Posts by Christian Berger

I wonder how a blank slate solution to the mobile data problem would look like?

I mean sure, LTE has thrown a lot of things overboard like isochronous connections, however it's still deeply rooted in a mindset that is based on the mobile telephony business model. For example the network always knows where you are in order to get packets to you while most client protocols today only make outgoing connections where this is largely irrelevant.

So how would a network look like that's just "there" paid by the people just like the road network? You wouldn't need to log into it. You could use techniques like "stateless autoconfiguration" to gather an IP-address from the cells near you. Gradually as you roam, you'll gather new addresses while the old ones drop away. With the right network protocols (e.g. mosh) that would give you seamless handover without a central piece of equipment having to track you constantly. Even web browsing would work fine as your connections are rather short lived.

Wait? Windows merges registry branches?

I mean that whole problem seems to exist only because Microsoft decided to merge one registry branch with another one the unprivileged user can change.Why would you do such a thing? I mean the idea of a registry is bad enough already, but somebody must have noticed that merging branches is a logic nightmare at best, and likely a security problem at worst

Actually it doesn't make much difference security wise on a laptop

If you have physical access to a laptop, you can just use a PCI Express card to access the RAM of it to bypass everything Secure Boot could ever protect. If the laptop doesn't have PCI Express, you can use Firewire, or Thunderbolt or if you have a zeroday in the Windows USB stack, USB.

Or you can install malevolent hardware, e.g. an LTE card which will compromise the system once the user unlocked the harddisk. All of those paths can be packaged into nice easy to use solutions.

In short Secure Boot is not about improving physical security. It can only secure business models.

If you'd want an actual "more secure than your average Linux box" mobile device, make a very slim terminal with all the complicated bits (GSM connectivity, WIFI, etc) outsourced to extra modules connected via simple serial interfaces, and make the terminal itself so trivial and simple that its code will be secure and bug free. Obviously that means having something trivial that only talks to your servers and uses shared keys or some simple key exchange. Then you seal your hardware in non transparent resin, wrap a sense wire around so it'll destroy all of its keys when its broken, seal that in resin, too, and wrap that in a transparent resin with glitter in it, to make it tamper evident.

If you want a lot more security than you could ever gain from Secure Boot, but are on a budget and still want a "propper PC", just get some nail polish with glitter and paint it over all critical ports (USB, Thunderbolt...) and screws. Then make a photograph. This will make any attacks SecureBoot claims to protect you against visible... at a fraction of the complexity and without giving up ownership of your own computer.

Well they lost their chance

I mean they started with great hardware with crisp monochrome screens, keyboards and a decent battery life. However they didn't open their protocols which was their failing. They could have said, "Here's our Backend Server, but if you don't want to use it, here's the protocol specification and a little demo server for you to expand on."

If they had done that, their devices would have moved on from "mobile e-mail" clients to mobile smart terminals. Lots of companies would have made bridges from their applications to Blackberry terminals. Since the Blackberry would at most store an authentication token to the server, compromising it would only give you temporary access until that token would have been invalidated at the server. They would have had an actual edge on security.

Where are watch manufacturers in all of this?

I mean I have a Casio solar powered radio controlled watch. It clearly has a microprocessor running software inside because it actually has a software bug.

Why don't they simply add little "hook" functions where you can run code every time the display gets refreshed or when the timer goes off. It seems trivial to extend the hardware by adding a little 512 byte SRAM and the software with some hooks or a simple interpreter. Perhaps change the display to some alphanumeric one and there you go.

Same problem as with all the others

You either unlock your key stored in that chip with your pin, or you combine your pin and the key on the chip to create the key to access your data. In both cases you can trivially get around any security by just uncapping the chip, something that rivalling Pay-TV operators have done for years. Sure that'll cost you a couple of thousand Euros, but that's nothing for a larger criminal investigation. You simply cannot protect data from physical access, at least not for that kind of budget and with the comfort of not loosing it when your device thinks its manipulated. (or the battery is dead)

Plus of course for us in the west it doesn't matter if that device sends all its data to China. China has no juristiction over me. China cannot send me to prison easily, China simply cannot use this kind of information against me. Since western governments are skeptical of China, they won't cooperate with them to harm me personally. In contrast my government actively helps the US government to spy on everyone in my country.

Malware doesn't wear a uniform

Unless you are dealing with someone incredibly stupid, there is no way to tell what country an attack came from. Considering the low levels of security in most organisations, it's also problematic to assume nation states. Also individuals are most likely to be suffering from Clinton winning over Sanders. The parts of the normal public that know how to use a computer might have the best motivation.

There's actually another very real danger if you host your PBX outside of your network

If you have a local PBX on your LAN, it doesn't matter how secure your internal credentials are, unless you're very stupid, nobody will be able to pose as an internal phone.

How if you have a cloud PBX all you need is your credentials to pose as an internal phone... and if you use an app, that means that you store your credentials on a highly insecure device.

This is a real danger as calling someone involves money. Perhaps not when you call someone locally, but there are providers like wpremiums.com which offer your premium rate numbers all over the world. Just get one of those numbers and call them over your snitched PBX login.

This will just provide the illusion of security

Thanks to heavy optimisation and caches this is incredibly hard to get right. And then there's still Rowhammer and other problems. The only area where this might be usefull is DRM, and that's malware by definition.

If you want security, make sure you're running a minimal amount of software and you control that software.

The problem is actually rather simple

Any kind of QoS only makes sense when your network is overloaded as QoS on Ethernet can do little more than decide what packets to throw away. That's actually even a rather expensive feature on a router and many routers will have severe limitations once you turn on QoS. QoS means looking at more than one packet at a time, that's not what routers are made for.

The solution is to make sure your network never is overloaded. No that doesn't mean that you have to add up the bandwidth you advertise to your customers. What it means is that you look at your utilisation and make sure that on a typical month you are never above 50%. That way you'll always have spare bandwidth, even if one of your redundant links breaks.

We should also note, that unlike the telephone network where individual lines could break (or at least individual 2MBit trunks), we now live in a time where your connection may simply consist of 2 redundant links, each one able of holding the complete traffic. There is no "emergency situation" where capacity is severely limited to 10% or something. Things either work, or they don't. Also in real life emergencies there is no increased amount of bandwidth. People don't watch Netflix en masse when their house is being flooded. They might use their telephone, but even on IP telephony that bandwidth is next to nothing.

So it's a twofold business model

Sell the data off to the best bidder _AND_ ransom some money from the people buying it so it'll keep working. Smart idea!

I know this is primarily marketed to dumb people, but this affects us all. Those cameras will be installed in public places and their data will be stored on servers belonging to companies who are good at extracting information from data like this. So in the end, we'll end up with a dataset containing the movements of many people, even the ones who don't carry around a mobile phone with them.

Again, "Secure Boot" is not a security feature...

... the only thing it can secure is business models.

It keeps you from running a minimalistic simple operating system which would be more secure than Windows RT, where you are supposed to run untrustable software from some "App Store" and install updates you cannot control.

5G is currently more or less just a buzzword

Such standards usually have a clear idea what people are going to achieve with them from a technical standpoint. And standards always take about 10 years from finalizing what operators want to the products getting onto the market.

1980s: GSM was about digital telephony and low bitrate circuit switched data.

1990s: UMTS/WCDMA was about "high" bitrate circuit switched data and soft handover.

2000s: LTE was about packet data, ditching all that circuit switched data, as well as scalability and interoperability on oddly shaped spectra

Essentially all the hype about 5G can already be done on "LTE Advanced". You can have special "low bandwidth, low power" nodes. After all LTE already stands for "Long Term Evolution". Maybe there won't even be a 5G for the forseable future.In any case, whatever will be decided now will result in products 10 years down the line.

Like with all those classification problems there is a blurry line

I mean sure, current ransomware is easy to defeat that way. After all it tries to encrypt all files as fast as it can.

Now imagine it encrypts one file an hour, or even less. Of course with some randomness, and with transparent decryption for userspace applications. Even if your software would detect that, it couldn't distinguish it from normal behaviour.

The obvious solution is to lower your attack surface. Make it hard for the user to install software from random sources, make sure you always use a minimal amount of code so you minimize the chance of getting compromised via a bug... and so on. You know, normal best practices security.

That seems like a security problem

I mean if I have some program which only needs to talk to my server, I can just deliver the correct certificate with it. There is no advantage in relying on some external certificate authority which I do not control.

In fact, since I have no idea what the Google approved CA does and I have to hand over the keys to my kingdom, it's kinda a problem. I trust in yet another external organisation.

Plus the obvious problem is that this might hinder reverse engineering as I cannot bypass TLS by using my own certificates.

Well but isn't it the primary selling point of Windows...

... that you do not need an installer since your software usually will just be a statically linked .exe file you can just copy?

So that'll be 1.99 million unemployable people in a couple of years

Seriously you should not learn APIs as if they were something important. You should learn how to solve problems, then you can look into the API and learn the few bits you actually need.

Learning an API will just teach you about tools and you'll try to fit your problem around those tools... which usually results in those horrible software we see from so many "single language / single platform" developers.