, fresh, locally roasted coffee for under $20 here and it's damned fine coffee as far as I'm concerned.

bttbJanuary 31, 2018 9:57 PM

The Trump plot thickens

"...Of course, the suggestion that Manafort could get a cooperation deal by flipping on Trump is admission that Manafort — one of the attendees at the June 9 meeting, among other things — could flip on him, that he has proof that Trump was part of the conspiracy with the Russians to tamper in the election.

Never mind that this admission exposes the lie Trump has been telling — that Manafort’s indictment only pertains to consulting he did for Ukraine years ago and therefore doesn’t pose a risk to Trump. Never mind that Trump’s confidence, given the signs that Rick Gates may be prepping to flip, may be premature..."

https://www.emptywheel.net/2018/01/30/trump-has-told-friends-and-aides-that-paul-manafort-can-incriminate-him/

RatioFebruary 1, 2018 7:08 AM

Tests link Syrian government stockpile to largest sarin attack - sources:

The Syrian government's chemical weapons stockpile has been linked for the first time by laboratory tests to the largest sarin nerve agent attack of the civil war, diplomats and scientists told Reuters, supporting Western claims that government forces under President Bashar al-Assad were behind the atrocity.

Laboratories working for the Organisation for the Prohibition of Chemical Weapons compared samples taken by a U.N. mission in the Damascus suburb of Ghouta after the Aug. 21, 2013 attack, when hundreds of civilians died of sarin gas poisoning, to chemicals handed over by Damascus for destruction in 2014.

The tests found "markers" in samples taken at Ghouta and at the sites of two other nerve agent attacks, in the towns of Khan Sheikhoun in Idlib governorate on April 4, 2017 and Khan al-Assal, Aleppo, in March 2013, two people involved in the process said.

[...]

Two compounds in the Ghouta sample matched those also found in Khan Sheikhoun, one formed from sarin and the stabilizer hexamine and another specific fluorophosphate that appears during sarin production, the tests showed.

JG4February 1, 2018 8:25 AM


I pruned this pretty hard in an attempt to color inside the lines. There are a lot more security-related stories in the headlines today.

https://www.nakedcapitalism.com/2018/02/links-2118.html

...

New tree-planting drones can plant 100,000 trees in a single day TechSpot (David L)

...

Flaws in Gas Station Software Let Hackers Change Prices, Steal Fuel, Erase Evidence Motherboard (resil

...

A small-scale demonstration shows how quantum computing could revolutionize data analysis MIT Technology Review (David L)

...

Big Brother is Watching You Watch

A fast-evolving new botnet could take gadgets in your home to the dark side MIT Technology Review (David L)

...

Meet the physicists selling time to traders Financial Times (David L)

...

Amazon patents wristband that tracks warehouse workers’ movements Guardian

...

JG4February 1, 2018 8:27 AM


these ideas can be borrowed for IoT

https://spectrum.ieee.org/aerospace/satellites/new-antennas-will-take-cubesats-to-mars-and-beyond

this guy is awesome

https://www.cringely.com/2018/01/16/bobs-first-predictions-2018/
...
Prediction #2 — the end of Windows supremacy. This is NOT a prediction that MacOS or Linux will take over from Windows. It’s more complex than that. What I am seeing is that Windows is becoming less and less important to Microsoft and as Microsoft’s focus changes so will our focus as consumers of personal computing. It’s not surprising that Microsoft is changing because desktop PC sales are down and Redmond can’t get much money anymore for Windows upgrades. So they have to find new sources of revenue. Under Steve Ballmer Microsoft was all about Windows, Microsoft Office, and Windows Phone. Under Satya Nadella, Windows Phone is gone and Microsoft’s concentration is on (in this order): 1) Azure (Microsoft’s public cloud); 2) Azure services like storage and — to some extent — Office 365; 3) Microsoft Office, and: 4) Windows.
That’s Windows going from first to fourth and Microsoft Office going from second to third. That’s huge.
The other day I bought for $99.99 a family license for Office 365. I didn’t even buy it for Office: I bought it for the five terabytes of cloud storage that came with the deal. Who wouldn’t pay $100 to store pretty much anything they could ever imagine in the cloud? It’s a kick in the head to Box, Dropbox, Google and others and reflects how important it is to Microsoft to get hundreds of millions of users signed-up for Azure services. Because once we do so Satya is pretty certain we’ll NEVER go away.
More predictions tomorrow.

k15February 1, 2018 2:39 PM

Simple question:
How can you find out whether a company thinks it is using a signed (not self-signed) security certificate on its website?

If all I see is that in the address bar it says says Secure, but in actuality the co. is using a signed cert, obviously it would mean something is wrong. How do I find out if this is the case?

(I should already know this.)

JG4February 1, 2018 5:02 PM


If HackerNews was BuilderNews

https://www.reddit.com/r/ProgrammerHumor/comments/7tvrft/if_hackernews_was_buildernews/

Everything you know about cement is wrong, submitted by edward

Hammers considered harmful, submitted by _pius

Why we don't follow building regulations, submitted by coloneltcb

Counting the individual grains of sand in our aggregate gave us a .1% improvement in stability, submitted by adventured

If programmers were treated by builders, submitted by edwinespinosa09

Red, green, rebuild: how to build a house by trying to walk through a brick wall, submitted by sz4kerto

Never interrupt a builder, no listed submitter

We didn't understand this old building so we just ripped it down and replaced it with a latrine, submitted by _pius

IKB: how to use spaghetti to increase bridge-building output by an order of magnitude, submitted by omnibrain

Ask BN: should I bother to learn anything or just dive in and make my own tools?, submitted by rockdiesel

You don't know cement, submitted by ThomPete

OMFG REACT!!!11eleven, submitted by alexdevkar

rFebruary 1, 2018 9:25 PM

@just guessing,

Not to sound like a hypocrite, but do you review even the least bit of you aggregations?

Nom nom nom nominal.

JG4February 2, 2018 6:33 AM


I forgot to point out that the link last night (Reddit?) could be recast in terms of secure systems, rather than just software/coding in general.

some fascinating history

Breaking 43 Years of Silence, the Last FBI Burglar Tells the Story of Her Years in the Underground The Nation

https://www.nakedcapitalism.com/2018/02/links-2218.html

...

FBI Warns Republican Memo Could Undermine Faith In Massive, Unaccountable Government Secret Agencies The Onion

...

Big Brother Is Watching You Watch

UK mass digital surveillance regime ruled unlawful Guardian

The quiet and creeping normalisation of facial recognition technology New Statesman

Florida warden retaliates for article publicizing prison abuses, slave labor and prisoner protest San Francisco Bay View

...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.