Schneier on Security

Clive Robinson • April 12, 2022 10:30 AM

@ John,

Amazing people paying for collected garbage.

In the UK there is are a couple of much used old saws of,

“Where there’s muck there’s brass”

And less used,

“With enough work you can polish a turd”

The first implies, there is always money to be made with anything you can find, the second, all you have to do to make it attractive to the buyer is put enough work in.

On a historical note what we now call “data brokering” actually started with criminals, of various forms, most notable being blackmailers gathering data on their soon to be victims, from servants etc.

It’s a thoroughly “dirty trade” and those in it get “mired in scat” but hey the us has a saying about a sandwich implying enough money takes the taste of effluent away…

Clive Robinson • April 13, 2022 3:39 AM

@ Winter,

Speech scientists have been seeking such a tool for decades.

And will probably continue to do do for decades to come…

There are at least five seperate parts to the voice tract. And some move only fractional and in very specific ways and directions. The wavelengths involved are as well quite short.

There is a rough rule of thumb used in radar and similar wave illumination and reflection systems of 16:1 that is the illumination / imaging wave length needs to be 1/16th or less than the wavelength of the target.

I’ll let you do the rest of the maths but realistically you are looking at an RF frequency getting on for 15-300GHz these just don’t penetrate the outer layers of skin and fat… Oh and the NRPB has some very strong “don’ts” when it comes to imaging certain parts of the body like the eyes, neck, head or spine with radient energy.

Whilst there have been some experiments with 5GHz and people writing, from what I’ve read it’s not the hands they are imaging but the stylus the imaged hands are holding (the way some people write the free end of the pen moves about ten times the range that the nib end of the pen in contact with the paper does).

Clive Robinson • April 13, 2022 11:20 AM

@ Paul Jacob,

Oh wait, no it was the state that pushed this. My bad.

Actually it was only ONE “state that pushed this”, the US Government. Who’s legislators are so much in thr pocket of US big business, which is why you still do not have privacy legislation in the US to stop this sort of data collection. In fact you have legislation that makes it legal as long as those who collect it give it to the US Government agencies…

But importantly they implemented the mandatory fitting of GPS in phones, knowing full well the result would be inflicted not just on US Citizens but most Citizens in the Western World.

The reason being they knew what would happen with regards “inventory control” and “Regulatory Aproval”.

Regulatory approval is carried out on individual products. That is if you have one phone design and fit a chip in one but leave it off of the PCB in another then thats two lots of regulatory approval you end up going through. So double the price and double the time. Oh and obviously you want a phone that can be used anywhere not “Model A” can be used in US North America but “Model C” which can be used in Canadian North America but can not be sold/used in the US…

The manufacture does not wish to risk fines the US Gov regulators and enforcment agencies takes great pleasure in extorting where they can especially from non-US entities.

So from the manufacturers perspective one “global model” is desirable. But also it cuts inventory costs more than not fitting the GPS chip…

So the world gets forced to have GPS in their phones…

Clive Robinson • April 13, 2022 9:37 PM

But I have a strong suspicion that Neo-Con free market ideology and growing inequality play a role.

Are they, a symptom, an opportunistic parasite or the disease themselves?

Neo-Con thinking when you look at it in a little more depth, behind the nonsense rhetoric, or something global throws it’s failings into stark brutalist relief is about one thing only.

It’s about transferring assets out of the hands of the masses into the hands of the few, but in a curious way.

It realy started with the breaking of the Bretton-Woods Agreement. The agreement had brought stability to financial markets and forced investment from speculation into actual real investment thus growth.

Stability and actuall growth is not what certain people want. They see it as tying down their resources.

Think back in your history, briefly mentioned will have been the “Black Tulip Market” or the “Tea Pot Dome” scandle”. The latter being remembered for all the wrong reasons, of political scandle and bribary rather than the underlying issue.

Whilst “natural growth” will over time produce significant wealth, to some eyes it is both slow and divided. Thus they see it as money being they are “entitled to” being stolen from their pockets. This “entitlement” is not to accrue wealth, but to use it for obtaining status, so influance, so control. In effect they are to quote the film line “On a mission from God” or other higher calling, so morals, ethics, legality are “impediments of the devil” via his “evil and corrupt agents on earth” or similar dillusional reasoning.

In reality what they do is to plan market chaos and “get in cheap, and get out rich and quick” before the bubbles or other non natural growth of speculation colapses. Sometimes called a “Hot Potato Game” where you pass something through your hands taking a nice percentage off of the top that you then divert away for other purposes in a “one way fashion”. The result the last “savy seller” dumps the faux-asset / investment and the person buying usually through ignorance pays the most and if they are lucky gets nothing, if unlucky hugh amounts of hidden debt.

The trick is to create market noise thus froth and excitment thus “draw the suckers in” and give the early ones “a taste” thus make them the equivalent of “shills” when the market reaches the right pitch the scheme originators let out their supposed assets at well well above what they aquired, take the money and “invest it” in either another bubble or use it for what they see as their “calling”.

In the case of the “black tulip market” we now look back and incorrectly think “how could they have been so silly” or in the case of “teapot dome” we see only the political scandle, not the scheme where Mammoth Oil deliberately created as a vehicle for the scheme by Sinclair Oil owner Harry Ford Sinclair should have been lucrative. What knocked Sinclairs little bubble scheme investments was that everyone started following and a spiral built up and at the end of the 1920’s what had become a massive bubble burst and the Great Depression kicked in for the next decade. However some were laughing for a while as they got out in time[1]. Then the fall out from an earlier global event caused things to change rapidly and a different sort of financial and political bubble got created that ended in a squalid suicide in a bunker in Berlin, and the face of Europe forever changed.

Now a century after the “Great War” and “Spanish Flu” history appears to be repeating it’s self.

The Neo-Con created bubble markets that created the repeated Financial Crisises have not gone away. The “Get in low, pump it up, get out quick” mentality is still very much there, but also the “I’m on a mission” attitude is very much strengthened and is strongly aligning it’s self to “The Moral Right” which it is anything but, using cultish behaviour. The ludicrous “Tea Baggers” and similar being just one of many “cults” being exploited. It’s become clear to several that the move has either been moved into or absorbed into religion, which is gaining it’s old political control purposess. Worse the “Born to be King” mentality is becoming wider and wider. Whilst the would be Kings are buffoons and Clowns, it is the fascilitators behind them pulling the strings that should scare people.

If people think the events in the Ukraine are in some way special, they are not. History shows that all major events have flash points. In reality it seldom matters where the flash point is, just that as with any avalanche or landslide, a tipping point has been reached, and just one snow flake or drop of water will be what takes it past the point, where things start moving under their own gravity.

Others are now saying Syria will be a warning to Russian’s about Putin, but equally we can say Belarus was a warning to the Ukrainians. We can point out many other pre-cursors and flash points. What they nearly all have in common is the majority only see them as such in retrospect.

There is a saying about the “Three sign posts to disaster”,

“The first is only revealed with hindsight. The second can be seen at the time by the wise. The third is quickly obvious to most.”

These “Flash Point” or “Tipping Point” events are realy the third signpost, but even then many people will be in denial in anyway they can.

Some will have noticed and others indicated years ago that Germany going non nuclear energy wise would create an issue where they would become effectively controled by others beyond their boarders. Actually it was sign-posted over thirty years ago, which culminated in a rather more talked about flash point event that will have it’s thirtieth aniversery later this year.

There was a very strong indicator of “trouble ahead” when the “European Exchange Rate Mechanism”(ERM) was overly quickly established by politicians wanting to carve out a little fame for themselves. It was created with a hard and fast mandated currency exchange bound, specifically a lower limit, that had not just to be met but maintained for a time period. Worse other “rules” ment not just a “fixed time table” but that a Nation had to declare their ERM intent publically prior to starting… This created not just an artificial tipping point, it created a time line which a currency trader could exploit into a very profitable strangle hold.

Supposadly nobody thought of it at the time (which I very much doubt, the same time-table mistake has been repeatedly made). So when the UK Government decided to enter the ERM it created an opportunity that someone decided to exploit. The result was the then UK Government after desperately selling currency reserves and taking inflation into double digits to try to keep “the pound” / sterling above the currency exchange limit mandated by the ERM lost to a handfull of currency traders. The attempt to stat in the ERM failed and the UK Government was forced to conceed and withdraw from the ERM.

Or more correctly “Crash Out” with billions lost, on the 16th of September 1992 still known today as “Black Wednesday”. It did two things that people should note,

1, The ERM created a strangle hold.
2, The event was a tipping point that changed the political direction of over thirty nations.

The result of both culminating in Russian actions currently…

Germany decided against all warnings to the contrary –and there have been a lot of them,– to alow Russia via Gazprom and Nord Stream to get a direct strangle hold on Germany and also weaken much of the East of Europe. Despite Putin having turned the gas tap off previously with other Nations in the East European region for political control. I won’t go into all the details as that involves rather more than a decade and a half of rather tedious European History and the build up to it involving much other Fall out of the ERM (think “Euro Crisis” and the following problems from the US State Dept inspired “Middle East Crisis”).

The point is on one side of the coin,

1, If you create a strangle hold.
2, Someone will exploit it.
3, You will loose by it.

On the obverse then,

1, If there is crisis.
2, Someone will exploit it.
3, You will loose by it.

It does not take much study to realise that,

1, People create strangle holds and crisises to exploit.
2, There are many useful idiots that will act as enablers.
3, Most will be either wilfully ignorant or in denial all the way down.
4, Few will even admit to failing so further fail by not taking remedial action.
5, This just emboldens people on their self styled “mission from God”
6, So the wheel turns and makes the rut deeper.

And so it progresss round and round on a downward path, the loosers being the majority via what we glibly call “Disaster Capitalism” or “Lost Opportunity Costs” of which war is the most obvious, but poor education the most insidious and harmful to humanity.

[1] One for instance is one of my distant Scottish relatives… They came to own vasts amounts of land in various places and became “Gentrified”. The story “as told” is fairly simple… A young “American on holiday” who’s lowland ancestors had emigrated to the US had become wealthy speculating in the “Roaring Twenties” if not earlier, met a young Scottish lady who he fancied greatly. So he sold up in the US and “moved back” at an opportune time, in the process bying up large amounts of land etc outside of the US. Thus married the young lady and gave up his US Citizenship and settled into a new “Laird’s Life”. Shortly there after the Great Depression started… But took a masive hit due to WWII, even though to old to fight and the children to young. But the children re-built via more conservative investment and diversified. Now a couple of generations later they have invested very widely in ways I’m not sure any single person knows, but resisted the urge to go public or similar get rich quick schemes.

Clive Robinson • April 16, 2022 1:46 AM

@ SpaceLifeForm,

I must be missing an angle or use case.

Nearly everyone does till you tell them, then it is so obvious…

To communicate between point A and point B you have two options,

1, Broadcast to everyone.
2, Send to a known location.

In a networked environment the first is decidedly undesirable. The same is true if you want to communicate privately, which requires not just message content privacy but traffic privacy as well. If your desire is to be covert then you need one or two other things as well.

So for point A to send to point B, point A has to know where point B is otherwise communications is not possible.

So how does point A find point B without any third parties becoming privy to party A wishing to know where party B is?

That is at the simplest level what a “Rendezvous Protocol” does.

As you start to think on what is involved you discover that it’s very far from simple to keep information from a third party observer, even before you start considering “Man in The Middle”(MiTM) attacks.

Whilst traffic analysis can be beaten –under certain assumptions–
when you know where you are sending to, it remains an open question as to if you can do it when you do not.

Clive Robinson • April 19, 2022 4:13 PM

@ SpaceLifeForm, JonKnowsNothing, ALL,

Do not think about any Real-Time comms.

Remember this is an “Anonymous Rendezvous Protocol for Mobile Devices” we are talking about here.

If it’s not effectively near or “Real-Time” then it can not work, as the mobiles will have moved.

Fixed point / address is as I noted a solved problem before the Intetnet even existed due to “Printed Telephone Directories”.

The simple fact is we have stopped “living” in a “Fixed Point” world, we only “work” in the last vestiges of it and “The Human Malware Virus” has made a major change in “work practice” towards “Officeless working”. If the change will become permenant or not is yet to be seen, but some now think that “Home-Working” being in reality “Mobile Device Working” is now an “accepted work mode” for an increasing many rather than the few.

So fixing the lack of an “Anonymous Rendezvous Protocol for Mobile Devices” has become very much more important than it was just a couple of years ago.

If we can fix it and do it efficiently –and I see no proof that we can not– then it will replace DNS and much else besides.