Schneier on Security

Clive Robinson • January 21, 2023 1:11 PM

@ anon, ALL,

Re : Embedded or attached.

“And what software should we be looking for that was used to embed the data into the image?”

Just to be clear in this case the alledged suspect according to the information,

“Attached to the end”

So it was not a case of “embed the data into the image”

You can do such a simple operation with many tools that will work with “Binary Bags of Bits”(BBoBs) as all you are doing is a basic example of data serialisation. So you get,

Fresult = Fpict, Sep, Finclude, Fterm

With the Sep being 88. The picture file being an executable is effectively closed so when executed would not read past the end of it’s required data. So would just display normally. The Seperator of 88 should actuall be not needed and is there for “ease of use by a human” conveniance. The data end terminator Fterm may or maynot be required depending on a number of factors.

What is normally regarded as stenography actually modifies the data in the Fpict file, this would require it to know about the picture internal structure, and would be easy to get wrong.

Thus this method of attaching by serialisation into a larger binary bag of bits does not need to know anything about the actual picture file data and would work with very many types of file without issue and is easy to do manually with most Commercial or Consumer OS’s with just the built in commandline tools.

Clive Robinson • January 21, 2023 3:44 PM

@ Ted, ALL,

Re : GE surveillance software.

“In this case Zheng used Cygwin Bash Shell.”

Which tells us at what level the surveillance must have been done.

Oh and for future users of such tricks rembember since around the mid 1970’s the standard console in CP/M and later was “CON”[1] which could be “redirected to another device such as a “serial port” like COM1. Which these days could be a mobile phone or smart device using a USB serial port style connection (have a look at the Android specs for development and upgrading over the USB port)…

[1] CON is a device name short for “control consule” and was in early systems was sent to “the standard serial port” and later as displays became “built in” to those. The point was just as with *nix /dev/tty’s it was assumed to be a basic physical RS232 connection thus was a simple bidirectional serial stream or “character interface”. The list of such devices changed with time and grew to atleast,

AUX, COM0 .. COM9, CON, LPT0 .. LPT9, LST, NUL, PRN,

Thus you used to be able to write a programme or shell script that would run a graphics program that would take up the “graphics screen” usually used as CON and flick the actual command console over to AUX or one of the COMx ports of a serial terminal like a VT52 etc. This sort of thing was done with early cad programs. You could also dump the CON output to an LPTx or other printer port to get a printed transcript of what went to from CON.

Clive Robinson • January 22, 2023 3:46 AM

@ SpaceLifeForm, ALL,

Re : Newer not better.

“A later version broke my patch badly, but I did not have to use the newer version.”

Is part of a growing problem, that I was reminded of a few days back.

When he was still with us, I used to go camping with an ex army buddy and he had a shaver that used a clockwork motor. You wound it up and used it just like an electric shaver, he’d had it maybe fourty years. It was a birthday present from his grandfather when he was a teenager and first started having to shave.

He used to joke it would be going long after the batteries in our “modern shavers” had died. Well eventually as all things mechanical do it broke down, and after a little bit of effort and use of some of my watchmakers tools we managed to get it up and running again, not quite the same as before but certainly well enough to be servicable and he was still using it up untill he died.

Well he was right in a way, I wanted to get a new beard trimmer. I’d long since replaced my first shaver an old changable AA dry-cell battery shaver that had seen me through about 20years. The replacment being for a recharbale one but was sealed. This too had died after maybe six years due to the batteries. The problem being although I could and did get it appart the type of rechargable battery was nolonger available so I stuck the bits in a box thinking I’ll sort it out when I’ve a little more time and went and bought another beard trimmer, that’s lasted only three years, which is not at all good.

Standing there in the shop the other day, looking at what was available, I realised that they all must have “custom battery” designs in them, and they are going to be not replacable, plus they all have microprocessors in them… So the built in obsolescence is going to be a couple maybe three years if you are lucky, maybe just outside of the guarantee period?..

It set me thinking, in part because I’d walked through another part of the store and they had a 24hour News channel with the “ticker-tape” at the bottom of the screen mentioning firstly rolling blackouts to be expected in Feb-March and potential petrol rationing, and currently bad weather likely to be severe enough to cause flooding etc… So “Happy happy joy joy” all around not.

Now planned or rolling blackouts are something in the South East of England that were rapidly passing into memory they happened half a century ago back in the early 1970’s for various reasons, including “War Debt” from WWII. Though not unexpectedly the politicians blaimed the unions and their fickle members who basically said enough was enough with the politicians policies (that were wrong then and still are, hence more strikes are on the way).

My thoughts became reflective, and I realised that my old buddy was right a simple mechanical clockwork shaver would be a vast improvment over what essentially was “pretty” junk in front of me of

“All faux style over s@d-all substance”.

Yo can not maintain them, or repair them, or make new parts for them should they be required… Their only destination is “land fill” as none of the bits are effectively recyclable without environmental harm.

As “our society” has moved on we’ve moved over a tipping point. We’ve gone well past increasing utility, to increasing vanity in our products. But… in the process we now are loosing much that is important the “Right to Repair” is of no use if you can not repair for various reasons.

Back when I was designing consumer electronics[1] I used to as personal policy only use “standard parts” not because it ment things were reparable, but as many are finding currently custom parts are way to sensitive to supply chain issues. Which back last century were actually more of an issue than they currently are, but with care and second/third sourcing were effectively managable.

Perhaps people should realise in the race for “newer” we are not just getting obsolescence by “no repair” we are also loosing out on something a whole lot more important “survivability”.

People should ask,

What do you do when you can not get new, and old is not repairable?

Do you realy want to have a “cut-throat” up against your throat for real?

But you can’t, in the UK because those silly politicians have made them effectively “illegal”… Whilst you can buy them, you can only transport them in “the manufacturers sealed packaging”. So legaly once you get it home and open it you can no longer take it away, on business, holiday, even throw it away, or send for recycling… Once you leave your home with it even to get it sharpened, you are technically committing a criminal offence, because the knife carrying exemptions are only for “to carry out a trade” (which has a grim humor element to it if you consider “hired-killer” to be a trade).

[1] Amoungst other things I designed “cordless phones” and they used to win consumer awards much to the surprise of senior managment as did the two way radios I also designed. Which gave me a certain degree of freedom in my design decisions. Another was I got to keep the prototype, pre-production and alternate “test units”. Whilst being more than a quater of a century old, I still use a couple of them as “intercom” units for “working in the garage / garden / shed. The only thing I’ve had to “repair” so far is replacing the old rechargable ni-cad batteries with something more modern a standard lithium design that fits convenirntly in the battery compartment, which ment a tiny change to the charging circuit. I know I can replace all the parts inside including the mask programed microcontroller, because for “fun” a few years back I dug out the old software wrote a script to change the assembler instructions for a new surface mount device on a DIP prototype header and swapped it over in the design prototypes and also added a few features…

Clive Robinson • January 22, 2023 3:10 PM

@ lurker,

Re : Beard trimers

“There’s no microprocessor in my nice little pair of beard trimming scissors”

When you are talking about scissors with the way the legislation is written in the UK scissors are “bladed weapons” and the way the length is calculated can be read as the combined length of the blades… Also as the blades are “not fixed” in the prescribed way…

So yes, beard trimmers are like glorified electric shavers these days in the UK. The cutting head like a miniture hedge-trimmer and not to disimilar to those seen in the hands of US Army barbers hands in the 1960’s and 1970’s, era where the hair cutting style appears to have been imported from Australian sheep shearers.

With “intelligent charging”, motor control, LCD displays with timers and all sorts of other features, I’m saying microcontroler is almost certainly the way they have gone. With the boxes having that same sort of “Marketing madness” you got on the first microprocessor based toasters[1]…

As for the scissor and comb method of trimming, lets just say my hands are not as flexible as they once were. It’s also dying out as the old style barbers get replaced with what I can best describe as Hip-Hop blaring meetups for certain trendy types to have oil massaged into their hair, for more money than a silver service restaurant meal.

[1] The original of this goes way back, even before Pentiums,

https://koblents.com/Ches/Misc.-and-Humor/176-Object-oriented-Toaster/

The first I remember ended in a kinder sounding “thrown in the moat”.

Clive Robinson • January 23, 2023 10:28 AM

@ Peter A.,

“For now, I walk all shaggy”

I know that feeling…

Only not the walking bit. Just after Xmas and before New Year, I got an attack of arthritis in the ball joint of my foot. It spread up into the ankle joint and as the medics chearfuly say “it’s non load bearing”. Getting upstairs is done “dog style” but getting down is not safe and I’ve already had one tumble.

So yeh like you it’s just the essential bits for now (not that eating figures much in my activities due to both pain and pain-killers).