Recent Comments


Note: new comments may take a few minutes to appear on this page.

August 5, 2021 7:11 AM

JonKnowsNothing on Zoom Lied about End-to-End Encryption :

@All

In a MSM report on the Zoom settlement was this interesting item:

Zoom users relied on the company’s promises that “Zoom does not sell users’ data” …

Because Zoom implemented the Facebook SDK, user data was sent by Zoom to Facebook “regardless of whether the user has created a Zoom or Facebook account, and, even worse, before the user would have even encountered Zoom’s terms and conditions or any privacy disclosures…...

August 5, 2021 3:41 AM

MarkH on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

Peter Bergen, a journalist and book author specializing in reportage of terrorism and counter-terrorism, has a new book titled “The Rise and Fall of Osama bin Laden,” which reveals some new specifics of how bin Laden’s “operational security” apparently worked against him.

You might recall that the chance sighting of a man known to be a driver for bin Laden led U.S. intelligence to bin Laden’s house in Pakistan...

August 5, 2021 3:11 AM

Clive Robinson on I Am Parting With My Crypto Library :

@ Security Sam,

Look out for Hemimastigotes.

Ah yes that new form of “assumed life” back thirty years ago, that was later found to have standing in gondwanian soils…

I gather some moved north and we can now see them more easily, and these days and we just call them HIP Politicians…

(sarcasm tag to off).

August 5, 2021 3:03 AM

Ruminant Subhuman Creature on The European Space Agency Launches Hackable Satellite :

@ Clive Robinson

Not sure what it is you are ingesting but I suspect it’s not legaly prescribed…

Just put your face diaper on, get in line and get vaxxed, or they’ll put you in restraints and vaxx you where it hurts the most. Where do you get the idea that what cops and docs force people to ingest has anything do to with anything legally prescribed?

August 5, 2021 2:49 AM

Clive Robinson on The European Space Agency Launches Hackable Satellite :

@ Ruminant Subhuman Creature,

This stuff is truly medieval. The chain mail and the portcullis, a dungeon in the basement of the castle, ball and chains, shackles, manacles, neck irons, compressed air powered jail cell doors, whatnot.

Not sure what it is you are ingesting but I suspect it’s not legaly prescribed…

@ ALL,

It was called “Castle-v-Prison” in a similar way to “Cathedral and the Bazarre”[1]. In his essay Eric S Raymond contrasted two Open Sorce development models. On effectively a demi-god and appointed high priests (Cathedral model) the other much more Open and in theory where anyone can contribute a part no matter how small (the Bazaar). Which gave rise to Eric’s “many eyes” idea...

August 5, 2021 2:01 AM

NINA HEARTLY on Periscope ATM Skimmers :

Good day everyone reading . If you are seeking  means to recover cryptocurrency , tokens, coins and funds lost to any form of online s cams in binary options, forex crypto-trading and investment , do yourself a favor and write to QUADHACKED VIA GMAIL .This special-ist literally saved my life when he helped me recover tokens of over $33,000 from online rippers impersonating group admins on telegram, my 12 phrase got compromised .They had my blockchain wallet ransacked and I was left with nothing. I almost lost all hope till I read a review online about this specialist  quadhackedtech.com   that saved my life by helping me retrieve my stolen funds. I provided details of the incidence and necessary information to complete recovery program and  under a week my coins and tokens  were recovered by this excellent ethical hacker QUADHACKED@GMAIL.COM...

August 4, 2021 9:20 PM

R-Squared on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

@ Clive Robinson

A, Mean Time To Fail (MTTF).
B, Mean Time To Repair (MTTR).

Downtime for planned maintenance is inevitable without a hot standby.

Otherwise you’re in the position of driving it till it breaks down and taking it to a professional shop for repairs.

August 4, 2021 9:09 PM

Truth.is.stranger.than.fiction on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

https://fortune.com/2021/08/04/microsoft-exchange-cyber-attack-diplomats-china/

M$FT Exchange attacks go back at least 2017. A large trove of email just found in the cloud from Middle Eastern Governments and oil companies.

But this newly discovered leak is for the on-prem Exchange, yet they found the data in the cloud. How did the data get replicated to the cloud? It would be my guess that a storage engineer mirrored servers to the cloud. Which MSP do they have in common?...

August 4, 2021 8:51 PM

JonKnowsNothing on AirDropped Gun Photo Causes Terrorist Scare :

@MarkH

re: Question 1 can this stupid “AirDrop” thing do its nearby-notification thing with devices in Airplane Mode?

AFIAK my iPhone (1) will not communicate with any WIFI or Network (P2P) or Bluetooth when in Airplane Mode. Airdrop will not work.

As for Question 2, I dunno. I’ve not been in that sort of situation for decades and I have no intention of testing out any theories in that environment...

August 4, 2021 8:11 PM

MarkH on AirDropped Gun Photo Causes Terrorist Scare :

2 questions I didn’t notice anyone address here:

1, can this stupid “AirDrop” thing do its nearby-notification thing with devices in Airplane Mode?

2, were passengers instructed to place powered devices into Airplane Mode?

August 4, 2021 7:48 PM

R-Squared on Paragon: Yet Another Cyberweapons Arms Manufacturer :

>>> One of the sources said they understood that Paragon’s spyware exploits the protocols of end-to-end encrypted apps, meaning it would hack into messages via vulnerabilities in the core ways in which the software operates.

Read that last sentence again: Paragon uses unpatched zero-day exploits in the software to hack messaging apps.

That is NSA, with Five Eyes + Israel.
With inside help from CIA, Mossad, Interpol, Europol, Bundesnachrichtendienst, etc., they have largely bypassed FBI+DOJ and “gone loco” to railroad suspects on surveillance-intelligence-based charges through small town “local” jurisdictions where the government “knows us best” and the so-called “parallel construction” of evidence cannot be questioned as subornation of perjury, intimidation of witnesses or other obstruction of justice because the source of the surveillance intelligence — brought in court as unqualified “information” without the Fifth Amendment due process of presentment or indictment by a grand jury — is deemed “classified” at the small town “local” law enforcement level...

August 4, 2021 6:14 PM

MarkH on AirDropped Gun Photo Causes Terrorist Scare :

@JonKnowsNothing, R-Squared, all:

As an engineering professional, I’m bound to respect factual data, though not to assume that it’s exhaustive.

In the known instance, I see no evidence that any passenger(s) who did not report the image of a toy gun faced any “bother” — or even risk thereof — other than the absurd delay which afflicted everyone aboard.

For me, hard facts outweigh the speculations and imaginings of infotech geeks, however clever those geeks may be...

August 4, 2021 5:20 PM

JonKnowsNothing on AirDropped Gun Photo Causes Terrorist Scare :

@MarkH, @R-Squared, @All

re: IANAL and IANAMD and IANAP

You Betcha, I am none of the above. I know nothing.

@MarkH: For the likely scenarios, the legal “bother” to a passenger behaving as AlmostCaught proposed? Zero.

I recommend you read that article I posted on the update to the bother the Met Police Chief has encountered. Every article since the event occurred February 2018 has had some additional bits of information included. Particularly after the different court judgements...

August 4, 2021 4:39 PM

R-Squared on AirDropped Gun Photo Causes Terrorist Scare :

@ AlmostCaught

Honestly, if I was a passenger and I received a picture of a gun, a bomb, threatening text, etc., I’d just close it and not let anyone see or know while praying that anyone else that received the same content would do the same because the thought of having the travel being disrupted by overreaction of authorities would piss me off entirely.

@ JonKnowsNothing

If you do that, you will be in a world of first class legal bother...

August 4, 2021 4:23 PM

MarkH on AirDropped Gun Photo Causes Terrorist Scare :

@JonKnowsNothing:

To my knowledge, no regular commenter here is qualified to dispense legal advice. Some attempts to “play lawyer” have yielded embarrassingly foolish claims completely unhinged from law as recognized by courts.

The above analysis seems to omit two substantial probabilities:

First, it’s more likely than not that nothing will happen at all.

Second, if there’s any consequence at all, it’s more likely than not that (a) it’s a stunt and (b) some well-meaning passenger reported it (as in the posted story). Have we any shred of evidence that the phones of other passengers were examined?...

August 4, 2021 3:52 PM

Ruminant Subhuman Creature on The European Space Agency Launches Hackable Satellite :

@ Clive Robinson, more than one Winter

You will if you look on this blog going back over several years, see I was discussing such systems for “security” in a very great deal of depth in the “Castle-v-Prison” / “C-v-P” / “CvP” design and the likes of @Wael, @Nick P, RobertT, and others were going into it out of rather more than “polite interest”.

This stuff is truly medieval. The chain mail and the portcullis, a dungeon in the basement of the castle, ball and chains, shackles, manacles, neck irons, compressed air powered jail cell doors, whatnot...

August 4, 2021 1:29 PM

JonKnowsNothing on AirDropped Gun Photo Causes Terrorist Scare :

@AlmostCaught

re: Honestly, if I was a passenger and I received a picture of a gun, a bomb, threatening text, etc., I’d just close it and not let anyone see or know …

If you do that, you will be in a world of first class legal bother.

Once the image has made it to your device, its got the imprint there waiting to be extracted.

If you dump the device you can get more bother for doing so.

If you did report it you are going to be in a world of bother too. Depending on Who, How, Where, Time you report it you can be looking forward to sitting at one of the tables in court...

August 4, 2021 1:19 PM

Andy on Paragon: Yet Another Cyberweapons Arms Manufacturer :

Bruce, you can’t have it both ways. You rightly argued that FBI shouldn’t mandate insecure backdoors of “nobody but us” kind. Instead they should develop the know how of how to access the data. Don’t blame the “arms manfacturing” industry for finding holes and willing buyers.

August 4, 2021 12:44 PM

Clive Robinson on The European Space Agency Launches Hackable Satellite :

@ Winter,

Go down till you find,

“Functional Triple Modular Redundancy (FTMR)”

And when you look behind the fancy name you will realise they are talking about “voting circuits” and the like.

You will if you look on this blog going back over several years, see I was discussing such systems for “security” in a very great deal of depth in the “Castle-v-Prison” / “C-v-P” / “CvP” design and the likes of @Wael, @Nick P, RobertT, and others were going into it out of rather more than “polite interest”...

August 4, 2021 11:47 AM

Clive Robinson on The European Space Agency Launches Hackable Satellite :

@ Winter,

volume, power consumption, and durability, and very little else. Would FPGA’s measure up here?

There is another thing, amd it’s not much talked about…

If you are spending tens if not hundreds of millions getting a payload into space, you tend to be quite conservative in outlook.

One aspect of which is you are not going to be “first into space” wirh new technology as it’s got no upside in it for most people…...

August 4, 2021 11:35 AM

The Flower of Marxism on Stealing Xbox Codes :

“i’m going to read the article but there is a question: how microsoft failed to notice a 10 MILLION HOLE!!???!”

MSFT made $46bn in revenue this year so … presumably in the margin of error.

August 4, 2021 11:31 AM

AlmostCaught on AirDropped Gun Photo Causes Terrorist Scare :

Like Clive, you’re being intellectually dishonest. It’s not about the picture (and, again, it doesn’t matter if it was an actual gun or not because it was just a picture) or the technology, but about the uncertainty it represents. I mean, for all anyone knew at the time, they could have accidentally stumbled on the communications of hijackers in the act of coordinating their plan.

Honestly, if I was a passenger and I received a picture of a gun, a bomb, threatening text, etc., I’d just close it and not let anyone see or know while praying that anyone else that received the same content would do the same because the thought of having the travel being disrupted by overreaction of authorities would piss me off entirely...

August 4, 2021 11:01 AM

Winter on The European Space Agency Launches Hackable Satellite :

@Clive, Mike
“DSPs underperformed FPGAs in that role all the way back in 2009 when I did a grad class project on it.”

PPS
ESA (and NASA) seem to agree with Mike and are studying the use of SRAM reprogrammable FPGAs.

ht tps://www.esa.int/Enabling_Support/Space_Engineering_Technology/Microelectronics/The_use_of_reprogrammable_FPGAs_in_space

August 4, 2021 8:55 AM

Winter on The European Space Agency Launches Hackable Satellite :

@Clive, Mike
“DSPs underperformed FPGAs in that role all the way back in 2009 when I did a grad class project on it.”

PS
If I remember well, spacecraft is about weight & volume, power consumption, and durability, and very little else. Would FPGA’s measure up here? I doubt it.

August 4, 2021 6:42 AM

Winter on The European Space Agency Launches Hackable Satellite :

@Clive, Mike
“DSPs underperformed FPGAs in that role all the way back in 2009 when I did a grad class project on it.”

I think the name “Field-Programmable Gate Array” gets a whole new ring to it when applied to a satellite in orbit.

August 4, 2021 6:18 AM

Clive Robinson on AirDropped Gun Photo Causes Terrorist Scare :

@ Impossibly Stupid,

And countless other ad hominem attacks against me.

When you stand in front of a fan and throw the brown stuff at it, you realy realy should expect to see some come back at you.

You were the one who “cast the first stone” I think others can see if you were without sin or not…

I suggest what ever the chip is you have on your shoulder you dump it, otherwise when you start things you will get things thrown back at you with a lot more accuracy and thus they will hit the target more often...

August 4, 2021 6:11 AM

Clive Robinson on The European Space Agency Launches Hackable Satellite :

@ MikeD,

<

blockquote>I’d be surprised if they’re using DSPs for their software radio work.

<

blockquote>

You’ld be surprised at “who?”

Have a look at the futuren and games behind “space qualified parts”, noe that realy might surprise you.

But even though,

DSPs underperformed FPGAs in that role all the way back in 2009 when I did a grad class project on it.

When you say “underperformed” you are being very very non specific. And yes before you ask, there are ways DSP chips outperform FPGA’s...

August 4, 2021 5:28 AM

Clive Robinson on The European Space Agency Launches Hackable Satellite :

@ SpaceLifeForm,

It will not exist, but you want to observe it.

You might remember in the past when I’ve tried to explain the fun with leap seconds, few people actually think it’s an issue[1]…

But there is a “Dark side Luke” part of this “it’s not an issue” problem is down to a certain type of accountant wanting “pay back over Y2K” (not sure if they wear black robesor not, but hey what they do in their spare time…)...

August 4, 2021 12:08 AM

Mike D. on The European Space Agency Launches Hackable Satellite :

I’d be surprised if they’re using DSPs for their software radio work. DSPs underperformed FPGAs in that role all the way back in 2009 when I did a grad class project on it. DSPs have to bottleneck everything through a few ALUs and load/store units compared to the huge distributed arrays of hundreds of RAM buffers and multiplier-accumulator blocks on an FPGA.

As for cosmic rays ruining your root of trust or anything else: this stuff is hardened against those kind of events, with overdesign, shielding, redundancy, and runtime checking, at the very least. One FPGA family I use has an option where it constantly runs CRCs on the loaded bit pattern and compares it to the CRC it loaded at startup, and restarts and reconfigures if there’s a mismatch. That works together with the other systems to make sure you’ve got good odds of keeping control of the satellite, and luckily modern networking doesn’t require 100% uptime for stability...

August 3, 2021 10:14 PM

JonKnowsNothing on AirDropped Gun Photo Causes Terrorist Scare :

@All

re: Updated: Guaranteed Bother is Guaranteed

In a recent post I referenced an article about a decorated police officer of the UK Met Police force, who had been reinstated after finding that they had been improperly dismissed after an Un-Viewed Bother File was found on a device.

It seems that some folks are just unwilling to stop Bothering People and the UK Met Police are filing more objections to the Officer’s reinstatement...

August 3, 2021 9:35 PM

R-Squared on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

@ SpaceLifeForm

Recent pic of Mt. Rainier, snow free.

https://www.usgs.gov/news/2018-anchorage-earthquake

https://www.usgs.gov/volcanoes/mount-st-helens/1980-cataclysmic-eruption

The expression “year without a summer” refers either to 1816 when Mt. Tambora erupted or to 1883 when Mt. Krakatoa blew, both in Indonesia. The ash in the stratosphere blotted out the sun all over the earth, and it froze every month of the year even in tropical areas...

August 3, 2021 8:44 PM

Freezing_in_Brazil on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

@ SLF

Just to be clear, there is still old ice, but it is melting fast.

The historical rate of snow deposit no longer exists.

I’ve been watching this unfold for the last twenty years, my dear friend. It’s heartbreaking. In 2012 it was clear where everything would end. The melting rate is huge. I’m afraid we’ll see an ice-free arctic summer in the next few years.

hxxp://nsidc.org/arcticseaicenews/...

August 3, 2021 8:18 PM

Freezing_in_Brazil on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

@ SpaceLifeForm

As you have observed, the Atlantic is very quiet. The Climate Change is disrupting the weather patterns so much, that even the normal Northern Africa thunderstorms are not drifting westward.

No doubt. Pressures are too high where the Inter-tropical Convergence Zone was supposed to be. This is striking to me.

With regard to atmospheric conditions in both North Atlantic and South America [in the context of the climate change], I have observed at least two interesting patterns:...

August 3, 2021 6:04 PM

SpaceLifeForm on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

@ Freezing_in_Brazil

As you have observed, the Atlantic is very quiet. The Climate Change is disrupting the weather patterns so much, that even the normal Northern Africa thunderstorms are not drifting westward.

The TradeWinds are not kicking.

Recent pic of Mt. Rainier, snow free.

hxtps://www.twitter.com/haikudegras/status/1421907699835412482/photo/1

August 3, 2021 4:20 PM

0day yeah right on Paragon: Yet Another Cyberweapons Arms Manufacturer :

“Paragon uses unpatched zero-day exploits in the software to hack messaging apps.”

Maybe Bruce begins to think a little bit and not to use meaningless buzzwords?

First level is vulnerability that nobody knows, only a few government attackers do. How manufacturer can patch it when he don’t even know about it? Where here is a zero day count?

Second level is when info about that vulnerability is public but there’s no patch. Information about that vulnerability can last from 1 day to even a year when they finally release patch. Again, where here is here zero day count?...

August 3, 2021 3:50 PM

SpaceLifeForm on The European Space Agency Launches Hackable Satellite :

Schrödinger leap second

It will not exist, but you want to observe it.

hxtps://berthub.eu/articles/posts/leapseconds-expose-bugs-even-when-they-dont-happen/

hxtps://gitlab.com/gpsd/gpsd/-/issues/144

August 3, 2021 12:39 PM

Clive Robinson on The European Space Agency Launches Hackable Satellite :

@ echo,

Politics and bureaucracy is the game of MEP’s and the Commission.

Along with major fraud, it’s certainly the game of the largely non democratic Commission. Who try to stop the MEP’s actually having any influence or real control over them.

However like project managers should take note of domain experts so should the members of the Commission but they do not.

With regards,

It’s not as easy as it looks and more than one “domain expert” has come unstuck poking their noses into these areas which they may not have experience with...

August 3, 2021 12:29 PM

R-Squared on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

@ Freezing_in_Brazil • July 30, 2021 10:54 PM

@ SpaceLifeForm

> Snow has fallen in Brazil, an extremely rare event for the tropical country. Thanks to an intense cold snap, snow or freezing rain fell in at least 43 Brazilian cities on Wednesday and Thursday, according to weather service Climatempo.

Well I’m still freezing here.

That’s a lot of lip for a Brazilian communist party government weatherman on television. Some lady is “frigid” rolling her eyes at the weather and complaining about a dude blowing smoke in her face at the bus stop...

August 3, 2021 12:21 PM

Paul Brandon on What is a Hacker? :

Have you been looking for who will get the job done? without excuses or unplanned occurrences? Get in touch with Dennis Walker now, the only genuine one I have come across. If you are needing your score increased, BK removal etc then reach him on dennisdfixer at gmail dot com or nine one seven. Seven two two. Six nine one three..

August 3, 2021 12:19 PM

Leon Theremin on Paragon: Yet Another Cyberweapons Arms Manufacturer :

0-days are nothing when all CPUs have hardware implants by design. BadBIOS exists. Security and privacy do not.

Common, Schneier already said that the DoD knows what China is doing with the radio towers. The US military is either complicit or won’t exist for much longer – TikTok being unable to operate makes this obvious.

August 3, 2021 11:28 AM

Fed.up on Paragon: Yet Another Cyberweapons Arms Manufacturer :

The threat isn’t the private companies who are exploiting smart phones. The threat is that smart phones are designed to be exploited. This is a Big Tech “Do as I say, not as I do” moment. Big Tech believes they control the world’s data. This is just another aspect of their censorship. Perhaps if Israel was a Big Tech favored nation, they would be allowed to peek behind the curtain like other nations do...

August 3, 2021 10:57 AM

John Glenn on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

https://worldofmatthew.com/post/tor-german-avoid/
This is an old article…
For the past year I can only connect to a german entry node. Many time the 2nd node and the exit node are also in germany. I’ve also noticed a beacon appearing in the network monitor after searching on duckduckgo. Doing nothing, the beacon happens every 10 seconds or so. If I block or in torrec then I can’t connect to the tor network at all. Is this normal tor behaviour?...

August 3, 2021 10:55 AM

Impossibly Stupid on AirDropped Gun Photo Causes Terrorist Scare :

@Clive Robinson

How about you actually sit down and “think”

I have. Like I said, I see no obvious way to address the problem that wouldn’t escalate into some kind of similar “overreaction”. I assume everyone here is also thinking, including you. Yet no good solutions are forthcoming. In light of that, perhaps the assumption that it was an overreaction is unwarranted.

Well change the word prank to any other word like attack and guess what it’s just as true. ...

August 3, 2021 9:30 AM

echo on The European Space Agency Launches Hackable Satellite :

@Clive

But hey politicians always know better than every one else including domain experts…

Politics and bureaucracy is the game of MEP’s and the Commission. It’s not as easy as it looks and more than one “domain expert” has come unstuck poking their noses into these areas which they may not have experience with. With the EU and other pan European organisations there’s quite a lot going on with priorities and the single market and trade agreements and not everything is a straight line path. I also think you have forgotten the UK is a relatively modest economy with enough of its own problems and without the European initiative it’s likely nothing would have got done...

August 3, 2021 6:30 AM

Clive Robinson on The European Space Agency Launches Hackable Satellite :

@ SpaceLifeForm, JonKnowsNothing, MarkH, Winter, ALL

With regards “Global Navigation Satellite Systems”(GNSS) the way they work is actually very very simple, but… With great simplicity inherently great complexity is close on it’s heals.

Imagine if you will a one pulse per second highly time stable generator at exactly the center of an exactly spherical earth with satelites in exactly circular orbits and lots of people standing around with receivers at very close to sea level on the perfectly circular earth that is not in any way influenced by the Moon, Sun, gas giants or even the effects of sunlight on wind etc…...

August 3, 2021 6:00 AM

URL on Israeli Barrier Around Gaza :

… [Trackback]

[…] There you will find 64833 more Infos: schneier.com/blog/archives/2005/09/israeli_barrier.html […]

August 3, 2021 5:52 AM

echo on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

https://www.theguardian.com/world/2021/aug/03/belarus-exile-group-leader-vitaly-shishov-missing-in-kyiv-police-say

The head of a Kyiv-based non-profit organisation that helps Belarusians fleeing persecution has been found dead in a park in the Ukrainian capital, police have said.

Vitaly Shishov, the head of Belarusian House in Ukraine (BDU), was reported missing by his partner on Monday after he did not return from a run and could not be reached on his mobile phone...

August 3, 2021 5:49 AM

Who? on I Am Parting With My Crypto Library :

@ archive.org

nobody needs a metric tons of paper to keep.

Huh? I have a huge library too, including quite a few unique volumes (e.g. Bell Laboratories Technical Journal’s Unix Time Sharing System, from 1978, and the Unix System, from 1984, lots of CACM issues from the eighties up to ten years ago, including some issues related to the CP/M operating system, technical documentation from the systems I have used when I was young, like the Univac 90/30, and so on). I have more recent books too, like a full TeX and LaTeX library with books from Donald Knuth and Michel Goossens, and the full collection of books about the 4.4BSD operating system from the CSRG at the University of California at Berkeley, including CD-ROMs...

August 3, 2021 4:50 AM

Paul Brandon on Hiring Hackers :

Have you been looking for who will get the job done? without excuses or unplanned occurrences? Get in touch with Dennis Walker now, the only genuine one I have come across. If you are needing your score increased, BK removal etc then reach him on dennisdfixer at gmail dot com or nine one seven. Seven two two. Six nine one three..

August 3, 2021 3:31 AM

ResearcherZero on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

France’s national agency for information systems security (Anssi) identified digital traces of NSO Group’s hacking spyware on the television journalist’s phone and relayed its findings to the Paris public prosecutor’s office, which is overseeing the investigation into possible hacking.

Anssi also found Pegasus on telephones belonging to Lénaïg Bredoux, an investigative journalist at the French investigative website Mediapart, and the site’s director, Edwy Plenel...

August 3, 2021 3:27 AM

Clive Robinson on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

@ SpaceLifeForm, WinterALL,

Competence vs Confidence

At some point in our lives most of us become “over confident” in our abilities. Mainly for one of two reasons,

1, We are not aware of what others are aware of.
2, We chose to ignore what others warn us of.

The first is a very general failing and is unavoidable, even the most informed of us are not omniscient especially when others chose to keep things “secret” for what they see as “advantage reasons”...

August 3, 2021 2:54 AM

SpaceLifeForm on The European Space Agency Launches Hackable Satellite :

@ Clive, JonKnowsNothing, Winter, MarkH, ALL

Bert is a digger. The second link is really fascinating.

hxtps://berthub.eu/articles/posts/state-of-galileo-and-accident/

hxtps://berthub.eu/articles/posts/reverse-engineering-source-code-of-the-biontech-pfizer-vaccine/

August 3, 2021 2:37 AM

bisento on I Am Parting With My Crypto Library :

@Clive Robinson
as a long time reader of this blog I am always eager to scan the comment section for your name. Anecdotes and insights from early radio days to modern encryption problems – you are truly inspirational. I wish you a successful recovery and hope to read from your for many years to come. Have you ever considered writing a book? You should!

August 3, 2021 2:29 AM

Winter on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

@R^2, SLF
“So you had a horse in the race, and it didn’t win.”

Maybe I was not clear. Contrary to Schneier’s Law, I was unable to “create an algorithm that [I myself] can’t break”.

Obviously, I never showed that to anyone.

August 3, 2021 2:16 AM

SpaceLifeForm on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

@ CISAgov

I see a couple of red flags. The second one, that I will not mention here, is obvious if you have been paying attention. (@Clive knows that to which I do not refer to).

hxtps://docs.crossfeed.cyber.dhs.gov/user-guide/product-overview/

hxtps://www.bleepingcomputer.com/news/software/empty-npm-package-has-over-700-000-downloads-heres-why/

August 3, 2021 1:28 AM

R-Squared on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

@ SpaceLifeForm

… as Filippo Valsorda notes, at some point, some devs have to ignore the ‘do not roll your own crypto’ mantra. And they do not need a PHD in crypto. They must be learned, and should seek out review, but they should never give up because they do not have a PHD.

The “tried and true” approach is no guarantee against a scenario of massive universal failure.

Vice is inherent in crypto. Think for a moment most of what people of the male persuasion tend to use crypto to hide...

August 3, 2021 1:21 AM

Clive Robinson on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

@ SpaceLifeForm, Winter,

This is not actually a “do not roll your own argument”.

Read carefully,

“as Filippo Valsorda notes, at some point, some devs have to ignore the ‘do not roll your own crypto’ mantra. And they do not need a PHD in crypto. They must be learned, and should seek out review, but they should never give up because they do not have a PHD.

This is an argument against a “closed shop” much like it is with a “legal profession” such as,...

August 3, 2021 1:07 AM

Clive Robinson on AirDropped Gun Photo Causes Terrorist Scare :

@ Garabaldi,

You claimed incorrectly,

What is the defect in Airdrop you keep talking about? Being able to receive images from a random person?

That is not a defect.

I gave you a real world example of what has, can and may well be used as a malware vector with sending pictures to people in the past.

From the point of view of this discussion and your incorrect assertion of “That is not a defect” it actually is very very definately a security defect wirgout question...

August 3, 2021 12:28 AM

SpaceLifeForm on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

The interesting dilemma of ‘rolling your own crypto’

Competence vs Confidence

Personally, I believe most experienced developers totally realize that crypto is hard. But as Filippo Valsorda notes, at some point, some devs have to ignore the ‘do not roll your own crypto’ mantra. And they do not need a PHD in crypto. They must be learned, and should seek out review, but they should never give up because they do not have a PHD...

August 2, 2021 11:22 PM

Agammamon on The European Space Agency Launches Hackable Satellite :

“We can assume strong encryption, and good key management.”

I don’t really think we can. Neither government nor private agencies have a great record with maintaining security. Hell, our own drones have been sent out on missions with unencrypted datalinks – it took a while before anyone thought to ask ‘hey, can the Taliban listen to us?’

August 2, 2021 8:59 PM

Garabaldi on AirDropped Gun Photo Causes Terrorist Scare :

@Clive

How about when sending you a random image, they in fact activate a zero/no-click malware attack, as has happened with MMS images in the past, is very probably happening right now with NTO or similar, and almost certainly will be happening in the future unless we take steps to stop it…

That’s not what happened here.

In some jurisdictions having physical possession is enough to bring serious legal charges, even if you never look at it, or read it, or considered the topic and would not even have the slightest bit of interest should someone tell you the topic...

August 2, 2021 7:02 PM

echo on The European Space Agency Launches Hackable Satellite :

There’s no mention of it in this article but the UK has done work with variable direction and adjustable footprint spy and communication satellites. Another thing not mentioned in this article as Tory nationalistic bragging gets in the way is that the UK dropped the ball with being a full partner of Airbus. What happened is due to EU solidarity the UK was treated as a “privileged partner” which meant in practice it had the same access to the work as full partners. There is of course no mention of decades of economic mismanagement by the Tories who basically gutted UK industry and left the UK not only with the lowest productivity in Europe but the largest inequality in Europe. Now the UK is a “third country” and behaving in hostile ways?...

August 2, 2021 5:47 PM

SpaceLifeForm on The European Space Agency Launches Hackable Satellite :

I am still waiting for Russia to say that the software had not been changed and that this was a totally unknown, never seen before, bug.

So far, crickets.

https://www.space.com/amp/nauka-module-space-station-tilt-more-serious

After initially thinking the message could perhaps be a mistake, he told The New York Times, he soon realized that it was not and that Nauka was not only firing its thrusters, but that it was trying to actually pull away from the space station that it had just docked with. And he was soon told that the module could only receive direct commands from a ground station in Russia, which the space station wouldn’t pass over for over an hour...

August 2, 2021 4:30 PM

Clive Robinson on The European Space Agency Launches Hackable Satellite :

@ SpaceLifeForm,

I have to assume that scenario was addressed via multiple HSMs and comm channels, but over time, it will eventually fail.

Funny you should say that…

As you might know the EU and ESA have developed their own global positioning system with some very very expensive Swiss clocks…

Well let’s just say back in 2017 the MTTF was one heck of a lot shorter than expexted…

https://spacenews.com/rash-of-galileo-clock-failures-cast-doubt-on-timing-of-upcoming-launches/...

August 2, 2021 3:17 PM

SpaceLifeForm on The European Space Agency Launches Hackable Satellite :

One well-placed Cosmic Ray to the Root-of-Trust and it can become floating space junk.

I have to assume that scenario was addressed via multiple HSMs and comm channels, but over time, it will eventually fail.

So, there is an expected mean lifetime and it was built for the expected project timeframe.

Doing the Starlink approach does provide more redundancy, and more targets, and shorter expected lifetimes, but that does not necessarily reduce the problem for an attacker...

August 2, 2021 1:59 PM

John Doe on The European Space Agency Launches Hackable Satellite :

One satellite? Unless it has a literal death ray or something, why would anyone spend time hacking ONE satellite? Have these folks heard of Starlink? (“Each launch of 60 satellites contains more than 4,000 Linux computers”. There’s 1.5+K of them already, presumably going to 12K. SpaceX’s opsec is probably good, but is it good enough to withstand attacks by China/Russia? I am pretty sure the answer is “no”…)...

August 2, 2021 1:56 PM

JonKnowsNothing on AirDropped Gun Photo Causes Terrorist Scare :

@All

re: Fake, Not Fake, Deep Fake

MSM report of fake video in circulation on some media sites in the last 2 weeks (~07 15 2021 – 07 31 2021).

Fake video purports to show Australian federal police boss plotting to overthrow government

A recording of a man claiming to be Reece Kershaw discussing plans to remove key members of the government has been circulating among conspiracy groups

Fakes can be just as deadly as the Real Thing. Some folks might believe a fake. We have lots of people on the planet who believe in fakes...

August 2, 2021 1:18 PM

Clive Robinson on The European Space Agency Launches Hackable Satellite :

@ Chelloveck,

Sure, we can assume strong encryption, and good key management… but why would we?

It’s a fair question, and the answer is one few like…

Which is,

“You have to asume a root of trust somewhere.”

August 2, 2021 1:13 PM

Clive Robinson on AirDropped Gun Photo Causes Terrorist Scare :

@ Impossibly Stupid,

Clive, you’re being intellectually dishonest.

Oh dear such a statment to make befote dripping into,

It’s not about the picture (and, again, it doesn’t matter if it was an actual gun or not because it was just a picture) or the technology, but about the uncertainty it represents. I mean, for all anyone knew at the time, they could have accidentally stumbled on the communications of hijackers in the act of coordinating their plan. ...

August 2, 2021 11:48 AM

Impossibly Stupid on AirDropped Gun Photo Causes Terrorist Scare :

@AlmostCaught

Can you just please explain how one can hijack a plane with a picture of a gun (let’s assume a real gun rather than a toy)?

Like Clive, you’re being intellectually dishonest. It’s not about the picture (and, again, it doesn’t matter if it was an actual gun or not because it was just a picture) or the technology, but about the uncertainty it represents. I mean, for all anyone knew at the time, they could have accidentally stumbled on the communications of hijackers in the act of coordinating their plan. That is why I continue to ask for, and have yet to receive, a good answer to the question of what the proper response should have been. Putting myself in the place of a passenger or cabin crew, I don’t know how the uncertainty could safely be resolved without escalating it as was done...

August 2, 2021 8:38 AM

Clive Robinson on The European Space Agency Launches Hackable Satellite :

@ Bruce, ALL,

Of course this is hackable:

Nearly all satellites launched this century are software “hackable by design” in oh so many ways you realy would not believe…

However the article you link to is not talking about “software reprograming” as such but “antenna footprint reprograming” and other communications sysytems componentsamoungst other things. It’s about 3.5 thousand kg platform with eight fully definable beams that can be updated in near real time and in theory has the capability to track an individual ship or aircraft...

August 2, 2021 7:37 AM

Winter on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

@echo
“rational from irrational”

It is not “rational” versus “irrational”.

From your article

Going on these results alone, it ironically makes efforts to promote greater trust in science a win-lose situation when it comes to dispelling conspiracy myths and pseudoscience.

Students have to be trained for years to force them to Always go back to the primary source of ANY claim and always check what that primary source actually did say and how she arrived at that claim...

August 2, 2021 7:34 AM

Clive Robinson on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

@ Winter, SpaceLifeForm, ALL,

More on this in Nature:
Covid and the brain

Thanks for the link, my reading is falling a bit behind whilst in hospital, though my own “brain fog” is thankfully lifting, though the cause is not viral or bacterial.

Whilst the article points out a number of possible vectors, it’s very early days which whilst scary for those who live in their minds, it is not exactly unexpected as it’s not a major research area (though growing significantly now dementia is getting rather more publicity than it used to get)...

August 2, 2021 7:31 AM

RE Cognition on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

https://people.com/health/fully-vaccinated-people-made-up-74-percent-infections-massachusetts-covid-outbreak/

“This finding is concerning and was a pivotal discovery leading to CDC’s updated mask recommendation,” CDC Director Dr. Rochelle Walensky said in a statement. “The masking recommendation was updated to ensure the vaccinated public would not unknowingly transmit virus to others, including their unvaccinated or immunocompromised loved ones.”...

August 2, 2021 6:48 AM

Clive Robinson on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

@ Boris,

I’ve done plenty of searching, but I don’t see a lot beyond press-releases or speculation.

You probably never will untill “full disclosure reporting” becomes a legal requirment backed up by unavoidable and substantive jail terms and other direct punitive actions against “directing minds” in organisations.

Thus you would be advised to “play evil” and “think hinky” to work out what you and a sufficiently morivated “Red Team” could do...

August 2, 2021 5:19 AM

Clive Robinson on Friday Squid Blogging: Squid Skin Is Naturally Anti-microbial :

@ SpaceLifeForm,

The degree of deficit was worse the more severe the initial covid infection had been.

Whilst people have suspected a link between viral infection and long term disability for about a century now, the evidence is piling up and thus the view becoming more and more main stream…

For instance Type I diabetes was around three decades ago still considered to be a genetic defect.

Whilst there is a component of being more genetically susceptible, the notion of a “viral trigger” or similar is gaining ground, and you’ld be hard pushed to find a diabetes specialist who could not rationaly discuss it with you these days...

Sidebar photo of Bruce Schneier by Joe MacInnis.