Often I think it comes less down to the FDA and more to the interpretation. If you are a hospital using a device that comes with a certification from a vendor saying that you have to buy their drives to maintain certification, a few hundred bucks extra isn't worth the risk of it not being a bluff.
When I was working for a hospital we had a box running an ancient version of rhel (AS 2.1 if I remember) that the vendor swore could not be upgraded or security patched because of fda certs. What did we do? We made an exception.
Which is all the more reason why system designers really should consider themselves as having a duty to care for them. The vast majority of users are not experts and any risks they expose themselves to in using the product really are things they can't be expected to understand. So products intended for non-professional markets especially; should really be designs to not expose inexpert users to risks as much as possible.
> Which means you end up with, at least, a tiny LCD screen to show the pairing code. Which means > you need enough logic to run the LCD screen and the pairing stuff.
oooh I have been thinking about this.... I think it can be done even easier and cheaper.
Wireless keyboards generally require a wireless dongle. Put a usb port on the kb, used for emergency power obviously.... but... easy pairing. Just plug the dongle into the device, and press a button, they can do a key negotiation over their local USB connection. No LCD needed, maybe.... an LED and a button.
That should put an easy end to easy sniffing. Course if someone is coming into your house and plugging shit into the wall, maybe they can just replace your whole keyboard too.... fake the dongle and keyboard into each pairing with his device and MiTM you? or wholesale replace yours with his lookalike.... but, its certainly not casual sniffing at that point.
In the future keyboard designers should make the protocol more configurable so that on casual observation it is not so easy to determine what packets are data
Thats a very common misconception, but the fact is that is pretty exactly what they should NOT do.
Specifically that is, they should not even attempt to design their own method of securing the data. They should use fairly standard, well tested, modules produced by professional cryptographers. Full stop. These are solved problems, and there are several very well researched and well designed techniques for solving these issues.
There is always room for more such techniques but, to think that some engineer working on a keyboard is going to design one that is even as good as what we have as just....a submodule of his project is just not realistic.
Choose a solution for authentication/key negotiation....choose a cipher. Go back to designing the keyboard itself. That really is the best part.... since its a solved problem.... it really isn't a huge level of effort to fix correctly.
Plus its a keyboard...a "pairing" could be as simple as flipping a switch into pairing mode, then typing some text that shows on the screen of the device pairing with it. Its not like its some headset with only 2 buttons.
DoD are not the only people who require FIPS 140-2. I have worked at shops with various mixes of FERPA, HPAA, and PCI requirements for various parts of their operation, and I have run into it a couple of times; though I can't tell you (because I don't know) whether any of them have been strictly due to a regulatory requirement or a place where local policy simply adopted the recommendations from it.
In short, if such a device existed, it might actually end up on several companies prefered purchasing lists for their employees, or even cause other competing products to get disqualified as just the existence of one could call the others into question.
The thing is, the cipher doesn't do the job alone, once you have a good cipher, you then need good key generation/negotiation, which pretty much requires some sort of authenticated pairing step which requires user interaction to complete.
Still pretty reasonable but, everyone wants "plug and play" and thats hard to reconcile with "safer play"
I would say this is pretty close to how I look at it now. I got a cheap wireless keyboard sure....but anyone sniffing the traffic is going to be bored to tears as I don't ever type anything the least bit confidential on it. Best you are getting is a bunch of youtube URLs and a whole bunch of wwwwwwwwwwwwwaaaaaaaaaaaaaaaasssssssssssssssddddddddddddddddddddddddfff
This is why I hate large swaths of consumer products.
If the keyboard is encrypting keystrokes and sending them to the system....and a third party device sitting in the corner with no configuration involving dumping and loading keys....then the data is NOT encrypted.
If you use the same static key, or one of a few easily derivable keys, I don't care how solid the encryption alcogrythem you use is.... I do not consider it encrypted, because the use case took "strong encryption" and turned it into "weak obfuscation".
So unless there is some esoteric trick they are using to exploit the system and get their hands on a key that should otherwise be secure.... then its a disservice to the public to even call it encryption, because unless that is the case and they were genuinely compromised from a use case that should have otherwise been secure.... then all they did was use a fancy obfuscator.
Perhaps he is confused by the fact that many small developers, especially of game mods, distribute directly from github, and indeed, github is not adding anything to those downloads.
A lot of people don't seem to realize that git is a thing quite aside from github
I have worked with some people who would consider this:)
Actually a while back I found someone was passing around instructions on how to setup some software that needed a random key for a symmetric cipher. It used a 256 bit block cipher so it needed a 256 bit key.
The instructions being passed around where clearly cut and pasted from a web site (they might have even had the url) but they remembered that we had key policies for other things and so they changed the dd command to make a 1024 bit key....because we use at least 1024 bit keys by policy right?
A little bit of knowledge can be such an amusing thing.
Lol its like some people never played Uplink. Even the game had the log deleter and the log modifier, which was used in the frame job contracts. Its almost kind of a no brainer. and hardly a new concept, what is a botnet really but a way to look like hundreds of other people instead of yourself?
> That seems like a huge tradeoff in usability for not much security benefit, IMHO, particularly if the box is running > services that are far more likely to be probed than ssh. Nor do I much care for the notion of having to rely on Tor > if I need to manage a critical system.
The thing is to a tor service, a "port" is just an identifier that allows multiple services to have the same name. There is no underlying "address" that you can use to further attack the host. It is a lot like being behind a very restrictive firewall where you have only 1 port exposed.
It also means you can't be found in random sweeps. In order to connect to a tor service, you need its name to look it up and connect to it with, you can't just scan random addresses/names looking for ssh servers.
Some people think they are clever moving ssh to another port, but port scanners have already found them on ports like 2222 (someone thought that was clever I guess).
> What exactly do they need to do that couldn't be done with a staff of two or > three hundred good people and a $150-$200 million budget? WTF
create jobs. That is really all it has been about for a while. Shit go all the way back to prohibition and we got beginings of the drug war partially from efforts made by people who were basically looking to lose their jobs with nothing to do now that alcohol was legal.
Their role is to create jobs and use as much budget as possible because the more they spread around the cake, the more support they will get from the people they spend that money on.
You have to realize, that for every few people who took Eisenhower's speech as a warning, there were others writing it down as a proven strategy that is working and should be used elsewhere. The more jobs you create, the more cake you hand out, the more secure your job is.
It doesn't even hardly matter if what you do works, its almost better if it doesn't because that will just be because you need to do more of it.
> Because, parallel construction in itself is not necessarily about illegally obtained evidence
Except it is a blatant attempt to hide the truth of where evidence is obtained from the court, which means it is about not allowing the court to make that determination based on the truth. So saying its not about illegally obtained evidence is.... not supported by anything but the claims of the very people who are perjuring themselves in court.
This particular term does deserve to have its awareness raised, and quite frankly, every person involved in it should, by all rights, be charged criminally. Their job is to make a case, not lie to the court.
True but, unlike you he actually used the words parallel construction and linked to the wiki article. Since those two words and what they mean really do need to be spread as far and wide as possible, and are evidence that the law really isn't, and the people who are most highly charged with following it (ie the people who enforce it themselevs) actually don't bother.
Its almost like, we don't really have a system of laws so much as a theater troupe who plays "legal system" for real stakes.
Hit it? why? The earth is already being slowed down by tidal interactions with the moon. we just need to slow the moon down until it drops under geosynchronous orbit, then its tidal bulge will move faster than our rotation and rotational energy will transfer from the moons new orbit to earth's rotation.
There are a couple of minor downsides....like massive increases in the amplitude of the tidal bulge, but moon missions will require a lot less delta v...... of course, it also means the moons orbit will progressively shrink.
Maybe put it in geosync and just try to keep the day length where it is?
Please explain why this is relevant. The 2nd explicitly states that is it because of the need for a militia that the right will not be infringed. I don't see where there is any requirement that gun bearers be members of the militia or that the militia itself even must exist, just that because of the need for one, the right wont be.
It is a clause in support of the declaration that the right will not be infringed, I see no dependency on it.
However your list will in no way actually change the fact that the common expectation at the time. The most you can prove with your list is that people's perceptions were skewed from reality.
Simple fact is, On September 10th, 2001 if you asked people what they would expect to happen if they were on a hijacked plane, the tarmac hostage situation scenario was what the majority of people would have expected. The entire plan hinged on it.
On September 11, 2001 by about 11am, this entire plan was burned and was never going to work again, even without a single change to security.
> The copper-cables running from my house cross plenty of public spaces. Still, tapping them requires (or used to require) a warrant.
Are we sure about that? Perhaps the FBI would like to let us know what "exceptions" exist? Perhaps because the copper cables run over public spaces that makes for an exception in their book? They certainly wouldn't want to tell us unless they had to.
We engineer our space craft to come down within 15 inches of our chosen return point.... with an acceptable margin of the entire earth. It hits within the acceptable range every time!
Well yes and no. The main thing that 9/11 hijackers exploited was NOT the fact that passengers were disarmed but, the fact that previous hijackings all resulted in hostage situations. Seriously, you are sitting in a seat, on an airplane, going somewhere.
In a pre-9/11 world (ugh i can't believe I said that), what is your expectation when a hijacking happens? You expect the plane will be grounded, the hijackers will make demands. Eventually they will either be killed and arrested, but you are going to be released within a couple of days, unharmed.
A small crowd can easily overpower a couple of hijackers with knives. The reason they didn't was simply that everyone expected they were going to be walking out alive and well within a few days.
Actually to be honest the size of that pisses me off as....too big.
Now don't get me wrong, I would love a bigger space program. Hell, if they spent 20% of the military money on the space program I wouldn't mind, but 20% of the non-military discretionary? No wonder this country is so fucked up.....everything including the space program has to fight for the scraps left over after our ridiculously oversized military?
No way 20% of whats left over should go to NASA. Cut the military and give it to NASA...tripple the size of NASA....but take 100% of that increase away from our super sized military.
Slashdot Mirror
Often I think it comes less down to the FDA and more to the interpretation. If you are a hospital using a device that comes with a certification from a vendor saying that you have to buy their drives to maintain certification, a few hundred bucks extra isn't worth the risk of it not being a bluff.
When I was working for a hospital we had a box running an ancient version of rhel (AS 2.1 if I remember) that the vendor swore could not be upgraded or security patched because of fda certs. What did we do? We made an exception.
Which is all the more reason why system designers really should consider themselves as having a duty to care for them. The vast majority of users are not experts and any risks they expose themselves to in using the product really are things they can't be expected to understand. So products intended for non-professional markets especially; should really be designs to not expose inexpert users to risks as much as possible.
> Which means you end up with, at least, a tiny LCD screen to show the pairing code. Which means
> you need enough logic to run the LCD screen and the pairing stuff.
oooh I have been thinking about this.... I think it can be done even easier and cheaper.
Wireless keyboards generally require a wireless dongle. Put a usb port on the kb, used for emergency power obviously.... but... easy pairing. Just plug the dongle into the device, and press a button, they can do a key negotiation over their local USB connection. No LCD needed, maybe.... an LED and a button.
That should put an easy end to easy sniffing. Course if someone is coming into your house and plugging shit into the wall, maybe they can just replace your whole keyboard too.... fake the dongle and keyboard into each pairing with his device and MiTM you? or wholesale replace yours with his lookalike.... but, its certainly not casual sniffing at that point.
Thats a very common misconception, but the fact is that is pretty exactly what they should NOT do.
Specifically that is, they should not even attempt to design their own method of securing the data. They should use fairly standard, well tested, modules produced by professional cryptographers. Full stop. These are solved problems, and there are several very well researched and well designed techniques for solving these issues.
There is always room for more such techniques but, to think that some engineer working on a keyboard is going to design one that is even as good as what we have as just....a submodule of his project is just not realistic.
Choose a solution for authentication/key negotiation....choose a cipher. Go back to designing the keyboard itself. That really is the best part.... since its a solved problem.... it really isn't a huge level of effort to fix correctly.
Plus its a keyboard...a "pairing" could be as simple as flipping a switch into pairing mode, then typing some text that shows on the screen of the device pairing with it. Its not like its some headset with only 2 buttons.
DoD are not the only people who require FIPS 140-2. I have worked at shops with various mixes of FERPA, HPAA, and PCI requirements for various parts of their operation, and I have run into it a couple of times; though I can't tell you (because I don't know) whether any of them have been strictly due to a regulatory requirement or a place where local policy simply adopted the recommendations from it.
In short, if such a device existed, it might actually end up on several companies prefered purchasing lists for their employees, or even cause other competing products to get disqualified as just the existence of one could call the others into question.
The thing is, the cipher doesn't do the job alone, once you have a good cipher, you then need good key generation/negotiation, which pretty much requires some sort of authenticated pairing step which requires user interaction to complete.
Still pretty reasonable but, everyone wants "plug and play" and thats hard to reconcile with "safer play"
I would say this is pretty close to how I look at it now. I got a cheap wireless keyboard sure....but anyone sniffing the traffic is going to be bored to tears as I don't ever type anything the least bit confidential on it. Best you are getting is a bunch of youtube URLs and a whole bunch of wwwwwwwwwwwwwaaaaaaaaaaaaaaaasssssssssssssssddddddddddddddddddddddddfff
This is why I hate large swaths of consumer products.
If the keyboard is encrypting keystrokes and sending them to the system....and a third party device sitting in the corner with no configuration involving dumping and loading keys....then the data is NOT encrypted.
If you use the same static key, or one of a few easily derivable keys, I don't care how solid the encryption alcogrythem you use is.... I do not consider it encrypted, because the use case took "strong encryption" and turned it into "weak obfuscation".
So unless there is some esoteric trick they are using to exploit the system and get their hands on a key that should otherwise be secure.... then its a disservice to the public to even call it encryption, because unless that is the case and they were genuinely compromised from a use case that should have otherwise been secure.... then all they did was use a fancy obfuscator.
Perhaps he is confused by the fact that many small developers, especially of game mods, distribute directly from github, and indeed, github is not adding anything to those downloads.
A lot of people don't seem to realize that git is a thing quite aside from github
To arms netizens!
form your subject lines
type on
type on
until their impure posts are drowned in our flame
I have worked with some people who would consider this :)
Actually a while back I found someone was passing around instructions on how to setup some software that needed a random key for a symmetric cipher. It used a 256 bit block cipher so it needed a 256 bit key.
The instructions being passed around where clearly cut and pasted from a web site (they might have even had the url) but they remembered that we had key policies for other things and so they changed the dd command to make a 1024 bit key....because we use at least 1024 bit keys by policy right?
A little bit of knowledge can be such an amusing thing.
Lol its like some people never played Uplink. Even the game had the log deleter and the log modifier, which was used in the frame job contracts. Its almost kind of a no brainer. and hardly a new concept, what is a botnet really but a way to look like hundreds of other people instead of yourself?
> That seems like a huge tradeoff in usability for not much security benefit, IMHO, particularly if the box is running
> services that are far more likely to be probed than ssh. Nor do I much care for the notion of having to rely on Tor
> if I need to manage a critical system.
The thing is to a tor service, a "port" is just an identifier that allows multiple services to have the same name. There is no underlying "address" that you can use to further attack the host. It is a lot like being behind a very restrictive firewall where you have only 1 port exposed.
It also means you can't be found in random sweeps. In order to connect to a tor service, you need its name to look it up and connect to it with, you can't just scan random addresses/names looking for ssh servers.
Some people think they are clever moving ssh to another port, but port scanners have already found them on ports like 2222 (someone thought that was clever I guess).
> What exactly do they need to do that couldn't be done with a staff of two or
> three hundred good people and a $150-$200 million budget? WTF
create jobs. That is really all it has been about for a while. Shit go all the way back to prohibition and we got beginings of the drug war partially from efforts made by people who were basically looking to lose their jobs with nothing to do now that alcohol was legal.
Their role is to create jobs and use as much budget as possible because the more they spread around the cake, the more support they will get from the people they spend that money on.
You have to realize, that for every few people who took Eisenhower's speech as a warning, there were others writing it down as a proven strategy that is working and should be used elsewhere. The more jobs you create, the more cake you hand out, the more secure your job is.
It doesn't even hardly matter if what you do works, its almost better if it doesn't because that will just be because you need to do more of it.
> Because, parallel construction in itself is not necessarily about illegally obtained evidence
Except it is a blatant attempt to hide the truth of where evidence is obtained from the court, which means it is about not allowing the court to make that determination based on the truth. So saying its not about illegally obtained evidence is.... not supported by anything but the claims of the very people who are perjuring themselves in court.
This particular term does deserve to have its awareness raised, and quite frankly, every person involved in it should, by all rights, be charged criminally. Their job is to make a case, not lie to the court.
True but, unlike you he actually used the words parallel construction and linked to the wiki article. Since those two words and what they mean really do need to be spread as far and wide as possible, and are evidence that the law really isn't, and the people who are most highly charged with following it (ie the people who enforce it themselevs) actually don't bother.
Its almost like, we don't really have a system of laws so much as a theater troupe who plays "legal system" for real stakes.
Actually it has been implemented already, and there was even a slashdot article about it a few days ago:
http://yro.slashdot.org/story/...
That said, my phone doesn't support it and it seems few do, but, its a start and somebody is trying.
> AM and PM mean "anti-meridian" and "post-meridian",
Total nitpick, its ante not anti.
ante- prefix meaning before
anti - prefix meaning against
You see it in words like "antediluvian" (before the flood).
Hit it? why? The earth is already being slowed down by tidal interactions with the moon. we just need to slow the moon down until it drops under geosynchronous orbit, then its tidal bulge will move faster than our rotation and rotational energy will transfer from the moons new orbit to earth's rotation.
There are a couple of minor downsides....like massive increases in the amplitude of the tidal bulge, but moon missions will require a lot less delta v...... of course, it also means the moons orbit will progressively shrink.
Maybe put it in geosync and just try to keep the day length where it is?
Please explain why this is relevant. The 2nd explicitly states that is it because of the need for a militia that the right will not be infringed. I don't see where there is any requirement that gun bearers be members of the militia or that the militia itself even must exist, just that because of the need for one, the right wont be.
It is a clause in support of the declaration that the right will not be infringed, I see no dependency on it.
However your list will in no way actually change the fact that the common expectation at the time. The most you can prove with your list is that people's perceptions were skewed from reality.
Simple fact is, On September 10th, 2001 if you asked people what they would expect to happen if they were on a hijacked plane, the tarmac hostage situation scenario was what the majority of people would have expected. The entire plan hinged on it.
On September 11, 2001 by about 11am, this entire plan was burned and was never going to work again, even without a single change to security.
> The copper-cables running from my house cross plenty of public spaces. Still, tapping them requires (or used to require) a warrant.
Are we sure about that? Perhaps the FBI would like to let us know what "exceptions" exist? Perhaps because the copper cables run over public spaces that makes for an exception in their book? They certainly wouldn't want to tell us unless they had to.
We engineer our space craft to come down within 15 inches of our chosen return point.... with an acceptable margin of the entire earth. It hits within the acceptable range every time!
Well yes and no. The main thing that 9/11 hijackers exploited was NOT the fact that passengers were disarmed but, the fact that previous hijackings all resulted in hostage situations. Seriously, you are sitting in a seat, on an airplane, going somewhere.
In a pre-9/11 world (ugh i can't believe I said that), what is your expectation when a hijacking happens? You expect the plane will be grounded, the hijackers will make demands. Eventually they will either be killed and arrested, but you are going to be released within a couple of days, unharmed.
A small crowd can easily overpower a couple of hijackers with knives. The reason they didn't was simply that everyone expected they were going to be walking out alive and well within a few days.
Actually to be honest the size of that pisses me off as....too big.
Now don't get me wrong, I would love a bigger space program. Hell, if they spent 20% of the military money on the space program I wouldn't mind, but 20% of the non-military discretionary? No wonder this country is so fucked up.....everything including the space program has to fight for the scraps left over after our ridiculously oversized military?
No way 20% of whats left over should go to NASA. Cut the military and give it to NASA...tripple the size of NASA....but take 100% of that increase away from our super sized military.