Schneier on Security

ResearcherZero • May 21, 2023 7:50 PM

“the C.I.A.’s counterintelligence mission center had looked at dozens of cases in the last several years involving foreign informants who had been killed, arrested or most likely compromised. Although brief, the cable laid out the specific number of agents executed by rival intelligence agencies”

‘https://www.nytimes.com/2021/10/05/us/politics/cia-informants-killed-captured.html

Sometimes foreign agents would show up outside a funeral to admire their handiwork. Yet those lives are ignored, along with the intelligence that was supplied for the benefit of those who then ignored it.

Those deaths are not a “hoax”, and should not be ignored. They were real people with very real families.

ResearcherZero • May 21, 2023 10:06 PM

One day…

“Trump and Fox have flipped the model, constructing a reality that would not be accepted as scripted drama. In flipping it, they protect it from the more serious kind of examination… One day there will be a reckoning of his actual impact and a sober disentangling of fact from fiction.”
‘https://www.smh.com.au/culture/tv-and-radio/succession-s-murdoch-fantasy-distracts-from-a-far-more-dangerous-reality-20230511-p5d7si.html

“I don’t understand anything about American sport,” he told me breezily, “but I know the coloreds like it.”

I told him that in America we no longer used the word “coloreds,” that it was considered insulting.

He looked at me the way Queen Victoria might have looked at a footman who had told her she was using the wrong fork to eat her pheasant.
‘https://www.politico.com/story/2011/07/the-evil-of-rupert-murdoch-059405

All the corruption exposed in England – hacking, political payoffs, dirty cops, hush-money settlements – is also happening here
‘https://www.rollingstone.com/politics/politics-news/rupert-murdochs-american-scandals-243127/

“[Rupert Murdoch] is responsible for Fox News. Fox News has played, by far, the largest single part in the polarization of American politics, in the amplification of political hatred. I would challenge anyone … to nominate which individual alive today has done more to undermine American democracy than Rupert Murdoch.” — former Australian Prime Minister Malcolm Turnbull

ResearcherZero • May 21, 2023 11:22 PM

It is important to recognise that Australia plays an important role and can secure Julian’s release.

…If there is political will, a solution will be found, it is up to the principles to find that solution.
‘https://www.theguardian.com/australia-news/live/2023/may/22/australia-politics-live-anthony-albanese-png-pat-conroy-narendra-modi-g7-quad-senate-estimates-bnpl-voice-referendum

A press freedom survey conducted by the MEAA in 2022 showed more than 92 per cent of media worker respondents feared that threats, intimidation and harassment of journalists was on the rise.

“Australia is now at 39th position on the world press freedom index and that’s down from the high of 19 just about four years ago,” Mr Greste told Sky News.

“Slipping 20 places over the past four or five years is, frankly, catastrophic (and) we’ve got to do something to improve the state of press freedom in this country.”

Mr Greste said a combination of “draconian” national security laws and highly concentrated media ownership created a difficult situation for journalists in Australia.

More than 80 per cent supported stronger legal protections and four in five supported the introduction of an Australian whistleblower protection authority.
‘https://www.perthnow.com.au/politics/assange-case-most-dangerous-threat-to-press-freedom-c-10529342

In 2011, Wikileaks, with Julian Assange as its editor, received a Walkley Award in Australia for its outstanding contribution to journalism.
‘https://www.walkleys.com/statement-julian-assange-extradition/

…whether or not the State Department regards Julian Assange as a journalist who is — who would be covered by the ideas embodied in World Press Freedom Day?

ResearcherZero • May 22, 2023 3:16 PM

Australia needs nuclear submarines if it is to become Stalinist Russia…

Mr National Security (Peter Dutton), architect of new surveillance laws and expert on political correctness, invokes his favourite author George Orwell over virtue signalling and wokeism.

‘https://www.sbs.com.au/news/podcast-episode/coalition-accused-of-spreading-disinformation-as-debate-begins-on-voice-referendum-bill/q1skhfd8j

“deliberate misinformation doesn’t make a counter argument. It diminishes democracy.”

‘https://theconversation.com/the-voice-isnt-apartheid-or-a-veto-over-parliament-this-misinformation-is-undermining-democratic-debate-205474

As Dominic O’Sullivan, a professor of political science at Charles Sturt University, told CheckMate: “It makes recommendations but they’re not binding.”

This point was echoed by Professor Boast, who said the tribunal “can only issue non-binding reports”, and that while it might occasionally critique government policy or legislation, it was “up to parliament and the government of the day whether they wish to accept the tribunal’s views or not”.
‘https://www.abc.net.au/news/2023-04-14/fact-check-checkmate-maori-voice-waitangi-tribunal/102217998

It’s a fundamental aspect of the rule of law in Australia that the judiciary ensures the Constitution is respected, which the amendment follows.
‘https://theconversation.com/no-the-voice-isnt-a-radical-change-to-our-constitution-200056

Indigenous voice to parliament will not confer special rights
‘https://www.rmit.edu.au/news/factlab-meta/the-proposed-indigenous-voice-to-parliament-will-not-confer–spe

–

‘https://www.theguardian.com/media/2023/may/11/abc-announces-job-losses-amid-biggest-restructure-since-2017

The executives of the big media companies maintain close ties to political leaders, which fuels doubts about the editorial independence of the outlets they own.

This oligarchic model prioritises business interests to the detriment of public-interest journalism.
‘https://rsf.org/en/country/australia

Can you use the following terms – wokeism, political correctness and virtue signalling in a sentence? Perhaps with a little more grace. 😉

ResearcherZero • May 23, 2023 3:57 AM

@modem phonemes

They are old phones. iOS encrypts the data, and Android does not.

Hence the importance of encrypting data moving over the bus. A security system is only as strong as it’s weakest link.

–

Lev Parnas and his business partner were arrested in 2019, accused by the U.S. government of funneling a Russian oligarch’s money into American political campaigns.

DeSantis gave back the contribution after Parnas ran into legal trouble.

DeSantis frequently – in more than 20 texts – appealed to fellow Floridian Parnas for introductions, advice and other fundraising help during his hotly contested campaign for governor. The texts also reveal that Parnas served as an intermediary between DeSantis and former New York City Mayor Rudolph Giuliani, who at the time was the personal attorney of then-President Trump.
‘https://www.cnbc.com/2023/05/22/texts-tie-desantis-closely-to-trump-insider-lev-parnas-in-2018-race-says-report.html

Election data Manafort handed to Russian Intelligence officer was of critical importance, determining 98 percent of the campaign’s resource allocations
‘https://www.intelligence.senate.gov/sites/default/files/documents/report_volume5.pdf#page=92

“identified voter bases in blue-collar, democratic-leaning states which Trump could swing,” including in “Michigan, Wisconsin, Pennsylvania, and Minnesota.”
‘https://www.intelligence.senate.gov/sites/default/files/documents/report_volume5.pdf#page=93

“sufficient to predicate the full counterintelligence investigation because it provided the FBI an articulable factual basis that, if true, reasonably indicated activity constituting either a federal crime or a threat to national security may have occurred or may be occurring.”
‘https://www.justice.gov/storage/120919-examination.pdf#page=4

An open invitation…

“Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing,” Trump said at 10:30 a.m. on July 27, one day after the Australian cable was sent to the State Department.

It was midafternoon in Russia when Trump made his statement, and that same day, […] Russian hackers “attempted after-hours to spearphish for the first time email accounts at a domain hosted by a third party provider and used by Clinton’s personal office.”
‘https://www.washingtonpost.com/politics/2023/05/17/truth-about-russia-trump-2016-election/

“My people came to me, [Director of National Intelligence] Dan Coats came to me and some others, they said they think it’s Russia. I have President Putin, he just said it’s not Russia. I will say this: I don’t see any reason why it would be,” Trump said.
‘https://www.wired.com/story/trump-putin-press-conference-gave-russia-everything-it-wanted/

“The Russians surely arranged the Lavrov visit to capitalize on all of this and to send a message to the Ukrainians that they’re basically on their own now and need to cut the best deal they can since the U.S. backstop is largely inoperative.”
‘https://www.nytimes.com/2019/12/10/world/europe/lavrov-trump-pompeo-putin-russia.html

I was used by Trump and his personal lawyer Rudy Giuliani in ways that helped pave the way for Putin to invade Ukraine, my native land.

“I watched Donald Trump give a campaign speech praising Russian President Vladimir Putin and calling the U.S. intelligence community “lowlifes.” Meanwhile, the people of Ukraine are dying by the tens of thousands.”
‘https://time.com/6255090/lev-parnas-giuliani-trump-ukraine/

ResearcherZero • May 23, 2023 8:51 AM

Don’t count your chickens before they hatch.

‘aware of his subpoena obligations’

‘https://www.salon.com/2023/05/22/shocked-at-the-stupidity-prosecutors-obtain-lawyer-notes-that-blow-up-trumps-mar-a-lago-defense/

Trump and his allies may have used Corcoran’s services to further a crime.
‘https://abcnews.go.com/US/sources-special-counsel-claims-trump-deliberately-misled-attorneys/story?id=98024191

The fact that prosecutors invoked the exception in a sealed motion to compel the testimony of the lawyer, M. Evan Corcoran, suggests that they believe Mr. Trump or his allies might have used Mr. Corcoran’s services in that way.
‘https://www.nytimes.com/2023/02/14/us/politics/trump-lawyer-classified-documents-investigation.html

ResearcherZero • May 23, 2023 10:15 AM

“With hard numbers in hand, some argue that science is at the beginning of a movement — one that will encourage systemic changes to improve the mental health of researchers over generations to come. Others argue that change is happening too slowly for young scientists who are already fleeing science — an effect that could have grim consequences for the future of research and society itself.”

Scientists have raised concerns for years about the impacts of all these pressures on mental health. But a series of studies in the past few years are now providing hard data. And the findings show that the situation is dire.
‘https://www.nature.com/articles/d41586-023-01708-4

–

quantum compass tested on water for the first time

‘https://www.telegraph.co.uk/news/2023/05/21/ships-gps-alternative-warfare-tracking-impossible/

ResearcherZero • May 24, 2023 10:03 PM

unknown zero-day vulnerability
‘https://www.microsoft.com/en-us/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques/

‘https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF

–

fake Skype installers and malicious Word documents
‘https://securelist.com/goldenjackal-apt-group/109677/

ResearcherZero • May 24, 2023 10:56 PM

Politicians need to stop passing the blame onto intelligence agencies and start taking more personal responsibility.

Leaders

“Our public leaders have an obligation to set an informed example, to guide the citizens down the right path, to support government action designed to protect the citizens – not to thumb your nose at them. We expect our public officials to set an example and to uphold a higher standard.”
‘https://dailygazette.com/2020/11/05/editorial-public-leaders-have-a-responsibility-to-the-people/

Institutions embody and safeguard certain values that are important to a society. Institutions guard these values against overt attacks and the forces of erosion.
‘https://link.springer.com/chapter/10.1007/978-3-030-51701-4_1

Each person has responsibilities to the community and others as essential for a democratic society.

The Public

“…incivility can have devastating consequences in a free society by undermining the rule of law, free speech, and peaceful conflict resolution.”

“When people engage in incivility, they aren’t only disrespecting each other, but also disrespecting the institutions that uphold the rule of law.”
‘https://www.msn.com/en-us/news/us/winning-law-day-essay-calls-for-more-civility-in-the-public-square/ar-AA1b5FVD

Here are some tips that perhaps politicians could also pay attention to…

‘https://www.poynter.org/reporting-editing/2023/how-to-write-clearly-honestly-combat-misinformation-lies/

ResearcherZero • May 25, 2023 12:39 AM

@Clive Robinson

I used similar tricks at school on other students, ‘to teach them to back up their work’. That is the excuse that I’m using. At the time I imagine I was just being malicious and annoying. Consequently I was caught by the teacher and had to admit my mistake, and demonstrate what I did.

Fortunately that student had backed up their work and only lost a few lines.

–

“I was not paid by any party for any activity, I never sought any payment, none has ever been offered,” he said.

“I have never assisted any companies to win any contacts. If my advice is sought I provide it freely.”

‘https://www.smh.com.au/politics/federal/stuart-robert-should-face-anti-corruption-watchdog-experts-say-20230523-p5daki.html

Robert emailed himself an internal document from the council about upgrading lighting systems that cost the council about $10 million a year.

How he obtained the document is not clear, but what he did with it is now known thanks to the leaking of a cache of emails that reveal Robert as a backroom deal-maker for business figures in his inner circle. He also emailed a Taiwanese company, Formosa Energy, whose executives he had met weeks earlier on a taxpayer-funded visit to Taipei.

The leaked emails reveal Synergy 360 then contacted Formosa directly and proposed the Taiwanese firm pay Synergy 360 a sum of $57,000 to secure the Gold Coast contract. Included in the pitch was content from the internal council memo that Robert had earlier emailed to himself.
‘https://www.smh.com.au/politics/federal/the-case-of-stuart-robert-and-a-gold-coast-street-light-contract-20230518-p5d9di.html

Money was being paid by Synergy 360 directly into a trust ultimately owned by Fed Qld LNP MP Stuart Robert – Australian Property Reserve

Robert deleted his interest from the register in 2018

However Stuart Robert remained a “beneficiary of the discretionary trust, as a potential beneficiary”
‘https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Public_Accounts_and_Audit

ResearcherZero • May 25, 2023 1:28 AM

@Clive Robinson

“When is the ICT industry going to learn from it’s living history?”

Some time after young punks stop complaining on the internet about capitalism and democracy would be my guess.

ResearcherZero • May 25, 2023 1:59 AM

“Defenders must evaluate matches to determine their significance, applying their knowledge of the system and baseline behavior. Additionally, if creating detection logic based on these commands, network defenders should account for variability in command string arguments, as items such as ports used may be differ across environments.”

It is a very difficult problem to contend with. They are exploiting the system against itself.

It is also a problem of resourcing.

‘https://www.cnbc.com/2023/04/28/chinese-hackers-outnumber-fbi-cyber-staff-50-to-1-director-wray-says.html

ResearcherZero • May 25, 2023 11:56 PM

“The malware is designed to cause electric power disruption by interacting with IEC 60870-5-104 (IEC-104) devices, such as remote terminal units (RTUs), that are commonly leveraged in electric transmission and distribution operations in Europe, the Middle East, and Asia.”

…the discovery of new OT malware presents an immediate threat to affected organizations, since these discoveries are rare and because the malware principally takes advantage of insecure by design features of OT environments that are unlikely to be remedied any time soon.
‘https://www.mandiant.com/resources/blog/cosmicenergy-ot-malware-russian-response

Rostelecom-Solar

“deployed a digital twin of the infrastructure of the energy facility and developed automated attack scenarios”
‘https://tadviser.com/index.php/Project:Cyber_%E2%80%8B_%E2%80%8B_police_of_Russia_for_information_security_training

–

Predator

When the implant begins executing, it selects which application context it’s running within. After this activity starts, it will record the thread ID that it is running inside, then register a hook on the ioctl activity in that process.

ALIEN is not just a loader but also an executor — its multiple threads will keep reading commands coming from PREDATOR and executing them, providing the spyware with the means to bypass some of the Android framework security features.

ALIEN hooks the ioctl() function in libbinder.so, which is responsible for inter-process communication (IPC) in the Android framework. The ioctl hooks are structured to allow the implant to communicate with itself (on forked processes) and with other implant components.

The spyware takes the “__progname” of the process that is currently running and then uses it to decide what set of functions to call. The processes looked for are: zygote64, system_server, installd, audioserver (alien_voip) and a second version of audioserver (alien_recorder).

SELinux policy-applied zygote process prevents all kinds of access to sockets, except for Unix-type local ones. …by storing the recorded audio in a shared memory area using ALIEN, then saving it to disk and exfiltrating it with PREDATOR, this restriction can be bypassed.

This is a simplified view of the process — keep in mind that ALIEN is injected into the zygote address space to pivot into specialized privileged processes inside the Android permission model. Since zygote is the parent process of most of the Android processes, it can change to most UIDs and transition into other SELinux contexts that possess different privileges. Therefore, this makes zygote a great target to begin operations that require multiple sets of permissions.

The spyware can also add certificates to the current user-trusted certificate authorities.
‘https://blog.talosintelligence.com/mercenary-intellexa-predator/

ResearcherZero • May 26, 2023 3:22 AM

Pack suspended security clearances, rather than removing the executives in other ways, in order to “circumvent otherwise available procedural protections and legal restrictions on removal of executives.”

Firing someone over political affiliation is typically a violation of federal civil service law.
‘https://www.rollingstone.com/politics/politics-news/michael-pack-abused-power-voa-1234739284/

After the suspensions, Pack “then hired a private law firm to provide post-hoc justifications” for his actions.
‘https://osc.gov/Documents/Public%20Files/FY23/DI-20-1086/Redacted%20Agency%20Report%20of%20Investigation%20DI-20-1086%20et%20al..pdf

That’s where the power paradox begins, which is that very sense of ourselves when feeling powerful leads to our demise, leads to the abuse of power.
‘https://www.pbs.org/newshour/economy/the-science-behind-why-power-corrupts-and-what-can-be-done-to-mitigate-it

Corruption erodes trust, weakens democracy, hampers economic development and further exacerbates inequality, poverty and social division.

‘https://link.springer.com/article/10.1007/s10611-020-09903-4

The lack of laws and professional ethics that regulate corruption as a criminal offense may lead to an increase in abusive power and control.

Permanently Stopping Abuse of Power in the Executive Branch
‘https://www.brennancenter.org/sites/default/files/2020-10/ExecutiveActionsReport.pdf