If they switch from AES (which has no backdoors) to ANYTHING ELSE then it is by definition less secure. There is no security benefit from using their own encryption.
This is the most preposterous and uninformed bullshit about cryptography I've heard for a long time. AES had fairly low security margins even at the time it was introduced, and it is easy to come up with a slower, but ostensibly more secure Feistel cipher provided you have some expertise in cryptography and cryptanalysis and are careful. AES has been developed as a replacement for 3DES, with speed and applications in finance and bank transactions in mind, not for high security demands. It makes a lot of sense to replace it with a cipher that has larger security margins for applications in government and military, for instance, or to replace it with your own cipher that you have analyzed more extensively than AES so far. Government agencies have their own level of expertise in cryptanalysis and their own set of criteria.
That's right, and let me quote the President of the United States of America in further support of nuclear:
Look, having nuclear—my uncle was a great professor and scientist and engineer, Dr. John Trump at MIT; good genes, very good genes, OK, very smart, the Wharton School of Finance, very good, very smart—you know, if you’re a conservative Republican, if I were a liberal, if, like, OK, if I ran as a liberal Democrat, they would say I'm one of the smartest people anywhere in the world—it’s true!—but when you're a conservative Republican they try—oh, do they do a number—that’s why I always start off: Went to Wharton, was a good student, went there, went there, did this, built a fortune—you know I have to give my like credentials all the time, because we’re a little disadvantaged—but you look at the nuclear deal, the thing that really bothers me—it would have been so easy, and it’s not as important as these lives are (nuclear is powerful; my uncle explained that to me many, many years ago, the power and that was 35 years ago; he would explain the power of what's going to happen and he was right—who would have thought?), but when you look at what's going on with the four prisoners—now it used to be three, now it’s four—but when it was three and even now, I would have said it's all in the messenger; fellas, and it is fellas because, you know, they don't, they haven’t figured that the women are smarter right now than the men, so, you know, it’s gonna take them about another 150 years—but the Persians are great negotiators, the Iranians are great negotiators, so, and they, they just killed, they just killed us.
Wise words, from the president of the most advanced nation on earth! We need nuclear!
You need to think this through more thoroughly. It's not a good idea to encourage countries to interfere in your elections, even if you like it this time and even if the propaganda means are only biased and not falsified.
Paid trolls, twitter bots, mass media interference, all these things are powerful tools in the modern online-oriented media landscape and seem to have the potential to even swing voter opinions. Even if you have no quirks with the influence this time, it could be disastrous according to your opinion next time. Also, don't forget that, as far as that is known publicly, the Russians never intended to get Trump elected but rather seem to intend to generally destabilize trust in democracy, heat up and polarize public opinion. They are seeking to divide Europe from the US and European countries from each other, because that would bring huge long-term geostrategical advantages, and maybe also in order to distract from their own internal lack of democratic values and human rights. For radical parties on the left and right, Russia attempts to position themselves as an alternative to the alleged "cultural hegemony and imperialism of the US". Other countries might try to influence elections with another agenda, who knows? It can't be in you and your country's interest to allow or even encourage that.
I waffle between Trump either being one of the stupidest human beings to ever get elected to high office, or
Here you have your answer, or to quote Trump in one sentence from his famous 2015 speech:
Look, having nuclear—my uncle was a great professor and scientist and engineer, Dr. John Trump at MIT; good genes, very good genes, OK, very smart, the Wharton School of Finance, very good, very smart—you know, if you’re a conservative Republican, if I were a liberal, if, like, OK, if I ran as a liberal Democrat, they would say I'm one of the smartest people anywhere in the world—it’s true!—but when you're a conservative Republican they try—oh, do they do a number—that’s why I always start off: Went to Wharton, was a good student, went there, went there, did this, built a fortune—you know I have to give my like credentials all the time, because we’re a little disadvantaged—but you look at the nuclear deal, the thing that really bothers me—it would have been so easy, and it’s not as important as these lives are (nuclear is powerful; my uncle explained that to me many, many years ago, the power and that was 35 years ago; he would explain the power of what's going to happen and he was right—who would have thought?), but when you look at what's going on with the four prisoners—now it used to be three, now it’s four—but when it was three and even now, I would have said it's all in the messenger; fellas, and it is fellas because, you know, they don't, they haven’t figured that the women are smarter right now than the men, so, you know, it’s gonna take them about another 150 years—but the Persians are great negotiators, the Iranians are great negotiators, so, and they, they just killed, they just killed us.
You are welcome to question Trump's judgment, but his actions are completely legal
That's fairly irrelevant. As a president, Trump could literally commit a crime and pardon himself for it. He could even pardon himself for future crimes. Both would lead to impeachment, but he could do it.
I think what people don't like about this little incident is the fact that there was no reason for it and that intelligence agencies are seriously worried about him, because he's arguably the most retarded US president ever and has (at least officially) full and unrestricted access to every state secret. However, there is probably no real danger, because it's quite likely that they don't give him access to any valuable secrets in practice.
In authoritarian regimes government employees are generally more compliant and feel less democratic responsibilities than in relatively free and democratic countries, hence there are less whistleblowers.
That's not what's going on - maybe you know that and try to make a partisan statement. It's indeed unlikely that any substantial evidence against him could arise from the Russia link issue, but that's not the reason why Trump worries about it. He's a pathological narcissist who truly wants to be loved by everyone, and this probe continues to cast a bad light on him. He absolutely cannot stand this, he's the most thinly skinned person I've ever seen in public life and, judging from his performance so far, only knows two reactions to critique: Either he tries to make friends with his critique on a personal basis to make the critique go away, or he responds with extreme, often irrational and out of proportion aggression.
That's the reason why he fired Comey, he wants this probe to stop because it bothers him personally. Trump's hidden weakness and insecurity is also the reason why he likes strong, authoritarian personalities and the military so much and attempts to portray himself as a 'strong man' at every possible occasion.
Don't get me wrong, I believe that Trump is after all a nice guy with overall good intentions. But his ego gets way to much in his own way. That's no problem when you're a billionaire and run your own company, but in politics both conflicts and compromises are unavoidable.
Yes, that's how 'technological progress' works nowadays. Pay more to get the same functionality as you had before. (plus some features like DRM you don't need anyway)
As a (former) shareware developer for MacOS, I unfortunately have to say: not really. Or, to put it in other terms, only formally but not practically. While my application is still available on my website and various shareware/download sites, distributing applications that way doesn't work in practice due to Apple's unfair advantage and the inertia and laziness of end consumers. Even if you can still de jure get applications from elsewhere, almost nobody does it.Even if you can still de jure get applications from elsewhere, almost nobody does it. De facto developers (and indirectly also the customers) are already locked in via Gatekeeper, the Apple developer network, code signing requirements, constant API changes and intentional breaking of existing code if you do not use the latest official Apple tool-chain, sandboxing, and so on.
Slashdot has been 'cracked' by Russian trolls around the beginning of last year, but somehow they seem to have lost foothold recently. They mostly post as AC's nowadays. Maybe there were some changes to the moderation system behind the scenes to weed them out.
The above posts are disinformation. We're talking about Intel Management Engine, not AMT, the latter is the service, the former is not optional. ME is installed on nearly every Intel-based chipset/motherboard combo since 2008. That's well known and has been discussed for a long time, and it's not unreasonable to assume that the ME has been designed with backdoor features in mind from the start by Israel/US chip developers (though of course nobody in public has a proof for that).
The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional[32] part in all current (as of 2015) Intel chipsets.[33] According to an independent analysis by Igor Skochinsky, it is based on an ARC core, and the Management Engine runs the ThreadX RTOS from Express Logic. According to this analysis, versions 1.x to 5.x of the ME used the ARCTangent-A4 (32-bit only instructions) whereas versions 6.x to 8.x use the newer ARCompact (mixed 32- and 16-bit instruction set architecture). Starting with ME 7.1, the ARC processor can also execute signed Java applets. The ME state is stored in a partition of the SPI flash, using the Embedded Flash File System (EFFS).[34]
The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system, for what support exists in various Ethernet controllers, exported and made configurable via Management Component Transport Protocol (MCTP).[35][36] The ME also communicates with the host via PCI interface.[34] Under Linux, communication between the host and the ME is done via/dev/mei.[33]
Until the release of Nehalem processors, the ME was usually embedded into the motherboard's northbridge, following the Memory Controller Hub (MCH) layout.[37] With the newer Intel architectures (Intel 5 Series onwards), ME is included into the Platform Controller Hub (PCH).[38][39]
More info: Hackaday article, on attempts to neutralizing it, Slides by Igor Skochinsky, CCC talk by Jana Rutkowska, short 2016 hackaday article. There is plenty of more information on the Net if you care to look it up. Theoretically, ME only gives total access locally, if AMT features are disabled. Practically, it's likely that by a combination with other exploits a remote exploit is also possible. If AMT features are enabled, you're screwed anyway.
To repeat, this affects almost every Intel machine since 2008 and certainly every current Intel machine, whether you use AMT or not. It's especially problematic if you use full disk encryption.
Wait a minute. This (partly intentional) flaw affects practically every Intel-based PC since 2008 and some platforms since 2006. It's true that if you have remote management disabled it appears to lead to local exploits only at first sight, but there are many reasons to believe that even with the option disabled remote exploits may become possible. ME allows the running of signed Java programs on a completely separate core, which are sent via ethernet and have full access to memory and i/o controllers, it can be used to side-channel attack disk encryption and the probability that there is a serious bug that allows for remote exploits in such a complex infrastructure is also fairly high.
if they have physical access, you're already had anyway unless you encrypt your disk and have passwords enabled everywhere
Access to ME also allows access to the contents of encrypted disks, via direct memory access while the host operating system is reading and writing them and by grabbing the keys used from memory. That's a huge difference.
What kind of "cloud" backup service does not have incremental versions? Mine certainly does, it doesn't even have any limit on how many previous versions are stored, and I find it hard to imagine that this is the exception.
That being said, GP is right of course that you cannot rely on network backup as the only backup.
What did he do wrong? Are you serious? He showed the video on his channel and incidentally earned another few million dollars with it. Who in his right mind would think that he can show a video with the 'fun' message "death to all jews" and keep being sponsored by Disney[*]?
[*] To be fair, Walt Disney has built up a reputation of having been anti-semite, although this matter is controversial. So maybe he thought Disney would like to continue this tradition? Well, then I guess he was wrong.
I agree with you, have never heard of that guy before either. Then I clicked a link on youtube out of interest to a video in which he's whining for almost 20 minutes about how unfair he was treated because some maker of comics and movies for children and Youtube (which has no age restriction) did not like his 'joke' video about how to pay some guys to tell the world that all jews should be killed. This guy has made many millions of dollars with uninteresting, stupid, and uninspiring youtube videos - it's never quality that wins on a global 5-minute attention span market - and now he's complaining that he cannot make 'joke' videos about killing jews and keep being sponsored by Disney!
...unlike the US, who do not have nearly enough Harward PhDs to run all their factories, let alone people who can spell the names of their prestigious universities correctly.
Absolutely. Any machine complex enough to have an operating system and some software on it can be hacked. I'd be surprised if there are any military networks that haven't been infiltrated at one time or another, and they are much more secure than voting machines. In fact, voting machines have again and again been shown to be insecure by various security researchers and white or grey hat hackers like the German CCC.
A country that primarily uses electronic voting machine does not have a trustworthy democracy.
Interesting. The above post has been rated insightful, whereas in fact its what you could only call double-bigoted in a self-defeating way. No matter how you put it, the above AC doesn't have an argument.
Slashdot Mirror
If they switch from AES (which has no backdoors) to ANYTHING ELSE then it is by definition less secure. There is no security benefit from using their own encryption.
This is the most preposterous and uninformed bullshit about cryptography I've heard for a long time. AES had fairly low security margins even at the time it was introduced, and it is easy to come up with a slower, but ostensibly more secure Feistel cipher provided you have some expertise in cryptography and cryptanalysis and are careful. AES has been developed as a replacement for 3DES, with speed and applications in finance and bank transactions in mind, not for high security demands. It makes a lot of sense to replace it with a cipher that has larger security margins for applications in government and military, for instance, or to replace it with your own cipher that you have analyzed more extensively than AES so far. Government agencies have their own level of expertise in cryptanalysis and their own set of criteria.
That's right, and let me quote the President of the United States of America in further support of nuclear:
Look, having nuclear—my uncle was a great professor and scientist and engineer, Dr. John Trump at MIT; good genes, very good genes, OK, very smart, the Wharton School of Finance, very good, very smart—you know, if you’re a conservative Republican, if I were a liberal, if, like, OK, if I ran as a liberal Democrat, they would say I'm one of the smartest people anywhere in the world—it’s true!—but when you're a conservative Republican they try—oh, do they do a number—that’s why I always start off: Went to Wharton, was a good student, went there, went there, did this, built a fortune—you know I have to give my like credentials all the time, because we’re a little disadvantaged—but you look at the nuclear deal, the thing that really bothers me—it would have been so easy, and it’s not as important as these lives are (nuclear is powerful; my uncle explained that to me many, many years ago, the power and that was 35 years ago; he would explain the power of what's going to happen and he was right—who would have thought?), but when you look at what's going on with the four prisoners—now it used to be three, now it’s four—but when it was three and even now, I would have said it's all in the messenger; fellas, and it is fellas because, you know, they don't, they haven’t figured that the women are smarter right now than the men, so, you know, it’s gonna take them about another 150 years—but the Persians are great negotiators, the Iranians are great negotiators, so, and they, they just killed, they just killed us.
Wise words, from the president of the most advanced nation on earth! We need nuclear!
You need to think this through more thoroughly. It's not a good idea to encourage countries to interfere in your elections, even if you like it this time and even if the propaganda means are only biased and not falsified.
Paid trolls, twitter bots, mass media interference, all these things are powerful tools in the modern online-oriented media landscape and seem to have the potential to even swing voter opinions. Even if you have no quirks with the influence this time, it could be disastrous according to your opinion next time. Also, don't forget that, as far as that is known publicly, the Russians never intended to get Trump elected but rather seem to intend to generally destabilize trust in democracy, heat up and polarize public opinion. They are seeking to divide Europe from the US and European countries from each other, because that would bring huge long-term geostrategical advantages, and maybe also in order to distract from their own internal lack of democratic values and human rights. For radical parties on the left and right, Russia attempts to position themselves as an alternative to the alleged "cultural hegemony and imperialism of the US". Other countries might try to influence elections with another agenda, who knows? It can't be in you and your country's interest to allow or even encourage that.
I waffle between Trump either being one of the stupidest human beings to ever get elected to high office, or
Here you have your answer, or to quote Trump in one sentence from his famous 2015 speech:
Look, having nuclear—my uncle was a great professor and scientist and engineer, Dr. John Trump at MIT; good genes, very good genes, OK, very smart, the Wharton School of Finance, very good, very smart—you know, if you’re a conservative Republican, if I were a liberal, if, like, OK, if I ran as a liberal Democrat, they would say I'm one of the smartest people anywhere in the world—it’s true!—but when you're a conservative Republican they try—oh, do they do a number—that’s why I always start off: Went to Wharton, was a good student, went there, went there, did this, built a fortune—you know I have to give my like credentials all the time, because we’re a little disadvantaged—but you look at the nuclear deal, the thing that really bothers me—it would have been so easy, and it’s not as important as these lives are (nuclear is powerful; my uncle explained that to me many, many years ago, the power and that was 35 years ago; he would explain the power of what's going to happen and he was right—who would have thought?), but when you look at what's going on with the four prisoners—now it used to be three, now it’s four—but when it was three and even now, I would have said it's all in the messenger; fellas, and it is fellas because, you know, they don't, they haven’t figured that the women are smarter right now than the men, so, you know, it’s gonna take them about another 150 years—but the Persians are great negotiators, the Iranians are great negotiators, so, and they, they just killed, they just killed us.
You are welcome to question Trump's judgment, but his actions are completely legal
That's fairly irrelevant. As a president, Trump could literally commit a crime and pardon himself for it. He could even pardon himself for future crimes. Both would lead to impeachment, but he could do it.
I think what people don't like about this little incident is the fact that there was no reason for it and that intelligence agencies are seriously worried about him, because he's arguably the most retarded US president ever and has (at least officially) full and unrestricted access to every state secret. However, there is probably no real danger, because it's quite likely that they don't give him access to any valuable secrets in practice.
It used to be different. :(
In authoritarian regimes government employees are generally more compliant and feel less democratic responsibilities than in relatively free and democratic countries, hence there are less whistleblowers.
That's not what's going on - maybe you know that and try to make a partisan statement. It's indeed unlikely that any substantial evidence against him could arise from the Russia link issue, but that's not the reason why Trump worries about it. He's a pathological narcissist who truly wants to be loved by everyone, and this probe continues to cast a bad light on him. He absolutely cannot stand this, he's the most thinly skinned person I've ever seen in public life and, judging from his performance so far, only knows two reactions to critique: Either he tries to make friends with his critique on a personal basis to make the critique go away, or he responds with extreme, often irrational and out of proportion aggression.
That's the reason why he fired Comey, he wants this probe to stop because it bothers him personally. Trump's hidden weakness and insecurity is also the reason why he likes strong, authoritarian personalities and the military so much and attempts to portray himself as a 'strong man' at every possible occasion.
Don't get me wrong, I believe that Trump is after all a nice guy with overall good intentions. But his ego gets way to much in his own way. That's no problem when you're a billionaire and run your own company, but in politics both conflicts and compromises are unavoidable.
Couldn't he just pardon himself, though? Technically, I believe he could but I'm not an expert on US constitutional law.
Yes, that's how 'technological progress' works nowadays. Pay more to get the same functionality as you had before. (plus some features like DRM you don't need anyway)
Or you could have a USB-A port and need no adapter at all.
The walled garden is iOS only.
As a (former) shareware developer for MacOS, I unfortunately have to say: not really. Or, to put it in other terms, only formally but not practically. While my application is still available on my website and various shareware/download sites, distributing applications that way doesn't work in practice due to Apple's unfair advantage and the inertia and laziness of end consumers. Even if you can still de jure get applications from elsewhere, almost nobody does it.Even if you can still de jure get applications from elsewhere, almost nobody does it. De facto developers (and indirectly also the customers) are already locked in via Gatekeeper, the Apple developer network, code signing requirements, constant API changes and intentional breaking of existing code if you do not use the latest official Apple tool-chain, sandboxing, and so on.
You can be tracked easily across the internet anyway.
However, with the new Deutsche Bank system, you can also be hacked easily across the internet.
Slashdot has been 'cracked' by Russian trolls around the beginning of last year, but somehow they seem to have lost foothold recently. They mostly post as AC's nowadays. Maybe there were some changes to the moderation system behind the scenes to weed them out.
You should wonder more why across the entire EU, these "neo-nazis" have 40-60% of the support?
That's literally all the far right is good at - having a big mouth and making up numbers and "alternative facts".
The above posts are disinformation. We're talking about Intel Management Engine, not AMT, the latter is the service, the former is not optional. ME is installed on nearly every Intel-based chipset/motherboard combo since 2008. That's well known and has been discussed for a long time, and it's not unreasonable to assume that the ME has been designed with backdoor features in mind from the start by Israel/US chip developers (though of course nobody in public has a proof for that).
The Management Engine (ME) is an isolated and protected coprocessor, embedded as a non-optional[32] part in all current (as of 2015) Intel chipsets.[33] According to an independent analysis by Igor Skochinsky, it is based on an ARC core, and the Management Engine runs the ThreadX RTOS from Express Logic. According to this analysis, versions 1.x to 5.x of the ME used the ARCTangent-A4 (32-bit only instructions) whereas versions 6.x to 8.x use the newer ARCompact (mixed 32- and 16-bit instruction set architecture). Starting with ME 7.1, the ARC processor can also execute signed Java applets. The ME state is stored in a partition of the SPI flash, using the Embedded Flash File System (EFFS).[34]
The ME has its own MAC and IP address for the out-of-band interface, with direct access to the Ethernet controller; one portion of the Ethernet traffic is diverted to the ME even before reaching the host's operating system, for what support exists in various Ethernet controllers, exported and made configurable via Management Component Transport Protocol (MCTP).[35][36] The ME also communicates with the host via PCI interface.[34] Under Linux, communication between the host and the ME is done via /dev/mei.[33]
Until the release of Nehalem processors, the ME was usually embedded into the motherboard's northbridge, following the Memory Controller Hub (MCH) layout.[37] With the newer Intel architectures (Intel 5 Series onwards), ME is included into the Platform Controller Hub (PCH).[38][39]
Quote from Wikipedia Article
More info: Hackaday article, on attempts to neutralizing it, Slides by Igor Skochinsky, CCC talk by Jana Rutkowska, short 2016 hackaday article. There is plenty of more information on the Net if you care to look it up. Theoretically, ME only gives total access locally, if AMT features are disabled. Practically, it's likely that by a combination with other exploits a remote exploit is also possible. If AMT features are enabled, you're screwed anyway.
To repeat, this affects almost every Intel machine since 2008 and certainly every current Intel machine, whether you use AMT or not. It's especially problematic if you use full disk encryption.
Wait a minute. This (partly intentional) flaw affects practically every Intel-based PC since 2008 and some platforms since 2006. It's true that if you have remote management disabled it appears to lead to local exploits only at first sight, but there are many reasons to believe that even with the option disabled remote exploits may become possible. ME allows the running of signed Java programs on a completely separate core, which are sent via ethernet and have full access to memory and i/o controllers, it can be used to side-channel attack disk encryption and the probability that there is a serious bug that allows for remote exploits in such a complex infrastructure is also fairly high.
if they have physical access, you're already had anyway unless you encrypt your disk and have passwords enabled everywhere
Access to ME also allows access to the contents of encrypted disks, via direct memory access while the host operating system is reading and writing them and by grabbing the keys used from memory. That's a huge difference.
What kind of "cloud" backup service does not have incremental versions? Mine certainly does, it doesn't even have any limit on how many previous versions are stored, and I find it hard to imagine that this is the exception.
That being said, GP is right of course that you cannot rely on network backup as the only backup.
What did he do wrong? Are you serious? He showed the video on his channel and incidentally earned another few million dollars with it. Who in his right mind would think that he can show a video with the 'fun' message "death to all jews" and keep being sponsored by Disney[*]?
[*] To be fair, Walt Disney has built up a reputation of having been anti-semite, although this matter is controversial. So maybe he thought Disney would like to continue this tradition? Well, then I guess he was wrong.
I agree with you, have never heard of that guy before either. Then I clicked a link on youtube out of interest to a video in which he's whining for almost 20 minutes about how unfair he was treated because some maker of comics and movies for children and Youtube (which has no age restriction) did not like his 'joke' video about how to pay some guys to tell the world that all jews should be killed. This guy has made many millions of dollars with uninteresting, stupid, and uninspiring youtube videos - it's never quality that wins on a global 5-minute attention span market - and now he's complaining that he cannot make 'joke' videos about killing jews and keep being sponsored by Disney!
O tempora o mores, I guess.
Nice way of rationalizing a patently stupid "ironic" post. Maybe you should put it as a video on Youtube, this kind of stuff is very popular there.
...unlike the US, who do not have nearly enough Harward PhDs to run all their factories, let alone people who can spell the names of their prestigious universities correctly.
Absolutely. Any machine complex enough to have an operating system and some software on it can be hacked. I'd be surprised if there are any military networks that haven't been infiltrated at one time or another, and they are much more secure than voting machines. In fact, voting machines have again and again been shown to be insecure by various security researchers and white or grey hat hackers like the German CCC.
A country that primarily uses electronic voting machine does not have a trustworthy democracy.
Interesting. The above post has been rated insightful, whereas in fact its what you could only call double-bigoted in a self-defeating way. No matter how you put it, the above AC doesn't have an argument.