Don't assume your typical non-military-grade-hardened phone is secure unless it's so-dumb-that-its-unhackable* or the phone resides on an isolated network over which you and only people you trust can see.
Even if nobody knows how to compromise it today, you shouldn't assume someone won't figure out how to compromise it "tomorrow".
* think "analog phone on a cross-bar switch" - but even that is subject to hacking, but few people have the skills to do more than a simple wiretap.
Many years ago we had a system admin who used sexual innuendo in root passwords on our non-production research equipment. Thankfully, only a handful of people ever used these machines and they were all in our department.
Within months of my arrival, he was laid off. His skills weren't great but they were good enough to keep him above the "layoff bubble." I have a strong hunch that his sexist style made it easy for his boss to decide to get rid of him.
The new passwords didn't have any sexual innuendo.
At the time, we were a small branch of a research arm of a large corporation. Personally, I found his willingness to use such innuendo on the job distasteful and I found having to type them in on a routine basis uncomfortable but not so much that it was enough to complain about. Now that I am many years wiser and aware of the larger effects that tolerating such behavior has on the workplace, recruitment, and retention, I would probably either ask him to change the passwords or raise the issue with his/our boss.
For non-citizens and others without an automatic right to entry, the penalty for disobeying directives from customs agents for those violating "border-only" rules (i.e. not rules that apply inside the country such as assaulting a government official) should be denial of entry.
For citizens and others with an automatic right to entry, the person should be given a choice: Voluntarily go back and come back another time when they are willing to obey the rules, or be arrested/cited for violating whatever law they broke.
If it's THAT sensitive, either have the customer pick it up from a Cisco-controlled location or have a Cisco employee hand-deliver it to the customer.
Use tamper-evident seals and use something like a "warrant canary"-like system so the delivery person can effectively tell the customer that to the best of his and Cisco's knowledge the shipment was not tampered with en route: The absence of a followup message from Cisco guaranteeing that the shipment and delivery were not intercepted would be treated as a message that it might have been intercepted.
Speaking of "canaries" I wouldn't be surprised to see specialty shipping companies or specialty-arms of big-name shipping companies use "canaries" to guarantee that their shipments were delivered to an authorized person and not tampered with en route.
I don't have a problem with EUFI or BIOS being flashable. But you need a non-changeable way of recovering your system to prevent "permanent" p0wnership or brickage.
A non-flashable "pre-EUFI" firmware that did nothing but check if a certain jumper pin was set and either proceed to boot to EUFI or boot to a non-flashable "EUFI re-flash loader" utility is a must for any computer that doesn't need to be "locked down" at the factory. This utility would look in a standard location - perhaps USB port 1 - for a signed executable that would be the real "re-flash" utility. Whether motherboard vendors chose to supply signed re-flash utilities that only re-flashed signed EUFI binaries or if they catered to hobbyists who might want to load arbitrary/unsigned EUFI binaries would be up to the motherboard manufacturer.
Bonus points if the immutable "EUFI re-flash loader" utility calculated and displayed a cryptographic hash of both the current EUFI and that of the real "re-flash" utility the user is trying to use PRIOR to executing it the so the user could verify that they are what he thinks they are.
For computers running in specific environments that need to be "locked down" at the factory, re-flashing the BIOS would probably not be allowed at all - EUFI changes would probably require chip- or motherboard-level surgery.
Color-stable archival film with color-stable archival prints in case the film isn't as color-stable as you hope. If you can do a second film conversion using a different type of film that would be good also. If this was for more than 100 years I would also suggest color-separations done on archival black-and-white film.
For audio, do on-film audio, a phonograph record on archival materials, and an analog magnetic tape using a recording mode that was in common use for decades, on archival materials.
In addition, I would supply DVDs on archival material, a rugged DVD player likely to still be playable in 100 years, a printed copy of the manual and a printed copy of the DVD specification, all on archival paper. If space precludes the use of printed manuals, a micfofilm copy is fine, just put it on archival materials.
So, what if I and everyone else who accepts BC for payment said "before we accept your coin, we need to run its complete history against known coin thefts"?
That wouldn't necessarily stop "off-blockchain" transactions like people who trade whole wallets or who "print coins out on paper" and trade them, but it might slow it down if people knew that they might be the one stuck "holding the dirty money."
There is still the problem that this alone won't prevent people from spending stolen BC before it is reported. In order to fix that, you will need some accepted means of "de-valuing" any money that was ever "co-mingled" with "dirty money." People other than the original thief would be forced to absorb the loss but at least once the loss was reported, I could accept your "partly dirty money" after applying a discount to it to reflect the "non-dirty" portion of its value. I wrote a top-level reply to this article outlining this in more detail.
I thought the point of the blockchain was that it recorded every transaction.
I have no idea if it's practical, but in principle, it should be possible to trace the coins from a known point in time, taking into account the "dilution" when they are mixed with other coins.
In other words, if you give me your entire wallet consisting of 1BC that is later determined to be "dirty money" (as declared by the police/a court/whomever) and I put it in my wallet consisting of 9 other BC, my wallet is now "10% contaminated" by the "dirty money."
If I then I give 1BC each to 10 other people who have wallets with 9BC in them, those 10 people each have wallets that are "1% contaminated" by the original "dirty money".
If they each add 90 BC to their wallets, they will each have wallets with 100BC that are now "merely 0.1% contaminated" by the "dirty money."
And so on.
But you will know "where the money went."
As I said, this should be doable in principle. As to whether it is doable in practice I have no idea.
If this kind of tracing is doable in practice, then it can be used to reduce the occurrence of coin theft by reporting thefts to a central authority (or even logging the theft in the block-chain itself) and having people who accept BC as payment treat coins that have been stolen as worthless and treat those that have been co-mingled with stolen coins in "upstream" transactions as having only a "fractional" value based on the "non-dirty" portion of its transaction history.
Yes, there will be thefts but the crook will have to pass the dirty money off on to some innocent/naive party quickly, before the coins are reported stolen. Whoever has the coins or a wallet that was contaminated by having the coins used in an upstream transaction at the time that the theft is reported will typically be stuck with the loss, but from that point on the coins can be used at a "fair" value, based on the value of the non-stolen portion of the money. Depending on the legal frameworks in place and whether the party who gave them the contaminated BC can be identified, they may be totally out of luck or they may be able to recoup the loss from their own counter-party or an insurance company. If they are able t recoup from the counter-party, he will either be stuck with the loss or he may be able to recoup it from the party who gave him contaminated coins or his insurance company, and so on.
Of course, there is the possibility of fraudulently reporting money as stolen. To prevent this, it is doubtful that any reporting system that didn't include some form of accountability for lying would be feasible. I can't think of any way of doing this besides requiring people to reveal their real-life identity and real-world address to the police or other "authority" so that if it turns out they are lying, they can be prosecuted for perjury.
Oh, before you ask, yes, I do realize that this would increase the complexity of handling BC transactions significantly and that alone may make such a system impractical, at least for now.
If you misunderstood my to mean "gold, the relatively inert chemical element used for teeth fillings, expensive paperweights, electrical circuits, and as a financial hedge against inflation" then I take your point.
If you understood me correctly to mean "high quality code" then I don't understand your comment, please elaborate.
I've seen the before-and-after when crap code was rewritten and refactored by hand by a good coder.
The improvement was huge.
Was it better than if the same coder wrote the code "from scratch" from the problem-description or design document? I don't know, but my point is that crap can be turned into gold by a good coder, and that refactoring can be part of the cleanup.
What we are alleging is occurring is that there are individuals and organizations that are profiting from the storage and the exchange of child sexual exploitation material
Well if you are going to charge the data center provider, you might as well go for everyone else who is merely providing a service. Find everyone who downloaded the material and charge their ISPs and their electric utility companies, because if the people weren't downloading underaged-p0rn they would presumably have a lower electric bill and would choose a cheaper plan from their ISP. Or so the logic goes.
Seriously, unless this business was specifically "in the business" of turning a blind eye to or even facilitating activity that reputable hosting companies don't do and providing services which have no practical value to legal businesses, then leave the hosting company alone.
For downloads of updates, yes, checksums and the like can and probably should be widely published. As others have said, having the checksums ONLY on the vendor's web site probably isn't any good but if they were "all over the web" they would essentially be tamper-proof.
Better than a checksum would be a cryptographicly signed by a public key that was issued by a major company that you trust already.
As far as the firmware that is on the drive:
Unless you have a way of directly reading the firmware memory without using the firmware itself, forget about it. Any attempt to ask compromised firmware to give you a data dump of itself would likely just get it to lie to you. Yes, there is probably equipment out there that can read the chips but you probably don't have it and you probably can't afford it unless you are doing it as a business or as part of a larger business (such as computer manufacturing, where you may want to validate that OEM drives contain the firmware that should be on them and not the ones that $SPYING_GOVERNMENT_AGENT installed).
As other replies have said, you are probably better off getting a lawyer BEFORE you go to the bank or anyone else.
Why?
1) If they've already discovered this themselves they may be working with the FBI and there may be a subpoena in your ISP's hands within minutes of you making your discovery.
2) Even if there isn't, the veiled threat of prosecution can be very intimidating.
3) By having your attorney speak to the bank and/or the government/police authorities for you BEFORE the police contact you, it will be abundantly clear to the police that you are just a good citizen and that it would be a political mess if they threatened to press charges or ignore the problem.
If someone in a high-security environment such as a a major sporting event wants to take your picture to run it through a face-matcher program, they are going to spend the money use* a camera which behaves like the human eye, ignoring frequencies outside of the range of human vision.
Basically, if you are still recognizable to a trained cop who has seen a good photo of you, someone can make a camera and computer that will recognize you with about as good an error rate as a trained cop.
*Or design one themselves, or pay someone to design one themselves.
Your point is well taken, but the Congressman and Senators who represent the people who live in and around Argonne are much more likely to have the informal political "pull" to get things done quickly without the need for formal action on Capitol Hill than other House and Senate members.
Other members to target would be those serving on or better yet those chairing the committees that do a lot of business related to Argonne.
50 MHz means 6 meters and above -- basically, nothing that has any regularly occurring usable propagation modes.
Moon-bounce and ham-sats occur regularly enough to be useful. Granted, hamsat passes are so short-duration and so sought-after that they aren't useful for much more than bragging rights, and moon-bounce is too technically challenging to be useful for routine communications, but they are there.
RF-based repeater networks on the 2m (~146MHz) and 70cm (~440MHz) bands are common in the United States. They offer communications over hundreds of miles without using anything but the airwaves. Ditto some mountaintop- and very-high-tower-based repeaters. A single repeater that covers a 50-mile-or-more radius is more convenient and therefore frequently more useful in an emergency than an HF-based NVIS net (NVIS is a way of setting up your HF antenna for "short range" communications of about a few hundred miles or less. Unlike typical antenna setups, they do not have any "skip", which is very useful in an emergency).
In situations where the Internet infrastructure is still up (which is almost always except during emergencies, and frequently during emergencies as well), repeaters that link to the Internet can provide worldwide communication on any band.
Everyone in Illinois should write their US Senators requesting that Argonne invite other institutions to take over this project or at the very least become the custodian of existing data on the condition that it be maintained as a publicly-available resource.
Those in Illinois's 3rd Congressional District (where Argonne is) should also write their US House Representative.
Slashdot Mirror
Don't assume your typical non-military-grade-hardened phone is secure unless it's so-dumb-that-its-unhackable* or the phone resides on an isolated network over which you and only people you trust can see.
Even if nobody knows how to compromise it today, you shouldn't assume someone won't figure out how to compromise it "tomorrow".
* think "analog phone on a cross-bar switch" - but even that is subject to hacking, but few people have the skills to do more than a simple wiretap.
Many years ago we had a system admin who used sexual innuendo in root passwords on our non-production research equipment. Thankfully, only a handful of people ever used these machines and they were all in our department.
Within months of my arrival, he was laid off. His skills weren't great but they were good enough to keep him above the "layoff bubble." I have a strong hunch that his sexist style made it easy for his boss to decide to get rid of him.
The new passwords didn't have any sexual innuendo.
At the time, we were a small branch of a research arm of a large corporation. Personally, I found his willingness to use such innuendo on the job distasteful and I found having to type them in on a routine basis uncomfortable but not so much that it was enough to complain about. Now that I am many years wiser and aware of the larger effects that tolerating such behavior has on the workplace, recruitment, and retention, I would probably either ask him to change the passwords or raise the issue with his/our boss.
For non-citizens and others without an automatic right to entry, the penalty for disobeying directives from customs agents for those violating "border-only" rules (i.e. not rules that apply inside the country such as assaulting a government official) should be denial of entry.
For citizens and others with an automatic right to entry, the person should be given a choice: Voluntarily go back and come back another time when they are willing to obey the rules, or be arrested/cited for violating whatever law they broke.
I wonder if anyone has made a hardened version of the original "www" browser.
Being text-only and lacking support for just about everything, it should be relatively easy to make almost bulletproof.
If it's THAT sensitive, either have the customer pick it up from a Cisco-controlled location or have a Cisco employee hand-deliver it to the customer.
Use tamper-evident seals and use something like a "warrant canary"-like system so the delivery person can effectively tell the customer that to the best of his and Cisco's knowledge the shipment was not tampered with en route: The absence of a followup message from Cisco guaranteeing that the shipment and delivery were not intercepted would be treated as a message that it might have been intercepted.
Speaking of "canaries" I wouldn't be surprised to see specialty shipping companies or specialty-arms of big-name shipping companies use "canaries" to guarantee that their shipments were delivered to an authorized person and not tampered with en route.
I don't have a problem with EUFI or BIOS being flashable. But you need a non-changeable way of recovering your system to prevent "permanent" p0wnership or brickage.
A non-flashable "pre-EUFI" firmware that did nothing but check if a certain jumper pin was set and either proceed to boot to EUFI or boot to a non-flashable "EUFI re-flash loader" utility is a must for any computer that doesn't need to be "locked down" at the factory. This utility would look in a standard location - perhaps USB port 1 - for a signed executable that would be the real "re-flash" utility. Whether motherboard vendors chose to supply signed re-flash utilities that only re-flashed signed EUFI binaries or if they catered to hobbyists who might want to load arbitrary/unsigned EUFI binaries would be up to the motherboard manufacturer.
Bonus points if the immutable "EUFI re-flash loader" utility calculated and displayed a cryptographic hash of both the current EUFI and that of the real "re-flash" utility the user is trying to use PRIOR to executing it the so the user could verify that they are what he thinks they are.
For computers running in specific environments that need to be "locked down" at the factory, re-flashing the BIOS would probably not be allowed at all - EUFI changes would probably require chip- or motherboard-level surgery.
Color-stable archival film with color-stable archival prints in case the film isn't as color-stable as you hope. If you can do a second film conversion using a different type of film that would be good also. If this was for more than 100 years I would also suggest color-separations done on archival black-and-white film.
For audio, do on-film audio, a phonograph record on archival materials, and an analog magnetic tape using a recording mode that was in common use for decades, on archival materials.
In addition, I would supply DVDs on archival material, a rugged DVD player likely to still be playable in 100 years, a printed copy of the manual and a printed copy of the DVD specification, all on archival paper. If space precludes the use of printed manuals, a micfofilm copy is fine, just put it on archival materials.
Answer: Because the government dragged their feet 2-3 decades.
Because 340 million Km is too long for a selfie-stick.
Plus I hear that there's not a single museum on Mars that allows selfie-sticks :( .
Star Wars maybe, but it's not quite Star Wars.
So, what if I and everyone else who accepts BC for payment said "before we accept your coin, we need to run its complete history against known coin thefts"?
That wouldn't necessarily stop "off-blockchain" transactions like people who trade whole wallets or who "print coins out on paper" and trade them, but it might slow it down if people knew that they might be the one stuck "holding the dirty money."
There is still the problem that this alone won't prevent people from spending stolen BC before it is reported. In order to fix that, you will need some accepted means of "de-valuing" any money that was ever "co-mingled" with "dirty money." People other than the original thief would be forced to absorb the loss but at least once the loss was reported, I could accept your "partly dirty money" after applying a discount to it to reflect the "non-dirty" portion of its value. I wrote a top-level reply to this article outlining this in more detail.
I thought the point of the blockchain was that it recorded every transaction.
I have no idea if it's practical, but in principle, it should be possible to trace the coins from a known point in time, taking into account the "dilution" when they are mixed with other coins.
In other words, if you give me your entire wallet consisting of 1BC that is later determined to be "dirty money" (as declared by the police/a court/whomever) and I put it in my wallet consisting of 9 other BC, my wallet is now "10% contaminated" by the "dirty money."
If I then I give 1BC each to 10 other people who have wallets with 9BC in them, those 10 people each have wallets that are "1% contaminated" by the original "dirty money".
If they each add 90 BC to their wallets, they will each have wallets with 100BC that are now "merely 0.1% contaminated" by the "dirty money."
And so on.
But you will know "where the money went."
As I said, this should be doable in principle. As to whether it is doable in practice I have no idea.
If this kind of tracing is doable in practice, then it can be used to reduce the occurrence of coin theft by reporting thefts to a central authority (or even logging the theft in the block-chain itself) and having people who accept BC as payment treat coins that have been stolen as worthless and treat those that have been co-mingled with stolen coins in "upstream" transactions as having only a "fractional" value based on the "non-dirty" portion of its transaction history.
Yes, there will be thefts but the crook will have to pass the dirty money off on to some innocent/naive party quickly, before the coins are reported stolen. Whoever has the coins or a wallet that was contaminated by having the coins used in an upstream transaction at the time that the theft is reported will typically be stuck with the loss, but from that point on the coins can be used at a "fair" value, based on the value of the non-stolen portion of the money. Depending on the legal frameworks in place and whether the party who gave them the contaminated BC can be identified, they may be totally out of luck or they may be able to recoup the loss from their own counter-party or an insurance company. If they are able t recoup from the counter-party, he will either be stuck with the loss or he may be able to recoup it from the party who gave him contaminated coins or his insurance company, and so on.
Of course, there is the possibility of fraudulently reporting money as stolen. To prevent this, it is doubtful that any reporting system that didn't include some form of accountability for lying would be feasible. I can't think of any way of doing this besides requiring people to reveal their real-life identity and real-world address to the police or other "authority" so that if it turns out they are lying, they can be prosecuted for perjury.
Oh, before you ask, yes, I do realize that this would increase the complexity of handling BC transactions significantly and that alone may make such a system impractical, at least for now.
If you misunderstood my to mean "gold, the relatively inert chemical element used for teeth fillings, expensive paperweights, electrical circuits, and as a financial hedge against inflation" then I take your point.
If you understood me correctly to mean "high quality code" then I don't understand your comment, please elaborate.
... for the mafioso:
* Kill your prospective IT guy before you let him touch your computers, or
* Kill him after you discovered he used his skills to undermine your operation.
I've seen the before-and-after when crap code was rewritten and refactored by hand by a good coder.
The improvement was huge.
Was it better than if the same coder wrote the code "from scratch" from the problem-description or design document? I don't know, but my point is that crap can be turned into gold by a good coder, and that refactoring can be part of the cleanup.
data can no longer be over-written in place, requiring SSD-like algorithms to handle random writes.
Good, now when my clients get hit by ransomware there is still hope that the "over-written" file can be recovered.
What we are alleging is occurring is that there are individuals and organizations that are profiting from the storage and the exchange of child sexual exploitation material
Well if you are going to charge the data center provider, you might as well go for everyone else who is merely providing a service. Find everyone who downloaded the material and charge their ISPs and their electric utility companies, because if the people weren't downloading underaged-p0rn they would presumably have a lower electric bill and would choose a cheaper plan from their ISP. Or so the logic goes.
Seriously, unless this business was specifically "in the business" of turning a blind eye to or even facilitating activity that reputable hosting companies don't do and providing services which have no practical value to legal businesses, then leave the hosting company alone.
For downloads of updates, yes, checksums and the like can and probably should be widely published. As others have said, having the checksums ONLY on the vendor's web site probably isn't any good but if they were "all over the web" they would essentially be tamper-proof.
Better than a checksum would be a cryptographicly signed by a public key that was issued by a major company that you trust already.
As far as the firmware that is on the drive:
Unless you have a way of directly reading the firmware memory without using the firmware itself, forget about it. Any attempt to ask compromised firmware to give you a data dump of itself would likely just get it to lie to you. Yes, there is probably equipment out there that can read the chips but you probably don't have it and you probably can't afford it unless you are doing it as a business or as part of a larger business (such as computer manufacturing, where you may want to validate that OEM drives contain the firmware that should be on them and not the ones that $SPYING_GOVERNMENT_AGENT installed).
As other replies have said, you are probably better off getting a lawyer BEFORE you go to the bank or anyone else.
Why?
1) If they've already discovered this themselves they may be working with the FBI and there may be a subpoena in your ISP's hands within minutes of you making your discovery.
2) Even if there isn't, the veiled threat of prosecution can be very intimidating.
3) By having your attorney speak to the bank and/or the government/police authorities for you BEFORE the police contact you, it will be abundantly clear to the police that you are just a good citizen and that it would be a political mess if they threatened to press charges or ignore the problem.
If someone in a high-security environment such as a a major sporting event wants to take your picture to run it through a face-matcher program, they are going to spend the money use* a camera which behaves like the human eye, ignoring frequencies outside of the range of human vision.
Basically, if you are still recognizable to a trained cop who has seen a good photo of you, someone can make a camera and computer that will recognize you with about as good an error rate as a trained cop.
*Or design one themselves, or pay someone to design one themselves.
Your point is well taken, but the Congressman and Senators who represent the people who live in and around Argonne are much more likely to have the informal political "pull" to get things done quickly without the need for formal action on Capitol Hill than other House and Senate members.
Other members to target would be those serving on or better yet those chairing the committees that do a lot of business related to Argonne.
50 MHz means 6 meters and above -- basically, nothing that has any regularly occurring usable propagation modes.
Moon-bounce and ham-sats occur regularly enough to be useful. Granted, hamsat passes are so short-duration and so sought-after that they aren't useful for much more than bragging rights, and moon-bounce is too technically challenging to be useful for routine communications, but they are there.
RF-based repeater networks on the 2m (~146MHz) and 70cm (~440MHz) bands are common in the United States. They offer communications over hundreds of miles without using anything but the airwaves. Ditto some mountaintop- and very-high-tower-based repeaters. A single repeater that covers a 50-mile-or-more radius is more convenient and therefore frequently more useful in an emergency than an HF-based NVIS net (NVIS is a way of setting up your HF antenna for "short range" communications of about a few hundred miles or less. Unlike typical antenna setups, they do not have any "skip", which is very useful in an emergency).
In situations where the Internet infrastructure is still up (which is almost always except during emergencies, and frequently during emergencies as well), repeaters that link to the Internet can provide worldwide communication on any band.
Everyone in Illinois should write their US Senators requesting that Argonne invite other institutions to take over this project or at the very least become the custodian of existing data on the condition that it be maintained as a publicly-available resource.
Those in Illinois's 3rd Congressional District (where Argonne is) should also write their US House Representative.
I figured they would have had done this a long time ago, especially with security-related products.
On February 25, 2015, you wrote
there is not a snowball's chance in Texas
Mother Nature and the National Weather Service just called to tell you it snowed in Texas today.