Recent Comments


Note: new comments may take a few minutes to appear on this page.

May 27, 2016 1:09 AM

Inside Threat Model on Suckfly:

@Wael
The signing of suckfly stood out as a prominent point for me.
I spend a great deal of time talking to customers and prospective customers about the proliferation of software installs with dodgy or non-existent signatures - most don't get it.

May 26, 2016 9:26 PM

Anon10 on Friday Squid Blogging: Squid Kite:

@dirk

But I do understand why many Americans interpret that as treason.

Giving Snowden asylum came at a huge diplomatic cost to Russia, and remember this was before Ukraine. The Russian government would never have agreed to give Snowden asylum unless they got something very valuable in return, likely a trove of classified documents never made public and probably never given to any journalist.

May 26, 2016 8:15 PM

65535 on Google Moving Forward on Automatic Logins:

We have to find an alternative to Google.

Any suggestions, including GMail and all other google services [say removing googles root certificate]?

May 26, 2016 8:14 PM

Wael on Friday Squid Blogging: Squid Kite:

@Clive Robinson, @Nick P,

Didn't have a chance to read it yet...

I'll give the paper a fuller read tomorrow on my way upto the hospital for the "frying alive nurological checks, 30mA DC being applied to you {expletive} hurts...

Well, don't know what to say. Do this to the doctor... hurt him back :)

so it will give me something to take my mind off of it all

I doubt that'll take your mind off it.; it'll remind you of it.

May 26, 2016 7:57 PM

Wael on Suckfly:

@Nate,

Maybe I'm wrong, but I have the gut feeling that the percentage of developers today happily signing code on, eg, an actual computer...

You're wrong... about being wrong! I've seen it with my eyes.

May 26, 2016 7:56 PM

65535 on Suckfly:

The lesson learned:

If you start a cyber know your foe may be equally as strong as you are.

The Chinese have basic control of Taiwan where most of hardware in made. It not a big jump for them to implant root kit viruses in the CPU chips or video chips that will be very difficult to detect. The Chinese are clever, ruthless, well manned, and spread across Asia.

This doesn't even touch upon the NSA/FBI's and the Chinese Zero day stock.The cyber war will end badly.

May 26, 2016 7:31 PM

Clive Robinson on Should You Be Allowed to Prevent Drones from Flying Over Your Property?:

@ Scott,

Isn't that an argument that the drone operator is endangering others?

It was not ment to be so. I was arguing from the perspective that the land owner had caused the drone to malfunction by trying to disable it with a weapon.

However if the drone malfunctioned instead then yes your argument is valid.

The reason I'm being cautious is that an injured "third party" --say the neighbour of the shooter-- would probably "adjoin" the other party in the action irrespective of which party the case was primarily brought against. But "jointly and severabley liable" civil claims (torts) are notoriously different from jurisdiction to jurisdiction.

May 26, 2016 6:55 PM

Clive Robinson on Friday Squid Blogging: Squid Kite:

@ Nick P,

I've had a fast flick through the paper, then went back over their three claims.

Appart from the last (we've built it) I don't see anything that RobertT and myself have talked about ad nauseam in the past.

Look back for RobertT talking about buried via's and close running traces to use capacitive coupling. That covers the papers pick ups.

I've talked about the problems with "test harnesses" acting as security bypass mechanisms. As RobertT noted on a chip these are generaly not put in by the foundry customer (SoC designers) but the mask producers of the foundry themselves as it can be very technology dependent.

I've also talked about the use of "matched filters" which are effectively what the papers authors are doing with the input to their leaky integrator (the correct name for their voltage charging discharging capacitor).

As for the dead space on SoC devices, I've mentioned before that there is the "heat death" issue, which is one of a number of reasons for having dead space on the chip.

I'll give the paper a fuller read tomorrow on my way upto the hospital for the "frying alive nurological checks, 30mA DC being applied to you f3cking hurts as does the slow heat "soldering iron" like probe, so it will give me something to take my mind off of it all).

May 26, 2016 6:41 PM

JackC on Friday Squid Blogging: Squid Kite:

@65535,

I recently ran Steve Gibson's program on a half-dozen Win 7 and Win 8.1 machines. It's a bit too soon to tell, but so far so good. Reading his description of the program, it sounds like a fine approach. Source code is always preferred, but I think Gibson is one of the Good Guys so I trust him. Certainly more than I trust that bunch from Redmond.

May 26, 2016 6:18 PM

bp on BIOS Hacking:

what we really need is someone to write a code using this vulnarability that displays a message on load "Your computer is compromised. You cannot wipe and reload the operating system to rid of this virus. It is easy to spread this virus and very hard to remove it."

if enough systems were infected, AND it told users how they were being hit, people would be forced to acknowledge and fix this glaring security flaw.

problem is... the morality of such a suggestion means i would not try it.

May 26, 2016 6:09 PM

Bumble Bee on Google Moving Forward on Automatic Logins:

@albert

W. Edwards Deming said, you can't blame the -workers- for poor quality; it's always a -management- problem. They have control, therefore they have responsibility.

Yes, I think that's about right. Management is perfectly capable of blaming workers for poor quality, handling P.R. for them, and so on and so forth... Someone very intelligent who works for the sewer district once told me, "Shit flows downhill."

May 26, 2016 5:35 PM

A on Suckfly:

It seems like the Indian Govt. is trying to publicize their tech-saviness(probably forcing a term). The term Suckfly, when translated into Hindi(Indian language) is an exaggerated adjective for a miserly businessman. Some businessman from the Indian PM's home state consider it a badge of honor in casual talk. In other words, a novel thought.

May 26, 2016 5:24 PM

Nate on Suckfly:

@Wael: "Disgruntled employee selling a signing cert? An HSM should be used to avoid cert leakages. No one should have access to the singing cert. You send the binary to the HSM, and it signs it for you."

That's a very interesting usage scenario and I wonder exactly what percentage of software developers signing code 1) even have an HSM and 2) have it set up to sign in such a manner.

Maybe I'm wrong, but I have the gut feeling that the percentage of developers today happily signing code on, eg, an actual computer - you know, the same one that runs their IDE, their source code management system, their filesystem, their databases - is probably close to 90%.

And of those, the percentage who run that IDE and source-control system on some kind of 'cloud' platform giving the owner of the Cloud read access to their signing certificates?

I'm guessing maybe 70-80%? And the cloud companies would want it to be 100%?

I hope I'm wrong. But outside of banks and credit card companies... who even knows what an HSM is?

I am sure that mass certificate and private key leakage * from Cloud Computing is absolutely going to bite us all in the near future. But by the time we ask 'hey, why again did we give Jeff Bezos root access to every computer on the planet?' it will be a little late.


* And by 'leakage' I don't mean 'random hackers will get your passwords', I mean 'a tiny elite core of the military-Internet complex will hold all your passwords, and you will never know who they are or what they can read, and it will probably be legally defined as an act of terrorism to ask.'

Frankly that scares me a lot more than 'hackers randomly get stuff' but most people will consider it 'best-practices security'.

May 26, 2016 4:10 PM

Wael on Suckfly:

@woody weaver,

perhaps I'm missing something...

Apparently the owner of the cert wasn't aware of its misuse. They can revoke the cert after they find out.

May 26, 2016 4:09 PM

r on Suckfly:

I'm not sure as you said disclosure laws apply to them, partially because of any NDA/confidentiality agreement in their services/contact and additionally because of the international and criminal implications. The other countries as we know about the various data protection and privacy rules abroad may have stronger or weaker requirements. Symantec shouldn't be obligated to oust these companies it would hurt Symantec's business but the companies involved probably should be held to disclosure.

Requiring immediate disclosure would most certainly tighten things up as shareholders and ceos wouldn't like to watch their stocks dump... (Because they would)

An impromptu disclosure by anyone other than the affected company itself can introduce liability, ESP when the hackers do it: I'm sure you could take advantage of trades the way they were reading acquisition and merger emails.

So, in sum; it's a complex issue and I'm sure if you've got Obama care like i do you can expect another OPM letter.

May 26, 2016 3:58 PM

woody weaver on Suckfly:

perhaps I'm missing something, but can't the impacted developers just revoke their cert? Or is this an issue that the routines that check signed code don't properly implement certificate validation?

May 26, 2016 2:54 PM

Wael on Suckfly:

Suckfly! What an ugly name...

While we became initially curious because the hacktool was signed, we became more suspicious when we realized a mobile software developer had signed it, since this is not the type of software typically associated with a mobile application.

Well, the OS should not trust signed code for everything! Mobile productivity Code signed by a gaming company shouldn't be trusted. A cert should be valid for a specific category of applications for specific platforms. Signed code for mobile devices. "shouldn't" be valid on a desktop. There'll be some hurdles, but that's the cost!

either misused it or it had been stolen from them...

How about bribed out of them. Disgruntled employee selling a signing cert? An HSM should be used to avoid cert leakages. No one should have access to the singing cert. You send the binary to the HSM, and it signs it for you. If the HSM doesn't allow the cert to be extracted out to legitimate users, then malware wouldn't have the ability to "steal" the certificate. (Ex)Employees won't have access to a cert to sell it either.

In addition to the traffic originating from Chengdu, we identified a selection of hacktools and malware signed using nine stolen certificates.

How about weak certificates and untrusted third parties? Who issued these certificates, was it a common CA?

the most likely scenario was that the companies were breached with malware that had the ability to search for and extract certificates from within the organization.

This assumes a dreadful security posture of the "victim" companies.

When a certificate is revoked, the computer displays a window explaining that the certificate cannot be verified and should not be trusted before asking the user if they want to continue with the installation.

Yea, users read everything before they click "Ok, give it to me".

Explorer, which can allow the attacker to execute code with the same privileges as the currently logged-in user.

That's why one needs to browse from a virtual machine that gets torn down after the session concludes. Still login with an unprivileged account on both the host OS and the virtual machine.

From a cert perspective, certificates should only be valid for a class or narrow category of applications. Not a fool proof method, but better than nothing. I have a feeling I said something stooopid there, but not sure what. Will wait for the flame storm :)

May 26, 2016 2:14 PM

WhiskersInMenlo on Companies Not Saving Your Data:

The same conclusion is surfacing with simple credit card data.
Someone did the math and N * Liability = OMG and management
got worried.

Some tried migrating data to physical media that can cross an air gap roach motel style.
Data checks in but only summary reports get out.

The issue that convinces managers is $$ and combine that with the legal and technical expense of servicing court orders domestic and international for free knowing that the answer is "no" for a large class of data and a whole department of non-productive staff goes away.


May 26, 2016 2:10 PM

JonKnowsNothing on Companies Not Saving Your Data:

@Daniel

We no longer go to the library and look at up something in the card catalog and find a book using the Dewey decimal system: we Google it.

There is a reason why you cannot go to the library and look up books/magazines/periodicals and research information in the card catalog and that is: all card catalogs were deliberately destroyed.

Libraries not only physically destroyed these listings they prevented wiser patrons from rescuing any part of them: from the physical cabinets to the 3x4 inserted cards.

Not all librarians agreed to this destruction and if they objected many were fired or had their positions reassigned to someone more "compliant".

Additionally, the information when converted was deliberately truncated and entire chunks were omitted.

It wasn't accidental. It wasn't incompetence. It was deliberate.

One can safely point out that in hindsight, it was extremely fortuitous that Google just happened to come along at the same time as the destruction of this public knowledge base. Destruction planned and paid for by the US Government.

Google is now winning court cases about the cataloging of "all" books at major libraries. The same issues exist today as they did yesterday and years before:

Can you trust Don't Be Evil to main the knowledge of the world? Do you trust Be Evil to return the correct search results without censorship of any kind?

Be Evil has outed itself quite nicely.

May 26, 2016 1:40 PM

r on Identifying People from Their Metadata:

@darren,

Currently reading through your list, you recommend cccleaner but not the open source and cross platform BleachBit?

Maybe it needs a more colorful interface and a one-click button granted... But it's a powerhouse.

I like glary utilities too as shareware (not endorsing it).

It's one of the programs available to Windows users through ninite.com

May 26, 2016 12:19 PM

Jesse Thompson on Companies Not Saving Your Data:

Selling Data Erasure as a product, you say?

Why start from scratch, just hire the pioneers of that approach to do all of the heavy lifting for you. Ashley Madison!

May 26, 2016 12:15 PM

Scott Romanowski on Should You Be Allowed to Prevent Drones from Flying Over Your Property?:

@Clive wrote
"But also consider, what happens to the drone, as I indicated above some way upwards of 50Kg (~110lb) and can move at over 60Knts (~70Mph) which if it's also getting gravity acceleration as well is going to hurt a lot if not rip a limb or head off, or smash the place up a lot"

Isn't that an argument that the drone operator is endangering others? How is any different than a person using a crane to suspend a 50kg weight over me or my house? Make that a crane that drops its load if it loses power.

Come to think of it, that might be a good common-sense analogy supporting the "drones need the property owners' permission" side. Imagine your neighbor gets a crane, suspends a 50kg camera from the end, and starts moving it around your property. It's only in your "airspace", not on your land, so it's the same as a drone. No one would let their neighbor do that. In the crane case you know who's responsible. If it damages something or starts peeking in a window, you know who to sue and the police know who to arrest. With a drone, you have no idea who's doing it.

I also think you're also going to have a lot of people sending up their drone to watch the interloper drone. It might be the only way to follow it back to its owner.

--- Scott

May 26, 2016 11:45 AM

Nick P on Friday Squid Blogging: Squid Kite:

"Sorry Nick, but the whole point of the paper was that they were able to manipulate just the kind of 'vetted' structures you described in very subtle ways by simply adding leakage capacitances in the interconnects"

No, the point of the paper was manipulating unvetted structures produced by *digital HDL* at two specific points in manufacturing: RTL-handing firm and fab. The paper, in Threat Model section, admits it's *really* difficult to apply any attack to fab level due to "limited information and ability to modify the design." So, paper focused on RTL firm ("back-end phase") as the threat model. Which is covered in my methodology as you don't have to trust the RTL firm. :P Fab-level part is an open problem for *all* chips.

"because the FAB that makes the chips can still easily backdoor the design in hundreds of virtually undetectable ways. "

The paper itself contradicts that as I show above. It gets more difficult the further one goes down due to all the effects the backdoor has to counter in a design they don't know shit about. There's over 2,500 design-rule checks in play with crazy sophistication at 28nm. It's why a hardware genius here used to say the best route was probably using most cutting-edge tech as it barely works in the first place. :)

"This is why I proposed the approach of a design using vetted open-source CPU-CORE firmware with a GENERIC high-performance FPGA. "

Ok, lets start with FPGA. I've already pushed creating a continuously-vetted FPGA at 28nm with common logic just to allow obfuscation strategy and HW experimentation. So, the system becomes a moving target they have no knowledge of. They can't hit what they can't see. Win, right?

You could say the same thing of a desktop, commercial router, any number of things that get compromised regularly. They just focus on the common, privileged components. So, they'd just backdoor how you got the bitstream in, the I/O, the SRAM, the trusted loader, final stage of synthesis tools... many attacks on FPGA's to the point that DARPA & NSF still fund defenses. So, you've just shifted the problem. Matter of fact, your design falls to your own risk: they know exactly how your FPGA works and can tune attacks for it. It's almost always going to rely on storage or host computer they can hit, as well, given FPGA vendors only support stuff they have 0-days for.

That's not the only problem. You specified a vetted, open-source CPU core. That's exactly what they attacked in the paper! You're talking about how FPGA's let you hide what you're doing but using variations on the same exact thing. Kind of defeats the point to a degree. You're better off with a model like No Instruction Set Computing or Tensilica that auto-generates CPU's for you're application. Then randomizes RTL for them.

So, your recommendation has a lot of the same problems as trusting an ASIC. Then some. Any issues that apply to one apply to the other. Except that the ASIC is fixed. That reduces what they can do to one on a day to day basic. If you want obfuscation & ASIC benefit, then best bet is vetting an anti-fuse FPGA that can be loaded through an interface not requiring a Windows or Linux PC. You can keep burning new designs into them for obfuscation without host or memory attacks.

May 26, 2016 11:32 AM

r on Should You Be Allowed to Prevent Drones from Flying Over Your Property?:

@jayson,

Before you shoot a drone, which I avoided endorsing per Clive's reasoning one needs to know who's it is. I would hate to remove an innocuous private drone responsibly operated by a licensed company or owner from any airspace when it could be investigating a crime or surveying drains/drainage/land.

I reiterate that considering the size and capabilities of these things mere lights and markings are not enough: they need transponders and logs.

May 26, 2016 11:26 AM

jayson on Should You Be Allowed to Prevent Drones from Flying Over Your Property?:

@Clive

Firstly, discharging a weapon into the air is a seriously punishable offence in many jurisdictions. Secondly sugesting others do so is in many jurisdictions incitement to commit a felony, or even conspiracy. In the US the psycho cops are likely to shoot and blaim you for them having to kill you. If you do survive...

I don't disagree, but would note that of the options one has to take down a drone a firearm discharge would likely be a misdemeanor and use of a jammer would be a felony. Possibly a butterfly net? Other than that, I don't think a harsh look has been criminalized yet.

May 26, 2016 11:06 AM

albert on Google Moving Forward on Automatic Logins:

@Dirk, et al,

It's quite legal to photograph people in a public setting. However, you must have their permission to {publish} photos or videos, when the subjects are {identifiable}. The the terms in braces have been redefined by technology that didn't exist in the period during which the Constitution was written. (Sound recording and photography were not known to the general public then).

What would the Founding Fathers have thought about x-ray and thermal scans? Wouldn't they consider them unreasonable, akin to strip searches? (which weren't legal then, but apparently OK now).

The problem is not that our laws haven't caught up with our technology. The problem is our technology has bypassed our laws.

............
@Clive, Creepy,

W. Edwards Deming said, you can't blame the -workers- for poor quality; it's always a -management- problem. They have control, therefore they have responsibility.

We're devolving because our government/educational system has abandoned any concepts of rational morality and the common good, and replaced them with all-consuming greed for money and power.

That's why we're devolving.

. .. . .. --- ....

May 26, 2016 11:04 AM

Daniel on Companies Not Saving Your Data:

@Larry...

It's not Google the company per se that I think should be nationalized but Google the search engine. Information retrieval and knowledge dissemination are quintessential public goods. Up until Google and the internet came along the overwhelming majority of knowledge was disseminated via the public education system whether that be k-12 or university. In 1980 if a person wanted to know something they went to the /public/ library and looked it up.

With Google, a significant portion of this search (knowledge dissemination) function has been privatized. We no longer go to the library and look at up something in the card catalog and find a book using the Dewey decimal system: we Google it. That can't be right. Knowledge is power and if knowledge is not dispersed among the people--but remains in the control of a corporation--that cannot be healthy for a country that at least formally views itself as a democratic republic. Search is a public good that should be provided by a public entity.

I recognize that some people when they look at their governments today and compare them to corporations see the corporations as the lesser of two evils. However, as appealing as such a position might be it is not a socially sustainable answer. Because it leads to either in the breakdown of the social order itself (anarchy) or the corporations take over the place of government (fascism).

So my first comment in this thread shouldn't be seen as a plea for big government. It is plea that when it makes sense we should not be afraid of assigning tasks to the government when it is in the best interest of the whole that government take on that task.

May 26, 2016 10:53 AM

r on Suckfly:

@bumble bee,

You don't live in the hood do you?

To wit: one can certainly but the components to make liquor with food stamps, then you can sell your wine to wine-o's for more stamps to make larger and larger quantities of hooch... grain... wine...

Clive says beer is a little more costly, those are the low hanging fruit.

Oh! Hand sanitizer.

May 26, 2016 10:40 AM

Clive Robinson on Should You Be Allowed to Prevent Drones from Flying Over Your Property?:

@ ALL,

Can people stop making comments about the use of projectile weapons to bring drones down.

FOr more than a couple of reasons,

Firstly, discharging a weapon into the air is a seriously punishable offence in many jurisdictions. Secondly sugesting others do so is in many jurisdictions incitement to commit a felony, or even conspiracy. In the US the psycho cops are likely to shoot and blaim you for them having to kill you. If you do survive, you could be looking at a plee bargin of life or longer depending on what the prosecutor wants to put on their CV, and unless you are rich enough to buy the state, you will probably not be able to get a lawyer that will tell you to do anything other than take the plee on offer.

But you also have to consider "what goes up usually comes down". Now whilst you might think a bit of bird shot won't do any harm, people have had eye injuries / blinded by a single BB shot, or falling bird shot hitting them. In some places people get very litigious over harm to their children etc. But also consider, what happens to the drone, as I indicated above some way upwards of 50Kg (~110lb) and can move at over 60Knts (~70Mph) which if it's also getting gravity acceleration as well is going to hurt a lot if not rip a limb or head off, or smash the place up a lot, I'll let others do the 0.5MV^2 calculations.

May 26, 2016 10:20 AM

r on Friday Squid Blogging: Squid Kite:

Maybe part of the problem with tinyness of such attacks as what Nick presented is in the connotation of using 'backdoor' ?

With such a small powerful subversion like that would trapdoor be better?

May 26, 2016 10:18 AM

JonKnowsNothing on Companies Not Saving Your Data:

Companies that claim they are NOT saving data is highly inaccurate, especially when implying they are more aligned with user data protections.

Everything passed along the Internet pipeline CAN and IS saved regardless of whether a company choses to does so. USA law enforcement pen registers can be installed by court order at any point along the internet pathway. Short time delays between messages and deletions are added on demand by US Law Enforcement and Security Services to allow full mirroring of all traffic.

Even should a company be successful at avoiding the Pen Traps, everything upstream and down stream is likely to have them already installed.

Encrypted systems are not immune either and fall under the Infinite Storage protocols until their encryption is broken by future super/quantum computers.

Although a company may claim not to data mine and resell the information, law enforcement and security services world wide do. Sometimes this is in the guise of warrants (legal or not) and sometimes they simply sell the data to other governments (tit-for-tat).

Just because a company claims it does not take your data, doesn't mean it isn't happening.

It's a 100% take on everything.


https://en.wikipedia.org/wiki/Tit_for_tat

May 26, 2016 10:02 AM

blake on Suckfly:

> nation-state espionage tool

> We have to make decisions on the Internet all the time about who to trust

Once you're talking nation-state level conflicts and trust, if it really comes down to it, any government that doesn't recognize you as a citizen is going to have other principal interests, namely their own citizens.

> The more information we have, the better we can make those decisions.

This comes no less than a day after a post about how having all the data isn't all it's talked up to be. If you find that company X has been hit by targeted malware, are you going to ditch them in favor of competitor Y for which you haven't heard of any malware being detected?

From a Register article:

> Symantec only uncovered the attacks two years after most of them had taken place and only then after it knew what to look for.

Horse, barn door, etc.

May 26, 2016 9:55 AM

Bumble Bee on Suckfly:

Hmm. "Suckfly." Sounds like the Blandford fly from Great Britain. They have doctors to apply leeches if you aren't feeling well after being bitten by all these flies.

Ugh, yuck. Let's just invade North Korea instead, execute all Kim Jong-Un's barbers, rob (I mean appropriate) all his money and bank accounts, dismantle all his nuke toys, and put all his people on food stamps. They'll get jobs as soon as they figure out they can't buy liquor with food stamps.

May 26, 2016 9:43 AM

blake on Companies Not Saving Your Data:

@Gweihir

"I called you about this issue last week! What do you mean you have no record of that?"

Inventory, service & ticket management are really important systems. They're not sexy, they've been around for decades, and they're easy to overlook, but they're really important.

In the stated context of "the data-hungry tech industry" then yeah, you're right, no-one should give a damn about how long it took you to close an interstitial ad, but "anything besides addresses of actual customers for billing purposes" is overly broad.

May 26, 2016 9:36 AM

Maren on Should You Be Allowed to Prevent Drones from Flying Over Your Property?:

When I saw a drone flying over my property on a few days last year (certainly well below 500'), I was kind of irked. They could at least have walked up to my door, asked permission, explained the reason, and ideally offered me photos of my roof garden while they were at it.

In a country concerned about jobs, eliminating delivery drivers (albeit while providing jobs for software engineers and gadget-builders who might well be located in sweatshops somewhere) seems silly, as well as wasteful of energy. And the liability issues for running into the odd power line or bird are not to be sneezed at. If a tree down can cause a power outage for hundreds of people for a week (as it did in our hilly neighborhood of Pittsburgh a year or two ago), who covers the costs of a power outage caused by an errant aerial vehicle?

May 26, 2016 8:57 AM

Scott on Suckfly:

Good luck on not doing business with US Healthcare Providers that don't have "an Indian Business Unit".


Ever hear of IBM? I heard they're some big IT outsourcing provider with extensive operations in India.

May 26, 2016 8:41 AM

Z on Suckfly:

As far as I know, there are no blanket legal obligation to disclose security incidents, so not sure why we should expect Symantec to do so. Also, it's not because a company has been the target of this specific malware than suddenly they are “less trustable”. Big companies face security incidents all the time.

May 26, 2016 8:24 AM

r on Friday Squid Blogging: Squid Kite:

@Nick P,

I was going to mention virtual CPUs yesterday on one of these threads with respect to profiling attacks on software, r/e work on heavily 'protected' software... I think it was about somebody only assembling projects and them not being "open source". Thanks for expanding my understanding of virtual cpu technology into the realm of hardware application?

May 26, 2016 8:09 AM

Pete on Companies Not Saving Your Data:

I've been living at my current address for 15 years. During this time both of my adult children [43 & 41] have had time living with us for good reasons. The last time was 10 years ago. I still receive direct USPS mail addressed to them. Based on this I think that Big DATA is highly disorganized and in the larger view isn't all that important to individuals.

May 26, 2016 7:52 AM

Sankar on Suckfly:

I am guessing the e-commerce company and its shipping partner are Flipkart and WS-Retail respectively.

May 26, 2016 7:39 AM

Grauhut on Suckfly:

@Bruce: Does it really work like that?

"But by leaving this information out, Symantec is harming us all. We have to make decisions on the Internet all the time about who to trust and who to rely on. The more information we have, the better we can make those decisions."

Right, but this ignores the belly of the iceberg. We would also need a list of all the potential victims Symantec knows, that were lucky enough not to become a target in this attack wave in order to make informed decisions.

Big .com's get big rabates in markets based on their buying volume, smaller companies don't have these rabates and need to save on service (and security) quality in order to compete with the big fish in the world market price aquarium.

"Everthing is automagically better than then those p0wned victims" would imho be a snake oil security decision.

May 26, 2016 7:30 AM

Fortune teller on Companies Not Saving Your Data:

The insurance and human resource industries will also likely buy data, old and new.

May 26, 2016 7:04 AM

Wm on Suckfly:

One thing for certain. I will be sure to not do any business with any companies in India or any U.S. healthcare provider that has an Indian business unit.

May 26, 2016 7:02 AM

fr0sty on Suckfly:

frist posty!

May 26, 2016 6:39 AM

George Green on I'm Writing a Book on Security:

Instead of the tired war metaphor, I'd prefer a metaphor based on the idea of a game or contest. When Google or Facebook or the government try to gather data on me, I'm not at war with them. They're not trying to kill me. And I don't want to kill them, because actually I like some of the services they provide. It's more like they are outwitting me in some kind of chess that I don't fully understand the rules of, and that in fact I probably didn't even realise I was playing. They've given me a few pawns while my major pieces have fallen under their control without me noticing. And their objective is not to defeat me, but to keep me playing.

"Click Here to Kill Everybody" is a spectacularly great title by the way. I'm sure it will sell a lot of copies.

May 26, 2016 5:45 AM

Dirk Praet on Friday Squid Blogging: Squid Kite:

@ Richard, @ Nick P.

To avoiding problems AFTER your design is public, you would simply make a lifetime buy of the critical FPGAs components BEFORE the design is made public.

Now this is the stuff why I keep coming back to this forum. Thanks for these very educational posts, guys.

May 26, 2016 5:44 AM

Gweihir on Companies Not Saving Your Data:

They may also have found out that the data they were collecting or could collect is not really that valuable. In fact, the only use I can think of that can generate significant revenue is targeting ads, and Google is already doing that for them. (And even that may not really work well.) Most other "Big Data" approaches to making more money seem to have failed, fizzled or backfired, despite the grand promises made by the respective vendors and to no surprise of people that have some actual experience with the technology.

My conclusion is that these businesses have finally realized that in most situations, anything besides addresses of actual customers for billing purposes is _only_ a liability, and no asset at all.

May 26, 2016 5:34 AM

Larry on Companies Not Saving Your Data:

Daniel,
Pardon me, but you seem to contradict yourself(maybe I'm missing something). Presuming you're in the US,the government is not a democracy.
First you say Google should be nationalized? As in run by government?
Then you say government should embrace its limitations (which I agree with 100%). That will never happen. Aren't the 2 ideas are contradictory?
I also agree we do have a gangster government & it will not get better.

May 26, 2016 1:05 AM

Richard on Friday Squid Blogging: Squid Kite:

@ Nick P
"Note 1: My framework I described here and on Hacker News would've prevented it as it uses only validated digital and analog cells vetted by mutually, distrusting parties. I mean, the attacker would have to be *really* clever."

Sorry Nick, but the whole point of the paper was that they were able to manipulate just the kind of 'vetted' structures you described in very subtle ways by simply adding leakage capacitances in the interconnects - which can be done by manipulating the mask layer process in virtually undetectable ways during the fabrication of the silicon.

What this DOES prove is that all the suckers who think that they can 'open-source' some magically 'vetted' design are basically WASTING THEIR TIME, because the FAB that makes the chips can still easily backdoor the design in hundreds of virtually undetectable ways.

The authors then go on to state that field detection of such a backdoor, even if you knew EXACTLY what you are looking for, is virtually impossible, because even a thorough scanning electron microscope examination of the actual silicon wouldn't be sufficient. You would need to do a complete de-layering of the chip while performing a super accurate layer by layer audit, and I am not sure that such a sophisticated layer-by-layer audit is even within the state of the art at this time.

... And even if you successfully layer-by-layer-by-layer verify a few chips up front - how can you make sure that the fab doesn't insert the required subtle process variation at a later date? Answer - YOU CAN'T. You are utterly and completely at the mercy of whoever fabricates your silicon.

Actually, trying to do a 'beat-it-to-death-validation' on the chip and then manufacture that silicon by the millions would be just about the WORST approach, because then the attacker would have a high incentive, and minimal effort, to subvert your fab process and insert just the kind of back door the authors of the above paper described.

This is why I proposed the approach of a design using vetted open-source CPU-CORE firmware with a GENERIC high-performance FPGA.

YES, this will involve a big fat cost-performance hit - no one said security is cheap...

But NO, it would NOT be subject to most of the kinds of silly-ass 'backdoors' that were mentioned in response to my post.

The thing that makes most attacks on GENERIC hardware impractical, is that that even if we assume that adversary has the exceptional resources to subvert EVERY FPGA supplied through the commercial supply chain, it is almost impossible to embed a 'generic backdoor' that could subvert EVERY possible embedded SOC CPU design without a LOT of embedded malware code - and that would stick out like a sore thumb.

This is because, if we chose an FPGA which uses an external Serial Flash chip to load it's configuration - then it would be very difficult to HIDE the required massive amount of exploit code on the chip's mask without it being noticeable with even a cursory microscopic examination of the chip. (you think no one is going to notice a FEW BILLION extra flash cells).

The idea that such an exploit could be 'very simple' and still effectively backdoor EVERY possible SOC design that might be loaded into a generic FPGA is pretty ludicrous, and hiding a complex multi-gigabyte exploit in plain site on EVERY FPGA would be quite challenging.

In any case, such an attack would be many, many, many orders of magnitude harder than hiding the simple subtle mask layer defect backdoor exploit mentioned in the above paper if we were working with a known 'vetted' ASIC.

So, ultimately, the saving grace for GENERIC FPGA hardware is the fact that no matter how sophisticated the attacker is - THEY DON'T HAVE A TIME MACHINE.

So AFTER you implement your design - the attacker can't go FORWARD in time, break the chips AES firmware encryption, examine the firmware code - then RETURN TO THE PAST and insert a tailor-made hardware exploit at mask level in all the FPGAs you purchase *BEFORE* you purchase them.

I can see at least ONE generic attack that you would have to guard against on FPGA chips, especially those with internal FLASH. On such chips, if the foundry embedded the equivalent of a backdoor ESP8266 core, the chip could easily be programmed to find an open wifi, bypass it's internal code protection and dump an unencrypted version of it's current firmware to the attackers Internet site - where the attacker would be able to analyze it at leisure - then do an over-the-air update to subvert your chip.

This is why I specified an FPGA which loads its firmware image (optionally AES encrypted and signed) from a jumper controlled write protected external serial flash, and which has a simple enough flash-less chip design - so that it would be much more difficult to hide a sophisticated WiFi style backdoor. Not impossible (so this is still a concern) but much more difficult, and thus highly unlikely for a randomly selected generic commercially supplied FPGA.

To avoiding problems AFTER your design is public, you would simply make a lifetime buy of the critical FPGAs components BEFORE the design is made public.

May 26, 2016 12:01 AM

Nick P on Friday Squid Blogging: Squid Kite:

@ Dan3264

Good thinking. The microcode for obfuscation strategy was in a private proposal to NSF for a grant. I couldn't get University partnership for the real proposal. That was first part, though. There's a better technique I came up with for microcode that, if performant implementation is possible, gave attack costs similar to symmetric cryptography on per instruction basis without using cryptography. I haven't published it yet as it might be a dud or hit. I liked it gave me microcoded processor as a side effect for obfuscation you mentioned. Extra benefits included building abstract machines (eg Java, Oberon) via microcode to use with safer OS's like JX OS or A2 Bluebottle.

@ r

"NOBUS it's too late anyone would have to start ALL over at 50um?"

We actually don't have to. The circuits stop being visually verifiable at 250nm. That means existing fabs at 350nm can be used. I've collected lots of techniques to be used with them to max out what they can do. Additionally, one might be able to use ebeam workstations to print trusted chips or masks for lower nodes. There's ways to obfuscate and counter some risks there. Not publishing that for now in case opportunities arise.

@ Figureitout

"Not sure why your forays been validated when someone else did the work lol. "

People say I worry about and look into analog stuff too much for a person not building analog. How you can represent computing, cells, etc for attacks or enhancements. I figured it would be combined with CPU's cells (or crypto accelerators) to destroy their security. That's exactly what happened. So, it's good I stayed focused on that risk plus developed partial framework for dealing with it. That framework would've pre-empted this attack.

"Also don't know why you mentioned Thompson"

The HN link you're referring to originally was titled based on his paper with tons of Thompson-related comments. Moderator changed it due to others' gripes. I was sure the first, HW risks were in MULTICS paper. They were. I also re-discovered that they backdoored a compiler to add backdoors to compilers upon recompile with nothing in the source. Looked like the "Thompson attack" to me. Second paper noted that it inspired Thompsons work afterward. Confirmation. So, people keep dropping "Thompson" attack and paper on all kinds of threads when he didn't even come up with it. It was actually Schell and/or Karger that invented it, use of HW failures, and many other techniques that got repeatedly reinvented because people didn't read the darned paper. Citing Karger et al would've gotten INFOSEC students much further given they'd independently re-invent buffer overflows, string attacks, hardware attacks, etc since it was already demonstrated by that one project under different names.

So, just another attempt to destroy that meme that focuses people on a rare attack Thompson himself didn't even come up with. They're better off focusing on what actually compromises them in software and hardware. Plus reading older works that teach them way more.

"it's an already very well known threat"

I'm following what attack papers I come across. Most of them aren't about defeating MCU functionality by adding analog circuits. Most other work attacks crypto and other stuff. Also, MarkH discussed here with Clive and I the same topic as he couldn't see how you'd unnoticeably backdoor such a tiny circuit with no cache or almost any transistors. Please share links to any analog subversions on MCU's that lead to full, stealth compromise as I'd like to have them in my collection.

"Also not sure about your claims of "that's my idea!" again and again for known classes of attack that don't take much imagination"

INFOSEC has mostly been blindsided by these risks despite them being discussed on this blog, in MULTICS evaluation in terms of HW effect on security, in safety-critical field, and, for different reasons, in EMSEC literature for decades. You might be right: most security engineers might have no imagination or just exclude HW from their thinking entirely. Or a few of us were clever. Who knows. (shrugs)

"Easiest defense so far: Eliminate unused space (perhaps for a defense-marketed chip since this appears to have some heavy costs of course). Force attack to work around chip design, making much more likely to be easily detected if certain features just fail to work, chip will be thrown out."

Mine is just to make it correct by construction with a trustworthy flow. You have to do that anyway to make sure you security functionality is correctly translated to transistors. Further, you have to have empty space all throughout the sucker for meeting DRC checks on a decent node and ensuring regular shapes for the gates to ease layout. Eliminating all empty space some analog components can be stashed in could... sort of... be done only if it's custom-level ASIC on older node. We're talking early Forth chips and stuff. Almost unusable today.

May 25, 2016 10:28 PM

r on Friday Squid Blogging: Squid Kite:

@Nick P,

Thank you for both documents linked today. I understand completely how you feel when something you suspect or intuitively feel is validated independently. Again I'm not EE but I did read it and the novelty of that attack with it's time based depletion of trigger 'value'/current is such a sexy way to undermine the reliability of a system.

It reminds me of rowhammer with the way the timer/trigger works in recurrent saturation.

I hope that in knowing iopl and others can be directly subverted on such a small scale will lead to greater examination of that part of the circuit.
As for post-print, GOOD LUCK LOL. NOBUS it's too late anyone would have to start ALL over at 50um?

I hope we got this first.

The torblog I made note of their soft asserts comment in contrast to reading about hard asserts for safety somewhere else... OpenBSD?

It's a great document to peruse and examine, thanks for pointing them both out.

May 25, 2016 9:43 PM

Figureitout on Friday Squid Blogging: Squid Kite:

Nick P RE: malicious analog circuits
--Very nice paper. Not sure why your forays been validated when someone else did the work lol. Also don't know why you mentioned Thompson (oh it's a chance to rag on C again rather than come up w/ a better solution yourself, right) when this is an analog attack in hardware. And why you mentioned microcontrollers in you HN comments all giddy like you're happy they're being attacked, it's an already very well known threat. Also not sure about your claims of "that's my idea!" again and again for known classes of attack that don't take much imagination (I supposedly experienced an "attack" of a bit necessary for putting the chip in programming mode being set by the speed of the comms somehow creating the right signal to set the right bit to 0 or 1, I forget now, preventing the chip from going into programming mode, I don't believe that's what actually happened, but was told that by the manufacturer FAE), do you have a patent or paper where you're the sole author of these ideas, or what? Do you have prototypes of these devices on your desk or even know how to build a basic one off-hand? Just curious.

One question, aren't these "privilege bits" in flip-flops, like control registers? Various "flags" are just bits in control registers too. We set and can read those in software, at least one time w/ the help of an additional toolchain and external programmer/debugger.

So either these can be set by software, and/or set/reset by hardware at will, or there's completely separate control registers being added in that can literally not be touched by software since it's not in original design?

It's a practically speaking impossible vector to 100% defend against when your boards are very non-trivial (worse, what if you wait until after you verify the boards, when you go into production to launch the attack). I've got some practical experience w/ capacitive touch chips, and could implement an obvious form of this attack on one of my products too w/ a counter in software lol. Would never do it of course. W/ the right antenna (this is very exaggerated on what you have in normal boards), you can extend the electric field close to 3ft outside the target chip. That is, 3ft of a complete sphere of where capacitively coupling could take place, this would cover most PCB's. The capacitance values at those lengths were so trivially small we couldn't even measure them w/ any equipment, yet we could detect it w/ a COTS chip easy. That's extreme though, w/ a huge "antenna". In this instance, I think we're talking centimeters at the most. Also why I say, unless this is purely in an IC, that layout of a board is an important engineering decision, due to all the inductive and capacitive coupling that goes on all around a board (any engineer knows this but it's impossible to eliminate it all).

Easiest defense so far: Eliminate unused space (perhaps for a defense-marketed chip since this appears to have some heavy costs of course). Force attack to work around chip design, making much more likely to be easily detected if certain features just fail to work, chip will be thrown out.

May 25, 2016 9:39 PM

r on Should You Be Allowed to Prevent Drones from Flying Over Your Property?:

@Dan,

Internal airspace to the location should be by permission only. People have paintings and stuff... Outside the house the issues of cameras and mics obviously becomes very sensitive... Not to mention electronic eavesdropping so I would definitely make two things happen...
1) drones need to broadcast identity/owner/registrant.
2) the should be forced to retain location data for a certain amount of time.

Now, if you want to violate someone's privacy I think that helps solve the issue and they can identify trespassers for civil court.

I'm all for freedom but all this automation insanity needs some accountability.

May 25, 2016 9:04 PM

Dan3264 on Friday Squid Blogging: Squid Kite:

@Nick P,
I guess you should make your ASICs implement a simple microcode processor rather than directly do what you want them to do. That would make it a lot harder to backdoor(I am assuming that it would be hard to make a useful backdoor for a unknown program that has an unknown behavior). It might also be interesting to have the ASIC output the current microcode instruction every clock cycle. This would allow you to have a device that verifies that the ASIC does what the microcode says it should do(the auditing device should preferably also be a general purpose device, or at least be made at a different time than the main ASICs). This would make it less secure(arguably), but you should at least have some way of preventing the attacker from having physical access to the device(assuming you care about your security that much). I have no experience with custom circuits, I just like over-thinking things.

May 25, 2016 8:34 PM

Daniel on Companies Not Saving Your Data:

I fundamentally don't believe that the marketplace is the proper solution to data retention issues. Putting limitations on data collection and retention is a quintessential legislative function no different than statute of limitations in the criminal law or term limits for political office holders. It's nice, to be sure, that companies are doing this but the reason they are doing it is because of the failure of the legislative branches to engage in any meaningful debate--let alone any meaningful resolution to data retention problems. The whole issue represents a significant failure of democracy.

In a properly functioning democracy Google would have been brought to heel and nationalized a decade ago. In a properly functioning democracy the government would not only recognize but embrace its limitations instead of engaging in parallel construction, secret courts, and endless warfare--all which are classical symptoms of gangster government. Don't get me wrong, I am glad that companies are at least doing something in the right direction but we shouldn't get too excited about applying band-aids for broken bones.

May 25, 2016 7:51 PM

http418 on Companies Not Saving Your Data:

It seems that risk valuations are beginning to rise. Companies that focus on renting out someone else's asset are doing so partly to reduce their risk. Once upon a time owning the asset was the gold. Have governments and lawyers pushed society onto the next plateau?

May 25, 2016 7:50 PM

Dirk Praet on Should You Be Allowed to Prevent Drones from Flying Over Your Property?:

@ Jeremy

Froomkin seems to be defending 500 feet altitude for no specific reason other than it's the status quo. Calo doesn't seem to be defending any particular line at all, just saying we should decide collectively ... Is anyone seriously arguing that congress should be forbidden from changing that particular law using the normal legislative process?

I think you're spot-on. As technology evolves, so should the law. It doesn't make sense to hang on to a 500 feet limit set forth by a law that predates drones (cfr. 1979's Smith v. Maryland in the mass surveillance debate). What is needed is regulation not just based on lobbyist pressure but on a public debate balancing legitimate privacy and security concerns on one hand and equally legitimate drone use for certain practical purposes on the other.

Prominently missing in the NYT article however is the current state of affairs regarding FAA drone regulation, which would undoubtedly have contributed to a slightly more informed debate.

May 25, 2016 7:20 PM

Dan3264 on Should You Be Allowed to Prevent Drones from Flying Over Your Property?:

@r,
What I want is a indoor drone capable of fetching small objects from inside the house. There should be regulations for operating on someone else's property(and possibly regulations for operating drones on your property), but what I want would not apply to most(or all) of the regulations that will be made. The regulations for drone use should be complete, unambiguous, and include the necessary exemptions for law-enforcement/public safety(though that seems to only be various incarnations of eavesdropping, which I am firmly against). As @Thomas said, it would be very helpful if the laws were enforceable.

May 25, 2016 6:44 PM

Dirk Praet on Friday Squid Blogging: Squid Kite:

@ Nick P.

I thought dropping China in a list of democracies would give someone a laugh as it was *clearly* a joke.

I figured that much but seized the opportunity to state on record what I think of them. @Skeptical has previously suggested I'm some kind of Russian agent.

He *didn't* learn from Manning, who did a big dump with big consequences.

I believe both Manning and Snowden's targeted audience was the entire world. But I do understand why many Americans interpret that as treason.

Then, in another conversation, their mind has totally switched gears to go back to talking Obama, Trump, Hillary, whatever.

Politics indeed is the entertainment branch of the military-industrial complex 8-)

Assange case doesn't tell me anything, though, as most of the data shows he might not have been honeytrapped at all.

There's few people denying that Assange is a narcissistic git. But Sweden could have ended the stand-off in the Ecuadorian embassy in London years ago by sending someone to interrogate him. Which they have done for lots of other cases too. His detention in London has even been found "arbitrary detention" by a UN panel. This has never been about the alleged rape case but about Sweden doing the US's bidding to extradite him for his role in Wikileaks. Sweden is definitely the last European country I'd go if I were planning to or had done anything to hurt US interests.

How is it (France) doing otherwise outside rampant I.P. theft?

The country is currently a bit of a mess with significant parts of the population involved in nationwide protests and strikes against controversial new labour legislation. Hollande is probably the least popular French president ever and there's a fair chance that the extreme right will win next year's presidential elections.

The bad thing is their BND's schemes are like NSA and CIA put together.

That's because so far they have been operating in a legal vacuum. One of the positive outcomes of Snowden's revelations is the parliamentary NSA Untersuchungsausschuss committee thoroughly investigating what the BND had been up to. It is rumoured that chief Schindler's dismissal was at the request of Angela Merkel herself. Which would indicate that some folks were less than pleased with what they found out was going on.

Switzerland would seem safer given they're one of only three resisting NSA cooperation.

It's also horribly expensive (like Sweden) and much more boring unless you're working at CERN. You *really* need to check out Berlin some time. It's by far my favourite European city and I can show you around.

I fear Iceland could be made to cave to pressure.

Their PM recently had to step down in the wake of the Panama Papers. The Pirate Party is now going very strong, and they won't cave in to any US pressure. They've told US officials to go take a hike before and they'll do it again.

So, you must not believe that one woman always talking about NATO and terrorist connections.

Sibel Edmonds? She's totally right in that there's a lot of shady stuff going on here, the main reason for which being that, whoever you are or whatever you're up to, there is little you can't get away with in this country when operating outside of the system. I think Molenbeek made that abundantly clear to the entire world. Or take Nisar Trabelsi, a Tunesian-born terrorist who got only 10 years in jail and after serving his sentence it still took more than three years to extradite him to the US.

I bet Snowden got asylum in a police state or something, too.

I think the only way of maintaining a stable regime anywhere in South America is by installing some kind of a police state. Otherwise you just get one coup after another. Same thing in the Middle East and North Africa. It's a persistent western myth that democracy works everywhere. Replace Putin with the Russian equivalent of Bernie Sanders and the entire country falls apart in the blink of an eye. Democracy can only work if the entire citizenry is behind it and willing to do what's necessary to keep it going.

May 25, 2016 6:28 PM

Show me the law first on Companies Not Saving Your Data:

The public will never have anything approaching meaningful protections of their private data until those protections have, 1) been written into law, 2) have significant penalties for transgressors, and 3) those penalties uniformly enforced.

Until that time, I'll continue to have little trust for those that ask that I "trust them" with my most personal information.

May 25, 2016 5:30 PM

Arclight on Companies Not Saving Your Data:

I'm glad to see that the economics are starting to rationalize. Realistically, how much old data is really valuable to someone trying to sell you a product? Is the fact that you repeatedly searched for "How to buy a gun in West Virginia" or "Contraindications for herpse simplex 2 treatment" of more interest to an authoritarian security agency or someone who sells annuities?

May 25, 2016 4:59 PM

Jerry on GCHQ Discloses Two OS X Vulnerabilities to Apple:

@Ben

No, since the US/UK are a lot more reliant on hi-tech than China and Russia... the US/UK are FAR FAR FAR more vulnerable to ALL SECURITY issues! It would be in their best interest to FIX THEM ALL FOR GOOD instead of encouraging more bugs and trying to hoard knowledge about them.... They're shooting themselves in the head, in this arms race!

May 25, 2016 4:47 PM

Lol on Google Moving Forward on Automatic Logins:

@Clive Robinson

Now here I thought they were just going to "tune" into the right frequency to view the picture (i.e. everyone's secretly implanted with cameras at birth, which broadcast publicly)

@Tovarich

Companies (which tech companies are a subset of, which the tech community is a subset of) were never designed to be the "guardian" of anything but their own profits... Government is supposed to be protecting people from those companies, instead of being worse oppressors themselves...

@Creepy Google

Darwin got it backwards, mankind isn't evolving, it's devolving. Entropy always increases over time. It's a basic law of physics.

May 25, 2016 4:43 PM

Sancho_P on Friday Squid Blogging: Squid Kite:

@Clive Robinson

Re:
[Sancho_P]: But in reality no one can win the race of endless growth in limited space and resources.
[Clive Robinson] “Yes they can, …”

Nah, mankind will lose, nature will succeed.
I’m afraid you are at the wrong end of that stick, technics is not the solution, it’s the problem.
You are spot on with the energy issue, but whatever we think (renewable, hydrogen storage, increasing efficency) it only will shift the problem into the near future, probably by years, however, the outcome would be the same or even worse.
Good article regarding your fellow citizen W. S. Jevons (Jevons Paradox, 1865) at the monthly review http://monthlyreview.org/2010/11/01/capitalism-and-the-curse-of-energy-efficiency/

Growing population and access to commodities are at the other end of the stick.
Wait until people have to flee coastal regions and dry land.

May 25, 2016 3:35 PM

r on Should You Be Allowed to Prevent Drones from Flying Over Your Property?:

@dan,

Instead of fetching candy responding to an AED or insulin emergency or first response in the case of the cops/ambulance if on the way to an armed situation. Certainly public entities need exemptions to any roles erected but hobbyist roles/rules needed to be studied.

There could be a great deal of money made for noise complaints and civil zoning or parking violations also.

Private or press investigative abilities needed to be defined too with respect to private property.

May 25, 2016 3:28 PM

Ben on GCHQ Discloses Two OS X Vulnerabilities to Apple:

It's an arms race - where they are competing not just against Apple, but also against the FSB and PLA (or whatever their cyber-cyber arms are called).

As long as they have sufficient in reserve, it's in their interest to see the number reduced to make it harder for the competition. If they have a large lead, and good intelligence, the may even be able to shut other state parties out altogether.

And that's without the publicity angle.

May 25, 2016 3:07 PM

Dan3264 on Should You Be Allowed to Prevent Drones from Flying Over Your Property?:

@Clive Robinson,
Spying on people isn't the only use of drones. I personally want to get(or make) a drone that fetches me candy on demand(I note that I typically deviate from the norm, so what I want might not be a good example). I am sure that there are other reasons for flying a drone on the property of the drone's operator. Spying on people is one of the only reasons for flying a drone on someone else's property. I agree with everything else you said in your comment.

May 25, 2016 2:59 PM

Creepy Google on Google Moving Forward on Automatic Logins:

@Clive Robinson • May 24, 2016 10:01 AM

It also works the other way in that what was considered normal or atleast acceptable a few years ago is now considered creepy.

--

Yes. For example, it's now considered "creepy" not to have a Facebook account.

If that's an example of society "evolving", I don't care to see what evolution it makes next.

May 25, 2016 2:18 PM

divVerent on "Schneier's Law":

ROT-26 is a very secure cipher as it has Semantic Security against Unknown Anytext Attacks: given a plaintext and corresponding ciphertext in unknown order, it's provably impossible to guess at a chance higher than 1/2 which of the two is the plaintext.

Proof: trivial.

May 25, 2016 2:00 PM

Jeremy on Should You Be Allowed to Prevent Drones from Flying Over Your Property?:

I think it's pretty obvious that a drone "overflying" your property at a height of 6 inches has to be treated the same as ground trespass, and that a drone "overflying" your property at the height of the moon has to be treated as not being on your property at all.

The question is therefore NOT "should drones be able to fly over your property?", it's "how close should drones be allowed to fly?", and possibly "what additional restrictions should we impose as they get closer?".

Froomkin seems to be defending 500 feet altitude for no specific reason other than it's the status quo. Calo doesn't seem to be defending any particular line at all, just saying we should decide collectively (isn't that what we already did, by forming a government and passing the 500 ft law? Is anyone seriously arguing that congress should be forbidden from changing that particular law using the normal legislative process?).

I am completely unimpressed by both sides.

May 25, 2016 1:12 PM

Nick P on Friday Squid Blogging: Squid Kite:

@ tyr

The Tor post was actually a good write-up. They're discovering some of the things QA people and high-assurance been telling them for years. I'm not following up with them as they'll just ignore it. I'll keep the article, though, as it nicely lists prevention/detection techniques along with specific issues they addressed. It will be good for empirical studies later on. Maybe directly usable for some C coders, too.

May 25, 2016 1:12 PM

Jesse Thompson on Should You Be Allowed to Prevent Drones from Flying Over Your Property?:

For those saying "Don't make a law you can't enforce", we're not talking about expectation of "illegal to fly in this area" translating to Law Enforcement having a duty to track down the drone's owners any more than they already have a duty to track down a bike thief. (haha! Like they're ever going to find a bike thief!)

What we are talking about is unshackling the homeowner's legal capacity to disable, destroy and/or claim drones they can prove were trespassing their property.

Initially I would have argued incentives to give the drone back in return for forcing the original owners to come forward and also first accept the legal culpability to get it, but then I realized every belligerent property owner would simply make sure they overkill/destroyed it to maximally spite original owners which would not be a helpful cat herding law at all. It would be broken windows to the economy.

I'd rather see a property owner incentivized to try to do minimal damage to it expecting to resell it or use it to their own purposes so that in case the drone turns out not to have been trespassing, the value of the asset is not completely destroyed and thus greases the wheels of any potential court case. EG, I'd rather an otherwise judgement proof property owner at least have something (the mostly functional drone) they could be forced to surrender to owners in the event they win the case.

May 25, 2016 1:06 PM

Nick P on Friday Squid Blogging: Squid Kite:

@ Clive, Dirk

"Curious you put China in with major democracies..." (Clive)

"I mostly agree with @Clive. Russia and China can hardly be called democracies." (Dirk)

Wow, you people are slow sometimes for otherwise bright fella's. I thought dropping China in a list of democracies would give someone a laugh as it was *clearly* a joke. Serious conversation could use a light-hearted moment. Bombed that one... Here's another try that was almost applicable to all programming language wars until [spoiler] happened. You'll know since you'll die laughing when you see it.

@ Clive

"As for European countries especially Germany and Sweden, you as an American would not be popular, nor would your business. "

I was worried about that sort of discrimination.

"Donald Trump and Hillary Clinton and Obama's TTIP are doing you a lot of harm and as my early discussion with Dirk may have shown you right wing nationalism is very much on the rise. "

We're aware of it. Even in the South, there's a number of people that once voted Republican but joke they'll leave the U.S. if Trump is elected. They won't but I'll consider it.

"Other friends in Germany were likewise raising red flags about nationalism."

Their solution was Made in Germany. I warned them it didn't matter. The BND leaks were very amusing to say the least. :)

"The thing is that their signals directorates tend to see themselves as being above politics and the elected representatives and the legal process"

Well, the concern is more about "can they force me to backdoor stuff, indefinitely detain me, or murder me?" Idk about Belgium as they're tight with U.S. spooks. So, was looking into Sweden. They'd be a choice worth considering if they don't have or enforce the equivalent of the Patriot Act. ;)

"Five Eyes is no more than a fading memory that died in the 80's and 90's when fiber took over from satellites and mobile phones started replacing land lines. A new IC federation was born, the countries involved can be identified by looking at a map of undersea cables and GSM equipment manufacturers and the way traffic is routed."

I disagree. Five Eyes is still dominating in intelligence collection and capabilities. The others are competing for more access to the club. That alone tells us it's valuable. The expanded Eyes federation has less access and mostly serves Five Eyes' interest for promises of handouts valuable to them on occasion. They're lapdogs. Five Eyes still needs a big challenger. Chinese, Russian, or other Asian competition in secure chips and products is best bet.

"I would look outside the political union --of full EU members-- and outside of any NATO members, which realy does not give you much in the way of choices."

That's what I was worried about.

@ Dirk

"But I still think of him as an idealist who meant well... he had learned from what happened to Manning..."

He *didn't* learn from Manning, who did a big dump with big consequences. They all need to stop doing that if aiming for domestic action. He did learn from Tice, Drake and Binney. So, next one is ideally more like Drake or Binney with press approach Snowden took.

"I guess the majority simply refused to believe that the US had slowly been turning itself into a police state, with a legislative and executive branch wholly owned by corporate America and the military-industrial complex. "

I don't know. Many of them know it and even talk cynically about it. Then, in another conversation, their mind has totally switched gears to go back to talking Obama, Trump, Hillary, whatever. Or shootings. Or football. I think MSM has finally mastered conditioned response on these issues.

"For me, it is hard to fathom that in some not so distant past a president almost got impeached over an affair with an intern"

Yeah, the contrast is shocking. Amazing how far away from democracy they went in such a short time.

"Sweden for all practical purposes is a US subsidiary. The Assange case made that pretty clear "

It might be. Part of my research goes that way. Assange case doesn't tell me anything, though, as most of the data shows he might not have been honeytrapped at all. His later actions showed he was a psychotic, domination/control-freak. Especially toward Berg. I could easily see him preying on some fangirls then not stopping when asked. Regardless, Assange is an exceptional case that we shouldn't read too much into given his organization was a threat to U.S., Sweden... everyone with damaging secrets. Everyone wanted him gone.

"The UK in terms of privacy, civil liberties and surveillance arguably is even worse than the US. "

You now know why I'm staying away from it. :)

"France has recently passed some draconian surveillance legislation and that was even before the November Paris attacks. "

Powermongers are exploiting the deaths. How is it doing otherwise outside rampant I.P. theft?

"Germany is a bit of a special case. "

It really is. I have a hard time analyzing it. On plus side, they already dealt with a surveillance state which resulted in stronger Constitution on that and resistance from public. The bad thing is their BND's schemes are like NSA and CIA put together. Hard to say a person truly threatening to them would be safe there. They'd come up with *something*.

"which explains why folks like Jake Appelbaum and recently Isis Agora Lovecruft have sought refuge there. Laura Poitras also stayed in Berlin for quite a while."

They're taking educated guesses. Switzerland would seem safer given they're one of only three resisting NSA cooperation. But, Germany has political asylum that could benefit Appelbaum, etc. Hard to tell. I think they're there for the beer, dates, parties, and CCC. Or maybe I'm projecting my own reasons for visiting Germany in the future.

"Iceland and Switzerland are good picks too. "

Near top of my list. I fear Iceland could be made to cave to pressure. Switzerland is very strong. Their last fight, the tax fight, had an interesting result where they just said no to American accounts rather than thoroughly cave to demands. I expect they'd do something similar about data privacy given business going their way. Swiss money, selfishness, and faux neutrality are a great combo in this situation.

"Even Belgium is."

So, you must not believe that one woman always talking about NATO and terrorist connections. She always references the operations in Belgium supporting it all. They're also NATO headquarters. They also front our covert, financial battles against Russia and China. Quite frankly, I'd not feel safe in Belgium if U.S. wanted my ass.

"we do have..."

Those all sound good. I just fear they also have the capability to prioritize when it counts. :)

"But which has recently changed. Most of his recent articles are about the Brazilian coup"

That's good. I can't call him on that now.

"In exposing the Petrobras spying, he scored big time with the previous administration that in exchange quietly protected him and his Brasilian partner David Miranda from US retaliation in the wake of his Snowden revelations. "

Bingo! Heroic indeed. I bet Snowden got asylum in a police state or something, too. ;) I don't blame them so much as saying they're just people. They do a mix of selfish and selfless things. So, we can call out or credit each.

May 25, 2016 12:51 PM

Tovarich on Google Moving Forward on Automatic Logins:

Given the behavior pattern based component, coupled with Alphabeth's [brazen that name] lack of help desk, this approach will inevitably degenerate into the modern version of checking in with authorities in advance to declare your future activity patterns.

The tech community has completely failed to act as guardians of society at large. We have built the surveillance society. No doubt Ted is having a good laugh at the supermax over this latest episode.

May 25, 2016 12:29 PM

Nick P on Friday Squid Blogging: Squid Kite:

@ All

Analog Malicious Circuits

BOOM! My forays have been validated! :) Originally inspired by our hardware guru telling us about people embedding analog in digital cells to do sneaky things. He also suggested leaking or messing with bits in CPU's. Probably saw it in the field. Leveraging MULTICS work, I further speculated digital, analog, and RF trojans would be put into MMU's, IOMMU's, PCI, TRNG's, and some other things. Now, we're seeing both of our predictions in action with this attack knocking out CPU protection.

Note 1: My framework I described here and on Hacker News would've prevented it as it uses only validated digital and analog cells vetted by mutually, distrusting parties. I mean, the attacker would have to be *really* clever.

Note 2: Memory problems made me forget and re-discover something even better: Thompson attack isn't Thompson's. It was yet another find in MULTICS Security Evaluation by founders of INFOSEC, Schell and Karger. See p17 in this paper. The looking back paper made later specifically mentions that the work inspired Thompson's paper. Thompson's fanboys kind of leave that part out and ignore rest of MULTICS work. Too bad since another thing in paper... reason I dug it up... was that they inserted a software trap door that waited for failures in HW, esp MMU, to escalate their privileges. People should've learned. ;)

Note 3: Maybe Thompson should've ripped off reverse stacks, prefixed strings, and safer-by-default language that prevented many vulnerabilities in MULTICS. Would've been helpful for UNIX later on. Today. Five years from now. :)

May 25, 2016 12:19 PM

r on Friday Squid Blogging: Squid Kite:

@Nick P,

My area's been hard hit like that too it may be unrelated to the current over-prescription/heroin epidemic but thankfully my area also overlaps with one of the housing crisis'. It's not too hard to 'catch a break' and 'ride the wave' if you're aware and prepared.

May 25, 2016 12:16 PM

albert on Should You Be Allowed to Prevent Drones from Flying Over Your Property?:

I again refer you to:

...
CRS Reports & Analysis
Legal Sidebar
Delivery Drones: Coming to the Sky Near You?
https://www.fas.org/sgp/crs/misc/delivery.pdf
It's only 2 pages. Read it! (may 13)
...

Notwithstanding the NYT fluff piece, this is what's -actually happening- inCongruous.

Yes, the FAA can write regulations for civil aircraft, but they will only be able to -enforce- regulations on drones operated by -commercial entities-. Regulation of hobby drones will an exercise in futility. LE -will not- want this added to their list of responsibilities. Far easier to eliminate hobby drones completely.

. .. . .. --- ....

May 25, 2016 12:08 PM

Rodrick Mower on Should You Be Allowed to Prevent Drones from Flying Over Your Property?:

No sir, it's not a flying spy-cam aimed at your daughter's bedroom, it's what we like to call an unmanned aerial vehicle making lawful use of of the airspace above your property for for the broader good of humanity and the pursuit of technological innovation.

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient, an IBM Company.