Friday Squid Blogging: More Problems with the Squid Emoji

Piling on from last week's post, the squid emoji's siphon is in the wrong place.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on December 13, 2018 at 4:23 PM • 111 Comments

Comments

65535December 13, 2018 4:44 PM

@ All Firefox pros:

I have a few questions, when Firefox is set to “I quit Firefox…automatically clear out all history,” Browsing & Download History, Cookies, Active Logins, Cache, Forms & Search History, Site Preferences and Offline Website Data, it appears to leave actual data in a cache and it takes and ad-on such as Bleach Bit to remove 5 to 7 MB of data?

Is Firefox just marking the memory area as usable or over-writeable without “Clearing out all history”? Is not that kind of deceptive and leaving possible trackers to read such history when landing on a tracking sites such as google?

On the topic of tracking, I use Privacy badger [PB]. There was some flap about the additional privilege level of PB. Privacy Badger requires your permission to:
Access your data for www. google. ad
Access your data for www. google. ad
Access your data for www. google .ae
Access your data for 383 other sites [What 300 + sites are those ?]

[URLs are fractured for saftey]

Is PB asking for administrator privilege level or the like?

Is PB safe with the newest edition?

Last but most important what setting in FF about:config can stop ALL location tracking? I think there are two or three. Is there any FF work around or ad-on that can change or obscure your location?

Thank you.

godelDecember 13, 2018 6:11 PM

@65535 If you've got Firefox or one of its derivatives (Waterfox) on Windows, see if you've got a hidden file called SiteSecurityServiceState.txt after you log out.

On my old Windows 7 Pro system this has a list in plain text of every site you visited in the previous session, Private Browsing excepted.

CCleaner still doesn't pick it up and Privazer has only cleaned it in its last few versions.

HumdeeDecember 13, 2018 8:28 PM

@65535

If you have blocking of malicious sites checked that places a persistent google cookie on your drive that does not get wiped by the technique you use.

HumdeeDecember 13, 2018 8:33 PM

https://www.hollywoodreporter.com/thr-esq/appeals-court-weighs-resale-digital-files-1168577

This isn't directly related to security but has implications for it. The court is trying to decided when a file is copied and when a file is moved, legally speaking, and arrives at the conclusion that legally speaking a file is always copied and never moved. This seems odd to me. However, I admit that I don't fully understand what happens under the hood in a hard drive when bits and bytes are erased and written. So my question is whether the court has it right as a technical matter. Is "moving" a file just UI jargon or do files really get moved?

Impossibly StupidDecember 13, 2018 9:59 PM

@Humdee

For digital data, a "move" is essentially a copy followed by a deletion of the original. Even then, those operations have nuances (e.g., a regular delete just destroys a reference to the data, but a "secure delete" would actually overwrite the data to destroy it.

But when it comes to (re)selling data, the bigger question is whether or not there is a system in place that allows to new owner to prevent the old owner from accessing it. If that's not the case, and it isn't unless there is some kind of subscription service that owners must use to "call home" to decrypt the data (or otherwise make it useful), it's hard to say the data can be fundamentally "moved" from one owner to another.

Mind you, that can also be the case for physical objects that are essentially data like CDs and DVDs, but I expect the courts have already ruled that possession of that physical object is what constitutes ownership of the data, regardless of how many people may have ripped the media and saved it to their hard drives.

ALDecember 13, 2018 11:05 PM

I'm not so sure that a "move" is a copy followed by a delete, if the "move" occurs on the same drive - that is, the source and destination is the same drive.

In that particular case, only pointers to the actual data would be changed to the new directory, and the actual data wouldn't have to be touched. Moves seem pretty quick, even with large data if source and destination is on the same drive.

Absent that case, a "move" to different media would be a copy followed by a delete, which might just mean deleting the pointers to the original location.

Clive RobinsonDecember 13, 2018 11:21 PM

@ Humdee,

arrives at the conclusion that legally speaking a file is always copied and never moved.

That is technically correct for some OSs but not for all, and in some cases but not all, as the file is neither copied or moved when copied or moved in some cases...

Let's start with the "hard link" cases (and simple filesystems not journaling or snapshots etc etc).

Firstly and very importantly you have to remember that the file name and file contents are two entirely seperate things.

The file name is simply a pointer in a directory structure to a file allocation structure which links to individual blocks or segments. It is those individual blocks / segments that actually hold the file contents, and there is no reason for the blocks / segments to be sequential or in any order (though it will speed things up if they are).

Importantly there is usually no backwards refrence from the blocks / segments to the allocation structure or to the directory structure or file name entry that points indirectly to the blocks and segments that contain the file contents. Thus if the allocation structures or directory structure gets damaged your file system could well be hosed... It's why they usually get duplicated in some way on the filesystem in physically seperate places.

When ever the actual file contents is moved it starts with a copy opperation.

To copy the "file contents" you read in the file directory and alocation structure into core RAM from the semimutable memory that has the filesystem structure formated on it. Then using the allocation structure you read in a bit/byte/block/segment of file contents into a buffer in core RAM then at some point write it out to either the same filesystem or another filesystem, building a new allocation structure as you go. Only when the file contents is copied entirely to it's new location AND the new allocation structure added to the same filesystem AND it has been given a directory / file allocation name hardlink is the copy compleate.

On older single user OSs irrespective of filesystem issues the move was a copy followed by the invalidating of the old directory entry in some cases just by changing the leading charecter of the old file name. Thus there would be two copies of the file contents on the filesystem(s) one visable to the user the other not.

With more sophisticated OSs things can be done differently depending on if the copy/move is on the same filesystem or not.

When a move across filesystems is required, that is from one file system on a mount point to a file system on a different mount point. It HAS to start with a copy from one filesystem to the other filesystem. It then makes the new directory allocation on the new filsystem and hardlink to the copy. It then unlinks the directory allocation from the file allocation on the old filesystem and links it to the end of the "free list table" on the old filesystem. Thus the old file will sit there usually entirely unchanged[1] untill the "free list" on the old filesystem gets down to needing the blocks/sectors that contain(ed) the original file. It's why under DOS and many other OS's you could "undelete" a file if you knew how to edit the various disk tables and structures, if an overwrite had not yet occured.

On some OSs however that are a little more efficient in their operations they will know that the file content copy/move is to be done on the same filesystem thus mount point. The OS then simply locks the file, makes a hard link from the new filename entry in the directory to the existing allocation structure, then removes the old directory structure hard link to the allocation structute and unlocks the file. So the move does not copy or move the actual file contents on the filesystem at all, it just does a very fast swap of hard links.

Likewise a copy on the same file system can be by just adding another hardlink pointing into the allocation structure. Thus multiple moves or copies have no effect on the blocks/sectors containing the actuall file contents, nor on it's allocation structure other than to increment the hard link count.

I'll leave out softlinks as that will just add to the headache ;-)

Thus the judge has a problem, unless it's made absolutly clear to them that a "move" might be "no move" or "no copy", and that multiple filename copies can point to just one copy of the file contents then he's going to come to the wrong decision and make very bad case law which will haunt people for ever because judges rarely if ever want to change case law, even though they don't mind making new case law.

[1] Some OSs that have certain security requirments will actually "secure erase" the old file sectors, but this is an intensive task that has to be done down at the lowlevel driver level, which seriously slows down user land apparent Disk I/O bandwidth. This happens because most OSs for performance reasons don't actually write to the disk but a file level buffer in core RAM, and only write it out when forced to by various events (look up "sync sync" on *nix boxes https://www.netadmintools.com/art293.html )

Clive RobinsonDecember 14, 2018 12:32 AM

@ Impossibly Stupid, Humdee, Al,

But when it comes to (re)selling data, the bigger question is whether or not there is a system in place that allows to new owner to prevent the old owner from accessing it.

And thereby hangs the rub, the judge obviously does not understand that copying to a flash drive in no way deletes the original files...

If as you suggest there is some

kind of subscription service that owners must use to "call home" to decrypt the data (or otherwise make it useful)

Then neither party actually owns a copy, just a usless file that depends on both the good graces and continued existence of the online service to make it of use. As neither party has control over such a service then they mearly "borrow" at best...

The important part to consider is actually that a file copy makes two whole copies available at the time of copy before a secondary step "might" delete the original.

There is actually a way around this but I suspect that the Judge based on what is said in the article about flash drives will not get it.

OK the first thing to realise is that the reason a file is not deleted as it goes through the copy process is to deal with the "unreliability" aspect of the physical world, or as was once called "Murphy's Law". That's not to say it can not be done it is when we copy a block of memory up or down in memory by less than the block length. Provided you do it the right way then you can catch errors and correct them.

However based on the jackass argument from the industry mouthpiece lawyer and "transitory" that would not be acceptable.

So lets first encrypt the file with a "Public Key" from the buyer. Once the seller has applied this to the file, they clearly nolonger have access to the file as a media file, just a file of to them random bits.

The file in an armoured form is sent to the buyer by the seller. The file is only of use to the buyer so it is upto them to correctly check the armoured file, decrypt it with their private key and check the music is indeed the music they have purchased.

If the armoured file does not go across correctly it can be sent as many times as required to ensure correct transmission.

Now obviously the buyer does not wish to be stung, thus an "escrow" service needs to be put in place.

Without going into all the labourious checking details, basically what the escrow service does is generate the key pair and sends the public key to the seller and the private key to the buyer.

If the buyer claims "bad faith" by the seller then the buyer can send the armoured files to the escrow service who can check that the file was indeed the one the seller generated and it's contents because it still retains both halves of the public key pair it generated. After arbitration the escrow service can send the seller either the decrypted file or the private key and the buyer a refund. Similar arangments can be made for other types of transgression.

Obviously as described you would need one public key pair for each and every record purchased/sold which would be a little inconvenient. There are ways to fix this so that more than one record could be sold at a time but I'm going to hand wave over that as it's not necessary to give the basic outline of the scheme.

The part I've still to think through is "collusion" between the buyer and the seller, though what advantage it would be to collude I don't actually see (I'm assuming that the files are ordinarily "device locked" in some way so just file swapping like old school tape swapping will not work).

RG-2December 14, 2018 1:53 AM

France Proves China Hypocrites

'France’s National Agency for the Security of Information Systems, or Anssi is demanding full access to potential suppliers’ technology: motherboards, original mapping of the item, encryption keys and the lines of code -- in short, their industrial secrets. Such demands are only going to increase, four of the people said. Unlike Nokia Oyj, Cisco Systems Inc. and Ericsson AB, Huawei hasn’t submitted its 5G equipment for vetting to become certified for critical components. That de-facto disqualifies it.

Now, France is considering upping the game by demanding an exhaustive qualification process not just for the core of networks but also for wireless towers.

Equal Justice for All
France’s methods have left Huawei with little recourse. More so because China has adopted the same tactics. It hardened its own laws with a 2017 cybersecurity rule that requires full “security reviews” for its own critical equipment.’
https://www.bloomberg.com/news/articles/2018-12-14/huawei-woes-multiply-as-france-risks-becoming-its-next-challenge?srnd=technology-vp

stineDecember 14, 2018 2:35 AM

re: RG-2
All that means is they haven't removed all of the non-Huawei copyright statements and comments from the source-code yet. It probably still says (C) Cisco Systems or (C) Lucent Technologies.

MarkHDecember 14, 2018 4:37 AM

Boeing 737 Damaged in Possible Collision with Drone (Bloomberg)

This is fresh news, and some days (at least) will be needed to investigate the incident.

To my amateur eye, the size, shape and orientation of the damage looks plausibly consistent with uninhabited air vehicles often used for hobby or commercial purposes.

The damage looks really bad, though the hit was on the radome, a structure which may be much more brittle than other parts of the aircraft because the materials are chosen for high transparency to microwaves.

2 or 3 meters higher would have tested the windscreen with possibly catastrophic consequences.

65535December 14, 2018 4:45 AM

@ Humdee and godel

“blocking of malicious sites checked that places a persistent google cookie on your drive that does not get wiped by the technique you use.”- Humdee

I was testing Vista 64 Win 7 32 and 64, then Win 8.1 and it looks like you are correct. Ghacks has a work arounds for FF to FF51 but no higher than FF51. Their fixes are not perfect. I will have to have at go at the supercookie HSTS problem when I am fresh.

@ godel

“list in plain text of every site you visited in the previous session, Private Browsing excepted.”-godel

Yes, private browsing does work but not plain browsing. I think there is a way around it but it will require the expertise of Nick P, Clive R, or that “pants” guy.

“…How to Delete HSTS Settings in Firefox: We will cover two different methods for deleting HSTS settings in Firefox. The first method should work in most cases – but we also included a manual option if needed. Close all open tabs in Firefox. Open the full History window with the keyboard shortcut Ctrl + Shift + H (Cmd + Shift + H on Mac). You must use this window or the sidebar for the below options to be available. Find the site you want to delete the HSTS settings for – you can search for the site at the upper right if needed. Right-click the site from the list of items and click Forget About This Site. This should clear the HSTS settings (and other cache data) for that domain. Restart Firefox and visit the site…You should now be able to visit the site over HTTP/broken HTTPS.If these instructions did not work, you can try the following manual method: Manual …”
- hashed out.

ht tps://www.thesslstore.com/blog/clear-hsts-settings-chrome-firefox/

[Url fractured]

I didn’t get it to work with Win 8.1 and it seems to re-assert the sites. But, I'll take another stab at it soon. It is complex problem.

Thanks.

[Excuse all the grammer and other mistakes. I am not at the top of my game.]


Clive RobinsonDecember 14, 2018 8:41 AM

@ RG-2,

First the story is from known to be technologically unreliable "Bloomberg" who are running many "Anti-China" "advertorials" dressed up as news so I would have a carefull look at the sources and their alledged connections first...

Secondly Huawei has for quite some time now has had a technology check center with the UK National Cyber Security Centre (NCSC) which is effectively the UK equivalent of the NSA known as GCHQ. Even though the staff in the center are paid by Huawei they actually work under the direction of the NCSC. They check code and hardware line by line and manufacturing and supply chains and are required under the agrement to inform Huawei of any areas that cause concern. Whilst their are required to inform it can be general in nature so as to protect GCHQ's and others "Methods and Sources".

Untill recently this has worked well for both sides, then the NCSC started acting "hinky" some put this down to "Political Preasure" from the US via GCHQ. The problem being identified by some is "The NSA can not backdoor 5G unlike other mobile networks includibg 4GLTE". Worse they can not as with US or other Five-Eyes resident manufacturers lean on them quietly...

It's been reported both by word of mouth and in some of the trchnical press that things started to go off the rails in the relationship badly back in July. Due to a "British government" report that appeared to have "US Fingerprints" all over it suddenly and unexpectedly claiming Huawei had technical and supply-chain "shortcomings" (Same as Bloomberg nonsense) along with technical issues with Huawei equipment. That had supposadly exposed UK national telecom networks to new security risks... I'm lead to believe that this was news to Huawei as it was the first they had heard of it, thus not only were they surprised they were publicaly "wrong footed" deliberately. Under the agreement NCSC should have informed Huawei long prior to that, thus Huawei have further reason to believe it's a US stich up job. At a meeting towards the end of November it's being said that Huawei brought this up and a top UK Official the NCSC's Technical Director Ian Levy, got realy up tight about where the meeting was going and just rudely walked out bringing the meeting to a very abrupt and premature conclusion. Thus Huawei's quite valid concerns about the continuation of the relationship left unanswered.

It's alleged that a reporter asked the NCSC about what went on and with regards Huawei not playing ball with the NSA. Among other one liners about the meeting a reply came back that it "ended prematurely because of increased tensions". But perhaps more interestingly also "Huawei HQ now have the message". Which is more than somrwhat thuggish to put it mildly.

Apparently the "official" cause of concern is work flows around the factory which are actually quite a bit above normal for most production facilities in the world. But the UK are now suddenly "Demanding" difficult changes at impossible speeds all tying up neatly with US blustering...

To make things worse the US is "working the angles" via the Five-Eyes and other countries. In particular one little weasel the EU's "Technology Commissioner" Andrus Ansip, has long been suspected by EU manufacturing companies of being so sympathetic to the US some call him "The Borg Implant" or "EU Technology Terminator". Many suspect he is run out of more than one office in K-Street Washington.

Ansip is regurgitating US nonsense on que and it is also suspected by some as being part of Brexit... That is France want's the Huawei relationship like it want's the UK "City of London" and other "jewels".

Untill March at least the UK is part of the EU which means under the EU Free Trade Agreement France's actions are once again an illegal act against Huawei UK. Not that being illegal has stopped France before (see "Mad Cow").

There are two basic reasons behind this current nonsense for the US,

Firstly contrary to a lot of US inspired "title tatle" Huawei are one of the worlds leading telecoms R&D houses, the result of this is they have between 10 and 15% of the fundemental patents required to build 5G.

In essence 5G rests on Huawei and ZTE patented technology which does not sit at all well with the current US administrations alleged view of the "almighty US" having it's "IP Stolen".

As for the "IP theft" notion most of that is due to US Corps chosing to give it to China in return for access to rare earth minerals, something I've mentioned here several times over quite a few years.

That is those US Corps walked in with their eyes wide open and freely handed over manufacturing and other "trade secrets" knowing or should have known this was going to happen... Much like the US did for around a century a century and a half ago.

Now China has got over a particular technical sophistication hump, they are just following the US lead and now closing the door on others only after a decade or so of industrial catchup. They also know that the US are in all those US routers from CISCO and Jupiter and also mainframe systems from IBM etc (something Ed Snowden's trove has confirmed). So several years ago China said that such technology was nolonger welcome in China and started clearing it out during the Obama Administration. The US now very much on the trailing edge have decided to do the same in the Trump Administration, which is probably "too little to late"...

The problem is the US don't have the patents etc they need for 5G. Thus they have a problem, The US is behind enough in the mobile communications markets as it is, if the rest of the world goes 5G or part 5G then the US will be even further behind...

Secondly it appears that there is good reason to believe that the NSA and other Five-Eyes can not backdoor 5G in the way they have with other mobile standards, or manufacturers. Which for them is highly problematic because the people with the capabilities they did have to do that are earning better elsewhere amongst other issues. That is the US and Five-Eyes IC entities have a bigger skills gap than the US and West in general. Which is way to big as it is, and down to USG and other Governments politicians more than it is anything else. China has thus quite legitimately purchased a very large part of the Wests IP directly or indirectly...

So "Plan B" if the US can kill Huawei outside of China then they can in effect kill 5G before it realy gets going 4GLTE will cover for the next couple of years whilst the Five-Eyes "finesse" a new unencumbered by Chinese-owned-patent standard into place. That also gives the Five-Eyes the covert backdoor capabilities they so desperatly want (which are nothing whatsoever to do with the FBI et al LEO entities wants for "cheap lazy access to frame all"[1]).

So there is quite a bit going on behind the US - Huawei spat that people have not realy thought about. Which effectively kidnapping Huawei's founders daughter[2] real does not help.

But ask yourself which is of more harm to you personaly risk wise?, backdoored comms networks that your own government can use to bulk spy on you and every other citizens intimate and private lives. Or one that just maybe a foreign government could use, but get caught doing so if they did it to more than a handfull or two of people?

But you know what does amuse me in an ironic way? It's all those "hip-n-trendy" types buying their IoT and similar that quite litteraly haemorrhages information onto the Internet that the NSA and Five-Eyes nations see rattle by. The US implies that it's orchestrated by the Chinese government. It's almost certaibly not it's actually caused as a by product of the worlds biggest industry US led Marketing.

Those IoT devices and low end mobile phones made in China have little or negative profit in them. Thus the profit comes from slurping up every piece of user data they can and somehow "repackaging" it to get those US dollars from the Marketing industry just as Amazon, Facebook, Googel, and other Silicon Valley big Corps do... Think back to the brief stink of CarrierIQ and how outraged people were, even without realising that the NSA was "free lunching" off of the data as it went by on the Internet.

Well guess what few seem to care these days that similar data is wizzing oonwards to servers in China. Did the Chinese Gov set it up this way, probably no more tha the USG did with CarrierIQ, are the Chinese Government "free lunching" off of it, I would think they probably are one way or another just as the USG did through the NSA and almost certainly still does big time, that's what "Collect it all" realy means. The much hallowed American Dream and it' dollars is screwing you not once but thrice or more, and various Governments just "leach" off of it as it passes by across their jurisdictions, which almost always includes the US or other Five-Eyes nation[3]...

The realy funny thing though is the USA in particular and Five-Eyes in general have shot thenselves in the foot. The NSA insistance on "attack over defence" made this all oh so easily possible, and guess who gets hurt the most? Well it's the countries most dependent on Internet Technology the US and the West which includes all the Five-Eyes and their Extended families... A big belly laugh yes?

[1] Take a look at that Aus legislation and earlier UK legislation, tucked away in there is the "right to impersonate" communicating parties. That is put words in their mouths for others to act upon. It used to be looked on as a form of "entrapment" but apparently not any longer...

[2] From the little that has leaked it apprars the US are claiming she did something thatbwas perfectly legal at the time, that the US has chosen to retroactively make illegal. Thus it's apparently more "US Exceptionalism" being used as blunt hammer politics.

[3] Have a hunt on the Internet about the shenanigans that went on at the ITU World Conferance in 2014 about what is essentialy who is the spider that sits in the middle of the Internet Web. Currently it's the US and they fought tooth and claw to keep that position... Ask yourself why and it will answer a lot of questions.

Impossibly StupidDecember 14, 2018 10:35 AM

@Clive Robinson

Then neither party actually owns a copy, just a usless file that depends on both the good graces and continued existence of the online service to make it of use. As neither party has control over such a service then they mearly "borrow" at best...

Such is the difficulty in trying to define ownership in a world where perfect digital copies are easy to make. We are at the point where it makes sense to properly/legally decouple the concept of ownership from possession of property. It may be the one thing where use of a blockchain (or similar concepts) actually provides real value.

albertDecember 14, 2018 11:17 AM

@MarkH,

Well, we said it would happen eventually. This case was lucky for passengers and crew. With landing speeds in the 130-150 knots (150-173mph) range, even relatively small objects can cause significant damage. There hasn't been a disaster yet, but there will be.
. .. . .. --- ....

WaelDecember 14, 2018 11:53 AM

@albert,

With landing speeds in the 130-150 knots (150-173mph) range

Damage would be more extensive at take-off, for obvious reasons - just before the plane is airborne till say the maximum ultitude a drone could reach.

Clive RobinsonDecember 14, 2018 12:09 PM

@ Impossibly Stupid,

We are at the point where it makes sense to properly/legally decouple the concept of ownership from possession of property.

If you look at history "ownership" was a perversion of power that many societies either never grew out of or got reinfected with, and it is very regressive in nature when alowed free reign.

The concept of "ownership-v-custodianship" or even "guardianship" has always been a fraught one both sides have advantages and disadvantages.

For instance the ecology and environment are overall usually better protected by a sense of "custodianship" or "guardianship" than it generaly is under "ownership". In part ownership is about "unfettered rights in the here and now" which is very very short term thinking. Where as custodianship is often about the rights of those who are yet to be, thus very much constrained and of the long or very long term thinking.

The constraint whilst protecting the environment effectively chills technical development, without which we all pretty much would have not been born or made it much beyond 35...

It's no suprise that technical development has more or less occured on the fringes of existance where life is much harder and "force multipliers" of significant use. So over a considerable number of millennia what is now mankind has progressively moved from the equatorial regions towards the poles as technology has improved, and we have changed gebetically because of it so there is "no going back".

In fact technological progress has got to the point where living at the poles is not much harder than living on the pole side of the temperate zones outdoors and of little difference at all anywhere when living indoors. Our most recent technology boosts over the past couple of decades has been "energy need" reduction in hostile areas. A couple of years ago two middle aged blokes demonstrated that with modern materials you could live for over a week in a tent with night time temps down to -70 with near enough just what you carried in on your back, something even non-hibernatory wildlife can not do.

However technology development has a significant downside, in essence it's the application of energy to raw resources or better recovered resources. Inherantly such processes are inefficient as all "work" is. At the end of the day the ultimate polution is low level or chaotic heat, where the energy differentials are to small to be able to further extract "usefull work". However the process of purifying raw materials is the reverse of entropy and you can not get back 100% to the starting point that is each step in the purification process requires exponentially more power thus you never realy do it and thus heat is not just your only work pollutant.

Cleaning up polution is thus an energy expensive process, for all the energy striking the earth from the sun there are distinct limits as to how much we can take out and utilize without adversly effecting the environment.

As we know those with stronger senses of ownership tend to think that energy is theirs to use at will and poloution is a problem the next generation or so will sort out maybe. Well they have not so far, so we'd be better cleaning up after ourselves as we go. Which those with a strong sense of ownership tend to regard as being one of the major failings of democracy in that "it steals their freedoms"...

I've no idea how to resolve this peacfully, and it's fairly certain those with a strong sense of ownership will resist any and all attempts at curtailing what they see as their freedoms, even if they are killing not just future generations but the current generations in large numbers, which quite a few currently do...

Clive RobinsonDecember 14, 2018 12:25 PM

@ Wael, Albert,

till say the maximum ultitude a drone could reach.

The maximum altitude of a very few drones and many that are currently on the drawing board is over one and a half times that of commercial jets.

The intent in some cases is to use them instead of "geostationary satellites". The cost of a geo-sat is now in excess of three million dollars a year, and maintenence / upgrade over a 20-25year life is currently impossible. Thus three or four high altitude drones represents not just a very significant cost saving you can also have a lot lot more of them in the air at the same time than there are geo-sat slots. Also they do not have the "space debris" navigation hazard issues, and can in most cases be not just maintained but upgraded easily with re-cycling of parts not just feasible but relatively easy and over all things would be a lot lot safer.

WaelDecember 14, 2018 1:37 PM

@Clive Robinson, @albert,

The maximum altitude of a very few drones […] is over one and a half times that of commercial jets.

Oh yea, forgot about them! Still, hitting a plane on the way up is worse than on landing: faster takeoff speeds, much more fuel (that a plane cannot land with), and less recovery courses of action (not my so-expert opinion.) … The good thing is the passengers will land [1] before they enjoy airplane cuisine ;)

Also they do not have the "space debris"

Give mankind enough time and the species will transform the universe into a trash can or a compost dump. Good thing we can't travel that far at the moment.

[1] Die.

Bong-Smoking Primitive Monkey-Brained SpookDecember 14, 2018 2:13 PM

before they enjoy airplane cuisine

Enjoy: Gag on
Airplane cuisine: The nasty dog-food slapped together by the unskilled, dirty short-order cook they call "chef". The same sob that put a hair in my pasta. Was hard to discover as I was eating "pubic spaghetti", which some people call "rotini". Eeeew.

Clive RobinsonDecember 14, 2018 2:32 PM

@ BSPMBS[1]

which some people call "rotini"

Is that pronounced like "Rot in me"?

I've had problems with the language ever since some one wished a lawn on my behind[3]...

Now the question is which of us is "il Siciliano o il Bolognese" going to get to first...

[1] Even now more than ever I want to adopt a "Sir Humphry" from "Yes Prime Minister" voice and just say to a certain[2] person "BS PM BS"...

[2] The spell checker wants to put up "cretin" for some reason unaccountable ;-)

[3] It sounded like "Grassy ass" still can't be sure though.

Clive RobinsonDecember 14, 2018 4:21 PM

@ All,

This Cable Modem from Intel and used by Virgin in the UK, is such a disaster area it has to be read to be believed,

https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/december/owning-the-virgin-media-hub-3.0-the-perfect-place-for-a-backdoor/

The amazing thing, a Big Endian ARM CPU and an Intel Atom CPU on the same lump of silicon, "Cludge Central" almost guaranteed, unless all your engineers are trained to a high level on both architectures on both sides of the ISA-HL divide...

Bong-Smoking Primitive Monkey-Brained SpookDecember 14, 2018 5:51 PM

@Clive Robinson:

Is that pronounced like "Rot in me"?

Depends on your mood :-)

"BS PM BS".

Appropriate letters for the context. I noticed the "PM" in the "initialism" you chose to address me by... long ago.

65535December 14, 2018 9:02 PM

Returning to the Firefox question and the Strict Transport Security (HSTS) google super cookie problem in addidtion to the FF failuer to actually erase cahce instances I have found some work arounds:

[Original Q’s]

“Firefox is set to “I quit Firefox…automatically clear out all history,” Browsing & Download History, Cookies, Active Logins, Cache, Forms & Search History, Site Preferences and Offline Website Data, it appears to leave actual data in a cache and it takes and ad-on such as Bleach Bit to remove 5 to 7 MB of data? Is Firefox just marking the memory area as usable or over-writeable without “Clearing out all history”? This is akin to the “move or copy file” discussion. -65535

https://www.schneier.com/blog/archives/2018/12/friday_squid_bl_654.html#c6786397

“If you've got Firefox or one of its derivatives (Waterfox) on Windows, see if you've got a hidden file called SiteSecurityServiceState.txt after you log out… Windows 7 Pro system this has a list in plain text of every site you visited”-godel

https://www.schneier.com/blog/archives/2018/12/friday_squid_bl_654.html#c6786399

“If you have blocking of malicious sites checked that places a persistent google cookie on your drive that does not get wiped by the technique you use”- Humdee

https://www.schneier.com/blog/archives/2018/12/friday_squid_bl_654.html#c6786408

The above files and supercookies appear to be true. URL tracking can be done.

[My Findings]

First I reverted to FF51 because the non-clearing of FF51 cache and most covered [on other sites] and importantly the HSTS super cookie listed in the SiteSecurityServiceState .txt file is doesn’t clear on closing of FF and clearing all history. FF tracking and URL history of users would be easy to do.

The work around is to close FF51 and go direcly to the SiteSecurityServiceState file and clear it in administrator mode. The exception is browser programs that auto up-date on start, say FF or Privacy badger. So, turn off “check for up-dates option” on those programs. This works up to FF Quantum and then it becomes difficult.

You can use Privazer and/or bleachbit to clear the file – in administrator mode. Those seem to wipe the above files clean.

Next, switch to “Private browsing” or incognito mode all the time. On FF51 that seems to work only in administrator mode – most of time. But, when running say, FF53 and up to Quantum the bug is indeed fixed the the SiteSecurityServiceState text file is clean.

More troubling is the location detection operation of all FF models. It appears that “Google Key: Found and Mozilla Location Service Key: Found” which are difficult to impossible to remove.

I have found on set-up of a fresh FF browser you can go to about:config and find 10-14 location settings which can be deboched or mis-located to give a false location – but only for a few sessions. Then your location tends to re-appear in approximately the same actual place you are located.

The other 4 “about:XXXXX” windows probably have files which refresh or relocate your browser correctly. Say, time zone, longitude & latitude, closest CDN provider or a string from your ISP. I did not check all dark corners in FireFox.

This location tracking problem probably applies to all mobile phones that have browsers and cell tower locators.

Clive Robinson has noted that 5G cell phone with proper encryption which probably cannot be decrypted but your location can most likely will be tracked and possibly tracked all of the time.

The only solution I found to stop the cell phone tracking is to place the actual cell phone in thick RF blocking bag [Fariday cage] but this would divert incoming calls.

Does anybody have a solution to this location problem? Please speak up if you do.

WeatherDecember 14, 2018 9:27 PM

655356
You are still using OS,but it is a need,the injection of asm, will tap that,it stops shellcode by making flux,it taps instruction point to db9 system call,just develop it,you're choose

ThothDecember 15, 2018 2:55 AM

@Clive Robinson, all

The latest Snake Oil protocol: Secure Multi-Party Computation

How to use SMPC Snake Oil protocol.

1.) Download a VM images (Linux, Windows, Apple ...etc...).
2.) Install SMPC software.
3.) Generate secret share of keys and figure out how to export them out to all VM images securely.
4.) Just run the VM images with software containing secret share of keys.
5.) The Snake Oil Magick happens all of a sudden and is suddenly magickally secured until a threshold of the shares has been compromised.

How to break SMPC Snake Oil Protocol.
- Side-channel Analysis
- Software packages, VM images, OS images poisoning
- Hardware backdoors and sniffers (ARM TZ, Intel AMT/SGX, AMD PSP, Secure Enclaves and so on)
- Bias and/or poisoned RNG key generators to poison the original master key and key shares.
- Coerce (il/legally) the administrators and key custodians

Link: https://www.bankinfosecurity.com/interviews/applying-secure-multiparty-computation-technology-i-4187

Clive RobinsonDecember 15, 2018 4:49 AM

@ Thoth,

SMC / SMPC appears to be an extention of things @Nick P and myself were discussing some time ago now, with regards a "simple circuit" for security (multi-party, multi-country shared secret key establishment) to avoid jurisdiction based theft of factors and quasi-legal/illegal coercion by LEO/Judiciary.

In our senario there was no colocated componets on the same hardware[1] and various true randomizing components were built in (effectively for free) due to the "human element".

Thus we avoided most of the problems you list before they were discovered ;-)

You can see more of the Prof's thinking on SMC in this paper,

https://eprint.iacr.org/2016/1066

The "general idea" appears to be good but (but I'll have to mull it over for a while). But as you note the VM implementation colocated on single instances of hardware is realy snake oil. Likewise using it on hardware where others can colocate software or hardware to hit it with all manner of classes of attack[1].

The problem few software and only a small number of hardware people are aware of is "pendulum locking". It was as far as we know first demonstrated by Christiaan Huygens, the inventor of the pendulum clock and documented in his 1673 book Horologium Oscillatorium.

In modern times communications engineers call it "Injection locking" or "Injection pulling" and it has significant advantages in reducing noise and energy in decoding circuits,

https://en.m.wikipedia.org/wiki/Injection_locking

However what you won't find in the Wikipedia pages on the subject is the flip side of reducing noise and energy is it is also very beneficial in likewise "reducing security"... Something the Prof may not have concidered in the rush to market...

Oh and of course another little idea comms enginers are familiar with that likewise has a security reducing flip side "Matched Filters" that are dynamicaly adjusted. It is after all what efficient Differential Power Analysis is about...

Combined you do get quite interesting "fault injection" attacks by the likes of dynamically modulated EM carrier that I've mentioned on the odd occasion here ;-)

[1] both *Nick P and myself were aware of some instances of timing attacks like "Shared CPU Xtal", "Cache hit" along with various classes of timing attacks thus the design implicitly ruled out those. Likewise some other more intriguing classes of attack that hardware engineers were "aware of" such as "Shared resource contention" that had been seen or were "Known" that you get with DMA and MMU attacks. But also then "Unknown" instances of them which have subsequently turned up with last Years Meltdown and Spector attacks that quickly broadend out. Effectively proving the "Known, Known", "Unknown, Known" hypothesis of "instance, class" of attack and why you should always go after protecting against "Classes" of attack, not individual "instances" of attack when doing system design.

WaelDecember 15, 2018 4:53 AM

@Clive Robinson,

The spell checker wants to put up "cretin" for some reason unaccountable ;-)

I almost choked on this one. Horyclap! And I thought it was you all the time... Your spell-checker needs a spell-checker, chief!

@Ratio, where are you, ma man? We have unfinished business!

JG4December 15, 2018 5:31 AM


@65535 - Thanks for your detailed report. I think that I touched on location spoofing for cell phones here:

https://www.schneier.com/blog/archives/2017/08/detecting_sting.html#c6757401

In principle, it could be legal if it were done passively. If you have a cell phone in a Faraday enclosure, it could be coupled to the outside world through a very tight filter that allows communication with only one tower. The filter could further contain variable delay elements. You would use an antenna inside the bag to couple to the cell phone antenna via the filter to an external antenna. Because of the filter, the phone could communicate with only a single tower. If the filter further contains a variable passive delay line that includes both a constant and variable delay, you will be able to mostly defeat location tracking. They'll only be able to estimate your location within an angular quadrant of the tower. The radius can be more or less completely obscured. A more powerful approach to the problem of location spoofing is SDR. I don't want this technology in the hands of public sector or private sector criminals, but I like the part where it sharply reduces my own attack surface. This approach could allow someone to skirt the thin line between graceful degradation of cell service in weather and building clutter, versus the intentional shutdown any time that location spoofing is suspected.

Halt-&-Catch-PantsDecember 15, 2018 5:34 AM

@65535 "or that “pants” guy." - that's me

The ghacks user.js moved almost two years ago to github. The answer I typed in here for you ended up being rather long, so rather than flood a wall of text, I opened an issue for you. Excuse the disjointed rambling of it, but it's all off the top of my head, and I'm tired AF.

Here is the issue: https://github.com/ghacksuserjs/ghacks-user.js/issues/598

If you want more help, then you'll need an account - even if you just make up a new temp one with a disposable email and connect thru Tor Browser or a trusted VPN. I'm not sure what your threat model is here.

ThothDecember 15, 2018 5:54 AM

@Clive Robinson

It is less of the theory but more of whether the practical implementation can pass the Snake Oil sniff test.

We know that much of the world's computing chipsets belongs to either the Intel, AMD or ARM classes of chipsets and these chipsets have known to incorporate implicit and explicit components that disguise themselves as "Management Tools" which can be re-purposed for NOBUS access. Thus, running the SMPC in any instance even with Whitebox Crypto for the algorithm executions in any form will never pass the Snake Oil sniff test and physical jurisdiction is kind of useless these days when national agencies can execute covert operations and make people disappear from the face of the Earth at any time and at any rate they deem necessary.

The prevalance of Intel/AMD/ARM holy trinity makes it possible for NOBUS access 24/7 without regards to jurisdiction whatsoever.

Thus, my concern is not simply the VM and software side but the claims that running on commodity hardware can bring the necessary security guarantees which is not true as the lowest layer of the computing stack is already so vulnerable and shaky (quoting from you) we cannot expect anything meaningful like SMPC to execute on a COTS setup unless we use the C-&-P to mitigate it.

Yes, back to C-&-P as the only solution for now and anything short of that wouldn't cut.

RG-2December 15, 2018 7:30 AM

AI Creates Junk Shopping Experience
AI search engines prioritize regurgitated AI authored marketing articles from automated web sites.

Under this scheme, the search engine leads to the partner web site. The affiliate then allows the search engines analytics tool to verify customers identity[1]. Their views are then fed back to personalize the search engine for their next query.

This AI typically reconstitutes content from Amazon human reviews with added click-bait links.
Finally Amazon itself is also saturated with all-knowing AI ad-systems.
These elaborate artificial click-bait systems are like eating junk food. Its empty calories with no nutritional content, especially when the ratings and five star reviews are suspect.

Due to this crazed Silicon Valley ‘innovation’, I’ve quit writing products reviews and deleted previous ones. I can’t determine if Amazon is now worse than Google[2].

Who enjoys shopping this elaborate ad-system of coordinated AI searches leading to AI generated web sites with their AI generated reviews? Is it dehumanizing? Creepy?
Are country’s Internet morphing into gigantic walled-in gardens managed by a few dozen Davos-bound elites[3]?


[1] submitting to Google browser fingerprinting is typically required to load pages

[2] Amazon is taking confidential consumer data (and adding aggressive facial recognition) and secretly selling it to government agencies. Google (rather than remaining silent) immediately boasted that its not going to this intrusive next level at least ‘for the time being’.
Meanwhile Congress is consumed with life-or-death hand-to-hand combat.
With all systems spinning out-of-control, individuals must adapt to a Survival of the Fittest mentality under extremely adverse conditions.
Me, myself and i are waiting for Amazon to sell recreational marijuana, as the stock is expected to catch fire and float-up to an extended high as fake AI increases junk food sales

[3] GDPR results are missing in action

65535December 15, 2018 10:44 AM

@ Weather

“…using OS,but it is a need,the injection of asm, will tap that,it stops shellcode by making flux,it taps instruction point to db9 system call,just develop it,you're choose”- Weather

That is interesting. Good goin. I would like more information if possible.

Yes, I have move to a different box. My customer are just small business shops that have day-to-day problems.

Their servers are email servers and LAMP/WAMP stacks with Typepad or wordpress top ends [both hosted for internet users and boxes for internal use for information disemination] and possibly a good firewall.

I mostly just un-clog routers and clean-up dead boxes, including some file servers and salvage of hard drives. I have lost most of my scripting, and compliling, and dot net skills. I am just doing lower level work that nobody seems to want to do. If nessary I go to a specialist for complex and specific needs. My skill level is not high.

@ JG4

Thank you for the complement. They are few and far between.

“…if you have a cell phone in a Faraday enclosure, it could be coupled to the outside world through a very tight filter that allows communication with only one tower. The filter could further contain variable delay elements. You would use an antenna inside the bag to couple to the cell phone antenna via the filter to an external antenna. Because of the filter, the phone could communicate with only a single tower. If the filter further contains a variable passive delay line that includes both a constant and variable delay, you will be able to mostly defeat location tracking. They'll only be able to estimate your location within an angular quadrant of the tower… I mention visiting the Harvard Center is 2015? Bruce had an open-hardware seminar that compared Arduino to a popular open-source cellphone platform that sells for $12 in China. control of the SDR is a given, and it could be forced to only communicate with one tower. further, the latency of the responses to the tower could be offset with a slowly varying constant (or random value) to dilute the position information from meters to kilometres. to place a call, rather than using the cell company's switching gear to connect to the recipient, the call would be placed to a secure server which then calls the recipient. I mentioned before that a sufficiently large user base is required to dilute the traffic. if secure audio endpoints are provided by enclosing the cell phones in a sort of prison that sees only a white noise audio carrier in both directions, then two of three objectives can be fully met, with significant progress on the third. the location information security can be defeated by an adversary who places multiple observing receivers in the cell tower footprint ”- JG4

https://www.schneier.com/blog/archives/2017/07/friday_squid_bl_586.html#c6757316

Great idea. I would like to know what the $12 china item is. Your are fairly good with RF technoly. That is very interesting. Do you have any specific set-up that can be duplicated and tested. I’ll give it a go.

Your comment on Nation State with multiple nearby towers it very true. The problem of having a cell phone browser with multiple location modules is hard to over come. This location tracking is compounded by GPS embedded in cell phones.

I don’t have a perfect answer to the stoping of GPS and browser location tracting with an exposed antenna to a cell phone in a RF pouch. That is mostly why I just place ssell phone in an RF pouch is my current solution [It does work and work well when driving to keep my eyes on the road].

I also use that RF pouch or Faraday cage [metal cooking pot] for storing my neighbor’s kids cell phones to keep them from taking unbecoming pictures, capturing unbecoming language and so on. It also a quizi-form of OPSEC.

I am aginst criminal activity. I don’t like carders, swatters, jerk con-games from big corporations [google - M$] down to teenage basement dweller kids over any communication channel. I don’t like to be scammed. It is that simple.

Thanks.

Clive RobinsonDecember 15, 2018 10:50 AM

@ Wael,

I almost choked on this one.

Hey when you're not blessed with those cool sophisticated looks, you have to have a sense of humour (or at least those around you try to entertain do). So I put in serious[1] effort to hide little tripwires to make people smile...

It's that or back to the poetry :-S

[1] One of the joys of theoretical lexicography is playing around with paradigmatic relationships within the lexicon[2]. Thus the word "serious" has more than on applicable meaning, but is it demanding, substantial, or one of the others ;-)

[2] And you thought managment speak is the epitome of near vacuous commentary... Is the screen still dry? Or am I going to have to get serious on your giggle gland?

WaelDecember 15, 2018 12:00 PM

@Clive Robinson,

Is the screen still dry? Or am I going to have to get serious on your giggle gland?

Get more serious with my giggle gland. lol

SamDecember 15, 2018 6:33 PM

@CallMeLateForSupper

Nothing more than a public stance to ensure their market share and public 'perception'.

Under the T.O.L.A., a capability notice would force them to create one, or send them to jail and fine them after the app is banned.

No one gets a choice under the T.O.L.A.

Clive RobinsonDecember 15, 2018 10:36 PM

@ CallMeLate..., Sam,

    "Encrypted Messaging App Signal Says It Won’t Comply With Australia’s New Backdoor Bill"

Which is not what the developer said, he used the word can't which puts an entirely different perspective on it.

@ For those who's first language is not english,

"won't" expands to a willful "Would not" where as "can't" expands to the not possible "Can not".

The first indicates there is a choice which they chose not to do. The second indicates it is not possible thus there is no choice to be made.

It makes little difference to Signal anyway, as I've pointed out it's insecure at the Human Computer Intetface (HCI) in that it displays "plaintext" for the user to see. The Aus legislation is designed for the device rather than each and every application so it is "putting a shim between the OS and the hardware driver that tee's off the plaintext" that is the most likely demand. Because not only is it easier and more effective, it's also more covert.

Sometimes I just wish that people would learn to draw little pictures to do their security analysis with, then they would realise why I say "Signal is not secure, nor is any other messaging app that has the security end point on the device"...

Then they would realise "it matters not a tinkers cuss" what the Signal developers say about Signals security, because over all the design is fundamentally flawed. As many including our host @Bruce have pointed out security is about "the weakest link" it does not matter how strong the other links in the security chain are it's the weakest link where it will get broken.

If your security end point is inside of the attackers ability to reach around past it to the plaintext, then they attacker is not going to even bother looking at trying to attack the app or it's strong points. Just because nobody bothers attacking your app does not make it secure, or it's use secure.

Worse using it points a target on your back. Because the authorities will say "Ah ha, he's using Signal he thinks he must have something to hide", thus they will focus in on you rather than people just sending plaintext...

People get all "geeky about security" and dig deep into it. What they forget to do is stand up occasionaly and take their head out of the hole they have dug and look around. Thus realise that to everyone else they look like a bl@@dy ostrich with their head down...

As any soldier will tell you the first rule of survival is to see your attacker comming, that means "heading for the high ground, to expand your horizon as far as possible". If however you dig a hole for yourself and hide at the bottom the first and last thing you will know about where your enemy is, is when a hand grenade is dropped in and turns your hole into your grave.

WaelDecember 16, 2018 12:31 AM

@Clive Robinson, @CallMeLateForSupper, @Sam,

If your security end point is inside of the attackers ability

A trust boundary diagram would be helpful in this analysis. The fundamental tenet or principle is: no one besides the owner may have control on a trust zone - their control must stop at the trust boundary, otherwise the system is insecure. Follows from a definition I shared long time ago in a discussion thread called C-v-P with mainly @Clive Robinson and @Nick P (where are you, man?)

In the Mobile Device case, there are many entities that have privileged access to most of the components: The MD can be controlled by a subset of O = {OS Provider, OEM Manufacturer, Carrier (MNO), Invasive servicing tools (AV, for example)...} the typical user of the device has less control on the device than some of the elements in O. But the user (the legal owner that paid for the device) has some tools as well: T = {OpSec, Burner devices, ...}. OpSec is a wide area of discussion and totally depends on the end user, where most of the vulnerabilities reside.

For "Signal" or any other protocol / Communication solution to be unconditionally secure, it must terminate at trusted zones at both ends, therefore shrinking the attack surface to protocol attacks. This is not the case: the attack tree of a Mobile Device is huge.

I said in the past: the attack surface of a Mobile Device cannot be described by an attack tree; we'd need an attack forest the size of Siberia to describe such an attack surface. So it's not a matter of how secure "Signal" is, one must look at the whole ecosystem to evaluate the security posture of the device -- "Signal" may be bullet proof, but that's not what we care about! We care about the security of the "Solution", which "Signal" is only one component of.

To summarize: it does not matter if Signal is bullet proof. The foundation it sits on is shaky, at best. If. and it's a big "if", the foundation is solid, and the attack-surface is therefore shrunk to "protocol attacks" then the security of the system would be dependent on the protocol Signal uses. And that still ignores other subversions that happen at the crypto-specification levels.

ALDecember 16, 2018 12:35 AM

@CallMeLateForSupper
I think this reaches towards a larger issue, which is *jurisdiction* on the internet. If Iran says I can't insult the Ayatollah, or China says I can't display pictures of Winny the Pooh, or the EU says I can't post a post denying the holocaust, am I subject to their jurisdiction, being as I'm located in the U.S.?

I am in favor of Balkanization of the internet than this attempt by countries to exact a worldwide jurisdiction of what can or can not be done on the internet.

I think in the case of Signal, that they prominently display a warning on their website that the application shouldn't be downloaded if forbidden by the laws of the downloader's country. And they shouldn't have a physical presence in Australia, nor should they be trying to interfere with their government in blocking access to Signal websites by changing IP addresses frequently and so forth.

And for cellphones, it is between the Aussies and the Android or Apple store. That might require Australian downloaders to install from 3rd party sites. Signal should not be involved in this area, but I think they are within their rights to publish the SHA256, SHA1 etc hashes of their published software. If software matching that SHA256 hash winds up on some 3rd party website, and downloaded by someone in Australia, I think Signal is sufficiently removed from that download.

If Australia wants to monitor the conversations between its citizens, it should be up to Australia to develop the infrastructure on Australia soil to prevent its citizens from communicating without monitoring from the government.

I am opposed to this attempt of jurisdiction beyond Australia's borders. In the U.S. anonymous communications is authorized under the 1st amendment- the courts holding that speech would be "chilled" if not so authorized.

And trust me, it has nothing to do with terrorism. It has everything to do with the rigged economies that have the 1% getting tremendous economic gains while the rest of the people deteriorate.

In this world of crony capitalism, they want to monitor socialism tendencies. (Genuine capitalism is as dead as a doornail.)

WaelDecember 16, 2018 1:05 AM

@65535,

I also use that RF pouch or Faraday cage [metal cooking pot]

Dang! It took you almost four years to get that to work? I have advanced a lot since that time and use far more advanced techniques! I have a new weapon! Stick a few phones there, add liquid and a lot of salt, vinegar and lemon juice (for increased conductivity,) cook for 30 minutes, and presto! Your phone is secure. You may or may not test that technique -- no pressure ;)

Clive RobinsonDecember 16, 2018 4:24 AM

@ Wael,

I have a new weapon

As I've mentioned before, there is a company called Prestige in the UK that makes preasure cookers for people to use in their kitchens, I have a couple at home one for the gas hob and an electric one. They are faster all told to cook a chicken dinner in than a microwave and with the hob one the energy "cost" is less.

However Prestige also make medical equipment like autoclaves for sterilizing dental tools etc... Yup you guessed it, it's the same preasure cooker in a different colour and five times the price...

https://www.barberdts.com/uk/prestige-medical-2100-01classic.html

I am told that "preasure-cooker" is still on the Internet word watch list, I wonder if "autoclave" is as well...

WaelDecember 16, 2018 4:36 AM

@Clive Robinson,

it's the same preasure cooker in a different colour and five times the price...

We beat ya! I see your 800 Britexit-Future-Value-Sterling, and raise you a $500 future-post-US-Chinese-trade-war Military monkey-wrench.

Clive RobinsonDecember 16, 2018 5:28 AM

@ Thoth, Wael, Nick P,

It is less of the theory but more of whether the practical implementation can pass the Snake Oil sniff test.

Hence the old saying of,

    In theory it should work, But in practice...

The real world has a habit of intruding in "the best laid plans of mice and men" especially in the mechanical world where "friction, bind and slop" feature so strongly.

It's just that the "Public Security" field of endevor is somewhat slow to catch up. "Zones of Trust" and "Attack Trees" Don't come up as subjects nearly as often as they should for instance. Worse one problem with both is they are always talked of in a "Top Down" analysis approach[1].

As I've mentioned with "bubbling up attacks" and C-v-P is not an appropriate way to go as you miss out so many potential attack routes "back up the computing stack". Further we talk of "the center of a web" but most have not realised that large webs like nets have many centers, and it's almost like "pick a knot and lift" which is a problem with large data set analysis.

The thing is we've known this for a very long time, to my knowledge it was being talked about in the 1980's with respect to shared resources such as memory and DMA controlers. Yet as @Nick P used to point out they still kept happening with the likes of FireWire and similar "untrusted" communications busses, especially those used with high speed serial communications. It was not that long ago there was the "Evil Maid" attack on Apple computers with a not to difficult to make bit of hardware. And that was only a couple of years after the embarrassment of USB on Windows machines.

In short we keep coming back to a problem I've noted a couple of times which is "We are forgetting well within living memory". I think the first time the idea became solid was when discussing the fact that an old 80's MBR attack had been replayed very successfully and @Nick P and myself were both suprised by this loss of knowledge. By the time BadBIOS came along @RobertT and myself knew exactly how to do what was being tentitively talked about and gave sufficient details to do it. As usuall "the crowd" said it could not be done... Then when a couple of academic researchers went and did it "the crowd" were suddenly "all knowing" and every kid and his dog were doing it...

Sometimes I just wish "the crowd" would learn to read a book like those on puting code on I/O cards that got protectively copied into core memory as a BIOS function printed back in the 80s and 90s. The idea that IBM used they nicked from the Apple][ and nodoubt they nicked it in part from somewhere else. The one thing I do know is back in 79/80 it was discussed as a potential attack vector, but got shoulder shrugged as it was likened to a "Front Panel" attack which back then "everybody knew could not be stopped"...

For some reason we are not learning by past mistakes where solutions had been worked out. The solutions appatently forgotten by all but a few "cranky old greybeards" ;-)

As the old saying about history indicates, if you don't learn from history you are condemed to relive it... And so it appears we are every five years or so...

Not being funny but I can not remember an attack in the last decade or so that was genuinely new. They all had much about them that was old, most I could trace back to work published either before I was born or whilst I was still a youngster. And that should realy worry people...

I talk occasionally about the ISA-HL gap and how very few can actually work across it in a seamless way. The reality of Formal Methods is they don't cross the gap either, and certainly don't go lower than the CPU level.

Richard Feynman was famous for his "Plenty of room at the bottom" talk, it's about time we had one for ICTsec that actually got listened to.

[1] Much worse is that the touted solutions such as "Formal methods" are nearly all top down as well, thus fail easily to bubbling up attacks.

SamDecember 16, 2018 7:16 AM

@Wael & Clive

More marketing and misleading information by Signals "can't".

Signal runs on more than just mobile phones ( https://signal.org/download/ ) and Signal has had quite a few security issues over its lifetime.

T.O.L.A. is aimed at more than messaging applications.

Its every electronic device / service / website / etc the target of a warrant uses or has access to.

CallMeLateForSupperDecember 16, 2018 7:34 AM

@Sam
"Under the T.O.L.A., a capability notice would force [Signal] to create one[??], or send [Signal folks?] to jail and fine them after the app is banned."

I already have plenty of popcorn and a comfy recliner (because tRump), so am prepared for such an eventuality. To the larger of the southern Eyes I say, "Endeavor to persevere!".

CallMeLateForSupperDecember 16, 2018 7:54 AM

@Clive
"["Won't"] is not what the developer said, he used the word can't which puts an entirely different perspective on it."

A fine point but certainly fair to point that out.

Often, when one party says "I can't do it", the other side immediately retorts, "Can't? Or WON'T?". In the case at hand, Whisper Systems is saying "Can't, so won't". Your move, AU.

SamDecember 16, 2018 8:20 AM

@CallMeLateForSupper

Yes, that is in the legislation that has passed into Royal Assent ( https://www.legislation.gov.au/Search/Telecommunications%20and%20Other%20Legislation )

There is even longer jail terms and more in fines when combined with the other legislation covering encryption passed over the last few years in Australia.

Similar legislation is moving through the other 5 eyes countries, most of New Zealands encryption gear for government is tested in Australia, and I think all of their internet traffic routes through Australia as well.

Technically, the T.O.L.A. could be applied to any traffic going through Australian boarders.

Impossibly StupidDecember 16, 2018 10:28 AM

@Clive Robinson

For some reason we are not learning by past mistakes where solutions had been worked out.

The reason is that security (and other "forgotten" features) are not seen as an essential part of new systems. Couple that with the newcomers thinking they have to reimplement everything from scratch and the story writes itself. I can't count the number of even just the web stacks that have been rolled out in the last 20 years. And if that weren't enough of a clusterf*, they often come with their own package manager these days!

Nobody seems content to stand on the shoulders of giants. They think all giants need to die in the name of innovation. When they're gone, only then do people realize why they existed. New, lesser giants are created to fill the old niche, and the race to the bottom continues for another cycle.

JG4December 16, 2018 12:46 PM


I like the pressure cooker as a Faraday enclosure. I also like aluminum in general, but it has a tenacious oxide coating. It would be handy to nickel/silver plate the mating surfaces and use a conductive gasket. The claws do reliably contact, but there probably is some field leaking through the gaps.

I must have done a bad job of deriving the need for security from entropy maximization, but that explains most of the problems on your planet. I hope that everyone is getting trained to check nakedcapitalism for security news to discuss.

https://www.nakedcapitalism.com/2018/12/links-12-16-18.html
...

How I Quit Apple, Microsoft, Google, Facebook, and Amazon Motherboard (martha r)

Where Can Apple Make Its iPhones If Not In China? International Business Times

Apple Computers Used to Be Built in the U.S. It Was a Mess. NYT
...

[Starfish Prime]

Germany wins access to world’s biggest lithium deposit Handelsblatt

Big Brother IS Watching You Watch

China Is Now the Greatest Threat to Americans’ Privacy Bloomberg

Google says it won’t sell face recognition for now—but it will be hard to slow its use MIT Technology Review

British Security Service Infiltration, the Integrity Initiative and the Institute for Statecraft 456 Craig Murray
...

[I try to stay away from politics, but this is too ironic to ignore, given all of the hyperventilation over the Russia connection]

‘Unregistered foreign agent’: Clinton Foundation oversight panel hears explosive testimony RT Chuck L: “I’m shocked, shocked that there’s barely a peep about this in the MSM.”
...

Clive RobinsonDecember 16, 2018 4:13 PM

@ Wael, BSPMBS,

Military monkey-wrench.

Don't you have to feed them like any other wench?

Bong-Smoking Primitive Monkey-Brained SpookDecember 16, 2018 5:13 PM

@Clive Robinson:

Don't you have to feed them like any other wench?

If only I were royalty. ';-*)

TõnisDecember 16, 2018 8:59 PM

"'If you've got Firefox or one of its derivatives (Waterfox) on Windows, see if you've got a hidden file called SiteSecurityServiceState.txt after you log out… Windows 7 Pro system this has a list in plain text of every site you visited'-godel"


I use Edge, not FireFox, but I searched my Windows 10 box for the file and found it. It has one long entry referencing TOR, probably because I used TOR last night to visit one site.

GeorgeDecember 17, 2018 4:36 AM

Firstly contrary to a lot of US inspired "title tatle" Huawei are one of the worlds leading telecoms R&D houses, the result of this is they have between 10 and 15% of the fundemental patents required to build 5G.

Interestingly, I suspect reducing the number of state issued H1Bs may have a detrimental effect. As the West slows down its solicitation of top tier academic talents, who stayed to work in the Industry, and contributed partime to many of our so-called intellectual patents, which they in-turn allegedly steal, Chinese R&D houses such as Huawei are the ones picking up the slack. In terms of surveillance, the situation is certianly in favor of a collusion among both deep states.

Clive RobinsonDecember 17, 2018 7:01 AM

@ Sam,

T.O.L.A. is aimed at more than messaging applications.

Yes, which is why I think their real target is the likes of Apple and Google, and the hardware manufacturers.

Force it into the OS or lower and it's not just got a much broader reach across anything that uses plaintext through the device HCI API, it's also a lot less stress than going after every individual app writer many of whom are not in Aus or easy to get at from Aus.

Pluss if they can do what the FBI/DoJ could not do, which is bring "Apple to heal" then they can self congratulate themselves with a bottle or three of cheap Japanese whisky (or whatever other "gut rot" the Labour Party drinks out there these days).

However I can see one thing Aus will almost certainly consider doing. As I've mentioned before the radio modem in mobile devices has an electronic serial number that is unique. But like Ethernet card MAC addresses you can identify the equipment manufacturer and other things by it. Single or entire ranges of devices can be locked out of using the mobile networks at a few key presses at a keyboard. It was touted a couple of decades ago as a way to cut down on "phone theft" but, did not work as many countries the stolen phones ended up in did not block the phones. However ad it's on the Aus Gov's "home turf" it would work for them.

By all the signs the Aus current political encumbrants would be daft enough to go down that route. But they may not have to, Aus is not America. Aus is a market that "can be ignored" by Apple and quite a few other hardware manufacturers yes it would hurt the balance sheet a bit, but then Apple have already told shareholders they are nolonger going to say how many units have been shipped, so it might be hard for anyone but Apple execs to see.

Back when the US passed it's "health&safety" excuse legislation to GPS every phone their market was then big enough to make it easier for phone manufactures to just put the GPS chip in all phones. Aus is not that big a market, phone manufactures would have a difficult choice with "backdoors" as unlike GPS they don't have a "spin up" side to them marketing wise, though I'm sure some will try with some kind of,

    Show your not a criminal buy XXX phones with that backdoor assurance from your carring Australian Government

My personal view is that RIM/Blackberry made a mistake with Pakistan. They should have called their bluff and pulled the plug rather than acquiesce thus ensure their own reduction in popularity by going along. Which was further not helped by the UK Met Police revealing that during the "London Riots" they had been reading looters Blackberry messages in real time.

One thing that people have to remember is that small Governments have limited choices, some have a GDP less than a major corporates turnover. If companies are prepared to say "No" and pull out then the country gets not just a bad reputation, it also effectively gets "closed out" of future technology... But other small countries get sent a message, much as the US sends when as US Gen Curtis LeMay so succinctly put it "We bomb them back to the stoneage"...

The US is currently trying an interesting game with 5G, put simply they want to kill it off for various reasons.

In part because Huawei and ZTE have put more R&D effort in than any other organisations or in some cases nations. Thus they have around 15% of the patents world wide to do with 5G, which leaves the US in a weak position similar to when GSM hit US shores and "just worked" not just localy but where most businessmen wanted to go in the world. Unlike the various incumbents offerings (most of whom dipped down and are now foreign owned).

But also there are increasingly believable stories going around that the US IC due to a "skills shortage" rather than develop attacks on Digital Mobile have lent on certain manufacturers to get the "covert" access they want. But... not with 5G Huawei and ZTE who have not played ball with the US IC, likewise other Chinese based manufacturers of telecoms equipment or sub components...

Thus when Iran started puting in Chinese telco kit to replace Five-Eyes kit, the NSA started getting that "gowing dark feeling". But it brings up an ironic point, the US allegations boil down to the founder of Huawei is "to close" to thr Chinese Gov "Because he used to work for their IC"... If we noe apply the same logic to US and Israeli companies and other Western nations, how many companies should also be banned (if you know anything about the telco market you would know that would kill nearly every major telco dead in the water, because they are all loaded with ex Mil/IC/SigInt so the "finessing of International standards" carries on).

But there is another point in the US originated "p1551ng match" the FBI/DoJ tried it on with Apple and realised they had effectively screwed up big time... So in effect from the DoJ and other US agencies perspective "Huawei are China's Apple" and they are going for a replay on a pitch they have rigged in their DoJ's favour and the effective "kidnapping" of the founders daughter is "Sending a Message" not quite Curtis LeMay style more Duke Leopold of Austria in 1192 style. And probably just as illegal (see Pope Celestine III decree about crusaders).

The whole mess suggests that the last place anyone who has half a mind towards security should buy telecoms kit is any of the Five-Eyes nations or their extended circle...

But geting back to Aus if the mainline phone and mobile device manufactures do "pull out" what would be left?

Lets see it would leave Aus the options of Huawei and ZTE for 5G which they have banned or those other "no name" Chinese manufacturers for 4GLTE or less. As we know those "no names" funnel as much Private Personal Information back to their servers in China as they can. Not to spy for the Chinese Government, but to chase those loose US Marketing dollars that's the only way they can make profit...

Oh and let's not forget, of course it could be the "God given gift" to Microsoft. To enable them to get their mobile device show back on the road... But as we know MS OS's are effectively "backdoored by default" to their cloud etc, thus as third party business records available to whoever writes a single page letter...

CallMeLateForSupperDecember 17, 2018 10:06 AM

@Sam
"'Endeavor to persevere!'. ?"

I quoted from the 1970 movie "Little Big Man".

RG-2December 17, 2018 3:19 PM

Recent Google China Time-Line
2015
Google ‘never left’ China
Search giant has been blocked on mainland for years but may enjoy more leverage as separate units can operate with greater autonomy in wake of (Alphabet) restructuring.

Alphabet CEO Quote: “Huawei, after many years, have produced an extraordinary set of mobile phones,” he added, explaining why Google picked its first (closely government) Chinese smartphone partner for its Nexus smartphones.[1]
Social media giants Facebook and Twitter operate in a similar way. They have both opened offices in Hong Kong to cater to Chinese clients who wish to advertise on their respective platforms.
https://www.scmp.com/tech/enterprises/article/1874890/google-never-left-china-alphabets-eric-schmidt-says-tech-conference
https://www.scmp.com/tech/enterprises/article/1874373/google-co-founder-brin-says-some-alphabet-business-units-may-soon

[1] does Huawei also manufacture Google Pixel phones?

8-9-2018
Google acquired the Chinese website 265.com in 2008
Google has been collecting from Chinese users’ searches on 265.com is being used as the framework for the Chinese censorship-friendly search project they started developing last year. (Google currently doesn’t run a search engine in China, so the data is sent to Baidu to render the actual search query results.)
According to documents, Google’s engineers are using this data to develop a list of websites blocked in China in order to provide the most relevant, non-blocked search results for queries in its new (secret Dragon) search app. There’s reportedly already a working, functional version of this censored search app.
https://mashable.com/article/google-265-com-china/

11-6-2018
Strange Snafu Misroutes Domestic (Washington DC) US Internet Traffic Through China Teleco
Telecom with ties to China's government misdirected traffic for two and a half years!
https://arstechnica.com/information-technology/2018/11/strange-snafu-misroutes-domestic-us-internet-traffic-through-china-telecom/

11-12-2018
Google Internet Traffic Wasn't Hijacked, But It Was Out of Control
For two hours Monday, internet traffic that was supposed to route through Google's Cloud Platform instead found itself in quite unexpected places, including Russia and China

12-14-2018
At Gathering of Spy Chiefs, U.S., Allies Agreed to Contain Huawei
Spy chiefs from the West’s most powerful intelligence alliance agreed in a July meeting in Canada they needed to contain Huawei Technologies Co., according to people familiar with the matter, punctuating years of worry about the Chinese maker of telecommunications equipment.
https://www.wsj.com/articles/at-gathering-of-spy-chiefs-u-s-allies-agreed-to-contain-huawei-11544825652

12-17-2018
Google’s Secret China Project “Effectively Ended” After Internal Confrontation
Google has been forced to shut down a data analysis system it was using to develop a censored search engine for China after members of the company’s privacy team raised internal complaints that it had been kept secret from them, The Intercept has learned.
https://theintercept.com/2018/12/17/google-china-censored-search-engine-2/


Credit Where It is Due
The author acknowledges this successful Five-Eyes Bit*h Slapping Campaign ending Silicon Valley’s preference toward brutal, authoritarian, total-surveillance governments[2]. Let Freedom Ring!

[2] Stuff like forced slave-labor reeducation camps, imprisoning people of faith, globally putting poor nations massively into debt


Related:
12-4-2018
China Maneuvers to Snag Top-Secret Boeing Satellite Technology
http://news.morningstar.com/all/dow-jones/industrials/201812047556/china-maneuvers-to-snag-top-secret-boeing-satellite-technology.aspx

TatütataDecember 17, 2018 4:00 PM

Slate ran a piece today titled Why Wikipedia’s “Nuclear Option” Is the Right Call - A bureaucratic change is coming, in part to keep Siri and Alexa from giving people bad information.

The title is somewhat misleading (I initially though it was a piece on how to somehow prevent big tech from freeloading on volunteer work), as the article is really about how Wikipedia administrators respond to various content modification attacks, including those resulting from compromised credentials. All administrators being equal, an administrator could block another one, but until recently, the blocked target could un-block itself. If I understood correctly, the idea was to prevent an attack where a compromised account could be able to lock out every one else.

SamDecember 17, 2018 6:23 PM

@Clive Robinson

Its the Liberal National Party, ( LNP ) which has pushed the AssAccess Legislation through, not the Labour Party ( ALP )

Targeting commodity hardware and operating systems is only good for MASS surveillance. A bit like what the NSA has done to AMD, Intel, Sun Microsystems, Oracle, Microsoft, Apple, etc, etc

Organized crime has enough cash in its back pocket to buy their own Apple / Microsoft / etc and develop their own hardware / operating systems which would put any actions by T.O.L.A. out of reach.

Who on earth would use a mobile phone for criminal activities without using a method of obfuscation or verbal codes to convey messages ? https://en.wikipedia.org/wiki/IMSI-catcher Organised crime has more devices than law enforcement

WeatherDecember 17, 2018 6:25 PM

Sha128 and sha2 without the 512 truncated to 256 as a avalanche factor of 1.67 if you have two equal char AA the second will be 1.67 times more if AG you have another multiple, but one is fixed at byte set the other something else, the graph table like probability and chance can narrow it down

ThothDecember 17, 2018 7:15 PM

@all, Clive Robinson

re: Blackberry claims to have no Backdoors

It doesn't really matter what the claims are about "BB has no backdoors". They do not need some fanciful names and every step of the process guarantees that Exceptional Access will occur with least restriction.

1.) Chip manufacture phase - do you trust the chipset ? You can burn a hard-coded binary key in via the OTP memory cells and you have the NSAKEY. Most of the OTP memory are not very big so the best option is a 256-bit NSAKEY inside.

Bias "TRNG" generator can be built into the chip here as well.

2.) Chip firmware personalization phase - you add your firmware and your Secure Enclave codes if you purchased license from ARM/Softbank and had the NDA with ARM/Softbank signed. You still have a chance to hard-code your NSAKEY inside assuming you used the OTP memory for your ECC-384 or RSA-2048/4096 public key for the "(Un)Trusted Boot" bootloader phase.

You can modify the RNG from software and ensure the RNG always behaved as expected to you but still looks random to the observer even with all the RNG test kits out there. As @Clive Robinson said, just use some "magick pixie dust" and the RNG will pass the RNG test kits without a problem (i.e. SHA256 hashing).

3.) App & Networking layer phase - You can use your Secure OS environment (your Secure Enclave enabled phones usually run a Userspace OS in Android or iOS and a secretive Trusted OS usually in a lightweight Linux kernel or a L4 microkernel or both). If you detect "offending executions", you can modify it to your heart's content because you control the booting phases, OSes and so on and the Secure/Trusted OS layer always have more access to hardware pheripherals and has higher privilege (negative ring privileges) and typically your execution would be monitored by the (Un)Trusted OS layer which could intercept your instructions and you don't even know it happened. Because the (Un)Trusted OS layer has direct access to the networking layer, it can quietly send your execution data and instructions over the network or physical pheripheral layer (Ethernet, WiFi, GSM, Bluetooth, Infra-red, NFC, USB ... whatever) to whomever it wants to without even you detecting it because you are locked in the Userspace OS layer and have no such privilege of direct hardware access which the (Un)Trusted OS layer has.

4.) UX layer - Similar to the #3 layers but this time it controls the rendering which you are dependent for information. It is the same as #3 but the extra step is it modifies you GUI and you don't even know what is going on because your GUI has been compromised by a malicious (Un)Trusted OS layer and not to forget your GUI rendering to the screen has to go through the (Un)Trusted OS layer as well before it gets delegated to the screen drivers and stacks before rendering so the (Un)Trusted OS layer has all the privilege it wants to do ANYTHING to your GUI rendering requests.

Pick ANY layers you think you are secure. You can use Signal, Telegram, WhatsApp or whatever all you want. You are NEVER going to be out of it's grasp and control.

This is not just applicable to smartphones, tablets but also servers, laptops and desktops because they are all equipped with similar technologies.

You can attempt to escape from their control but you have no way to hide for the most part.

It is not just as @Clive Robinson mentioned, a "Bubble-Up" control but an "Omni-Present " Control.

The @usual_suspects have posted a lot of methods which are clunky and cumbersome but they are there for a reason.

WeatherDecember 17, 2018 7:42 PM

It takes a db interrupt to access that,how was first,yes the still leak information, but that changes on state, YOU disreceet it based on source,maybe you need to support Iran at the Afghanistan Congress, you can't call int with out a drop, you set it up this way

Wesley ParishDecember 18, 2018 2:35 AM

Just to help those of us with memories of the USA-USSR Cold War sleep more easily at night:

US Ballistic Missile Systems Have No Antivirus, No Data Encryption, and No 2FA, DOD Report Finds
https://news.slashdot.org/story/18/12/17/2326236/us-ballistic-missile-systems-have-no-antivirus-no-data-encryption-and-no-2fa-dod-report-finds

pointing to

US ballistic missile systems have very poor cyber-security
https://www.zdnet.com/article/us-ballistic-missile-systems-have-very-poor-cyber-security/

No data encryption, no antivirus programs, no multifactor authentication mechanisms, and 28-year-old unpatched vulnerabilities are just some of the cyber-security failings described in a security audit of the US' ballistic missile system released on Friday by the US Department of Defense Inspector General (DOD IG).

[...] etc
The MDA currently has 104 ballistic missile locations and plans to build another 10. But if it doesn't improve both its physical and cyber-security protections, these bases could be easily attacked in case of a conflict. The DOD IG report made a set of recommendations that top officials and the rest of the MDA bases are now supposed to review and implement.

In October, the US Government Accountability Office (GAO) found that new next-gen computerized weapons systems that are currently under development at the Pentagon also featured similar cyber-security-related problems and were easy to hack.
No, on second thoughts, it's a job security feature of the US DoD designed to keep child psychologists still working on curing adults still bedwetting after learning to do so because of their nation's incompetent leadership ... That, my US amigos, is an example of your taxpayer dollars at sleep.

Wesley ParishDecember 18, 2018 3:18 AM

So we have Yet Another Set of articles on Huawei

'No evidence' of Huawei spying, says German IT watchdog
https://phys.org/news/2018-12-evidence-huawei-spying-german-watchdog.html

"For such serious decisions like a ban, you need proof," the head of Germany's Federal Office for Information Security (BSI), Arne Schoenbohm, told Spiegel, adding that his agency had no such evidence.

I always thought reading one's own bellybutton/navel was a bad way to amass data. Nice to know I'm not the only one.

Now we jump to

US urging allies to shun Huawei: WSJ
https://phys.org/news/2018-11-urging-allies-shun-huawei-wsj.html

The United States is trying to persuade wireless companies and internet providers in allied countries to shun equipment made by Chinese telecoms giant Huawei, citing cyber security risks, The Wall Street Journal reported Friday.

And guess what - this is a real doozy and is probably the real explanation:
China's Huawei under US probe for Iran sanctions violations: report
https://phys.org/news/2018-04-china-huawei-probe-iran-sanctions.html
Its US business has been tightly constrained by worries it could undermine US competitors and that its cellphones and networking equipment, used widely in other countries, could provide Beijing with avenues for espionage.

Nota bene that slip of the tongue "it could undermine US competitors". According to the sacred doctrines of capitalism as loudly proclaimed by the likes of the various beneficiaries of the Chicago School over the past four decades, if a business cannot compete, it goes under, to make way for better competitors. And likewise, the Chicago School loudly proclaimed that business (untrammeled by state interference) would succeed, whereas if it was trammeled by state interference, it would fail. It begins to look as if the (real) US national anthem is:

Pack up your troubles in the old pork barrel and smile, smile, smile ...

Clive RobinsonDecember 18, 2018 7:50 AM

For those still interested in QKD

Very little has been heard about Quantum Key Distribution (QKD) outside of some of China's "advanced" satellite technology for quite some while now.

One of the reasons is the technology is if done properly highly expensive and extreamly fragile. Another is the very short range-v-bandwidth issue which brings the speed the Quantum One Time Pad (Q-OTP) is generated at well below usefull communications speeds.

So the "Commercial QKD Market" cheats. Firstly it does not use individual photons, which are difficult and expensive to generate, it just uses an ordinary laser with it's output turned down very low to "kind of simulate" single photons... Secondly due to the very low bandwidth thus very slow rate of Q-OTP generation, rather than use the theoretically secure Q-OTP to send communications, they send only bits used to make standard crypto keys so your communications only gets sent with the security of the likes of AES. In effect QKD only replaces a part of the Key Managment (KeyMan)[1] process.

Which when you also add in another quite serious issue of currently commercial QKD systems are only "Point-to-Point"[2] in nature, it's easy to see why it's at best a niche market.

However... the point-to-point issue may be about to very partially resolved,

https://arstechnica.com/science/2018/12/conservation-of-energy-used-to-parallelize-quantum-key-distribution/

Personally I don't think this is going to change very much for various reasons, not just that it's only a "One-to-few" very short range relationship, or that the optics price will be very very high.

We still need longer range, higher speeds and most importantly proper switching all with guarenteed "End to End" security and nobody is seeing those on the horizon currently...

One argument you do hear occasionally still is the use of OTPs to send AES or other symetric keys and it's the old "Don't underestimate the bandwidth of a 747 full of DVDs" one. That is you can get one heck of a lot of data shifted in one go if you don't mind the latency. But if the data being shifted in one go is Key Material (KeyMat) it means you can send as much message data as you want with minimum latency, provided the KeyMat has already arrived at the message destination.

The problem is that KeyMan[1] is neither an easy or simple thing to do at the best of times QKD was "supposed" to resolve that, but in practice it does not, as it mainly inherits the "cabled data comms" issues. Thus shipping OTPs around the world for normal not emergency use is not realy practical.

[1] Key Managment (KeyMan) is a complex process involving lots of physical security, tracability and audit from Key Generation (KeyGen) through to Secure Destruction. Whilst apparently moderately easy for a single point-to-point link from the 20,000ft view, it rapidly becomes practically near impossible with as little as ten freely interconnecting nodes in a network (the old 0.5(n^2-n) issue of adding n more OTPs every time you add a new node).

Which is why star networks and single ring networks tend to get implemented. With the star "Home and Outstations" "Fleet broadcasting" system favoured as it minimises "On Air" time by the outstations thus in the past increasing their security (German U-Boat communications being the prime example most documented). It's been reliably used by Diplomatic Missions, Spys and "Stay behind" forces since WWII and has survived into the satellite era with little or no change, but not the cabled daya comms age of the Internet due to the non broadcast nature of the underlying technolog.

MarkHDecember 18, 2018 8:31 AM

Yes, They're Really That Clumsy

Since 2014, Russia's vigorous defenders (including some in the commentariat here) have sometimes made an argument along these lines: "the attack was made in a sloppy/amateurish manner, whereas organs acting for the Russian Federation would have done much better."

As a prolific visitor to Russia, I pushed back against this premise. Russia's capacity for shambles (at every level) seems inexhaustible.

A Russian journalist entertainingly explains how it's possible for Russia's presumptively covert operations to be so incompetent (NY Times) ... particularly in contrast to the relative competence* of operations in the Soviet era.

My short summation:

1. In the present Organized Crime State, the parameter which must be optimized in each organization is corruption, which works relentlessly against competence.

2. Efficient security organs would pose a potential threat to the Kleptocrat in Chief, who is famously (and by way of self-fulfilling prophecy, justly) terrified of being deposed, arrested or assassinated from within his own empire.

Personally, I would add one more thesis:

3. The pervasive deep cynicism in contemporary Russian culture, with its concomitant "rules are a joke, or at best mere suggestions" attitude. This mindset is incompatible with strictly disciplined modes of action.
____________

* Students of espionage history will recall embarrassments from the Soviet days, though the overall level seems to have been much higher than today's.

Clive RobinsonDecember 18, 2018 8:38 AM

@ Alyer Babtu,

So, does Google really now own the internet ?

Their managment certainly thinks it does and has done for quite some time. How long is anybodies guess, but the fact they drove the vangard at the United Nations ITU Telcom World 2014 meeting to keep the Internet in US hands tells a story in it's own right...

Samantha Dickinson of the lingua synaptica blog wrote a piece for the Guardian[2]. In it you will find refrence to the USG being quite the bad boy at the conference with this little line being a very telling point,

    USA tainted its image early in the conference, when it criticised the chair of the group handling internet and cybersecurity related issues.

The critisism was of the US under the Obama Adminstration trying to hand "government powers" over to "US Corporates" in the sort of tricksy way it had with the PPT negotiations.

Which drew ire from US secretary of commerce, Penny Pritzker, telling a key group of internet folk in her speech,

    “We will see proposals to put governments in charge of internet governance. You can rest assured that the United States will oppose these efforts at every turn.”

Which at Doha 2014 put Google in a front seat, much to the significant anoyance of most governments attending. Put simply they want more control over their segments of the Internet and the Obama Administration wanted to give it all to Silicon Valley Corps, and maintain the US control of the lower layes of the stack with an "All roads lead to Rome" model that would have maintained the US NSA, UK GCHQ and other Five-Eyes SigInt agencies stradeling the choke points where any kind of anonymity the likes of Tor could offer would be ripped away.

[1] https://linguasynaptica.com

[2] https://www.theguardian.com/technology/2014/nov/07/how-will-internet-governance-change-after-the-itu-conference

vas pupDecember 18, 2018 3:05 PM

@Bruce: I know you are interested in problem of lying (you even wrote a book about that).
I just found in United States v. Alvarez (p.3758) - sorry just found print out - can find a link:
"Saints may always tell the truth, but for mortals living means lying. We lie to protect our privacy..., to avoid hurt feelings..., to make others feel better..., to avoid recriminations...,to prevent grief...,to maintain domestic tranquility...,to avoid social stigma..., for career advancement...,to avoid being lonely...,to eliminate a rival.., to achieve an objective...,to defeat an objective..., to make an exit...,to delay the inevitable...,to communicate displeasure..., to get someone off your back...,to escape the nudnik...,to namedrop...,to set up a surprise party...,to buy time..., to keep up appearances...,to avoid taking out the trash..., to duck an obligation..., to maintain a public image..., to make a point..., to save face...,to humor..., to avoid embarrassment..., to curry favor..., to get a clerkship..., to save a dollar...,or to maintain innocence.
[Judge O'Sullivan provided examples on each which I substitute by ...].

ATTENITION: That all above is not applied for lying to feds -18USC (1001) will applied regardless that your lie could be considered innocent by any other reasonable person.

Wesley ParishDecember 19, 2018 3:42 AM

@usual suspects

This might interest you:

New Zealand quake victims spied on: report
https://www.news.com.au/world/breaking-news/new-zealand-quake-victims-spied-on-report/news-story/efe6713582364e64ce5e4fcd5797c0a1

"It is never acceptable for an agency to undertake targeted surveillance of a person just because they are lawfully exercising their democratic rights ... That is an affront to democracy," SSC commissioner Peter Hughes said.

And
Use of private investigators exposes carelessness about role of the government
https://www.stuff.co.nz/business/109450253/use-of-private-investigators-exposes-carelessness-about-role-of-the-government
The release on Tuesday of a report into the use of "external security consultants" - private investigators - contains some highly concerning revelations, especially in a country which tries to make out that the arms of the state are held to the highest standards.

[...]
But beyond this, and without a clear contract, Southern Response also continued to use the private investigators for what amounted to "monitoring [of] its corporate reputation".

Nobody's impressed.

Clive RobinsonDecember 19, 2018 5:51 AM

@ Rach El,

Ahh The Moon of Alabama, does provide fun reading.

This in particular made me smile,

https://www.moonofalabama.org/2018/12/the-strange-mind-of-christopher-nigel-donnelly.html

It's nice to know that Sandhurst (UK Army Officer/Staff College) can still "crank" them out. It's also funny that his initials are the same as the Campaign for Nuclear Disarmament...

The CND organisation has likewise provided light relief for many many years with the UK Security forces both MI5 and Met Police Special Branch trying to "infiltrate" it. Then finding that not working trying to act as "agent provocateurs" and finding that not working trying "love int" tactics which again did not give the security forces the "oh so secret inner circle"[1].

Aside from uncovering a highly illegal "Knitting pattern swap group" the security forces were stumped. But in their paranoia they knew there must be some secret Russian spy ring in there...

The problem is there never was, CND was set up with a totaly open policy, any one could attend any meeting, take notes even film and photograph, see any of the paperwork including the financial records and even who had "chipped in to the tea club with biscuits or milk or teabags...

Apparently such amature openness was to the security services could only be a perfect Russian Cover expertly organized.

There was even one incident that was totally "Tom Sharpe" MI6 tried to oh so secretly do what MI5/Special Branch had not and sent a man in. Low and behold he discovered "secret goings on" there were people with realy good fake identities as good as the security services themselves could provide... Turns out he had found with a little help from CND members who pointed him that way MI5 and Special Branch "deep cover" Operatives...

The thing is the CND members "wooly hatted" though many were were not "wooly headed" and they could usually spot fakes better than the "Antiques Roadshow", thus tended to point such people at each other, if for no other reason just to keep them out of their hair.

Being "Open" does not mean being "Not Observant", and provided you stick with it, being totally open is generally properly democratic and thus keeps everyone out of trouble.

[1] A story is told about how one deep cover operative set up home with one member, eventually getting both a house and a cat together... Come the eventual seperation the operative got custody of the cat, whilst the member got custody of the house, that had been paid for by the operatives employeers...

RG-2December 19, 2018 7:00 AM

Silicon Valley Innovation

The Fake, Lies and Deception
NYT: Facebook allowed Microsoft’s Bing search engine to see the names of virtually all Facebook users’ friends without consent, the records show, and gave Netflix and Spotify the ability to read Facebook users’ private messages.

The social network permitted Amazon to obtain users’ names and contact information through their friends, and it let Yahoo view streams of friends’ posts as recently as this summer, despite public statements that it had stopped that type of sharing years earlier.
Now accepting nominations for The World’s biggest habitual lairs:
a) Silicon Valley
b) The Administration
c) The Clapper
d) Corporations
d) Big-Data
https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html

Targeted Advertising Stunts The Human Race
Following advertisers lead, young people present themselves as fairy tale perfect on social media. At 13 these mature individuals are pressured to giving their highly sensitive life’s schoolwork over to Big-Data.

Smart-Phones Over Humans Relationships
Those connected only get human feedback after revealing their most ‘secret desires’ to the big-data dating apps[1].
Teens living under an uncontrolled fantasy fake, connected-life will frequently lead to a lonely adult lifestyle[2]. We all know it gets worse...

Those raised without The Internet experience a chronic corporate dishonesty and incompetence from these stunted zombies. Living in the artificial Click-Bait Society has become a truly a heartbreaking experience.

The solution to this exploration and manipulation is simple:
Privacy is Necessary to Nurture Human Relationships[3]

[1] Big-data smart-phone relationship skews priorities by creating arrogance, dependency and selfishness. Their is no room for another human when you are treated to the instant gratification of being ‘King Of The World’ and ‘The Center of the Universe’. No wonder many country’s ban porn.

[2] hence ‘end of human race’ or ‘why screens are banned in Silicon Valley Homes’. Those that collect it realize that Big-Data has become the Root-of-All-Evil

[3] Otherwise, as we can clearly see, our transgressions will destroy us

FaustusDecember 19, 2018 8:33 AM

@ JG4

I appreciate your the effort you put into your posts and your general upbeat demeanor but this gives me the willies:

"I hope that everyone is getting trained to check nakedcapitalism for security news to discuss."

You flog this site so hard that I have to assume you are connected with it in some way.

It is simple logic that a "news" outlet controlled by investment bankish Aurora Advisors http://www.auroraadvisors.com/what_we_do.htm with this list of "accomplishments" is not a true critic of capitalism.

What they are really doing is a little hard to discern. Market manipulation?

So much critique is coopted and astroturfed. Caveat lector.

JG4December 19, 2018 12:25 PM


@Faustus - My only affiliation is using them as a source for the morning news that is complementary to this forum. And being a correspondent of the ringleaders - no money has changed hands, not even donations from me. You could call it handy filter/aggregator. I'm delighted with the mix of content that they link. They can't link anything that isn't published, so it's far from perfect. Fair enough that they have an axe to grind. The one I see most clearly is that they were early, loud and long in calling for criminal sanctions against the banks. I've called for burning at the stake, so they look fairly moderate to me. They were catalytic in helping me see a bigger picture than right libertarian. I laid out some of the background here.

https://www.schneier.com/blog/archives/2018/01/friday_squid_bl_608.html#c6767883

How could you go wrong with content like this?

https://www.nakedcapitalism.com/2018/12/200pm-water-cooler-12-18-2018.html
...
Tech Dystopia (1):

Andrew Crow@AndrewCrow
· Dec 17, 2018
Updating the firmware on my toothbrush. AMA
Andrew Crow@AndrewCrow
My toothbrush wants to know where I am at all times. pic.twitter.com/SDdwUUVGJq
https://twitter.com/AndrewCrow/status/1074567796892172288
3,391 likes | 2:31 AM - Dec 17, 2018

Tech Dystopia (2):

Holly Jolly Brockwell@holly
This is why techy 'solutions' for ageing and emergency care scare me. This one went out of business and this poor woman probably died thinking someone had been called.
https://twitter.com/holly/status/1074653473873035266
1,094 likes | 8:12 AM - Dec 17, 2018
924 people are talking about this

Transportation:

James Wenzel@ratherbright
so a delivery robot caught fire on berkeley's campus and students set up a candlelight vigil for it
https://twitter.com/ratherbright/status/1073845768530714624
5,726 likes | 2:42 AM - Dec 15, 2018
1,733 people are talking about this
...

FaustusDecember 19, 2018 2:55 PM

@ JG4

OK, I take your word that you are only a fan of Naked Capitalism. I think the most significant thing to notice is that the owner of Naked, on its business website, does not express any of the ideals that its captive publication professes. You seem to be finely tuned to suspicion. Why don't you suspect this?

Naked Capitalism seems to intentionally write prose that is hard to scan. On a quick look I didn't see anything gripping or non-obvious enough to pique my interest. I'll try again later when I have more time.

I don't really follow how your "in the service" story led you to left libertarianism, but abandoning "reflexive" positions for thought-out ones is a strategy I can respect. I too am concerned about out of control police, and especially the negative impact on the non-privileged.

I have been to 3 of the 6 "well governed" countries mentioned in your link. They were nice to visit, but I prefer to live in a "less governed" country, which is where I spend most of my time now. (No, not the US!) There is a lot to be said for a government so lacking in resources that it has limited surveillance and oppression capabilities.


Clive RobinsonDecember 19, 2018 4:03 PM

@ JG4,

I've called for burning at the stake

You lack ambition ;-)

Historicaly there was,

"gelding and gouging" a process where your eyes and testicals were pulled not cut from your body. This was considered a minor punishment --as people survived-- for taking of the Kings game.

"Pressing" for people that refused to plead in a trumped up court, they were taken to the lowest darkest dungeon, chained on their back to the floor and a board was placed on their chest. Each day they had a large stone (10-20lb) placed on the board, they were not fed and only given brackish water from the prison walls.

"Little ease" is the name os a specialy constructed cell cut into the wall of a prison in which you cannot stand, sit, crouch, kneel or in any other way "take ease". You could be there for a year but generally you would be partialy crippled for life after less than a month, and the crippling would just get worse with time. It's known (UN Report) that the IDF have used similar techniques for "interogating" Palistinians including children, causing damage to internal organs such as the kidneys.

"Stocks" again forcing people into positions where they can not rest. These were often sited on the village green outside the tavern. Thus the unfortunate would "get used from behind" after dark to add to their woes.

"Racking" whilst the technique can with care ease back problems (true it's used in Easter Europe still as it's quite effective). This punishment was designed to cause not just pain on the rack but long after in the main limb joints and spine.

"Branding" In various forms from just shoving a smoldering branch against soft flesh through to irons and even molten metal...

"Breaking on the wheel" various forms of this but in the main designed to break the limbs. There was also an area of the face known as "the triangle of death" put simply the nose down to the base of the lower jaw if injured has a very high infection rate giving rise to sepsis and organ failure[1].

"Trial by..." various forms of these of which "waterboarding" would be considered the mildest though it can drive you quite out of your mind fairly quickly and permanently.

"Keel hauling" this is a jolly jap and gives the benifit of "trial by water" and "flogging". A sailor would be tied by two ropes one from his left wrist to left ankle the other from right wrist to right ankle. These ropes passed under the ships keel and two teams of your ship mates were tasked with pulling you from on deck on one side of the ship back to on deck on the other side of the ship. Your back would be towards the hull, which would have been infested with barnacles and ships worm. Thus like a load of broken glass, which would open your back up...

"Gibbeting" normaly people are told these were for displaying the corpses of executed highway men, pirates etc, which they were (see English Murder Act 1751). But not always, occasionaly lots of fun could be had by putting you in there alive you could then be subjected to various humiliations and slow tourtures untill dead. Thus kind of like an open version of the "iron maiden" only not[2].

"Hang, draw and quatering". There are two ways you can be hung by pulling up and the drop. The drop is supposadly instantanious (it's not the brain can remain concious upto a minute or more). Pulling up is a method of choking sometimes known as "the dance" it can take a long time to die that way for a small light person and odd things happen in the process[3]. Which is why the method was used to start a slow and involved execution method. When you were judged unconcious you were cut down and the base of you belly slit then you had a brasier put between your legs. As you came to your guts would be "drawn" out uncut and dropped on the brasier in front of your eyes. Again with the aim of you still being alive you would be tied by the ankles and wrists to horse that were whipped up to tare you into quaters. For various reasons --such as horses don't like pulling against each other-- this would fail untill the executioner started selectively cutting sinues etc (see death by a thousand cuts about just how long that can be kept up for). Finally your body parts would be hung up in chains/cages in various parts of town.

"Hurdling" no this is not a track sport however the name comes from the same place. A "hurdle" is a section of wicket fence often used for making "sheep folds". It is thus easy to tie someone to, spread eagled and to one or two horses, so you can be dragged around town on display to the citizenry as a warning while being taken for public trial or execution. However like "breaking on the wheel" you could be tied in such a way that your limbs would be broken in the process.

Anyway enough for one day, ther are plenty more for other days like "boiling alive" such is the "human condition"...

[1] Having had a broken nose a couple of times, a full fracture of the lower jaw and the resulting maxio surgery, as well as more recently sepsis, I can understand why this would be a favourd method of inflicting unpleasentness with a slow painfull death on people. As they say "Don't try this one at home boys and girls".

[2] The thing is the iron maiden is way more myth than reality, and were mainly drempt up in the 18th and 19th century to try and make medieval times look worse than the current times, so kind of "you've never had it so good" propaganda =:(

[3] I won't go into details but some people use it as a way of getting priapic self stimulation. Definitely don't try at home or anywhere else.

Rach El December 19, 2018 4:07 PM

Faustus

Editorial pieces on Naked Capitalism predicted the GFC and what was happening with the economy in Greece & and how they+EU would deal with it, long before it happened and before anyone else did/in contrary to opinions of everyone else.

It is a curated news blog with an informed commentariat

FaustusDecember 19, 2018 5:14 PM

@ Rach El

Who am I to stand in the way of confirmation bias? Nobody anticipated that Greece dealing with political pressure by handing out money would eventually lead to austerity being imposed on it by the EU? Nobody detected a housing bubble? Our memories differ.

But my point in that this supposed left publication is owned by dyed in the wool hyper capitalists. Have you looked at the Aurora website? Their clients proudly include McKinsey https://boingboing.net/2018/12/16/rationalizations-and-profits.html, Lehman Bros (Did Aurora predict that they would go bankrupt in the GFC?), and other icons of the left (yes, I'm kidding).

Rach ElDecember 20, 2018 1:41 AM

Faustus

Fair enough. It's good you employ critical thinking. It is important to question motives by observation in the manner you describe. As we have discussed on this blog, as I myself have pointed out when observing apparent altruistim others have 'fallen for'.
Employing Occams razor in a fashion, those of us who appreciate Naked Capitalism are able to do so on face value. The value of the curated headlines and the commentariat and the editorials. I have no skin the game. If I did surely I'd be more cautious. You are being reasonable enough. I just don't see a blog or similar site with content sufficiently unique and honest owned by either 'generous honest folks' or 'pirate equity locusts'

WeatherDecember 20, 2018 1:51 AM

Clive re jg4
They called it the rack back then, now its called Japanese rope bondage.
2 HP at least it wasn't 2 kW
;)

JG4December 20, 2018 5:44 AM


@Faustus - Your skepticism is a virtue. Fuller disclosure: I have been meaning to send them a donation to them for at least several years. And I donated some free consulting on the topic of electrical security, which I've been meaning to open source here.

@Clive - Thanks for the excellent tutorial on cruel and unusual punishment. I didn't see a mention of red hot pokers, but we are familiar with the story of Abner Louima. Can't recall if I posted the story where twenty of the same department's finest beat the daylights out of a guy for honking at them when they were jaywalking drunk. I think that they were out of uniform or he would have known better. I've tried a couple of times to locate a link using google without success. The signal of interest is drowned by countless other beatings of motorists at the hands of the guard labor. The robot police will be much more benign as long as they aren't programmed by psychopaths.

Cops Force Doctors To Probe Man's Rectum for Drugs -- Then Bill Him For It...
https://reason.com/blog/2018/12/19/syracuse-cops-force-doctors-to-probe-a-m

Speaking of 2 kW. One of my classmates was subjected to extrajudicial execution just a few miles from here. He was a troubled soul.

Human rights body calls on US school to ban electric shocks on children
https://www.theguardian.com/us-news/2018/dec/18/judge-rotenberg-center-electric-shocks-ban-inter-american-commission-human-rights

This has some implications for lie detection.

SOUL SEARCHING Chinese scientists to try to find the HUMAN SOUL with £100m state-of-the-art brain scanner
https://www.thesun.co.uk/news/8017068/chinese-scientists-to-try-to-find-the-human-soul-with-100m-state-of-the-art-brain-scanner/

https://www.nakedcapitalism.com/2018/12/links-12-19-18.html
...
Big Brother IS Watching You Watch

Man sues feds after being detained for refusing to unlock his phone at airport Ars Technica

As Facebook Raised a Privacy Wall, It Carved an Opening for Tech Giants NYT. I’m shocked, shocked to see that Facebook provided such access for tech behemoths.

Turning Off Facebook Location Tracking Doesn’t Stop It From Tracking Your Location Gizmodo
...

Clive RobinsonDecember 20, 2018 7:35 AM

@ Bruce and the usuall suspects,

It would appear Intel is opening up the FSP, which has significant security implications.

https://www.phoronix.com/scan.php?page=news_item&px=Intel-Open-Source-FSP-Likely

For those uncertain about what "Firmware Support Package" (FSP) is it's a little arcane and to do with how the CPU ISA and the internal logic meetup.

Back in the late 1940's it was realised that hard coding the CPU function in unchangadle logic was not the best thing to do as it reduced flexability and increased expensive design time as well as giving "Time to Market" quite a slap. Thus the idea was to do minimal hard coded logic using "Register Transfer Language/Logic" and use a hardware interpreter to go from the Istruction Set Architecture (ISA) to the RTL. The interpreter was essentially a fast counter and a very large diode latice ROM (see MIT Project Whirlwind). But this simple system had issues...

Maurice Wilkes who worked in the UK on their push towards computer design noticed a major failing. The high speed counter always had the same number of steps, to many for some instructions and to few for other instructions. He thus proposed in 1951 adding a second ROM that in effect alowed this defect to be recognised. Basically he added conditional execution, similar to a conditional in computer ISA executable code. One Diode lattice ROM generated signals in a similar way to the simple counter and ROM of Project Whirlwind. But the real innovation was with the second ROM selected one of a row of signals to start the next cycle. The "conditionals" were implemented in a way that a single line in the first ROM could choose from alternative lines in the second ROM. This ment that the control signals were conditional on various internal signals. Thus the Whirlwind simple counter got replaced by the equivalent of a state machine. Maurice Wilkes coined the term microprogramming to describe this feature and what goes into the ROMs is the "microcode".

In practice some base ISA instructions are hard coded in logic as are most RISC instruction sets as these are the fastest way to implement them. What are effectively "compound instructions" are put into microcode. This has the advantage that less information has to be stored in slow core memory which speeds up execution time over all which is why CISC instruction sets have seen favour. The reality is that all CPUs these days are an array of ALU's wrapped in a RISC logic interpreter that may also be further wrapped by a CISC microcode ROM and state machine. They are also most likely to be a Harvard Architecture with the bus sharing of the von Neumann architecture bolted on as outer logic wrapper.

As Intel discoverd the expensive way, recalling chips because they had defects in the microcode was an eye wateringly expensive mistake to make... So Intel decided to replace the microcode ROMs with RAM that obviously needs to be loaded at startup. However once the initial microcode map is loaded mistakes can be "patched" just as they can be with conventional software. Once you have this mechanism you can not only correct mistakes easily you can enhance the ISA at will which has the advantage of cutting down CPU development time. BUT thr downside that malicious microcode could change the way the CPU works which is a quite high security risk.

It is this loading and patching that the FSP does.

However the patches need to be stored somewhere and this is done as code signed "Binary blobs" that the BIOS code developers put in the Flash ROM the BIOS is stored in that the Motherboard manufacturer puts on the PCB. They can for historical reasons be hidden away in other Flash ROM such as I/O cards etc which is another security concern.

Clive RobinsonDecember 20, 2018 7:50 AM

...BREAKING NEWS...

UK Gatwick Airport closed 110,000 passengers effected by rouge drone use.

In what is terroristic behaviour but not believed to be related to terrorism, at least two larger drones have been poping up and down in a coordinated way around one of the UK's busiest airports since just after 21:00GMT yesterday.

Sussex Police have been unable to find / apprehend those responsible. All flights into Gatwick are being diverted or cancelled those wishing to fly from Gatwick are going to be sent to airports like Manchester several hundred miles from Gatwick.

Tentitively the airport will remain closed untill atleast 16:00GMT today if not later. Some indicate it could be days due to the fact that at least two drones are being used in a coordinated way and as of yet the police have failed to locate the operators.

No motive behind the coordinated actions of those flying the drones is currently unknown.

https://www.bbc.co.uk/news/uk-england-sussex-46623754

WaelDecember 20, 2018 8:31 AM

@Clive Robinson,

In reverse order ...

No motive behind the coordinated actions of those flying the drones is currently unknown.

You mean "known", I suppose? (double negative.)

UK Gatwick Airport closed

Late passenger: Yo, man! I won't make the flight! Woke up late and traffic is terrible!
Friend who reads this blog: No worrites. I have an idea ...
Friend who reads this blog: *Thinking*: 'Green Laser', "Drone", ...? Eeny, meeny, miny, moe... "Drones". it is!

a coordinated way and as of yet the police have failed to locate the operators.

So the guys at the air-tower are having fun! They both got the same gift and checking them out ;)
Good luck catching them!

Clive RobinsonDecember 20, 2018 9:24 AM

@ Wael,

Apparently Sussex Police have now moved "sniper teams" in.

The news is talking about shooring the drones down...

But lets be honest they are not large targets and they move quickly.

Thus the thought occurs has somebody in part of UK Gov given them the equivilant of "Find Fix and Finnish" equipment...

All you realy need is a helicopter and the appropriate Rhode&Schwartz receiver and LPDA antennas... Thus that's one operator to ride the beam in and one snipper to activate "the off switch" as it were.

Oh some drones have a "fly me back to takeoff" function that if the control signals get jammed it flys back towards where it took off from...

The thing is these largeish industrial drones, whilst costing a lot less than they used to are not at all cheap.

Thus the question of where did the buy them from and when arises.

Also these people have been at it for more than 18hours, which suggests there are more than just a couple of them. Which means it's been planed and coordinated with food water toilet facilites etc along with technical equipment like spare batteries chargers etc.

There is also suspicion they have been monitoring both the Airport and Police radios to help them avoid caprure.

What ever this is it does not look like it's a prank. The day that they have chosen is when the Christmas rush has started thus all UK and close EU nation airports are quite busy enough already. There are reports of people getting diverted to Paris and Amsterdam Airports which are not just miles away but countries away...

This is rapidly turning into a four bowl of popcorn event...

WaelDecember 20, 2018 9:33 AM

@Clive Robinson,

This is rapidly turning into a four bowl of popcorn event...

A four-bowl popcorn event! Now that tickled my funny gland ! The day has come when we enjoy security ... "failures"!

Five-alarm serious event -> four-bowl pop-corn event!

VRKDecember 20, 2018 10:27 AM

Gatwick Airplot:

What ever this is it does not look like it's a prank.

How about "how to justify legislation" to ban proliferation, production, sale, purchase, support and use of non-governmental bots, and get public support for it?

vas pupDecember 20, 2018 12:42 PM

@Clive on drones continued:
How can a drone cause so much chaos?

https://www.bbc.com/news/technology-46632892

"Lasers are another option and both the US and China have experimented with anti-drone lasers, that can shoot down a drone within seconds of locating it.

The weapon works by fixing a laser beam on the aircraft long enough to burn through it."

Rach ElDecember 20, 2018 1:15 PM

An AP piece on the Gatwick-drone situation

https://www.apnews.com/313575772ac14fc6a3b7d6edf960291d

'they are sure it's not terror related'

they just don't know if this word is a noun or a verb or an adjective, they way it keeps being slapped around. Wael published a list of 'terror' incidents in Australia from over the years recently and - well - did any incident really fit the definition of the word? Newspapers are pretty good at acting to incite fear with malicious intent


Clive RobinsonDecember 20, 2018 5:42 PM

@ Rach El,

they just don't know if this word is a noun or a verb or an adjective, they way it keeps being slapped around.

It also does not help that a "terroristic" action does not have to be "terrorism" by definition or legislation...

Thus sending a Clown to a fancy dress party where two or more people have phobias about clowns is a "terroristic" action even if there is no intent to cause "terror" thus legally without the intent it is not "terrorism".

But... Now it's been going on for more than 24hours it would be reasonable to claim that it is likely two or more people are involved. As the use of these drones in this was is now a criminal offence in the UK since July this year, we now have the dragnet of "Criminal conspiracy" involved, which usually has the effect of making the jury more likely to convict come a trial and also "upping the tariff" come the easier conviction. But just saying that those involved are facing upto five years in prison is not correct. There are a whole host of other charges thay could be brought against the opperators of the drones, some of which have way longer tariffs.

The fun one would be if those operators were "payed from the public purse in an official capacity" it would be proffessional misconduct whilst in office. Which could be twisted around to be "Malfeasance in public office" which I gather still has the option of a full life tariff.

But there is another reason for burying the operators in jail for ever and a year, the "economic cost to society" by the middle of tommorow around a 1/4 of a million people will have been affected. At a minimum of around £200 each. Then there are the costs to the airlines and other travel associated industries, including blatant profiteering by some such as taxi and coach suppliers. But there is also the cost to both police forces, now the army and a whole load more civil servants and other experts etc. This tab has got to be picked up and it's going to be hundreds of millions. This has to come from the UK Treasury, who are going to have to claw it back from somewhere. Which with UK politics as it is will almost certainly fall very disproportionatly on those at the bottom of society who can least afford it.

@ vas pup,

But there is going to be another mamoth expense involved. The press and "Opposition" are now calling the encumbrant Government "incompetent"... Which whilst true will get a "Knee jerk reaction" thus new legislation that will cripple the Radio Control and other hobby markets, but also a major major spend on defending airports against drones.

With over twenty airports to consider and total system costs being atleast 150million per airport not only is somebody going to get a fat payday the treasury will have another unbudjeted expense to pay...

One of the reasons this looks like this is chaos is that whilst there are lots of impressive sounding claims and product demo videos etc, most of the solutions out there have significan failings. With these failings being oh so easy to exploit by even someone of moderate intelligence. Worse the systems are horrendously expensive for what are little more than useless "boys toys" that in all probability will not be around for very long as the designers / manufacturers go bankrupt.

So realistically despite what the Opposition and press are saying it actually would have been irresponsible to invest in any of the systems, especially with the down side liabilities involved.

However the longer this goes on the more rapidly escalating the final bill to cover political embarrassment will be to the poor people of the UK. Thus the more likely the usless systems will be purchased just because of the same "Security Theatre" we saw after 9/11.

@ VRK,

The other thing is the longer it goes on the more likely it is that a proffessional team is behind it... Which as you note raises it's own set of intriguing questions...

Especialy when the "follow the money" reasoning gets a little warped with an ibternational spotlighted event like this. To see why a hypothetical argument of,

As a manufacturer of anti-drone equipment, or as a government entity looking to get a much larger appropriation to build your empire such as a defence entity, this incident is going to be a nice little advertising stunt to use as "real world example" of why you should get the money...

In the US conspiracy theorists have been known to call such events "fundraisers" or "benifits parties" when they think the MIC entities are behind it.

But more interestingly if you were actually doing such a thing you would not want "to dirty your doorstop"...

Thus you would want to "Play away from home", that is an Arms Length Autonomous Military Operation (ALAMO) model is what you would be looking for. With for "deniability" reasons, you would do it through a couple of cut-outs and Fronts and importantly "out of home jurisdiction". To make investigation by authorities difficult at best (with, if you were a thriller writer, atleast one of the cut outs being a crazy technocrat or international terrorist).

Either way you would do it in another country which is also a major "air travel hub"...

Even saying it's just hypothetical I'm wondering just how long it will take for it to be blaimed in the MSM or second rank media on China, Iran, Israel, Russia or the US, as North Korea does kind of look like "a reach to far" currently...

@ Wael,

Time to make another bowl of popcorn ;-)

This one did make me laugh,

    Detective Chief Superintendent Tingley said “we have a number of persons of interest that we are following up.”
    “We are following all lines of inquiry and that would include particular groups."
    “The military are here completely as a supportive role, it’s a police lead investigation and operation, and they are here to provide that additional support.”
    He added: “We have to work on the assumption that this is a professionally prepared drone with the intent of causing the disruption that it has.”

@ ALL,

Just to be realy "hip-n-trendy" whilst also being "totally off the wall" ;-)

    I propose that it will be found that there are no directly hands on operators piloting these drones. That it will be done by an AI system buried in a hill overlooking Gatwick receiving commands by satellite from abroad.

And if that turns out to be the case then yes I will have a hat I will munch. I will just have to ask the nice lady "flying spaghetti monster" aderhant I know to knit me one 0:)

Rach ElDecember 20, 2018 6:02 PM

Clive

Thank you for sharing about the costs incurred very pertinent.

Gatwick was chosen strategically? It's about middle sized, isn't it, bigger than Luton and Stansted from memory, but not Heathrow?

Like a magic trick people will be wondering how the operations managed it, what do you think?

"If your flight has been cancelled or delayed you have the right to compensation under European law. Under EU Regulation 261/2004, passengers are entitled to up to €600 (£536) in compensation when their flight lands at their destination more than three hours late"

Depends on the conditions but if rerouting is significant perhaps the compensation could be as much as 600

TomS.December 20, 2018 8:15 PM

@MarkH re: AeroMexico radome damage

Better coverage at Simon Hadrecky's "The Aviation Herald" [1]. Simon has a well deserved reputation for accuracy and responsibility. Mostly intelligent comment section with much professional participation as well, although not as good as it once was. No drone impact confirmed. No bird blood confirmed either. The radome isn't critical to flight. There are numerous examples of aircraft hail encounters where radomes and windscreens suffered far worse damage.

I'm not overly concerned with most drones hitting the nose, forward windscreens, or ingested by an engine on approach or takeoff. Certification requirements require an aircraft be capable of completing takeoff or landing while sustaining a complete engine failure. Commercial aircraft often collide with birds in Africa in the range of 30lbs. Virginia Tech ran simulations on turbofan engine ingestion of an 8lb drone. Unsurprisingly, the engine suffered major damage and would have ceased providing useful thrust. I didn't find the Virginia Tech CRASH lab online @ VT's School of Mechanical Engineering for further info.

Of more concern to me is the hard parts of drones affecting tail control surfaces. I don't know if drone debris could jam an elevator. I'd like to see wind tunnel tests on that.

[1] http://www.avherald.com/h?article=4c185005&opt=0

Clive RobinsonDecember 20, 2018 9:24 PM

@ Rach El,

No compensation...

The reason is the "extrodinary conditions" exemption that the UK CAA claimed faster than "a draw in the OK Coral".

As for London Gatwick it's self it's --supposedly-- the second largest airport in the UK, London Heathrow being the largest (not sure how the claims are arived at though). It's called "London's Second Airport" which also has City, Stansted, Luton, Southend and Lydd airports also being called "London Airports" even though they are some considerable distance away, though Southampton airport is not considered a London airport for some reason.

As for the actual "Denial of Service Attack" you could pick anyone of a number of airports around the world to do this, they are all currently vulnerable.

The problem for the attacker is covertness. These large industrial drones are quote noisy when taking off and landing, and you need to get them away from human ears either by hight or "hedge hopping" across agricultural land, preferebaly both. As the control frequencies are generally in the high UHF or low microwave bands line of sight operating is a requirment. However there is no reason why they could not be controled from a "mobile phone" at either end. Likewise you could make a second drone into a flying WiFi AP and have it work over several Km[1].

Anyone who is a serious self build drone hobbyist would know how to make a drone "land" and shut down all but it's control channel receiver and master microcontroler getting quit an extended battery life. There is no real difference in this respect between hobby and industrial drones except for the industrial drones tend to have bigger batteries and longer endurance.

So it is possible the drone is close to the airport and does a "popup on command" but the operator is several Km away.

With a little more knowledge the operator could be just about anywhere in the UK providing they can get sufficient return image bandwidth for actually flying the drone.

But... You don't actually need to see anything if you have the right kind of avionics. It is entirely possible to fly a drone in visually land it and reset it's home location which is used for "autopilot returns&landings" on loss of control signals.

In essence having got a safe landing area established you "blind fly on instruments" up and around the end of the runway where it will get noticed, then when you want it to return you simply turn off the control signal and the drone flys back and lands it's self. The success depends on the quality of the avionics and even the ultra miniture devices these day are fairly good.

The supposed hard question is checking what the airport is upto. Well the world of Software Defined Radio can give you a multichannel radio that can be controled from any Internet network in the world. All you need is an appropriate SDR receiver (Hack One will do) a computer (Raspberry Pi) big battery to power it or a mains supply and a couple of antennas. One for the SDR receiver the other for a WiFi link if you are using it...

Thus the reason such an attack has not been done before is not technological or for that matter lack of knowledge. It's just that people with the technical chops have not decided to do it before.

The thing is at heart engineers are generally "creatives" not "destroyers". If the opposite were true the world would probably be a smoking crater by now.

So the question would be "Why would an engineer build such a system?" If it was for themselves it would have been for the knowledge, they might also have been "talked" into designing and building it for something else.

What ever the reason these drones are most definitely not cheap to aquire and building and testing such a system is going to take time, as is learning to use it.

The longer this goes on the more likely there is to be a well resourced agenda behind it.

But the Who and the Why of it as far as we know not known, which on it's own raises one or two eyebrows.

Who ever is behind it now very certainly has the attention of all Western and many other Governments, quite a few chunks of the major world press and tens if not hundreds of millions of people. I would be very supprised if the Pope was not talking to some of his Cardinals about it. Oh and I'm guessing we will possibly get a 3AM tweet from the Whitehouse.

Aviation transport is critical to the Western World and many other nations, holding it hostage like this is more attention grabbing than a plane being taken hostage.

The UK alone has over fourty "heavy capable" airports of which half are main or regional passenger fascilities with hub linkage. Every single one of them is vulnerable to this sort of Denial of Service attack at some level. The passenger ones especially are a major concern.

Whilst Gatwick is the UK's second "largest" airport it is actually a major International Airport and larger than many others in the world with around 40,000,000 pasengers a year. Rated as 35th busiest in the world and 8th busiest in Europe it has the worlds busiest / most efficient single runway operation. It's worth something like £2billion and is syndicated by some large pension schemes. It in effect has it's own police force who have various forms of armaments available to them including ManPad systems. So "armed for bear" but not mosquitos...

When things happen to Gatwick Airport well connected people around the world not just notice but ask questions and expect answers promptly. Right now I'm guessing what is going on is causing major headaches in many Government circles, because in a way "Open Season" has just been declaired on Airports.

[1] The problem would be antenna gain, one way to do this would be to use semirigid "coax colinears" in a "driven curtain array" there are a couple of IEEE papers on such high gain very low side lobe antennas or a medium gain modified 7 element "wire hentenna". Both are incredibly light and have a very small "sail area" despite being physically quite large in terms of wavelengths.

Rach ElDecember 20, 2018 10:33 PM

Clive

We are all grateful for your insightful reporting

Strategic indeed, it seems ominously politically motivated. It really reminds me of something out of a over the top police procedural mini series,

Right now the Met Intel are reading and exclaiming between swigs and puffs 'Ah, that blasted Robinson has indeed not slept and given us something, as Jenkins swore he would. Damn I lost a tenner.'

Bong-Smoking Primitive Monkey-Brained SpookDecember 21, 2018 3:37 AM

@Clive Robinson:

This one did make me laugh,

I see why this one should be funny ...

Detective Chief Superintendent Tingley said “we have a number of persons of interest that we are following up.”

He tingled your so-called giggle gland.

He added: “We have to work on the assumption that this is a professionally prepared drone with the intent of causing the disruption that it has.”

Brilliant deduction. Definitely commensurate with a Detective Chief Superintendent's investigative abilities! The game's afoot, Sherlock Holmes #2. Methinks the "persons of interest" who professionally prepared the drones worked on the assumption that Mr. Tingley won't know Whiskey Tango Foxtrot he's talking about.

I don't know what it is you're smoking, but I'd like to have some. You must be as high as those drones!

@VRK:

How about "how to justify legislation" to ban proliferation, production, sale, purchase, support and use of non-governmental bots, and get public support for it?

Possible! Drones, after all, are manufactured in the "factory of the world". There could be another angle to this. Next thing will be a firecracker incident at an airport and there goes the ban on firecrackers too. Drones, Firecrackers ... close to a 0.05% (guesstimate) of China's GNP.

Clive RobinsonDecember 21, 2018 6:24 AM

@ All,

As far as we know the drones and their operator(s) have slipped away into the night, witout a word as to who or why. Possibly not leaving a clue either.

However back in Whitehall London a UK Gov droner by the name of "Unnamed Source" has been sharing a fag in the underground car park again and throatily saying "ECO Mentalists can not be named" or some such nonsense.

However as it appears to be from the Daily Mail the Editor has probably been snorting Colombian Marching powder again (opps sorry no that's the Evening Standard... It's best skunk at the mail that's why it's reporting stinks ;-)

I guess we will just have to wait and see what happens.

The person who comes out best of all in this is Gatwick Airport manager,

    Speaking outside of Gatwick airport this morning, Chris Woodroofe said,
    “This is an unprecedented issue. This isn’t a Gatwick Airport issue. It’s not even a UK issue. It’s an international issue,”
    “What we need to be doing going forward is work with technology providers and with the Government to enhance our ability to address the risk posed by drones to airports,”
    “We have been working with technology providers ourselves for the last 12 months but stood here today, there is no commercially available airport licensed proven technology that I could implement.”

    When asked if when the military leave would there be anything at Gatwick to stop this happening again, Chris Woodroofe said

      “My number one priority is going to be the safety of our passengers. And so, if the drone comes and endangers an aircraft then we will suspend runway operations because safety is the number one priority.”

    Which again notes the lack of working or even workable solutions to the problem of a drone denial of service attack at an airport. Something I susprct may well remain the case for a while if --and only if-- sensible heads prevail.

    The big issue is if you incapacitate a drone weighing 5-20Kg at 200m up what's going to happen when it hits ground, the impact energy is fairly easy to calculate... The concern is what the energy will be dissipated by and the resulting losses, and what will happen with respect to any payload it was carrying...

    The other issue is "The Pandora's box" problem. Not only are sizable drones out there the technology has been in the hands of hobbyists for some time know and the materials and electronics easily obtained as is working control software. You can not put that back in the box by legislation. So we now have to live with it like it or not. Worse there are plenty of history books covering weapons and armarments from WWII to today to give sufficient information to an inteligent and capable mind to reproduce them either to size or scaled down especially when it comes to "recoil-less" weapons.

    Thus we have to consider the risks that now exist and how we mitigate them and legislation will not prevent only maybe punnish retrospectively...

    A thorny problem, and I'm glad it's not one I have to deal with as I'm a little to "Head and hands" not "heart".

    Alyer Babtu December 21, 2018 6:49 AM

    What is the state of drone on drone combat ? Are there reconnaissance hunter pursuer anti-drone drones ?

    bttbDecember 21, 2018 8:37 AM

    From https://www.emptywheel.net/2018/12/20/the-moving-parts-the-walls-come-down-around-trump/ :
    [Over-long quote extensively snipped by moderator.]

    "The other day (I forget which day it was, to be honest) I wondered aloud whether, as it became clear the walls were collapsing around Trump, he’d make a rash move to pay off his debts, perhaps to salvage something for his post-Presidenting life.

    I’m not sure we’re quite at that point yet. But in recent days, a ton has happened it’s hard to make sense of.

    This post doesn’t pretend to offer answers. I just want to write down everything I think is happening in one place — blogger’s prerogative, call it.

    - Mattis resigns, citing Trump’s fondness for authoritarians

    - Another is Erdogan’s threat (or promise) to massacre our longstanding Kurdish allies.

    - Mueller’s moves toward endgame

    - Matt Whitaker performs a headfake before taking the corrupt step he was hired to take

    - Trump prepares to shut down government

    - Putin — or someone else — is calling in receipts

    And that’s the kompromat. Trump knows that if Mueller can present those receipts, he’s sunk, unless he so discredits the Mueller investigation before that time as to convince voters not to give Democrats a majority in Congress, and convince Congress not to oust him as the sell-out to the country those receipts show him to be. He also knows that, on the off-chance Mueller hasn’t figured this all out yet, Putin can at any time make those receipts plain. Therein lies Trump’s uncertainty: It’s not that he has any doubt what Putin has on him. It’s that he’s not sure which path before him — placating Putin, even if it provides more evidence he’s paying off his campaign debt, or trying to end the Mueller inquiry before repaying that campaign debt, at the risk of Putin losing patience with him — holds more risk.

    Trump knows he’s screwed. He’s just not sure whether Putin or Mueller presents the bigger threat.

    Major MephistophelesDecember 21, 2018 12:50 PM

    Btttb

    why do you post these long, foreign country political innuendo stuff here?

    ModeratorDecember 21, 2018 12:53 PM

    @bttb: Your previous comment includes all of Wheeler's original writing in her most recent post, and excludes only the lengthy quotes within her article. I've therefore edited your comment down to the intro, bullet points, and a bit near the end; our readers can go to the original if they want to read the whole thing.

    anonDecember 21, 2018 1:02 PM

    @Clive Robinson
    "a UK Gov droner by the name of "Unnamed Source" has been sharing a fag in the underground car park again"
    What does this mean? Is it supposed to tickle a funny bone or two?

    Major MephistophelesDecember 21, 2018 7:03 PM

    bttb

    who cares about this foreign country political innuendo stuff? It's all you post. Move to Breitbart

    And stop giving the Moderator all this work to do

    Leave a comment

    Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

    Sidebar photo of Bruce Schneier by Joe MacInnis.

    Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Security.