Comments
Steve • July 28, 2023 6:15 PM
@&ers
Speaking of long distance and strict control, you might like this guide to calling North Korea: https://www.youtube.com/watch?v=Iv01s50l5u4.
&ers • July 28, 2023 6:36 PM
hxxps://news.err.ee/1609040312/estonian-interior-ministry-wants-ban-on-non-personalized-pre-paid-sim-cards
Ismar • July 28, 2023 7:41 PM
Despite being widely used and relying on secret cryptography, TETRA had never been subjected to in-depth public security research in its 20+ year history as a result of this secrecy
Clive Robinson • July 28, 2023 8:08 PM
@ &ers, ALL,
This got grabbed by the auto-mod so I apologise for having to chop it into parts.
Part 1,
Re : Zero Day meaning.
“Not all know from where the term 0day came (Clive knows).”
Yes he does and it will supprise many.
It actually comes from “Zero Hour D-day” and similar military speak.
The term “Zero Hour” was the mark point for the end of the count down time to military action such as “Going over the top” from “The Great War” (later called World War One).
Military actions are not planed by a date and time but “-hours” and “+hours” where “-” was effectively somthing that was to be kept hidden from the enemy pre the start of action (note hidden not secret, because build ups were visable to observers in balloons, using odd looking perescopes on jack up masts and later aircraft).
The reason for not using dates and times was mostly a practical one, amoungst other things “the weather” which could change so much in a very short period of time that a planed action would have to be delayed. Sometimes for nearly a month… Think full moon every 28days and heavy cloud blocking the needed moon light to bring stuff upto the front.
Whilst many “Officers” and “Senior NCO’s” were used to using it, it did not make it into the public memes psyche untill “The Space Race” where every one talked of the “count down” and “zero hour” with big digital clocks in days hours minutes and seconds “counting down”.
In the early 1970’s Burnie Taupine wrote the words to the song “Rocket man” which many remember as Elton John’s 1972 smash hit. The first few words are,
“She packed my bags last night pre-flight
Zero hour, nine AM
And I’m gonna be high as a kite by then.”
The second line linking the countdown time to the actual launch pad time zone.
The other two lines have various meanings that both Bernie and Elton implied differently at various times.
But the hidden / secret action of things happening before zero-hour on D-Day kind of stuck due to the way history was taught to kids in the US and UK in the 1950’s through atleast the 1990’s when things started to diversify into “World Cultures”.
So ‘Zero Hour D-Day’ from WWII history teaching became ‘Zero Hour Launch Day” in the 1960’s for the Space Race, then just got shortened to ‘Zero Day, Zero hour’ for a planed day and time event in what we now call “Managment Speak”. And anthropology speaking so on into other Cultural “patois or slang” depending on how big the culture is. As the various “geek / nerd” kid groups were small and often insular it was a “slang” that was also used by other groups to deride members of another group.
Clive Robinson • July 28, 2023 8:12 PM
@ &ers, ALL,
Part 2,
Back in the start of the home computer days in the late 70’s through 80’s I’d kind of passed over all the alarm bending, phone phreeking, tapping and bugging devices early on and through Pirate Radio and into Radio and Computers professionaly. So I’d kind of got a lot of it out of my system, and got into what we used to call “Old School” Hacking.
“Clive, i definitely want to hear your phreaking memoirs”
Two points to note about the UK,
1, It does not have a statute of limitations…
2, The first UK computer legislation was in the 1990’s and it was and still is draconian.
So I still practice care in what I say (remember having the UK Priminister wanting to turn you into a criminal, is kind of a salutary lesson in life).
But in the teen-scene of the 1980’s 8bit home computers, I was seen by many as an “elder”, especially as I owned my own house and had a lot of experience with mini-computers and building networks and massively parallel computer systems from the discrete components upwards. My job was seen by many of the kids to “talk managment” in one direction and liase with the “kids” in the other direction. The fact that I could do “managment”, “Design of electronics/computers” and could problem solve at what looked like a glance made me fairly unique and I jumped jobs for frequently. Not for the money but for the fun of something new to investigate and solve.
One area my earlier phone experience came in handy was the design of telephone line bridges to give a safe “demark” to 2wire and 4wire lines. I also designed modems, not just the “approved standards” type but for interfacing over radio systems as well. Also I added “crypto” to them for some “banking” and similar financial market interests.
But in the 80’s I started investigating attacking systems without touching or connecting to them. You will with a search find earlier posts where I describe “Active Fault Attacks” by EM Radiation. I was also doing what some would call TEMPEST which is a smaller part of EmSec. Which also came out of research work into “Low Probability of Intercept”(LPI) systems including lighting bits of London up, with lasers through telescopes etc to provide highly secure communications. There was also the design of “jamming systems” to be used in various ways to deal with what we now call “terrorist devices” such as “Improvised Explosive Devices”(IEDs) to protect VIPs and similar.
Clive Robinson • July 28, 2023 8:15 PM
@ &ers, ALL,
Part 3,
I have plenty of stories, though some would technically be covered by NDA’s and even the UK DORA and OSA (I&II). Which is why I can talk a lot about other nations misbehaviours –with France high on the list– but not other nations “who club together” as say a pentagram of Shakespearean style “Hubble bubble toil and trouble” pot using witches. Or passing the eye around as the Gorgan’s sisters, Deino –dread–, Enyo –horror–, and Pemphredo –alarm– did to spy on the mortal world.
SpaceLifeForm • July 28, 2023 10:53 PM
Re: Twitter implosion
Who knew that Apple does not allow single character app names?
Ted • July 29, 2023 1:43 AM
“Cryptography may offer a solution to the massive AI-labeling problem”
C2PA is an open-source protocol that uses cryptography to encode details about data provenance, and could also work alongside watermarking and AI detection tools.
modem phonemes • July 29, 2023 5:19 AM
@ Ted
Re: AI detection, and statistics have statistics
Perhaps AI output can be distinguished from a human output in the basis of its internal statistics.
The AI’s weights are derived by a statistical process from its training data. To produce an output, an input prompt is passed through the network of weights. (The process is like the images produced by reflection holograms: a fixed diffraction grating -weights- is held in the light at different angles -the input prompt- to produce different outputs.)
The output is then a statistic of the training universe of data, and its internal statistics will then be related to the statistics of the weights.
One might expect a difference because the human learns from the universe of data differently from the AIs. Humans do not AI style statistical averaging to learn but rather use induction, “exhibiting the universal as implicit in the clearly known particular” (Aristotle).
The human output is then derived by combining and particularizing from these universals, rather than as a statistic of a dataset.
Winter • July 29, 2023 8:07 AM
@modem
Perhaps AI output can be distinguished from a human output in the basis of its internal statistics.
That is the common approach. But the AI is trained to reproduce the statistics of human texts. If the AI is trained well, it’s output will have the same statistical distribution as the human text.
To work, a statistic of human texts must be found that AIs do not learn. I do not have much hope such a feature exists. Else, it should be possible to distinguish between a text that has average statistics and human texts that have a single author with individual statistics. That is, if no human text has average statistics, average statistics must be produced by an AI. That too seems out of reach to me.
I am afraid that everything we can measure to identify humans can be learned by AI.
Ted • July 29, 2023 10:46 AM
@modem phonemes: Perhaps AI output can be distinguished from a human output in the basis of its internal statistics.
Q.E.D. 😊
@Winter: I am afraid that everything we can measure to identify humans can be learned by AI.
It’s indeed a gnarly problem. @JonKnowsNothing had reported that even OpenAI struggled with detecting AI-generated content and pulled it’s AI writing detector on July 20, 2023.
To return to the C2PA protocol for a moment.
A little background. It derives its name from the ‘Coalition for Content Provenance and Authenticity.’ Over 1,500 companies are now involved with the project through an affiliated open-source community called Content Authenticity Initiative (CAI). CAI has some interesting content on their Twitter/X feed. Like here and here.
The Tech Review article also linked to an example demonstrating the protocol. “When a viewer hovers over a little icon at the top right corner of the screen, a box of information about the video appears that includes the disclosure that it “contains AI-generated content.””
I haven’t dived deep enough, though, to see if C2PA may pertain to AI-generated text.
modem phonemes • July 29, 2023 11:28 AM
@ Winter
If the AI is trained well, it’s output will have the same statistical distribution as the human text. … To work, a statistic of human texts must be found that AIs do not learn.
This sounds convincing.
Yet AI output, e.g. images, can seem “wrong”. What us causing this ? Also, the model collapse Anderson et al. discuss shows that AI fed too much AI output degenerate.
There are the comparative statistics across the training dataset, and the statistics within each training datum. How does the AI training respond too these ? Does one of them, perhaps the across statistics, dominate?
modem phonemes • July 29, 2023 11:44 AM
@ Ted
a box of information about the video appears that includes the disclosure
Yes, human authors sign their works, so AIs should too.
Winter • July 29, 2023 11:46 AM
@modem
What us causing this ?
These problems can be caused by insufficient data and/or problems with training structure. I am afraid they they can be solved by adding more data and changing training protocols.
I have learned not to bet against AI being able to eventually do some task.
Clive Robinson • July 29, 2023 12:18 PM
@ modem phonemes, Ted,
“Perhaps AI output can be distinguished from a human output in the basis of its internal statistics.”
Remember that due to the size of the training data AI output will be an average of an average.
Whilst humans will each have their own style that is different.
Thus the old notion of,
“Look not for what is expected to be there but for what is not expected to be there.”
Might be worth considering.
modem phonemes • July 29, 2023 1:20 PM
@Ted @ Winter @ Clive Robinson
Re: n-th visit to Turing’s game
I have learned not to bet against AI being able to eventually do some task.
Look not for what is expected to be there but for what is not expected to be there.
It seems true that the AI can always br extended to include aspects it was omitting. Once the gap – the unexpected- is identified, the modeling process can be modified to fill it.
But there might still be some kind of absolute chasm the AI as an artifact can never cross. As totally crude analogy, a continuous line, surface, higher dimensional manifold etc. can never be exactly captured by discrete points, although it can be approximated as closely as desired.
Human beings know, that is they become in the intellect the immaterial form of the things known, whereas machines are seen only to record measurements of things. The potential for extrapolation seems different in each of these cases.
Phillip • July 29, 2023 1:45 PM
How amusing:
1) Some Linux distros alter course after Red Hat moves away from open sourcing.
2) Oracle is throwing shade on Red Hat for attempting to monetize the latter’s formerly open source Linux, which it relies on. This must be a new one.
‘https://www.vice.com/en/article/pka3xz/the-linux-community-is-circumventing-red-hats-controversial-new-strategy
Ted • July 29, 2023 2:25 PM
@modem phonemes, Winter, Clive, all
Re: AI and dimensionality
I’m still only part way thru the AI “gentle primer.”
One thing I found amazing was that the word “cat” has a word vector that is described by 300 discrete numbers.
… each word vector represents a point in an imaginary “word space” …
Words are too complex to represent in only two dimensions, so language models use vector spaces with hundreds or even thousands of dimensions.
You can see the full vector for cat at the link below by clicking “show the raw vector”
http://vectors.nlpl.eu/explore/embeddings/en/MOD_enwiki_upos_skipgram_300_2_2021/cat_NOUN/
Clive Robinson • July 29, 2023 2:39 PM
@ modem phonems, Ted,
“Human beings know, that is they become in the intellect the immaterial form of the things known, whereas machines are seen only to record measurements of things. The potential for extrapolation seems different in each of these cases.”
The fundemental differences that count currently,
1, Lack of agency
2, Inability to do other than reflect.
Arguabbly AI LLM’s are Machines that are the rearwards face of Janus[1] whilst humans the forward face.
Thus the question of “the looking glass” that seperates the two, what is trapped in that infinity of reflections between the surfaces?
But more practically can the transition be exploited as a discriminator?
Philosophically yes, but practically it waits to be seen.
And I am doubtfull, look at it this way that infinity of reflections reduces on each reversal geting less each time. So at some point the reflection either becomes noise or is swamped by noise. Either way any discriminatory signal passes beyond our current abilities to measure.
[1] Janus is the primordial Acient Roman deity, as such it is a fundemental philisophical view given form. Holding both an unchanging view of times past, and a forever changing view of the future. Between them a portal of an infitesimal instant, that has an infinity of possibilities. Thus Janus is the deity outside of all others,
“Existing at the transition of all new beginnings and old endings, thus portals, doorways, passages, at the instant of the duality of time when future choices become past actions”
Clive Robinson • July 29, 2023 3:04 PM
@ Ted,
<
blockquote>”One thing I found amazing was that the word “cat” has a word vector that is described by 300 discrete numbers.”
<
blockquote>
The number of numbers is a function of the neural network, not the word.
In a way the form of the vector is irrelevant.
Think of it as a series of coordinates of say a hammers “abstracted function” not it’s form. That have been subject to constructive “Inter Symbol Interferance”(ISI). Such that a given functional atribute is spread across some or all of those 300 numbers.
Ted • July 29, 2023 4:22 PM
@Clive
The number of numbers is a function of the neural network, not the word.
Lol! Thanks Clive. I may have to buckle down and get an actual book. ☺️
Ted • July 29, 2023 4:24 PM
@Clive
The number of numbers is a function of the neural network, not the word.
Lol! Thanks Clive. I may have to buckle down and get an actual book. 🙂
vas pup • July 29, 2023 6:05 PM
Quantum Computing
https://www.technologyreview.com/2023/01/06/1066317/whats-next-for-quantum-computing/
“As if to emphasize how much researchers want to get off the hype train, IBM is expected to announce a processor in 2023 that bucks the trend of putting ever more quantum bits, or “qubits,” into play. Qubits, the processing units of quantum computers, can be built from a variety of technologies, including superconducting circuitry, trapped ions, and photons, the quantum particles of light.
IBM has long pursued superconducting qubits, and over the years the company has been making steady progress in increasing the number it can pack on a chip. In 2021, for example, IBM unveiled one with a record-breaking 127 of them. In November, it debuted its 433-qubit Osprey processor, and the company aims to release a 1,121-qubit processor called Condor in 2023.
But this year IBM is also expected to debut its Heron processor, which will have just 133 qubits. It might look like a backwards step, but as the company is keen to point out, Heron’s qubits will be of the highest quality. And, crucially, each chip will be able to connect directly to other Heron processors, heralding a shift from single quantum computing chips toward “modular” quantum computers built from multiple processors connected together—a move that is expected to help quantum computers scale up significantly.
IBM’s Heron project is just a first step into the world of modular quantum computing. The chips will be connected with conventional electronics, so they will not be able to maintain the “quantumness” of information as it moves from processor to processor. But the hope is that such chips, ultimately linked together with quantum-friendly fiber-optic or microwave connections, will open the path toward distributed, large-scale quantum computers with as many as a million connected qubits. That may be how many are needed to run useful, error-corrected quantum algorithms. “We need technologies that scale both in size and in cost, so modularity is key,” says Jerry Chow, director at IBM Quantum Hardware System Development.
Quantum communications, where coherent qubits are transferred over distances as large as hundreds of kilometers, will be an essential part of the quantum computing story in 2023.
“The only pathway to scale quantum computing is to create modules of a few thousand qubits and start linking them to get coherent linkage,” Hidary told MIT Technology Review. “That could be in the same room, but it could also be across campus, or across cities. We know the power of distributed computing from the classical world, but for quantum, we have to have coherent links: either a fiber-optic network with quantum repeaters, or some fiber that goes to a ground station and a satellite network.”
In 2017, for example, China’s Micius satellite showed that coherent quantum communications could be accomplished between nodes separated by 1,200 kilometers. And in March 2022, an international group of academic and industrial researchers demonstrated a quantum repeater that effectively relayed quantum information over 600 kilometers of fiber optics.
!!!Some companies are taking aim at the classic form of error correction, using some qubits to correct errors in others. Last year, both Google Quantum AI and Quantinuum, a new company formed by Honeywell and Cambridge Quantum Computing, issued papers demonstrating that qubits can be assembled into error-correcting ensembles that outperform the underlying physical qubits.
The way code runs on a cloud-accessible quantum computer is generally “circuit-based,” which means the data is put through a specific, predefined series of quantum operations before a final quantum measurement is made, giving the output. That’s problematic for algorithm designers, Fitzsimons says. Conventional programming routines tend to involve looping some steps until a desired output is reached, and then moving into another subroutine. In circuit-based quantum computing, getting an output generally ends the computation: there is no option for going round again.
Tony Uttley, COO of Quantinuum, says that he is in active dialogue with the US government about making sure this doesn’t adversely affect what is still a young industry. !!!“About 80% of our system is components or subsystems that we buy from outside the US,” he says. “Putting a control on them doesn’t help, and we don’t want to put ourselves at a disadvantage when competing with other companies in other countries around the world.”
Qudits expand the data encoding scope of qubits—they offer three, four, or more dimensions, as opposed to just the traditional binary 0 and 1, without necessarily increasing the scope for errors to arise. “This is the kind of work that will allow us to create a niche, rather than competing with what has already been going on for several decades elsewhere,” says Urbasi Sinha, who heads the quantum information and computing laboratory at the Raman Research Institute in Bangalore, India.
Though things are getting serious and internationally competitive, quantum technology remains largely collaborative—for now. “The nice thing about this field is that competition is fierce, but we all recognize that it’s necessary,” Monroe says. “We don’t have a zero-sum-game mentality: there are different technologies out there, at different levels of maturity, and we all play together right now. At some point there’s going to be some kind of consolidation, but not yet.”
modem phonemes • July 29, 2023 7:39 PM
@ vas pup
Re: on beyond qubits, back in time, …
https://www.geekwire.com/2020/physics-professor-tackles-one-mystery-quantum-mechanics-times-flow/
Clive Robinson • July 29, 2023 8:34 PM
@ Ted, ALL,
Re : Online resource,
“I may have to buckle down and get an actual book.”
Whilst it appears to be a fast moving world, actually it’s not so much as you might think.
This has been around for a while but people do still point to it,
Robin • July 30, 2023 5:39 AM
@Ted, All:
“the word “cat” has a word vector that is described by 300 discrete numbers”
“Cat” is a nice short word but those three letters can carry an awful lot of baggage and especially in composite phrases or non-feline contexts. Even the familiar “The cat sat on the mat” can be used as a stand-in metaphor for basic learning strategy, depending on context.
Everyday words that can be used flexibly and ambiguously are going to need a bigger space than more “sophisticated” words that have a narrower meaning and specialised use. Such as “sophisticated” for example.
Winter • July 30, 2023 6:32 AM
@ Ted,
”One thing I found amazing was that the word “cat” has a word vector that is described by 300 discrete numbers.”
NNs cannot process text. The words need to be encoded. If you need to encode 100B+ words in context, you need to do it cleverly.
Here is a short explanation of the ways that is done:
‘https://www.analyticsvidhya.com/blog/2021/06/part-5-step-by-step-guide-to-master-nlp-text-vectorization-approaches/
It starts with the simple (simplistic) methods. The ones at the end are more relevant. The one you refer to is probably not in this blog, but it will be derived from these.
Ted • July 30, 2023 8:09 AM
@Clive, All
Re: Michael Nielsen’s online book “Neural Networks and Deep Learning”
One of the neat things about Mr. Nielsen’s online book is that it provides exercises and training data.
I see there’s an exercise to write a program that learns how to recognize handwritten digits. “We’ll do this with a short Python (2.7) program, just 74 lines of code!”
I like that he also encourages readers to find their own projects.
Maybe you want to use neural nets to classify your music collection. Or to predict stock prices. Or whatever. But find a project you care about.
I’m definitely going to bookmark that page, and also his personal notebook page.
I had bought an e-book last night: “The Artificial Intelligence and Generative AI Bible: [5 in 1].”
I may need to take a couple passes at this for it to sink in. Greatly appreciate the very informative online resource! 🙂
Ted • July 30, 2023 10:14 AM
@Robin, All:
“Everyday words that can be used flexibly and ambiguously are going to need a bigger space”
Right?! Words are complex and the meaning can depend on context.
The same word can have unrelated meanings – aka homonyms. The example I saw was the word “bank.” It can mean a river bank or a financial institution.
There are also words with closely related meanings – aka polysemy. ie: Remy picks up a magazine. v. Rowan works for a magazine.
A word (or token) could be in different vectors (or so I’m thinking).
Winter • July 30, 2023 11:09 AM
@Ted
Words are complex and the meaning can depend on context.
Here is a textbook chapter on this subject. This seems to be the most popular textbook on language and speech processing.
Chapt 6: Vector semantics and embeddings
‘https://web.stanford.edu/class/cs124/lec/week4_vectorsemantics2021.pdf
Ted • July 30, 2023 11:30 AM
@Winter
Thanks for sharing! I’m peeking at your helpful resources now.
In the interim, a fresh lol 😄
Clive Robinson • July 30, 2023 11:43 AM
@ Ted, ALL,
Re : Homonyms are more common than most think.
The same word can have unrelated meanings
The one most know is “minute” meaning 60secs or something small. But it’s also a measurment of angle as well. Whilst “bank” also referes to an aircraft flying in a particular way, the use of multiple engines in trains and how to arrange a fire such that it burns slowly but for a long time
As a very rough rule of thumb short words of four or less letters are not homonyns, neither are very long words.
If you think about bare, bear, two, too, to and similar it can be seen that even though spoken the same way they are spelt differently. Also the length of words aproximately indicates when they started to be used. That is short words tend to be old and long words tend to be new or part of a distinct often professional domain. With longer words in English often being constructed by the conncatanation of short words from greek or latin.
To most people this would be at best a point that is whimsical or trivial but not to the likes of LLMs that have convolutional layers in their neural networks. The length of words act as a predictor to subsequent word usage.
A convolution layer kind of acts like a highly abstracted mask of a feature. In images for instance finding something aproximately “T” shaped can be part of a face, or a support structure in a building. In either case it can act not just as a mask but to align things for later layers.
It’s an area of research in AI that is drawing more attention, but is also hard to explain.
Gilbert Fernandes • July 30, 2023 12:05 PM
Bruce, can we expect a book from you about those Squids someday ? 😀
modem phonemes • July 30, 2023 12:45 PM
@ Ted @ Winter @ Robin @ Clive Robinson
Re: word embedding
Thanks for the discussion and references to the quantitative embedding used commonly today for natural language processing. It is very helpful.
It illustrates how important it is to choose the right quantitative attributes of the data when developing an artificial neural net model that uses the general layered template [1]. The wrong attributes will impede the modeling no matter how complicated the network is made in attempting to simulate the desired input-output function implicit in the data.
This was illustrated in the earliest days of ANNs by the toy problem of modeling sinusoids or mixtures of sinusoids. Unless the data attributes used in the model were equivalent to amplitude, frequency, and phase, the resulting model would fail dramatically outside its training dataset.
Domain understanding plays a role in finding the right attributes. For the sinusoid problem, the domain understanding is pretty immediate, but in other fields it may be the biggest part of thr solution.
- This applies in a modified way in Stephen Grossberg’s approach, which uses a few templates, typically recursive, in combination. The templates each abstract from networks seen in nature, much more closely than do layered networks. The choice of attributes is constrained by these templates.
modem phonemes • July 30, 2023 1:25 PM
Re: NLP modeling
Does the choice of language matter ? Does the LLM reveal anything about the workings of the language itself ?
Presumably the model reflects the intrinsic aspects of the language and also the habits of use of the language, which may not be the same.
Apparently the inter-letter, inter-word, etc. entropy varies with the language. In some languages, the next letter, word, etc. is quite predictable, in others less so. Presumably this would show up in the vector embedding. For instance, suppose there was maximal entropy, do that any letter is followed with the same probability by any letter, any word by any word, and so on. Would all embedding vectors be equidistant from all others ? What would the LLM be like and would it be useful? Would the model only reflect what language users tend to say and give no or misleading information about the language itself ?
Petre Peter • July 30, 2023 1:45 PM
Maybe, in the future, we will not be able to enjoy music that is not background music.
modem phonemes • July 30, 2023 2:07 PM
Re:embedding, LLMs and all that
Does any of this have its roots in the work of Karen Spärck Jones ?
Winter • July 30, 2023 2:18 PM
@modem
Does the LLM reveal anything about the workings of the language itself ?
That is a whole new, and hotly contested, research area.
Symbols and grounding in large language models
‘https://royalsocietypublishing.org/doi/full/10.1098/rsta.2022.0041
Ted • July 30, 2023 3:52 PM
@ Winter
Re: Vector semantics and embeddings
That’s truly a great slide presentation and overview of the topic. My favorite slide was on page 32:
Nets are for fish;
Once you get the fish, you can forget the net.
Words are for meaning;
Once you get the meaning, you can forget the words
— (Zhuangzi), Chapter 26
Found a corresponding course video, here on the same slide: https://youtu.be/lrPxo-92GC0?t=364
lurker • July 30, 2023 5:08 PM
@Ted, Winter
The quote on traps is the last verse from Zhuangzi Ch. 26. This chapter is titled “Contingencies” and the first verse starts:
Contingencies are uncertain.
modem phonemes • July 30, 2023 5:34 PM
@ lurker
Contingencies
It is likely that unlikely things should happen -Aristotle
Clive Robinson • July 30, 2023 11:38 PM
@ lurker, modem phonems, Ted,
Re : Contingencies and their planning.
Murphy’s Law or,
“The Perversity of Inanimate Objects”
Is an indicator that,
“If something can go wrong, then it will go wrong, when you would least like it to, in the way you would least like it to.”[1]
The secret to success on such occasions is to recognize that and plan accordingly with a contingency. Important to recognize though is that you can not plan for every individual eventuality.
So what to do?
Plan for what is most likely and implement so it covers many eventualities.
This is the equivalent of the extended “Fire Drill” if you plan it correctly it will cover all reasons why you would evacuate to a designated place of safety and have a head count.
[1] Though sounding at odds with random events and probability, science has shown that it happens. The reason is when you do things you start changing stresses thus failures are more likely at that time. Look at it this way we know about inertia it is a force that comes into play when a mass changes it’s velocity,
https://www.newscientist.com/definition/inertia/
You can measure it with a spring balance, and see it stores and releases. It’s also why you can “whip the table cloth out leaving the places set”. Thus the change in force must cause an equivalent change in stress.
Clive Robinson • August 1, 2023 3:10 AM
@ Bruce, the usual suspects,
Re : It’s not just the RATS looking to jump ship.
As some of you are aware for some years now I’ve been saying things that are unpopular like,
1, Defence before Offense.
2, Cloud can never be secure.
3, Offshoring is bad.
4, Software is not engineered.
5, Segregation is the only way.
Whilst @Bruce has pointed out,
1, Centralised security is bad.
2, Large Data is toxic.
And the industry has ignored the advice, and frankly done increasingly ludicrous things.
Well, it appears one or two others are starting to wake up,
Rupert Goodwins, a longtime computer journalist going back before ICTsec was a thing in industry, has this opinion piece,
https://www.theregister.com/2023/07/31/opinion_column_sustainable_infosec/
To be honest I think he’s being to nice / gentle on the Mega Corp Lunacies and US Style Management thinking of barely the next quater in front of their nose.
Back in the 1980’s there was a mantra taught to business people that “Communications was King” but few understood or wanted to understand the implications.
Appt to the opinion piece is the old British War Time saying of,
“Loose lips sink ships”
And it’s still true today. Few understand how to secure data, as for securing meta-data few even understand what it is outside of a buzz word. As for meta-meta-data and what you should be doing about it…
The next thing to come along at the end of the 1980’s was “Data-Warehousing” it originally had only one real purpose,
1, Protect the company operational data from ad-hoc enquire.
Put simply you seperated the operations from the research, by running research on a copy. Such that any SNAFU that brought the research server down on it’s knees did not adversely effect opperations.
Shortly there after came the notion that warehousing should be made simpler, so “middle-ware” came to life. Out went clunky Command Line Interfaces that even programers felt uncomfortable with and the notion of the web browser as the desktop came in. Thus you could run a query and have the data turned into a nice graph by some widget on the middleware server.
The problem with middleware was,
“Where do you do the security?”
A problem that is still with us some third of a century later… Back in the early half of the 1990’s I was having trouble explaining to people why they realy needed to understand what “state is” and it’s implications. Likewise the issues of “Errors & Exceptions” and why you should keep the handlers in the business logic and not try moving it to the left. As for rollback, yes the database people understood some of the issues, but by no means all. They had a centrified view of the world… Try explaining parallel systems and why the speed of light becomes an issue then you got the “I’m talking to a crazy man” looks.
Well as some will now know “High Frequency Trading”(HFT) has not just opened the lid on that can of worms it’s ripped it right open… With people spending billions on not just getting data there 1uS earlier but working out where to best do databases and the like in a very highly distributed model. Which in turn has security issues as ‘AES etc is to damn slow’ in most modes. Which is why the idea of the OTP has come back as you realy can not get much faster, as even pre-computing stream ciphers can cause unwanted time bottle necks. If people could get “Quantum Key Distribution”(QKD) workable then they would jump right over. But they have not so, other ways are still being used.
I won’t go into the other iceberg tips that are comming over the horizon other than to say “Post Quantum Crypto”(PQC) is something that is not going to work for many people without a lot of massaging. This in turn will raise security issues few have even realised exist and it’s going to reach right down the computing stack below the memory level…
Quite a few years ago not long after the AES contest @Bruce noted that we realy needed to start working on “Key Managment” issues in research… As such the progress has been slow to put it politely.
The same is true for oh so many other aspects of security, few realy realise are there and discover their designs smash into at full throttle.
It’s still “fun times ahead” but less and less people will be knowledgable enough let alone qualified enough to be able to do it.
I was reminded the other day that an astronaut spends most of their very scarce time training. Due to physiological reasons your career is 10-12months in zero-g. Thus every second of an astronauts time in space counts and the employer want’s to get the best bang etc. Thus training two or three crews for more than two years for a very short activity is cost effective…
We are going to see the need for similar view points moving more deeply into ICTsec in the not to distant future. Whilst there are a handfull of practicioners with the skills, managment are nowhere near even understanding the 50,000ft view let alone the 20,000ft.
To say ICTsec as an industry sector is grossly under prepared for it’s future is it’s self an understatment of enormous proportions…
ICTsec has not in any real way caught up with it’s past needs from back in the 1990’s some would say earlier…
Clive Robinson • August 1, 2023 3:58 AM
@ SpaceLifeForm, ALL,
Re : AMD Defectus in silico
It appears AMD has scatted on the doorstep with one of their in chip hardware True Random Number Generators.
The symptoms are unexpected hangs for very long periods of time, thus users get to see the OS “stutter” which is an appaling thing to be happening in this day and age.
AMD issued a microcode patch because Microsoft Win 11 just does not work but…
1, The patch has not fixed all the problems.
2, Not everyone will have the patch.
So it’s a clusterfug issue and is causing issues for others.
Not least because AMD have not exactly told people what the actual real problem is so they can make a rational set of choices as a work around.
It appearsLinus Torvalds has decided enough is enough and has voted on just disabling the hardware in question and not using it.
He’s made a couple of “choice comments” but more modest than on previous occasions,
https://www.theregister.com/2023/07/31/linus_torvalds_ftpm/
To be honest as it’s a security component,
“If you can not trust it don’t use it.”
Is a reasonable approach especially as it appears there is an alternative available.
But… Nobody appears certain how uncoupled the two bit of hardware are, so there may be other issues down the line.
ResearcherZero • August 1, 2023 4:18 AM
Hacking legal advice…
“Had this information — that is the internal legal advice — been shared with me when I was minister it is highly unlikely this scheme would have ever been advanced,” Mr Morrison said.
‘https://www.abc.net.au/news/2023-07-31/morrison-speaks-in-qt-robodebt/102668880
Former prime minister Scott Morrison was warned at the outset of the illegal robo-debt scheme that the program required a change in the law to go ahead.
Department of Human Services executives sent an alert in early 2015 to Morrison, then-social services minister, saying the government needed to change policies and legislation surrounding debt recovery following advice from another agency.
https://www.smh.com.au/politics/federal/morrison-was-told-robo-debt-required-legal-change-at-outset-of-scheme-20221207-p5c4fm.html
That legal advice said the scheme, implemented in 2015, wouldn’t hold up to legal scrutiny as it had “an element of a reversal of proof”.
“that, at that point, the department had in its possession an external legal advice which said the Robodebt scheme was not lawfully sustainable”
“They might be able to rework the advice if this causes catastrophic issues for us but there is not a lot of room for them to do so.”
“You are signalling there that this advice if accepted means the end of the Robodebt scheme.”
The commission has previously been given evidence that Ms Pulford was co-counsel on legal advice formulated by her team in 2014, which indicated the then-proposed scheme was illegal. …the inquiry was told lawyers in Ms Pulford’s section appeared to come under pressure later — when the scheme was being formulated — from then-social services minister, Scott Morrison, in relation to providing advice so it could be submitted to the Finance Department.
https://www.abc.net.au/news/2022-11-02/qld-robodebt-scott-morrison-pressure-despite-legal-concerns/101596280
How Morrison’s Department of Social Services hid that Robodebt was illegal
They told themselves that the DSS’ legal advice — which would be reaffirmed twice between then and the 2015 budget process — was wrong, and got their own legal advice from their own lawyers, though the request was vague and addressed other legal issues, not income averaging.
They opted to pretend that the income averaging at the core of the proposal had been removed.
From the robodebt royal commission report:
The commission found that DHS official Mark Withnell “had changed the wording of the PAYG proposal to remove any reference to ‘smoothing’, ‘averaging’, ‘apportioning’ or the need for legislative change … It seems that, DSS having raised legal and policy issues with income averaging, DHS’ solution was simply to remove reference to income averaging in the brief”.
‘https://www.crikey.com.au/2023/07/10/robodebt-scott-morrison-human-services/
“Ministers are expected to take full responsibility for the content, quality and accuracy of advice provided to the cabinet under their name.”
https://robodebt.royalcommission.gov.au/publications/report
ResearcherZero • August 1, 2023 4:26 AM
This year’s assessment covers the growing space and counterspace capabilities of China, Russia, India, Iran, North Korea, and other nations.
…this year’s featured analysis provides an in-depth look at Russia’s battlefield employment of counterspace weapons.
Drawing on six years of collected data and analyses, this series describes trends in the development, testing, and use of counterspace weapons and enables readers to develop a deeper understanding of threats to U.S. national security interests in space.
‘https://www.csis.org/analysis/space-threat-assessment-2023
“Russian electronic warfare (EW) remains potent, with an approximate distribution of at least one major system covering each 10 km of front. These systems are heavily weighted towards the defeat of UAVs and tend not to try and deconflict their effects. Ukrainian UAV losses remain at approximately 10,000 per month. Russian EW is also apparently achieving real time interception and decryption of Ukrainian Motorola 256-bit encrypted tactical communications systems, which are widely employed by the Armed Forces of Ukraine.”
‘https://static.rusi.org/403-SR-Russian-Tactics-web-final.pdf
ResearcherZero • August 1, 2023 4:47 AM
Hacking planning laws with Bags of Cash…
“The key case study in the report was his bid to rezone industrial land in Cranbourne West to residential, a move that would have netted construction giant Leighton Properties – now owned by CIMIC, Woodman and others – a combined tens of millions of dollars.”
“The investigation demonstrated how ministers, members of parliament, councillors, ministerial advisers and electorate officers may be targeted by lobbyists, and how limitations in the current regulation of lobbyists present corruption vulnerabilities.”
‘https://www.theage.com.au/national/victoria/ibac-probe-finds-widespread-suspect-payments-to-councillors-mps-vulnerable-to-corruption-20230726-p5driz.html
For over a decade, Mr Woodman manipulated and improperly influenced Casey councillors with hundreds of thousands of dollars in cash payments, creating and funding community groups for personal gain and coaching councillors to vote in favour of his lucrative planning developments.
‘https://www.abc.net.au/news/2023-07-27/ibac-operation-sandon-john-woodman-casey-council/102649404
The IBAC probe centred on four planning proposals involving property developer John Woodman and his clients, including one to rezone land in Cranbourne West as residential to increase its value. …Woodman launched several legal challenges to prevent Ibac from publishing its findings.
Casey councillors Sameh Aziz and Geoff Ablett accepted almost $1.2million in payments and in-kind support for promoting the interests of Mr Woodman and his clients.
‘https://www.dailymail.co.uk/news/article-12342465/IBAC-Operation-Sandon-John-Woodman-Casey-council-Dan-Andrews-secret-hearings.html
–
How to build 0 houses for AU$30M
A “culture of cronyism was rife” at the Department of Communities…
‘https://www.smh.com.au/national/western-australia/antithesis-of-good-governance-wa-taxpayers-lose-30m-in-failed-housing-company-buy-in-20230720-p5dpvq.html
“It is concerning that a person not engaged as a public officer had such a significant and involved role in this project for such a long period.”
“The investment was a disaster and the antithesis of good governance. The Commission estimates the Department of Communities (the successor to the Housing Authority) has incurred a loss of at least $30 million.”
WA Department of communities still has an 87 per cent shareholding in the “worthless” company and has indicated it intends to buy out the other shareholders and wind the entity up…
‘https://www.ccc.wa.gov.au/sites/default/files/2023-07/Serious%20misconduct%20risks%20in%20a%20Housing%20Authority%20project%20_0.pdf
“Now you’ve got a block of land with tumbleweeds blowing through it which could have been developed in another life for more affordable housing.”
Acting with “considerable autonomy,” the consultant authorised millions of dollars in payments from a government account, was involved in day-to-day decision-making responsibilities, and acted as intermediary between the department and relevant parties.
‘https://www.afr.com/politics/federal/how-a-wa-government-department-lost-30m-on-a-private-company-20230720-p5dpxu
ResearcherZero • August 1, 2023 4:58 AM
“The malware compromises exposed instances of the Redis data store by exploiting the replication feature. Replication allows instances of Redis to be run in a distributed manner, in what’s referred to as a leader/follower topology. This allows follower nodes to act as exact replicas of the leader, providing high availability and failover for the data store. This is achieved via connecting to an exposed Redis instance and issuing the SLAVEOF command.”
…After being executed, the binary updates the SSH configuration of the host. It updates the sshd_config file to a near default state using a bundled configuration file. This removes any configuration that may impede the author’s ability to SSH into the server, and also enables password authentication. SSH service is then restarted and key replaced…
Worming
Once access is gained to a host, it infects it in the same way the initial compromised server was, by dropping a copy of itself (fetched from the built in HTTP server) and executing it with a nodelist as an argument. Written in Rust (cross-platform).
‘https://www.cadosecurity.com/redis-p2pinfect/
starting with Redis version 5, if not for backward compatibility, the Redis project no longer uses the word slave. Please use the new command REPLICAOF. The command SLAVEOF will continue to work for backward compatibility.
‘https://medium.com/@knownsec404team/rce-exploits-of-redis-based-on-master-slave-replication-ef7a664ce1d0
Sandbox Escape
“Only people who run Redis on Debian, Ubuntu, and possibly other Debian-based distros. Just make sure your system is up to date.”
‘https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
–
“These gaps between upstream vendors and downstream manufacturers allow n-days – vulnerabilities that are publicly known – to function as 0-days because no patch is readily available to the user and their only defense is to stop using the device. …more prevalent and longer in Android.”
Samsung released a security update in May 2023, while the Android security update adopted ARM’s fix on the June 2023 security update, recording a staggering 17-month delay.
‘https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html
These vulnerabilities include a zero-day renderer exploit in Chrome, a sandbox escape in Chrome and a privilege escalation vulnerability in a Mali GPU Kernel Driver. The Mali GPU vulnerability had previously been patched by Arm, but the fix was not included in the latest Samsung firmware available in December 2022. The exploit chain also exploited a zero-day in the Linux kernel to gain root privileges (CVE-2023-0266) on the phone. The final vulnerability would also allow attackers to attack Linux desktop and embedded systems.
‘https://www.amnesty.org/en/latest/news/2023/03/new-android-hacking-campaign-linked-to-mercenary-spyware-company/
‘https://github.blog/2023-01-23-pwning-the-all-google-phone-with-a-non-google-bug/
–
‘https://blog.phylum.io/sophisticated-ongoing-attack-discovered-on-npm/
ResearcherZero • August 1, 2023 5:04 AM
China is seeking to exert its influence in the Pacific region by using political pressure and funding to capture local elites, including in the media.
Overseas Chinese Big Data Group (OCBD) oversees a network of two dozen firms whose names suggest that they work in a wide variety of fields, including blockchain technology and media. OCBD also works with the military-run Information Engineering University in Henan, which focuses on educating “political warfare officers and carrying out offensive cyber operations”…
‘https://www.occrp.org/en/28-ccwatch/cc-watch-indepth/17858-failed-palau-media-deal-reveals-inner-workings-of-chinas-pacific-influence-effort
Haixun Press — says on its website that it can plant news articles globally, and can boost the content by providing paid inauthentic social media likes on platforms including Twitter, Facebook and Instagram.
‘https://www.washingtonpost.com/politics/2023/07/24/pro-china-influence-campaign-infiltrates-us-news-websites/
“One cluster was used to tweet links to articles sourced to various subdomains leveraged by the campaign, while the second cluster was used to reply to these tweets in a likely attempt to feign authentic engagement.”
‘https://www.mandiant.com/resources/blog/pro-prc-haienergy-us-news
China-nexus threat actor likely already had access to victim environments, and then deployed backdoors onto Fortinet and VMware solutions in espionage operations.
‘https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem
‘https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass
JonKnowsNothing • August 1, 2023 7:47 AM
@Clive, All
re: AMD Defectus in silico
per the MSM article:
- One of the bypasses for the firmware-based TPM (fTPM hwrnd) is using the processor’s rdrand instruction for random numbers using the rdrand and rdseed ops.
- Since the fTPM is as boot up process and cannot really be disabled, just not called after boot up, the suggestion is to use it to provide entropy to the kernel’s random number generation service.
There have been a good number of discussions about entropy and seed numbers so my first thought was:
- Will this really work for (pseudo) random numbers?
Indirectly I would agree that if it’s broken, don’t use it, however as noted it maybe that it does something not enumerated in the documentation?
Clive Robinson • August 1, 2023 9:55 AM
@ Bruce, ALL,
Re : AI halucinations unfixable.
“This isn’t fixable”
Is the conclusion of Emily Bender Professor of Linguistics and Director of the University of Washington’s Computational Linguistics Laboratory. Her argument is
“It’s inherent in the mismatch between the technology and the proposed use cases.”
https://techxplore.com/news/2023-08-chatbots-ai-hallucination-problem-fixable.html
My view point is as I’ve pointed out before is LLMs have no Intelligence Artificial or otherwise, they are “matched filters” where the output is a stochastic (random) output of the next most likely word.
If you extend that stochastic behaviour you end up with “A drunkards walk” all be it down a semi-constraining pathway. The issue arise when the constraint weakens or becomes ineffective, it will go any which way chance takes it.
vas pup • August 1, 2023 2:47 PM
Gallium and germanium: What China’s new move in microchip war means for world
https://www.bbc.com/news/business-66118831
“China is due to start restricting exports of two materials key to the semiconductor industry, as the chip war with the US heats up.
Under the new controls, special licences will be needed to export gallium and germanium from the world’s second largest economy.
The materials are used to produce chips and have military applications.
The curbs come after Washington made efforts to limit Beijing’s access to advanced microprocessor technology.
China is by far the biggest player in the global supply chain of gallium and germanium.
It produces 80% of the world’s gallium and 60% of germanium, according to the Critical Raw Materials Alliance (CRMA) industry body.
Besides the US, both Japan and the Netherlands – which is home to key chip equipment maker ASML – have imposed chip technology export restrictions on China.
“The idea that international markets will simply deliver materials is gone and, if you look at the picture more broadly, Western industry could be facing a bit of an existential threat.”
Gallium arsenide – a compound of gallium and arsenic – is used in high-frequency computer chips, as well as in the production of light-emitting diodes (LEDs) and solar panels.
A limited number of companies around the world produce gallium arsenide at the purity needed for use in electronics, according to the CRMA.
Germanium is also used to manufacture microprocessors and solar cells. It is also used in vision goggles which are “key to the military,” Mr Hamilton said.
Last month, a Pentagon spokesperson said the US had reserves of germanium but no stockpile of gallium.
The spokesperson added that “The [Defense] Department is proactively taking steps… to increase domestic mining and processing of critical materials for the microelectronics and space supply chain, including gallium and germanium”.
In the long-term, mineral-rich countries, such as Australia and Canada, see the materials crisis as an opportunity.
Experts warn that weaponizing resources and technological capabilities – as the US and China have both done – will also have global consequences when it comes to the environment.”
lurker • August 1, 2023 10:01 PM
Move fast, break stuff:
must be contagious,
Elon Musk’s X, formerly known as Twitter, is facing a bill from San Francisco authorities after placing an unauthorised flashing X sign on the roof of its headquarters.
The sign was put up on Friday as part of the company’s rebrand, but it attracted 24 complaints at the weekend.
Clive Robinson • August 1, 2023 10:51 PM
@ vas pup,
Re : Nat Security restrictions.
Remember what the US claims, anything they do is “legitimate national security” but anything China does is just spiteful (which realy is almost childish in outlook and that’s how other parts of the world see it)
It’s time people in the West woke up, to the fact that what China is doing and has repeatedly done is,
1, National Security.
2, Done only after Western Provocation.
3, Hurts the West more than it does China.
In short it’s a rather silly political game played mainly by US legislators that think they are “strong men” but due to their own political failings[1], are effectively shooting themselves in their own foot, and taking the rest of their nation with them.
I believe the US citizens might think they have a chance in the near future, to remedy this… Unfortunately I suspect they will not be given the opportunity or anything even remotely close, such is the way the system currently works in the US.
Which presents a problem every bit as real as that on the Eastern edge of the EU. After all it’s not that long ago that the US very nearly started a war,
https://www.theguardian.com/commentisfree/2019/may/15/war-with-iran-john-bolton-donald-trump-usa
https://www.nbcnews.com/think/opinion/trump-s-potential-war-iran-all-john-bolton-s-doing-ncna1005521
Remember those who chose bolton and pushed him into his position are still hanging around waiting for a new opportunity.
They are not fussed if it’s Iran or China as long as they get to play with their toys.
The problem is their toys need raw materials, as do the toys that help move the US Economy forward. The same raw materials that they don’t have sufficient stock piles of…
Yes they may be able to get them from other nations but at what price both political and economic?
China has choices the US nolonger realy has or will not have shortly. Thus all China realy has to do is effectively play a waiting game. Let the US make another not very sensible move then respond in similar kind. OK the world economy will see a downward spiral but both China and Russia sit on much of the raw resources the US and the West need, worse they also control various food etc resources needed by the other parts of the worlds population.
If people care to look they can see a fairly large bear pit or three, which does not bode well.
The US voters whilst apparebtly supporting what is being done by both the UK and US governments with regards the Ukraine, in terms of supplies. Do not however appear at all keen on committing to boots on the ground yet again, especially against China or Russia.
[1] In the US there used to be quite a number of independent mostly unbiased scientific etc advisors to US legislators,
But as noted certain politicians claimed they were a waste of tax payers money and biased against them. So now the “alleged” advisors are from industry based lobbying groups of one form or another. That by definition are going to be biased, in the very least in favour of short term thinking and behaviours, which will in effect favour China.
ResearcherZero • August 1, 2023 11:16 PM
APT31
“The Kaspersky report shows that around the same time as the large-scale router attack, Zirconium was busy with yet another major undertaking—one that involved using the 15 implants to ferret sensitive information fortified deep inside targeted networks.”
‘https://arstechnica.com/security/2023/08/multiple-chinese-apts-establish-major-beachheads-inside-us-infrastructure/
The attacks entailed the use of more than 15 distinct implants and their variants, broken down into three broad categories based on their ability to establish persistent remote access, gather sensitive information, and transmit the collected data to actor-controlled infrastructure.
“One of the implant types appeared to be a sophisticated modular malware, aimed at profiling removable drives and contaminating them with a worm to exfiltrate data from isolated, or air-gapped, networks of industrial organizations in Eastern Europe.”
‘https://usa.kaspersky.com/about/press-releases/2023_kaspersky-uncovers-malware-for-targeted-data-exfiltration-from-air-gapped-environments
‘https://ics-cert.kaspersky.com/publications/reports/2023/07/20/common-ttps-of-attacks-against-industrial-organizations-implants-for-remote-access/
Rekoobe backdoor
‘https://asec.ahnlab.com/en/55229/
–
Barracuda estimates that 5% of their 11000 devices worldwide are impacted.
SUBMARINE is a novel persistent backdoor that lives in a Structured Query Language (SQL) database on the ESG appliance.
SUBMARINE comprises multiple artifacts—including a SQL trigger, shell scripts, and a loaded library for a Linux daemon—that together enable execution with root privileges, persistence, command and control, and cleanup. CISA also analyzed artifacts related to SUBMARINE that contained the contents of the compromised SQL database. This malware poses a severe threat for lateral movement.
‘https://www.cisa.gov/news-events/alerts/2023/07/28/cisa-releases-malware-analysis-reports-barracuda-backdoors
UNC4841 (PRC)
incomplete input validation
Since Barracuda ESG does not sanitize the user-controlled “$f” variable, adversaries were able to craft TAR files that allowed them to execute system commands with the ESG’s privileges.
‘https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
“The vulnerability arises out of a failure to comprehensively sanitize the processing of .tar file. … a remote attacker can specifically format these file names in a particular manner that will result in remotely executing a system command through Perl’s qx operator with the privileges of the Email Security Gateway product.”
‘https://nvd.nist.gov/vuln/detail/CVE-2023-2868
–
CVE-2023–35078 – an API endpoint which requires no authentication whatsoever
‘https://doublepulsar.com/mobileirony-backdoor-allows-complete-takeover-of-mobile-security-product-and-endpoints-559733d612e1?gi=cdfca9fcfb78
“These files were loaded into a running Apache Tomcat instance and enabled an external actor to run malicious java bytecode on the affected servers.”
‘https://www.mnemonic.io/resources/blog/threat-advisory-remote-file-write-vulnerability-in-ivanti-epmm/
‘https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a
ResearcherZero • August 1, 2023 11:27 PM
@vas pup @Clive Robinson
“No one knew the value of waste kunzite until Chinese businessmen started arriving,” said Safi, the former head of a village council who now works as a representative for local miners. “They were excited, then everybody got excited.”
Around the time Kabul fell to the Taliban in August 2021, a boom shook the world’s lithium market. The mineral’s price skyrocketed eightfold from 2021 to 2022, attracting hundreds of Chinese mining entrepreneurs to Afghanistan.
In interviews, Taliban officials, Chinese entrepreneurs and their Afghan intermediaries described a frenzy reminiscent of a 19th-century gold rush.
In a rare interview, Shahabuddin Delawar, Afghanistan’s minister of mines and a senior Taliban leader, told Washington Post journalists that just 24 hours earlier, representatives of a Chinese company had been in his office presenting the details of a $10 billion bid that included pledges to build a lithium ore processing plant and battery factories in Afghanistan, upgrade long-neglected mountain roads and create tens of thousands of local jobs. His ministry identified the Chinese company as Gochin.
‘https://www.washingtonpost.com/world/interactive/2023/ev-lithium-afghanistan-taliban-china/
Deal of a lifetime!
Trump’s administration signed a peace deal with the Taliban in February 2020, he optimistically proclaimed that “we think we’ll be successful in the end.” His secretary of state, Mike Pompeo, asserted that the administration was “seizing the best opportunity for peace in a generation.”
‘https://apnews.com/article/joe-biden-middle-east-taliban-doha-e6f48507848aef2ee849154604aa11be
The agreement released to the public provides no verification or enforcement provisions for these assurances…
‘https://www.documentcloud.org/documents/6790279-US-Taliban-Agreement
JonKnowsNothing • August 2, 2023 1:18 AM
@Clive, @ vas pup,
Re Nat Security restriction and choices
When you look past the bunting you may realize that the choices given to the US population are very restrictive. We have a number of mechanisms to flex a bit of choice but for the most part we do not have a “useful choice”.
- Our government is a 2 party system: Column A or Column B
That’s all the choice we get for the big picture. For the small picture there are often more choices, however there may not be a lot of difference between them.
- the difference between sauces in a restaurant: 1 TBS of brown sauce or 2 TBS brown sauce
We do have the option of walking in the streets, singing songs, chanting slogans and waving banners. Millions do so, to express their views on any number of topics. Whether these actions actively change anything… it’s fairly safe to say, they rarely change anything. At best, the marches get a historic footnote.
So when it comes to something significant, not only will the US Public be informed after the fact, we will be told what the facts are and what we are required to do: such as Send Troops.
Sending Troops is the very last thing that we will be told we have to do: send our children to die. USA has a historical preference for isolation, punctuated with periods of direct involvement. We don’t like long drawn out affairs, like 1,000 year wars that seem to be evolving towards a larger area of activity, and we have no compunction of picking up our toys and leaving either.
On the high side, the choice will be about profits and that will determine what we do. We can be very supportive for YOU sending YOUR kids to die, and we will help you do that. We will assist your undertaking by providing the requisite armament loans at a favorable interest rates. We will fund (aka loan) you the money to rebuild too. Everyone likes shiny new.
Few of these decisions will be with the population. They rest with some of the people you mentioned and a good number of others in the background.
The bunting has to be paid for. What are YOU willing to pay for it?
Phillip • August 2, 2023 2:52 AM
@Clive Robinson, @SpaceLifeForm, ALL,
I did see the AMD-TPM/Torvalds one. Availability? You think? Actually, I am pleased with this reporting. I have yet to switch to Win 11 and am also interested in knowing what it might be like to work with a H/W TPM. Torvalds gave us the right answer. All the promises of greater assurance are wasted if this is happening. Now, allow me to move into conspiracy mode.
Clive Robinson • August 2, 2023 5:00 AM
@ ResearcherZero,
Re : Air gap crossing both ways.
“One of the implant types appeared to be a sophisticated modular malware, aimed at profiling removable drives and contaminating them with a worm to exfiltrate data from isolated, or air-gapped, networks of industrial organizations in Eastern Europe.”
That brought a nostalgic lump to my throat. It is more than a decaded ago now that I worked out how to do this air-gap crossing.
It was part of my looking at how I would attack electronic voting machines. I in effect discovered a way to do bot control wirhout the use of swrvers that could be taken down. I talked about how to do it on this blog about a year before stuxnet did it’s thing.
At the time I noted that getting data out was almost as easy, but unlike getting commands in, I was very sketch on the details as I did not want to give the recipe away to all and sundry as protection was not practical back then. As for mitigation of any kind just remember it was designed to cross air-gaps so the then maximum security of “segregation” as practiced in industry was not going to work…
As I noted not long after stuxnet the part I had reveled on this blog “got used” whilst the bit I’d kept more secret had not been.
In a way it’s nice to see it’s finally in use by others, however what you do not say is just how covert it is and if it’s “server-less” or not.
I guess I’m going to have to read the paperwork, the trouble is they write them in such a dull way these days 🙁
ResearcherZero • August 2, 2023 5:14 AM
@Clive Robinson
Dull as mud.
–
Grusch said “non-human” biologics came with some alleged craft recoveries.
‘https://nypost.com/2023/07/25/ex-top-defense-official-expects-new-details-on-pentagons-retrieval-of-ufos/
Various animal remains….
…and some Ham
‘https://www.australiangeographic.com.au/topics/wildlife/2021/02/the-life-and-death-of-the-first-astrochimp-ham/
Smaller monkeys were their preferred choice. But those early missions didn’t go well —
‘https://www.discovermagazine.com/the-sciences/a-brief-history-of-chimps-in-space
ResearcherZero • August 2, 2023 6:31 AM
Lessons in lawfulness
“Services Australia advised it paused approximately 13,000 debt reviews while the agencies sought legal advice. Another 87,000 files which may become debts were also potentially affected by unlawful or incorrect income apportionment calculations.“
“Apportioning income across multiple Centrelink fortnights caused problems with calculations, as customers could be over- or under-paid if employment income were apportioned into Centrelink fortnights when it was not earned, derived or received. This was not permitted by section 1037B of the Social Security Act as it was in force prior to 7 December 2020.”
“Whilst technically different to robodebt the effect it had on those who received debt notices was the same. It left many already struggling people in great distress.”
“The robodebt calculation methodology frequently switched the burden of proof away from Centrelink to prove a debt existed, and onto the customer to prove a debt did not exist.”
There is an unresolved and significant difference of opinion between some of the legal advices. The General Instructions that DSS developed to guide how decision-makers should recalculate the approximately 100,000 actual and potential debts need further development.
It is unknown how many other customers may have been impacted by unlawful or inaccurate debts or underpayments.
‘https://www.ombudsman.gov.au/__data/assets/pdf_file/0040/299947/Commonwealth-Ombudsman-public-statement-regarding-OMI-Income-Apportionment-Lawfulness.pdf
Clive Robinson • August 2, 2023 6:44 AM
@ ResearcherZero, vas pup,
Re : Empty as always.
“The agreement released to the public provides no verification or enforcement provisions for these assurances…”
No, nor anything else, it’s even more empry than “Peace in our time” that got flapped in the air at Croydon Airport.
One of the reasons the US has so many problems with various countries is they effectively deal doshonestly due to the way the system works.
No matter how good a deal is on the table, the last word goes to the iduots on the hill, who will do what ever they can for political point scoring.
So a deal is reached with say North Korea, the NKs hold up their side of the deal, but the US does not deliver because the idiots on the hill are having one of their rasbery blowing moments. So the NKs reverse back to what they were doing, and will then only negotiate on the basis the US is doing it in bad faith… The US then claim “bad faith” by the NKs.
You might remember a few years back there were talks involving Iran, the EU and US. Everything the EU and US had asked for had been agreed to. Then some tub thumper up on the Hill got stupid, and killed it.
So not only US bad faith to Iran, but US bad faith towards Europe, all because some twit got a bee in his bonnet put there by some over geriatric war hawk who probably did his military service via a horses…
A lot of people in the West are having a sardonic laugh about the US and Russia currently. Because the citizens of both alledged super powers are kept in a form of “isolationism” by their MSM etc they don’t get to realise just how outrageously they are being lied to by their politicians.
So we have Russia telling it’s citizens all sorts of nonsense about Ukranian “Nazi torturers” backed up by anglo-saxon “thugs / torturers / criminals” from the UK and US. Which most of the rest of the world can see is nonsense.
But with a half century or so of US politicians on the hill blaiming the longterm international issues their petty political squables have caused on people who have been repeatedly harmed by them… You have to see the humour in a “pot calls kettle black” kind of way, of the US saying Russia is doing it…
Clive Robinson • August 2, 2023 8:16 AM
@ Phillip, SpaceLifeForm, ALL,
Let me think,
1, A CPU with a defective TRNG.
2, Microsoft with a history of questionable crypto choices in their OS’s.
Giving rise to various alledged “fixes” that only work for Microsoft.
And you ask,
“Now, allow me to move into conspiracy mode.”
What took you so long 😉
JonKnowsNothing • August 2, 2023 9:42 AM
@ResearcherZero, All
re: Robodebt and its Allies
The schemes revolve around an accounting practice used to determine “the period in which income is earned”.
In business this is used to prevent sales and income fraud. Businesses having a poor reporting period are prone to poaching sales or income from the next period to boost the current period sales. If they have a bumper sales period they may withhold posting the last week or days to the books to carry over to the next period.
It becomes a cascading avalanche in the business practice where Official Reports are required.
ex:
Q1 Real Sales: 100
Q2 Presales: 350YTD Sales: 450
Q1 Investor expectations and forecasts: 150
Q1-Q2 altered values:
Reported Q1 150
Reported Q2 300Report Annual YTD 450
The AU department of social services uses a 2 week period baseline.
In the current findings of 100,000 non-Robodebt errors over the past 20 years, the look-forward look-back period was 2-4 baseline periods (1 month-2 month).
Robodebt look-forward look-back period was 26 baseline periods. (6 month-12 month)
So, a person in AU could get caught in both allocation re-calculations.
The reason it is so popular in Neocon economics, is that shifting part of the reporting backward pulls some of it below a benefit threshold, so you get less than the expected allotment, and pushing some of the income the other side puts people over the ceiling for a benefit payment so they get none.
Then the next task is to claim an Over Payment + Interest on the carry forward carry back amounts.
The next part is also popular with Neocon economics, which is the burden of proof lies with the consumer-client.
- How can a consumer prove a computer system and calculation is faulty or illegal?
The same thing happened in the UK Postmaster Scandal, everyone knew the Fujitsu mainframe couldn’t add 2+2 correctly, but getting all that extra Money For Nothing was too much enticement and the Neocons got to make lots of campaign noise about “cheaters”.
They, of course, where not referring to themselves.
lurker • August 2, 2023 4:17 PM
Kenya mobile phone data service has been hit with a major outage affecting govt e-Citizen services, electric power billing systems, and mobile banking/cash transfers.
Search engines will give stories coming at this from various angles, but nothing concrete yet on exactly what it is. BBC seems confident repeating the claim of responsibility from Anonymous Sudan; aljazeera dredges up rumours of Chinese involvement. Ongoing . . .
lurker • August 2, 2023 4:30 PM
In other news: Kenya has ordered Sam Altman’s WorldCoin to stop signing on new members with “free” money in exchange for a magic eyeball scan, ‘due to a “lack of clarity on the security and storage” of the iris scans it’s collecting’
‘https://www.theverge.com/2023/8/2/23817147/kenya-worldcoin-suspended-sam-altman-eyeball-scanning
ResearcherZero • August 2, 2023 7:17 PM
@JonKnowsNothing
The method social services used was deemed illegal in a case before the courts in the 1990′ (an investigation into fraud by social services staff). Yet they still implemented it despite it being not permitted under the Social Services Act.
Some of the same people involved in implementing Robodebt were involved in a previous investigation into attempts to defraud – (no surprises here) – independent Australia Post outlets. They also attempted to seize control of the Independent Australia Post buildings from their legitimate owners.
They employed many of the same techniques to hide their actions and responsibility implementing Robodebt.
–
Rapid7 discovered a new vulnerability that allows unauthenticated attackers to access the API in older unsupported versions of MobileIron Core (11.2 and below).
“CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain”
‘https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/
–
Threat Actors Exploiting Citrix CVE-2023-3519 to Implant Webshells
‘https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a
The affected product versions are as follows: NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13; NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13; NetScaler ADC 13.1-FIPS before 13.1-37.159; NetScaler ADC 12.1-FIPS before 12.1-55.297; and NetScaler ADC 12.1-NDcPP before 12.1-55.297.
NetScaler ADC and Gateway 12.1 is vulnerable, but is end-of-life and won’t be patched.
‘https://www.cisa.gov/news-events/alerts/2023/07/20/cisa-releases-cybersecurity-advisory-threat-actors-exploiting-citrix-cve-2023-3519
General statistics: World map
‘https://dashboard.shadowserver.org/statistics/combined/map/?map_type=std&day=2023-07-19&source=http_vulnerable&source=http_vulnerable6&tag=cve-2023-3519%2B&geo=all&data_set=count&scale=log
‘https://www.resillion.com/wp-content/uploads/2023/07/Resillion-Citrix-Vulnerability-Report-1.pdf
–
APT29 (SVR)
“technical support-themed domains and send tech support lures”
Our current investigation indicates this campaign has affected fewer than 40 unique global organizations.
“In some cases, the actor attempts to add a device to the organization as a managed device via Microsoft Entra ID (AAD), likely an attempt to circumvent conditional access policies configured to restrict access to specific resources to managed devices only.”
‘https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/
–
“WyrmSpy and DragonEgg are two advanced Android surveillanceware. Both surveillanceware appear to have sophisticated data collection and exfiltration capabilities and hide those functions in additional modules that are downloaded after they are installed.”
“WyrmSpy primarily masquerades as a default operating system app, while DragonEgg pretends to be third-party keyboard or messaging apps.”
“DragonEgg and WyrmSpy are connected to each other through their use of overlapping Android signing certificates. Some versions of WyrmSpy introduced unique signing certificates that were later observed in use by DragonEgg developers.”
‘https://www.lookout.com/threat-intelligence/article/wyrmspy-dragonegg-surveillanceware-apt41
ResearcherZero • August 2, 2023 7:31 PM
@JonKnowsNothing
It’s possible they were going to take a second crack at it, after Morrison made way for the same cronies involved in the original attempt.
‘https://www.dailymail.co.uk/news/article-8866537/Scott-Morrison-orders-boss-Australia-Post-stand-down.html
Over time, he added finance, home affairs, resources and treasury to the mix of responsibilities…
“I’d rather have this discussion about what I did do than what I didn’t do.”
‘https://www.abc.net.au/news/2022-08-17/scott-morrison-secret-ministry-appointments-who-knew-timeline/101337414
ResearcherZero • August 2, 2023 8:15 PM
@JonKnowsNothing
The father of the former Australia Post boss was an adjudicator for the original investigations that took place. Morrison’s cronies threatened him that if he continued to take part in the investigation into the attempted fraud, they would then go after his daughter.
Robodebt similarly took place following the announcement of the Inquiry into Institutional Abuse. Many of the Ministers involved were previously investigated in cases of institutional abuse, some of them quite serious matters. All of them closely associated with people who were charged with serious aggravated offenses, in which they themselves were involved, or later got involved in.
Clearly the legal process fails to prevent the bad apples progressing through the ranks, despite a large amount of evidence sitting in the possession of the Federal Police, after similar failures from their state counterparts. 20 to 30 years is a little slow for cases to run, often with very poor outcomes, and yet more investigations into the very same people.
‘https://www.msn.com/en-au/news/australia/wa-parliamentary-inquiry-to-scrutinise-alleged-stalling-tactics-by-institutions-in-child-sex-abuse-compensation-claims/ar-AA1cUfjW
“Almost 50 public servants have been suspended from duty over child sexual abuse allegations, but the departments they work in and any punishments imposed have not been made public.”
‘https://www.abc.net.au/news/2023-07-04/punishments-for-public-servants-child-abuse-allegations/102546520
ResearcherZero • August 2, 2023 8:22 PM
They achieved what was outlined in the risk management plan…
The 2015 risk management plan said possible severe risks of the proposal included “national public outrage” and a “significant breach of legislation and/or judicial inquiry”
The August 2015 entry describing risks of creating the program state: “This risk is an: opportunity.”
‘https://www.theguardian.com/australia-news/2020/jun/06/centrelink-was-warned-robodebts-could-be-inaccurate-more-than-four-years-ago
Debt by design: The anatomy of a social policy fiasco – Or was it something worse?
‘https://onlinelibrary.wiley.com/doi/10.1111/1467-8500.12479
Clive Robinson • August 2, 2023 9:39 PM
@ Bruce, the usual suspects, all,
Re : Hardware as a security failure.
Two hardware failures that EmSec and other practicioners and secure developers should take on board,
1, Re working of RAM-Freeze.
2, Power Spectrum Side Channel
The first is going to be of real interest to forensic types as even though currently clunky it will improve a lot and become a “smooth to use”(c) tool.
The second is of interest for other reasons. On the face of it, it’s an impractical tool. However some used to ask why I talked about the bandwidth of side channels and how it was never zero so would always leak secure information in any active system. Well this nicely demonstrates it.
So start in on the First in a little more detail,
https://www.theregister.com/2023/06/09/cold_boot_ram_theft/
“Robot can rip the data out of RAM chips with chilling technology”
Knowing how to do this goes back a long way, early signs of being practical were with people working on work-arounds on “pay2use” ‘Set-top Boxes” back in the early 1990’s if not earlier. Modifing a home freezer to get below -20C (-4F) and putting the settop box in enabled the contents of memory chips to be held long enough to get the data out. Who first moved to spraying liquid nitrogen around to do the same trick is unknown but by the 1990’s it was a very serious concern to those involved with “Smart Card” development. If you go back to work comming out of New Zeland on erasing hard drive data you will also find refrence to using liquid nitrogen attacks on DRAM to get the hard drive encryption keys. You will also find –if you can get at it– the NSA also started using “In-line Media Encryption”(IME) devices to be used between PC’s and Hard Drives that were constructed in a way to reduce the likelyhood of a RAM-Freeze attack. I did some work on storing the Keys in RAM such they continuously evolved with the secret needed to recover the keys also evolving but kept inside a CPU register. I refered to it as like “a snake eating it’s tail”.
The thing is RAM-Freeze has gone out of fashion not because it’s not still a viable method, but because hardware manufacturers have just made it physically harder by using smaller components in newer packaging types such as “Ball Grid Array”(BGA) where getting at the “pin-outs” can be made quite difficult just by “Printed Circuit Board”(PCB) design in “multi layers”.
Which is where Ang Cui’s Robot comes in… It can lift a chip and get it into a specialist chip socket fast, but as Cui indicates, not fast enough,
“… we had to do not one but five chips, because they’re all interlaced together. And then three of the chips are on one side of the board, and two of them are on the bottom of the board. So we had to come up with a way to somehow magically either pull all five memory chips off at literally the same instruction – which is, you know, hilariously complicated and it’s just not really doable.”
Which is why hardware designers of these modules think they don’t need to worry about RAM-Freeze attacks. But as Cui goes on,
“We came up with this other really cool trick where we do this one at a time and we’re looking for not just deterministic execution, but we’re also looking at the electromagnetic emanation of the device to figure out basically where the device is going through CPU-bound operation periods. Because if you’re CPU-bound, guess what you’re not doing? You’re not writing from memory,”
This “CPU-bound” operation applies to any CPU with “cache” to get speed up performance, which is basically nearly all CPU’s these days including quite a few microcontrolers… As for “secure enclaves” I won’t go into it but this attack is going to make those not anywhere as near secure as their designers thought…
It’s also why I was working on the continuousky evolving RAM encryption oh so long ago… Such attacks are shall we say “predictable” if you “think hinky”. Which obviously not enough do as Cui notes,
“But the more important a thing is for the world, the less security it has,” he said. “So guess what has [memory encryption]? XBox has it. PS5 has it. Guess what doesn’t? Every PLC [programmable logic controller] CPU on the planet effectively. A lot of the critical infrastructure embedded things that we depend on, almost none of them are addressing this kind of attack.”
In essence the designers of games consoles are in a continuous battle with those who hack their systems, thus “They have to think hinky”. But those important systems that control infrastructure and centrifuges in uranium enrichment and similar do not have a clue when it comes to security. Because they are not continuously fighting an enemy.
Something I expect will need to be changed now that a real bombs-n-bullets war is including cyber-warfare as a standard tactic.
So hopefully with a few new thoughts bubbling away onto the Second article in more detail,
https://www.theregister.com/2023/08/01/collide_power_cpu_attack/
“Bad news: Another data-leaking CPU flaw. Good news: It’s utterly impractical”
Don’t believe the “Good News” it’s my experience that all side channel leaks can be,
1, Usefull.
2, Improved.
Especially when people think hinky as Cui and his team did about the timing in their RAM-Freeze reading Robot.
The first thing to realise is that whilst Core RAM can be –but usually is not– encrypted[1] internal cache menory is not due to speed issues[2].
So whilst slow this attack can be used against systems that do use Encrypted Core RAM, quite successfully. Which means certain security features like Secure Enclaves need to be looked at with a whole lot more care (to check what’s printed on the tin is what’s actually inside the tin –remember processing agents are not ingreedients so don’t have to be on the list– as it may be different),
So from an attackers perspective the fact it gets around RAM Crypto makes this attack of immediate consideration for further investigation. Because only getting a bit a day whilst slow, is going to be a heck of a lot faster than a hundred times the expected life of the universe some claim some crypto algorithms will take to break…
The researchers indicate that with a simple mitigation the leaking data would be brought down to at best 0.136 bits per hour (23bits/week). But with the way the likes of memory prefetching works means the attack in real world usage would be slower still. With an estimate of as low as 2.86years/bit.
But you will see that the researchers can also “think hinky” and realise that the attack could probably be significantly improved so say
“However, this low security risk might drastically change if new architectural or microarchitectural ways of prefetching victim data in co-location with attacker-controlled data are discovered.”
With the rate these low level attacks are coming out, I personally think that something in that area will almost certainly come out within a relatively short time.
Also consider that 23bits/week is worth having for a 128bit AES or similar key in a server in a “shared user environment” such as low cost cloud or co-lo where such keys would remain valid for an entire power cycle, and the curve would probably crossover with a brutforce search in less than four weeks.
[1] One problem with encrypting Core RAM is that the more processes the nore KeyMat is required. That KeyMat has to be stored somewhere, and mad as it might sound that’s almost certainly in Core RAM.
[2] In theory Cache RAM could be encrypted, but, it very probably never will be. Without geting into it, you need to see how cache memory actually works at low level to see it’s not realy practical, for the way we want Cache RAM to work. Thus if we want Cache RAM to be secure, we will need to compleately redesign the CPU to take it into account. The performance hit going through such a process will induce will almost guarantee it won’t happen in existing 32bit and above CPU designs.
SpaceLifeForm • August 3, 2023 6:30 PM
Silicon Turtles
Just disable SMT
Do not trade go-faster stripes for loss of security.
‘https://www.bleepingcomputer.com/news/security/new-collide-pluspower-side-channel-attack-impacts-almost-all-cpus/
Clive Robinson • August 3, 2023 9:32 PM
@ SpaceLifeForm, ALL,
Re : Even turtles have life signs.
The link kind of says it all,
“collide-pluspower-side-channel-attack-impacts-almost-all-cpus”
I would say as far as CPU’s with cache is concerned “almost” is kind of superfluous.
Without goining into lots of details, changing the state of a memory bit requires more power than simply just writing to the bit address.
So, overly simplistically if you write a “zero” and get less power used than writing a “one” then it’s reasonable to assume the bit was originally “zero”. Likewise if you write a “one” and it takes less power than writing a “zero” then it’s reasonable to assume the bit was originally a “one”.
This is because the fundemental laws of nature are preserved.
Firstly doing work –changing state– uses energy.
Secondly all work is inefficient and the “lost energy” has to go somewhere as it’s not destroyed.
Thirdly it’s that “lost energy” via a process of radiation transport that eventually becomes heat. However in the early steps when it is still quite coherant it’s pressence on a bit by bit basis can be measured if the side channel mechanism has sufficient bandwidth.
Lastly, for the electronics to function effectively as digital logic, the power supply to the individual bit storage electronics needs around five times the bandwidth of the maximum rate it’s state can be switched at.
Put that all together and you can see why a “known plaintext” attack on the cache will on a bit by bit basis leak information out of the chip…
Yes there is quite a bit more to it, but back in the late 1990’s even undergraduate students used to be given lab-work fishing information out of “Smart Cards” via their power supply circuit as a demonstration of this issue.
More than a decade earlier some of us had worked out how to get the information out by not having to directly connect to the electronic circuits (It was easier back then because clock frequencies were down in the low MHz range and second hand test equipment covering it was fairly easily available at lowish or no cost[1]).
This was done by using low power EM Carriers that got “cross modulated” by the changing state. Thus using “Physically tamper secure tamper evident casing” was a bust which was a big Opps…
I demonstrated this on “Electronic Wallets” and “Pocket Gambling Games” back in the 1980’s both of which people hoped would become billion dollar industries and were busy investing money in. They were not happy with what I’d found… Guess what such attacks can still work today… If you look around it’s not exactly happening the way the investors hoped as the security can not be ensured thus money like the lost energy of work will get transported out of electronic Smart Devices.
It turns out I was not the only engineer back last century showing this… The problem was it was not just the investors not wanting to know such systems were insecure. I know for certain one or two UK Government Security Agencies were not happy especially when I moved on to modulating the EM carrier to do active fault injection which I’ve talked about on this blog before…
But I’m a little shocked that after more than a third of a century these attacks are seen as new and exciting.
The real thing people should realise is the basic TEMPEST / EmSec rules about energy and side channels. They will always exist because they are the base laws of nature. With the result being the best you can do is “keep both the bandwidth and energy down” and loop areas small, very small.
Oh and don’t do the “knee jerk” thing the Continental Europeas did back last Century of trying to “add noise” or “Whitening” it does not work in fact it can make things worse. Look up “Low Probability of Intetcept”(LPI) radio systems especially “Direct Sequence Spread Spectrum”(DSSS) systems and process gain and you will see why.
For students of Prof Ross J. Anderson have a chat with him about it, he can tell you the issues and some “war stories”. One of which was “self synchronising logic” the idea being if there was no central clock, then there would be no reliable signal to synchronize to… Which is true up untill some one illuminates the electronics with an EM carrier and causes all those free running circuits via the process of “injection locking” to sync upto the EM carrier… Which actually makes the next stages of the attack so much easier, as you control the synchronization signal not the clock in the electronics, so you get upto ~20db of improved signal availability…
[1] The UK National Physics Lab over in Teddington in SW London, gave me quite a bit of such equipment to pass on to Schools, Scout Groups, Radio Clubs and the just forming Computer Clubs as the kit got EOL’d by book-keeping.
Clive Robinson • August 4, 2023 4:33 AM
“When it all gets on top of you”
It would appear that driving around, doing not much more than driving around can realy get on top of you.
Especially if part of that on top is a whole bunch of Google StreetWiew cameras etc,
https://www.theregister.com/2023/08/03/google_maps_driver_arrested/
Yes, I admit it, I was hoping it would be an “AI goes crazy hazy and sees red” story but no. In this case it’s still the human kind cracking under the preasure and going off the range of the speedo.
Why is unclear, but the incoherent ramblings reported suggest a bit more than a patch-up at Accident & Emergancy is required.
Subscribe to comments on this entry
Leave a comment
Sidebar photo of Bruce Schneier by Joe MacInnis.
&ers • July 28, 2023 5:51 PM
@Clive, @ALL
Not all know from where the term 0day came (Clive knows).
hxxps://web.archive.org/web/20180131070511/http://markmaunder.com/2014/06/16/where-zero-day-comes-from/
Clive, i definitely want to hear your phreaking memoirs 🙂
Sadly here not too much – we had pulse dialing here…
And long distance was out of question here anyway – from
ordinary phone lines no long distance, everything was under
KGB strict control.