Friday Squid Blogging: Illegal North Korean Squid Fishing

North Korea is engaged in even more illegal squid fishing than previously.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on December 21, 2018 at 4:14 PM • 96 Comments

Comments

65535December 21, 2018 5:10 PM

@ all Microsoft experts or general OS experts:

Many of my clients are disappointed in Microsoft's dreadful updates to their Win 7, Win 8 Win 8.1 through server 2012 R2 machiness.

The uphappy customers have now turned off MS updates and never check for them for fear of bad update and resulting lock-up. But, Microsoft is able to force “critical” on to these boxes which in many cases caused them to crash. How?

Exactly, how is this forced “cirtical update” placed on Microsoft boxes without the owner permission?

Is there a method to stop these forced updates on the customers boxes? Is there some hidden key or reg entry that allows this? Can these damaging updates be stopped?

[the below update is causing some of my customer’s boxes to crash.. It make for a lot of billable hours for me – but makes my customers unhappy]

See: Brian Krebs, “19 Dec 18 …Microsoft Issues Emergency Fix for IE Zero Day...Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers... The software giant said it learned about the weakness (CVE-2018-8653)…” Krebs on security.

ht tps://krebsonsecurity.com/2018/12/microsoft-issues-emergency-fix-for-ie-zero-day/

[Link broken to keep autorun and bot from using.]

FaustusDecember 21, 2018 5:36 PM

@ 65535

I haven't had any update problems myself, but I am principally a linux user.

Windows security updates are immediately reverse engineered in the hacker world to determine the vulnerability that is being fixed. Hackers then build malware that targets unpatched machines and attacks them using the vulnerability the update was intended to fix. This leaves any unpatched machine very vulnerable.

Haven't your clients had malware/hacking incidents on the machines where updates were disabled?

WinBlowsDecember 21, 2018 7:46 PM

@65535

Your Stockholm Syndrome clients would probably have better security running https://en.wikipedia.org/wiki/Red_Star_OS than "TAO Inside" WinBlows.

Apparently the disclosures of 2013 never happened, and those "authoritarian Commies" (Quick! Look over there!) are the real threat, and not the world's premier criminal hackers acting in concert with private industry in sweet ole USA... go figure.

65535December 21, 2018 7:55 PM

@ Faustus

“I am principally a linux user.”-Faustus

I understand. As a linux user you probably practice proper safety such as not working at root on a live servers for general purporses; use “Linux Server Security Best Practices” know how to secure directories and so on.

[next Q]

“Haven't your clients had malware/hacking incidents on the machines where updates were disabled?”-Faustus

Actually, No. The opposite. The damage is done by MS updates.

The managers of these business are fairly security savy. They have security templates, firewalls, don’t alow browsing the net for fun, site block lists, vlans, segregated networks and almost never let their employes install software or use machines as Administrators - only 'Users' group level privilage at most and that is hardened.

The most Windows damage is done by Microsoft updates as stated above. Generally, all updates are first tested and then applied WSUS/SUS servers and never use IE or Edge.

The owners follow all of the usual security sites including AskWoody which has the famous “MS-DEFCON” rating which is/has been at level “ 2 Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it…” because of destructive patches for Windows machines below Win 10 and even then Win 10 gets borked.

My clients don’t use Win 10 because of the huge amount of encrypted data leaving Win 10 boxes everyday. Windows machines are a world of difference between Linux but used in business frequently. That’s life.

WaelDecember 21, 2018 7:56 PM

@65535,

Is there a method to stop these forced updates on the customers boxes?

Yes, more than a method: boot off read-only media either local or remote, use virtual machines, use a properly configured firewall, use thin clients that work over RDP/RDC from a well-managed and tightly controlled central server-farm, ...

I wouldn't recommend stopping forced updates, though.

65535December 21, 2018 8:05 PM

@ WinBlows

“…clients would probably have better security running ht tps://en.wikipedia.org/wiki/Red_Star_OS than "TAO Inside" WinBlows.”- winblows

Yes, probably.

But, it the business owner’s decision and their boxes with their code cutters specialized programs and so on.

This blog is well informed on Windows and TAO. Been up and down that path.

Win 10 not only blows but s**ks also. We don't touch it. See previous comment.


bttbDecember 21, 2018 8:16 PM

From Bacevich on Democracy Now, https://www.democracynow.org/2018/12/21/andrew_bacevich_on_mattis_why_we (about 30 minutes),

"...Where we find ourselves at the present moment—and I do think it’s a huge problem—is that his (Trump's) commitment to Saudi Arabia, combined with the reaffirmation of the U.S. commitment to Israel, to my mind, creates the likelihood that the United States is going to continue to contribute to disorder, instability in the region, as we have done ever since the George W. Bush administration invaded Iraq in 2003.

[...]

Well, I think, at the present moment, the nexus of the issue is this competition between Saudi Arabia and Iran to dominate the Persian Gulf. And the Trump administration has affirmed that we side with Saudi Arabia, against Iran. I think that strategically that makes no sense whatsoever.

I think that if you think about the long-term prospects of nations in that part of the world, Iran, A, will continue to exist and, B, will continue to be an important actor, and therefore, in the long run, we need to find a way to reconcile with or at least coexist with Iran. So, we need to find a way to remove ourselves from the Saudi camp and to take a more balanced position.

I don’t mean for a second to suggest that this is easily done or could be done overnight..."

65535December 21, 2018 8:19 PM

@ Wael

“Yes, more than a method: boot off read-only media either local or remote, use virtual machines, use a properly configured firewall, use thin clients that work over RDP/RDC from a well-managed and tightly controlled central server-farm, ...” –Wael

Yes, some shops do that. But, every blue moon some box gets borked with the new and un-proven updates. It happens. Most owner are aware of the old RDP prolem and do have work arounds. I am not sure if it is RDPv2 or say the end point mapper.

Some shops have had some sucess with Remote Desktop Connection Manager 2.7
[or possibly RDP new spyware... who knows]

ht tps://www.microsoft.com/en-gb/download/confirmation.aspx?id=44989

What is the backdoor these M$ critical updates go through?

Thanks.

WaelDecember 21, 2018 8:28 PM

@65535,

But, every blue moon some box gets borked with the new and un-proven updates.

Bound to happen in heterogeneous environments. Ain't nothin' you can do about it short of testing all updates on a test net that resembles all production configurations.

Rach ElDecember 21, 2018 8:37 PM

65535

In the instance you named, disabling IE (not uninstalling) may solve the vuln.

I appreciate your comment about Win 10. But didn't I read you recently (RE: your firefox about:config queries) you use Edge Browser?

Getting back to Firefox, part of the location pinging you are concerned about ties in with WiFi. Also, search 'geo' - you'll see a bunch of toggles.
Mostly self-explanatory

According to Pants there are a number of closely guarded secret invisible switches in Firefox about:config, some of which he/she identified, but which I couldn't locate with the keywords provided.
I find implementing such changes seems to break Firefox successivly easily with newer updates. They are probably following along


WaelDecember 21, 2018 8:41 PM

@65535,

What is the backdoor these M$ critical updates go through?

What's the frontdoor you left open? If you followed the old C-v-P discussion, you"d realize this is an irrelevant question! The assumption is there are numerous entry points, both hidden and known.... because you don't have total executive control on the OS, you may be able to compensate for the lack of awareness (of the backdoors you're asking about) by putting the OS on a component that the owner has that sort of control on; in a way "imprison" the OS. And there are various forms of incarcerations, if you grok what I mean ;)

65535December 21, 2018 9:26 PM

@ Rach El

Thanks for the information.

Yep, my customer/owners just don’t use IE or Edge they are too full of holes. They have FF flavors and so on. RDP is really not critical because of other solutions.

Thank you.

next:

Did anybody actually get M$ CVE-2018-8653 loaded on to a box that is not Win 10? I have only seen a few critical out of band or emergency updates to M$ per year or longer. Maybe ~3 or ~4 in year. Yes, I know they do happen. How is the question.

Most of my customers rent 2 floors less of space for their shops. They really don’t use IE or Edge. Those are not going to be supported soon and are not necessary.

I thought CVE-2018-865 was related to the Edge or IE. I didn't check if the boxes were even on a Wan but it did hit have some boxes. Possibly Ajaxed through IE or some other method?

Most customers use Firefox or a flavor of FF. The top owners just don’t use a lot of RDP or the like [Some owner are like Clive Robinson and personally put
programs on the M$box or in a sandbox environment or just on their special vlan]. - plenty of other solutions inplace of RDP. It is never use across a Wan.

The CVE-2018-8653 [came through a few days ago] and harms some special coded program of necessary use to the owners.

Some owner/techs just pulled affected boxes off line and put a fresh box back inplace. I come in an the run test and possibly take it back to the shop. Some instances a simple roll-back will actually work.

Some owner are thinking it is in the AJAX or other sneaky methods. Who knowns.

How do these “emergency patches” actually get on the M$ Box in the first place with updates completely off?

I’ll check back when I am fresh. Got to go.

Thanks all.

[please excuse all the mistakes]

WeatherDecember 21, 2018 10:55 PM

Msinst or some process DLL name like that, if its critical it will just override your setting, no big deal, but if you set up snort or http proxy, when it selects Get windows,patch1 just direct it to your file, still need to workout the Hash's and checks, passed across https, but Re of msinst will find what you need

Rach ElDecember 21, 2018 11:40 PM

65535

you probably know but this site allows granular offline updating of Windows. It's a response to M$ rolling security patches in with everything else, preventing choice and disclosure.

http://www.wsusoffline.net/

there's a ton of information on this and related topics with a quick search - clawing back bite sized degrees of control from M$.
I wonder how the class action RE: Win 10 and unauthorised installation etc is going

I have particularly liked this Win hardening package

https://hardenwindows7forsecurity.com/index.html

https://www.hardenwindows10forsecurity.com/index.html

bahDecember 22, 2018 3:59 AM

Blocking Windows updates such as the KB4483187 that fixes CVE-2018-8653 is more of interest to those who want to reduce the security on target servers.

AlejandroDecember 22, 2018 3:59 AM

@65535

Re: MS update block, extra measures

I use the Windows firewall to block MS update addresses. Lists of update ranges are around the internet. Also, there are host files lists, but I think MS can beat most of those.

The last few updates from MS have really done some damage. For example, (after update) login lock out due to too many login attempts.(Fix: wait 30 minutes and lockout dies.) Seems MS is trying to login to the local users for some reason. Maye some government op anymore. Who knows. Other changes are more subtle, but my sense of it is, they really, really, really want to know what we do with THEIR software. Everything. Literally.

Clive RobinsonDecember 22, 2018 6:24 AM

@ Alejandro, 65535,

Other changes are more subtle, but my sense of it is, they really, really, really want to know what we do with THEIR software. Everything. Literally.

Then those "readings" become US "Third Party Business Records" supposadly less secure than printing them out and throwing them off of the top of the Hover Building...

I guess the first real question is does MS have "alternative policies" for such downloads depending on your "level of licence" or "Type of customer" such as say the US Government, Lawyers, large corporates to that the little SoHo / Mom-n-Pop type business or home consumer, gets forced on them.

But even if MS claim they don't collect "User data" in their telemetry, as we know from previous researchers efforts, it's virtually impossible not to collect "User meta-data" or "User meta-meta-data" which can not only be used to identify a user but can also identify many of their activities to the point where it becomes very clear what the user was doing and when. Data I suspect that will "always" be available to a "public office" investigating entity but not to others.

But the real deep down questions employer's should be asking themselves are,

1) Why are employees conected to the Internet?
2) Which ones actually need to be to carry out a function of their job?
3) Of those few which ones need their confidential work machines connected, as opposed to having a browsing machine?.
4) Do such employees need to be connected to the rest of the company network?

Mostly when you get down to it entirely honestly it's only a small fraction that make it through that selection process.

For development and support reasons I have machines still running that are MSDOS + Windows (16bit) through to 2000 and XP[1]. I've never had malicious software[2] get on them even though they've not realy been patched. Not because I'm some "uber ninja security person" but because they do not have connectivity and are kept in a physically secure area.

The thought often occurs to me if you compare the small gains of most "Big Data" piles against the losses of "Big Cracks" against the piles where does the overall profit-loss pointer rest?

The cost of securing data appears to go up more or less with Internet speeds. At some point people should ask if connectivity is worth that price?

I've yet to see a persuasive general case argument that connecting the majority of employees to the Internet via the internal company network makes good fiscal sense.

[1] I've made it a policy to not support 64bit systems because the hardware I developed the software to use is long gone off the shelves (except maybe in museums). So people will after a decade or so hopefully stop using the now very old ICS and other software I developed (using my own even older tool chain). However I still use an old 8088 and 8086 systems one of which I keep locked up in a safe, and even an Apple ][ from four decades ago (which I can atleast repair).

[2] OK yes they've got Microsoft on them which I suppose does count as malware ;-)

AndersDecember 22, 2018 8:35 AM

@65535

I don't know what's your specific requirements are for the clients,
but even today, 2018, you can do everything you need and want with
W2K and XP. You can block updates in W2K and XP, moreover you can use
W2K and XP via booting over network and running them purely in memory
like linux live CD. Even if you have infection, you press reset and
seconds later you have again clean environment.

FaustusDecember 22, 2018 11:46 AM

@ Clive

If you block internet what will middle managers do all day?

After a career in consulting I came to conclude that most middle management serves no purpose, as well as most it consulting, especially consulting with deliverables like white papers, which, beyond the executive summary, are read by exactly no one.

The middle management hires and supervises a consulting company and both help the other appear to be doing something.

There must be a benefit to the company in all of this. Maybe it is like training exercises in the military, keeping people trained up for the eventuality that they are needed. But it is a discouraging environment to work in.

Who?December 22, 2018 11:49 AM

@ 65535,

A long time since I wrote on this forum last time, but I am not a big fan of people writing here and their attitude (including the one of a lot of "usual suspects" that seem to form some sort of very closed elite club in the forum). I am a silent reader of it, however.

I do not think unattended patching on Windows can be stopped easily. Remember that a few years ago Microsoft broke the update system with a bad patch (mostly what you want to achieve) and silently committed a "fix" to millions of computers a few days later exploiting a vulnerability in Explorer that obviously was known to Microsoft at least.

On the other hand I cannot really recommend you having a unpatched Windows connected to the Internet (I have heard somewhere that Internet is a DANGEROUS place these days.)

The best you can do is putting your Windows machines behind a firewall that filters both ingress and egress traffic. I did it a year ago while working on the security of the network owned by a NGO and, after allowing only a few basic egress traffic enough to get some basic services working, the update system stopped working. Try allowing only some basic egress traffic instead of blindly allow anything going from your computers to the Internet and you will find that your Windows machines do not receive more updates.

My advice is moving to other operating systems (BSDs are all great, with OpenBSD and FreeBSD being the best in my humble opinion, Linux is a great choice too). If you want to run unpatched Windows workstations and servers I would suggest placing them in an air-gapped network. If energy-gapping is required for your projects then Windows is certainly not for you. Windows is ok for controlling some hardware that is not supported by other operating systems, and may be ok for running some tools that do not exist on other platforms, but it is certainly something I would not expose to the wild Internet, specially if patches are not being installed.

bttbDecember 22, 2018 12:05 PM

Apparently "President Donald Trump has discussed firing Federal Reserve Chairman Jerome Powell", https://www.bloomberg.com/news/articles/2018-12-22/trump-said-to-discuss-firing-fed-s-powell-after-latest-rate-hike

and bullet points from https://www.emptywheel.net/2018/12/21/we-will-not-get-peace-from-the-people-who-dismember-dissidents-alive/ :

"- What person would both be willing to work for Trump and pursue a policy of peace?

- How to prevent the refugee crisis from getting worse?

- How to counter Trump’s fondness for fossil fuels and arms sales?

- Nukes. How to prevent Trump from using them?

- How to balance accountability for the mistakes that got us here with accountability for Trump?

- How to preserve democracy long enough to pursue a new foreign policy?"

FaustusDecember 22, 2018 1:19 PM

@ Who?

It sounds like you have good things to say. Please consider staying above ground and saying them.

There is not a lot of +1 kinds of responses here. It keeps the clutter down. Undoubtedly your contributions are being appreciated by a slice of folks.

Keep posting and most likely people will start thinking you are a member of a cliquish cabal! I mean that in a friendly sense.

FaustusDecember 22, 2018 1:29 PM

@ echo

Are you lurking? I feel bad you are not around because I last saw you backing me up in a minor imbroglio with Clive. I stayed away from your responses because I wanted to avoid a pile on. It was a minor quibble with a minor part of Clive's massive contributions here and I didn't want the issue to grow to unfortunate proportions.

But I am afraid I left you hanging and I regret that.

WaelDecember 22, 2018 2:26 PM

@Ratio,

Where did you disappear? Are you on vacation[1], or did your IC superiors order you to take the hint and "maintain low key"? :)

[1] Out in harm's way translating intercepted chatter

TazDecember 22, 2018 3:47 PM

I want to believe in these people - who may end up with a system usable by those who will never use PGP.

But the fact that it's still open to regular email traffic, and the craziness on display in their privacy statement - does not lend confidence.


https://criptext.com


I anyone knows of a competent evaluation - that link would be most appreciated.

65535December 22, 2018 5:50 PM

@ Clive R, Wael, Who, Rach El, Alejandro. Anders and others

“For development and support reasons I have machines still running that are MSDOS + Windows (16bit) through to 2000 and XP[1]. I've never had malicious software[2] get on them even though they've not really been patched.”-Clive R

Good idea. I am going to tryout all of the versions that you mentioned. Those can probably do 90 percent of what 8.1 to Win 10 can do with a lighter foot print.

No, most employees should not be “Browsing the internet” while on the clock. My Client/owners really hate that and have stopped it for the most part. It is a huge danger and waste of money.

@ Anders
Yes, I hear you. Will check them out. You have the same idea as Clive R.

@ Who?
“I do not think unattended patching on Windows can be stopped easily.”- Who?

You are correct. That leads to the firewall ideas… Which I will go into briefly below. The main problem is the wide use of windows and some firewalls and ISP allowing “updates exe’s” through because of their used to letting them through. ...More below.

@ Alejandro
“…example, (after update) login lock out due to too many login attempts.(Fix: wait 30 minutes and lockout dies.) Seems MS is trying to login to the local users for some reason. Maybe some government op anymore.”-Alejandro

Good stuff. Thanks.

@ Rach El

Great post. Yes, I do know how about those. Next, your information on FF and Pants is good. Thanks

@ Wael
“Front Door…”

Yes, that is the real problem.

This happens the instant you install Microsoft OS and validate it.

To the problem of Microsoft pushing “emergency updates” on people Microsoft systems with Updates Turned Off or “Never Check for Updates” switch:

I took a very short dive into how “emergency patches” get through and are place on Microsoft’s more recent version is fairly simple. It happens while installing and validating you copy of Microsoft OS with Microsoft servers.

Probably every MS OS image from Vista to Win 10 contains [all versions and for the most part] Windows Defender/Security Essentials/ some versions of System Center Endpoint Protection, is installed when the OS image is installed - along with IE or Edge browser. The poblem of an auto AV deffinion up as a fromt door.

The instant you install the Microsoft Defender/Security Essentials/and some Microsoft System Center endpoint Protection and "validate" you copy of your “Microsoft Product” via the net visiting Microsoft servers you have a hole in your firewall which lets Microsoft into your computer. There are solutions to this just ask Bruce S.

The only common point of those “emergency updates was Microsoft’s Defender and another AV solution. I found that most of my clients did have Windows defender and another AV solution as a backup virus catcher.

It is best not to run two AV solutions resident memory because of conflicts and one AV interfering with the other. You can easily use two AV solution by just letting one be resident in memory at one time. That is fine.

To get Microsoft’s antivirus profile updates there must be a hole temporarily punched in your firewall to allow that Virus definition update exe which is built into the base OS image to update, say Microsoft Defender/Security essentials/end point solutions and its other variants. The first time you update the virus definition an Exception in the QS firewall and to the ISP firewall is “temporarily” allowed to reach MS Update servers.

Most third party firewalls and even some ISP’s firewalls auto recognize Microsoft Defender and temporally let it update virus definitions out of habit, convenience and who knows what...

Hence, even if a Microsoft OS user has turned off “automatic updates” Microsoft can install them… [assuming your Firewalls from the Microsoft OS to your ISP connection allows the AV definition update exe to make contact with the Mother ship - Microsoft update server say ht tps://*.windowsupdate.microsoft.com at ~207.46.232.182 over DNS port 53 and using various ports to start the download and moving to dynamic ports above 49000 - a hole is indeed punched in the firewall. - each version of Microsoft use a slightly different way of contacting Microsoft virus definition servers].

Windows 10 uses more of a point-to-point system like the old Skype did when you could not reach Skype servers.

One can indeed shut off Microsoft Defender and its variants and use a third party solution… but maybe should also tear out IE or Edge to complete the process and that is a maybe or maybe not sucess thing. This may or may not work. The next steps are templates and reg edits and so on.

Interestingly, a Google engineer found an nasty exploit in Microsoft AV engine which let viruses into said system in 2017:

“MsMpEng: Remotely Exploitable Type Confusion in Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more… MsMpEng is the Malware Protection service that is enabled by default on Windows 8, 8.1, 10, Windows Server 2012, and so on. Additionally, Microsoft Security Essentials, System Centre Endpoint Protection and various other Microsoft security products share the same core engine. MsMpEng runs as NT AUTHORITY\SYSTEM without sandboxing, and is remotely accessible without authentication via various Windows services, including Exchange, IIS.. On workstations, attackers can access mpengine by sending emails to users (reading the email or opening attachments is not necessary), visiting links in a web browser, instant messaging and so on. This level of accessibility is possible because MsMpEng uses a filesystem minifilter to intercept and inspect all system filesystem activity, so writing controlled contents to anywhere on disk (e.g. caches, temporary internet files, downloads (even unconfirmed downloads), attachments, etc) is enough to access functionality in mpengine. MIME types and file extensions are not relevant to this vulnerability, as MsMpEng uses it's own content identification system… Vulnerabilities in MsMpEng are among the most severe possible in Windows, due to the privilege, accessibility, and ubiquity of the service… core component of MsMpEng responsible for scanning and analysis is called mpengine. Mpengine is a vast and complex attack surface, comprising of handlers for dozens of esoteric archive formats, executable packers and cryptors, full system emulators and interpreters for various architectures and languages, and so on. All of this code is accessible to remote attackers… NScript is the component of mpengine that evaluates any filesystem or network activity that looks like JavaScript. To be clear, this is an unsandboxed and highly privileged JavaScript interpreter that is used to evaluate untrusted code, by default on all modern Windows systems…” Blogs chrome org

See: ht tps://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5
[Link broken for safety]

or

“Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable”
ht tps://arstechnica.com/information-technology/2017/05/windows-defender-nscript-remote-vulnerability/

MS ports: ht tps://social.technet.microsoft.com/wiki/contents/articles/1772.windows-ports-protocols-and-system-services.aspx

As to Microblows and other critics, yes it does, but our host Bruce S. has indicated he uses a hardened Microsoft machine. There are security templates and other work arounds that can harden MS OS versions… well maybe not Win 10. None the less, Windows is used by companies and governments. It is deeply embedded in our society and will take TNT to dislodge...

[excuse all the errors. I just banged this out]

IsmarDecember 22, 2018 10:53 PM

I asked this question before on another thread but got no response so I try here again.
Is it possible to tell encrypted text from the one that is just some random characters put together as one of the security ‘experts’ has recently stated? If not is it even possible to tell which encryption was used if you don’t know the plain text?
I am kind of hoping Clive can shed some Christmas light on this for me and others that may be too shy to ask.

TomS.December 23, 2018 1:25 AM

@655535

MS can't force an update to systems. They publish, sometimes grossly overstepping boundaries, e.g. GWX. The update service applies. MS has severely limited the ability of Windows Home to control the process, at least through the GUI.

This isn't a tech support forum, so I won't go into detail.

Check the WSUS server auto approval rules, especially the default ones.
Review the Group Policy Reference spreadsheet for update policies and understand what they do, especially the deferral timers.
The Update Agent is capable of self-update when other updates are turned off. It and Defender are the only components that do, that I'm aware of.
Patch installation is logged in the event logs. There are also Component Based Servicing (CBS) logs.
There have been significant changes in servicing in 2018. Research MS blog entries, Ignite sessions, deployment and servicing MVPs.

If it still can't be determined what mechanism installed the patch, research auditing and the servicing stack.

There are more reliable sources than Woody's histrionics.

Stop unattended patches on Windows easy. This stops the update service and changes the startup type from Demand to Disabled. This will break all client update communication, including WSUS. It will be necessary for you to manually download from the MS Update Catalog and apply all patches. I wouldn't do it, but you can try.
From Elevated Command Prompt:
> SC stop wuauserv && SC config wuauserv start= disabled

FaustusDecember 23, 2018 4:55 AM

@ Ismar

"Is it possible to tell encrypted text from the one that is just some random characters put together as one of the security ‘experts’ has recently stated? If not is it even possible to tell which encryption was used if you don’t know the plain text?"

Perfectly secure encryption has ciphertext that cannot be distinguished from random assuming the key is random. AES ciphertext is basically random. https://security.stackexchange.com/questions/110809/which-ciphers-produce-random-cipher-text

But there are quibbles:

https://security.stackexchange.com/questions/61080/what-cryptosystem-makes-the-encrypted-text-look-like-random-noise

Being random does not necessarily mean easily hid in computer memory. Most computer memory areas are structured and don't look like random characters.

Wesley ParishDecember 23, 2018 5:34 AM

Well, in relation to an item of news of some weeks ago, I can now declare that there is no obstacle in the way of the US naming its new armed service the Astro Intelligence and Defense Service. I undertook the difficult journey to Kaihoro where New Zealand's own Astro Intelligence and Defense Service had beaten back an alien invasion by the interstellar fast food chain Crumb’s Crunchy Delights in 1988, to interview the survivors of that attack. I had to battle my way through a pack of rabid Sumatran Rat Monkeys to get there - I hadn't expected that species to have taken so well to the Kaihoro environs.

So, American patriots can rejoice - instead of the somewhat squiffy US Space Force with its inevitable Space Cadets, the purity of essence of your precious bodily fluids will now be defended by the Astro Intelligence and Defense Service (US).

(Again, on a more facetious note, I've just finished reading Howard Zinn's A People's History of the United States. Like Eduardo Galeano's The Open Veins of Latin America it's a rather an eye-opener. I had the rather dubious benefit of having US schoolbooks in the NZ primary school - a response to the changing of the guard and the fading away of the British Empire and the arrival of the US Empire, I expect - so I got the traditional white-washing of the sharing of the Pequot and others, without which the Pilgrims would've mouldered in their graves ... and ignoring the brutal genocidal war against the Pequot, etc. @Bruce, if you haven't read it, it'd be a fine addition to the topic of alienation of citizens and recruitment of radicals. It's what I've said all along - to discover why Johnny has gone for a pterorist, look at his background.)

ThomasDecember 23, 2018 6:23 AM

The quesiton remains according to whose laws are such acts illegal. If the act is in fact legal under the perpetrator's jurisdiction, then does other countries (this usually means US of A) have the legal right to invade and "set things straight" with such perpetrators?

JG4December 23, 2018 9:54 AM


You can think of ID's on vehicles (license plates) and on people as being elements of an immune system. We may note that injuries that spill cell contents inside the body frequently cause more damage from the immune over-response than the injury itself. Just like when the police show up and give everyone a hardwood shampoo. It may be necessary for drones to broadcast IFF and for it to reveal important internal details. The major histocompatibility complex elements displayed on cells play a key role in the human immune system and are accessible to women via body odor. Human females prefer to mate with men whose smell shows a different MHC.

Wesley Clark@WesClarkjr
Just watched movie Vice. Good flick. Misses the reality of our decision to invade Iraq, made in Sep 2001 and not in 2002. Cheney and Bush lied us into a war that killed hundreds of thousands and destroyed millions of lives. We failed as a nation for not holding them accountable.
https://twitter.com/WesClarkjr/status/1076337581896298496
139 likes | 11:44 PM - Dec 21, 2018
52 people are talking about this

https://www.nakedcapitalism.com/2018/12/links-12-22-18.html
...

Big Brother is Watching You Watch

Secret Experiment in Alabama Senate Race Imitated Russian Tactics New York Times (Kevin W)

ACLU To Feds: Your ‘Hacking Presents a Unique Threat To Individual Privacy’ ars technica

Inside the Pentagon’s Plan to Win Over Silicon Valley’s AI Experts Wired (David L)

Google has a new review process for handling controversial projects after the backlash over its censored search product for China Business Insider
...

k15December 23, 2018 10:06 AM

Some phone companies sell Android smartphones that don't have enough memory to accommodate several years' worth of security updates. Even if the user installs no additional software on it.

bttbDecember 23, 2018 11:03 AM

"Foreign company in possibly Mueller-related secret case heads to Supreme Court" from https://www.washingtonexaminer.com/news/foreign-company-in-possibly-mueller-related-secret-case-heads-to-supreme-court :

"The unnamed company owned by a foreign country that is challenging a grand jury subpoena issued in federal court in Washington is asking the Supreme Court to step in.

This week, “Corporation A” that is owned by "Country A" lost its challenge against having to comply with a grand jury subpoena that many believe has been issued by special counsel Robert Mueller.

[...]

Legal expert Steve Vladeck said on Twitter that if the Supreme Court takes up the case and keeps it under seal, it will be the first time the highest court in the land has conducted plenary review, including oral arguments, under seal.

[...]

then [about two weeks ago] the floor of the courthouse where the appeals court is located went into lockdown. Only law clerks were allowed to stay behind.

No one saw anyone from Mueller’s office or any other lawyers from a possible defense coming in and out of the building.

However, CNN reported that after court activity appeared to end for the day, a black Justice Department car returned to Mueller’s office in Washington, carrying lawyers Michael Dreeben and Zainab Ahmad."

bttbDecember 23, 2018 11:15 AM

"Russian Agents Sought Secret US Treasury Records On Clinton Allies During The 2016 Campaign" from https://www.buzzfeednews.com/amphtml/anthonycormier/russian-agents-sought-us-treasury-records-on-clinton-backers :

"Whistleblowers said the Americans were sending information to unsecure Gmail accounts set up by their Russian counterparts as the US election [2016] heated up.

[...]

US Treasury Department officials used a Gmail back channel with the Russian government as the Kremlin sought sensitive financial information on its enemies in America and across the globe, according to documents reviewed by BuzzFeed News.

The extraordinary unofficial line of communication arose in the final year of the Obama administration — in the midst of what multiple US intelligence agencies have said was a secret campaign by the Kremlin to interfere in the US election. Russian agents ostensibly trying to track ISIS instead pressed their American counterparts for private financial documents on at least two dozen dissidents, academics, private investigators, and American citizens.

[...]"

AnuraDecember 23, 2018 12:30 PM

Here's a Holiday treat for you:

Take fresh fruit such as grapes, melons, berries, etc. and cut them up and place them in a bowl. Add several splashes of bourbon and allow time for the fruit to soak up the alcohol before serving.

I call it an "I like breakfast". You may serve along-side eggs on bread if you desire.

WeatherDecember 23, 2018 1:46 PM

Ismar
Depends on the algo, rc4-5 has more difference spread at LSB values, Sha has less lower values,Aes is more uniform,

bttbDecember 23, 2018 2:09 PM

@Tatütata
a) https://www.aclu.org/blog/privacy-technology/internet-privacy/were-suing-government-learn-its-rules-when-it-hacks-peoples

b) https://arstechnica.com/tech-policy/2018/12/aclu-to-feds-your-hacking-presents-a-unique-threat-to-individual-privacy/

Thanks for your Post on India. In this country network investigative techniques (NITs) are used, of course, although I am confident various actors would prefer wholesale (backdoor?) surveillance capabilities.

From b) "...The little that we do know about government hacking is very troubling. In one case, the government commandeered an internet hosting service in order to set up a “watering hole” attack that may have spread malware to many innocent people who visited websites on the server. In another case, an FBI agent investigating fake bomb threats impersonated an Associated Press reporter in order to deploy malware on a suspect’s computer. The agent, posing as a reporter, created a fake story and sent a link to the story to a high school student. When the student visited the website, it implanted malware on his computer in order to report back identifying information to the FBI.

[..]

Recent news stories suggest that the FBI is deploying these techniques for investigating increasingly ordinary crimes. Motherboard reported last month that the bureau impersonated FedEx and created malware-laden Word documents and images in order to investigate an internet scammer, likely the one who allegedly defrauded the Wegmans supermarket chain on seafood orders.

We also know that the federal government has spent big sums on hacking tools and services. The DEA has reportedly spent almost $1 million on remote hacking technology sold by Hacking Team, an Italian surveillance technology company..."

Clive RobinsonDecember 23, 2018 4:24 PM

@ Faustus,

After a career in consulting I came to conclude that most middle management serves no purpose, as well as most it consulting...

With regards consultants, there are some good there are some bad and then there is the evil that the big accounting firms use to push their methodologies, not solutions to the customers problems.

There is an old truism that "Wise Consultants learn more from their clients than the clients learn from them" and I've seen a good bit of that in my time. There is another truism that "A good Consultant only sells the client what the senior manager wants, not what the company needs" which if you think about it is the way a consultant gets invited back. Especially if "A good Consultant only fixes at most eighty percent of the problem, so they can come back and sell another eighty percent endlessly"...

Back a long time ago I made the mistake of "fixing problems" and of "offering to support them" without puting a time limit on it which is why I'm still supporting one or two customers twenty years on. Hence my embargo on "64bit" support with old solutions.

The scary thing however is the Apple ][ stuff was in 6502 assembler and the bulk of it still runs on weird SoC modems and the likes... Much as I would like otherwise the 6502 keeps appearing like "the ghost of Christmas past"... Likewise the Pascal code for energy managment still keeps poping up... Both realy tax the old grey cells when they do.

But "middle managers" well there are three reasons they exist,

1, Emergencies.
2, Organisational memory.
3, Makework / Reward.

Back in the 1990's there was a self destructive fad called "Business Process Reengineering" Mike Hammer started it but it was Pete Drucker that made it a managment fad.

The underlying argument was thst middle managment represented 50% or more of the wages and other human related running costs in an organisation and that as they only served as information conduits to the C-Suits they could be painlessly removed for greater profitability... Certain major accounting firms with highly lucrative consulting arms pushed the idea as hard as they could down everybodies throat, and with some of their clients it was not optional for them...

What the managment consultants blindly did not see or chose not to see in their rush for fools gold is that middle managment act not just as information conduits but provide translation, filtering, compression and importantly prioritization of the information to basically tell the C-Suits "What they should do and how" in the ordinary stable times. Put simply C-Suits speak an entirely different language to those who actually do the work within an organisation and imported C-Suits are to lazy / full of it to learn to speak to the shopfloor, where as owners and those with serious skin in the game tend to be way more proactive in this area.

It was quickly found that the computers that replaced middle managment were effectively usless due to defective reasoning which was why the 90s were consultant boom time endlessly sorting out (not) BPR falicies and failings untill Y2K became more profitable.

But during BPR companies burned brightly and crashed and burned in a funeral pyre of the consultants making. For a couple of reasons, firstly the smart C-Suits jumped ship to other companies who had not BPRed having worked out what was going to happen next and the majority dumb C-Suits found out the hard way...

Even if there were no emergancies the BPR savings had made artificial profits that speculators loved, the reality was it could not be done safely so to make the same figures again they kept repeating the process and the businesses became more and more fragile untill the first tiny problem caused them to shatter. Because "Dumb is, as dumb always is, and always does, it never learns" these days we talk of the Dunning-Kruger effect or the Peter principle or more modern "Warm Body Syndrome" depending on what the excuse is in C-Row/corridor.

What was happening was that middle managment held the "Business knowledge" which was rarely on the shop floor or up in the C-Row. Once a manager was "outsorced as a unit of work resource" the knowledge and much of the expertise went out the door. But could name it's price comming back as a consultant... Which quite a few of the smarter middle managers did whilst others setup in competition with their previous employers.

More recently Managment Consultants have been looking at "OODA loops" as the latest "new game in town". If you look in there you will find that one of the more important things in the "orient" step is knowing yourself. With three of the five points being "Genetic History", "Cultural traditions", and "Previous experience". Which in most businesses is held in the middle managment layer.

But one of the reasons middle managers exist is also about what the OODA is supposed to do which is "turn in tighter circles than the foe". That is in emergancies middle managers short circuit the information conduit and often act before C-Suits are even aware there is an emergancy. In effect they make the "smaller, leaner, faster" actions that get inside the foes turning circle.

But in times past befor the ludicrous bonus culture kicked in staff that had consistantly performed to the organisations benifit would get actual promotion or new job titles and pay grades whilst still effectively doing the same job. This arangment was benificial to both the employee and the organisation but you had to know why it was there. There were also "Pension Promotions" where final salary scheme workers got promoted to reward long service to the organisation.

Whilst the smarter C-Suite bodies who had significant skin in the game saw the advantages of this system, brought in C-Suite workers want to grab it all now because they have little or no intention of staying with the organisation.

At many levels BPR and many of the systems that followed it worked on the "selfish entity" model not the "Cooperatve Organism" model with the assumption of "Instant hit" rewards and ultra short term thinking. The result being extream fragility in organisations and being easy prey for those who think in slightly longer terms. Which is just one reason the US has given it all away to the likes of China and other BRIC Countries...

RG-2December 23, 2018 4:31 PM

MS is not going to let customers win against its intrusive cash-cow data-mining[1].
The solution to an uncontrollable boss is to do what General Mattis did, and resign.

I stopped all updates when MS eliminated local file searches in Win 8.0.
Then switched to a non-Ubuntu Linux when they sneakily installed data-mining patches as security patches.
Best browser I’ve experienced is Waterfox browser with uBlock Origin 1.17.4, uMatrix 1.3.14, Random Agent Spoofer 0.9.5.6[2], Prefbar 7.1.1, Canvas Blocker 0.5.5

Magical Crystal Ball
Come back in five years and people will be posting the same frustrations. Flush guys![3][4][5]

Snopes Verified: American Data-Miners are Never to be Trusted
The real threat is MS and Google are invading into the Linux world from several angles. For instance Google is paying site owners to eavesdrop on the Kodi and OSMC streamer websites. Or Google sponsoring summer camps to build its support in the next generation of Linux software developers.

MS is unofficial allies with data-miner Ubuntu as they remove superuser control from the Linux kernel with phone-home forced updates/data-mining SNAP applications.

MS seems to be screwing up Win10 on-purpose with the goal to add an emulation layer to run under the Linux kernel. To not be left behind again, MS proclaims luv of open source software. They purchased github and now control logins, passwords and privacy policy. Get it?

Maybe their ultimate goal is to add backdoor into the Linux kernel after Linus retires. I’m concerned in their quest to compromise and weaken code open source integrity through the Linux Foundation.

I will post some convenient, free and privacy maintaining 4.18 kernel solutions for desktops and multi-media. (Hint: Kodi 18 is awesome).

[1] Being unable to innovate, Wall St invests in buying and selling American privacy

[2] Chameleon is the follow-on for RAS https://www.ghacks.net/2018/06/18/chameleon-for-firefox-user-agent-and-data-spoofer/ Changing your computer's MAC address
https://www.mullvad.net/en/guides/changing-your-mac-address/

[3] brand loyalty will cost you every time

[4] Here’s a Christmas bone https://www.oo-software.com/en/shutup10

[5] Add a mechanical Ethernet switch and always boot and shutdown isolated. Or when running tax software to prevent financials from being uploaded. When in doubt disconnect. Run Bleachbit and Shutup10! Only connect when YOU need the network.

65535December 23, 2018 4:42 PM

@ TomS.

“They publish, sometimes grossly overstepping boundaries, e.g. GWX. The update service applies. MS has severely limited the ability of Windows Home to control the process…”-TomS.

I can’t disagree with your post. You sound like a MS expert.

"...Check the WSUS server auto approval rules… Review the Group Policy Reference spreadsheet for update policies…Defender are the only components that do [allow updates]… determined what mechanism installed the patch [Defender/Security Essentials]… stops the update service and changes the startup type from Demand to Disabled. This will break all client update communication, including WSUS.”-TomS.

Yep.

“…will be necessary for you to manually download from the MS Update Catalog and apply all patches.”- TomS.

Yes. This client does so.

In big picture this CVE-2018-8653 only affect some Boxes – to be honest. It interested me to MS mystery of how “emergency” patches suddenly appear on a MS box.

The MS Defender/Security essentials virus definition update exe with the “temporary” modification of firewall rules is indeed explained on the net in various forums and is probably the method of getting “emergency” patches to certain MS boxes. But, that CVE only fixed IE which was not used on that particular box. The patch was probably unnecessary to load on that box and it did bork the box.

To be clear this owner does use the update catalog for a sub-set of the shop’s boxes. I probably should say this MS box did have Defender/Security Essentials on it and working with another AV [second AV not resident in memory]. The Box in question did have a tweak involving increased bit rate and volume for the headset/ear bud software module and jack, leading me to believe some tech rigged the box for a person with disabilities. Who knows.

The box is somewhat mod’ed and not standard by any means. A roll back fixed the box… without a serious re-imaging of the machine unlike a lot of cases I come across. It was just an interesting problem to solve.

I would guess the owner let some old hearing impaired guy use it until it locked-up failed to boot correctly.

It is well known that some slip-shod tech’s reformatting a Win Vista, Win 7, Win 8 to 8.1 and so on will use “genuine validation” tool to get the box running and then download Security Essentials to said box. Next, Security Essential will then check for proper “genuine validation” via a MS server and then update the anti-virus definition exe. This lets the slip-shod tech know the box is validated… and probably some white box makers do the same trick. I don't know the history of the machine.

Again, It was just an interesting problem to solve. But, we are now in the holiday season I don’t know the history of the particular machine and will have to wait until sometime after the holiday to get that information.

Thanks.

AtAStoreDecember 23, 2018 4:53 PM

If you’re not nervous, you’re not paying attention.
https://www.thedailybeast.com/jim-mattis-was-the-only-thing-keeping-trumps-insane-clown-posse-in-check

The Pentagon completes an audit.
https://www.washingtonpost.com/business/2018/11/21/first-full-pentagon-financial-audit-details-bureaucratic-noncompliance-no-fraud/
Just counting those assets employed an army of 1,200 accountants who visited more than 600 locations, the Defense Department disclosed last week.

Clive RobinsonDecember 23, 2018 5:05 PM

@ Ismar,

Is it possible to tell encrypted text from the one that is just some random characters put together as one of the security ‘experts’ has recently stated?

The problem is that plaintext statistics do make it into the ciphertext, if they did not then no information could be communicated.

Thus the question becomes one of how much leakage of statistics happens, to which the answer is "it depends" and is one of the reasons for the proliferation of "cipher modes".

You will often hear said that the One Time Pad has perfect security theoreticaly, well it does not always work out that way when you use a "True Random Bit Generator" (TRBG) to make the pad...

The reason is a TRBG has an "unbounded run length" which means that it could push out twenty or thirty zero bits one after each other, likewise similar length repeating patterns. Which means that in a way you are "reusing" small segments of the OTP which is a "no no" as it alows the underlying plaintext statistics to come through.

There are two basic ways to deal with the problem, firstly clip the excess run length of the TRNG, which might appear counter intuative but works out. The second method is to reduce the statistics of the plaintext. In practice where you can you do both and a little more these days.

So you would do the following,

1, Compress the plaintext.
2, Encrypt with AES in an appropriate mode.
3, Superencrypt with the OTP.

The purpose of the compression is not to reduce the message length (though that may be of use) but to flatten the plaintext statistics. The use of AES in an appropriate mode further reduces other statistics. Thus making what goes into the OTP already to difficult to analyse.

If not is it even possible to tell which encryption was used if you don’t know the plain text?

Due to the way data is transmitted it's quite often easy to realise which crypto algorithm is in use. For instance with block ciphers the size of the blocks can usually be determined hence give a significant clue as to the algorithm.

Back a century ago when algorithms were ment for the human head and hand to use, it was often easier to tell what language the original plaintext was in just by examibg the ciphertext than it was to determin the actuall algorithm that was used. Often this was because the ciphers were permutations followed by weak substitutions. With the beginings of the more complex cipher machines post WWII repeated layers of permutation and substitution became possible which made the guessing harder but by no means impossible.

TomS.December 23, 2018 11:27 PM

@65535

Not expert. I do focus on finding and using good sources.

Again, It was just an interesting problem to solve
The fun is in the chase, isn't it?

Wishing our host and all guests Great Holiday Cheer.

Regards,
Tom

Denton ScratchDecember 24, 2018 6:04 AM

Re. Gatwick:

1. Police have released the 47-year-old man and 53-year-old woman without charge. A senior officer said they had not released the couple's names.

Interesting; so how did the press get their names?

2. Remains of a broken drone were found 'near the perimeter'. Inside or outside?

3. All drone sightings were by amateurs. The airport was closed down on the basis of rumours from tourists.

4. On the dangers of snipers shooting down drones: Heathrow and Gatwick are both crawling with cops armed with M1 rifles. Are they forbidden to actually fire them? After all, the drones were reportedly flying near the runway; in general there are few human targets near the runway of a commercial airport. There are also few airborne targets, if you first close down all flights.

5. Senior police officer now says there may well have been no drones at all. Why didn't he say that sooner? Perhaps he has only just come on duty?

6. It was reported that on the very first day of this scare, both the Army and the RAF offered military anti-drone equipment and trained personnel. The report said that ministers turned these offers down, thus turning what could have been a one-day shutdown into a three-day shitstorm of major proportions. Unfortunately the report didn't name any ministers; but the Transport Secretary is Chris Grayling - in my view the least competent, most cynical person that has ever 'graced' the government front bench.

I have only seen this report in one place - can't remember where, but probably Guardian Online. I think that report probably provides the best clue as to what may have happened; ministers seized on the scare as a distraction from pressure to hold a 'meaning vote' on Brexit before Christmas. Police and airport authorities were encouraged to hype up the rumours from tourists.

I don't know why that story hasn't been reported anywhere else; but I have quite a cynical view of the mainstream media - I suspect the story has been spiked at a very high level.

FaustusDecember 24, 2018 11:08 AM

@ Clive

I think you have a misunderstanding of randomness. Runs of zeros don't matter because the adversary does not know where they are are and therefore can't do statistics on the corresponding ciphertext.

Suppose you look at the ciphertext and it has "FBI" in it. Do you go "Ah hah!", this is about the FBI! No, because it is just as likely that the plaintext said "CIA" (or any other trigram) and the OTP transformed it to "FBI". The chance of getting 3 zero bytes in a row is 1/2^24, the same as the chance of getting any other 3 bytes, one triple of which will make any other trigram. The perfectly secure nature of the OTP denies you any other way to verify your "CIA" guess.

Denton ScratchDecember 24, 2018 11:31 AM

@Faustus

You are right. Clive is mistaken. If a TRNG spits out 512 zero bits, the attacker cannot distinguish the resulting ciphertext from any other 64 8-bit characters. If the ciphertext reads "Attack at dawn" the smart cryptanalyst assumes that's just a very unlikely coincidence (assuming he knows he's reading a cryptogram based on a TRNG). Remember - the 'T' stands for 'True'.

Encrypting first with AES makes no difference - you are still just as likely to arrive at a ciphertext containing "Attack at dawn" (AES output is indistinguishable from random bits). In fact encrypting first with AES is positively harmful, in that a crack of AES could blow your scheme.

The real problem with OTP (and by extension TRNG) is that you need to share the entire bit-stream with your correspondent, in advance, securely. You-must not reuse any part of the bit-stream; you must not attempt to use any part of that bit-stream to key a new cipher. If you do, you will find a new bullet-hole in your foot.

Denton ScratchDecember 24, 2018 11:41 AM

Re-reading, I see that I've suggested that a TRNG is as bad as an OTP based on a TRNG. That's not what I meant.

A TRNG is very useful for generating keys for other ciphers; in fact it's the gold standard. But an OTP based on a TRNG is no better or worse than any other OTP, provided that the OTP's key cannot be guessed by the adversary. The use of a TRNG just provides a certain assurance of un-guessability; but the use of (say) a book in English that only you and your correspondent have access to, to create an OTP cipher, is no worse than using a TRNG.

If the adversary doesn't know the OTP key, then any ciphertext is as likely as any other - including 'Attack at dawn'.

65535December 24, 2018 6:08 PM

@ Clive Robinson and other M$ experts

“MSDOS + Windows (16bit) through to 2000 and XP[1]. I've never had malicious software” –Clive R.

I am working on your project. I have found images of all Win XP and Server 2003, Win 2000 Pro and Server 2000 and NT 4.0 with most service packs files.

I cannot find Win 98, Win 95, Win 3.11, MS-DOS versions 3 to 6. I believe that Win 3.0 to 3.11 can be used in MS-DOS 16 bit mode. I could stop at Win 3.11 or 3.0 by only using the MS-DOS base.

Is there an on line site which has the above version archived and hopefully for no cost?

@ TomS.

“The fun is in the chase, isn't it?”

Yep.

Thanks for the kind words and holiday cheers to you.

@ bttb and Tatütata

I agree. Those FBI tackic are dirty-greasy and should probably be stopped.

From your artstechnia article the FBI seem to be sleazy and out of control. I am glad the ACLU is fighting them.

Arstechnia

Ht tps://arstechnica.com/tech-policy/2018/12/aclu-to-feds-your-hacking-presents-a-unique-threat-to-individual-privacy/

To commenter =>

"Electronic Frontier Foundation is making progress in a long-running FOIA suit against the DEA"-Tribune_of_the_Pleb
https://arstechnica.com/tech-policy/2018/12/aclu-to-feds-your-hacking-presents-a-unique-threat-to-individual-privacy/?comments=1&post=36565527#comment-36565527

to =>

EFF site

"Before and After: What We Learned About the Hemisphere Program After Suing the DEA… By Dave Maass December 19, 2018... New York Times revealed that the AT&T gives federal and local drug enforcement investigators access to a phone records surveillance system that dwarfs the NSA’s."-EFF
See:
https://www.eff.org/document/hemisphere-complete-dea-foia-response-0

[and]

https://www.eff.org/deeplinks/2018/12/and-after-what-we-learned-about-hemisphere-program-after-suing-dea

to DEA records =>


See the drove of data in the DEA 326 page pdf
https://www.eff.org/files/2018/12/19/hemisphere_-_unredacted_releases.pdf

=>

When opening that DEA 326 page pdf I found some good information and some other that is readacted to other non-sense such pie chards and graphs that look like lies.

The data shows At&T has sold or given thousands upon thousand of phone records to the DEA... in a Fishing expidition with little to no oversite or control. How and why the DEA got those jillion records is unknown and quite troubling.

=>

example of lies on page 311 with "L.A. HIDTA Request by Squads" pie chart shows grossly inaccure proportion of 102 phone records representing 2 percent of pie chart and more reasonable 205 phone records of 50 percent of the chart. What a SNAFU.

My guess is that after the DEA’s dubious hey stack of phone records those records went to the FBI who then got a few kiddy porn users => millions of dollars wasted.

=> Gatwick authorities overreaction.

Large number of passengers essentially in lock-down, million or billions of GBP/dollars lost => fantom drone and zero evidence. It’s disturbing to see government[s] burn-up the tax payer’s money on nonthing but Miliatry and LE payroll. This is akin to a huge “un-employment => employment” government project, that is not good.

Holidat cheers to all.

[excuse all the errors, I rushed this out]

CallMeLateForSupperDecember 25, 2018 7:15 AM

@65535
"I believe that Win 3.0 to 3.11 can be used in MS-DOS 16 bit mode."

Not only can Win 3.0 and Win 3.1 be used with DOS, each *requires* DOS. One would install DOS and then, from a DOS prompt, install Win. Those Win were "shells" that ran "on top of" DOS.

Since DOS was not "fully preemptive" (by any stretch of the imagination!), neither was 16-bit Win on top of DOS; Win-caused system hangs (requiring re-boot!) were common.

ISTR that MS released MS-DOS to the world, either this year or last. Or maybe I have DOS and some other product mixed up.

Clive RobinsonDecember 25, 2018 9:55 AM

Trump wants the clocks off

In what some describe as an act of lunacy, US President Donald Trump has decided the Radio Clocks transmitted since WWII should be tirned off.

What he and others around him do not realise is just how many dependent systems there are on these radio clocks. And before people say "GPS" sorry guys it won't cut the mustard for a whole bunch of reasons.

https://www.voanews.com/a/time-may-be-running-out-for-millions-of-clocks/4554376.html

Not exactly the news you want to hear especially if you know you have dependencies on these clocks, it's going to be difficult and probably expensive just like Y2K was to sort out. But for others who are not aware if it happens it will be like Y2K happened for them...

Bong-Smoking Primitive Monkey-Brained SpookDecember 25, 2018 2:42 PM

@Clive Robinson:

you might find this little ditty sent to me via others amusing,

Startling! Bummer, you just gave ideas to our third-tier self proclaimed poet. I need to make a small remark: I may be a stoner, but I assure you I don't stink.

Clive RobinsonDecember 25, 2018 4:19 PM

@ BSPMBS,

Bummer, you just gave ideas to our third-tier self proclaimed poet.

OK, so with a lead in line of,

    I may be a stoner, but I assure you I don't stink.

There's not much I can do with "stoner" that is not going to raise more than an eyebrow ;-) So "doner", "Honer", "loner", "loaner", "moaner", and "toner". On the other hand "stink" goes with so many nice words like "fink", "clink", "kink"...

But add we can to give,

    I may be a stoner, but I assure you I don't stink. That's not why I'm a loner, it's due to wink wink...

WaelDecember 25, 2018 6:14 PM

@Clive Robinson,

Found it. If I remember correctly, it had two Germanium transistors (Toshiba 2SB-56) and two silicon transistors (2SC-31, I think.) Was a great kit, unlike the crap they had at Radio Shack. The funny thing is I always thought it was Japanese because of the transistor brands. Now, 30+ years later, I find out it's German! Now that would be a great gift -- hint, hint, wink wink :)

I built so much stuff with this thing (before I moved to breadboards and PC-boards.) Oh, the good old days...

TatütataDecember 25, 2018 7:02 PM

If I remember correctly, it had two Germanium transistors (Toshiba 2SB-56) and two silicon transistors (2SC-31, I think.)

ACK for the 2SB56, a germanium PNP device with metal encapsulation.

Less than 100% sure for the 2SC, but it sounds right. It was an NPN device in a black hemispherical plastic case.

Was a great kit, unlike the crap they had at Radio Shack.

Mine *WAS* from Radio-Shack, it was half as large as the kit displayed, essentially with all the parts on the lower half, and in the same quality (same loudspeaker, same relay, same key, etc., minus the meter and that amplifier module near the speaker, but plus a polyethylene variable condenser). It was housed in a wooden tray, and the springs and devices were retained on a ~2mm thick piece of cardboard. I can't remember the language the book was in, I had barely learned to read when I got it.

WaelDecember 25, 2018 7:41 PM

@Tatütata,

ACK for the 2SB56, a germanium PNP device with metal encapsulation

Right!

It was an NPN device in a black hemispherical plastic case.

Also right, although I am not sure the case was plastic, it could have been some other material! The 2SB-56 was mainly used for Audio applications, and the 2SC-31? was for RF, or higher frequency applications, although I vaguely remember that I built an FM transmitter with 2SB-56, but not sure now, it's been a long time.

@BSPMBS,

you just gave ideas to our third-tier self proclaimed poet.

Put the bong down, Monkey Brain. I'll have something when I feel like it. These things come as inspirations.

I can't remember the language the book was in

Mine had an English manual. I don't remember where I got it from, but it wasn't from the USA.

WaelDecember 25, 2018 8:17 PM

@Tatütata,,

although I vaguely remember that I built an FM transmitter with 2SB-56, but not sure now, it's been a long time.

I just remembered now! There was a 2SA49 transistor for RF as well. PNP, same metal casing as the 2SB56, that's why I wasn't sure! It's the one I used (along with the 2SC for RF, not the 2SB56.) Apparently there are no hyphens in the name... my bad!

I may have to change a speaker and some other components as the seller says it makes "crackling sounds". Will get it the first half of January, 2019 (no manual, but I am sure I can find a pdf somewhere.)

2SA49 just to the left of the transformer on the bottom board.

Clive RobinsonDecember 25, 2018 11:53 PM

@ Wael, Tatütata,

Now, 30+ years later, I find out it's German!
It was housed in a wooden tray, and the springs and devices were retained on a ~2mm thick piece of cardboard.

Yes I had one too, though mine was housed in a cardboard box and more than fourty years ago, it had the polycap variable cap and MW wound ferrite rod antenna, but only did about thirty experiments. It developed a problem that I hope your much later model does not have. The springs were made with very poor quality steel that had poor chrome coating that flaked off leaving a higher impeadence steel that started to rust and become real high impeadence and "noisy as two feral cats in a bag". Worse was the holder for the AA batteries...

The transistor in mine was if I remember correctly an OC71 equivalent in a black tube that was actually not plastic but black paint dipped glass tube with the transistor "frit sealed" inside. If you scraped the paint off you got an optical transistor that would have cost you three times the price... I don't actually remember the transistor number but it was a Japanese 2S something. I'd looked it up for it's equivalent in TITS[1] when pulling the kit appart for bits after the springs had had it.

The annoying thing was the kit was most of the thirty experiments were naff because they had over economised on parts. Whilst it could be either a Medium Wave (MW) Radio receiver or a, medium wave oscillator with "plate modulation" via the little audio transformer it could not be both. Which ment you either needed two kits or a transistor radio.

That transformer you found in nearly all Japanese three transistor MW pocket radios of the time (VHF FM was still not happening back then though it quickly changed). That basically used the same front end radio circuit as the kit but a complementary pair of transistors to give a class AB amplifer at 3V swing to drive the transformer that drove the ~5cm 8ohm speaker.

The kit I had, had no such luxury though, it only had a "Crystal Earpiece" which was actually an old fashioned pink plastic coated "hearing aid" moving coil 70ohm device with pink twisted wire lead. That when you removed the clear plastic "ear tube" became the equivalent of a "moving coil microphone".

Which right there was a "Security Lesson" in it's own right about the reversability of transducers...

Years later I used the transformer with a couple of 741 Op-amps to demonstrate you could make a two-wire to four-wire converter that when you put a speaker on the two-wire side, you could both play music through the speaker whilst picking up people talking close to it. It was somewhat of a scary eye opener for some. Back then most of the PI/PS types were advising people that it was OK to talk in a room and use a radio to stop bugs working... It was only in the 1990's that it became publically known that the Russian cars that carried business men and minor diplomates to their hotels and the radios in their hotels all did this trick. What I've not been able to confirm is if it was Russian inventor Leon Theremin who came up with the design or not. It's known he came up with the design of "The Great Seal Bug" or "The Thing"[2] as it was called as well as that weird electric musical instrument that carries his name and can be heard on the Beach Boys record "Good vibrations".

As for those transformers they are like "gold dust" these days, I needed one for a little audio issolation box the other day to hook up my son's Yasseu all band QRP rig (FT-817) to his "old" smart pad so he could run some digital modes "portable". Hunted high and low even for old PC Modem cards in the scrap box to get one from but I'd used the lot. Ended up having to use a pair of back to back electrolytic capacitors[3] and a current biased BC109C as a low gain Class A buffer amp. I hate current bias as it's prone to not just thermal run away but becoming an oscillator[4]. Worse still for portable work it needs a power source unlike a transformer :-(

[1] Towlers International Transistor Selector or TITS for short was a yellow paperback "pocket" book about A6 in size. About 2cm thick it listed equivalents for the 2S Japanese 2N US and Mullard BC etc transisters so repair technicians could find replacments. Though experience taught me that BC107 through 109 and later ZTX300 usually worked in voltage biased circuits. Current biased was as they say "A,whole different kettle of fish"[4]. Whilst I still have TITS kicking around the workshop somewhere I no longer have the compleate Mullard Valve data books that had glossy A5 sheets of paper in hardish cover black leaver arch ring binders. They covered every octal base valve (tube) they made, and some realy weird bottles like the Line Output Devices used in colour TV's that had X-Ray warnings (they actually glowed faintly "apple green"). The pages and the binders they came in had a characteristic smell, I later found out was due to a nitro cellulose finish that was degrading into something that would become a mixture of a nitro based explosive, and fire accelerant...

[2] I still design surveillance devices that work on this principle though they are quite a bit more advanced than the version you can see in the TAO catalogue. The original or a duplicate is on display in the NSA museum,

https://www.cryptomuseum.com/covert/bugs/thing/index.htm

However what the crypto museum says about the UK's Diplomatic Wireless Service (DWS) and the UK's MI5 involvment in the incident is unsurprisingly "down played" read Peter Wright's "Spy Catcher" for a lot more of the story, the web site is being overly shy about. Sadly Tony Sale (of Bletchly Park fame) is nolonger with us. He was Peter Wright's assistant and could confirm the part MI5 played in things. The website talks about a "Crystal video-Receiver" this was an 1N23 diode detector followed by a wide band "video amplifier" that eventually got upgraded in the US by the addition of a low power Traveling Wave Tube RF amplifier. Long after the DWS had moved to rather more sensitive equipment. It might well account for why the DWS first detected the Great Seal Bug output signals and reported then back to the US, through a route that avoided the majority of the US IC and SigInt entities (some things are just to important to tell your friends who gossip).

[3] The use of back to back electrolytic capacitors to get over the polarisation issue is something that should be discoraged in designs these days. Because not only are modern electrolytics way less tolerant of this abuse it causes increased noise into a very high impedence to get a flatish frequency response, thus is not a good idea with low level signals. Yes you can use one polarised electrolytic capacitor, but only when you know which way the DC offset is going to be, which when you are going for full "galvanic issolation" for electrical safety reasons does not happen...

[4] Proving the old design engineers saw of "Oscillatots don't but amplifiers do..."

WaelDecember 26, 2018 12:26 AM

@Clive Robinson,

Whilst I still have TITS kicking around the workshop somewhere

I'll comment on the rest later. This can't wait: seriously? I'll be nice this time and let it go ;)

My goodness, you're gonna get me banned!

TomS.December 26, 2018 1:22 AM

@ Wael, Tatütata, Clive:

Reading your fond recollections and restoration project, I regret not spending more time with the kit I had as a kid. Good luck on your project. I'm inspired to carve out more time to spend with kid and kit here.

All the OS talk:
Microsoft posted the source to MS-DOS 1.25 and 2.0 to Github.

Check out PCJS.org. It uses Node.js to emulate early x86 hardware, 8086 through at least 386 maybe 486. A wide selection of DOS and Unix operating systems. Windows versions 1 to Win9x. Large catalog of language compilers and assemblers. Even has Zork! Good fun to recreate previous projects and discover forgotten fun.

Archive.org's software archive has a substantial amount of stuff to run in a browser based emulator. Caution, early malware samples are present and a few entries in the title listings are not safe for work.

WaelDecember 26, 2018 4:47 AM

@TomS., @Tatütata,

I regret not spending more time with the kit I had as a kid.

I regret a lot more than one thing.

I'm inspired to carve out more time to spend with kid and kit here.

It's amazing what one can do with a few simple components. It's steadily becoming a lost art. Good luck with your new endeavor. As for me, this was the first time I buy from eBay (a German eBay site, mind you) ... Let's see how it goes.

@Clive Robinson,

but only did about thirty experiments.

Most of the experiments I did had to do with RF and antennas. Simple one-transistor transmitters that had a range of a 100 or so meters, equivalent to BT these days. I wanted to increase the range by adding more transistors, but that knowlege had to wait until my college days, when I could build RF amplifiers.

The springs were made with very poor quality steel [...] Worse was the holder for the AA batteries...

I didn't have these problems.

AB amplifer at 3V swing to drive the transformer that drove the ~5cm 8ohm speaker.

The "intercom" project that the Kit showed used the two speakers in the kit. It was a push-pull audio amplifier. A simple ciruit really, but worked expetionally well. Two transitors, two transformers and two speakers plus some biasing resistors and few capacitors.

... it only had a "Crystal Earpiece"

Yea, I had one in tmy kit, too. I subsequently bought a few more (I bought some about a coupple of years ago, now I have to look for them.) I was fascinated by them after I built a passive radio reciever (that requires no power sources)

Which right there was a "Security Lesson" in it's own right about the reversability of transducers...

A concept known as "Symmetry"; an antenna has the same radiation pattern whether it transmits or receives.

you could both play music through the speaker whilst picking up people talking close to it.

I need to see that in action. Never tried such a thing.

WaelDecember 26, 2018 9:16 AM

@Clive Robinson,

Worry you not it's a genuine book...

Given the book title, perhaps a quarter of it is! If it contains only Germanium transistor listings then it is genuine. If it has Silicone transistor listings, then it can't be genuine :-) Kind of strange that this topic appears whenever we discuss planes or GPS, or flying objects, hmm!

65535December 26, 2018 10:28 PM

@ TomS.

Thanks.

I have book marked PCjs org, the MS dos 1.25 and 2.0 from Microsoft, and the Internet Archive. I am still working off all of food consumed during the holiday but I will down said OS versions as soon as possible.

@ CallMeLateForSupper

“…Win 3.0 and Win 3.1 be used with DOS, each *requires* DOS. One would install DOS and then, from a DOS prompt, install Win. Those Win were "shells" that ran "on top of" DOS.” -CallMeLateForSupper

So, the DOS is on the set in separate disks?

I guess, I will find a floppy reader and give it a go on a test machine.

I could go with TomS and download the code or even the exe and have Win 2000 – XP use the 16 bit lift module [NTVDM] and operate in DOS mode, say in legacy mode or just expect NTVDM to kick in … if am wrong let me know.

Thanks.

Wesley ParishDecember 27, 2018 3:36 AM

@65535

You'd get the MS DOS in a separate disk pack; it'd probably have come with the PC, whereas it took a while for Microsoft to work out deals where MS Windows 3.x was preinstalled. And there was a fair amount of software piracy going on - a lot of students got their first MS Windows experience courtesy of something that fell off the back of a hard drive.

Needless to say, neither MS DOS or MS Windows were particularly secure, much less designed with security in mind. MS Windows as a DOS shell, multitasked cooperatively - that is, if a task wanted to let go the CPU, RAM, etc, it did, but only if and when it wanted to. If your task wanted to have a go, and the previous task didn't care to let it, it didn't have a go. If both tasks wanted it and grabbed at unprotected memory, the PC crashed.

MS Windows 3.x should be required study in all Operating Systems classes, as a prime example of how not to design operating systems. Looking back, I think it's amazing that anything got down with such a useless system. But that owes more to people's bloodymindedness than to Microsoft's software.

Clive RobinsonDecember 27, 2018 5:07 AM

@ 65535,

So, the DOS is on the set in separate disks?

Yes even in some early versions of Win95 you could easily pull out the MS-DOS Component.

Few realise that having "Windows as an overlay" was happening with Win-NT. That likewise is very similar in that you don't need to run the Windows component, and back in NT4 many people ended up doing just that on servers due to the "Screen Saver bug". Put simply your WinNT server was doing greate and you were happy. You'ld then go get a fresh coffee sit down to contemplate what you were going to do, when the phone would ring and either a user or first line tech support --depending on the size of the organisation-- would tell you your server was down or slower than a geriatric snail on mogadon.

You'ld hastily reach for the mouse and type in the admin password and pull up whatever instrumentation software you were using...

It did not take long for people to realise that the screen saver was swallowing upto 90% of the CPU performance...

The oft used work around was "Disable the screen saver" the down side of this was the security risk...

Speaking of which look out for MIcrosofts very own version of the *nix chron-shroot bug oh atleast a decade after *nix had solved it's version.

Put simply you would login as an ordinary user set up a job to restart the win shell in oh three minutes then kill your current unprivileged win shell to get back to the dos shell without loging out. The job runs the new win shell starts and you are in it, you check and now find you are "system" as the user...

This was just over a decade ago and has been subsequently fixed. But it did start me thinking about "Why are we not learning from past solved problems" which unfortunately is still happening as I comment from time to time ;-)

TatütataDecember 27, 2018 9:22 AM

Politico, Andrew Restuccia, 26 December 2018: How Trump gave away his secret war zone trip

The president's trip to Iraq was supposed to be a surprise. But the White House couldn't keep the sensitive trip a secret for long.

Well, it's a security related topic, ain't it? :-)

The headline somehow suggests that the leak came from the bruzidonshal tweethole, but it was a combination of COMINT traffic analysis (the tweet density collapsing), old fashion kremlinology (the presence of a ceremonial Marine on the steps of the WH), and open data (real time flight tracking) that did it.

I find it cute that the transponder ID for a segment of the flight was 4711, a well known brand of Cologne.

TatütataDecember 27, 2018 9:57 AM

The 35th edition Chaos Computer Club's annual congress ("35c3") opened today in Leipzig, and will continue until 31 December.

The videos began to trickle online since a couple of hours.

https://media.ccc.de/tags/35c3

Happy binge watching! :-)

TomS.December 27, 2018 12:47 PM

@Clive

But it did start me thinking about "Why are we not learning from past solved problems" which unfortunately is still happening as I comment from time to time ;-)

On the topic of previously solved problems: [Rant]Embedded credentials[/Rant] The time-shared systems had famously known maintenance or vendor passwords. Fast forward to widespread connectivity, Ooops, bad idea. Then the router and switch makers in the 90s. Lesson retaught. x86 server makers and embedded management controllers (BMC). Lesson retaught. Read almost any month of Cisco security vulnerabilities and find at least one mention of a product shipped with embedded credentials in newly developed equipment! Still happening.

My favorite today is the control systems manufacturers, full of default credentials. A traffic signal controller vendor had a wireless networking enabled controller with known embedded credentials. Yep, drive-by green-light. It was around a year from the researcher notification to vendor fix available. How'd they find the credentials? Downloaded the firmware from an open website and ran "strings" against it.

I expect cars next. They have connectivity today without credentials and poor isolation between vehicle operational systems and infotainnment systems, e.g. 2015 Jeep hack. https://www.carhackingvillage.com/

Re: NT screen saver:

It did not take long for people to realise that the screen saver was swallowing upto 90% of the CPU performance...
The oft used work around was "Disable the screen saver" the down side of this was the security risk...
3-D Pipes was a common culprit. System policy, a predecessor to Group Policy, could be used to set the blank, password protected screen saver on the console. I think the resource intensive screen savers coud be left out during setup.

I don't remember a GUI-less option in NT 3.51 or NT 4. IIRC, 3.51 had the Program Manager shell and 4 defaulted to the Explorer shell with Start Menu. Server Core, without a GUI, debuted in Windows Server 2008.

Andrew Schulman's Undocumented DOS & Undocumented Windows had a tremendous impact. I remember thinking that if Bill G. had a hit list, Schulman would have been on it.

@65535
I've lost track of what you're trying to do with the older OS's. For anything other than nostalgia or supporting an irreplaceable application, why bother? FreeDOS is more modern, current BSD's, Windows 7, macOS X, or even a well-chosen Linux distro, are safer than old MS OSs. DOS 2 was atrocious, lacking even the maturity of CP/M.

TomS.December 27, 2018 12:48 PM

@Tatütata
Thank you for the "35c3" link. Something interesting from that show frequently shows up in the SANS Internet Storm Center podcast.

TomS.December 27, 2018 1:00 PM

@Wesley Parish

MS Windows 3.x should be required study in all Operating Systems classes, as a prime example of how not to design operating systems.>
Apple's Classic MacOS' through OS 9 were cooperatively multi-tasking as well.

Of note, AmigaOS, using the Motorola 68k chips, had a pre-emptive multitasking kernel in the mid-1980s.

Clive RobinsonDecember 27, 2018 8:49 PM

@ TomS,

Of note, AmigaOS, using the Motorola 68k chips, had a pre-emptive multitasking kernel in the mid-1980s.

If I remember correctly --it was a long time ago-- I think that the "next generation" Acorn computer after the BBC model B likewise had a development pre-emptive OS (Arthur 1.0) with hardware support built into what later became the first of the ARM cores you could in effect buy as a chip mask[1]. However it was deemed too slow (something to do with claiming to be the worlds fastest processor or some such specmanship). So the official release 1.2 had been switched from pre-emptive back to cooperative multi-tasking to get the response time up and not long after became RISC-OS that is still around today and still as I understand it cooperatively multi tasked (Apparently you can get it for the Beagle boards and Raspberry Pi, but with not just a Debian Linux but other *nixs available why bother).

It's not just the likes of Cisco who should know better but when school kids say "Cisco they are so powned by the NSA" when talking about how they reflashed their home router... maybe the kids are right and it's policy. We certainly know it is for the NSA ;-)

But the issue still remains of why software devs relive issues that were supposadly fixed less than a decade befor. Thus are well within living memory of atleast 80% of devs...

You certainly get the feeling they are totally unaware of the ACM IEEE-CS's Code of Ethics and Professional Practice,

https://ethics.acm.org/code-of-ethics/software-engineering-code/

Oh and the ACM's own code of ethics for ALL members,

https://ethics.acm.org/code-of-ethics/

Section 1.6 is one that more people in the industry should understand...

[1] The company I worked for at the time was a "Torch Computers" distributer and our visiting sales rep was somebody called Charles Dunston, who later gained fame by setting up "Carphone Wharehouse". It was he and a technical rep whose name I can not for the life of me remember who told me about the early Acorn RISC developments, apparently Herman Hauser had let his gums flap for some reason. Torch however decided not to go down that route and developed it's own 68K processor card to plug into the BBC Model B tube port. They opted to port Unix across to it and the system was sold as the "Unicorn" a cheeasy marketing name if ever there was one ;-) I did a bit of addon hardware development for it that enabled the "Econet" network[2] to be used to take a "terminal concentrator" so that you could run a few VT52 terminals off of it (not as "OS users" but "application users" for "licencing reasons"). The idea was for "accounting" or "Human Resource" usage, however those supposadly developing the applications decided not to play...

[2] Acorn were quite bad at developing products after their initial release. Thus Econet from Acorn could only support one printer and one file store. Afterca little arm twisting we got enough info out of Acorn via Torch to do some reverse engineering on both the Acorn Econet ROM and Torch Z80 card ROM to allow more printers and file stores. I remember having a chat with my colleague Simon Williams over a bottle of spirits as to just how many printers and file stores we should alow. I wanted 255 of each which Simon was not adverse to, but the idea was cut back to 2 because the engineers "back up the chain" thought it was "not feasable" I pointed out having worked on Cambridge Ring hardware and early Ethetnet hardware that bridging in Universities was the norm thus we should "think big". Any way the upshot was 2 was the number chosen because "that's the maximum schools or businesses would ever need"... Oh and it ment "simple commands" not "Fancy names"... Well it was a third of a century ago so what did they know ;-)

Clive RobinsonDecember 27, 2018 11:41 PM

@ Rach El,

I keep hoping to hear my favourite phrase, Einstürzende Neubauten

Why imploding new buildings?

Or do you just like the way it "rolls off the tongue"?

Rach ElDecember 28, 2018 1:43 AM

Clive

I love the way it sounds when prononced by a native. It will however be recognised by the likes of Dirk Praet and probably Tatütata as a highly influential West Berlin based experimental industrial music band. Kind of ties in with the peak energy experience in New York Wael believes is drone related :-)


WaelDecember 28, 2018 2:03 AM

@Rach El, @Clive Robinson,

peak energy experience in New York [...] believes is drone related :-)

Not a belief. It's a conjecture highlighting that drones could deliver malicious payloads to structures other than airports.

vas pupDecember 28, 2018 11:56 AM

New models sense human trust in smart machines:

https://www.sciencedaily.com/releases/2018/12/181211190018.htm


"Everyone's brainwaves are different, so you need to make sure you are building a classifier that works for all humans.

For autonomous systems, human trust can be classified into three categories: dispositional, situational, and learned.


Dispositional trust refers to the component of trust that is dependent on demographics such as gender and culture, which carry potential biases.

"We know there are probably nuanced differences that should be taken into consideration," Reid said. "Women trust differently than men, for example, and trust also may be affected by differences in age and nationality."

Situational trust may be affected by a task's level of risk or difficulty, while learned is based on the human's past experience with autonomous systems.

The models they developed are called classification algorithms.

"The idea is to be able to use these models to classify when someone is likely feeling trusting versus likely feeling distrusting," she said.

Jain and Reid have also investigated dispositional trust to account for gender and cultural differences, as well as dynamic models able to predict how trust will change in the future based on the data."

My take: those classification looks for me fruitful for LEAs/IC to be taking into consideration as well.
I don't agree with the concept that machines always perfect in a sense to be trusted 100%.
They do have their troubling factors as well (intentionally or naturally) affecting their performance. Just recall that WWIII was prevented by human interference in launching nuclear strikes on both sides in USA and USSR.

timbreDecember 29, 2018 11:53 AM

@Rach El

I have particularly liked this Win hardening package

https://hardenwindows7forsecurity.com/index.html

Excellent site, I would like to point out that in my version of Win7 disabling the Secondary Logon does NOT disallow a standard user from running an executable with elevated privileges (Right-Click "run as administrator").

I found I had to open Local Security Policy and modify the User Account Control: Behavior of the elevation prompt for standard users setting to Automatically deny elevation requests as described here (it's for Win10 but seems to be the same thing)
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/user-account-control-behavior-of-the-elevation-prompt-for-standard-users.

I also wonder about FinFisher FinFly and Windows updates, or installing some of the various security software mentioned in the article.

WeatherDecember 29, 2018 1:10 PM

You can open Paint on windows and use the Rgb setting to write a exe, the exe can have heaps striped of the header and still work, open in notepad and remove the first to a marker say AAAA, it gets passed the not copying exe, but still can run.

bttbDecember 29, 2018 4:35 PM

@Rach El

From the start of your "EU Diplomatic Cable leak" Guardian post above:

"WikiLeaks 2010 it is not, but the hack of the EU diplomatic service’s internal cables stretching back three years reveals much about the issues that preoccupy the European commission’s foreign policy apparatus, notably the rise of China.

Throughout the cables – more than 1,000 have been leaked to the New York Times – the EU conducts itself as a formidable, functioning foreign policy state with a unified interest. At one point the European commission president, Jean-Claude Juncker, tells the Chinese “the EU expected to be treated as undivided and undividable”."

TomS.December 30, 2018 11:09 PM

@ Clive

I knew Acorn rang a bell somewhere. Tongue in cheek caution: This is a dangerous link for any persons afflicted with old hardware affection.

Byte U.K Magazine from 1986 on Acorn and the development of the ARM.
https://archive.org/details/byte-magazine-1986-01/page/n407

7 mm square, 3 _micron_ feature size, 3 MIPS.

That portable you have locked up that you recently mentioned wouldn't happen to be made by somebody named Alan would it?

A whole archive of Byte! Hooray, it really is Christmas! I still have the last year or two boxed up. I miss Byte to this day. Writing from before the TL;DR era. That magazine is my museum equivalent. More than anything else, it lit the fires even when all I could comprehend was the page numbers. I knew I wanted to understand more.

Appreciate the opportunity to revisit the Code of Ethics as well. Good reminder.

Clive RobinsonDecember 31, 2018 10:17 AM

@ ,

That portable you have locked up that you recently mentioned wouldn't happen to be made by somebody named Alan would it?

Yes if you mean "Your Fired!" man.

For those that don't know the popular program "The Apprentice" started in the UK and the boss used to have a company called Amstrad, since then he has moved into "property" and has picked up a "Lordship" along the way.

He also has some rather nasty political views these days that can make the UK far right look almost like fluffy bunny huggers in comparison...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.