Comments

Vampire Power Adapter April 1, 2024 11:37 AM

I believe. Cannot prove. But believe. Strongly. This is also how the vampires of Twilight fame were able to sparkle. Securely.

Clive Robinson April 1, 2024 12:18 PM

@ ALL,

I thought I had Trademarked “Magic pixie dust” thinking etc years and years ago[1]…

Unlike “patents” trade marks are eternal as long as you feed them, so pardon me whilst I flick a little seed in the budgie cage.

So where do I send my “cease and desist notice” to 😉

[1] You will find it in several places on this blog, and other places if you search for it. If memory serves correctly I first used it to describe the p155 p00r alleged TRNG circuits in Intel Chips. Which can be shown to be very poor digitised sin wave generators followed by a crappy crypto algorithm to hide / obfuscate the actual numpty RNG.

cybershow April 1, 2024 12:27 PM

Security and magic have a bond. Some of Tristan Harris’ essays make
useful reading for security engineers.

Vendors have a high bar to beat the ADE651.

The fact that this exists, and let’s face it, BigTech products from the
“Insecurity Industry”, bodes deeper problems; that for most people all
technology is now magic.

Funny as Shostack’s “magic security dust” is, it’s terrifying that so many
people in positions of power and responsibility would not appreciate the difference between a
joke and a proof. That’s a tragic multi-generational failure of education for
our technological society.

As a student I was once privileged to meet James Randi and now feel that our
work as security thinkers “on the side of the people”, is to perform a similar role of
debunking, while a majority learn magic only hoping to trick others for
profit. That so many people want to be tricked, as technology has become the
new secular religion, only makes the job more interesting.

Cybersecurity and radical scepticism are deeply entwined. Which makes the loss of Ross
Anderson, an indomitable scientist and humanist in our field, all the more painful
imho.

mark April 1, 2024 1:07 PM

I need some, now that those libraries for ssh are vulnerable! Where can I buy it (and some of the snake oil, as well, so I can lubricate the bits in my ethernet)?

tfb April 1, 2024 2:43 PM

@cybershow

I had forgotten about the ADE 651. But the situation is slightly more complicated than it looks. I knew someone whose job involved making sniffers for various chemicals, including explosives. At the time (late 70s I think, not after about 1982 anyway) you could make good sniffers which were portable in the ‘backpack with the guts of the thing in it’ sense, very expensive and probably required expensive and frequent looking-after to keep them from getting contaminated. Or you could make cheap sniffers which you could hand-hold and which … worked, just about.

The company he worked for made both, but they sold a lot of the cheap sniffers. They did not lie about how effective they were: the specs were available and the people who bought them (airport security people really) knew their limitations.

Because only one of the reasons they were buying them was how good they were: the other, arguably more important reason, was psychological: when you decide to sniff someone’s luggage, you watch them like a hawk. If they’re just bored and annoyed, fine; if they’re sweating and nervous, neither they nor their luggage gets on the plane and (if the cheap sniffer didn’t find anything) you crank up the good sniffer you have in the back room. And because you can afford ten times as many cheap sniffers, you can look at ten times, or more, people.

Note 1: the cheap sniffers were not fake like the ADE 651: they did work, just not enormously well. Note 2: things later converged and good, small, cheap sniffers are now much, much easier. In fact I would not be at all surprised if machine learning has not helped things a lot recently as it should be a good application for it (the person I knew is now dead so I don’t know anything that’s happened in the area for the last more-than-a-decade).

cybershow April 1, 2024 4:26 PM

@tbf

Good story about the staged used of tech. Quite a common model in medicine, with cheap,
disposable but inaccurate tests at the front line, then progressively more expensive
machines that go ping as diagnosis proceeds.

Bruce has written a lot on the value of security theatre here. Definitely there’s a
place for placebo/psych-only methods to beat the bushes a bit. I actually think most
CCTV cameras perform that role.

But I suppose the ethics revolve around “who is in on the trick?” and “what’s the false
positive cost?”, and “where does the false negative land?”.

Take the thorough debunking of polygraphy and the “Lie behind the lie-detector”.
Criminals dumb enough to believe a machine can tell if they’re lying may also be
interested in some unbreakable crypto-phones the FBI have to sell them. I’m happy that
deception is useful and works in those cases.

But deception about technology tends to pull in people around it. It’s indiscriminate,
and they’re already too eager to believe. Before long you’ve got judges and juries
believing in “lie detectors”. Indiscriminate weapons always come home to roost. And
for the ATSC (ADE 651) company it’s a complete externality; some poor Iraqi recruit
wandering off into a minefield optimistically brandishing a magic coat-hanger…

BTW, I think you’re right that electronic noses have advanced greatly with novel
junctions and carbon nanotubes as to become a “lab on a chip”. I don’t keep up with the
tech much either but if you do a bit of sniffing around (!) the amazing advances I last
heard of were detecting cancers and other disease from breath and sweat.

Rene Bastien April 1, 2024 6:03 PM

I am selling dehydrated water if anyone is interested. Only available on April 1st each year.

lurker April 1, 2024 7:10 PM

@Adrien

Surprisingly for the French, they candidly admit [FAQ] that their powder is not magic.

Clive Robinson April 1, 2024 8:33 PM

@ Rene Bastien, ALL,

Re : Snow Joke…

I am selling dehydrated water if anyone is interested.

It must be more than thirty years now but I used to know a rather nice young lady[1] who joked that the main part of her job was “Making dehydrated water”.

At the time she worked in a lab that tested water to see if it was potable. By testing for organic and mineral contaminates and such. Part of one of the tests involved evaporating off the water as it made testing easier.

But she was also a researcher and had done a stint down at the South pole (a place I’ve always wanted to go). So she also used to point out that the dryest deserts in the world are down there with the “Dry Valleys” of McMurdo sound[2], even though they have saline lakes at the bottom…

[1] Julie in the unlikely event you read this, I hope you are doing well.

[2] Apparently the definition of a desert is based on rainfall and as it does not get warm enough to rain… But also there is a strange vertically descending “fall wind” pattern that can exceed 200kph that evaporates any snow or similar rapidly… Apparently the place is so inhospitable “even the bugs live indoors”. That is the microbes are only found “inside rocks” and not on their surfaces or underneath them.

Dave April 1, 2024 11:18 PM

I don’t want to bring too much attention to the French, but they were doing this for a long time: https://www.poudreverte.org/

I think several people have had similar ideas. Marcus Ranum used to hand out labels at conferences that you could apply to spray bottles that described various types of security effects achievable by spraying the substance onto computers and network gear. I think one was something like Pest-Away, which gets rid of hackers, crackers, script kiddies, and security consultants.

Gert-Jan April 2, 2024 7:01 AM

This just cracked me up. So funny. And I was glad to hear that all winners of the security theater award had used this revolutionary product.

The only thing missing was a user instruction (how many grams to use for which level of security) and a link to order the product.

echo April 3, 2024 11:01 AM

There’s a lot of tough talk from hardboiled gimlet eyed duck and roll security types about glitter and nail varnish. To the best of my knowledge I’m the only one here who actually has glitter and nailvarnish. This makes we wonder if the security industry isn’t all mouth and no trousers. C’mon, guys, just steel yourselves. It’s no biggy walking into a shop and buying this stuff. You can also wear it you know. Two birds with one stone and all that. Just put it down as cognitive resilience training. You might even get a tax write off. lol.

I’d laugh myself silly seeing a Youtube of hairy security experts putting on nail varnish for the first time and explaining it away to their friends. Get a little colour in your lives. Black with everything is depressing!

Muppet Spotting April 3, 2024 11:31 AM

Now here is an odd thing,

“To the best of my knowledge I’m the only one here who actually has glitter and nailvarnish.”

To the best of every one elses knowledge

You are the only person to mention them.

So of to the Chinese takeaway with you, for your “duck and roll” with a little sauce on the side.

lurker April 3, 2024 6:31 PM

@echo

I always have a bottle of nailvarnish in my top drawer along with the chinagraph pencils. It is a very visible and permanent marker/locker for screws that have been tightened properly. I stopped keeping glitter, the kids got away with it all. And I’ve got a genuine graybeard, so gender assumptions are left to the gentle reader.

Clive Robinson April 3, 2024 8:41 PM

@ lurker, ALL,

Re : Glitter and beards…

“I stopped keeping glitter, the kids got away with it all. And I’ve got a genuine graybeard.”

Before my “scottish coloured beard” went grey, I discovered courtesy of my quite young son who had uses for glitter as all children around that age tend to that glitter and beards do not mix. Especially when the glitter has glue on it from the “artwork”.

It took a lot of days to wash/comb the darn stuff out… In the end I resorted to a very short beard trim as the only way…

Apart from my pride of having a beard birds could nest in trimmed back to “hairy billiard ball” status nothing was really harmed…

Well apart from my feelings each morning on looking in the bathroom mirror 🙁

I’ve since been told that “body gel glitter”[1] is entirely different to “arts and crafts glitter” as it can get to places nature never intended ={

Oh and if you thought it was not possible… Some years ago a “Public House” with restaurant at Shooters hill a couple of miles from Greenwich East London did “glitter gravy” with christmas lunches,

https://www.independent.co.uk/life-style/food-and-drink/glitter-gravy-london-pub-fox-under-the-hill-christmas-dinner-a8111026.html

Yup it glittered but “nagh not my ting” as they say…

[1] I’m told that you can get “edible biodegradable glitter” that can be used in “food frosting” some of which survive being mixed with home made organic aloe vera from one of the edible species (not all are). Apparently a variety of edible “luster dust” with large grains called “edible Disco Dust / glitter” gives glitter sized pieces with shine.

echo April 4, 2024 1:52 AM

Glitter bombing (party glitter not cosmetic glitter) is a long standing LGBT tradition.

https://www.teenvogue.com/story/mexico-protest-glitter-explainer
The History of Using Glitter As a Symbol of Protest
It’s affordable, accessible, and subversive all at once.

And if that doesn’t work go large.

https://www.thepinknews.com/2024/04/03/idaho-state-capitol-paper-hearts/

Protestors in Idaho dropped tens of thousands of paper hearts across the state capitol floor in protest at legislators’ anti-LGBTQ+ rhetoric.

https://www.youtube.com/watch?v=CEZgzsuIIxY
Dear Governor Little…Sincerely, a trans individual in North Idaho

This is such a beautiful message. I don’t know how anyone can hate the rainbow people just for wanting to live. Who are you protecting? What are you protecting? It makes no sense to me.

Anonymous April 12, 2024 8:09 AM

And in 1940 the United States conferred upon its Japanese diplomatic cryptanalyses the codename MAGIC.

Kahn, David. The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet (p. 93). Scribner. Kindle Edition.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.