Slashdot Mirror

Well, no. Not entirely.

Under normal conditions, that's correct. If a player has loaded the key into memory somewhere in order to use it, you can probably isolate the location in memory and retrieve the key. Which is what has been done to retrieve the AACS keys.

But the pathological case, the case dealing with rootkits, changes the game. How do you track the contents of your physical memory? Typically, through OS mechanisms. What happens if a rootkit (or a software media player using rootkit technology) subverts the OS mechanisms? You can't be assured of reliably tracking the contents of memory any more; maybe your OS is LYING to you! What is really in memory is not what you're being told is in memory, and maybe you can't find that key any longer.

Which brings us back to the article. Direct Memory Access (DMA) is a way of taking the responsibility for managing physical memory access (reading, writing, whatever) away from the processor and moving it to some other place in hardware (presumably some place that you can trust). And that's what hardware-based rootkit detection is about. Use hardware with DMA (which you trust) to access memory instead of letting the processor do the work and relying on the OS to tell you the truth.

The problem is that the way computers are currently designed, there's no way of starting DMA without having to talk to the processor (by way of the OS) first. Your DMA hardware has to ask "Hey, can I access memory?" and the OS has to say "Sure thing! You do it, and we won't bother the processor any more!"

But if the (subverted-by-a-rootkit) OS has a vested interest in you NOT being able to get true results using DMA, well, what are you going to do? The OS will just interfere. That's why Rutkowska is suggesting a direct, non-subvertable hardware port that you can jack into to use DMA without having to go through the OS first.

Trump is at 10% positive. Either he is absolutely fucking worst person ever, or...

No, wait. Hold your horses. He doesn't have to be the worst person ever. All he has to be doing is serving only 10% or less of the population. That seems to hold up; huge numbers of jobs are being destroyed of late.

Secondly, is it reasonable to believe that half the country are nazi Russian racists? How many people do you personally know who are either of those things?

I know a shitload of people who are racists. I have known only a couple of people who were Nazis, and only a few people who are Russian, and ne'er the twain did meet. The Nazis were racist, the Russians weren't, but they were Russians who chose to emigrate to the USA so they aren't necessarily representative of anything else.

However, I do think that most people are more racist than they think they are, and I think that most people in America are pretty fucking racist. If I have to hear just one more person talk about the problems faced by the "white race" I will probably vomit.

Might there not be some slight chance that Trump voters maybe, just maybe, know something you don't? Or are they all stupid "trumpkin" bigots?

In short, they are all fools who are willing to support and condone racism and misogyny. They are fools because Trump is doing none of the things he promised he would do except things that will hurt all of us, even Trump and his offspring. They are fools because Trump is obviously a liar; he does not know "the best people" as proven by his record-low confirmation rate, and he has not drained the swamp even slightly — he's been incorporating more horrors into it instead. He hasn't got Mexico to pay for his wall, he doesn't respect women even slightly let alone more than anyone, and I bet the taco salads in Trump tower are shitty too but that I don't know for sure, it's just speculation.

Trump ran on a platform of condoning violence, and of trash-talking the very same people that voted for him that are so very upset when they feel they're being trash-talked by librullllls. He talked about how much he loved low-information voters, well... those are his people. That's his base. He knows how to appeal to a mob, which is why he's said repeatedly that he would prefer a popular election to the electoral college. Sure, he "lost" the popular election, but he wasn't trying to win it. And let's face it, the DNC chose to run a candidate the polls said could not win. The DNC effectively threw the election. Lots of people have blamed Comey, but DWS and the rest of the democracy-subverting scum at the DNC are a million times more responsible for Trump's victory than he ever could have been even if he tried.

TL;DR: Supporting Trump is stupid unless you're rich, and expect him to help you keep your money, and also don't care about the future. Anyone else supporting him is bending right over to be used.

even if you subscribe to the China-subverting-consumer-devices conspiracy theory (admittedly not as crazy as most other conspiracy theories), China would be better off taking the Apple money and investing that in other sabotage. counterfeiting iPhone hardware would inevitably be discovered and be catastrophic for China's tech industry.

uMatrix or RequestPolicy Continued let you block all the cross-site requests and whitelist them yourself instead of relying on a possibly-subverted third-party whitelist (like Ghostery or Adblock).

Well, in this sense "Android phone" is a misnomer. Unlike with iPhones there is no centralized, controlled way for Android phones to exist. But I'll address a few things you might be referring to.

AOSP (the Android base) uses the Linux kernel, which has a mature implementation of the standardized dm-crypt subsystem for encryption. AOSP implemented use of dm-crypt in 2010 with version 2.3. Apple wasn't encrypting user data until 2015 with iOS8. In fact, Apple had a well documented policy of co-operating with law enforcement requests (see: section I) until they developed new security measures in iOS8 in an attempt to absolve themselves of responsibility. A responsibility they willingly take on with the provisions in their EULA that explicitly state: they own iOS and you do not.

What you might be referring to is hardware encryption vs. software encryption. Since the AES cipher is a mathematical formula there is no inherent benefit of using it via a hardware circuit, or through software. The only benefit of hardware encryption is that it's immune to parallel brute force attacks, and it can artificially slow down the brute force attempt interval through it's circuitry. This is only a measurable benefit for systems secured with complex passwords, of which phones typically are are not. Because of this, Apple relies on firmware measures on it's chips to artificially increase brute force intervals with a failed attempt counter, and to activate a kill switch on too many attempts. Because this is a software measure it is subvert-able in the same ways all software measures (dm-crypt) are - simply by modifying the software. In an attempt to solve this, Apple has used a SecureBoot bootloader that will only accept software modifications signed with the Apple private key. This means that Apple has an exclusive back door into their own system, a problem you have correctly identified in your signature. A back door that Apple has, can be accessed by law enforcement through subpoena's, could be unknowingly leaked, or could be shared with other private enterprise. In security circles we call this "security through obscurity". It is a false sense of security, at best. Furthermore, Apple's implementation is proprietary. While dm-crypt is a mature industry-wide standard that has the potential for 8 billion code reviews, the Apple encryption implementation is known to only a handful of Apple engineers. This makes it inherently prone to security exploits, and also prone to those exploits remaining secret when discovered. This arguably makes the Apple's hardware encryption system altogether less secure. In fact, it is possible that a security exploit was used by the FBI to break into the San Bernandino phone, even if it was using a strong password.

Finally, what you might be referring to is the idiotic notion that all data *should* be encrypted. Encryption methods have been around for 60 years, and personal computers have been around for over 30. There's a reason most computer systems aren't encrypted by default and that's simply because in 99.9999% of cases it causes more problems than it solves. It is much more common to have hardware damage or failure that requires you to mount and rescue data externally, than to have a use case where your data is important enough to be encrypted. Because of this, encryption is always seen as optional element for data that a user can activate should they chose to. Android phones making encryption an option is a far more sound practice than turning it on by default.

So ultimately the iPhone encryption implementation is using closed standards, is less secure, and far less convenient. Please, please Google - please don't follow suit.

"The "(un)reasonable" standard is so vague, almost anything can be argued in and out of it."

I find that an unreasonable stance. Joke aside, that is true of any standard, really.
You know that when you attempt to spell everything out, you will miss some, include incorrect things, etc. You cant enumerate it all.

"The anonymous grandparent is right in that DNA-samples (and fingerprints) could be collected from everyone, and it would help police immensely."

True. I never said it was not possible.
It is liable to use and misuse.
Governments should be mistrusted, as should people ( and corporations ).

"The question then boils down to whether we want the police helped so much. More generally, do we want 100% of crimes to be reliably solvable, or would we rather some criminals remained able to escape today in exchange for it being possible (however remotely) for some future subversives to succeed against some hypothetically oppressive government, which would have already illegalized all ordinary methods of opposition?"

Police have their workflow already. For things that pass the standard, they can get what they need.
I see no need to grant them access to things they are liable to misuse.
The request for a warrant spells out what they want to look at, what they intend to access.
It keeps the fishing expeditions lower than they otherwise would be.

I doubt crime would be 100% solvable with 100% DNA collection in place.
DNA would have to be available, to start with.
It would have to be un-subverted/uncontaminated.
So, criminals will still be around.

Future subversives of an oppressive government will find a way.

You hope that's true.

Actually, since it's closely related to my day job (Android hardware-backed crypto), I have quite deep knowledge of exactly how true it is or is not.

Subverting it requires subverting the bootloader sequence, which starts with code in on-SoC ROM, which is nearly impossible to modify, and I add the "nearly" only because nothing is impossible; I sincerely doubt that any agency is able to modify silicon without destroying the CPU and I'm quite certain that if anyone can it's a very closely-held, and therefore rarely-used, secret. Supposing the initial bootloader can't be subverted, subverting later bootloaders (which are stored in flash) is also difficult, since they're signed and signatures are verified by the hard-to-subvert boot ROM. There are two obvious ways: break the cryptographic signing, or obtain the signing key. There's no doubt that intelligence services could do the latter. It's unlikely that they would share the signing key, or the subverted signed code, with law enforcement since doing so would make their ability known. It's unlikely in the extreme that criminals would obtain either the key or the subverted signed code. I'll dismiss the notion that someone can break the crypto directly.

The next option is to exploit some defect in the implementation of the bootloaders and/or fastboot (or in the case of intelligence agencies, even to implant a defect to be exploited). This is probably the best avenue of attack, but it's not easy because the code in question is relatively small, and should be closely scrutinized. Most of it is not open source, though, so scrutiny is limited. This is an avenue law enforcement and criminals could use, if there are exploitable defects. If there are any such defects in any Android devices, I don't know of them, and if they were in any sort of widespread use, I would. If such exploits exist, they're being held close by criminals (for TPT-style attacks) and not being used by LE or intelligence agencies in any context which might reveal them publicly... such as in court.

The final option is to ignore all of the above and simply attack the hardware. Remove the flash chips and install them in a custom device which reads out their contents. This threat is what device encryption exists to mitigate. Pre-Lollipop, the strength of FDE depended entirely on the strength of the user's password. In Lollipop it was strengthened with the use (where available) of a key bound to the device SoC.

Duke doesn't require you to authenticate your wireless device every time you connect, and I doubt most other Universities do either. It does require you to register your device MAC address (in an authenticated session). In fact, at this point Duke might require you to register wired addresses as well. Unregistered devices get kicked onto an anonymous network outside of a firewall, so visitors can get internet access without getting a "Duke" IP number. Duke controls its own outgoing PoP, of course, so it effectively logs all connections into and out of the Duke domain. As was pointed out above, this was more than likely the method used to identify the student at Harvard -- simply look for a Harvard IP that connected to a TOR server (and obviously, the toplevel TOR servers HAVE to be publicly known or nobody could connect to them) at the right time. That time AFAICT could not be delayed as some have suggested by TOR itself because TOR doesn't know what you are connecting to and has to treat all connections as though they might be real-time keystrokes. You'd need an anonymous, non-logging mail server with a delay on it on the far side to put any sort of substantial desynchronization between the connection and the mail message -- TOR itself cannot do it unless I'm still in error after reading about its architecture for a while.

Regardless, anyone even slightly 1337 would have at the very least gone to starbucks or an internet cafe and THEN used Tor, or bought a disposable USB wireless interface and used the anonymous network or (best) both. No possible way the FBI could have backtracked a cash purchased USB stick from a store with no video surveillance used from an alley next to (but not inside) a Panera Bread while wearing a wig and makeup one dons in the restroom of a giant mall connected to TOR, even if the NSA actually "volunteers" most of the toplevel TOR servers and half of the nodes and/or maintains a running map of all of the nodes (which I'm pretty sure they do regardless of how many they actually provide). I mean what's ten or twenty million dollars in hardware to the NSA, if it gives them a chance to monitor most of the traffic through a supposedly secure onion network? In the end, the Internet does not allow one anything like non-subvertable security of connections, only the data content sent over those connections. I doubt that even the NSA is likely to be able to decrypt e.g. 4096-bit key-secured traffic EXCEPT by obtaining the keys.

rgb

"Honest" in the sense of the paper outlining bitcoin's design.

Essentially, the obvious problem with a naive attempt at 'digital currency' is double spending: Unless you have a central authority of some sort, that clears all transactions, how do you prevent me from taking Bitcoin #2435345345 and sending it to two or more people?

An 'honest' node is a node performing operations such that bitcoin's decentralized anti-double-spending mechanism is upheld. A 'dishonest' or 'attacking' node is one using its CPU power to undermine the hash chain.

It has absolutely nothing to do with capitalism, or capitalism being honest or dishonest. My point was that(with the advent of extremely high performance specialized hardware) people who control botnets(that merely have CPU time, and maybe GPU time) are in an increasingly poor position to control more than a trivial slice of the computational capacity of the bitcoin network as a whole, which would prevent them from double-spending or other transaction-subverting attacks.

It's not mindless cynicism. It is a recognition that US politics operates on a purely tribal basis.

You have Democrats who really honestly believe Obama is a peacenik who has reduced the number of troops in Afghanistan every single year of his presidency. I'm not joking -- I saw this exact comment in my local paper's comment section by a die-hard Obamabot.

You have Republicans who believe that forcing people to pay premiums to private for profit insurance companies is Marxism (as opposed to crony capitalism or corporatism, the softer brother of fascism). I see this in my local paper's comment section all the time from the mainstream-GOP-subverted Tea Baggers.

Combined, the purely tribal Democrats and Republicans probably account for about 60% of the population. The remainder will be largely filled by people who vote for a "lesser evil" and a few single digit percentage pointers who support "fringe" third parties. I'm in that last group, have been actively engaged with the fringe, stood out in the sleet and rain holding signs for that fringe, will not vote for any candidate affiliated with either the DNC or the GOP under any circumstances -- I am the fringe -- and I know there is no hope short of a scandal so egregious that one of the parties basically has to reinvent itself. Seriously, Obama's presidency should be all the demonstration one needs that to most people, policies are irrelevant, only party affiliation matters.

Why does everyone think that the President walks on water and has absolute power. Every president relies on his staff. A president is an orchestra leader. And some of his musicians are excellent, others don't deserve to be there.

As the leader, he tries to be on top of everything, to listen to briefings and to make the best decisions, subject to constraints. And from what I have seen, the constraints are that socialism is a very dirty word. Socialism means old age pension, Obamacare, medicade, public schools and low cost universities and fairness.

Socialism does not mean communism, nor does it mean the government owns everything. It does often mean that a person has a right to fair compensation, and that wealth should be creating jobs domestically.

It's not mindless cynicism. It is a recognition that US politics operates on a purely tribal basis.

You have Democrats who really honestly believe Obama is a peacenik who has reduced the number of troops in Afghanistan every single year of his presidency. I'm not joking -- I saw this exact comment in my local paper's comment section by a die-hard Obamabot.

You have Republicans who believe that forcing people to pay premiums to private for profit insurance companies is Marxism (as opposed to crony capitalism or corporatism, the softer brother of fascism). I see this in my local paper's comment section all the time from the mainstream-GOP-subverted Tea Baggers.

Combined, the purely tribal Democrats and Republicans probably account for about 60% of the population. The remainder will be largely filled by people who vote for a "lesser evil" and a few single digit percentage pointers who support "fringe" third parties. I'm in that last group, have been actively engaged with the fringe, stood out in the sleet and rain holding signs for that fringe, will not vote for any candidate affiliated with either the DNC or the GOP under any circumstances -- I am the fringe -- and I know there is no hope short of a scandal so egregious that one of the parties basically has to reinvent itself. Seriously, Obama's presidency should be all the demonstration one needs that to most people, policies are irrelevant, only party affiliation matters.

Yeah, +1 Ask The Right Question... A fixed microwave station on the side of a mountain is an obvious and easy target for anybody looking to suppress the flow of information. Satellite phones, like cell phones, typically function as modems as either a configurable menu option; or via Plug-n-Pray USB. Couple of hundred dollars plus the plan, and you can stash it in a book, rock, or body cavity. Seems a lot easier and less risky (in an "if-we-see-you-subverting-us-we'll-shoot-you" way) than whatever it is the OP is implying.

Yo - fuckface - how's this for a reality check:

Microsoft is desperately trying to compete with Chrome/Chrome OS/HTML 5

That's right. An OS that nobody's ever seen, and a spec that's not even been ratified yet. MS is desperately trying to compete with them, using version 3 of Silverlight. I want some of whatever it is you're smoking.

If you still live in the late 90s and think Microsoft is invincible and can decree standards by fiat with its monopoly share of the PC desktop and the web browser, let me welcome you to the 2000s...

Let me welcome you to 2009 motherfucker. In the year 2009, even MS themselves don't have any illusions of invincibility left. You can stop harping on incessantly about these stupid fucking standards-subverting conspiracy theories of yours.

Microsoft might be all you know, but it's time to start learning about alternatives or you'll be stuck with the dinosaurs.

Hating Microsoft might be all you know, but it's time to go outside and try to get laid. Or at least stop sucking Steve Jobs dick..

Apple launches HTTP Live Streaming standard in iPhone 3.0 [appleinsider.com]

Ogg Theora, H.264 and the HTML 5 Browser Squabble [roughlydrafted.com]

Why Windows 7 is Microsoft's next Zune [roughlydrafted.com]

Why Windows 7 on Netbooks Won't Save Microsoft [roughlydrafted.com]
 

I hope you didn't wet yourself with those links that point back to your own site full of deranged shit? Win7 is MS's next Zune.. ZOMG! When are you going to grow the fuck up, Daniel?

Because the kinds of people making these decisions are usually technology-illiterate to the point where they still probably say, "Computers are the wave of the future!"

Well, you're probably right with that. But I've been noticing that lately, when the media has articles about "electronic voting", they now usually include a comment about the widespread objection to the idea by "computer experts", whatever they think that means.

The summary seems to be that there are two different objections to computerized voting equipment. One comes from the Luddites, who think that paper ballots were good enough for their grandparents, so they should be good enough for us, while ignoring all the ways that paper ballots can be subverted by insiders. The other objections come from the computer geeks, who observe that the current crop of equipment seems designed to lack any sort of audit trail or security precautions, making it exceedingly easy for an insider to subvert the results. ("You can train a chimp to change the election results.";-)

We probably can't do much about the Luddites except wait for them to die off. We can do something about the insecure, easily-subverted electronic voting systems. We just make it illegal to use any system that's not completely open to inspection by the public. It's easy to see the resistance to this suggestion as strong evidence that the lack of security and auditability is not an accident, but is intentional design,.

We'll probably have good electronic voting systems in a few decades. But it'll take the usual extended fight to overcome the political system's general desire to use an easily-subverted system. Stay tuned.

1. You have excellent English for someone that is not a native speaker.

2. Great points. I think OLPC was once a worthy cause... not really sure that's the case today. Maybe it can be re-subverted back to being a cultural change for third-world countries that are trying to catch up with western civilization.

Fair enough. So in order for this to work an attacker would have needed to subvert not just one tower but two towers in a row, and the towers must be situated such that the last un-subverted tower in line of the signal would not pick up on the failure of the first subverted tower to react to the obviously wrongly relayed message from the second corrupted tower.

You are right observing I do not know exactly what the attack was. It didn't happen to me personally. I read about it here - then went out and got Hogland and Butler's book on "Rootkits-Subverting the Windows Kernel".

I was quite pissed as I read that thing.

I am used to writing industrial embedded system code. This kind of stuff where system files are overwritten with files that inaccurately report which files, threads, and processes exist is frightening to me. To me, its like finding my tax preparer is dishonest and is giving my personal info away to his snooper friends.

Most of my stuff is industrial control systems, robotics, and thermodynamics of heat transfer. Most of the time, I write my own stuff in C, C++, and assembler. I know what a sneaky programmer can do. Most of the time, I won't even use an OS - I'll just get a PIC or AVR microcontroller to do it - as I usually need specialized interfaces anyway. I'll get them all going then link them all on a RS-485 network. If the proverbial shit hits the fan, the system can be run up with a dumb terminal on the RS-485 loop. The supervisory machines mostly fine tune, log performance, and prepare reports for management.

I read all the time of the rumors where proprietary vendors are "cooperating" with marketers or authorities, and I have little-if any- means of verifying the authenticity or implementation of such rumors. Its as frustrating as trying to find God through religion. Code doesn't lie. People sometimes do.

I have noted people who want to keep secrets often have something to hide. The secrets I respect are mostly personal secrets.

I want to know exactly how something works, so if it does not work in the way I intended, I can fix it to where it does. There is no way I can build a reliable control system based on a bunch of crap I don't know. Faith is for religion - not for my designs.

My designs HAVE to work. Hope is not good enough. Its OK for the record-store kiosk to be out of whack, but its NOT OK for a critical controller in a petrochemical plant to go haywire. I have to write it - everything out in the open - so any other programmer can see what I did - and if something isn't quite right - make it right.

Programming for the masses and programming for industry are different philosophies. I hate underhanded dealmaking with code with the same purple passion I hate sneaky legal agreements.

As far as my comments about using the vendor CDROM go, its up to the vendor to see to it he does not have buffer overflows in his verification code. Personally, I would verify all the system executables for match on file length, checksum, and MD5, against the released version - with descrepancies reported to the user. Once I know at least the system core files are not tampered with, I could trust them to accurately tell me what my system is doing. From there, I am on my own, as there is no way the system vendor - whether it be Microsoft or Linux - can be held liable for what the app does. The OS should be able to report what any app does, though. The OS should accurately report all app usage of any system resources. If I had any say, all OS would have the equivalent of SoftIce built in.

I lost respect for Microsoft when they started doing all this "hidden file" stuff. In my way of thinking, a hidden file is very bad news. Its like writing legal contracts with certain clauses written in ink I can't see, yet my signing the agreement binds me to them. The more legal crap they expected me to abide to, the less comfortable I felt messing with them. I felt their whole business model mimicked selling way overpriced fashiony bluejeans to kids, while I was a plain old LEVI's fan, and ranked resilience and economy over fashion.

You hit the nail on the head when you stated if Windows were locked down that tight, I could not intall Linux.

I have no problem with that - I actually expect it. My take is that

"Oh the biting nerd humor! The wit!"

Boy, did you miss the boat on this one. When the grandparent said federal prison is like a series of tubes, the humor wasn't that Stevens is and old man or misused lingo. GP expressed anger at a power-hungry, influence-peddling, democracy-subverting, tax-and-spend person. GP may not have been polite or subtle, but you missed the point.

It's too bad when you appreciate the money he helped bring into Alaska you don't realize where it came from. I probably paid more for the bridge to nowhere than you did. Or did you think he created money magically? It came from someone else who is now poorer. They just didn't have a representative who was as good at undermining our democratic principals.

Yes, the irony of misusing lingo was funny, but you didn't get it. You got dirty money from a guy with an ethics problem and then prefered to look the other way.

I agree completely, and I'll go further. The disadvantages of electronic voting cannot be gotten around - it cannot be trusted. Ever. We don't need it, and it's just another step away from a functional democratic system. We don't need printers and paper trails. We need traditional, diverse, impossible-to-centrally-subvert voting systems. I'm a computer geek - but this is one area where computers do not belong.