This is a fantastic video of a young giant squid named Heck swimming around Toyama Bay near Tokyo.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Read my blog posting guidelines here.
chris • January 11, 2019 4:55 PM
The New York Times has an article about El Chapo’s “IT Guy” who set up a secure, encrypted communication system for the drug kingpin.
“El Chapo Trial: Why His I.T. Guy Had a Nervous Breakdown”
https://www.nytimes.com/2019/01/10/nyregion/el-chapo-trial.html
The article says that this is a lesson as to why you should treat your IT staff well but it sort of misses a HUGE point: El Chapo asked that this person put “…spyware called FlexiSPY on the ‘special phones’ he had given to his wife, Emma Coronel Aispuro, as well as to two of his lovers, including one who was a former Mexican lawmaker.”
And of course, this came back to haunt them all as the FlexiSPY accounts were handed over to the FBI who used them to listen in “almost in real time.” As the kids say, “pwned.”
If you demand a back door, don’t be surprised when it’s compromised and used against you. And the same FBI that’s asking for back doors has no trouble asking breaking into secure systems through social engineering.
Wael • January 11, 2019 5:16 PM
@chris,
The article says that this is a lesson as to why you should treat your IT staff well
Ultra bizarre! Had this conversation a few minutes ago this morning (I’m in a different time zone than my usual.) Was having a cup of tea with a guy from Oklahoma who’s looking into importing pampered beef (the kind that listens to music and breathes fresh sea air, and gets massaged every night — the cow, not the beef) to the US and he said the same statement, plus “I wonder how this guy stated alive, he must have some very powerful connections.” Today is the first time I hear of the guy.
Zaphod • January 11, 2019 11:39 PM
@Wael. Mmmmm, Wagyu. My favourite.
65535 • January 11, 2019 11:50 PM
A friend of mine bought a ~ $100 Fuze e-debit card and was somewhat disappointed to find out that most major banks would not accept. Some small retailers would accept it.
I see some security risks with both Fuze [pronounced like breaker Fuse?] and Curve card/app. The e-credit cards can hold about 10 to 20 different credit and debit cards on one interesting card like device… constantly geolocation track you.I Doubt if El Chapo would use a Fuze or Curve card given that they give away your location.
E-cards or better described as e-credit/debit cards look like marvel of miniaturization of electrons, screen, battery, Bluetooth, and credit cards but seem to have a security problems.
Sure, it is interesting that a credit like device has a battery, micro-cpu and Bluetooth, and near field charging capabilities…would seem to hold the keys to your financial kingdom in one place.
Can any credit card expert describe how this Fuze card can re-program the mag stripe on the back for 20 different credit cards and still advertise security?
Can anybody explain how a micro-cpu, screen, buttons and battery would last in a credit card environment?
https://fuzecard.com/fuze_shop.html
[links broken for safety]
Small Buttons and small credit card screen demonstrated on YouTube:
ht tps://www.youtube.com/watch?v=sdPWWzzVVj4
They are being sold by the basket full to customers who are early adapters. But, how can they be durable and safely encrypted with Bluetooth and near field communication [This goes conter to Clive Robinson’s air gap]?
The same problem goes for Curve: ht tps://www.curve.app/
Anybody used any of them? Are they really a viable subsume for credit cards?
I wonder if they can take the place of a purse or wallet?
Wael • January 12, 2019 12:09 AM
@Zaphod,
Wagyu
He mentioned that one. I normally eat a two-pound steak so at $20+ an ounce! I’ll probably never try it. Besides, I’m an Excellent chef (with a capital e) and very fussy about what I eat. Yesterday I had a baguette for lunch, no cheese or anything. Couldn’t find anything I like.
These are my favorite two steakhouses: Taste of Texas and Pinnacle Peak, make sure you wear a tie there 😉 And this is the best hamburger place ever: The Windmill. Long time ago, I used to order 4 big cheese burgers, a fried mushroom and a cheese fries order and a huge coke. Took them to the nearby boardwalk, sat on a bench and consumed the whole thing 🙂 People drive two hours from NY to NJ just to eat there!
“I wonder how this guy stated alive
Stayed.
Faustus • January 12, 2019 8:35 AM
It looks like a comment by Juan OCole is full of jibberish that displays in columns. It makes the comment box hard to use. Is this a defacing of schneier.com and an attempt to frustrate commenters? Or is it some kind of format attack?
I assume I am not the only one seeing it.
albert • January 12, 2019 10:32 AM
@Faustus,
I’m seeing it as well.
Selecting “Edit as html” in the Inspector eliminates the vertical garbage, but blobs still appear around each character.
Anyone know how this is done?
. .. . .. — ….
bttb • January 12, 2019 10:39 AM
From https://www.lawfareblog.com/what-if-obstruction-was-collusion-new-york-timess-latest-bombshell :
“Shortly before the holidays, I [Benjamin Wittes] received a call from New York Times reporter Michael Schmidt asking me to meet with him about some reporting he had done. Schmidt did not describe the subject until we met up, when he went over with me a portion of the congressional interview of former FBI General Counsel James Baker, who was then my Brookings colleague and remains my Lawfare colleague. When he shared what Baker had said, and when I thought about it over the next few days in conjunction with some other documents and statements, a question gelled in my mind. Observers of the Russia investigation have generally understood Special Counsel Robert Mueller’s work as focusing on at least two separate tracks: collusion between the Russian government and the Trump campaign, on the one hand, and potential obstruction of justice by the president, on the other. But what if the obstruction was the collusion—or at least a part of it?
Late last year, I wrote a memo for Schmidt outlining how I read all of this material, a memo from which this post is adapted.
Today, the New York Times is reporting [ https://www.nytimes.com/2019/01/11/us/politics/fbi-trump-russia-inquiry.html ] that in the days following the firing of James Comey, the FBI opened an investigation of President Trump. It wasn’t simply the obstruction investigation that many of us have assumed. It was also a counterintelligence investigation predicated on the notion that the president’s own actions might constitute a national security threat…”
also
https://www.balloon-juice.com/2019/01/11/tonights-news-dump-and-another-long-ago/ ; a timeline
https://www.newyorker.com/magazine/2018/10/15/was-there-a-connection-between-a-russian-bank-and-the-trump-campaign ; “A team of computer scientists sifted through records of unusual Web traffic in search of answers” ; Filkins
https://twitter.com/NateSilver538/status/1083918687692742657
https://twitter.com/NatashaBertrand/status/1083933056191340545
Moderator • January 12, 2019 11:19 AM
@Faustus, @albert: The gibberish posts are deliberate, malicious defacement. Please disregard them.
Anders • January 12, 2019 11:21 AM
This “attack” here just uses “Combining Diacritical Marks” from Unicode block 0300..036F
Since they are diacritical marks, this appear as vertical writing text but in reality there is just one ordinary character and then LOT of diacritical marks to it, like o and then tilde, accute, etc, etc, etc.
Anders • January 12, 2019 11:31 AM
This is the Unicode block in question.
https://www.compart.com/en/unicode/block/U+0300
If anyone wants to play with it, take one ordinary
character, then lot those special diacritics, paste
it into the comment box, but please, use only preview button 🙂
AL • January 12, 2019 12:03 PM
I’d like to see the gibberish hang around until someone can explain what is going on. I viewed source, copied the gibberish and saved it in notepad as UTF-8 and it works elsewhere.
But why? That’s what I want to know. The saved gibberish file is coming in at 65,559 bytes. I started and ended including the “P” tags.
AL • January 12, 2019 12:14 PM
Disregard the previous post. I should have refreshed the page before postin
Anders • January 12, 2019 12:36 PM
@AL
BTW, if you still have the original, you can read out the message from it 😉
It starts : Facebook’s Beautiful Nightmare …
Wael • January 12, 2019 1:02 PM
@Moderator,
The gibberish posts are deliberate, malicious defacement.
Could be a silly formatting error. I once did that a few years ago, and I think I know what causes it. Can’t find the link now, but I said something like “sorry I defaced the page” and you said “no worries, it’s actually funny (or something like that.)
bttb • January 12, 2019 1:07 PM
from https://www.democracynow.org/2019/1/9/william_arkin_on_homeland_securitys_creeping :
“…AMY GOODMAN: And, William Arkin, you also write, “don’t [even] get me started with the FBI: What? We now lionize this historically destructive institution?”
WILLIAM ARKIN: Well, there’s a crazy collateral damage of Donald Trump. And that is that there are a lot of liberals in America who believe that the CIA and the FBI is going to somehow save the country from Donald Trump. Well, I’m sorry, I’m not a particular fan of either the CIA or the FBI. And the FBI, in particular, has a deplorable record in American society, from Martin Luther King and the peace movements of the 1960s all the way up through Wen Ho Lee and others who have been persecuted by the FBI. And there’s no real evidence that the FBI is either—is that competent of an institution, to begin with, in terms of even pursuing the prosecutions that it’s pursuing. But yet we lionize them. We hold them up on a pedestal, that somehow they are the truth tellers, that they’re the ones who are getting to the bottom of things, when there’s just no evidence that that’s the case.
AMY GOODMAN: And what do you mean by the “creeping fascism of homeland security”?
WILLIAM ARKIN: You know, I was against the creation of the Homeland Security Department in 2003, to begin with. First of all, don’t like the word. “Homeland security” sounds a little bit brown-shirty to me. But, second of all, it was created to be a counterterrorist organization, a domestic counterterrorist organization. And all during the Obama administration, we heard Janet Napolitano, the secretary of homeland security, saying, “You know, we are counterterrorism.” But since then, we’ve seen they’re creeping into cybersecurity. We’ve seen them creeping into election security. We’ve seen ICE and TSA become the second and third largest federal law enforcement agencies in the country. And so, now homeland security sort of has become a domestic intelligence agency with really an unclear remit, really with broad powers that we don’t fully understand.
And we tend, again, to say “Donald Trump’s Homeland Security Department.” Donald Trump couldn’t find the Department of Homeland Security if somebody set him on the streets of New York—of Washington, D.C. So it’s not Donald Trump’s Homeland Security Department. It’s our Homeland Security Department. And I think it’s important for us to recognize that this is a department that is really operating on its own behalf and out of control.
AMY GOODMAN: We have to leave it there. Since your letter on perpetual war has gotten so much attention, leaving NBC, has NBC interviewed you?
WILLIAM ARKIN: NBC has not interviewed me, but I’m gratified to the responses that I’ve gotten.
AMY GOODMAN: I’m Amy Goodman, with Juan González. Our guest, William Arkin, has just left NBC.”
https://twitter.com/matthewamiller/status/1084101476123922433
https://twitter.com/pwnallthethings/status/1083918676162695168
https://twitter.com/NatashaBertrand/status/1084153359974744064 ; on msnbc 2 pm et
Wael • January 12, 2019 1:07 PM
@Moderator,
Right here: https://www.schneier.com/blog/archives/2015/02/friday_squid_bl_467.html#c6690487
@Anders
@Anders
It’s been years since I’ve done this, but banged out a VBscript to filter the junk out.
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
Dim Sample
Set FSO = CreateObject(“Scripting.FileSystemObject”)
strFile = “C:\bin\gibberish.txt”
Set f = FSO.OpenTextFile(strFile, ForReading)
cntr = 1
ingib = f.Readall
Z = Len(ingib)
For I = 1 To Z
Sample = Mid(ingib, I, 1)
SampNum = asc(Sample)
if SampNum >31 and SampNum < 128 then itemout = itemout & Sample
Next
f.Close
msgbox itemout
It terminated with “hav” to I’ll have to check if the script needs more work. It might not be processing the post to the end. The second SampNum is less than 128, but the blog isn’t showing it
albert • January 12, 2019 1:53 PM
@Anders,
I looked at the letter “F” in a hex editor. Lots of 0xCC and various other values in between them. Something like 160 bytes following that single character.
Thanks for the reply.
. .. . .. — ….
Ismar • January 12, 2019 3:51 PM
Huawei sacks Chinese worker accused of spying in Poland
Anders • January 12, 2019 5:50 PM
@Al
Yes, it ends with “hav”.
He took the text from the first posting (Facebook’s Beautiful Nightmare Series)
and added to this diacritical marks that go up and down like the rays from each
character. Quite nice, actually.
bttb • January 12, 2019 5:51 PM
https://www.youtube.com/watch?v=0ArlUSVDQIw ; The Beatles ; Back in the U.S.S.R. ; Remastered 2009 ; about 3 minutes
bttb • January 12, 2019 6:19 PM
“President Trump has gone to extraordinary lengths to conceal details of his conversations with Russian President Vladimir Putin, including on at least one occasion taking possession of the notes of his own interpreter and instructing the linguist not to discuss what had transpired with other administration officials, current and former U.S. officials said.
Trump did so after a meeting with Putin in 2017 in Hamburg that was also attended by then-Secretary of State Rex Tillerson. U.S. officials learned of Trump’s actions when a White House adviser and a senior State Department official sought information from the interpreter beyond a readout shared by Tillerson.
The constraints that Trump imposed are part of a broader pattern by the president of shielding his communications with Putin from public scrutiny and preventing even high-ranking officials in his own administration from fully knowing what he has told one of the United States’ main adversaries.
As a result, U.S. officials said there is no detailed record, even in classified files, of Trump’s face-to-face interactions with the Russian leader at five locations over the past two years. Such a gap would be unusual in any presidency, let alone one that Russia sought to install through what U.S. intelligence agencies have described as an unprecedented campaign of election interference…”
gordo • January 12, 2019 7:59 PM
France’s yellow vests have something to say about those Orwellian speed cameras
…devices that are everywhere in France, monitoring how fast people drive and issuing automated tickets for even the slightest over-the-limit infraction.
The yellow vests have trashed more than half of the detested devices. Newsweek reports the figure at 60%…
Apparently, “The fines are very high: $70 just for going as little as a single kilometer over the speed limit on a first offense,…” I’d be ticketed daily. Wow! I guess all the trashed cameras are what one might call “budget blowback!”
Thoth • January 12, 2019 10:18 PM
@65535
Re: Advanced Display and Interactive Cards (ADIC)
It depends on how the ADICs are implemented. If the developer allows display of sensitive information by accident or malice, good luck.
If you have ever programmed smart cards in firmware or applets, you are given key slots to set your keys. Typically they allow you to control the export setting. If you enable export, you can reach into the key slot and grab the keymat. My advise is always to disable export on key slots that do not have a reason to use it.
End of the day, whether he card is an ADIC type or a normal type card, it carries the same risk potential. The addition or subtraction of bluetooth, keypad and screen does not make a difference assuming the keys are stored inside the card’s crypto chip with key slot management done by the crypto chip.
Once the keymats are managed by the crypto chip’s Key Management (KM) environment, you cannot simply extract the keymat via bluetooth or NFC or some display screen because the chip’s KM will simply disallow it even of export is enabled ….. assuming ….. your firmware codes you designed did add a PIN or biometric authentication before touching the key slot in KM. If you simply enable export without authentication and a secure card channel, you are asking for trouble.
In my opinion, you should ask those who sold you the cards to give an overview of their KM architecture and it is rather the fault of whomever built the products and the product consumer at fault if there is any problems.
This is not a sole problem of ADICs and even normal security devices and HSMs can have this Configuration problems due to human issues in most part by the firmware developer and/or the card user/issuer.
65535 • January 13, 2019 2:18 AM
@ Thoth
“…ever programmed smart cards in firmware or applets, you are given key slots to set your keys. Typically they allow you to control the export setting. If you enable export, you can reach into the key slot and grab the keymat. My advise is always to disable export on key slots…”- Thoth
No, not personally programmed smart cards with EVM chips. I have seen some smart card programmed with near field capabilities and that did not involve any bio-metric or pin authentication. So, I don’t exactly know what you mean by a key slot or slots. Is that is microchip kernel or part of EVML1 or EVML2? A physical slot?
I am guessing they Keymats are on the chip. I do think there is also a PCI tokenization standard that has to be used so it may be device related or in the chip which is used. None the less I can imagine the keymat is a very critical point of failure or 0-day attack.
I believe Fuze [Fuse] card doesn’t have the proper EVM PCI crypto or the tokens perfected for UK use. The dynamic mag stripe version works in the USA.
I think the Curve card/app does work in the UK and USA but uses the app and server side parts for a good deal of the data processing.
The Fuze card has dynamic mag stripe that can be changed for different credit cards so some tokens are used and maybe some crypto but only a few credit card processors’ allow Fuze for transaction => a huge down side.
I see there is jack at the bottom phone with a mag stripe reader which maybe the method of loading credit card data to the Fuze card cell phone interface… but a lot of mobile phones can probably use the same adapter.
To your Keymat storing question – I am not sure Fuze does it well. Further, with Bluetooth, the dynamic mag stripe and the number of credit data stored I would guess there is an attack surface area to attempt keymat extraction. But, I don’t have the details.
I know the small battery in the card must be recharged by UGREEN portable charger. That is “UGREEN Portable Wireless Charger” [MFi or inductive or similar near air gapped charger] is used to keep miniature battery it alive. I don’t think the Fuze card can be charged with a lightning wire which, maybe a safety issue or maybe not.
There probably a battery tank level module which could be scammed in conjuntion with recharging the card. The same goes for nearfield data transfer.
I am not sure what happens when the battery is totaly drained and must be re-charged and the circutiry invoved reset or the re-start of said circuitry.
I also would be inclined to think the Fuze could be over charged or scammed to the point of bricking the card after extiftration of all credit card data. The Fuze cardy are being sold and your keymat issue is real but I don’t have the answers.
I now see over at Krebs there is a story showing the use of the Fuze card inconjunction with reloading credit card data for carders and other thieves. It is unclear whether the scam is at the Fuze card level or just the stolen credit card data level. The latter would show the Fuze to be of some miniuminal use. It is an interesting little device.
I wonder about all security aspects of said Fuze card with its gps unit. Any other experts care to comment?
Thoth • January 13, 2019 6:43 AM
@65535
I do not have the information on the Curve and Fuze card’s technology on how their key slots work. In general, key slots are usually logical memory mapping to protected regions in the security critical card IC chip which is typically a smartcard security chip. Most of them has allocated protected memory regions and the techniques from each smartcsrd chip maker differs individually.
Because the keymats are typically stored in a smartcard chip, it would be isolated from the bluetooth controller, screen controller, keypad controller and so on. The only thing the security IC typically has is ISO-7816 contact card interface and ISO-14443 contactless NFC interface. The battery and battery controllers to my understanding is separate and does not talk directly to the security IC chip.
Due to the other controllers and pheripherals not directly connecting to the security IC chip but via a generic MCU, the MCU has to be coded carefully. That being said, even if the MCU may have problems, the security IC chip (assuming a CC EAL 5+ and above certified security IC card profile) would still be able to protect against non-invasive exflitration of the keymats from a possibly compromised set of controllers and pheripherals to certain degrees.
Again, everything is subjected to requiring more knowledge on the type of security IC chips they use, the CC and FIPS certification including security profiles they publicly publish and their security architecture of the card firmware and Card OS.
If all those are done right on the security IC level, the problem of exflitration from the other pheripherals have a lesser risk assuming that the security IC is using a Castle only model assumption according to the C-v-P architecture which may not sit well with many of us including me for High Assurance Applications.
But, we do not need HA for every moment and a Medium Assurance orna circumstantial variant of Limited Medium Assurance with assumptions that the applied use case is not considered possible target of State Actors and High Powered Actors of the likes (i.e. banking card for traditional banking).
Because the pheripherals are not directly connected to the security IC, it is highly unlikely to brick the security IC by means of overcharging as this would only affect the bluetooth functions as the NFC/ISO-14443 is tied to the security IC, it would usually still be accessible which includes the contact card mode over ISO-7816 connection.
GPS module as a passive receiver is notnreally a problem because its job is to passively listen for GPS signals while GPS transmitters are more of a headache. Whatever the case, I dont think GPS is much of a value add and more of a battery drainer for main concerns. I do prefer no GPS with security as secondary reason.
CallMeLateForSupper • January 13, 2019 9:46 AM
@gordo
Nice touch, that “camera smashers” wear yellow vests.
I had not known that France mandates that mother vehicles carry yellow vests and safety triangles, and that the penalty for not having either one is about US$155.
MikeA • January 13, 2019 11:45 AM
I may have posted this before, but the “camera smashing” reminded me of an incident in my hometown, mid 1960s. The town council had “improved” the expanded roadway (using the abandoned rail right-of-way), with the addition of a traffic light. The only noticeable change was that the bottleneck (one block later) of narrowing down to one lane was exacerbated.
A few weeks into our Brave New World of traffic management, the controller cabinet for that light was blown up. Rumor was it was the work of a commuter conspiracy.
Reality was more mundane. The crew installing the wiring and control box had apparently nicked a natural gas line. Not much of a nick, but enough that gas percolating through the disturbed soil eventually built up in the controller cabinet to the point that a spark from a relay ignited it.
Or, maybe Loki wore a Yellow Vest.
Clive Robinson • January 13, 2019 2:23 PM
@ Anders,
We’ve heard it all before, yet Mr Muller is still proceading slower than a snail on mogadon.
If as some people claim, why with that empire he’s building up underneath him is he on what at best could be described as the slow track?
The article is written more as “wish fulfillment”, based on information that is not realy quantifiable, followed by a lot of assumptions based on irrelevant information (Trump is “known” to be a micro manager, when others can say and have said the opposit).
My advice, switch channels and watch a few box series or movies, because it’s going to prove a lot more entertaining. Heck going out and getting a pot of paint and slapping some on the wall to watch it dry is going to be faster based on Mr Muller’s track record todate.
But let’s be honest here, if he’s not made a move against Trump in the next six months to a year at the outside then we will be back into electioneering for the presidential elections, if the GOP get behind their sitting president (possible) then Mr Muller is stuck untill at earliest after the elections. If Trump gets back in the Mr Muller might well get the “comey” treatment from who ever Trump etc put in at the Justice Dept.
If Trump does not get selected or not elected then his hands are free to “clean stables” as he sees fit. Even if people object I can not see SCOUTS rocking the boat for several reasons.
Thus my first guess would be Mr Muller is “draging his heals” for a reason and the ones I can think of are not exactly indicative of him wanting to actually get the current sitting POUTUS into a state where he can be put into a position for impeachment.
And to be honest bad as Trump may be most don’t jump from the frying pan into the fire without good reason, and many have zero or less confidence in the Vice President currently, who appears to be betting that he can get the GOPs nomination, which might be a long shot in a number of respects.
But whatever happens, you have to remember that to all intents and purposes Trump has achieved one of his personal goals which is that he has effectively destroyed the Obama legacy. Which leaves open the next question as to what he want’s to do about the Democrats. Trump thinks he’s a master negotiator, in practice he’s erratic and often quite intransigent and maliciously so, to the point he’d quite happily burn the house down rather than loose an argument over what colour the new carpet should be…
@gordo
I noticed that notepad++ has put out their “yellow vest” version.
https://notepad-plus-plus.org/news/notepad-7.6.2-released.html
In our growing economic crisis, putting a yellow vest on the chameleon doesn’t condone violent actions during the movement, but highlights the current world-wide social injustice: 1% of the richest have captured 82% of the wealth. Our government is always at the service of 1% of the richest people.
Indignation is all we have.
VinnyG • January 13, 2019 3:50 PM
@anders @Wael re: vertical text – Yes, in the example that occured here, the code was zero-three-nine. I was in the midst of editing a post to that effect when the moderator posted his answer and mine (not yet posted) went away. Not sure if there was a connection. I’m with Wael in wondering if the deed was intentional or accidental. I have had the experience more than once on this blog of typing some “special” characters into a post (for emphasis) and finding that the blog software treated it as some kind of formatting command. In my case, all that happened was that my comment was truncated prematurely.
VinnyG • January 13, 2019 4:00 PM
@clive robinson re: Mueller – My take is that Mueller is making damned sure that he has dotted every last “i” and crossed every last “t” and tied everthing in a neat double-bow package, and that he will take every last day, minute and second that is required to do that. And probably with good reason. I’m certain he undetands the gravity of an investigation that may conclude that the sitting President of the US probably committed a felony or felonies. He must also realize that he is going to get unmercifully ripped by one tribe or the other, quite possibly both, no matter what his findings may be…
MarkH • January 13, 2019 4:35 PM
A long article in Vanity Fair makes the case that phenomena and symptoms reported by US Embassy workers in Cuba are best explained by conversion disorder. Essentially, this would mean that much of the distress flows from thoughts and emotions.
Some points worth considering:
• most of the sounds described by the workers are not very unusual in the present noise-saturated world
• the reported diverse symptoms (balance issues, visual impairments, tinnitus, sleep disorders, dizziness, nausea, headaches, and problems thinking or remembering) are in general quite common, especially for people over 45 years or so of age
• a medical team that evaluated 21 of the patients reported (in the Journal of the American Medical Association) that based on brain scans and other tests, “Most patients had conventional imaging findings, which were within normal limits,” and that the few abnormal findings could “be attributed to other pre-existing disease processes or risk factors.”
As an amateur student of acoustics, I never thought that a purely sonic device could account for the reported syndrome(s). The modulated microwave hypothesis seemed to me a much better fit.
In the 1960s, Allen H. Frey succeeded, in a series of lab tests, in inducing a variety of sounds and sensations with microwave exposures. Depending on the modulation, subjects reported hearing “a buzz, clicking, hiss, or knocking,” or feeling the “perception of severe buffeting of the head.”
Notwithstanding Frey’s success, others who have studied the “Frey effect” have asserted that this phenomenon could not be the basis for a practical weapon, because the microwaves “would have to be so intense they would actually burn the subject.” (from Kenneth Foster, who published research on the Frey Effect in 1974).
I expect that explanations for this matter will remain controversial. It may be impractical to confirm or disprove any of the plausible hypotheses strongly enough, to persuade those who’ve already made up their minds.
Clive Robinson • January 13, 2019 4:39 PM
@ gordo,
Speed cameras are,a prime example of “Dual use technology”…
Apparently they were invented by one,
I have no idea what he thought when his invention was “moved to the dark side”. There is a funny side to them, I’ve been told that in the US the pictures are “evidence” and subject to various rules, one of which is a police officer has to sign his name to say they are a true and fair representation of the offence as seen at the time. Only they were not there which in effect makes it perjury and a law proffessor argued as such in court,
https://www.thepublicdiscourse.com/2017/01/18093/
On to another story, that I heard broadcast by one Jeremy Clarkson of the old BBC program “Top Gear”…
Apparently there were at the time no wheel clamps in France (and as I am not French and have not been there since the last time a sailed a boat into a French harbour I have no idea if there are or are not wheel clamps now).
Whilst I asume they did not wear yellow vests, this story if true makes it clear that this is not the first time the incensed French citizen has protested in damaging ways (but we know that anyway from other protests).
The story is that some years ago now the French authorities decided to use wheel clamps. The incensed French citizen responded by buying tubes of super glue…
Which they carried in their pocket where upon seeing a deployed wheel clamp they would squirt as much super glue as they could into the lock key way thus making the lock unopenable.
Apparently the authorities eventually could not aford the cost and stoped the wheel clamping.
But onto another story about wheel clamps, this time in the US where they are called for some reason not entirely clear “Denver boots”. But reported in the UK on what is now considered one of the worlds most visited Internet Newspapers, “The Daily ‘Mail OnLine'”,
I’ll let the article tell the tail of “Girl Power” apparently the real “she” is called Mercedes 😉
MarkH • January 13, 2019 4:54 PM
@VinnyG:
I’ve tried to explain this before.
By way of example, information that a ship has sailed eastward across the Pacific Ocean for 15 days may be perfectly consistent with the hypothesis that the ship will arrive at the Port of Los Angeles.
But to some minds, apparently, that it isn’t in Los Angeles after all that time is evidence that it will never get there.
Another way: that a construction crew has labored for many months driving piles and constructing a foundation dozens of meters deep is NOT evidence that a skyscraper will not soon rise from that site.
And something that every software engineer can understand, is that it’s possible to labor years writing libraries and subroutines that don’t accomplish the application’s intended purpose, on the way to getting the application completed.
In some chess games, most people can’t see impending checkmate two or three moves before it is accomplished.
If you can succeed in conveying this simple concept to people who recite Fox News talking points, then congratulations to you!
Mueller has a well-deserved reputation for being extremely methodical. He will lay foundation blocks securely in place, construct scaffolding, install the pipes and wiring …
When he turns the lights on, more will be revealed.
avoidthis • January 13, 2019 5:51 PM
Hypothetical: suppose Mr. Crimegang figured out how to timeshift someone’s phone, TV and computer devices by hours or days, and did this to somewhat-isolated people to make them more isolated, then eventually stole from them. How could the pre-victim detect that this timeshifting was going on, if they lived in a city with many liars and where there was no prominent, visible, accurate clock?
gordo • January 13, 2019 6:28 PM
@ Clive Robinson,
From the Public Discourse article:
the civil violation of a criminal prohibition
What is reCAPTCHA? 😉
Clive Robinson • January 13, 2019 7:21 PM
@ VinnyG,
My take is that Mueller is making damned sure that he has dotted every last “i” and crossed every last “t” and tied everthing in a neat double-bow package, and that he will take every last day, minute and second that is required to do that.
He might well be, but he is also running out of time.
My viewpoint has always be wait for the evidence before making what would otherwise be unsubstantiated claims. And to be honest we’ve seen a great deal of those.
But from what we know he’s also acted somewhat impetuously with regards the indictment of several Russian’s. What part that formed of the game plan appears to be more as a sop to US MSM and their interpretation of public opinion.
Others have suggested that he is timing it out untill after Trump is nolonger POTUS and the legal protections it gives him. But as I have indicated that is perhaps not a wise move. All he can realy do is hand over a file to “elected politicians” with “political considerations and allegiances” upper most in their minds especially the closer it gets to election time.
The current debacle over “wall funding” is turning into a self inflicted wound for the Democrats, having atleast twice in the past voted not just for a wall but considerably greater funding. It’s rapidly looking like the Democrats have “favoured contractors” in the MIC that want to put well over priced “drones in” that would benifit next to no voters just the 1%ers… The fence or wall however will create quite a few jobs in what you would call “blue collar workers” not just in fabrication but consequent maintainance and Enforcment etc jobs. People who currently feel alienated by not just Washington but their own home state elected officials.
The Democrats have picked a not particularly wise first political target, and I’m sure some of the older more experienced members are begining to feel things are running away from them. Thus there may be little or no appetite to go with impeachment especially as the clock to 2020 campaigning has in some respects already started.
Thus there may be the very real possibility that the current POTUS could suffer no personal consequences.
If Mr Muller likewise thinks that is a posability he may just stick with what he is currently doing, which is going after others for what are easier crimes to prosecute. We all know that what those so far convicted have done whilst not quite “normal practice” is fairly rife “up on the hill” and surounding environs so it’s potentially a target rich environment.
We will just have to wait and see, but so far it’s been very very dull considering what the supposed purpose of the investigation is.
However there is another aspect to consider, Mr Muller is no spring chicken, in August he will be 75. Thus this is likely to be his last big government job before he’s effectively put out to pasture. His past incharge of the FBI is not exactly enviable thus his options other than retirment may well be somewhat limited. Other people (Mr Steel et al) have set their eye on Mr Trump but sofar he has eveded their endevors one way or another. Mr Trump also does not act the way the usuall politicians do. Thus he is not only unpredictable, he apparently will behave outside the political norms and back scratching.
It will be interesting to see what happens over the budget argument. POTUS has threatened to call it a national emergancy, and he will not be the first of either side to do that and congress has sofar shown no sign of doing what the law requires of them to do with such national emergancies (IIRC there are over fourty in place currently with no sign of any of them being discussed let alone brought to an end). Thus Mr Trump probably thinks on balance he’s already won the argument one way or another.
He may well have done so, the wall is an emotive subject such things almost always are. What he sees as his core supporters are likely to be in favour of the wall just out of pure emotion. Few voters even on the normally Democrat side are going to be in favour of the currently espoused Democrat line of Drones over the USA.
Talk of high tech drones flying over US soil is getting the FUD treatment about “killer bots” and “Robo cops” and those other cheary SiFi dystopian stories of mankind being replaced. People don’t trust the likes of the Federal Government enough to say they won’t turn them on the citizens. The advantage a wall has is it’s static and most don’t see it as any kind of threat to them, just like their garden fence etc.
So it won’t take much of a stir of the pot to make the issue very very divisive and drones are going to be an easy target…
That’s one of the big security issues people are not getting a handle on. Whilst a wall is generally considered bad by those looking in from afar, the news over the past few years from Israel shows that the people on the in side looking out are broadly in favour. More importantly those inside don’t even remotely think the wall is going to hurt them. Drones however are generaly only ever in the news thus peoples minds for bad reasons thus people are quite genuinely afraid of them. It takes little imagination to think about terrorist or even rouge elements in the government using them against the citizens, heck Gatwick Airport was International news for days…
But there are so many films with helicopter chases with search lights etc Hollywood has sown it in so many minds that it nolonger feels like a fiction trope, it’s beyond being even a cliche it’s become an instinctive dread. When you throw in talk about AI drones with weapons people don’t believe they can ever be safe, especially with “collateral damage” being a well publicised side effect of current military drone use. Also just the word “Skynet” is enough to make many people jump to the “not over my head” point of view.
It’s the difference between “static” security and “mobile” security that is important in peoples heads. After all few people have dreams with walls and fences chasing them down, killer robots / drones yup they’ve all seen the movie tropes.
And very soon it will probably get played out again and those backing drones are going to be on the wrong side of an emotive argument, that will be almost childs play to exploit. The only downside is it would, if it came from the executive, limit their future options over drone technology.
gordo • January 13, 2019 9:10 PM
This sounds more like a ‘man-in-the-middle attack’, rather than a ‘backdoor’. Could this proposed ‘ghost’ method be accomplished by ISP’s without requiring “vendors to disable the very features that give our communications systems their security guarantees”?
Give Up the Ghost: A Backdoor by Another Name
by Nate Cardozo
January 4, 2019
[two of Britain’s top spooks] they’re proposing a way of undermining end-to-end encryption using a technique that the [security] community has started calling the “ghost.” Here’s how the [Lawfare] post describes it:
<
blockquote>It’s relatively easy for a service provider to silently add a law enforcement participant to a group chat or call. The service provider usually controls the identity system and so really decides who’s who and which devices are involved – they’re usually involved in introducing the parties to a chat or call. You end up with everything still being end-to-end encrypted, but there’s an extra ‘end’ on this particular communication. This sort of solution seems to be no more intrusive than the virtual crocodile clips that our democratically elected representatives and judiciary authorise today in traditional voice intercept solutions and certainly doesn’t give any government power they shouldn’t have.
Wael • January 14, 2019 1:36 AM
@gordo,
This sounds more like a ‘man-in-the-middle attack’, rather than a ‘backdoor’.
Not a backdoor sounds right. MiTM with a different meaning/expansion: Malice inclusion In The Midst of a group — A Foist-On Attack.
How I came up with that name? Looked up synonyms of ‘infiltrate’, in a thesaurus — the link 😉
justaleak • January 14, 2019 1:53 AM
Don’t worry about Trump’s tweets, just find out who he follows.
Clive Robinson • January 14, 2019 2:31 AM
@ gordo,
If you read the GCHQ paper, you find hidden away towards the bottom this,
This is better known in some circles as,
It’s not just “bad science” it’s direct “social manipulation” and denegration of those doing “good science”.
As I’ve indicated before if you as the first party and the second party is the person you are communicating with and both your security end points are beyond the communications end points that IC or LEO operators can get to, then you can have secrecy beyond their reach if you wish to do so.
It becomes exactly the same issue it did in WWII with SOE radio communications. You as the first party control your security end point which was a pencil and pen cipher that is secure (OTP). You use it to encrypt the message you wish to send. Once you have enciphered it, you then taken the enciphered message to the radio operator who is the communications end point, who then sends it by morse over the radio. At the other end the radio operator who receives the enciphered message then passes it to the second party recipient who then takes it away and using their security end point of the pencil and paper secure cipher deciphers the message.
Between those two security end points it does not matter what the communications medium is the message is as secure as it is at the security end point.
The GCHQ “big lie” is that they know this and it has been known since before GCHQ existed in fact right back into the early part of Queen Victoria’s reign for electrical / electronic communications. All that was lacking back then were suitably secure code / cipher systems for the security end points, and those became available a little over a hundred years ago.
What is wrong and what GCHQ are trying to hide is that “user convenience” has caused two significant security failings.
Firstly it has moved the security end point behind the communications end point so it is possible to “see the plain text” by an “end run attack”. That is an OS level attack simply reaches around the security end point in the application to the application user interface which if it is plaintext gives them what they want.
The second is access to the key material (KeyMat) for the enciphering process that is the security end point. This is possible because the applications incorrectly do “group communications” like “conference calls”. Doing so the way it is currently done exposes the KeyMat to an illicit third party. The failing is that all such systems are not realy “End to End” secure systems. They have a Man In The Middle still that directly or indirectly causes the KeyMat to be exposed. It is this “hide the message about turning a two party call into a three party call which is the “Ghost” option.
I could write at length about how the KeyMat leak happens and ways you can protect against it but that’s a subject for another day. The point to get across is that you can easily stop it dead by moving your security end points and Key Managment (KeyMan) off of the communications end point.
It is this “knowledge” that is already well within the “public domain” that GCHQ are trying to quite dishonestly keep hidden from people. Such that they carry on using communications that have the two failings I mention above.
But as long as convenience trumps security then not just GCHQ but all IC and LEO entities across the world will have “lawfull access” which is the second big lie in that GCHQ paper. Because “lawfull” simply means “within the law” of the jurisdiction, so if the legislators make the law and they have, then they get access as “ghosts”. So if China makes legislation that says it can lawfully listen in to any conversation any where in the world as the UK has with RIPA and other legislation then how does the Man In The Middle service provider lawfully avoid a lawfull Chinese request?
Any way it’s that time of day where I grab a last cup of tea prior to getting stuck in todays busy work schedual.
Wael • January 14, 2019 3:42 AM
@VinnyG,
wondering if the deed was intentional or accidental.
The output looks a little different. I don’t want to “experiment” either and no time to setup and learn Movable Type for local testing. @Moderator knows best.
herman • January 14, 2019 10:38 AM
Good grief, you Yanks have a terrible hang-up over Russia.
Russia is just a petrol station with a flag on top. Russia is an ally. Russia never attacked Western Europe or North America. In every war with German, Italian, French and Turkish fascist states, Russia assisted the rest of Europe. There isn’t anything particularly diabolical about them.
The current ‘war’ with Ukraine is a fluttering in a chicken coop. Slavs like to fight each other in times of peace. It keeps them in training. When someone else attacks a Slavik country, they immediately band together and fight off the invaders – only to go back to their usual peacetime squabbling again. This is nothing new. This is simply how they are.
OK, nobody liked Stalin, but he won the 2nd world war, so he did something right and that was long ago, get over it.
AJWM • January 14, 2019 11:39 AM
MarkH: By way of example, information that a ship has sailed eastward across the Pacific Ocean for 15 days may be perfectly consistent with the hypothesis that the ship will arrive at the Port of Los Angeles.
But to some minds, apparently, that it isn’t in Los Angeles after all that time is evidence that it will never get there.
While it is indeed not evidence that it will never get to Los Angeles, that evidence is also consistent with the hypothesis that it will end up in San Francisco, Portland, Seattle, or even Vancouver.
AJWM • January 14, 2019 11:51 AM
herman: Russia never attacked Western Europe
“Western Europe” being defined as those parts of Europe that Russia has never attacked, right?
herman • January 14, 2019 3:28 PM
@AJWM – Central and Eastern Europe is Slavik. Russia never attacked Western Europe. However, Western Europe attacked Russia multiple times.
In every major European war, Russia was an Ally. The aggressor powers in Europe are traditionally Germany, Austria, France, Italy and Turkey. You should read up a little on the old world history.
The problem was that each time France or Germany attacked Russia, they had to go through Poland and every Slav has a granny or aunt or someone in Poland. So, pretty soon, word gets around from Croatia to Belarus and Czech to Siberia, that ‘The Krauts are attacking granny’s village!’ and then they all band together to beat them up.
Crying afterwards that you lost a war that you started, doesn’t work.
Anyway, the days of big armies walking across Europe are over. It won’t happen again and Russia isn’t an enemy, no matter how much CNN and the war mongering Democrats would like it to be so.
madsh • January 14, 2019 4:10 PM
Totally off topic….
But those giant squids have the least variation in DNA
https://royalsocietypublishing.org/doi/10.1098/rspb.2013.0273
VinnyG • January 14, 2019 6:58 PM
@AJWM re: destination – exactly, and the time and port of arrival will be exclusively determined by how Mueller determines the evidence dictates steering and throttle movements. @Clive – Mueller’s responsibility is to investigate all parties to the attempted foreign influence over the 2016 US Presidential election, and to produce indictments against anyone, domestic or foreign, who appears by the evidence to have broken a US Federal law in the course of the attempt. It isn’t just about Trump, however the justification for a special prosecutor is to maximize independence in the event that Trump is involved. I have been skeptical all along that Mueller will find an impeachable offense, and remain so, although my skepticism has been reduced somewhat of late. I do strongly suspect that there are individuals much closer to Trump than are Cohen and Manafort who will be receiving their visitors from behind reinforced glass by the time all of the dust from Mueller’s and related investigations into this matter has settled.
Clive Robinson • January 14, 2019 10:28 PM
@ AJWM,
… that evidence is also consistent with the hypothesis that it will end up in San Francisco, Portland, Seattle, or even Vancouver.
You forgot to mention “sunk without trace”…
Which in all seriousness does happen occasionally even to quite large modern state of the art vessels. This type of loss has been at a rate of a little under one a month for two decades or more,
In what has been just a few years our understanding of monster and rouge waves of which there are about ten at anyone time in the world, has gone from “It’s just a myth” to having usefull mathmatical models of how they are formed. And hopefully well on the way to being able to predict them by on board sensors and eventually sufficiently well for them to be put in weather warnings and shipping forecasts.
Clive Robinson • January 14, 2019 10:38 PM
@ VinnyG,
I do strongly suspect that there are individuals much closer to Trump than are Cohen and Manafort who will be receiving their visitors from behind reinforced glass by the time all of the dust from Mueller’s and related investigations into this matter has settled.
I won’t quite claim “it’s a racing certainty” but it’s certainly more likely than not.
The reason is realy nothing to do with the “Trump and Russia” issue, but that corruption in various forms in Washington and other political capitals is rife to the point of being endemic in the political sphere.
Thoth • January 14, 2019 11:11 PM
@Clive Robinson and myself have spent lots of time cautioning on these so-called “Secure Enclave” technologies on numerous occasions and if it doesn’t sound nice, the text below is not for you.
New vulnerabilities found with Intel SGX. Nothing new here … move on …
Wait a minute … the vulnerability from Intel SGX Enclave allows privilege escalation ???!!
Link: https://www.theregister.co.uk/2019/01/14/intel_patches_sgx_flaw/
Clive Robinson • January 14, 2019 11:50 PM
@ Thoth,
I sometimes find myself wondering if people read history, or even remember the attack before last in the ICT industry.
Process Injection attacks are not exactly new on the software side.
And we now know “Officially” about haedware attacks that can change the menory in a process space surreptitiously…
So why on earth are people still trusting “Enclaves”?..
gordo • January 15, 2019 8:01 AM
@ Wael,
Foist-On Attack[ers]
“Foist them on their own petards!”
In Australia perhaps these ‘ghosts’ should be known as ‘Malcolms-in-the-Middle’!
MarkH • January 15, 2019 9:04 AM
US Federal Court Rules Against Compulsion of Biometric Unlocking
In a US District Court (Northern District of California), Magistrate Judge Kandis A. Westmore issued an order on 10 January denying a search warrant for a matter in the city of Oakland.
However, the judge went beyond the particular matters of the warrant application to address whether a person may be compelled to present any part of his or her body in order to “unlock” a digital device, and most of the verbiage in the order addresses this matter.
Before this order, the prevailing notion was that because a finger swipe or other biometric presentation was not “testimonial,” compulsion to make such presentation is not prohibited by the 4th and 5th amendments to the US Constitution. In contrast, the government has been prohibited from compelling the giving of a passphrase, which has been considered testimonial.
Judge Westmore’s order rejects the distinction between passphrases and biometric features, concluding
The Government may not compel or otherwise utilize fingers, thumbs, facial recognition, optical/iris, or any other biometric feature to unlock electronic devices.
It appears that this ruling may apply to all US law enforcement.
A magistrate judge is at a junior level — not equal to a district judge. Accordingly, the broad provision of this order could be overruled by a district judge in the same jurisdiction, or be reviewed by a higher court.
Wael • January 15, 2019 9:10 AM
@gordo,
‘Malcolms-in-the-Middle’
I like it. What does Malcolm Turnbull represent in this list?
Go ahead: Alice, Bob, Malory, and friends need an upgrade. The attack methods surely expanded since! Better yet: stick him in a limerick (or all of them.) Here’s a starter (from here🙂
There once was a cephalopod named Alice Who got a clear text from Corona borealis So little did Alice know It was dissected by a ho Eve's not the biatch! Bob's the real Phallus
Wael • January 15, 2019 9:33 AM
@Clive Robinson, @Thoth,
So why on earth are people still trusting “Enclaves”?
The question needs to be asked in the context of the application, that’s number one. Number two: identify the threat, then propose a workable practical alternative in the context of the same solution. To say ecclaves, TEE, TZ, etc… are bad is easy — a 7-year old can do that. To reference a bug in any of them as proof of malicious intent is unreasonable. My challenge is: show me a solution that’s bug-free.
Keep in mind that I’m not disregarding that some form of intentional backdoor may exist, and I have asked this question in the past with regards to TPMs: what does it mean to have a backdoor in a TPM? The question remains unanswered, which to me indicates lack of knowledge of the internal working of such constructs. If you want to continue on this path, then present a more defensible statement.
Or do you want me to swap places with you, wear my Kevlar straitjacket and Cobalt tin-hat foil and give you some hints?
Anders • January 15, 2019 9:48 AM
This is cool.
https://www.hackread.com/skype-call-to-unlock-android-handset/
VinnyG • January 15, 2019 10:02 AM
@MarkH re: biometric decision – I am skeptical that this ruling will hold up, but imo we should savor any privacy victories that we get in such proceedings…
VinnyG • January 15, 2019 10:08 AM
@Wael re:intent -I tend to agree that intentionally introduced backdoors are probably fairly rare. I’m not aware of any reliable stats, so that is just my gut. However, on the same basis, I think that the practice of actively searching for, identifying and exploiting such vulns is widespread among a great variety of criminal elements, and I further suspect that bribes in some form intended to discourage fixing same are not at all unusual.
Wael • January 15, 2019 11:34 AM
@VinnyG,
I’m aware of attempted backdoor creations at various levels. I’m not disregarding their existence, but want to elevate the discussion a notch beyond: look, a bug, I told it’s bad.
Tell me what incremental threats TEE, TZ, SGX, Secure Enclave, etc… (and I’m not saying they don’t change the security posture of the system) add. Tell me how current solutions that people find convenient can be made more secure without using the above constructs. Also, these constraints are just one piece of a complex network of protection mechanisms against criminals. If you want to talk about protections against state actors, then that’s a totally different discussion. And in that case, one needs to identify the incremental risks that need to be mitigated. That’s the sort of discussion I don’t mind having. Yea, I’ll stick a limerick or two, a joke or two, and the decerning reader will see the message beyond the humor cover.
Clive Robinson • January 15, 2019 12:21 PM
@ Wael, Thoth, VinnyG,
My challenge is: show me a solution that’s bug-free.
To which I have to ask “at what level” as I’ve pointed out before, perfect design can fail to poor implementation, perfect implementation can fail due to a poor tool chain and so on down.
That is the lower the level of bug/attack the less a developer can do to ensure the final result is “bug-free”.
But with Rowhammer and similar hardware failings where by the contents of one peocesses memory space can be changed by another process, then there is nothing the developer can do to stop bugs being introduced to their program as it runs.
Thus no executing software on such systems can every be guaranteed to be bug-free…
Clive Robinson • January 15, 2019 12:29 PM
@ VinnyG, MarkH,
I am skeptical that this ruling will hold up, but imo we should savor any privacy victories that we get in such proceedings…
Like you I’m skeptical. My reason is it is easy to see how this rulling could also be applied to DNA sample taking (it’s just another bio-metric etc).
And that’s a place both Federal and State investigators realy do not want things to go…
Wael • January 15, 2019 12:50 PM
@Clive Robinson, @Thoth, @Vinny,
Right…
To which I have to ask “at what level”
Any! Specifications, Protocols, Architecture, Design, Implementation, Lifecycle management, OpSec, Hardware, Microcode, Virtualization layer, Kernel, Bootloaders, BIOS, UEFI, Firmware, Upper layer Software, Cloud, Services, API’s … and of course the geniuses1 that sit at layer 7 and above.
as I’ve pointed out before, perfect design can fail to poor implementation, perfect implementation can fail due to a poor tool chain and so on down.
Yes, so have I in our C-v-P discussions and more, which I need to start collecting again, as I said previously. Put it in one place.
That is the lower the level of bug/attack the less a developer can do to ensure the final result is “bug-free”.
Yes! An architectural bug cannot be fixed by an implementation change, generally speaking. And that includes the useless suggestions to change the implementation language from C++ to Rust, or whatever other crappy language the fanboys like. We covered that as well in the same thread referenced above.
But with Rowhammer and similar hardware failings where by the contents of one peocesses memory space can be changed by another process, then there is nothing the developer can do to stop bugs being introduced to their program as it runs.
I almost agree with you, but still: Rowhammer cannot reasonably be attributed to malicious intents. It can be root-caused to HW designers that did not take security into consideration, or failed to do the right penetration testing exercise. Who’s razor was that? Anyone knows what it’s called a “razor”? I do 😉
Thus no executing software on such systems can every be guaranteed to be bug-free…
It’s worse than that. The software in isolation is not guaranteed to be bug free until proven so (in a court of Security ___ , not in a Security Theatre.)
[1] Air quotes implied.
Weather • January 15, 2019 12:57 PM
Clive
In windows you can create a memory space and copy a DLL across, but you can also change Tib and kernal32. DLL data strings which will crash and pass control to the new alloc range.
You can set Gdt to segment code,stack,heap,os data in a program, doing this takes real memory address 82:7f80 to virtual address 0x00-7ff80 each virtual block can’t access another without being ring 0.
You can use xmm 128 bit register to mem move,add,sub,mul,div between vblocks.
Windows made a Api that ring 3 can access to do process injection, wouldn’t be hard to remove, but they would still want the os to do that, and it would only be a matter of time were you call a intrupt blind that does it.
Intel me engine uses int D9 with edx and eax set to values.
Wael • January 15, 2019 1:38 PM
and the decerning reader will see the message beyond the humor cover.
Here is an example:
I was telling @Ratio where to find the thread. But I will not send it to him in clear text
You didn’t think I’ll give you clear text, did you?
Line-by-line explanation.
There once was a cephalopod named Alice
Talking about a squid. Probably a Squid post. There is someone named Alice in the post. Search space still too big — need more search space reduction hints…
Who got a clear text from Corona borealis
Clear text? Some idiot is sending clear text messages, and his name happens to be Bob? SOB!
Corona Borealis? That must be far away. Probably as far back as I started active participation, assuming October 31, 2004 is when the Big Bang took place.
So little did Alice know
Alice did not have control on the method Bob choose to send the message! They previously agreed that the channel may have some snoopers. She did not know her name is Eve, though! And sure enough, eve was waiting!
It was dissected by a ho
The message was understood “dissected” by Eve, the Ho (she’s not supposed to be a nice person.) More hints to the title of the thread post! Thread search space has been significantly reduced.
Eve’s not the biatch! Bob’s the real Phallus
Eve is not at fault for having a free pass to read “confidential messages”, then she’s not the biatch — another hint to the thread content! Search space has now been reduced so much, it’s almost trivial to find. Still! The fault is not Eve’s! The real fault sits with Bob (the di*khead,) who choose to send cleartext messages.
Next time you see a lemerick, think what’s behind it 😉 Sometimes I’ll explain, sometimes I won’t (because I don’t know, but @Clive Robison or @Ratio will see something, and I’ll say: Yea! That’s what I meant.)
Summary is: I am telling @Ratio: After the pain you got me through, I’ll be a d*ckhead if I gave you a cleartext hint. I ain’t no Bob, the phallus 😉
Clive Robinson • January 15, 2019 4:53 PM
“Reasons to be chearfull”
I suspect quite a few people not just in Britain but Europe and other parts of the world to have a wry smile on their face.
UK Prime Minister had a historic crushing rejection of “her Brexit deal proposals”. So much so there can be little or no doubt about what Parliment thought of her two and a half years of farting about.
https://www.bbc.co.uk/news/business-46883147
The important thing to note is that the looming deadline of March 29 might not be of relevence any more. The EU has said that under certain circumstances they would delay the deadline for as long as necessary. But tucked in there is that they have a trigger threashold.
This “no” vote would have been borderline cause. However the crushing defeat was followed by opposition leader Jeremy Corbin tabeling a vote of “no confidence”. Which is sufficient reason for the EU to move the deadline.
Various EU leaders are saying in a diplomatic way that what is happening is madness as the danger of a “no deal exit” has vastly increased. UK business leaders are being quite a bit less diplomatic.
Supprisingly the money markets appear to have been pleased by the vote and contrary to what was expected the UKP rose slightly.
It will be interesting to see if the “no confidence vote” succeeds. If it does Mrs May will have to go and if the usuall protocol is followed then a general election would be called. Which it should be, because just recently her own party held a confidence vote in her and she scrapped through, so acording to her party rules she cannot be challenged again for a year. Thus a general election is the only way to get rid of her currently.
Mrs May PM now has a firmly established record of “Doing the wrong thing”, and I would expect nothing less of her than starting down the wrong path…
I think that what ever she does it will be at least a failure…
Weather • January 15, 2019 11:08 PM
Brexit
England o money to the Eu and unlike Greece…
Maybe a deal to send elecrity into the Eu grid, with payment overtime.
wowo • January 16, 2019 4:13 AM
Clarification:. The older document did NOT contain the word (“annihilate”)!
This pertains differential versionings.
Truly::. WowoW
Gerard van Vooren • January 16, 2019 7:44 AM
@ Clive Robinson,
If you like the humor of Yes, Minister, then this small video about Brexit is very funny. https://www.reddit.com/r/europe/comments/age0to/theyve_been_playing_the_long_game_yes_minister/
@ herman the troll, (sorry for the feeding)
You might want to ask Finland about that. One thing they ain’t is Slavic.
J.
Anders • January 16, 2019 2:26 PM
https://thehackernews.com/2019/01/voip-service-database-hacking.html
And Herman the troll…watch this!
RGL • January 16, 2019 4:05 PM
Summary:
Walgreens Pharmacy welcomes business partners Microsoft and Google to knock-down HIPAA medical privacy walls and rules. The key concept is big-data health care business partners are no longer classified as third-party advertisers.
Business Insider
Walgreens pharmacy has partnered with health plans like UnitedHealth Group and Humana, the laboratory testing company LabCorp, the grocery store Kroger. Walgreens reached another such deal with Microsoft. In December, it partnered with Alphabet’s life-sciences arm, Verily.
A Tall Tale
Walgreens new digital health corners will be the place where consumers choose to go as they start to ‘gain more power over their healthcare spending’. “At the end, the consumer will be in charge much more than today,” Walgreens CEO told Business Insider. “They will increase their power and they will be the final decider more than today.”
He predicted that the power of insurers and pharmacy-benefit managers would diminish, as consumers themselves increasingly choose where to purchase their healthcare[1].
‘Digital Health Corners’ to Pressure Patients to release Personal Health Information
MicroSoft and Google and Kroger are defined to be business partners to Walgreens health care operations under HIPAA rules. They will combine their extensive consumer dossiers with Walgreens pharmacy and insurers medical records.
Walgreens CEO stated his plan would be to link the data each partner collects and use it to make patients healthier. For example, should a patient with diabetes or high blood pressure consent to have his or her data shared, Walgreens might be able to get insights into the groceries they’re buying at its partner Kroger.
“We could give them enormous support because when they eat something that is not particularly healthy for them,” Pessina said. That way, Walgreens and its (non-medial) partners could work together to find personalized ways to help patients manage their condition[2][3].
https://www.businessinsider.com/walgreens-ceo-stefano-pessina-on-partnering-with-microsoft-and-alphabet-2019-1
These business operation partners are simply a ploy to leverage or circumvent HIPAA rules and bamboozle consumers into releasing their gold-mine of sensitive medical records to big-data advertisers. It is ethically corrupt.
This scheme is strong justification for a non-profit single payer health insurance system.
Recommendations
a) for unhealthy food do not use loyalty tracking cards. Pay in cash
b) charge only healthy foods to avoid medical surcharges, penalties and denials
c) pharmacy, lab-work selection has become of critical importance when shopping medical insurance
d) put a fit-bit on your dog
[1] this gobbleygoop ‘power‘ spin makes no sense. In reality your medial power/treatment is being released to non-medical Big-Data corporations to monetize
[2] You’ll need to justify buying dairy, meats, chips, pastries and deserts against:
a) Walgreens medical insurance partners
b) Google and Microsoft AI partner
c) auto, home and life insurance partners
d) your employers retention system
[3] if partner Kroger is on my medical team then why do they even sell unhealthy food?
VinnyG • January 16, 2019 6:29 PM
@Clive Robinson re: biometrics, DNA & legal compulsion – Unfortunately, at the rate at which two-legged sheep are submitting family relationship data to for profit organisations that knit the data provided into larger swatches of fabric (e.g., ancestry.com) and sell the results to anyone with sufficient ducats, it may not matter for much longer whether or not the individual can be compelled to furnish a personal sample. In just the past week, I have read of two cases where a suspect was arrested due to correlated family data and DNA provided by (or harvested from) a relative.
JG4 • January 16, 2019 8:28 PM
Thanks for the ever-helpful discussion. The entire situation can be derived from first principles. I prefer to work with the a priori assumption that I own myself and my effects, including my brain and its output. They prefer to work with the a priori assumption of guaranteed profits.
https://www.nakedcapitalism.com/2019/01/links-1-16-19.html
…
Big Brother is Watching You Watch
Teachers are scanning students’ brains to check they are concentrating New Scientist (Dr. Kevin)
Ajit Pai Gives Carriers Free Pass on Privacy Violations During FCC Shutdown ars technica
Engineers 3D print smart objects with ’embodied logic’ Science Daily (Kevin W). I want my toaster to toast, not to be “smart”.
…
Alyer Babtu • January 18, 2019 8:40 AM
Side-channels done right !
vas pup • January 18, 2019 12:38 PM
@all:
https://www.bbc.com/news/world-europe-46917989
At least in France they do not bring kids as living human shield against legitimate police activity to suppress violence (as in US widely take place).
Kids up to age of 21 (or 18) should be banned by Law to participate in mass protests (peaceful or otherwise) because crowd is always ‘pregnant’ with violence.
“Should we return good for evil/ We should return good for good. For evil we should return justice”(Confucius).
I stick for stench Skunk- type as preferred type of violent crowd keep in order.
Clive Robinson • January 18, 2019 5:33 PM
@ VinnyG,
it may not matter for much longer whether or not the individual can be compelled to furnish a personal sample
A number of people have indicated they were falsely arested by UK Met Police, specifically to harvest their DNA…
As others have noted LEOs will do as they please irrespective of what the law or judges have told them they can not or should do.
So a goodly number of people who have had their DNA taken illegaly and a judge has ordered the destruction of their records have found out their DNA is still in a criminal offender database…
Faustus • January 29, 2019 8:47 AM
@ Vas Pup
Non violent people should not have to hide to avoid being shot by the police. And people have a right to speak.
A badge should indicate a willingness to take risks upon oneself, not push them onto others. My abnormal psych class let me know that police and criminals score the same on personality tests on average. (Granted the professor took this as a problem with the tests, not the officers). When I was a young man working in Queens, mob connected youngsters had to decide between jobs as coke dealers or police and firemen!
Police powers often attract the wrong kind of people. Of course there are shining examples of great police officers too.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
RGL • January 11, 2019 4:53 PM
Facebook’s Beautiful Nightmare Series
Kimberly Foxx, a state’s attorney, the top prosecutor in Cook County, Illinois has outsourced law enforcement to a class-action attorney. Class-action lawyer Edelson, having now been given the role of a Special Assistant State’s Attorney thanks to possessing the “required legal expertise,” as a court order confirming his appointment put it, aims to punish Facebook for violating The Illinois Consumer Fraud and Deceptive Business Practices Act.
It carries massive repercussions, including $50,000 in civil penalties per violation, injunctive relief and — if egregious circumstances call for it — a lost business license to operate in the state. That’s right. Theoretically, Facebook could pay billions and be prohibited from offering its service in Illinois if it loses this lawsuit.
Does profit motivation perversely self-correct injustices[1]?
https://www.hollywoodreporter.com/features/how-an-experimental-billion-dollar-lawsuit-could-clobber-facebook-1174468
[1] In absence of the congressional GDPR vacuum created by ‘I’m sorry, did I take my stupid pills today?’