Schneier on Security

Clive Robinson • December 13, 2021 3:55 PM

@ Ted,

What do you all think of this? Strictly defensive? What does that even mean?

Horse apples…

Think of it as,

“malware -v- Antivirus”

Nobody buys the defencive AV software unless there is a very real malware threat at quite significant level.

NSO is in effect a big pusher of “malware” and it’s been very profitable for them as it was a lucrative niche market with eye wateringly expensive product with few direct costs so very high return.

As we know AV software is almost given away these days and even then people just don’t buy it…

After all do you have AV software on your phone or other Smart Devices? Probably not, few do and they would not want to pay more than a couple of bucks for it “through the store”.

But AV software is a tale of two sides… For AV to work it is said it has to get into the very heart of your device, and effectively own it. It is in effect little diferent to malware or ransomware in where it gets in only the payloads differ slightly.

Which means AV software adds significant vulnerability vectors to your device as well as “ET Phone Home” loading of files upto the “mother ship” etc. Remember what was said about Kaspersky AV and the Russia state allegedly looking over it’s shoulder?

Hence the latest “want” by the West’s Guard Labour is not for “golden key front doors”, “NOBUS backdoors” or what ever they call then today. No they want full unfettered “end point access”. That is full access on your system to run file scanning and the like just ad AV software does. That “Cop-tag” CSAM system Apple is talking about is just the very thin leading edge of what the Guard Labour want.

After all working at what is below the OS level, it gets access to everything the user does.

Have a search back about the CarrierIQ software that was sending every key press back to their Internet based servers in “plaintext” as I said at the time, I would have thought the NSA was sitting at the “first upstream router” doing “collect it all”.

As a trove of inteligence there is very very little difference between spyware and what CarrierIQ were doing, and when you throw in the file scanning and upload features of AV software… It’s the “total surveillance” wet dream of the Guard Labour…

Have a think about it, it’s almost certainly comming to the next over priced Smart Phone or Device you might buy, with Apple being just that little bit more honest about it than others will be…

But you can be certain of one thing if money can be made from selling that sort of “back door” access then NSO will get into it because that’s the soul of their organisation to get maximum value out of stolen privacy, be it directly or as a facilitator.

If I was “being evil” rather than “thinking how” to be evil, it’s what I would do.

Think “hinky” then maybe you can stay ahead, or atleast keep it on your shoulders…

Clive Robinson • December 13, 2021 5:05 PM

@ Ted,

The history of Uganda is a long and sorry one and there was even a film “The King of Scotland” about one of it’s leaders in the 1970’s who many believe was a cannibal.

Bad as it sounds today, it is actually an improvment. However technology appears to be now turning the clock back.

In the past as a dictator or tyrant what you could do was limited by others a point Stalin understood hence his purges.

Technology now alows the sort of surveillance by just a handfull of people that only very very few were subject to half a century ago due to the human resources required.

It was why people could escape Erich and Margot Honecker’s East Germany and it’s eventual fall at the end of the 1980’s as those large numbers of “human resources” effectively turned on the regime[1]. With modern technology the human resources needed are minimal and don’t need to be that smart. So they can be selected for loyalty rather than ability and they in turn can be better watched by technology.

I suspect the fall of East Germany is the last we will see of that type of social liberation. Simply because of technology, in those faux cries of freedom from terrorism early this century, we have built around us not a Castle we can defend, but a Prison in which we are observed thus can be oppressed in every thought and deed.

[1] I have a lump of concrete with spray paint on it, that came from the Berlin wall, knocked out with a rather nice West German hammer, to remind me of what can happen if society is alowed the freedom to act.

Clive Robinson • December 14, 2021 5:44 PM

@ Ted,

Also is it ‘bad’ to enter this space?

The technology works irespective of the use.

The use is ultimately chosen by a “Directing mind” and would probably be considered either “good” or nessecary by their point of view.

However others point of view might be that the use is bad or unnecessary.

Take this Uganda -v- US issue.

From the US perspective,

1, Listening to Ugandan officials by the US is not just “good but necessary”.

2, Ugandan officials listening in to US officials is not just “unnecessary but also bad”

The opposit view point almost certainly applies from the Ugandan point of view.

But importantly though the US is claiming various things, it is almost a foregone conclusion that the US were attacking Ugandan officials confidential communications long befor the Ugandans attacked US officials communications.

So ask yourself which is right the US or the Ugandan’s or are they both wrong?

That is the point, the god/bad view is “human” not “technical” and very much based on the individuals point of view…

But of a more practical note and one that should always be uppermost in peoples mind,

1, If the laws of physics allow, then people will try and eventually succeed in turning it into a usable technology.

2, Once a technology is available it will get used, and right or wrong, good or bad, is irrelevant to that decision.

That is the practical reality of the world we live in. And it’s not just the US that has been caught out, Australia has as well, as have nearly all Western Nations one way or another.

So now knowing that any and all technology will be used without refrence to ethical or moral standards. So the question arises can you make technology adhere to only “good” behaviour as in the three Robotic Laws thought up by Isaac Asimov?

Simple answer “Of course not”…

Clive Robinson • December 15, 2021 1:24 AM

@ Ted,

No one wants to have their user service or experience compromised. That would be bad.

Joking aside, actually it would be bad very bad for those who are watching.

“They” call it “tipping off” others might call it “spotting a peeping tom”. Either way the result is the same, the target of attention as a minimum changes their behaviour and at the very least does the equivallent of “draw the curtains”. If not like the father of a teenage daughter comes after those peeping-toms with the equivalent of a “base ball bat to knee cap them”.

The real point of surveillance is not to be seen watching, so you can go on watching as long as you like taking advantage of what is unknown by the target. With time comes knowledge, which builds into power over the target in one form or another.

Those who participate in being the watchers are not normal people. They fall into two basic types, those that have little or no empathy thus can not or chose not to see the harm they do. And those that rate higher on the narcissistic, sadistic and sociopathic scales. With those who lack or can subsume empathy making “useful idiots” for those who are up the scales, and most likely higher in the hierarchy unless bestial in nature.

We know from revelations forced in court about under cover officers in the UK Met Police, they would think nothing about decieving their way into romantic and physical involvment with their targets of observation. Often having children with the women, knowing full well they would just “walk away”, or have the women jailed etc and the children thrown into the care system etc. This was not just condoned by senior officers but actively encoraged. Worse the current head of the Met Police was only to well aware of what was going on. But Cresida Dick is a “political favourite” because at the very least she turns a blind eye if not actively condons such behaviours as long as it gets her political masters objectives achieved. Oh and her political masters Mrs May and Ms Patel who likewise would have been aware of exactly what was being done to those women by the surveillance officers…

Were these women who were abused “criminals”? Of course not, they were in the main people who were lawfully protesting the immoral or unlawfull behaviours of those in power.

Clive Robinson • December 15, 2021 7:36 PM

@ JonKnowsNothing,

Re upskirting

Way to many treat it as a joke, or childish behaviour and see it as “arrested development”. Therby alowing people to get away with what is very preditory behaviour.

As such it is not random these people seek out their victims just as stalkers do.

There is not as much data on the psychological profiles of such people as we should have, simply because it is mainly a modern phoneme enabled by technology.

More traditional “locker room bullying” is known to destroy lives, and the use of mobile phones has enabled much much worse behaviours. In the UK teenage girl gangs have turned it into physical violence to “go one better” than rivals etc.

Those who bully in what ever way have personality defects that should be of concern to others. It is in effect a “power lust” that is basically uncontrolled, and generally these things tend to go one way and result eventually in violence.

As for kilts they come in old style and modern. Old style is said to be twelve yards of broad cloth and to put it on requires it to be laid out on the ground folded in hand width (4inch) pleats with a broad belt underneath, this takes around eight yards of cloth. You then roll yoursef into it and belt it in place with the top about two inches above the waist and the bottom below the knee. The remaining cloth aranged over the shoulder in such a way as to alow it to be spread out to provide weather protection. Oh and at night you use it to make your bed.

This idea has carried forward, the “great coat” issued to soldiers in WWI is an example of the same thing, in that it was rolled up and carried on the person either around them or their pack. In cold or inclement weather it became protection and at night bedding to sleep in.

The modern army poncho and liner set acts in a similar way and can form “tentage” as well such as a lean to to provide shade in hot climates when resting up.

As for “is anything worn under the kilt” as far as I’m aware it always has been. Very few people would want broad cloth that was made on cottage looms up against their skin, even though it had been “proofed with lanolin etc obtained when boiling the wool.

But there is also the sanitary side an undershirt of length is moderately easy to keep clean soap can be made with potash and fat, and if made of flax can make extrodinarily fine linen that most can have against their skin without issue. There was an old chant of “Kiltie kiltie always got a cold bum, never had a warm bum” that children used to call out to those in traditional atire, but that is not true when you have what is in effect three layers of heavy broadcloth hanging around you.

As for “under pants” as such they are a fairly modern invention and were seen as “unclean” for various reasons. However men have worn support to keep things out of the way for much longer than written records, Henry VIII is credited with making the codpiece fashionable, however the reason was probably to do not so much with support but the pain of STDs. The history of underware is to some quite fascinating as it says a lot about society and it’s moors at various times. Supprisingly to many day to day underware has often been more expensive than outer clothing. As linens were only washed two to three times a year due to the labour and resources required, people often had large quabtaties of underware so it was a considerable expense. To my knowledge from knowing a young lady who worked in the field both the Royal Palace at Hampton Court and V&A museum in South Kensington London has whole groups that deal with “linens through the ages” in their various forms, and they do have displays and exhibitions based around them from time to time with talks and lectures.

Lucy Worsley is “The Curator of the Royal Palaces” charity who has done much to bring history to life, and is quite knowledgeable on the subject of underware through the ages and has on several occasions brought it into her television programs,

https://en.m.wikipedia.org/wiki/Lucy_Worsley

Clive Robinson • December 16, 2021 2:55 AM

@ JonKnowsNothing, SpaceLifeForm, Ted, ALL,

You will never know they are there unless the installer messes up.

Not quite, remember “red eye” in photos with flash, “lamping for rabbits” at night, or “cats eyes in the road” as your headlights hit them?

They all are a result of 180 degrees internal reflection that occurs when an image is focused on a reflective surface.

The same holds true of even tiny cameras…

So a pair of glasses with forward facing bright LEDs just to the side of your eyes will enable you to walk around a room and spot the “twinkle” of the cameras red eye…

Such glasses are sold to those who work with small objects like jewelers, watchmakers, hobby machineists that make small locos and the like, maker electronics for surface mount assembly, etc, etc,

Even one of those “head lamps” worn low over the nose will work.

Or you could spend $300 on a “Spy Camera Detector” they work in a similar way optically but in the near IR and some have ISM band receivers that search for video line/frame/interlace frequencies.

Remember a camera needs high bandwidth communications and to get any given range it needs to put out something like 32 times the power of an audio only bug.

Clive Robinson • December 16, 2021 7:13 PM

@ Ted, SpaceLifeForm, ALL,

With regards,

“The talent of the individuals who came up and developed this technique is beyond impressive”

Not sure why…

They talk about XORing two glyphs to produce a data map, well if you look back on this blog I call them “data shadows” and use them as a way to have passwords and KeyMat in Core RAM that you can not find by examining the core RAM you need two other pieces of information that is held in CPU registers not Core RAM.

As for building your own CPU, that takes me back to the earky 1980’s when I used to design ALU’s and state machines to implement RTL that in turn had microcode on top.

However whilst some of the ALU’s were over 400bit’s wide other ALU’s traded clock cycles for bus width.

Back then you had the state of the art 22V10[1] “Programble Array Logic”(PAL) that were tiny “fuse” programable logic chips from AMD. I was considered a bit of a whiz kid back then with the logic transformations and I could beat the “tools” more often the tool designers would have liked.

Any way I used them with shift registers to design what were 1 bit ALU’s that shifted data upto 64bits wide through. One usefull trick was “bytewide instructions” you would do “maths” such as “serial adders” and shifts. They had a high throughput but a high latency. So if you were doing a “digital filter” you got the required through put but not at the eye wateringly expensive price of a 32bit width CPU that the likes of DEC would not give you much change out of $10,000 back then… You just got delay, which in most cases did not matter.

So yes designing a 1bit ALU, not a problem you can do it with about 25 gates[2] for the core, but then you need additional function select and shift control and SR latches. But 60-120 NAND or NOR gates would do it.

I must admit that whilst it was “bread and butter work” back then, my little grey cells are not what they were, but give me a couple of days and I could give you a logic diagram for a 1bit serial CPU core, a couple of days more for a microcode ROM and state machine.

It’s upto you as to how long to make the shift registers but actually if you realy want to make life hard… Yes I can give you a Turing machine which does not realy care about how long data is provided you use the right type of bit stream coding.

But if you are going to do that an alternative might be “Study BrainF##k”,

https://en.wikipedia.org/wiki/Brainfuck

But, for those with slightly longer memories, do you remember when it was shown that Intel’s x86 memory manager faukt handeking was “Turing Compleat” thus gave a “ghost CPU”. The reason being the MMU had to do two different memory models so it had “extra features”,

https://news.ycombinator.com/item?id=5261598

So it’s all been done before but ICT peps have no memory for even “living history”… ={

[1] We are talking 4 decades ago and the original 22V10’s are long gone appart from in a few engineers “odds and sods boxes” I still have a couple of tubes of them. Whilst blindingly fast for their time they would be creaky at best now. However there were and still are “pin compatible” 22V10 chips one such was the GAL22V10 which you can read about,

https://en.m.wikipedia.org/wiki/GAL22V10

[2] At college/uni they show you a half adder as an XOR gate with an AND gate for the carry, around which they add another XOR gate an AND and an OR gate to make a full adder.

What they don’t tend to tell you is those AND gates used for carry come for free in the XOR gate which is made with for NAND gates. Thankfully rather than have me use words, Wikipedia has pictures,

https://en.m.wikipedia.org/wiki/Adder_(electronics)

The next trick is to work out how to add the minimum number of gates to give you AND/NAND, OR/NOR, INV/XOR, SET/CLR logic operations.