Schneier on Security

Clive Robinson • November 30, 2019 3:20 AM

@ Anders,

As the author Sorell Slaymaker says,

We can limp along in the IPv4 world for years, as we have done for the past 20 years, until something truly better comes along.

But he has forgotton the lesson that the Internet almost always gives. Which is,

Backwards compatability is the excuse not to replace anything

So when he says,

NDN has the potential to be that truly better approach as the type of traffic on the Internet changes (lots of video and content), and the needs of the Internet change (more security).

He is just repeating what they said about IPv6 back in the mid 1990’s almost to the word.

That is whilst “potential” is good enough for “new” ideas it is in no way good enough to “replace” existing technology, especially that which has countless millions of man hours invested in it.

The simple fact is people like the author have blinkered vision due to their rose tinted glasses. They see the rapid pace in consumer PC’s etc, but do not see just how much is embedded and can not or will not be changed untill it reaches it’s End Of Life (EOL) some 25-50 years from when it was designed[1].

I’ve mentioned this problem for many years on this blog you can look up “frameworks” and “NIST” against my name on a site search to find what I’ve said about how to fix the problem but it’s something we should have done atleast a quater of a century ago, now it might be “to little to late” for a half century or so after, should we take the plunge, which is unlikely[2].

[1] Worse many who went to all the effort of “building IPv6” into product just to see it never used see it as “having been sold a pup”. Thus they are likely to treat the same sort of idea sold the same way as “a festering pile” and take care to avoid going down the same waste of effort again.

[2] You can see the same problem in the mobile phone world. The service providers want to get rid of 2G, but they can not. The reason is the vast number of infrastructure embedded systems such as traffic light controlers, and pumps, valves, switch gear and even railway engine control systems and construction cranes. All using 2G interfaces because they were available at the lowest price at design time, and more importantly would “work where there is a signal” unlike 3G, 4G, LTE etc etc later protocols. Thus there is billions of dollars of investment in 2G that is “critical infrastructure” or similar in nature and as “any income is better than no income” the service providers will grudgingly keep supporting it.

Clive Robinson • November 30, 2019 2:23 PM

@ tds,

In the Facebook article you will find the name “Nick Clegg” whilst it may not be familiar to many, the man was the UK “Deputy Prime Minister” during the “David Cameron” Conservative Party coalition years.

For various reasons he had to leave his political party the Liberal Democrats and some say he has irreparably harmed the party.

The fact that it is a questionable politician making decisions about false claims by other politicians etc would in most cases be considered a clear case of “conflict of intetests”. Especially as the UK General Election is less than a couple of weeks away…

You can gather a little more insight into Mr Clegg from,

https://www.theguardian.com/technology/2019/jun/24/nick-clegg-facebook-brexit-vote

Clive Robinson • November 30, 2019 7:38 PM

@ vas pup,

Ahh “energy security” is as PG&E customers in California are discovering a very serious problem[0]. That is the power grid for them is now far from dependable in anyway shape or form.

It takes no great brains to work out that without energy security, ICTsec is taking the back seat in the bus…

With regards,

In lithium-ion batteries the gel inside, the electrolyte, can combust.

That reads badly and it’s more complex than that, especially when you consider most high density chemical energy storage systems are a significant combustion risk[1].

There are several problems with chemical energy storage systems that use changes from one chemical to another. Firstly they are generally not very “energy dense” when compared by mass which is why lithium and hydrogen are investigated. Secondly they tend to be quite inefficient when you check total energy in to total energy out, even though some systems are more efficient over a limited range of their charge/discharge curves. Thirdly is the limited number of cycles in a battery life, there are various reasons for the observed “memory effect” some are due to chemical poisoning, some due to crystal formation others due to plate errosion etc.

Put simply electrically rechargable chemical batteries are about the worst form of energy storage system we have by any given measure.

For instance have a look at “heat storage” by either “latent heat” or “Phase change” materials they have charge cycles in the tens if not hundreds of thousands range. Their actual energy in to energy out efficiency is better than most electrical energy storage cells. Because they don’t need complex fine tolerance support structures they are generally considerably lower mass for equivalent storage.

In fact if it was not for waters low boiling point, and significant volume change on freezing it would make a better energy storage system than many electricity rechargable storage systems.

https://m.youtube.com/watch?v=ryJmtItfaXQ

But phase change is more interesting for various reasons but is not difficult to manufacture,

https://m.youtube.com/watch?v=VdagQ5_cx7c

The other thing you don’t get to see very much of is combined photovoltaic and thermal pannels. Put simply less than 20% of the energy of direct sunlight hitting a solar pannel gets converted to electricity, the rest becomes heat, and above certain tempratures solar cells become less efficient, thus keepeng them cool is a good idea. Adding a thin copper pipe to the back and thermal insulation adds very little weight but can give significant thermal energy that can be used via a compressor or similar to heat thermal storage cell with about double the electrical kWH.

The simple fact is the likes of PG&E won’t sacrifice profit for reliability, thus people realy have to start considering not “going of grid” but “being put of grid” by the operators. Whilst domestic generators are one solution they are noisy, smelly, dangerous and easily stolen, worse getting fuel to them is ridiculously inefficient. Whilst you can modify generators to run off of the domestic gas supply in many places that would be actually illegal and domestic gas is not always available. Thus where legal, the use of solar pannels and wind turbines will with appropriate storage cover most homes for lighting. The big problem is heat and cold, that is using electricity to heat a home is rediculously expensive and at between a half and one and a half units of electricity (kWH) a day fridges and freezers are bad news as for chiller type air conditioning how long do you want the rope to be? The simple fact is our domestic electricity needs have more than doubled in less than two decades and central generation of power via traditional means is nolonger sensible.

Thus for our own security we have to consider how we store energy in it’s various forms, not just short term daily but longer term even out to seasonal. Much as our more distant forefathers did in the past with “ice houses” for refrigeration and “hay boxes” and cauldrons and large mass chimnies for slow cooking and slow heat release for safer heating over night. Though hopefully in more efficient but not necessarily more high tech ways.

[0] PG&E are effectively bankrupt, the reason being they put profits over investment and maintainence (something I’ve been warning about for quite some time). The result in PG&E’s case was not solar flares but something more down to earth, it was many wildfires caused by their power distribution, poor maintainence not just of equipment but lack of cutting back growth on the land they owned and the resulting law suits. PG&E claim something along the lines that it’s not their fault but “the wind”… Any way it’s hurting people,

https://www.latimes.com/california/story/2019-10-10/pg-e-california-power-outages-grid-climate-change

[1] Remember both water and carbon dioxide are products of combustion, and they are both subject to being reversed back to their combustible components by the use of electricity.

[2] You can thank my son for the U-tube links, he’s studying engineering and energy storage systems was something he did as a project.

Clive Robinson • December 1, 2019 9:49 PM

@ Sherman Jay,

That suggests we all need a reliable secondary energy source because we can no longer trust the profit-driven corporate utilities.

If we are alowed to… It’s no real secret that certain US utilities have been vigorously lobbying to make “off grid” or anything that even remotely looks like it illegal…

Clive Robinson • December 2, 2019 4:14 AM

@ Wesley Parish,

Speaking of energy security, Auckland a few years back had a massive blackout – IIRC, at least 200 000 houses lost power.

Which one 1998 or 2006?

https://en.m.wikipedia.org/wiki/1998_Auckland_power_crisis

https://en.m.wikipedia.org/wiki/2006_Auckland_Blackout

It’s interesting to note that the NZ politicians only consifered “energy security” after the second event. Whilst Auckland is in a geographically challenging position, lack of investment and maintainence should not be excused by that (which is what the company in the 1998 event tried to do).

I remember the first because it had an impact on work I was involved with at the time. But also I read Peter Gutmann’s[1] acerbic comments at the time[2].

These major outages happen rather more frequently than we would like,

https://en.m.wikipedia.org/wiki/List_of_major_power_outages

But before power grids started getting going we had telegraph networks, and these got taken out by bad “space weather”. A solar storm in what is now called the Carrington Effect

https://en.m.wikipedia.org/wiki/Solar_storm_of_1859

Should such a coronal mass ejection happen today most of our electronics if power or communications grid connected would suffer some irreparably so. As for the grids well power transformers would take a major hit and would probably not be replacable within 10-30 months. Thankfully more and more comms is moving to glass fibre, however many have protective steel wire cladding that could melt like a fuse, and in the process destroy the glass fibers.

But there are other “networks” that have to be considered gas and water are dependent on electricity to function, and the sewerage system though mainly passive is dependent on the supply of water. Thus as NASA noted even your toilet can be effected,

https://science.nasa.gov/science-news/science-at-nasa/2009/21jan_severespaceweather/

[1] https://www.cs.auckland.ac.nz/~pgut001/

[2] The text document is somewhere on Peter’s old web site, but I can not now remember the route in to it.

Clive Robinson • December 2, 2019 2:56 PM

@ MarkH,

How is it possible for a mixture of CO and hydrogen to spontaneously react under the conditions in gaseous fuel storage and distribution networks?

Simple pressure is enough (think about the Diesel process, or the school demonstration woth a glass tube with a bit of cotton wool at the bottom that when the ram rod is pushed in spontaniously combusts). It’s why the old “town gas” mains were all low preasure thus limited range[1] unlike modern “natural gas” mains where the pressure reduction mechanism is part of the gas meter.

From what I was told by people who worked in the industry back in the 1950’s the early scrubing out process was quite literally a large chamber like a very large boiler. It was about one quater filled with water with a rotating brush mechanism a gas inlet and two gas outlets. One gas outlet was towards the top of the scrubber and pulled out mainly hydrogen[2], the other lower down pulled out mainly carbon monoxide. The mass ratios of the gasses was such that the hydrogen in effect floated on the carbon monoxide and just pulling the gasses in the right quantities effectively seperated them. The water also moved through the process and brought out all sorts of hydrocarbons as an,”emulsion” that would have otherwise “gummed up the works”. However that emulsion could also be sold as a product for other processes and was at one point used as an addative to soaps.

I would have very much liked to have seen one of these scrubbers as I have an interest in industrial history, but I gather they were all sold for scrap value.

[1] The preasure problem was one reason[3] why there were so many “gas works” almost every town had one along with a gasometer or three.

[2] What is often forgotton is that the “town gas” was mainly a “waste by product” for making high quality coke for the iron and steel industry and turning hydrogen into ammonia via the Haber process for feed stock for many chemical and industrial processes. Originally town gas was not well scrubbed because the hydrocarbon contaminates made the carbon monoxide burn not with a pale blue near invisable flame but a bright incandescent yellow suitable for “gas lighting” (though the soot was then around 80-90% of house hold dust, not as it is today skin/hair cells). As the coking process was improved the carbon content was reduced and simple jet burners nolonger produced light, thus either gas mantals had to be added or where town gas was made specifically for lighting gas, a hot brick carburetor system was added that added carbon from atomized fuel oils.

[3] Whilst town gas can be upto half hydrogen depending on the generation process, storing hydrogen or even putting it in metal pipes especially cast iron ones is considered a realy bad idea. Amoungst other things hydrogen makes metals brittle with rapid ageing, thus become not just weak but loose any kind of flexibility thus susceptable to vobration. The last thing you need is “gas mains” fracturing under roads or buildings. Which is also a reason why with the introduction of natural gas, many cast iron gas mains were fairly quickly replaced with various plastics.

Clive Robinson • December 2, 2019 5:43 PM

@ vas pup,

The bug lets attackers create fake login screens that can be inserted into legitimate apps to harvest data.

The general idea behind this class of attack is not new. Have a look for “I/O Shim” attacks and similar end run attacks.

In essence what happens is a shim (overlay) gets between the I/O devices (screen/keyboard) the user perceives and the target application input and ouput channels. Whilst the user enters in correct information the shim can act as a MITM on the device and send false commands to the application whilst also stopping the user seeing any output from the target application that might warn them they are under attack.

The number of ways you can come up with individal instances of this class of attack is large, so whilst an instance might be new the underlying principles are the same, thus most likely there will be more instances of this class of attack yet to come.

So there are two basic lessons to learn from this,

1, There is no such thing as a “safe Playstore application”[1].

2, Never do anything involving PII IP or money etc on a system you can not trust[2].

Not abiding by these rules means you will get hurt when your number comes up[3].

[1] The “walled Garden” idea has never ever been secure, nor can it ever be. At best it can respond long after the event to new attacks that the owners of the Walled Garden can not ignore. This issue was fairly well known last century, back atleast as far as the first machine ciphers.

[2] Walled Garden devices or anything with a “Trusted Module” you do not 100% control are “Not owned by you” thus you can not trust them. Unfortunatly more and more personal devices can nolonger be trusted. The only way to have a system you can trust is by moving the security end points off such devices. This has been known for atleast several centuries if not millennia hence the reason we had ciphers and code books.

[3] The Internet is so insecure in so many ways that just about every personal device and the computers used as servers are full of vulnerabilities waiting to be found and exploited. Thus it is a very “target rich” environment, that is the number of targets far exceeds the ability of attackers to exploit them. Which means whilst your devices are vulnerable, it is a matter of probability as to whether your device is attacked or not, likewise if the attack is successful.

Clive Robinson • December 3, 2019 12:53 PM

@ tds,

Regarding Facebook’s policies, Clegg, and your link, I found this quote interesting.

It’s a case of,

The more you dig the more you find.

With each shovelfull being that little more scary than the one before.

It quickly gets to the point where you don’t want to dig anymore because you think you are becoming paranoid…

Clive Robinson • December 3, 2019 1:24 PM

@ Wesley Parish,

Well, I live in hope that some Angeleno comedian or maybe from San Diego, who knows? – will be compiling a list of the excuses their statewide power company comes up with, and have some fun with it.

One can but hope, as they say.

Though I have to wonder when you see the entirely predictable mess that PG&E have got themselves into, just who wins at the end of the day.

Yes I know the lawyers will be on for atleast 30% win or loose but like all bottom feeders, they are simply feasting on those that have fallen in a previous combat.

We know enough that all combat is destructive and at best, both clears the ground and fertilises it for new growth with the fallen. But the price is high extrodinarily high, so much so that you would conclude the results can not justify the means…

But yet, that is our chosen method of progress, assuming every conflagration must have within it a Phoenix.

To say it is madness says much about mankind, which is why I guess we need a sense of humor…

Clive Robinson • December 4, 2019 7:48 PM

@ vas pup,

Russian president warns over expansion of US space force

Which is actually a sensible thing to say as it’s true, even though US Politician’s might regard it as, “inflammatory”.

But with regards the article, it is not exactly accurate. For instance,

The US, Russia and China are all believed to have tested weapons that could destroy a satellite in space.

Firstly it’s not “believed” but known (I’ve mentioned it before). Secondly the most recent member in this club “India” has not got a mention[1] which is odd…

But other nations have not been mentioned including France and the UK.

Even though the UK nolonger has an independent “launch capability” they have been at the leading edge in development of “de-orbiter” technology.

De-orbiter technology is just as “Space Wars” technology as co-orbiter kinetic kill missiles / satellites. But is actually rather more advanced (compare as using a butterfly net rather than just throwing stones). De-orbiter technology is –unlike co-orbiter technology– designed to not fill space with junk that could cause a very destructive “chain reaction” known as a “Cascading Kessler Syndrome[2].

[1] Nor for that matter has North Korea, Japan and even New Zeland where “believed” is more appropriate. Put simply if you can get a “cubesat” or larger up with “station keeping capability” then co-orbiter technology is a relitively easy next step. The design of such devices is well within the capability of under graduate students as a “group project”.

[2] A Kessler event / cascade becomes more likely as the number of satellites in orbit increase in number. Around 2014 prior to India’s little “keep of our grass” demonstration it was estimated there were about 2,000 functional commercial and government satellites on various Earth orbits. However it was also estimated there were around 600,000 pieces of space junk in the 1cm to 10cm (2/5ths to 4 inch) range capable of damaging or destroying a satellite which on average was happening once a year. Getting this junk out of space without creating more junk is what various de-orbiter technology is all about.

Clive Robinson • December 6, 2019 4:19 AM

@ SpaceLifeForm,

[CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections.

It uses basic active and passive traffic analysis techniques to get much of it’s information which does not surprise me in the slightest (I’ve warned about not doing packet, channel and stream stuffing for some years now on this blog and other places).

For some reason most using encryption do not think about what length / size information of packets reveals about the type of encrypted packets, likewise blocks of packets and their rate about the type of communication in the channel. So a webpage download size can be cross correlated by number of packets seen on VPN with number of packets seen by accessing the server on another channel to determine which page has been downloaded. Fixed rate traffic in a non fixed rate channel reveals interactive services such as voice or video, and so on.

At each level of the network stack there is information leakage by length/size that a traffic analysis attack can be made for. Often they can be passive “observing” attacks so you have absolutely no idea they are being used against you. Even active attacks if used with judicious care will probably get written off as “noise” or “unreliability” or some such.

This is something that has been known since before the NSA and GCHQ existed and was actually published in the likes of Gordon Welchman’s book in the 1980’s and the work of Duncan Campbell that got Maggie Thatcher’s panties so tightly waded she went off the reservation with DORA/OSA court cases (which notably failed much to her annoyance and embarrassment).

Importantly it’s why I’ve talked so often about,

Encryption is not enough

And why the likes of secure networks especially those carrying low latency channels need to “stuff” and intersperse other traffic such as Email etc where latency is not an issue, even adding null padding packets. Such that the overall channel sends data at a constant rate for as long as it’s in use. Thus switching from what is “packet switching” which hemorrhages information to constant rate “circuit switching” that does not.

Now these researchers have done the initial “leading edge” proof of concept, I would expect a bunch of “Me-too” similar attacks in the next few months.

Clive Robinson • December 6, 2019 7:54 AM

@ Thoth,

the usual Intel response is the shrug and walk away

With a “pre anouncment share sell off?”…

Perhaps it’s time we had a “Birthday round up” of all the faults such that people don’t forget Intel, and thus might be inspired to seek further examples to keep it nice and toasty for Intel and others who don’t take security seriously…

Intel might consider themselves “to big to fail” or “be subject to remonstration”, but as Bill Gates once pointed out about Microsoft he did not expect ot to go on for ever, as that is not the way of things.

It would be nice to see certain Intel execs realise the same as thr ground gets cut from under their feet.

@ ALL,

Another bit of madness from the UK Government,

https://www.csoonline.com/article/3447856/uk-government-gives-36-million-to-arm-to-develop-secure-chips.html

Remember ARM used to be a major UK company, that the current encumbrents alowed to be sold to a supposed Japanese Bank, that appears to have got funding from China. Resulting in a bit of ARM and it’s IP ending up in China…