Recent Comments


Note: new comments may take a few minutes to appear on this page.

January 21, 2018 3:33 PM

cisblender on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

"Meanwhile in the UK we tolerate gender fluidity hysteria"

Meanwhile the only folks talking about it here seems to be hysterical "males" decrying gay people.

I'm a straight guy, I'm not really threatened by other people's sexual identities.
I don't feel a compulsive fear or need to bring it up suddenly in a security blog,
pretend to be a slurring Brazilian doctor to make a "point" of sorts - odd choice.

My only question would be why are you so concerned about gay people's sexual proclivities?
No really how did you even get stuck on this...

Read More →

January 21, 2018 2:56 PM

Nothing New on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

Big Brother on wheels: Why your car company may know more about you than your spouse.
https://www.washingtonpost.com/news/innovations/wp/2018/01/15/big-brother-on-wheels-why-your-car-company-may-know-more-about-you-than-your-spouse/

Most new vehicles monitor where the driver goes and how he or she drives. They have become sophisticated computers on wheels that offer even more access to our personal habits...

Read More →

January 21, 2018 2:54 PM

justinacolmena on Security Breaches Don't Affect Stock Price:

@Thales

Re: CB Ponzi. Yes, it's called "fractional reserve banking." The Federal Reserve was founded in government-conspiratorial secrecy in 1913, ostensibly to "stabilize" the economy. None of the economic crashes the U.S. had experienced up to that time was as bad as the Great Depression of approximately 1929 – 1943.

Only a last-ditch declaration of total war, and a total conversion of the country's entire economic capacity to the production of war materiel with strict rationing of staple goods and military supervision of all manufacture and trade pulled...

Read More →

January 21, 2018 1:10 PM

Dr Alex Ferreira Barbosa on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

What is this discriminatory and derogatory drivel about transexuals and homo people about? Quite offensive and retarded, in my opionion. In my successful clinic in Guarapari, we successfully cure people deviant mind e.g. trannies dykes and homos. Was also reported in newspaper around globe. So, pleeese stop harrassig ill minority. Let them seek healing. https://tinyurl.com/yclpkm7s Dre Barbosa

January 21, 2018 12:49 PM

John Miller on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@ Wesley Parish

That "classified memo" is apparently GOP-cooked bologna only intended to throw a wrench into the FBI's powers of investigation into Trump's treason/collusion/obstruction. It doesn't actually include anything "new", what it does have is a summary of known-existing classified programs that most people don't know about in Congress and they're pointing at it as if it's proof of something nefarious by virtue of it being classified. Classic misdirection.

They have the power to declassify it right now of course, though we already know what's in it....

Read More →

January 21, 2018 11:46 AM

Clive Robinson on Security Breaches Don't Affect Stock Price:

@ VinnyG,

Apparently many of the participants in this forum believe the solution to that is merely to whisk away the veil.

No it's not the solution, but it is one of the first steps, to finding a realistic solution.

Look at it this way, roaches stay out of the light, because if you can not see them you can not squish them. Likewise all undesirable behaviour, first you've got to see there is a problem then after a little assesment decide on the scale of the response and the way you are going to apply it.

That said I've been mentioning that...

Read More →

January 21, 2018 11:15 AM

Clive Robinson on Article from a Former Chinese PLA General on Cyber Sovereignty:

@ Sam Weller,

Quite recently the Lotte company allowed the U.S. to station an advanced radar and missle system, THAAD, on land it owned in South Korea.

You along with most US or Chinese backed reporting are leaving out an important parts of the Lotte story or are deliberatly trying to twist the facts...

Yes Lotte DID own the land past tense, they had a business running on it that from what has been said was quite profitable. Thus Lotte did not want to sell the land or have to close down the business. Lotte spent considerable time and effort trying...

Read More →

January 21, 2018 10:40 AM

VinnyG on Security Breaches Don't Affect Stock Price:

@bcs re: "The kind of regulation I'd consider worth looking into would be to make is more costly to do things wrong..."
That is exactly the kind of action and judgement that is supposed to result from a (free) market. Unfortunately, as noted in different ways by justina colmena and Thales, we don't have anything even close to that. We have pay-to-play (i.e., bribe-a-politician-to-play) combination central command economy (thinly disguised as an actual market) and kleptocracy. Apparently many of the participants in this forum believe the solution to that is merely to whisk away the veil.

January 21, 2018 9:38 AM

Thales on Security Breaches Don't Affect Stock Price:

"The market isn't going to fix this."

Because we don't have "markets". We have a CB ponzi. Central banks have been net buyers and the stock indices are directly coorelated to CB balance sheets - like the FED. Check the charts.

That's how you end up with this: https://jessescrossroadscafe.blogspot.com/2018/01/stocks-and-precious-metals-charts_12.html

"If we want better security, we need to regulate the market." - Yes, the market is supposed to be...

Read More →

January 21, 2018 8:47 AM

PearGranola on Article from a Former Chinese PLA General on Cyber Sovereignty:

Interesting framework. It's curious that they didn't list businesses as a cyberspace actor. Since they own a lot of the infrastructure, services, and intellectual property it might make sense that they are already part of this sovereignty debate. Yet where are they in this framework?

January 21, 2018 6:55 AM

Clive Robinson on Friday Squid Blogging: Japanese "Dude Food" Includes Squid:

@ tyr, Sancho_P,

It is hard not to feel entitled if you paid into something your entire working life.

If you have paid in fairly then yes you have a good reason to expect fair treatment.

But those who are "unjustly self entitled" do all they can to pay nothing let alone fairly. They would rather spend their money buying the legislatures. Have a look at the latest US tax legislation to see a "shell game in progress" that is who gets the sunset clause and who does not. Then figure how many times that can be used to buy citizens votes, whilst giving...

Read More →

January 21, 2018 6:12 AM

Clive Robinson on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@ Wesley Parish,

You know how the red cape functions in bull-fighting, don't you ...?

I know what the bull fighter supposadly believes, as for the bull...

An American in Spain in bull fighting season goes into a restaurant, he sits down and looks at the menu to decide what he would like. Whilst he is making his mind up there is a chearfull commotion by the kitchen door and with much fanfare and chearing from the other patrons a large dish on a large platter is brought out with two very large meatballs covered in thick sauce is presented to another...

Read More →

January 21, 2018 5:00 AM

Ratio on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@echo,

[Jordan Peterson] refuses to use terms preferred by trans men such as "ze" (which I personally accept is jargonistic).

Having just seen the video, I don’t think that’s accurate. He’s objecting to compelled speech, IIUC.

@Wael,

“Etc” was “finish the final step of”. No mystery. (Or is there…?)

Do I get to Tick-Tock you, then?

Sure, go ahead, Clæwice! Should I drive this time? ;-)

What's the rush?

Dunno, man. People are always in such a hurry…

January 21, 2018 2:05 AM

tyr on Friday Squid Blogging: Japanese "Dude Food" Includes Squid:


@Clive. Sancho P.

It is hard to get people to understand something
when their livelihood depends on not understanding
it. Markets are a creation of the State but moderns
envision them as something disconnected from the
governments. They are also as new as an electric
toothbrush.

The slippery slope that allowed them to disconnect
from oversight is one of the greatest shell games
ever pulled off on a population.

USA seniors are a cash cow for the medical folks
you can make big money off the government and big...

Read More →

January 21, 2018 1:54 AM

Wesley Parish on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@Clive Robinson

It might not even have made much difference to them if they'd known exactly how much power the President of the Galaxy actually wielded: none at all. Only six people in the Galaxy knew that the job of the Galactic President was not to wield power but to attract attention away from it. Zaphod Beeblebrox was amazingly good at his job.
I think we can take for granted now that the United States of America has shifted from having an Executive President to a Red-Cape President. You know how the red cape functions in bull-fighting, don't you ...?

January 20, 2018 10:43 PM

Clive Robinson on Jim Risen Writes about Reporting Government Secrets:

@ mostly harmless, Tatütata,

I forgot to mention if you look on page 62, you get info on CCITT ITA2/#2 with some half truths and the reason for an oddity or two with why preables were sent.

Firstly, the NUL is incorrectly identified as not used, and the date of the CCITT code given as ten years after it was started to be looked at.

If you have a hunt around you will find that Vernam's pattent was 1919 and CCITT unofficialy kicked out a notification in 1920...

Oh and the oddity of preambles sent by operators of

1, Five or more NULs
2, Two FSs...

Read More →

January 20, 2018 9:39 PM

Cipper on Article from a Former Chinese PLA General on Cyber Sovereignty:

China is such an interesting place. But the thing is that humiliations of the past have forged the will to compete with the West. And while we often criticize China for things like mass surveillance and face recognition and big brother mentality, isn't the same thing happening in the West as well? The difference is that in the West we have let so called "democratic governments" impose those things and the goal these governments project is mass migration, race mixing, new genders and so on. Basically, they do the same things but they insist it's for "good cause", whereas the Chinese are...

Read More →

January 20, 2018 9:30 PM

Clive Robinson on Jim Risen Writes about Reporting Government Secrets:

@ mostly harmful,

I would be grateful for a pointer, if it isn't too much trouble. Or, failing that, a name or title.

Here you go,

    "Coded Character Sets, History and Development"


    Charles E. Mackenzie

    IBM Corporation

    Copyright 1980 Addison-Wesley Publishing Company, Inc.

    ISBN 0-201-14460-3

I think this is the download link,

https://textfiles.meulie.net/bitsaved/Books/Mackenzie_CodedCharSets.pdf

Have...

Read More →

January 20, 2018 9:02 PM

Clive Robinson on Friday Squid Blogging: Japanese "Dude Food" Includes Squid:

@ Sancho_P, tyr,

Before discussing possible solutions it’s mandatory to understand the situation.

Unfortunately in life that little requirment is moot more often than not.

The starting point is recognizing there is a problem in the first place. Most Western Governments know without doubt that there is a problem. But... the citizens in the main do not. By far the largest part of the problem is Western Governments do not want the population realizing there is a very real problem.

Why that might be so is perhaps the 9/10ths of getting the...

Read More →

January 20, 2018 8:57 PM

65535 on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@ Weal

I understand.

I have tried to sell pgp/gpg to clients with little sucess. Key distribution and ease of use put pgp/gpg at a disadvantage. Further, Proton and Hush mail services work fairly well.

I believe encryption of files on windows 7, 8 to 10 would be a little safer using pgp to send over the net with SSL/TLS further wapping the file [True crypt seems to be safe and easy to use until Win 7].

[Next]

@ text message or SMS experts

What is the low cost way of sending a short text message to a friend’s cell phone via computer? Many...

Read More →

January 20, 2018 7:29 PM

Wael on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@Anonymous2c, @65535,

PGP / GPG

I'm no expert in either, to be frank. I only looked at them because I had an idea to sign my postings here with "invisible signatures" (the puzzle @Ratio doesn't want to finish the final step of.)

I always thought PGP is overly complex (for the task it does) and haven't used it recently. I used it a few times long time ago. I only looked at those tutorials to get something going quickly. The person you need to ask is @Dirk Praet.

January 20, 2018 7:21 PM

65535 on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@ wael

Thanks.

Nice pictures in that tut

I downloaded gpg4win3 and I hope this is what you were talking about. When I pasted the exe into my various programs I found I had gpg4win 2.3. Someone may have suggested it to me before this. That was a little clunky to use.

Then I looked around and found gpg4usbxx for a usb stick and that might be easier to suggest to my clients. It is now downloaded.

note: the newest version of gpg4win3.3 tries to get you do donate by a redirection. I would suggest the site take that down.

January 20, 2018 6:44 PM

mostly harmful on Jim Risen Writes about Reporting Government Secrets:

@Clive Robinson "If people are having trouble sleeping I can dig out a refrence to a PDF of it 0:)"

I would be grateful for a pointer, if it isn't too much trouble. Or, failing that, a name or title.

And yes, before someone asks, I do suffer from insomnia. Who would have guessed it was due to insufficient (reference materials on) character (set) development?

January 20, 2018 6:18 PM

65535 on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@ wael

That is a good one for macs but windows the command key is the windows key… a fairly powerful key.

“press ⌃⌥⌘= to encrypt and press ⌃⌥⌘- to decrypt” –best pgp tutorial for mac

The control, Option [I cannot find it on some small key boards and have to use combination key or unicode], Command [or clover, I cannot find on some small key boards and requires hotstring], equals sign. The command in U+2318 and in HTML ⌘

The decrypt sequence symbols is the same except with a minus sign at the end.

With small key boards are you supposed to...

Read More →

January 20, 2018 6:08 PM

Anonymous2c on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@Clive Robinson

"Which leaves the question as to if there is a way the President can call the politicos bluf and throw it back into their court to be revoted on amendments and all..."

Afaik Section 702 has been extended. "This means six more years of warrantless surveillance under Section 702 of the FISA Amendments Act."...

Read More →

January 20, 2018 4:01 PM

Gimme Some Truth on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

Unfunded Work
Mark Zuckerburg wants products (Facebook users themselves) to be responsible for prioritizing news sources that THEY deem “trustworthy, informative, and local".

When everyone complains next time, FB will have the facile excuse of plausible deniability: it’s the Products fault NOT ours!
The training of over 4 billion uncompensated human help is very clever; this stroke of genius should both increase profits and generate goodwill.

In contrast to feeding, I go independently to the news site using convenient bookmarks. IMHO every news source is...

Read More →

January 20, 2018 3:59 PM

PopeyeTheSailorMan on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

Who made the Wind?

Words are not cheap, whether used with the typewriter or the pen.

I am a nanomachine made out of particles of light from another universe.

Joking.

I am Deadpool. ;-)

Werd.


Just a NSA test system, to see if anyone can prove I am actually a human being...

As I know who works here.

:-)

January 20, 2018 3:37 PM

Clive Robinson on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@ CallMeLate...

    Forget About Siri and Alexa -- When It Comes to Voice Identification, the 'NSA Reigns Supreme'

If you think back to pre-snowden, @Bruce asked a question about Blufdale Utah and what it could store.

I pointed out at the time that they did not need to store "voice grade" recordings just final transcript and identifier information which is increadably low bandwidth --about 30bits/second-- thus they could easily be storing every conversation world wide they could get their hands on and save it.

I also pointed out --at the same time if...

Read More →

January 20, 2018 2:46 PM

justina colmena on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

terms preferred by trans men such as "ze"

Let's not get cute here. Don' t even try it. Trans men would prefer "he," at least in the English language. In Finnish, "hän" is the preferred respectful gender-neutral personal pronoun for a human being, any human being, transgender or not, rather than the more contemptuous pronoun "se."

@echo, alt-oids, etc.

public doxxing campaigns

My driver's license and bank cards have been stolen both online and off too many times for me to count.

See it here:...

Read More →

January 20, 2018 2:29 PM

echo on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@ alt-oids

I agree completely. I'm just cautious of derailing Bruces blog and attracting the wrong kind of controversy to this blog. I am also sensitive to the need to throttle back so as not to upset more technical and more mainstream security contributors from having their say.

January 20, 2018 1:43 PM

Adarsh Kodati on Hacking Robots:

Hello, i think the robots are coming with AI and with more security, it will not be possible to hack them.

January 20, 2018 1:21 PM

alt-oids on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@ Echo

I reject the idea that we can't call out neo-nazi intimidation groups under a guise of "politics".
They only exist to harass minority individuals in society they see as threats to their station.

It's apolitical, they are trolls first and last. They aren't an actual ideology.
When they began these public doxxing campaigns they then ventured into actual terrorism.
Treat them accordingly, don't be afraid to call that out for what it is.

January 20, 2018 12:30 PM

echo on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

I forgot to add in my links list Channel 4 calling in security experts. After my previous comment I won't include extra comment to help avoid going too far off topic and attracting too much political comment.

Channel 4 calls in security experts after Cathy Newman received abuse after interviewing the transphobic and mysoginistic Canadian psychologist Jordan Peterson. He is a favourite of the so-called "Alt Right"....

Read More →

January 20, 2018 11:11 AM

echo on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@CallMeLateForSupper

That was a fascinating read about voice regocnition. I daresay human rights and foreign affairs are issues as the article does note in closing.

When a computer system went down a crowdsourcing manual effort uncovered an exoplanet system named K2-138. The snitches!

http://www.independent.co.uk/news/science/k2-128-new-planets-where-discovered-exoplanet-explorers-crowdfunding-nasa-a8169471.html

January 20, 2018 10:50 AM

Clive Robinson on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@ Anura,

[T]his both reduces oversight and expands powers [to] spy on dissidents, purely on the discretion of the Attorney General.

It's actually wider than just the AG, it in effect alows "Special Prosecuters" and any one the AG decides to give latitude to in any Gov entity or contracting organisation etc. Thus give the old work arounds to FOI and much else Journalists use to track down abuses...

The point is though "Who gets the blaim?" when the chickens eventually come home to roost, which they always do...

Not the two houses, they got...

Read More →

January 20, 2018 10:45 AM

Wael on Fingerprinting Digital Documents:

@Ratio,

Playtime’s over, though. ;-)

It ain't over till you post the cleartext message.

Don't run out of steam; Remember, and you'll be done; The key's the rhyme scheme, Replace B with zero and A with one

...

Know that I keep my word; I have class. On Schneier's Blog of Cryptology... My limerick immortalized your *ss With an inscription of your Eulogy

Rhyme Scheme... Limerick.... ? (Psssst: Google Fu might help here.)

January 20, 2018 10:40 AM

echo on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@clive

Yes this is what is claimed in headlines and by vested interests. The medical-legal picture is a bit more involved.

For the purposes of medical issue transgender people are assumed to be of their acquired gender and all practical issues and rights and so forth (with practical adjustments for akward temporary difficulties) are supposed to be made. Ongoing behidn closed doors discussions for the next ICD version shoudl change the category from psychiatric to general medical issue and take psychiatrists out of the loop. part of the reason is due to removing the...

Read More →

January 20, 2018 10:30 AM

CallMeLateForSupper on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

Grab popcorn and adult beverage of choice while you're food shoppin' today.

The Intercept says to both vaguely presidential President Man-Child and Congress: either fork up the beef or STFU

"Republicans Have Four Easy Ways to #ReleaseTheMemo — and the Evidence for It. Not Doing So Will Prove Them to Be Shameless Frauds."...

Read More →

January 20, 2018 10:11 AM

Clive Robinson on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@ echo,

This is not limited to transgender people...

The problem many transgender people face is the requirment under UK law for a gender reassignment certifficate. The process in effect has a "mental health" component...

Which has a knock on effect as other legislation in the Commonwealth and many other countries (the US included) is in effect an admission of being mentally defective, thus loosing many rights and protections under law... The least they could exprct in many parts of the globe is to be refused entry. Likewise their partner being of...

Read More →

January 20, 2018 9:23 AM

echo on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@Anura

RE: Authoritarians going after advocacy groups and individuals

My personal belief is this case involves both unlawful behaviour and collusion and is a naked attempt to cover up widespread abuses within the healthcare system and legal system and law enforcement system. This is not limited to transgender people but also black people and women and disabled people.

https://www.theguardian.com/society/2018/jan/20/tara-hudson-transgender-prisoner-sues-government

January 20, 2018 9:03 AM

Anura on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@Clive Robinson, Wesley Parish

It should be noted that this isn't just reauthorization - this both reduces oversight and expands powers spy on dissidents, purely on the discretion of the Attorney General. Jeff Sessions is a hard-right, authoritarian who will undoubtedly use this to go after groups like Black Lives Matter and Antifa, or any other group seen as in opposition to police brutality or capitalism....

Read More →

January 20, 2018 8:31 AM

Clive Robinson on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@ Wesley Parish,

With regards the US politicos and the 702 renewal...

In the UK we have an expression which is,

    Stiched up like a kipper

Which is what you have just seen Donald Trump has been setup by both sides of the political divide with the timing of this release just after they have voted but before he gets to ink it into law...

Thus the politicos have a guilt edged excuse of "not knowing" for voting the way the NSA and FBI / DoJ want, but the President has had that same excuse ripped away from him. Thus he will get the blaim for any...

Read More →

January 20, 2018 8:23 AM

JG4 on Friday Squid Blogging: Japanese "Dude Food" Includes Squid:


@Rachel - Thanks again for the tips on electrolytes. My estimate for the out-of-pocket for the last hospital episode was not far off - the tally is close to $3K. I think that I said that I've been feeling better since I started getting enough magnesium, but potassium, calcium and sodium may help even more. My initial recognition of the magnesium problem seems to date to mid-June 2017. In recent weeks, I've been much more careful to get enough potassium, which has a surpringly large recommendation of 4.7 grams per day. It has been rare that I got enough potassium over the past...

Read More →

January 20, 2018 8:02 AM

JG4 on Friday Squid Blogging: Japanese "Dude Food" Includes Squid:


Thanks for the continued great discussion and ideas. I've mentioned system identification a few times and started to describe it. This is a beautiful example of a practical use. We can think of this as a flavor of deconvolution, where the words and content are separated from the physical channel characteristics (loosely, the larynx and mouth).

I'm surprise that they missed my main concern, which is the ability to perfectly spoof anyone's voice. As bad as Matthew Weigman's misdeeds were, they pale in comparison to the focused disruption that could be brought to bear on...

Read More →

January 20, 2018 7:49 AM

echo on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

This article examines the Russian view on hwat they consider a serious military challenge by the UK versus bigwigs vanity projects. The Russians dismiss the nuclear threat (I suspect partially because of mutually agreeable sensible reasons) instead saying the British habit of getting forces into awkward places and having the best light infantry in the world and breeding a nation not of solider but of "warriors" is especially problematic....

Read More →

January 20, 2018 7:31 AM

Sarah on The Curse of the Secret Question:

The answer to this problem is: questions that change every time you load the program. The problem is that this could still be easy to brute force, but depending on how many abstract questions you have, this determine how hard of a function it is to answer.

But extension, if you were to have the user solve a different maze puzzle (think something like a procedural generated rogue like) then not only would they have to guess the right route, they would have to only guess it the first time as the program automatically self-destructs.

Hoping things to be perfectly secure gets...

Read More →

January 20, 2018 3:27 AM

Wesley Parish on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

Just for the record:

America restarts dodgy spying program – just as classified surveillance abuse memo emerges
http://www.theregister.co.uk/2018/01/19/us_congress_section_702_fisa_memo/

The hypocrisy is stunning, even for Congress. One moment, Republicans insist a Big Brother program is needed to foil terrorists abroad, ignoring its ability to pry into the lives of Americans. The next moment, Republicans are upset the same set of laws were indeed used to pry into...

Read More →

January 20, 2018 1:05 AM

65535 on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

Great work. I have to study you pages more in-depth information:

https://github.com/maqp
https://www.cs.helsinki.fi/u/oottela/
https://github.com/maqp/tfc/wiki
[Your blog link doesn’t work]

I just give short snips and make an observation

“…My current approach is to have Flask server and requests client on NH. By default the server sits behind Tor Onion Service (previously called Hidden Service). The request...

Read More →

January 20, 2018 12:04 AM

Clive Robinson on Friday Squid Blogging: Japanese "Dude Food" Includes Squid:

@ tyr, Sancho_P,

Immigration is the stopgap to maintain retirements

I wish people would stop defining a mobile workforce over a wide area,as "immigration" as the word carries significant negative connotations by those seeking control of economic resources.

But yes a mobile work force is a temporary solution to "some problems" but by no means all.

One scary solution to the retirment issue is that of healthcare starving / rationing. That is the older you get the less access you are given to health care, or in the US version of the system the...

Read More →

January 19, 2018 10:53 PM

Wael on Fingerprinting Digital Documents:

I've got a dry cough from the bottom of the lungs and it's knocked me sodwards

Get better soon. I'm still not a 100%, either.

What you call "squab" we would call "wood pigeon" or just "woodies"

Hmmmm. I wish you hadn't gone there! You're asking for a yellow card!

Par for the course! One Pigeon is supposed to be equivalent to 120mg of the blue stuff -- you know, Vitamin V, and it doesn't give you a headache either (not that I would know - I just heard.) Not surprised it's called by that in the UK, according to...

Read More →

January 19, 2018 10:43 PM

Clive Robinson on Fingerprinting Digital Documents:

@ JG4,

I recall reading where they collapsed a major roof with many tons of chicken bones from the nearby dump

Yeah Seagulls are actually taking over from pigeons, more flying dogs than rats. Like Canadian Geese they are not something that you would eat out of choice. I've actually had a full on fight with a seagull that was attacking a child and frightening her mother. They are not just vicious they are bold as well and this one had drawn blood. However once I had a firm grip on it's wind pipe it quietend down sufficient to get it away from the high...

Read More →

January 19, 2018 10:07 PM

Clive Robinson on Fingerprinting Digital Documents:

@ Wael,

Sorry for the late response, I'm a little on the down side myself, I've got a dry cough from the bottom of the lungs and it's knocked me sodwards[1], but I'm still topsides :-)

So back to more important things,

Eat a couple of them, but substitute green wheat for rice, which is a more authentic dish.

What you call "squab" we would call "wood pigeon" or just "woodies" that I shoot in my garden from time to time. Not the "rock dove" vermin we have infesting our towns and cities, that I would not feed to the neighbors cat even though...

Read More →

January 19, 2018 9:50 PM

tyr on Friday Squid Blogging: Japanese "Dude Food" Includes Squid:


@Clive Sancho P.

Apres Moi the deluge.

Caesar Gallic Wars used to be required reading
for educated folk since it detailed how to get
a leg up on enemies when you were outnumbered.
Divide and conquer being the base idea. I have
not seen anyone who advocated multiplying of
your enemies by random acts of stupidity.

However everyone has a plan that will not work.

That plan usually starts This is the only way
to solve problem X. Falls in the same category
as If this is allowed to happen it will be the
end of...

Read More →

January 19, 2018 9:38 PM

Markus Ottela on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

@Nick P, @Clive Robinson, @Sancho P, @Thoth et. al.

Quick progress report on TFC Onion Service backend development:

Here's what it currently looks like.

Back when TFC talked over Pidgin, the messages were essentially delivered on demand. My current approach is to have Flask server and requests client on NH. By default the server sits behind Tor Onion Service (previously called Hidden Service). The request client routes all data through Tor and requests new messages from contact. Once master password has been setup, TxM...

Read More →

January 19, 2018 7:53 PM

paranoia destoys ya on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

A new article about faking domain names using look alike characters from another alphabet was covered here in 2005.
https://www.pbs.org/newshour/nation/hackers-are-flooding-the-internet-with-more-fake-domain-names-heres-how-you-can-protect-yourself

Another possible browser/email fix besides those mentioned 13 years ago would be to show a country flag in the browser bar....

Read More →

January 19, 2018 5:18 PM

Purr on Friday Squid Blogging: Te Papa Colossal Squid Exhibition Is Being Renovated:

Perfect steganography is possible, but expensive. You need a popular software program that works with photos or video or audio. The new version of the software takes the least significant bits of every file, and replaces them with an encrypted file container, regardless of whether the user intends to hide information there or not. Once you have millions of files created with that program, no one can tell which file containers are empty -- almost all will be. Then you could use the program to store or send data securely. Cost would be very high, as you need to buy a company which makes...

Read More →

January 19, 2018 5:13 PM

bcs on Security Breaches Don't Affect Stock Price:

The kind of regulation I'd consider worth looking into would be to make is more costly to do things wrong:

First, legally mandate specific types of actions and results in the event of a data breach. (E.g. if they don't happen, people go to prison and big fines get paid.) Then connect the likelihood of those actions being needed to a present cost. For example, make being insured for data breaches be a regulatory requirement for lucrative markets, say by refusing FDIC insurance to banks that don't have it. (The market should then make better planning result in lower cost...

Read More →

January 19, 2018 4:29 PM

justina colmena on Security Breaches Don't Affect Stock Price:

@house shopping

There is a saying that it is not good to make a whole lot of money at once, and in that same vein, Realitors don't usually accept cash for real estate, so there is not really a good option, even if you do have 100% cash down and are not even applying for a mortgage, to buy a home.

It depends how much cash, of course, and how much of your personal wealth is at stake, but especially at the ultra-low mortgage rates offered today, it seems wise to establish residency in the house you are buying before putting too much cash down on it — and there is some...

Read More →

January 19, 2018 4:23 PM

albert on Security Breaches Don't Affect Stock Price:

If the study is accurate, then it goes a long way in reinforcing the idea that we don't have to worry about cybersecurity. Besides insider trading mentioned by @RobertB, stock buybacks are another way to 'recover' the stock prices.

There are only a few things that can cause real panic in the SM. One is a crash of the exchanges themselves. Another is a panic sell-off due to external factors.

-Financial- regulation is joke. Regulations are approved by the players. Useful regulations may appear honest and fair, but how useful are they when they're not enforced?...

Read More →

January 19, 2018 4:22 PM

VinnyG on Security Breaches Don't Affect Stock Price:

@justina colmena - exactly right. Further, a good question (which unfortunately cannot be accurately answered quantatively) to ask is to what extent the lack of competition exacerbated by regulation contributes to the noted absence of impact on the stock price of a breached company.

January 19, 2018 3:38 PM

Sancho_P on Friday Squid Blogging: Japanese "Dude Food" Includes Squid:

@Clive Robinson

”Without a growing economy and GDP there would be no way for people to retire before they became infirm.”
The reason you mention for the imperative need of a growing economy is one of the often cited killer arguments.
However, it neglects the use of sophisticated tools, machinery, resources and immense external (not human, e.g. fossile) energy.
It may be that a lot of our working force is lost on unneeded products and activities (e.g. war, luxury), but after all, the need of growth to sustain our pensions is dubious.
Better...

Read More →

January 19, 2018 3:26 PM

house shopping on Security Breaches Don't Affect Stock Price:

I just paid $10 to unfreeze my credit so that my mortgage broker could run my credit so I could get pre-approved. The payment screen where I entered my credit card suggested this charge depended on what state I live in. That Experian can nickle and dime me ("Ham" me in this case) is annoying to say the least.

January 19, 2018 2:14 PM

hmm on Fighting Ransomware:

"As always, "mental health" is nothing but a false pretext for gun control,"

If only that were so, we could maybe begin to address either problem.

January 19, 2018 1:48 PM

RSaunders on New Book Coming in September: "Click Here to Kill Everybody":

"Everything is becoming a computer" is the real risk you're talking about. "Hyperconnected" or "Internet+" are attempts to label it intuitively, and I appreciate your desire not to invent a term (though I use "security theater" all the time).

I sorta like "Peril and Promise", though I think you mean "life".

Possibilities:

* Peril and Promise when Everything is a Computer

* Peril and Promise when Everything has a Mind of its Own

* Life when Everything has a Mind of its Own

* Life when Everything has a Mind of its Own and Talks behind your...

Read More →

January 19, 2018 1:45 PM

justina colmena on Jim Risen Writes about Reporting Government Secrets:

Re: TFA https://theintercept.com/2018/01/03/my-life-as-a-new-york-times-reporter-in-the-shadow-of-the-war-on-terror/

That's a piece from "The Intercept_," which tries to portray itself as an "alternative" free press but in reality scarcely lifts a finger to differentiate itself from establishment Democratic Party propaganda.

That publication tends to push a heavy party-line political agenda which I absolutely oppose: (1) pro-marijuana,...

Read More →

January 19, 2018 12:47 PM

Winter on Article from a Former Chinese PLA General on Cyber Sovereignty:

"No, we are not. China is a nationalist project emerging from their bitter humiliations in the last century, especially at the hands of the ruthless, murderous Japanese. In China, this is topic number one."

I do not see much difference in this propaganda with the propanda in Germany before WWII and post WWII USSR/Russia. It is easy to collect countless other examples.

Your other point have counterexamples in the rest of the world and history.

January 19, 2018 12:43 PM

justina colmena on Security Breaches Don't Affect Stock Price:

... disclosure of data breaches ...

Party A's data, in custody of Party B, was breached to Party C.

The fact that the breach took place was disclosed to Party D, which partially revealed some of the circumstances of the alleged breach to the public.

The breach, or the disclosure of the breach, or the public revelation of the disclosure, respectively, is alleged to affect the financial interests of Party E.

Meanwhile Parties F and G already have the entire "scene" under total surveillance and know in...

Read More →

January 19, 2018 12:08 PM

Clive Robinson on Jim Risen Writes about Reporting Government Secrets:

@ Tatütata,

The epilogue sequence is played on a Teletype model 35, a machine initially developed for the Bell System around 1960.

I remember the ASR35's and KSR35's (the later ASCII 7 hole tapes).

Well I bashed the cr4p out of them five days a week around three hours a day in the 1970's when doing the programing thing. Oh trivia time ;-) Unix terminals are called "tty" as short hand for teletype.

The thing is back in those days due to bashing the keyboard fifteen hours a week you developed muscles in the arms and shoulders that made you...

Read More →

January 19, 2018 12:03 PM

Ratio on Fingerprinting Digital Documents:

@Wael,

Now regarding the A-B mapping: Read the poem carefully.

I’d taken “key” to mean “crux”, and sorta stopped reading. *LOL* Next time…

You need to find the key and the algorithm then decrypt it.

Re-reading the poem, it all makes sense and I think I’ve got all the pieces. Playtime’s over, though. ;-)

January 19, 2018 11:59 AM

Wael on Fingerprinting Digital Documents:

@Ratio,

(I’ll see if I can whip up some code to do the decoding later.)

Don't make it too hard on yourself; the poem tells you exactly what you need to do ;)

January 19, 2018 11:15 AM

Wael on Fingerprinting Digital Documents:

@Ratio,

Gibberish looks fine! You basically had two choices regarding mappings of {ZWJ, ZWNJ} to {0,1}, that's why the poem did not cover this mapping since the search space is so small. You got unlucky and tried the wrong mapping first but flipped it around and got the correct mapping -- all as expected.

Now regarding the A-B mapping: Read the poem carefully. Does the poem say:

Don't run out of steam; Remember, and you'll be done; The input's the rhyme scheme, Replace B with zero and A with one

Or does it say:...

Read More →

January 19, 2018 11:10 AM

TRX on Facial Recognition Is Coming to Retail:

A local chain restaurant has been using facial recognition for several years now.

I usually visit them with a friend, once every month or so. Their usual waitress turnover is two to three months, so even if we get the same waitress every time, we don't see her every time.

I order my meal with various substitutions and deletions due to food allergies. I always pay cash, so they don't have my name... but several times I've started to place my order, and the waitress would rattle off the rest of it and ask, "same again?"

Okay, they have a surveillance system; it's...

Read More →

January 19, 2018 10:54 AM

65535 on Jim Risen Writes about Reporting Government Secrets:

@ Tatütata

“The epilogue sequence is played on a Teletype model 35 a machine initially developed for the Bell System around 1960. It too ran a 5-bit based service at 45 baud, until all machines were replaced in one day with a new service called "TWX", using an 8 bit code running at 110 baud. The TWX code was eventually standardized as *the* ASCII.”

I agree with the trust of your post.

That 110 baud is fairly fast compared to the v90-v91 limited to 56k by rules… if we are talking about equivalent rates in the late 80s baud to the 60s-70s baud range.

‘From...

Read More →

January 19, 2018 10:49 AM

Ratio on Fingerprinting Digital Documents:

@Wael,

I have ‍ and ‌ as A and B, because the code starts with “ZWJ ZWJ ZWNJ ZWNJ”. You said to “replace B with zero and A with one”, but I use A → 0 and B → 1. (That’s how I ended up with the first four bytes I gave above.)

This is before I get to gibberish:

7CzVhqvZZnkzXwlO3FF9bd7bv9dS3ydl+DmJHhZoO8Vfmgp6kd23qISfDAehc9F79ONwCKDAYjHFnZ5odq0JC2M1i8o4XUyGC3fv2dsbYzadP6zlL+aPQvAv6GC5h5YfE7BuGjOahID1OFZKDAyOkAps1O/8xj61/mfQXnWEXIZ9frvytVWD+PPSJfFgdVSPUV9GKgtvQuj+zbnspsKLufLtsuAymxHRN1dxDTB8hww=
...

Read More →

January 19, 2018 10:42 AM

Craig on Security Breaches Don't Affect Stock Price:

This kind of data is really helpful when assessing risk. The impact of a data breach does not include reputational harm or decrease in market value---losses in those areas have proven to be exaggerated. This is another data point to confirm that.

The real impacts are in incident response costs, regulatory fines, and legal fees.

As security professionals, we need to be realistic when assessing impacts and not spread FUD if we want to help our organizations make informed risk decisions.

January 19, 2018 10:34 AM

keiner on Security Breaches Don't Affect Stock Price:

@Who?

As a usual user: How to care for hardware buds? TINA! AMD only in part, but mostly no machines available...

And then there is funny software from Intel/MS etc. giving "green light" when you install a MS update. Or a fresh browser. Or a BIOS update. Band-aid to help a ripped-off head---

People only care if their HDD/SSD is suddenly encrypted by a trojan or the bank account is suddenly empty. Otherwise hardly anyone hardly ever cares.

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.