Schneier on Security

Clive Robinson • September 15, 2018 5:24 PM

@ Bruce and the usual suspects,

With regards “acoustic side channels” and surface mount components. I could not find at the time this paper from Mark Laps that explains how “chip caps” can be both microphones and speakers due to piezoelectric effects,

http://www.kemet.com/Lists/TechnicalArticles/Attachments/62/2007%2520CARTS%2520-%2520Reduced%2520Microphonics%2520and%2520Sound%2520Emissions.pdf

Clive Robinson • September 15, 2018 9:19 PM

@ Hmm,

Link does not work.

It’s probably the repeated “%2520” in the URL try replacing them with just a space.

The “chip caps” are small surface mount devices that often look like a small piece of toffee with silver on either end.

With regards “capacitor plague” that was faulty “electrolytic capacitors” with many different “wraps” that apparently came from a major Taiwanese Company. But nobody is saying just which company it is…

When I design circuits I try and avoid using “electrolytic capacitors” due to the fact that all of them are probably the least reliable components on a board at the best of times.

Most of the time they are only good for around ten years of life before they need replacing. Back in the old days of “lead based solder” this was generally not an issue. But with modern RoSH “Pb Free” they put silver in the solder and this leaches the copper off of the PCB, so even with care you are likely to get damaged PCB tracks.

Clive Robinson • September 16, 2018 7:18 AM

@ Wessly Parish,

Don’t put the ‘d’ and second ‘i’ in IoT

Ahh you mean the problem of the,

Internet Defective Input of Thought

Issue that blights so many things.

Clive Robinson • September 17, 2018 8:59 AM

Ahhh yes Professor John Yoo, what can one say about him that does not trip the naughty words filter.

Let’s just say at best he was a “useful idiot” for a bunch of people that make psychopaths look good.

There is a saying up in Scotland about somebody being “What is left after you spit out the nuts when eating a Dundee Cake?..” to which the oft unsaid answer is “You get two piles, the first is nuts, the second is 5h1t”

Clive Robinson • September 17, 2018 10:40 PM

@ echo,

Editors have normalised hate, from Rod Liddle to Katie Hopkins
The publication of racist views is now permissible – and the print media is to blame

Oh if only it were just the editors of MSM etc.

Sadly it’s not, various ministers and politicians have actively encoraged or participated (Lord Sugar being a throughly umpleasant minor example that should have been striped of his titles for his tweets expressing his views with Nazi images).

In effect it has been encoraged by the powers that be, to be the “new opioid of the masses”. In effect to distract us away from other rather more important issues. Such as the complete mess the current encumbrants have made of the country and appear determined to sink “The unsinkable aircraft carrier” that the UK once was.

Clive Robinson • September 18, 2018 6:39 AM

@ Alejandro,

With regards “Project Verify” and Nicholas Weavers comment of,

“The carriers have a dismal track record of authenticating the user. If the carriers were trustworthy, I think this would be unequivocally a good idea. The problem is I don’t trust the carriers.”

I think he’s wrong there.

The reason is simple, if not the carriers then “Who can be trusted?” and importantly “How can they be trusted?” and “Why can they be trusted?”.

You need to roll those questions around a bit but you will come to the conclusion with the “Why?” you have no leverage against a third party nor do they in turn have leverage against a fourth party like the US Government IC and LEO entities. Worse they have a host of your second parties to play with as well. Put simply it is a “too many faces in the crowd for you to point a finger at” issue which effectively removes any chance of legal action. Which is certainly neither “good” or “unequivocal”

But that brings you around to the “How?” question. That is what secure “methods” are in place and importantly are they immune to insider attacks? I’ve yet to see a three party system where that is the case and you would need that for “unequivocal” to be the case.

Thus there is never anything “unequivocally a good idea” about authentication systems especially those operated by Third Parties without ‘real skin in the game’ beyond that which would stop a fourth party gaining access.

Bad as passwords are they are in effect a “two party” token authentication system where both parties have “skin in the game”.

Thus if a two party system with more “token” security than passwords could establish a “trustworthy” authentication channel prior to authentication or the authetication token is immune to evesdropping and replay or MITM attacks then a two party system would be considerably better than a multiparty system.

Clive Robinson • September 20, 2018 7:38 AM

@ echo,

Women are suffering from an exploision of spiked drinks.

It’s not just women, and it’s not just drinks it happens in many adult “social settings”. Not mentioned in the article is that often what are used are “social drugs” like cocain, that effect the brain directly producing effects that some have claimed is “a thoudand times better than sex”.

Cocaine generally comes either as a hydrachloride salt or freebased[1].

The salt can be disolved in water and can be injested, injected or absorbed through mucus membranes and the like. So food, and contact as well as drinks. The freebased form can be inhaled and will survive low temprature combustion in other products such as tobacco, so can be smoked or inhaled.

Various other drugs like “weed”, “speed” etc that effect the brain will reduce or remove conscious barriers putting the victim in at the very least a suggestable state. Even caffine in coffee and energy drinks can be used in combination with alcohol or other drugs.

In short there are way way way to many combinations of substances (add speed to weed chocolates or spice cakes or even other food for instance) that will alow a person to gain advantage over another without the victim actually realising it untill later, or sometimes not at all.

Unfortunately in a conservative view point false morals are used to “blaim the victim”, thus avoid having to deal with the realities of sociopaths and others that use such technicues to gain power over people.

What is seldom said is that in many cases where such techniques have been used the abuser actually is known and to a certain extent trusted by the victim. Thus “secondary fear” plays a large part in the victim not reporting what is in actual fact a “crime of violence” the same as if the victim had been beaten into insensibility.

Further “social drugs” are also used by “people traffickers” and those who “run prostitutes” especially those who are underage or vulnarable for various reasons.

The one thing people need to get clear in their head is that as with serial killers the “sex component” in “date rape” and “spiking” in general is almost immaterial to the “power” component of the attacks. It’s the fact they can drug people and get away with it which is the real high for the attacker, especially if they can do it so the victim does not realise it, or another person gets blaimed.

Also what people do not consider from a security perspective is the “tounge loosening” effect that social drugs in carefull mixes can have. They can certainly be as effective as those used to inhibit conscious control for either anesthesia or as “truth drugs”. So in the right setting you do not need to by a wrench with the $5 just a pizza with “alternative herb” topping sprinkles and high caffeine energy drink will work on many people, if that fails things can be stepped up notch by notch.

[1] It is a simple process you can do in any kitchen with a microwave oven to take the cocain salt and remove the hydrachloride component with ammonia (from window cleaner) or bicarbonate (from baking powder) mixed with water and then heat the resulting paste. Apparently if put on a plate in a microwave when “done” the dryed past “cracks” hence it’s name “Crack Cocaine”. Various claims have been made about it being “instantly addictive” if that is true or not does not diminish the fact that it has extrodinary mind altering properties, that can strip a person of inhibitions, morals and any kind of self control.

Clive Robinson • September 20, 2018 5:08 PM

@ MarkH,

Predictably, the mysterious closure triggered a flow of batsh!t-crazy conspiracy theories

I’m not so sure they all were, the whole story looks “batshit-crazy” as it is 😉

Under the title,

MYSTERY SOLVED? FBI REVEALS WHY IT SHUT DOWN THE NEW MEXICO SOLAR OBSERVATORY

Newsweek has published an article today,

https://www.newsweek.com/mystery-solved-fbi-reveals-why-it-shutdown-new-mexico-solar-observatory-1130075

Claiming it was about a child porn investigation the observatories WiFi and a janitors laptop that mysteriously “got taken” obigitory X-files music at this point 😉

The janitor then apparently went somewhat paranoid when searching for his laptop,

According to KRQE, the janitor “feverishly started looking through the facility” after realizing his laptop was missing, as well as making comments on the apparent lack of security at the observatory, suggesting it was “only a matter of time before the facility got hit,” adding he “believed there was a serial killer in the area.”

The article finally gets around to contradicting it’s own title by saying it was the observatory officials made the decision to close the site as a precaution over concerns the suspect may pose a threat to the public…

But more puzzling is there is no explanation as to what happend to the janitors computer and,

The janitor has not been arrested or charged in connection with the investigation and no arrest warrant has been issued, according to the FBI. The observatory has since terminated its contract with the cleaning company that employed the janitor, documents add.

Or why the Observatory was closed for 11 days, if it was just a paranoid janitor…

I reckon there’s the making of a conspiracy story in that lot alone 😉

As they say “you realy could not make it up”…

But it suggests “over reach” in the FBI. That is some one pushed the “here be terrorists” button or similar and it took that long to search the place thoroughly whilst using extended / enhanced interogation on a probably mentally ill person, who was just hanging in there on minimum wages. But the FBI failed to turn up anything to make him a convincing “frame fitting terrorist” etc or anything else except someone in need of help.

Clive Robinson • September 21, 2018 3:58 AM

@ MarkH,

… the shut-down over concerns of a crazy-seeming employee was actually a reasonable security measure…

But for 11 days?

The story still does not make sense.

If the janitor had some how escaped and gone on the run then maybe, but there is no evidence given of that.

From what has been said the FBI took away five computers and three phones from the suspect, yet he’s not been arrested…

Other articles suggest the whole thing was started by one of the senior observatory staff “seeing” what they thought was a child abuse image on a computer but did not say anything about it at the time because they were too busy…

There is a lot of stuff talked about the suspicion of there being downloading and redistributing across the observatory WiFi, but no arrests or much of anything else has actually happened than the unexplained 11day shutdown.

If the janitor was involved in such activity and had used one of his confiscated electronic devices in an ordinary way then you would expect there to be evidence of such on atleast one of them[1].

If anything the “information vacuum” on this story is growing, and getting odder as the little information that has become public dribbles out.

I’m guessing that if other parties were involved all the “world wide noise” has caused the birds to have long since flown or gone to ground.

However, what’s the betting “crypto” and the FBI “going dark” comes out of this… And… It then does get covered by our host?

Stranger things have happened 😉

[1] Yes, I’m aware that if you did not use a laptop in the “ordinary way” then there would not be the normal “traces”. But that raises a whole bunch of other questions. For instance unless it was just being used as a relay, it still leaves the questions about the storage required for “redistribution”…

Clive Robinson • September 21, 2018 10:06 AM

@ Wesley Parish,

The Romanian ransomware mastermind who infected Trump inauguration CCTV cams

Caught by poor OpSec, if this is to be believed,

They used personal Gmail accounts to orchestrate their campaign, and had accessed them from one of the infected CCTV controller PCs.

However I would not rule out other possabilities as we know that SigInt agencies have been behind “parallel construction” on more than one occasion. In which case it probably does not mater how good you think your online OpSec is based on what you know and using modern tools you are still likely to be “toast”. It’s why I mention “Old School OpSec” from time to time, atleast it’s been field tested for a hundred years or so[1] and had a few of –but not all– the bugs knocked out.

But it gets better, currently we have a “major downer” on IoT due to the lack of security in the devices. Well as the article notes,

Each of their [187 High Tech] CCTV units consists of a camera attached to a Microsoft Windows-powered computer…

With supprise supprise a full web browser etc etc… So remember folks that “IoT badness” is not BIOS or OS dependent, and even the supposadly largest consumer / business OS producer in the world can not get it right…

But the article also contains a link to,

https://www.theregister.co.uk/2018/09/20/makers_of_mirai_free/

Which is also a quite interesting read.

Apparently the three people behind the DDoS and IoT attacks (Mirai and clickthrough), are not going to trial…

Such light sentences are uncommon in America for computer crime, however, there is one clear reason in this case: the trio became cyber-crimefighters for the FBI, and have already helped taking down other botnets.

So for those proto-masterminds reading along remember if you have “real skills” or “you know how to sell out more people than you are worth” the FBI might let you plea deal out of what could be a couple of hundred years jail terms.

Why do the FBI do this, well as I’ve noted below even the FBI are bright enough to know they don’t have the skills required. Thus they can throw money at a problem like Tor, which is expensive at a million bucks for maybe six man-months of work, or they can try something else a lot lot cheaper…

As the article notes,

The trio began working for the Feds even before being charged with the Mirai case. Given the problems faced by the FBI in recruiting hackers, flipping botnet masters is an interesting new way to swell the ranks of defenders in US law enforcement.

But remember, even though you are not “Big Billy’s play thing for 23hours a day” you don’t realy even have the freedom of a three jobs a day below poverty level wage slave. As the article indicates one of the three went from have a well paying proffesional full time job to a part time job presumably well below his honest earnings potential, about three-four years of “community service” and has to pay off substantial fines along with legal fees out of that much reduced income. Then there’s that other “Big Billy” to keep satisfied a much worse monkey riding your back call Feebie, who is never ever going to climb off as you are owned by that plea deal.

[1] For those reading along who think they’ve “got the chops” with regards On-Line OpSec, some advice… Firstly the technology moves too fast for individuals to keep up, let alone field test it or work out it’s less visable flaws, which can be quite subtle. Secondly we know the SigInt agencies in the US UK and other N-Eyes practice not just “collect it all” but where possible “trace it all”, this is because experience tells them Traffic Analysis is often more usefull than message content. Thirdly the current anonymity networks do not keep you anonymous, when the SigInt agencies are into so many routers in the path you can not see. Worse even the less than technically sophisticated law enforcment agencies like the FBI, know how to throw money at a problem with teams of quite inteligent enginers and scientists, and whilst you might be better at something you will not be better at all things. Oh and for the love of sanity never mix old school OpSec with High Tech, it does not work as the CIA found with China, and MI6 found with the Russian’s and the “electronic rock” in a Moscow Park.

Clive Robinson • September 21, 2018 12:59 PM

@ echo,

Why is Snowden a hero and Reality Winner got punked? She’s pretty much invisible and the most what happens when her name is mentioned is a big “huh”.

Neither of them is a hero, they are both revealers of state secrets for reasons of conscience. Which in both cases was justifiable thus it makes them “whistleblowers”. That said they have little in common.

You can blaim the MSM for some of what has happened to Reality. But she realy was the architect of her own downfall more than anyone else.

She behaved in an emotional way and left a huge papertrail of things that would count against her including a diary that had some kind of jihadist worship that the judge read out… Further when in jail she blabbed on the phone and effectively hung herself then and there.

She basicaly acted on impulse, because of her dislike of what she saw as “a soulless ginger orangutan” and thus needlessly brought down the wrath of “Trump Supporters” including a majority of politicians in places of influence, rather than think her actions through rationaly and practice a little OpSec.

OpSec such as not sending an original document. That is you should retype the document using a thesaurus on an old computer or one that does not have a hard drive as a text file. Then only print out a munged version[1] at an internet cafe or such like in an area frequented by beltway bandits and post it or set up a throw away email account and send it. But even if she had taken that precaution I doubt she would have practiced other required OpSec.

But there is also the idiot at the Intercept that in effect grassed her up, who was obviously not a journalist of any merit (Rule #1 don’t burn or piss off your sources ever, as others get to hear of it and you won’t get any new sources of merit).

None of the above realy had to do with her being a woman, just some one who acted on impulse way to often than was good for her.

Arguably though her sentance is light compared to what men have received for doing less.

If people in powerfull positions in the USG get to do what they have said they want to do to Ed Snowden then at best it will be three drugs in a vien in his arm at midnight and an unmarked hole in the ground somewhere.

Arguably the only reason it has not happened was he planed what he was doing but even then nearly ended up caught.

There is a saying that you hear often “People love a winner, not a looser” well Ed is a winner so far against very long odds because he planned. Reality is a looser because she did not plan…

Being a woman realy had little or nothing to do with her outcome except at sentencing. Which is if you look at the statistics fairly normal.

With regards,

Speaking of the EHRC my complaint which is supposed to be heard within 20 days by a “senior” officer has gone walkies. It is now overdue and not a peep from them.

I’m afraid that as a friend of mine told me years ago “You have to bring in a third set of eyes promptly”.

Ultimately as it’s a public body –they have done this on atleast four occassions to my knowledge,– you start a judicial review. Supprisingly it is not difficult to do and there are provisons for low/no income litigants without going through Legal Aid. You can also represent yourself as a “litigant in person” and take along a “McKenzie friend” or if you prefer due to impairment by distress etc or non access to suitable representation a “next / litigation friend”.

A Judical Review is a very big deal for any authority because it’s the only way generaly you can get at them. You actually have only to show they have failed in one of any of the four basic steps (Illegality, Irrationality / Unreasonablenes, Procedural impropriety, Legitimate expectation).

Often it’s the first or second of these as “failure to follow their own rules and procedures” that hangs them out to dry. You can in the process put a vast amount of information into the court records. And in effect if it’s not challenged in the court then it becomes a matter of fact usable in other subsequent court cases that might arise. Because of this many organisations will throw quite a number of baristers and even QC opinion at the case. However the judge “generaly smiles on litigants in person” if they follow some basic rules.

The most basic rule of which is “line your ducks up” to make the review procead smoothly. That is take the time to make a “time line” put all documents and other information on it even showing where documents etc are missing, use this to build three indexes one for time, one for subject and an alphabetical one. Neat well presented documentation makes judges happy tgus smile on those who produce it.

Store the actual documents in reverse chronological order (newest first) in leaver arch fikes no more than two thirds full with date tabs and put in “pink paper” where you don’t have a document with why you don’t have it typed neatly on it. Also Yellow paper for questions arising. You are only required to submit copies of the actual documents to the defending entity not the time line indexes or pink or yellow papers. There are ways of reducing copying charges etc for those in hardship (you need to speak to a high court clark of the administrative division).

The main use for a pink paper is where you are aware that the defending entity has had meetings etc and you do not have copies of the minutes etc, or from Email headers there are other people involved who’s emails you have not been given. Show a reason that it should exist (on yellow paper) and nine times out of ten the judge will order such things produced, provided you can show you have made a suitable written request (noted on both pink and it’s covering yellow paper with an index point to the actual request document).

Don’t worry about putting to much in to your folder(s) judges are fully used to handling it, if you are not sure it’s relevant include it but put a yellow sheet in front stating pros and cons for inclusion. The judge will then see that atleast you have thought about it and why, thus are behaving both logically and rationaly in a domain you are expected to be totally unfamilier with, the judge then can decide if it is relavent without you facing penalty for “folder stuffing” or “trying to hide the wood with trees”. Those pieces of yellow paper also help “paint a state of mind” which can also help your case (especially with the last two requirments).

Whilst you have to bring a judicial review within three months (sometimes less if the law says) there is ambiguity in when the start point arises. This includes the time for the “letter before action” that you need to get the format right for, but it’s not particularly onerous.

At the end of the day unless there is a legaly mandated arbitration process judicial review is the only way to chalenge a public body (but not the laws it is based on except in certain circumstances). Which at the end of the day the entity knows and trys to prevent you doing it in various ways (dangling faux activities to time the review out etc).

[1] The old way to “mung” a print out, prior to the “constalations of Orion” and similar, was to first convert it to a low resolution graphics file and print it out on a thermal or inkjet fax machine or printer where you can pull the page as it prints not just backwards and forwards but side to side. Then put it on a cutting mat face up and using a wide ball point pen or equivalent slash ink lines across it not using your dominant hand, then flip it over and slash it for real with a bluntish knife. Then from the back using a broad black felt tip pen scrub over the slash marks so you get bleed through not just at the slashes but in other places. Also randomly cut out connectives and other non relavent words from the front using a sharp scalple or craft knife Having done that make a “doodle scrible page” put it behind the cut out page so the squigles show through, then scan it back in on a flat bed scanner and twist and slide the paper as it is scaned into a graphics file and print it out in low resolution once again. Then either scan it back in and send the image file, or take a bunch of common brand tea pags that have been steeped in dilute red ink and “age” the page. Burn all the other pages and bits and securely wipe the floppy disk the text file, dump it the entire box of tea bags and the red ink in streat waste bins that are miles apart. What the journalist should receive eithet way should be only just sufficiently legible to be read and in the case of the “aged” page very dificult to scan in or photograph thus difficult for them to duplicate.

Clive Robinson • September 21, 2018 3:46 PM

@ Bruce and the usuall suspects,

In the article below David Patterson makes the point that Moores Law is well and truly over (something I’ve been talking about for a while). He indicates that the inverse half life is nolonger 18months but 20years and slowing on scalar processors.

https://spectrum.ieee.org/view-from-the-valley/computing/hardware/david-patterson-says-its-time-for-new-computer-architectures-and-software-languages

As most know there are two basic CPU classifiers,

RISC, reduced instruction set
CISC, complex instruction set

However it’s a bit misleading for many as some get confused by CISC and instruction piplined architectures.

In essence a RISC instruction works on one (ie COMP) or two (AND, ADD etc) data items to produce a new data item.

A CISC instruction can work on many more than two data items at a time, the simplest most know is instructions that move entire blocks of data up or down in memory.

A little more complicated are the Vector Processors, in essence they have multiple blocks of registers inside the CPU and you use as arrays or vectors. So you can do things like add or multiply two arrays/vectors together and produce a third with one ALU. This speeds up the likes of matrix calculations immensly because there is only one set of memory fetches to fill or store a vector, thus by interleaving you can have a fixed vector and an updating input and updating output vector vastly reducing the snail creapingly slow memory operations, and as sequential memory is read/written further speed gains are made. However the vectors are often quite short at 64 or 128 registers.

GPUs work on vectors as well but have multiple ALUs speeding the processing up by performing parallel operations not sequential inside the Processing Unit.

Another alternative to speading things up are “algorithms in hardware” you integrate a large FPGA as a co-processor adjacent to the general purpose ALU much the same as Floting Point co-pros are. These can be added to any of the four processor types mentioned. In essence you hard code an algorithm in logic gates which vastly reduces algorithm time for a five to fifty times speed up. Done correctly with a GPU system the performance enhancments are significant for specialised functions.

Abother alternative rather than use an FPGA which can be reprogramed is to build specialised hardware. The first time this was done was on DSP chips where a vector would get processed with multiply and add (MAD) instructions giving a very high performance boost at the time.

Part of this was the “Wallace Tree Multiplier” which could be used in a wave like manner, which gave rise to the idea of systolic processors.

In essence a systolic processor has a fixed algorithm and hundreds of vectors in effect giving upwards of a hundred thousand data manipulations in one CPU instruction cycle. Such a processor is ideal for neural networks with 10-100million neurons in the network.

Microsoft is going down the FPGA route and Google the systolic route.

In both cases the sperd up comes from two effects, the first is the reduced number of chronically slow memory accesses the second by hardware encoding of algorithms.

There is however another way to go, which is have very reduced RISC processors capable of 10GHz and above clock speeds, each with it’s own “soft array” memory configuted as a vast matrix of several hundred to thoudands on a chip with multiple routing switching buses. Kind of like a Sun Starfire 10K on a chip.