Recent Comments


Note: new comments may take a few minutes to appear on this page.

March 30, 2015 8:39 AM

Patrick Jarrold on Brute-Forcing iPhone PINs:

With a 12-digit passcode, this method would take more than a million years to try all possibilities. Including lowercase letters in a passcode of that length increases the time rquired to over 6 billion years. Only using 8 digits would still take more than 100 years.

March 30, 2015 7:54 AM

Clive Robinson on Brute-Forcing iPhone PINs:

Another example of why getting security right is actually quite hard.

In this case I suspect it is caused by just the way the programers concerned think. That is the more natural "test for action, then take action" rather than the less intuative and certainly more clumsy "take action, then test if you should have taken the action".

One thing people often find dificult to get to grips with is that security sometimes requires the horse to push rather than pull the cart. An example from history, is you put armour between you and the threat you are approaching thus whilst pushing is harder than pulling it's a lot lot safer...

March 30, 2015 7:38 AM

Clive Robinson on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

With regards Rob Wainwright,

There is a comment over on the BBC News web site,

http://m.bbc.co.uk/news/technology-32087919

That said Mr Wainwright comes across as a great deal less than impartial, and it's just a "lip stick on a pig" rework of the "if you have nothing to hide" argument.

The simple fact is if he gets his way then every dictator will benifit and the long term death toll will be far far worse than the current very minor death toll due to terrorism outside of Shia / Sunni conflict areas.

I guess it begs the question of "politicing" of Europol and which IC is touching them up and what Mr Wainwright personaly hopes to gain by this little nonsense stunt.

March 30, 2015 7:08 AM

arfnarf on Brute-Forcing iPhone PINs:

The right way to do it:
Enter PIN
Decrement counter
Check valid PIN

The wrong way to do it:
Enter PIN
Check valid PIN
Decrement counter

March 30, 2015 7:08 AM

Maarten Bodewes on Brute-Forcing iPhone PINs:

OK, but this shows a blatant error with regards to the PIN code handling. Every security professional knows that you should decrement first, then check for the correct PIN.

It seems that Apple again places convenience before security (at least if I understand the use case correctly, where the screen lights up before the actual unlock happens).

March 30, 2015 7:06 AM

xxx on Brute-Forcing iPhone PINs:

Seems the fix should be simple: decrease the counter *before* PIN entry, then reset it back to 10 after the PIN was entered successfully.

March 30, 2015 6:51 AM

Guest on BIOS Hacking:

I'll get an usb cam for my skyping needs, I just don't like the telescreen running all the time.

Thanks @ Fig for the good advice! :)

March 30, 2015 6:40 AM

Clive Robinson on Yet Another Computer Side Channel:

@ Dirk Praet, @ Marcos El Malo,

How about this, then? Devote one or more cores of the CPU to run programs designed to create thermal noise. Would that do it?

It's a subject I've given some thought to over the years.

There are two main aspects to consider,

The first is aranging a constant work load on the chip such that an external monitoring process can not gain usefull information from observing the thermal signiture.

The second is hiding the work load process from observation by a secondary monitoring process such as EM signiture, CPU external bus signitures, cache usage signitures etc etc.

Obviously the second process is recursive, because trying to hide the first process it's self generates tell tales that need another process to hide from a different monitoring process and so on.

However the first process is also problematic, no mater what you do it will leak some information, the only question is what the observer can do with it. At the very least a constant load will alert the observer you are upto something you are apparently trying to hide.

But the first process also has a problem, to be effective it must be able to dominate the effects of other cores at all times, even when they idle...

It's why I prefer to go down other routes. A large passive heat sink not only reduces the observable heat differential thus limiting the side channel range, it also reduces the side channel bandwidth as well. An external fan that is fixed in behaviour reduces the thermal diferential further, but generaly does not effect the bandwidth.

The real solution is carefull system design such that whilst work is done, it's not done in ways that make side channels usefull either to passively observer, or to actively control. One way is to shorten task time by upping the process swaping rate and increasing the number of processes. Providing any given task has only a very small fraction of the CPU time compared to the side channel time constant it's overall effect is minimised.

Further the compiler or interpreter used to make the code available to run on the computer can be designed to provide a minimal or constant load signiture.

It's these areas little or no attention has been given by the open community even as purely academic excercises. The opposite is true for the closed signals intelligence community, where designing minimum EmSec visability equipment has been going on since WWI a century ago.

March 30, 2015 5:02 AM

HereItIs on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@Curious:

Here is that post...

Europol Chief Warns About Computer Encryption

http://news.slashdot.org/story/15/03/30/0016259/europol-chief-warns-about-computer-encryption
-------------------------------
The law enforcement lobbying campaign against encryption continues. Today it's Europols director Rob Wainwright who is trying to make a case against encryption. "It's become perhaps the biggest problem for the police and the security service authorities in dealing with the threats from terrorism," he explained. "It's changed the very nature of counter-terrorist work from one that has been traditionally reliant on having good monitoring capability of communications to one that essentially doesn't provide that anymore." This is the same man who told the European Parliament that Europol is not going to investigate the alleged NSA hacking of the SWIFT (international bank transfer) system. The excuse he gave was not that Europol didn't know about it, because it did. Very much so. It was that there had been no formal complaint from any member state.
--------------------------------

March 30, 2015 3:41 AM

Curious on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

I am reading that an anonymous poster on slashdot, having a recent news item about Europols chief Rob Wainwright: that Rob Wainwright is said (some time back presumably) have made some kind of point that Europol wouldn't investigate NSA hacking into SWIFT (international bank transfer), because of there weren't any formal complaints from any member states.

There weren't any references/sources for this particular claim on slashdot, I wonder if it is true (guessing it probably is). Some of Snowdens documents is said to show NSA having SWIFT and VISA on their target list as I understand it.

Seems terrible imo if that was the case, with there being no investigation at least. It would be convenient for some I guess and subsequently terrible for others, that without any investigation no evidence can be produced. I should point out that I am not sure how a police force or a bureaucracy would want to regard something to be 'evidence' or not.

March 30, 2015 3:28 AM

Wael on Friday Squid Blogging: Squid Pen:

@Clive Robinson, @Figureitout,

The question then becomes at what point can improvments no longer be made and what the effective limits are.

Probably when parameters not under our control are involved. For example, earth rotation effects and gravity variations. And since glass is a liquid, the effects of glass morphing over time have to be accounted for. Also, the coin rolling in the magnetic field of the earth induces a current that in turn makes the coin a weak magnet which affects it's motion. The location of the moon, the sun, and other celestial bodies will also have an effect. There are a ton of other parameters that we know and don't know. Electomagnetic wave polution around us and their constant changes will need to be controlled as well. Then there are computer rounding errors, modeling approximations (a Taylor series, for example, using the first few terms)... If all these paramers are known and the sample space is sufficiently large, then the distribution will be Guassian according to the Central Limit Theorem. More importantly, the location of the coin can be predicted precisely, within the desired tolerance levels.

I couldn't visualize the construction of your apparatus, but took a guess how it might look like and operate...

March 30, 2015 3:04 AM

Clive Robinson on Friday Squid Blogging: Squid Pen:

@ Figureitout,

I do think there needs to be a definition if we're going to make statments of "rarity" and what is and is not random

We are not even close to one yet, to see why go through a thought experiment...

For this I tend to assume a simple physical process under observation, the output of which can be plotted as a distribution, the curve of which is the result to be considered.

For example two sheets of glass held apart by a spacer the thickness of which is slightly greater than the thickness of a uniform coin. The coin rests on the spacer that has a profile like a cross sectional cutaway of the left hand side of a broad bottomed valley. That is the far left side has a small section of rising slope just before the peak, which acts as an initial resting point for the coin. From the peak to the right is a decending gradient designed to effeiciently convert the downwards force of gravity on the coin to a rightwards rolling motion. To the right of this downwards slope is a slight upwards flat slope of sufficient length that the coin will roll to a maximum rightwards point then roll back to the left.

For each test the coin is pushed rightwards slowly and uniformly from it's resting point over the peak and the output reading is the rightmost distance the coin travels before stopping and rolling backwards.

In a perfect world this point would always be the same. In practice it is not and when plotted out after many tests you would expect a distrubution curve to the results. The question is initialy "Why?" and secondly "How can the spread of this distribution be reduced?".

After some thought you will start applying constraints to the experiment to better control it, one such will be the initial push, another removing or controling the air between the glass sheets etc.

The question then becomes at what point can improvments no longer be made and what the effective limits are. Then you can get down to asking about the small residual curve, is it due to an unknowable process, a measurment limitation etc or is it the elusive "true randomness" that some people have faith in it existing.

March 30, 2015 2:05 AM

Clive Robinson on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@ AkickINtheTEETH,

Apparently, the phone program is still the cat's meow keeping people uneasy over telephone calls. It is something like scaring people into using other means to communicate (which are actually easier to get useful data from).

The question then is "Why are phone calls more difficult?", is it because accessing the content for technical, legal or resource reasons is difficult or because traffic analysis is at best circumstantial evidence.

Knowing the answer to this question, then suggests how the over priced boondoggle can become subject to better financial control and limitation of it's envelope pushing against legislation limitations.

Perhaps some knowledge could be gained in this area by finding out more about the direction their research is pointing, and thus seeing what patents they are seeking can show this.

March 30, 2015 12:00 AM

TheGuildsman on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@J Edgar Weasel

Thanks for your input.

"Before writing your signal to medium, be sure you can hear it through whatever mic you're using. That is, try to run the mic output either directly to headphones or at least live monitor the recording via headphones."

Good point.

"Your post mentioned that the sound is loud enough to feel - in addition to the hvac (and there, I would likely try to blue tape packing foam batts over the ducts to deaden sound produced from inside them) if there's a crawlspace below the house, perhaps a battery-operated speaker under the floor would be audible but hard to pinpoint? "

Yes at times the floors shake. It depends on the playlist for that night of course. Sometimes it's men chanting. Sometimes it's heavy electronic music. Sometimes it's a man and a woman talking. Sometimes it's just the low bass vibration that hurts your ears.

The house has a finished basement where the furnace room is located and of course there are hvac outlets in every room of the 2 upstairs floors. The sound is particularly bad on the main floor and not as much on the 2nd. I'm guessing the source is somewhere in the basement and it uses the vents to deliver the sound. I'm also guessing that there are more than one devices. I have to record it successfully and do the turn off all the power test to see if that is a valid assumption. It may all be coming from outside via microwave or EMR and I will have to build a Faraday cage and wear tinfoil hats.


March 29, 2015 11:08 PM

J Edgar Weasel on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@theguildsman:

Before writing your signal to medium, be sure you can hear it through whatever mic you're using. That is, try to run the mic output either directly to headphones or at least live monitor the recording via headphones.

A few years back I picked up a journalist friend a directional mic on ebay for 149, a fairly good one. I can't remember the brand, but one advantage to such a thing (and I suspect most mics considered 'broadcast quality' would be useful for you) is that it ought to help locate the general direction the sound's coming from.

Do the "in ear" mics - really, mics on booms at mouth level, with attached earpieces as well as output jacks - play back what the mic is hearing to the ear which they're in? If so, PylePro has one of those for about 16 bucks, and it's intended for musicians.

Your post mentioned that the sound is loud enough to feel - in addition to the hvac (and there, I would likely try to blue tape packing foam batts over the ducts to deaden sound produced from inside them) if there's a crawlspace below the house, perhaps a battery-operated speaker under the floor would be audible but hard to pinpoint?

March 29, 2015 9:42 PM

TheGuildsman on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@Thoth, @AudioJack, @tyr, @ww3, @albert, @steve37, @k10, @Clive, @DB

I really appreciate the thoughtful, useful and thought provoking responses from all of you. Thanks so much.

I have been reading here since Crypto-Gram days, probably 14 years so I knew I would receive good quality input.

I have a plan now and perhaps by the next Squid blog I will be able to report back with some answers as to what is really going on. I certainly hope it's not the brain frying microwaves since it's my sister that is in the house right now. And I'll probably need help, after having actually recorded the sounds, to find where they are coming from.

@DB the one ear closed sleeping method worked like a charm last night so my sister thanks you for that.

March 29, 2015 8:00 PM

Dirk Praet on Yet Another Computer Side Channel:

@ Marcos El Malo, @Clive

OK, how about this, then? Devote one or more cores of the CPU to run programs designed to create thermal noise. Would that do it?

It's probably easier to set up some dummy cron jobs that intermittently cause extra CPU load and thus heat. It may interfere with or throw off the malware processes that for their communications depend on temperature increases ('1') and decreases ('0') within certain intervals.

The desktop fan is a good idea when you put it between sender and receiver as the latter needs to pickup the temperature changes in the former, thus disturbing the heat emissions from the sending device. For plain cooling purposes you're probably better of with an external USB-powered laptop/notebook cooling pad or adjustable fan.

However interesting as a PoC, I doubt this attack is very practical at a transmission rate of 8 bits/hour and with a maximum distance of 40 cm. between both devices.

March 29, 2015 7:06 PM

Treadmill on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

Various examples of new technologies of surveillance evoke an even gloomier image of a militarised city. Intelligent geotextiles or Smart Dust are still under development but can be imagined to be a substantial part of our future cities’ surveillance systems. Smart Dust will be ‘comprised of speckle-sized devices that can sense environmental conditions, such as light, temperature and humidity. More importantly, they can gather civilian and military intelligence. Their tiny dimensions mean they are difficult to detect and can squeeze through the narrowest of gaps in doors and walls. They can communicate with each other wirelessly, as well as transmit data to a nearby command center or remote satellite’.

New surveillance technologies very often make use of nature, either by imitation or by manipulation. Spray-on nanoparticle mix turns trees into antennas, hacking animals, remote controlled insects and Cybugs (see also here), Micro Air Vehicles, forensic entomology – these are just a few more examples the militarisation of nature where immaculate features of nature are utilised for urban warfare, surveillance and crime prevention.
http://synccity.blogspot.com/2012/04/city-battlefield.html

The budget and debt keep growing. Nobody is watching the bottom line.

March 29, 2015 6:21 PM

AkickINtheTEETH on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

Well now, PR or damage control at its best...worst?

NSA: We Mulled Ending Phone Program Before Edward Snowden Leaks

http://yro.slashdot.org/story/15/03/29/1833258/nsa-we-mulled-ending-phone-program-before-edward-snowden-leaks

So why didn't they end the program after it was revealed? Apparently, the phone program is still the cat's meow keeping people uneasy over telephone calls. It is something like scaring people into using other means to communicate (which are actually easier to get useful data from).

March 29, 2015 5:33 PM

Treadmill on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

Microwaves can fry a brain. It's one thing to eff up enemy combatants (though illegal), but quite another to do the same to your own civilian population.

Good Omens
Blow You Away: Crowley toys with the idea of conjuring up a hurricane to eliminate rival job applicants.

Bucky Fuller solution was round houses.
Dymaxion house - Wikipedia, the free encyclopedia
en.wikipedia.org/wiki/Dymaxion_house Cached
No Dymaxion house built according to Fuller's intentions was ever constructed and lived in. ... Graham built the round house on his lake front property, ...We have dystopian boxes and storm damage. They have to sell more problems and books about the problems and create problems explaining the other problems. 30 year debts and nothing for the future. Detroit could be building houses. They're fighting fires in thousands of abandoned houses. Waste water problems.

"Bucky designed a home that was heated and cooled by natural means, that made its own power, was earthquake and storm-proof, and made of permanent, engineered materials that required no periodic painting, reroofing, or other maintenance. You could easily change the floor plan as required - squeezing the bedrooms to make the living room bigger for a party, for instance.

Downdraft ventilation drew dust to the baseboards and through filters, greatly reducing the need to vacuum and dust. O-Volving Shelves required no bending; rotating closets brought the clothes to you. The Dymaxion House was to be leased, or priced like an automobile, to be paid off in five years. All this would be possible now if houses were engineered, mass-produced, and sold like cars. $40,000.00 sounds about right." http://bfi.org/about-fuller/big-ideas/dymaxion-world/dymaxion-house

More people are living in cars and more bad mortgages. Bend over.

March 29, 2015 4:56 PM

albert on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@MarkH
(LOL)google
Guy should be working at MI5, MI6, or GCHQ :)
.
@tyr
Gunshot detectors were a military development, for locating snipers by analyzing the noise of the rounds as they passed by; very sophisticated ("Sorry you're hit, Joe, but we got his location!"). All military products eventually find their way into local LE.
Microwaves can fry a brain. It's one thing to eff up enemy combatants (though illegal), but quite another to do the same to your own civilian population. Someday, it will be common knowledge that minimum acceptable RF exposure is much, much lower than is imagined today. As with ionizing radiation, it will be too late to help the victims.
.
@Nick P, and Clive, etc.
I'm sorry to say, they probably have sound injection systems in field use by now. Kinda gives new meaning to the 'voices in the head' phenomena which have existed for centuries. "I am the voice of your God; lay down your arms and surrender now! I promise you will not be tortured.".
OK, that was tasteless, but still....
.
ELF communications to submarines has been going on for many years; radio amateurs are communicating thousands of miles, with homebrew hardware. The ultrasonic speakers have been marketed.
.
Do you know if any experiments have been done with RF signals in the AF range? (Don't try this at home). A long time ago, I read about a guy who had success by applying the 1st or 2nd derivative of an audio signal to the scalp, via electrodes. Can't find a whisper today...
.
Best,
albert

March 29, 2015 4:32 PM

Johnny Zent on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

So with all the government's forensic cyber-ninja skillz, how come the contents of Tamerlan Tsarnaev's computer are inadmissible in court? Even the source of explosives documentation is suppressed.

Rhetorical question. The Boston Marathon cleanup crew is hard at work. When the criminal masterminds shot MIT campus cop Collier, the Officer Tippit of Boston, his buddy Dick Donohue got there right away. Then Dick Donohue got shot. By a lawman. Go figure. That big gunfight, nobody else on the blue team got hit. Another cop, John Moynihan, saved Donohue's life to the usual mawkish acclaim. Career-limiting move. Moynihan just got his brains blown out by a corny desperado.

Let's hope nobody but NSA put malware on Tam's computer. That could get really awkward, You know?

March 29, 2015 3:28 PM

Treadmill on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

Crime, once exposed, has no refuge but in audacity.
— Tacitus, Annals, Book XI Ch. 26

Explained quite thoroughly in Good Omens: "Security bases are like beehives; they make a great deal of effort to keep people out, but once you're in everyone just sort of assumes you've been cleared by management and let you go about your business. Entire species of insects have made a niche for themselves this way." Other Terry Pratchett books expand upon this by noting that you will always be let through if you carry a piece of paper and stare at it angrily while muttering to yourself. Clipboards are among the ultimate disguises known to man.
http://tvtropes.org/pmwiki/pmwiki.php/Main/SwissCheeseSecurity

Elvis in plain sight. There is an Elvis-themed slot machine, simply named "ELVIS." The lights behind the name first light up in proper sequence: E-L-V-I-S. Then, they light up in the order: L-I-V-E-S.

March 29, 2015 3:18 PM

tyr on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:


I see from some breathless headline that Hilary
is becoming quite technical. Claims she wiped
her server completely.

@ Clive

One low frequency sound effect is to be able to
tear the brain through exposure. This was found
in industrial workers who were exposed to machines
that generated them. The next time you hear some
idiot with a boom boom car go by this should give
you a new appreciation for the artform.

The shot detector is just buffered and continously
dumps its contents. Given the cheapness of modern
storage it is easy to have it record everything
and send it home. Best part is no one will complain
about being continuously monitored for their own
good. It would work a lot better if it was blanket
since the upper classes need to be safe too.

March 29, 2015 3:15 PM

Nathan on Security vs. Privacy:

If we weren't creating new enemies constantly, we wouldn't feel such a need for so much security.

March 29, 2015 3:01 PM

MarkH on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

UK PRISONER USED ILLICIT SMARTPHONE TO RELEASE HIMSELF FROM JAIL

http://www.bbc.com/news/uk-england-london-32095189

"...he had set up a fake web domain which closely resembled that of the court service's official address.


He then emailed the prison's custody inbox with instructions for his release.

The court heard Moore registered the bogus website in the name of investigating officer Det Insp Chris Soole, giving the address and contact details for the Royal Courts of Justice."

Neil Moore (the prisoner in question) has previously been convicted of fraud. Hmmm.

March 29, 2015 1:18 PM

Live (for the moment) in Silicon Valley on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@Clive Robinson

Thank you very much for answering my questions.

It appears that a dissociation beam (if that is what it is) has been used against me as a zersetzung tactic on about 20 occasions.

The general character of Silicon Valley as best I can understand it is that it is essentially a military base with a civilian overlay maintained as a sort of theme park. There are far more undercover cops than most cities and very sophisticated command and control systems have been deployed.

The physical space of Silicon Valley is integrated with the online space. It appears that the military buzzword of "network based warfare" has been literally put into practice.

The undercovers use psychological conditioning tactics in public spaces using ordinary things as stimuli. For example extra loud vehicle noises are more than likely to be caused by undercover cops than by anyone else. Vehicles are outfitted with special lighting that can be turned on to produce another source of stimuli. They normally travel in packs of several vehicles. They are not friendly and can be sadistic.

My best advice to anyone who lives in Silicon Valley is to be very observant. Look into the background of the scenes you are in. Watch for psychologically important moments, things that are important to you, and see if some other stimulus is being inserted into the background.

Every surface that can contain an impression can be modulated to acheive a purpose given enough money and a motive. Learning the basics of behavioral conditioning is a must for self defense, particularly if you work in high tech.

The main point I want to make is that Stasi zersetzung tactics are being actively used in Silicon Valley without due process. The rule of law under the Constitution only applies to the theme park layer.

March 29, 2015 12:51 PM

Nick P on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@ albert

"'Injecting' sounds directly into 'subjects' (victims?) using microwave/radio transmitters. Imagine speaking directly into someones brain. Gaslight (1944) anyone?"

That's not as speculative as you think. It was attempted during the MKULTRA project with microwaves and other techniques. Academics involved usually published data on the less, unsuccessful attempts. The results of a few were classified: possibly success stories they suppressed. The research was inspired by the Frey effect. Other avenues to look into include the controversial Neurophone and bone conduction.

I designed covert communication and manipulation techniques based on the same methods. Didn't get to field test them for ethical reasons. Figured I'd keep them in my back pocket for the event where the developing police state targeted me. Among other things. Their research moved into cults, private sector, and NDA academia after the shakedown. I'd be interested to see what they've come up with by now and how they're using it.

March 29, 2015 12:08 PM

Treadmill on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

In The Terminator, the world-ruling SkyNet computer attempts to defeat the human resistance by sending a Terminator android back in time to kill the mother of resistance leader John Connor before he was born; not only does the Terminator fail, it turns out that if SkyNet had not made the attempt, Sarah Connor would not have met John's father and John would not have existed. There are theories he may very well not be the original John Conner, and that John Conner was always supposed to exist, son of Kyle Reese or not.

Elvis and Jimi play Machine Gun
The titular character of King of the Unknown is a No Celebrities Were Harmed incarnation of Elvis. Ever since a supernatural mishap transformed him (into a fat slob) and forced him to fake his death, he dedicated his new secret life to a Men in Black-like Government Agency of Fiction known as the IRSU. In the all those years since his "death," he's been protecting a masqueraded world by kicking the collective ass of every supernatural evil imaginable (because All Myths Are True). Agent H, his Mission Control at IRSU, is a similarly still-living Jimi Hendrix.

Jimi is a Treadmill operative with Elvis. Treadstock will be at the Farm.

Then in Rise of the Machines, the Terminatrix reprograms SkyNet tech to awaken it, thus resulting in the Machine Rebellion, which ultimately leads to that same SkyNet sending back the Terminatrix to awaken itself...

March 29, 2015 11:48 AM

Treadmill on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

"The Destiny Trap: you can't change history if you're part of it."
— The Eleventh Doctor, Doctor Who, "The Time of the Doctor"

The 1986 The Twilight Zone episode "The Once and Future King" has the most awesomely absurd theory on Elvis - he was a wannabe lame easy-listening singer who was replaced by the high-quality time traveling impersonator who accidentally killed him. Elvis is not dead simply because he never actually existed, just the music: the result of a Stable Time Loop.

Logic Bomb Moments

In another Harry Potter comedy (Harry Potter and the Sword of Gryffindor by cloneserpents), Hermione steals a time turner for the purposes of "kinky sex" that will also hurt Death Eaters. This is explained by Hermione at the time saying that she sort-of got it through a time paradox, but not to worry about it. Later, Harry is sent to put it back in the Department of Mysteries at the same time as stealing it in the first place. On the way, he runs into Mad-Eye Moody, who says that the DoM is being guarded after the events of Harry Potter and the Order of the Phoenix and that he should probably not venture in there. Upon exiting in failure, Hermione suggests that he just give her the one that he had to put back. This leads to Harry having a Logic Bomb moment along the lines of "But you gave this to me after traveling through time... and I just gave it to you... where did it come from?!"
http://tvtropes.org/pmwiki/pmwiki.php/Main/StableTimeLoop

Vice Treadmill Agent Elvis is heading for Vegas to stop prostitution. Sex should be free, like people.

March 29, 2015 11:39 AM

albert on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@TheGuildsman, et. al.

An example of a LF transducer:
http://www.parts-express.com/aurasound-ast-2b-4-pro-bass-shaker-tactile-transducer--299-028
.
High-power audio freq. amps are small and cheap. Back in the day, they used motor-driven pistons or diaphragms for ELF work :)
.
More fascinating fields of study:
.
* Communication using high-power AF amps with antennas, in the below 50Hz range. Decent quality soundcards with preamps are used as receivers :)
* Providing audible sound using beat frequencies of two ultrasonic sources.
* 'Injecting' sounds directly into 'subjects' (victims?) using microwave/radio transmitters. Imagine speaking directly into someones brain. Gaslight (1944) anyone?
.
...

March 29, 2015 11:20 AM

Figureitout on Friday Squid Blogging: Squid Pen:

Clive Robinson
--Good point, but yeah I do think there needs to be a definition if we're going to make statements of "rarity" and what is and is not random. Otherwise, you have little standing calling out my solutions (w/o detailing your actual designs lol) and the assurances I can give and there's no clarity to the field at all (which there isn't lol). Again, everyone not doing the actual cracking will call it "trivially easy" or breakable; but I'll put those statements to the test lol.

Any chip solution should be w/in a well shielded environment, and using some kind of large battery or multiple "stepping up and down", we can monitor the power though, the RF...not so much (too many waves). Every wire is an antenna and surfaces/materials reflect RF weirdly and differently and you can get surprisingly good performance on PCB antennas (even better tagging an external antenna on it). Or mobile, at a random time, power level would be so low, and there'll be all kinds of other noise drowning it out.

So what does that mean? Well, barbed wire fence as far as property permits. Then shielding built into walls and windows/doors. Then a standard shield room and using inverters inside of the others outside the shield room. Then vet the people and go around scanning for stuff. So we can generally rule out these attacks and focus on the "meta-stability" circuit (since to be honest, it's the most fun/interesting rather than me drawing graphs of snail trails lol...).

Of course we should try preventing attacks of all kinds, except that involves locking everyone down. I say focus on passive and "fire and forget" attacks as an active attack could be as simple as someone following you home or just punch you in the face; they place themselves at a great risk too (blowback), then selling that info or just blasting their picture all over the web.

That last goal is too big. I say it's best to have so many honeypots and traps (which is where we're going) anyone will be scared to try something and "show their cards" and not having anymore cards to play...it works...you may know. :p Also having systems where certain exploits are impossible to run or dice up their exfiltration path so again they have to risk exposing themselves connecting it up again.

March 29, 2015 11:19 AM

Treadmill on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

Doom It Yourself: Newt takes this to the level of a superpower. He once got a joke circuit board that isn't supposed to do anything, and ended up building a wireless radio that picked up Radio Moscow.

Winds up as a Brick Joke when he "fixes" the launch computers, causing them to fail in spectacular fashion.

In Comeback Tour, a novel set in Games Workshop's Dark Future setting, Elvis is a Sanctioned Operative - a private law-enforcement officer - working in the backwater areas of the Deep South. At the climax of the novel, he ends up using his music to defeat the machinations of a Religion of Evil.

Elvis is a sanctioned Treadmill operative.

March 29, 2015 11:05 AM

Treadmill on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

Fifty Shades of Snowden

SAN DIEGO, June 26— A disgruntled computer programmer has been arrested on charges that he planted a destructive program in a plot to wipe out vital data on a rocket project and then get hired back as a high-priced consultant to repair the damage. http://www.nytimes.com/1991/06/27/us/computer-programmer-charged-in-sabotage-plot.html

Good Omens
Nice Job Fixing It, Villain: A minor example. Hastur escapes from Crowley's answering machine when a telemarketer calls the number, and proceeds to murder all of the people in the telemarketer's office. This causes a ripple effect of goodwill and contentment in the world because the telemarketers couldn't ruin anyone else's day.

All Bikers Are Hells Angels:

The co-Bikers of the Apocalypse.
Other bikers are literally Hell's Angels.
Although only Death is actually an angel (the others are Anthropomorphic Personifications), and it's not clear whether he works for Hell, Heaven, or neither — it would be next to impossible to tell and it all amounts to the same thing anyway.

Now were banking on Snowden, Putin and the Night Wolves to make this right?

There's another not quite as important to the plot; in a footnote, it is mentioned that one of four things published in a trashy tabloid is actually true, including the fact that Elvis works at a burger joint. A little while later, Famine visits a restaurant and there's a man flipping burgers... with a cowlick... singing Hound Dog. You do the math.

March 29, 2015 10:11 AM

Treadmill on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

Kids! Bringing about Armageddon can be dangerous. Do not attempt it in your own home.

The Alleged Computer: Newton Pulsifer has a singular knack for machinery, which is the knack of failing absolutely to make them do what he wants them to do. And he always buys the worst. His computers somehow always manage to be the early model with the hopelessly flawed chipset or the bug-ridden OS and the like. And don't ask about his car.

Delusions of Eloquence: The Three have big ideas, but are frequently undone by their own misspellings.

http://tvtropes.org/pmwiki/pmwiki.php/Literature/GoodOmens

Newton Pulsifer, AKA Newt was born in Dorking, Surrey. As a boy, he was always rather proud of his sloppily assembled model airplanes and his electronic experiments.

New Ariane 5 failure (S 21 5:15); More on Ariane 5: conversion from 64-bit floating to 16-bit signed caused Operand Error (R 18 27-29,45,47); Note: Matra made software for Ariane5 and Taipei subway system (S 21 5:15); Incidentally, Robert L. Baber, Univ. Witwatersrand, Johannesburg, suggests you browse http://www.cs.wits.ac.za/ bob/ariane5.htm - showing how a simple correctness proof could have avoided this problem.
https://www.cs.ucsb.edu/~cappello/courses/cs10/lectures/ariane5.html

Things are so complex that human error was 10 years old.
"The original requirement acccounting for the continued operation of the alignment software after lift-off was brought forward more than 10 years ago for the earlier models of Ariane, in order to cope with the rather unlikely event of a hold in the count-down e.g. between - 9 seconds, when flight mode starts in the SRI of Ariane 4, and - 5 seconds when certain events are initiated in the launcher which take several hours to reset. The period selected for this continued alignment operation, 50 seconds after the start of flight mode, was based on the time needed for the ground equipment to resume full control of the launcher in the event of a hold."

March 29, 2015 8:33 AM

Rob on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

Is it time to give whitelisting a fair shot?

I know THEY say it's impossible, but is it really?

I bet the average user has a whitelist of no more than 100 urls they use 95% of the time.

So, if you start out blocking all, then have a simple pop up to whitelist, it seems to me in short order 95% of browsing and surfing would be available.

For those where some data is wanted only temporarily, a site could get a 15 minute whitelist, e.g. the weather report in Topeka.

March 29, 2015 4:57 AM

Clive Robinson on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@ Nick P,

I'm fairly certain that Richard Helms saw himself as a patriot when authorising experiments and later when --supposadly-- destroying the records. Which does not mean that the experiments or similar have not nor could not happen at another time or place, especially if people believe there is money to be made either in the LE or Entertainment industries. It was after all defunct research into the "death rays" aspect of early radio transmission and later radar etc that eventually gave us RF heating for drying, cooking, welding and diathermy and beauty products for permanent hair removal and other usefull things such as radio navigation systems.

You can make your own infrasound generator using the sort of "base speakers" "car pimpers" favour and long length rigid plastic drain pipes --say twenty foot either side-- as matching stubs. You would need a "bridge" amplifier with the highpass filters removed or modified. There is almost certainly a "maker" or "howto" article on it on the net somewhere to use as a starting point. Just remember to use "rock wool" and multiple layers of lose hung cloth between you and it to act as a sound absorber "just in case". In theory you could use a "pulse jet engine" as an ultrasound generator of very high output power, but they are dangerous toys at the best of times, prone to explosions, flame outs and self destruction due to the vibrations they create shaking them appart.

One thing we do know about ultrasound is the distances it can cover with the likes of volcano explosions being heard/felt thousands of miles away. Importantly it can get down into rock and use it as an efficient transmission medium. Likewise when sufficiently deep in sea water etc it can quite easily travel around the globe (do you remember the explosive device put in pre Appolo space capsules set to explode when at sufficient depth so that it would provide a fix for recovery?).

So if you could modulate an ultra-sound signal with data and couple it into a buildings main structure, then yes it might well travel down through the foundations and out (stranger things have been known). Whilst not ultra-sound old linear powersupply transformers certainly could be felt and seen responding to step changes in load, and this would spread out via the chasis and rigid floor mounts to be seen as ripples on cups of tea / coffee on adjacent desks.

As I've said several times in the past all you need to get information out of a system is a source of energy, a transmission path and a way to impress the information on the energy. As long as the information rate is less than the channel bandwidth the "information will go wherever the energy goes"...

With regards terrahertz systems they can find channels through even the smallest of gaps such as those in wire mesh used for shielding air vents etc. Provided such signals can find a way in and there are susceptible nonlinear components that will respond to them, then modulation impressed on such carriers will "get in the box"...

March 29, 2015 3:58 AM

Clive Robinson on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@ Live (for the moment) in Silicon Valley,

Could this technology induce a dissociative feeling like inner ear problems which cause a loss of balance? Could it penetrate a car with the windows up or through the walls of a building?

I don't know about loss of balance, the effects originaly reported was at low levels itching, going up through feelings of having ants running all over exposed areas of skin. Animal tests (pigs) caused other effects through to fits, colapsing and death due to effects on the autonomous nervous system. The beam convergiance effect of two narrow beams allowed individual targeting of animals in groups at considerable range. The idea at the time was to develop a non-leathal crowd control device that enabled "ring leaders" to be incapacitated.

Like many such directed energy weapons the level between leathal and incapacitating is small compared to the variability caused by individuals, ordinary clothing, etc. This is one of the main reasons directed energy weapons for non leathal "crowd control" use tend not to make it off the starting blocks, because it's way to easy to inflict death or permanent injury with them. It's also the failing of other "non leathal" weapons such as "plastic bullets" and tazers etc which have caused death and permanant debilitating injuries.

Sound beams tend not to go through solid objects and retain their coherence so glass and even plastic sheeting will dramaticaly reduce the effectivness of such systems. However the difference frequency effect does not require cohearent beams to work. Thus an alternative use fot the technology was touted to protect high security areas. You could have a "glass walled" room with file cabinates etc in it, anyone entering the room would start to feel the effects on their exposef skin, however a security guard etc could walk around outside and look in without suffering effects. The catch of course is similar to that of crowd control which is "what if a person has no exposed skin?"...

As for getting into or out of enclosed spaces, like all energy devices it depends not just how the enclising material is physically arranged but also on the properties of the enclosing material in terms of transmission, absorbtion and reflection, all of which vary with the frequency of the energy. So what works at one frequency won't at another and vice-versa.

Also few enclosed spaces are actually "fully enclosed" they have gaps around access points, slots etc for ventilation etc.

Whilst I've had no occasion to try it with ultrasound, I do know from EM experiments, you can use one or more microwave signals to get through ventilation slits, and non linear components --such as protection diodes-- will "envelope demodulate" an impressed modulation, and re-radiate the demodulated signal from tracks and traces within the enclosure... So there may be ways that similar effects can be done with ultrasound, but how effective or reliable they might be I can not say.

March 29, 2015 3:09 AM

Mike on New Zealand's XKEYSCORE Use:

Millions of hard-working tax-paying citizens paid for a hugely expensive spying machine which can spy on everyone. It's justified in the name of terrorism and 'national' commercial interests so as to benefit those citizens. Then it's used to give an individual a personal and financial advantage. And no-one is surprised/bothered? Now THAT IS news worth talking about. And being ashamed of.

PS: I've just spotted my typo above. "Justified in the name of terrorism" heh heh heh.

March 29, 2015 2:34 AM

TAILS Linux WARNING v.1.3.1 (re: tails-autotest-remote-shell) on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

In TAILS 1.3.1, The developers have moved the file:

'tails-autotest-remote-shell'

from /usr/local/sbin/ (where 'do_not_ever_run_me' still resides)

to:

/etc/init.d/
/usr/local/lib/

Delete the file or rm && touch && chmod -v 000 it (warning: this isn't a cut and paste command) before connecting TAILS to the net. The same method and warning applies to the file 'do_not_ever_run_me' which, like the remote-shell file, should not exist on a distro let alone a distro like TAILS. The package 'Whisperback' should be removed as well along with the directory: /etc/whisperback

There are only a few tips out of many, imo there are other 'problems' with this distro as well.

You are warned.

March 29, 2015 2:25 AM

Dines With Dingos on BIOS Hacking:

Real Programmers don't pussy around soldering BIOS chips to motherboards. Real Programmers arc-weld them to spooks.

March 29, 2015 2:24 AM

Clive Robinson on Hardware Bit-Flipping Attack:

@ Sooth Sayer,

Parity problem of 80's was ONLY and ONLY and ONLY solving the alpha-particle failure in DRAMS

I suspect you are not reading original sources from the time.

Firstly "bit flipping" was known to happen in more than just DRAM, it was known in MSI logic with the likes of latches that were also used in registers and other RAM. Go and look up meta-stability, it occurs about one in a billion operations even with careful memory element design so was seen quite frequently even in 1MHz clocked systems. I once posted one of the few articles I could find online about it here and you can find a conversation resulting from it I had with RobertT when I was trying to find more information on elements used in chips for generating random bits.

You will also find on line information on how even simple gates suffer from "analogue" problems as signals aproach the state change band at their inputs. Due to where the state change band is in CMOS logic, there were bias tricks you could use to turn the gates into amplifying stages. I have a Motorol CMOS book from the early 1970's with an application note that goes into quite some depth on this, and I'm sure I'm not the only person with it.

You will also find conversations on this blog about the security implications of logic's analog behaviour with regards to leaking state change information out from one part of a chip to another via what in effect looks like "cross talk". If you go and look at the analog elements that go to make up DRAM you will see that they are liable to this transfer of energy from one analog element to adjacent elements...

The reason atomic particles got the news back in the 70's and 80's was due to the "Space Race" moving from political and military arenas into major commercial and amateur arenas (the last time I remember it doing major news in the electronics industry was a year or so before the Piper Alpha disaster, and my then boss getting woried about the new RTU designs we were making for the oil industry).

Whilst we thankfully get few atomic particle issues on earth there are many many more in space (see reports about astronauts getting visual flashes even with their eyes closed). There were micro controlers specificaly designed for hostile space use such as the RCA COSMAC 1802 using a Silicon on Saphire (SOS) designed with the the help of Sandia National Labs to reduce not just the radiation issues but the analog issues as well which made the radiation issues worse. Although designed in the early 1970's the 1802 is still in use in new equipment designs today and second sourced via Harris. If you can get a copy of the original extended data sheets and application notes you will find information about how BOTH the analog and radiation issues that made them worse were solved.

As @ Nick P points out there is a lot of forgotton knowledge from those times, which just does not get taught any longer, and we are having to re-learn it either the hardway --re-invention-- or by finding and reading the documents of the day. So you might want to get ahead of the game by going back to those old documents.

March 28, 2015 11:08 PM

Live (for the moment) in Silicon Valley on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@Clive "As I've mentioned before microwave sound can be generated and beamed just like EM microwaves."

Could this technology induce a dissociative feeling like inner ear problems which cause a loss of balance? Could it penetrate a car with the windows up or through the walls of a building? Asking for a friend.

March 28, 2015 10:55 PM

Nick P on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@ Clive

Infrasound is indeed very interesting. My first exposure to the info was in my digging on MKULTRA. They considered it for use as a directed energy weapon. They mentioned enough energy in it could crack solid structures. Not sure as I didnt do further research on it.

Im reconsidering now that Ive seen the research you referenced. I saw it a few months ago, esp the ghost perception, and thought "what if they saw those effects and wanted to employ them in manipulations?" Can't find out thanks to one Richard Helms. (Sigh).

Yet, second question came straight out of the ultrasound EMSEC-style attack that one guy came up with: infrasound for leaking secrets. Worth looking into. That we both were thinking on it a bit usually means it's important. Need more research into that and pretty much any other wavelength majority of attackers can afford to use.

While we're at it, what do you think about Terahertz or Millimeter waves that are seeing industry investment? I think someone will consider using them for emanation attacks or remote sabotage.

March 28, 2015 9:08 PM

sooth sayer on Hardware Bit-Flipping Attack:

I used to think CLIVE is CLEVER .. but i just learnt after 10 years that he is HOT air and nothing else.


Parity problem of 80's was ONLY and ONLY and ONLY solving the alpha-particle failure in DRAMS .. so was the single bit correction solutions .. not this finding ..

March 28, 2015 8:08 PM

Don on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

Shot detection is simply another mass surveillance and control technique targeting minorities and the poorest inhabitants.

Too bad there aren't parallel techniques for detecting and isolating crooked bankers downtown. Maybe something to measure the screams of target-sheep as they are being fleeced.

March 28, 2015 7:14 PM

Fig on BIOS Hacking:

Better to disasseble the laptop and remove mic altogether. Grab the camera as well when you reach there.

March 28, 2015 5:53 PM

DB on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@k10, @Clavier re ShotSpotter

Let's ask a question: How on earth does a system record all the voice within the vicinity of a gunshot "two seconds before a gunshot and four seconds after a gunshot" unless it ABSOLUTELY CAN hear and separate ALL VOICE EVERYWHERE to begin with?? They are clearly using Clapper's definition of "collecting" here on their claims, if you just think about this logically.

Of course strictly speaking it only needs a 2 second buffer (since I don't think it includes a time travel device) and it might not permanently store everything, to fulfill that... But then it seems like a simple software and storage upgrade (or bandwidth upgrade to get it to Utah) to actually do recordings of all conversations everywhere. Who's to say NSL's haven't been served to do this already, and the company is forced to lie about it (even under oath just like Clapper) or go to prison?

March 28, 2015 5:05 PM

Clive Robinson on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@ The Guilds man,

The first question to ask is "If you can hear it can others?".

That is when you have other people in the building do the sounds stop? or can they hear them as well?

The reason for asking this is it might give you a clue as to if you are also being watched and if so from where.

By the way humans hear with rather more than the holes on the side of their heads, which can make for interesting entertainment.

Infra-sound is generaly considerd to be frequencies to low to hear via the holes in your head, but your guts and bones quite happily pick up on it. It is known that infra-sound can not just give you an uneasy fealing, it can also if the level is high enough interfere with you GI tract and can quite literally "shake the cr4p" out of you.

It can also be used to make you think you are moving when sitting in a chair etc. Some years ago experiments were run to see if film goers could be made to feal more part of the action. It kind of works on similar principles to those fair ground flight simulators that simply tip you forwards and backwards side to side and lift you up and down. Because your body cannot measure the absolute value only changes in value in a limited bandwidth, it can be tricked into thinking that it's moving continuously when it's not. The idea was to use infra-sound instead of moving seats, thus you could feal blast waves earthquakes etc.

The problem with infra-sound is it's wavelength, the speed of sound for most of us is around 330m/S so at 20Hz and below the wavelength would be greater than 17m, which would require large physical structures to generate efficiently with conventional techniques, thus they would usually be fairly visable if you know what to look for. However there are active radiator methods where the waveform can be synthesized but these are still leading edge technology.

Now a thought for you "When is a wave not a wave?" and one of the answers to this is "When it's an interferance pattern".

As I've mentioned before microwave sound can be generated and beamed just like EM microwaves. Thus two 20Mhz ultra-sound signals can be used to point at you, either beam on it's own does little, however if both beams are used at the same time and the response of what they are aimed at is nonlinear then the two signals will produce an interferance pattern at the surface of the nonlinear object. So if the frequencies were marginaly different then a difference frequency would be produced in the nonlinear object.

Human skin and flesh is quite nonlinear as are the joints between bones. You can thus quite literally "feel sound" as touch nerves get stimulated in their pass band. However it has been found that when the difference frequency is similar to that of certain of your brain waves just as wiwh flashing light it can induce fits and seizures, and ultimately death...

More recent experiments have been in the direction of "holo-touch" whereby your nerves can be tricked into making you feel a surface not as smoth metal but textured like cloth etc.

Now obviously if you pick the right ultra-sound frequencies you will have frequency bands where your flesh is effectivly transparent but your bones are not. If the difference frequency is in the audible spectrum then your skull bones vibrating at this frequency will be heard by the inner parts of your ear. As it's highly unlikely to find a microphone with similar transmission and absorbtion spectra it would not pick up the interferance pattern.

This effect has been used in reverse in the past to effectively jam surveillance mics of various kinds including those laser mics. Thus would also jam the "crisp packet / plastic cup" video microphones as well.

Whilst I'm not saying anything like this is being used against you it does give you some idea of what difficulties you might have in detecting a high skill level adversary.

Another thing you need to be aware of is that the human brain has "insulator" problems, it is known that in some people that abstract ideas can have attached sounds or colours. That is for instance even though printed in black and white, a person might see words or numbers as being coloured. The argument is that the brain suffers from "cross talk" or similar, whatever the cause it effects around 1 in 70 people to some extent and chemical substances can make the problem worse.

For instance people with "word blindness" have a higher likelyhood of having this problem which is why people have experimented with coloured glasses to see if it can help overcome the issue. What has been reported is that the likes of CNS pain relief drugs can in even sub clinical doses make the cross talk problem significantly worse. It's often reported as auditary or visual hallucinations and some pain relife drugs such as Tramadol can cause them in around a quater of the population.... There are also other quite common chemicals that you can come across as "flavorings" that can do the same thing, such as spices like mace which is the outer shell of the nutmeg, alcoholic drinks such as tequila and absinthe and even some more traditional cooking herbs such as sage. Oh and then there is the issue of smell, people say it is very evocative and can bring back forgoton thoughts and memories, evidence suggests that smell can have fast and deep effects in the brain, and there is some evidence that hallucinations can result.

So what you may be experiencing might not be what you think, it could be something else in your environment causing minor auditory hallucinations. If it is, getting to the bottom of it might be as difficult as finding which food allergy causes IBS etc.

March 28, 2015 4:53 PM

TheGuildsman on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@k10

"And @TheGuildsman, is another person, or an animal, able to hear what you're hearing?"

Thank you. Yes. Actually right now I am out of town and my sister is staying at the house. The sounds are keeping her up at night as well.

@albert

"I don't know what kind of house you live in. A single-family, detached unit would be easy to investigate. HVAC ducts are an ideal way to feed noise throughout a building. Super-low frequencies can be applied mechanically, or electro-mechanically. Such devices need power. "

Thank you. It's the last house in a row of town houses, attached on one side. I do believe the HVAC ducts are being used since the sounds are "in the air" and there doesn't seem to be a single source. I am having a HVAC specialist come in with a camera to examine all the ducts. In the meantime I haven't been able to find any suspicious looking wires. Will try turning off the power as AudioJack suggested to at least pinpoint inside/outside as the source.

March 28, 2015 4:28 PM

ConcernedCitizen on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@DB

The "in the future" point you make in re: a time limit makes sense. Still, taken at face value, it means you effectively can't work anywhere in the world for 18 months. Most courts are going to hold that they need to pay the piper if they wish to call that tune.

March 28, 2015 4:28 PM

k10 on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@Clavier, someone may already be one step ahead, on technique for gaming the shotspotter conversational audio, or other recorded audio. 3x now I have noticed a pair of people get up close to me, whereupon one starts addressing the other about illegal behavior, while the second stays silent. Maybe it's just coincidence, but if deliberate, would it work?

And @TheGuildsman, is another person, or an animal, able to hear what you're hearing?

March 28, 2015 4:11 PM

DB on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@ConcernedCitizen, @NothingNewHere

This is just a classic overzealous legal document trying to strip you down to less legal rights than trees, in order to cover the company butt just in case they feel the need to use it against you for any reason! These kinds of documents are everywhere, every service or software you use has one. It's usually tiny print, very long, and you must scroll to the bottom and click "yes, I agree" or sign your name if it's not an online document.

@MrC is hopefully at least partly right, in that many parts of such overzealous documents are unenforceable. I don't have complete confidence in that though... There's too much injustice in our world.

By the way, with that wording about "in the future"... it's referring to future products/services, not extending the time period of the non-compete to forever. There's still a time limit to it. But yeah, during that time period, it tries to cover virtually everything in existence, or in future existence.

March 28, 2015 3:35 PM

ConcernedCitizen on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@NothingNewHere

Sorry to be so late to the party. Amazon's non-compete is even worse that most people are pointing out (here and in other places). It doesn't just preclude the worker (even seasonal warehouse workers) from working in a warehouse type operation but for a business that sells any product of service that Amazon sells now or may sell in the future. Essentially, anything. Therefore, Amazon can argue that almost any gainful employment is a potential violation. It is so absurd, I'm not really sure I understand the logic of it's existence.

March 28, 2015 3:28 PM

Guest on BIOS Hacking:

I've been looking for laptops with a hardware switch for the mic, or a mod to add it. This should help prevent the bioses from communicating at night, and the advertising companies, spooks and exes from improving the UX...

March 28, 2015 3:28 PM

steve37 on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@TheGuildsman

If you need a low noise recorder for relatively low level audio
I would suggest the Olympus LS-11 or the Sony PCM-M10.
They are not very cheap.
Use always 24 bit linear PCM mode and remember
NOT to use (switch off) the low cut filter.
I have the LS-11 it can definitely record
20 - 44.000Hz in 96 kHz mode.

March 28, 2015 3:01 PM

albert on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@TheGuildsman, et. al.

The Sony you mentioned is adequate for recording:

50 Hz - 20 kHz @ 44.1 kHz Sample Rate / 16 Bit LPCM
50 Hz - 18 kHz @ 44.1 kHz Sample Rate / 192 kbps MP3
50 Hz - 16 kHz @ 44.1 kHz Sample Rate / 128 kbps MP3
50 Hz - 14 kHz @ 44.1 kHz Sample Rate / 48 kbps MP3
60 Hz - 3.4 kHz @ 44.1 kHz Sample Rate / 8 kbps MP3

You don't need a lower freq. response for 'female voices' and 'chants'. Sensitivity specs usually aren't given on low-end stuff like this. The Zoom products are excellent value.

15-20 Hz is considered good low-end performance for digital recording, BUT below that is gonna be _very expensive_ to record.

I don't know what kind of house you live in. A single-family, detached unit would be easy to investigate. HVAC ducts are an ideal way to feed noise throughout a building. Super-low frequencies can be applied mechanically, or electro-mechanically. Such devices need power.

Do let us know your progress..
...

March 28, 2015 2:57 PM

Suckpoppet on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@A Nonny Bunny

Why does it have to be "obviously-fake-to-anyone-but-an-algorithm"? Change 45 to 35 at one location, 45 to 55 at another. Humans en masse will do the rest. Use the actual speed limit signs, just slap/spray on your own home-printed digits....

Teenagers of the future: why egg or TP somebody's house when you can screw up a whole city's road network?

Ah, good times ahead at the intersection of Assymetric Avenue and Delinquent Drive.

March 28, 2015 2:42 PM

Wael on Yet Another Computer Side Channel:

I don't believe thermal side channel information leakage emanating from a general purpose platform as described in this article is a viable attack.

March 28, 2015 1:22 PM

A Nonny Bunny on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@Ted

In the latest Ford iteration of automated driving a camera reads speed limit signs and literally slows the car down if the driver is driving too fast. That free will decision is gone.

Cool, so all I have to do to cause a traffic jam and/or accident is to put up an obviously-fake-to-anyone-but-an-algorithm speed limit sign?

You can turn the feature off though. (According to http://www.telegraph.co.uk/cars/ford/news/ford-introduces-automatic-speed-limiter.html )

March 28, 2015 12:39 PM

Jeff on Can the NSA Break Microsoft's BitLocker?:

@ACD

I agree - that is a great point. And what about BitLocker-encrypted flash drives? How can these methods obtain encryption keys for such devices?

March 28, 2015 12:38 PM

WhoCares on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

There was this news in the Portuguese media regarding a leaked manual of operations belonging to Portuguese secret services SIS

An article can be seen here and here .

Here is a rogue translation for the above article:

(...) Besides procedures for collecting information through open sources such as internet searches, information retrieval can be based in the interception of electronic communications, radars and other electromagnetic signals. This can be seen as ilegal wiretapping (...)

(...) Telecommunications interception is done using "environmental taps" using microphones, devices installed in the cellphones, or by installing programs that permit the extraction of data from emails or a computer. This has been confirmed by sources at SIS (...)

(...) Human research is another procedure described in the manual. The agent should adjust the approach to the target taking into account his profile in order to capture information in greater detail. Human research does not relate only to persons but also to institutions and companies. In all cases the profile, caracter, vulnerabilities and motivation of the target must be considered. Capturing and controlling a human source is vital in the secret services strategy (...)

(...)The manual highlights the importance of human sources managment for collecting information. Monetary motivation should be preferably used so that a longer and efective control can be achieved. This type of procedure should not be considered as a mere knowledge exchange for favours or money (...)

Near the end the article raises several questions:

"(...) Can it be that the constitutional rights of the Portuguese citizens are being violated by SIS procedures.? Does the interception of communications described in the manual qualifies as an illegal way of conducting illegal wiretaps and surveillance taking into account that such procedures must be always authorized by a a court, eaven those executed by Policia Judiciaria? Aren't these procedures only allowed to the criminal police? (...)
And finally
(...) Julio Pereira, secretary general of SIRP refused to comment (...)

Also an interesting fact in the printed version of "Jornal o I" and it goes moreless like this:

(...) Agents using payphones should always dial another number after ending an operational call so that phone number cannot be unmasked by pressing the redial button (...)

This leak seems to happen for a reason. Don't know if you guys have heard about the so called "Super-Espião" regarding Jorge Silva de Carvalho. He was an agent of SIED and is being accused of illegaling
accessing the cellphone records of a journalist. The records have been retrieved by a female employer of Vodafone. The trial is scheduled to start at the 9th of april.

These services have a STASI-like mentality. It reminds me of those employed by PIDE , the political police that existed before the Portuguese revolution, famous of having one of the largest network
of snitches. Nowadays they call it "Human research". Seems like it's extintion really never happened.

It's also known that these intelligence services have closed ties with secret societies.
It is a known fact that Jorge Silva de Carvalho belongs to the so called "Loja Mozart n.º 49 - Maçonaria Portuguesa, da Grande Loja Regular de Portugal"


March 28, 2015 12:38 PM

DB on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@TheGuildsman

Ambient noise can absolutely mask sounds in a recording, that human ears can easily pick up. This is often underestimated. You really need to eliminate those other sounds to pick it up with a recorder.

To illustrate what I'm saying, try this: have someone speak softly to you, while some moderately loud music or something else is playing. You can probably hear them fairly well, and understand what they're saying. Now cover one ear. Tightly. So that basically no noise enters one ear. Suddenly, you can't understand what that person is saying....

That's because the brain does an amazing thing with the ears... it calculates highly accurate directionality and distance, and separates sounds quite well based on it, allowing you to ignore one and concentrate on the other. But it needs two ears to do it. Recordings don't do this at all, and things played back from a recording just jumble everything together and spit it all back out at the speakers. Stereo recordings do improve the situation somewhat over mono recordings, but nothing close to what the human ears and brain do to the original. This is why studios concentrate so much on eliminating ambient noise, even with noise-absorbent foam on the walls and everything.

This actually brings up a possible way to deal with the "revenge" noise, if it's keeping you awake at night: sleep on your side and bury one ear in the pillow, or use one earplug. Don't cover both ears, because then what little comes through can still be separated by the brain. Just cover one ear. And have a good night's sleep, finally.

March 28, 2015 11:47 AM

AudioJack on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@TheGuildsman

The recorder is a Sony IC recorder. ICD-UX533 about 80 $us. I was told it was good quality for voice and music. What do you think?

I looked up this recorder and read a review. This is a "voice recorder," a device class which is great for recording memos, meetings, etc. It's not the greatest for music, film sound, or other high-quality uses, but you can still use it for these purposes with the right settings. The ICD-UX533 has some quality limitations: only 16 bit, no 24 bit audio; and only 44,100 Hz recording, but no 48,000 Hz or 96,000 Hz. The other mics I linked to in my last post don't have these limitations. Without having used a ICD-UX533 myself, I have no idea what the quality of the actual hardware microphones is like, which is the most important factor.

That said, you should be able to record something of these mystery sounds you're hearing on the ICD-UX533. Make sure you set it to record in WAV/PCM format (not MP3, WMA, or AAC), this is most important. This mic has a "cardioid" pick-up pattern (sort of an upside-down heart shape), so it's somewhat directional and helps to point it in the right direction if possible.

I forgot to mention that there always seems to be some ambient noise from the hvac vents in the house. Not loud enough to disturb normal conversation but it always shows up on the recordings.

HVAC and refrigerators are a constant problem for anybody doing recording. See if you can turn it off somehow. Also, try to point your mic in the direction of the sound, if at all possible.

I gave up on the laptop because...

Yes, give up on it, laptop mics are always terrible and you're probably also dealing with the sounds of the laptop's own fans.

Can some sounds, like the air from the vents, or perhaps other sounds that they might broadcast, mask other sounds or is it fair to say if I can hear it with my ears I can record it?

Yes, masking does happen. It's possible your HVAC is masking out the sounds completely. This is a volume level issue. If the mystery sounds are quieter than the HVAC, you might not be able to hear them on the recording so easily, especially with only a mono mic.

Surprisingly the surveillance camera, which is a DLink, has quite the ability to pick up sounds of all sorts and I assume a wide range of frequencies. ...it shows me a range of frequencies from about 20Hz to over 10KHz. ... So the question is, if I can see that range of frequencies should I be able to hear the mystery sounds as well?

10 kHz is not very high frequency at all. That system will miss a lot of higher-pitch sounds. The recorders I linked to in my previous post can pick up much higher frequencies, and so can your ICD-UX533 in WAV/PCM mode.

Would a good mic help with a not so good recorder?

Your audio is only as good as the weakest link. Just like with security! If you have the best mic with a low-quality recorder, you'll get low-quality audio output. But if your recorder (I assume you're talking about your ICD-UX533 here) is using a low-quality mic by default anyway, which may or may not be lower quality than the recording hardware, then plugging in a better one will help.

If you still can't get a recording of the sounds, you might need to upgrade to a better recorder. Or locate the source of the sound.

March 28, 2015 11:31 AM

Clive Robinson on Friday Squid Blogging: Squid Pen:

@ Figureitout,

And don't hurt my snails! Meanie...

I wouldn't dare, my son used to keep snails as pets, like some keep worms / catapilers etc.

I blaim Terry Pratchet and his "Wee Free Men" for this, that said a Greek friend showed him how to "farm" them properly...

Getting back to information entropy or random / unpredictable number generation. Does their need to be a hard and fast definition of "what it is", when by and large the most important charecteristic we desire of it, is "what it is not" (ie predictable).

The Die Hard and Harder tests are considered the lowest bar of acceptable behaviour by cryptographers, and most hardware generators fail to meet them by quite a large margin, hence "Magic Pixie Dust" thinking of using "hashing" or other low level crypto algorithm.

Thus the question arises about our reasoning behind such tests.

If our reasoning is questionable or wrong what should we be considering...

Now my view is we should consider other things as being rather more important which is preventing both passive and active attacks.

Thus my view is we should be analysing our supposadly unpredictable sources for changes in general behaviour as a prefrence to some low bar test for limited types of predictability, that can easily be beaten by standard crypto functions.

March 28, 2015 10:59 AM

Clavier on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

Is NYC’s new gunshot detection system recording private conversations?
http://fusion.net/story/107298/is-nycs-new-gunshot-detection-system-recording-private-conversations/

The exchange, which was used in court, was recorded by ShotSpotter, a gunshot detection system that has been installed in over 90 cities across the country. By placing a series of microphones around high-crime neighborhoods, the system is able to pinpoint the location of where a gunshot took place with surprising accuracy, leading to faster response times from police. This week, 300 of the microphones were activated in Brooklyn and the Bronx as part of a citywide pilot program...

March 28, 2015 10:46 AM

Thoth on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

I wonder how the US Govt feels when their agencies uses weakly escrowed algorithms and chips in their "high security" products .....

Link: https://threatpost.com/fbi-pleads-for-crypto-subversion-in-congressional-budget-hearing/111860

It would be interesting if NXP, Atmel, Intel, Harris Corp, et. al. were to suddenly flip on their beds and decided to give the Govts a taste of their just desserts.

Just a thought, a lot of "Security Products" are actually "full of holes" and that includes escrows and backdoors and somehow these "Security Products" manages to find their way into Government contracts and get implemented into critical systems. I am currently somewhat aware that certain products I have seen actually may have backdoors, escrows or weakened and somehow manages to slip into a lot of highly critical financial and Governmental sectors (including a possibility of defense sectors of certain probably unsuspecting nations) and touted as a critical product.

Some of the usual culprits are cryptographic chips and Privileged Identity modules that are contributing to lots of holes.

March 28, 2015 10:18 AM

Grauhut on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@Benni: Its even worse with Decix security. They already started to check if they are working in a lucid TAO Bells illusion matrix. :)

"Sensburg: viruses, Trojans?

Landefeld: Good question. If switch or OS would be compromised, this would eventually work. But still requires that they have line for drainage. ... Have begun to check meter readings on each port. Core is big black box that has to have the same amount of data in and out. Very difficult, currently in implementation.
...
Some have their own infrastructure. Colt, Level 3, telecom, [Heag?] ASG."


If they dont trust the snmp port usage numbers of their own infrastructure anymore and begin to measure these numbers outside the ports, then this smells like a real fubar os matrix... :D

March 28, 2015 8:24 AM

Figureitout on Friday Squid Blogging: Squid Pen:

Clive Robinson
--Yeah I'm familiar, and I'm not sourcing my entropy from same places. It requires very active attacks to "intercept" my local sourcing methods (which gets into the realm of "aliens reading my mind"). For the record, I'm of the belief that w/ enough study, there is no randomness. The amount of work for me compared to an attacker is where I like it...Yes dice are a way, but they sure do make some noise in a box eh?

Likewise you can make claims on something that doesn't have a definition, and make statements of something being rare when we don't know what is and is not random. You then make a point of "psychology pressure" and then say that some people need a lot more entropy. It sounds like "efficiency" and "market pressure" forcing an obviously insecure solution that I know you love.

I don't trust the key cert process at all and its underlying components anyway, never did (hence I generally don't trust all info I see on screen, just make due anyway), not even the people working in it trust it. They say it needs change (like an authority for the certificate authority...uh...), and that when companies fail hard and breach trust, nothing happens to them and remain in business delivering already hacked certs to whoever pays for them.

And don't hurt my snails! Meanie...

March 28, 2015 8:01 AM

Figureitout on New Zealand's XKEYSCORE Use:

P/K
--B/c I don't MACARONI CHEESE knowingly break CIA the law, there's too EBOLA many that doing DARKWEB anything (ie: you SATELLITE NATION couldn't even live) SOMALIA PIRATES you break one anyway.

Flamingo777 // Wesley Parish
--Hey! Stop trying to beat my high(xkey)score!

March 28, 2015 7:17 AM

Clive Robinson on Yet Another Computer Side Channel:

@ DB,

My intent wasn't to say "the world going to end if people don't XXXX immediately"...

No and I was not implying you were.

The problem is we get many vested interests talking up any security vulnerability they can for various reasons. Often the vulnerabilities don't warrant the attention the vested interests think they should have.

The result is as with the "boy who cried wolf" people develop "warning fatigue" where they just assume that all new warnings are being handed out by the vested interests and thus show little or no interest, which is the point your posting was raising.

@ ALL,

Personaly I know that "thermal side channels" are a real problem, as they exist due to "work" being carried out, and just as with One Time Pads where solving one problem justs creats another harder problem, trying to solve thermal side channel issues just moves the problem else where, often at a greater distance and easier detectorability.

For instance the example of active cooling by fan, the noise it creates not only goes around corners, the vibrations it sets up in objects happens at many times the distance radiant heat would no longer effect the same object in a normal environment like a hotel room. It would be upto the dimensions of the room which is getting on for thirty to fifty times the thermal range. Unfortunatly the vibrations have a charecteristic that enables them to be filtered out from other noises, and worse a laser mic could pick the vibrations up at over 150meters so in effect in the hotel or office building on the other side of the block...

But... the original idea of the fan is to reduce the thermal mass of the CPU heat sink as pasives tend to be large and thus expensive. The problem is the smaller the thermal mass of the heatsink the greater the bandwidth of the thermal side channel.

So double whammy, your fan can be detected upto around 150 meters through windows and bright sunshine etc, and due to the reduction of heat sink thermal mass it probably has ten to a hundred times the usable information bandwidth...

But further consider the fan is an electrical item and some are quite electricaly noisy. This noise will get back through the average computer PSU onto the utility/mains wiring... Modern "smart meters" have information bandwidths of more than 300Hz, and can --in theory-- be programed to send this information back out via the signaling protocol to where ever those with control of the signaling want it to go, so around the world would not realy be of an issue...

So the small financial savings made by switching from a passive heat sink to an activly cooled heat sink via a fan could have a major security implication...

And untill people start thinking this way the issues of poor information security will just get worse and worse with time. And as Bruce has remarked attacks only get better with time...

So thermal side channels are a major issue to think about in secure systems design. And even though I was sounding warnings last century people were just not interested. Thankfully now it is in the open it can be talked about in academic journals, not hidden away in TEMPEST and EmSec design and instalation manuals as it has been for a good thirty to seventy years... So time to play "Catch up quick".

March 28, 2015 7:04 AM

Jonathan Wilson on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

I haven't seen any mention of this on here
http://defencereport.com/australias-defence-trade-control-act-clamps-down-on-researchers/

I am not a lawyer or an expert on export controls but if my limited reading of these regulations is correct, this could harm not just researchers and scientists but anyone who works with "dual-use technology" (the definition of which is very much open to interpretation by the government and its agencies with no recourse if the government suddenly decides to restrict whatever it is you are doing, potentially even things you previously got an explicit OK to export before)

I have written a number of things that deal in cryptography in the past. I wrote a program to do offline decryption of the AES encrypted backups for the Nokia N900 phone for those people who have an encrypted backup and have the password but don't have a usable N900 to decrypt it with. I wrote a program to decrypt encrypted script files from a particular version of 3d studio max (I had an encrypted script file I needed to decrypt, hence why I reverse engineered that stuff). Under these new laws, what I did in making/releasing these things could now be illegal.

I currently work on a large mod for a PC game title. This mod contains encryption code. I regularly send compiled builds of this mod to others on the team for various reasons. Under these new laws, that could become illegal.

I am also involved in a project that deals with various security and encryption related software items on the Nokia N900 phone including OpenSSL, cryptographic parts of the browser, the stuff that manages the certificate store (which holds all the root certificates the phone uses) and the daemon and libraries that handle various WiFi encryption standards. I communicate with others about this stuff. Under these new laws, this could also become illegal.

And its not just encryption, I have seen suggestions that things involving robots with vision systems/image processing might be restricted under these laws. You can buy various addons for the LEGO Mindstorms robotics kit that involve image processing/vision systems. Does that mean that plans/programs/etc for LEGO Mindstorms robots are now restricted?

March 28, 2015 6:37 AM

Douglas on BIOS Hacking:

This technology is very real and I am a victim of it. It took six months for me to find out about remote access radio technology, but I just found out about it an hour ago. My PC was hacked in September of 2014. I must have reformatted my HD at least 50 times since then trying to harden my system before going online. But every time I would set up FR rules, the hackers were resetting them according to their preference. They were mainly concerned with using the TV software in my PC along w/ anything that had a remote element too it, FM radio, Ham radio, etc.

At the time, I thought that it was strange why they wanted these programs available to them, but after doing research, I found out that they are using remote access radio technology to hack me.

They totally shredded Windows to pieces every time I would reinstall it, but I got wise and switched to Linux OS which they can access and set up stuff to run on my PC, but they cannot shred it like Windows.

I was about to post last night on facebook about the fact that these hackers and along with their boss who is a member of the KKK were headed to Federal Prison. However, as I began typing my message and it became clear too them what I was about to post, my HD started spinning up. They were overclocking my PC to prevent me from posting that content.

What they were doing and are still doing is using my cell phone to use the radio waves from my cellphone to access my PC.

I read up on the technology and it states that this type of technology has about an 8 mile radius in which it will work. So I took my cellphone and turned it off and then wrapped it in aluminium foil and placed it in the trunk of my car which is about 50 feet away from my PC.

I knew for along time that this was a revenge hacker. But actually the hacker was not the person who was seeking revenge. The person who was seeking revenge is my ex father in law who is a member of the KKK.

I did not know this until after my gf became my wife. She was pissed at me for some unknown reason and she started telling me a story. I guess the story was designed to strike fear in me, but I did not sense it at that time. She said, "My father took me out to my great grandfathers grave and he said, do you know who is buried there? She said that's grandpa. And he went on to say, that's not just your granpa, he was a Grand Imperial Wizard of the KKK!"

I don't know what I was thinking, but I should have filed for divorce right then and there. But I said to myself, well, that doesn't mean that her family is still doing the KKK thing. That's just something in the past and I let it go at that.

I owed my ex wife some money and was not able to pay her back as fast as I could and that's when her father started proxy stalking me. He is well connected in east Texas and I was reminded by my ex wife and by her brother that I should never make him mad.

This guy began using microwave technology on me in 2009. I guess whoever had access to that equipment could only lend it to him for two weeks and that was it. I've told this story to everyone I know and every single person thinks that microwave hearing technology does not exist. Ah, but it does!

So what is microwave hearing technology? It is a device that uses microwave technology that is aimed at a person and then someone who is operating it, spoofs their voice so you cannot differentiate who is talking to you.

They were telling me to kill myself, and do all sorts of crazy things. At first I though I was having auditory hallucinations, but the voices were so clear. moreover, there was nothing about Satan nor God so I knew I was not having a hallucination.

But they or I should say, he used that as a form of psychological harassment to keep me up all night.

For the past 18 months I thought that he was tired of stalking me and got over whatever it was that was driving him to being nothing but a 57 y/o bully. But he struck back in 09-14 by having pro hackers use remote access radio technology to hack my PC.

At first, I just thought that it was a regular hacker, but they kept hitting my system over and over again. I thought, well, I'll just wait til 4AM and get on my PC and see if I can sneek past this guy, but nope! He was on my system in less than two minutes. And then I found out that it was more than one guy.

I found a bogus windows file extension in SYS32 folder and it had communication between the hackers. They talked about every time the client logs on which is me, that they need to set the timer on their system to reflect how much time they would spend harassing me. They obviously were getting paid by the hour.

There was another time that I was setting up Zorin which is a neat Linux distro, but they shredded it and made the screen go blank. After the screen returned to normal, the wallpaper was changed from a solid color of black to a busted up outdated typewriter.

About 6 weeks ago, I gave my ex father in law a call and he pretended not to know who I was. I remember specifically that I used "Spokeo" to get his name and address and phone number. At first, I was going to write him a letter, but decided to give him a call. I made sure that I waited until my roommate got home so he could hear our conversation.

About a week or so past by and then I noticed there was a new app on my galaxy 5. It had a website called mantra or something like that. I took a good look at it and it had my ex father in laws name on it, along with his address and the type of work he does.

He has the balls to place such damning evidence like that on my cellphone. But what he does not know is that the FBI can have a forensic expert find out how that app was placed on my phone. Moreover, the FBI will be examining this PC and the two others which were destroyed by the hackers.

Six long months have passed without the slightest idea of how someone could access my PC while it was unplugged from the Net and the WIFI switch was turned off. This was blowing my mind.

But I knew or assumed that they were probably using radio waves to somehow access my PC, and I was right.

This has been a nightmare. For six months, I was only able to get online about 30 minutes at a time before they would crash my PC. That meant that I could not read email, I could not access my online banking so I could balance my check book. I could not do anything! On top of that, I'm on Social Security Disability and I was going to school to finish getting the skills I need to be a web designer. I am self taught and understand HTML very well, but CSS and javascript, I'm not well versed in so I was attending school for that at the tax payers expense and he sends his hackers in to boot me off the Net which ultimately lead me to have to withdraw from college.

Before they knocked me off of the Net, I was able to purchase some online web design tutorials from Udemy.com. However, since Internet access was almost nil to none, I could not take these courses which I need so I can get off of SSD.

He did not care. I've read up on the profile of people like them. They are sociopaths. they have no conscious about what they do to others. Back in the day, he tried to get me killed by spreading a rumor that I was a paedophile. After the rumor got started, people I grew up with and knew very well began to treat me horribly. I was a nurse at the time, and I got fired from 3 jobs in less than a month.

Prior to him being in my life, I was a highly skilled and very employable nurse. I could find a job anywhere I wanted, but after he came into my life, he made sure that he was going to punish me severely.

His day will come and I'll see him in a court of law and I'll be there for his sentencing and watch him go to the Federal Penn.

But as far as remote radio access technology goes. It is here, and it will only get worse. It would be a nightmare had I had a small business designing websites. It would be impossible to design anything for anyone as long as they are w/in an 8 mile radius. He could have destroyed my business.

But I thank God, because this man is finally gonna wake up and lose everything he has because of being obsessed with me.

He thought that he was invincible. Because catching a proxy stalker is really hard b/c they use other people to make veiled threats to you.

So. If you ever notice that your PC has been hacked and you are disconnected from the Net and your system settings are changing in real time as you watch your screen. You have been a target of remote radio access hacking.

March 28, 2015 6:21 AM

Pictsidhe on Demonstration of a Liquid Explosive:

Bringing this thread back from the dead
Well, I was going to say what brain fart wouldn't, but he made the rather good point that if the BBC details got out, a few more substances would be highly regulated after a few half wits made some DIY bombs. But why mix onboard? A ready mixed liquid explosive would be Astrolite, it also happens to be one of the most powerful explosives. The hydrazine is a little tricky to get/make, but doable. But why bother? Both Astrolite and what the BBC used need a detonator, why not just bring a solid secondary explosive aboard? there's no advantage to a liquid other than stealth for first use. Now liquids seem the ONLY thing they look for. This seems to be despite the fact that the terrorists hadn't even made a viable device and there seems no suggestion that they knew how.

If someone plots to shoot down airliners with the star wars laser they're going to launch into space but don't actually know how to make; could we expect all airliners to be clad in tin foil to counter that 'threat'? or is that fanciful enough for people to just calls them 'nuts' instead of 'terrorists'? I hope so, or I'm looking at a LONG stretch for suggesting it!

I fly to the USA about once a year. If leaving from the UK, I know it's fine to have a pen knife in my pocket, it seems that British security employs common sense. That doesn't apply in the US. When coming back from the US, I have now travelled 3 times with two 5lb bags of cornmeal in my carry on, and plenty of electronic devices.

Since I haven't tried bringing any liquids (they always ask) I've not had anything more than the obligatory nude scanner (except the time a bunch of us were moved into the empty priority lane, no scanner there), metal detector and footwear check. I pack the cornmeal on top, so it's easy for them to check, but nobody does. I even bring tape, thinking they may want to open one.

Yes, 10 POUNDS of a bulk substance sails through unchecked while my footwear gets inspected in case I've stuffed a few ounces of something in the soles.

Think about that.

Transport 'Security' Administration, my backside.

March 28, 2015 4:57 AM

uair01 on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

On another blog this comment was made (see below). Makes you wonder how to assess that kind of rare risks. I'll be thankful for any pointers to serious literature concerning countermeasures for rare events. What is the real threat and what is a movie plot threat? How can you distinguish the two?

Concerning the German plane disaster:

"Of course, in response to this, all members of the flight crew will be allowed on the deck when the pilot non-flying goes to the can. So any steward can slit the other’s throat and fly into terrain. Lubnitz was an attendant before he got the pilot gig. Expect deaths to increase proportionally. Just as this was caused by the stupid reinforced door idea, each solution should lay the groundwork for the next incident."

Source:
http://marginalrevolution.com/marginalrevolution/2015/03/sentences-to-ponder-88.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+marginalrevolution%2Ffeed+%28Marginal+Revolution%29

March 28, 2015 4:07 AM

Curious on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

The following are a few observations on recent news articles, with regard to the alleged activity of IMSI-catcher equipement in Oslo norway, late in 2014. Presumably alot of details has been omitted/overlooked here by me, as I have not watched the conference myself:

I guess it falls on me to mention, that the 'police security services' (known as 'PST', and roughly translated by me to English) in norway had a press conference just recently, as a reaction to the IMSI catcher article(s) in 'Aftenposten' newspaper late in 2014, which had pointed out that it was believed to exist fake comms towers in the capital city 'Oslo'.

So PST is now said to have made investigations into *something* (my expletive) that has to do with the claim of there existing fake comms towers in Oslo, and apparently hold the basic opinion that there is no reason to say there were any.

An online article by the national broadcasting corp. (NRK) ended their article about this conference, with a paragraph basicly stating that the PST had a "goal" of making an investigation into whether there was any foreign powers involved in any espionage and similar activities. In the same article by NRK, the PST head/official Benedicte Bjørnland at the conference has been quoted on acknowledging, that PST had indeed been using IMCI-catcher equipment 30 times over the last three years in the city of 'Oslo' area.

In an article by Aftenposten, I am reading that PST is said to have acklowledge that they never tested the equipment that had been used for the investigations by Aftenposten. The PST 'communications director' (my translation) Trond Hugubakken appear to have made a comment that they would of course make 'affirmative action' (my translation) in a possible search for fake comms towers if there were to be indications for that, but also claimed that it is "very difficult" to discover the use of IMSI-catcher equipment. I am also reading in that same article that a couple of people working for Aftenposten claimed that a spokesperson for PST uttered a nonspecific warning/threat, something that PST later said they weren't aware of this having happened.

From the reporting about the PST conference, it seems PST is claiming that the newspaper's investigations into IMSI-catcher activity was basicly, either poor, or something that had other explanations.

In brief, the newspaper Aftenposten seem unfazed by PST attitude and opinions, and take offense to this, claiming that PST having an outdated understanding of technology, and they will continue to report on this, dubbed 'mobile phone surveillance'.

Being a layman, I am guessing that, if there is or were fake comms towers in Oslo, PST wouldn't be allowed to, nor would want to acknowledge the existence of such anyway.

I am now sort of reminded of a previous tax scandal, involving former local police personell, working for the US embassy in Oslo in conducting surveillance on locals. So, if "friendly" foreign powers are involved in IMSI-catcher activities in Oslo on their own or assisted by locals, I believe it is the tradition for the government agencies to slap a "secret" stamp on all such information, with the traditional and "convenient" rational, of treating international relations with the "courtesy" of discretion.

Articles in norwegian:
http://www.nrk.no/norge/pst-sjefen_-ikke-tegn-til-falske-basestasjoner-i-aftenpostens-funn-1.12267764
http://www.aftenposten.no/nyheter/PST-Aftenpostens-funn-har-naturlige-forklaringer-7960553.html
http://www.aftenposten.no/nyheter/Aftenposten-vil-fortsette-a-skrive-om-mobilovervakning-7961064.html

I want here at the end, to take the opportunity to point out that newspapers in norway sometimes mess up quotations and make up stuff from time to time in my experience, so never simply trust any quotation from any newspaper in norway to be correct, or so is my advice, because a quotation might be a mere paraphrase, as what appeared to have been the case with the reporting of Ban Ki-Moon's speech about Syria some time ago. Instead of having translated a particular word in English into the simple eqivalent word in norwegian, they added a whole phrase that alluded to things and the reporter later claimed on email to me that doing so was ok, never ever having acknolwedged that they ended up with a paraphrase, and not a quotation.

March 28, 2015 3:43 AM

TheGuildsman on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@AudioJack

Thank you for your thoughtful, and lengthy, response. It's very kind of you to take the time.

If you don't mind I have some more questions before I head out and buy or rent some equipment.

The recorder is a Sony IC recorder. ICD-UX533 about 80 $us. I was told it was good quality for voice and music. What do you think?

I forgot to mention that there always seems to be some ambient noise from the hvac vents in the house. Not loud enough to disturb normal conversation but it always shows up on the recordings.

I gave up on the laptop because it seemed to be doing a lot of filtering before delivering the sound to audacity so when I played around with noise reduction trying to eliminate the hvac rushing air noise I ended up with a lot of distortion.

Can some sounds, like the air from the vents, or perhaps other sounds that they might broadcast, mask other sounds or is it fair to say if I can hear it with my ears I can record it?

Surprisingly the surveillance camera, which is a DLink, has quite the ability to pick up sounds of all sorts and I assume a wide range of frequencies. When it's sitting in the 2nd floor window it picks up people talking across the street, car doors and trunks closing, jet aircraft flying over, car and truck exhaust notes and the tires running over ice, even street noise from the next block, etc. When I stream the audio into Reaper through the Voxengo SPAN spectrum analysis VST plugin it shows me a range of frequencies from about 20Hz to over 10KHz. That's just using "what you hear" as the sound source since it's coming from the web browser interface to the camera.

So the question is, if I can see that range of frequencies should I be able to hear the mystery sounds as well? And I was thinking about attaching a decent microphone with a long cord that I can move around the house. Would a good mic help with a not so good recorder?

Thanks again. I really appreciate your time and input.

March 28, 2015 2:56 AM

Wesley Parish on New Zealand's XKEYSCORE Use:

There's two schools of thought in New Zealand on this sort of espionage:
AIRPORT CARTEL BOMB BORDER TSA GREAT SANTA ANTHRAX SNOW GLOBE there's the outraged people, and then there's the people who say, ISIS OBAMA DIE AK47 RUSSIA PUTIN CHINA SONYHACK "they're just doing their job" until they realize they're also the targets and their intimate details may now be a world-wide standing joke ... FULLY AUTOMATIC NUCLEAR POWERED SELF PROPELLED NOSEPICKERS TO KEEP POLITICIANS NOSES CLEAN I see it as a conflict of interest.

There was also the stir about the revelation that the GCSB was spying on our Pacific neighbours, which IMHO AIRPORT CARTEL BOMB BORDER TSA GREAT SANTA ANTHRAX SNOW GLOBE overstepped courtesy for starters, and most likely is going to be trotted out every now and then, quietly, ISIS OBAMA DIE AK47 RUSSIA PUTIN CHINA SONYHACK by our Pacific neighbours as a very good reason to ignore anything Wellington, Canberra or Washington says, on the grounds that they already know everything so don't need an okay from poor little Pasifika ... FULLY AUTOMATIC NUCLEAR POWERED SELF PROPELLED NOSEPICKERS TO KEEP POLITICIANS NOSES CLEAN a subtle way of delegitimising certain policies and attitudes.

March 28, 2015 2:14 AM

P/K on New Zealand's XKEYSCORE Use:

@ Figureitout:
If you are so well aware of the risks of data buffers, why not try to inject something into the XKeyscore buffer?

I never said that Snowden always lies and that everything is a fraud, only that many things are exaggerated and/or misleading, so yes, Snowden isn't the most reliable source, but still it can be worthwhile to ask him. Filtering by keywords is something that many people fear, so it would be good to hear what kind of keywords exactly are used, so people could use that knowledge to overload their filters and buffers.

March 28, 2015 2:06 AM

Bong-smoking Primitive Monkey-Brained Sockpuppet on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

Top 10 reasons @RobertT is MIA... No particular order...

  1. The little birdies got fed up whispering in his ears. Turns out they're not so little after all.
  2. He made the right choice, but only too little, too late
  3. He could beat the underwater breath-holding champion. During the hundredth water boarding session, he said: Your enhanced interrogation techniques suck! Pour more water bitch. I'll outlast your weak ass any day of the year... They gave up on him, so...
  4. They sent him on a hunting trip with Mr. Cheney
  5. His smart throne got cracked and leaked water. An NSA proctologist was able to siphon a few drops of water and extract his password from the water drops. They disabled his throne's password shortly after...
  6. They tracked his real identity despite his superb OPSEC process through one of his burner phones with some unadvertised specifications
  7. He got bored and went to the movies. Unfortunately, he misread the title and ended up in the wrong movie...
  8. He almost won a chess game against a TLA, but he forgot they don't play by the rules
  9. He reasoned: If my score is not zero, I might as well join the other side; the George Bin Bush team.
  10. He heard about an advanced OTP class. Sadly it stood for One Time Pupil... He sat too close to the teacher

March 28, 2015 1:47 AM

tyr on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:


@ Buck

I always viewed the Net as an interesting rabbit hole,
some of it a lot better than the rest.

@TheGuildsman

Audio equipment usually has a bandwidth limitation on
what frequencies it will detect and reproduce.If you
have access to an analog scope you might be able to see
what makes the noise. A youthful pair of ears has a
lot better frequency response than most consumer
grade microphones.

You might try pulling a paper tape under a mounted pen
to see what it shows, that will detect low frequencies
that a mike can't get. Basically build your own seismo
device.

March 28, 2015 1:40 AM

AudioJack on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@TheGuildsman

So I assume it's some kind of a technical audio equipment issue or something like that. And unfortunately I don't know much about audio. I've tried using a laptop and a Sony voice recorder as well as my surveillance camera audio. I have played with the recording in Audacity, trying all kinds of filters, to no avail.

Audio technician here.

If your ears can hear it, but your audio equipment can't, then it's a technical problem with your equipment, nothing magical. But you can't just fix the equipment - it might be that your current equipment isn't designed to pick up very high or low-frequency sounds, or is just generally low-quality. You probably need new, better equipment.

Human hearing is typically in the range of 20 Hz (deep, low sounds) to 20,000 Hz (very high-pitch). Some cheap audio equipment, though, can only capture in the 300 Hz - 15,000 Hz range, for example, and these devices will never "hear" certain low or high pitch sounds. Maybe the low-pitch sounds you're describing are too low for your equipment to pick up. For example, the low sound you hear might be around 100Hz, but your recording equipment cant pick up anything lower than 300Hz. This is called frequency response, and is one of many audio issues you could be dealing with.

Your laptop mic, and surveillance camera mics are pretty much guaranteed to be absolute garbage quality. Your Sony voice recorder could be good or bad, I don't know, Sony makes all kinds of gear (but if it hasn't picked up these sounds you're hearing, then it probably isn't great). Studio audio gear can capture a larger chunk of the human-audible spectrum and generally produces vastly better recordings in many ways. The sound quality difference between consumer recording gear and studio gear is enormous.

You can search for microphones and find lots of good ones, I won't go describing everything to look for. There's also the issue of cost, and I don't know how much you're willing to spend on this, if anything. That said, if you were to get something like a Zoom H1 ($100), H2n ($160), or H4n ($200), set it to record at 24-bit, 48,000 Hz, in WAV format, you'd likely have no trouble recording your evidence.

As far as figuring out where the sounds are coming from, you could try shutting off power to your house from the circuit breaker to see whether it's coming from inside your house. Shut off the switches one-by-one to narrow it down to a specific circuit/area. If the sounds continue, this leaves only battery-powered devices (which will run out eventually) and sounds external to your house.

March 27, 2015 10:57 PM

TheGuildsman on Friday Squid Blogging: Using Squid Proteins for Commercial Camouflage Products:

@Thoth

"That sounds like some paranormal investigation with attempts to record sounds that cannot be usually recorded ?"

Yes. I know that's what it sounds like. Or some conspiracy theory kook with noises in his head and black helicopters aiming laser weapons through his window, etc.

But it's not. It's a very normal revenge harassment problem. I know who is behind it and why and I am trying to collect enough evidence to convince LE to take me seriously.

So I assume it's some kind of a technical audio equipment issue or something like that. And unfortunately I don't know much about audio. I've tried using a laptop and a Sony voice recorder as well as my surveillance camera audio. I have played with the recording in Audacity, trying all kinds of filters, to no avail.

What is being done to cause very loud sounds, some of which can shake the floor, to dissolve into garbled nothing on a recording?

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.