Schneier on Security

1&1~=Umm • March 21, 2019 11:05 AM

@RealFakeNews:

“… that they were more advanced in what they’d achieved than anyone thought actually possible”

Actually that was not the case. Due to what was happening in Uhta with the NSA data silo our host actually asked the blog readers what they thought the capabilities might be. This was before Ed Snowden released the archive he had built up.

I think even our host was some what shocked to find from those a little closer to the technical capability side just what could be done “store it all” and the implication of what that realy ment in terms of the NSA effectively being able to go back in time to re-run various traces etc. In short the total demise of ephemeral communications.

The point being that there are people on the technical side who know, not just what the laws of physics will alow, but also the resource cost to do it, thus what budjets will alow. These sorts of people tend not to discuss it outside of their own work domain, not because it’s secretvetc but simply because the average person not only does not believe them, but actually refuses to believe it after being given proof.

The same happened with the Ed Snowden Revelations, people went into mass denial, then for most the other stages of mourning. In a way for them it had been a major death because what they had been brought up to believe was shown to be total lies. Some never came to terms with it and are still in denial, and would rather ‘kill the messenger’ than admit the truth of the message. Which is just one of the reasons Ed Snowden is still effectively in limbo in Russia very much dependent on the vagaries of international politics.

As for what’s in the archive we mostly do not know. It’s been alleged that there are over 1.7 million documents in there, which for obvious reasons nobody has actually read. Surching by term is a very inefficient way to get information out of such a repository so I doubt we have even seen a fraction of a percent of what is in there.

Personally I think the whole thing should be put into the public domain such that thousands of eyes can look for what they can find, that way we still stand a chance of getting worthwhile and actionable information out of it, of which it would be reasonable to assum there is still a fair amount of.

But it won’t be put in the public domain because ‘Knowledge is power’ and certain people have done very well out of it, and it is unlikely they would want to give up such power. Especially as others have indicated that power might be that between life and death.

1&1~=Umm • March 21, 2019 11:55 PM

@Tatütata:

“These news confirm IMO the generally dim view held by John Young and Deborah Natsios of Cryptome on The Intercept.”

They are not the only ones. Let’s be honest the Intercept has gone for the human factor in it’s stories, with little or nothing on the technical side.

I’m guessing most readers who come here are not looking for the human factor but the technical.

Whilst ‘human interest sells papers’ just like ‘My horrible surgical scars’ stories do, neither helps in solving the problem, only the technical information does that.

But there is no corporate lawyer in the world that will not go ‘waily waily waily’ if you try to publish hard technical details. Because ‘there be dragons’ of liability involved without the explicit consent in writting of the ‘technology owner’ for that which is not yet in the public domain.

As any engineer will tell you 90% of fixing a technical problem is actually finding the fault. It’s why repairing technical issues are more often called ‘fault finding’ rather than ‘repairing’. That is the assumption is the actual repair comes as the final stage of fault finding as it verifies the hypothesis.

The inverse of this is that you can not ‘fix’ a broken system unless you are aware of how and why it broke. Further you cannot ‘design out’ such a fault in future without being aware of how and why earlier systems broke.

Few admit it in our corporate world but whilst imagination might be the mother of inovation, technical history is the father of the design that makes the inovation possible.

Without the technical information in the Ed Snowden trove, we effectively have ‘sensationalism’ as the reason to publish, which ages very very quickly, and rarely fixes anything unless there is already the political will to do so.

The technical information teaches, thus knowledge is a result, this is essentialy timeless from then onwards as it’s legacy is avoiding the mistakes that gave rise to the technical information in the first place. In time such information becomes woven into the fabric of design, almost as lore but usually a lot more practical, even when underlying technologies change.

It was lack of knowledge that led to the CIA fielding a badly designed system for use by their agents. We know for a fact that this lack of knowledge has led to the deaths of tens of peoplescand the disaperance of others. I can not say for certain that the knowledge that would have prevented such a system ever being fielded is in the Ed Snowden trove but it is if you thibk about it highly likely as both are ‘Signals Intelligence’.

The mealy mouth cowerdice that the Cryptome owners lay at the door of those who hold the Ed Snowden trove who use the ‘don’t reveal method and sources’ as people might get hurt excuse, has had the exact opposite effect, it probebly has led to the deaths of those agents.

As gets pointed out about technology it is ‘agnostic to use’ and ‘the use is decided by the directing mind’. If you deny agnostic information to people then people can not learn from it thus others will be hurt without doubt. One of the greatest leasons history teaches us is the harm to mankind caused by the witholding of information, because as an act it imprisons people in effective slavery and stops them becoming greater than the parents were.

In short withholding knowledge is an attempt to stop evolution, and we know where that leads, we call it ‘extinction’, for some unfortunates that has already happened, and questions raised that should be answered.

1&1~=Umm • March 23, 2019 6:00 PM

@RealFakeNews:

“I seem to recall it being called a “new class of attack” that has almost no way to mitigate it short of all-new architecture.”

Only it was not new, it was known that the IAx86 architectute was in deep dodos quite a while prior to that, and I don’t mean by just the designers who should have known a decade or more back.

There have been warnings not to use IAx86 hardware from this century on this blog and from time to time it was pointed out that the complexity around the core CPU/ALU had gone over a tipping point. Researchers at variois Uni’s had shown how the address decoding had become so complex it had in it’s own right become ‘Turing Complete’ which ment it was in practice a hidden CPU sitting between the RAM and the intended core CPU/ALU and thus sat below it and could do similar attacks as an unrestricted DMA unit which has plagued the likes of Apple’s high speed serial interconnects (fire wire etc).

The thing people tend to forget about hardware engineers is that when it comes to exploits they know a lot but say very little outside of their community.

One reason for this is at a certain point down the computing stack you can not have security, that is security is a function of complexity it’s self… You need a minimum of complexity to be able to implement any kind of security. So it’s well known to hardware engineers that all supposedly secure systems have foundations made of insecure components and subsystems. With a further implication being that various security measures require different levels of complexity, so if you have insufficient or the wrong types of complexity then your system will be by default insecure in some way.

The question then arises as to ‘Do we know all the ways that a system can be insecure?’ to which the answer is no we don’t and even if we did the complexity required to cover them all would open up new pathways for new insecurities.

Look at it like this, you can securely guard a tree, you might be able to securely guard a very small wood, but a forest is a non starter security wise.

The IAx86 architecture went from being a wood to a forest around the early Pentium CPU’s. The only reason you can make such hardware secure is it did not have the later complexity of the extra hidden CPUs intentional or otherwise. Thus by use of an RF tight case suitable filtering and dampening you could keep things ‘in the box’ unless you decided to connect it up to some kind of communications channel be overt, covert, subliminal, or just unrecognizable to most as a potential comms channel..

If you search this site for @Nick P, @RobertT, @Clive Robinson, @Wael and TEMPEST or EmSec then you will see a whole set of rules you have to go through to design a system that could ‘keep your privacy in a box’. Later discussions indicated what you had to do, to ‘put a box around the box’, in terms of home made secure information facility (SCIF). The thing being that the likes of WiFi can be used not just as static radar to see the operators hands and fingers, but also it can if placed inappropriately cause the likes of the serial data on keyboard cables to be cross modulated onto the WiFi carrier. If you look on the Internet some out there call the various issues ‘HI-JACK’ and ‘TEA-POT’ (with and without hyphens).

Likewise as pointed out here and in other places the old ‘Air-Gap’ ideas are well and truely out of date you have to improve your level of issolation immensely. I think it’s Techion University in Israel that keeps showing how simple it is to get information out of laptops including ‘PubKey private key-bits’ by acoustic means. But the simple rule of thumb is ‘If the laws of physics say it’s possible, then somebody will do it sooner rather than later.’.

I guess it won’t be long before the only cost effective way to get privacy is take a pick and shovel into the woods and dig a deep hole and sit in it…

But that’s future, the NSA and GCHQ are all about past. As long as they always have a slim lead be it mear months not years, they can exploit that lead. We saw this with Bletchly Park during WW II. Past recovered plaintext is a statistical key to future plaintext recovery, alowing certain forms of attack that would not have been possible without the past recovered plaintext.

But with regards the NSA, GCHQ and other SigInt agencies being a decade ahead there is actually no real reason why they should be. Hardware security vectors is a very target rich environment, and neither the SigInt agencies or academia or private research have the resources to cover a fraction of the potential areas.

Thus it’s more like turning stones over on a beach, you never know what you are going to find under them but you know you are going to find something fairly quickly. Likewise the same aplies to the people around them, they are all going to find something, quite a lot of it and fairly quickly, but it is probably not going to be what other people are finding.