Schneier on Security

Clive Robinson • November 13, 2021 8:17 AM

@ echo,

Re the YouTube you link to, and your conclusion of,

This is an interesting examination of ego and rote learned qualifications bikeshedding their way to disaster.

Err wrong. The answer is sadly quite simple as any engineering historian can tell you.

Fuel injection does not give any reak advantage with low octain fuel, in fact it can have the opposite effect and be a disadvantage (more things to go wrong, more parts to replace, etc, etc).

The fuel that was used in Britain internal combustion engines from before World War I was low octain in the range 80-90 averaging 87.

It’s a similar argument that led to the famed “story” of quite a bust up between Churchill and The Lords of the Admiralty. He wanted British Navy ships to run on diesel fuel, they wanted to stick with tradition of coal and stokers, and forever to bunker when in port. According to the story –and that’s all it is– when the Admirals claimed it was traditional, Churchill supposadly commented that the only traditions in the Navy were “Rum, Sodomy and the Lash”[1]…

When high octain fuel became available the engines became more powerful, you can actually see the result of this with the number of propeller blades on Spitfires going up with time.

The information has been around for a long time as even minimal research will show, in the 1943 book[2] “The Amazing Petroleum Industry”, by V A Kalichevsky of the Socony-Vacuum Oil Company explained what high-octane gasoline meant to the fighter aircraft Britain had at the time,

“It is an established fact that a difference of only 13 points in octane number made possible the defeat of the Luftwaffe by the RAF in the fall of 1940. This difference, slight as its seems, is sufficient to give a plane the vital edge in altitude, rate of climb and manoeuvrability that spells the difference between defeat and victory.”

That is the change from 87 to 100 octain made for an increase of speed of the Spitfire of 25 mph at sea level and 34 mph at 10,000 feet.

Speaking of manuvarability, which if you want something to argue your “bikesheding” over, how about “the story” that the early Spitfires lost power in certain aerial manovers used in dog fights because of the way fuel left the tanks, or more correctly did not (the bottom of a tank only stays the bottom in level flight).

[1] https://reviews.history.ac.uk/review/2291

[2] https://archive.org/details/in.ernet.dli.2015.239009

Clive Robinson • November 14, 2021 7:01 PM

@ lurker,

And I thought BMJ knew Caesar’s wife

Yes he appears to be the “biblical” sort in such things. As they say in other places “If you can’t keep it in the holster be mindfull of what targets you pick”.

Be thou as chaste as ice, as pure as the driven snow, thou shalt not escape calumny.

Ahh “The H play, who’s name shall not be mentioned” lest “you break a leg” for “realsis” or what ever it is the kids say these days.

But there is so much to be found in Act III scene 1,

“To be, or not to be: that is the question:
Whether ’tis nobler in the mind to suffer The slings and arrows of outrageous fortune, Or to take arms against a sea of troubles, And by opposing end them?
To die: to sleep;
No more; and by a sleep to say we end
The heart ache and the thousand natural shocks
That flesh is heir to, ’tis a consummation
Devoutly to be wish’d.
To die, to sleep;
To sleep: perchance to dream: ay, there’s the rub;
For in that sleep of death what dreams may come
When we have shuffled off this mortal coil,
Must give us pause: there’s the respect
That makes calamity of so long life;
For who would bear the whips and scorns of time,
The oppressor’s wrong, the proud man’s contumely,
The pangs of despised love, the law’s delay,
The insolence of office and the spurns
That patient merit of the unworthy takes,
When he himself might his quietus make With a bare bodkin? who would fardels bear,
To grunt and sweat under a weary life,
But that the dread of something after death,
The undiscover’d country from whose bourn
No traveller returns, puzzles the will
And makes us rather bear those ills we have
Than fly to others that we know not of?
Thus conscience does make cowards of us all;
And thus the native hue of resolution
Is sicklied o’er with the pale cast of thought,
And enterprises of great pith and moment
With this regard their currents turn awry,
And lose the name of action.
Soft you now!
The fair Ophelia!
Nymph, in thy orisons
Be all my sins remember’d.”

I’ve been told, but never checked, that more phrases in common usage have come from this one passage of Shakespeare than any other work in the English canon.

Clive Robinson • November 15, 2021 7:50 AM

@ MarkH,

Does your caveat about gaskets apply to EMI gaskets? Or just the traditional kind?

Actually it’s both, but mostly those for environment sealing.

EMI gaskets are “fickle” in quite a number of respects corrosion and tarnishing are just the obvious ones. Designing them in can be hard to get right, and some people don’t even bother trying, they just put one in, and it works on “FAT Day” but fails very quickly in the field.

For instance all gaskets are supposed to be flexible in some way, particularly under compression. Which realy means “don’t squish more than X%” otherwise they get taken outside of their “plastic” or other limits such that they become “deformed”. So when you take the access plate off the gasket does not return to it’s dimensions so putting the plate back you can end up with gaps etc.

But also how you secure the plate causes problems as well. Unless you are working with ExD type equipment the chances are the access plate is flexible thus can bend due to the force of the gasket, so you have to take care in how many bolts you design in, where they are located, in what order they should be tightend up and by what amount of torque.

It’s a complex subject, and unfortunately all the required information is not available in one place. Though the technical sales reps of some of the gasket manufacturers can give you guidence.

When I worked in the Petro-Chem industry I had to make a system that needed a combined radio “repeater” and telemetry unit. That is both a receiver and transmitter working in the same frequency band at the same time. The problem, it had to work in a “Hazardous Zone” and at sea and back then nobody made “off the shelf” systems that came even close.

Without going into all the design choices I ended up deciding to use two hand held radios that were ExI and mount them in their own individual custom faraday boxes…

Well the over all design of the box was simple folded up brass silver soldered at all the joints with a flat broad lip at the top on which the lid would be bolted down and the whole thing silver plated inside and out to get good RF conductivity.

The fun was designing the lip which was actually machined to hold the gasket and bolts, with the lid having a ring of “fingers” going down inside the box.

Needless to say those little boxes cost more than the very expensive radios, and the main equipment cabinate that was “dry nitrogen” purged etc to Mil Requirments[1]

All because someone above my pay grade insisted that the boxes contents should be “servicable in the field”. Where as my original choice was build them and silver solder the lids on and make the result a replacable sub assembly with no “user servicable parts”…

[1] That was back in the 80’s and I still have the aluminium screw top containers that the special desicant units came in. They are just the right size to hold a large packet of Chocolate digestive biscuits in and one of them did the round trip to the Falklands Islands… For obvious reasons it has memories attached and in just a few months begining in April it will be the start of the 40th anniversary events, in my mind I feel no older, but the mirror tells a different story.

Clive Robinson • November 15, 2021 1:04 PM

@ ALL,

As some of you are aware, I occasionaly comment on how your TV and other traditional non IoT household goods could be spying on you because it “boosts profits” (Amazon amongst others does this).

Well “By how much?” is a good question, we get given the wrong impression it’s the likes of Google/Facebook which takes the lions share…

But is it? Cory Doctro goes some way to explaining,

https://pluralistic.net/2021/11/14/still-the-product/#vizio

SPOILER : Vizio is a “scumbag corporation” that steals what it can where it can, then steals over the top of it again as well in multiple step thefts…

Vizio technology is by and large “Stolen Intellectual Property” they then package up this theft and sell it to you for a profit (Theft Step 1)

But… In that package they have very very deliberately added “Surveillance-ware” that spys on you 24/365.25 unless you pull the plugs from the wall. They do this illegaly in even the US with the worlds most corporate friendly laws (Theft Step 2).

Why? because they earn twice as much selling you, as they do from selling you their package. What the increase in profit is, is not clear. But more than twice that which they do from making the package very probably…

Clive Robinson • November 15, 2021 6:41 PM

@ SpaceLifeForm,

I think Matt actually meant conducive in this case, versus conductive.

Err I disagree, read it again,

“A Faraday cage is simple in principle: solid conducive container that completely enclosed the signal source.”

It actually does not make sense.

Normally you would say,

“conducive to XXX”

There is no “to” or “XXX” in the statement.

I guess we could ask, or just wait a little Matt is known to have read this blog in the past, he may well still do so.

Clive Robinson • November 17, 2021 4:28 AM

@ SpaceLifeForm, Freezing_in_Brazil, ALL,

Based upon a back of the napkin calculation, it appears that approximately 20 percent of comments are being flagged as spam and disappeared each week.

I’m not seeing anything close to 20% of my comments not posting, though some may take a while.

Usually when I get “moderated” it’s not dificult to work out why, even though it can be frustrating.

I suspect that people are getting hit one way or the other because they have not worked out some of the ground rules…

A thought that crossed my mind again today when I saw the upsurge in comment numbers on the current “Why I Hate Password Rules” page…

That said I expect to see between 2 and 5 “unsolicited advertising” as @- calls them appear in the 100 Comments page around this time of day. That have got through from Pakistan, India and occasionaly Australia. I’ve no idea what the actual “hit the site” numbers are though.

It’s the usual problematic “Defence Spending” quandary. You never know when you are spending to much on defence, but you often find out to late when you’ve not spent enough[1].

[1] The example of this defence spending quandary that sticks in my mind is 40years ago when a very small detachment of UK soldiers on the South Georgia islands had to defend against a bunch of Argentinian forces pretending to be scrap metal workers on the 19th of March 1982, and quite illegaly raised the Argentine Flag to try to claim sovereignty. Buoyed up by this success, the Argentinians illegaly invaded the Falklands Islands on the 2nd of April by helicoptering in military personnel early in the morning to secure a “beach head” to bring in over a thousand other mainly poorly trained and equiped conscript troops. Who then terrorised and stole from the defenceless islanders.

This led to a brief, but bitter conflict on the Falkland Islands that claimed many lives, that many claim started a month later with the sinking of the old US light cruiser “USS Phoenix”, renamed as the “ARA General Belgrano” on 2nd of may. They neglect to mention that UK forces took back South Georgia on 25th of Aprill which is probably what caused the Argantinian Government to look for any kind of success. Then on 1st May to the shock ot the Argentinians and the world, UK Vulcan Bombers flown from the UK, bomed the airstrip. Which caused the further “political orders” to the Belgrano to get a success of any kind…

The Belgrano was playing “cat and mouse games” around the Burwood bank on the edge of the exclusion zone, under we now know direct orders from the Argentine government to try and draw out and destroy UK Navy vessels patroling the exclusion zone as the main body of ships were on their way to the Falklands. The Belgrano basically “approached and ran” repeatedly trying to draw out UK vessels under the cover of the Argantine Air Force that had moved to the Comodoro Rivadavia and Rio Gallegos air bases. The Belgrano was using the shallow water around the South side of the bank to try and flush out any UK nuclear submarines of which it was well known there were three in the area so they could be attacked by aircraft from the close by Argentinian air bases. When the Belgrano was reported to be heading into the exclusion zone waters for the third time the UK Government decided based on Chilean interception of the Argentinan Government orders to the Belgrano’s Capitan, that it was a clear and present danger that was not going to stop it’s games. So the “take it off the board” order was given some hours later. Two torpedos from a UK nuclear submarine struck the bows of the Belgrano.

Contrary to what was claimed at the time by the Argentina’s, their supporting destroyers and other ships fled to the nearest port rather than lend assistance, and the losses claimed of a 1000 sailors was false. Yes 323 young inexperienced Argentine men lost their lives, mainly because they were not rescued by the support vessels. In effect killed by their own side running. What is still ignored by many is that despite the attack on HMS Shefield the UK offered what other governments considered and had proposed fair cease fire terms for over 4 weeks even going to the UN with peace proposals and holding the ceasefire offer open untill the 1st of June. All of which the Argantinian Government rather arrogantly turned down repeatedly (despite the advice of their own military). On 21st May UK troops land in San Carlos water, and the war realy starts to get going and the death and destruction rises. There were later reports of “take no prisoner” orders and elite Argentine forces holding guns on poorly equiped and trained Argentine conscripts to stop them surrendering and make them fight. What the truth is on this we don’t know. Suffice it to say despite considerable odds against them UK forces marched into Port Stanly to raise the Union Flag on the 14th of June. The other event of note was on the 11th July in Southanpton in Southern england when the converted cruise liner Canberra arrives home in port. The BBC show film footage of hundreds of people waiting on the dockside waving what were said to be handkerchiefs… In many cases they were actually wives and girlfriends waving their underware as photos taken at the time reveal…

Clive Robinson • November 17, 2021 11:19 PM

@ ALL,

Blacksmith : New RowHammer Attack

Remember all those little fixes the Silicon manufactures said would stop the security destroying reach-around attack of RowHammer… Thus stop your private and personal information being easily stolen?

Well to quote someone else,

“They are so busted…”

From ArsTechnica,

“Rowhammer exploits that allow unprivileged attackers to change or corrupt data stored in vulnerable memory chips are now possible on virtually all DDR4 modules due to a new approach that neuters defenses chip manufacturers added to make their wares more resistant to such attacks.”

Or as noted by Kaveh Razavi and Patrick Jattke, two of the research authors,

“We found that by creating special memory access patterns we can bypass all mitigations that are deployed inside DRAM,”

You can read the “Blacksmith” paper from,

https://comsec.ethz.ch/research/dram/blacksmith/

(link is down in Demo section).

But… the important thing to note is,

We demonstrate that it is possible to trigger Rowhammer bit flips on all DRAM devices today despite deployed mitigations on commodity off-the-shelf systems with little effort. This result has a significant impact on the system’s security as DRAM devices in the wild cannot easily be fixed, and previous work showed real-world Rowhammer attacks are practical, for example, in the browser using JavaScript, on smartphones, across VMs in the cloud, and even over the network.

The paper is 19pages and appears not to have been writen by native english speakers. So you may prefer the easier on the eye ArsTechnica report on it,

https://arstechnica.com/gadgets/2021/11/ddr4-memory-is-even-more-susceptible-to-rowhammer-attacks-than-anyone-thought/

Without going into all the hairy details, previous RowHammer attacks used simple “uniform” energy attacks. So the chip manufacturers came up with a defence that relied on the “uniformity”. The new attack is “non-uniform” thus slips by the defence.

Can the manufacturers defend against this, in theory yes, but you start getting fairly rapidly into diminishing returns not just for the manufacturer but the end user. So the practical upshot is “it’s here to stay” as are those CPU hardware bugs of Meltdown and successors.

So the practical upshot for everyone is that unless the computer you use is “Allways issolated” by suitable “gapping” you can not have “Privacy” with regards your information.

Clive Robinson • November 18, 2021 12:14 AM

@ SpaceLifeForm,

When a Cosmic Ray hits your SIM in the right spot, that’s a Feature, not a Bug.

Have you any idea how many “cosmic rays” will hit a 1cm square bit of silicon in geo-stationary orbit in a 25year mission time?

Then how you design a payload so it won’t get “banjaxed” by bit flips in RAM or ROM in that time…

Clive Robinson • November 18, 2021 6:42 AM

@ ALL,

Intel CPU : Another Silicon Fault

Intel just keeps giving and giving on the security vulnarability front with their CPU silicon… They appear to have more bugs, that a flea infested mangy mut.

This one alows access to the CPU on Chip “Master Key”…

ARS-Trchnica reports,

“The vulnerability—present in Pentium, Celeron, and Atom CPUs on the Apollo Lake, Gemini Lake, and Gemini Lake Refresh platforms—allows skilled hackers with possession of an affected chip to run it in debug and testing modes used by firmware developers. Intel and other chipmakers go to great lengths to prevent such access by unauthorized people.”

Because such access alows,

“an attacker can extract the key used to encrypt data stored in the TPM enclave and, in the event TPM is being used to store a Bitlocker key, defeat that latter protection as well. An adversary could also bypass code-signing restrictions that prevent unauthorized firmware from running in the Intel Management Engine, a subsystem inside vulnerable CPUs, and from there permanently backdoor the chip.”

Yup that “all powerful” Intel ME “Managment Engine” that runs at Ring -3 or what ever is claimed of it… Just as well any updates that get injected disapear on a power off cycle.

Yes we’ve seen similar before out of Intel, which makes you wonder why it’s happened yet again…

Google and others certainly have which is why they have apparantly gone into Intel ME avoidence mode for their systems,

Security researcher Kenn White is quoted as having written in an email

“In my view, Intel’s record on delivering a worthy Trusted Compute Base, particularly around the ME is disappointing, and that’s being charitable. This work further validates Google and other large tech companies’ decision 5+ years ago to jettison Intel’s built-in management stack for bespoke, dramatically skimmed down TCBs. When you don’t have bloated complex tertiary systems to maintain and harden, you get the added benefit of no debugging paths for an attacker to exploit that complexity.””

Read more at,

https://arstechnica.com/gadgets/2021/11/intel-releases-patch-for-high-severity-bug-that-exposes-a-cpus-master-key/

Clive Robinson • November 18, 2021 8:19 AM

@ Ted, Winter,

Online voting has an issue not much talked about which is a lack of “cooling off period”.

In normal voting you have to “plan your vote” because you have to go to the location stand in the que do the admin stuff etc. This alows you to get into a less riled up state of mind.

With online voting you can go from reading intensely vitriolic and possibly fake news in social media and the like straight into caating your online vote…

Thus the potential to “feed” voters “fake news” etc on not just an individual basis –ala Cambridge Analytica– but at a critical time…

With the now very small margins in First Past The Post voting using this to shift even just a few percentage points is a very realistic possability.

One that I am sure will cause more than a few “Hedge Fund” managers and their ilk to invest heavily in.

Clive Robinson • November 18, 2021 3:04 PM

@ Winter, Ted,

The reaction of the Flat Earther is typical.

And… Often tripped over in science[1].

Science contrary to many peoples expectations is not “radical” but “conservative” so can be very behind the curve and moving slowly.

A friend sometimes jokes,

“The last time science was rad was when Fleischmann and Pons were cool. Now it’s just shutup and calculate, and clean the dust bunnies out of your pocket protector.”

Whilst not realy that bad, science appears to fall into two camps, those that are seen as doing trivial science and getting very very rich, by those doing serious science eking out an existence from grant application to grant application.

The sad truth is that industry is only looking for a return on what they put in, in the very short term where as what is seen as fundemental research gets paid for out of Government funds and appeared to fund the big toys of the physics boys.

Things are changing, but not realy for the better, if some in politics have the way we will be back in the dark ages before you know it. They don’t believe in science, yet they are happy to use the weapons of oppression it produces..

[1] Hence Arthur C. Clarke’s comment about those who had bit, spat and scratched their way to the top of the hierarchy,

“When a distinguished but elderly scientist states that something is possible, he is almost certainly right. When he states that something is impossible, he is very probably wrong.”

In short “ultra-conservative” cognative bias.

Clive Robinson • November 19, 2021 7:32 AM

@ lurker,

I now eagerly await the next episode, where it is revealed the key is less than unique to each cpu…

Many many moons ago I discussed this very problem for generating seeds for randomn number generators in embedded systems like network equipment. Where almost the first action on initial power up was to generate Pub/Priv Key pairs, with little or no source of entropy to move from the original seed value.

I’d first faced the issue on a major production line when designing cordless phones in the early 1990’s, where programing an ID / serial number / seed on a production line was not something you wanted to do as it could halve the throuput rate.

Worse if you used an internal random generator say using fast counters and button pushes the individual line operators quickly fell into their own narrow band of numbers…

Something that was not to bad when the total number range was just 2^16 but was a real noticable problem when you were trying for 2^20 or 2^24.

The correct solution for security is to use a stream cipher to generate the unique seeds. You simply have a counter that you encrypt against a secret key. Where you use a TRNG to generate the crypto key, and importantly the “Initialization Vector”(IV) start count of the counter. If you are wise you actually do not increment the counter by one, but at the simplest by some number that is prime to the maximum counter value of the counter, and preferably around half the maximum counter value.

Clive Robinson • November 19, 2021 10:56 AM

@ Ted, ALL,

Is this going to be a commercially available, low-brow tracking technology?

Long answer short “Yes”

Longer answer if there is a “connected” Apple device like an iPhone within range of an AirTag then it phones the MotherShip with the devices –not the tags– location.

Some people have already shown after having a laugh and joke about it in the pub after a Radio Club meeting you can indeed use it as a tracking device,

https://www.essexham.co.uk/we-posted-our-apple-airtag.html

(Note the North Korea and Apple HQ connection 😉

P.S. If you look down the bottom of the page you will note it’s a TARG club night… It’s held at the “Jubilee Hall, Canvey Island, SS8 9RA“ as you can see a fairly bleak place at this time of year, it’s on the North of the Thames Estuary, a little south of Benfleet (railway Stn),

https://www.streetmap.co.uk/map?x=578127&y=184811&z=0&sv=SS8+9RA&st=2&pc=SS8+9RA&mapp=map&searchp=ids

You might be supprised at who you might meet there…