Recent Comments


Note: new comments may take a few minutes to appear on this page.

August 22, 2019 6:24 AM

Clive Robinson on Modifying a Tesla to Become a Surveillance Platform:

@ Bruce,

I don't think,

    Kain says the intent is to offer a warning that someone might be preparing to steal the car, tamper with it, or break into the driver's nearby home.

That will end up being the real use, a couple spring to mind.

Firstly and most obviously and an aspect that should also be mentioned is it is going to be a usefull tool in the "anti-stalker" armoury. So a "celeb-market" is already waiting for it.

As for a second market, let's put it this way, potentially this is one of the strongest "anti-surveillance" devices in...

Read More →

August 22, 2019 5:57 AM

office.com setup on Surveillance as a Condition for Humanitarian Aid:

Many of the errors are pretty much easy to solve because they are labeled with an error code. But some errors show no error codes, and they are hard to solve. “An error has occurred” is one of those errors and doesn’t have any error code. In this article, office setup will discuss how to fix this issue on your PlayStation.

August 22, 2019 5:38 AM

Clive Robinson on Google Finds 20-Year-Old Microsoft Windows Vulnerability:

@ tfb, Jeff,

Whenever I hear someone talking about unixoids having a 'stronger security model' I want to hit something.

This has been going on for at least as long as the 286 Processor has existed...

The thing that history teaches us in ICTsec is,

    The less market share an OS has the less likely it is to be generally[1] attacked.

Which if you think about it is the malware writers/developers sensibly putting their effort where it potentially has the best ROI for them. So not just "low hanging fruit" but "biggest orchard" as...

Read More →

August 22, 2019 4:33 AM

Alex Security, on Influence Operations Kill Chain:

@VinnyG

How would you describe the type of disinformation campaign perpetrated by mainstream media during 2016 election cycle? There were an endless demonstration of republican president elect Trump thru out-of-context quotes and pictorial parodies to villify his position on various subjects. On the other hand, the Clintons were given a free pass despite their various failures. Truth is crack and distrust of the "establishment" exists for a good reason because they've become awful at their doings.

August 22, 2019 4:12 AM

Alisha Baker on Hiring Hackers:

My name is Alisha Baker and for almost 2 years now, I have been fighting and disputing with all 3 of the major credit reporting bureaus Experian, Equifax and Trans Union about many derogatory items that are appearing on my credit reports that do not belong to me or have I ever associated with as I was a victim of identity theft. I have faxed and emailed to all of them the mandatory documentation and everything else however, they keep coming back with removing absolutely nothing. I hired 2 credit repair agencies, Lexington Law and credit repair .com and again that was a waste of time and...

Read More →

August 22, 2019 4:07 AM

Jack on Influence Operations Kill Chain:

" Find the cracks in the fabric of society­ -- the social, demographic, economic, and ethnic divisions. "

Here the author makes the assumption that those in charge of government policies (congressional committees, think tanks, special envoys appointed by the president, etc.) are benevolent in their endeavors, which is a glaring falsehood.

These cracks in our "society" exist as designed to make exploits possible by those in charge. These so-called foreign "adversaries or "influence operations" are exploiting the same cracks that were intentionally designed. This is the...

Read More →

August 22, 2019 3:50 AM

ATN on Google Finds 20-Year-Old Microsoft Windows Vulnerability:

I was wondering why this PC of a friend had Pinyin support installed, I removed it few weeks ago because such PC never had contact with any other input/output than Roman alphabet.
Never fix a bug which is not actively exploited?

August 21, 2019 11:54 PM

cliff on Friday Squid Blogging: Robot Squid Propulsion:

How Flat Earthers Nearly Derailed a Space Photo Book
https://www.nytimes.com/2019/08/14/science/nasa-flat-earth.html

About 24 hours after the ads were approved, he got a notification telling him the ad had been removed. He resubmitted it... The explanation given: He had run “misleading ads that resulted in high negative feedback.”

He understood that it was Facebook’s algorithm... The best clues he could find came in the comments under the ads... There were phrases such as “The...

Read More →

August 21, 2019 11:46 PM

Rachel on Friday Squid Blogging: Robot Squid Propulsion:

SpaceLifeForm

But maybe enough charge to leak keys via a hidden embedded radio.


Thanks for your dicussion. This has long been a query of mine and I am led to believe many wondered if Snowden disclosures docemented what is, effectively, supply chain poisoning, with any reliability.

Clive Robinson had previously discussed the ease with which a GSM radio could sit upon a IC on a motherboard for airgapped covert cellular comms of keys, and impossible to detect with a Robinson Mach 1 Eyeball(tm) (visual inspection)

The French television series...

Read More →

August 21, 2019 9:22 PM

Alyer Babtu on Influence Operations Kill Chain:

The way out of the maze of twisty passages all alike and all different is to recognize the principle of subsidiarity, what can be done by a lower power should not be done by a higher. This means local discussion and a hierarchy rising as the domain of the goods involved becomes more general. And it seems perhaps impossible to honor this in large scale polities such as modern states. Technology plays no essential role here, or exacerbates the problems. Likewise most large news organizations.

August 21, 2019 9:01 PM

Sed Contra on Google Finds 20-Year-Old Microsoft Windows Vulnerability:

@Petre Peter

good for consumers.

Seems unlikely, as both competitors are successful treating consumers as product, rather than serving their best interests, and whoever were to win will just be that much better at it.

August 21, 2019 8:33 PM

Ismar on Google Finds 20-Year-Old Microsoft Windows Vulnerability:

“Capture The Flag” in Service that provides multilingual support - doesn’t get better than this for getting all sorts of ideas why this vulnerability might have stayed in Windows for such a long time

“The full writeup of Ormandy's findings is fascinating and incredibly technically detailed. The TL;DR version is that Microsoft's Text Services Framework, which is used to provide multilingual support and has been in place since Windows XP, includes a library called MSCTF.DLL. (There's no clear documentation demonstrating what Microsoft intended CTF to stand for, but with the release of this ...”

August 21, 2019 7:46 PM

Clive Robinson on Friday Squid Blogging: Robot Squid Propulsion:

@ Anders,

They don't share them with just anyone :) Of course there's a chance that Silence steal them, but i doubt that :)

If you think about it APT28 shared with many people not least their targets.

In turn their targets shared with others like the AV vendors repositories.

As we know various states, keep a very carefull eye on what goes by on it's way into those repositories, keeping what you might call "Personal copies" of such traffic is very much part of various agencies missions.

You realy would be surprised just how far and...

Read More →

August 21, 2019 7:37 PM

Antistone on Influence Operations Kill Chain:

> "Much sharing of fake news is about social signaling, and those who share it care more about how it demonstrates their core beliefs than whether or not it is true."

I realize that changing human behavior is really hard and so we might want to focus on solutions that don't require it. However, I think we ALSO really ought to make a conscious push to evolve our culture toward a point where this is considered socially unacceptable.

The indiscriminate spread of misinformation causes significant harms to society. There are plenty of alternative ways to send social...

Read More →

August 21, 2019 5:55 PM

Anders on Friday Squid Blogging: Robot Squid Propulsion:

@Clive Robinson,

Silence used some Fancy Bear (APT 28) tools previously.
They don't share them with just anyone :)
Of course there's a chance that Silence steal
them, but i doubt that :)

August 21, 2019 4:27 PM

SpaceLifeForm on Friday Squid Blogging: Robot Squid Propulsion:

@maqp

I'm not trying to denigrate TFC, at all!

I'm just thinking outside the box.

Thinking about embedded hidden radios.

That I want *inside* a box (Faraday Cage).

Got a cell phone with a removable battery?

If so, and you can do without for some time, pull the battery. Maybe in 12 to 24 hours, upon re-insert of battery, and reboot, maybe the clock will be wrong.

Maybe. My tests indicate at least 10 hours depending upon device.

Yeah, yeah, just a capacitor.

But maybe enough charge to leak keys via a hidden embedded radio.

August 21, 2019 4:17 PM

Clive Robinson on Friday Squid Blogging: Robot Squid Propulsion:

@ Anders,

Hmm the Silence Cyber criminals presumed based in Russia.

That's the problem, in that we don't know where exactly they are, their money mules are based all over the place and as of yet, there has been no statment made as to what route the money then takes and to where.

As I occasionaly point out it's the HumInt trail that we realy need pretty much every thing else is too easily subject to deception.

For instance I'm not in Russia or any ex CCCP / USSR satellite / buffer zone coubtries. However a friend up in Hammersmith West London chucks me...

Read More →

August 21, 2019 4:14 PM

Da5id on Exploiting GDPR to Get Private Information:

@TimH
Under GDPR, this info is surely unecessary data for the business operation and therefore illegally retained.

Whilst in principle this seems a reasonable assumption, it is not precise. The question is not simply about business operation, but whether a justifiable and reasonable basis and appropriate purposes for data processing have been made sufficiently clear, e.g. in a privacy notice, and whether data processing is consistent with the stated purpose(s).

There is no blanket definition about what is reasonable. Understanding a rail user's history...

Read More →

August 21, 2019 4:01 PM

Da5id on Exploiting GDPR to Get Private Information:

@LazyJack - Thank you for the mythbusting. It bakes my noodle that GDPR is so frequently misrepresented / wilfully misunderstood.

One minor correction, you mention that part of best practice is that consent must be obtained - explicit or implied.
This is not correct.
Consent is only one of the six lawful bases for processing. See the UK Information Commissioner's Office's excellent guidance.

The remaining five lawful bases *do not*...

Read More →

August 21, 2019 3:54 PM

gordo on Influence Operations Kill Chain:


China: Surviving the Camps
Zha Jianying, NYR Daily

Provincial Party Secretary Wang Yilun, being criticized by Red Guards from the University of Industry and forced to bear a placard with the accusation “counterrevolutionary revisionist element,” Harbin, China, August 23, 1966

By now, it has been nearly forty years since the Cultural Revolution officially ended, yet in China, considering the magnitude and significance of the event, it has remained a poorly examined, under-documented subject. Official archives are off-limits. Serious books on the...

Read More →

August 21, 2019 3:33 PM

tfb on Google Finds 20-Year-Old Microsoft Windows Vulnerability:

@Jeff Whenever I hear someone talking about unixoids haveng a 'stronger security model' I want to hit something. Stronger than what? And the horrible possibility that not only does the thing they are purportedly stronger than exist, but that it might see significant use.

(And yes, I know about SELinux &co: that's not what I mean and I assume not what you mean.)

August 21, 2019 1:02 PM

Abnegor on Influence Operations Kill Chain:

A brief summary of the "countermeasures" (look especially at Steps 2, 5, and 6): identify people who publish views or facts you don't like and censor them and suppress those views or facts, across all platforms, and enforce the censorship with direct personal punishment.

We have already seen that the ruling oligarchy in every country, including the USA, tries to censor people and suppress inconvenient facts and views. Any mechanisms built to defeat so-called influence operations will be used first and foremost to silence opponents of the ruling oligarchy.

Bruce does not...

Read More →

August 21, 2019 12:22 PM

Impossibly Stupid on Surveillance as a Condition for Humanitarian Aid:

@Peter S. Shenkin

I agree that in a war situation, the idea of carefully validating the right of each recipient to receive aid is misplaced. Even if fraud is a huge problem, there has got to be a better way.

Maybe, but maybe not; it all depends on the details of the problem as presented. An analogous scenario might be opioid drug prescriptions. You want the right people to get what they need, but the potential for abuse in the whole supply chain might require some invasive monitoring in order to find and fix the problem. And that could include the...

Read More →

August 21, 2019 11:26 AM

MarkH on Friday Squid Blogging: Robot Squid Propulsion:

@Clive:

Russia's "Skyfall" project -- a name which seems ironic after the fact -- would be, for reasons you amply explained above, presumably be able to reach any point on the planet, and for that reason falls far outside the intermediate range category of the (now meaningless) treaty.

If it's ever fielded (I'm dubious, but who knows) it will greatly exceed the range capacity of any previous missile.
________________

What many have failed to realize about the INF treaty, is that Russia started complaining years ago about wanting to be let out of the...

Read More →

August 21, 2019 11:26 AM

Jeff on Google Finds 20-Year-Old Microsoft Windows Vulnerability:

All non-trivial software has bugs. The more complex it is and the longer it has been around makes the bug list grow.
I wouldn't be surprised if Win10 has over 10,000 critical, remote access, bugs. Probably many more for Win7, WinXP, and all prior versions.
The same applies to Unix and Linux and BSD, though the stronger security model should help prevent OS takeover.

That's my theory.

Android is a problem. I suspect it is the least secure of all the current OSes out there and getting your devices patched 1-2 yrs after purchase is nearly impossible for most people.

August 21, 2019 10:47 AM

Ross on Surveillance as a Condition for Humanitarian Aid:

It's not just poor folks in third-world countries. Lots of people here in the US have to exchange their personal health information with drug manufacturers to be able to get the medicine they need at an affordable price. What happens with that information is anyone's guess.

August 21, 2019 10:24 AM

parabarbarian on Google Finds 20-Year-Old Microsoft Windows Vulnerability:

Seems to me I saw something like this in NT. I didn't pay it much mind since I was focused on remote exploits at the time. Besides, the perception then was that Microsoft did not care much about security as long as corporations kept buying their software.

August 21, 2019 8:02 AM

VinnyG on Influence Operations Kill Chain:

@stine re:dropping Agent Orange on poppies - Don't forget that in the 1970s the US sprayed marijuana fields with dimethyl-bipyridinium dichloride (Paraquat,) which certainly did put an end to US inhabitants consuming cannabis sativa (not;>) In reality, it probably did more to reduce consumption by causing serious illness or death in people who smoked weed harvested from treated plants. I only use the caveat "probably" because I am not aware of any settled litigation over the matter on record, which I find somewhat surprising...

August 21, 2019 7:50 AM

7df0247bda1fb218407efd5f6e04bcd4 on Google Finds 20-Year-Old Microsoft Windows Vulnerability:

I bet a few bucks that the fix is not rock solid.

"Clients report their thread ID, process ID, and window handle—but there was no
verification and nothing stopping such a client from lying through its teeth to
get what it wants."

Does the patch really check in time the reported thread ID, process ID, and window handle ?
I bet not.

August 21, 2019 7:49 AM

name.withheld.for.obvious.reasons on Friday Squid Blogging: Robot Squid Propulsion:

@Clive

It's all evidence of the "Free Market" issue of "Tail spin" where the only way to make profit is to cut back on every cost possible and speed up entry into the market. And Software from logic control state machines upwards through to the highest of high level languages are all targets for "reduced cost" because "testing" has real cost and time penalties. Thus we see lots of heredity code issues from the likes of "code reuse" of previously not fully/correctly tested code.
¿

I would argue that there is a major QC problem in the technology sector....

Read More →

August 21, 2019 7:45 AM

VinnyG on Influence Operations Kill Chain:

@unlink re:can someone obtain the end of this linking ? Sure. Append the following parameters and arguments to your news.google.com search strings:
"-site:rt.com" "-site:tass.com" (etc.)
Or were you proposing that internet providers use your personal biases as criteria to prevent Google News from presenting results that otherwise meet their aggregation formulae to certain widely defined audiences? I have serious issues with Google News, to the point that I spent several months trying to "tune" Topix to be a viable replacement for me (until Topix ceased operations not long...

Read More →

August 21, 2019 7:28 AM

stine on Influence Operations Kill Chain:

How do influence operations of these types compare to the tried and true U.S. method of sending in the Rough Riders, or say, sending Marines ashore in Tripoli? What if we started dropping agent orange on the poppies in Afganistan?

August 21, 2019 4:08 AM

Ismar on Surveillance as a Condition for Humanitarian Aid:

Read the short article linked to in the Bruce’s post and completely confused as to how this is supposed to work. Aid agencies are requesting biometrics from whom- locals who distribute the aid? How is this going to help them make sure the aid is not diverted to the rebels? Can anyone please shed some light here?

August 21, 2019 3:33 AM

MarkH on Friday Squid Blogging: Robot Squid Propulsion:

More on the Russian weapons testing accident ...

In addition to the two CTBT sensor stations which went dark on 10 August (two days after the explosion), two more in other locations stopped reporting data on 13 August. By now, two of these four stations are back online.

The Russian government commented that the transmission of data from these monitoring stations is voluntary.

Presumably somebody in the Russian government prefers that the geography and intensity of radiation release not be public.

Members of the public living in the vicinity of the...

Read More →

August 21, 2019 2:22 AM

David Australia on Friday Squid Blogging: Robot Squid Propulsion:

To Knoppix

It is worth commenting on the excellent accessibility suppport offered by Knoppix, for the blind and hearing impaired. The dedicated version is called Adriane Knoppix

This page is comprehensive. I note the most recent version claims mitigations for Spectre and Meltdown vulns

https://en.wikipedia.org/wiki/Knoppix

every possible program you may need comes with Knoppix. And VLC Media Player !

August 21, 2019 1:39 AM

David Australia on Friday Squid Blogging: Robot Squid Propulsion:

Australia related

Pay ID credentials breach

https://www.itnews.com.au/news/aussie-banks-warn-customers-after-fresh-payid-data-breach-529938

For those across the ponds that have not heard of it. It's a way to instantly transfer money between financial institutions, once both parties privy to the transaction have registered either an email address or a phone number as their Pay ID. When these are exchanged, as authentication has already occurred, payment...

Read More →

August 20, 2019 11:36 PM

JA on Influence Operations Kill Chain:

Disinformation campaigns rely on a number of physiologic processes in our stress-response system. Specifically they focus on creating unease in the receiver that is reduced by the receiver acting in a manner that the purveyor of the disinformation wants. This is similar to what is done in advertising. Humans have a regrettable tendency to prefer behaviors that reduce unease rather than those that reduce difficulty. So explaining to people that their choices are not helpful is not going to get them to make different choices if the original choices reduce unease quickly.

Stress...

Read More →

August 20, 2019 9:44 PM

Alyer Babtu on Friday Squid Blogging: Robot Squid Propulsion:

@Clive Robinson @ Petter

the random

A caricature of Ramsey Theory [1], [2] is “complete disorder is impossible”, i.e. in any large enough structure however chaotic there will always be (interesting) highly ordered substructures. So randomness is perhaps also impossible, or at least tricky. Not sure what implications this has for encryption. What happens if one starts removing the ordered substructures from the large “chaotic” structure ? Does one converge to a moderately large completely disordered structure ? Or to nothing?

[1]...

Read More →

August 20, 2019 9:10 PM

maqp on Friday Squid Blogging: Robot Squid Propulsion:

@ SpaceLifeForm

Ah, so you mean decentralized architecture.

That's basically just a bunch of centralized servers that talk to one another. You shouldn't be trusting e.g. a third party XMPP server because it's again a juicy target. Also if you try to make it local, the architecture means one of your peers is going to be the guy with access to all of the metadata about the group communicating via the server: Who's talking to who, how often etc. And that peer has a lot more interest to look at the metadata than some larger service provider. But the larger it gets, the more...

Read More →

August 20, 2019 8:18 PM

Peter S. Shenkin on Surveillance as a Condition for Humanitarian Aid:

I agree that in a war situation, the idea of carefully validating the right of each recipient to receive aid is misplaced. Even if fraud is a huge problem, there has got to be a better way.

But I disagree with the author on almost everything else.

Presenting it as an issue of "surveillance" is just not right. The effort is misguided, but it's not about surveillance. It's about validation of one's right to receive a benefit in order to minimize fraud. It is directly analogous to an attempt to use biometric criteria to validate voter credentials. I'm not sure I would...

Read More →

August 20, 2019 5:13 PM

Clive Robinson on Friday Squid Blogging: Robot Squid Propulsion:

@ Petter,

The randomness which creates larger patterns and the ultimate quantum randomness.

I do wish people would stop talking about "Quantum Randomness" as though it's something special, it's most probably not (think about the implications of Arthur C Clarke's comments about "magic" and "elderly scientists").

The reason is few understand what "Truely Random" is compared to "Random". In both cases the random means "non determanistic to the observer". The catch is we are on the outside observing, not the inside pushing out, and that makes a huge...

Read More →

August 20, 2019 5:10 PM

Sherman Jay on Friday Squid Blogging: Robot Squid Propulsion:

@tds,

While I haven't tried the latest release, Knoppix offers a lot of variety. Their main version is quite large, but offers a wonderful, polished, feature packed, ready to run O/S. They have abbreviated versions that run in RAM, etc. I think anyone might find trying it a unique and enjoyable experience.

August 20, 2019 5:01 PM

Sherman Jay on Friday Squid Blogging: Robot Squid Propulsion:

@Anders,
Thank you for the encouraging article.

I didn't mean to sound as if the Linux Foundation fiasco was the end of the world. It is just that it has become difficult for us to keep the corporations from ruining great people focused endeavors by swallowing them up. Or, as in the case with most systems today, as pointed out by so many knowledgeable people here, we must resort to dramatic work-arounds to keep some semblance of privacy and security.

August 20, 2019 2:23 PM

Sherman Jay on Friday Squid Blogging: Robot Squid Propulsion:

In trying to catch up to the leaders in these discussions, and being a Linux fan, I came across the following as one of many articles supporting the fact the Micro$oft is trying to take over Linux by any means (that implies incorporating all of the Micro$oft flaws, too) --

techrightsDOTorg/2019/08/03/no-more-community-in-lf/

Naturally I felt the same as if I had found a rat in my pantry, eating all the good stuff.

Also, @Clive's regarding two writing method idea: I agree. And, though I am not proficient in the method, there are some 'project organization' programs...

Read More →

August 20, 2019 2:23 PM

Wo on Surveillance as a Condition for Humanitarian Aid:

To be fair, the ethics of consent are not exactly robust in the modern age as it is. Doing away with the appearance of consent being meaningful though....that is not a promising step for the future.

August 20, 2019 12:32 PM

Faustus on Surveillance as a Condition for Humanitarian Aid:

We are accelerating downhill faster and faster into a surveillance state/world!

I am really happy the Bruce (not a typo) has gone independent. I thought he was wavering for a while but he seems fully back on the team. He provides an immense service in calling out each of these human rights violations.

I call upon everyone to do all they can do to oppose, obstruct, and contaminate each and every one of these authoritarian initiatives, to the best of their ability.

Hong Kong is everywhere! Let's bring the anti-authoritarian spirit of the protestors home. Not the...

Read More →

August 20, 2019 11:46 AM

Clive Robinson on Surveillance as a Condition for Humanitarian Aid:

@ Tatütata,

Highfalutin techno-gimmicks applied an old problem...

If only that was the problem with supposed "Humanitarian aid". I won't list what other horrors have slithered in under that banner, but death by preventable disease that blind eyes were turned to is but one...

August 20, 2019 11:41 AM

Andy on Influence Operations Kill Chain:

Reads like some agency's talking points.

The assumption that populations have no free will underlies this whole narrative of external controllers. During the Vietnam war protests there were officials claiming they were all being whipped up and controlled by the USSR; the entire political left: communists, pacifists, socialists, and liberals were all accused of harboring “anti-American” ideas.. Totalitarian mindsets will always search for an explanation for societal dissent that keeps them as the ones in tune with public opinion and the system they maintain as infallible. The poor...

Read More →

August 20, 2019 11:32 AM

Clive Robinson on Influence Operations Kill Chain:

@ Peter A.,

I keep repeating: free trade is the canvas of peace.

Especially when it improves the lives of all.

As many note productivity goes up profits go up but wages well the reality they go down, the average standard of living drops, and even some of the densest of authoritarian follower Guard Labour start to realise where that's heading...

We have a politician in the UK called Jacob Rees-Moog, who is known as "The MP for the 18th Century" not just because of the way he dresses or the manners he effects, it's his world view would have...

Read More →

August 20, 2019 11:28 AM

Tatütata on Surveillance as a Condition for Humanitarian Aid:

Highfalutin techno-gimmicks applied an old problem...

But can aid still be labelled "humanitarian" if it is conditional on the group to which its recipient is supposed to belong, or on the bl**dy flag sown on his rags, rather than on the human needs?

We already know that the hallowed human rights coded in our precious constitutions have plenty of exceptions, e.g., depending on which side of an imaginary dotted line on the ground the alleged human stands, or of some Catch-22 or gotcha paragraph, or a "convenient" interpretation made by a dingbat in a black robe... :-(

August 20, 2019 10:30 AM

iceman on Influence Operations Kill Chain:

@AlexT:

That's a good question, Sir, and I notice that the very first comment post asking a similar question in a more pointed manner has been deleted. I must say I felt a chill reading this piece. Remember those heady days when it seemed that the biggest threat to "our" "free" Internet was out-of-control adware? Why, the Internet would simply route around censorship! How times change... These days who knows who the good guys are, if any.

August 20, 2019 10:22 AM

Clive Robinson on Surveillance as a Condition for Humanitarian Aid:

@ Erdem Memisyazici,

We need more James Randi type characters and less Uri Geller type characters in surveillence

That is not going to sell product, esprcially product that remains owned courtesy of the DMCA and walled garden market places that rent seekers love so much...

Thus, dare I say "It ain't gona happen bud"...

August 20, 2019 9:48 AM

Erdem Memisyazici on Surveillance as a Condition for Humanitarian Aid:

It hasn't worked historically, and we haven't done anything differently this time around either. Perception is a subjective phenomenon, thus cannot be validated as controlled objectively. A set of similar perceptions is not an objective conclusion either much like a group of people viewing a magician's performance. We need more James Randi type characters and less Uri Geller type characters in surveillence, like Mr. Schneier. The push to deploy constant surveillence once again is one of profitability and effects populations negatively in time (see chilling effect). Unfortunately this...

Read More →

August 20, 2019 8:58 AM

Fankly on Surveillance as a Condition for Humanitarian Aid:

This same sad concept will certainly end up being applied to social safety net programs, probably under the excuse that the surveillance is needed to prevent fraud. Technology creates all kinds of new ways to abuse government power.

August 20, 2019 6:50 AM

maqp on Friday Squid Blogging: Robot Squid Propulsion:

@ Clive Robinson

I'm very well, thank you. I hope you're too!

"Bearing in mind what Microsoft did to Skype, and now appear to be poisoning Linux with FAT32 and similar patent encumbrances. Now Microsoft have taken over GitHub, and appear to some to be targeting personal private communications apps under the guise of "Export Regulations"."

In a way, having TFC on a bigger site is useful because of the sheer number of users, and the incredible variety between the projects. Censorship of GitHub in China/India/Russia/Turkey has been difficult when companies using it...

Read More →

August 20, 2019 6:42 AM

Peter A. on Influence Operations Kill Chain:

I feel all this boils down to "benevolent dictatorship", maybe in a collective, "aristocratic" fashion. People - on average - are stupid and not able to sort out truth and lie, therefore vulnerable to manipulation bye "them", so they cannot be relied upon to make competent decisions, either directly or indirectly (via elections). So the measures proposed are more or less equivalent to a "we know better what's good for you" policy of regulating speech and flow of information, to steer "the masses" into making "right decisions" because "we" think they cannot make right decisions by...

Read More →

August 20, 2019 6:29 AM

Not so Fast on Influence Operations Kill Chain:

"Find the cracks in the fabric of society­ -- the social, demographic, economic, and ethnic divisions."

So, the solution is to reduce these cracks.

The last 40 years of neoliberal economics in which the middle class has been eviscerated and wages have stagnated despite increases in productivity (hence the wealth gap) would seem like an obvious partial cause for deepening/widening these cracks.

Furthermore, with Citizens United it is clear that the legislature is doing the work of the rich (see the study which proves this). Additionally, the populace have lost...

Read More →

August 20, 2019 5:11 AM

Clive Robinson on Friday Squid Blogging: Robot Squid Propulsion:

@ Wesley Parish,

If you're seriously addicted to edlin

No not edlin[1], as I said "I'd like to say I remember it past tense" as in something from my distant past like a a knife wound that has left a scar that now only twinges when attention is drawn to it. Not feel it go "stabity stabity" each tine I have to still turn to it, to get down and dirty to solve problems quickly[2] ;-)

I guess there are two types of people who write largish tracts of text.

The first group just press the go button and dump in text from begining to end, like...

Read More →

August 20, 2019 4:08 AM

Wesley Parish on Influence Operations Kill Chain:

My final year in secondary school included some valuable lessons in analysing propaganda - aka advertising - in English class.

How would this kill chain have worked against the tobacco giants? Against the climate change deniers? (FWIW, Dr Paul Myron Linebarger aka Cordwainer Smith in his book Psychological Warfare gives as an example of how not to wage propaganda, the epic poet and Puritan politician John Milton, who took a opponent's propaganda pamphlet to pieces, piece by piece, and lost that particular argument because nobody could be bothered to read the wordy tome.)

August 20, 2019 3:54 AM

Wesley Parish on Friday Squid Blogging: Robot Squid Propulsion:

@Clive Robinson, et alii

re: text editors

If you're seriously addicted to edlin, you can get an open source clone of it
https://sourceforge.net/projects/freedos-edlin/
courtesy of FreeDOS
https://www.freedos.org/

As regards text editors, I used emacs on an old copy of Slackware to write an entire novel, 130 000 words approx. I would've gone slowly mad trying to do it in edlin ... :) And I like Wordperfect - I wish whoever's got the source code of...

Read More →

August 20, 2019 1:36 AM

JonKnowsNothing on Friday Squid Blogging: Robot Squid Propulsion:

News report that Police in Oregon USA digitally altered a mug shot in order to secure a conviction. What they removed were visible facial tattoos which did not fit the police description of the criminal.

The forensic criminalist Mark Weber testified during Allen’s trial that he used Photoshop to paint over Allen’s tattoos, as he’s done with other mugshots.
...
alterations date back to April 2017
...
The lead investigator, Detective Brett Hawkinson, who is also part of the FBI’s taskforce on bank robberies, testified that he had ordered the tattoo...

Read More →

August 19, 2019 9:58 PM

John Smith on Influence Operations Kill Chain:

"Propaganda is to a democracy what violence is to a dictatorship." - William Blum

https://www.brainyquote.com/quotes/william_blum_173088

I'd like to see a Part 2 from the OP. How do we, the people, defend ourselves from influence operations by the State?

Take the 2003 Iraq war as an example, and the documented machinations of the US, UK, and other governments to sell the case for war, using fake "sexed up" intelligence.

How do we defend ourselves when the State itself is a "firehose of...

Read More →

August 19, 2019 9:37 PM

Clive Robinson on Friday Squid Blogging: Robot Squid Propulsion:

@ maqp,

Hi I trust you are well.

Just a question about location of the TFC project files...

Bearing in mind what Microsoft did to Skype, and now appear to be poisoning Linux with FAT32 and similar patent encumbrances. Now Microsoft have taken over GitHub, and appear to some to be targeting personal private communications apps under the guise of "Export Regulations".

Any thoughts on enlargening the number of places where the project files are stored and made available?

August 19, 2019 7:32 PM

maqp on Friday Squid Blogging: Robot Squid Propulsion:

@SpaceLifeForm

"The issues I see with Tin Foil Chat:

1. Uses TOR
2. 3rd computer
3. No Faraday Cage"

There is no alternative to Tor. If the application is made centralized, there's suddenly a server that has access to metadata of several users. That server is a juicy target and it being hacked is only a matter of time. This was a significant problem back in the day when TFC piggy backed on Pidgin. The solution there was to use Tor routing and Onion Service XMPP servers. Even then the problem was the server could see how much anonymous accounts were...

Read More →

August 19, 2019 7:02 PM

Petre Peter on Influence Operations Kill Chain:

If Romania had access to the Internet in December 1989, the overthrown of Ceausescu would have been much easier.

August 19, 2019 6:52 PM

Charles on Influence Operations Kill Chain:

Bruce, first I want to thank you for writing this article. This is enormously important, and deserves to be widely read. In an effort to combat the information war in which we now find ourselves, I would like to propose legislation making identity verification mandatory for all major social media platforms. Doing so makes it much more difficult for foreign agents to acquire accounts, and other bad actors will face permanent enforceable bans. It also virtually eliminates the bot-nets that have made this an asymmetric cognitive battlefield. An added bonus is that this method could better...

Read More →

August 19, 2019 6:22 PM

VinnyG on Influence Operations Kill Chain:

To exemplify my objection to what I see as the completely inadequate scoping of the problem stated in the OP:

In 1953, the US CIA, to curry favor with Great Britain, whose remaining military might (post WWII) was fully occupied in trying to dampen the many other political brush fires that British colonialism had ignited in Asia and Africa, used (among other tactics) disinformation campaigns to engineer the overthrow of the democratically elected Prime Minister of Iran, Mohammad Mosaddegh, in favor of British lackey "Shah" Reza Pahlavi. The objective was to allow British Petroleum...

Read More →

August 19, 2019 5:45 PM

VinnyG on Influence Operations Kill Chain:

@jones re .625% - May I inquire as to the source for that number? According to my information, the final tally had Clinton with ~48.2% of the popular vote, and Trump with ~46.1%, a difference of ~2.1% in favor of Clinton. However, the result of a U.S Presidential election is determined by the votes of members of the Electoral College (electors,) not popular vote totals. Those electors *are* indirectly elected by popular vote (method details left to the individual state,) but representation in the EC is apportioned according to a formula that is designed to prevent states with large...

Read More →

August 19, 2019 5:12 PM

Ismar on Influence Operations Kill Chain:

Very methodical approach to a social problem showing that Bruce is an engineer at hart 😀.
As usually is the case in our modern societies, however, the steps try to tackle the symptoms rather than root causes- a pain killer approach if you will.
Nothing wrong with that as an interim measure but for a long term cure the doctors may have to perform some sort of surgery but more importantly a change in lifestyle is needed.
These, in American context, would include thorough education reform to make sure Americans understand their place in the world as well as a larger effort...

Read More →

August 19, 2019 4:40 PM

A90210 on Software Vulnerabilities in the Boeing 787:

https://www.wsj.com/articles/the-four-second-catastrophe-how-boeing-doomed-the-737-max-11565966629 Weekend WSJ August 17-18

"The Four-Second Catastrophe: How Boeing Doomed the 737 MAX

At the root of the company’s miscalculation was a flawed assumption that pilots could handle any malfunction

Almost as soon as the wheels of Ethiopian Airlines Flight 302 spun free from the runway March 10, the instruments in front of Capt. Yared Getachew went haywire....

Read More →

August 19, 2019 2:51 PM

Clive Robinson on Influence Operations Kill Chain:

@ Bruce,

Public attribution of information attacks must be accompanied by convincing evidence.

Hey nice to hear, when I started saying this a half decade back and since I've had a fair amount of stick over it. I hope your journy will be more gentle.

However I still maintain attribution is very hard and needs genuine HumInt not just easy to fake SigInt.

@ ALL,

The real problem behind this is actually that we are becoming les parochial and more citizans of the world.

That is as we reach out beyond our own village, town or...

Read More →

August 19, 2019 1:25 PM

Sherman Jay on Friday Squid Blogging: Robot Squid Propulsion:

@VinnyG @Clive Robinson, et. al.

Dear Clive, I'll be glad to pay your consulting fee up to 200% of what I get for running our community computer clinics ($0usd X 200% = ROFL?!)

All of you that contribute and Bruce (who puts up with us) are great. Thanks again to all for all the helpful info. It is not only for my personal benefit, since it certainly helps me to build/refurbish and better serve the privacy and security needs of the people who attend our computer clinics and get our refurb'd computers (at cost or free, depending on their ability to pay) .

p.s. I just...

Read More →

August 19, 2019 1:15 PM

Clive Robinson on Bypassing Apple FaceID's Liveness Detection Feature:

@ ,

... as people are not only unaware it can happen, but have no easy way to check, either.

Which is the big problem with the likes of marketing deciding what the "user experience" should be like...

Personally I don't want to live in a "Rose scented opium den" there is no future to it. Nature gave me a pair of feet to stand on and a brain to think with, for a reason, and that's staying alive in a dangerous world by being aware. The more we take people away from "being aware of real life" with technology and the like the harder the fall will...

Read More →

August 19, 2019 12:42 PM

Tatütata on Friday Squid Blogging: Robot Squid Propulsion:

@Wael

For the journalism suggestion, I have more confidence with paper and computers than with dealing with actual people. Typical nerd. But I do feed the odd tip to journos once in a while.

I had lingering doubts, and had another look.

At 1'14", I found the "smocking gub" I was looking for. For half a dozen frames you can clearly see arcing just a few meters away from the cooling tower, just like I had suggested. Here is a capture of the frame with the most intense light. The vantage point of the drone was...

Read More →

August 19, 2019 12:41 PM

art fowl on Influence Operations Kill Chain:

I appreciate and agree with the analysis. One thing I don't see discussed much is decreasing *everyone's* reach. Disinformation works on democracy because of how highly connected our social media graph is, and this is due to just a small subset of people. It's also a knob we directly control.

Basically, I don't see why really big influencers and corporate ad campaigns need to exist at all. They're an artifact of the technology.

August 19, 2019 12:36 PM

MarkH on Friday Squid Blogging: Robot Squid Propulsion:

.
Barbarians Playing with Nuclear Chain Reactions

Those Russians are too funny ... in a rather depressing way. Reuters reports that of the worldwide network of sensors established to monitor the Comprehensive Test Ban Treaty, the two nearest to the "rocket test explosion" went offline two days afterward.

The two silent sensor stations are in Russian territory.

Of course, to a skeptic --...

Read More →

August 19, 2019 12:05 PM

Sergey Babkin on Influence Operations Kill Chain:

The thing that has been left unsaid is that we MUST be getting angry at the fellow citizens who abuse and break the democratic (small-d) system. And this kind of abuse must be punished. If any behavior of this kind gets promptly investigated, and if confirmed, punished, that creates the trust in the political system, where everyone knows that everyone else is honest. That's the only real countermeasure.

Only the absence of this self-healing lets the propaganda take hold. If the known abuses go on and on unpunished, you never know, what new abuses will start. As Solzhenitsyn said...

Read More →

August 19, 2019 11:48 AM

Mark on Influence Operations Kill Chain:

> Releasing stolen emails from Hillary Clinton's campaign chairman John Podesta and the Democratic National Committee, or documents from Emmanuel Macron's campaign in France, were both an example of that kernel of truth. Releasing stolen emails with a few deliberate falsehoods embedded among them is an even more effective tactic.

Note that for the Clinton/Podesta case DKIM signatures from the Clinton email server were used to validate the authenticity of the emails. I'm not aware of examples where the attackers have modified the Podesta emails. It's conceivable that the attackers...

Read More →

August 19, 2019 11:38 AM

D Snyder on Influence Operations Kill Chain:

This is great stuff to help us think about, and respond to, threats from external actors. However, the piece could be enhanced by acknowledging and addressing the way that politicians can use "influence operations" unethically. For example, telling people that news media are producing "fake news" in attempts to undermine the legitimacy of the news media and the stories they are reporting.

Typically, news media are self-policing, in that if one journalist/reporter announces something, others seek to verify the information or else advise skepticism. On the other hand, competing news...

Read More →

Sidebar photo of Bruce Schneier by Joe MacInnis.