It doesn't matter, except that it's a pretty handy measure of whether or not something "is Unix". Mostly it's useful for saying: if you consider Linux to be "a Unix", you must also consider OS X to be a Unix also.
This branding / certification nonsense goes back pretty far, and to my knowledge, GNU/Linux has never been a certified Unix: hence the annoying *nix appellation.
That's the quality of reporting for you. Most original reports include confidence intervals. The Census, for example, provides access to economic indicator data with its confidence intervals.
It's funny, because you'd think security experts would know this.
Actually, they do know it. Often, making security, and encryption in particular, usable is a hard problem. There's also often not interest or support for it, in which case it doesn't get done. Hard problems take time and money to solve.
Right now, we don't usually turn on full-drive encryption because it may cause unexpected problems and complications.
That's pretty rare. A lot of people do use full-drive encryption: like people with iOS devices, newer versions of Mac OS X, and many versions of Ubuntu. It's because on those systems, it's been engineered to work well and it's very easy to turn on.
We don't enable encryption on email because it requires plugins and complicated setups.
This is more difficult because that's not the hard part of e-mail encryption. In fact, there are some fairly simple e-mail encryption systems and clients that have it built in. The hard part is that effective e-mail encryption basically boils down to running a public-key infrastructure. Almost any security problem that ends with "...then you just need to distribute public keys" has a hard time being widely adopted and scalable.
We don't enable SSL on all of our web servers because it's an annoying and expensive process to get a cert from a CA.
Nonsense. Buying a cert from a CA is simpler than setting up a web server, by a long shot. If you're not running your own web server (very reasonable these days), most half-decent hosting companies will do all the work of getting a cert and configuring your server for you. All it takes is money -- and it's so inexpensive that the only people that can't afford it are private individuals hosting websites that don't make money.
We don't use TOR because it's not quite brain-dead simple.
It's basically braindead simple now if you use the Tor Browser Bundle, which is what this exploit is targeting.
One of the major reasons the exploit works is that Security Is Hard, both for experts and non-experts.
Some implementations correctly enable you to simply turn off Secure Boot but otherwise leave UEFI (and the rest of the BIOS) intact.
A method of disabling Secure Boot is required by the spec and by Microsoft. It may not be implemented well, but then, that's true of every component of the BIOS.
Being able to install your own keys is a great feature, because actually having a verifiable boot chain can be a pretty useful security tool.
I won't speak for Microsoft's intentions, but UEFI Secure Boot is a derivative of trusted-computing designs that are actually designed and intended to improve security. (And for what it's worth, Microsoft Research is actually quite serious about security.)
It's not clear to me if they were searching for anything in particular and if they asked to "search" specifically. However, it is quite normal procedure to ask to "come inside and look around" (which really is the same thing), but they expect to routinely be turned down (because they are). This is because lots of criminals (which are a small fraction of tip-based knock-and-talks) are complete morons and will practically lead cops straight to evidence if you give them the opportunity.
Yes, that is the problem. I said "might be nice". There are some benefits (the reasons people jailbreak) and there are lots of downsides, like you indicate.
The fact of the matter is that you can get the capabilities of jailbreaking right now and people do it. The mechanism is jailbreaking via a vulnerability. It would at least be better if they had the same capabilities but without the vulnerability.
The moral of the story is that tons of people searched for "pressure cooker bomb" when it was in the news. One of them got a few cops knocking on the door and asking about it. In all likelihood, everyone else who searched for that term did not.
It seems like being curious about "bad things" wasn't a problem at all!
(Having a boss who snoops on your computer and doesn't know what he's doing turned out to be a problem. But if you take away "on a computer" and "because terrorism", this scenario plays out all the time. A person close to you observes something that they think is suspicious and call the police. It turns out to be nothing.)
It's his boss nosing around on his old computer. It doesn't really matter which one of a dozen completely reasonable explanations it is. Hell, the guy could have been innocently looking up pressure cooker bombs. Certainly a lot of people did when it was in the news. But his boss has no clue what he's doing. He's not a trained investigator or analyst of any kind. He sees some things that look to him like a search for a "pressure cooker bomb" and he calls the police.
The speaker probably has a different idea of "this" than you do. This is just cops doing a knock-and-talk as a result of a random tip. (A random tip with virtually no evidence that even a monkey could recognize as "probably harmless, but maybe not".) That they do all the time, and most of the time it's nothing. The rest of the time it's something, but almost never terrorists. (But then, the reported tip isn't usually about terrorists.)
Grab your local police blotter, if it goes into this level of detail, and look at the vast array of stupid little things they respond to on a daily basis. My favorite so far was a person who called in a suspiciously-acting brown truck. It was UPS.
According to Gen. Alexander on Wednesday, 54 plots were stopped with PRISM + phone-call metadata. One of those was the NY subway bombing plot from 2009. (I believe a second foiled plot was mentioned in his presentation, but I don't recall offhand. The whole thing is on Youtube.)
Believe him if you want, or not, but it was advertised.
I agree that an independent effectiveness review would be good. Of course, if they're secret, we wouldn't really know if they're doing that, eh? Ostensibly two Congressional groups and the President secretly review NSA program effectiveness and legality, but we have no idea what the scope of that is.
He did also have some statistics in his talk about the reduction of casualties in Iraq and Afghanistan from NSA communications-monitoring systems designed to warn about IEDs and insurgents.
What component of the hack actually required that?
As I understand it (having been at the talk), all it does is grab the device UDID, pair with the device as if it was a copy of iTunes, sign and install a developer provisioning profile, and use that to install an application signed by the corresponding developer signing cert.
Three of these (obtain UDID, pair with device, install application) are used all the time in the normal operation of syncing with iTunes. Installing a developer provisioning profile is used all the time by iOS application developers.
It's right because the jailbreaks are all serious security vulnerabilities. That's how they work, and having them around is dangerous.
Now, it might be nice if Apple allowed people to have the capabilities provided by a jailbreak if they want them. That's not the same as having a jailbreak.
No, but there's a good mitigation: the first guy who uses that charger probably alerts others. A persistent, undetectable hack is a lot more useful, since it can affect more than one person before being noticed.
Now as to why the FBI doesn't arrest the attendees, it's because none of them have outstanding arrest warrants. (Well, presumably not. At DEFCON, you don't give them your name or your credit card and it's so crowded, you couldn't find anyone anyway.) Turns out calling yourself a hacker isn't grounds for arrest.
There is an equation for the N-body problem. There's not a closed-form solution. That's hardly unique, though, there aren't closed-form solutions for huge swaths of physical problems. There are even bigger concerns than a lack of closed-form solutions: like systems where you're solving a continuum function but have to use an iterative solver that quantizes space. Hence techniques like finite-element modeling. But, I digress.
Here's a good example of the problem you're missing. There is a whole class of problems that are only solvable through iterative improvement. Newton's method is an excellent example of an iterative-approximation technique. (It's by no means a particularly complicated iterative approximation technique, so it's a good example.) You start with an arbitrary (read: well-chosen) guess and iteratively converge on the answer. Here, being able to exactly model irrational constants like pi is not really helpful.
Now, you seem to think that maintaining a rational-number notation will help you. But that's not really any different from using arbitrarily-large floating-point binary numbers. In fact, you can see that a floating-point binary number is a rational number: it's K / 2^N for some K and N. Given two floating-point numbers and some basic operation on those numbers, you can store the result of the operation exactly in roughly a number of bits equal to the sum of the number of bits in the operands. (So, an operation on two 80-bit numbers would yield a 160-bit number.) This is roughly the same expense as doing "symbolic" algebra: given some way of storing a rational number, an operation on two of those rational numbers will take up the storage space of the pair. Unless some parts of the ratio cancel out, which for sufficiently complicated systems, will not occur to any meaningful extent.
So, it's strictly true that you can start performing numerical approximation methods (which are sometimes the only way of solving a problem) using symbolic algebra. If you had arbitrary amounts of memory, you could even continue doing it. But this is no better than just using very large (high-precision) floating-point numbers. Even then, that doesn't mean that you can obtain an exact answer, because a) sometimes answers are irrational and b) it's not necessarily the case that an irrational answer will be representable as an algebraic expression containing only rational numbers and known irrational constants so c) no finite number of iterations of your approximation methods, storing the result in a finite amount of memory, could possibly exactly find the irrational answer. Even if the solutions are all rational, though, you still can't reasonably use a symbolic approach because there's just not enough memory. As above, each iteration very roughly can be expected to double the number of bits you need to exactly represent the solution. It's nothing to expect hundreds of thousands of iterations in order to arrive at a solution. (Far, far more than that for any interesting problem.) And there's probably on the order of no more than 2^300 bits available, ever.
No, I understand you just fine. But you're falling victim to a common line of thinking -- that any mathematical problem can necessarily be done with symbolic algebra. It's true for simple problems, but most complex models (and lots of other classes of problems) cannot be done symbolically at all. They absolutely require numerical approximations.
Don't try to be pedantic about "numbers are symbols". There are two general approaches to mathematical computation, and they're usually referred to as "numerical" and "symbolic".
Slashdot Mirror
Don't forget living in DC.
It doesn't matter, except that it's a pretty handy measure of whether or not something "is Unix". Mostly it's useful for saying: if you consider Linux to be "a Unix", you must also consider OS X to be a Unix also.
This branding / certification nonsense goes back pretty far, and to my knowledge, GNU/Linux has never been a certified Unix: hence the annoying *nix appellation.
I don't know if iOS is a certified Unix, but OS X is. Linux is not.
Isn't it inconvenient when people who think differently than yourself speak up?
No, it's just inconvenient when people who don't think speak up.
That's the quality of reporting for you. Most original reports include confidence intervals. The Census, for example, provides access to economic indicator data with its confidence intervals.
It's funny, because you'd think security experts would know this.
Actually, they do know it. Often, making security, and encryption in particular, usable is a hard problem. There's also often not interest or support for it, in which case it doesn't get done. Hard problems take time and money to solve.
Right now, we don't usually turn on full-drive encryption because it may cause unexpected problems and complications.
That's pretty rare. A lot of people do use full-drive encryption: like people with iOS devices, newer versions of Mac OS X, and many versions of Ubuntu. It's because on those systems, it's been engineered to work well and it's very easy to turn on.
We don't enable encryption on email because it requires plugins and complicated setups.
This is more difficult because that's not the hard part of e-mail encryption. In fact, there are some fairly simple e-mail encryption systems and clients that have it built in. The hard part is that effective e-mail encryption basically boils down to running a public-key infrastructure. Almost any security problem that ends with "...then you just need to distribute public keys" has a hard time being widely adopted and scalable.
We don't enable SSL on all of our web servers because it's an annoying and expensive process to get a cert from a CA.
Nonsense. Buying a cert from a CA is simpler than setting up a web server, by a long shot. If you're not running your own web server (very reasonable these days), most half-decent hosting companies will do all the work of getting a cert and configuring your server for you. All it takes is money -- and it's so inexpensive that the only people that can't afford it are private individuals hosting websites that don't make money.
We don't use TOR because it's not quite brain-dead simple.
It's basically braindead simple now if you use the Tor Browser Bundle, which is what this exploit is targeting.
One of the major reasons the exploit works is that Security Is Hard, both for experts and non-experts.
Some implementations correctly enable you to simply turn off Secure Boot but otherwise leave UEFI (and the rest of the BIOS) intact.
A method of disabling Secure Boot is required by the spec and by Microsoft. It may not be implemented well, but then, that's true of every component of the BIOS.
Being able to install your own keys is a great feature, because actually having a verifiable boot chain can be a pretty useful security tool.
I won't speak for Microsoft's intentions, but UEFI Secure Boot is a derivative of trusted-computing designs that are actually designed and intended to improve security. (And for what it's worth, Microsoft Research is actually quite serious about security.)
It's not clear to me if they were searching for anything in particular and if they asked to "search" specifically. However, it is quite normal procedure to ask to "come inside and look around" (which really is the same thing), but they expect to routinely be turned down (because they are). This is because lots of criminals (which are a small fraction of tip-based knock-and-talks) are complete morons and will practically lead cops straight to evidence if you give them the opportunity.
Yes, that is the problem. I said "might be nice". There are some benefits (the reasons people jailbreak) and there are lots of downsides, like you indicate.
The fact of the matter is that you can get the capabilities of jailbreaking right now and people do it. The mechanism is jailbreaking via a vulnerability. It would at least be better if they had the same capabilities but without the vulnerability.
The "backpacks" was irrelevant. The blogger determined for himself what had caused the police visit, and it turns out he was incorrect.
The moral of the story is that tons of people searched for "pressure cooker bomb" when it was in the news. One of them got a few cops knocking on the door and asking about it. In all likelihood, everyone else who searched for that term did not.
It seems like being curious about "bad things" wasn't a problem at all!
(Having a boss who snoops on your computer and doesn't know what he's doing turned out to be a problem. But if you take away "on a computer" and "because terrorism", this scenario plays out all the time. A person close to you observes something that they think is suspicious and call the police. It turns out to be nothing.)
It's his boss nosing around on his old computer. It doesn't really matter which one of a dozen completely reasonable explanations it is. Hell, the guy could have been innocently looking up pressure cooker bombs. Certainly a lot of people did when it was in the news. But his boss has no clue what he's doing. He's not a trained investigator or analyst of any kind. He sees some things that look to him like a search for a "pressure cooker bomb" and he calls the police.
The speaker probably has a different idea of "this" than you do. This is just cops doing a knock-and-talk as a result of a random tip. (A random tip with virtually no evidence that even a monkey could recognize as "probably harmless, but maybe not".) That they do all the time, and most of the time it's nothing. The rest of the time it's something, but almost never terrorists. (But then, the reported tip isn't usually about terrorists.)
Grab your local police blotter, if it goes into this level of detail, and look at the vast array of stupid little things they respond to on a daily basis. My favorite so far was a person who called in a suspiciously-acting brown truck. It was UPS.
According to Gen. Alexander on Wednesday, 54 plots were stopped with PRISM + phone-call metadata. One of those was the NY subway bombing plot from 2009. (I believe a second foiled plot was mentioned in his presentation, but I don't recall offhand. The whole thing is on Youtube.)
Believe him if you want, or not, but it was advertised.
I agree that an independent effectiveness review would be good. Of course, if they're secret, we wouldn't really know if they're doing that, eh? Ostensibly two Congressional groups and the President secretly review NSA program effectiveness and legality, but we have no idea what the scope of that is.
He did also have some statistics in his talk about the reduction of casualties in Iraq and Afghanistan from NSA communications-monitoring systems designed to warn about IEDs and insurgents.
What component of the hack actually required that?
As I understand it (having been at the talk), all it does is grab the device UDID, pair with the device as if it was a copy of iTunes, sign and install a developer provisioning profile, and use that to install an application signed by the corresponding developer signing cert.
Three of these (obtain UDID, pair with device, install application) are used all the time in the normal operation of syncing with iTunes. Installing a developer provisioning profile is used all the time by iOS application developers.
It's right because the jailbreaks are all serious security vulnerabilities. That's how they work, and having them around is dangerous.
Now, it might be nice if Apple allowed people to have the capabilities provided by a jailbreak if they want them. That's not the same as having a jailbreak.
No, but there's a good mitigation: the first guy who uses that charger probably alerts others. A persistent, undetectable hack is a lot more useful, since it can affect more than one person before being noticed.
The NSA doesn't (can't) arrest people.
Now as to why the FBI doesn't arrest the attendees, it's because none of them have outstanding arrest warrants. (Well, presumably not. At DEFCON, you don't give them your name or your credit card and it's so crowded, you couldn't find anyone anyway.) Turns out calling yourself a hacker isn't grounds for arrest.
My mistake! You'd prefer this link.
http://www.youtube.com/watch?v=RXH4yB2pzeA
He did, last year.
There is an equation for the N-body problem. There's not a closed-form solution. That's hardly unique, though, there aren't closed-form solutions for huge swaths of physical problems. There are even bigger concerns than a lack of closed-form solutions: like systems where you're solving a continuum function but have to use an iterative solver that quantizes space. Hence techniques like finite-element modeling. But, I digress.
Here's a good example of the problem you're missing. There is a whole class of problems that are only solvable through iterative improvement. Newton's method is an excellent example of an iterative-approximation technique. (It's by no means a particularly complicated iterative approximation technique, so it's a good example.) You start with an arbitrary (read: well-chosen) guess and iteratively converge on the answer. Here, being able to exactly model irrational constants like pi is not really helpful.
Now, you seem to think that maintaining a rational-number notation will help you. But that's not really any different from using arbitrarily-large floating-point binary numbers. In fact, you can see that a floating-point binary number is a rational number: it's K / 2^N for some K and N. Given two floating-point numbers and some basic operation on those numbers, you can store the result of the operation exactly in roughly a number of bits equal to the sum of the number of bits in the operands. (So, an operation on two 80-bit numbers would yield a 160-bit number.) This is roughly the same expense as doing "symbolic" algebra: given some way of storing a rational number, an operation on two of those rational numbers will take up the storage space of the pair. Unless some parts of the ratio cancel out, which for sufficiently complicated systems, will not occur to any meaningful extent.
So, it's strictly true that you can start performing numerical approximation methods (which are sometimes the only way of solving a problem) using symbolic algebra. If you had arbitrary amounts of memory, you could even continue doing it. But this is no better than just using very large (high-precision) floating-point numbers. Even then, that doesn't mean that you can obtain an exact answer, because a) sometimes answers are irrational and b) it's not necessarily the case that an irrational answer will be representable as an algebraic expression containing only rational numbers and known irrational constants so c) no finite number of iterations of your approximation methods, storing the result in a finite amount of memory, could possibly exactly find the irrational answer. Even if the solutions are all rational, though, you still can't reasonably use a symbolic approach because there's just not enough memory. As above, each iteration very roughly can be expected to double the number of bits you need to exactly represent the solution. It's nothing to expect hundreds of thousands of iterations in order to arrive at a solution. (Far, far more than that for any interesting problem.) And there's probably on the order of no more than 2^300 bits available, ever.
The Moon is a Harsh Mistress
No, I understand you just fine. But you're falling victim to a common line of thinking -- that any mathematical problem can necessarily be done with symbolic algebra. It's true for simple problems, but most complex models (and lots of other classes of problems) cannot be done symbolically at all. They absolutely require numerical approximations.
Don't try to be pedantic about "numbers are symbols". There are two general approaches to mathematical computation, and they're usually referred to as "numerical" and "symbolic".