The next major war will be super weird.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
echo • May 4, 2018 4:49 PM
This does beg the question of whether we are nothing but the evolved output of 3D printers manufactured millions of years ago by a dinosaur civilisation which wiped itself out because, well, rogue 3D printers huh?. Why does nobody ever learn from history!
http://strangehorizons.com/non-fiction/articles/was-there-ever-a-dinosaur-civilization/
Sorry! I’m being a bit daft!
PeaceHead • May 4, 2018 7:36 PM
Wow, I don’t understand where all this nightmarish tech is going!!!!!?
When and where is this stuff ever used? And if not anywhere, ever, where is it being warehoused?
What happens if a rogue individual or group or AI gets a hold of it????!?!!!!
I don’t just mean this type of stuff in the article… but all of it… all the high-tech futuristic wierd warfare stuff. It just keeps accumulating decade after decade while we the people only get exposed to the typical guns and planes and tanks and rockets of doom.
Is the USA insane?
I honestly think the NAZIs won sometimes.
Otter • May 4, 2018 10:40 PM
@ PeaceHead They did.
ismar • May 4, 2018 10:47 PM
why use a photo of an octopus in an article related to squid ?
NYT article
The Man Who Cracked the Lottery
https://www.nytimes.com/interactive/2018/05/03/magazine/money-issue-iowa-lottery-fraud-mystery.html
A multi-year, multi-million dollar lottery fraud.
Salient points
1. The perpetrator was the information-security director for the Multi-State Lottery Association
2. He did it by–wait for it–compromising the random-number generator
Take Me To The Theater... Stat! • May 4, 2018 11:47 PM
Australia is once again leading the western world in new-age human rights. The country of data retention and face surveillance (“The Capability”) pledges…
The Great Southern Land of the assumed criminal.
Alien Jerky • May 5, 2018 1:02 AM
AT&T explains why it blocked Cloudflare DNS: It was just an accident
AT&T blames “unintentional IP address conflict,” promises to fix it.
Hmm… ATT being evil by accident. Blocking a competing service that affects their ability to monitor their customers activity on the web. They promise a fix, which probably could be fixed in less time than it took to write the press release, but they have not fixed it yet. cough… net neutrality… cough.
I poked through 1.1.1.1 website. Not sure what opinion to derive about the service. A commercial operation offering what seems to be a better privacy alternative. But I have a nagging feeling that although they seem to be legit at the moment, what is the real motive behind cloud flares offering this service? Opinions?
Uverse user • May 5, 2018 1:53 AM
Re Alien Jerky:
The inability to access 1.1.1.1 is confined to specific modems. They “borrowed” the previously unused 1.0.0.0 space for modem internal purposes, not aware that the range is now being used on the public internet.
I have a modem unaffected by the defective firmware, and AT&T connects to 1.1.1.1, no problem.
So, in this particular case, I advise taking AT&T at its word. They wouldn’t just block 1.1.1.1 without blocking 8.8.8.8 or 9.9.9.9, etc if they were doing it on purpose.
echo • May 5, 2018 1:58 AM
@Grauhut
Oh no! My desktop tower system is old enough not to get an AMD CPU update. It’s a good job I’m turning it into a file server.
As I am close to properly configuring my dual boot laptops I decided to investigate TPM and full disk encryption. Oh what a pest. Bitlocker works with TPM but no other OS. Veracrypt is cross platform but doesn’t work with TPM (and has problems with major Windows updates). This is really annoying. I know exactly what the issues are. I don’t care about APTs or “false reassurance”. I just want something which isn’t a walled garden and works sufficiently well to prevent casual breaches of data privacy if unattended equipment is lost or stolen!
Davide • May 5, 2018 3:43 AM
1) 8 new CPU bugs found (4 high and 4 medium) for Intel processors, probably some ARM processors and some AMD processors. Disclosure will be at May 7. For now they are colled Spectre-NG.
https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html
2) 465,000 pacemakers recalled for cybersecurity patch (firmware)
https://www.raps.org/regulatory-focus%E2%84%A2/news-articles/2017/8/abbott-recalls-465,000-pacemakers-for-cybersecurity-patch
3) two vulnerabilities affecting over one million Dasan GPON Routers are now under attack
https://www.bleepingcomputer.com/news/security/vulnerabilities-affecting-over-one-million-dasan-gpon-routers-are-now-under-attack/
Ismar • May 5, 2018 4:21 AM
Promising but early days still
Clive Robinson • May 5, 2018 5:11 AM
@ Davide, All,
The St Judes Pace Maker scandle rises up yet again in Abbot.
If you read the article about the just under half a million Pacemaker recalls you will find,
Patients with the devices are being told to speak to their doctors to determine whether they should receive the update, which will require an in-person visit to install.
That is going to be “oh so expensive” worse what would you guess would be the “did not attend rate” is going to be also the failure rate…
Things to think about when your Cardiac Specialist says “We think you are ideally suited for a pace maker”…
Maybe people should talk to their Congress Citter to ask why there are not proper standards in place for these communications interfaces? That is why NIST is sitting on it’s hands still. The critters should be only to aware of the problem, after all one of GWBush’s neo-con side kicks had the radio interface disabled in his, because he thought he might be a terrorist target…
TWL • May 5, 2018 8:18 AM
Twitter scorned for password issue but praised for disclosing it
https://www.nbcnews.com/tech/social-media/twitter-scorned-password-issue-praised-disclosing-it-n871516
Twitter says the plaintext was written to a log before hashing, but that means the plaintext is sent over the internet. Shouldn’t the hashing be done in the browser? Maybe hash, send, hash further?
CallMeLateForSupper • May 5, 2018 9:51 AM
@Clive
“[…] one of GWBush’s neo-con side kicks had the radio interface disabled in his, because he thought he might be a terrorist target…”
The beast you refer to has a name: Richard “aluminum tubes” Cheney. AKA “Dick” (appropriately).
Dick’s current “undisclosed location” is cunningly hidden in plain sight: Montana. Now, Montana does not have any kind of radio service ;-), so his ticker’s stainless steel tick-tock is probably safe from hackers. Darn it.
John • May 5, 2018 10:03 AM
The NSA Managed to Collect 500 Million US Call Records in 2017 Despite Targeting Just 40 People
https://gizmodo.com/the-nsa-managed-to-collect-500-million-us-call-records-1825789394
“According to a new report released Friday, the agency sucked up more than 534 million US phone records in 2017, three times the amount it collected in 2016.”
The implication is the entire US population is under granular surveillance by the US military. (So much for the Snowden Revelations.) I wonder how much of the data take, and I assume phone meta data is the tip of the iceberg, is made available to other federal and state law enforcement agencies, secretly, for security reasons, so they say.
I am almost to the point of accepting the vast majority of Americans do not care at all about vague, abstract concepts like civil rights or police oppression. They are people who don’t get it and never will.
I do still worry about the day when this vast data base becomes available to government officials whose motive and intent are evil.
Seems like it’s all there these days, ripe for picking.
vas pup • May 5, 2018 10:20 AM
http://www.bbc.com/future/story/20180502-the-surprising-benefits-of-electroshock-therapy-or-ect
“From its earliest days, ECT was misused and sometimes abused. In 1944, Emil Gelny, a psychiatrist at two mental hospitals in Lower Austria and a member of the Nazi Party, modified an ECT machine for use in the T4 euthanasia programme of the mentally ill. As World War Two was coming to a close, he added four more electrodes to an ECT machine, allowed the current to flow for minutes (not milliseconds), and murdered 149 patients whose lives were regarded as “not worth living”. Although far more people died from lethal doses of drugs or by malnutrition, Gelny’s work would cast an understandably dark shadow over ECT’s future.”
Q: Is similar technique currently in usage by IC for interrogation purposes? Just curious.
Maxwell's Daemon • May 5, 2018 2:24 PM
@ Peacehead
See “Operation Paperclip” whereby 1,600 German scientists and their families were brought over to the US during and after the final days of the Third Reich. I’ve seen references elsewhere (link not to hand) that there were numerous cases of Nazi intelligence officers similarly gathered by the OSS (later CIA).
albert • May 5, 2018 3:05 PM
Sorry, US specific:
Our tax dollars at work:
https://www.star.nesdis.noaa.gov/GOES/GOES16_CONUS_Band.php?band=GEOCOLOR&length=24
This is really cool. Any of you across the Ponds have anything similar?
For weather forecasts:
forecast.weather.gov
The GOES website links from here as well.
. .. . .. — ….
albert • May 5, 2018 3:47 PM
@PeaceHead,
It’s only research at this point. The military/industrial complex is a mind-bogglingly huge business here. There’s lots of money available for research projects. They bring in the educational/research complex as well. Military technology eventually winds up in the civilian police departments, and there is cross-pollination between the military and the intelligence community. One big happy family, so to speak. It reminds me of the days when many little computer tech startups had hopes of Microsoft buying them. MS eventually cut back on acquisitions when they found they could just take the technology. But I digress.
..
@Take Me To The Theater… Stat!,
AU terrorism stats, 1970 to 2016
OMG! Those terrified Aussies must be peeing their pants.
..
@Alien Jerky,
Try a who.is search. I won’t print the results here for space reasons.
. .. . .. — ….
PeaceHead • May 5, 2018 4:37 PM
Thanks for the decent replies… all who replied to me.
Yeah, I am familiar with Operation PAPERCLIP somewhat.
I believe it really did happen. I think I might have even met in person some of the affected acquaintances when I was younger.
Also, I think the NAZI’s in America have been EXTREMELY busy since 1945.
Of course, so have been the Allied Forces, which is why people like me were allowed to live.
But I feel that not only do we need to extinguish the neo-cold war mentality, we have to extinguish all these rampant civil wars all over the place here within the USA, at every level of society.
Internacional xenophobia and kleptocracy seem to be some of the biggest threats.
And television is full of propaganda. I know this because of some stories published that I PERSONALLY knew couldn’t possibly be true.
The octopus was featured because the squid was too shy.
— May Peacefulness Prevail Within All Realms of Existence (May Peace Prevail On Earth, too).
For Bruce • May 5, 2018 5:31 PM
Perhaps a ToS violation, but I had to share this…
https://www.snopes.com/fact-check/is-vampire-squid-turning-inside-out/
echo • May 5, 2018 9:53 PM
@albert @peacehead
In the UK the authoritarian tendency, and divide and conquer, and fear of the other mentality is rife in some quarters as is Cold War era mentalities and empire building and collusion. Cultural change is a slow process.
I had a much longer comment which was Too Much Information. Basically, the truth is getting out even if it lags somewhat.
@For Bruce
Very artistic and a good metaphor!
Thoth • May 6, 2018 12:44 AM
@all, Clive Robinson
It is kind of weird that we are still hedging our bets of security on proven “Trusted Execution Environment” that are found to be a backdoor haven and also “filled to the brim” with all kinds of flaws ranging from hardware (Spectre et. al.) to firmware flaws (old ARM TZ implemented by Qualcomm’s QSEE with Integer Overflow error).
These CPUs and Enclaves are perpetual gifts that will continually keep giving for a very long time until we decide to completely discard them and discontinue them from our use and manufacture as a whole.
Hmm • May 6, 2018 1:27 AM
“why use a photo of an octopus in an article related to squid ?”
Because you expect a pardon.
echo • May 6, 2018 2:03 AM
I just had a daft idea. Why aren’t CPU instructions randomised on a per CPU basis? If only legitimate code could be installed with the proper numbers wouldn’t this make illegitimate code fail to execute? What about executeable file packing formats too? Obviously this means “trusted code” in browsers etcetera would still be a problem.
echo • May 6, 2018 2:09 AM
There’s a paper on instruction set randomisation here:
Fast and Practical Instruction-Set Randomization
for Commodity Systems
http://web1.cs.columbia.edu/~angelos/Papers/2010/practical_isr.pdf
Alyer Babtu • May 6, 2018 6:53 AM
Another kind of instruction randomization
what about • May 6, 2018 7:11 AM
Not sure how reliable this information is, but funny if true 🙂 Apparently someone has been adding and deleting IP addresses from Roskomnadzor’s list of blocked addresses (for blocking Telegram), making the graph spell out “digital resistance” (a slogan used by Pavel Durov, founder of Telegram) in Morse code.
https://tvrain.ru/news/v_vygruzke_roskomnadzora_pojavilas-463175/
echo • May 6, 2018 4:22 PM
I’m still plugging away with configuring my “new to me” laptops and old tower system as a fileserver. While waiting for a new network cable in the post I have looked into the security of my ISPs cable modem because I can’t afford a new router at the moment and plan to use this instead. The worst (only) vulnerability which could be found is a convoluted on site hack of the firmware. I am also organising a proper backup/synchronisation regime and discovered “Unison”. Unison is cross platform and can work over SSL too.
I would like to store encrypted synchronised backups off site with myself controlling the encryption endpoint. I’m not yet sure how this can be done efficently. I’m wondering if this functionality can be added to Unison or whether other tools will need to be used.
Here is a link dump for anyone who wants to get started:
http://www.cis.upenn.edu/~bcpierce/unison/
https://en.wikipedia.org/wiki/Comparison_of_file_synchronization_software
https://www.martineve.com/2010/12/30/using-unison-to-synchronize-and-backup-your-work-part-1/
https://www.tecmint.com/file-synchronization-in-linux-using-unison/
https://www.howtoforge.com/tutorial/unison-file-sync-between-two-servers-on-debian-jessie/
https://www.cyberciti.biz/faq/unison-file-synchronizer-tool/
https://www.granneman.com/tech/security/backup/unisonbackup#Use_Unison_for_incremental_backup_instead_of_rsync
https://alliance.seas.upenn.edu/~bcpierce/wiki/index.php?n=Main.UnisonFAQTips
Alyer Babtu • May 6, 2018 5:07 PM
@echo and @All – re ISP supplied modems/routers
Are there any general comprehensive checklist document or set of documents covering what to look for and remedy in securing the modem, taking account of the ISP’s particular requirements so as not to break the thing’s functioning ?
Clive Robinson • May 6, 2018 5:53 PM
@ CallMeLate…,
Now, Montana does not have any kind of radio service 😉
Well I’ve been told that for atleast the last quater millennium people have become “missionaries” taking the word “of a jealous God” to the heathens “in odd corners of the globe”[1].
Such people have not been slow on taking up “technology” as we know in the UK where we have a veritable forest of antennas springing up in bits of farmland as various “missions” from the dessolate wastes of Utah[2] bring forth the jealous word via 10KW of “music power” along with PO Box numbers to send large chunks of cash to, too keep them there TX’s heating the heavens and earth[3].
Thus as Montana –if you beleive the TV entertainment– is a land that should positively attract heathens, and Mr Dick’s movements might just be “the proof of the pudding” in that regard… We should consider enlightening their lives with modern pastotal work.
So maybe we should fund a mission to put an antenna up bear Mr Dick ti “go warm the cockles of his heart”. And if by chance at the same time he becomes “happy clappy” as he gets “the power of the word” in the most electrifying and elightenning manner then I suspect many would consider it a successful mission.
Which I guess would leave us with the tricky problem of putting down an 8″x4″ external dance floor over the possibly fresh excavations, and as it would be outside at a crossroads making sure the “elf and Shafty” people have a proper stake in it and are happy.
[1] As a statment “odd corners of the globe” has always puzzled me somewhat. It you ever find a corner on a globe, odd or not send me a picture 😉
[2] Apparently the NSA’s little boondoggle is so environmentally unfriendly it was compared to dumping certain industrial zones of Detroit and their over half century of toxicity into an environmentaly sensitive area. Kind of like that elephant in the room crapping in the goldfish bowl :-S
[3] That’s the trouble with electrically short vertical antennas and fields not big enough for 90-120 1/2wave radials to be dug in… I guess it warms the roots of the crop so it grows more on the waste of them jealous words…
echo • May 6, 2018 6:25 PM
@Alyer Babtu
I am not awareof any guidelines for securing ISP modems other than scattered bits and pieces such as change the default password and check your default wifi encryption settings. You may also need to reboot the modem sometimes to receive the latest ISP firmware.
Oh, fiddlesticks. This Intel firmware nonsense over Meltdown and Spectre is now just annoying. Assuming “trusted software” (hah hah) is fine the only source of problems is via my browser. If firmware updates are going to cause rolling reliability issues I may as well not bother. It’s not as if I’m running virtual machines on a server open to everyone and running arbitrary code I downloaded after a random search. They really need to be clearer about this because these firmware updates seem like a one size fits all obsessive and pedantic hammer which the best opinion so far indicates won’t actually properly solve the issue anyway.
If this is the case why not focus on browser security and the horrible ecosystem of Javascript frameworks and dodgy advertising platforms, and applications like games which can run arbitrary code in hosted game levels from unverified sources?
Clive Robinson • May 6, 2018 6:49 PM
@ Albert,
This is really cool. Any of you across the Ponds have anything similar?
Depends on what you mean by similar various satellite image organisasations do false colour image presentation from spectral data in other parts of the EM spectra, from long IR right up to X-Rays. It’s kind of like “frequency translation” into what we can see thus process, rather than have vast reams of numbers printed out.
echo • May 6, 2018 8:46 PM
I discovered rclone is an open source cross platform too for dumping files to a cloud server and supports encryption. It is limited in which providers it supports but it also supports http, ftp and sftp, and local filesystems.
I’m wondering if I can use Unison for local backup/sync and use rclone for packaging everything up as encrypted files and dumping to the cloud. (No I don’t trust vendors apps!)
Clive Robinson • May 7, 2018 12:12 AM
@ Thoth,
Introducing Asylo an open source framework for confidential computing
I’d need more hardware information to say for certain, but it reads just like the ibtro to any “Disaster Movie”.
We know the both Intel’s and AMDs secure environments are not secure for a number of reasons and that quite a few more are,waiting in the pipeline… Which probably means ARM as well.
But the grneral design of such enclaves using “common core store hardware” (ie Sys RAM) is a bad idea due to Rowhammer and other bubling up attacks. There is no way software at the CPU ISA or above level in the computing stack can stop “bubbling up attacks”. It’s a point I’ve tried to get across to people for some time, that top down assurance no matter how ingenious no matter how many proofs the code is “provably correct” is not going to solve. Nor for that matter will changes in the next layer or two down with Microcode and RTL level code.
It was one of the reaaons I started in on Castles-v-Prisons a decade or so ago, and the need for segregation of the CPUs and core memory etc that controls the MMU etc.
At some point more people will realise this, but untill that time these bubbling up attacks from further down in the computing stack will continue to thwart any “proofs of correctness” and similar top down approach, which is in essence what these enclaves are…
MrC • May 7, 2018 12:25 AM
@Alyer Babtu:
You what ask is impossible. The best you can hope to do is to cripple the ISP’s box as much as possible, treat it as untrusted, and connect it to a second router that’s under your full control.
As for the crippling step:
Configure DNS at your own router and/or endpoint devices. Getting DNS right means either setting up your own resolver or fun and games with dnscryptproxy, but just getting off your ISP’s DNS is a good start.
Keep in mind that the ISP’s box must still be considered untrustworthy. (Setting aside the fact that your ISP is a malicious entity that still has substantial control over the box through special knocks on the modem side (if not also a full-on backdoor), the firmware is a hopeless dumpster fire that you can’t reflash without breaking basic functionality.) Operate under the assumption that anything crossing the cable from your own router to the ISP’s box has entered hostile territory.
Ratio • May 7, 2018 1:00 AM
From Russia’s Secret Espionage Archives: The Art of the Dangle:
An old KGB training manual shows how Western double agents tried to dupe the Soviet Union during the Cold War. This classic tradecraft can tell us some things about recent events.
[…]
[In 1971] the KGB had published a top-secret document for internal circulation about the looming danger of dangles. As this was a Soviet text, it was given a characteristically turgid title: “Exposure of the Enemy’s Set-ups in the Process of Development of Persons Who Are of Interest to Intelligence.” A copy of this document was passed to me recently by an officer from a Western security service. As with prior examples of leaked KGB training manuals I’ve published at The Daily Beast, this one is still classified in modern Russia owing to its tutorial value to the SVR, Putin’s foreign intelligence arm and the post-Soviet successor to the First Chief Directorate.
Previously, ICYMI:
echo • May 7, 2018 6:30 AM
@Ratio
The UK security apparatus is a bit dispersed and indirect at times. The Foreign Office element got itself into a lot of hot water when it dropped various balls including Japan. (To many affirmative action chinless public school boy types.) Heads have rolled but nonethless they still didn’t quite get it the last time they tried something. The FO bungled into Japan and began a campaign to recruit British ex-pats into helping the UK government develop business opportunities for the UK. The ex-pats quite rightly told the FO to go away.
Very Nice Human Being • May 7, 2018 8:30 PM
I am shocked and surprised by comments on this blog from people assuring the safety and reliability of Telegram messenger app. The inherent vulnerabilities have already been plainly exposed – and I am referring to basic components of implementation, not the high-assurance requirements espoused by, for example, Thoth. (with the greatest of respect to Thoth). Nick P puts it more plainly ‘I had no reason to trust them before. So I have no reason to trust them now’
I can’t find the article presently but Moxie Marlinspike has systematically debunked all of Telegrams claims and the Telegram team were unable to provide a coherent reply.
This is a Aarhus University thesis investigating the roll your own crypto Telegram relies upon
http://cs.au.dk/~jakjak/master-thesis.pdf
‘Just Say No’
Beneluxe • May 8, 2018 4:21 AM
@Very Nice
I don’t recall much appreciation for Telegram on this blog.
I think it might have been criticised here quite heavily at least a few times.
Clive Robinson • May 8, 2018 7:18 AM
@ Very Nice Human Being,
I’ve not criticized Telegram as much as I have Moxie’s two systems, simply because it’s not come up as often on this blog.
All of these supposadly “ultra secure” systems are a bit of a joke to be honest, and none of them are secure to use between the users currently.
The reason is that the users “security end points” are before the attackers “communications end point”, opps…
Thus rather than go for the supposadly ultra secure encrypted communications, the attacker will simply do an “end run attack” via the OS etc to get at the plain text user interface, which we know is kind of trivial to do these days…
As our host and many many others have pointed out prior to that for centuries, “A chain is only as strong as it’s weakest link”. Currently the way users behave there are many many weak links that are way way easier for an attacker to use than try and break the crypto algorithm.
That is if you want to communicate securely then you need to deal with all the end run and protocol and implementation attacks including timing side channels that an attacker can get at via the communications paths open to them.
This at the very least means “segregation” of function, with the users security end points being way beyond the attackers communications end point. Which means with modern electronics taking the security end point “off the communications devices” as step one.
Which is one of two reasons I mention Pen and Paper hand ciphers quite a bit these days. The second reason is that whilst the state level attackers may have deluded politicians into believing that they can “backdoor” all encrypted communications… the reality is they can not jump the “segregation gap” if it is implemented correctly and likewise maintained correctly. Which with hand ciphers is generaly reliant on “Old School OpSec” methods.
The UK Government back in the Blairite days used to indirectly acknowledged this issue in the early versions of the Regulation of Investigatory Powers Act (RIPA) brought in by then Home Office Minister David Blunket (who has since had his doubts due to the way it’s been used[0]). Where they had added long custodial terms for those who would not hand over “secret keys” in general including PubKey “signing keys”, which caused a bit of a rumpus originally.
The main issue these days is thus how to come up with a cipher system where you never get to see the message keys or master keys they are derived from. But also can not reproduce the message keys and can demonstrate that fact to a judge.
Impossible as that sounds there are ways that can currently be done with certain designs of “black box” systems[1]. However new methods will be needed if Quantum Computing (QC) actually gets to the point it can realistically crack asymetric / mathmatical ciphers like RSA and Eliptic Curve systems with the key lengths we can use them at[2].
The real issue with QC is not so much people being able to read your secret messages, but to actively fake them either currently or in the future.
This is a known problem with the likes of One Time Pad systems. Whilst they are relatively easy to use by hand and deemed as being secure if used correctly you need to consider the how of that security proof.
In essence each bit of the key is “Truely Randomly Generated” thus can not be determined. The consequence of this is that for any given length of ciphertext “all messages are equiprobable”. From a fakers point of view all they have to do is take the ciphertext and XOR it with a message of their chosing that is the same length, and then claim that the result is “the secret key” that they have found on a hard drive etc…
Thus you need to find ways of armouring the ciphertext you send to stop this and that is actually not that easy to do, especially by hand…
It’s why people say “Security is hard, very hard to do” or for that matter even get close to getting it right.
In the past One Time Tape systems were used to only “super encipher” node to node traffic not actuall messages. That is the messages were first encrypted using a symetric cipher that would be used by the two communicating parties “end to end”. The resulting ciphertext traffic would then be super enciphered for each link in the path/route of communications that ciphertext would take between the two parties.
Thus whilst the OTT and OTP provided increased Confidentiality they did not provide either Integrity or Authentication. These would have been provided by the end to end plaintext protocols and end to end encryption if implemented and used correctly.
[1] I have with @Dirk Praet, @Nick P, @Thoth, @Wael and others discussed this on this blog before, so you can look up the details if you wish.
[2] The ability for QC to do anything of any real use crypto wise is still doubtfull currently. Some people think that the supposed quantum superposition can not be made to work long enough, others wide enough. Then there are a whole heap of other issues with QC. However the possability QC might get there and relatively soon is pushing people to research QC secure encryption algorithms and systems to replace our current PubKey etc mathmatics based crypto akgorithms.
VinnyG • May 8, 2018 8:20 AM
@Alyer Babtu re:modem security – I imagine you could mine some useful information at the DD-WRT forum: https://dd-wrt.com/phpBB2/
VinnyG • May 8, 2018 8:24 AM
@CallMeLateForSupper re: Shiny, Dick – If you’re interested, I heard the individual in question is seeking a new quail-hunting companion, as the previous fellows have all been blinded in one eye, somehow or other.
VinnyG • May 8, 2018 8:26 AM
@albert re: MS technology “acquisition” – Good to know that the Stacker affair has not been completely forgot…
vas pup • May 8, 2018 11:19 AM
Should ethics or human intuition drive the moral judgments of driverless cars?
https://www.sciencedaily.com/releases/2018/05/180503142637.htm
“When faced with driving dilemmas, people show a high willingness to sacrifice themselves for others, make decisions based on the victim’s age and swerve onto sidewalks to minimize the number of lives lost, reveals new research published in open-access journal Frontiers in Behavioral Neuroscience. This is at odds with ethical guidelines in these circumstances, which often dictate that no life should be valued over another. This research hopes to initiate discussions about the way self-driving vehicles should be programmed to deal with situations that endanger human life.
“The behavior that will be considered as right in such situations depends on which factors are considered to be both morally relevant and socially acceptable.”
It revealed that human intuition was often at odds with ethical guidelines.
Bergmann explains, “The German ethics commission proposes that a passenger in the vehicle may not be sacrificed to save more people; an intuition not generally shared by subjects in our experiment. We also find that people chose to save more lives, even if this involves swerving onto the sidewalk — endangering people uninvolved in the traffic incident. Furthermore, subjects considered the factor of age, for example, choosing to save children over the elderly.”
Driving requires an intricate weighing of risks versus rewards, for example speed versus the danger of a critical situation unfolding. Decision making-processes that precede or avoid a critical situation should also be investigated.”
vas pup • May 8, 2018 11:26 AM
@John:
Until collected snooping data is NOT used directly for any prosecution or for coming to your job/residence and talking BS to your employer/neighbors(kind of Though Police activity -1984 style blacklisting), but only as hints for future collection of evidence for real crimes (terrorism, treason – you name it) accepted in the court (not perjury entrapment I mean here, but good criminal intelligence work)I really don’t care.
Ratio • May 8, 2018 9:00 PM
@echo,
To[o] many affirmative action chinless public school boy types.
FYI, this chinnist parenthentical denying the historic victimhood of the differently-jawed somehow doesn’t seem to mesh well with your endless commentary on “diversity” and “social justice”.
echo • May 9, 2018 7:28 AM
@Ratio
I was only joking. Self-deprecating irony? I bet Clive can guess what I was tempted to say but I don’t want to be banned for a week.
@vas pup
This was an intriguing article. I like they way they got ahead of the problem by querying whether the ethical and intuitive conundrum can be avoided by discovering new ways of approaching the whole issue. The post-warcosnensus and “white heat” of technology disappeared years ago to be replaced by cynicism and lethargy. I’m glad someone is adding a little spark to the proceedings.
VinnyG • May 9, 2018 8:26 AM
@vas pup re: driverless car decision criteria – the problem with the experiment is that it seems to be essentially a video game, hence the relationship to what a driver would actually do in a parallel real-world situation is unverifiable. I am convinced of one item – some specific individual human (not some flimsy paper persona) must be assigned personal responsibility for any damages caused by any driverless vehicle. Otherwise the only people who truly gain from the ensuing chaos will be the lawyers. My preference is that someone riding in the vehicle assume that responsibility, but that may not always be possible. It certainly would depreciate, if not entirely moot, many of the perceived advantages.
bttb • May 9, 2018 11:21 AM
Regarding Haspel and CIA
On one hand, AFAIK, Hayden, Clapper, Brennan, & Morell support Haspel for D/CIA.
On the other hand, Greenwald writes:
“The confirmation hearing for Donald Trump’s nominee to lead the CIA, Gina Haspel, will begin in the U.S. Senate on Wednesday. Haspel’s nomination has become controversial because of her supervision of a CIA black site in Thailand, where detainees were tortured (with heinous methods that extended far beyond “mere” waterboarding), as well as her central role in destroying videotapes of the interrogation sessions at which torture was employed.
Two GOP senators appear unlikely to vote for Haspel: John McCain, whose illness prevents him from attending, and Rand Paul, who has vowed to oppose Haspel (though few things have proven less reliable than Rand Paul’s promises to act on his supposed principles). That means that Democrats have the power to block a torturer and evidence-destroyer from becoming Trump’s CIA director — if they remain united in their opposition.
Will they do so? It is difficult to be optimistic, to put that mildly. The history of Democrats throughout the war on terror is to ensure that just enough members of their caucus join with the GOP majority to ensure passage of even the most extremist pieces of legislation or nominees justified in the name of terrorism or national security.
The ruse Democrats typically use to accomplish these dirty deeds is quite ingenious: The defectors change so that no one member bears the blame for enabling right-wing measures, while the party itself is able to claim that a majority opposed the extremism. In 2010 — as the Bush-era tactic of Democratic defections to the GOP continued under Barack Obama — I referred to this tactic as “Villain Rotation” and described it this way:
‘The primary tactic in this game is Villain Rotation. They always have a handful of Democratic Senators announce that they will be the ones to deviate this time from the ostensible party position and impede success, but the designated Villain constantly shifts, so the Party itself can claim it supports these measures while an always-changing handful of their members invariably prevent it. One minute, it’s Jay Rockefeller as the Prime Villain leading the way in protecting Bush surveillance programs and demanding telecom immunity; the next minute, it’s Dianne Feinstein and Chuck Schumer joining hands and “breaking with their party” to ensure Michael Mukasey’s confirmation as Attorney General; then it’s Big Bad Joe Lieberman single-handedly blocking Medicare expansion; then it’s Blanche Lincoln and Jim Webb joining with Lindsey Graham to support the de-funding of civilian trials for Terrorists; and now that they can’t blame Lieberman or Ben Nelson any longer on health care (since they don’t need 60 votes), Jay Rockefeller voluntarily returns to the Villain Role, stepping up to put an end to the pretend-movement among Senate Democrats to enact the public option via reconciliation.
If Haspel is confirmed, it will be because a certain number of Democratic senators join with the GOP caucus to support her, while allowing the Democratic Party to claim it tried to stop her by pointing to a majority of futile Democratic votes against her. That’s why the record of the Democratic Party over the last 17 years — providing whatever amount of support is needed for GOP war on terror policies — makes it difficult to believe that Democrats will unite to kill her nomination.'” …
https://theintercept.com/2018/05/08/will-democrats-unite-to-block-trumps-torturer-gina-haspel-as-cia-chief-if-not-what-do-they-resist/
vas pup • May 9, 2018 2:51 PM
@eco, @VinniG.
The problem is how to utilize metrics on moral choices to provide feed into AI which is charge of driving car to properly make decisions with minimal risk taking.
My question: when somebody break traffic rules (pedestrian in particular) and car is forced on side walk to avoid harm to this violator but injure innocent bystander or have to hit other car. Should it be considered unlawful behavior of potential victim as criteria for making choices by car’s AI? That will put responsibility on ‘violator’ not on car when there is no possibility to avoid harm without imposing potential harm for rule-following folks. Breaks application should be lawful action on car AI’s side in such critical situation.
VinnyG, I agree when law is not clear lawyers will become only winning party.
Ratio • May 9, 2018 3:30 PM
@echo,
I was only joking. Self-deprecating irony?
Self-deprecating irony? Same.
bttb • May 9, 2018 4:02 PM
Haspel & Director of the Central Intelligence Agency (“‘D/CIA'”) Senate confirmation hearing, today, from emptywheel:
“Among the many, many damning details of Gina Haspel’s confirmation hearing, one sticks out. Ron Wyden asked her whether, during the 2005 to 2007 period, whether she ever asked for the torture program to be continued or expanded. She didn’t answer. Instead, she dodged:
‘Haspel: Like all of us who were in the counterterrorism center and working at CIA in those years after 9/11, we all believed in our work, we were committed, we had been charged with making sure the country wasn’t attacked again. And we had been informed that the techniques in CIA’s program were legal and authorized by the highest legal authority in our country and also the President. So I believe, I and my colleagues in the counterterrorism center were working as hard as we could with the tools that we were given to make sure that we were successful in our mission.
Wyden: My time is short and that, respectfully, is not responsive to the question. That was a period where the agency was capturing fewer detainees, waterboarding was no longer approved, and especially in light of that Washington Post story, I would really like to have on the record whether you ever called for the program to be continued, which it sure sounds to me like your answer suggested. You said, well we were doing our job it ought to be continued.’
This makes it clear that Haspel was involved in reauthorizing torture in 2005, in a process that was as rife with lies to DOJ as the original authorization process had been.
It also makes Haspel directly responsible for the torture of people like Abu Farj al-Lbi, which the torture report describes this way.” …
bttb • May 9, 2018 4:10 PM
More on Haspel & Director of the Central Intelligence Agency (“‘D/CIA'”) Senate confirmation hearing, today, from emptywheel:
“I expected to dislike Gina Haspel, but be impressed with her competence (the same view I always had about John Brennan). But she did not come off as competent in her confirmation hearing, in large part because the lies surrounding her career cannot be sustained.
Let’s start with the questions she didn’t answer (usually offering a non-responsive rehearsed answer instead). She refused to say:
Whether she believes, with the benefit of hindsight, torture was immoral.
If a terrorist tortured a CIA officer, whether that would be immoral.
Whether the torture program was consistent with American values.
Whether she oversaw the torture of Abd al Rahim al-Nashiri.
Whether she was in a role supervising torture before she became Jose Rodriguez’ Chief of Staff.
Whether she pushed to keep the torture program between 2005 and 2007 (see that question here).
Whether she would recuse from declassification decisions relating to her nomination.
Whether Dan Coats should oversee declassification decisions regarding her nomination.
Whether she has been alone with President Trump.
Whether she would tell Congress if he asked her for a loyalty oath.
She also answered that she didn’t think torture worked, but then hedged and said she couldn’t say that because we got evidence from it.
She did answer one question that went to the core of her abuse when she participated in the destruction of the torture tapes. She said she would consider it insubordination today if an officer bypassed her for something as substantive as destroying the tapes, as Jose Rodriguez did. But she as much as said she would have destroyed the tape much earlier, because of the security risk they posed to the officers who appeared in the videos.
Then there was the logical inconsistency of her presentation. Several Senators, including Mark Warner, Dianne Feinstein, Ron Wyden, and Kamala Harris, complained about the selective declassification of information surrounding her confirmation. Haspel explained that she had to abide by the rules of classification just like everyone else. Not only was that transparent bullshit on its face (as Harris noted, the CIA released a great deal of information that revealed details of her operations), during the course of the hearing she provided details about her first meeting with an asset, Jennifer Matthews’ life and assignments, and a counter-drug program that also must be classified, and yet she was willing to simply blurt them out.
Perhaps most remarkable, though, is a key claim she made to excuse the destruction of the torture tape.” …
PeaceHead • May 9, 2018 7:19 PM
@bttb: I’m with you on this. Thanks for pointing out her B.S.
I was watching some of the so-called hearings on C-SPAN this morning, and it’s a shame how CNN and the like are just going with the one cherry-picked quote, totally lacking proper context.
The only good thing I can say about Haspel is that I don’t like Pompeio’s record either.
We’ve got way too many brutish neocon types in the Trump admin.
Pence hanging with the Koch bros, Pompeio/Bomb-bay-o, and now this chick.
She reminds me of my oppressive clarinet teacher in early junior high: non-chalantly repressed and domineering at the same time; no wonder she was a clandestine cherry picked.
P.S.-I noticed that there was some broadcast censorship bleeping of some of her words and phrases where I was. So maybe even the CIA knows she might be a talking, walking risk.
I don’t mean to sound so blasphemous, it’s just that if international terrorism is such a big risk and those are the main adversaries, then we need more basic reliability and accountability and directness from our heroes.
Russia/China/Iran/DPRK… these are NOT the primary “adversaries” of the USA. Check the FBI.gov website and you find a completely different list of main concerns.
Seriously, look at it. It’s worth it. The FBI deals in counterterrorism and counterintel too. And they are bound by US law. It seems that the CIA doesn’t even have to obey laws anywhere… do they? and DO THEY?
It seems like year after year, the CIA goes looking for trouble and finds it or makes it. A lot of laypeople say that the USA’s foreign policy is too involved elsewhere… and yet our current Republican admin is constantly stirring the worldwide pot of geopolitical relationships.
I’m in favor of those policies and politicians and diplomatic and military groups who prefer more balanced and surgical or even neutral and/or humanitarian approaches. I like “THE DIALOGUE”. It seems that we need to be smarter about this stuff.
The old-school approach of pure aggression is anachronistic.
We should NOT be making more and more enemies nor rekindling old tensions. This nation is so effed up, from the top down.
/rant
PeaceHead • May 9, 2018 7:28 PM
On a much lighter note,
Squid / Octopi / Cuttlefish / Nautili / Snails / Slugs sure are beautiful and wonderful.
I wouldn’t be surprised if a rare advanced subportion of them are fully capable of modulating their own DNA.
Personally, I would add them to the list of species most likely capable of surviving an futuristic Nuclear Holocaust.
Alyer Babtu • May 9, 2018 7:46 PM
You never write, you never call.
Now a whole new way to respond, what could possibly go wrong ?
Anura • May 9, 2018 7:52 PM
@PeaceHead
In my experience with nuclear holocausts, you can expect some insects (albiet enlarged due to radiation), as well as a handful of mutant mammals and lizards, but not slugs.
Clive Robinson • May 10, 2018 12:22 AM
@ echo, Ratio,
I bet Clive can guess what I was tempted to say but I don’t want to be banned for a week.
Yes I can, and there has been the odd occasion I’ve “shocked the moderator” with only innuendo so yes I can understand your natural caution.
As for UK politicians it still amazes me how some of them get their jobs, and even more so how they keep them. After all some are way worse that “Blunder on the bus” Boris, who nodoubt is still looking for a suitable Natasha… Atleast Boris has “entertainment value” unlike say “Rockets” Rifkind and others who have been caught not just on the fiddle but soliciting…
You are probably aware of who the Private Eye editor is and the TV news show he appears on. Well he did a fairly simple calculation that showed that a UK MP was four times more likely to go to jail than an ordinary UK citizen… Even alowing for the “law of small numbers” and the “get out of jail” ID’s they carry that is still a worrying statistic about the probity –and in some cases sobriety– of the UK’s Members of Parliment…
Clive Robinson • May 10, 2018 12:55 AM
@ VinnyG,
My preference is that someone riding in the vehicle assume that responsibility, but that may not always be possible. It certainly would depreciate, if not entirely moot, many of the perceived advantages.
Unfortunately there are two catches to the “someone riding in the vehicle”.
One of the main interrsts in driverless vehicles is not personal cars but delivery vehicles and taxis. You can see that from the companies behind the technology, they in essence want to get rid of the “driver” who they pay etc. Thus the two problems are,
1, No human aboard.
2, No capable human aboard.
By “capable” I mean they are just a passenger and can not effect the way the vehicle behaves, just as it is with most taxis currently.
I susspect that “driverless” will fairly quickly become the primary vehical type in high density areas such as cities etc then ad the technology becomes cheaper spred out into the suburbs, then urban and finally rural areas. Leaving driver based vehicles to only specialized tasks/occupations where their primary use is not as transportation.
There is of course a third case which is those who currently would not be alowed to drive for various reasons beyond their control. For instance in the UK your licence can be revoked for medical reasons, including becoming partially disabled temporarily or permanently.
However as is often the case with things that have become a “social need” politicians talk about using the withdrawal of your ability to participate as a method of “social punishment”. Whilst this might be acceptable for those breaking driving rules/law, I find it unacceptable when they plan to use it as a method of coercion or control over the populous. Which is one reason I strongly object to driver’s licences being used as a primary method of identification.
One of the major problems with “social needs” like driving is that those in power salivate at ways to use them for control. Thus they become rocks under which increasing numbers of nasties get to hide. That can and almost certainly will get abused by those in power or those such as “guard labour” who get the powers by delegation.
Bong-Smoking Primitive Monkey-Brained Spook • May 10, 2018 1:07 AM
@Clive Robinson, CC: @Ratio,
Impossible as that sounds there are ways that can currently be done with certain designs of “black box” systems[1].
Puppeteer up to his ears in work. He’s still lurking here. Give him a few more weeks if he doesn’t drown in work quicksand.
Thoth • May 10, 2018 1:10 AM
@all
Totally absurd amount of credits given to both TOR and Telegram as impenetrable fortresses for criminal which in actuality the US Govt have routinely defeated TOR and fractured it’s claims of capability and any organisation that is well funded would have already been able to defeat TOR.
Similarly, Telegram is known for it’s homebrew crypto and isn’t much better and in default mode without E2EE enabled explicitly is simply SSL/TLS channel with homebrew crypto.
That being said, I think the true motivation for giving more credits than these 2 technologies deserved is to create FUD and to push in back/front door into legislation.
Link: https://www.securityweek.com/telegram-rivaling-tor-home-criminal-forums
Clive Robinson • May 10, 2018 5:36 AM
@ PeaceHead, Anura,
Personally, I would add them to the list of species most likely capable of surviving an futuristic Nuclear Holocaust.
We know from direct experiment in “labs” that roaches are going to survive. We also know that for the same reason Goats are about ten times more resilient to Nuclear, Chemical and Biological weapons than we humans have been believed to be…
However there are relatively few “real-world” examples outside of a few islands and deep holes in the ground. These are Nagasaki and Hiroshima, where the effects are much less than expected. We also have a couple of more recent reactor accidents, Chernobyl and Fukushima Daiichi.
From official scientific reports the upshot is that way more deaths and injuries have resulted from moving the populations out of the effected areas than by radiation or radioactive material getting into the environment.
Worse in the case of Chernobyl were the number of “medically advised abortions” even well outside the effected areas. But most deaths have been “fatalistic deaths” that is people assumed they had in effect been sentenced to death, gave up on life or started living extreamly unhealthly or at high risk, such as severe alcohol and smoking, not excercising or working giving rise to early mortality.
In the case of Chernobyl the wild life in the area has been monitored quite extensively and there is little evidence that they have been effected. People are now nearly a third of a century later being relocated back into the area and Chernobyl it’s self has become a tourist attraction.
Somebody I know has visited the area a number of times to make use of a “cold war” relic in the area, which is the massive HF over the horizon radar antennas (woodpecker) on “DXpeditions”[1].
Thus it appears that whilst radiation and radioactive elements are of danger, they are not as dangerous as originally thought and that it is the fear of them that causes way more deaths and injuries not just immediatly due to evacuations, Disaster shock and the like, but due to fatalism and Survivor Shock PTSD and depression giving rise to high risk life styles in the long term.
Clive Robinson • May 10, 2018 5:55 AM
@ BSPMBS,
Puppeteer up to his ears in work. He’s still lurking here
Hey nice to hear you are still “huffing and puffing” even if it is like Thomas the Tank Engine 😉
Remember each bit of work you grind off is one less piece to get in your way. The real trick is to catch the manic with the TIG welding new bits on. For them no fire in hell is hot enough, so even the Devil quails. Thus the “Thermic lance” might be the weapon of choice…
echo • May 10, 2018 7:25 AM
I turn my back for a moment and several books are published in the weekly squid! It’s all a jolly thought provoking read!
I have been busy organising my network. I managed to get Unison working for file synchronisation on the file server/backup desktop and docked laptop clients. Command line SSH was a bit tricky but turned out to be simple enough. I haven’t yet satisfactorally resolved full disc encryption yet on dual boot systems. There are BIOS/UEFI issues not to mention TPM plus OS and filesystems and different encryption schemes having different pluses and minuses and tripping over each other. It all seems a bit hacky.
To provide SSH on Windows I’m using Cygwin with the install recommendations on Github. (Putty works but it’s too much grief in practice.)
https://gist.github.com/roxlu/5038729
I haven’t yet decided on a scheme for encrypted cloud storage. Possibly rclone as a one stop shop, or for more flexibility an encryption app plus synchronisation app.
@Clive
Oh, where to begin… I like to stay away from politicians and bureaucrats as they mess my head up.
Thoth • May 10, 2018 10:05 AM
@all
How secure is Signal ?
Apparently Signal’s “self-delete” messages leaves traces in MacOS notification history.
There is more than one way of attacking a security system without needing to add back/frontdoors or weakening cryptographic protocols.
People make mistakes in designs and codes and exploiting them or a bubble-up attack is much more convenient.
echo • May 10, 2018 9:09 PM
@Thoth
One of the joys of the analogue world is you could at least take things apart to examine and put them back again with nothing more than rudimentary skills. More modern devices are much more opaque. Where is the electronic equivalent of “habius corpus”?
Is it possible to design a maechanical device which is cryptographically secure? Is it possible to build this device microscopically but not so small it cannot be disassembled and examined and reassembled? I ask this having just looked for information explaining how secure Enigma was in modern terms.
Tick Tock • May 10, 2018 11:40 PM
@echo, et al
The topic of encrypted cloud storage has intrigued me for a while.
Does anyone have experience running an NBD (network block device) server on a VPS? Mounting the NBD export locally as a LUKS volume would allow all encryption to be controlled by the local machine while the cloud side acts as “dumb” storage.
The setup is very similar to FDE (full disk encryption) where the disk is located remotely. What are the security advantages/disadvantages of this approach compared to remote file based encryption?
Clive Robinson • May 11, 2018 6:22 AM
@ echo,
Is it possible to design a maechanical device which is cryptographically secure? Is it possible to build this device microscopically but not so small it cannot be disassembled and examined and reassembled? I ask this having just looked for information explaining how secure Enigma was in modern terms.
It’s certainly possible to design it Gordon Welchman did, the problem is it’s not realy possible to build it to be reliable due to mechanical “bind, slop and flex”. It’s the same problems that stop us having an unpickable lock.
As for “microscopic” no, you need way to many interchangable parts to get upto the “combination space” that might be considered secure.
I can give you more details if you like but they are fairly dull be they mechanical or mathmatical issues.
Clive Robinson • May 11, 2018 6:28 AM
@ Thoth,
Apparently Signal’s “self-delete” messages leaves traces in MacOS notification history.
Colour me unsupprised…
As you know I’ve been warning about “end run attacks” around signal et al through the OS and it’s services longer than Signal has been available.
The problem is the same as always, the security end point is in the wrong place, and untill it’s moved Signal is going to be “less secure than a second hand pair of string underpants”.
JG4 • May 11, 2018 8:16 AM
Been busy, or you’d hear from me more often. The problem I have with classic blockchain is that it is based on proof of work. If that work weren’t wasted effort, but directed to climate calculations, protein folding or SETI, I’d be OK with it. There’d be no wasted electricity. I am open-minded on which algorithms survive the shakeout, but Leemon makes a strong case for his approach (links herewith). The two biggest issues that I’ve found on the old blue marble are scalability of trust and the difficulty of transducing sunlight into useful forms of energy, e.g., food and fuel. Blockchain and other consensus algorithms help with scaling trust. I am more optimistic about transducing sunlight into fuel and food than I am about people suddenly finding a way to all get along. This guy is a real firecracker – retired USAF lieutenant colonel.
Swirds’ Leemon Baird Talks Hashgraph
https://www.youtube.com/watch?v=pOc23lJw7ls
A Simple Explanation of Hashgraph with Pictures
https://www.youtube.com/watch?v=wgwYU1Zr9Tg
Trust is a consensus algorithm. It hasn’t been scalable, at least not stably.
Governments are consensus algorithms – “consent of the governed.”
Voting is a consensus algorithm.
Money and transactions are consensus algorithms.
Loosely speaking, science is a consensus algorithm.
Banking is a collection of consensus algorithms.
There is at least some element of consensus in religions.
The feedback mechanisms in Ebay, Uber, and Yelp are consensus algorithms.
Contracts are consensus algorithms.
air security in the news – some poor design choices right out of The Pentagon Wars
Fear Of Losing Oxygen Puts U.S. Fighter Pilots On Edge
http://aviationweek.com/combat-aircraft/fear-losing-oxygen-puts-us-fighter-pilots-edge
Naval Air Forces Visits Training Wing
http://navylive.dodlive.mil/2017/04/09/naval-air-forces-visits-training-wing/
Air Force T-6 Texan training plane grounded after cockpit scares
https://www.stripes.com/news/air-force-t-6-texan-training-plane-grounded-after-cockpit-scares-1.509683
water security in the news – deny, delay, distract
Air Force sends first $400,000 filter to Fountain to scrub PFC contamination from ground water
https://www.denverpost.com/2017/06/29/air-force-filter-fountain-colorado-contaminated-water/
echo • May 11, 2018 10:34 AM
@Clive
Oh, that’s a shame. I was hoping a mechanical and secure encryption device could be built like a well made watch. I can understand the concepts and follow the details but if it becomes too rarified would be lost before you have finished the first sentence. You could always go large couldn’t you, or does this have similar fundamental issues? If somebody one day said Alton Towers has secretly been a huge encryption machine for decades I wouldn’t know enough to disbelieve them. I wouldn’t put anything past anyone nowadays.
I did some searching on the smallest mechanical encryption machine I could and only found this. It explains aspects of cryptography and the bit processing available to very low power devices such as RFID tags. I expect an intricate mechanical device would be as low powered or lower?
Cryptography on a Speck of Dust
https://pdfs.semanticscholar.org/73f1/0c6da05513ba0fa394bf09b2e67b815b5a84.pdf
bttb • May 11, 2018 2:33 PM
“Obama Paved Way for Haspel to Head CIA by Failing to Hold Torturers Accountable”
Some excerpts from yesterday’s Democracy Now!:
[…]
“AMY GOODMAN: A lawyer who spoke to Ray McGovern in jail said he’s being held overnight and faces arraignment this morning. Ray McGovern, long time worked for the CIA, one of the top briefers for President George H.W. Bush years ago.
On Wednesday night, President Trump tweeted, “Gina Haspel did a spectacular job today. There is nobody even close to run the CIA!” he tweeted.
But at least two Republican senators have come out against Haspel: Rand Paul and John McCain. McCain said her, quote, “role in overseeing the use of torture is disturbing & her refusal to acknowledge torture’s immorality is disqualifying.” But Haspel may still be confirmed with the help of Democratic lawmakers. Democratic Senator Joe Manchin of West Virginia has already announced he’ll back Haspel.
For more, we’re joined by Jeremy Scahill, co-founder of The Intercept, host of the weekly podcast Intercepted, author of the books Blackwater: The Rise of the World’s Most Powerful Mercenary Army and Dirty Wars: The World Is a Battlefield, and the Oscar-nominated film Dirty Wars.
Jeremy, welcome back to Democracy Now! Talk about what happened yesterday, and talk about Gina Haspel’s record.
JEREMY SCAHILL: Well, first of all, I think that if we look at the fact that we’re 17 years removed from 9/11, and we look at how this country has not come to terms with all of the acts of torture, kidnapping, extrajudicial killing, that was done with the veneer of legalism, put over it by very creative, albeit creative in a sort of evil way, lawyers in the Bush administration, what has resulted in not holding those torturers accountable is that one of them is now ascending to the highest post in the CIA.
And, you know, Amy, the CIA is generally prohibited from engaging in operations inside of the United States, and also prohibited from engaging in propaganda aimed at the American people. And yet, to me, this whole Gina Haspel nomination really seems like a CIA operation itself. You know, the CIA, throughout history, from its origins—and this was the case with its predecessor, the OSS—has had a mastery of coups and interventions and interfering in affairs of other nations and waging propaganda battles. Gina Haspel, when she was nominated for the CIA, was the recipient of an enormous amount of support from the CIA’s social media accounts, Twitter and others. And it was a propaganda campaign that was aimed at all of us, at the American people. It was aimed at lawmakers, it was aimed at journalists, where they sort of tweeted a—and they did it over and over and over, and they even did it once Haspel was technically in charge of the CIA, where they’re giving her biography, making her sound like some combination of like Lara Croft, Tomb Raider, with Jack Bauer. I mean, it was really kind of incredible.”
[…]
“some of the Democrats and all of the Republicans engaged in a collective endorsement of what is, in my view, quite clearly, a CIA propaganda operation. It’s a coup of sorts to have someone like Gina Haspel, who has been involved with destroying evidence, torture, kidnapping, and refuses—refuses—to denounce any of it. I mean, it’s incredible that 17 years after 9/11 and—and, I’m sorry, Obama plays a huge role in how this happened. The moment Obama said, “We need to look forward, not backward,” was the moment that Gina Haspel was able to become a viable candidate for CIA. And, I mean, this is a very, very serious development and the result of a probably extralegal propaganda campaign and an operation aimed at the domestic American public.”
“AMY GOODMAN: And what about the destruction of the videotapes? Explain what she did.
JEREMY SCAHILL: Well, first of all, Gina Haspel claimed, in this hearing, that there were 92 tapes and that it was 92 tapes of one individual. You know, Jason Leopold, who is a BuzzFeed news journalist that has done really incredible work FOIAing information—he and Marcy Wheeler have tracked this stuff more than anyone else—said that it was tapes of two individuals. Gina Haspel claims that they took the—that they had these recordings, that there was concern because the program—meaning the extraordinary rendition program and the black sites program—had started to seep out into the media. It was being reported on in The Washington Post, New York Times, Sy Hersh, other people. And they said, “Oh, well, we can’t have these things leaked, because it’s going to put at risk the agents in the field.”
And Haspel and her boss, Jose Rodriguez, who openly brags—he goes on his book tours and stuff, openly brags that he jump-started the torture program, said it worked, etc. Haspel was his deputy at the time that these tapes were ordered destroyed. And Haspel had to actually draft the memo for Jose Rodriguez. Now, her defenders portray it as though she was like Rodriguez’s secretary and was doing it. No, she was one of the people that ran the site where these tapes were filmed.
And she said, openly, in the hearing, which actually contradicted a lot of what her defenders said about her—she said she absolutely supported destroying the tapes. Now, and then she’s asked during the hearing—now, mind you, this is someone who is up for CIA director. She is asked, “Why didn’t you preserve a copy of it in a secure way? OK, we understand that you wanted to destroy any tapes that may have been not held securely. Why didn’t you preserve a copy?” She says, “Oh, I’m not a technical person.” Huh? You’re not a technical person, and you’re going to be the director of the CIA? This is what I’m saying. This whole thing is a PSYOP against us.”
[…]
“AMY GOODMAN: And she gets to classify or declassify the documents. She’s in charge of the CIA right now, right? Acting director.
JEREMY SCAHILL: She is. And I also—and the other point—I mean, look, this was all they talked about yesterday, for the most part, this and then, you know, Marco Rubio and others sort of saying, “Oh, we love the CIA, and you’re all so great.” They didn’t talk about any other issues. Gina Haspel at one point mentions the relationship between the Joint Special Operations Command and the CIA has never been closer. I mean, to me, the elephant in the room of all of this is that the CIA and the U.S. military’s darkest elements, they’re in a golden era right now. I mean, Trump is an ideal person for them. All of this stuff about the deep state is trying to destroy Trump—establishment neocons hate the man, but they love what’s going on right now. And, unfortunately, they’re in an alliance increasingly with liberals.”
https://www.democracynow.org/2018/5/10/jeremy_scahill_obama_paved_way_for
bttb • May 11, 2018 2:43 PM
Regarding Haspel potentially heading CIA, more from emptywheel:
“When Gina Haspel was testifying on Wednesday, she confused those of us who know the history of the torture tapes well. She made two claims that didn’t accord with the public record of the tapes that were destroyed. First, she said that only one detainee was depicted on the 92 tapes that got destroyed. Additionally, she said, “I that she didn’t appear on the tapes, as has been mischaracterized in the press.”
Yet as an inventory of the tapes shows, two of the tapes depicted Abd al Rahim al-Nashiri, though those tapes were taped over every day.
So there should have been two tapes depicting Nashiri’s torture, and given that she oversaw his torture, there’s a good chance she’d appear on them.
When Charlie Savage asked CIA about the discrepancy, they pointed to a CIA IG review done of the tapes that showed a number of the tapes had been altered before the review.” …
https://www.emptywheel.net/2018/05/11/gina-haspel-started-her-cover-up-in-2002/
Alyer Babtu • May 12, 2018 2:14 AM
@Clive
due to mechanical “bind, slop and flex”. It’s the same problems that stop us having an unpickable lock.
Would ceramic materials allow more to be done ?
Gerard van Vooren • May 12, 2018 4:44 AM
@ Alyer Babtu,
Would ceramic materials allow more to be done ?
Just ask yourself why a razor hasn’t been made of ceramics: The problem of ceramics is that ceramics don’t flex, they break.
Now, ceramics are definetely a lot harder than any kind of steel, that’s true, but I don’t know whether they are materials that can be used for locks.
echo • May 12, 2018 8:44 AM
@Gerard van Vooren
J E Gordon wrote very interesting books on materials. I enjoyed reading them.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Yet Another Nick • May 4, 2018 4:38 PM
In addition to the much acclaimed National Buzzard Gizzard Day and the wildly popular International Turkey Pot Pie Day there is–wonders of wonders–an International Password Day. Thankfully the folks that make a famous convocation of pured hazelnuts, pressed palm trees, and heavily refined sugar cane have got everyone covered with password advice one can spread on whatever one likes, however thick one likes.
https://twitter.com/NutellaGlobal/status/992027051765981184
Now that is some Grade A security advice. How sweet it is.