Recent Comments


Note: new comments may take a few minutes to appear on this page.

April 21, 2019 1:23 AM

MarkH on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

@Clive, @Who:

I suspect that the author of the Spectrum article may be out of his own league. There are numerous precedents for pleasure pilots overestimating their understanding of jet transport operations. In any case, he seems to have gotten at least some of the facts wrong.

Focusing on claims and conclusions:

• All practical aircraft have some degree of aerodynamic instability. The 1903 Wright flyer (which achieved the historic "first flight") evidences pitch instability in the films the Wright brothers made of their tests. As common sense suggests,...

Read More →

April 20, 2019 9:40 PM

Anders on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

Heads up - today, 21 April is second the round of the Ukraine presidential election.

Russia has meddled with US elections, now it is meddling with Ukraine elections.
From this election depends whether Russia gets Ukraine for free on the silver platter or not.

April 20, 2019 7:39 PM

Clive Robinson on China Spying on Undersea Internet Cables:

@ POPWeasel,

That IS what is needed.

You've left out the words 'some of" after "IS".

There are other areas than encryption and traffic analysis you need to mitigate.

Firstly is "system transparancy" it's a symptom of "efficiency-v-security". Put simply the more efficient you make a system the more transparent it becomes. In effect you "open up the bandwidth" to things like covert side channels. As an example from Mat Blaze, network protocols can end up sending individual keypresses as network packets. Due to the way users work their...

Read More →

April 20, 2019 7:05 PM

David on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

@A90210

On Assange

Notice that Manning and Assange are both in jail. Our little mockingbird in Moscow is next, and he can surely sense that his noose is being lowered.

It would be interesting to know how much money the U.S. has spent in bringing Assange down, and to whom some of that enormous sum went in fat paper bags. If you were to weigh one million U.S. dollars in one-hundred dollar bills, you would discover that it comes to about twenty-two pounds.

Remember that photo of the Ecuadorian president eating lobster for breakfast in a European hotel? It is...

Read More →

April 20, 2019 6:48 PM

Clive Robinson on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

More bad news about Boeing.

It appears that the 737Max is not the only safety SNAFU Boeing has.

The 787 Dreamliner also has manufacturing issues that some consider safety critical production system defects,

https://www.nytimes.com/2019/04/20/business/boeing-dreamliner-production-problems.html

So this is the second bad news story and effects areas unrelated to the 737Max, which is worrying. Because if they were related then it would indicate a failure at one...

Read More →

April 20, 2019 4:54 PM

A90210 on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

"Was Julian Assange subject to mind games by the Ecuadorian regime?"

https://theintercept.com/2019/04/15/julian-assange-health-medical-care/

"While the British government and Assange’s many critics say that it was his choice to stay in the embassy, [Sondra] Crosby [ an associate professor of medicine and public health at Boston University and an expert on the physical and psychological impact of torture ] argues that Assange was denied the fundamental right to health care that should have...

Read More →

April 20, 2019 4:41 PM

Hellabout on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

@clive

that indictment of @malwaretech is damning. Many people were saying it was a case of government overreach, that he was just studying malware, etc. etc. That is most certainly not what he plead guilty to. What he plead guilty to was trying to digitally rob banks and then cover his tracks by working with a partner. I have to wonder if @emptywheel is going to admit that she was wrong.

April 20, 2019 4:06 PM

A90210 on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

More positive news

https://www.eff.org/deeplinks/2019/04/victory-house-representatives-passes-net-neutrality-protections

"In a vote of 232-190, the House of Representatives passed the Save the Internet Act (H.R. 1644) [9 April 2019]. This is a major step forward in the fight for net neutrality protections, and it’s because you spoke up about what you want."

Now its up to McConnell, other Senators, and, perhaps, us, and/or others you know, contacting...

Read More →

April 20, 2019 4:02 PM

G. The False Prophet on A "Department of Cybersecurity":

Making government stronger does not help you when the time comes... as all have before in history and as all will in the future... for that government to fall; this is objective certainty, and it is only humans that live on. Making government stronger only makes their respective and inevitable endings that much harder suffering for everyone to live through.

The solution is seek solutions beyond governments.

Youtube Search: Keith Knight, Larken Rose, Mark Passio

April 20, 2019 3:55 PM

A90210 on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

@Clive Robinson

"Utah ban warrantless digital searches
As some know, in what is potentially good news, ..."

From your Forbes Utah link above:

"In a major win for digital privacy, Utah became the first state in the nation to ban warrantless searches of electronic data. Under the Electronic Information or Data Privacy Act (HB 57), state law enforcement can only access someone’s transmitted or stored digital data (including writing, images, and audio) if a court issues a search warrant based on probable cause. Simply put, the act ensures that search engines,...

Read More →

April 20, 2019 3:06 PM

POPWeasel on China Spying on Undersea Internet Cables:

Full line rate link encryptors on every physical link...
- on by default
- keyed per link
- perfect forward security
- regular rekeying
- line rate silicon affords best traditional crypto xor with
- best post quantum algorithm
- thus modular agility only as ranked backup plan via chip socket
- no cleartext or other fallback
- full time line rate chaff fill in MACPHY before crypto, dynamically yielding to wheat traffic demand of upper layer, no more traffic analysis
- link, crypto, and fill anomaly detection
- IETF...

Read More →

April 20, 2019 2:14 PM

The Pull on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

@lurker

On html instead of plaintext, clicking on links, etc... 20 years ago, versus today...

20 years ago I was, admittedly, a vigilante hacker. I created the first suite of html trojans. I released these as proof of concept tools, partly for deniability. But, I also felt the government was not playing hardball with pedophiles and neo-nazis as they should. So, I did a batman thing.

Hacktivismo was my AA.

Everything was html, and we could own entire groups of bad guys simply by sending a single email or usenet post.

So, you were right in...

Read More →

April 20, 2019 2:07 PM

The Pull on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

@Mike Ackers, and any interested parties

"we focus heavily on the activities of these "Computer Hackers". In that we are focused on the symptoms. The cause is INSECURE SOFTWARE and poor or non-existent security practices."

I can't help but put this in context of the 2020 election process. Russia really dared do a number on the US in 2016. What will they do, and what have they been doing this election cycle?

In this case, the issue very much is the people and resources a government brings to the table in regards to hacking.

I agree with analysts who state...

Read More →

April 20, 2019 1:47 PM

WTTCL(AGCL) on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

SECURITY

Please beware of images and/or digital (or non-digital) vandalism or litter used to incite hostilities. Nevertheless, also please be AWARE that OTHER similar and DIFFERENT images and/or digital (or non-digital) vandalism EDITs or litter EDITs are NOT used to incite hostilites, and could convey or communicate just about anything else.

Last but not least, beware of alleged lyrical transcribings.
The results tend to vary wildly for a very large list of reasons, too complex to explain at this time in the small formspace allowed.

Here is an...

Read More →

April 20, 2019 1:40 PM

SpaceLifeForm on New DNS Hijacking Attacks:

@Pickle Rick

The "Right Answer" is to eliminate DNS.

Yep, not trivial.

But, it used to be that way.

Bang!Path!Routing


April 20, 2019 1:08 PM

gordo on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

Federal Facebook investigation could hold Zuckerberg accountable on privacy, sources say
By Tony Romm, The Washington Post, April 19, 2019

Federal regulators investigating Facebook for mishandling its users’ personal information have set their sights on the company’s chief executive, Mark Zuckerberg, exploring his past statements on privacy and weighing whether to seek new, heightened oversight of his leadership....

Read More →

April 20, 2019 12:24 PM

The Pull on Iranian Cyberespionage Tools Leaked Online:

@Dennis

https://en.wikipedia.org/wiki/The_Shadow_Brokers#Speculations_and_theories_on_motive_and_identity

Whatever the case, Lulzsec was caught too, right? Only a "Japanese" member of the group with better skills then anyone there got away. Same Lulzsec who was hacking foreign embassies, which are hot spots for undercover spies. This was done while the ringleader was working for the FBI.

This story did leak, but besides Vice, and another smaller news...

Read More →

April 20, 2019 11:32 AM

A90210 on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

About the Mueller Report, I've heard:
1) the Mueller report itself, not spin on it, is better than any of the books on Trump's White House
2) at least read things like: Executive Summaries, Introductions, Conclusions in it

The Report:
a) https://viewfromll2.files.wordpress.com/2019/04/mueller-report.pdf (PDF)
b) https://www.justice.gov/storage/report.pdf (USG;PDF)

a & B both the Mueller report, but b) a searchable...

Read More →

April 20, 2019 10:51 AM

Denton Scratch on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

@Faustus

I am not a big fan of locking people up. Full stop.

Prison is a waste of money; most locked-up criminals behave worse after they are released than they were before. There are some prison regimes that take seriously the need for rehabilitation; but they are far and few. And locking people up is fantastically expensive - it's like putting them in a 3-star hotel. Completely mad.

I am also opposed to extraterritoriality. You shouldn't be subject to US criminal procedures, if the thing you're accused of was not done in the US.

April 20, 2019 9:49 AM

Faustus on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

@ Clive

I am not a big fan of locking people up, but Marcus Hutchins pretty clearly was involved in widely disseminating banking trojans and profiting from them. It is reprehensible to steal money from people like that, turning a lot of struggling people's lives upside down.

I'd say some punishment is definitely warranted, particularly so young people know the cost of such deeply antisocial crimes.

The fact that this occurred when he was younger and that he has straightened up since then seems to have been taken into account. He will probably receive a lot...

Read More →

April 20, 2019 9:47 AM

David on China Now Blocking Encryption:

China is a modern country with CNN, the Washington Post, The Boston Globe, al Jazeera, RT, The Telegraph, The Guardian, Japan Times, The Sun, etc., all available to EVERYONE. How in the world could anyone say that China is actually repressing news on any scale that could matter?

Many VPNs work like a charm in China. Some VPNs are sponsored by Chinese five-star hotels in the mainland. If you use a Wi-fi in some hotels, then you are using a VPN.

We in the West who often travel to China and know it well should inject a little balance into conversations about Chinese practices...

Read More →

April 20, 2019 9:05 AM

David on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

https://www.washingtonpost.com/technology/2019/04/19/how-whatsapp-facetime-other-encryption-apps-shaped-outcome-mueller-report/?utm_term=.a90f845d2b7a

The Washington Post talks about how encryption shaped the outcome of Mueller's investigation.

And this:

"The rise in end-to-end encryption has made collection of data from devices themselves more important for investigators."

In a way, that is...

Read More →

April 20, 2019 8:35 AM

Dennis on Vulnerabilities in the WPA3 Wi-Fi Security Protocol:

@fish wrote, "Why not use StartPage? It uses a syndicated feed to Google so the search quality is pretty good (much better than DDG), but doesn't track you."

This isn't just about Googling on the interweb. Many prime OSes have already integrated their very own advertising platforms. See how MS stocks had steadily climbed in recent years. Thanks to Mr. Gates they've gotten it right again in this new era. Next to ante this up a bit, your mobile telcos will provide hooks to serve ads. There's simply no getting out from these all-knowing advertisers.

April 20, 2019 8:18 AM

Dennis on A "Department of Cybersecurity":

@James,

Funny as it sounds, cybersecurity would not exist if the Big Brother does not warrant it thru legislations. Gone are the days they treat it as some sort of mail fraud.

April 20, 2019 8:07 AM

Dennis on New DNS Hijacking Attacks:

Telcos are also in a better position to push for merged application stacks. Some services are better served closer to the end user and closer they will get. This way the advertisers are assured to have your MACs and know exactly what/where your needs are.

April 20, 2019 7:57 AM

Dennis on Iranian Cyberespionage Tools Leaked Online:

@The Pull, "BTW, what I posted was not to occlude matters. There really is stuff which is big that does not hit the media. We can assume Russia was behind the Shadowbrokers, and can assume then, they are behind this latest attack/release of tools."

I just can't understand this line of thining when he/they were so apparently caught.

April 20, 2019 7:56 AM

Who? on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

@ Clive Robinson

From the IEEE Spectrum article:

Boeing’s solution to its hardware problem was software.

We know it does not work, as proved by the failed workarounds to rowhammer, meltdown, spectre, spoiler and so on attacks. Vulnerabilities must be fixed at the level they happen.

Hardware must be fixed at hardware level, software at software level and firmware at firmware level. Users remain mostly unfixable.

April 20, 2019 7:52 AM

Dennis on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

Re; Assange

It is my belief that it's already known these "hold up" situations are nothing more than bargaining chips for the hosting party. What do you do when you have a little something somebody else wants, you hold it and look for a deal. This is what we learned from this and previous presidencies. I'm of the few to think that 2016 election was the final straw for Mr. Assange.

April 20, 2019 7:27 AM

Clive Robinson on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

Utah ban warrantless digital searches

As some know, in what is potentially good news, at the end of last month Utah's Governor signed the "Electronic Information or Data Privacy Act" (House Bill 0057) into law. In the House vote it passed without any dissenting votes.

https://le.utah.gov/~2019/bills/static/HB0057.html

From what has been said this closes the loop hole in the 4th Amendment that many and especially the FBI have tried to force many cases of what would be illegal searches of paper...

Read More →

April 20, 2019 5:42 AM

Clive Robinson on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

@ Bruce and the usual suspects,

The PDF Association has released a report on the security asspects of an officially released document that was done in a way that conflicts with the correct legal procedure for doing so (ie requirment for disability access).

In essence they went for the next nearest thing to "Paper Paper never data" they could and still end up with a PDF, many many times bigger and actually of lower quality and usability, than a properly printed docunent.

It's a worthwhile read and although it covers a number of things mentioned on this blog in the...

Read More →

April 20, 2019 4:59 AM

Clive Robinson on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

Dunning-Kruger at Boeing?

From the IEEE, a pilot and software developer's view on the 737Max tragadies,

https://spectrum.ieee.org/aerospace/aviation/how-the-boeing-737-max-disaster-looks-to-a-software-developer

As he notes of the software engineers at Boeing,

    The people who wrote the code for the original MCAS system were obviously terribly far out of their league and did not know it.

As well as the probable reason...

Read More →

April 20, 2019 4:20 AM

Clive Robinson on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

Was Julian Assange subject to mind games by the Ecuadorian regime?

At least one of their diplomats has sad so publically,

https://news.sky.com/story/julian-assange-put-through-hell-at-embassy-says-former-diplomat-11698113

Oh and as we know "money talks" have a look at the history behind the IMF and other US backed finance organisations loans to Ecuador. Lenin is very proud of them, but most Ecuadorians have long memories of previous "loans with...

Read More →

April 20, 2019 4:19 AM

Clive Robinson on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

Was Julian Assange subject to mind games by the Ecuadorian regime?

At least one of their diplomats has sad so publically,

https://news.sky.com/story/julian-assange-put-through-hell-at-embassy-says-former-diplomat-11698113

Oh and as we know "money talks" have a look at the history behind the IMF and other US backed finance organisations loans to Ecuador. Lenin is very proud of them, but most Ecuadorians have long memories of previous "loans with...

Read More →

April 19, 2019 6:54 PM

lurker on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

@Mike Acker

it's too easy for phishing messages with included hot-links to re-route customer to bad places.

At the risk of sounding like a boring old fart I have to say it's been going on for a long time; 20 years ago in another place I had problems explaining to people higher up the pecking order than me, why I could not just put a clickable link in an email for them to watch an in-house video. a) my email client was plaintext, so I never clicked anything, b) they were being kept partly safe by corporate IT security scrabbling to update the...

Read More →

April 19, 2019 6:48 PM

Clive Robinson on New DNS Hijacking Attacks:

@ EvilKiru, Sancho_P,

Your ISP probably doesn't care if you run your own DNS server and is even less likely to care who uses it,

Whilst that may once have been true, some ISP's see there is money to be made from knowing what your DNS searches are.

It's kind of getting to the point where any information nomatter how limited, or how daft it appears to be to collect it, somebody somewhere will and try to moniterise it...

April 19, 2019 6:35 PM

Clive Robinson on Vulnerabilities in the WPA3 Wi-Fi Security Protocol:

@ fish,

I use Tor to reduce the tracking done by Google (yes, they block it sometimes, which is a shame).

Google are not the only ones to block Tor... Certain broadband mobile suppliers also prevent not just Tor but other VPN services...

Even though I am known for a dislike of Tor[1] I would use it or even a --very limited-- number of VPN services, to do a subset of things I do.

With regards,

Why not use StartPage? It uses a syndicated feed to Google so the search quality is pretty good (much better than DDG), but doesn't...

Read More →

April 19, 2019 6:04 PM

Sancho_P on New DNS Hijacking Attacks:

@EvilKiru

Right, bad enough, but it seems LE don’t bother to investigate even after the fact?
Offer copyright protected files, CP or hate speech and they are there!

April 19, 2019 4:52 PM

Mike Acker on Friday Squid Blogging: New Squid Species off the New Zealand Coast:

we focus heavily on the activities of these "Computer Hackers". In that we are focused on the symptoms. The cause is INSECURE SOFTWARE and poor or non-existent security practices.

e/mail is one of the biggest offenders, perhaps the biggest: messages are often written in HTML format and then include notes to "click here to access your account".

these links, -- for customer convenience -- are not a good idea

the e/mail should just tell the user to log onto his or her account if there is something that needs attention. it's too easy for phishing messages with...

Read More →

April 19, 2019 4:38 PM

EvilKiru on New DNS Hijacking Attacks:

@Sancho_P: Your ISP probably doesn't care if you run your own DNS server and is even less likely to care who uses it, unless your DNS traffic exceeds your bandwidth allowance.

April 19, 2019 3:15 PM

cura scurry on Iranian Cyberespionage Tools Leaked Online:

So that the context of this 2019 April 4th web article DE-ESCALATES properly (peacefully):

Please study the following weblink's linked human-readable content. Please study it last entry to first entry if you please; it's decent in text form.

oathkeepers.org / declaration-of-orders-we-will-not-obey /

I hope your (plural) filter bubble(s) and my filter bubble (singular) still present the same data which seems to me to be still quite normal and decent and proper and appropriate and peacefully pragmatic.

Thanks.

April 19, 2019 2:55 PM

not another backhanded 2s complement on Friday Squid Blogging: Detecting Illegal Squid Fishing with Satellite Imagery:

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:::: Security Recommendations :::::::::::::::::::::::::::::::::::::::::::::::::::::
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: consider interoperability complexity :::::::::::::::::::::::::::::::::::::::::::::
:: always check the copyright dates :::::::::::::::::::::::::::::::::::::::::::::::::
:: avoid those who avoid the manuals :::::::::::::::::::::::::::::::::::::::::::::::::
:: manually proofread yours...

Read More →

April 19, 2019 2:22 PM

The Pull on Iranian Cyberespionage Tools Leaked Online:

@ mod

Feel free to email my given email, and I can prove this is me. I did not come out as Laird Brown did. But, simply providing my linkedin should be sufficient evidence. As the evidence is there.

I would think what we did in Hacktivismo was a goal you would be aligned with.Likewise, I still work towards those goals -- and always have.


@Snider

BTW, what I posted was not to occlude matters. There really is stuff which is big that does not hit the media. We can assume Russia was behind the Shadowbrokers, and can assume then, they are behind this...

Read More →

April 19, 2019 1:29 PM

The Pull on Iranian Cyberespionage Tools Leaked Online:

@Snider

Your second statement holds true with the NSA toolkit leak, as well.

Problem is, their motives very likely would not be the motives you may think they are. Could the Iranian tools leakers be the same as the NSA tools leakers. That certainly is a very far fetched possibility. But, it is hard to explain the motives of the leakers beyond coincidence.

It certainly does not appear American, because of the NSA leak. Unless the NSA leak did not really give away anything.

It is hard to say what might be going on in "deep state" USA. Or, deep state, in any...

Read More →

April 19, 2019 12:56 PM

Ross Snider on Iranian Cyberespionage Tools Leaked Online:

Forgot to note: speculation at this time, but this could be another spy agency doxxing another spy agency. If that's the norm, I welcome it for the reasons in the above comment, even if its also mixed with other geopolitical objectives.

April 19, 2019 12:54 PM

Ross Snider on Iranian Cyberespionage Tools Leaked Online:

This is fascinating. First US tools, now Iranian.

While in the short run these are painful for espionage agencies and the governments utilizing them ultimately in the long run I think these leaks are important to the transparency we all need to understand the security of the world we live in and the relationship we as citizens have with those who govern.

And now to dive deep and see if there's any juicy cyberweapons. :)

April 19, 2019 9:05 AM

Ludovic F. Rembert on Heartbleed:

Heartbleed seems like a distant memory by now... but at the time it affected our entire group at Symantec. We were all using an enterprise version of Cisco's OpenVPN at the time (OpenSSL-based), and immediately had to test our entire network for any vulnerabilities enabled by the bug as both Cisco and Juniper VPNs were affected - https://www.zdnet.com/article/cisco-juniper-products-affected-by-heartbleed/

Coincidentally, my wife was using...

Read More →

April 19, 2019 8:22 AM

Ludovic F. Rembert on Someone Is Learning How to Take Down the Internet:

We've seen an increase in client inquiries around DDoS attacks (for Canadian) SMEs in the latter part of Q1 and into Q2 this year. Already the number of inquiries has surpassed the total ransomware- and malware-related inquiries combined for 2018. We've cataloged the attacks in a report here - Canadian Cyber Security Risks in 2019. I'm not sure if this is another uptick or just a general increase, but the trend is alarming.

April 18, 2019 11:50 PM

James on A "Department of Cybersecurity":

I don't think Mr. Schneier was pushing for a new large Government Department. All I took from it was He was glad they were at least talking about it. I'm glad too. Problem is most people in Government are like me and have no clue about how everything works. I like reading His Blog and follow as much of it as I can. People don't like to talk about things they don't understand.
The main problem with all this is 99% of the population are just LAZY. We want everything done for us. Why in hell would you hook your Microwave or Toaster to the internet anyway? We, as a population needs...

Read More →

April 18, 2019 9:13 PM

witness on NSA Morale:

There is zero oversight about the FTC/FCC allowing ATT to defraud customers, thereby permitting customers abuses, distress, etc., and ZERO attys are addressing this permissive government fraud and abuse of civilian accounts they have singled out! Shame on the Dept of Commerce!

April 18, 2019 8:47 PM

fish on Vulnerabilities in the WPA3 Wi-Fi Security Protocol:

@Clive Robinson

I use Tor to reduce the tracking done by Google (yes, they block it sometimes, which is a shame). With the security slider set to high, JavaScript is also disabled which reduces the risk of biometric fingerprinting ("real-time search" or whatever they call it).

Why not use StartPage? It uses a syndicated feed to Google so the search quality is pretty good (much better than DDG), but doesn't track you.

April 18, 2019 5:03 PM

Sancho_P on New DNS Hijacking Attacks:

What I do not understand here:

”In most cases, the attackers appear to have changed the DNS records for these domains (we’ll get to the “how” in a moment) so that the domains pointed to servers in Europe that they controlled.” (https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/)

So they changed e.g. the Lebanon based IP 194.126.10.18 to 139.59.134.216 which is based in Germany?
One of my servers is also based in Germany and shares the IP with 3 other businesses, but I guess my service provider knows exactly who is...

Read More →

April 18, 2019 4:03 PM

Anon E. Moose on New DNS Hijacking Attacks:

Is nothing sacrosanct these days? sheesh. Do I need to cache the DNS servers to protect my people from nation-state attacks? And monitor then changes?

Also, are these guys from Hawaii with the SeaTurtle moniker?

April 18, 2019 2:50 PM

albert on New DNS Hijacking Attacks:

"...Albania, Armenia, Cyprus, Egypt, Iraq, Jordan, Lebanon, Libya, Syria, Turkey, and the United Arab Emirates...."

This is indeed an interesting choice of countries....

. .. . .. --- ....

April 18, 2019 2:46 PM

albert on A "Department of Cybersecurity":

One doesn't make bureaucracies better by making them bigger. The US government is a -massive- top heavy bureaucracy, populated by -mostly- paper-pushers riding the taxpayers dime. The best analogy is a tollway, which, once the new road is built, never goes away.

A "Department of Cybersecurity" will likely fail, because it will be expensive to set up, other departments won't spend the money necessary to implement fixes, and private companies continue to resist computer and network improvements. If a DoC have teeth, it might improve -government agencies- computer security, and...

Read More →

April 18, 2019 1:35 PM

justinacolmena on A "Department of Cybersecurity":

I have long been in favor of a new federal agency to deal with Internet -- and especially Internet of Things -- security. The devil is in the details, of course, and it's really easy to get this wrong.

Oh, of course. Now how do you expect the new NSA that you propose to be any better or different than the old NSA?

Wouldn't the same old federal employees essentially be doing the same jobs as they were before, only at the new federal agency?

They already have all their top secret clearance paperwork in order, after all, and the Office of Personnel...

Read More →

April 18, 2019 12:01 PM

Pickle Rick on New DNS Hijacking Attacks:

Neither CAA nor DNSSEC are the "right answer". They help, sure, although they are more server-side settings. This is really more a client-side attack.


Use of HTSTS perhaps in combo with DNSSEC is closer to the "right answer", but is still far from ideal, and doesn't address a number of issues that are basically related to the problem of trusted key distribution and zero-knowledge trust.


The "Right answer" is unfortunately to redesign DNS, name resolution (and other related traffic routing, eg BGP) services with built-in security included. We built this...

Read More →

April 18, 2019 11:56 AM

Mike D. on New DNS Hijacking Attacks:

Also half-baked stuff like this doesn't help:

Route 53 supports DNSSEC for domain registration but does not support DNSSEC for DNS service. If you want to configure DNSSEC for a domain that is registered with Route 53, you must use another DNS service provider.

April 18, 2019 11:53 AM

Mike D. on New DNS Hijacking Attacks:

@Cormacolinde: CAA records, unfortunately, depend on all CAs actually honoring them. They don't save you from a CA's intermediate certificate getting compromised: IIRC TLS doesn't check for CAA records itself, just that the certificate traces back to a trusted root.

@Sok: And nothing is signed because nobody checks the signatures.

April 18, 2019 10:55 AM

kimperly on Can the NSA Break Microsoft's BitLocker?:


Transparency is the key in business and human dealings, i got wizardcyprushacker@gmail.com email, on here thinking that he was one of these fakers but to my surprise he turned out to be the realest i have ever met, i hired him for two different jobs and he did both perfectly. If you are still contacting unethical and fake hackers then you will be a clown after seing me drop this comment about a true hacker..Goodbye……

April 18, 2019 9:40 AM

Petre Peter on A "Department of Cybersecurity":

Assigning responsibility through this new department puts us on the right track. Onboarding though, could mean the breakup of existing agencies.

April 18, 2019 9:21 AM

Sok Puppette on New DNS Hijacking Attacks:

Many CAs that do domain-based validation could be fooled too.

Basically any commercial CA would be fooled by a sustained successful attack. Certs aren't worth the paper they're not printed on.

The right answer here is DNSSEC, but inertia and FUD have kept it from being deployed. At the moment it doesn't even help to sign your zone, because almost nothing checks it. The main value from signing is to counter whining idiots who won't write code to check signatures because "nothing is signed anyway".

The most important pressure point here...

Read More →

April 18, 2019 8:02 AM

Cormacolinde on New DNS Hijacking Attacks:

I’ve been thinking about how to block these attacks for a while now and at least you need to do the following to detect and limit your exposure:
- Monitor your DNS! Make sure you monitor your NS glue records and other critical records.
- Create a CAA record to prevent someone using a different CA to get certificates.
- Use DNSSEC to sign your DNS zone.

But in order to protect yourself from this kind of attack completely, you might be better using an internal CA for all internal systems, and use certificate pinning.

And obviously some sort of tunneled DNS...

Read More →

April 18, 2019 7:04 AM

Hydroplane on New DNS Hijacking Attacks:

I wonder what the impact of TLS wound have on this 'operation.' If clients (browsers) expect a site to use HTTPS, then just because the name resolves to a particular IP address, doesn't mean it trusts the site. Sadly, there are a few holes in this idea. Many CAs that do domain-based validation could be fooled too. Some other CAs could 'cooperate' with 'authorities' (willingly or not-so-willingly). Projects like the SSL Observatory would (hopefully) help detect such collusion. Everything in this smells like a nation-state actor is behind this operation. Spies are going to spy, and...

Read More →

April 18, 2019 5:43 AM

Clive Robinson on Friday Squid Blogging: Detecting Illegal Squid Fishing with Satellite Imagery:

@ Alejandro,

Crazy like a fox?

In the case of "FireFox" crazy like a stalking serial killer,

https://www.zdnet.com/article/former-mozilla-exec-google-has-sabotaged-firefox-for-years/

So Google Chrome is becoming the new "In the net Exhorer" being pimped in ways that are probably illegal in places like the EU.

So Micro$haft becomes like Giigle and Giigle becomes like Micro$haft...

Why don't they just produce an...

Read More →

April 18, 2019 4:49 AM

1&1~=Umm on A "Department of Cybersecurity":

@AL @OMG:

"Courthouse News specialty is reviewing legal documents, such as affidavits and court cases, not technical matters."

Whilst that may or may not be true @OMG's point of,

"Dear Courthouse News. You need a new reporter"

Still stands, actually go back and read the article again, because it realy does contain gibberish, that did not originate out of an FBI affidavit, but I assume the reporter's mind.

But as for the Feds, I would start with the position that 'They lie to Courts because they know they will not get sanctioned', --esspecialy in...

Read More →

April 18, 2019 1:51 AM

Chris Becke on CAs Reissue Over One Million Weak Certificates:

Moores law means the effective strength of any hash or key halves every 18 months anyway. So every 18 months sees a virtual 1 bit bitrot of all existing keys.

April 18, 2019 12:18 AM

Clive Robinson on China Spying on Undersea Internet Cables:

@ ,

What's more interesting, was the development by the USN of the capability for divers to work on the seabed under pressure for extended periods.

I think I've mentioned before I was involved several decades ago with a similar capability development by the UK. Supposadly it was to get productivity in the North Sea oil industry up.

It became clear by the way they did not want some problems investigated, was because lowering a diving bell from a submarine does not have the same issues as doing it from a surface vessel.

Part of the testing...

Read More →

April 18, 2019 12:02 AM

CGW on How Political Campaigns Use Personal Data:

      In 1964, Eugene Burdick (the co-author of The Ugly American and Fail Safe) published a prescient book: The 480, a political novel dealing with slicing and dicing the American electorate into 480 categories. As noted in The New York Times book review, "The title itself is taken from a concept formulated by a reallife enterprise, the Simulmatics Corporation. On the eve of the 1860 [should be 1960]...

Read More →

April 17, 2019 10:54 PM

- on Tracing Stolen Bitcoin:

@ Moderator,

The above four, "Krebs Anthony", "Adib becca", "Andy" and "Harry Heaton" are unsolicited service advertising.

April 17, 2019 10:47 PM

Clive Robinson on Vulnerabilities in the WPA3 Wi-Fi Security Protocol:

@ fish,

The reason for dropping Google is their now absolute insistance that you be "data raped" by them.

Prior to this you used to be able to use Google with Javascript and cookies turned off.

Yes unless you went through a VPN they could still track you but it was not as invasive.

But also working with broadband mobile Google sending several packets for each key you press, takes a very big chunk of a dataplan for absolutly no good reason. Also it alows them to do biometric identification by both your typing cadence and any spelling error patterns you might...

Read More →

April 17, 2019 10:31 PM

- on Blockchain and Trust:

@ Moderator,

The two above from "Owen Susan" and "Cindy" are unsolicited service advertising.

April 17, 2019 8:36 PM

meta.x.gdb on TajMahal Spyware:


This is the kind of persistent exploit that itself can be the target of a piggy back exploit, or a full take-over. I mean, how hardened against attack is the typical exploit code back door? Sort of how easy it is to hijack an IoT that is already running Mirai. You don't need to write a Mirai exploit. You let Mirai carry the huge catalog of exploits, then you come in after and sniff out Mirai devices and bust into them and add them to you own botnet.

April 17, 2019 8:11 PM

Joe on A "Department of Cybersecurity":

@Anon E. Moose
I agree totally! And I would just add "Quis custodiet ipsos custodes?". I don't trust any of them!

April 17, 2019 7:19 PM

Gorn on A "Department of Cybersecurity":

Cut out the middleman and just militarize NASA. Giant lasers etc.

Trump is an abject fool, there are several military-adjoined agencies that handle space already. You can't "put boots on the ground" there, there's no there! The international space station is the grand extent of nearby "conquerable" territory, and low Earth orbit is already whizzing with random chunks of metal from the recent pastime of blowing things up. It doesn't make sense to use anything but robots anyway, humans are just extra luggage in space and especially so for any kind of military mission....

Read More →

April 17, 2019 4:59 PM

Rj on A "Department of Cybersecurity":

@AL: " Similarly, I think "Spaceforce" should be handled by the Airforce."

No, the Navy gets space. Reason: There is no air up there, just like there is no air around a submarine. The Air Force gets the air.

April 17, 2019 2:51 PM

AL on A "Department of Cybersecurity":

@OMG
This thing about rainbow tables came straight from the FBI affidavit. Courthouse News specialty is reviewing legal documents, such as affidavits and court cases, not technical matters. Insofar as the technical matter is concerned, the FBI affidavit did discuss the forensics, such as matching the LM hash found in the jabber chat with one on the system that Manning was allegedly trying to hack.

If there is an issue with someone who knows about cracking passwords, that lies entirely with the F.B.I. So, if after reading the affidavit, you think the F.B.I. is...

Read More →

Sidebar photo of Bruce Schneier by Joe MacInnis.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.