Security « D-kriptik Blog

Archive for the ‘Security’ Category

Quickies: Edu, rep, trust, ossl 1.0.0, ssl, rekey, body scan, leaks, net card exploit, runway

Monday, March 29th, 2010

So, I was out on a date, and we started discussing IT, security, and productivity. She was explaining some of the frustrations with getting approval for business critical applications and tools at a certain employer, as well as the obstacles certain security configuration had on getting the job done efficiently. The end result was that people looked for ways to bypass the IT department and its controls.

Stating the obvious, technology, and security, need to be incorporated into business processes, into helping people get their jobs done and protecting their ability to do so. When tension arises between, say, IT department policies and procedures and how people actually do their jobs, people are going to start looking for ways to circumvent those policies and procedures. After all, if a firm is not productive, not providing value, it won’t exist for long.

Which reminded me of this paper that has popped up in numerous places,

It is often suggested that users are hopelessly lazy and unmotivated on security questions. They chose weak passwords, ignore security warnings, and are oblivious to certificates errors. We argue that users’ rejection of the security advice they receive is entirely rational from an economic perspective. The advice offers to shield them from the direct costs of attacks, but burdens them with far greater indirect costs in the form of effort. Looking at various examples of security advice we find that the advice is complex and growing, but the benefit is largely speculative or moot. For example, much of the advice concerning passwords is outdated and does little to address actual threats, and fully 100% of certificate error warnings appear to be false positives. Further, if users spent even a minute a day reading URLs to avoid phishing, the cost (in terms of user time) would be two orders of magnitude greater than all phishing losses. Thus we find that most security advice simply offers a poor cost-benefit tradeoff to users and is rejected. Security advice is a daily burden, applied to the whole population, while an upper bound on the benefit is the harm suffered by the fraction that become victims annually. When that fraction is small, designing security advice that is beneficial is very hard. For example, it makes little sense to burden all users with a daily task to spare 0.01% of them a modest annual pain.

Herley’s advice summary,

First, we need better understanding of the actual harms endured by users. [...] A main finding of this paper is that we need an estimate of the victimization rate for any exploit when designing appropriate security advice. [...]

Second, user education is a cost borne by the whole population, while offering benefit only to the fraction that fall victim. [...]

Third, retiring advice that is no longer compelling is necessary. [...]

Fourth, we must prioritize advice. In trying to defend everything we end up defending nothing. [...] In fact prioritizing advice may be the main way to influence the security decisions that users make. [...]

Finally, we must respect users’ time and effort. [...] We must understand that when budgets are exhausted, attention to any one piece of advice is achieved only by neglect of something else. [...]

More focused on communities (e.g., companies, agencies, etc.) smaller than the general population of Internet users, I wrote this about user education way back when.

First off, we need a threat model. We need to figure out what we want to protect, its value, the potential attacks, the likelihood of those attacks, and the potential damage of those attacks. Determine the risks, and then mitigate them. Very important here is figuring out who needs to be held responsible for what mitigations and countermeasures. And, this threat model has to be reviewed periodically to keep it up to date. The assets that need to be protected change, the way business is done changes, the risks change, the mitigations change. Security is not static.

With that (and building that is certainly not trivial), we have these people, you, me, our parents, that are part of this threat model. They pose risks, and they help to mitigate risks. We need to minimize the former and maximize the latter. To do this right, I think we need people to feel responsible for security. To build this sense of responsibility, we need these security responsibilities audited and we need effective training to convey and reinforce these responsibilities – the combination of these two may be a linchpin to people security.

So, we talk to people about our threat model. Not only do we teach it, but we get feedback on it. And, we make sure everyone understands that threat model, and their place in it. To do this, we bring vivid examples from security audits into our security education, which help to build security training programs that provide exactly that which we learn the most from, experience.

(Side note, I may have gone kind of crazy with the audited training in that post.

Now, pull the results of these attacks into your security training. Will there be an impact?

Well, I think so. You don’t quickly forget seeing yourself and/or those around you up in lights, as it were, and the attacks can certainly be used to increase the sense of responsibility felt by every employee. The demonstrations hit home because they can be related to – the attacks happened to you, your neighbors, your community. Whether the attacks succeed or fail, they amount to a shared experience for the organization, and teach people their importance to the security of their organization.

I think people would feel like their security responsibilities are not just words but actual obligations which have real consequences to the security of an organization. The threat model lays this out, but the experience drives it home. Also, people would be aware that their organization takes security seriously and is willing to proactively audit that security. And, those audits involve real life employees, doing the right thing and maybe even the wrong thing. It lets people know that they are at the root of security.

However, when I look at things like the foiled airplane bombing attempt on December 25, 2009, I do see a kind of user education inline with that excerpt playing an important role. The people tackled the alleged bomber because they knew their lives and the lives of others might depend on it. The experiences of, say, 2001-09-11 were taken to heart. They were the last line of defense, and they knew it.)

Perhaps a related bit on cooperation and reputation,

The possibly irritating message is that for promoting cooperative behavior, punishing works much better than rewarding. In both cases, however, reputation is essential.

And, I saw this on trust.

I’ve long advocated instead saying “is vulnerable to”, which makes it much clearer what is going on, so I would say “CNNIC is a certificate authority everyone is vulnerable to”. “Trusted third party” would become “Third party you are vulnerable to” and so on. Kinda clunky, but you know where you stand.

This ramble of mine discussed trust in these terms.

There is this big word we have all said before, trust. Trust can mean lots of things, but, at its heart, trust implies risk or vulnerability. Trust is about having faith that someone or something will act a certain way when it counts. While you may be able to influence that someone or something to act that certain way, in the end, the actions are out of your total control.

And, this other ramble of mine may have been criticized as naive optimism, but it also made this sort of point.

There are lots of inputs to trust – inputs like direct experiences, such as not dying when eating food from a particular restaurant or how you build friendships, or indirect experiences, such asking a friend about what plumber to use or credit ratings. We use these inputs to calculate levels of trust, which are basically estimates of how much vulnerability we are willing [to] expose to the trusted. This leads to trade-offs, such as limiting the amount of trust you place in someone/something – you might only take a nibble of that unknown food to limit the risk of getting sick if it disagrees with you, or divide tasks amongst a group of people to limit the risk of any one person having too much access – versus the costs of these limitations – that nibble is not enough to meet your nutritional requirements forcing you to seek out additional food, and all those people/processes mean less work getting done. This is a balancing act, if you will.

Look at that,

The OpenSSL project team is pleased to announce the release of version 1.0.0 of our open source toolkit for SSL/TLS. This new OpenSSL version is a major release and incorporates many new features as well as major fixes compared to 0.9.8n. For a complete list of changes, please see http://cvs.openssl.org/getfile?f=openssl/CHANGES&v=OpenSSL_1_0_0.

Congratulations to the OpenSSL team!

So, this has been making the rounds.

At a recent wiretapping convention, however, security researcher Chris Soghoian discovered that a small company was marketing internet spying boxes to the feds. The boxes were designed to intercept those communications — without breaking the encryption — by using forged security certificates, instead of the real ones that websites use to verify secure connections. To use the appliance, the government would need to acquire a forged certificate from any one of more than 100 trusted Certificate Authorities.

The paper can be found here. Matt Blaze discusses some implications.

What this means is that an eavesdropper who can obtain fake certificates from any certificate authority can successfully impersonate every encrypted web site someone might visit. Most browsers will happily (and silently) accept new certificates from any valid authority, even for web sites for which certificates had already been obtained. An eavesdropper with fake certificates and access to a target’s internet connection can thus quietly interpose itself as a “man-in-the-middle”, observing and recording all encrypted web traffic traffic, with the user none the wiser.

A while back, I had to do some research on web filtering technologies. It was quite standard for enterprise level web filtering to include SSL MITM functionality. Generally, this involved taking advantage of having an enterprise’s CA certificates rolled out to end users, but it could have leveraged any trusted root certificates.

Anyway, I noted the following posted about.

The Monkeysphere project’s goal is to extend OpenPGP’s web of trust to new areas of the Internet to help us securely identify each other while we work online. The suite of monkeysphere utilities provides a framework to leverage the web of trust for authentication of HTTPS^0< (TLS) and SSH communications.

In other words, Monkeysphere allows you to use your web browser or secure shell as you normally do, but you can use the OpenPGP Web of Trust to identify the servers you connect to and to prove your own identity to them. This brings to the web and ssh the possibility for key transitions, transitive identifications, revocations, and expirations of public keys¹. It also actively invites broader participation in the OpenPGP web of trust.

That reminds me of something I wrote a while back.

This is an active research area. Petnames have been proposed, which I like (think PGP web of trust in some form). This has similarities to the SSH-type trust model, which has also been proposed and which I also like. In recent minutes to an IETF-PKIX meeting, the Opera people were looking at “extended validation” certificates. There has been all sorts of talk, pros and cons, about “high-assurance” certificates.

I saw this rant about rekeying by one of the people that had to deal with the SSL rekeying mess.

It’s IETF time again and recently I’ve reviewed a bunch of drafts concerned with cryptographic rekeying. In my opinion, rekeying is massively overrated, but apparently I’ve never bothered to comprehensively address the usual arguments. Now seems like as good a time as any…

This post to the Matzger’s Cryptography mailing list by Adam Back seemed most in line with my thinking.

Another angle on this is timing attacks or iterative adaptive attacks like bleichenbacher’s attack on SSL encryption padding. If re-keying happens before the attack can complete, perhaps the risk of a successful so far unnoticed adaptive or side-channel attack can be reduced. So maybe there is some use.

Simplicity of design can be good too.

Tradeoffs.

Complete shocker (note: the link is to a news article, but there is a quote therein containing a possibly profane word).

BAA is investigating an incident in which a Heathrow security operative “ogled” a female colleague who’d wandered into a body scanner, the Sun reports.

John Laker, 25, allegedly copped an eyeful of Jo Margetson, 29, when the latter “entered the X-ray machine by mistake”. She was “horrified” as Laker “pressed a button to take a revealing photo” and remarked: “I love those gigantic[...]

I should note that the ubiquity of digital video equipment (e.g., cell phones) renders moot whether or not these scanners record images.

Speaking of leaks, I saw this.

Here’s the background: Secure web connections encrypt traffic so that only your browser and the web server you’re visiting can see the contents of your communication. Although a network eavesdropper can’t understand the requests your browser sends, nor the replies from the server, it has long been known that an eavesdropper can see the size of the request and reply messages, and that these sizes sometimes leak information about which page you’re viewing, if the request size (i.e., the size of the URL) or the reply size (i.e., the size of the HTML page you’re viewing) is distinctive.

Consider a search engine that autocompletes search queries: when you start to type a query, the search engine gives you a list of suggested queries that start with whatever characters you have typed so far. When you type the first letter of your search query, the search engine page will send that character to the server, and the server will send back a list of suggested completions. Unfortunately, the size of that suggested completion list will depend on which character you typed, so an eavesdropper can use the size of the encrypted response to deduce which letter you typed. When you type the second letter of your query, another request will go to the server, and another encrypted reply will come back, which will again have a distinctive size, allowing the eavesdropper (who already knows the first character you typed) to deduce the second character; and so on. In the end the eavesdropper will know exactly which search query you typed. This attack worked against the Google, Yahoo, and Microsoft Bing search engines.

The paper can be found here.
-

Remembering the exploitation of wireless cards and their drivers, here comes some other fun stuff with network cards presented at CanSecWest. [via cypherpunks mailing list]

The presentation was entitled “Can you still trust your network card?”. The talk explained how an attacker could be able to exploit a flaw to run arbitrary code inside some network controllers (NICs). The attack uses routable packets delivered to the victim’s NIC. Consequently, multiple attacks can be conducted including: Man in The Middle attacks on network connections, access to cryptographic keys on the host platform, or malware injection on the victim’s computer host platform (see SS 2).

The slides can be found here. From slide 38,

On this particular NIC and firmware version, an attacker is able to
perform arbitrary code execution:

Initial jump
->an attacker can overwrite a return address in the stack;
->she can find a stable (for a firmware version) memory address for username;
->she can put exploit code in username and jump there.

Game over at slide 40,

Now the attacker can:
->run arbitrary code on the RX RISC;
->provide new code using simple packets;
->rewrite the firmware if needed;

In between the excerpts is a summary of the attack. Slide 49 is a hoot too.

Also from CanSecWest, kernel exploitation is the new black by the people that post content at the cr0 blog, such as this.

To end this rainy day on a fun note, the following caught my eye.

The same post at Quomodocumque has this completely odd video of an interview with William Thurston and fashion designer Dai Fujiwara. Apparently, Thurston provided the inspiration for Issey Miyake’s fall fashions, “8 Geometry Link Models as Metaphor of the Universe”.

You can see the finale of their Paris fashion show here, including Thurston joining Fujiwara on stage.[...]

Posted in Anonymity & Privacy, Crypto, Security | No Comments »

FBSD 7 stable to 8 stable, cryptome, twitenc, fact fault, tor, hidden, limulus

Thursday, March 11th, 2010

Upgrading from FreeBSD 7 stable to FreeBSD 8 stable went smoothly. What follows are the general steps I followed. (FreeBSD handbook guidance can be found here for the base system and here for the ports.)

Modify my custom kernel configuration for the FreeBSD 8 kernel.
(The generic FreeBSD kernel configuration for the i386 platform as a starting point can be found in “/usr/src/sys/i386/conf/GENERIC”. e.g.,
- cp /usr/src/sys/i386/conf/GENERIC /usr/mykernconf8
- ln -s /usr/mykernconf8 /usr/src/sys/i386/conf/mykernconf8
- vi /usr/mykernconf8 and modify as desired)
vi /usr/stable-supfile and update my custom “stable-supfile” to point to “RELENG_8″ by changing the relevant line to “*default release=cvs tag=RELENG_8″
(A sample “stable-supfile” as a starting point can be found in “/usr/share/examples/cvsup/stable-supfile”. e.g.,
- cp /usr/share/examples/cvsup/stable-supfile /usr/stable-supfile
- vi /usr/stable-supfile and modify as needed, such as setting the default release to 8 and setting the host to one of the FreeBSD cvs server mirrors)
cd /usr/src
cvsup -g -L 2 ../stable-supfile (update source tree)
make buildworld (build system binaries, manpages, etc.)
make kernel KERNCONF=mykernconf8 (build and install kernel)
reboot (into single user mode)
cd /usr/src
mergemaster -p (prepare for merge of updated scripted and configuration files)
make installworld (install system binaries, manpages, etc.)
mergemaster (merge in updated scripts and configuration files)
There was a version increment of the standard contents in “/etc” from 7 to 8, so there was much to sift through. I had made modifications to a few configuration files and scripts that had to be merged, but, for the majority, I just installed the new version.
reboot

Next came the joy of rebuilding all the ports. I chose to go with installing pre-built packages (where available), and subsequently rebuilding those few ports that I had customized.

cd /usr/ports
cvsup -g -L 2 ../ports-supfile (update ports tree)
Examine “/usr/ports/UPDATING” to see if there were any special instructions relevant to upgrading the installed ports and “/usr/ports/MOVED” to see what ports have been (re)moved.
portsdb -Fu (fetch new index and build db)
pkgdb -F (check package registry)
portupgrade -nvOpPfa (to see what is expected to happen without performing the actual upgrade)
portupgrade -vOpPfa (this upgrades installed ports from pre-built packages where available; otherwise, it builds and installs the ports from the source, and creates packages for them.)
portupgrade -pf <all those ports that I had custom configs or otherwise made tweaks>

(build and install the specified ports from source, and create packages for them)

pkgdb -FL (check package registry and look for lost dependencies)
portsclean -CDDLP (clean up working dirs, distros, packages, and libraries)

Long time readers of this blog may remember that I attended a talk given by John Young of Cryptome.

I attended the panel discussion on “The Secret World of Global Eavesdropping” yesterday, as mentioned in a previous post. It was composed of Patrick Radden Keefe, moderator, and John Young, primary speaker. (Robert Windrem did not attend.)

[...]

For those that don’t know, Cryptome.org publishes information on national security, intelligence, cryptography, etc. with a technical focus.

Well, it seems Cryptome has been in the news a bit of late.

Microsoft has managed to do what a roomful of secretive, three-letter government agencies have wanted to do for years: get the whistleblowing, government-document sharing site Cryptome shut down.

Microsoft dropped a DMCA notice alleging copyright infringement on Cryptome’s proprietor John Young on Tuesday after he posted a Microsoft surveillance compliance document that the company gives to law enforcement agents seeking information on Microsoft users.[...]

In a bizarre up-and-down — literally — series of events, the controversial site Cryptome.org was forced offline yesterday after posting a sensitive Microsoft document on its site and was back online today.

PayPal has finally made good on its pledge to restore Cryptome’s account many hours after the firm’s head of global communications told Register readers it had already done so.

Ok.

As i announced yesterday, the new version of shrimp7 (31) support compression for your Twitter, Facebook and Friendfeed posts. With that technique you will be able to post messages that are longer then 140 characters. When i implemented message compression i had the idea to implement a AES-256bit encryption method for shrimp7 version 32. I use the same principles as the compression method i use. After encryption I’ll add 2 characters in front of the string so applications could recognize compressed or encrypted messages.

If you weren’t laughing already, from the cypherpunks mailing list…

Date: Sun, 7 Feb 2010 21:17:30 -0800
Subject: Re: 256-bit encryption for Twitter posts
From: coderman
To: Ted Smith
Cc: Cypherpunks list

On Sun, Feb 7, 2010 at 3:17 PM, Ted Smith wrote:
> …
> 256-bit encryption for Twitter posts
>….
> .?WsSMSoaGhoZFjHZzQzx7iOZ
> +GKmXXcyD hq0iEBExlReVG2f0ACO256i84cOC7QlxO/txTuRdkQwL
> +fBGZlcUQBQoDHLLm/3cFbEEW3ZU8I/CD63wfgpGbAx+eH9oPAmVyYv14Y=

i say again:
twitter is ruining the internets…

Factoring.

On December 12, 2009, we factored the 768-bit, 232-digit number RSA-768 by the number field sieve (NFS, [20]). The number RSA-768 was taken from the now obsolete RSA Challenge list [38] as a representative 768-bit RSA modulus (cf. [37]). This result is a record for factoring general integers. Factoring a 1024-bit RSA modulus would be about a thousand times harder, and a 768-bit RSA modulus is several thousands times harder to factor than a 512-bit one. Because the first factorization of a 512-bit RSA modulus was reported only a decade ago (cf. [7]) it is not unreasonable to expect that 1024-bit RSA moduli can be factored well within the next decade by an academic effort such as ours or the one in [7]. Thus, it would be prudent to phase out usage of 1024-bit RSA within the next three to four years.

Implementation fault abuse.

In this work we described an end-to-end attack to a RSA authentication scheme on a complete FPGA-based SPARC computer system. We theorized and implemented a novel fault-based attack to the fixed-window exponentiation algorithm and applied it to the well known and widely used OpenSSL libraries. In doing so we discovered and exposed a major vulnerability to fault-based attacks in a current version of the libraries and demonstrated how this attack can be perpetrated even with limited computational resources.

We employed with success the induced faults in order to lead attacks against industry grade implementations of the RSA and the AES cryptosystems. Moreover we devised two new attack techniques, one for each cryptosystem and have been able to validate their practical effectiveness with a thorough experimental campaign. We were able to successfully break the AES cipher employing only 4kB of faulty ciphertext, to retrieve an RSA encrypted plaintext using at most 5 faulty ciphertexts regardless of the size of the modulus and to factor the RSA modulus employing at most two faulty signatures. After conducting the whole experimental campaign no signs of tampering were left on the attacked device, thus proving that the employed technique is not invasive and does not alter the further functioning of the device. The attack technique is fully realizable with low cost off-the-shelf instruments which is a significant strong asset of the proposed attack technique.

Back in January, Tor 0.2.1.22 was released (as of this writing, 0.2.1.24 is the current stable release). In the announcement,

Tor 0.2.1.22 rotates two of the seven v3 directory authority keys and locations, due to a security breach of some of the Torproject servers: http://archives.seul.org/or/talk/Jan-2010/msg00161.html

From the referenced message,

In early January we discovered that two of the seven directory authorities were compromised (moria1 and gabelmoo), along with metrics.torproject.org, a new server we’d recently set up to serve metrics data and graphs. The three servers have since been reinstalled with service migrated to other servers.

I’ve brought up hidden assumptions often enough here, so this resonated.

The rules surrounding markets matter a lot–and the reason we don’t know this is that the rules that work have disappeared into the background, faded out of our consciousness, become part of the miasma of “the market”. For example, I recall a web debate years ago in which someone made the standard point that cartels are very difficult to hold together, which means anti-trust rules about this sort of thing have dubious utility. I believe it was Eugene Volokh who pointed out that this was true . . . but only because courts refused to enforce cartel agreements. If courts did enforce them, cartels would work pretty well–which is why we still have professional sports leagues.

Interesting.

Limulus is an acronym for LInux MULti-core Unified Supercomputer. The Limulus project goal is to create and maintain an open specification and software stack for a personal workstation cluster. Ideally, a user should be able to build or purchase a small personal workstation cluster using the Limulus reference design and low cost hardware. In addition, a freely available turn-key Linux based software stack will be created and maintained for use on the Limulus design. A Limulus is inteneded to be a workstation cluster platform where users can develop software, test ideas, run small scale applications, and teach HPC methods.[...]

And watch the hardware costs drop.

September 2007 Total: $2302 (US dollars)
September 2008 Total: $2092 (US dollars)*

* includes RAM upgrade price from 1GB/node to 2GB/node

I still remember my Beowulf cluster in college.

Posted in Anonymity & Privacy, BSD, Crypto, Off-topic, Security | No Comments »

Quickies: TLS reneg, Karmic, beauty, suggest, TC

Thursday, November 12th, 2009

By now, everyone has heard of the TLS renegotiation vulnerability,

Transport Layer Security (TLS, RFC 5246 and previous, including SSL v3 and previous) is subject to a number of serious man-in-the-middle (MITM) attacks related to renegotiation. In general, these problems allow an MITM to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream, leading to a variety of abuse possibilities. In particular, practical attacks against HTTPS client certificate authentication have been demonstrated against recent versions of both Microsoft IIS and Apache httpd on a variety of platforms and in conjunction with a variety of client applications. Cases not involving client certificates have been demonstrated as well. Although this research has focused on the implications specifically for HTTP as the application protocol, the research is ongoing and many of these attacks are expected to generalize well to other protocols layered on TLS.

A nice write-up of the issue can be found here,

Marsh Ray has published a new attack on the TLS renegotiation logic. The high level impact of the attack is that an attacker can arrange to inject traffic into a legitimate client-server exchange such that the TLS server will accept it as if it came from the client. This may allow the attacker to execute operations on the server using the client’s credentials (e.g., order a pizza as the client). However, the attacker does not (generally) get to see the response. Obviously this isn’t good, but it’s not the end of the world. More details below.

As for the response of a popular SSL/TLS implementation, the OpenSSL security advisory can be found here,

The workaround in 0.9.8l simply bans all renegotiation. Because of the
nature of the attack, this is only an effective defence when deployed
on servers. Upgraded clients will still be vulnerable.

A TLS extension has been defined which will cryptographically bind the
session before renegotiation to the session after. We are working on
incorporating this into 0.9.8m, which will also incorporate a number
of other security and bug fixes.

Oh, and about Tor,

The Tor protocol isn’t vulnerable here because 1) it doesn’t allow data to be sent before the renegotiation step, and 2) it doesn’t treat a renegotiation as authenticating previously exchanged data (because there isn’t any).

A couple of minor notes when upgrading Ubuntu Jaunty (9.04) to Karmic (9.10)…

Karmic no longer uses event.d.

The version of upstart included in Ubuntu 9.10 no longer uses the configuration files in the /etc/event.d directory, looking to /etc/init instead. No automatic migration of changes to /etc/event.d is possible. If you have modified any settings in this directory, you will need to reapply them to /etc/init in the new configuration format by hand.

I found this page to provide useful addition information.

This specification contains the documentation for the Upstart packaging and upgrade policy.

For example, for the purposes of djbdns, this meant that the “/etc/event.d/svscan” configuration had to be converted to “/etc/init/svscan.conf”. I ended up using the following, which is slightly different than what the Ubuntu djbdns package installs (bullet point 8 of this post is relevant).

# svscan - daemontools -- http://www.froyn.net/blosxom/blosxom.cgi/2007/1/12
#
# This service starts daemontools from the point the system is
# started until it is shut down again.

start on runlevel [2345]
stop on runlevel [!2345]

respawn
exec /usr/bin/svscanboot

And, rsyslog is now in use,

The sysklogd package has been replaced with rsyslog. Configurations in /etc/syslog.conf will be automatically converted to /etc/rsyslog.d/50-default. If you modified the log rotation settings in /etc/cron.daily/sysklogd or /etc/cron.weekly/sysklogd, you will need to change the new configurations in /etc/logrotate.d/rsyslog. Also note that the prior rotation configurations used .0 as the first rotated file extension, and now via logrotate it will be .1.

I played around a little with logging in Ubuntu 8.10 in this post (bullet point 7).

(On a side note, if you are doing more than just simple basics with syslog, it may be time to consider replacements like rsyslog and syslog-ng.)

Didn’t I mention beauty and elections at some point? Yep,

Perhaps a just as simple and maybe better way to pick who will be elected president than answering “who is taller?” is to answer this more general question – who best looks the part? (A little lamination goes a long way. ) And, of course, a consensus answer gives better results than each individual answer here.

Well, this paper fits right in with that post.

Are beautiful politicians more likely to be elected? To test this, we use evidence from Australia, a country in which voting is compulsory, and in which voters are given ‘How to Vote’ cards depicting photos of the major party candidates as they arrive to vote. Using raters chosen to be representative of the electorate, we assess the beauty of political candidates from major political parties, and then estimate the effect of beauty on voteshare for candidates in the 2004 federal election. Beautiful candidates are indeed more likely to be elected, with a one standard deviation increase in beauty associated with a 1½ – 2 percentage point increase in voteshare. Our results are robust to several specification checks: adding party fixed effects, dropping well-known politicians, using a non-Australian beauty rater, omitting candidates of non-Anglo Saxon appearance, controlling for age, and analyzing the ‘beauty gap’ between candidates running in the same electorate. The marginal effect of beauty is larger for male candidates than for female candidates, and appears to be approximately linear. Consistent with the theory that returns to beauty reflect discrimination, we find suggestive evidence that beauty matters more in electorates with a higher share of apathetic voters.

This made me laugh.

[...]But I was most impressed with this anonymous bit of genius dug up by Digg, which uses Google for some armchair sociolinguistic analysis. The graphic compares “less intelligent” queries with “more intelligent” queries, such as “how 2″ with “how might one:”

Lastly, TrueCrypt 6.3 has been with the following new features.

Full support for Windows 7.

Full support for Mac OS X 10.6 Snow Leopard.

The ability to configure selected volumes as ’system favorite volumes’. [...]

Oh, and I should mention… So, we had hotplug and cold boot. And, of course, when your system is up and running and transparently encrypting/decrypting data, a stock exploit of, say, the OS could easily mean game over. Now, people are using bootkit functionality against TrueCrypt.

The provided implementation is extremely simple. It first reads the first 63 sectors of the primary disk (/dev/sda) and checks (looking at the first sector) if the code there looks like a valid TrueCrypt loader. If it does, the rest of the code is unpacked (using gzip) and hooked. Evil Maid hooks the TC’s function that asks user for the passphrase, so that the hook records whatever passphrase is provided to this function. We also take care about adjusting some fields in the MBR, like the boot loader size and its checksum. After the hooking is done, the loader is packed again and written back to the disk.

While gaining physical access to a system and tampering with the hardware or popping on a malicious bootloader or what have you, and then the victim using that compromised system, which proceeds to, say, record the TrueCrypt password for the attacker, is outside the protections of the basic TrueCrypt FDE scenario, seeing bootkits demonstrating their capabilities against TrueCrypt and illustrating just what protections tools like TrueCrypt do and do not provide is quite cool. (And, with that horrific sentence, this post draws to its close.)

Posted in Crypto, Debian & Ubuntu, Security | No Comments »

Violent rambling, etc.

Friday, August 7th, 2009

Behold! Behold!
What lo?
A ramble! A ramble!
What? No!
‘Tis so! ‘Tis so!

I think we often take for granted the hidden knowledge built into our cultures, our institutions, our norms, to the degree that we take the results of these structures, of this genetic code for our society, as just a given. I must say that, when I was younger, the more radical beliefs I held at the time were in part motivated by the accumulated noise, junk, I perceived in those structures about me while ignoring the information also contained therein; now, I have more respect for the hidden knowledge in such systems and the hidden assumptions on those systems and their knowledge.

So, I recently read Girard’s “Violence and the Sacred”. In it, Girard discusses the idea that all society, all culture, even all symbolic thought is the byproduct of what he calls a sacrificial crisis, which entails a cycle of reciprocal violence and violent undifferentiation within a community, that culminates in the elimination of a sacrificial victim, whereby the community unites against one member of the community and, in a generative and bonding moment, releases their violence upon that member, thus expelling their violence from the community. According to Girard, religion enshrines this sacrificial crisis and victim, and ritual allows for the re-enactment of the crisis and victim to expunge the violence within the community. (Girard’s, say, over the top, argument is that this crisis-victim is the foundation of all community and culture, and that trying to understand the crisis-victim is what caused symbolic thought to emerge. Side note – I mention symbolic thought with regards to the financial system in this post.)

Thinking on it, I can see the sacrificial crisis culminating in a sacrificial victim, and the ritualized enactment of such an event, applied within communities in the world in which I live today. As Girard discusses, while sacrificial victims may be selected at random in the midst of a crisis, surrogate victims used during the ritualized replay of the sacrificial crisis are often chosen both because they have ties to the community (and so can be substituted for it) and yet because they are outside it (and so have little potential to inspire reciprocal violence). When I look at, say, news of late, where “obese” people seem to be sacrificed in the war on health care costs, I cannot help but see parallels to the surrogate victim in primitive religious rituals (irrespective of any opinion held on the matter).

There is an interesting misdirection noted by Girard as well, the belief that violence stems from something outside of humankind, such as the gods or the dead. This too it seems is visible today in much rhetoric. People speak as if violence itself stems from a gun or from a video game or from a car, from these sacred and powerful items that are outside the world of people, external objects capable of infecting people with violence when they descend upon a community. (I am ignoring any correlation that may exist between these objects and people’s propensities toward violence.)

Regardless of views, the importance of violence, or rather, the expulsion of violence from, within the community appears to be hugely important to, and completely buried in, the very foundations of society as we know it today, at least in the culture in which I reside. This seem to be so much the case, that we take the end result for granted.

For example, Girard points out the significance of the judicial system in replacing religion, such that the judicial system takes on a higher authority as a impartial and superior body, that metes out revenge, relabeled a transcendent term, justice, upon parties of established guilt in the name of the community. The very sublime nature of the institution makes the act of revenge the judicial system deals out beyond revenge, and so it breaks the potential chain of reciprocal violence.

We often take the incorporation of the judicial institution into our culture for granted, as we assume such institutions and such cultures are a given, natural. But, violence has been with us long before such institutions existed. Nature is violent at times, and it makes sense that we have evolved a potential for violence ourselves; we have survived over the long course of time both in spite of and because of violence. As such and in broader terms, I am beginning to think that taking current culture, current norms, current institutions for granted is quite dangerous.

This idea of the generative and community building aspects of violent unanimity also seems in line with Peter Turchin’s ideas “War and Peace and War” (mentioned in this post, particularly bullet point 2) that a common struggle against, say, a foreign enemy can bring people together, that it builds the capacity for collective action. Great nations are forged in the frontier life, in the world of violent interactions between similar peoples with less similar peoples. In this light, Girard briefly notes wars with foreign nations as an example of unifying violence, in that the foreign nation becomes the sacrificial victim, the embodiment of violence that is outside the community ,and yet a violence that has been brought to the community and must be violently expunged.

Girard notes that change is often feared by primitive communities as a potential trigger of violence, and often there is lots of ritual performed around change to relieve any potential for violent buildups, such as at times of seasonal transitions or the coming of age of a child. In bullet point 2 of the aforementioned post, I noted that “radical change can cause instability” along with a slightly broader discussion of change or adaption in a follow-up post. Additionally, Schoeck notes in Envy that extreme envy and envy avoidance, such as that in exhibited in primitive communities and small towns, can often stifle innovation, creativity, and achievement, all of which have undertones of change. So, combining this with Girard, we can see envy threatens violence, and, violence being contagious, such a threat could wipe out a whole community, which leads us to innovation, creativity, and achievement, as purveyors of change, being punished and avoided.

Now, it is easy to forget walking down the street in NYC just how much everything around us requires this breaking of the chain of reciprocal violence. In the past, when men could easily descend into a tornado of violence and everything else was swept aside by it, the world as we see it now in NYC could not exist. The weak would have to huddle together and perhaps flee the storm, and the strong could tear everything down in a moment of rage.

That is not to say that violence is not still present, but that most people tend towards non-initiation of violence, and the rare initiation of violence tends to end at the time it begins. Self-defense is acceptable at the moment of being attacked, but, after the fact, we rely on law enforcement and the judicial system to catch and punish the aggressor; vigilante-ism and personal revenge are frowned upon and punished, norms that reinforce a breaking of reciprocal violence. (In some communities in NYC and the USA in general, reciprocal violence may still run free, such as gang violence or the eruption of riots; however, those are the exceptions and not the norm.)

Evolution is the way of nature and, as such, ourselves, and I rather enjoy this spiraling progression, much as I like the evolution of what I consider to be my self as I grow older. As noted by Turchin’s “War and Peace and War” or in Michael Flynn’s scifi-esque “Introduction to Cliology” (inspired by Asimov) or even Barrow’s “The Artful Universe”, we live in cycles within cycles, in this chaotic nature, and so we must. But, I maintain a certain sense of caution when unraveling the fabric of our modern world, as pulling at the strings of our norms, cultures, institutions, communities, etc. without properly considering their hidden store of knowledge, and the hidden assumptions one might be making, can have quite profound and completely unintended consequences, for better or worse.

I mentioned “the map is not the territory” in this post. How about another? “Correlation is not causation.” This is one of those great insights that we so often fail to see. I have made this mistake at times in this blog.

So, if I had remembered nothing else from Judith Rich Harris’ “The Nurture Assumption”, then the wit, and the clear and concise explanation of “correlation is not causation” that makes the concept easy for me to explain to others, would have made the book worth it. An excerpt of her fictional example to illustrate correlation is not causation,

[...]Our method will be straightforward: we will ask a large number of middle-aged people how much broccoli they consume and then, five years later, check to see how many of them are still alive.[...]

[fictional results showing a statistically significant correlation between eating broccoli and longevity in men but not women]

Our study appears in an epidemiological journal. A newspaper reporter happens to read it. The next day there’s a headline in the paper: EATING BROCCOLI MAKES MEN LIVE LONGER, STUDY SHOWS.

But does it? Does the study show that eating broccoli caused the male subjects to live longer? Men who eat broccoli may also eat a lot of carrots and brussel sprouts. They may eat less meat or less ice cream than broccoli shunners. Perhaps they are more likely to exercise, more likely to buckle their seatbealts, less likely to smoke. Any of these other lifestyle factors, or all of them together, may be responsible for the longer lives of the broccoli eaters. Eating broccoli might even have been shortening our subjects’ lives, but this effect was outweighed by the beneficial effects of all the other things broccoli eaters were doing.

The 0.2.1.x branch of Tor has gone to release.

Tor 0.2.1.18 lays the foundations for performance improvements, adds status events to help users diagnose bootstrap problems, adds optional authentication/authorization for hidden services, fixes a variety of potential anonymity problems, and includes a huge pile of other features and bug fixes.

Bravo.

Attacks only get better.

In this paper we describe several attacks which can break {\it with practical complexity} variants of AES-256 whose number of rounds are comparable to that of AES-128. One of our attacks uses only two related keys and $2^{39}$ time to recover the complete 256-bit key of a 9-round version of AES-256 (the best previous attack on this variant required 4 related keys and $2^{120}$ time). Another attack can break a 10 round version of AES-256 in $2^{45}$ time, but it uses a stronger type of {\it related subkey attack} (the best previous attack on this variant required 64 related keys and $2^{172}$ time). While neither AES-128 nor AES-256 can be directly broken by these attacks, the fact that their hybrid (which combines the smaller number of rounds from AES-128 along with the larger key size from AES-256) can be broken with such a low complexity raises serious concern about the remaining safety margin offered by the AES family of cryptosystems.

Posted in Anonymity & Privacy, Crypto, Off-topic, Security | No Comments »

Hash competition round 2 candidates announced, etc.

Friday, July 24th, 2009

And then there were 14…

The round two candidates have been selected for the NIST cryptographic hash algorithm competition. From the competition’s email list,

Date: Fri, 24 Jul 2009 09:36:00 -0400
From: “Burr, William E.”
To: Multiple recipients of list

NIST received 64 SHA-3 candidate hash function submissions and accepted 51 first round candidates as meeting our minimum acceptance criteria. We have now selected the following 14 second round candidates to continue in the competition:[...]

Noticeably absent is MD6, which the MD6 team foreshadowed earlier this month on the competition’s email list.

Date: Wed, 1 Jul 2009 10:55:30 -0400
From: “Ronald L. Rivest”
To: Multiple recipients of list
Subject: OFFICIAL COMMENT: MD6

[...]
Thus, while MD6 appears to be a robust and secure cryptographic hash algorithm, and has much merit for multi-core processors, our inability to provide a proof of security for a reduced-round (and possibly tweaked) version of MD6 against differential attacks suggests that MD6 is not ready for consideration for the next SHA-3 round.
[...]

I noted the competition in this old post.

Update: NIST has issued a report on the first round of the hash competition. Additionally, the round 2 candidate submission packages have been updated if tweaks were made to these packages by their authors.

Update: From the hash competition mailing list,

Date: Mon, 1 Feb 2010 12:10:48 -0500
From: “Chang, Shu-jen H.”
To: Multiple recipients of list
Subject: Call for Papers for the Second SHA-3 Candidate Conference

FYI, attached is the Call for Papers for the Second SHA-3 Candidate Conference, to be held at UCSB after Crypto and CHES 2010. Please note that the submission deadline is May 10, 2010, and submissions should be sent to hash-function@nist.gov.

Regards,
Shu-jen

From the CFP,

Call for Papers for the Second SHA-3 Candidate Conference
Santa Barbara, CA
August 23-24, 2010
Submission deadline: May 10, 2010 (Conference without proceedings)
The SHA-3 competition has entered the second round, in which 14 second-round candidate algorithms are being considered for SHA-3. NIST plans to host a Second SHA-3 Candidate Conference in August, 2010 to discuss various aspects of these candidates, and to obtain valuable feedback for the selection of the finalists soon after the conference.

The web page for the second conference is here.

On a side note, at the beginning of the month, NIST released a document trying to elicit discussion on algorithm transition strategies and timelines as we approach the deprecation of 80 bit crypto stacks for Federal agency purposes as well as the world at large. Per the announcement,

Comments are requested on the white paper “The Transitioning of Cryptographic Algorithms and Key Sizes” by August 3, 2009. Please provide comments to CryptoTransitions@nist.gov.

I actually enjoyed skimming this document. Besides the broad transition discussion, this document really provides useful summaries of the various cryptographic algorithms allowed for FIPS 140 purposes and also in common use out there in the world. It pulls together concise use-oriented descriptions of the various algorithms and the documents that discuss those algorithms, including the normal uses of these algorithms and their strengths for these uses. We often talk about crypto stacks, and this document makes it easy to see a crypto stack. Also, it makes sense that this topic is being hashed out prior to FIPS 140-3.

Update: NIST posted the comments received up to 2009-07-24 on the transition paper. This was updated to comments received through 2009-08-14.

Rather than creating a new post, I figured I would add these here.

NIST has published a draft summary of the Cryptographic Key Management Workshop. As per the announcement,

NIST announces that the Draft NIST Interagency Report 7609, Cryptographic Key Management Workshop Summary (June 8-9, 2009), is available for public comment. The Cryptographic Key Management (CKM) workshop was initiated by the NIST Computer Security Division to identify and develop technologies that would allow organizations to leap ahead of normal development lifecycles to vastly improve the security of future sensitive and valuable computer applications. The workshop was the first step in developing a CKM framework. This summary provides the highlights of the presentations, organized by both topic and by presenter.[...]

NIST has published a draft of SP 800-38E, dealing with NIST approval of the XTS mode of operation for AES, for comment. As per the announcement,

NIST announces that the Draft NIST Special Publication 800-38E, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Block-Oriented Storage Devices, is available for public comment. This document approves the XTS-AES mode of the AES algorithm by reference to IEEE Std 1619-2007, subject to one additional requirement, as an option for protecting the confidentiality of data on block-oriented storage devices. This mode does not provide authentication, in order to avoid expansion of the data; however, it does provide some protection against malicious manipulation of the encrypted data.

Update: NIST has published SP 800-56B, as described here.

NIST announces the completion of Special Publication (SP) 800-56B, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography. This Recommendation provides the specifications of key establishment schemes that are based on a standard developed by the Accredited Standards Committee (ASC) X9, Inc.: ANS X9.44, Key Establishment using Integer Factorization Cryptography. SP 800-56B provides asymmetric-based key agreement and key transport schemes that are based on the Rivest Shamir Adleman (RSA) algorithm.

NIST has published SP 800-102 and SP 800-120, as described here.

NIST announces the completion of Special Publication 800-102, Recommendation for Digital Signature Timeliness. Establishing the time when a digital signature was generated is often a critical consideration. A signed message that includes the (purported) signing time provides no assurance that the private key was used to sign the message at that time unless the accuracy of the time can be trusted. With the appropriate use of digital signature-based timestamps from a Trusted Timestamp Authority (TTA) and/or verifier-supplied data that is included in the signed message, the signatory can provide some level of assurance about the time that the message was signed.

The National Institute of Standards and Technology (NIST) is pleased to announce the release of Special Publication 800-120. Recommendation for EAP Methods Used in Wireless Network Access Authentication. This Recommendation formalizes core security requirements for EAP methods when employed by the U.S. Federal Government for wireless authentication and key establishment.

Posted in Crypto, Security | No Comments »

Quick note – a crack at building TC 6.1a on FBSD 7.1

Sunday, March 29th, 2009

Prompted by a comment and this rainy day…

Myself, I mostly think of TrueCrypt as Windows software today, so I can’t say I use it much on FreeBSD. However, I haven’t had much trouble getting TrueCrypt 6.1a to build on FreeBSD 7.1, even though I may not use the end result.

So, starting off with a pretty much stock FreeBSD 7.1 system with Gnome 2.24 installed as my test environment, I was able to do something like the following to get TrueCrypt 6.1a to build from source.

I downloaded, verified, and extracted the TrueCrypt 6.1a source.

I took a look at the “Readme.txt” in the root of the extracted TrueCrypt source tree and ensured that I met the requirements listed in the “Requirements for Building TrueCrypt for Linux and Mac OS X” section. I found the bulk of what may be missing (I say “may be missing” because most dependencies were already met in this test setup) readily available in the FreeBSD ports tree (e.g., gmake, fusefs-kmod, fusefs-libs, pkg-config, wxgtk). I had PKCS#11 header files lying around, but I also tried downloading fresh ones (e.g., pkcs11.h, pkcs11f.h, pkcs11t.h) from the RSA ftp site.

One important note here – the FreeBSD ports has split wxWidgets into multiple versions/flavors. After glancing at the root TrueCrypt makefile, I decided to go with “wxgtk28-unicode” from the FreeBSD ports for the TrueCrypt build. This choice has later implications, as the TrueCrypt build defaults to the use of the generic “wx-config”, which will not exist when using one of the wxWidgets from the FreeBSD ports, since “wx-config” is renamed in accordance with the specific version/flavor of the installed FreeBSD port. While I didn’t notice the “Readme.txt” calling out that this can be tweaked, the root TrueCrypt makefile is clear here and the choice of “wx-config” can be conveniently overridden, as noted next.

With the dependencies done, I then followed the build instructions for Linux and Mac OS X in the “Readme.txt”, interpreting them for my environment. For my particular test setup, there were three main tweaks here – use “gmake” (GNU make) rather than “make” (the stock FreeBSD make), set “WX_CONFIG” appropriately (since I was using “wxgtk28-unicode”, I set this to “wxgtk2u-2.8-config” overriding the default “wx-config”), and set “PKCS11_INC” appropriately since the PKCS#11 header files I wanted to use were not in the default include paths used by the TrueCrypt build (I pointed this to the directory where I had the PKCS#11 header files). So, from the root directory of the TrueCrypt source tree, I ran something like “gmake WX_CONFIG=wxgtk2u-2.8-config PKCS11_INC=<path to downloaded header files>”.

After building successfully and prior to running the resulting “truecrypt” executable (found in “./Main” in the source tree), I checked to see if the FUSE kernel module was loaded. It wasn’t, so I loaded it (e.g., “sudo kldload /usr/local/modules/fuse.ko”).

Then I ran “truecrypt”. I ran its crypto tests, created a new TrueCrypt container with a UFS filesystem, and mounted, dismounted, and created/modified/deleted some files on this container. Everything appeared to be working.

And that is about all I can say about TrueCrypt 6.1a on FreeBSD 7.1.

Posted in BSD, Crypto, Security | 2 Comments »

Quickies – zero, conficker, https, djbdns, fashion

Friday, February 27th, 2009

This month has certainly been interesting.

A couple of zero days in widely deployed software were discovered by virtue of active exploitation out there in the world…

An Adobe Acrobat and Reader zero day [demo exploits], with an official patch expected next month (there is an unofficial patch).

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Adobe is planning to make updates for Adobe Reader 7 and 8, and Acrobat 7 and 8, available by March 18th.[...]

Update: Adobe has released the security updates for Acrobat and Acrobat Reader 9.

A potential Microsoft Excel zero day, with more information to be determined.

Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability.

As always, exploiting vulnerabilities for which patches are available is working quite nicely too – just look at Conficker having a ball.

Why Conficker has been able to proliferate so widely may be an interesting testament to the stubbornness of some PC users to avoid staying current with the latest Microsoft security patches [2]. Some reports, such as the case of the Conficker outbreak within Sheffield Hospital’s operating ward, suggest that even security-conscious environments may elect to forgo automated software patching, choosing to trade off vulnerability exposure for some perceived notion of platform stability [8]. On the other hand, the density of where the vast bulk of Conficker victims are concentrated may also suggest other reasons, such as the wide use of unregistered (pirated) Windows releases, which Microsoft does not patch [9].

Browser usability with https continues getting hammered as well.

This tool provides a demonstration of the HTTPS stripping attacks that I presented at Black Hat DC 2009. It will transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links. It also supports modes for supplying a favicon which looks like a lock icon, selective logging, and session denial. For more information on the attack, see the video from the presentation below.

The djbdns package has come under fire, of particular note.

Summary: Weaknesses in dnscache’s outgoing query management and caching policies allow an attacker to poison arbitrary DNS records in far less time than previously believed possible.
Versions Effected: All current versions of djbdns (< =1.05)

(And, now I know about zinq.)

And, to end on a lively, off-topic note, fall fashion in New York is usually a favorite of mine, and the Fall 2009 season combined that general preference with up my alley trends (already visible on the streets of New York) – comforting protective and edgier futuristic clothing, dark somber and rich powerful colors (e.g., royal blue, plum purple, forest green), playing with construction and textures (e.g., velvet, tweed, leather, satin), asymmetrical geometrical strong-shouldered architectural designs. Because of these trends, many shows had at least a few pieces that I loved, making for my much wider appreciation of the designs of a variety of designers this season. Some of my favs…

Yet again, Proenza Schouler – This collection veered slightly softer and perhaps nodded to their earlier days, yet still maintained the edge and architecture I have come to love. In a season where those I thought would shine seemed to go astray, these guys hit the mark.
Rodarte – This collection had singular point of view, with the same silhouette and structure throughout; however, the play with construction, textures, and even a pop of color kept it so interesting that I could not wait to see what would come next.
Ralph Lauren – This collection was like walking out into a clean, clear, crisp fall day and inhaling deeply. I said it over and over – it feels like a breath of fresh air. The simplicity, elegance, and beauty of the clothing was remarkable.

Of course, given the trends and my high expectations, I must note there were a number of train wrecks out there too. The two main categories I saw: 1) designs that looked plain silly, gaudy, and/or obnoxious, a way too literal translation of the 1980s; and 2) designs that looked stiff, heavy, and/or just plain burdensome, too much like wearing actual medieval armor, scratchy carpeting, or sound absorbing curtains.

Posted in Off-topic, Security | No Comments »

Games and adaptions

Thursday, February 12th, 2009

This post is big, too big. Alas, dear reader, you must serve as editor.

In a previous post, I wrote,

This suggested to me that players, people, will adapt to a structure over time, and, as I quite often see out there in the world, will likely learn ways to game the system. This adaptation to, or gaming of, the system can lead to new or unintended outcomes, perhaps beneficial, perhaps otherwise. In response, the structure will be modified to incorporate these behaviors and outcomes, perhaps encouraging them, perhaps counteracting them. And so on.

(I must say that John Barrow’s “The Artful Universe” just sprang to mind, a book that ventures an explanation of why things are the way they are.)

Thinking of gaming the system brings security to mind. Security generally seems to follow this pattern of tweaks – attacks get better, and defenses are modified accordingly. However, when a situation of radical change occurs, the instability that results can make security objectives quite difficult to meet, even if defined objectives exist. After all, locking down a system generally requires that the system have some stability and structure. Security itself is structure, and instability breaks down structure. So, radical change can require a shift from tweaks to a wider (re)building of a security structure as areas of this new system solidify.

Ok, this seems obvious. But, why not look at some examples?

Since the economy is on people’s minds these days, I thought these excerpts from Michael Lewis’ “Liar’s Poker” about Wall Street in the 1980’s would serve as the first, and perhaps best, example.

[...]At a rare Sunday press conference, on October 6, 1979, Paul Volcker announced that the money supply would cease to fluctuate with the business cycle; money supply would be fixed, and interest rates would float. The event, I think, marks the beginning of the golden age of the bond man. [...] Bond prices move inversely, lockstep, to rates of interest. Allowing interest rates to swing wildly meant allowing bond prices to swing wildly. Before Volcker’s speech, bonds had been conservative investments, into which investors put their savings when they didn’t fancy a gamble in the stock market. After Volcker’s speech, bonds became objects of speculation, a means of creating wealth rather than merely storing it. Overnight the bond market was transformed from a backwater into a casino.[...]

The mortgage trading desk evolved from corner shop to supermarket. By increasing the number of products, they increased the number of shoppers. The biggest shoppers, the thrifts [savings and loans], often had a very particular need. They wanted to grow beyond the limits imposed by the Federal Home Loan Bank Board in Washington. It was a constant struggle to stay one step ahead of thrift regulators in Washington. Many “new products” invented by Salomon Brothers were outside the rules of the regulatory game; they were not required to be listed on thrift balance sheets and therefore offered a way for thrifts to grow. In some cases, the sole virtue of a new product was its classification as “off-balance sheet.”

[...]Demand now exceeded natural supply. Huge pools of funds across America were dedicated to the unbridled pursuit of risk. Milken and his Drexel colleagues fell upon the solution: They’d use junk bonds to finance raids on undervalued corporations, by simply pledging the assets of the corporations as collateral to the junk bond buyers. (The mechanics are identical to the purchase of a house, when the property is pledged against a mortgage.) A take-over of a large corporation could generate billions of dollars’ worth of junk bonds, for not only would new junk be issued, but the increased leverage transformed the outstanding bonds of a former blue-chip corporation to junk.[...]

Washington Irving, so many years ago, best summed up how this sort of thing ends, words to which we can all relate today.

Could this delusion always last, the life of a merchant would indeed be a golden dream; but it is as short as it is brilliant. Let but a doubt enter, and the “season of unexampled prosperity” is at end. The coinage of words is suddenly curtailed; the promissory capital begins to vanish into smoke; a panic succeeds, and the whole superstructure, built upon credit and reared by speculation, crumbles to the ground, leaving scarce a wreck behind:

“It is such stuff as dreams are made of.”

Which takes me on a bit of a diversion…

When people discuss the economic situation of today, I sometimes notice a common mistake, a confusion of the representation (e.g., money) with the reality (e.g., productivity). We as people are great at building representations of the world to suit our purposes. For example, we build a visual representation of the world using our eyes and brain in order to assist with our navigation of this world. That visual representation is not reality, it is a representation of a small slice of reality, that slice useful to our moving around in the world, generated by our brains from inputs gathered by our eyes. However, if that representation becomes very distorted, if we can no longer make out objects blocking our path, we start to bump into things, we fall down, we hurt ourselves. Our distorted visual representation no longer adequately reflects reality for the purposes to which that representation was to be used.

Perhaps a more relevant example, say you have a map of your town depicting all the roads in your town. That map is one representation of your town, and it can be used to assist in the navigation of your town by road. However, you would never confuse tracing your finger along some path on that map with actually walking the streets of your town (i.e., “the map is not the territory“). Drawing a new road on that map does not magically create a new road in your town. And, if that map depicts roads not actually in your town, its usefulness for navigation is limited – you might just throw it away.

Coming back to the economic news of today, one way to think of money is as a representation of productivity. We created this representation to facilitate trade, savings, and investment, but, in order to be useful for these purposes, the representation must reflect the reality of productivity, much as our visual representation of the world must reflect the physical reality around us to facilitate our navigation. Money is not productivity any more than a map of your town is your town.

Now, people are good at gaming the system, and the system of money has been no exception here – people have learned how to game the system of money. Money was much easier to manipulate than the productivity it was supposed to represent, and gradually this property became heavily abused, rather than just used, by people. At some point, people lost sight of the reality for the representation, and the accumulation and growth of the representation became a goal unto itself. Productivity was left in the dust, like drawing a million roads on the map of your town but never building any of them. The representation was distorted away from the reality, and that distortion has now become so great as to severely damage the usefulness of the representation for its purposes.

(When you hear discussions of how to fix the system, what is being debated is how to remove the distortion and limit it in the future. Assuming the current system is to be retained, there seem to be two primary ways to remove the extreme amount of distortion from what I gather from others: 1) devalue the money, thus reducing the debt load denominated in that money to a level commensurate with realistic future productivity estimates, or 2) default on debt, thus reducing the debt load to a level commensurate with realistic future productivity estimates. (I am ignoring those caught up only in the representation and missing the reality, but decisions could certainly be made to go further in this direction as well.) Whatever happens, the result is, and will be, painful for many, and so the other topic of conversation is how best to limit the hurt.)

All of this brought to mind an interesting point with regards to design versus implementation flaws in light of representations and their purposes:

A design flaw causes a system to misrepresent reality such that the objectives of that system are broken for all implementations of that design.
An implementation flaw causes a system to misrepresent reality such that the objectives of the system are broken due to a mistake in implementing the design rather than a mistake in the design itself (and so only the mistaken implementation is broken).

Also, as I journey down this path, I am reminded that exploitation of the human factor has been a recurring topic in this blog. Attacks of this sort often boil down to taking advantage of a vulnerability created by a misrepresentation of people in a system. Which brings to mind three concepts utilized in systems and their relation to the people factor:

Regulate. This attempts to restrict the human factor by trying to limit what people can do.
Audit. This attempts to learn about the human factor by providing the ability to know what people do.
Educate. This attempts to adapt the human factor by teaching the reality to comply with the representation.

Much like a self-help book, these bullet points make the world seem way too simple. For example, there may be a complex balancing act, overlap, and feedback between these three concepts, as well as, between these three, risk, productivity, and resources. Nevertheless, the abstraction seemed useful to my purposes.

Ok, enough of this branch, let me get back on track. What follows are some examples of games and adaptations taken from this blog’s history.

Evolution seems the logical place to start in this travel through some prior posts, which leads us to an example found here.

Anyway, ignoring the multitudes of other factors around this sort of evolutionary understanding, it can be said that at least some part of our brains evolution seems like the result of a bit of an arms race. Our brains evolving more and more powerful capabilities for impressing potential mates (offensive capabilities) while at the same time evolving more and more powerful capabilities for selecting from potential mates (defensive capabilities). It could be that we are a product of “our own” attempts to secure reproduction. Cool beans.

(I can’t help but think of Geoffrey Miller’s “The Mating Mind”.)

This brings to mind some thoughts from an old ramble,

Moving on from just beauty, marketing and sales are about trying to influence people to spend their limited resources (e.g., time, money) on certain products (e.g., goods, services) over other products. This done is [yes, a typo in the original] through many means, both overt and covert. It preys upon our base programming and our learned experience – things like social value, liking someone, or even just wanting to seem consistent – to get us to do things the marketing and sales people want. (Remember this?) Beauty helps with things like being liked and social value. It also helps make objects and other people more desirable. Think of that attractive model sitting on that car for sale – regardless of how blatant the use of the model is, your brain makes associations between that model and that car. And, as noted above, I can think of the increased attention I get when I am out with beautiful people – my social value is increased just by association.

(Robert Cialdini’s “Influence” is right up this alley.)

And its follow-up,

The thing is, all our base programming and all our experience can be used against us. From the power of beauty to inaccurate perceptions of risk, it could be that security mechanisms fail to meet their objectives because, well, real people are involved. When security does not hit upon how real people act out there in the real world, it seems to miss a big chunk of risk.

Which leads us to discussions of ID (age) checks.

In order to up the probability of success, the ladies employed two secondary techniques. One technique was having the most adept social engineers of the group conduct the primary interactions with the ID checker. The ranking of such skills was subjective, but it generally came down to being attractive and social. The point of this was to get the checker in the frame of mind of wanting to allow the ladies to enter, which also implied getting the check [yes, another typo] to want to accept the IDs being presented. This was also used to avoid any signs of nervousness from the group and get them looking the part. The other technique was just memorizing the details on the ID and being ready for small talk with the ID checker (that applied to everyone, not just the primaries used in the first secondary technique) – such interactions were rare, but did happen from time to time. With these two simple measures in place, their impression of the effectiveness of the attack was at about 95%.

The crypto world tends to be conservative, but it moves nonetheless.

RSA has come up here.

Also via Metzger’s cryptography mailing list, five years to the month after Lucky Green spoke out and said no more to 1024 bit RSA keys, the gap continues to close on 1024 bit RSA keys.

As has password hashing.

Even with salts, the traditional Unix crypt function is quite dated and may not be a good choice for generating password hashes. The tiny salts, short password length, optimizations, current processing speeds, etc. all combine to make crypt function generated password hashes quite susceptible to password cracking efforts. The two common alternatives are the MD5 crypt function, which uses the MD5 hash algorithm as its underlying crypto primitive and incorporates a salt, and the blowfish crypt function, which uses the blowfish encryption algorithm with modified key schedule as its underlying primitive and incorporates both a salt and an interation count. The blowfish crypt function is considered to be the latest and greatest crypt function that is widely deployed.

As is the search for a new SHA.

Backing out to a common IT task, a recent post illustrates the vulnerability followed by patch stream many of us know all too well.

USN.
[...]
FreeBSD VuXML.
[...]
FreeBSD Security Advisories.

Like patching vulnerabilities (and segueing back to people), when we recognize the games of others, we can adapt to them.

Anyway, this reminded me of Cialdini’s Influence. The attacks of influence are often carried out beneath the radar of the person being attacked. The attacker triggers automatic responses in the person to influence their decisions/behavior, and the actions that hit these triggers go unnoticed at a conscious level by the person being attack at the time of attack, which results in the person being attacked not properly recognizing the level of influence coming from the attacker. Once a person is aware of triggers and/or able recognize attempts to pull triggers, a person can work to mitigate the influence of triggers and/or the responses to triggers.

(While I note Cialdini there, Paul Eckman’s “Emotions Revealed” also seems relevant.)

And now, dear reader, as you are likely reaching the end of your rope, we shall finally finalize this regurgitation with the finale of a prior set of rambles for our finish.

First off, we need a threat model. We need to figure out what we want to protect, its value, the potential attacks, the likelihood of those attacks, and the potential damage of those attacks. Determine the risks, and then mitigate them. Very important here is figuring out who needs to be held responsible for what mitigations and countermeasures. And, this threat model has to be reviewed periodically to keep it up to date. The assets that need to be protected change, the way business is done changes, the risks change, the mitigations change. Security is not static.

With that (and building that is certainly not trivial), we have these people, you, me, our parents, that are part of this threat model. They pose risks, and they help to mitigate risks. We need to minimize the former and maximize the latter. To do this right, I think we need people to feel responsible for security. To build this sense of responsibility, we need these security responsibilities audited and we need effective training to convey and reinforce these responsibilities – the combination of these two may be a linchpin to people security.

So, we talk to people about our threat model. Not only do we teach it, but we get feedback on it. And, we make sure everyone understands that threat model, and their place in it. To do this, we bring vivid examples from security audits into our security education, which help to build security training programs that provide exactly that which we learn the most from, experience.

Posted in Security | No Comments »

FreeBSD 7.1, etc.

Saturday, January 31st, 2009

Just a few notes:

Upgrading to FreeBSD 7.1 stable from FreeBSD 7.0 stable went smoothly.
Sort of standard steps…
- vi /usr/mykernconf7 and modify to merge in 7.1 changes into my custom kernel config.
  (The generic FreeBSD kernel configuration for the i386 platform as a starting point can be found in “/usr/src/sys/i386/conf/GENERIC”.
  - cp /usr/src/sys/i386/conf/GENERIC /usr/mykernconf7
  - ln -s /usr/mykernconf7 /usr/src/sys/i386/conf/mykernconf7
  - vi /usr/mykernconf7 and modify as desired)
- vi /usr/stable-supfile and update my custom “stable-supfile” to point to “RELENG_7_1″ by changing the relevant line to “*default release=cvs tag=RELENG_7_1″
  (A sample “stable-supfile” as a starting point can be found in “/usr/share/examples/cvsup/stable-supfile”.
  - cp /usr/share/examples/cvsup/stable-supfile /usr/stable-supfile
  - vi /usr/stable-supfile and modify as needed, such as setting the default release to 7.1 and setting the host to one of the FreeBSD cvs server mirrors)
- cd /usr/src
- cvsup -g -L 2 ../stable-supfile
- make buildworld
- make kernel KERNCONF=mykernconf7
- reboot (to single user mode)
- cd /usr/src
- mergemaster -p
- make installworld
- mergemaster
  I found there was a massive version increment of the contents in “/etc” from 7.0, so there was a lot to go through. I had a few mods to configuration and script files that needed merging, but, for the majority, just installing the new version was fine.
- reboot
With the release of FreeBSD 7.1, the FreeBSD ports have undergone a huge burst of activity. Over the course of the last month, perl, X, and Gnome have all been upgraded.

The first step is always the same here, updating the ports tree and grabbing the new index.
- cd /usr/ports
- cvsup -g -L 2 ../ports-supfile
- portsdb -Fu
The second step is always the same here too, examining “/usr/ports/UPDATING” to see if there were any special instructions relevant to upgrading my installed ports, and additionally, browsing “/usr/ports/MOVED” to see what ports have been (re)moved.

Ok, so there have a number of instructions that applied to my installed ports over the last month or so, including those for perl, X server, and Gnome. I updated multiple times and so upgraded many of these components at different intervals, which kept the mixing and matching of these instructions somewhat minimal. (On the flip side, there was a bunch of redundant (re)building of my ports.)

Of the big boys (i.e., perl, X, and Gnome)…

My first upgrade was of perl from 5.8.8 to 5.8.9, and I did this by itself, as the upgrade involved manually using a script and its guidance after installation of the upgrade perl, as per the 20090113 instructions in “/usr/ports/UPDATING” for perl5.8. (If perl troubles crop up after using this script, rebuilding the perl dependents may be best.)

Next came the upgrade of Gnome from 2.22 to 2.24 (and all other updated ports at the time), which went smoothly enough, according to the 20090114 instructions in “/usr/ports/UPDATING” for GNOME and GTK+. (During this upgrade, I discovered some issues with my perl upgrade, so I ended up just rebuilding my perl dependents, but that was not the fault of the GNOME update.)

A few days later followed the upgrade of libxcb by itself along with the rebuilding of all its dependents according to the “/usr/ports/UPDATING” 20090123 instructions for libxcb.

Then, the upgrade of X (and all other updated ports at the time). There were issues here and there after this upgrade, but these seem to have been mostly resolved by subsequent updates, as the port maintainers have been tweaking things.

As mention already, these steps were mostly incremental for me, happening in two primary bursts. If you are upgrading all of that and more at once, it might be easier to just rebuild all ports while taking “/usr/ports/UPDATING” instructions into account.
Tor stable (and development) has been updated to fix a remotely inducible heap corruption issue. Details forthcoming.

This update also fixes an important security-related bug reported by Ilja van Sprundel. You should upgrade. (We’ll send out more details about the bug once people have had some time to upgrade.)

Changes in version 0.2.0.33 – 2009-01-21
o Security fixes:
– Fix a heap-corruption bug that may be remotely triggerable on some platforms. Reported by Ilja van Sprundel.
Truecrypt 6.1a has been available for over a month. The 6.1 changes include support of tokens and smart cards, and trickery to get passed, say, USA customs.
Xen and Ubuntu have gone their separate ways.

Posted in Anonymity & Privacy, BSD, Crypto, Debian & Ubuntu, Security | 2 Comments »

PEoD

Friday, January 30th, 2009

For a while there, it was cold in NY, seriously cold. I mean, teens F day and touching upon single digits F night with wind chills that frighten small children cold. Now we are seeing the 30’s F again. Summer.

So, I was reading a book from back in the early 1990’s, titled “The Political Economy of Defense” and edited by Andrew Ross, that I picked up during one of my explorations of a used bookstore. The book was more geared towards a discussion of potential research topics rather than actual research, but it did leave me with some scattered thoughts.

Update: My first “controversial” post in a while has left me talking about topics this weekend that I care little to discuss with what little I know. I now regret items 3 and 4 in the bullet points below, as my attempt to at least have a couple of bullet points more in line with the book led me down a foolish path. That said, I added one minor update to item 4 below, and that will be the extent of this post’s growth. (Ok, time to enjoy Super Bowl Sunday!)

Note: As fair warning, this post is a total ramble. And, politics is part of the topic by definition, but I endeavor to keep it politically indifferent. You may want to skip it.

This first half will be generic rambling derived from some of the books content taken mostly way out of context (I guess just wanted to jot down some thoughts on, say, gaming the system).

Structure influences behavior and outcomes, and vice versa.
An example, players in a market having an oligopolistic structure tend to end up exhibiting a specific set of behaviors, and one study in the book examined the international arms market up through the 1980’s as an oligopoly. It found that while this market had some oligopolistic behaviors, it lacked others, and, overall, the structure was shifting further away from an oligopolistic market to a competitive market. Moises Naim’s “Illicit” has a description of just how far that shift has gone today.

This suggested to me that players, people, will adapt to a structure over time, and, as I quite often see out there in the world, will likely learn ways to game the system. This adaptation to, or gaming of, the system can lead to new or unintended outcomes, perhaps beneficial, perhaps otherwise. In response, the structure will be modified to incorporate these behaviors and outcomes, perhaps encouraging them, perhaps counteracting them. And so on.
Radical change can cause instability.
An example, consider “third world” countries adopting advanced industrial country technology as discussed in the book. A major problem here can be that “third world” countries typically have a labor surplus, while advanced industrial nation technology favors less labor-intensive production. Additionally, the technical skills required to use such technology tend to be possessed by a very small portion of the labor supply in “third world” countries. So, making a leap to these technologies can facilitate mass unemployment, which can lead to, say, political instability.

Of course, this brought to mind creative destruction and entrenched players stifling innovation, but it also served as a reminder that where we are today is built upon where we were yesterday. There is a progression that provides time for adjustment to the new. (Certain potential future advances are labeled “event horizons” precisely because they are considered to involve such radical change that all the rules go out the window.)

Peter Turchin’s “War and Peace and War” popped into my head too, in which he examines the cycles within cycles that have made for a perpetual cycle throughout world history of conflict and instability leading to peace and stability leading to conflict and instability. The general idea is that there is a coming together phase and a falling apart phase in the life cycle of empires. Within these phases, there are various cycles, which first build the propensity for collective action, and then break down the ability for collective action. And, this often seems to start at a fault line between sets of people that differ in easily identifiable (to them) ways, where by conflict between these sets of people builds internal cohesion and equality within the sets. Once this us and them conflict is resolved and the threat mitigated, prosperity generally kicks in. Over time, prosperity brings about population growth and pushes resources (e.g., food) and grows inequality, and this breaks down the internal unity and leads to internal conflict. Eventually, through cycle upon cycle, an empire is so weakened that it dissolves, often with the help of external enemies. And so on.

However, Turchin points out the this theoretical framework may not apply to the conditions of today (e.g., food is no longer a concern in modern societies) and applauds technology, such as the Internet and, in particular, the cell phone, as breaking down hierarchy and leading to heterarchy, which changes the rules of the game. Dalton Conley’s “Elsewhere, USA” discusses some trends we see here in the, as he coins it, “neofeudal” USA, such as massive inequality coupled with a breaking down of hierarchy and the pervasiveness of ephemeral stuff for invidious (Schoeck’s “Envy” anyone?) comparison with the exception of the readily available basics, food and water.

Anyway, coming back to the thoughts on 1, there is a sort of continuous change implied, in which the structures, behaviors, and outcomes of a system evolve over time. However, too much change too quickly can lead to instability. This seems to promote a sort of tweaking process where some stability is desired.

Thinking of gaming the system brings security to mind. Security generally seems to follow this pattern of tweaks – attacks get better, and defenses are modified accordingly. However, when a situation of radical change occurs, the instability that results can make security objectives quite difficult to meet, even if defined objectives exist. After all, locking down a system generally requires that the system have some stability and structure. Security itself is structure, and instability breaks down structure. So, radical change can require a shift from tweaks to a wider (re)building of a security structure as areas of this new system solidify.

This brought to mind the situation of online security in the world of the web, a world that is radically changing right here and now. The security community is scrambling to catch up, to get a foothold and (re)build structure. For example, capability systems seem to be one possible wave of this future.

(This also reminded me of the current economic mess in the USA, where it seems that radical financial innovations (e.g., a piece of paper saying “this is an apple” held between two mirrors was somehow magically thought to be creating infinite, edible apples) combined with much (extremely leveraged) gaming of the system played a big part in the disaster that is beginning to unfold. Of course, bubbles and credit crisis are nothing new (tulip bulbs or tech, anyone?). Which, in a mindset framed by Turchin’s book, makes cycles seem to be a way of life given our current mental composition (e.g., “Choices, Values, and Frames” edited by Kahneman and Tversky, Cialdini’s “Influence”).)

This second half will be more specific rambling to a couple of topics touched upon in the book.

As discussed in the book, in the USA, defense spending was quite large and had little relation to economic conditions within the country. The questions of how much defense spending and how much security came down to political decision-making.
Perhaps political decision-making is not always the most effective and efficient, but, regardless, its makes me wonder… If states must be capable of pulling together such massive amounts of resources for defense, then, other than a new hot or cold war between major players (e.g., a China-USA showdown), conflict should be quite localized and/or take the form of, say, electronic warfare, guerilla warfare, and terrorism.

Its makes for other interesting trade-off topics too. I can see the USA as carrying a large amount of the defense costs of the whole Occident and much of the world – this gives the USA a huge degree of power in the world, but it also allows others to free ride and focus on different efforts. The opportunity cost of defense spending is something to ponder – defense research has led to technology that is adopted by the civil sector, but it is not known what the civil sector would have come up with and produced if those resources (e.g., some of the brightest out there) had not been tied up in the defense sector. And so on.
As discussed in the book, there was a mild consensus that defense spending can cause short term benefits (e.g., resource utilization) to a country’s economy, but long term it tends to be detrimental (e.g., decreased savings and investment in the civil sector). These detrimental economic effects might build on each other as well.
Now, looking around, we tend to see large territories organized into nation states, and these are generally structured such that the government is the monopoly provider of defense in these territories. My rough understanding, a la papers such as Frederic Lane’s “Economic Consequences of Organized Violence,” is that the primary point of defense being a government monopoly in, say, modern democracies is to reduce the overall burden of defense costs allowing a greater focus on other productive endeavors by everyone else (although, in the USA, the rise of the military-industrial-congressional complex, as Eisenhower coined it, might serve to counter part of this point – e.g., Osprey and Comanche). In that direction, it may be that successful nations tend to be those that find ways to reduce defense costs while maintaining appropriate levels of security and stability. These cost savings can then be rolled into the other economic growth, and so, other things being equal, become a competitive advantage out there in the world market. Defense cost savings can also be devoted to other things, like social programs, such as health care.

Update: Due to follow-up conversation, I now feel a need to point out two things.

First, some have thought that my views of the world have shifted radically based on what is written in this post. While my interpretations of the world shift over time and the tendency is towards moderation, I have not been reborn. I just tried to remain indifferent in the post.

Second, my choice of Lane’s simplified view of the world was quite simple – the idea of the government as a defense service provider to its clients, particularly with those clients being the people of the nation state in a modern democracy, trivially rolled back into the general bullet point. As with most costs, people want to get the most bang for their buck – so, the less clients pay for defense services, the more resources they have for other productive efforts. And, all things being equal, this becomes a competitive advantage over others that have to spend more on defense services for a similar level of security. This translates to more investment, more innovation, more exports, and, well, more capital, resources, wealth for the defense cost savers. Other things being equal, this also gives the defense service provider itself a competitive advantage over other defense service providers. The defense service provider could advance its defense services, at the same or perhaps quite a bit less cost, especially relative to its clients’ growing resources, and maybe even throw in other value add services that benefit from economies of scale. And so on.

For a broader investigation of empire, I already noted Peter Turchin’s “War and Peace and War.” If you just want to hear a concise rain on much of Lane’s quick parade, Charles Tilly’s “War Making and State Making as Organized Crime” might be of interest. Finally, if you want to read radical theorizing about anarcho-capitalist ways of doing things in the future that may or may not result in a defense monopoly, you could check out David Friedman’s “The Machinery of Freedom.” Or, if you just want a fun work of fiction about such a future, Neal Stephenson’s “Snow Crash” is one of my favorites, and it contains one of coolest characters ever, Raven.

This reiterates to me in yet another fashion that security is not, well, priceless.

Thinking on this, the Internet is a new, massive territory. As it gains in popularity and power, nation states have started to partition this territory, much like the geographic boundaries in the physical world, which contain the physical infrastructure on which the Internet is built. If the rules of the real world hold here, then defense of large Internet territories will continue to move into the government arena. Which makes me wonder, perhaps ridiculously, if, as the virtual world moves much faster than the physical world and is, by nature, highly networked and interconnected, much as the real world is more and more becoming, and is even intermingling with the real world to such an extent that some boundaries are blurring between the two, the progression of the Internet could serve as a sort of virtual model for exploring the future of defense in the real world?

All in all, not much of this post really deals with the book. Ah well, I can’t imagine many made it this far anyway.