* Posts by David Shaw

207 posts • joined 23 May 2007


Australian prime minister blames 'state level' baddies for Oz parliament breach

David Shaw

Trust me Aussie PM, almost every bedsit in the world possesses this capability

Yes, and here's a youth who has blogged about pwning a nation, very similar to Australia, actually extremely similar to Australia , just without the extra "a" and an "l" - this game playing geek helpfully provides the terminal commands for scanning your own country, probably not advised at present.


Techie in need of a doorstop picks up 'chunk of metal' – only to find out it's rather pricey

David Shaw

Nice. Not much platinum here, but I did find a bar of iridium in a cupboard, rather a lot of iridium!

Over coffee, it was briefly considered that we should powder it, then sprinkle it as a thin layer - deepfake/create a new K-T boundary somewhere interesting. In 'old science labs' like mine, where you had nuclear research reactors & accelerators, it's rather a good idea to first stick a geiger-counter in the back of some of the older cupboards, you wouldnt believe the amount of ...

Q. What's a good thing to put outside a building of spies? A: A banner saying 'here we are!'

David Shaw

Re: Spanner in the works

the article in the Sun yesterday about Philip Hammond's failed trade talks with China, due to Gavin's spear-rattling at RUSI on Monday, make your point fajensen.

Confirmation appeaed in the FT today, there was supposed to be a high level declaration this Sunday, which now might not happen because of ourempt gun-boat threats?

who needs trade deals with billions of ppl?

Fun fact: GPS uses 10 bits to store the week. That means it runs out... oh heck – April 6, 2019

David Shaw

Re: Yay landfill!

@gene "Garmin because the maps are STILL about 15 years out of date in my area"

i complained to Garmin about this, whilst driving on a motorway in Spain that didnt exist on my 'garmin with lifetime-update maps(tm)', their response was extremely silly

"We are not responsible for errors caused by our Map Provider, "We simply provide the hardware platform for their maps" (praphrased slightly - but I got the message to foad)

So I now use Slurp, sorry Google, as at least it is somewhat useful to use all the stolen (crowdsourced) data from all the android handset tracking, with a bit of an overlay.

Fujitsu pitched stalker-y AI that can read your social media posts as solution to Irish border, apparently

David Shaw

Re: Completly missing the point

driving through the Mourne mountains one day security checkpoints. They were not fun

a bush on the roadside got up and pointed about twenty SA80's at me

Squaddie with very very large lethal weapon " What side of Belfast are you from? "

Me, (hopeless at troubles geography, east or west is best?) " Er.... Leeds "

and I wasn't shot, so it seemed to be the right answer , back in the days.

I did meet the guy (RSRE Malvern) who conceived & developed the first ever ANPR, for use at checkpoints in Norn Irn, and it was specifically for security use, (when designed anyway), and worked really well, a very neat design with the twin decision paths. ('Bob' gamed two competing teams for the recognition technology, both delivered, so both features were added into the first system)

The Swiss border, that I cross regularly nowadays, is stuffed with ~5GHz (or 60GHz?) transponders - typically & solely aimed at trucks, trucks have an LED bar. The actual 'Zoll office booth is quite often empty, most of the day - but occasionally they jump out of a bush at you, many miles from the actual crossing point. They have much smaller weapons than the paras, thankfully.

France have seriously mobile Douanes flying squads, who can be found 100 kilometres from any border, inspecting TV sets in transit for the prise peritel??

What's Farsi for 'as subtle as a nuke through a window'? Foreign diplomats in Iran hit by renewed Remexi nasty

David Shaw

Re: Seems like standard diplomatic practice

Yes, it was probably a retroreflector(*) that modulated the reflected RF, based upon the local ambassadors' audio changing the cavity dimensions slightly, almost the first RFID. Лев Термен also seemed to have invented remote infra-red beam bugging, attacking the windows of various western embassies in Moscow. Wikipedia mentions further that he first thought of (and demonstrated) interlaced scan TV, as used in PAL & NTSC, further fame!

(*) nice picture here of a quarter wave antenna & microphone in "the Thing" https://upload.wikimedia.org/wikipedia/commons/6/66/Bugged-great-seal-open.jpg

iPhone price cuts are coming, teases Apple CEO. *Bring-bring* Hello, Apple UK? It's El Reg. You free to chat?

David Shaw

Re: "Our users are hanging on to their iPhones a little longer"...

I actually have a few landmines here in the Research Centre; someone thought that it'd be nice to build a simple cheap 'ground penetrating' radar with 500 Watts CW at a few Megahertz, having tuned the RF to a nuclear resonance of some particular nitrogen bonds in the plastique. I built the tin box, filled it with landmines, and from not very far away blasted with high power, got no coherent responses. Did manage to get really good 'remote NQR' return signals from a bottle of di-nitro-toluene when that was tried instead.

er... I prefer experimenting with things other than deflagrating hardware nowadays, tho' maybe I should try my rNQRradar on a spare fruity 'phone?

David Shaw

I can't remember why, but my iphone speaker emits the dulcet tones of Joe Jackson et al , never get tired of hearing this as my ringtone

David Shaw

Re: "He used Turkey as an example, where the lira depreciated by 33 per cent"

except, on my visit last summer to a complicated part of Turkey, went to the local airport shopping centre where they had a Media-World/Dixons type shop. My PFY spotted the iPhone corner of the store, and from 30 feet away proclaimed them all to be fake Apple iPhones!

When we started to take them apart, metaphorically, they were average grade eastern rip-offs, yet somehow the shop had kept the genuine iPhone prices in stratospheric TL. I think they had a single genuine SE and very many fake devices. I gather that a lot of the current fakes are being aimed at Apple Store repair chain, so Cupertino has had to develop a 'genuine dead phone detector'

Previous to this I've encountered iPhone 4's, which turned out to be skin'ed land-fill android, stuffed into a nearly iP4 case. At least in China they were only asking thirty quid for that, in the street.

One to watch for , John Lewis was selling 128GB (real) SE's last week as a "special purchase" at £249, that's about all I'll pay at present for the genuine rounded corners. That was a reasonable deal. (Some watchers thought that Apple might have been market-testing as several truckloads of high GB SE's suddenly appeared on the US market at the same time, sold out in hours)

A few short packets: Cisco still Switchzilla, a neat Wi-Fi hack and more

David Shaw

thank you very much for this news Richard, much appreciated.

What happens when a Royal Navy warship sees a NATO task force headed straight for it? A crash course in Morse

David Shaw

morse plateau

my brief "morse" training session was held in Saudi Arabia.

I passed the G8 VHF license when I was fifteen, but waited until I was twenty-one to consider fully learning the code, I was working in the desert so had quite a bit of spare time. I bought a David Tong morse trainer, beautiful little device , ideal for practise. I wrote to David in Leeds, explaining that I needed him to post an export to my base in Riyadh, especially needed many many certificates of origin etc from Leeds Chamber of Commerce, and other random paperwork to pass the Saudi customs.

I waited the usual month for the Saudi post, (who sometimes 'accidentally' burnt their load of envelopes/parcels if they were feeling stressed) but I never got my morse trainer - instead, our company fixer (who knew a minor royal) came to collect me one day , with a police escort.

I was taken downtown , not to customs, but some ministry basement, something like the Ministry for the Promotion of Virtue and the Prevention of Vice (English acronym might be ISIS or AlQaeda, summat like that?) and a DATONG morse tutor was unboxed in front of me, turned on by the insurgent/officer, (DATONG thoughtfully fitted a 9V PP3) and beautiful loud 12 wpm random text was emitted into the gasps of the small audience. "Who are you communicating with", was their first question! "What are they saying" was the next, oooops. So my memory is a bit hazy but somehow I got the fixer to deny that I was me, to explain that I had no idea what the shiny box was, and that could I please go home. Shaggy summed up my then attitude with his "it wasn't me" pop-tune later.

Since then, I've loved data modes, admire the beauty of morse - but I should have had the foresight to ask Dr. Tong to leave out the battery , when Prince Turki bin Faisal bin Abdulaziz Al Saud's now notorious GIP henchmen were on my fiendish western intel plot, or whatever. My fixer , pbuh, obviously did some great work as I enjoyed the rest of my time in KSA, but ordered no more high tech toys from abroad... I was offered a full HF 100W transceiver by a departing colleague, but stuck with Sony HF RX portables, not wishing to push my luck. G8***/HZ1

If most punters are unlikely to pay more for 5G, why all the rush?

David Shaw

Re: Caps

x3 to x9 higher mast density


or better still, adopt the terminal to terminal decentralised ad-hoc networking concepts.

With the quantity of 3G, 3.5G, 4G & 5G mobes around, and a bit of a tweak in their waveforms, can easily build an autonomous system- but sadly not very centralised/slurpable/PRISM etc capable...the world would then end, or not. The existing mast infrastructure would be fine, but you'd probably be able to bring the average TX power down for both BTS and terminals by a factor of ten, battery life would go up quite a bit.

sorry as this is more beer related data, this time an esteemed RF prof from Sweden, his idea not mine

Watch out for the grey & black nodes from Gloucestershire that would then proliferate, but you'd be able to vote most of them away . . . certainly end of the world stuff, or not.

David Shaw

5G: it will be a genuine game-changer?

just a reminder here folks that the very first release of 3G had allegedly no correction for doppler.

Above about 30 kilometres/hr you saw a lot of data collision, perhaps it was an accidental attempt to stop users messaging instead of driving their cars - but it also meant that 3G on a train didn't work.

I did hear this over beer(s) in Karlsruhe with several professors of technology, so it might be hard to prove as a fact, from the time of Nokia, that far back indeed

Phew, galactic accident helps boffins explain dark matter riddle

David Shaw

Re: If

(I do actually test full 330 watt bi-facial PV modules this way) feed in rather a lot of amps& volts; they glow, a bit, mostly IR, but can be photographed and reveal amorphous or crystalline silicon defects.

Not sure if reverse electroluminescence of a CCD would illuminate much dark-matter, or remote galaxies, but worth a try.

Bulk surveillance is always bad, say human rights orgs appealing against top Euro court

David Shaw

Problem as I see it, from an insider point of view, having openly had an ILETS IUR briefing at ETSI TC Lawful Interception, is that there just wasn’t really that great a demand from the majority of the police forces that the spooks were insisting were requiring Retained Data or society would end

It seemingly was a blatant grab for power, as Professor Susan Landau argues in her book “surveillance or security” she mentions that the FBI used to just see a handful of miscreants using hard-good-crypto end-to-end, and that these were easily solved by compromising one of the end terminals.

Obviously the spooks need our data, and have persuaded politicos to make broad laws, been found over-takeing nonetheless, which gave blowback so everything is now fairly well encrypted. At least the agencies are arguing the cases in parliaments/court, which is nice to see. Is the R.D. nowadays even shared with the police, or just still in a few percent of cases?

Privacy, security fears about ID cards? UK.gov's digital bod has one simple solution: 'Get over it'

David Shaw

Re: UK already has ID cards, just soft fuzzy ones

@Def: It has happened a few times as I have several thousand enforced expat colleagues. Some had problems in Glasgow.

My case it was easyjet partner Car-rental, bought at the same time as the ticket , so europcar.

I get around the ‘ghost’ problem now by choosing sixt, and creating a large paper trail with head-office. many of the official “brands” are subcontractors, with a very complex stack of things between customer & car. I suppose they are risk averse.

David Shaw

UK already has ID cards, just soft fuzzy ones

although I'm (this week) still British - as my employer requires me to live outside the UK, I accidentally have little to no data footprint in the UK. A bank account yes, children yes, address, yes, driving license, passport etc yes..

but when I flew in recently, the oik at Stanstead would not rent me the the hire car that I had booked and paid for.

I had all my pieces of *hard ID* to give them, even a super code newly minted from t'DVLA on A4, but as he couldnt find me in equifux, or experian , or MI5 or whatever they look mainlanders up in, I wasnt getting the Fiat-500.

for me, it would be more convenient to have a UK ID card, to add to the stack of other bits of paper/plastic with numbers and my picture and digitally verifiable etc etc, No? No!

No, these hard IDs manifestly are not trusted, unless the new Tory/Labor 'Council ID', or perhaps 'Poll ID' somehow is online/validated to Equifux, or eXperian , or MI5 , all the time. These databases are also shite, as when my bank pathetically challenges me for online purchase - "Which Road in Glasgow did you live in Mr. Shaw?", "I didn't" is the wrong answer for fuquifux, or neksperian , or ... , but it's actually the real right answer. I am denied many purchases.

Eventually, pulling out a real hard Eu ID, issued by the local town council, no biometrics, iso14443 light, I got my rental car at the airport - as they could connect me to a cloud of supermarket shopping/loyalty cards.

I think UK seems to have a bit of a problem with identity, identities, and I don't think a new bit of plastic will solve anything. Didn't a previous gov work out that they have three seriously broken databases, and cannot afford to make one real working one, that is up-to-date, reliable enough to go round arresting people or downgrading their online social status for terrorism for using mathematics or whatever the next problem might be.

not sure what the answer will be

I see no point to "get over it", privacy is not quite dead yet, Scott

UK spies: You know how we said bulk device hacking would be used sparingly? Well, things have 'evolved'...

David Shaw

I'm more worried [ https://howmanydaystill.com/its/brexit-6 ] that someone continental might unplug the whole of UK from the internet on CE/R&TTE grounds due to too much electrical interference!

Perhaps there are plans to reroute transatlantic cables to Eire, then to Brittany, then on to waffle-land. It's not that inconceivable from where I'm sitting, but hopefully it won't happen, the unplugging - so carry-on interfering electrically, and don't panic, otherwise you'll all have to spy on yourselves rather a lot. I know that your tier partners would still like to send you squirrely stuff, but that can be sent by standardised carrier pigeon rfc2549 or perhaps by covert Clacks from Cap Gris-Nez?

It's December 2018, and a rogue application can still tell your Apple Mac: I'm your El Capitan now

David Shaw

patching now

it'll be nice to see if SecUpd 2018-003 is as 'fun' to install as SecUpd 2018-002 was on my mid-2012 MacPro (it took about a month, and the story is just too long to relate. . )

at least now that MoJave is vers '02, that means I might try it on a minor mac somewhere - Pournelle's rule?

UK's BT: It's not unusual to pull Huawei from our core mobile networks

David Shaw

Re: I guess what goes around comes around...aka Karma

thanks for this interesting post Kevin.

I was talking to one of the UK management of the Huawei R&D centres in the UK,

they had a core of UK managers and an endless supply of great Chinese engineers,

posted to work in Cambridge or wherever - for three months; replaced seamlessly by

another bunch of great engineers until the end of their visas, replaced seamlessly by. . .

When I worked at Marconi, the top management was only interested in horse racing,

sad that it went downhill from there!

My only interaction with System X was shutting down a whole input plane, in central London,

by pointing an index finger, from ten feet away, at one of the Mercury switches. ESD delight, as everything went down and MNOC's PDP-11's had to route via Glasgow.

David Shaw

Re: It's Just Retarded!

"doesn't make any sense"

it depends how wide the picture is, if you look not just at the HD, nor 4K. . .

combine with the fact that the daughter of Huawei founder, who is CFO for Huawei, has just been arrested whilst in transit through 5-eyes, sorry Canada.

When I was last at ETSI (european telecommunications standards institute) TC CYBER and I saw that the telco network infrastructure development was going software defined, I could sort of feel a wave of 'non-trust' arriving. I assumed it would not just be in a single manuf, but in the whole caboodle.

quoting randomly: When SDN network policy is directly programmable because the control functions are decoupled from forwarding functions, which enables the network to be programmatically configured by proprietary or open source automation tools [or embedded malware!] There's also NFV or Virtual Network Function (VNF), which could easily have well-written endemic embedded malware as an obfuscated function. Prove it doesn't?

I'm entirely ready to believe that Huawei isn't to be trusted, with new functionalities running on SDN NFV VNF, but unless all the infrastructure is open, and I mean ALL of it , not just Huawei's bit, then who can say that it isn't all compromised by the TLAs, everywhere - its what they do.

ten month's old fluff here from disgraced former defence secretary now International Trade Secretary, Dr Liam Fox, who said: “Huawei’s £3 billion announcement is yet another significant vote of confidence in our world-leading tech industry and I’m delighted to welcome their increased commitment to the UK. With 90% of global growth forecast to come from outside the EU, my international economic department is working to ensure Britain continues to benefit from the vast opportunities available as we leave the EU.”

probably the picture is even huuuuuuger than this . . .

It's nearly 2019, and your network can get pwned through an oscilloscope

David Shaw


after my lab was hit by a probable olympic-games family of malware, my Tektronix RSA 3408A was spontaneously upgraded to a Tek 3408B with a snappy new motherboard without the expected $75000,

nice of them!

I currently use mainly Yokogawa oscilloscopes/ScopeCorders as they are not Windows based

Huawei MateBook Pro X: PC makers look out, the phone guys are here

David Shaw

mate pro x pricing is silly in Italy

the basic model i5 256GB SSD is €1499

the top model i7 512GB SSD is just 53 euros more, from a usual large box shifter

New era for Japan, familiar problems: Microsoft withdraws crash-tastic patches

David Shaw

year zero , all over again

isn't one of the problems that the 'local date' will become 1st May 00 after the abdication, whist still being 1st May 2019 in other parts of the computer. That's quite a DST (daylight saving time) offset!

millenium bug all over again, guardian has a fairly accurate article here:


Can your rival fix it as fast? turns out to be ten-million-dollar question for plucky support guy

David Shaw

there were millions involved

A certain large arabian country, yes that place, had installed a massive telephone system in the early 1980's for BILLIONS of $$$ (under their third & fourth, five year plans). It was installed by A random Telephone & Telegraph of a certain large world country, yes that place.

All was fine for about 6-months, then the ARTT/WeCo as we'll call them quietly asked for another billion for maintenance. This incurred the wrath of the king, who asked why when we've just given you a lot of oil money, do you then ask for a recurring payment in case it breaks? Rather than head-chopping, he just kicked them out, ALL of the operations & maintenance techs & engineers.

They helpfully took ALL of the spare parts and circuit diagrams and test protocols and anything that wasn't bolted down, back home to WeCo land, smirking.

As a few of the 10800 channel long distance Philips cable systems promptly stopped working, eaten by camels, bad local drivers, heat etc; the king quickly gave a few million $ to a nice Italian company and asked them to do the O&M. They did quite a good job, but it was a small problem that there were no spares or diagrams or anything to help. WeCo continued smirking.

I naively answered a job advert on page 25 of The Sun. "engineer wanted" £25K, as my training officer at Marconi had just said "all apprentoids must get a new job as there's no future for you here", and I was getting £7800 a year. Simples! It was an even better deal than I expected, representing a sextupling of my take-home pay, with nothing to spend it on.

I flew to the capital city, nice and warm at that time of year, and the O&M boss showed me my office. It had a warehouse attached, filled with broken bits of electronics, analogue FDM MUX, for those who remember that era!, channel banks, customer cards, PBX, coax repeaters, microwave line of sight radio terminals and everything else, under the sun. (seems the WeCo stuff didnt work that well at +40C ambient)

A sparsely populated country, about the size of western europe, and all the broken bits wre given to me, with no documentation. So I sat, thought, and traced & drew the circuits, redesigned the test fixtures, started digital cannibalism to get three cards out of four working, trained repair & cal technicians, and enormously helped the nice italian company to complete their O&M for millions, that the smirkers wanted billions for. I had lots of help from the six brits/canadians marooned there with me. It was a fun job.

The king still threw us out a couple of years later when a nice indian company explained globalisation to him and offered to repair things for free, or at least using near slave labour. I think WeCo had also stopped smirking by then (lawsuit), and delivered back all of the spares and documents, about five years too late and just as synchronous hierarchy was starting to take off.

bottles of wine were certainly not overtly available - but the local corner shops stocked grape-juice, yeast and sugar, in large quantities, for some reason, and I kept the king's phone going,

30 spies dead after Iran cracked CIA comms network with, er, Google search – new claim

David Shaw

More “hard” facts here


Bruce quotes from


Though one counter-narrative opinion considered the possibility that naming “comms protocols” or “insecure websites” was a typical smoke & mirror diversion trick away from something/someone more interesting!

Who knows, at least the story has legs now that a new version has appeared after three months, but for those looking for the elusive “hard” facts , remember to factor in this six year old story by Michael Hastings


Apple emits its much-anticipated updates to Mac, AppleTV, and iOS

David Shaw

Re: The headline

in the Netherlands, "drop" is an eventually addictive type of liquorice that tastes of sweat or worse, micturation [actually NH4Cl , formerly used in fireworks]

David Shaw

Re: Do NOT apply the WatchOS 5.1 update

I wondered why I couldn't find it!

thanks for the tip

and I finally persuaded security update 2 for high sierra to work, after it hung for twenty minutes three times in a row - post withdrawn so as not to add to confusion with the wrong links

David Shaw

Re: So who updates first?

I’ll give it a try on some ‘spare’ devices, and with Mojave now at dot one, it’s getting close to being tried too.

Oz spy boss defends 'high risk vendor' ban

David Shaw

Re: It can happen , I received an ‘implanted’ server

In the end it was just a waste of about €100k of citizens’ cash , as a publicly funded open research centre we did/do get the odd attack from all sides I guess. Sad thing is, if they’d phoned up and asked then we’d have given everyone a lab tour and shown if we’d found an innovative way to produce waveforms for next generation radio systems. The RSA upgrade was wonderful.

I hold no malice, all governments have spooks and they can certainly do what they like, being sovereign.

We subsequently dropped all the work with highly specialised and potentially tainted h/w and went for maximum open source h/w & sw, doing amazing things with the various generations of USRP and we fed a lot of improvements back into gnuradio et al.

David Shaw

It can happen , I received an ‘implanted’ server

Few years ago, I bought a dual Xeon server (HP) from Canada - because I needed the Canadian software defined radio card built-in, cost around €120k, (amazing h/w & corba s/w stack, rtos etc)

My goods-in dept informed me that the server arrived, so I drove to collect it myself and saw the external shipping box covered with stickers.

Tel-Aviv?, last point of presence before being sent to me, not Toronto, not Vancouver of Colombie-Britannique, but somewhere nice and warm with a beach. I checked the Airwaybill, it listed a despatch company, I googled it: “military software development to order”, there was no HP production anyware reasonably close.

I knew it was implanted, pure economic attack, nothing airy fairy about protecting national sec, or fighting head-choppers, just naked greed. It kicked off with a big data export one day shortly after stuxnet/duqu was released, then we put the server in a cupboard and Tektronix spontaneously phoned us up and offered a free mobo upgrade to our real-time spectrum analyser. (I think they couldn’t remotely remove the evidence from the RSA)

So yes, in my view, Australia and many other nations ought to be worried about the potential for backdoored devices. They and their partners know a lot about that!

Microsoft Windows 10 October update giving HP users BSOD

David Shaw

Re: Again

This week’s Win10 update ‘only’ deleted my Audio drivers on a modern HP lappy, matter of minutes to d/l 300mb & install successfully from hp.com, as all the built in ‘repair’ tools in the “Service called Windows Ten”, formerly an OS, refused to acknowledge there was any problem with audio.

Python lovers, here's a library that will help you master AI as a newbie

David Shaw

Re: this has some potential

I'd use the RPi as a front-end to all of the AWS instances that werent busy selling xmas/hallowe'en presents. The 'rules' would presumably be available after just 42 minutes?

New Zealand border cops warn travelers that without handing over electronic passwords 'You shall not pass!'

David Shaw

Re: Many places to conceal a micro SDHC card

there are also hollow 1/2-euro coins, hollow US coins, hollow AUS$, perfect for 1tb storage on microSD tho 256GB seems the best price point at present. Thats rather a lot of Project Gutenberg reading material, saved from incidental static damage by being carried in this mini but effective faraday-cage . . .


these might be legal, who knows? I'd probably use the AUS$ in UK tho' as the queen might be upset about someone taking a laser to her coinage. I guess anyone who buys these will quickly get on a very interesting list at certain borders.

I have travelled across borders with data empty phones, recently I've simply avoided the U.S.A. even tho' I like the country a lot, but my work hasnt required me to travel there recently. Should I have to go, which would be nice, then I would take a diplomatic passport which is offered by my job for these circumstances. I have to say that entering the U.S.A. border at Hawaii, from N.Z. is such a pleasant experience, I might try that route again - but with or without hollow coins?

Put your tin-foil hats on! Wi-Fi can be used to guesstimate number of people hidden in a room

David Shaw

You have to remember that mobile phone masts also double as a mini radar station

the analysis of GSM disturbances allegedly detected stealth aircraft, pre Bosnia

some search terms "GSM opportunistic emitter bistatic multistatic radar" . quite a bit of (simple) MATLAB signal processing can extract a lot of info from any available transmitter, parasitically

I've no real idea what the military call them, from the 'humanitarian' radar side we also used them for avalanche/mudslide and volcanic eruption prediction. Hopefully the new UK Space Radar sat can also do some of that

David Shaw

Re: how many enemies or civilians

I might have built a synthetic aperture radar based on WiFi, for detecting "moose/elk" passing across the forested european border to a very large autocratic regime, or vice-versa

Now I've recently seen similar devices along some of the wilder roads in the Alps, checking for deer & wild-boar and flashing signs at cars and beaming awful noises at the wildlife. Only seen one 'tripped' but there were no heffalumps in sight.

Cover up your privates: Linux distro Tails drops a new version

David Shaw

Re: Great idea, compromised right at its heart by insisting on using systemd

I was handing out TAILS live-DVD's at an open day a few years ago and someone rapidly deployed HUMINT to talk to me for an hour (how do I install it, do I have to put it in the coffee-cup holder, which way up? etc etc), just to stop me handing more DVDs out!

I remain astonished. [I was suggesting that the DVDs should be used for secure home banking, this was *not* the revolution that you were looking for]

TOR at the time had unique multiple fingerprint stained traffic(*) so I guess *they* just didnt want to dilute real exciting 'colorful' stuff with random users.

(*) in 2011 Tor claimed that their software protected users in two ways: i) Tor protects your communications from ``traffic analysis;'' and ii) Tor provides ``anonymity.'' Neither of these was always completely true.

Tor uses/used a public key exchange protocol called Diffie-Hellman to establish an initial encrypted connection between the user and an ``entry node.'' However, the parameters to this exchange -- which were sent unencrypted on the wire -- were chosen to be those defined as the ``Second Oakley Group'' (RFC 2409). No other web software used/uses these parameters. Thus, if traffic on the wire is observed to be communicating these parameters, it is almost certainly traffic generated by Tor. In other words, the use of these specific parameters was a unique signature which identifies Tor traffic from all other encrypted traffic

Another TOR bugdoor of that era, around TOR version 0.2.1 of the stable branch

Tor uses/used SSL to secure communications between Tor nodes and clients. When a Tor client wishes to connect to a Tor node (including `bridge' nodes), the node presents the client with an SSL Server Certificate. The problem is that the Common name field in this certificate is literally gibberish. The Tor node fills this field with a domain name generated at random, i.e. one that does not actually exist. For example, a typical Common Name field in a Tor node SSL Server Certificate could be ``www.s4ku5skci.net'' If one were to try to resolve this domain (e.g. using the command `nslookup http://www.s4ku5skci.net'), an error would be returned, since this is not a real domain name. Recall that SSL Server Certificates are/were sent unencrypted on the wire -- before an encrypted connection is established.

This behaviour (filling certificate fields with gibberish) is unique to Tor, i.e. no other SSL-capable server software does this; not Apache or any of its derivatives, not Microsoft's IIS, not Oracle's iPlanet... Even self-signed SSL Server Certificates (used by people who cannot afford one signed by a Certificate Authority) typically contain either an IP address in the Common Name field, or an empty Common Name field.

Therefore, all an ISP or government observer would need to do to unmask Tor traffic is to look for connections where SSL Server Certificates are/were being sent (this is trivial with DPI technology), attempt to resolve the domain(s) in the Common Name field, and if that fails, mark that connection as being Tor traffic, or block it altogether.

A third 'bugdoor' of the time

Historically, the Common Name fields in Tor SSL Server Certificates all begin with 'www.' and ended with '.net'. Simple SPAM traffic analysis tools are/were trivially adapted to identifying Tor traffic handshaking.

hopefully nowadays TOR 0.3.3.x has no bugs ;-)

I'm now focussing on renewables not security

Spies still super upset they can't get at your encrypted comms data

David Shaw

Re: Tide, stop coming in!

Does this means that all those nice spooks and spooky-assistants who are embedded(*) in the many & various tech/telecom international standards development groups are finally going home?

(*)Many open source reports of this, as I couldn’t possibly comment!

Sigh. So much more to say, but just no point when half of the conversation is with an antique rigidly militarized system that doesn’t even accept the need for unlinkable pseudonymity, on occasion, for certain groups. I’m happy with you ‘cracking crypto’ for ‘catching terrrrsts’ but someone will always mention Gladio etc you have lost rather a lot of trust recently. /rant

Do I hear two million dollars? Apple-1 fossil goes on the block, cassettes included

David Shaw

Expensive new Apple computers

They are expensive, yes, but the new MacBook Pro 13” for example is excellent value for money, especially with the eGPU.

Apple tipped to revive forgotten Macbook Air and Mac mini – report

David Shaw

Re: I don't need it yet...

I still have an 11" MBAir with just 2GB, it does work much better with the aftermarket SSD blade 300GB+ upgrade (from OWC, I think) as it flies compared to the original sluggish apple 64gb proprietry nvme stick.

So, old MBA RAM, doesnt seem to be an issue, but I'm also fitting/buying 16GB where I can.

my hexacore video editing macpro works great with 12GB

David Shaw

Re: Hmmmm

I just bought the new MacBook Pro, 13".

It was expensive - but great value for money

It was very up to date tech, my first 8 CPU threads in the shiny small form factor

it has 4 USB-C, can charge from any, can thunderbolt to/from any

I bought 16GB RAM, as it is a non-upgradeable block, but I can plug in my eGPU for fun, and I'll later try the RTX 2060 Turing nVidia external upgrade. Will take some typing!

Apple has some great stuff, still - if you buy with care

When's a backdoor not a backdoor? When the Oz government says it isn't

David Shaw

“Covert screenshots”

Some versions of macOS ‘helpfully’ store both a jpg and a png image of all web pages viewed in Safari, one high res & one low-res. It includes user generated text in google search, translate etc. stored deep in ~/Library

Allegedly it is part of the macOS smooth transition from one webpage to another, if you are scrolling sideways back into history , for example, you see not very greeked cartoon pages of where you were. Might be a valid use of the UI, but one of my Macs had years of images and it was fascinating, forensically, to see what I was up to in 2012. (TimeCapsule backed-up these dual images of each webpage, for some reason)

Shock Land Rover Discovery: Sellers could meddle with connected cars if not unbound

David Shaw

Re: Same applies to other vendors...

A friend was driving his BMW X-something recently, on the motorway. He got a phone call on his hands-free infotainment system; “good morning Dr. D., we’ve noticed that it’s about time to change your brake-pads. We do have a slot tomorrow at 2pm if you’d like” this call came from the local city‘s big beemer dealership. They seemingly received live telemetry the second that an amber light came on, my colleague only noticed his dashboard display warning/advising about brakes after the phone-call. He was certain that there were no alarms at the start of his journey. Westinghouse brake & signal company SCADA with remote terminal management comes to cars! Dr. D. immediately booked a brake pad replacement at anywhere other than the city’s main-dealer.

They are probably using the E-911/E-112 channel etc

One thing about a 1973 Series III diesel landy is that it not only Carrington event immune, but also lacks any SCADA telemetry, for good or ill?

David Shaw

Land Rover pwned?

A previous JLR model that we used for a (legitimate research ) Bluetooth attack was slightly flawed in having a BT pin that was fixed, immutable. It wasn’t the VIN code, but those guessing “00000” would only be one zero out!

Russia appears to be 'live testing' cyber attacks – Former UK spy boss Robert Hannigan

David Shaw

Re: More FUD

Having personally received malware from UKUSA and partners, whilst not being a terrorist, I do think it highly likely that the Russians are also flinging exploits around at their home and abroad; perhaps they are better at it than our esteemed keyboard warriors?

Remember that the Russian cyberwarriors are typically many moves ahead of us playing “chess,” our Hannigan-led typist forces admittedly seem to be playing an anti-democratic candy-crush/flappy-bird with all the Trump shenanigans whilst the ascendent empire just “go” for it!

This next article describes a Chinese attack in Jan/Feb 2018, which pwned the USNavy, allegedly.


PGP and S/MIME decryptors can leak plaintext from emails, says infosec professor

David Shaw

Re: "...exposure of the contents of past messages.”

Call me old fashioned, but as soon as I was required to communicate some other project with a CERT using PGP at their request, I chose a random ancient PC (out of hundreds available) to do the offline encoding and later decoding. And I set my PGP keys to expire in 3-weeks, not sure if that was overkill?

I then just used a generic mail client to send blobs of text back & forth, it seemed to work OK as the uptick in the spear-phishing from Gloucestershire was noticeable. They even phoned me up, pretending to be intel. Well done chaps. Go after some real targets.

I don’t trust non-mathematically proven ‘secure’ mail ‘add-ons’, never mind html-rich or remote beacon pixel laden emails

Ozzie Ozzie Ozzie, oi oi oi! Tech zillionaire Ray's backdoor crypto for the Feds is Clipper chip v2

David Shaw

Re: Weren't Lotus Notes backdoored with weak Crypto?

refreshing my mind further, it was weak crypto and it was escrowed crypto.

IBM/Lotus said: We deliver 64 bit keys to all customers, but 24 bits of those in the version that we deliver outside of the United States are deposited with the American government. That's how it works today,'' says Eileen Rudden, vice president at Lotus. Those 24 bits are critical for security in the system. 40-bit encryption is broken by a fast computer in several seconds

I can half remember Lotus steganographic key leakage too, but I haven't the time to hunt down that paranoid thought, so I might be mis-remembering.

David Shaw

Weren't Lotus Notes backdoored with weak Crypto?

I seem to recall that there was a mild kerfuffle when Sweden discovered that all their diplomatic-comms were rooted by Lotus, a 'feature' that they were seemingly unaware of.

looking on yandex.RU, as Slurp sometimes 'forgets', I found a UK document mentioning that it wasn't weak but escrowed crypto. Ray seems to have form!

Secret Swedish E-Mail Can Be Read by the U.S.A.

Fredrik Laurin, Calle Froste, *Svenska Dagbladet*, 18 Nov 1997

One of the world's most widely used e-mail programs, the American Lotus Notes, is not so secure as most of its 400,000 to 500,000 Swedish users believe. To be sure, it includes advanced cryptography in its e-mail function, but the codes that protect the encryption have been surrendered to American authorities. With them, the U.S. government can decode encrypted information. Among Swedish users are 349 parliament members, 15,000 tax agency employees, as well as employees in large businesses and the defense department. ``I didn't know that our Notes keys were deposited (with the U.S.). It was interesting to learn this,'' says Data Security Chief Jan Karlsson at the [Swedish] defense department. Gunnar Grenfors, Parliament director and daily e-mail user, says, ``I didn't know about this--here we handle sensitive information concerning Sweden's interests, and we should not leave the keys to this information to the U.S. government or anyone else. This must be a basic requirement.''

but this *was* over twenty years ago, so I'm sure everything is reasonable now, cough CryptoAG, cough.

Tim Berners-Lee says regulation of the web may be needed

David Shaw

Yes trolly, Tim 'invented' the WWW quite a while before release, hyperlinking all his DD department notes on his CompaQ 80286 'luggable', so that he could find a document in the vast space of its 20 megabyte hard disk. He did some typing in my apartment near Prévessin, probably before the ISO 8879 SGML release?

His genius, apart from regularly beating me at Scrabble, was to extend an idea that 'worked on his PC' in the mid 80's, to just 'the rest of the world.' And then defend it, gratis. That's why The Queen's College, Oxford have named a [small] cafeteria after him.

And SGML was written by a non-programming car-rally enthusiast called Charles, don't forget, who commented The World Wide Web, for example, succeeded commercially while many nobler, more technically interesting hypermedia systems proved only of academic interest, because of the Web's artful compromise in connecting technology to the needs of a real user community Tim was awake, he groks tech.


Biting the hand that feeds IT © 1998–2019