Friday Squid Blogging: Sake Decanters Made of Dried Squid

This is interesting.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on April 6, 2018 at 3:59 PM • 85 Comments

Comments

D-503April 6, 2018 4:10 PM

Fun, fun, fun!
Many – if not most – people use unspoken language to record their thoughts. It’s already known from brain imaging that these “internal vocalisations” or “subvocalisations” involve a lot of activity in the language centres of the brain. The big security question is how much of this private data leaks beyond the brain.
A student at MIT’s Media Lab has demonstrated that internal vocalisations leak via subtle twitches in the muscles of the face, leaking enough data to read the target’s mind[1]:
http://news.mit.edu/2018/computer-system-transcribes-words-users-speak-silently-0404
This is less scary than it sounds, because the device needs to be in direct physical contact with the target’s face, and can only distinguish between 20 words, far short of the ~2000 word vocabulary that’s the minimum for natural language transcription.
But it doesn’t take much imagination to extrapolate to nightmare scenarios.
2018 is pure gold for the clinically paranoid.

[1] This attack vector[2] isn’t entirely new. It was already known 120 years ago, and automated methods were already being developed more than ten years ago:
https://www.forbes.com/free_forbes/2006/0410/084.html
[2] Yes, yes, I know, these tools are being developed as a convenience for the target, not an attack against the target. I ought to be grateful for all the conveniences of the modern world. Like Facebook, for example.
More seriously, there are valid uses for this technology, such as helping people who are medically unable to speak, or helping communication in noisy environments.

CassandraApril 6, 2018 4:12 PM

I very rarely get the opportunity to enjoy a decanter of sake, but this Friday Squid has brought back some nice memories. Thank-you Bruce. おつかれさまです

VinnyGApril 6, 2018 5:29 PM

@D-503 re: subvocalization - I wonder what the actual repeatable poopulation statistics are for subvocalization while reading and/or thinking? I read in multiline "chunks" much faster than I can speak, and I seem to think at about the same speed as I read. This does not seem to be true even if I am processing lists of discrete items. I can also converse with someone while reading, albeit with some difficulty, and at reduced speed for both functions. The most common exception for me seems to be that when reviewing and editing text that I have typed for errors, I do read more slowly and deliberately, and may be subvocalizing. This analysis is of course at least somewhat subjective - I don't have the ability to measure most of these attributes.

veritasApril 6, 2018 7:09 PM

The site backpage.com has been seized by the U.S. Government.

This was done as part of an enforcement action by the FBI, the U.S. Postal Inspection Service, and the IRS Criminal Investigation Division, with analytical assistance from the Joint Regional Intelligence Center.

HmmApril 6, 2018 10:25 PM

Edible? Eh..

@Anders

"a company that provides business advice to entrepreneurs and help them create right business plans"

I wondered what they did, what with the plaintext password storage.

They give advice to businesses. Where do I send my Kroners?

RonnieApril 7, 2018 12:03 AM

Oops ignore my previous post - already mentioned last week but didn't find it when I initially searched.

EricApril 7, 2018 7:12 AM

According to this article in Chicago Sun Times, the Department of Homeland Security is seeking contractors for the creation of a process for monitoring news outlets around the world and collecting information on journalists, bloggers and “media influencers.”

More information in this post at FedBizOpps.gov.

What are you waiting for? Hurry, applications are due by by 1:00 pm on April 13, 2018:-)

CallMeLateForSupperApril 7, 2018 9:33 AM

Some "carders" have figured out a new angle: intercept *new*, *corporate* cards between card company and corporate customer (the ol' man-in-the-middle), replacing their chips with the chips of funky old cards, and sending the new-card/old-chip on to the addressee.

I know what you're thinking: the new card with old chip won't work. It doesn't have to; it only has to look normal so that the corporate customer will *activate* it.

The carder twiddles her thumbs until the card is activated, then she goes shopping, BIG-time. Hey, it is a *corporate* card!

https://krebsonsecurity.com/2018/04/secret-service-warns-of-chip-card-scheme/

bttbApril 7, 2018 9:41 AM

@hmm
last week you started a discussion related to cell phones, cancer and genetic damage.
https://www.schneier.com/blog/archives/2018/03/friday_squid_bl_618.html#c6773255

Some recent reporting on this topic includes:

https://www.democracynow.org/2018/4/5/how_the_wireless_industry_convinced_the

https://www.democracynow.org/2018/4/5/how_big_wireless_war_gamed_the
Regarding potential practical issues when using cell phones
"So, there are things you can do. The main thing you can do as a consumer is to minimize your use of your cellphone. Use a landline telephone whenever you can. And if you must use a cellphone, always use earbuds, and use it for as little the time as possible. Don’t go on and on. Have your phone call and complete it. And in general, you want to try and minimize the risk."
[snip]
"Now, to your question, Nermeen, about the differences, again, I’m not a scientist here. I’m a little uncomfortable talking about that. There are plenty of places where you can go to get good information on this. I’d recommend the National Environment Trust, is one. The American Pediatrics Association has also raised concerns about this. However, I do know this from sources that we’ve interviewed on this story, that you want to always wear earbuds, if you’re going to use a phone. You want to minimize your use of the phone. And yes, texting is better than a phone call, in terms of the amount of radiation you’re exposed to. And also, the moment of the connection of the call is when there is the biggest surge of radiation. That is, after you’ve dialed, and you hear it ringing, and then it connects to the other phone, at that moment, hold that phone away from you. The farther away it is from your skull, the less radiation that is going to be touching you. But again, the main thing is to just limit your use of all of this to the maximum extent that you can. Use landlines when you can. You know, the world still spun on its axis, we all had our lives, before there were cellphones. You can do it, folks.""

https://www.thenation.com/article/how-big-wireless-made-us-think-that-cell-phones-are-safe-a-special-investigation/


"... This article does not argue that cell phones and other wireless technologies are necessarily dangerous; that is a matter for scientists to decide. Rather, the focus here is on the global industry behind cell phones—and the industry’s long campaign to make people believe that cell phones are safe.

As happened earlier with Big Tobacco and Big Oil, the wireless industry’s own scientists privately warned about the risks.

That campaign has plainly been a success: 95 out of every 100 adult Americans now own a cell phone; globally, three out of four adults have cell-phone access, with sales increasing every year. The wireless industry is now one of the fastest-growing on Earth and one of the biggest, boasting annual sales of $440 billion in 2016."

[snip]

"Even so, the industry’s neutralizing of the safety issue has opened the door to the biggest, most hazardous prize of all: the proposed revolutionary transformation of society dubbed the “Internet of Things.” Lauded as a gigantic engine of economic growth, the Internet of Things will not only connect people through their smartphones and computers but will connect those devices to a customer’s vehicles and home appliances, even their baby’s diapers—all at speeds faster than can currently be achieved.

Billions of cell-phone users have been subjected to a public-health experiment without informed consent.

There is a catch, though: The Internet of Things will require augmenting today’s 4G technology with 5G, thus “massively increasing” the general population’s exposure to radiation, according to a petition signed by 236 scientists worldwide who have published more than 2,000 peer-reviewed studies and represent “a significant portion of the credentialed scientists in the radiation research field,” according to Joel Moskowitz, the director of the Center for Family and Community Health at the University of California, Berkeley, who helped circulate the petition. Nevertheless, like cell phones, 5G technology is on the verge of being introduced without pre-market safety testing.

Lack of definitive proof that a technology is harmful does not mean the technology is safe, yet the wireless industry has succeeded in selling this logical fallacy to the world. In truth, the safety of wireless technology has been an unsettled question since the industry’s earliest days. The upshot is that, over the past 30 years, billions of people around the world have been subjected to a massive public-health experiment: Use a cell phone today, find out later if it causes cancer or genetic damage. Meanwhile, the wireless industry has obstructed a full and fair understanding of the current science, aided by government agencies that have prioritized commercial interests over human health and news organizations that have failed to inform the public about what the scientific community really thinks. In other words, this public-health experiment has been conducted without the informed consent of its subjects, even as the industry keeps its thumb on the scale.

“The absence of absolute proof does not mean the absence of risk,” Annie Sasco, the former director of epidemiology for cancer prevention at France’s National Institute of Health and Medical Research, told the attendees of the 2012 Childhood Cancer conference. “The younger one starts using cell phones, the higher the risk,” Sasco continued, urging a public-education effort to inform parents, politicians, and the press about children’s exceptional susceptibility."

[snip]

"The FCC has granted the industry’s wishes so often that it qualifies as a “captured agency,” argued journalist Norm Alster in a report that Harvard University’s Edmond J. Safra Center for Ethics published in 2015. The FCC allows cell-phone manufacturers to self-report SAR levels, and does not independently test industry claims or require manufacturers to display the SAR level on a phone’s packaging. “Industry controls the FCC through a soup-to-nuts stranglehold that extends from its well-placed campaign spending in Congress through its control of the FCC’s congressional oversight committees to its persistent agency lobbying,” Alster wrote. He also quoted the CTIA website praising the FCC for “its light regulatory touch.”"

[snip]

"Years later, a study that Leszczynski described as a “game changer” discovered that even phones meeting government standards, which in Europe were a SAR of 2.0 watts per kilogram, could deliver exponentially higher peak radiation levels to certain skin and blood cells. (SAR levels reached a staggering 40 watts per kilogram—20 times higher than officially permitted.) In other words, the official safety levels masked dramatically higher exposures in hot spots, but industry-funded scientists obstructed research on the health impacts.

“Everyone knows that if your research results show that radiation has effects, the funding flow dries up.” —Dariusz Leszczynski, adjunct professor of biochemistry at the University of Helsinki

“Everyone knows that if your research results show that radiation has effects, the funding flow dries up,” Leszczynski said in an interview in 2011. Sure enough, the Radiation and Nuclear Safety Authority of Finland, where Leszczynski had a long career, discontinued research on the biological effects of cell phones and discharged him a year later.

According to scientists involved in the process, the WHO may decide later this year to reconsider its categorization of the cancer risk posed by cell phones; the WHO itself told The Nation that before making any such decision, it will review the final report of the National Toxicology Program, a US government initiative. The results reported by the NTP in 2016 seem to strengthen the case for increasing the assessment of cell-phone radiation to a “probable” or even a “known” carcinogen. Whereas the WHO’s Interphone study compared the cell-phone usage of people who had contracted cancer with that of people who hadn’t, the NTP study exposed rats and mice to cell-phone radiation and observed whether the animals got sick.

“There is a carcinogenic effect,” announced Ron Melnick, the designer of the study. Male rats exposed to cell-phone radiation developed cancer at a substantially higher rate, though the same effect was not seen in female rats. Rats exposed to radiation also had lower birth rates, higher infant mortality, and more heart problems than those in the control group. The cancer effect occurred in only a small percentage of the rats, but that small percentage could translate into a massive amount of human cancers. “Given the extremely large number of people who use wireless communications devices, even a very small increase in the incidence of disease…could have broad implications for public health,” the NTP’s draft report explained.

But this was not the message that media coverage of the NTP study conveyed, as the industry blanketed reporters with its usual “more research is needed” spin. “Seriously, stop with the irresponsible reporting on cell phones and cancer,” demanded a Vox headline. “Don’t Believe the Hype,” urged The Washington Post. Newsweek, for its part, stated the NTP’s findings in a single paragraph, then devoted the rest of the article to an argument for why they should be ignored."

[snip]

"he scientific evidence that cell phones and wireless technologies in general can cause cancer and genetic damage is not definitive, but it is abundant and has been increasing over time. Contrary to the impression that most news coverage has given the public, 90 percent of the 200 existing studies included in the National Institutes of Health’s PubMed database on the oxidative effects of wireless radiation—its tendency to cause cells to shed electrons, which can lead to cancer and other diseases—have found a significant impact, according to a survey of the scientific literature conducted by Henry Lai. Seventy-two percent of neurological studies and 64 percent of DNA studies have also found effects.

The wireless industry’s determination to bring about the Internet of Things, despite the massive increase in radiation exposure this would unleash, raises the stakes exponentially. Because 5G radiation can only travel short distances, antennas roughly the size of a pizza box will have to be installed approximately every 250 feet to ensure connectivity. “Industry is going to need hundreds of thousands, maybe millions, of new antenna sites in the United States alone,” said Moskowitz, the UC Berkeley researcher. “So people will be bathed in a smog of radiation 24/7.”"


CallMeLateForSupperApril 7, 2018 9:51 AM

Re: Cloudflare's DNS

Cloudflare's instructions for setting up 1.1.1.1 on Ubuntu are ... if not a total mess, then too narrowly focused. It felt like I was trying to trouble-shoot Linux with instructions for a Window.


justinacolmenaApril 7, 2018 10:45 AM

Fed, Treasury Examining Bloomberg Use of Terminal Data — that is, Michael Bloomberg, media magnate, former mayor of New York City, and gun control despot who bought out an initiative election to so sneakily regulate gun sales that new guns are effectively banned in Washington State. And they call it "Common Sense" — what an insult to Thomas Payne!

Financial analysts pay >$1,500 per month of their clients' money to use the "Bloomberg Terminal" — the Holy Grail of status on Wall Street. The allegation is that Bloomberg data-mines the activities of users and is thereby able to beat the scoop on other financial news outlets.

Yes, there are plenty of other, much cheaper, sources of data for financial analysts to use, but they lack the social status of the "Bloomberg Terminal" service.

QMApril 7, 2018 12:30 PM

Re: subvocalizations

I have an odd talent of being able to type several paragraphs of mentally prepared text, while listening to and watching a speaker, with full comprehension and accuracy. For example, someone interrupts me typing out an email I've composed in my head, and asks me a question with some non-trivial context. I can usually engage in conversation, answer the question, and followups, if it doesn't require significant logocal thought, while still typing accurately.

Of the four word streams in my head (typing, thinking, listening, responding), which subvocalizations would be observed? Would this approach defeat an attempt to read my face?

bttbApril 7, 2018 12:38 PM

From: https://ehtrust.org/take-action/educate-yourself/10-things-you-can-do-to-reduce-the-cancer-risk-from-cell-phones/

10 Tips To Reduce Cell Phone Radiation
1. Distance Is Your Friend
2. Avoid Using Your Cell Phone When The Signal Is Weak
3. Avoid Carrying Your Cell Phone On Your Body At All Times
4. Children Should Only Use Cell Phones For Emergencies.
5. Do Not Sleep With Your Cell Phone Powered On.
6. Use Your Home And Office Corded Landline For Most Conversations
7. Avoid Using Your Cell Phone Inside Spaces That Are Surrounded By Metal Like A Car, Elevator, Bus, Train Or Airplane.
8. Whenever Possible, Minimize Talk Time And Choose To Communicate Via Text Messaging Rather Than Making A Voice Call
9. Protect Your Fertility.
10. Read Your Cell Phone Manual

HmmApril 7, 2018 3:46 PM

@bttb

That was a good lay of the landscape and I agree..

I typed up a big comment in reply and just managed to accidentally delete it closing a tab.
About as demoralizing as the topic in general..

TLDR: we wait decades for regulation on dangerous consumer/industrial products.

Mercury, lead, asbestos, radium, bizphenols, PCB's, pthalates, pseudoestrogines.. the list is endless.
We never regulate ahead of a major problem, we let these things get way, way out of control instead.
Why should tech be any different?

An Illinois man just died bleeding from his ears and eyes - and before you guess Ebola, what about synthetic marijuana full of rat poison that is completely legal for sale?

http://www.chicagotribune.com/news/ct-met-synthetic-marijuana-problems-history-20180406-story.html

And if it ever gets enough attention to be regulated? Poof, change the formula.
Now it's a brand new thing and a brand new regulatory round robin begins.
This is a metaphor for how we handle just about everything.

Developing brains glued to under-regulated cell phones for hours and hours beyond manufacturer's small-print cautions and recommendations is without question more the norm than anyone exhibiting ANY conscious reduction in their exposures to them.

We see the massive spike in cancers along the interstate highways, shrug, and pull into the drive thru.
This is our society. Caution is a bad word like Communism, regulation is the actual devil.
Science is reduced to a means of bickering about industry's well-funded talking points.

There is no saving us from ourselves. An ocean full of trash is next century's problem.
Let's just smoke our rat poison and irradiate ourselves like it doesn't even matter.
Because as far as we care to ACTUALLY deal with these problems, they simply don't!

Alyer Babtu April 7, 2018 4:33 PM

Re Zuckerberg and Facebook message deletion

What kind of backup does Facebook use ?

Clive RobinsonApril 7, 2018 4:44 PM

@ Who?

It seems they [Russians] are not aware the easiest way to track Telegram users is from the mobile devices themselves.

I suspect they are only to aware of that, but that is not what they want to do.

Put simply from their point of view it will be easier to send a message. That is if they smash up some non Russian company very publicly other non Russian companies will see things differently and not get close enough to toe the line, let alone step over it.

Not only would it be easier if you think about it, it's a better utilization of resources.

Further they are not the first country to take a dim view on US Products, China has likewise called the US out.

And to be honest, the US started this idiocy some time ago and I fully expect other countries using "National Security" to get tough on US corporates... It is to quote the song "blowing in the wind".

Further I can see other people trying to get tough over the Inter State Dispute Resolution process that Obama tried to pass off on the world via his various trade agreements like the Transalantic Trade etc. It was shrouded in secrecy, where the US had US corporate lawyers drafting legislation but not alowing ellected politicions of other nations to see the absolute nightmare contained within.

So yes unsprisingly there are more than a few people that want full transparancy with future treaty and other agreements with the USG. And their case/cause has been strengthened by the recent final outing of Cambridge Analytics / Facebook.

Clive RobinsonApril 7, 2018 4:59 PM

@ Hmm,

We never regulate ahead of a major problem, we let these things get way, way out of control instead.

Your begining to sound as morose as me :-(

Please note though it is not "we" but "they" actively pushing things way way out of control. Look at it this way do you realy think the average US family would vote to alow what US industry routinely does such as polute their drinking water with god alone knows what?..

That's not to say it's any better in other countries... You've probably heard of Fracking, well it's come to the UK and from what I can see it's going to be the next big "Asbestos scandal". And it will return very little or nothing to the communities that will be blighted not just by the polution but by the toxicity of what is getting into their water and air...

Who?April 7, 2018 7:08 PM

@ Clive Robinson

So yes unsprisingly there are more than a few people that want full transparancy with future treaty and other agreements with the USG. And their case/cause has been strengthened by the recent final outing of Cambridge Analytics / Facebook.

Clive, you are much more optimistic than me. I do not really think Cambridge Analytics affair will be a concern for most citizens, either U.S. ones or not; as time passes it seems population is becoming immune to these news about privacy violations.

Intel knows better than us, since they have decided leaving unprotected millions of computers affected by the Meltdown and Spectre bugs they have created over the years on their quest to get the faster and cheaper (at least from the manufacturing point of view) processors:

https://arstechnica.com/gadgets/2018/04/intel-drops-plans-to-develop-spectre-microcode-for-ancient-chips/
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf

My bet is they will not be punished and they know it.

Peter QuinceApril 7, 2018 8:05 PM

@ Who?

"Russian's FSB Federal Security service seeks to block Telegram app being used across the country"

Well, that is good news. It shows that Telegram works, and that they do not want to go through the trouble of targeting specific phones--which is much more expensive, much more difficult, and is often like a fishing trip that catches minnows.

I miss the sound of U.S. entities whining about encryption. When they are not whimpering I feel sad. I am longing to hear weeping sounds about Protonmail.

We might think that assuring privacy is a losing battle, but that is not the case at all. The titans of all sorts depend on people remaining uninformed. Entropy is on their side, but this can be overcome.

To my mind, Protonmail is doing serious work. In order to subvert them, that would probably have to be an inside job with gifts. Let's hope that does not happen.

The proliferation of companies such as Telegram and Protonmail offers real hope for privacy advocates. Another important development is this effort to create secure channels in compromised systems. That can be done. Strictly speaking, creating a secure channel in a system that is most likely undorked (Signal/Protonmail/Telegram) is the best way to go, but it does not really matter as long as the encryption is done right and the ciphertext is undetectable.

JG4April 7, 2018 8:07 PM


Thanks for the excellent discussion.

https://www.nakedcapitalism.com/2018/04/links-4-7-18.html

...

Big Brother is Watching You Watch

Under a millimeter wide and powered by light, these tiny cameras could hide almost anywhere TechCrunch (David L)

Homeland Security to Compile Database of Journalists, Bloggers Big Law (Paul R)

Are your phone camera and microphone spying on you? Guardian (David L)

What Happens When You Track Your Boyfriend on Strava Wired (Dr. Kevin)

Artificial intelligence could soon enhance real-time police surveillance Awesome Investors (David L)

The Paris Lawyer Who Gives Google Nightmares NPR (David L)

...

ThothApril 7, 2018 8:09 PM

@Clive Robinson

Re: Telegram lockdown

Telegram is a "Made in Russia" product by Russian guy called Pavel Durov.

This is more of a case where Russia is trying to make an example out of Telegram that Russian products are not immune to handing over crypto keys even if these products are used globally or if their are based in or out of Russia.

Essentially, Putin is kinda inspired by Xi (China's big boss) or maybe the other way around but essentially they are trying to portray themselves in the Soviet era of an everlasting leader that cannot be dethroned and no one can even talk anything bad about them ... which spells more like Absolute Monarchy which is still practiced in certain parts of South-East Asia with tough lese majeste colonial laws ... which makes them no better than the so-called "Democracy" or "Socialism" that they try to replace.

One way to ensure their everlasting continuity on their thrones, they have to gag everyone, know everyone and control everyone and cryptography is one thing that challenges the perception and projection of their power even if they could hack into all phones with ease.

Cryptography is pretty trivial to bypass via malware, bad implementations, bubbling up attacks, EM attacks ...etc... and they know pretty well that attacking Cryptography is not hard for such powerful nations.

It is not just the technical side that cryptography poses a problem to their regime but it is the image that shows that they still have areas not under their control that truely matters to their personal and political image of being some form of invincible monarch in the guise of whatever politics they are paddling.

LeeHammApril 7, 2018 11:45 PM

@CallMeLateForSupper

So this is a chip in the middle attack?

I have just received a new chipped debit card from Am**on in central México. Before reading about this scam, I had wondered if the physical card would really arrive, as mail service in México is notoriously unreliable.

I was impressed that the card was sent by DHL. The DHL guy called me to announce he was ready to deliver the package; and couldn't find my building. I gave him directions and met him in the street. He then failed to ask for any identifying info from me. I signed a touch panel with my finger, so I could well have been a quick-thinking bad guy, who just received the call.

echoApril 8, 2018 3:54 AM

@Thoth, @LeeHamm

"It is not just the technical side that cryptography poses a problem to their regime but it is the image that shows that they still have areas not under their control that truely matters to their personal and political image of being some form of invincible monarch in the guise of whatever politics they are paddling."

and

"I was impressed that the card was sent by DHL. The DHL guy called me to announce he was ready to deliver the package; and couldn't find my building. I gave him directions and met him in the street. He then failed to ask for any identifying info from me. I signed a touch panel with my finger, so I could well have been a quick-thinking bad guy, who just received the call."

What both of you describe is in essence how the UK state operates in practice.

Who?April 8, 2018 6:15 AM

@ Peter Quince

I miss the sound of U.S. entities whining about encryption. When they are not whimpering I feel sad. I am longing to hear weeping sounds about Protonmail. [...] To my mind, Protonmail is doing serious work. In order to subvert them, that would probably have to be an inside job with gifts. Let's hope that does not happen.

ProtonMail is easier to subvert than you may think.

On the one hand ProtonMail is written by high-energy physicists, not experts on computer security, and it is obviously developed as a profitable business—just look at the small set of features available to non-paid customers. The intelligence community will have no problems finding bugs or "supporting" the development of ProtonMail on the shadows while supervising the running of new security developments.

On the other hand ProtonMail is very easy to undermine. A simple packet injection attack would allow sending a modified script to decrypt email (on the second stage of the authentication) that forwards a copy of the password to a computer owned by the intelligence agency that performs the attack while decrypts the user's email.

Who?April 8, 2018 6:29 AM

@ Clive Robinson, Thoth, Peter Quince

I agree with Peter, Russia's FSB Federal Security service is sending a message to the world: Telegram works. But I suspect they are not sending this message by mistake.

What worries me is that FSB is trying really hard to block the Telegram messaging app on Russia only. Why not taking control over the entire corporation? Why are they allowing non-russians to continue using that app?

The FSB has spent a lot of money since mid-90's on the SORM (Система оперативно-разыскных мероприятий) wiretapping program. Telegram's end-to-end encryption is a threat to that program, but there are more effective ways to take control over that rogue application than blocking its use in the country.

There is something wrong with current events; I suspect that there is more than we can see.

Who?April 8, 2018 6:43 AM

@ LeeHamm, echo

Just look at the Dell Community forums. In the last days quite a few Alienware laptops have been stolen on transit at different places over the United States. It seems FedEx has delivered these expensive gaming laptops to the wrong guys. No authentication asked, even if FedEx assures ID cards have been requested by the carriers before leaving the parcels.

MatthewApril 8, 2018 12:17 PM

@bttb, hmm and others worried about the dangers of mobile phones

You may have more to worry about than just the EM radiation from mobile phones.

Firstly the base stations operated by providers are way more powerful and are located on top of many buildings. They have bigger antennas and draw their power from the electric grid. Have you wondered why you can still make a call in buildings, tunnels and basement carparks when radios cannot even pick up a channel?

Second there are many sources of EM radiation. Wifi routers are emitting 2.5GHz and 5GHz waves. Even if you use cables, how sure are you that they are properly shielded and do not leak?

Clive has always been talking about energy gap given how noisy our equipment are. If your electric appliances are not shielded properly, microwave ovens, TVs, computers and etc are endlessly bombarding you with EM waves.
On the road, car manufacturers are installing radars in their cars for automated collision. So your body suffers more radiation whenever that Tesla, Google, BMW or Nissan drove past.

Then there is the issue with sunlight (a form of EM radiation). UV light from the Sun is proven to cause skin cancer. And there is cosmic radiation from the other stars in the Universe. To have complete protection, wrapping your head in tinfoil may not be enough. You need to cover your whole body with tinfoil.

I will share you this story I heard from somebody in the Singapore Air Force. I am not sure if it is true.

The pilots of the Apache attack helicopters have a standing order not to switch on their radar upon takeoff or landing even during peacetime exercises. It seems the first team of ground crew who worked with the helicopters are unable to have children. The medical inquiry determined that the high power radar have sterilised the men. Imagine your balls being cooked without you noticing. Could be why sperm count is declining worldwide.

MarkHApril 8, 2018 1:31 PM

@Matthew:

The story about AH-64 radar causing sterility seems unlikely to me, on several grounds. Will you tell us where you learnt it?

Quite a lot of aircraft carry radar. Weather radar is standard equipment on most jet transport aircraft. For many years (certainly predating the Apache), operating procedures typically require the radar to be switched off when on the ground.

It's worthwhile to remember that Very Large Numbers of people have had exposure from microwave transmitters since 1940, and that there have been numerous medical studies looking for health effects from microwave exposure.

The well-documented dangers are from heating of tissue (essentially, a microwave oven effect), particularly as a cause of ocular cataracts. Radar safety guidelines are designed to avoid dangerous rises in tissue temperatures.

It's well known that sperm production decreases when testes are too warm. I'm not aware of any lasting effect due to heating (other than that strong enough to cause obvious burns).

albertApril 8, 2018 4:01 PM

@MarkH,
Read "The Zapping Of America", by Paul Brodeur. It's a history of MW effects and studies. Yes, it's old news, but it highlights the fact that dangers of MW have been known and studied for decades. Don't be fooled by the 'heating effects' argument: "If it doesn't cause heating, it's not bad." It's a strawman argument. Some years ago I read about studies of military pilots, particularly helicopter pilots, who have the most exposure to radar. They found a higher then average number incidents of birth defects among their children, and a higher number of female offspring as well.

@Clive, etc.
The Forces of Monetization have easy-to-understand policies:
1. Eliminate regulation. If not possible, then ensure that regulations are not enforced.
2. Discourage case studies, research (especially medical research), and investigations. If not possible, then finance research that reaches the 'proper' or 'correct' conclusions.
3. Ethics and morality have no place in the business world.
The FoM are happy with the system as it stands today, but they are always looking for incremental improvements.

----------
It'll be a cold day in Hell before any of this changes. The only positive I see is that the Elite have to live in the environment they create.

JG4April 8, 2018 6:41 PM


I remember reading a long time ago (30 to 40 years) that working on radar is a risk factor for cataracts. I was surprised how little shows up on the topic from a quick search on duckduck. I found one east bloc paper, but it indicated that the link is weak. It would be easy for a second-order effect like people who work on radar are more likely to be sedentary to provide a false positive. I remember reading that a Marine Corps pilot was court martialed for a killing a ground crewman who happened to be shagging his wife. The murder weapon was a very powerful radar unit that he switched on while taxiing. I can't recall if it was mentioned here, but I've seen the claim that in the former Soviet union, it was an automatic death penalty if a pilot switched on one of the (very powerful) radar units on the ground, because it was lethal to the ground crew.

https://www.nakedcapitalism.com/2018/04/links-4-8-18.html

...

Do You Trust This Computer? Vimeo.com JCC: “Supposedly available only until Sunday Evening, some of what is covered has been covered on Naked Capitalism. Absolutely worth watching if you have the time.”

...[file under Concurrency, Availability, Integrity]

Big Brother IS Watching You Watch

Muslims win case against NYPD illegal surveillance Al Jazeera

Amazon customers take to social media after mysterious account closures Ars Technic

...

India

...

‘Big Brother’ in India Requires Fingerprint Scans for Food, Phones and Finances NYT. Grey Lady a bit late to glom onto this story.

Modi Government Turns Its Sights on Freedom of Digital Media The Wire

New Cold War

Staff at secretive defence centre Porton Down suffer low morale and lack confidence in leadership, survey reveals Independent. J T McPhee: “Everyone is piling on, looking to take a cut off the dead bull. Crappy writing even.”

...

MatthewApril 8, 2018 11:57 PM

@MarkH

As mentioned in my earlier post, I heard it from somebody who works for the Singapore Air Force. He probably heard it from his senior colleagues, so the story is probably passed through many people.
My understanding is the radar referred to is not for weather but for locating ground targets. Commercial aircraft do not have this radar.

My post is for bttb, Hmm and others who are so worried about the little transmitter in their pockets causing cancer that they fail to see the health concerns from other EM radiation sources.

Personally I try to live my life as healthy as possible. Mobile phone is the least of my health concern now because I need it for my work and there are many things in the environment that harms our health.

Bloated CowApril 9, 2018 12:12 AM

@albert

Don't be fooled by the 'heating effects' argument: "If it doesn't cause heating, it's not bad." It's a strawman argument.

Agreed. I'm no expert, but a search for "voltage gated calcium channels emf" should get people started.

HmmApril 9, 2018 2:55 AM

@matthew

You can still use a headset to reduce whatever the risk is, because the inverse square of the distance is the applicable factor in whether you're getting a significant dose of anything that radiates. It's true if you live in the top of a building with a transmitter you're probably getting more than average. But that's an edge case compared to cell phones - everyone has a cell phone damn near, and they tend to sit in the same pocket all the time or be up against one ear or another. It's a cumulative exposure.

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2569116/

Lots of things can cause problems a lot faster than cell phones, that's obviously true.
But it doesn't really speak to whether or not we could/should reduce cell-R risk if/as possible.

We don't think about it. We go about our business instead. You said so verbatim.
What if it did turn out to be a measurable risk? What if we had to make changes?
Could we?


RealFakeNewsApril 9, 2018 4:54 AM

@Who?: Intel said back in February that they will not fix the design in new processors, instead choosing to continue to use software mitigation.

I guess we now know how they squeeze that last drop of performance from their processors, while more honest rivals apparently struggle while actually adhering to the standards and security requirements.

I guess future benchmarks will also be generated on unpatched systems to mask the performance penalty in future designs.

RealFakeNewsApril 9, 2018 5:09 AM

RADAR altimeters are also a source of radiation, and these are likely to be a problem to ground crew working near an aircraft. Their operating frequency is also very high (GHz). This is most likely the source.

CassandraApril 9, 2018 5:43 AM

The heating effects of non-ionising microwave radiation are very, very well known, which is part of what sets and upper level for SARs. Parts of the body that have a good blood supply are unlikely to be affected because the blood perfusion acts as a very good heat exchanger, evening out temperature variations. Parts of the body that are not well perfused with blood will experience more heat effects, and one of those is the lens of the eye - hence the correlation between high-power microwave radiation and cataracts.
Radio operators are usually very well acquainted with the topic of RF-burns [1] [2] [3].
Once you get beyond ionisation and heating effects it gets a bit more complicated: it is blindingly obvious that certain parts of the body are exquisitely sensitive to a small range of wavelengths of electromagnetic radiation. Seeing is believing. So it is not impossible that there could be strong coupling between some type of microwave radiation and a biological structure - which is what is attempted to be shown by many papers discussing the non-thermal effects of microwave radiation, such as this one Microwave Review, November 2005: Non-thermal Biological Effects of Microwaves, Igor Belyaev . The problem with a great deal of research in this area is that it is of poor quality and often breathlessly reported by people with an agenda.One problem with using epidemiological studies is that normal expected statistical variations will give rise to spurious correlations, even before you start p-hacking, and the naive reader will not appreciate that.
As the X-ray pioneers found, it was pretty easy to determine that X-rays are bad for you. There is no such clear-cut signal of harm from current use of low-power microwave radiation - if there were, you would have expected a robust result to show up in the population level studies already undertaken. It may well be true that more people die of cancer these days, but that can be explained by the fact that medicine has advanced enough to stop them dying of other things before cancer gets to them in old age.
If you want to minimise your risk of death, there are far more important things to get right first- roughly (1) Don't smoke tobacco.(2) Eat healthily. (3) Exercise. (4) Get enough sunshine to keep your Vitamin D levels up, but no so much that you burn (5) Drink alcohol at most moderately. see also Live Science:The Odds of Dying.
It's worth thinking about your approach to risk. Many people worry about things that are far less risky than activities they carry out as part of their normal daily life, so rather than worrying about cellphone radiation, it may be more rational to looks at decreasing other activities. Obviously, people are happy to make trade-offs between risks and reward/perceived benefit (e.g. People can be quite happy to participate in quite risky sports, or having a dental X-ray), but making those decisions explicit can be instructive.
Which brings us to something a bit more on-topic: it's very difficult to assess information security risks. Some people take a control approach - if you follow a certain set of processes, then your risk of being 'hit' by an information security event is deemed to be lower than someone who has not implemented the same controls; others take a 'risk assessment' approach, where risks are explicitly identified and mitigated. You can of course, mix and match. I wonder if anyone has done an epidemiological study of risk minimisation strategies to see which are the most effective?

Cassandra

Who?April 9, 2018 5:49 AM

@ RealFakeNews

I see, Intel will blame software developers for damaging the performance of their processors.

Hope OEMs will understand that software mitigations to processor bugs are not the way to go. In fact, "mitigation" as a concept is not —and will never be— the way to go, but it is the best we will get with hardware bugs. I really want to see high-quality workstations running AMD, SPARC, MIPS or ARM processors. Of course it is just a will, all OEMs that I know will choose "performance" instead of security. They will kindly take that decision for us.

Sadly I was right when I said some weeks ago that a simple and right processor for security-conscious users will never be developed by U.S. corporations.

65535April 9, 2018 7:23 AM

@ jd, Clive Robinson, RonK, RockLobster and others

I am bring the interesting discussion of Steganography and even using it as a method of trading public keys fairly securely. The idea has merit. There is a risk reward aspect also. Check out that below.

To: RonK

"Converting your public key by stego is great idea! I didn’t think about It. I would probably help PGP users greatly and many others."-65535

Here some interesting links from last week’s “Subverting Backdoored Encryption” thread:

RonK

https://www.schneier.com/blog/archives/2018/04/subverting_back.html#c6773447

https://www.cs.cmu.edu/~biglou/pubkeystego.pdf

RockLobster

https://www.schneier.com/blog/archives/2018/04/subverting_back.html#c6773451

https://www.wilderssecurity.com/threads/the-laws-of-australia-will-trump-the-laws-of-mathematics-turnbull.395421/#post-2693448

https://www.schneier.com/blog/archives/2018/04/subverting_back.html#c6773465

Clive Robinson

https://www.schneier.com/blog/archives/2018/04/subverting_back.html#c6773495

https://www.schneier.com/blog/archives/2018/04/subverting_back.html#c6773511

jd

https://www.schneier.com/blog/archives/2018/04/subverting_back.html#c6773445

65535

“I’ll Stop here and bring this over to squid thread.”

https://www.schneier.com/blog/archives/2018/04/subverting_back.html#c6773509

Follow the above links for interesting commentary.

Clive RobinsonApril 9, 2018 5:10 PM

@ Bruce and others,

Undersea cable of Africa gets "cut" with ten countries effected, one of which had an election day...

https://dyn.com/blog/ace-submarine-cable-cut-impacts-ten-countries/

As nobody appers to be saying if the cable actully was cut, and if so how it's far from clear what has happened.

However compared to other cutting of sub sea cables this one appears to have had less impact as it has been routed around due to spare capacity in other services.

Clive RobinsonApril 9, 2018 5:24 PM

@ Cassie,

When talking about personal risk, you forgot to mention "micromorts", and the newer "microlifes".

https://en.m.wikipedia.org/wiki/Micromort

The thing that always ammused me about micromorts is that a given risk is "age related". That is recless driving has more micromorts for the young than it does for the old. Because the old are going to die soon(ish) thus have less microlifes less to loose... Thus all in my minds eye I see all those "Darby -n- Joan" types getting some whilst they still can ;-)

Alyer Babtu April 9, 2018 7:29 PM

Speaking of radiation damage , what about blue light from computer screens and macular degeneration?

Alyer Babtu April 9, 2018 9:00 PM

Csn blue be avoided by using say black background and greyscale text ? Or black bkgd and “friendly orange glow” ?

CassandraApril 10, 2018 3:15 AM

@Clive Robinson

I had forgotten micromorts, you are correct. Microlives was new to me, even though I am a fan of David Spiegelhalter's work on risk.

I have to confess some ignorance here: I am not aware of any work on the standardisation of the quantification of risk in Information Security environments - an equivalent of micromorts and microlives, for example. Risk evaluation seems to be (in the main) very qualitative. If anyone can point me towards some introductory work, I would be grateful.

I expect there is some work, as insurance is available, and underwriters/actuaries are not known for 'taking a punt'.

Cassandra

HmmApril 10, 2018 11:27 AM

@Cassandra

Well Orac seems to assert there's zero evidence supporting the correlation but that's false -
As above links in fact directly demonstrate. I'll cede it's not clear-cut by any means...

But what related analysis could one really expect from a professional cell phone blogger?

(Difficult as it is to get a man to understand something when his salary depends on praising it.)

Orac's duly underlined links purporting to show "no connection" link back to himself.
"singularly unconvincing results for a link between cell phones and cancer"
Links to :
"How is the cell phone-cancer myth like Jason Voorhees from the Friday the 13th slasher flicks?"
-Orac June 6, 2016

Imitable style? I've never seen garbage imitate garbage before... (blood in blood out..)
There's a reason scientific merit isn't all about bombastic prose paid in word counts..

The valid point shrouded there is : It's incredibly difficult to find the significantly-attributable CAUSAL factors in a complex, under-studied and relatively nebulous fields involved in individual lifetime oncology. There ARE bigger causes of cancer than cell phones, there's no disputing that. That's a lot of overlapping signal to sift through millions of individuals over their entire quite-varied lives. One can easily point to many other things as a possible cause to require ruling out - Those too were entirely missed by science also, and not long ago at all.

"Science" recently purported to show cigarettes made our DNA 'cool' and the like, we all remember, because it was directly funded with that in mind. The profits built an empire that then facilitated a ton of additional "science" to keep that signal buried in noise for DECADES, and when we finally(!) discovered the fraud was killing people, what did we do? We watched as Monsanto and American Home Products and Exxon (to name a few drops in the effing ocean) repeated it right in front of our eyes.

It's become the norm. Do whatever, FUD any critique for as long as possible, and make sure the holding company dumps the stock before the public mortality hits the fan. With "useful" idiots who are addicted to your product pursuing your agenda involuntarily, (FB comes to mind..) it becomes even easier for them to wash their hands as society plays with their dangerous stove.

We're poisoning ourselves so constantly and so variably and individually does it interact with our specific genomes that measuring what exactly is causing any individual measurable spike in cancer occurrences is a decades-long massive multi-million dollar effort to even begin to get into the scale of the statistical requirement to pin it down. We don't have the support for that kind of societal focus, to say zip of the patience or funding required. Regulations cannot save us from ourselves after the fact and they invariably come well after the fact.

We're putting warning labels on cups of coffee because acrylamide is created in tiny amounts by roasting some types of coffee at certain temperatures, and in the interim you can buy synthetic pot laced with actual rat poison at a convenience store, no problem.

This is the state of applied science in our society. So you'll forgive me if I use earbuds.
Non-ionizing radiation isn't provably harmless but I can't define the threat model.
I'm not an oncologist with a lifetime to devote to it or independent means to wit.

So? Ignore my rant. Go about your business. If you develop a nasty preventable disease meanwhile, that's just market patriotism really. Breathe deep and take solace : Someone will be wealthier for it.

CassandraApril 10, 2018 1:06 PM

@Hmm

As a minor point of order, 'Orac' is not a professional cellphone blogger. It is the lightly concealed nom-de-blog of David Gorski, "an American surgical oncologist, Professor of surgery at Wayne State University School of Medicine and a surgical oncologist at the Barbara Ann Karmanos Cancer Institute, specializing in breast cancer surgery."

I do not cite his profession as an appeal to authority - his writing should be subject to just the same level of rational criticism he applies to his topics, if not more so."He advocates for openness of the results of clinical trials and the use of only evidence-based medicine to treat diseases." And if you think oncology (in general) is under-funded compared to other branches of medicine, I have a bridge to sell you.

Writing as 'David Gorski' on the Science-based Medicine site in May 2016 when the preliminary report came out, he gives a much more in-depth and critical appraisal of the research and its results.

One thing you may have missed is that the control group of rats that were not exposed to cellphone radiation actually had, on average, shorter lifespans. The jazzed up (and incorrect) headline from that would be something along the lines of 'Using cellphones makes you live longer!".

This was a well-funded study that has produce surprisingly weak results. The effects the researchers are claiming are well within what would be regarded as natural variation of incidence of these types of cancers in these types of rats, and the statistical methods used are open to well-founded criticism. This is not the study you are looking for.

Cassandra

JG4April 10, 2018 2:04 PM


https://www.nakedcapitalism.com/2018/04/links-4-10-18.html

...

Secret Handshakes Slate

Our Famously Free Press

Data Lords: The Real Story of Big Data, Facebook and the Future of News Josh Marshall, Talking Points Memo. Worth a read, amazingly enough. Another way of saying “Lord” is “Robber Baron,” of course.

...

Big Brother Is Watching You Watch

Department Of Homeland Security Compiling Database Of Journalists And ‘Media Influencers’ Forbes. True.

Urban Bungle: Atlanta Cyber Attack Puts Other Cities on Notice Scientific American

...

Imperial Collapse Watch

When Military Leaders Have Reckless Disregard for the Truth The American Conservative

Why America’s Two Top Fighter Jets Can’t Talk to Each Other Bloomberg

...

Could artificial intelligence get depressed and have hallucinations? Science. Only if it goes on social media…

...

HmmApril 10, 2018 2:08 PM

@cassandra

Admittedly I didn't look (at all) into his personal background after the self-linking and denials of published medical fact, and I do feel a little foolish for it as I multitask through my day, but perhaps that would change little anyhow as you say.

The fact that he's so adamant as to write multiple editorials on the topic every year, one's established oncologist blogger is another's cell phone (and in fact all type of non-ionizing radiation) apologist, but neither of us can say who signs his checks for writing what he does, that which seems to contravene the outcomes of several current and ongoing studies. Saying there is "no" evidence that cell phones can cause tumors is patently false information no matter who says it.

https://www.cancer.org/cancer/cancer-causes/radiation-exposure/cellular-phones.html

https://www.cancer.gov/about-cancer/causes-prevention/risk/radiation/cell-phones-fact-sheet

A null hypothesis test for you :

If cell phone radiation is harmless, why do we regulate limiting SAR at all?
Why would anyone care to publish warnings and cautions? Are they just silly folk?

" And if you think oncology (in general) is under-funded compared to other branches of medicine "

Each individual cancer type requires funding and research. Breast cancer is WELL funded, yes.
If you averaged the funding for all types of cancers it might be reasonably better...

But that's not how it works, you know. Some cancers get comparatively ZERO funding.
Cell-linked gliomas are getting more and more ongoing but it's still just a drop compared.
The cost of some types of research vs others makes a difference also of course.

If you have a bridge to sell involving all cancers being adequately researched, I'd at least hear you out, but I think you would admit there is a lot of room for additional cancer research in any case - and you might admit what research that IS done is often kept secret for the purpose of institutions monetizing the result as able, and can be suppressed along similar lines. Certainly also you could admit there is a certain paid demographic in the medical industry that is all too happy to sow doubt where doubt already statistically exists, for pay, because there's nothing less ethical about that than over-prescribing narcotics or expensive unneeded therapies, say.

"One thing you may have missed is that the control group of rats that were not exposed to cellphone radiation actually had, on average, shorter lifespans."

I did note that. It's odd that radiation caused tumors but also statistically extended their lives, although there may be some explanation of a behavioral/other change that wasn't studied that contributes there. If cell radiation energized them into exercising more or something like that, but it wasn't included in the study at all as you will note.

"This was a well-funded study that has produce surprisingly weak results."

Yes that study did provide conflicting results that aren't really explained yet.

Well-funded by what measure? It's a very limited study on rats either way. Useful, perhaps -
That depends what comes of the results in/of further study confirmation or exculpation.
It's ongoing, not settled on any topic, certainly not radiation oncology in situ.

Rather than imagining a cell phone in our pockets 24/7 will extend our lifespans...
Might we be further curious to study what EXACTLY about it had that curious result?
You will also note, the exposed rats did get tumors.

If you understand statistics you understand how many paths can be charted in any dataset depending on where you're drawing your lines and what units you choose to give significance to, and why. Do not take any single statistic as a measure. That's not what it is. It's an estimate compiled from an average of a loose data set.

You can have several real needles in there you would never see because of a few bigger ones.
It's really a huge undertaking to get to 5 sigma. ANY study could use more funding.
Even the "simple" ones.

From your link, citing CR -

"Likewise, the cell phone industry may have to alter its stance. The wireless association trade group CTIA has maintained that cell phones are completely safe, and has fought to block San Francisco from passing laws that would require electronics retailers to notify consumers about the proper handling of cell phones."

That should give you some pause for thought. Why would we have SAR limits...
and manufacturers give recommendations for cell use to cover themselves...
yet monied groups are trying to actively suppress consumers from being warned?

If that can happen what's to prevent bloggers/editorials from doing their work also?

I myself don't claim one way or another cell phones "are dangerous" or not, right?

I say there's "some" evidence that they can cause tumors directly along tissues in close contact with for extended periods, but the statistical finality of judgment must be withheld until we can model what is causing it and have data exactly meet our expectations in all cases. We're a long way from that I think you'll agree. Orac seems to do what he can to dissuade the long view of possibility, for whatever reason.

If I'm wrong and cell phones are proven completely harmless, I'd happily eat one.
If I'm correct however Orac ought to eat one instead, in my view. Fair enough?
We've all been eating them the entire time really either way.

Now I'd best pour myself another cup of acrylamide bean residue and get back to work.
Profit demands it.

tyrApril 10, 2018 9:37 PM

I'm still a bit bemused by the method
of eating that sake container. Maybe
if you had a lot of help drinking the
sake you would still be conscious and
able to eat it. There's a reason good
sake comes in tiny little bowls and
is not made for quaffing from large
ones.

MarkHApril 11, 2018 12:08 AM

Respect to Cassandra, who writes good sense about mobile phone radiation.

I am no defender of mobile phones. They are almost certainly contributing to actual slaughter of human beings on public roads, and by biasing a generation away from the skills and warmth of real interpersonal contact, perhaps causing actual brain damage.

There is likely no limit to the number of biological mechanisms one could postulate, by which mobile phone RF might trigger health effects.

At the same time, the world has witnessed nearly exponential growth in exposure, without any clear linkage (so far) between adverse public health trends and this exposure.

Further, the first generation of radar technicians and operators reached its statistical life expectancy more than 30 years ago without showing any clear pattern of health effects. Almost all of them have died by now; if you think that a looming catastrophe is presently masked by long latency, perhaps that latency is so much longer than human lifespan that it's not really a health concern at all.

My intuition about the physics leads me to expect with high confidence that mobile phone radiation must cause some observable biological effects in exposed tissues.

But as to significant health hazards from the EM radiation, available evidence is consistent with their being somewhere in the range from zero to pretty rare.

I think it most prudent to continue research on health effects. And I remind all concerned that even if you believe most health researchers to be corrupt, nationwide epidemiologic data sets are quite another matter.

If RF-induced brain cancers should be 1,000,000 times more frequent than they were fifty years ago ... and they are not extremely rare ... how does anybody hide that?

HmmApril 11, 2018 1:01 AM

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC2569116/

“We found that cell phone use is linked to gliomas [malignant brain tumors] and acoustic neuromas [benign tumors of the brain’s auditory nerve] and are showing up after only ten years,” says lead author Lennart Hardell, an oncologist and cancer epidemiologist at University Hospital in Örebro, Sweden. Specifically, for studies that included at least 10 years of exposure, there was a doubling in the risk of gliomas for ipsilateral (same-side) but not contralateral (opposite-side) exposures to the head (as reflected by which hand the subject typically used to hold his/her cell phone). A 2.4-fold increase in risk was seen for acoustic neuromas due to ipsilateral exposures, whereas no increased risk occurred for meningiomas (tumors that occur in the membranes covering the brain and spinal cord).

“Clearly we need more studies of long-term cell phone usage to better assess the cancer risks,” says coauthor Michael Carlberg. Cell phones have been in mainstream usage for only a decade or so, and yet radiation-induced brain tumors normally take about 10–15 years to develop, according to the American Cancer Society.


^^ By reading that alone, I'm wondering if that answered any of your questions already?

HmmApril 11, 2018 1:04 AM

"If RF-induced brain cancers should be 1,000,000 times more frequent than they were fifty years ago"

A leap of logic in how 1:1 increases in input "should" result in proportional output in a system.

Not all things work like that, amazingly. I'll leave it there.

HmmApril 11, 2018 2:42 AM

http://interphone.iarc.fr/interphone_back.php

"studies are mainly focused on tumours in relatively young people (30-59 years of age"
Excluding children, teens. Toddlers, etc. Right off the bat there's a MAJOR selection.
(Yes, people even buy toddlers cell phones of their own now. Specifically bad people.)

The stated goal in doing that data selection was they assert 30-59 were the highest users overall, based on a few other studies, averages based on by definition several years to even decades old information by the initial point of supposition.

So we're going to completely leave developing bodies out of our "major" study for the specific reason that we don't think they use the phone as much as they say they do, (of course teens live on their phone, a ridiculous thing to exclude for THAT reason no less)

Major data culling going on.. then you further wipe out statistical outliers...
because you don't believe they used the cell as much as they claimed, you cull that as 'unrealistic' data and the outlying possible tumor outcome is statistically gone. Poof.

Even doing all that, they couldn't say it was perfectly safe compared to a baseline.
Because that's not the case.

"In the 10th decile of recalled cumulative call time, > or =1640 h, the OR was 1.40 (95% CI 1.03-1.89) for glioma, and 1.15 (95% CI 0.81-1.62) for meningioma; but there are implausible values of reported use in this group. ORs for glioma tended to be greater in the temporal lobe than in other lobes of the brain, but the CIs around the lobe-specific estimates were wide. ORs for glioma tended to be greater in subjects who reported usual phone use on the same side of the head as their tumour than on the opposite side."

"There were suggestions of an increased risk of glioma at the highest exposure levels, but biases and error prevent a causal interpretation. The possible effects of long-term heavy use of mobile phones require further investigation." (Where have I read that?)

"Overall, no increase in risk of glioma or meningioma was observed with use of mobile phones."

Emphasis mine, I broke that last line off the beginning of the paragraph.

Amazing what you can do with statistical data fudging and the word "overall" - the king of averages.

A 10 year+ minimum experiment period to begin to enter the main dataset, the center of the scatter graph. People at the high end of the exposure are getting the hits which tend to begin after many years of same-side exposure. That's not nothing, but OVERALL for the entire population that uses their cell phone against their heads for much less time, they have much less to worry about - which makes perfect sense to me.

The inverse square of the distance from the radiating body x the time of exposure, calculus yadda, kids who sleep on their phones all night with their friends might have a brain tumor resulting in their 30's as much as 3-4x more often than average.

How many studies last 20, 30 years? Not a lot. It's insane money, it's institutional level and multinational level. On THIS topic of all to pick, who is going to fund it?

The folks lobbying against warning consumers that over-exposure to their cell phones is bad news.
Industry groups of course. They're more than willing to donate to "ensure safety" is demonstrable.

"This "well-funded" study found "overall" you're going to live longer! Yayyy! No details needed!"


HmmApril 11, 2018 3:47 AM

https://www.nature.com/articles/s41598-017-15690-1

What if x-micromort-deadly brain tumors weren't the only possible outcome?
We've been looking for black vs white trends because they stand out more against noise.

But what if exposures cumulatively degraded your brain very slowly over time with albumin (and other) plaques crossing the blood-brain barrier (from which it can't escape) eventually coating myelin sheaths and disrupting neurosignaling, consequentially making heavy phone users just slightly that much dumber, more irritable, forgetful or annoyed with everything and damaging that intangible electro-neurochemical network-shape that philosphers and scientists believe embodies and comprises our personalities, experiences (perhaps souls?) in ways we cannot replicate or understand yet...

Anyone notice any symptoms?

Clive RobinsonApril 11, 2018 5:58 AM

@ MarkH,

There is likely no limit to the number of biological mechanisms one could postulate, by which mobile phone RF might trigger health effects.

Which is the first order part of the problem, the second order part is sorting them out as to what appears credible, and what does not. For this to happen you need people to have "methods of measure" without which everything else is statistical guess work which can have other underlying causes that a researcher may not be aware of.

For instance people question the safety of being near overhead power lines. In the US overhead powerlines were once very frequent. And there was some statistical correlations with them and various diseases depending on how granular you made the geographic areas. It also turned out that researchers in other countries were looking into similar diseases and they found similar clusters but without overhead power cables being considered a contributing factor (they are quite rare in the UK). What they were looking into was "New Town" later "New Build" syndrome, where moving into a relatively new built building where "soil had been turned" had a statistical correlation with the diseases (something you do not hear much about some third of a century later).

There are always other things to consider in looking at data from "non trial" sources[1] that have to be eliminated and without proven measurands the correlations have to be overwhelming.

So untill quite recently the only tools we had for measuring EM fields were very blunt ones and as with "hammers and screws" they may not be used appropriately. Thus much work is done by modeling and "borrowing from other fields of endeavor".

For instance we know more about how the ear cannal works with sound. It is in effect a transmission line for sound. Much work on EM and Acoustic transmission lines is interchangable but not all. The big catch is we don't know which without extensive trials.

As was pointed out some years ago, the advice about not putting the phone against your head when using it might well have been sound for acoustic "hands free" but what about with "ear buds"? As was pointed out the cables to the ear buds make goode antennas (which is why they were used for FM receive in phones). Certain types of antenna have apparently strange effects when they are multiple quater wave lengths long as well as if they are "dipoles or monoples" in use.

As many ham radio operators who work HF and design / build their own antennas can tell you "speaker wire makes a transmission line" that you use for feeding dipoles. In effect this makes the individual wires to the ear buds the antenna which then has a "feed point" where they join together and become a transmission line. One well known "broadband antenna" is the "resistively loaded" folded dipole or loop. If you look at the where the ear buds are you find this lump of wet flesh and bone called a human head which is "acting as the load"... Worse they are connected at two transmission lines that go directly into the inside of the head... Thus the actual "load resistance" may be inside the head, beyond the reach of the usuall thermal imaging methods used to show localised heating effects especially "hot spots".

When you start looking at things this way, you end up having sleepless nights, trying to get your head around the problem.

Thus having worked for some years designing wireless technology that does get put up against peoples heads I tend to be cautious about what can and can not be said other than, "There is a lot we do not know becaise we do not yet have the tools to make the measurments".

@ Hmm,

The study you quote is just one of many that will have to be done over the years to come. After noticing and finding apparent correlations further "deny" testing will have to be carried out to ensure it's not from other causes. But as well we need the test instruments to be developed so that we can "look inside" peoples heads when they are using phones.

For instance we know we have nerves that can sense temprature, therefore we know that there are biological mechanisms that are temprature sensitive well below the tempratures that are considered harmfull (ie 40C where protiens start to depolarise and "cook" slowely "Sous-vide" style...). We also know that despite blood flow, fat is a reasonably good thermal insulator that suffers from dielectric heating issues, we also know that nerves are fairly good conductors of voltage potentials.

Is any of this relevant? The long answer short is "We don't yet know".

Which then brings us into that moral maze where ethics are not just discussed but considered. Animal let alone human testing is a very controversial issue and people have died for their respective beliefs in this area.

Thus the question arises of how we move forward in testing... We know there is vast amounts of resources tied up in mobile communications and technology is moving forward much faster than even proffessional engineers can get to understand at the surface level let alone in depth. The number of people that could be considered knowledgeable in both communications technology and low level biological processes can probably all stay in the same small hotel... Thus the level of thinking in the area of the harms of the technology is a very very tiny fraction of those whos livelyhoods are absolutly dependent on the forward progress of communications technology... Thus we come back again to morals and ethics...

We don't need the rapid pace of communications technology we've survived as a thriving spieces for many millennia without it. Worse perhaps we are finding out that the biggest danger with communications technology is not to do with EM radiation but social, economic, environmental and very much mental and consequently physical health.

We know mobile communications enables the vastly increased rate at which people live and the stress that causes in "being unable to get away"[2] which some are pointing the finger at as being behind "mass shootings" or as it was once called "going postal". We know that it causes dangerous driving with many many injuries from minor through disabling to death.

So I have absolutly no doubt mobile communications are very harmful not just individually but society in general. The question is where should we priorotize research? Morals would suggest at the intersection of level of harm, ability to influance it and timeliness to show benifit. We have seen limited legislation in this respect with regards driving and mobiles. I'd like that to be extended to anyone operating machinery or who is able to move around in a public place or place where they might potentially cause harm to others[3]. We have more draconian legislation with regards smoking in many countries, so the principle is in no doubt.

[1] Asside from the moral and ethical issues, one of the hardest parts of setting up a trial involving sentient beings is that of removing other factors hence double blind etc studies. Whilst we can partially do that for actual tests in controled environments it's only half the problem, there is still the issue of removing the investigator from the design of the trial to avoid inadvertant bias in the trial.

[2] I less than jokingly refer to my mobile as "The dog lead" for this very reason, and I know very many people that actualy loath if not fear their mobiles for just this not being able to be left alone / getting away issue.

[3] As a person with "mobility issues" I am sick and tired of idiots walking into me or assuming I will get out of their way simply because they are using their mobile. Yet if I was to retaliate by grabing it from their hands, tripping them up, barging them even telling them to "wake up" etc etc I would apparently be the one in the wrong...

HmmApril 11, 2018 2:52 PM

"Is any of this relevant? The long answer short is "We don't yet know".

Yep.

What we do know is that we can't easily prove anything conclusively at all without a boatload of money.
Back to the epistemological drawing board to draw up another grant proposal...

bttbApril 11, 2018 9:39 PM

Trusted End Node Security ("'TENS'"), a DoD product, is on Hacker News.
https://news.ycombinator.com/item?id=16798967

FYI, I was able to browse the TENS literature at https://spi.dod.mil/ without, I think, adding any CA or certificate to my Ipad (except for reading download checksums, which wouldn't load).

A use case is very basic users in a quasi public setting. Pretty much anybody has access to the TENS computer. I prefer not to alter any defaults, beyond adding a printer (which can be readily documented for users to "Add" printer to try to print).

Should I recommend people reboot before use or after use?

Under FireFox ESR extensions are:
HTTPS Everywhere (enabled)
User Agent Switcher (enabled)
Noscript (disabled by default)

Under FireFox Plugins, all in 'Always Activate' mode, are
Adobe Reader 9.5
Citrix Receiver for Linux
Java(TM) Plug-in 11.161.2
OpenH264 Video Codec p...
Shockwave Flash

If the PC is rebooted between users is there any reason to recommend changing any defaults? I want to keep the instructions KISS; of course, more advanced users might do things on their own.

Is there a hardened or non-hardened BSD, straightforward to use, in a Live DVD/CD version?

Knoppix and Tails are possibilities, too, but "Unsafe Browser" could be too confusing to users and Knoppix could be a little overwhelming for the typical user, but Knoppix has a great screen saver.

Any thoughts or other ideas?

Finally, the PC is a relatively old Core 2 with either no HDD or an unformatted HDD, afaik. Of course something like Fedora, Linux Mint or Ubuntu Live DVD/CD could be used as well and the HDD could be removed.


bttbApril 12, 2018 9:29 AM

@Wesley Parish
From your link:
"Security
Want to terrify a city with an emergency broadcast? All you need is a laptop and $30
Bug allows hijack of city, army and nuclear warning systems"
[snip]
"Researchers have uncovered a remote hijacking vulnerability present in the systems many cities and organizations are using to manage emergency sirens and alerts.

Dubbed SirenJack, the vulnerability would allow an attacker to remotely activate emergency alert systems manufactured by a company called ATI Systems. Bastille said it privately contacted ATI about the flaw and allowed the company a 90-day period to patch the flaw before disclosing.

ATI did not have a statement on the matter at the time of publication. The company has said it is working on a patch for the flaw and has said it is on standby to help cities concerned over the vulnerability.

Bastille says the SirenJack flaw was actually an exploit of the way ATI transmits signals from its control stations to the sirens themselves. A Bastille researcher who was in San Francisco back in 2016 noticed that the city's emergency sirens, tested every Tuesday at noon, did not have wired connections to a data feed.

After some digging, Bastille's director of security research Balint Seeber found that not only do the sirens get their orders via radio transmissions, but the signals were also being sent over an unencrypted channel. ..."

ThothApril 12, 2018 9:33 AM

@all

Ops. Duplicate. What a coincident that @Wesley Parish posted it earlier than me.

The duplicate can be removed by @Moderator if wishes to do so since it serves no further purpose.

Anyway, it seems like most emergency systems are not built with security in mind and who knows how many more can be compromised with "nothing more than $30 laptop and interceptor".

bttbApril 12, 2018 9:47 AM

Two 'current events' links from emptywheel.net

"Bannon Aims to Best Jared Kushner’s Biggest Mistake in Modern Political History"
[snip]
"Back in September, Steve Bannon agreed on 60 Minutes that firing Jim Comey was the stupidest decision in modern political history.

In a “60 Minutes” interview that was posted online Sunday night, Bannon was asked whether he considered Comey’s dismissal — which ignited a political firestorm and directly led to the appointment of a special counsel to investigate Russian meddling in the 2016 election, including potential ties to Trump’s campaign — the biggest mistake in political history.

Bannon responded, “That would be probably — that probably would be too bombastic even for me, but maybe modern political history.

“He went on to acknowledge that if Comey had not been let go, it’s unlikely that the probe led by special counsel Robert Mueller would have been established.

“I don’t think there’s any doubt that if James Comey had not been fired, we would not have a special counsel, yes,” he said. “We would not have the Mueller investigation. We would not have the Mueller investigation and the breadth that clearly Mr. Mueller is going for.”

At that time, Bannon insisted that he faced no risk from even the expanded Mueller investigation, and hadn’t even lawyered up.

All that changed, of course, after he ran his mouth to Michael Wolff. Bannon claimed to be offended by the June 9, 2016 Trump Tower meeting. In his apology he would even say the entire meeting offended his life’s work making movies about fighting “the evil empire.”

“My comments about the meeting with Russian nationals came from my life experiences as a Naval officer stationed aboard a destroyer whose main mission was to hunt Soviet submarines to my time at the Pentagon during the Reagan years when our focus was the defeat of ‘the evil empire’ and to making films about Reagan’s war against the Soviets and Hillary Clinton’s involvement in selling uranium to them.”

But what really irked Bannon is that when Don Jr, Paul Manafort, and Jared Kushner met with Russians in an effort to obtain dirt on Hillary Clinton, they didn’t use lawyers as cutouts. ..."
https://www.emptywheel.net/2018/04/11/bannon-aims-to-best-jared-kushner-for-the-biggest-mistake-in-modern-political-history/
and
"Manafort Wants DOJ to Return Some of the Information Seized in His No-Knock Search"
[snip]
"Paul Manafort has submitted two motions to suppress information collected pursuant to two warrants. The first, to suppress the fruits of a May 27, 2017 search of a storage facility in Alexandria, was submitted in timely fashion on April 6. The second, to suppress the fruits of the widely publicized no-knock search of his Alexandria condo on July 27, 2017, was submitted late, though Judge Amy Jackson Berman let him do so even though he only asked permission to do so hours before the deadline.

While I don’t think these motions, particularly as submitted, will succeed, I think they’re interesting because in addition to seeking to suppress evidence in the ConFraudUs prosecution he has already been charged with, appears to seek to suppress any evidence obtained relating to the election tampering conspiracy. ..."
https://www.emptywheel.net/2018/04/11/manaforts-suppression-motion-tries-to-suppress-any-june-9-meeting-information-obtained/

gordoApril 12, 2018 1:19 PM

Given the chorus of post-hearing articles published by numerous news and industry publications identifying the apparently disingenuous to outright false representations made by Facebook, Inc., CEO Mark Zuckerberg over the past two days, one can only hope that the U.S. Federal Trade Commission evinces some semblance of due diligence in its current investigation of said corporation and makes its findings public.

Mr. Zuckerberg has said, elsewhere:

With a community of more than 2 billion people all around the world, in every different country, where there are wildly different social and cultural norms, it’s just not clear to me that us sitting in an office here in California are best placed to always determine what the policies should be for people all around the world. And I’ve been working on and thinking through: How can you set up a more democratic or community-oriented process that reflects the values of people around the world?.

Given the numerous FTC and other investigations of Facebook in democracies 'all around the world', we'd all do well to act on the words of Thomas Jefferson, to wit: "A well informed citizenry is the best defense against tyranny."

As so, if Mr. Zuckerberg truly believes that the governance structure of his supranational social media firm should be community oriented, then it needs to be informed and reformed, country-by-country, community-by-community, from the ground up and under the rule of law.

Paul Calder Le RouxApril 12, 2018 1:42 PM

Has anybody here mentioned PowerHammer attack already?

https://www.theregister.co.uk/2018/04/12/malware_exfiltrates_data_over_power_supply_cables/
https://arxiv.org/abs/1804.04014

In this paper we provide an implementation, evaluation, and analysis of PowerHammer, a malware (bridgeware [1]) that uses power lines to exfiltrate data from air-gapped computers.

In this case, a malicious code running on a compromised computer can control the power consumption of the system by intentionally regulating the CPU utilization. Data is modulated, encoded, and transmitted on top of the current flow fluctuations, and then it is conducted and propagated through the power lines. This phenomena is known as a 'conducted emission'. We present two versions of the attack. Line level powerhammering: In this attack, the attacker taps the in-home power lines1 that are directly attached to the electrical outlet. Phase level power-hammering: In this attack, the attacker taps the power lines at the phase level, in the main electrical service panel. In both versions of the attack, the attacker measures the emission conducted and then decodes the exfiltrated data. We describe the adversarial attack model and present modulations and encoding schemes along with a transmission protocol. We evaluate the covert channel in different scenarios and discuss signal-to-noise (SNR), signal processing, and forms of interference. We also present a set of defensive countermeasures. Our results show that binary data can be covertly exfiltrated from air-gapped computers through the power lines at bit rates of 1000 bit/sec for the line level power-hammering attack and 10 bit/sec for the phase level power-hammering attack.

JG4April 12, 2018 6:35 PM


https://www.nakedcapitalism.com/2018/04/200pm-water-cooler-4-12-2018.html

...

News of The Wired

“The Alice and Bob After Dinner Speech” [John Gordon, by invitation of Professor James Massey]. Fun with crypto….

“Tom Lehrer At 90” [Gödel’s Lost Letter and P=NP (blennylips)]. Lehrer: “Political satire became obsolete when Henry Kissinger was awarded the Nobel Peace Prize.” But everything old is new again:

And how gorgeous and expressive black and white photography can be!

RatioApril 13, 2018 12:00 AM

Belgian army criticised for plan to let homesick cadets sleep at home:

Belgium has come under criticism in recent years over its failure to live up to its Nato commitment to spend 2% of GDP on defence. It currently spends 0.9%, of which 75% goes on personnel and pension costs.

The defence ministry has been on a major recruitment drive, but it has been a hard sell because of pension reforms, poor job prospects on leaving the army and a demand in recent years for soldiers to patrol the streets of Belgium’s major cities under the counter-terrorism operation Vigilant Guardian.

Danny Lams, a former paratrooper who chairs a veterans’ organisation representing Ostend and the areas bordering the Netherlands, nevertheless condemned the army’s plans to allow soldiers to sleep at home.

“That’s how you grow a defence of nothing, an army that you cannot count on. You do not go to a war zone with men who miss their mama,” he said.

This is fine.

Wesley ParishApril 13, 2018 5:18 AM

Maybe completely Off-Topic, but it is not generally known that "Donald Trump" is actually a pseudonym, an alias, a nom de plume. Theresa May's party winkled this out and sent him an appeal, only they sent it to the wrong address:

http://www.theregister.co.uk/2018/04/12/dear_mr_fckingjoking_tories_nasty_party_letter/

https://twitter.com/hashtag/youmustbefuckingjoking?src=hash&ref_src=twsrc%5Etfw

https://twitter.com/Benjo_86/status/984130473034240000/photo/1

Perhaps this is a point we are in great need of noticing, along with the relevant understanding of practicing safe data with political parties as indeed with any other organization:

And of course you only have to go onto a party’s website or walk near a local campaign group to be inundated with requests for your personal information. ®

echoApril 13, 2018 12:14 PM

This is an interesting idea.

http://www.chinadaily.com.cn/a/201804/10/WS5acc22c6a3105cdcf651730b.html

Shanghai scientists have invented the world's groundbreaking third type of storage technology with two-dimensional semiconductors, solving the problem of acquiring both data writing speed and nonvolatile memories in semiconducting storage.

[...]

Moreover, with the new technology, the storage duration of each disc can be tailor-made from 10 seconds to 10 years, to solve the contradiction of data transmission and security in some special application scenarios.

"People in the future may receive a disc in which the data is only effective for, say, three days, which elevates the security of the information," said Zhang.

"People can also have tailor-made flash drives with the new storage technology. The data stored inside will be regularly emptied at an appointed time," he said.

Clive RobinsonApril 13, 2018 4:45 PM

@ Paul Calder Le Roux,

Has anybody here mentioned PowerHammer attack already?

Yes I have, for several years now but not by that "fancy name" though, that name thinking I'll grant is sort of original to the students, though the "Rowhammer" people might have something to say on it ;-)

I've even predicted on this blog that Mordechai Guri's students at Ben-Gurion Uni[1] would eventually get around to writing a paper on it when chatting with @Thoth. Because it's effectively stating the obvious to anyone "practiced in the art" as they say on patents, especially when they have read it here already...

Just to chuck in a little salt I've even mentioned in the past --though they have not-- how Smart Meters can be used to send this specific sort of information anywhere in the world the controler of a smart meter likes (and you don't need to be the "owner" to be the "controler") as the security on Smart Meters is very very poor, from the line side much like it is with ISP owned routers (oh remember some Israeli and German companies are involved with Smart Meter design and manufacture, it might not pay the Uni to ruffle those feathers...).

You will find my original suggestion about using the load of the computer goes back even before a Cambridge University student under Ross J. Anderson won a prize for their paper on determining the common CPU in a multi hosted computer by how it thermally effected the CPU Xtal --timing crystal-- thus by watching the "delta F of the CPU Crystal" over the network under the increasing and decreasing heat in the CPU box by varing the computer load work out which neywork hosts were on the same hardware. Also that attack works with any Computer regardles of OS and without any hand crafted malware being required on it... Interestingly I'd already developed an attack around detecting the Delta F that could be used by a "black hat" or equivalent to enumerate a network of hosts looking for the use of Virtual Machines. Thus acting as a give away for Honey Net machines and shared hosts that could be used to get information on other shares on the hardware (such as AES software keys).

You will also find on this blog site that the "usual suspects" have discussed at some length many times how to deal with the issues involved, and contray to the El Reg journalist Richard Chirgwin's assertions it does not require you living a,

    hermit-like separation from the world

To defend yourself, that realy is a bit of a fanciful turn of phrase, even though you do have to be in part,

    without wireless connections, use a fanless computer, block the USB ports, install machines in a windowless room with any LEDs covered by black tape, make sure nobody can sense a PC's magnetic fields, and disconnect the speakers.

Oh and a few other things those at Ben-Gurion have not yet re-boiled, like it's also nice to run a pre-2000 computer to cut out much of Intel's backdoored hardware from their extreamly suspect supposadly random number generator[2] through all their idiotic "Mind Fcks" through to the latest "Over lord Ring -3" or what ever we are now supposed to call it Managment Engine crap running an effectively "stolen" version of Minix[3]...

You will get to learn a lot about real computer security on this blog, on average around five to eight years before it pops up as a two minute big media sensation with a "fancy name", from some "War Hammer" toting/playing researcher looking to improve their employability.

This is something The Register's journalists like Richard Chirgwin should know as his colleagues have been and posted here befor. Oh as well as finding out I'm not worried about setting lawyers on them which I've started to do in the past when representing clients (they only have to look my name up in their records to find that out).

Perrhaps the most important thing you will learn from reading this blog and the words of the "usual suspects" is that you can not solve all these annoying problems individualy, there are way to many of them to deal with that way. You can read up on my comments about "known knowns" etc if you want to know why you need to deal with classes not instantiations of attacks.

Thus you practice a technique developed back in the 1950's if not a lot earlier --actually the roots can be traced back atleast a century to World War I with TEMPEST / EmSec-- and get to know what "segregation", "energy bandwidth" and "choke point" managment is all about. That way you kill the problem long before some twenty something researcher of what ever coloured hat --mines green-- comes up with to ruin your day.

Have a look back to the early conversations between @Nick P and myself on "TEMPEST Rules" I've given the reason for some of them from "first principles" a number of times, as well as how to design and build your own SCIF along with how to do parts of it "covertly" with items you would expect to find in a small flat. But the more recent stuff you will find under "energy gapping".

Oh and if you want to do your own research in these areas get a good book on Electro Magnetic Compatability (EMC) that teaches you about "unintentional emmissions" and how to detect and stop them. Somewhat cheaper and a more interesting read will be the Amateur/Ham Radio books from the ARRL and RSGB they contain a wealth of information about many many areas involved with both sides of passive TEMPEST / EmSec. If you read between those lines you will be able to start thinking about not just "Passive EmSec" but "Active EmSec" as well, which was something I did original work on back in the 1980's. Have a look on here for "Fault Injection" via EM radiation[4], it's a fascinating area and will stretch your knowledge of physics if nothing else.

[1] The "usual suspects" on this blog also worked out the connection between Mordechai Guri and his department at Ben-Gurion University not just with the Israeli SigInt agencies, but also those of Germany as well. It's an interesting game they are playing, I just wonder when some journalist will get around to "outing" it.

[2] The one that caused Linux originator Linus Torvalds to get all rude about crypto experts and then have to back track over...

[3] The fact Intel decided to steal Minix and use it secretly, might be why they "Fcked up" the security on it. Still the designer of Minix Andrew S. Tanenbaum was quite gracious in an ammused way about it.

[4] Something else I had to tell a couple of prize winning Cambridge University Computer Labs students I had also done long before. It makes me feel like the Grinch sometimes... Though oddly not with now Dr Richard Clayton...

65535April 13, 2018 5:35 PM

@ JG4

…”I remember reading that a Marine Corps pilot was court martialed for a killing a ground crewman who happened to be …his wife. The murder weapon was a very powerful radar unit that he switched on while taxiing.”

I remember reading about that incident but not the full details. I will say a distant acquaintance worked on a government contract to place a digital safety on F16 and other aircraft that had powerful jamming radar unit(s) in the nosecone and was powered directly from the F100 jet engine. The unit could kill people on the ground within 50 to 75 feet of the aircraft.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.