Schneier on Security: Last 100 Comments

Schneier on Security

Blog >

Recent Comments


Note: new comments may take a few minutes to appear on this page.

September 25, 2018 10:31 AM

CallMeLateForSupper on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@bttb
"Can Tor be turned off in Tails and can the Tor Browser be used while using Tails w/o Tor?"

Yes, Tails' Tor can be turned OFF.

What do you expect to happen when you start the Tor browser (which expects to find Tor functioning) with Tor turned OFF? (Rhetorical)

I think what you want can be accomplished in Tails by turning Tor OFF and then starting Unsafe Browser.

My HDDs are in removable "trays". Each drive is bootable and standalone. When I want to throw care to the winds and "go naked" into the internet - i.e. with ability to play video, and...

Read More →

September 25, 2018 10:22 AM

Clive Robinson on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@ David,

... designed to improve on the Enigma; it "contains an incredible 10-wheel rotor designed to correct the vulnerabilities of its predecessor."

It does not matter how many extra rotors or slots for rotors it has that will not solve other issues three of which are,

1, The reflector.
2, The uniform rotor steping.
3, The unidirectional rotor steping.

Even the Germans were aware of this, which is why they designed other systems where on set of wheels stepped another set of wheels.

You would be better off with an old...

Read More →

September 25, 2018 10:09 AM

echo on New Variants of Cold-Boot Attack:

@fde

Veracrypt are dogmatic. They avoid relying on TPM for user convenience because they want to prtect against "evil maid attacks" and believe TPM provides a false sense of security. I actually think I know what I want and why (without being mansplained by Veracrypt if you will forgive the feminist escalating but God oh mighty dealing with individuals beliefsystems is frustrating at the best of times). Microsoft actually handle this quitewell atthe user interface level although in the opposite way when it comes to turning TPM off because it is on by default in Windows.

If...

Read More →

September 25, 2018 10:05 AM

Clive Robinson on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@ echo,

This is why I fully reserve the right to be sceptical and wait for all the evidence.

You and me both.

Though I hate "circumstantial evidence" as I realy do not consider it anything other than an untested supposition on potential coincidence.

I'm not that keen on "forensic evidence" either, it argues backwards from effect to just one of many probable causes, as history shows "forensic practitioners" get it wrong oh so many times, especially if they work for the FBI.

That is I do not believe in applying the laws of...

Read More →

September 25, 2018 9:20 AM

fde on New Variants of Cold-Boot Attack:

@Thomas

Full disk encryption with a strong password where the keys are fully erased after shutdown. It won't stop an evil-maid attack, but if the disk is ever stolen and never returned, data shouldn't be readable.

September 25, 2018 8:14 AM

echo on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@JG4

I have picked up that a lot of media seem to follow a hierarchy and cherry pick off each other from a single originating source.

I read this past week that fish oil is also good for boosting breast size. The commentary was fairly predictable.

This past week I have been wearing a sports bra which makes me stick out a bit. I have also been wearing this with a light top makes things much more visible. While out shopping there has been a definate uptick of men deciding they had forgotten something for their shopping basket and looping back to take another look. I...

Read More →

September 25, 2018 8:13 AM

bttb on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@Alejandro, Hmm, Clive Robinson, CallMeLateForSupper

Other possible Chrome browser substitutes:

3) Brave browser, I’ve tried it some, it seems to work, albeit with a fairly unique browser fingerprint https:\\panopticlick.eff.org

4) Unsafe Browser, Tails

5) Tor Browser, torproject.org download, with or w/o Tor afaik

6) Firefox with httpseverywhere, uBlock Origin or Adblock Plus, Privacy Badger, Referrer Control, NoScript

7) Firefox as implemented in DoD’s TENS (formerly LPS)

Are there other good hardened live DVDs like Tails w/o...

Read More →

September 25, 2018 7:30 AM

JG4 on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:


@another John Galt - my view of security also is quite broad

here's another (near) nonagenerian doing important work. amazing that load-bearing exercise so directly affects memory.

Bone-derived hormone reverses age-related memory loss in mice
[www.sciencedaily.com]

another clue as to why eating fish is good for you, but fish oil pills haven't been - until now.

Amarin fish oil capsule shows dramatic benefit for cardiovascular...

Read More →

September 25, 2018 7:04 AM

echo on New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography:

@MarkH

I have a fair idea of the kind of expertise and effort required. Discrimination cases may be similar too. I know enough about this field I could advise him although have my limits which require other professional expertise to support. Most of the broad brush issues are already known but the number of experts who are able to deal with the sometimes very involved nuances and working out are similarly restricted. This is very infuriating.

If I said there were probably less than a dozen people in the world who could follow the complete discussion this would be fair. I...

Read More →

September 25, 2018 6:44 AM

echo on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@Hmmm

You're posting opinion as fact again. The internet isn't really the place to pusha complex case because it involves a lot of careful work and fact checking and cross referencing and thingsproceeding in some kind of order. I hate to sound like Clive but without the formal processes of a court and certified professionals managing the data and a clear checkable record of the discussion in one place it is not possible to make sense of it.

I very clearly kept my comments focused on the one passport issue.It wasn't an invitation to drag everything and the kitchen sink in...

Read More →

September 25, 2018 6:24 AM

echo on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@jdgalt

Thereis a fairly well established set of laws and arguments which cover both the exact categoristion of security issue and the technical issues. I personally would only seriously discuss this if this was on the table before discussion. Neverhavigb discussed anythign with you before I would also want to discover exactly what your agenda is and what you want.

With regard to Alex Jones (a multi-millionaire) and his ilk in UK law: There is a positive obligation to improve human rights and equality. When abuse and discrimination has been proven in law the burden of...

Read More →

September 25, 2018 4:17 AM

Thomas on New Variants of Cold-Boot Attack:

> This is a "cold boot" attack, and one we thought solved.

When did we think that?
What was supposed to have solved it?

cold-boot means the attacker has physical control over the hardware. Those attacks are difficult to defeat (just ask anyone who's build a games console in the last decade or two).
Other than going old-skool-mission-impossible and mixing thermite into the RAMs silicon how do you prevent a cold-boot attack?

September 25, 2018 3:00 AM

65535 on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@ Alejandro

“I am a Firefox fan, but they are beginning to have issues, too. Go to "about:config" then enter the search term "http" and you may be surprised to see at least a hundred ways Firefox phones home in order to help you, all the time. hmmmm, been here before. I deleted all I could find which quieted it down quite a bit, and it still mostly works. Anyway,”

That is a real issue and a troublesome issue with FF. Do you have a step-by-step method of eliminating those url calls back to FireFox? How about SSL everywhere? I recommend FF because it still hase the search...

Read More →

September 24, 2018 11:32 PM

Hmm on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

" it is not unusual for the two to have close passport numbers – it merely means they applied together. "

Which is obviously suspicious of itself.

And when these two unrelated "fellows" got them, the first place they needed to visit was SALISBURY.

"Boshirov said the two had gone to visit Salisbury Cathedral, “famous not just in Europe, but in the whole world. It’s famous for its 123-metre spire, it’s famous for its clock, the first one [of its kind] ever created in the world, which is still working.”

-Oh, ooooookay.

While they walked around...

Read More →

September 24, 2018 8:59 PM

Seppi on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@David: "The Wall Street Journal (September 21, page A5) has an ad for a Swiss rotor machine called the NEMA,"

It's nothing more than the predecessor of the "Krypto-Funk-Fernschreiber KFF-58/68", a hihgly reliable encryption device that I also operated during my military service.

It just werked. All the digital stuff they introduced afterwards was crap. Now, the army talks about digital warfare aka moving the goalposts as if a power plant could be attacked from the outside.

So, they still have not gottten their act together re encryption. Another reason,...

Read More →

September 24, 2018 7:27 PM

jdgalt on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

Apologies to Bruce in advance, because this isn't directly related to security unless your idea of what is "security" is as broad as mine.

Why has EFF not said word one about Internet platforms (and services like Kickstarter and Paypal) that block or eject people for political dissent?

Even if EFF considers that action to be the organization's own freedom of speech/association, EFF could be a lot of help just as a meeting place for those who would work around these bans by creating competitors to the sites that perform them, and by promoting legislation so that...

Read More →

September 24, 2018 6:26 PM

MarkH on New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography:

@echo:

I lack knowledge to assess the extent of age discrimination in mathematics.

However, when you wrote "laziness," perhaps you weren't aware that the work would need to be done by a mathematician already expert in some of the special topics (i.e., from a worldwide population of perhaps only a few), and consume full professional attention for possibly a year, or even several years.

It's understandable before committing to such a project, to want to have some confidence that it will be fruitful.

My guess is that for de Branges, his "flying solo" may be a...

Read More →

September 24, 2018 6:05 PM

David H. on New Variants of Cold-Boot Attack:

@Crazy monk,

Check out a paper entitled "Lest We Remember: Cold Boot Attacks on Encryption Keys" - [citp.princeton.edu] (full 16 page PDF linked from that URL)

It's several years old now, but they demonstrate just how long it takes data to decay in several different DRAM modules, mostly DDR2. Data recovery on cooled modules was possible even after several minutes. I read in another research paper that DDR3 decay was much faster -- a good thing -- on the order of a few seconds, but I cannot...

Read More →

September 24, 2018 4:55 PM

Crazy monk on New Variants of Cold-Boot Attack:

@aserraric: "carry out the hardware modification (undetected), then wait for the victim to sign on, and then execute the actual attack."

@Mike D: "yank power out of the box, forcing an abnormal power-off, downstream of any UPS, connect your doohickey, and power it back up, letting the doohickey jump in and clear the flag before boot continues."

Careful hardware modification does not necessarily require power to be off to happen... just steal (or confiscate) a still-running computer, open it up while it's still running, clamp your modification onto the chip (carefully)...

Read More →

September 24, 2018 2:55 PM

echo on AES Resulted in a $250-Billion Economic Benefit:

@Clive

We all know what happened to Gordon Welchman on the instigation of the UK government. As for US leaks the US also released information on the Welrod pistol the UK government was refusing to release. I know people say Hollywood is nonsense (and the UK state wordplaying over "suppressor" versus "silencer" is annoying) but the Welrod is a known known. I am left wondering why so many silenced guns available on the open market in the US make such a racket and why nobody has manufactured a modern day equivalent of the Welrod and why Hollywood movies rarely if ever feature the...

Read More →

September 24, 2018 2:02 PM

echo on New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography:

@MarkH

de Branges perhaps has more "street cred" than the new claimant, having achieved a really important proof while in his 50s, and having focused much of his career on topics closely related to RH. However, his claims of proof have yet to convince his colleagues, and the analysis of a very long "proof" based on highly specialized work done by de Branges over the years is a very costly undertaking.

I noticed this when I read about this news a couple of days ago. While I appreciate thinsg take effort I do wonder if ageism plays a role in their...

Read More →

September 24, 2018 1:47 PM

John Beattie on Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer:

Designing secure voting requires an understanding that the threat comes from within and from within at every level. All(*) the people involved in designing, building, testing, installing, administering, managing the vote process are themselves voters and members of civil society. Some of them are immediately affected by the consequences of elections.

Every single one of them is motivated to some degree or other to subvert the voting process. That is why the best mechanisms are the simplest and the plainest. This lesson is available from the analysis of any voting system: if it...

Read More →

September 24, 2018 1:07 PM

Alyer Babtu on Friday Squid Blogging: Dissecting a Giant Squid:

@Ratio

Tom Wolfe, towards the end of his essay “The Intelligent Coed’s Guide to America”, reprinted in his collection “Mauve Gloves and Madmen, Clutter and Vine” covers the press reaction.

It squared with my personal experience at the time. Wolfe mentions an important television interview with Solzhenitsyn fairly soon after his exile, where he gave a thorough summary of the camps. By chance I had seen it. The interviewer as I recall was popping with indignation and trying to deny, refute or explain away nearly everything said.

The funny thing was I was having the...

Read More →

September 24, 2018 12:42 PM

Michael Watts on New Variants of Cold-Boot Attack:

Though any number of things could be stored in memory when a computer is idle, Segerdahl notes that an attacker can be sure the device's decryption keys will be among them if she is staring down a computer's login screen, which is waiting to check any inputs against the correct ones.

I don't see why the decryption keys need to be stored in memory for this purpose. You don't need to compare user-submitted decryption keys to a known correct value in order to validate them -- just do the decryption, and if you get garbage, the keys were wrong. If you don't, the keys were correct.

September 24, 2018 12:35 PM

Lore on New Variants of Cold-Boot Attack:

The simple solution to these types of attacks is to not encrypt data in the first place. No encryption, no keys to steal.

September 24, 2018 12:17 PM

MarkH on New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography:

@Clive:

If I understood the gist of your earlier comment, it's about intentional weakening of supposedly "random" generation. I think it's widely understood that this can be done in ways that make a break computationally feasible.

My argument is about typical crypto implementations, which I presume to be intended as strong but which are likely to suffer from typical weaknesses in well-meant (but not catastrophically flawed) PRNGs, which can result in dramatic reductions in the search space ... while still leaving it vastly beyond computational feasibility....

Read More →

September 24, 2018 12:01 PM

echo on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@albert

I didn't download your linked documents but did a search and read another paper. I'm really fuzzy about the space-time thing. I did read or watch something the other week which mentioned a few things. It seems the universe was one big super atom thingy whatsit singularity doo dah then early in the big bang only space existed not time with spactime emerging slightly later. This paper helps explain Newton and also why spacetime and gravity emerged.

I only understand about 1% of this. I grasp most of the critical concepts but lack the internal mathematical language to...

Read More →

September 24, 2018 11:46 AM

David on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

The Wall Street Journal (September 21, page A5) has an ad for a Swiss rotor machine called the NEMA, designed to improve on the Enigma; it "contains an incredible 10-wheel rotor designed to correct the vulnerabilities of its predecessor." The price is not mentioned, but it's obviously high enough to pay for a quarter-page WSJ ad. The source is an antiques dealer in New Orleans.

September 24, 2018 11:27 AM

PeaceHead on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

Most of the recent smorguessborat of quantomb physics are actually totally taboo and were never meant to have been released into any type of public or private domain. These types of reckless scientific forays would have otherwise remained forgotten and/or CLASSIFIED and/or all infos destroyed. Yet something went horribly wrong. Humans were never meant to be tampering with any of this type of thing. We are at extreme risk until all such esoteric materials are fully redacted back into complete occlusion and then destroyed before our existence is.

I will try to provide more...

Read More →

September 24, 2018 11:15 AM

PeaceHead on Click Here to Kill Everybody Reviews and Press Mentions:

Congratulations on the book debut! Good cheers!
I will be purchasing a copy within the next two months.
It pleased me to note the good reviews at a prominent bookseller.


For the sequel, please publish "Click Here to Save Everybody".

Sincerely, PeaceHead.

P.S.-More security insights pending from me; yet I need to get fully out of harm's way first.

Maximal Peaceful Coexistence Is The Only Lasting Future.

September 24, 2018 11:13 AM

wumpus on New Variants of Cold-Boot Attack:

@aserraric

You're assuming Windows performs a real shutdown when the user clicks on "Shutdown". In general, it does not. You have either have to hold down the shift key, change the *default* "fast shutdown" to off or try something like "shutdown /s /f /t 0" in the command area. Otherwise you get the "fast shutdown" that dumps the RAM and lets this attack work.

Unless you are assuming a non-Microsoft OS (which should be step one if you care about your data), this is going to work.

September 24, 2018 11:06 AM

echo on New Variants of Cold-Boot Attack:

@Mike D

Flags are fast and cheap much like flags (or "deindexing") used by Facebook et al to "delete" information at the request of the user. As we know and as you highlight "delete" doesn't mean delete. If the information still exists it can be used and abused without concious knowledge or approval of the owner.

September 24, 2018 11:01 AM

echo on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

RE: Bellingcat

[www.craigmurray.org.uk]

There are some problems with Bellingcat’s analysis. The first is that they also quote Russian website fontanka.ru as a source, but fontanka.ru actually say the precise opposite of what Bellingcat claim – that the passport number series is indeed a civilian one and civilians do have passports in that series.

Fontanka also state it is not...

Read More →

September 24, 2018 10:53 AM

albert on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@Alyer Babtu,

"...But seriously folks, there is no space, time, or space-time, just as Newton’s “time flowing everywhere equably etc.” was unreal...."

Newton was closer than you know.

For an explanation of this, see the paper posted here:

[groups.google.com]

'Time' is a human construct.

'Space' is a BEC of negative-energy electron/positron pairs, which serves as a medium for EM radiation propagation.

The...

Read More →

September 24, 2018 10:20 AM

Mike D. on New Variants of Cold-Boot Attack:

@Phaete: Some systems have a JTAG or similar debug/reflash connector. Some don't.

@aserraric: Or, since you have physical access, you just yank power out of the box, forcing an abnormal power-off, downstream of any UPS, connect your doohickey, and power it back up, letting the doohickey jump in and clear the flag before boot continues.

The correct mitigation for this attack is to always wipe down the memory after power-on but before boot, say via hardware reset logic, or some un-overridable ROM boot code, on the same chip as the memory in question. They shouldn't be trusting a flag.

September 24, 2018 10:07 AM

CallMeLateForSupper on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@bttb re: Chrome dickery

Tnx 4 heads-up. Have a friend who switched to Chrome on Win 10 who will go ballistic when I tell him.

@All
Who else here felt the worm turn when Google announced it would abandon its "Don't be evil" motto? To me, it was clear message: "We want to be free to be evil."

September 24, 2018 9:00 AM

echo on New Variants of Cold-Boot Attack:

People keep forgetting the wetware was hacked ten steps before. As he path follows a lot of steps where control and coercion accumulate slowly until a vulberability occers should not come as a surprise. The door then slams shut.

What looks like a lot of "if" "but" "maybe" effeort for an individual is least effort for an organsation. Individuals don't properly perceieve their own OODA loop even if they are aware of the concept.

Security, like design, is all about psychology.

September 24, 2018 8:00 AM

Clive Robinson on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@ Bruce and the usual suspects,

New Tor attack via AI called DeepCorr,

[arxiv.org]

Tor is vulnerable to trafic analysis as people have been saying for a while now. In fact a number of attacks have used "flow correlation attacks" already, what DeepCorr brings to the party is substantially improved deanonymisation through the use of "deep learning" AI.

When you think about it many privacy / security attacks would br considerably improved with deep learning, however untill recently...

Read More →

September 24, 2018 7:54 AM

aserraric on New Variants of Cold-Boot Attack:

Your introduction is misleading. You need access to a locked, but running computer to execute a "cold boot" attack. You cannot perform such an attack on a computer that is properly shut down, since the key is no longer in RAM in this case.

So, you would have to carry out the hardware modification (undetected), then wait for the victim to sign on, and then execute the actual attack.

September 24, 2018 7:38 AM

JG4 on New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography:


@Clive - Can't recall if I posted this last year, but a key player in the lithium-ion space published what is believed to be an important innovation last year. I sent him a note congratulating him on the work and asking for his tips on health and longevity. He said, "Pick good genes." Apparently close behind good genes is a good sense of humor.

[spectrum.ieee.org]...

Read More →

September 24, 2018 7:20 AM

Phaete on New Variants of Cold-Boot Attack:

So the researchers designed a relatively simple microcontroller and program that can connect to the chip the firmware is on and manipulate the flag.

Connect as in "connect that USB plug to the PC" or
Connect as in "connect those wires to that small chip"

Couldn't find that info, it makes it a factor 100 times more difficult or not.
But yeah, if solder, then it's the same principle they already did with the iPhone.
Hardware hacking becomes more powerful as the old generation of grey beards passes on and info becomes obscure

September 24, 2018 6:53 AM

Clive Robinson on New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography:

@ MarkH, Findings,

But suppose that pseudo-random generation is not utterly broken, but merely weak enough that you can exclude 99.99...% of primes of the relevant magnitude, and you know which primes are likely or certain to be skipped.

Easy peasy, I've already built one for fun, it's not that difficult to do... Oh and the NSA is assumed to have used it in the Dual Eliptic Curve Digital RNG that NIST later pulled.

You can read of a better way in a quite recent article[1] I used a modified version of one given in the Cryptovirology book I mention...

Read More →

September 24, 2018 5:01 AM

Alejandro on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

Re: Chrome, Google

Google has become way too intrusive. They must have the explicit approval, encouragement and the blessing of .gov to get away with what they do. (and some others)

I am a Firefox fan, but they are beginning to have issues, too. Go to "about:config" then enter the search term "http" and you may be surprised to see at least a hundred ways Firefox phones home in order to help you, all the time. hmmmm, been here before. I deleted all I could find which quieted it down quite a bit, and it still mostly works. Anyway,

Comodo seems like a possible...

Read More →

September 24, 2018 3:14 AM

Ratio on Friday Squid Blogging: Dissecting a Giant Squid:

@Alyer Babtu,

And this is all due to the fact that the press (1) did not, in your view, adequately inform the public about the Soviet prison camp system and moreover (2) refused to report on Solzhenitsyn’s description of life in the Gulag. Have I got that right?

The first part is opinion (“what is adequate?”) but second part is the statement of an objective fact, supposedly. Do you happen to have any evidence that shows the press refusing to report on this topic, as a matter of policy (a “policy of darkness” in your words) to boot?

I realize it’s...

Read More →

September 24, 2018 2:32 AM

Clive Robinson on AES Resulted in a $250-Billion Economic Benefit:

@ Mark,

I wonder what the financial impact of their NSA-sponsored random number generator is? We can't trust NIST.

The problem is not can we trust NIST but can we trust the processes and procedures NIST uses.

The way standards are made is much the same in any standards body so if those processes and procedures are the same or sufficiently similar the question arises,

    What Standards body can we trust?

The other problem is that NIST were mandated to use the NSA, it was not NIST's choice and probably not the choice of the NSA...

Read More →

September 24, 2018 1:23 AM

MarkH on New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography:

It seems to me that it's been rare for mathematical advances not directly connected with cryptography, to show any practical effect (even potentially) on real-world public key cryptosystems.

I have two exceptions in mind:

1. Developments of number field sieve algorithms, mainly by a very small group of brilliant mathematicians; and

2. Shor's algorithm, the impact of which depends on hardware that has not been shown to exist, and is possibly unachievable.

What have I missed? Apart from specific attacks by cryptographers on algorithms and realizations, what...

Read More →

September 24, 2018 1:00 AM

Denton Scratch on New Findings About Prime Number Distribution Almost Certainly Irrelevant to Cryptography:

Eeek! I was put off the article by this sentence:

"They are “effectively” limit periodic — a new kind of order — because the synchronicities in their spacings only hold statistically across the whole system."

"Synchronicity" is a term coined by the noted physicist/mathematician Carl Jung, in a book of the same name. Oh, wait - he was a psychiatrist, not a mathematician, not a physicist. Much of his stuff was bonkers religious speculation. "Synchronicity" is a woo term, and doesn't belong in any kind of scientific discourse.

I stopped reading at this point.

September 23, 2018 11:41 PM

Weather on AES Resulted in a $250-Billion Economic Benefit:

Bruce
I like the picture, sub word and byte, if you v=I(for loop)*sub word byte
It produce collision between over values, add other basic maths,instead of a swap byte, you can use maths to workout the value,I had three add,mul,div,sub that just three had enough collision to match
The mix columns with the xor I'm thinking of mixing 7f80 it needs some filter like abov,

September 23, 2018 5:29 PM

bttb on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

From Matthew Green's twitter feed: "I switched to Firefox and I’m finding it every bit as Chrome. Also doesn’t surreptititiously associate your browsing with a Google account!" and from [blog.cryptographyengineering.com] :

"Why I’m done with Chrome
This blog is mainly reserved for cryptography, and I try to avoid filling it with random “someone is wrong on the Internet” posts. After all, that’s what Twitter is for! But from time to time something...

Read More →

September 23, 2018 2:19 PM

Alyer Babtu on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@echo @albert

jewel-shaped geometric object

So glitter wins again !

But seriously folks, there is no space, time, or space-time, just as Newton’s “time flowing everywhere equably etc.” was unreal. What is real is things in motion, and their natural properties. Locality, unitarity, Feynman diagrams are all just convenient approximating assumptions in a mathematical model, with a limited usefulness that has now reached its limits. In all cases, the partial model was confused with the reality, entirely unnecessarily. This kind of thing seems...

Read More →

September 23, 2018 2:11 PM

Clive Robinson on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@ dbCooper,

As the old film scene has it,

"I don't care how friendly it is I aint geting in there!"

They are naturaly solitary animals because even octopi know that octopus tastes good...

Mind you the Japanese have strange longings for tenticals if some of their line drawings are to be believed...

Though my favourit octopus story comes from the London Aquarium. They had an octopus in a tank with a solid lid on. Anyway various other "exhibits started to disappear and theft was suspected but by who... So infra-red CCTV was set up "on the Q T" and the...

Read More →

September 23, 2018 2:00 PM

Ratio on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

Russian passport leak after Salisbury may reveal spy methods:

A leak of Russian government data about the suspects in the Salisbury poisoning may provide a rare insight into how Russia’s military intelligence agency provides cover identities for its agents abroad.

Investigative journalists have unearthed what appears to be a series of passports with similar numbers belonging to suspected Russian intelligence officers, including the Salisbury...

Read More →

September 23, 2018 11:58 AM

dbCooper on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

Octopuses Get Strangely Cuddly On The Mood Drug Ecstasy

"It turns out that octopuses and people have almost identical genes for a protein that binds the signaling molecule serotonin to brain cells. This protein is also the target of MDMA, so Dolen wondered how the drug would affect this usually unfriendly animal."

[www.npr.org]

September 23, 2018 11:56 AM

bttb on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

From Matthew Green, [twitter.com] :

"I’m still annoyed that Chrome has gone to mandatory Google login — exactly the same way Android did (and has received enormous criticism for) — and people at Google are acting like they’re surprised people are upset.

I mean it is, after all, Google’s browser and they can do whatever they want (modulo GDPR concerns). I just wish folks would acknowledge the difference.

[...]

I’m also annoyed at the...

Read More →

September 23, 2018 11:42 AM

Clive Robinson on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@ The usual suspects,

For a while now the subject of US Diplomats --CIA staffers-- and families in Canada, China and Cuba suffering decidedly odd causless symptoms has been discussed on this blog.

Various things have been suggested and history trotted out that might explain what could be "Fourth Generation Warfare" being practiced.

But if it is "Warefare" what is the motive and money trail, of the "Who benifits Why and Where?" question.

The people who have done most to investigate "Non Leathal Weapons" historically is the US and several other Western "White...

Read More →

September 23, 2018 10:19 AM

albert on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@echo,

"...Physicists have discovered a jewel-shaped geometric object that challenges the notion that space and time are fundamental constituents of nature..."

I might be interested in reviewing this if someone could give me -rigorous- definitions of 'space' and 'time'.

. .. . .. --- ....

September 23, 2018 7:33 AM

Clive Robinson on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@ Rartio,

… and again the most basic arithmetic turns out to be juuuuuust out of reach.

I was tired but can't sleep as I'm unwell again, and wanted to keep things as brief as I could.

But your comment is too cryptic even for normal times. If you disagree with something say so? If you don't understand something then say so?[0]. But just to try to keep it short for the sake of other readers.

To try and shorten the potential for a long back and forth, I'll expand on what I said.

Most here understand four "fair dice" are dice each...

Read More →

September 23, 2018 6:36 AM

Wesley Parish on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

If you're addicted to MS Windows, yadayadayada, here's some worrying news:

Using C# for post-PowerShell attacks
[www.forcepoint.com]

C# has received some recent attention in the security community, and the Microsoft.Workflow.Compiler.exe security issue recently identified by Matt Graber at SpecterOps prompted us to take a closer look at the potential for using this technique in real-world attacks. Firstly, we...

Read More →

September 23, 2018 12:37 AM

Herman on AES Resulted in a $250-Billion Economic Benefit:

"but I do like the pretty block diagram of AES on the report's cover." Ouch! - Damning praise.

Those kind of reports can only be pure marketing drivel that assumes the world will stand still without AES, as if there never was anything else.

September 22, 2018 10:50 PM

John Panzer on Security Vulnerability in ESS ExpressVote Touchscreen Voting Computer:

@ Andy -- You've basically just described the exact operation of the Stuxnet worm. And we now know for certain that state level actors are actively trying to penetrate our election systems with exactly the methods you'd expect as step 1 (phishing people on vulnerable systems peripherally connected to voting systems).

September 22, 2018 9:38 PM

Clive Robinson on Public Shaming of Companies for Bad Security:

@ echo,

I think we have mentioned this before ;-)

But just to be safe, I'm not into having lumps of uranium around --that have their own fire issues-- which I have a "burning" desire to convert to uranium hexafloride.

Nor do I wish to poison people in strange and frankly quite an appaling way, especially as handling it can at the very least be problematic...

As those experimenting with using new and exciting ways of proppeling mass around at rather more than the usuall kinetic energies you get from howitzers or 20in Naval guns for...

Read More →

September 22, 2018 4:45 PM

echo on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

This is only my loose opinion but I believein some ways the UK is no better than the US. The only difference is the focus on the statistical average and constraints on the extremes. I surmise this is because UK dogma is more towards conserving resources than the US. The UK also plays the sweep it under the carpet routine better than the US which is more heart on sleeve.

Speaking of sweeping under the carpet more GCHQ shinanigans....

Read More →

September 22, 2018 4:11 PM

Ratio on Friday Squid Blogging: Dissecting a Giant Squid:

@Alyer Babyu,

[…] the press thoroughly failed to adequately cover the decades of the Soviet work-death camps, and then doubled down on the darkness by solidly refusing to cover Aleksandr Solzhenitsyn’s account of the realities of the Gulag, when he came in exile to the west.

Riiiiiiiiiiight …

So one can lay he deaths of 70+ million people at the doors of this press and its policy of darkness.

I see, 70+ million people die as the result of inadequate coverage of current events.

September 22, 2018 3:04 PM

Clive Robinson on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

@ Albert,

The "Escape to the last bustop south story" goes hand in hand with this story,

[www.counterpunch.org]

The point is it does not matter what minority you are in, even if it's the majority, the 1% see everything that way.

For them probability has no meaning, they throw four dice and they all come up six for a count of twenty four[1], that's due to their hard work,...

Read More →

September 22, 2018 2:44 PM

echo on Friday Squid Blogging: British Columbia "Squid Run" Is a Tourist Attraction:

I'm having PTSD flashbacks at the moment so not up to commenting much.

It's interesting how this police officer is up for a misconduct hearing. I have been punched and sexually harassed and slammed into a wall by police officers and seen complaints go walkies. One complaint which was prusued by the Polcie Commissioner went to the IPCC who conducted an investigation behind my back and it was no surprise the (very) senior police officer got off because the investigation did not have access to critical evidence and legal argument I could supply.

Following on from more Quantum...

Read More →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.