Schneier on Security

Clive Robinson • September 12, 2021 4:51 AM

@ SpaceLifeForm,

CVE-2021-40444 is worse than many believe.

Yes it very probably is.

From a brief reading the problem is in MSHTML which due to “legal action” MS made a core component of everything.

So I suspect now it’s known how to get at it one way, many other ways will follow.

As I mention from time to time there are bugs in recent MS OS’s that go back three decades or so. Why? Because MS OS’s are petrifying layer cakes. Code from NT3.5.1 is very definately “set in stone” at the bottom and the rot grows up layer by layer. Each “new” MS OS is in reality a new layer ontop of an old pile. With most new stuff realy being superficial “user land” novelties and down right nasty “Spy-on-You” stuff.

From memory the last genuinely useful MS OS “upgrade” was Win XP to get USB working, since then “tinsel tosh”.

Clive Robinson • September 12, 2021 5:36 PM

@ Anders,

but you still depend on power supply size

Yup, energy storage is the world’s biggest problem yet few realise it.

There is not enough lead for traditional “Lead Acid Batteries” nor enough lithium for LiPo and family, nor enough iron for liquid batteries…

Worse we can not realy do “chemical storage” for fuel cells. We don’t have the metals, and more importantly we don’t have the technology to efficiently turn CO2 and H2O back into hydrocarbons.

Whilst there are “energy dense” fuels by the time you add in the size of the system to convert from fuel to electricity you still end up with a sizable lump that over all is grossly inefficient.

Take a nuclear battery the plutonium isotope is quite energy dense with something the size of your little finger pushing out on average 500Watts of heat for a hundred years. But either you use thermocouples or a closed cycle –sterling– engine both of which need a massive cooling system to be anything other than grossly inefficient.

You would be surprised at just how many people are working on shrinking energy storage, and all we do is move a percentage point or two in reduction every few years…

Clive Robinson • September 13, 2021 1:14 AM

@ Mowmowfi,

The reason it isn’t happening is beyond me.

Well I can give you one reason,

“The N word.”

Back last century the name of certain types of Body Scanners was changed from NMRI to just MRI for just this reason.

Any where the “N word” gets used people get nervous and ask questions like “Will I still be able to have children” etc.

It’s odd to think that the “doomsday” curse of “Chernobyl” from 35years ago is still fresh in many peoples psyche, yet the reality is way way different than was expected.

Thus the question “Will Nuclear ever have a good vibe in the public eye?”.

Clive Robinson • September 13, 2021 9:46 AM

@ Anders,

Let’s see what comes out from this.

If it stops the dendrite problem and we can work out why then it’s not just lithium batteries that would benifit.

Nearly all metal based rechargable batteries have a dendrite issue, whilst some in theory can get “blown out” by superimposing an AC voltage on the charge current I’ve not seen evidence as to why it should happen.

That said those supposadly non rechargable zinc-carbon batteries can be recharged about 20 times with an AC charge current with a -20% +80% duty cycle.

Clive Robinson • September 13, 2021 4:00 PM

@ Freezing_in_Brazil, ALL,

Though I don’t see why high profile government secrets aren’t protected with nuclear TRNG.

Depends what you mean by “nuclear”…

Radio isotope generators have bias due to half life not just of the primary element, but others that contaminate it and the eventual “daughter products” etc.

These days people are using “Quantum TRNGs” that have gigabit output without bias[1]…

You can read up on QRBG’s,

https://www.researchgate.net/profile/Juan-Carlos-Garcia-Escartin/publication/301899096_Quantum_Random_Number_Generators/links/58679ca208ae8fce49159524/Quantum-Random-Number-Generators.pdf

Warning though it’s 40pages of close typed text followed bt 14 pages of refrences…

[1] Actually the output is biased, due to noise from the electronics… There is a “letter” that explains some of it,

https://dx.doi.org/10.1103/PhysRevApplied.3.054004

Clive Robinson • September 13, 2021 10:37 PM

@ SpaceLifeForm, ALL,

Researchers named the vulnerability Azurescape – The first cross-account container takeover in the public cloud.

Not realy…

Look at it this way,

Somebody walking in a field “trips, falls over, hits the ground, and breaks their neck”… So sad.

Years go by the field gets a road built on it, somebody walking down it one day “trips, falls over, hits the ground, and breaks their neck”.

Buildings put on the land that was once a field including a sky scraper. One day a person walking on the roof of the sky scraper “trips, falls over, hits the ground, and breaks their neck”. The newspaper says “First person to…” Yes they are the first person to do it off the roof of a sky scraper, but no they are in no way the first to “trip, fall over, hit the ground, and break their neck”.

So… This “Azurescape” might be the first “jail break” they know of on Microsoft Azure Cloud… But it is by no means the first “jail break” from a “restricted environment” not at all.

Go back and look at the history of “restricted environments”, say the history of *nix and why we have chroot. Also the history of web browser sand-boxes… Or even the hardware equivalent such as CPU “enclaves”. Oh and all other restricted environments we call “jails”, “sand-boxs” etc or we give other re-names such as “Virtual Machines”, “Containers”, etc.

The reality is “Escaping from a restricted environment” is almost as old as mankind. If you create a prison and put inmates inside, they will try and usually succeed to escape. What happens next is not exactly unknown either, call it “pay-back”.

It is an “old wine in a new bottle” effect, that is an “old crime” but in a “new environment”.

So not only is this attack entirely predictable, it was in fact predicted years ago before Cloud Services got going. Likewise it was predicted for Kubernetes amongst other Container Systems and oh so many other sandbox type jail systems that alow foreign code to run on a computer (look at the history of web browsers and javascript etc for an every user, every day, risk of exactly this type).

So…

1, Yes it was expected.
2, Yes similar has happened in the past repeatedly.
3, Yes as normal it used an old attack Microsoft had not fixed.
4, Yes we knew and know it is going to happen with all Cloud systems repeatedly.
5, Yes as per normal people did “stupid” to save pennies today.
6, Yes they did it without a sufficient “safety net” nor did they care.
7, Yes it’s going to make Cloud usage more expensive tommorow, again and again.

Can anyone realy say they are surprised by any of this?

So time to ask “What is all the noise about?” well,

1, State the bleeding obvious.
2, Hold Microsoft up to ridicule.
3, Push product.

The first two are obvious, the third well look for mention of “Prisma Cloud : by Palo Alto Networks”…

But seriously guys the real message is,

The CLOUD is not secure, NEVER was never can be with current knowledge.

But when you think about it, nor is the Cloud cheaper… You have no physical security you control with Cloud Computing. The only way we currently know how to make things secure against potential future vulnerabilities by outsiders is by strict segregation and issolation. Anyone telling you anything else is either not telling the truth, or effectively deluded. That is they are either “selling something” or do not understand security, nor do they understand humans, even with thousands of years of written history to learn from.

Clive Robinson • September 14, 2021 1:30 AM

@ MarkH,

taking as raw data measurements of either (a) the number of detections per unit of time, or (b) the time interval between detections, gives highly biased numbers

“if a TRNG applies either of these methods to the detection of radioactive decay events, then the designer didn’t adequately understand the problem s/he was trying to solve.”

What other “raw data measurments” can they take with what they would be allowed?

Oh and that half life issue applies to all the processes involved with isotope decay in a realistic source.

Clive Robinson • September 14, 2021 12:01 PM

@ onyonf88,

What exactly is happening under the hood?

Two things to consider,

1, Parity was frequently set to zero for compatability with serial comms that would be seven not 8 bits.

2, 8bits less made the NSA job 256 times easier.

Whilst both are true, one was an excuse for the other…

Clive Robinson • September 14, 2021 5:48 PM

@ Winter, someone, SpaceLifeForm, ALL,

The problem is supply chains.

What people tend to forget is that behind the supply chain they are interested in there are several others. Whilst it is not turtles all the way down it can take a very very long time to get them all running again. 18-36 months would not be uncomon and if a mine or oil well etc had been closed down it might take 60-300 months to get things back, if at all.

Whilst it might not sound bad, the recent lack of chips for high end cars is going to be very minor to somethings that could happen.

Simple drugs we are very dependent on in the first world and are in the UN 200 list, are made in India but some of the feed-stock India needs comes from the US which did get it’s feedstock from China, which got some of it from Africa… Only politics screwed that one up at several points…

It’s things like that you need to be very aware of but very few, even who are involved in the supply chain get to realise it untill it goes pear shapped rather rapidly, and stays that way for several seasons.

Keep an eye on “flu vaccine” this year, it could be heading for the rocks, unless some people get their acts together rather rapidly.

So you might want to consider carrying on being a serious “mask wearer” for the next year or two.

Clive Robinson • September 15, 2021 4:51 AM

@ JonKnowsNothing, someone, SpaceLifeForm, Winter, ALL,

Recent reports of the failure of the wheat harvest in Canada and failure of other harvests around the globe might made a dent in that view.

The big problem with the Canadian wheat, is also it is the “type of wheat” that makes it even more critical[1]. People are often very surprised at just how many types of grain there are, and that it was one of mankinds first “genetic modification” experiments thousands of years ago, and that the instances of serious food intolerance to grains is one of the highest of all foods (asside from perhaps cassava which has high quantaties of cyanide in it).

North American wheat is “hard wheat” and high in protien complexes that give your “light fluffy white loaf” it’s bounce, it also gives noodles/pasta the ability to be worked into long strands.

It’s why when you buy flour you have different labels on packets, consumer flours are actually blended from different flours to give characteristics that are desirable in one type of baking (say bread) but not in others (say pastry or cakes). So in the supermarket you see “bread flour” which has a higher concentration of hard wheat in it[2].

As I’ve noted above and in the past there are supply chains behind supply chains and in most cases very few people know anything about those supply chains they do not directly see.

If you are an “investor” type of person, knowing “who supplies who and why” can make you very wealthy, or atleast not striped butt naked on public display as a “rube”.

[1] https://www.glnc.org.au/grains/types-of-grains/wheat/

[2] One thing that occasionaly brings a wry smile to my face is “let them eat cake”. Firstly because it was never said by the lady it was attributed to, secondly it shows the ignorance of the person saying it about the type of wheats and flours. Something that even the ancient Romans knew, at the most senior of political levels, and was one of the reasons they invaded what most now call England… Oh and invading Egypt and getting control of the wheat supply there was a sure way to bring Rome to heal… Lessons from history 😉

Clive Robinson • September 15, 2021 6:15 AM

@ SpaceLifeForm, ALL,

No details, only the Evil Maid knows for sure.

My guess is what ever the hardware interface is, it is likely to be a pre-boot attack of some form.

The roots of which go back to the earliest days of the Apple ][ design back in the mid 1970’s…

Which is why there is a hardware I/O driver hole that alows a totaly untrusted piece of hardware with a ROM on it to have unchecked code loaded into memoey, which then get linked in to the OS as it boots…

It’s a security vulnerability made in DarkNet Heaven but for very good reasons… But because it’s been built in at a fundemental level, getting all of it out is not going to happen for years, if it happens at all.

@ ALL,

Mad as it might sound to people there is a reason for such a gaping security hole, and it is for the likes of new boot devices.

Your motherboard Firmware ROM marks a point in time, so at first sight it would appear not to be able to use new technology that came after that date. This was a known problem with computers, that used to mean that to take advantage of new hardware ment your motherboard manufacturer coding support in for it and sending out new ROMs[1]. However ROMs were very very expensive per byte and even 2kByte ROMs would at one point cost more than the average person earned in a month…

Apple hit this problem with the Apple I and thus independently came up with the solution they put in the Apple ][. This in turn got picked up by IBM’s skunk works project that produced the IBM-PC, the rest they say is history and in many ways it is a problem that is still with us today and will be for the foreseeable future.

The solution that Apple came up with is the IO device has a ROM with the required code on it. As the BIOS brings the system up from hard reset after POST, the BIOS looks for IO code ROMs and if found maps the code into RAM, then links it into the IO code “jump table” so the code from the ROM runs before any Motherboard ROM IO routiens do. So the hardware is then functional to the BIOS that then looks for “boot devices” to load the OS from. If there is a boot device, then obviously the same “lack of code” issue for it applies to the OS as well. So most OSs –but not all– respect the code loaded from the IO device ROM into RAM and carry it forward for the OS to use.

Obviously this makes it the most trusted code to a standard OS… but compleatly unauthenticated which makes it a very serious security vulnerability.

Since BadBIOS and Lenovo’s little perma-malware trick there have been so-so attempts to close this hole, but as it’s a major legacy issue, you can guess just how far it has gone in reality.

So I fully expect there to be problems around this hole in atleast the next half to decade and a halfs time, maybe longer.

The “obvious solution” which is “code signing” of such IO ROM code is actually a very bad idea for many reasons. Two of which are,

1, Code signing is junk-science.
2, It brings back lock-in.

For years I’ve been waving a red flag about “code signing” and how we need to come up with a way better solution, maybe since “Solar..”. But Stuxnet did not so…

But I’m not even sure anyone is realy working on the issue due to more fundemental security problems we see with the likes of CA systems to do with “roots of trust”. Oh and the fact “Quantum-Computing” will –if it ever happens– break public key systems (yes it will cause them problems but nothing doubling the key bit length won’t solve in the near term).

But code signing is also another form of “vendor-lock-in” but more at the OS end these days. Which is why we see the likes of Apple and Google with their “walled garden” app stores that do not do what they promised (make code “safe” and malware free for users).

[1] This used to happen a lot, and systems manufacturers went out of their way to avoid doing anything about it as it was a great revenue earner via “lock-in”.

Clive Robinson • September 15, 2021 1:21 PM

@ someone,

I really do despise Google, way beyond my hate for MS at this point…

Only because you can see them…

There are others like Palantir that are a whole magnitude worse. But because they are not as it were “in your face all the time” as Microsoft (Windows) and Google (Browser) are you do not realise they are worse way way worse than Facebook and Cambridge Anylitica were a little while ago.

Clive Robinson • September 16, 2021 1:04 AM

@ SpaceLifeForm,

ForcedEntry’s key point is the exploit technology as it is still unknown how it is able to bypass the PAC and disable ASLR.

The thing about ASLR is you may not have to disable it. The “R” may not be very good, or atleast easily predictable.

Obviously as a developer of an OS you want the algorithm for “R” to be very small and very fast. The simplest “R” algorithm you could use would be,

Rand_n+1 = Rand_n + Const

And a developer might be tempted, even though it’s about as secure as wet tissue paper.

You would need access to the source code to know what the actual “R” algorithm is, but that access does not have to be first hand…

Clive Robinson • September 16, 2021 6:23 AM

@ SpaceLifeForm, ALL,

Researchers Develop Toolkit to Test Apple Security, Find Vulnerability

Handy as Apple hide so much by lifting the corner of the chip and untill now fairly deftly sweeping it under out of sight…

Which means that things as embarrassing as,

<

blockquote>“can reduce the security of OpenSSL AES-128 by 50 more bits than a straightforward adaptation of PRIME+PROBE, while requiring only half as many side channel measurement traces”

<

blockquote>

Suddenly find the astringent sun light falling upon them.

Would be interesting to be a fly on the wall in the next engineering team managment meeting…

@ ALL,

Before some one chimes in I’m being unkind to the all hallowed St xxx of Apple or some such nonsense, I’ll point out I’ve been none to kind on Intel, AMD, ARM and others over “silicon cods-ups” in their designs. Nearly all of which can be traced back to moronic marketing choices for “Specmanship”.

Lets be honest the Intel IaX86 has roots all the way back to the very early 1970’s and each flip and flop Intel made to get that extra fraction has legacy issues, primarily heating the room being the one most users notice. As for ARM they have done some surprising stuff, but they to have legacy issues.

No doubt the Open Source CPU designs will, given half a decade, start building up legacy kruft.

The real question is how best to get rid of kruft as fast as possible, without breaking stuff… No doubt there will be more than one or two PhD’s in answering that not so little problem.

But from my point of view people have been sitting on their thumbs for more than a quater of a century. That’s a quater of a century lost, so it’s about time they actually shifted them…

Clive Robinson • September 16, 2021 3:34 PM

@ WhiskersInMenlo, ALL,

The breaking news was that a now public report indicated “ping” traffic between the soviets and a Trump server.

You would think that both sides of that would know better… But hey the world goes round.

A couple of questions arise though,

1, Which Trump Server?
2, Which way the traffic was realy going?

The server may not have had anything of use to anyone on it. That is it could have just been an Internet version of a billboard, puffing up the blowdry image.

Determining what the actual Internet traffic was, and which way information if any was flowing, is going to be a much harder task to work out…

Firstly one of the issues is the term “ping” may not mean anything at all.

We sometimes use it in a “Knowledge Domain” specific way, and sometimes in a much looser way[1], so context is important. Something a non domain specialist journalist may not be aware of, further by the time it’s been mauled by editors with political bias it could mean anything or nothing.

As you note there are many ways to modulate a carrier such as an Internet packet. Some involve the data within the packet and some the time / phase of the packet to some unknown to others time / frequency reference.

I’ve come up with probably more than my fair share of systems that have subliminal / covert channels within channels a few of which I’ve mentioned in the past.

The important thing to note though is,

Where redundancy exists communications can take advantage of it to send information both overtly and covertly.

In fact the only three questions of interest to an engineer designing a communications system are,

1, How overt/covert?
2, How reliable?
3, What bandwidth?

The rest follows on from the answers to those questions, and sometimes some engineering or legislative constraints.

Oh and remember the “equiprobable proof” that defines the secrecy model of the One Time Pad? Well it defines on heck of a lot more than just that. But it means in this case, if the designer was upto the task and the specification called for it we will unless someone talks never know what actual information flowed or why.

[1] Ping was a very generic term befor the Internet or it’s forebares existed, one meaning was to in effect say you hit a bell or gong just once as opposed to repeatedly. When the electromagnetic coil became established[2] it was used to strike a bell remotely as a form of primative communications system. Thus “ping” became “pinger” the bell device was named. In the early days of telex systems a “ping” was in effect an alarm bell to alert an operator to an incoming message. Something that remained in the ASCII control set as “Bell”. It was only later when a utility to detect remote hosts was required that “ping” got used to name it. But it has moved on sending an SMS in generic parlance is also called “give them a ping” which very recently got changed in meaning again in the public eye with a bad COVID alerting system alerting every one in what somebody named a “Ping-Storm”. So no doubt by the end of next week or the month after there will be anorher use for “ping” as a name.

[2] The early use of the electromagnetic coil or solenoid was to say somewhat odd looking back. In fact our main use of it these days in electromechanics is as an “amplifing switch” named a Relay originally called that because it replaced a human “relaying” telegraphist whose job was to receive a message of one cable and resend it on another. This was a way later development than many other uses such as controling electric arc lights.

Clive Robinson • September 17, 2021 12:35 PM

@ MarkH, Freezing_in_Brazil,

the correct measurement scheme is to strobe a free running high-frequency counter when an ionizing emission is detected, and to use some of its less significant bits as the raw random data.

That is not a “raw source measurment”

What it is is a time based measurment called a roulette / stroboscopic measurment.

As I’ve explained in depth in the past such systems do not measure what many think they do.

You can regard the partical detector output as an oscillator in it’s own right being used as a sampling gate signal.

The result is that as with a sampling down converter in a radio the output is in effect the difference frequency between the two oscillators. It may look random close in on an oscilloscope but if you observe it correctly you can see the sinusoidal components.

F_diff = F_osc – F_det

Obviously you can rearange that to come up with a time formular using the time differences from edge to edge timing.

Two points to note,

1, The average time between detector outputs still follows the half life curve.
2, The “free runing oscillator” rarely is free.

To see the effect 1 has, imagine the oscilator is of very high stability. Between each partical detector edge the average count of the oscillators cycles goes up with the decreasing half life curve. If you do not correct for that you end up with a sawtooth signal superimposed on the count. Obviously a sawtooth waveform has a harmonic content of phase related sinusoidal waves.

The problem with 2 has long been known as it was seen with pedulums on a shared beam or surface sychronising. In electronics it is known where the effect is intended as “a loose locked oscillator”. The most common form used to be when analogue was king, the colour burst signal in colour TVs and the stereo signal in FM radio stations.

Unless exceptional care is taken the oscillator will loosely lock to power supply noise, EM fields, and even the rise and fall of the temprature in the case, be it from the room AC or sunlight through a window on the instrument case. Then there are the effects of “microphonics” where either the turns in the inductor move or the plates in the capacitor move under the influance of mechanical vibration that is conducted through the instrument case or radiated as acoustic energy. Whilst all of these signals are chaotic they are still mainly determanistic not random. Worse many of them can be induced by an attacker to compleatly swamp any actual random content, which due to the issues of “dynamic range” will mean that the random is effectively lost.

I’ve actually designed several commercial products using the roulette wheel / stroboscopic principle and I can assure you that it will not stop bias from the halflife curve of a radioisotope source from appearing.

Clive Robinson • September 17, 2021 7:32 PM

@ SpaceLifeForm, ALL,

Point remains, you can not rely upon a cloud provider to actually be proactive.

Not quite true, their billing and marjeting depts to almost always be proactive and hyperactive respectively.

As for those doing third line support and development, they might be in some bikeshed in South West India or old Soviet republic. If Solar Winds and others are to go by.

Clive Robinson • September 17, 2021 9:05 PM

@ MarkH,

For an oscillator, each cycle is causally linked to the preceding cycle: timing the zero-crossings of its output can be used to make a fairly good estimate of when the next zero-crossing will occur.

Ever heard of a “chaotic oscillator”

http://www.scholarpedia.org/article/Transistor-based_chaotic_oscillator

Whilst they are not common in designed devices, they are in nature rather more present than the type of “periodic” oscillator you are talking about.

For instance your arm is fundementaly a structure to form a 2D chaotic oscillator due to the number of pivit points. It is only the fact that you cannot have fully universal joints due to blood supply, tendons etc that stop it being capable of reaching all points in a 2D surface and importantly continuous direction rotation.

But for a simple example of a physical chaotic oscillator you need two motors and two arms. If you fix one motor to a base and have the arm rotate parallel to the base the tip of the arm describes a circle. Now add the second motor to the tip of that first arm with a second arm above but parallel to both the base and first arm. This second arm describes a circle around the point of the first arm. However with regards to the base the tip of the second arm forms a complex pattern the shape of which is related to the speed of rotation relationship of the rotation of both arms. Because such a system is sensitive to that relationship if it varies in a determanistic fashion it is by definition chaotic.

Obviously the more rotation points you add the more interesting things get. You should realise from the likes of square, triangular, and sawtooth waves that under certain very distinct relationships when the relationships remain stable the final arm end point will trace out squares, trapezoids, triangles and even straight lines none of which to the observer have circular movments to an observers eye.

Clive Robinson • September 18, 2021 11:18 PM

@ MarkH,

The spectrum of isotope decay detection will make a better approximation to a “bell curve”.

And what is your reasoning for that statment?

Clive Robinson • September 19, 2021 9:06 AM

@ MarkH,

perhaps it looks more like a typical noise spectrum.

Have a bit further thought, remember exponential decay is a ratio against time thus not a flat distribution so is not going to look like WGN or similar distributions, (untill the decay has finally finished in which case zero).