Recent Comments


Note: new comments may take a few minutes to appear on this page.

February 19, 2020 1:29 PM

Elaine Niforos on Hiring Hackers:

Am so excited today because i came in contact with anonymousmaskhat@gmail.com and also got a quick reply from this hacker. After contacting this hacker i am glad and thankful that anonymousmaskhat@gmail.com helped me in changing my bad school grade.

February 19, 2020 11:20 AM

Clive Robinson on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@ MarkH,

It addresses the inherent conflicts between free speech, and protection from the consequences of manifestly damaging speech.

The essential problem is,

    One man's truth is another man's propaganda

We all have diferent Points of View (PoV) which makes us assess the always incompleate[1] information we recieve differently.

This means there is no "real truth" just "perceptive truth" which is in effect "fake news".

Reporters write to their Editors instructions, and the Editors take instructions from the owners and...

Read More →

February 19, 2020 9:51 AM

MarkH on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

.
Did the Early Internet Activists Blow It?

A thoughtful Slate article by Mike Godwin, who was EFF's first staff lawyer.

It addresses the inherent conflicts between free speech, and protection from the consequences of manifestly damaging speech.

I think it will be interesting for many readers here, especially inasmuch as questions of internet regulation and censorship policy have often been topics of discussion.

A quote, with my emphasis added:...

Read More →

February 19, 2020 9:45 AM

Clive Robinson on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@ Bruce and the usual suspects,

Who Pownes your hardware?

Is a subject that keeps coming back again and again... This week Eclypsium released a report on equipment that will except any update no matter how untrust worthy and addled it might be...

https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/

This issue is getting realy bad as hardware increasingly has more and more hidden Flash ROM that users do not know about, nor in the ordinary course of events is there anything...

Read More →

February 19, 2020 9:30 AM

Clive Robinson on Crypto AG Was Owned by the CIA:

@ ALL,

I know this is a bit late but anyone else remember,

The NSA Pown your HD

Apparently they've been doining it for most if not all of this century...

https://www.theregister.co.uk/2015/02/17/kaspersky_labs_equation_group/

It's one of those things that @Nick P and myself used to warn people about fairly regularly.

It was also part of our debate over how old hardware would have to be not to have "Hidden Flash" in IO that could be exploited. @Bick P...

Read More →

February 19, 2020 9:16 AM

Clive Robinson on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@ ALL Vodafone users,

Think twice then thrice about anything you do on a Vodafone Internet connection...

It appears there is no crack they will not intrude into to grab what they can and then hand it over to a third party you have no control over,

https://www.theregister.co.uk/2020/02/19/vodafone_transparency/

Not nice to say the least especially the bit about them getting access to the users private side network to change things "for their own good"...

February 19, 2020 7:58 AM

- on Hacking Mifare Transport Cards:

@ Moderator,

The above from "Envíos a colombia" is unsolicited service advertising.

(a gargo shipment company so not related to the blog at all).

February 19, 2020 4:40 AM

- on Detecting Edited Audio:

@ Moderator,

The above from "Kenneth Glaza" is unsolicited service advertising.

February 19, 2020 1:58 AM

JonKnowsNothing on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@ Clive @All

iirc-badly

Many moons ago, the USA tried this with automobiles. Japan was cleaning up and Detroit was going belly up. So, we passed a law that said essentially, cars and trucks purchased by the US Government had to be USA made, parts and all.

Looked great on paper.

The was only 1 car maker that qualified under that Made in USA rule: a Volkswagen manufactured in their Kentucky USA plant.

What the Detroit folks got was not want they intended. They wanted to buy overseas engines and parts at big discounts and sell cars in the USA at a...

Read More →

February 19, 2020 12:31 AM

Clive Robinson on Hacking McDonald's for Free Food:

@ Sed Contra,

Since it was a McDonald’s in Germany, hopefully they ordered beer.

But only with the breakfast orders ;-)

But it raises a thought, does the bread McDonald's use "Pass the purity laws?"

February 19, 2020 12:12 AM

lurker on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@SpaceLifeForm: re chip sales to Huawei
Hmmm, so the US of A wants to interfere in the internal trade of another nation, ie. between China and its renegade province Taiwan. Or put another way, if I buy a tractor from John Deere, why should I need another licence from them to plant non-American turnip seeds? China got rid of the last of its extra-territoriality‡ in 1932 or 33.

‡ where foreigners in China were subject to their own national law, and not Chinese law.

February 18, 2020 11:59 PM

Clive Robinson on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@ myliit,

Obviously our president is not credible, doesn’t always check reality with his statements, is for sale, etc

Well first off with regards chips,

1, It's virtually impossible to find bacdoors in modern chips.

2, If you don't alow China to buy your chips, they won't be buying US backdoors.

3, Other nations will buy Huawei kit regardless of US using threats and FUD. Especially nations that the US would want to spy on.

4, Other nations with more indepth technical knowledge such as in Europe will layer kit making US...

Read More →

February 18, 2020 10:26 PM

SpaceLifeForm on Crypto AG Was Owned by the CIA:

@ Rachel

Instead of the mole(s) angle, isn't it just easier for it to be an op from the start?

February 18, 2020 7:58 PM

la abeja on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@Electronic Content Creation

Re: [https://politics.slashdot.org/story/20/02/18/2211226/weve-just-seen-the-first-use-of-deepfakes-in-an-indian-election-campaign]

--> [https://www.vice.com/en_in/article/jgedjb/the-first-use-of-deepfakes-in-indian-election-by-bjp]

What? No goofy D0nald Trum% videos?

No, that's slashdot, originally a free and open source software discussion forum, which has since been bought out by DICE.COM for the purpose of collecting political intelligence on its userbase for the use of hiring managers and private investors in the...

Read More →

February 18, 2020 7:47 PM

RealFakeNews on Voatz Internet Voting App Is Insecure:

You only need to look at the voter fraud that has occurred for years here in the UK in various seats at various times.

A year or two ago a guy claimed to have destroyed over 1000 ballot papers voting for the opposition, and knew of others that did the same.

Postal voting is not secure by any means.

February 18, 2020 7:02 PM

Rachel on Crypto AG Was Owned by the CIA:


AlexT

'When I interreacted with the Proton people (again, very early in their setup) I raised the point that if they were really successful in their venture it would be almost certain that some (if not multiple !) agencies would put moles in their dev teams. They seemed to think it far fetched and was dismayed that they did not have any code review / security mechanism in place. I have no idea where they are now but last time I asked I did not get an answer...'

Good insight. Also one which any comparable organisation would be subject to.

There is always...

Read More →

February 18, 2020 6:48 PM

SpaceLifeForm on Crypto AG Was Owned by the CIA:

@ Drive-By Idealogue

Check out Panama Papers and Paradise Papers.

Buy your vowels. Zero cost.
`

February 18, 2020 6:31 PM

SpaceLifeForm on Crypto AG Was Owned by the CIA:

@ AlexT

YEP. SSL, TLS. Same difference.

@ Clive

You made me laugh so hard, tears.

February 18, 2020 6:07 PM

myliit on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@Wesley Parish, Space Life Form, Clive Robinson

Obviously our president is not credible, doesn’t always check reality with his statements, is for sale, etc., ..., but

https://www.nytimes.com/2020/02/18/us/politics/trump-contradicts-advisers-china-technology.html

“ Trump Contradicts Advisers on China Technology Fears

The president, in a series of tweets, said the U.S. would not restrict sales to the country, a sharp shift in administration...

Read More →

February 18, 2020 6:04 PM

Drive-By Idealogue on Crypto AG Was Owned by the CIA:

"It describes how the United States and its allies exploited other nations' gullibility for years, taking their money and stealing their secrets."

Now if only they'd declassify and publish 1% of 1% of the evidence of the United States and its allies exploiting the gullibility of their own nations for years, taking their money and stealing their secrets.

Because I'm pretty sure that would still be many many reams of documents.

February 18, 2020 5:43 PM

SpaceLifeForm on Voatz Internet Voting App Is Insecure:

@ Jim Baldwin

You have no clue about USPS.

Sorry to say.

"All of this is rendered irrelevant with a vote by mail system. Voter ID is built in. Ballot handling is done by trained professionals, i.e., US Postal workers. Large numbers of ballots are never in one place at one time, except at the secure facility."

There are no trained professionals at USPS.

USPS facilities are *NOT* secure.


February 18, 2020 5:19 PM

SpaceLifeForm on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@ Wesley Parish

I guarantee, that if MS did open source Win7, there would be patches every week for quite some time.

I'm sure NSA has more fixes than MS has at this point in time.

February 18, 2020 4:43 PM

Wesley Parish on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@RealFakeNews et alii re: Windows 10

I think Microsoft is making the point of the FSF in its request for Microsoft to open the MS Win7 source tree under a FOSS license.

@Clive Robinson re: Huawei

https://www.reuters.com/article/us-usa-huawei-tech-tsmc/u-s-mulls-cutting-huawei-off-from-global-chip-suppliers-with-tsmc-in-crosshairs-idUSKBN20B1YO

Remember Princess Leia's words to Tarkin while on...

Read More →

February 18, 2020 4:00 PM

myliit on Voatz Internet Voting App Is Insecure:

More about LA’s voting machines and processes

https://www.forbes.com/sites/mikemontgomery/2020/02/05/when-it-comes-to-electronic-voting-california-is-no-iowa/

“It’s worth noting that when LA surveyed the technology landscape to choose its new machines, it decided it had to build its own (with the help of global design firm IDEO). But the new apparatus is just one element of a larger formula that combines new technology with redesigned mail-in...

Read More →

February 18, 2020 3:29 PM

SpaceLifeForm on DNSSEC Keysigning Ceremony Postponed Because of Locked Safe:

It would be interesting to know if the safe had a "Number of openings" counter in the door...

That would be useful. Not just opens.

Attempts.

Maybe a cam to watch. Nah, nevermind.

Maybe someone could check *EVERY DAY* ?

And note that the attempt counter jumped?

SpinLocks.

February 18, 2020 2:22 PM

AlexT on Crypto AG Was Owned by the CIA:

@SpaceLifeForm

Do you imply that SSL is broken and that MITM is actually possible on encrypted channels ?
If so all bets are of...

February 18, 2020 2:08 PM

SpaceLifeForm on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@ Clive, RealFakeNews

So, Clive saw:

1, Wen the coffer
2, Sam
3, contingency_triage
4, William Jackets

@ RealFakeNews

What names did *you* see?

I saw one that Clive did not. Press Brake

He saw *three* that I did not.

February 18, 2020 12:29 PM

lurker on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@Curious -espionage has been going on since before writing was invented; its methods have advanced with the available technology. Here's a thought experiment: what would happen to espionage if the Nation State was abolished? The answer may depend on what happens to the personal moral landscape in the absence of belligerent Nation States. There is ample historic record showing belligerent Nation States existed millenia before the Treaties of Westphalia. Some might argue the United Nations was supposed to reduce/remove belligerence from Nation States: good luck with that.

February 18, 2020 12:19 PM

Jim Baldwin on Voatz Internet Voting App Is Insecure:

IN RE: 'Let's be honest here. It takes more than this: "Paper, pencil, optical scanner is all one needs to run an election."
It takes voters, and precinct workers. The precinct workers need to verify that the voters actually have the right too vote at that polling place, and that they have not voted at some other place, nor more than once this election at the current polling place.'
*********************************************

All of this is rendered irrelevant with a vote by mail system. Voter ID is built in. Ballot handling is done by trained professionals, i.e.,...

Read More →

February 18, 2020 12:14 PM

la abeja on Hacking McDonald's for Free Food:

@ Wayne + Norio

Bunch of old Finns get together like that sometimes, act like they're p!mps or m0b bosses or something like that, kick the kids out of the restaurant for lo!tering or tre5pa$$ing or something like that, berate the owner, "You know you have the right to refuse service to anyone! Why do let those punks eat here? We've got real estate deals going down!"

Truth us, the franchise owner is only watching his local cash register and doesn't care about that IT or app stuff or online coupons. As long as he's got his books covered, it's not his responsibility.

February 18, 2020 12:14 PM

Chaturbate on Cryptanalysis of SHA-1:

The people you pay to present to you your web association may offer parental controls, content channels, or other screen-time-the executives includes that will adequately confine introduction to chaturbate. Xfinity, for instance, offers parental controls, site blocking, and gadget confines through its client entry and application. Chaturbate offers a program considered chaturbate that gives parental controls to a month to month charge. Each organization structures its own highlights in an unexpected way, so making sense of how they work can require some exertion.

February 18, 2020 12:12 PM

Xhamster on Cryptanalysis of SHA-1:

Indeed, utilizing tech instruments to confine grown-up content works best when joined with discussions that pass on your qualities about affection, xhamster and connections. (Get tips on conversing with tweens and adolescents about xhamster.) Here are five different ways to square xhamster however much as could reasonably be expected.

February 18, 2020 12:10 PM

xnxx on Cryptanalysis of SHA-1:

Consider this: xnxx is everywhere throughout the web. You can't thoroughly dispose of it. In any case, most guardians need to recognize what they can to keep kids from seeing unequivocal substance. In any case, here's the other thing: You can set all the blockers, channels and parental controls known to mankind, and not exclusively will your children despite everything see xnxx, you despite everything need to converse with them about what xnxx is, the reason it exists and why it's not for them.

February 18, 2020 12:00 PM

xvideos on Cryptanalysis of SHA-1:

There are a couple xvideos knead advisors out there with some increasingly substantive preparing in orthopedics and restoration, two or three years worth, with confirmations that mean something. By and large, these are the authorized or enlisted xvideos advisors, in spite of the fact that the principles differ generally.

February 18, 2020 10:29 AM

Norio on Hacking McDonald's for Free Food:

Finally, a heartwarming hacker story! These kids weren't doing it for the "food" (since it's McDonald's I need to put quotes around that word) or for a selfish motive.

February 18, 2020 9:41 AM

Wayne on Hacking McDonald's for Free Food:

Speaking of McD's, apparently the HBO series on their Monopoly game that got hacked, McMillion$, is getting really good reviews and is quite popular. I haven't gotten around to watching it yet.

February 18, 2020 9:28 AM

kiwano on Voatz Internet Voting App Is Insecure:

Every time I see a post like this, I become a little more convinced that the only thing that'll get the USA to adopt nation-wide security standards for voting systems, is a civil war fought over whether or not an election outcome was the result of tampering. In light of that, I don't know whether or not it's a good thing that the upcoming election is so polarizing, and involves a candidate who's already faced accusations of electoral fraud that his opponents find credible.

February 18, 2020 6:12 AM

UntilDoesNotEqualTillEOWWW on Voatz Internet Voting App Is Insecure:

https://i.postimg.cc/Xqq8cgx4/Minimise-Certificate-Use.png

Recursive tip: eh, ah, yeah, and do you _really_ need several dozens of CA's? and Certs? Not really. You might need one or two extras if your browser misses them, yet it already _lies_ and claims that missing Cert files/entries is "proof" of MITM problems. Alternatively, it might be true that every _extra_ of those several dozen CA's and Certs _actually_ _is_ the MITM attack!

Please wake up and dump the coffee, too. It's probably laced...

Read More →

February 18, 2020 5:50 AM

Clive Robinson on Voatz Internet Voting App Is Insecure:

@ RealFakeNews,

blockchain

I've almost always viewed it as,

1, A,solution looking for a problem.
2, Words for a foolish Angel's ear.

Opinions I and others have voiced on this blog before.

Which you may remember were followed by various "don't break my rice bowl" types descending from some dream state place "where numbers float buy just counting their toes" pretending to be the new coin of the world and unfortunatly gave the Moderator a mess to clean up...

Well they don't appear to be comming around as much any more,...

Read More →

February 18, 2020 5:22 AM

Curious on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

Ah, before I forget this.

Referring to my post just above, and with the risks in trying to extrapolate things off a single twitter message, I have to say that there is also an interesting philosophical problem in discussing what is moral, or, whatver is believed to have a 'moral dimension'.

The way Blaze uses the word, is presumably about awareness as such, as opposed to discussing the vague term "moral values" or 'principles' even, and although English is not my native language, I think I have learned that a similar topic to anything 'moral', is amoral. Amoral, is by me...

Read More →

February 18, 2020 5:07 AM

Curious on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

Looking at twitter today (re. Crypto AG story of recent), I find it puzzling that someone like Matt Blaze (who I think was the one to find flaws in US governments Clipper chip for enabling eavesdropping capability unless I am mistaken) apparently thinks that espionage towards other nations governments "are arguably fair game". He does point out, what he refers to as "moral dimensions", as being problematic as I understand it, something to do with government backdoors being abused by other nation states. I guess it could be that he also had other things in mind, re. espionage and morals,...

Read More →

February 18, 2020 4:34 AM

Clive Robinson on DNSSEC Keysigning Ceremony Postponed Because of Locked Safe:

@ SpaceLifeForm, ALL

Mind you it's not just recalcitrant safes that critically effect Internet Security...

Over in another corner critical Internet security is held up because Internet organisation lawyers are fighting it out over a contract that as the old saying has it "Only in America",

https://www.theregister.co.uk/2019/10/28/arin_rpki_open_source/

Some people realy are banging them down on the table with all the force that testosterone fueled egos will alow...

February 18, 2020 4:06 AM

RealFakeNews on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@SpaceLifeForm

I think the @Moderator has removed them.

Windows 10: paying to be a perpetual Alpha tester. Do not use in production environments.

This whole "update your computer to remain secure" is getting old. It placates insurance and legal issues, but does it really help when the updates are poorly written, untested, and applied anyway?

Each new update means new zero-days.

February 18, 2020 3:27 AM

RealFakeNews on Voatz Internet Voting App Is Insecure:

>> blockchain

...and why do people think this is the best solution? It almost pin-points the day the voting app was invented.

Where can I get multi-million dollar investment to produce garbage?

There is only one reason a certain demographic is pushing for electronic voting!

How many times has electronic voting been attempted, and how many times was it found to be flawed to the point the machine was changing the vote as it was cast due to a "glitch"?

It's almost, if not, one-to-one.

Forget electronic voting being untrustworthy - those...

Read More →

February 17, 2020 8:31 PM

SpaceLifeForm on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@ Clive, Bruce, All

I hope you noticed the new trolls that carry links.

DO NOT CLICK.

If you do not see the two new names above, please say so.

That would be what is called 'Useful Information'

February 17, 2020 8:26 PM

Clive Robinson on DNSSEC Keysigning Ceremony Postponed Because of Locked Safe:

@ SpaceLifeForm,

In fact, it will not magically fail after opening for over 2000 consecutive days.

I rather think that depends on,

    Who is doing the magic...

One common cause for safes to go wrong is people have "played with the mechanism" in some way.

It would be interesting to know if the safe had a "Number of openings" counter in the door...

February 17, 2020 8:16 PM

Clive Robinson on Crypto AG Was Owned by the CIA:

@ SpaceLifeForm,

Yes, I'm old (maybe even educated!)

Do you mean "head you cratered" from banging it on the school desk ;-)

Back when I went through the process we had three levels,

1, Infants.
2, Junior.
3, Senior later Secondary.

I did not have any problems in Infants, but Junior oh dear, the Headmaster hated my mother as she used to be his boss and blocked his promotion for good reason. The deputy head was an old spinster of the "never spare the rod" variety. Thus you can imagine what problems I had. Which was why my...

Read More →

February 17, 2020 8:00 PM

SpaceLifeForm on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

I guess everyone here is smart, and does not have to deal with this Win10 problem from last patch Tuesday. (2020-02-11)

My conclusion: Windows is so complex that testing is worthless.

hxxps://www.zdnet.com/article/microsoft-pulls-security-update-after-reports-of-issues-affecting-some-pcs/

A standalone security update released as part of the February Patch Tuesday cycle has created headaches for some owners of PCs running Windows 10. After investigating reports of those issues, Microsoft has yanked KB4524244 from its update servers.

February 17, 2020 7:50 PM

Clive Robinson on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@ Thoth,

Hmm, so "nobody died in Singapore"... Is what the government claims.

I wonder how they intend to prove that... After all nobody else can in any other Asian country.

The simple fact is, as with early deaths in China, if your clinicians do not recognize the quite subtle differences in symptoms, any respiratory failure death of that type will be put down to pneumonia.

So the government are throwing the toys out of the pram for either a "fit of peak" or some other reason. However as there are other sites that made or reported the death claim that have...

Read More →

February 17, 2020 7:14 PM

Clive Robinson on Crypto AG Was Owned by the CIA:

@ vas pup,

I guess the reverse is right as well...

Yes, but remember what George Orwell put in his politics "Room 101" book 1984. He had a list of criteria,

1, You should have an enemy in a far off place (he picked Asia).
2, Where the people are visably different.
3, So your civilians have someone easy to hate other than their,
4, Controling tyranical government.
5, That spies on their every moment.
6, That feeds them propaganda.
7, Via the means of television radio and all electronic communications....

Read More →

February 17, 2020 7:07 PM

SpaceLifeForm on DNSSEC Keysigning Ceremony Postponed Because of Locked Safe:

'Staff open up two safes, each roughly one-metre across. One contains a hardware security module that contains the private portion of the KSK. The module is activated, allowing the KSK private key to sign keys, using smart cards assigned to the ceremony participants.'

How smart are those smart cards?

Did Agent 99 issue them?

February 17, 2020 6:48 PM

SpaceLifeForm on DNSSEC Keysigning Ceremony Postponed Because of Locked Safe:

@ Clive

There is someone here spewing pure BS.

I guarantee you the safe has a 4 number combination. With a key also.

And when you only have to open once a year, the safe will not magically fail.

In fact, it will not magically fail after opening for over 2000 consecutive days.

This is pure fake news.

I say this based upon experience.


February 17, 2020 6:25 PM

Clive Robinson on Friday Squid Blogging: An MRI Scan of a Squid's Brain:

@ SpaceLifeForm, ALL,

Don't forget about that other cruise ship...

The one that was turned away from port after port...

That Cambodia finally let dock.

Well the pasangers disembarked, and went their own way to where ever they wanted to go...

One was tested in another country and found to be positive.

However, apparently 99 have flown back to the Netherlands and just gone home...

I'm kind of thinking the Dutch authorities realy have dropped the ball on that one...

The maths would suggest that upto ten of those passangers will...

Read More →

February 17, 2020 6:12 PM

Grima on Voatz Internet Voting App Is Insecure:

@Dennis Fazio re: "...what problem is online voting attempting to solve..."
The "wrong people" keep getting elected ;?>

February 17, 2020 6:01 PM

Clive Robinson on Friday Squid Blogging: An MRI Scan of a Squid's Brain:

@ JonKnowsNothing,

Millions would like to know exactly WHAT is this "Successful Treatment"?

Well it looks like the virus will not kill you, but the side effects can cause death if not treated.

Put overly simply, the virus causes inflammation which causes the release of fluid. The result of this is dependent on where in the body the fluid is released and how much of it.

Most of us know from insect bites/stings that the inflammation they cause gives rise to the fluid which distends the flesh causing swelling thus preasure on blood vessels...

Read More →

February 17, 2020 5:57 PM

SpaceLifeForm on Crypto AG Was Owned by the CIA:

@ AlexT

"As far I know all servers are still in Switzerland."

It does not matter where the servers are physically located.

When the long-haul backbone routers are backdoored.

Did you spot your MITM today?

No? No surprise.

February 17, 2020 5:38 PM

SpaceLifeForm on Crypto AG Was Owned by the CIA:

@ vas pup

FYI, I would avoid BBC, FOX, NYT, and WAPO.

Find alternative links.

Just saying.

Yes, I'm old (maybe even educated!), and always use Oxford comma.

February 17, 2020 5:19 PM

David Leppik on Voatz Internet Voting App Is Insecure:

@RJ Brown:

Volunteers are not free. They need to be recruited, trained, and retained. Since they aren't getting paid, they are less likely to show up than paid workers. They are less likely to be experienced and ready to deal with irregularities. For certain jobs, such as construction, it's often cheaper to hire professionals than to rely on volunteers.

Volunteers are paid in satisfaction. If volunteers have a great experience, they will recruit their friends. If they feel unsupported and then get blamed for problems, nobody will want to volunteer.

Therefore paper...

Read More →

February 17, 2020 5:19 PM

gordo on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@ SpaceLifeForm,

Let us know when the IOWA results are final.

Sure, I suppose anything's possible, these days. ;)

BTW, here's a more complete quote from Weaver on the recanvass request:

"While a recanvass is just the first step in the process and we don’t expect it to change the current calculations, it is a necessary part of making sure Iowans can trust the final results of the caucus,” Jeff Weaver, a senior adviser for the Sanders campaign, said Monday in a statement about the recanvass request. “... Once the recanvass and a...

Read More →

February 17, 2020 4:58 PM

SpaceLifeForm on Voatz Internet Voting App Is Insecure:

@ wumpus

'that ballot should be both human and computer readable.'

Yep. Give me Hollerith Cards.

I can not come up with any other medium than paper that can be both human *and* computer readable.

Papers please. As in paper ballots.

February 17, 2020 4:54 PM

vas pup on Crypto AG Was Owned by the CIA:

@Clive:

Thank you for your recent input.
You stated:"Thus if you want peace you have to trade and manufacture." I agree.

I guess the reverse is right as well: "If you do not want peace, but rather tension escalation between nations, then you must put tariffs, barriers, sanctions, etc. to degrade trade."

February 17, 2020 4:36 PM

Clive Robinson on Friday Squid Blogging: An MRI Scan of a Squid's Brain:

@ SpaceLifeForm,

14 of the Americans that left Diamond Princess tested positive, asymptomatic.

"so far" out of more than 300 who have left the ship yesterday to be repatriated.

Much as I had hoped otherwise, the maths made it inevitable, and in all probability the number of those who test positive will rise, probably doubling.

When they get back to the US however the level of health care they should receive is certainly going to be better than they would have received on the ship. Also probably better than they would receive in Japan that...

Read More →

February 17, 2020 4:12 PM

Rj Brown on Voatz Internet Voting App Is Insecure:

@Dancing On Thin Ice:

"Would the low numbers of voting booth fraud indicate precinct workers are a form of security theatre?"

Either that, or they are doing such a good job that there is no need to replace them with computerized voting methods! :-)

Besides, these are volunteers. They are free labor. Why spend mony to replace something that works and is free?

February 17, 2020 4:04 PM

Clive Robinson on Crypto AG Was Owned by the CIA:

@ vas pup,

The problem with neutrality is you have to have the power to enforce it.

If you don't you will have to compromise, because that is the nature of "power politics" you are either "usefull" or "to be crushed under heal".

Thus the question of "how to be usefull" to every psychopath who has desires of conquest?

Well Sweden had the same trouble and in part they sold balls for bearings to both sides whilst also spying for the side they most hoped would leave them alone.

You can go down the list.

The thing you will note is that neutral...

Read More →

February 17, 2020 3:53 PM

SpaceLifeForm on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@ gordo

'Though still a multi-step process, it didn’t seem to bother most voters.'

Because that is basically the process.

Lesson: Do not attempt to automate a process that works perfectly well using paper.

Lesson: Never attempt to automate a process that has not already been tested using paper.

Lesson: If the automation fails, fall back to paper.

Lesson: Don't hand an iPad to a poll worker that has never seen an iPad ever.

Lesson: Don't expect a poll worker to know diddly about a web-based form on Google.

Lesson: Paper is...

Read More →

February 17, 2020 3:51 PM

Dancing On Thin Ice on Voatz Internet Voting App Is Insecure:

@Rj Brown

"It takes voters, and precinct workers"

Investigations even by those believing it is rampant consistantly fail to find double voting incidents.
Voting twice by individuals with dual residencies also turns up as virtualy non-existent.
Other factors have a greater affect on elections such as voter role purges, misinformation campaigns, closing DMV offices serving certain demographics after requiring an ID to vote and gerrymandering.

Would the low numbers of voting booth fraud indicate precinct workers are a form of...

Read More →

February 17, 2020 3:48 PM

MarkH on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@SpaceLifeForm:

I wrote above mainly about RSA and factoring, but replied to you that precomputation is useful against discrete log systems (like DH), but NOT against RSA.

Logjam is exactly that: a precomputation attack against discrete logs. Defeating Logjam is dirt simple.

February 17, 2020 2:00 PM

Dennis Fazio on Voatz Internet Voting App Is Insecure:

Usually, new developments and inventions are created to solve a problem or provide a new capability not possible before. One has to ask what problem is online voting attempting to solve or what new capability is provided that warrants the complete redesign of an extensive critical civic and social practice?

An election system needs four key attributes: Access, Authentication, Anonymity, and Auditability. With network outages, server failures, denial of service attacks, with the authentication and voting action happening on the same communications channel, and the difficulty of...

Read More →

February 17, 2020 1:39 PM

vas pup on Crypto AG Was Owned by the CIA:

Swiss Crypto AG spying scandal shakes reputation for neutrality:

https://www.bbc.com/news/world-europe-51487856

"There are only a handful of countries on the planet that have chosen neutrality; Austria is one, Sweden another. But no country has made a status symbol out of neutrality like the Swiss.

Now that the Crypto AG scandal has emerged in all its tawdry detail, there's not a newspaper or broadcaster in the country that is not questioning Switzerland's neutrality.

"It's shattered," is a...

Read More →

February 17, 2020 11:29 AM

wumpus on Voatz Internet Voting App Is Insecure:

@Larry "Is the answer to hire people who REALLY know what they are doing?"

This is the whole problem of hiring people to do "magic" (things you don't understand). The number of people you *know* who REALLY know what they are doing is small (and you probably can't hire Bruce right now anyway). But the number of people who can convince you in an interview that they REALLY know what they doing does not intersect well with the people who know what they are doing. And in something like security, you don't know until you've suffered a catastrophe (and even then it probably will be to...

Read More →

February 17, 2020 11:25 AM

Rj Brown on Voatz Internet Voting App Is Insecure:

Let's be honest here. It takes more than this: "Paper, pencil, optical scanner is all one needs to run an election."

It takes voters, and precinct workers. The precinct workers need to verify that the voters actually have the right too vote at that polling place, and that they have not voted at some other place, nor more than once this election at the current polling place. Our goofy laws make it hard for these polling place workers to do theri job. A personal appearance used to be goo enough back in the good old days, or if you live in a small rural town like ai do. These...

Read More →

February 17, 2020 10:51 AM

rachelbowers on The Story of Tiversa:

An interesting theme to think about. And I completely agree with one of the commentators who said "The general public has no idea how vulnerable their communication and computer gear is". People should discover more and do some research on basic security stuff. Mass ignorance is a horrible thing that causes problems everywhere.

February 17, 2020 10:38 AM

Clive Robinson on Voatz Internet Voting App Is Insecure:

@ Vesselin Bontchev,

here is the researchers' response to that [Votaz] response

Thanks for that.

Given Votaz's previous behaviour of sticking the FBI on researchers, their reply to Votaz's calumny is a lot politer and measured than Votaz would have a right to expect.

I did note that Votaz is a "startup" that has very recently gone through Series A funding of a few million USD. I guess they are touchy about having their dirty laundary exposed especially as it appears they have lied about the blockchain usage which has some legislative...

Read More →

February 17, 2020 9:51 AM

tim on Voatz Internet Voting App Is Insecure:

I have just gone through Voatz's response and I'm a little surprised that you consider that [they have] "no idea what they're doing".

The core issue is that they aren't transparent. They've released no audit reports (just "summaries"). They refuse to divulge any details of their infrastructure. And they refused to address the key points that the researchers made. And that is even before we get to the blockchain silliness. Blockchain is offering no value here and tried and true alternatives exist.

Paper, pencil, optical scanner is all one needs to run...

Read More →

February 17, 2020 9:26 AM

AlexT on Voatz Internet Voting App Is Insecure:

I have just gone through Voatz's response and I'm a little surprised that you consider that [they have] "no idea what they're doing".

Would you mind to expand on this ?

February 17, 2020 9:22 AM

AlexT on Crypto AG Was Owned by the CIA:

@vas pup: As far I know all servers are still in Switzerland. Which, as we have seen in the crypto AG story, can't refuse much to US in any case. When I interreacted with the Proton people (again, very early in their setup) I raised the point that if they were really successful in their venture it would be almost certain that some (if not multiple !) agencies would put moles in their dev teams. They seemed to think it far fetched and was dismayed that they did not have any code review / security mechanism in place. I have no idea where they are now but last time I asked I did not get an...

Read More →

February 17, 2020 7:28 AM

Clive Robinson on Voatz Internet Voting App Is Insecure:

The fact that a piece of software from a commercial commodity software development environment has faults should not supprise any of us.

Because even the least complex of usable commodity software as an application has faults. As the commodity software development processes are not appropriate or even conducive to producing even low fault count software let alone zero fault software that is unlikely to change any time soon in a "race to the bottom" market place. Also that is before you start looking into the commodity libraries the application links to. Which are also a "movable...

Read More →

February 17, 2020 7:16 AM

Larry on Voatz Internet Voting App Is Insecure:

@Bruce
I'm just a wannabe tech guy,but I agree with your comments after reading the motherboard article.
Is the answer to hire people who REALLY know what they are doing? Or just skip it altogether?

February 17, 2020 4:48 AM

anonymoose on Friday Squid Blogging: Squids Are as Intelligent as Dogs:

@ la abeja


In effect, TLSv1.2 is the only version of the protocol allowed by these settings, since TLSv1.3 is not yet supported by Apache 2.4 series.

Good news, it has for over a year now with OpenSSL 1.1.1.
hxxps://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?revision=1843469&view=co

February 17, 2020 3:35 AM

Clive Robinson on Crypto AG Was Owned by the CIA:

@ Curious,

I just think is a disservice to humanity to iterate Donald Rumsfelds saying about unknown unknowns, and so to clarify, it was you that brought along the saying about 'known knows', 'unknowns knowns' and 'unknown unknowns'.

What Donald Rumsfeld may or may not have said that the press mayhave reported is realy not that important in the scheme of things, and it's very unlikely that it was original to him anyway, it probably precedes Aristotle and Plato.

ICTsec attacks appear against time and by what or how they work to get into a computer...

Read More →

Sidebar photo of Bruce Schneier by Joe MacInnis.