comments are supposed to be in
71 posts • joined 1 Jul 2012
comments are supposed to be in
just ask the FBI : why can't they crack that iPhone ? can't even get past a 6 digit passcode?
not if it's administered properly
biometrics are just a scheme to eliminate anonymity -- and -- they suffer from the disastrous problem: once compromised you can't change them .
Bruce Schnieer notes "Complexity is the enemy of security" He's right, as usual.
and HTTPS / SSL is a perfect example: the session key HAS to be generated by the CLIENT
when the session starts you have only half of a PGP secure link: client has the public key for
the server and the the sever holds the corresponding private key
what this means is: the client can authenticate a message from the server -- but the server
cannot authenticate the client except for the use of a user ID and password .
for this reason the session must start with the server sending an signed copy of its letterhead
to the client . the client can authenticate this -- using the X.509 certificate it thinks*
belongs to the server it is attempting to connect
if the letterhead authenticates then the CLIENT can generate a session key, encrypt it for the
SERVER and send it. it cannot be done in reverse because the server does not have a public key
for the client. end of story.
simplicity is the answer.
* x.509 certificates are printed and broadcast like losing lotto tickets. we must develop a
process wherein the CLIENT has a PGP key and is able to SIGN for TRUSTED x.509 certificates.
this will require the development and deployment of a KEK device: you cannot use smart phones
for this: you must use a single purpose device so that updates can be STRICTLY controlled .
to envoke the All Writs act to force assitance you must meet the 3 tests
the last one asks "is this necessary"
in the case of AAPL: no: it is not necessary
all that needs be done is: have the cops FedEx the "subject device" to Cupertino; include a check to cover the costs, and a copy of the search warrant as required by law .
AAPL can the give the feds/cops the data they demand without releasing a backdoor package . cops that lose their personal side arms in bath rooms and leave them in cars in front of the white house and hang out in the brothels of Colombia cannot be trusted with sensitive software .
the big factor in hacking is insecure operating software
an operating system that allows itself to be compromised by the activity of an application program is not secure and is a serious risk if used in any application where security is required .
quit treating the symptoms and face the music
it is generally conceeded that "complexity is the enemy of security"
if you look at SSL/TLS you can see the start sequence is overly complex. let's review:
what you have, when the client first contacts the server:
the client has an x.509 certificate that it thinks is correct for the server;
the server holds the corresponding private key but DOES NOT have a Public Key for the Client;
if you examine this situation you'll see that initially:
the client can send a secure message to the server bu the server cannot send a secure message to the client . this is because the server does not hold a public key for the client -- and this is normal
as a result: on initial contact: the server must send an encrypted HELLO message to the client. the client can verify that this is in fact from the desired server becuse it holds the x.509 certificate for that server. or at least this is supposed to be the case . we proceed on the basis that the validity of the x.509 certificate is questionalble and that that issue must be resolved in order to proceed with secure communication
once the client has validated the server's HELLO message then the CLIENT must generate the session key. this is done using the server's x.509 certificate as the _ key encryption key _ ( "KEK" ) .
once the server receives the session key the dialog can proceed with messages encrypted using the session key .
as things stand now the client has no way of knowing which x.509 certificates are valid. these are broadcast like newspapers and fraud has already been discovered on several occasions . this is the REAL problem with SSL/TLS
to fix it the client needs a KEK device that can be used to countersign -- and thus to validate -- x.509 certificates . only important x.509 need to be validated and the client will need sources with which such verification can be effected . this is the REAL issue with SSL/TLS.
we've been whacking that same old mole for 10 years
time to throw that game out the back and down the alley
fixing stuff that's broken is basically a defensive effort,-- something we only do to stop loss
as there is no product liability for software there is no loss for defective work . until that issue is addressed no one will give up the glitter of the new announcement for the drudgery of fix and repair .
i see they offer the source code
i didn't think they would
i will not be receiving the update: i took my Windows/7 system off the net.
there are only 2 apps on it i still need to use and they work fine offline
everything else is on Linux now
1. before any discussion of security can begin you have to have a secure operating system. a secure O/S is one which will not allow itself to be compromised by the activity of an application program and which prevents any one application from compromising another application.
it is generally agreed we don't have such a system although it is also agreed some options are much better than others. Get LINUX.
2. with LINUX you get the Thunderbird e/mail client, ENIGMAIL and the Gnu Privacy Guard -- GmuPG -- all included. and all this stuff is free.
3. n.b. nobody is going to do this for you; nobody is going to give you security.
4. generate your key-pair and start learning.
is the above article news or propaganda? at times advertisers will attempt to use articles that look like news in an attempt to fix into the mind of consumers that x, or y, or z -- is "where it's at" -- "everybody's doing it and so if you are lagging behind you're a luddite"
it's just a marketing ploy.
cloud computing has two problems: 1 network latency and reliability, and 2 privacy
"cloud computing" -- just ain't where it's at: it's a Bad Idea at the start.
MSFT does not produce a secure o/s . their o/s is intended for other purposes and is un-acceptable in a network environment. their o/s will be phased out as soon as critical applications can be ported to secure operating environments . this is a change that has to happen .
it would be news,-- if flash went for a week without needing a patch
does anyone still seriously believe this is all due to sloppy work or just oversights? Santa will bring you everything on your Santa Letter! :)
the Corporate Intranet -- must be carefully isolated from the Public Internet. Otherwise troub;e is sure to follow.
Samsung: this is a good way to get onto the DO NOT BUY list
go back and figure out a better way.
this is another band-aid,-- and it does not address the Core Problem: an application program should not be able to affect(compromise) its host operating software.
hacking involves corrupting a program that is already running via which privilege escallation may be obtained,-- thus to corrupt the o/s itself.
this fundamental issue must be corrected if MSFT/Windows wishes to become a viable commercial OS
the it industry made two errors. both stupid, like dropping a ground ball:
1. no specification for routing ipv4 onto ipv6 was made as part of the standard.
2. mobil devices were allowed to have ipv4 addresses.
Cohen is right on each point.
it doesn't make sense for average users to foot the bill for every high-volume video enthusiast.
I would dearly love to see the national cable plant changed to fiber optics with speed in the 100GB range so that we could exchange video like we do jpegs .
but that's down the road a piece. things will all be different before we get there .
you forgot John McAffee
one of my favorite terms is "sophisticated attack". it seems to be a favorite of the media.
and when you get info on the issue they always seem to be the same old crap. after a while one would begin to think this stuff is just so much propaganda: some elements of the industry want us to think security is not possible. that would indeed be propaganda. has anything Bruce has written dispelled this concept?
articles around the net late last week and this morning report that google yanked the app control feature out of their android. yeah, go figure.
they call it 'market research'. market research is gathering information about customers so that marketing campaigns can be conducted. these are more successful when they are directed to a selected or 'target' audience.
any type of communication that you participate in can be used to facilitate this 'market research' -- Web, e/mail, social nets, phone systems, ...
an article offered by Bruce Schneier recently suggests that the NSA isn't the real villian but rather has simply started to participate in the process.
there is no need for anyone to build anything. for secure mail what you want is already available,-- for free.
start by switching to Linux,-- I recommend MINT
read and follow instructions regarding maintenance: stick to the official software store.
switch your e/mail to a commercial supplier -- not one of the free ones like Hotmail, Google, or Yahoo. I use Charter, and CoreComm services.
next switch your e/mail onto the THUNDERBIRD client -- that comes with Linux/MINT (also Ubuntu if you prefer ). spend a little time learning to use Thunderbird. it uses IMAP servers -- so you can share mail on your iphone (that isn't encrypted) .
activate the ENIGMAIL plugin on Thunderbird. this uses the GnuPG version of PGP.
use the OpenPGP dialog on Thunderbird to generate your PGP keypair. set 1 year expiration date; load your public key to the keyserver. be sure to generate and save the key revoke certificate (JIC).
locate, dowload, and read Phil Zimmerman's essay on PGP, paying particular attention to the section on protecting public keys from tampering. learn what the Trust Model is -- and how to control it.
find a pardner to begin exchanging PGP mail with
remember there are 3 main advantages to PGP (ENIGMAIL) mail
authentication allows you to ascertain with reasonable certainty that an e/mail is from the party which clains to have sent it. without this i can send you an e/mail and mark it from anyone i want -- your boss -- or Nixon or Kruschev
integrity allows you to be reasonably sure that you have a correct copy of a message; that the message has not been modified in-transit by someone using (e.g.) a "Man in the Middle" attack. This is CRITICAL for software distributions and financial transactions .
security allows you to encrypt messages so that you can be reasonbly sure only the intended recipient can read them . this is a lot better than putting a disclaimer in your signature block saying something to the effect "if you weren't supposed to get this please cover for me, thanks"
NSA can still apply a traffic analysis on you: ascertain who you are talking to and this won't ever go away on public networks -- switched circuit -- or packet switched . but to get the messages now they have to hit YOU with a subpoena. hitting your ISP won't help: Your ISPcouldn't read your traffic in any reasonable timeframe or at any reasonable cost -- no matter how much they wanted to .
remember though you are subject to the AUP you signed with you ISP. the government could tell ISPs that PGP mail traffic must not be allowed. in which case we'll come up with a new Plan .
in the first place a computer is not a printing system
disconnect the printer and take it to the recycling center. now that you have that done you can also junk the fax machine. use computer output fax for those who are still mired in paper base systems .
now: (1) install dual monitors so you don't need to print documents that you need to reference while working;
(2) get a nice tab so you can review dox while away from your desk.
i've known more that one person who felt they had to print out an e/mail in order to read it.
Word is a "pita"
fortunately msft strong-armed the ISO into adopting their ooxml standards for the new iso open document standards.
i note that LibreOffice v.4 is now better at compatibility with the hated ms/word . hopefully others e.g. Google Docs will join in breaking this nasty ms/word monopoly like a punkin after Halloween
actually the whole mess known as msft, aka ss redmond -- needs to go under. i think it's well on its way: from a security standpoint -- which is a requirement for online computing -- ms windows os is simply un-acceptable.
ladar's error is in having an alternate decryption key.
of course you would have to wonder: if he was using x.509 certificates and SSL -- rather than real PGP -- what was he thinking
evidently that was the problem: he wasn't thinking .
becomming snoop proof is a 2 step process
1. clean up the end-points.
this requires that the end-point be subjected to a software intentory and audit to insure that all and only the desired software is present. open source o/s preferred
you cannot have a meaningful discussion about encryption until you have satisfied (1) (above) .
2. use GnuPG -- again open source -- to authenticate and secure communication links. this is a task that each user will have to learn and practice . the current practice of thransmitting masses of x.509 certificates authenticated by massive "Certificate Authorities" -- has been compromised on occasion and has ben the subject of significant inquiries by good COMSEC folks.
how long havn't you know that?
you mean make it like msft/windows? FT
if you do design an improved micro kernel os you need to make use of ring 1-2 as wellas just 0,3 so that kernel related processes -- which are privileged programs -- run protected.
they now force user to use a "Single Signon" to access both their Ubuntu1 drop-box as well as the BBS
this is not regarded as a "best practice" : anything of a sensitive nature -- should have a separate password. and your drop-box may be sensitive -- depending on what you use it for
I guess we all need to learn to cuss in Finnish!!
seriously Heaven forbid we were without Linus. I personally think LINUX may be capable of correcting some of the extreemly bad thinking that has been incorporated into some software -- which now causes a LOT of Security Trouble
that's because there are no certification tools available to test for un-authorized programming. Wolfgang Stiller (Stiller Research) taught us how to do it with his Integrity Master product
you boot from a separate read-only media and make a list of all the software on the subject machine. include CRC, date, and size of modules. check this list against what is supposed to be there. if you have what you're suppose to have, not of it changed, and nothing extra you are good to go.
it will take an FTC rule to force the industry to adopt this practice. a better practice is to stop using vulnerable operating software
Thomas Jefferson, 1821: "...when all government... in little as in great things, shall be drawn to Washington as the centre of all power, it will render powerless the checks provided of one government on another and will become as venal and oppressive as the government from which we separated."
one of the Critical Questions that is missed by security systems is: WHICH PROGRAM DO YOU WANT TO USE FOR THAT?
when you LOG ONTO your system you are given access to files based on WHO you are and the Ownership of any file you want to open
you might want to review this
for example, if you are running a web page do you really want your browser to be able toaccess anything you have access to ?? remember, it's you AND the web-page running your browser...
to control this you need AppArmor,-- or RACF
if you were interested in computer security you would study the methods used by attackers. The question for the hacker is : get code execution.
code execution could be a root kit or just a macro running in a word document or java running off a web page. no matter, it's important to ask: what can that code access, exfiltrate or manipulate?
now that we have polymorphic virus programs and millions of new samples appearing each year the virus scan is less effective that it needs to be . we have to monitor and limit program behavior.
I'm running Linux now, with my browser confined using AppArmor. It's a good package. Sadly, it's not for everyone.
you circulate the chilled water to heat exchangers inside the buiding
unless you want to take a bath
steele better check and see where mcaffee is hiding out these days
this is an effort to get rid of anoniminity
not everyone on ehte internet is a Good Guy so it is important to maintain you anonimity when you are online
there is nothing wrong with passwords -- when properly implemented
and if a hacker can get in via sql injection fingerprints or other scans are not going to help. if he gets in via sql injection he just takes what he wants
looking deeper, if the smart-phone user interface is un-acceptable then it's possible the PC ain't dead after all
we face a nasty backlog of badly written software that only runs on a specific version of an o/s which is making it difficult to dump XP . and Win8 ain't gonna help none .
in a very real sense an o/s IS a "hardware abstraction layer" . the o/s honors the system calls that an app needs in order to "do its thing"
i think Linux has made usable progress on this issue in Torvalds First Rule of kernel coding: don't break the system calls.
hopefully much of the obsoleted software can be ported to Linux.
two factor authentication is like adding a second deadbolt to the Front Door while the Back Door is left flapping in the breeze. "Two Factor" -- is solving the wrong problem: hackers don't generally attack that way:
they are using infecged apps, or application program faults -- to install malware into their victimes. this has NOTHING to do with uder id's and passwords.
sa called "two factor" identification will have no effect on hacking: hackers use the owners keys to install malware into the owners computer
for mobil devices this is often via an infected "app"
after the malware is into the owners computer then the owner is "pwned" and his\her computer does whatever the attacker wants it to do
using the owner's credentials
every hack report i see claims the attack was "sophisticated" . and then I find out it was via some crappy old bug the hackers use all the time .
it's time to eliminate the streaming protocol and replace it with buffering . all this means if you want to look at a long running stream you wait while the first 20% or so buffers to you rlocal device . with the speeds we have now this shouldn't matter mich and theres no reason video fanbois should expect to pig the net .
as I have noted in the past: the fundamental error here is that HTTPS bypasses the requirement for users to authenticate keys
this requirement is carefully detailed by Phil Zimmerman in his original PGP documentation in the section "Protecting keys from tampering"
HTTPS did not follow his requiremnts and got what they deserved
anyone using PGP ( or by extension x.509 certificates ) should generate their own keypair and sign any certificate that is used in a critical system. it should be noted that MSFT already does this for critical security bulletins .
the IT industry again is guilty of glossing over a critical requirement in favor of convenience
getting hacked ain't gonna be convenient
remember what Geo Orwell taught us:
"The Greate Enemy of Clear Language is INSINCERITY
lookup the International Covenant on Civil and Political Rights
Freedom of expression is subject to the following restrictions:
these shall only be such as are provided by law and are necessary:
1. For respect of the rights or reputations of others;
2. For the protection of national security or of public order (ordre public), or of public health or morals
it is obviously easy for a tyrant to bend the meaning of the above
as far as MSFT v Linus goes MSFT is its own enemy while Linus has an unlimited pool of allies generating Open Source Software.
The result: MSFT attempting to cram their style onto us (and make us pay for their stuff); Linus offering Freedom as the alternative at n/c
how will this play?
I think MSFT is retreating to the mobil and gaming area, leaving the desk workstations to Linus -- which various versions of Linux have already won the field for servers
as MSFT pushes into the mobil/gaming field they will face Google and Android on their other flank though...
"Half a league, Half a League, Half a League, onward ...
the thing Android needs is AppArmor for every App.
put an end to apps messing around where they should not be messing.