Friday Squid Blogging: Squids Are as Intelligent as Dogs

More news based on the squid brain MRI scan: the complexity of their brains are comparable to dogs.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on February 14, 2020 at 4:11 PM • 50 Comments

Comments

ScottFebruary 14, 2020 4:35 PM

Guys and gals, I appreciate this place became busy discussing US domestic politics and this is important to your democracy and whatnot.

But in the spirit of how I come to know @Bruce and his blog, on topics like IT security, airport security, security theaters, terrorism (from a security, not political perspective!), let's discuss this news from the classical security and security trade offs perspective, no politics as much as possible please, thank you!

MWC 2020 canceled over coronavirus health concerns

lurkerFebruary 14, 2020 5:29 PM

Huawei admits it put backdoors in its gear at the request of LEOs. Huawei makes the door and the lock and could open it if it wanted. Why is anybody surprised?

myliitFebruary 14, 2020 5:38 PM

Voatz voting app 2/13/20

https://news.mit.edu/2020/voting-voatz-app-hack-issues-0213


“MIT researchers identify security vulnerabilities in voting app

Mobile voting application could allow hackers to alter individual votes and may pose privacy issues for users....


In addition to its use in the 2018 West Virginia elections, the app was deployed in elections in Denver, Oregon, and Utah, as well as at the 2016 Massachusetts Democratic Convention and the 2016 Utah Republican Convention. Voatz was not used during the 2020 Iowa caucuses....

They found that an adversary with remote access to the device can alter or discover a user’s vote, and that the server, if hacked, could easily change those votes. “It does not appear that the app’s protocol attempts to verify [genuine votes] with the back-end blockchain,” Specter explains.

“Perhaps most alarmingly, we found that a passive network adversary, like your internet service provider, or someone nearby you if you’re on unencrypted Wi-Fi, could detect which way you voted in some configurations of the election. Worse, more aggressive attackers could potentially detect which way you’re going to vote and then stop the connection based on that alone.”

In addition to detecting vulnerabilities with Voatz’s voting process, Specter and Koppel found that the app poses privacy issues for users. As the app uses an external vendor for voter ID verification, a third party could potentially access a voter’s photo, driver’s license data, or other forms of identification, if that vendor’s platform isn’t also secure.”

Clive RobinsonFebruary 14, 2020 8:00 PM

@ Mr. Peed Off,

Huawei admits backdoor in kit.

Dr. Herb Lin, is either speaking outside his proffessional limits or being deliberately disingenuous. As I've seen this sort of behaviour repeatedly in the "Security field" I'm not exactly surprised.

I guess the real question is why Dr Lin has put his opinion in the way he has and I hope he shows up to explain...

Things you first need to know. There are three things needed for such a remote capability,

1, Fundemental Tee/Tap mechanism.
2, Software to use Tee/Tap.
3, Backhaul communications path.

If any one of those three parts are missing then remote spying is most definitely not going to happen.

The Tee/Tap mechanism is the method used to make a copy of the communications in progress and is why the Unix utility that does the same thing is called "tee". One of the official names going back the better part of a century or more is "Operator listen in". Back when POTS was the thing you could dial the operator and ask why you could not get through to a number and ask them to "check the line". They would put you on hold and use "Operator listen in" to monitor the line. They would then disconnect from it and take you off hold and say either "Voices on the line" or "I'll report that as a fault". There was a further protocol by which you could identify yourself and get "operator break in" or in some cases the operator would give you remote listen in...

Well all of that got abused thus formalised by legislation. So now due to legislation all telephone exchange equipment and phones are required to have an "Operator listen in" feature that can "optionaly" be controled remotely from "outside" the network. This had been true for "Health and Safety" reasons from atleast the 1960's onwards when digital exchanges started to become a reality. As I've mentioned a number of times here before, if you've had the misfortune to be involved with international communications standards committees you will have seen the various Five-Eye country representitives "FUDing and tag-teaming" these "spy on you" features in, if you dare to disagree they turn on you and try to make you sound like some kind of monster, just as politicos do with "think of the children" the process for the SigInt agencies is known as "finessing" (a term which comes from the playingcard game "Bridge" that tells you a lot about the background of such people from WWII onwards).

But in more modern times we have more direct and to the point legislation like CALEA, which requires exactly the same Tee/Tap "Operator listen in" but remotely without the use of an "opperator" for "Law Enforcement Assistance".

Thus what the Huawei representative was saying is true not just for Huawei but ALL Telco Equipment suppliers, no iffs, no buts, no maybes, it's an absolute requirment, the Tee/Tap fundemental mechanism has to be included in the switch by law.

We also know that the NSA and CIA have been exploiting this Tee/Tap requirment for years and sometimes it goes tragically wrong. See the Greek Olympics, Vodafone and Ericsson switches,

https://www.wsj.com/articles/SB115085571895085969

So if you ask a technical representative of any telco switch manufacture this question they would be lying if they said the fundemental capability to tap a phone data or metadata was not there... Because it has to be there by law.

The question now arises as to what a phone is or is not... Most of the worlds Telcos are "fully digital" from microphone to speaker. Thus every thing is digital, audio, modem sound, digital modems, the whole enchilada. Thus every thing you do via the telephone network is as far as the equipment at the lower layers are concerned "a phone" which means every thing you do is subject to the Tee/Tap technical asspects of "Operator listen in". No matter who's equipment you use. So everything you do on your phone POTS, Mobile, Smart Phone or other "Smart" device is capable of being listened into. It's something people realy should understand applies across the board no iffs, no buts, no maybes.

So when the Huawei technical representitve --allegedly-- says that usage “is extremely implausible and would be discovered immediately.” they are indeed telling the truth. It's what the NSA and CIA are known to do every olympics to the host nation as an excuse to listen in on the countries politicians etc.

The NSA/CIA have got away with it with other telco switches around the world for quite some time now but the manufacturers of those switches are not subject to "oversight" in the way Huawei have voluntarily done with the UK's GCHQ (who have cheated on the agreement).

Thus as the "Greek Olympic tragedy" made a glaring security hole obvious Huawei will have taken steps to close it, much to the anoyance of the US NSA and CIA, because Huawei switches have measures in place that make the loading of illicit software onto their switches very much more difficult, not impossible but "implausible" and almost certainly discovered and reported automatically to the switch operators as it would be flagged up in several ways (read the "Cuckoo's egg" by Clifford Stoll ISBN 9780307819420 if you want to see the possabilities for that).

So having explained why the Tee/Tap has to legaly be there we come to the real bone of contention, the software that can control or get data from the Tee/Tap mechanism.

This is where life gets interesting, because you a mere mortal can get access to such data duplication mechanisms as a feature for multi-party calls for dial-in confrences etc. It's the joy of "it's all software" solutions...

Software is in essence a list of instructions that implement rules of how to move or transform data. Almost invariably the "rules" are written, discussed and reasoned about in a human language, not those instructions a computer CPU follows. Which means there is great opportunity for "Lost in translation" to happen "accidentally or by design" the less "oversight" there is the more likely both are to happen. Unlike any other Telco supplier Huawei voluntarily subjects it's self to "oversight" from a world recognised expert organisation the UK's GCHQ...

Think about the implications of that for a moment.

The process by which the oversight occurs is documented, and for there to be "deliberate backdoors" would require collusion between Huawei developers not in the UK and for the UK Governments SigInt agency... Or for the Huawei engineers to be decades in advance of GCHQ staff...

For there to be "accidental backdoors" they would have to be very subtle indeed. Because Huawei are putting their international reputation on the line with alowing GCHQ to look at their code, they are going to be way more carefull than other Telco equipment supliers not subject to oversight will be. The same applies to GCHQ it's their reputation as well.

Thus the software is going to be better than average. But as a consequence so will other aspects of it such as ensuring tracability of code back to the original source by more than just "code signing". Because the aim is not to prevent just "outsider attacks" but the much harder to stop "insider attacks".

Have a thing about what that means in terms of "mechanism" and why it migh realy upset the likes of the NSA&CIA... Which brings me onto the "GCHQ cheating" the agrement Huawei had with GCHQ was not just for code review and security analysis, but also to train GCHQ staff not staff of foreign nations or alow foreign nations to see Huawei code. Well GCHQ have been stretching things and "US accents" have been heard. Put more simply representatives of the US Government have been pushing their "camel nose in the tent flap" and political preasure has come back "through other channels".

So whilst Huawei have not been writing "back door" or "remote accces" code for their switches, a point they have quite rightly made a lot of noise about, we can say that the UK GCHQ and US NSA SigInt agencies at the very least have had a front row seat on the code review process.

Thus the question you have to consider is, if there is a "Chinese R.A.T." or a mechanism by which one could be later added in the Huawei switches, how come two of the supposadly best SigInt agencies in the world have not found it or talked about it?

Which brings us onto the third part required for remote surveillance to be possible, the "backhaul". From the Greek Olympic tragedy we know that the NSA/CIA evesdropped on around 100 Greek political and senior administrative persons. Greece is not a big country therefor you would be looking at many many more for other Western Nations. Even with the best technical tricks on the world that is a lot of bandwidth required. For telco providers "bandwidth is money" therefore they keep a fairly carefull eye on it. The reason the Greek Olympic Tragedy became known was because of "bandwidth is money" somebody did not keep up payments on the pre-pay mobile phones, which gave rise to the rest of what was going on unravelling very fast. As with Clifford Stoll it was a small financial discrepancy that gave rise to what was going on unravelling.

These bandwidth accounting methods are different for every Telco survice supplier, as it's what their profitability rests on. You can be fairly sure that any unexpected imbalance in traffic at a switch with excess unaccountable traffic going off to China would be noticed and any spying would unravel.

The only reason the likes of the NSA getaway with the backhaul off of "collect it all" is that a group of people in the Telco Service provider are actually very much aware of it and are conspiring with the NSA to try and keep it secret (and as we know with AT&T failing to do so).

Which is another asspect the Huawei technical representative would know.

The thing about this "Huawei is bad" campaign is there is one heck of a lot of politically originated FUD with the MSN and supposed "experts" propergating it as it gets their names known. But you try finding any technical evidence against Huawei you run into problems. Because any allegation you make against Huawei applys way way more to all the other Telco equipment suppliers, many of whom have been caught out with dodgy software practices like Ericsson did over the Greek Olympics...

Thus anyone who brings up a technical argument and throws it at Huawei and not all the other Telco equipment suppliers, either does not know what they are talking about or they are being quite deliberately disingenuous...

Sed ContraFebruary 14, 2020 8:40 PM

Re: squids comparable to dogs

I’ll believe it when I see them out on the lawn with handkerchiefs around their necks playing frisbee.

RealFakeNewsFebruary 14, 2020 11:45 PM

@Clive Robinson

What do you think the motives for hating on Huawei are?

IMHO, it's a combination of politics and "not invented here" syndrome.

As you point out, US companies in this area are less than...clean.

Gunter KönigsmannFebruary 15, 2020 2:07 AM

I believe Clive to be Right:
- Every state wants communication to be backdoored because police needs to be able to get to know things. Therefore there will be backdoors.
- every state wants their secret service to be able to use backdoors, as well. So there will be additional backdoors from every state that has the possibility to introduce them, if there is any possibility to introduce them. I guess the countries the key components are manufactured in have this possibility.
Ergo if you use telecommunications you use a backdoored service, no matter where you bought the devices. There are concepts, though, for communication over untrusted media.
...and the services we trust on are globally interconnected to the extend that every country depends on services from nearly every other - maybe in many places without knowing. Which isn't this bad, in some aspects:
The first ideas for founding the European Union were proposed hoping it would introduce tight enough bonds that starting wars would be a non-option because it would loose the industries that otherwise might profit from a war the infrastructure they depend on.

JonKnowsNothingFebruary 15, 2020 2:15 AM

@RealFakeNews

re:

What do you think the motives for hating on Huawei are?

Adjusting my tinfoil hat to be square...

Using Huawei equipment will expose something the FiveEyes + chums are doing.

The chums are not likely the EU, because those folks seem to want to install the Huawei equipment. If they were doing naughty things they wouldn't want it exposed.

The chums maybe in the NewK, but PM Bois hasn't gotten the memo... yet. Theresa May might know, but Bois hasn't invited her to tea and she might not accept the invite even if it were put on fancy parchment with hand scripted calligraphy lettering.

That leaves a lot of the rest of the planet, and if per chance to dream, it maybe the NSA+CIA haven't shared their bounty with anyone (except perhaps Israel which gets a special delivery from the NSA).

Whatever the folks at Huawei are going to uncover when they plug in their gear, it's going to be bigger than Belgacom. The US wouldn't fight this hard if it wasn't something they cannot dismantle easily and/or it would be highly embarrassing like spy cams in toilets but that's an upskirting specialty.

Tinfoil hat tilted to the side...

ht tps://en.wikipedia.org/wiki/Proximus_Group#GCHQ_hack
ht tps://en.wikipedia.org/wiki/Theresa_May#Home_Secretary
ht tps://en.wikipedia.org/wiki/Upskirt
(url fractured to prevent autorun)

Clive RobinsonFebruary 15, 2020 10:35 AM

@

the internet of space junk apparently neglected to secure it's operating instructions.

Actually you can blaim two things for this,

1, Engineers being engineers.
2, Crypto export legislation incorrectly applied by various people in the "launch chain".

A classic example of the second is the North American AMSAT organisation, they are so confused by the paperwork rules, regulations and legislation domestic and foreign that they quake in fear that US bureaucrats will stop a project. So much so that they have fallen into "paralysis by analysis" syndrom trying to second guess themselves...

The problem with engineers being engineers is they adopt an increasingly layered aproach to have more simplicity at each level during a design process.

Put simply they get the simplest model they can and make it as simple to test as possible as a starting point. When communications is involved this means unauthenticated plaintext without error correction. They then layer on error correction which with round trip times in space being prohibitively long means the first layer is "Forward Error Correction" (FEC). For a whole heap of reasons the simplest type of FEC and Crypto do not play nicely together nor do other more complex types of FEC. Without Crypto un-spoofable authentication is not possible...

But there are other issues to think about. It takes 20mins to get a message and response to the likes of Mars, ever wondered about Voyeger way out beyond Pluto? Well it was launched back in the 1970's and obviously designed around technology a decade older...

Whilst not as bad nearly all "space qualified" parts are a decade or more old, and with a 25million plus cost of getting a lump into space you want atleast a twenty five year lifetime out of it[1]... So some of the technology still in use in space is older than most of this blogs readers...

And as a concequence it's functionality is extreamly limited. The result was that there were only so many layers that the engineers could put in...

So yes there is a lack of crypto and reliable authentication in spacecraft.

However with the US falling in ascendancy in the launch game, the US Gov "iron fist" grip on space has been considerably loosened. First Russia, then Europe, China, India and now New Zeland have made it clear they don't care about US views on what can and can not be done in space.

The result is even sixteen year olds are building spacecraft and getting them launched...

Have a look at Julian Fernandez and his company FOSSA and their "pocket-cube" satellite "Sat-1" which is a 5cm by 5cm LoRa satellite working in the amature radio 70cm band that was launched in Nov from NZ on a twelve ton 17meter long Rocket Labs Electron launch platform. Which is an eighth the size of the Cube-Sat prototype I have sitting on my desk. But a lot bigger than some pico-sats that are smaller than some of those metal "happy birthday" badges you get on kids birthday cards. Essentially they are a large "coin cell" rechargable battery and surface mount dual sided PCB sandwiched between two solar cells. The antenna being spring wire finer than a guitar string.

Oh and launch costs into LEO for such "experiments" is comming down, to around the price of a new executive car...

So hopefully there will soon be a lot more "space qualified" parts with nearly modern "smartphone" capabilities, which hopefully will improve things to the point where there is nolonger any excuse not to use spoof-proof authentication.

[1] It's now an almost racing certainty that any Intel CPU from this century, will not get space qualified, for primary "satellite bus" design because nobody in their right mind would consider it even remotely reliable.

electrolytic capacitorFebruary 15, 2020 10:44 AM

I imagine all the filter masks are reeking havoc on facial recognition systems.

Clive RobinsonFebruary 15, 2020 11:26 AM

@ Mr. Peed Off,

Link to tapped Nokia equipment in Russian Federation.

Tech Crunch has made it onto my "do not use" list because of their cookie and javascript policies, and I would recomend others stop using them till Tech Crunch reverse their decision. After all who wants to be spied upon?

That said the link you provided mentions SORM which has been around since the late 1990s, and is at the lower technical levels, the Russian Federation equivalent of the US CALEA.

But at as with all things with multiple layers you have to watch what happens at the higher levels.

Thus you might find this of interest,

https://www.loc.gov/law/foreign-news/article/echr-russian-federation-breaches-of-human-rights-in-surveillance-legislation/

With this comment,

    The ECHR [European Court of Human Rights] held that the [SORM] legislation “institutes a system which cannot protect individuals from secret surveillance” and “any person using mobile telephone services of Russian providers can have his or her mobile telephone communications intercepted, without ever being notified of the surveillance.”

The points I've highlighted apply to any country that has a "Communications Lawfull Assistance" port legislation. Worse most such "port" software is implemented as part of the switch, not as a seperate unit, thus with a few minor software hacks becomes a "Remote Unlawful Access" port to whom ever wishes to do so. Which we know the NSA/CIA have exploited for quite some time...

As CALEA and SORM are not the only legislation of this form, Telco manufacturers take a "pragmatic view" and install the low level Tee/Tap in the equipment as standard with their own API. They then have software to translate to the required countries legislation, and it's in this API and software component interface that the most security issues exist.

If Nokia were supplying equipment to the Russian Federation in the last couple of decades they would certainly have had to meet the lower technical levels of SORM, as for the higher levels that would probavly be in other equipment attached to the SORM technical port.

The same would be true for any Telco equipment supplier regardless of the nationality of the company or those that supply it the component parts it puts into it's systems.

Which brings up a point many do not realise, that is there are actually darn few component suppliers when it comes to telco kit. Which means that each Telco manufacturer has limited supply options and uses the same parts as others do. SO if a security issue arises in a chip from XYC then Telco manufacturers AAA, BBB, CCC, DDD etc are probably all vulnerable to it.

Exactly the same issue applies to PC's as we have seen with the Audio chips and USB-RS232 chips, and why FTDI became very very unpopular when they updated their drivers via Microsoft and had to backtrack.

Clive RobinsonFebruary 15, 2020 11:56 AM

@ RealFakeNews,

What do you think the motives for hating on Huawei are?

If I said it was the average Americans loathing of "The American Dream" you might think I had a screw loose?

Put simply the US became noticably resource limited in the 1950s and the population has grown fairly steadily since which means the slice of the apple pie each American gets on average is getting very very much smaller with time.

However the average American never ever gets even remotely close to the average slice. Because the "American Way" encorages what would be criminal behaviour if what voters wanted were put into legislation.

The fact it does not get put into legislation tells you a lot about the American political system where "Money is King" or more correctly "the king maker". The cost of becoming US President is now more than a million dollars per day for every single one of the 1461 days in office...

Few have such financial resources, and if they do they are most probably not the sort of person you would want in that position.

How do people get to command such resources? Well not by means most would regard as either fair or honest. Such people have in effect gutted not just the working class in the US but the middle class Americans as well... By amongst other things "outsourcing" jobs and ideas to foreign countries benifit. But too many people in the US blaim not those who do the outsourcing but those in foreign countries who have received the work all be it at rates nobody in the US could live on.

Thus how do you get votes? Capitalise on this ill will and pump up the xenophobia as much as possible and make outlandish promisses to "bring it on home". Promises that no person who actually thinks logically will realise can be delivered upon...

So how having raised emotions to the point a blood sacrafice is demanded do you not become the goat?

Easy make somebody else the goat. At home you play politicians off in a way that the other party is seen publically as obstructive to "the big plan". And as George Orwell pointed out you need a distant foreign enemy to focus the beasts desire for blood on.

It's why I will be very unsurprised if the same arse is in the chair in the oval office this time next year.

American emotions are being played like drumming on an upturned refuse can...

gordoFebruary 15, 2020 12:04 PM

Nevada Democrats Look to Silicon Valley to Prevent Iowa-Like Meltdown
Google and Apple are about to play a big role in 2020’s next presidential contest
By Steven Rosenfeld, February 14, 2020

[I]t appears that the primary way that the Nevada State Democratic Party will be reporting and tallying votes is not by examining these paper records, but by using the party-provided iPads and Google forms. In short, there will be two evidence trails created—one paper, one digital. Iowa had a similar system, but it did not expect to have to fall back on the paper to tally its results.


Google’s eleventh-hour entry into the Nevada caucus is potentially very significant. It appears that the Nevada Democrats will use Google forms as a key input for voter registration and also for the recording, counting and reporting of precinct totals and compiling the statewide results. This is in addition to whatever paper records are created.

[ . . . ]

"If I were to design the ideal system, I’d have it based entirely on paper,” he [Michael Glover, a PhD engineer and software writer who had worked at Google and was familiar with Google forms’ strengths and weaknesses] said. “You get a ballot. You mark it. You have these registration forms—they’re all paper. And you maintain custody of the paper… You can feed thousands of ballots into a scanner. You can count everything. You can manually verify the counts against various segments.”

“If they design a system that does everything based on paper with these various acceleration mechanisms, then it is brilliant,” Glover continued. “But if they are actually representing the fundamental information, not on paper but electronically, I get really scared, because there are all kinds of ways to hack it—even Google forms.”

https://www.laprogressive.com/nevada-democrats/

Slightly off-topic: It's been argued that incorrect math, in the Iowa caucus, recorded and tabulated on paper worksheets, can't be corrected since those outputs are legal records. (IANAL, however,) Given this logic of (apparently) "efficacious, incorrect maths", should it continue, I imagine that we'll one day witness the widescale eschewing of paper backups altogether. Thus far, "on the making of a better mousetrap", etc.

TatütataFebruary 15, 2020 12:47 PM

I’ll believe it when I see them out on the lawn with handkerchiefs around their necks playing frisbee.

OTOH, you needn't walk your squid around the block by any weather with a silly plastic bag in your hand.

So it's one-all.

I believe that my cat worships me only because I have an opposable thumb that can open tins. Squids would obviously have no use for me.

Two-one.

And you don't even need a cat-flap, the mailbox slot in the door is more than enough for them. Heck, the key-hole is almost too much.

Sed ContraFebruary 15, 2020 1:56 PM

Heck, the key-hole is almost too much.

Maybe they are smarter, as the video shows they are way out there on the softness spectrum

“ ... as Aristotle says that men of delicate touch and soft flesh are clever. 384 384 De anima, II, ix, 4, where we further read that delicacy or obtuseness of touch makes the difference between cleverness and stupidity ... “

contingency_triageFebruary 15, 2020 2:51 PM

Take a look at some of the current and up to date pollinator health statistical maps of the USA. I will maybe, if I can, upload some later.

https://youtu.be/HQUqiaXjX7c

The pollinator areas of the central USA are possibly in the worst condition of all, according to some maps and stats. This implies that the midwest has a faulty confidence about food stability and availability. Pollinators ensure that the food supply exists! Without biologically natural pollinators, there is zero food supply.

The main changes in the midwest are cultural and technological and political, NOT bee mites. Also, I have a theory that there are some active hate groups who worship death and disease of both people and wildlife, and are actively attempting to kill America, if not the whole planet.

Anyways, also, plants themselves and their seeds have specific windows of time for seed viability and capability. It varies per type of seeds and plants. This is also affected very much by weather and how the seeds are stored or allowed to grow.

This implies that if the flow of weather and other circumstances is too harsh through too many seasons, no matter how many seeds or plants there are, if it's too harsh, they won't grow into new lives, and hence the food and shelter of the food and shelter-makers will die, and then so will all of us too.

Food security is a top concern, in my opinion.

Another troubling factor, for example, are those who recieve tax reductions for donating "extra food" to charities. In some places, that food ends up thrown away no matter what and who complains. Also bad about this, is that some grocers have taken to producing artificial surpluses of possibly tainted foodstuffs just to get the tax reduction.

They are deliberately wasting food at the source and distribution levels just to get the tax reduction. And since the donated food often ends up in landfills instead of in hungry mouths of the poor or back into gardens or the wild (as seed supplies), they are guilty of plundering and hastening the food crisis of all of us.

Other factors affecting food security:

1) wars (we do NOT need more wars and war technology; it's a huge drain upon living resources needed for survival; also, they propagate lethal toxins)

2) hate groups and saboteurs

thanks for reading this.

la abejaFebruary 15, 2020 3:09 PM

@Mr. Peed Off

Re: Tutanota, Autistici, lawfareblog, etc.

Those are political sites with a very aggressive, militaristic left-wing socialist agenda. Sometimes it is best if they are blocked from collecting too much information on you.

People are making decisions that adversely affect the lives of people without any accountablility on their own part.

And I do not like the sudden and arbitrary criminal charges they file out of the blue without any apparent warning.

In other news: WEAK CIPHERS reported by ssllabs

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 2048 bits FS WEAK 256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 2048 bits FS WEAK 256
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 2048 bits FS WEAK 256
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d) WEAK 256
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d) WEAK 256
TLS_RSA_WITH_AES_256_CBC_SHA (0x35) WEAK 256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) WEAK 256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) ECDH secp256r1 (eq. 3072 bits RSA) FS WEAK 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x67) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 2048 bits FS WEAK 128
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 2048 bits FS WEAK 128
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c) WEAK 128
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c) WEAK 128
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) WEAK 128
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) WEAK 128

What next?

We're having that NSA problem again, with weak ciphers in common deployment, and great corporate resistance from left field to improving the strength and resilience of the TLS cipher suite in common use. Or else there are different opinions to the strength of various ciphers and their implementation and modes of operation. Where are the other finalists to the AES challenge?

SERPENT, Twofish (Bruce's own), RC6 and MARS?

Is it time to deprecate anything less than a 256-bit block cipher?

Is the CBC (Cipher Block Chaining) mode deprecated in favor of Galois/Counter Mode (GCM)?

la abejaFebruary 15, 2020 3:48 PM

@contingency_triage

That's a lot of Mormonism, and not particularly anything they want revealed in a public forum.

active hate groups who worship death and disease of both people and wildlife, and are actively attempting to kill America, if not the whole planet

There is a certain level of "Satanism" or opposition to the prevailing religion in LDS-dominated areas, including NSA's relatively new data center in Utah.

How you believe or how you choose to view that, the "Satanism" may be interpreted as an impersonation or personification of the "death and disease" to which you are opposed.

cDc = Cult of the Dead Cow
CDC = Centers for Disease Control

I do not mean to imply they are friends, but the Satanists do bring out certain issues that do need to be addressed in the open even though other people don't want such matters discussed openly.

SpaceLifeFormFebruary 15, 2020 5:33 PM

@ Clive

'We also know that the NSA and CIA have been exploiting this Tee/Tap requirment for years and sometimes it goes tragically wrong"

This is why I said Emotet is out of control.

"Control" may be lost.

When malware can be reverse engineered...


la abejaFebruary 15, 2020 7:17 PM

@SpaceLifeForm

I have specified the following.

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!aNULL:!MD5
SSLHonorCipherOrder on

In effect, TLSv1.2 is the only version of the protocol allowed by these settings, since TLSv1.3 is not yet supported by Apache 2.4 series.

* https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html

I have used the settings more or less as recommended to specify only the strongest ciphers.

You are right. The weak ciphers reported by ssllabs all use RSA and they all use CBC mode.

Is there a specific attack that we should be aware of here?

SpaceLifeFormFebruary 15, 2020 7:51 PM

@ la abeja

I'm pretty sure POODLE is around.

Having observed downgrade attacks here.

la abejaFebruary 15, 2020 10:14 PM

@SpaceLifeForm

https://en.wikipedia.org/wiki/POODLE#POODLE_attack_against_TLS

A new variant of the original POODLE attack was announced on December 8, 2014. This attack exploits implementation flaws of CBC encryption mode in the TLS 1.0 - 1.2 protocols. Even though TLS specifications require servers to check the padding, some implementations fail to validate it properly, which makes some servers vulnerable to POODLE even if they disable SSL 3.0.[1] ...

The POODLE attack against TLS was found to be easier to initiate than the initial POODLE attack against SSL. There is no need to downgrade clients to SSL 3.0, meaning fewer steps are needed to execute a successful attack. [2]

[1] https://www.imperialviolet.org/2014/12/08/poodleagain.html
[2] https://freedomhacker.net/nasty-poodle-variant-bypasses-tls-crypto-hitting-major-sites-3506/

That partially explains the reported weakness of CBC-mode ciphers. The "chain" of CBC, which is simply a XOR with the previously encrypted cipherblock, can easily be broken at will with arbitrary padding values, if the plaintext for the padding is irrelevant or left unverified.

According to the referenced blog article,

This seems like a good moment to reiterate that everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken.

But that was over five years ago, TLSv1.2 was the latest back then, and there is not really any news that POODLE has been fixed. I am left with the feeling that the entire CBC mode of operation for block ciphers is fundamentally broken, as it is in reality only a slight improvement over ECB.

The ciphers that remain on ssllabs' "good" list are 128-bit-block ciphers use the GCM mode of operation based on a polynomial

x128 + x7 + x2 + x + 1

"Intel has added the PCLMULQDQ instruction, highlighting its use for GCM."
https://en.wikipedia.org/wiki/Galois/Counter_Mode

and there are various other "modes" proposed by the math nerds.

They're a little bit to cutesy with that abstract algebra stuff at the frat house, and they gotta have a tailored special-order CISC machine instruction for it. That ChaCha and Salsa stuff is coming on a bit too strong from the ivy league fraternity, and there is no independent critique of it, just ... Omertà!

They're the experts and we're not.

name.withheld.for.obvious.reasonsFebruary 16, 2020 2:26 AM

@ Clive (from a previous thread, posting an issue)

People wonder occasionaly why I still use MS DOS 5 and WordStar 4 or other WordStar compatible editor or IDE.

...
Also eyebrow raising surprisingly my Apple ][ from the 1970's using a 1MHz CPU and 64k RAM (with language card)

Hardly an eyebrow here, though I have moved on to 6.22.

Hardware terminals, my VT's work just great and I have spare CRT's. The tactile response and firmness makes all the difference. Hardware is more modern, I486/33 with 16M of RAM and a Orchid Video card for running X apps locally. It is tasked as a server and does just fine. CPU is on an American Mega Trends board, quite beautiful in fabrication, and quality comps all around. Ever ogled long and hard at an SGI motherboard and platform--how pretty. Some of the best construction with attention to detail (and attenuation).

So ya got me beat Clive, and am glad there is someone that can don a hat of foil construction with honour and pride. Me, the pocket protector keeps me safe.

name.withheld.for.obvious.reasonsFebruary 16, 2020 2:41 AM

@ Clive
On CALEA, manufacturers and Telcos have been dragging implementation up to the year 2007. Haven't recently researched the topic but I do remember from a industry research paper (may have even been the Congressional Research Service) that there are still issues surrounding this topic. I have suggested for some time that we have an affective CALEA II in operation. If you look at what long haul backbone providers services differ from network access providers, telecomm, and other service provisioning companies it is apparent that many are attempting to divide up the salable trove of data/information (yours and mine).

Almost all ISP's for example scrap/proxy and filter their customers network data (no treatment under title 2 FCC communications, thanks Adjant Pai). All the telecos are trying to complete a total packet, not switched, network to unburden themselves from the taxes on those services.

SpaceLifeFormFebruary 16, 2020 3:24 PM

@ la abeja

"they gotta have a tailored special-order CISC machine instruction for it."

Ah, the magic of microcode. The cpu *under* the CPU. Especially vertical microcode.

If I was micro-coding, probably could roll a new vertical CISC op-code in a day or so.

Throw in a few more days for testing.

Does not mean the end user will ever get the microcode update onto their computer.

Conversely, end users may have gotten malicious microcode installed without ever knowing it.


"That ChaCha and Salsa stuff is coming on a bit too strong from the ivy league fraternity"

Well, I do not really trust RSA for years now, and have become suspicious of ECC, my thinking is:

Assume both mathematically backdoored.

Defense in depth.

Make it expensive for an attacker.

la abejaFebruary 16, 2020 3:52 PM

Does not mean the end user will ever get the microcode update onto their computer.

Conversely, end users may have gotten malicious microcode installed without ever knowing it.

That is vice, and no, not the motherboard news site. The old-fashioned sort of vice. There are cheaters at the casinos in Las Vegas, and they make a lot of money on this stuff.

I do not really trust RSA for years now, and have become suspicious of ECC, my thinking is:

Assume both mathematically backdoored.

RSA is too simple. Is factoring really that hard? There almost has to be a trick somewhere. How long has it been since Facebook cracked Tor to create http://facebookcorewwwi.onion/ ?

ECC is based on some pretty complicated maths. Poorly understood, and poorly explained. We (as code monkeys) are handed cipher specs abounding with "magic constants" and "special polynomials" over arbitrarily specified "finite fields" to implement, if we wish to do ECC. The choices may or may not be more or less arbitrary, and they are never explained to us.

ECC is rife with opportunities for mathematical backdoors.

SpaceLifeFormFebruary 16, 2020 4:00 PM

@ name.*.*.*.*

"All the telecos are trying to complete a total packet, not switched, network to unburden themselves from the taxes on those services."

Yep.

Why have a cash outflow when you can get income from government?

This is why VOIP is way cheaper than POTS.

Clive RobinsonFebruary 16, 2020 4:33 PM

@ SpaceLifeForm, la abeja,

Well, I do not really trust RSA for years now, and have become suspicious of ECC

It's a not unreasonable assumption when you look into kleptographic attacks (have a look at the work of Adam Young and Moti Yung[1], it might raise your eyebrows so far it will look like your shirt has a fur collar ;-)

Put simply both have way way way to much redundancy in them not to have space for multiple backdoors, thus be subject to Cryptovirology[2]... Which is why you need to do certain things yourself and not let a a bit of software you know nothing about do things for you.

Because the joy is from outside the black box you can not tell the difference between "random" and "plaintext encrypted to look random". Which is why we have the CTR modes for CS-DRBGs in the same standard Dual-EC-DRBG was in, because cryptographers tend to trust the combinatorial logic of block ciphers over the likes of Elliptic Curves, especially those curves that get rammed down their throats by a known NSA "spiv" who now --the NSA see the US citizen and politicians as the enemy-- could be regarded as a Quisling.

[1] There are many times when I think this book should be required reading before any software person is alowed to write any crypto code,

"Malicious Cryptography: Exposing Cryptovirology," John Wiley & Sons, ISBN: 7645-4975-8

[2] https://en.m.wikipedia.org/wiki/Cryptovirology

SpaceLifeFormFebruary 16, 2020 4:33 PM

@ la abeja

"RSA is too simple. Is factoring really that hard?"

Sure it is. Unless one has been sieving for nearly 10 years in a place like Bluffdale.

Bumblehive is not just a random Codeword.

Another angle:

Certificate Authority == Casino

Clive RobinsonFebruary 16, 2020 4:45 PM

@ SpaceLifeForm, name.withheld...,

This is why VOIP is way cheaper than POTS.

You beat me to it ;-)

Back in the days when phones were all rotary, the US Gov had good intentions much like the idea behind the original "Penny Black" postal service in the UK of making phones accessable to all.

This ment making some pay more to cover the cost to those who would otherwise be "priced out" in a "free market".

But now the telco's and cable operators have payed legislators into the "greed is good" viewpoint, with some of the strangest legislation on the planet. Much the same as has been done by the "tax software industry" over US citizens personal tax payments.

SpaceLifeFormFebruary 16, 2020 5:32 PM

@ la abeja

Note: it's not just CBC.

IIRC, you mentioned GCM.

How about that microcode !!!

That new CISC opcode working ok?

hxxps://www.ssllabs.com/ssltest/analyze.html?d=schneier.com

gordoFebruary 16, 2020 9:13 PM

ELECTION 2020
Long lines, time-consuming Google Forms snag but do not snarl first day of early caucusing in Nevada
By Megan Messerly, The Nevada Independent, February 16th, 2020

Those long lines didn’t come without their challenges, though. Multiple polling places, including the one at Sierra Vista, made the decision mid-day to abandon the use of a Google Form for the check-in process. Under the original procedure, caucusgoers were supposed to have their voter registrations verified by a volunteer equipped with an iPad loaded with the county’s voter rolls at one station, and then proceed to a second station where another volunteer would fill out a Google Form on another iPad to complete the check-in process.


Caucus sites quickly found themselves overwhelmed by the procedure, which wasn’t difficult so much as it was lengthy. Each check-in was taking several minutes per person. So, in consultation with the party, several caucus sites made the decision to stop using the Google Form and transition to an almost entirely paper-based process, only using the iPad to access the voter rolls.

After the switch-over happened at about 2:30 p.m. the line at Sierra Vista started moving much more quickly. Under the new process, caucusgoers had their voter registrations checked by a volunteer on an iPad, received a paper ballot and voter card, completed those forms, took them to a station where a volunteer would record their unique voter PIN sticker affixed to those forms next to their ballot’s number, had their forms checked to ensure they were completed correctly and then deposited them in the ballot box. Though still a multi-step process, it didn’t seem to bother most voters.

https://thenevadaindependent.com/article/long-lines-time-consuming-google-forms-snag-but-do-not-snarl-first-day-of-early-caucusing-in-nevada

MarkHFebruary 17, 2020 2:48 AM

@la abeja:

We have good reason to believe that yes, factoring is very hard for a properly constructed RSA modulus.

If I understand Clive's response correctly, it addresses the case in which the party creating the keypair forms the key to in a manner which will deterministically open it to attack.

Factoring is what's called a "well-studied problem." Enough brilliant minds have worked on it for enough years, that the probability of some yet-unknown dramatic shortcut emerging seems quite low.

As far as public knowledge goes, factoring a 1024-bit RSA modulus is still extremely expensive, and factoring a 2048-bit semiprime is beyond the reach of even extremely powerful attackers.
__________________________________

@SpaceLifeForm:

The fruits of a large investment in sieving may be useful against discrete log systems (like Diffie-Hellman) which use well-known primes.

If I understand correctly, there's no counterpart to this for factoring. The sieving process is based on the semiprime modulus, which is unique for every key pair in properly implemented RSA. Accordingly, a precomputation attack is not available.

anonymooseFebruary 17, 2020 4:48 AM

@ la abeja


In effect, TLSv1.2 is the only version of the protocol allowed by these settings, since TLSv1.3 is not yet supported by Apache 2.4 series.

Good news, it has for over a year now with OpenSSL 1.1.1.
hxxps://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?revision=1843469&view=co

SpaceLifeFormFebruary 17, 2020 3:19 PM

@ MarkH, la abeja

How is that random working for you lately?

Have you seen your MITM lately?

hxxps://weakdh.org

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.