Squid-inspired electronic screens.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Posted on December 9, 2016 at 4:11 PM • 113 Comments
Uncle Joe Stalin • December 9, 2016 4:57 PM
http://www.politico.com/story/2016/12/obama-orders-full-review-of-election-relate-hacking-232419
Obama to order "report" on election hacking. An echo of the manipulated "intelligence reports" about Iraq WMD with Bush-Cheney or slow news day? It looks like we are about to go to war against Wikileaks, Russia, China. Then the government will blame "faulty intelligence" again when it goes inevitably pear shaped as we waste our national resources making the rich richer by war.
Ronnie • December 9, 2016 5:16 PM
PoI: The Machine or Samaritan
IBM Watson to fight cybercrime
https://www.wired.com/2016/12/ibm-watson-for-cybersecurity-beta/
Starting today, 40 organizations will rely upon the clever computers cognitive power to help spot cybercrime. The Watson for Cybersecurity beta program helps IBM too, because Watson’s real-world experience will help it hone its skills and work within specific industries. After all, the threats that keep security experts at Sun Life Financial up at night differ from those that spook the cybersleuths at University of New Brunswick.
Watson isn’t starting from scratch here. IBM researchers started training Watson in the fundamentals of cybersecurity last spring so the computer could begin to analysize and prevent threats. Now it graduates to real-world situations to further hone its skills. Think of it as the world’s smartest intern.
Peter Thiel’s Vision • December 9, 2016 6:29 PM
Peter Thiel, PayPal founder claims to care about individual privacy and freedom. Obviously this is why he invested in Facebook in 2004. He also founded top-secret Palantir who today, has unparalleled access to millions of the the most sensitive personal databases.
Thiel Quotes:
Instead of the United Nations, filled with interminable and inconclusive parliamentary debates that resemble Shakespearean tales told by idiots, we should consider Echelon, the secret coordination of the world's intelligence services, as the decisive path to a truly global pax America," Thiel wrote.
In a world of nuclear weapons, facing the scale of terrorism seen on 9/11 or worse, true liberal thinkers must act forcefully to spread their values and stave off existential risks, Thiel argued.
http://www.businessinsider.com/peter-thiel-is-trying-to-save-the-world-2016-12
In the mass of bickering idiots Mr Thiel stood alone having a clear vision of the future, somehow knowing Mr Trump would likely become President. His speech at the Republican National Convention put him on a pedestal with both Mr Trump and the nation. Now is the time to dramatically change the nation and World.
Souless Clueless Leaders
Since the election New York Times executive editor reflects: 'We don't get religion'. (Mr Thiel and Mr Trunmp do!)
http://www.businessinsider.com/new-york-times-editor-religion-dean-baquet-2016-12
Peter Thiel gave Mitt Romney some prescient advice in 2012 — and was ignored. In comparison The Donald laid it on ‘thick and heavy’ and won.
http://www.businessinsider.com/peter-thiel-gave-mitt-romney-advice-2016-12
Cast Aside
But in the weeks since the election grass roots citizens supporters are no longer needed. Populism is already the first casualty.
So too are American national-security leaders and agencies. Why? Ask Peter:
“But I have a slightly different cut on the Snowden revelations. I think it shows the NSA more as the Keystone Cops than as Big Brother. What is striking to me is how little James Bond-like stuff was going on and how little they did with all this information. That's why I think, in some ways, the NSA is more in this anti-technological zone where they don't know what to do with the data they find. So they just hoover up all the data, all over the world.
One way to think about this is that if the NSA bureaucracy actually knew what they were doing, they would probably need way less information. What's shocking about Snowden is how much information they had and how little they did with it.”
http://www.vox.com/2014/11/14/7213833/peter-thiel-palantir-paypal
Theological Doctrine Requires Both Military Force & Mass Surveillance
Quote:
We now have three of the four top national and domestic security agencies of the government under the management of recently retired generals. (One might reasonably change the number to five if considered the DOJ which houses the FBI.) We could have a fourth if President-elect Trump chooses David Petraeus as Secretary of State
http://talkingpointsmemo.com/edblog/this-is-not-normal
Peter Thiel is well versed in the Bible and uses it as a foundation for his plan to transform the hapless jealous, bickering souls into a new world order. His mature weapons of mass surveillance and the appointment of no-bullshit commanding generals leave no-stone unturned for the ‘undemocratic use of force’.
True believers ‘of good’ are taught NOT to be fooled. The feigned caring about privacy and freedom are red herrings.
Its easy to predict strong encryption will soon be outlawed just as in England. The currently ignored intelligence services will be retasked inwardly, which, could be argued was always the long-term goal.
Pretty exciting times?
65535 • December 9, 2016 6:34 PM
@ Uncle Joe Stalin
‘…deputy press secretary Eric Schultz… briefing."This will be a review that is broad and deep at the same time," …The announcement follows repeated demands from congressional Democrats for more information about the digital assault that destabilized the Democratic Party and Hillary Clinton's campaign through much of the election. Schultz insisted the review was "unrelated" to these requests… At a Friday morning event, Lisa Monaco, Obama’s counterterrorism and homeland security adviser, explained that the country had "crossed into a new threshold."’-politico
http://www.politico.com/story/2016/12/obama-orders-full-review-of-election-relate-hacking-232419
It’s looks like we have thrown a spanner in Trump victory… or have we?
I don’t pretend to know in the mechanic of the Electoral College but, I do know an 11th hour big shot political maneuver to pull the levers behind the curtain.
This is bombshell delivered on a Friday in the States. That means the public cannot contact their political representatives until Monday [or working days] to get official Senate or House action [maybe twitter, or gov email but the latter will probably not be read until Monday].
The Obama "Bomb shell" may indeed delay the electoral college votes in the swing states that Trump won. It looks like those swing states electors must certify the Presidential results by approximately December 13, 2016.
‘December 13, 2016'
“States must make final decisions in any controversies over the appointment of their electors at least six days before the meeting of the Electors. This is so their electoral votes will be presumed valid when presented to Congress.
“Decisions by states’ courts are conclusive, if decided under laws enacted before Election Day.” –archives dot gov
https://www.archives.gov/federal-register/electoral-college/key-dates.html
[The swing state issue Wikipedia]
"According to this criticism, the electoral college encourages political campaigners to focus on a few so-called "swing states" while ignoring the rest of the country. Populous states in which pre-election poll results show no clear favorite are inundated with campaign visits, saturation television advertising, get-out-the-vote efforts by party organizers and debates, while "four out of five" voters in the national election are "absolutely ignored", according to one assessment. Since most states use a winner-takes-all arrangement in which the candidate with the most votes in that state receives all of the state's electoral votes, there is a clear incentive to focus almost exclusively on only a few key undecided states; in recent elections, these states have included Pennsylvania, Ohio, and Florida in 2004 and 2008, and also Colorado in 2012. In contrast, states with large populations such as California, Texas, and New York, have in recent elections been considered "safe" for a particular party – Democratic for California and New York and Republican for Texas – and therefore campaigns spend less time and money there. Many small states are also considered to be "safe" for one of the two political parties and are also generally ignored by campaigners: of the 13 smallest states, six are reliably Democratic, six are reliably Republican, and only New Hampshire is considered as a swing state, according to critic George C. Edwards III. In the 2008 election, campaigns did not mount nationwide efforts but rather focused on select states."
"Discouragement of turnout ...Except in closely fought swing states, voter turnout is largely insignificant due to entrenched political party domination in most states. The Electoral College decreases the advantage a political party or campaign might gain for encouraging voters to turn out, except in those swing states.[111] If the presidential election were decided by a national popular vote, in contrast, campaigns and parties would have a strong incentive to work to increase turnout everywhere."-wikipedia
See Contemporary issues => Exclusive focus on large swing states"
https://en.wikipedia.org/wiki/Electoral_College_(United_States)#Contemporary_issues
[or]
https://en.wikipedia.org/wiki/Swing_state
[And]
https://en.wikipedia.org/wiki/Electoral_College_(United_States)
Although I am sorry to have enabled the Spy Agency Increasing President Obama, I wonder if we have clogged the gears of the Trump election. What are the chances we have done so? Any odds makers out there?
SoWhatDidYouExpect • December 9, 2016 6:39 PM
Exciting times???
This is potentially a time when the masses become the downtrodden, as in the "good old days" from the early half of the last century.
The real question is where will the money come from when only the rich & powerful have all the money? There won't be any incomes from the masses on which to collect taxes to pay off the rich and powerful.
Like the data collection law in the UK, there will be an extensive "don't collect on me" list written into regulations. And your means of privacy and protection will be taken away.
Her FATNess • December 9, 2016 6:45 PM
Researchers Find Fresh Fodder for IoT Attack Cannons
https://krebsonsecurity.com/2016/12/researchers-find-fresh-fodder-for-iot-attack-cannons/
Trump's Drool • December 9, 2016 7:37 PM
https://twitter.com/bradheath/status/807239727879438336
What good does it do to use passwords? None, court rules, unless the computer is encrypted.
Liberty • December 9, 2016 7:40 PM
As of this writing, all currently manufactured, low- to mid-range and higher x86 devices, with the exception of two obsolete AMD CPUs, incorporate a security processor that is cryptographically signed, updateable, unauditable, and for which no source code or documentation has been made public. Worse, these security processors must load and continually execute this signed firmware for the system to either be brought online (AMD) or for it to remain operational (Intel). Intel calls this technology the “Management Engine” (ME), and ships a network-enabled firmware stack for the custom OS running on the dedicated ME CPU, while AMD calls it the “Platform Security Processor” (PSP), and won’t even release the x86 cores from reset until the PSP has been started from its signed firmware blob. AMD has also incorporated the PSP into its ARM CPUs, rendering them useless for libre hardware. On the low end, some unlocked ARM devices are available, but either their I/O options are severely lacking or they are not designed for general purpose computing in the first place, rendering performance even worse than expected when used in this role. RISC-V is behind even ARM in terms of maturity with no shipping general-purpose silicon or public, reproducible benchmark data at this time. ARM-based libre systems may allow libre computing to survive in some form as a retrocomputing hobby, but they will not allow libre computing to retain its dominant role in shaping the modern software world that we have all not only grown so accustomed to, but have benefited greatly from.-- https://www.crowdsupply.com/raptor-computing-systems/talos-secure-workstation/updates/a-word-on-lockdown
Until such evil ends all programmers should go on strike indefinitely.
If the GCHQ/NSA insist on serving all companies with NSL gag orders that prevent people from owning their own computers, and the legal system has completely failed, then the only option left is to start bombing the spooks.
Jonathan Wilson • December 9, 2016 9:46 PM
What about things like the Samsung Exynos? Nvidia Tegra? Qualcomm Snapdragon? TI OMAP? Freescale i.MX? Any of those that are free enough to work? Or do those all have hidden code that the manufacturer of the device using the SoC cant audit or change like the Intel and AMD parts do?
WhiskersInMenlo • December 9, 2016 10:33 PM
The NYT no less. No less no more.
"Foes of Russia Say Child Pornography Is Planted to Ruin Them"
http://www.nytimes.com/2016/12/09/world/europe/vladimir-putin-russia-fake-news-hacking-cybersecurity.html
The risk of nations hoarding and keeping secret system exploits makes this bit
of paranoia far too possible. The risk need not be just from "Russia"...
Clean laptop ignore updates like grand ma does. Visit a coffee shop....
Start with a google search for "george carlin words" follow random links and then plan to toss your laptop if you wish to run for political office.
davidh • December 9, 2016 11:00 PM
Re: Intel management engine
Here is someone on a web site recommending that an external server be used to disable the management engine.
https://software.intel.com/en-us/forums/intel-business-client-software-development/topic/563988
Hmmmm... seems like a wide open vulnerability.
Thoth • December 9, 2016 11:11 PM
@Clive Robinson
Remember I spoke about the rotten industry of advertising and the unscrupulous milking of the ads-cow ?
ABP which has a prefential treatment model hauled to court for adblocking. I guess those who hauled ABP had no cash for prefential treatment but have cash for lawsuits. What an irony.
Link: http://arstechnica.com/tech-policy/2016/12/german-judges-explain-why-adblock-plus-is-legal/
davidh • December 9, 2016 11:30 PM
Re: Intel management engine
one venturesome soul has found a way to erase block 0 of the M.E. firmware.
it seems to be a way to neutralize the management engine.
https://github.com/corna/me_cleaner/blob/master/me_cleaner.py
Thoth • December 9, 2016 11:37 PM
@davidh
Any thoughts of a possibility of hidden firmwares and ROM codes which erasing block 0 might not be sufficient ?
@Nick P
How about moving away from Intel and AMD x86 or even ARM and move to PowerPC or something that is not so commonly found on the market for consumer electronics to build a secure computing node ?
r • December 10, 2016 12:01 AM
@Thoth,
https://netbsd.org/releases/formal-7/NetBSD-7.0.2.html#system-families
But, if it can be written...
AndyF • December 10, 2016 12:57 AM
Looks like PWC wrote some audit software to check SAP configs for their clients. Unfortunately it appears that the software has at least one horrible security hole which leaves the SAP system insecure.
A company investigated and reported it to PWC who promptly arranged for a cease and desist letter from their lawyers. This will not endear them to the security world and I expect that, now it has gone public, several PWC clients will be taking an interest too.
http://www.theregister.co.uk/2016/12/09/fatal_flaw_in_pricewaterhousecoopers_sap_software/
My Info • December 10, 2016 6:01 AM
RUSSIANS HACKED THE ELECTION?utm_term=.4c5d0e1bd42b
In addition, any GOP effort to dig into the matter risks antagonizing the president-elect, who has said flatly that he doesn’t believe Russia interfered with the election, despite receiving intelligence briefings to the contrary. And he's proved more than willing to go after fellow Republicans who run afoul of him.
On the other hand, if Republicans play down the issue, they risk giving a pass to an antagonistic foreign power that significant majorities of Americans and members of Congress do not trust and which, if the evidence is accurate, wields significant power to wage successful cyberwarfare with the United States.
I do know Vladimir Putin was rooting for Donald Trump as POTUS. I do not know what Donald Trump does for Vladimir Putin.
We have already discussed the matter of bizarre Russian Revolution-era Jewish-themed dystopian literature.
Tin Mann • December 10, 2016 8:52 AM
Rule 41 passed without a raised eyebrow from Congress, Democrat or Republican. It allows various government agents to search millions of electronic devices on one warrant, anywhere in the world using the same exploits as cyber criminals. Secretly. No knock.
The drumbeat to make encryption illegal gets louder particularly in the USA and GB.
("Trump’s CIA Director Pick Thinks Using Encryption ‘May Itself Be A Red Flag’")
Cyber World War I is declared by the CIA because: The Russians hacked the election.
Blood and Guts Generals appointed to high level former civilian posts.
Big name social media, advertising and software corporations announce they will dial up electronic surveillance and rusty hatchet censorship to fight something called "fake news".
Most people don't care. Those who do are branded tinfoil-hatters.
Thoth • December 10, 2016 9:10 AM
@Tin Mann
The stupidity of Western country governments are endless and always full of "Fun and Surprises".
If they are thinking that encryption is bad, then it's best to make more formidable encryption more widespread (i.e. NaCL) to a point it is the norm.
Anura • December 10, 2016 10:33 AM
@Tim Mann
Without an eyebrow? It raised three eyebrows: Ron Wyden, D-Ore., Chris Coons, D-Del., and Steve Daines, R-Mont.
So there you go, three eyebrows.
Doublethink • December 10, 2016 11:41 AM
@Whiskers in Menlo, thanks for the entertaining CIA propaganda that projects a standard CIA smear tactic onto Russian devils. Ask Matt DeHart and Julian Assange how awful it is when spooks try to brand you as a pedo for exposing state crime.
@My Info, what evidence convinced you that Putin is "rooting for" one candidate? And what does Putin care which figurehead he poses with in photos? Putin knows, as you surely do, that the President is a CIA puppet, manipulated by CIA 'focal points' in the executive, intimidated and menaced if he steps out of line.
Tin Mann • December 10, 2016 11:49 AM
@Thoth
My view is time is running out. Idiot proof encryption needs polish and major promotion, and yes, with plenty of salt.
@Anura
Of course I was aware of Wyden and friends, but that's 3 out of 465. Not hardly an eyebrow in my view. I suppose the lesson is, advocating a private and secure internet will be a thankless and likely unproductive pursuit in the foreseeable future.
Unless....?
@Doublethink
It used to be CIA was the Presidents personal army, specializing in dirty tricks and destabilizing unsavory governments. BUT, these days, of course, it's true, the Prez works for the CIA on whatever their dirty agenda du jour might be.
Winter • December 10, 2016 12:19 PM
It has crossed my mind that the GOP could simply impeach Trump and then have Pence as their president unelect. Pence is a marginal nobody that is very easy to control by a congress where he has few friends.
My suspicions are raised by the fact that there are no Republicans of name that appear in Trump's team. Except Priebus who has no clout at all. It seems few Republicans think being connected to this president will be a future career asset.
Alex • December 10, 2016 12:21 PM
For a long time, one of the main talking points among pro-crypto people is that government pressure on tech companies to build systems and services that are open to surveillance has led us to a world in which all of our systems are less secure.
It's common to say that if you build something that allows our government in, other people will be able to get in a well.
Now we find ourselves in a moment when the inability of political organizations to secure their systems is very much central to what's happening politically. Here in the US, we seem to be heading into the most severe political crisis of my lifetime, and the crisis might have been provoked in party by security problems.
But most of the security people I read are confining their comments to very narrow and focused statements about specific technical aspects of what's going on -- what we know about how a certain type of voting machine might be hacked, for example.
I've been surprised that there isn't more of a full throated cry for more fundamental technical changes in our systems that might make them easier to secure.
NOYB • December 10, 2016 12:34 PM
Does anyone know anything about this company?
https://encrochatsure.com/buy-encrochat/
Lot's of babble, but no button where one can actually buy the damn thing :(
(sigh) It seems no one does vaporware more competently than secure telephone vendors.
Still waiting and waiting for our Jackpairs. Have pretty much resigned myself to the fact they are vapor too.
Well,
If this isn't improper.
I never was much of a plant person.
Btw,
https://linux.slashdot.org/story/16/12/10/0152244/5-year-old-critical-linux-vulnerability-patched
Linux priv esc through a race condition with af_packet.
Bait and switch with a kernel object apparently.
Still feel safe in an insecure environment?
CallMeLateForSupper • December 10, 2016 2:46 PM
@Liberty
"...only option left is to start bombing the spooks."
You did mean to say "love-bombing", right? RIGHT??
65535 • December 10, 2016 3:35 PM
@ Tin Mann, Thoth, Anura and others
Rule 41 Mass Virus Spying looks to have passed as of December 1. 2016
“If Congress doesn’t act soon, federal investigators will have access to new, sweeping hacking powers due to a rule change set to go into effect on Dec. 1.”
https://www.eff.org/deeplinks/2016/11/give-congress-time-debate-new-government-hacking-rule
So it looks as if the Mass Virus Spying operation is now underway with little controls.
[And see the struggle by the EFF]
https://www.eff.org/deeplinks/2016/06/we-made-message-loud-and-clear-stop-rule-41-updates
[Not too late to take action]
“It’s not too late to debate—or even reverse—the update to federal rules governing search warrants, which now lets investigators use one warrant to search an untold number of computers across the world. We’ve long called for Congress to get involved in the Justice Department’s push to change Rule 41 of the Federal Rules of Criminal Procedure, and we're not alone. Tens of thousands of people joined EFF in speaking out against the rule change. Members of the tech industry—including Google, Brave, the i2coalition, PayPal, SpiderOak and Reform Government Surveillance—and civil liberties groups like the ACLU, the Tor Project, Access Now and the New America Foundation's Open Technology Institute joined us in asking Congress to take the time to consider the rule change. And some lawmakers on the Hill, including Sens. Ron Wyden, Chris Coons, Mike Lee, and Steve Daines as well as Rep. Ted Poe, pushed for a delay through legislation…”
https://www.eff.org/deeplinks/2016/12/fight-over-government-hacking-continues
The EFF and Sen. Wyden fought the automatic rule 41 change. But, it did go into effect. Sure, the EFF is still fighting but we need more support.
The big question is whether Rule 41 Mass Virus Spying will be rejected by the rest of the modern world such as the EU – or will Rule 41 Mass Virus Spying serve as Good to Do signal to the rest of the world? It seem every nation is weaponizing the internet, phone, and radio waves for their gain.
One more thought, where does the US based anti-virus makers stand on this issue – or do they just sit on their hands [because of NSL]?
@ r
“If this isn't improper.”
It is not proper, I suspect that those $1,000,000,000 club DEA snitches never paid a dime of US federal and state income tax on those gains. They would blow their cover and their million dollar DEA compensations. I hope the IRS is listening.
[The economist]
“The best-compensated of these appears to have been a parcel company employee who received more than $1 million from the DEA over five years. One airline worker, meanwhile, received $617,676 from 2012 to 2015 for tips that led to confiscations. But the DEA itself profited much more from the program. That well-paid informant got only about 12% of the amount the agency seized as a result of the his tips”- The Economist
http://www.economist.com/blogs/gulliver/2016/12/snoop-case
“The DEA had paid out $237 million to over 9,000 informants over five years towards the end of 2015, according to the report. The Economist writes that "travelers no doubt paid the price in increased searches," adding that the resulting searches were all probably illegal.” -Slashdot
[And the actual justice gov report has many more eye popping DEA bribe figures]
“Between October 1, 2010, and September 30, 2015, the DEA had over 18,000 active confidential sources assigned to its domestic offices, with over 9,000 of those sources receiving approximately $237 million in payments for information or services they provided to the DEA.”- Justice gov Executive Summary
https://oig.justice.gov/reports/2016/a1633.pdf
It is just wonderful to see the DEA bribing civilian workers at choke points to snitch on supposedly dastardly “drug dealers” and perpetuate the “War on Drugs” for an other 100 years - much to the DEA’s enrichment. /
JF • December 10, 2016 3:50 PM
It would be useful to see an extensive linguistic analysis of comments made on the websites of the various local media outlets in the states as the primaries proceeded, over the months leading up to the conventions. I bet it would be possible to see who might have been using multiple screen names and ginning up enthusiasm for one candidate and tearing down others.
If time stamp data were available, it might even be possible to determine who was working a shift. Perhaps even what the talking points were on any given day.
Not to forget social media.
My Info • December 10, 2016 4:02 PM
@Doublethink
I believe (and have believed since long before the election) that Putin supported Trump.
I also believe that Clinton might have won had Putin not interfered with ("hacked") the election.
I do not necessarily believe that Trump's presidency will be of significant assistance to any of Putin's strategic goals which are opposed to those of the U.S.
CIA puppet? Trump is not lightly to be taken as a fool, nor is he likely spoon-bending fodder. Let's nix that idea.
ab praeceptis • December 10, 2016 4:57 PM
A message to the us-americans debating election-related:
Put yourselves into the skin of mighty people, of those who used to (and possibly still) really steer your country.
Then look at the debates here. And that's about the intellectual upper-class of us-americans debating here. There are many much worse.
Now, ask yourself a simple question: "Would I, given I were one of the 0.1%, and given I were somehow out of kind and honestly interested in what the 99.9% think and want, would I and how long would I follow that path - and how soon would I return to the old path of "don't care about the masses. Keep them stupid, use and abuse them to your liking and punish them hard if they are not obedient!'?"
Pardon my french but I've read damn enough self-important idiotic crap here to tell you the real problem: YOU. You are the real problem. The 0.1% don't hold the power and use and abuse it to their liking because they are so intelligent or rich or whatever. Nope. They hold the power because the masses in the western world have become stupid, egocentrical, coreless blabbering idiot-bots.
Most of you/us do not even command of enough self-discipline and reasoning to understand the situation we're in. Most of you/us stay on the lowest most primitive level of perceiving and acting as if elections and the presidency were some kind of gladiator-games between two teams most of us having a clear position on one side.
If I were one of the 0.1% I'd tell you "What are you complaining about? After all we arranged a quite nice and exciting show for you and you seem to be quite taken by it. On a more serious note I could not possibly, no matter the good will I might have, allow the system to be run by you. You are hardly demonstrating what's needed to run a small town. Actually you are so excessively incapable that you do not even understand that you don't understand what's really going on or how it's played."
They offered you a nice fairy tale ("democracy") and you took it, hook, line, and sinker.
Let me close with a simple but important question: Assumed that there existed and would be implemented a perfect election system; non hackable, perfectly just, etc, etc.
Would we then live in a better world? Really?
Let me give you two hints:
a) the light bulb or the diesel engine were not invented by elections in a large convention.
b) The larger a group gets the stupider and easier to manipulate it gets.
Oh and btw: It's not Putin who manipulated your elections. Didn't you hear about the "research" that Putin is dead and that the russkies (possibly using the tens of billions of $ he amassed in his many palaces) created lots and lots of Putin-Clones? Maybe Trump didn't even need to be manipulated because he is a Putin clone anyway (them tricky russkies, threw you off track by giving him a weird hair-do). So what? They did that only because clinton is a reptiloid, probably from Mars. But don't you worry, as soon as the jesuits have won the war against the nazis in Antarctica they will take their flying discs and save us all (unless the creepy aliens in the tunnels come out to eat us all).
Uncle Joe Stalin • December 10, 2016 5:22 PM
WashPo and Politico harden up Fake News Rooski election hack story with "secret" report to be given Obama before Jan 20,2017. Just like Joe McCarthy and Gilbert and Sullivan's Ko-Ko, Obama has a "little list".
So goes the "technical" details of the "security" of elections that worries Bruce so much, no real news about vote suppression, spoiled ballots, local election contractors hacking for cash or the rest of our regular fraud, just secret reports with no proof. Another curveball thrown by the CIA.
Snowden #937876354597 • December 10, 2016 5:36 PM
Hey, think I'll write a Lawfare Article using that handy Mad Libs thing!
[Words words words] ____________ is a national security issue and a threat to our Democracy. [Words words]
Hm. Hmm... Ooh, I know,
Fabricated CIA hacking accusations is a national security issue and a threat to our Democracy.
What I don't get is, How come CIA didn't just shoot Trump like they shot JFK and RFK and Wallace and Reagan? How come they didn't just blow him out of the sky like they did to Wellstone and Hale Boggs and Dag Hammarschold?
Are they ascared? Are they having trouble killing whoever they want and getting away with it? Maybe CIA's a little bit afraid that they're not gonna get away with the crime against humanity of systematic and widespread torture, after bombing the Murrah building and then bombing WTC and doing 9/11 and the Boston Marathon bombing and all the time running drugs from their war zones. Are they getting nervous about their infosec, Maybe? Hmmm?
Uh, oh, Alfreda Francis got her tit caught in the wringer!
r. Monger • December 10, 2016 5:44 PM
Are you kidding me?
The hand behind the funding of you trolls hasn't dried up yet?
Where's a predator drone when you need 3-4 of them.
What's ultra funny, zerohedge doesn't make enough money running their own networks they have to come over here to drum up additional support.
Mr. Durdin would be embarrassed by you.
HIS name, is Robert Paulson.
This whole thing,
has been nothing more than a schoolyard,,,
"I am rubber you are glue, everything I say bounces off of me and sticks to you."
Every news article,
Every opinion,
Every thing is being twisted back around.
There's a psychological condition that would apply if this was a single individual but it seems to be more of a narrative for how far and wide it's shared.
And I'm sure, that'll just get twisted right back around on myself too right hens?
65535 • December 10, 2016 6:19 PM
65535’s error
1 billion or 1 million in rule 41/Dea post?
No, it is supposed to be 1,000,000 or one million.
I was thinking about the approximately 1 Billion dollars Hillary spent on her unsuccessful campaign and how her supporters were hurt in the process. Sorry for the error.
Yes the DEA is playing a dirty game with paid citizens snitching on each other [possibly to attack competitors while collecting a reward].
Maxwell's Daemon • December 10, 2016 9:02 PM
@ab praeceptis
Funny, that was exactly the point I was making to a group of 99.9% that I live with. All "people of color." Bread and circuses. What's hilarious was that I was reading the Economist at that time and they really don't "seem" to have a clue either.
BTW, I've been following the discussions on formal verification avidly even if this is my first post. My computer geek/engineer aspect was always concerned about things blowing up and/or people getting killed as a result of my code. I put a ton of effort trying to prevent that. So, thanks! The descriptions of tooling were most enlightening.
@the_usual_suspects
What I find concerning about Rule 41 and the FBI is that they demonstrated they are quite willing to seize and operate a hidden service (TOR) child pornography site. Given that Russia is, supposedly, planting child porn on anti-russian activists computers, ... well it's not like anyone has to suggest this to them. It's time to be observant of what might end up on one's computers. Especially on SSD's. Forensic recovery on them is still an art, but not an totally unknown art.
Speaking only of myself, they already know who I am. Nuclear security clearances aren't that common. One phone call and I'm back in uniform to do with as they please.
Daniela Caruso • December 10, 2016 9:15 PM
@ Dark Flying Thing w/
> Out.
This. Yes, more of this please.
Although, based on everything else you wrote you seem like more an 'over and out' type of guy
Daniela Caruso • December 10, 2016 9:30 PM
@ All
@ Nick P, @ Ab Praeceptis @ Thoth @ Clive Robinson all say TOR is dangerous to use.
There are plenty of really smart people here but the above 4 are the more recently most regular here and clearest in their intelligence and ingenuity.
So. If they say Tor is unsafe to use I am going to believe them. Because they have proved their worth and their cred with literally every single post over a long time.
I just have two questions for the fab 4 above, if you care to answer
What situations would you consider Tor uniquely an asset and 'okay enough, enough' to use?
Circumventing censorship is the one thing that comes to mind.
Secondly : Recall Ed Snowden referring to the 'Tor Stinks' power point presentation in his release? In which NSA considered Tor 'catastrophic' for decryption/interception?
And Ed also said using encryption + Tor proved secure enough for him to send his data?
Would you say this facts stand as of 2013 but not now? I am going to second guess and say no because things were just as bad back then. What's your take on that - surely Ed is bright enough to understand the real and serious vulnerabilities with Tor in the ways you Fab Four do. But at least was - and as recently as a Tor fundrasing last year - still is cool with TOR.
I am a newbie and asking you straight because I trust your take - genuine sincere honest enquiry here
Thanks for your time
ab praeceptis • December 10, 2016 10:11 PM
Maxwell's Daemon
"formal verification ... enlightening"
My pleasure. I mean it. The more of us there are who *really* care about creating safe software, the safer we are all. If I, as it seems, could help you in any way in that endeavour than all the typing (attempt at pun, haha) was good for something.
As for the other matter: What drives me mad is that they (>>90% of the 99.9%) don't even pass the first gate of reasoning. That whole elections debate is meaningless if the premise is wrong - and exactly that seems to be the case. I'm talking about the "democracy" premise.
If our kid were seriously ill, would we walk downtown and poll some 100 people on how to treat the kid? Or maybe even on who of some arbitrary people should perform surgery on our kid?
Hell, we wouldn't even consider that an acceptable approach if it was just our car that was broken.
Short: We look for and demand certain qualities - plus - we want that qualification to be serious and checked by some authority or at the very minimum by excellent reputation.
But with our countries we deem it fine to make a mega poll (elections), well noted with candidates *not* selected by us, on who should run it? Spock might call that "fascinating"; I call it simply braindead.
The magic is simple: Tell some million idiots a fairy tale about their immense significance when chosing between red and blue every 4 years and make an insanely big show out of it - and they will fall for it.
After all, the dumber the derp the more he will be ready to buy the "your vote counts!" story.
I'm bewildered how mercilessly stupid people are. They verify absolutely nothing. "Your vote counts!" - they not only don't verify that but, worse, they are pissed off when I ask them to stop ranting and to think about how to make "your vote counts" at least a little more realistic.
Next, I see a serial mass murder talking as if they were nicer than granny. clinton is exactly that. Provably. Plus a serial liar. Provably. Plus she doesn't care sh*t if us-american soldiers or ambassadors die. Provably.
This is not a question of pro or anti clinton or Trump. In any country with a minimum of lawfulness and civilization clinton would be in jail; simple as that (and so would quite some others from both parties).
Yet, there is an endless stream of us-americans who behave as if the usa could hardly continue to exist without clinton being president.
Idiots. Braindead derp idiots all over the place. Btw, it isn't much better in europe. It seems that mankind needed 3000 years to reach an intellectual and civilization peak but just some decades back towards being apes.
Thoth • December 10, 2016 10:19 PM
@all
Cloudflare's "crypto engineer" rants about GPG/PGP. Compares email encryption (GPG/PGP) against IM encryption. Comparing apples and durians ... well done Cloudflare guy :) .
Does people ever have any idea what they are comparing (IM Crypto vs. Email Crypto) where IMs are mostly short lived messages while emails are long lives messages that maybe archived. Emails are possibly archived in corporates for data retention for audits and all that. Different cryptos are designed differently and the rants simply don't match up for their use cases where IMs (short-lived messages that may not need archiving) are compared to emails (long-lived messaages that may need archiving).
Try sending 3000 word sentences (imagine organisational reports) designed for emails via IMs :) . It do be fun breaking the 3000 word sentences into so many IM messages until your hand hurts.
Now that Signal app have become a cure-all, I wouldn't be surprised that the powers that be might want to or may already have polluted the App Store distribution to have NOBUS access sooner or later since most smartphones relies heavily on some form of App Store model these days (especially Apple's iPhones).
Oh and the person who ranted in the said post is helping to design TLS 1.3. Hmmm ........
In the end, it's another of those rants that do not have a proper comparison nor some form of constructive improvement for the said category of communication that requires security. No efforts whatsoever other than GPG bashing.
Of course GPG have it's flaws and I do agree that it is problematic. Instead of sitting in front of my computer and type a rant, I am working on GroggyBox that I have designed to try and clean up the GUI problem which GPG had made a mess of and also to make GPG less susceptible to metadata leaking over emails during my limited free time on weekends.
Summary ? Compare correctly and move the hands and work more besides just ranting.
Link: http://arstechnica.com/security/2016/12/op-ed-im-giving-up-on-pgp/
ab praeceptis • December 10, 2016 10:37 PM
Daniela Caruso
First of all, with most issues, and certainly in the field of security, it's always a deal and nothing comes free.
To offer an example: Even if, assumed, tor were secure, you'd pay a price. For one in speed plus, more importantly, in risking to create suspicion.
My usual first advice is "*Against what* do want to defend/be secure?". Another very important point is that the playground isn't static. Example: To defend against too curious neighbours or colleagues, even lousy encryption is good; chances are that even, say, old DES would be more than secure enough. That might quickly change, however, if, say, tomorrow the fbi believed you might be a terrorist.
The ugly part very many don't see is that crossing over a certain level of (simple) security, one quite probably wakes up "sleeping dogs" and has people ofa very different caliber enter the game.
IMO this is one of the ugliest properties of tor. It paints "suspicious" on your forehead (in the eyes of many agencies) and at the same time next to certainly fails to protect you against that kind of adversaries.
As for Snowden and tor my opinion is this: Probably Snowden is a nice human being and almost certainly he had access to lots of security related material - but that doesn't make him an ITsec expert. From what I know he quite probably is not.
If I wanted to know about dirty things the nsa did, I would ask him; if I wanted to know about OpSec in agencies, I'd ask him. If I wanted to know, however, about the security of algorithms or protocols I would not ask him.
Finally YOU are a decisive factor. It's like with a knife. Don't bring one along in a bad neighbourhood unless you master that art. If a bad guy sees you with a knife you find yourself in a severely escalated situation.
If you are a windows user whose expertise allows him/her to click-install tor, stay away. If you are an experienced user with solid security know you won't need (nor like) it.
In other words: Stay within your league and avoid the middle ground.
I'd suggest to look into PGP. That's relatively good security and relatively easy to use (My tax guy learned it in an hour or so (with a little help)). That allows you to encrypt and exchange pretty every kind of confidential material.
As for privacy I'd suggest to go the VPN route. With a little luck that'll provide plenty privacy for little money (maybe 50 to 100$/year) plus an innocent excuse ("I used it to watch TV series in/from other countries"). *Avoid* the big names and look for reputation.
ab praeceptis • December 10, 2016 10:51 PM
Thoth
I agree partly. *Obviously* that guy is evangelizing and selling, for instance, Signal.
At the same time I feel you are too hard on him. Example: a) one *can*, at least with quite some IMs, transfer files. b) IMs short lived and not stored? Maybe. Maybe not.
What worries me more, though, is to see what kid of people work on tls 1.3 - obviously believing in it.
I take his betting on signal, a toy for iphone and android, as a confession of gross incompetence.
Thoth • December 10, 2016 11:37 PM
@ab praeceptis
It really boils down about the role one is using at the moment or in a way, the mask one is wearing at that moment.
If one is a CISO or CTO, would it be preferable to hold ephemeral secure communications in a formal setting while at the same time statutes and rules requires record retention ?
From a work perspective, SMIME or PGP emails would be more preferable where the employer provisions a cryptographic key for the work email account.
If it is taken from a personal communications perspective, it is up to one's choosing.
It is true that you can write your email in a text document and then attach it to the Secure IM and transfer it over (while also enabling logging if it's a corporate Secure IM account) but it would be more convenient if one simply pops open a PGP capable email editor and hit the send button.
The IM for this case would be Signal. Most people would be using Signal in ephemeral mode and would not allow logging to take place.
It is mostly a matter of what type of message being sent across the communication channel and the necessity for it to be archived or not.
Figureitout • December 11, 2016 1:53 AM
Thoth
--Yeah sounded pretty whiney (who cares..?). You can make short-term keys, and post that you change keys every 1-3 months or less. The same applies to passwords to accounts, they need to be changed often. So now he has all plaintext email, and no encrypted option, good job. I don't put my pub key on anywhere, you have to email in the clear (or contact in meatspace) and then I would exchange.
Anonymity gets more and more difficult everyday (unless you hide in the noise); every method you use where you absolutely need to evade the best attackers and forensics teams in the world, has a short shelf-life and isn't sustainable long-term. But actively surveilling is costly, and the threat is still overblown IMO (they still can't do true stealth, you'll know something's up).
But yeah I barely use it b/c not a lot of people do and it takes me like 10-20 mins just to get my key; but the option is there if I need it. Like phone calls, I don't really like cold emails.
He also goes from hand-waving evil maid attacks (requires pretty active surveillance of your schedule, and knowing your hotel room, then the break-in and attack; all while not tipping off and being able to "abandon ship" in case you return unexpectedly) to feeling good about twitter dm's. If that's in your threat model and you leave your PC in your room, well...
He also doesn't seem to be using a data diode to transfer files from a completely offline PC to a transfer PC (working on that, hope to have some deliverable goodies to make it more user friendly in near future, likely summer). Malware would need to embed an attack in file being transferred over at that point, otherwise zipping w/ a long password should suffice. I can see big use of this on official "build" machines in companies all over world, mainly huge companies where this is worth the cost (probably have a similar system already in use). This will hurt malware-spreading quite a bit, needs to work and be easy though.
Daniela Caruso
--Tor is fine to use (w/ its flaws, there is few alternatives besides VPN's, and those can only be anonymous providing false registration info) w/ opsec (so work required on your part). Even the most infected PC and router MITMing all traffic, is still usable w/ good opsec.
Purchase laptop w/ cash, less paper trail the better (and cameras). Downloading legit CD/DVD ISO is risky but mainly unavoidable. So Tails liveCD (haven't tried Qubes liveCD, which would mean a VM on a liveCD...even better), on the laptop you need to remove camera/mic and wifi/bluetooth (if they can be...). Remove HDD (getting harder w/ newer laptops). Get a supported USB wifi dongle, then go to a local area (further away you travel the better, and keep in mind the beacons you have on you (cell phones and potential GPS bugs in your car)) w/ free wifi. Riding a bike w/ a laptop in a backpack is a good option, less area to hide bugs. Don't advertise what you're doing as much as possible thru search terms and ruin all your opsec using personally identifiable info on your burner laptop.
Those are the main areas of opsec we're all familiar w/ here that provide *huge* security returns. It will get around huge amounts of attackers.
Thoth • December 11, 2016 2:26 AM
@Figureitout
re: Leaving PC in room
That's asking for trouble if it's an insecure room or in a hotel or public space.
re: TFC/Data Diode
I had thought about approaching a PCB manufacturer locally to print out and do the PCB with @Markus Ottela's design but I wonder if it's worth the trouble. Wonder if anyone here is willing to help convert the design for TFC into friendly open hardware PCB and put it
cheaply (for the effort and BOM cost) on a store front online or something since not everyone has the environment and time to solder all that stuff and look for parts.
Another way is as you say, just zip the email, use a flash drive to move stuff around or some form of internal hardened network running off OpenBSD. Very limited options on hand anyway.
@Daniela Caruso
There are currently no secondary alternatives to TOR and most are still theoretical. Just make sure to be careful even when you are using TOR since that is considered under the TLAs' controls in a sense.
neill • December 11, 2016 6:33 AM
we should kiss those logins goodbye and get rid of them
just doesnt work
use passwords only, or certificates
usernames like
admin
administrator
itsupport
service
support
help
should be a thing of the past. learn from it.
Yet Another Blowhard • December 11, 2016 7:11 AM
@DFTwT
(What was that guy's name again, uhm... you know, the friend of Crowley and Hubbard? Or do you?)
https://en.wikipedia.org/wiki/Jack_Parsons_(rocket_engineer)
JG4 • December 11, 2016 8:04 AM
@Snowden #937876354597
check out the dates on the aircraft accidents that killed Heinz and Tower. that made the hair on the back of my neck stand up. the same crew probably gave Frank Church and Jack Ruby cancer
@Daniela Caruso
Thanks for the endorsement of thinking quality by the four heavy hitters
@the heavy hitters
I am enthusiastic about data diodes (e.g., for routing email to run encryption/decryption on an energy-gapped machine) and yesterday happened to think again about why after 30 years of feasibility, we don't see inexpensive (plastic) optical links used for interconnects both inside and around computers. like with LEDs and silicon photodiodes. where this goes is that such connections would make nice data diode links in and out of an energy-gapped environment. I did some crude calculations about blurring of signals at 20 megabits per second and it seems feasible over surprisingly long distances. the TOSLINK audio standard has been around for a long time, but it seems to languish.
@Thoth
I think that you can get a prototype run of boards done for under $100 if you are willing to populate them. I am enthusiastic about open-source designs for hardware. I haven't said enough times that something like artificial intelligence can be used to find backdoors that have been sneaked into open source designs. finding the five types of backdoors in commercial hardware generally is intractible and the best a person could do is exhaustively test a limited parameter space, then insure that the states never leave that space
Snowden #937876354597 • December 11, 2016 8:49 AM
@r.Monger,
- On what evidentiary basis are you asserting that commenters are funded? What is the funding source indicated by your evidence?
- To which assertions are you reacting with death threats? Are you implying that some of the referenced assertions about CIA criminality are false? Which ones? Do you have evidence contradicting the public documentation supporting any of the referenced claims?
- What does Zerohedge have to do with provably fabricated CIA claims documented by multiple sources?
- The tone of your comment seems agitated. Does the thought of CIA criminality upset you? Why? Are you aware of any nonpublic evidence concerning CIA acts that may have been subject to compromise or disclosure?
- In your opinion, will CIA officials or agents be tried in independent foreign or international courts in the next two years?
CallMeLateForSupper • December 11, 2016 9:05 AM
I had missed this 1 DEC tweet by Edward Snowden:
"Guess who is protected from the broad spying powers the British govt just got in the IP Act? British politicians."
It's one of those laugh-'til-you-cry things.
@Daniela Caruso, FigureItOut,
Not just the microphone if you have a realtek audio chipset or some other type of auto sensing jack too...
In such a case you need to pull the speakers out of your laptop too.
65535 • December 11, 2016 10:42 AM
@ CallMeLateForSupper
‘I had missed this 1 DEC tweet by Edward Snowden:
"Guess who is protected from the broad spying powers the British govt just got in the IP Act? British politicians."’- CallMeLateForSupper
The Snooper’s Charter is mass spying at a horrible level.
The MPs exempting themselves was discussed in previous threads as a double standard of the Rich/powerful Class v. Average Joe Citizen class. Hat tip to Ted.
[link dump of Snoopers’ Charter]:
Q and A of Snoopers’ Charter cont. 2.2.1
https://www.schneier.com/blog/archives/2016/12/a_50-foot_squid.html#c6739890
@ Thoth and Figureitout
“Does people ever have any idea what they are comparing (IM Crypto vs. Email Crypto) where IMs are mostly short lived messages while emails are long lives messages that maybe archived. Emails are possibly archived in corporates for data retention for audits and all that. Different cryptos are designed differently and the rants simply don't match up for their use cases where IMs (short-lived messages that may not need archiving) are compared to emails (long-lived messaages that may need archiving).” –Thoth
Good point.
Now, some serious technical questions regarding Rule 41 Mass Virus Spying and the fact that most people have an Gmail account, Yahoo, Aol and so forth which does not allow erasing of old emails.
Since emails are a good way of getting a computer virus or worm how dangerous are these “free Gmail and yahoo accounts” since emails cannot be deleted in regards to Rule 41 virus/worms/keyloggers by the FBI?
1] How would Fed's Rule 41 Mass Virus Spying be used via Gmail or Yahoo mail?
2] What is best outcome or worst outcome for the privacy concerned citizen/reporters when using Gmail or Yahoo email?
3] What is the alternative to these big email services which ensure you cannot delete your prior emails?
4] Is there a program to alert citizen to Rule 41 Mass Virus Spying?
Inverse Snowden • December 11, 2016 11:07 AM
So, are you going to believe the factless hearsay Bruce got fifth-hand from anonymous cowards at the CIA bullshit factory, or are you going to believe the guys who dumped the data?
https://www.craigmurray.org.uk/archives/2016/12/cias-absence-conviction/
But then why do all these high-profile people keep making fools of themselves? Why this compulsive repetition of mortifying, cred-blasting crap?
Once you know this was a leak and not a hack, you make the obvious inference: the sort of people who leaked these emails have entree to obtain all sorts of stuff, even probative evidence of CIA crime suppressed in breach of international criminal law.
Snf. Snf. Smells like pants-pissing fear.
Winter • December 11, 2016 11:23 AM
I see the whole email hacks during the elections as the total bankruptcy of the NSA strategy of "Offensive capabilities over deffensive protection".
By frustrating defenses of computer networks and stimulating the development of offensive tools, they have given away the presidency of their country to the enemy.
The NSA et al. have receded control of their country to the enemy. What is this for epic failure?
Nick P • December 11, 2016 12:56 PM
re verifiable vs reproducible builds
I don't expect masses to go full formal. Just something they can inspect by eye. The Scheme and ML languages are ideal for safe, readable compilers. Most don't use them. Prior idea was Oberon and P-code together or something similar to Wirth's Pascal/P. Just found a great one along these lines I'm surprised I haven't seen before:
PascalS - A Pascal Subset and Its Implementation
It would be quite usable for bootstrapping a simple, C compiler like tcc. Looks like it would be easy for imperative programmers to follow. The simplicity of the error handling and diagnostics is interesting, too. Score another win for Niklaus Wirth in balancing ease of implementation against usefulness.
Note: The MinCaml compiler is still the most impressive & preferable at around 2,000 lines of code for an interesting ML subset. Plan is still to use Design-by-Contract checks, QuickCheck, Frama-C, and SPARK on whatever interpreter & compiler is built to prove absence of problems. Probably manually insert safety checks & such to simplify the implementation.
Figureitout • December 11, 2016 3:32 PM
Thoth
That's asking for trouble
--Yeah I mean, he mentioned having keys in other countries yet he would leave his stuff in a room (probably under his name, probably reserved in advance, giving red teams time to set up a room right next door etc..).
Sounds more like he just needed to rant and blow off steam and is burnt out. I get that, I've definitely had burn out some (my passphases were ridiculous and I needed to type them in everytime, shortened them; want to only secure accounts I really care about and don't log into multiple times a day). Going to clean all my accounts etc. and get a better backup system in place when I'm done w/ school (sucks all my time up). If my workhorses have some spyware on them but it stays outta my way, meh, not a big deal to me. The alternative is never being able to concentrate on actual work, you're always setting up another PC lol...never use.
I had thought about approaching a PCB manufacturer
--Yeah we need a board laid out first, this is something a million people could whip up real cheap. I want to learn KiCAD or Eagle this summer and layout some simple boards.
But yeah, a nice simple populated board like that w/ logical test points, that's what we need.
Then do a test run w/ like 3 boards, make sure no problems (should be relatively simple board, so tracking down potential manufacturing issues, (hopefully no design issues) should be easy (should be...), then we're good.
Another way is as you say
--To really do it right, we'd need to do TFC concept, if you want to save files from network, use a separate receiving PC. Backup multiple times etc. Generating files on a separate TX PC. Data diodes each way.
What I'm hoping is established terminal programs work.
r
In such a case you need to pull the speakers out
--Yeah, wire snippers is all you need. Might as well if you go that far (so long as you don't care about bios beep codes anymore). I question the audio quality of recordings made w/ a speaker being used as a microphone in a laptop case. In any case the easier thing to do is don't talk which is what most computer users by themselves do anyway. If you need skype, keep it.
65535
What is best outcome or worst outcome for the privacy concerned citizen/reporters when using Gmail or Yahoo email?
--Don't put plaintext in, and it's probably not worth dealing w/ all metadata. Assume a networked PC has a keylogger and all traffic is being MITMed; whatever you want to send needs to be encrypted separately (where you do a 1-time grab of all the software you want/need, transfer and install via USB) then transfered over 1-way. Accounts could be hacked and deleted at anytime via backdoors you have no control over etc.
Gmail satisfies my current requirements, I can encrypt a file and send it, or send encrypted message, but I've used a bunch of those temp. email services.
Sancho_P • December 11, 2016 5:19 PM
@Figureitout, @Thoth, re datadiode and PCB
No PCB, what you need is a solder iron and a perfboard, there are nearly no traces, the caps must be close to the chip anyway.
Use wires to connect the USB converter (better mechanical stability)
The RS232 + battery solution is very complicated plus the molded RS232 converters can not be inspected.
JG4 • December 11, 2016 5:51 PM
I set a challenge for anyone to articulate the most Orwellian scam lurking in this disclosure:
https://blog.evernote.com/blog/2014/06/03/evernotes-three-laws-data-protection-update
ab praeceptis • December 11, 2016 6:15 PM
Nick P
Thanks for your interesting hints. I would, of course, love to discuss that interesting matter that, as a side note, is also closely related to better election machines.
Unfortunately, though, certain people here who only very rarely if at all contribute to matters in the scope of this blog, continue to abuse Bruce Schneiers hospitality and to sully this blogs comments section with the output of what seems to be social and personality disorders.
I'll gladly join the interesting technical (temporarily non-)discussions as soon as that is reasonably feasible again.
Uncle Joe Stalin • December 11, 2016 6:18 PM
Wonder why Bruce plays along with the "condemn the current bad guy" game (Rooski, Chin, etc)?
So Wikileaks and pals does not happen to his blarg.
https://www.craigmurray.org.uk/archives/2016/12/facebook-suppresses-truth/
All security is political.
Uncle Joe Stalin • December 11, 2016 6:28 PM
For this article Craig Murray former UK ambassador to Uzbekistan got "ghost banned" on Twitter and banned on Facebook.
https://www.craigmurray.org.uk/archives/2016/12/cias-absence-conviction/
So much for Bruce's tepid assertion that "Russia hacked the election".
@FigureItOut,
Microphones are for more than language, they can be a good 3d activity/proximity sensor. Plus, I wouldn't want to accidentally pick up confidential information just be being in the area. That's not a trustworthy thing to do.
I wonder if you could run an LED off the BIOS speaker line for the codes?
Maxwell's Daemon • December 11, 2016 7:34 PM
@Sancho_P, @Figureitout, @Thoth, re datadiode and PCB
Ah, that's the circuit I've been needing here. I've an isolated (BSD) server that has my archives and for crypto functions and have been using DVD-R's as transfer mechanism in/out (with safeguards). I don't generally trust USB but mods shouldn't be too difficult on that front.
Off to price parts. I've even a single-board computer to play with on the testing side.
Thank you! {Sheesh, too many years since I lived on a diet of engineering manuals and data books. Duh!}
Thoth • December 11, 2016 8:41 PM
@Figureitout
re: KiCAD
I had it sitting on my computer for a while. Had to find time to learn it. I opened it once and it looks pretty nice (GUI part).
If you want to start a project to put TFC on PCB board and do a small and cheap open hardware production, count me in. You can setup a Github repo with the files needed and add me as well when you have a repo made. You can try to open a small crowdfunding project to get some funds for a small production too and if that happens, drop a message and funds will find their way to you :) .
@Sancho_P
re: TFC
I think the best way to drive up more uptakes and interest to the TFC project is to simply provide an open source and open hardware PCB. Are we going to expect everyone to grab some perfboards, find some wires and some optocouplers and do their own soldering and stuff ?
It would be much faster and less time and effort consuming by simply providing a PCB with open hardware and designs funded by crowdfunding.
The usual concerns are that the TLAs might find ways to prevent the creation and funding of such projects. If that's the case, then what about the schematics that @Markus Ottela published and it's still nicely on the Internet.
Also, in a portable secure communications scenario, are you going to sit down in the airport or in a public space and wire up a perfboard and possibly even trigger the Anti-Terror units just because you are trying to setup TFC in public ?
The concept of TFC is nice but it does not have a medium for wide adoption. It has no portability, takes time to setup ... these are the things people don't want to go through just for secure communications and secure environments.
Why are there so many people and projects still using vulnerable security techniques ? The reason is very mundane. Because "Johnny doesn't know how to encrypt". Are we going to expect users to type "gpg --output doc.gpg --encrypt --recipient blake@cyb.org doc" or would they want to use a GUI ? I think we know the answer but as a community we failed to provide them some form of ease of use by having some compromise of sorts between security and usability.
@all
The problem with the open source security community is what many of us who are creating security applications are struggling with ... to increase adoption by making it easy to use security. Why did I chose Java for GroggyBox's GUI client and not some Haskell or Ada ? It has a huge support base and almost every OS and system supports Java. The import part is that the smart card applet which does the security critical execution and invisible to the user is to be secure and while the GUI can be a little laxed if it boost usability.
Rigidity in schemes and adhering to verbal and theoretical words and ideas are useless. What is needed is practicality and something that actually works on the ground with ease. This effectively removes the excuse of "Johnny can't encrypt" if security is just a few easy clicks away.
High assurance theories, OSes, schemes, applications ??? I don't see them anywhere near usable or ready for the general public. If these stuff really wants wide spread adoption to try and do some counter-balance to the ever encroaching reaches of tyrannical nation states, it has to be easily usable even for one's own granny !!!
65535 • December 11, 2016 8:55 PM
@ Figureitout
What is best outcome or worst outcome for the privacy concerned citizen/reporters when using Gmail or Yahoo email? -65535
“Don't put plaintext in, and it's probably not worth dealing w/ all metadata. Assume a networked PC has a keylogger and all traffic is being MITMed; whatever you want to send needs to be encrypted separately (where you do a 1-time grab of all the software you want/need, transfer and install via USB) then transfered over 1-way. Accounts could be hacked and deleted at anytime via backdoors you have no control over etc. Gmail satisfies my current requirements, I can encrypt a file and send it, or send encrypted message, but I've used a bunch of those temp. email services.”- Figureitout
I assume you are encrypting with PGP or GPG. How to you get the key to your recipient?
Now, the 1-way transfer is not quite clear to me. Are you using a data diode? Are you using two separate machines? Are you using a third party or third party mechanism?
What would be the best combination of software to achieve what you describe?
I ask this because with Gmail a person cannot remove emails. Thus, with Rule 41 virus spyware payloads it seems that a Gmail account could be constantly re-infected with Rule 41 virus spyware.
ab praeceptis • December 11, 2016 9:36 PM
Thoth
"Why did I chose Java for GroggyBox's GUI client and not some Haskell or Ada ? It has a huge support base and almost every OS and system supports Java. ... has to be easily usable even for one's own granny !!!"
How easy your program is to use is little to do with the language you use.
As for running pretty much everywhere you are right with java - however, the same is true for Scala which is considered more secure. Moreover there exists a (rather rich) Scala subset (LEON) that allows for formal methods.
Although I value your work I find it regrettable that you yourself tainted it by using a language should be considered as quite poor regarding safety.
In the end it comes down to you having lots of good will and having invested lots of work but not having any satisfying level of certainty regarding the reliability and safety of your software.
You should at the very minimum use java ESC (formal annotations). Just a friendly advice.
Thoth • December 11, 2016 10:02 PM
@ab praeceptis
As I have said, Java application on desktop is considered insecure anyway if your computer is not secure from ground up. You can use Haskell, Ada, whatever formal verifications and nice sounding name ... the bottom line being the hardware and OS being crap (Linux, Windows, Mac), no matter how good your Haskell or Ada or High Assurance language magic is, it makes no difference when the attacker can go below the OS and hardware stack and make your High Assurance to No Assurance.
The security in my scheme does not reside in the client side. It resides in the smart card side. The desktop client running Java application is considered compromised anyway if the hardware and OS level is gone case.
Try doing High Assurance languages on Windows OS :) . Tell me if you can do anything significantly useful with HA languages when your Windows OS is a bunch of crap heaped upon crap. It doesn't make sense and is a waste of time.
The only exception is the use of a chip like PowerPC, ARM Cortex M, SPARC, imaginary RISC-V chip that suddenly comes into existence and you have to ensure from the lowest stack to the highest stack is not compromised.
HA is difficult. You have to ensure everything from chip to software is trusted. Any part not trusted and it's an open invitation for attacks.
Whatever that is said in theory is just theory. All the High Assurance languages sounds nice as you know. But there is so much things to consider from the chip to the upper layers and also user behaviour and interests. This is when reality sweeps away all those theoretical stuff. Only the things that works in the real world would be useful, other than that, all the nice numbers are useless unless they withstand the tides of reality.
Figureitout • December 11, 2016 10:41 PM
Sancho_P
--Yeah I'm about to make that, may use a mini breadboard and I needed an adapter board b/c the damn ebay seller didn't advertise dip-smd, just dip...he's getting a bad review for that.
https://postimg.org/image/azh8xqhn7/
I want a small slick board, w/ a case, so I can take it in my backpack w/o breaking just like this: https://greatscottgadgets.com/throwingstar/ , it could be a little giftbaggie item at security conferences too. We're not going to argue this, not needed but I want.
r
--Certainly not the best proximity sensors, that's for sure. Well thankfully speakers are always easy to spot and remove. It's a tad overkill too, tape on the camera and don't talk is another less invasive option. Spotting the realtek chip usually isn't too bad either, w/ that damn crab on the chip.
Maxwell's Daemon
--Yeah, Markus Ottela found the paper from Douglas Jones at university of Iowa and used it in TFC, that's where I first saw it. The original application was for voting machines, auditors would look at output (and wouldn't have further access). The Jones paper is what I would use in more high assurance, circuit's given (and we need a board for that I can just buy, it'd be cheap too), just discrete components, and photoresistors/LED's for the actual isolation. But I'd say it's low risk that optoisolator chip ends up having a some malicious circuit, but it's a packaged IC, definitely possible.
Sancho_P extended the concept to USB-Serial converters, makes me wonder where else you could apply this since there's all kinds of serial->whatever converters and vice versa.
But yeah this is exactly the application for this, I'd imagine a project like OpenBSD would want this for their official build machines if they don't already (but they won't be doing CD's anymore sadly). But updating an airgapped machine is annoying but not too bad.
I don't trust USB that much either, especially after badUSB. But I use it everyday. Diode function is done outside of it though.
Thoth
--Cool, yeah we could get the HWRNG and the data diode as 2 boards at least. Have other projects on the backlog as usual, but want this. I'll let you know what I do (want to make a little arduino shield too).
65535
--Yes, I'd encrypt messages w/ GPG, I like 7zip for encrypted zip files. Would probably just state key for zip file in GPG message. W/ Mike the goat he made his key available, Dirk Praet also has his key hosted online. So I imported their keys. But I don't even want my pub key out there that much so I just keep it to myself. In my email sigs I have a separate email for it, people would email me first (do a "finger in the air" sniff test for troll or spammer etc.), then I would send the key or just tell them to send it to me.
So unencrypted startup but that's a whole separate (sort of unsolvable) problem.
RE: one-way transfer
--I know it's confusing, no I'm not using yet. Just got my parts to build a data diode. I've got finals, hackaday project, then I'm going to go hard on it before next semester (I work too).
Way I see it working is this: You got a terminal program (PuTTY) that supports serial comms on each end. On the air-gapped (or energy gapped whatever means same thing) machine you have latest software from one big download. I'm going to be occasionally adding files via USB probably (cleaned stick etc.) updating software or importing keys etc. Getting a purist airgapped machine from the start, not yet for me.
Anyway, I could save GPG output as a text file that I paste into email editor, and zip file for whatever. Send it over to transfer PC, either connect from there to email acct. or connect to another PC. I'll show you if I get it working how I see.
This may work nicely: http://stackoverflow.com/questions/30826002/is-it-possible-to-send-the-content-of-text-file-over-putty-over-serial-port or what I'm seeing in ExtraPuTTY is promising. Will test soon, there's no reason this shouldn't techically work, file transfer over serial port.
There's no integrated solution to get a file straight from serial port to an email attachment yet. Don't think I would use it much anyway, prefer putting file on desktop, then attach, then clear it from desktop.
Any emails on gmail, I assume it's public info (well, yeah...basically). I don't care if there's spyware on it, I'd encrypt anything I do care about. I can call someone too and set something up if it gets that bad (seen email accounts go down for a while but it's rare). I lose control of the acct. I'll take it up w/ google.
65535 • December 11, 2016 11:29 PM
@ Figureitout
“Yes, I'd encrypt messages w/ GPG, I like 7zip for encrypted zip files. Would probably just state key for zip file in GPG message.” - Figureitout
Good idea
“RE: one-way transfer
--I know it's confusing, no I'm not using yet… You got a terminal program (PuTTY) that supports serial comms on each end. On the air-gapped (or energy gapped whatever means same thing) machine you have latest software from one big download. I'm going to be occasionally adding files via USB probably (cleaned stick etc.) updating software or importing keys etc. Getting a purist airgapped machine from the start, not yet for me… I could save GPG output as a text file that I paste into email editor, and zip file for whatever. Send it over to transfer PC, either connect from there to email acct. or connect to another PC...”- Figureitout
Interesting. I’ll give it a go.
“This may work nicely: http://stackoverflow.com/questions/30826002/is-it-possible-to-send-the-content-of-text-file-over-putty-over-serial-port or what I'm seeing in ExtraPuTTY is promising. Will test soon, there's no reason this shouldn't techically work, file transfer over serial port.” -Figureitout
I see. Putty long text transfer depends on Plink [and extension]. It is a provoking idea.
“Any emails on gmail, I assume it's public info (well, yeah...basically). I don't care if there's spyware on it, I'd encrypt anything I do care about.”- Figureitout
I get what you are saying. In other words don’s Gmail for serious conversations unless you first encrypt with PGP/GPG.
Last, is the problem of having Gmail with a Rule 41 virus/rootkit spyware [Toxic mix ?].
Could just opening your Gmail account spread the FBI’s Rule 41 virus/rootkit spyware to one's computer, laptop, iPad, iPhone?
In other words, because of Gmail’s ability to keep all email forever and the combination of the FBI’s Rule 41 virus/rootkit spyware, should even opening Gmail be avoided?
Thanks.
Wesley Parish • December 11, 2016 11:54 PM
I was wondering if anybody had noticed the three big security stories on Slashdot today
https://yro.slashdot.org/story/16/12/10/2148243/nsas-best-are-leaving-in-big-numbers-insiders-say
so I popped in to take a peek, and no one reads Slashdot these days, it appears.
It also appears that a former NSA staffer has a rare sense of humour:
"What really bothers me is that the people of NSA, these folks who take paltry government salaries to protect this nation, are made to look like they are doing something wrong," the former NSA Director added. "They are doing exactly what our nation has asked them to do to protect us. They are the heroes."
It wasn't their fault, as he himself had pointed out to an over-inquisitive reporter in a phone interview just a few minutes ago — it was hardly their fault that terrorists had developed ever more effective means of camouflaging themselves, and so the inspections had to become ever more intrusive. One did not expect women to be so fanatical that they would replace their saline and silicone inserts with plastic explosives. But someone had written a short story about such a thing happening, and it had been made into a movie, so they were doing their duty in protecting the public by...damn, he was going to have to put that reporter on the no-fly list, wasn't he! Obnoxious little puppy, he should've been drowned at birth!
If LOVEINT makes you a hero ... WTF ... ? And what about the non-US-Americans? That brings us back to the days of one King George, lawful sovereign of the Thirteen Colonies, and some terrorists like George Washington and the like ...
ab praeceptis • December 12, 2016 12:13 AM
Thoth
First and importantly: I like you. You are a colleage and one that actually moves his ass and works on concrete solution. So, do not mistake what I say as negative criticism. It is not. It's just that I'm the weirdo who happens to think that safety and security are important and worth going an extra mile.
Trust me, I can understand your argument. We all have our preferred languages that we are used to and have lots of experience with, and I myself sometimes grunt at e.g. Nick P under the "paper tower" headline.
No matter how nice a given language is *theoretically*, it's like with a car: The nicest porsche engine is of little worth whithout a good chassis, brakes, wheels, etc.
Similarly, for us developers and engineers we need a complete tool chain that works on/for all architectures and systems we might need to target.
I know what I'm talking about. Seen it, done it, been there. I *actually have* fought with diverse languages like, for instance, Sather as a C generator, Modula-x for diverse stuff, etc. Similarly I did not just read papers about formal methods but I have actually *used* them in practical work. And yes, that's a sad story. In the end there are *very* few practically useable languages with an at least reasonable basic tool chain and for a reasonable set of architectures and systems.
But still, there is a major weakness in your argumentation. It comes down to "why should I eat pain and make major efforts when the whole system is rotten anyway?".
Please, consider 2 points:
a) Unless we start to actually build up a basis, a set of solidly engineered software, we will continue to run in the that wheel of argumentation forever (while nsa, fbi, and accomplices solidly f*ck is with cacti).
b) Unless you can formally prove safety you have none. Simple and brutal as that.
Again, you can't change java or windows or shitty libraries, nor is it your job. What you can do, however, is to make sure that at least your sofware is safe and secure, no matter how much below and above it is crap.
It's not much in a lousy environment, I know, and it's hard work but it's the ony way to create a safer IT basis.
r • December 12, 2016 12:25 AM
@ab, Thoth,
As for running pretty much everywhere you are right with java - however, the same is true for Scala which is considered more secure. Moreover there exists a (rather rich) Scala subset (LEON) that allows for formal methods.
Scala doesn't work on smartcards at this very moment does it?
My Info • December 12, 2016 12:28 AM
"Construction workers" in the government.
You know the type. They construct, construe, interpret, and build until there is nothing left of Constitutional or even statutory law.
I was just browsing the Microsoft(R) Active Server Pages of the Finnish legislature https://www.eduskunta.fi/FI/tietoaeduskunnasta/eduskunnan_talot_ja_taide/Sivut/default.aspx
They have the worst "construction worker" syndrome ever!
Säätyvaltiopäivien rakennukset Säätytalo ja Ritarihuone ...
My grandfather told me all this building and construction was a sign of the end of time. I don't understand it, but it's definitely in America, too. More of the same.
What if someone told them "Älköön eduskunta säättäkö lakiaa ... ?"
65535 • December 12, 2016 12:44 AM
@ Wesley Parish
"I was wondering if anybody had noticed the three big security stories on Slashdot today"-Wesley Parish
Does The 'Snoopers Charter' Also Enshrine Lying In Court? -slashdot
[This leads to The Register]
“Enshrining parallel construction in English law”
“…despite the establishment of a parallel system of secret justice, the IPA's tentacles also enshrine parallel construction into law. That is, the practice where prosecutors lie about the origins of evidence to judges and juries – thereby depriving the defendant of a fair trial because he cannot review or question the truth of the evidence against him. Section 56 of the act as passed sets out a number of matters that are now prohibited from being brought up in court. The exact wording of section 56(1) is as follows:
“Exclusion of matters from legal proceedings etc.
“(1) No evidence may be adduced, question asked, assertion or disclosure made or other thing done in, for the purposes of or in connection with any legal proceedings or Inquiries Act proceedings which (in any manner)—
“(a) discloses, in circumstances from which its origin in interception-related conduct may be inferred—
“(i) any content of an intercepted communication, or
“(ii) any secondary data obtained from a communication, or
“(b) tends to suggest that any interception-related conduct has or may have occurred or may be going to occur.
"This is subject to Schedule 3 (exceptions). Schedule 3's list of exemptions is broadly confined to national security court hearings, tribunals and other judicial occasions when the great unwashed, usually including the defendant and his legal representatives, are excluded from part or all of the hearing. Out of sight, out of mind.”-The Register
http://www.theregister.co.uk/2016/12/06/parallel_construction_lies_in_english_courts/
This is terrible. It practically requires UK prosecutors to lie in court. I am sure the back lash will be swift – after a few citizen a smeared for life.
This goes in to the-
Q and A of Snoopers’ Charter cont. 2.2.1
https://www.schneier.com/blog/archives/2016/12/a_50-foot_squid.html#c6739890
Hat tip to Wesley Parish
https://www.schneier.com/blog/archives/2016/12/friday_squid_bl_556.html#c6740334
Thoth • December 12, 2016 2:02 AM
@r
Scala does not work on smart cards. Nobody made a Card VM for it yet.
@Thoth,
I understand that, but when I looked at Scala (on wiki) it states it's based on the JVM mostly.
If there's a subset of Scala that lends itself to formal proofing(?) a portion of it may overlap with java bytecode.
I'm curious at least, as I would like to look up LEON. Sure it doesn't solve the issue of the JVM itself but... I'm curious about LEON now.
ab praeceptis • December 12, 2016 2:32 AM
Thoth
My javacard knowledge is rather limited but from what I know the javacard tools work on class files; those can be created with scala like with java and the javacard tools should be happy with both.
Moreover, as I mentioned there is ESC/java which afaik can work with SMT solvers in the back. So, one can significantly enhance ones trust in java code. Plus, which is important for javacard, it is transparent as it's annotation based.
You do what you want and I won't evangelize; but I didn't want you to pass up just because you seemed to not know that there are ways.
Whatever. Up to you and good luck
Thoth • December 12, 2016 2:57 AM
@r
JavaCard (smart card type of Java) uses Java 1.2 as a basis. Ouch, it's so old but nobody bothers to update it for ages.
Scala is indeed built on top of JVM but for smart card style of JavaCard, you don't have the space to do so. JavaCard is essentially Java 1.2 (in essence) so do not expect lots of upgrades and functionality.
@ab praeceptis
JavaCard is indeed Java but a heavily modified Java 1.2 for smart cards that have seen very little changes except for newer ciphers and key lengths and some other changes but essentially it's still Java 1.2 that has been heavily modified for smart cards. SMT solvers can be applied to JavaCard and have been done so.
Links:
- http://research.microsoft.com/en-us/um/redmond/events/smt08/filliatre.pdf
- https://people.cs.kuleuven.be/~bart.jacobs/verifast/
- http://spinroot.com/spin/symposia/ws10/spin2010_paper_19.pdf
- https://online.tugraz.at/tug_online/voe_main2.getvolltext?pCurrPk=74503
Who? • December 12, 2016 4:03 AM
@Liberty
It is time for someone inside Intel to leak the ME source code then, so we know for sure if there is a way to stop ME being owned by spooks.
Clive Robinson • December 12, 2016 4:14 AM
Yet more potential IoT / Router fallout.
A news snipit from "Security is Sexy"[1],
Indicates that maybe a million or so routers have been infected with malware, which is not exactly news in of it's self currently. However a person claiming to be responsible says the malware can not be removed... therefore enough bricks to make a fair sized slum.
Having designed embedded devices in the past that can be updated by end (ab)users and the Flash ROM over written, this is not exactly news either. The reason being that the software that does the update is also stored in the Flash ROM.
What is getting lost in the article, is that the manufacturer originally had to put the update software into the Flash using another method... So the devices may not be entirely bricked, it rather depends on what it would cost to get them "factory reprogrammed" and who would pay for it... Thus it's the FMCE Economics not the technology that decides if a router is destined to be "just another brick in the wall" of land fill.
Oh but it leaves another question hanging that has come up before... Why do the manufactures not put a write protect switch in, or actually use another method of updating that is more secure?
Again it is the question of FMCE Economics... As I've indicated in the past unless there is "suitable" legislation in place the economics of the "race to the bottom" become the dominant driver.
Thus the question has to be asked "What would be suitable legislation?"...
Just a thought to ponder over your "Tea Break" this Monday morning.
Markus Ottela • December 12, 2016 5:08 AM
@Thoth:
Whatever you end up doing, please don't pre-assemble logical components to HWRNG/data diodes.
It's not that complex to plug in 5 transistors and two op amps to HWRNG prior to use or provide those components pre-installed but removable. Sockets don't require soldering so it's easy enough. If possible, the HWRNG design should be altered so that the op-amp is replaced with transistors.
2N3904, 2N3906 and TL082 are all extremely common components. As for data diodes, please look
for functional LED-phototransistor assembly, e.g. fiber optic Tx/Rx pair, instead of IC. Or
provide the PCB with DIP socket that supports some common optocoupler.
"The usual concerns are that the TLAs might find ways to prevent the creation and funding of such projects."
Or companies with their patents: https://www.google.com/patents/US20100257353
"are you going to sit down in the airport"
It's unlikely anyone's going to run entire three-computer setup at an airport no matter what.
A user is quite unlikely to seek for private anonymous communication at public space with
excessive surveillance looking for anything that looks like a bomb: battery packs, wires.
Were you to need HWRNG, you'd have to also verify public key fingerprints, tying public keys
to your face. It's much more likely someone records them. One option would of course be
to change the way fingerprints work altogether. Instead of public keys, you compare
a domain separated hash of initial symmetric key. This would ensure the value changed
over phone could not be attributed to public key exchanged over XMPP server (e.g. if/when
OTR is not used).
"The concept of TFC is nice but it does not have a medium for wide adoption."
A commercial system could look like three smart phone screens in a rack the size of a a tablet. Embedded shielding, integrated HWRNG and data diodes would make it practical. It's possible but then there's the interdiction issue, court orders, supply chain security and even if it gained popularity and patents could be
overcome, someone might offer similar product with half the security-effort and twice the marketing budget, and the userbase would flock there. I never intended TFC as a commercial product.
"As a community we failed to provide them some form of ease of use by having some compromise of sorts between security and usability."
I really wish I had the time to look into GUI development. But then again, tools like Irssi are quite popular too so decent UI with curses might be enough. There's only so much I can do with student loan. The project has had zero funding since start.
TFC was designed for the needs of the few when remote CNE was a rare threat and when OTR-messaging could provide protection against mass surveillance. The industry does not consider bulk CNE a problem, at least yet. Maybe they are afraid of what's coming. I see the schizophrenic arguments "Use Signal" and "Governments can hack smartphones the minute they connect to network" coming from the same experts. What I could offer is clearly not easy enough for the average Joe but it's not impossibly hard to plug in the hardware and run the installers under Ubuntu. I felt the tutorial videos were in the right direction but editing them was so painfully slow I wanted to wait until the project felt more finished before doing them again. I'll eventually re-record them. But then there's the question about circuits.
@Nick P, Clive Robinson, Thoth, Sancho_P, Figureitout et. al.
What is your idea? What is the realistic risk of serial / UART pin remapping in adapters / Raspberry Pis?
Is it enough just to cut excessive cables from null-modem cables and use one Tx-Rx + GND pair between the interfaces? The risk is imaginable and mitigation is straightforward, but is there any proof that users should play it safe?
Wael • December 12, 2016 5:13 AM
@Clive Robinson,
Why do the manufactures not put a write protect switch in, or actually use another method of updating that is more secure?
That problem is being worked out in various industry standards bodies: how to enable robust SW update mechanisms on extremely resource constrained devices. A standard mechanism is better than a zillion proprietry solutions. Economics is a factor that's also considered.
Just a thought to ponder over your "Tea Break" this Monday morning.
I'll tell you about the tea in a couple of days from another time zone.
Thoth • December 12, 2016 5:16 AM
@Who?
It isn't so simple as leaking Intel ME source codes and chip designs. The chip includes booting keys (presumably an RSA key) and assuming Intel did not screw up, they should have commercial HSMs with multiple admin quorums locking the Intel root private key in HSMs. You also need to get the private key to sign updates to overwrite Intel ME firmware.
@Clive Robinson
Probably it's about time we make our own routers at home ? How about using a spare PC loaded with OpenBSD as a network router ? The link contains the official guide by OpenBSD team on how to do just that.
For those who are interested, find a router with Freescale/NXP PowerPC chip (linked below) or some Freescale/NXP PowerPC chip and then run your router. Much better than ARM (with it's TrashZone) and Intel and AMD with their AMT and PSP backdoors.
Those supported Freescale/NXP PowerPC boards are also linked below just for convenience.
Links:
- https://www.openbsd.org/faq/pf/example1.html
- https://www.openbsd.org/socppc.html
- https://routerboard.com/RB600A
- http://www.thecus.com/product.php?PROD_ID=6
keiner • December 12, 2016 6:17 AM
Any links for this here yet?
https://www.theguardian.com/technology/2016/dec/12/new-ransomware-victims-popcorn-time-malware
...did anybody see this coming?
My Info • December 12, 2016 7:49 AM
Regarding my previous comment in this thread:
When I read such writings as the aforementioned web page of the Finnish government, I am reminded of the circumstances of my ancestors' emigration from their native land and settlement in the United States. Then I see that those same circumstances have not improved one iota in that land, and that they begin to appear, particularly in my own native land, the State of Washington, which, with its beautiful Capitol Dome in Olympia, completely did away with the U.S. Constitution's Grand Jury clause:
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; ...
http://leg.wa.gov/LawsAndAgencyRules/Pages/constitution.aspx
SECTION 25 PROSECUTION BY INFORMATION. Offenses heretofore required to be prosecuted by indictment may be prosecuted by information, or by indictment, as shall be prescribed by law.
The word "information" here means that the due process of indictment by a grand jury has been deliberately omitted: even a speeding ticket or parking violation may be trumped up to a felony or capital offense without a grand jury's finding of "a true bill."
Many Finns settled in Washington State; evidently they brought too much baggage with them, since there they continue their medieval practices of villeinage along with other European immigrants and their children.
Furthermore, I want to ask: What are the circumstances of the Finnish government's choice of Microsoft Windows over Linux and of Linus Torvalds' emigration from Finland and settlement in the Portland, Oregon area?
vas pup • December 12, 2016 10:47 AM
@all respected bloggers. Just completed reading old book 'Gift of Fear' with content addressing in detail psychological aspects of physical security, and threat assessment in particular. Looks like new technology just added new tools to the same issues.
That citation caught my attention in particular: "People who apply a fatalistic attitude to their own safety, often do so as an excuse not take reasonable precautions". Good point!
My Info • December 12, 2016 3:49 PM
@vas pup, respected bloggers, etc.
via McDonald's Free WiFi, right across the street from FBI.
I just met some blonde girl on the train, said she was Italian, "not even Caucasian," with the Mafia, owned crooked cops everywhere, yelling and screaming about some plot to assassinate Trump, like some teenage girls who were hit in some gated community somewhere...
Yadda, yadda, yadda...
You're all pwned by the computer villeins of medieval America.
The "construction" doesn't stop there, either. The 14th Amendment, the so-called Civil Rights Amendment, has been massively reconstrued, even after the Supreme Court tried to hang the entire weight of the first ten amendments (the "Bill of Rights") on its "due process of law" clause.
Section 1.
All persons born or naturalized in the United States, and subject to the jurisdiction thereof, are citizens of the United States and of the State wherein they reside. No State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any State deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws.
...
Section 5. The Congress shall have the power to enforce, by appropriate legislation, the provisions of this article.
Namely being citizens "of the State wherein they reside" is now interpreted to require the ownership of residential property from a Realtor(R), without which such persons are no longer allowed to vote, even in national congressional or presidential elections.
All persons in a state are of course subject to criminal prosecution in that state, but only those who own property are afforded the equal protection of the laws.
Clive Robinson • December 12, 2016 3:53 PM
@ Nick P and the usual suspects,
You might find this of interest,
https://blog.acolyer.org/2016/12/12/xft-practical-fault-tolerance-beyond-crashes/
My Info • December 12, 2016 3:59 PM
No one really "owns" property in America anymore, anyways. Property nowadays is held in tenure from a Realtor(R), subject to various conditions, covenants, and restrictions, so detailed that they specify or require certain clothing, medications, hairstyle, commitment to mental hospitals, and so on and so forth along with numerous lifelong professional and occupational restrictions and other conditions of serfdom.
My Info • December 12, 2016 4:10 PM
Bloomberg: "... as the battle for employees in a tight labor market grows ..."
As if! Jobs for serfs and peons! I never heard so much bullshit in my life.
Clive Robinson • December 12, 2016 4:26 PM
@ Vas Pup,
"People who apply a fatalistic attitude to their own safety, often do so as an excuse not take reasonable precautions". Good point!
Ever driven in India, Vietnam or the Middle East?
It's an experience you will not forget, I can assure you :-S
Sancho_P • December 12, 2016 5:58 PM
@Thoth re TFC and data diode PCB
No one will (or could) prevent the creation of any PCB layout as well as publishing it.
Ideas are free.
Local laws might criminalize the use (or even the possession) of certain electronic devices in some countries, like radar warnings in cars, or stingrays for the plebs.
But the question would be if it makes sense to create a “data diode” PCB in the first place.
TFC is promising, but at the moment it’s a design, not a product.
To be usable, the secure connection to the hostile world must be part of the TCB, not part of a removable cable [1].
For your airport example, would a manually soldered PCB improve the situation? ;-)
Btw., USB can’t be part of any TCB because of complexity and obscurity in HW and (OS) software.
Re open source I share your sentiments but that’s the difference between idealism and capitalism, especially to be seen in the Linux community.
Yet there is enough nearly unusable crap commercially available - just thinking of my satellite tuner (Sancho grabs at valerian ...).
However, the open source style of TFC is it’s biggest enemy and the main challenge.
All systems I know of are built on security by obscurity, nothing is open source or fully documented, especially when it comes to hardware.
Imagine the US would share their military grade technology with the world, discuss their nuke-launch systems with the Russians, or happily sell the Chinese and NK their encryption machines made in the USA.
This would be a world I’d love to live in.
From open source TFC to a secure, commercial, worldwide available and “average user” accepted communication system there would be a looong way to go, only I’m not sure if there is a path at all (to satisfy all these targets).
[1]
When thinking of a (TFC) data diode why not think of a wireless connection?
All transferred data is actually encrypted = must be deemed secure.
Galvanically isolated, right out of your pocket.
No cables, no hassle, no problems.
Just thinking.
Sancho_P • December 12, 2016 6:03 PM
@Figureitout re data diode
Great, just one comment:
The Mini-B USB needs to be pushed / pulled really hard, this (daily?) force will stress and break the solder points of both, the converter-board and the perfboard (additionally to the converter’s slack in a case).
I’m not talking about the USB socket itself, that’s OK, it’s made for that.
Use short flexible wires to connect the converter to the perfboard / adapter board to avoid broken copper traces / solder points.
Or include the USB Mini-B plugs into your enclosure ( - this will invoke other mechanical problems with the cables, though).
Be sure to place the caps onto the adapter board to reduce inductivity.
Sancho_P • December 12, 2016 6:06 PM
@all
Re encryption of files and sharing:
Please have a look at https://www.cryptomator.org (page takes ages to load even in the EU, don’t be disappointed).
This app is a blessing (*).
Clean interface, simple, fast, multi-platform, mobile, FOSS (see GitHub for source).
It works with remote folders (in the Cloud) as well as with local folders, access is using WebDAV (fairly fast, Win limit is 4GB per file).
Each “safe” (think of a directory) has it’s own key so you can share it with other devices …
Use multiple vaults in Dropbox with unique (scrypt KDF) keys.
Directory names and filenames are encrypted, too.
Remove the auto update in the settings (calls home otherwise).
(*) Well, I can’t read / understand the source … ;-)
Sancho_P • December 12, 2016 6:09 PM
@Who?
If you want fun with the Intel AMT (ME) check also for their standard pwds here:
http://www.howtogeek.com/56538/how-to-remotely-control-your-pc-
Sancho_P • December 12, 2016 6:19 PM
@Markus Ottela
From the abstract in your patent link:
”The data diode system includes a voltage converter that receives a negative voltage from a serial data port connection of the secured device. The voltage converter converts the negative voltage into a positive voltage in order to power the data diode.”
it’s clear that the essence of that design is generating the positive voltage from the (unused) negative (RS232) communication line, esp. by converting the negative voltage from the (in the patent example) TxD data line.
See description 0025 and 0026.
So your use of batteries is already out of the scope of that patent.
The simplex transmission (the “data diode”) can’t be patented because it was always part of the serial console standard created between 1962 and 1969, as well as half duplex and duplex transmission.
Simplex is the system of radio broadcast, try to talk back!
However, thinking of bipolar RS232 was already crap in 2009 because nearly no contemporary machine had the negative voltage for that standard. Disadvantages were low speed, large voltage swing, short transmission distance, bipolar power supply needed).
It was phased out in 2002 in the EU, also because of ground loop problems and often destroying EMF spikes, it was replaced by current loop transmission using optocouplers (at least in the EU industry).
Probably voting machines in the US still have RS232, or the OPM?
As said above, RS232 is an unnecessary crap nowadays, stay away.
Re remapping serial UART pins:
AFAIK that’s not the question because serial UART is a hardware function, it’s a shift register and a buffer, you can’t abuse it, there are bits only. The function behind is in the OS (kernel) and in the user software.
The HW is necessary for the strict timing, even with speed below 100 baud.
You could try (using a appropriate CPU) to remap pins and bit-bang the serial console, but good luck with a non RTOS above 100 kbaud.
And who would load that software (the chicken and egg problem)?
UART was never used to boot-load, RasPi uses it to spill out it's boot sequence.
But to make 100% sure I’d recommend to electronically block the input line, even and esp. on RxD during boot, until the user program is ready to enable it.
Re my “That’s not the question” above, what is your concern exactly, I may not understand what you mean -
But any electrical, direct connection between TCB and NH would be a no go no go no go no go no go no go no go no go no go - never!
Btw. I’ve sent you a message on Dec. 4th, no reply, was it lost?
I’ve a whole bunch of points prepared, also re data diode / UART.
Thoth • December 12, 2016 6:42 PM
@Sancho_P
"Local laws might criminalize the use (or even the possession) of certain electronic devices in some countries, like radar warnings in cars, or stingrays for the plebs."
That would effectively make a Bluetooth Mice a munitions since many Bluetooth enabled mice are using AES-256 to encrypt traffic between the Bluetooth receiver and the Bluetooth mice.
How about all the Intel chip with it's AES hardware accelerator ?
Maybe that Android smartphone (even without FDE usage) is capable of crypto. That is illegal ?
It seems you have ever done export and import of security items but that's not how it's done. There is a list of items, the uses and more specifically a checklist that they operate on.
Of course, BRUSA is the odd one with those stupid export/import control laws. The manufacturing of the PCB can be done in countries not bound by BRUSA regulations.
A blank PCB without the "settings and programs required" will make an item exportable and importable. Of course if one explicitly load codes for the purpose that falls into the Security Appliance and Cryptographic items category, it may be inspected but if the PCB is simply a bunch of optocouplers, some CPU with memory that has no specific programs at all, it is considered a consumer electronics and not subjected to ITAR or relevant laws since it falls into the category of generic consumer items category.
65535 • December 12, 2016 7:09 PM
@ Sancho_P
Out Of Band Management is a real problem. HaHa, KVM to Intel i5 or i7 core pro computers… admin and P@ssw0rd... That is original /
We have talked about this problem in prior posted. Intel is really wrecking their image and so is AMD.
“With Core processors Intel introduced Active Management Technology (AMT) 6.0 which introduced a slew of new features including Keyboard Video Mouse (KVM) Remote Control. This means that with the right hardware configuration you have full remote access to your computer no matter what state it’s in.”-howtogeek
'Note: If “admin” does not work as the default password you can also try “P@ssw0rd” because that is the default password in Intel’s configuration documentation.'-howtogeek
http://www.howtogeek.com/56538/how-to-remotely-control-your-pc-even-when-it-crashes/
I will give cryptomator a go when I have time. It looks interesting. The datadiode at imgur looks interesting, but a lot of Apartment dwellings do not allow a solder iron and flux/lead, the flux make a bad odor. That is kind of a draw back.
terrance • December 12, 2016 7:58 PM
No more tobacco smells in a can does wonders.
Old remote web interface variant on new Netgear routers, maybe older netgear routers, and likely many other routers.
http://www.itnews.com.au/news/stop-using-vulnerable-netgear-routers-cmu-cert-444333
"Attackers can exploit the vulnerability remotely by tricking local users into clicking on similar command injection links.
Although the CMU CERT said it was "currently unaware of a practical solution" for the issue, Dutch researcher Bas van Schaik worked out a way to temporarily stop the vulnerability from being exploited.
It is possible to use the flaw to turn off the vulnerable web server in the affected routers, van Schaik discovered.
Users can issue this command:
http://[IP-ADDRESS-ROUTER]/cgi-bin/;killall$IFS'httpd'
Alternatively, most Netgear routers provide access to the management web server interface with this URL:
http://www.routerlogin.net/cgi-bin/;killall$IFS’httpd’
The CERT issued an advisory over the weekend for Netgear router models R6400 and R7000, with R8000 also believed to be vulnerable to arbitrary command injection.
Netgear firmware version 1.0.7.2_1.1.93 and earlier running on the above routers is vulnerable to the exploit.
Other models could also be affected by the flaw, which was discovered by a researcher using the moniker Acew0rm, the CERT said."
As soon as the router is restarted it is vulnerable again, until an openWRT alternative is installed by user, or manufacturers issue updated firmware that fixes it (along with the other half a dozen exploits from last couple years).
Drones of a different color. • December 12, 2016 9:14 PM
Far out man.
Daniela Aligheri Caruso • December 12, 2016 9:46 PM
@65535
> 2] What is best outcome or worst outcome for the privacy concerned citizen/reporters when using Gmail or Yahoo email?
> 3] What is the alternative to these big email services which ensure you cannot delete your prior emails?
proton mail is a very good option. Some of the more elite OpSec crew here will find it has flaws. From what I can see this is largely or primarily that its requires javascript to run client side encryption. The admins said there is no other way to do the encryption. This could mean having a MITM or spoofing attack on an individual. But apparently their userbase has gone through the roof recently. Could then all of those millions of users have their passwords stolen because of the javascript?
it has a lot of advantages that have never been achieved before in free public email, welded to a friendly user interface . To answer your question emails are unrecoverably destroyed after a certain time & they can be set to combust after any time the user chooses. Another component of this is they allow an encrypted email to be sent to someone with an email address outside the proton mail loop, again with the ability to have it combust after 12 hours or 2 hours or a week or whatever. Unlike gmail, these destroyed emails are entirely unrecoverable .If not intercepted en route (or an individual is targeted. )
With proton mail the attack surface and surveillance surface for non-state level actors is greatly, no, radically, reduced compared to regular email. And whilst for state level actors it would be easy for them to target someone individually, but does a mass surveillance attack on all proton mail users exist? It would require MITM everyone to steal all passwords.
PGP can be intergrated with it which is a big plus, based on everything Protonmail describe, the only way someone can read your email is if they actually have your password. So using a virtual machine or hardened OS to protect your client side is going to be fairly important, and the next step would be PGP incorporated externally via hardware or something like Thoths smartcard design. But then, if you’re going to those lengths you won’t necessarily have much a great need for proton mail as well. Unless perhaps a smart card can be used just to support your standard online proton log in - then you have usability and security merged quite nicely.
One thing that comes to mind is, as Ab Praeceptis said so well concerning Tor. Using Protonmail no doubt makes you attract attention from the TLA not matter what. Maybe thats not a good thing, maybe thats a really significant downside that outweighs the positives. We can’t say.
Note they have a well summarised blog post here on the snoopers charter, and if you have a look some other good posts on related issues
https://protonmail.com/blog/investigatory-powers-bill-email-privacy/
Daniela Aligheri Caruso • December 12, 2016 9:55 PM
@ Ab Praeceptis
grateful for your wonderful response, thank you very much
@ Figure It Out
Thank you for offering your advice and, - just as importantly - providing the reassurance that it drastically reduces the attack surface.
As you say this is familiar to many folk here, and it may be taken for granted as they have experience. But it’s good to remember there are many folk that do not have this knowledge, and while they have the ambition to protect themselves and assert their inalienable rights, they do not have the time and energy to commit to the extremely long and windy road of expert competence. They know they do NOT have a career as an OpSec professional but they deserve to have something of a start - if only they knew how to start. They know enough to realise that killing evercookies and using 'https everywhere' isnt going to cut it.
@ Figure It Out, explainations like the one you have provided are EXTREMELY appreciated. Fair enough that this blog caters to the elite crew. It can be very alienating however for new folk, as they may read here and realise that so much of what is discussed by Bruce or commentators is of lofty theoretical attacks - using Wi Fi to perceive body motions comes to mind - or things that are likely to be used against targetted individuals in extreme situations
(think of what poor Mr Assange has to endure every day - he’s no doubt learnt some very old school methods indeed)
So much of what is discussed here is not going to be relevant 98% of the time. As @ Ab Praeceptis said, more often than not it’s someone using a weak password and then it being shouted across the room by an employee somewhere.
To add to your words @FIO one could choose a pre - Intel ME chip and add some RAM etc to improve performance (Obviously @ Clive has elaborated at length )
And a long range Wi Fi dongle or antennae.
And also @ Clive suggested compartmentalisation of work and play, different emails, different live CD’s / USB’s for different parts of your life. If one is using doing anything identifable. One could indeed have two set ups as you describe, one anonymous, one not anonymous
It would be great to see a list of practical actionable steps to counter recent ‘legal’’ (cough) developments, such as what you’re described, as an action plan for the general non OpSec savvy public, in a permanent location.
@ Bruce feel like creating a page here? And an antidote to the ‘use Tor and you’re fine’ advice found elsewhere like The Guardian Project
Such a location can include advice about implementing @ Clives paper, paper, never data precept. An energy gapped computer and using printed cards to transfer data across.
I get that most people don’t care. It's not good enough for the well informed to say 'fuck them, I know, but they don't, so it's their choice'. What affects one affects everyone and if you are in the 1% minority and you know something that can help everyone, you have a responsiblity.
I don't mean to sound harsh because everyone here is extremely generous and even patient with people like me. But, getting back to the general population - some people DO care, or can learn to care, except they just get overwhelmed by the learning curve and need some strong practical advice laid out in a way they can actually grasp and apply. Once again @ FIO thank you.
Maybe it’s time move away from what some may call mental masturbation around theoretical models and attacks likely to be used in 1% of the time, and focus on information on practical reality based on things everyone can implement. Thoth said some nice things in this vein re: the cloudfare fucker.
Meanwhile the acronym continue to encroach further and further, and people who actually have the ability to support world to help are stuck discussing the implications of Turings feelings about chess in dial up telnet- in the year 2050 - and arcane abstract MIT mummery and poppery
Question for you and @ Nick P , @ Thoth etc
How do you folks, personally, over come the difficulty with obtaining a clean version of FOSS OS like openBSD, Qubes etc.
@ Clive Robinson. you said once you had been meaning to look at encrypted data content for paper storage to be stored in a filing cabinet but never got around to it. Now, THERE’s something people can really use. Any thoughts on practical implementation? Further to this I love the idea you and Thoth were discussing recently of stenography into plain text for transport and thus by avoiding suspicion is more important than anything
Nick P • December 12, 2016 10:30 PM
@ Clive Robinson
Interesting. Bookmarked for later review. The scheme actually isn't new even if their discovery was. The concept was invented in high-assurance security where they noticed certain systems just didn't get hacked. The Boeing proposal is an example I've linked before where their Survivable Spread on SNS Server reduces number of replicas necessary among other things. It's an old high-assurance trick where we leverage the fact that we can make less of the endpoints, network, etc hostile with effort. Compromises should only happen about as often as protocol-level compromises vs 0-days in average *implementation* of them.
It's worth further exploring. People just keep getting stuck in binary or fad-driven thinking.
@ Daniela
"How do you folks, personally, over come the difficulty with obtaining a clean version of FOSS OS like openBSD, Qubes etc. "
I assume they're all compromised as is this machine. Safest route would probably be to get the CD's from the developers at conferences in person. Or download them with hashes or signatures compared from multiple machines on multiple internet connections with multiple mirrors if they're available. On a LiveCD downloaded over HTTPS connection of legit site from random PC somewhere you don't normally use. Hardware should be pre-2000 ideally but pre-2004 seems safeish. Buy it on Craigslist or at a flea market.
Don't have a compromise of well-being • December 12, 2016 10:57 PM
http://newyork.cbslocal.com/2016/12/12/quest-diagnostics-says-34000-customer-accounts-hacked/
At least it's not live data, yet.
ab praeceptis • December 12, 2016 11:10 PM
Daniela Aligheri Caruso
For the sake of fairness and justice: It's easy for me to look like the nice helpful guy, compared to, say, Nick P.
The reason is simple. Different persons here have different foci and priorities. Mine just happens to be very practical and largely guided by the fact that the vast majority of the people don't have a nsa tao team as adversary but rather curious colleagues or scriptkiddies.
People like Nick P are looking for perfection and for security in even absurd scenarios. It's important to understand that their approach is a very important aspect, too. It just so happens that the vast majority of people will never be in a situation where some opponent infrared laser eavesdrops on the them or runs a highly detailled power consumption profile against their encryption.
For banks or state agencies, however, those seemingly absurd scenarios are tangible and it's good that we have people like Nick P, too, who worry about those.
I'd like to come back on your question and add a point. Pretty everything can be interpreted in diverse ways. "Privacy" is an example. I took it to mean (in your context) that the remote end, e.g. a web site, shouldn't know who you are.
Others took it to mean something more general and that's a valid point. The question is how far one wants to go down that road. You see, one might as well argue that the advantage of tor over a vpn solution is rather limited, if the opponent were a state agency; they could, for instance, do pre-/-post matching, get at your isp and then to you anyway, even if we would assume tor to be secure (which I personally definitely do not).
So, next step: use tor but on top of a public wifi entry point. Oh, gee, no, because your tablet could be identified. So, next step, use a throw away tablet - how many of those can you afford?
But that's still not good enough considering all the cameras in public spaces that would allow to identify you. Well, next step, let's use bombs ... and all of that gets even more ridiculous considering that the vast majority of "I need security!" Joes and Janes forget to look at the cost/benefit ratio. Which leads us back to "against what to you want to defend yourself?" Plus:" Are you sure that you attribute the values correctly?" Plus: "Do you even understand the involved problem field and threat classes well enough?"
And all of that, well noted, in a given realistic context which happens to be that we are not victimized because, oh "aes-128 was to weak, had only we used aes-256!" or because oh "had only we used our computer in a faraday cage mesh!" - Nope. We get victimized because we (way too many of us) are using crap OSs on crap systems running crap software using crap libraries. And as that isn't bad enough we can't bothered to use reasonably secure passwords and reasonably many of them plus way too many have an attitude of "I want 3-D bling bling with stereo sound effects to click on in my browser! plus "security? Hey, there are laws plus I shelled out 30$ for Symerski2000 AV gateway, firewall, anti-evil".
Sorry if I sound rude but the most important advice I have for most people is simply "Avoid idiocy! Use your brain, think before acting and, very important: complexity is your enemy. Of all available reasonable approaches use the simplest one, one that you understand if any possible".
ab praeceptis • December 12, 2016 11:17 PM
Nick P
You evil twin (in mind)*g
Yes. An old pentium with Oberon (in a recent incarnation) on it will carry you a long way if you want a reliable basic communication and reference system.
Another reason for me to second what you say is that, yes, x86 should be looked at with very mistrusting eyes but it's what's easily available (still have my beloved T-22 plus a couple of mainboard and a reserve TFT, hehe) and what's not too high an entry barrier for many less experienced users.
Subscribe to comments on this entry
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient, an IBM Company.
Leave a comment