Security Now Episode 908 Transcript

Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.

Leo Laporte / Steve Gibson (00:00:00):
It's time for security now. Dude, Steve Gibson is here. We got a great show coming up for you. We're gonna talk about our old friend Kevin Rose, who fell victim to a fishing attack. Oh no, the F B i with a spectacular success in Russia. The Russians are pretty darn Matt. And then a new feature in Intel and arm processors that could break crypto. It's all coming up next on Security Now. Podcasts you love

... (00:00:32):
From people you trust. This is twi.

Leo Laporte / Steve Gibson (00:00:41):
This is Security now with Steve Gibson. Episode 908. Recorded Tuesday, January 31st, 2023. Data Operan Independent Timing. Security now is brought to you by Melissa. Over 10,000 clients worldwide in industries like retail education, healthcare, insurance, finance, and government. Rely on Melissa for full spectrum data quality and ID verification software. Make sure your customer contact data is up to date. Get started today with 1000 records, clean for free at And buy Kolide. Kolide is an endpoint security solution that uses the most powerful untapped resource in IT end users. Visit now to learn more and activate a free 14 day trial today. No credit card required.

It's time for security. Now, the show we cover the latest insecurity news with the man in charge of insecurity. Mr. Steve Gibson. Hi Steve. Hello, Leo. I'm very secure with my insecurity <laugh>, or is it the other way around? I don't know. I don't know. <Laugh>, we're, we're going to have some serious geeky fun today for this fi. We just squeezed one last podcast into January. So here we are on the 31st with this episode. 908 titled Data Operand Independent Timing. Hmm. D o I t. That's do It's Intel's Do it acronym Do. Oh yeah, do it. Do it. Do it. Yeah. Don't do it. Do it. A MD calls it just dit. They le left out the op operan. So that's data independent timing. But you know, Intel wants to be, you know, longer. So data opn, independent timing. Anyway, we got lots to do this week.

We embark upon another two hour tour to answer some pressing questions. What happens if the vendor of the largest mobile platform begins blocking old and unsafe APIs? And can anything be done to prevent that? What new add-on is now being blocked by the dreaded mark of the web? Would you have the courage to say no after your gaming source code was stolen? Is any crypto asset safe? And what trap did our friend Kevin Rose fall victim to last week? How can meta incrementally move to end-to-end encryption? Isn't it all or nothing? What other new feature did iOS 16.3 bring to the world? And what's the latest government to begin scanning its own citizenry? And why aren't they all, or are they? What spectacular success gives the F B I bragging rights? And why is Russia less than thrilled? What questions have our listeners posed?

What possible value is there to making up your own words? How is Spin Wright coming and what is your favorite color? What have Intel and a m d just done to break the world's crypto? And what exactly did chat G P t reply when it was asked by one of our listeners to explain an SSL certificate chain using the voice of a stoned surfer? Bro, <laugh> Leo will answer the question to that in his dramatic reading once all of the answers to the preceding questions have been revealed during this week's gripping episode of security. Now, something to be prepared for and aware of, and keep your finger on the skip button. Thank you, Steve. This is good. This is a jam-packed episode, lots to talk about. We got a lot, including our picture of the week coming up just a bit. But first, but first a word from our sponsor, the good folks at Melissa.

We've talked about Melissa before. I hope you know the name. Melissa. Melissa once again named a leader in G two s Winter 2023 report for their clean suite and their data quality suite products. Melissa is the leading provider of global data quality, identity verification, and address management solutions. So pretty darn good. G2, which is absolutely the, the number one peer-to-peer software review platform, has recognized Melissa as a leader in multiple categories in the small business, mid-market enterprise segments, including data quality, address verification, email verification, data governance. I know a lot of you pay attention to g2. I think that's kind of reassuring along with later status. Melissa achieved highest user adoption in the mid-market section or segment for data quality. They ranked number one in mid-market usability index report number one, and the small business data quality grid report across the small business and mid-market segments.

Melissa received recognition for best usability, easiest to do business with, and I'll vouch for that. They're great, easiest setup, nice and best meets requirements as well as the high as a high performer in the enterprise segment. But, but maybe I should just take a step back and look. Okay, we can now stipulate they're the best. They're really good at what they do. But what is it that they do? You might be wondering, well, let me, let me start by saying what the problem is. Poor data quality, your address lists your customer, your contacts, your supplier lists. Those are going bad. Even as we talk, people move names, change, phone numbers, change, emails change. And that poor data quality can cost you a lot. An average of $15 million a year. And the longer it goes on, the worse it gets, the more it costs you. So Melissa fixes that.

They eliminate waste and lost opportunities from incorrect mailings. They improve customer satisfaction with seamless real-time identity verification tools. They also eliminate a lot of fraud. It's a great way to get fraud out of there. Matching and de-duplication tools help establish a single high quality customer record. You would want this at home, frankly, one record per customer instead of four or five, right? All the customer touchpoints in one record for an ideal 360 degree view of each customer. It's the holy grail for contact lists. And they work in compliance with the US Postal Services move update requirements. That means you're getting the most up-to-date address data because they go through the US P S'S national change of address database, they have it all. And because they've been doing it for so long, they know all the ins and outs. They know all the people in the field.

They know the, the, the pitfalls, the ways to do it, right? Melissa's been doing this since 1985. We're gonna have a big party when, when we celebrate their 40th anniversary in a couple of years. They've specialized in global intelligence solutions to help organizations unlock accurate data for a more compelling customer view. And if you're worried, well, what happens to that data when I, you know, upload it to the secure FTP server or use their API or their SaaS service, or I have it on-prem, what happens? Do they protect my data? You bet. You bet. They, they know that data is gold for your business. They undergo independent security audits continually because they are committed to David as security privacy. And by the way, compliance too. There's SOC two compliant. Hipaa, gdpr, your data couldn't be in better hands. It's in the best hands. Bottom line, make sure your customer contact data is up to date with the best.

Get started today. 1000 records clean for free. Melissa.Com/Twi, m e l i s a We thank Melissa so much for the job they do. It's very important and we really appreciate their supportive security. Now you support us too when you use that address, Steve. So our picture of the week is a, is a great one. We're all familiar with ikea, right? The, you know, you build it yourself out of a box of parts, which you go by. So, so here we have, we, we see an IKEA box that that is apparently for water. And the box has been opened the contents has been removed, and now our hapless purchaser is staring at the instructions. And then with his head turned at the three cylinders of gas, two of hydrogen and one of oxygen <laugh>, and then <laugh> in the foreground, there's a little pale, which, you know, where he's supposed to deposit the result of combining, of course, the hydrogen and the oxygen in a two to one ratio in order to make his own water.

It's the great Dave Blaik and his loose part Very funny, but I was, I was just thinking it's too bad that there's like a little, there's not something legible on the box where it says ship to you from Hindenberg <laugh> some assembly required. Yeah. What would you do? How would you, how would you assemble that to make water? Oh, well, I mean, there is, the way the hin water, there's the hindenberg model. You just light it on fire and the hydrogen would gather oxygen from the air and then turn into water. I, I believe the the, there's a way to do it with something like a fuel cell where you're able to Yeah. To gradually catalyst combine. Yeah. Yes. You, and you, you, you're able to combine these in a way that is not explosively, exothermic and, you know, ends you before you've ever do it slowly. <Laugh>

Very, had a chance, very carefully had a chance to drink anything. Yeah. It's fi figures that you and I and our nerds who listen would look at this comic and then say, you know, how would you go about assembling that <laugh>? That's right. All right, on we go. So in a piece of very welcome news in what will likely be a very effective move to reduce malware on the Android platform, Android 14 will begin fully blocking the installation of apps that target outdated versions of Android. The guidelines for the Google Play Store have long insured that Android developers keep their apps updated to use the latest features and safety measures that are provided by the platform. But this month, the guidelines were updated to require, and that's the big different word, require all newly listed placed door apps to target Android 12 at a minimum, meaning no use of older long since deprecated APIs, which, you know, often in incorporate no longer secure features, or they were just buggy APIs until now.

These minimum API level requirements only applied to apps that were intended for the Google Play Store. Should a developer wish to create an app for an older version, they could do so and simply ask their users to side load the a PK file manually. You know, I, I that's how I got my old zero app to work with the, you know, the, the, the, the zero sleep headband. It's, you know, it's way old. Fortunately, I'm able to just, you know, manually install it into an Android device and it works. And if an Android app hasn't been updated since the guidelines changed, the Play store would continue serving the app to those who have installed it once before. So, you know, there's been a lot of ac accommodation being made up to this point. But according to a newly posted code change, Android 14 is set to make a P A A P I requirements strict to block the installation of all outdated apps, meaning from any source.

And this will include blocking users from side loading a PK files and also block app stores from installing those apps. Now to minimize disruption, Android 14 devices will initially only block apps targeting very old Android versions. They're not gonna lower the boom immediately, you know, to where they want it to be. And this is, we've seen this from Google a lot where they very, you know, sort of progressively slowly move forward. So over time, the plan is to raise the bar to Android 6.0 marshmallow. With Google having a mechanism to, as I said, then progressively ramp it up over time, bringing, you know, forcing more and more currency from Android apps, it will probably still be up to individual device makers to set their device's threshold for outdated apps, or maybe to enable, you know, or, or to like prevent any of this from happening at all.

So there is just no older limit. It depends upon the, the manufacturer. Google believes, I think, with good reason that this will curb the use of malicious apps on Android. The Google developer who was responsible for the change notes that malicious apps intentionally target older versions of Android to bypass certain protections which are only enforced on newer apps. And of course, you know, those who've been listening to the podcast may be reminded of the protocol version downgrade attacks against S S L and tls. Remember where, where an attacker would pretend not to support any of the newer, more secure protocols. Only saying, well, all I know how to do is SSL two, you know, can we still talk? And the unwitting server would say really? Oh, okay. And then be in trouble. So, you know, as we've seen it is often necessary to stop using and to prohibit the use of older, obsolete and insecure technologies.

The same as exactly the case here. And even so, you know, I mean, again, Google really doesn't want to like wreck anything even. So if for whatever reason it is absolutely necessary to install a very outdated application, it will still be possible to do that using a command shell by invoking a new flag. But given the extra steps, then w which would be required, it is much less likely that someone would do this by mistake and inadvertently install malware, you know, just by clicking on a, Ooh, this looks like a good app in, in the, in the play store. So some nice much needed improvement over on the Android side. And speaking of blocking malware, Microsoft also plans to block the execution of Excel, add-in X L L files inside Excel and other office apps if the x l files were downloaded from the internet. Microsoft says it made this decision to quote, combat the increasing number of malware attacks in recent months. <Laugh>.

Okay, newsflash. Okay. Anyway, you know, there's been a lot of abuse of Excel add-ins to bypass email filters and execute malware on user devices. Unfortunately, as we know, the use of zip file containment to avoid specifically to avoid this dreaded mark of the web has skyrocketed among those creating and distributing malware specifically because Microsoft has finally, after how many years, started restricting what the mark of the web marked files can do. The reason I zipped Rob's last pass vault script a few weeks back was to protect it from the mark of the web. Cuz I didn't want, you know, false positive worries among our listeners who wanted to use it. The zip received, the dreaded marking, but its contents were protected. So it's not that I don't think that mi that what Microsoft is doing is useful. It's how anything that was this insecure was ever allowed to happen in the first place.

But, you know, that's the lesson we keep learning in this industry. Riot games reported that it had received a ransom demand via email from a threat actor who hacked one of its employees to then gain access to one of its game development environments. Riot says the hacker is asking the company to pay ransom, or they will release the source code for the League of Legends and Team fight tactics games, as well as the source code of a legacy anti cheat platform. The company says it does not intend to pay the Ransom Riot games says, Nope, we're not paying and expects the leaked source code to, as they said, increase the likelihood of new cheats emerging. Yeah, you think? Yeah. Anyway, I suspect that they also figure that there's really no way that the bad guys would actually honor their promise to destroy the gaming system source code.

You know, it's just too juicy and tempting besides they're crooks. There's little reason to believe that the source would not eventually emerge on the internet. So I have a feeling that they did the right thing. Yeah, right thing. Yeah, exactly. Yeah, exactly. The Coin Telegraph reported that the threat actor behind the hack of the wormhole cryptocurrency platform, and Leo, who would not want to invest in the wormhole cryptocurrency platform, <laugh>, all right. God. this was, this was almost a year ago in February of last year that that threat actor recently moved 155 million worth of the 321 million in assets they stole a year ago from the company according to blockchain analysis platform, Cirque. So that's nearly half of that 321 million that they stole now being moved when wormhole saw the funds move, they reiterated their willingness to pay a 10 million reward if the funds were returned to wait a minute.

Wallets wait a minute. They say, we'll give you 10 million if you'll give our 321 million back. That's right. Who would say no to that? I see. There you go, Leo. That's exactly right. You know, first, how can there possibly be so much cryptocurrency sloshing about, you know, we keep talking about hundreds of millions of dollars here and hundreds of millions of dollars there, and there appears to be no end of, of, you know, random currencies being created and exchanges all loaded up with this cash, and is anyone able to keep these assets to themselves? When I was thinking about this story, it occurred to me that it's like someone had come up with this great idea of having a, before they had invented a safe to protect the bank's assets. Couldn't be a better analogy. That's exactly it. <Laugh>. That's exactly it. Yeah. Yeah. It's just like, this is crazy.

Just crazy. Okay. Unfortunately, our friend Kevin Rose was hacked. And so I put this under the heading of it really can happen to anyone. Last Wednesday came the news that the super tech savvy gazillionaire founder of Dig Now Tech Venture capitalist, N F t Maven, and really neat guy Kevin Rose, fell victim to a classic social engineering attack. As I said, yes, it really can happen to anyone. On the 25th, Kevin tweeted a short message to his 1.6 million Twitter followers. He tweeted, good morning. What a day today I was fished. Tomorrow we'll cover all the details live as a cautionary tale on Twitter spaces. Here is how it went down technically. And then he, in that tweet, he quotes a long string of tweets. The first one reads, earlier this evening at Kevin Rose was fished into signing a malicious signature that allowed the hacker to transfer a large number of high value tokens. Here is a breakdown of what happened, our immediate response and our ongoing efforts, dot, dot, dot. So that was the first of a series of tweets. I'm not gonna delve into the details here, since all of this just makes my eyes cross <laugh>, it makes me feel really old. But among the assets, Kevin apparently lost control of some of his favorite squiggles.

I kid you not, this is so moronic <laugh>. This is utterly moronic. By the way, he's lost nothing. He still has the squiggle note. Uhhuh, what does he lose control of this squiggle. I know. So he, he said in one, in one posting, he said, even though this one was simple, not rare, loved all caps, the pattern, Hey, Kevin, damn, buy some real art from a real artist. <Laugh>, hang in on your wall, man. And then another one, he said, damn, I loved this one too. So, okay, three days later, last Saturday, Kevin followed up by tweeting. He said, I see a handful of folks purchased my stolen NFTs. If you have interest in selling them back to me, please dm exclamation point. I'm not gonna say Kevin's doing this, but this happens year around tax time <laugh>.

Oh. Oh, okay. I'm, I don't, I'm not accusing Kevin of that, but No, no, it does. You will see this every year around this time. Well, and Leo, really, how can you put a value on that? Chromatic <laugh>, squiggle. Squiggle. I mean, wow. Like I said, I <laugh> Wow. Some other industry reporting that followed this event, noted that the attacker Madoff with more than 40 NFTs and that the stolen assets were worth 2 million on Wednesday when the theft occurred. 1.4 million early the next day Thursday, and just 1 million by Thursday afternoon. Perhaps I'm not, you know, I'm not all that unhappy that I haven't chosen to waste. I, I mean, invest time in learning all about this weird world. There's nothing to learn, Steve. You know exactly what you need to know. <Laugh>, aside from the apparently uncontrollable lack of security, the whole thing doesn't feel like a financially stable ecosystem.

On the bright side, you got a $2 million tax loss you can write off. So that's good. That's right. Those little puppies, they got away from me. They really had a, you know those little squiggles, they can really oh. Especially when they're so, when they're so cute, Leo, they just, you, you don't need to add this to the, to the list, but there is now a Ponzi scheme probe into Celsius, which was a long time crypto lender lent billions of dollars to people. And now the investigators say, you know, it, we think they actually had no money and they were taking new investors money and lending it out. And they had basically had no assets to begin with. Wow. which is kind of stunning. But this is the thing is they, they've, they've created a financial instrument, an unregulated that they've cleverly unregulated unsecured.

And now all sorts of shenanigans can happen. Yep. Yep. Okay. So Facebook will be moving more users to end-to-end encryption. And this puzzled me at first, meta has said that it plans to migrate more of its Messenger users over to the end-to-end encrypted, you know, e two e version of Facebook Messenger over the next several months. The company says users will be chosen at random and users will be notified when their private conversations will be upgraded to the end-to-end encrypted version. In addition, the company has also expanded the features of its end-to-end encrypted version, which now also supports some of the features that the original Messenger app, such as, you know, had such as link previews, chat themes, user active status and support for the Android floating bubble mode. But as I was putting this together, I was thinking, wait, how could you move some users to end-to-end encryption?

And not everybody at once, <laugh>, if you have, if you have end-to-end encryption end then, but not to that end <laugh> that Yeah. To them both ends must be end-to-end capable, right? Anyway, so meta wrote, over the next few months, more people will continue to see some of their chats gradually being upgraded with an extra layer of protection provided by end-to-end encryption. We will notify people in these individual chat threads as they're upgraded. We know people will have questions about how we select an upgrade individual threads. So we wanted to make clear that this is a random process. <Laugh>. In other words, we don't know either <laugh>. Okay. So, oh God. So that, that I know. What a mess. They promised this, by the way, years ago. I don't know what's so hard about all this. Yeah. Well, let, let's see, let's see. Imessage, telegram, signal, fma, I mean like e Instagram, everybody else has done it, right?

Except Meta and, and with Facebook messengers. Anyway, so that, that explanation, clarify this a bit. So apparently all Messenger users already have end-to-end encryption Messenger apps. They just cannot themselves enable its use for all of their communications. Meta instead is gonna do that for them randomly for some reason. Well, I, this is not actually that unusual cuz you, when you roll out something like, you know, it's gonna break Yes. People's stuff. Yes. So you do it in a gradual fashion so that you can manage the breakage and maybe Right. And maybe nip some of it in the bud if you've discovered a problem. Right. I'm sure that that's exactly what their, their, their, their plan is. They, they want to be able to back out of it. Yeah. Should they need to? Everybody does these stage rollouts now. Nothing's rolled out all at once.

Yeah. Yeah. Well, and look at our browsers that, that are in mul multiple stages of pre-release channel. Right. You know, un un un underuse by those who don't mind being on the bleeding edge and, and re reporting problems. Okay. Last week when I mentioned that with the release of iOS 16.3, apple's full ILO iCloud encryption would be available globally. I forgot to mention that this release also allowed the use of third party Fido certified security keys for Apple id. Until now, apple has allowed users to use various forms of two factor authentication methods to secure their Apple ID accounts. But Apple has been slowed to add support for these hardware. Dons iOS 16.3 and Mac OS Ventura 13.2 are the first iOS and MAC OS versions, which allow users to use Fido certified hardware security keys to log into Apple accounts. So in case any of our iOS and MAC OS users have those keys and didn't have anywhere to stick them, now they do <laugh>.

Oh. and N F C tokens will also work with the phone's N FFC capability. There's a problem with this. And apple's advanced data protection, which is if you do turn this on, you have to have all your devices have to be running iOS 16.3, or you'll be locked out of older devices because they can't do it. And Apple says this very clearly, so, yeah. You know, I mean, guess this is how you have to do it. I mean, it's just gonna, I wouldn't recommend anybody rush to do it unless you are only using modern Apple devices that have all been updated. Right. And, you know 10 years from now Yeah. When, when I finally have given up my iPhone six that 10 years. Really.

But I, but I, I don't, I guess I have a, I I think my iPhone 10, I think I I think it has 16.3 on it, so it might Yeah. Yeah. They, they're pretty good about, that's one good thing that Apple does is they, they go pretty far back in time. Okay. So we've been following the growing and I think entirely sane and rational emerging practice of governmental security entities proactively scanning the networks of their own citizenry, commercial enterprises and governmental services. Poland's Cert known as Cert Polska recently described their Artemis system as follows. They said Artemis Scan services exposed to the internet to look for common vulnerabilities and configuration errors. Regular scanning of entities that fall under the constituency, such as schools, hospitals, or local authorities, allows us to monitor and improve their cybersecurity. This is important because the nature, because of the nature of these organizations, they are all used by citizens on a daily basis.

And any incidents affect them as well. The scan results are not shared publicly Good. They're instantly forwarded to the administrators of the systems in question. The data is then used to address vulnerabilities and to detect similar issues in other parts of the infrastructure. As a part of the scanning process, cert Polska also verifies whether the identified vulnerabilities were fixed correctly. One aspect of the created tool is that it enables administrators to easily distinguish scanning activity as conducted by Cert Polska. This helps minimize the unwanted effects like unnecessary attack mitigation. All relevant information is accessible to administrators on a dedicated page. The scanning results, aside from improving the security of a specific entity, help us to create a better view of the current cybersecurity landscape and designate our resources where they're needed the most at the moment. And Bravo, you know, I see nothing but upside to this, and all governments hopefully have similar undertakings underway in this case of Poland's proactive scanning.

Here's what they wrote about the results so far. They said the scanning process began on 2nd of January, and as already produced some results, we've scanned close to 2000 domains and sub-domains of local governments, and we were able to detect few hundred websites based on outdated software. We've also dealt with numerous cases where configuration files that included passwords, backup archives and data records were publicly accessible. We've also found a few dozen of incorrectly configured directories that contained the page source code and in some cases, access credentials. Wow. not bad for a start and certainly easily justifiable in any subsequent budgetary meeting. The use of outdated systems, as we know, doesn't necessarily translate into exploitable vulnerabilities, but it can point to IT administrators who are not keeping their public facing systems current. And that can lead to potential exploitation. At the very least, it creates some very much needed feedback and accountability. When a system gets hacked after an organization has been notified of a problem and for whatever reason chose to do nothing about it, the excuse of, well, we didn't know, I will no longer fly.

 The Hive ransomware organization got hit in a very impressive piece of a high-tech intelligence. Law enforcement agencies from the US and the EU have seized the servers and websites operated by the Hive ransomware gang. You know, this is one of the top groups believed to be operating out of Russia. The US Department of Justice says the F B I secretly breached the Hive gangs infrastructure last July. Wow. Yes. They got in there and they stayed stealth from where agents retrieved more than 1300 decryption keys over the past seven months of these, the F B I distributed 1000 decryption keys to past high victims, but also shared in real time more than 300 new decryption keys to companies that had computers encrypted in ongoing hive attacks last year. You know what's amazing is they, they did this, they've been doing it for six months and no one said anything.

Like, they kept it a secret. Yes. What do you think they did? They folded up a piece of paper <laugh>. They said, Hey buddy, here's something you might want. Don't tell anybody I gave it to you, <laugh>, because they just, it's just, you know, I don't, you don't know me. I don't know you <laugh>, but you might want this just saying you might want these 29 digits. Yes. So they also shared in real time more than 300 new decryption keys to companies that had computers encrypted in ongoing hive attacks last year. Officials say they prevented ransomware payments estimated at roughly $130 million. Wow. But they also notified many other companies when their networks were breached, even before Hive and its affiliates had a chance to deploy their ransomware Oh. And encrypt their data. Ooh, that's good. They were, they were in there before the bad guys were.

That's amazing work. It's, I'm surprised Hive didn't notice anything. Is it one of those ransomware as a service deals? Yes. Were, yes. Okay. So maybe the affiliates weren't that smart. Have they have affiliates? Exactly. S since since June of 2021, when the Hive Gang launched its operation, so a year before that happened. So they, they've been going for a year. The group is believed to have made more than a hundred million dollars from ransom payments. And here the f b just took another, took 130 million out of their pockets. So, wow. Nice going. Fbi, <laugh> and Russia reacted. The Russian government has blocked, I get to say my favorite Russian agency's name here in a minute. <Laugh>, the Russian government has blocked access inside the country's borders to the websites of the cia, F B I and the US State Department's Rewards for Justice program. Oh, Russia, Russian Offi. What? That's admitting that they're protecting these guys. Exactly. Russian officials with Ross Kuan or rules come.

You do it much better than I do. I love it. The country's internet watchdog told inter facts. They blocked access to the websites for quote, I love this spreading fakes about the Russian military and discrediting them. However, the timing of this decision is coincidental and might be telling as it came just hours after the State Department offered a 10 million reward for information on the Hive ransomware gang. And its possible ties to a foreign government. Gee, I wonder which foreign government. Mm-Hmm. Which one Blocked access to the cia, fbi, and the US State Department. Huh. Leo, I'm gonna take a sip of drink. Yes. And let's tell our listeners how lucky they are to find out about our sponsor. [inaudible] Brought you by RO <laugh>.

Well, you could still get it. Get it. Well, you can <laugh>. No, that's not true. Our show today, we, we so far don't have any Russian state entities advertising. I don't think we ever will bought to you by a great company called Kolide. I'm a big, big, big fan of Kolide kale's, an endpoint security solution that doesn't use M D M. It uses the single most powerful untapped resource in it. Your users. Your users. You know, I don't blame you. I understand it sometimes, you know, because security is paramount, will, you know, lock down every device like Fort Knox, right? You know, whether you're preparing for a third party audit or you've got your own compliance standards, it's, it's normal. It's, it's kind of how people do it. They use mdm, old school management tools like that to, to put these disruptive agents on employee devices.

Employees know it. They see the slow performance. They start to worry about their privacy. What are you watching me to? And what happens is, and you know this, it turns you an IT administrators into enemies with the end users. Like, you're like, I don't want you to, you go, I'm gonna do this. I don't know. It's like putting super glue in the USB ports. It's, it's, it works, I guess at least until it doesn't. The problem is that the end users go, well, good. I won't use that laptop. It's too slow and I, it's not private. I'm just gonna use my personal laptop. They turn to shadow it just to get the job done. And now you really have a problem, especially if they bring that laptop into work. I mean, it just gets, it's a nightmare, right? The, it really comes down to the fact you cannot treat people you know, like, like servants, like, like the enemy not with KA Kolide, Kolide does something differently.

Instead of forcing changes on your users, Kolide, enrolls them into your army of people defending your business. They do it with Slack. Now, for houses that use Slack, this is the best way to do end point defense for in. So it all starts when you send out that invitation, here's Kolide. And you do it on Slack and they get the slack, and then Slack walks them through the process of installing Kolide. And now Kolide is watching out for you. But instead of ratting out the user, it goes to the user says, Hey, you know, I just, I noticed your SSH private key is sitting in the download folder, unencrypted. Let me explain why that's a bad idea and what we can do about it. And walks 'em through the process. It makes them allies. It sends security recommendations through Slack. It notifies them when their devices are secured and then Kolide gives 'em step-by-step instructions on what to do to fix it by reaching out to employees via friendly Slack dm.

It's a dm, it's not public. A friendly Slack dm, educating your users about company policies, explaining why this is a big deal for them at home and at work, and what they can do about it. It helps you build a culture in which everyone contributes to security because everyone understands how and why to do it. And it's a revolution. No longer are your users the enemy. They're your allies, they're your partners. And as an IT admin, you'll love it. Kolide gives you a single dashboard that lets you monitor the security of your whole fleet. And it's truly cross-platform, Mac, windows, and Lennox. You could see the glance, which employees have their discs encrypted, which employees are keeping their OSS up to date, using a password manager, all that stuff. It makes it easy to prove compliance to your auditors, to your customers, to your leadership.

And it makes users happy. I know that's not your primary job, is not to I under, believe me, I know <laugh>, but, but unless you're a sadist, you don't wanna make 'em unhappy, right? You want the whole goal is let's keep this place secure and let's do it together. So that's Kolide in a nutshell. And I just love this idea. User-Centered, cross-platform endpoint security for teams that Slack. That's it in a nutshell. You can meet your compliance goals. You can by putting users first, I swear, K O L I D now Now to find out how, if you follow that link, they're gonna hook you up with a goodie bag that'll make you goodie, including t-shirt. You know, you get a Kolide coaster. Stickers, love stickers, always gotta put stickers on the laptop. Here's what they have a number of different T-shirts. This is the Honest Security t-shirt from Collide.

It's got pinocchio's all with long noses except for one. That's you, you're honest, honest security Now just activate that free trial, no credit card needed. And they've got that, that goody bag for you. I use the Kolide coaster for my coffee cup right there. K o l i d Now we thank 'em so much for supporting security. Now we love our sponsors especially on this show cuz they're all focused on the same thing. You are Steve, which is Yep. Keeping us safe back to the show. So we start with a bit of a ratta a piece. Thanks. Goes to our listener, Edwin Rosales, who actually wrote to you Leo, and you forwarded it to me. Oh good. I'm glad you got that. Okay, good. Yeah. He's at Hi Leo. FYI in security now episode 9 0 6. Steve erroneously conflated Semantec with Norton.

He says, now Jen Digital Inc. He said, I pointed out to Steve, neither Norton nor their parent company, Jen Digital, are affiliated with Semantec ever since Broadcom acquired the Semantec brand and enterprise security assets back in 2019. It's so confusing. I I, we both lost Appreciate Yeah, I appreciate the correction because I do conflate the two. Yeah. yeah. You know. Anyway, he said, I also mentioned that the acquisitions reorgs are a bit confusing to follow after Symantec sold its brand and enterprise assets to Broadcom. What was left was the consumer product, which they rebranded as Norton LifeLock, which was again now Gen Digital last November, 2022. So, so Broadcom doesn't own Norton LifeLock correct. It's not confusing. They only purchased the enterprise stuff. Symantec stuff. So anyway, Edwin, thank you for the correction. Okay, I li I get a, got a kick outta this person's Twitter name.

 Their, their handle is at PT 22, which is person typing number 22 <laugh>. So this is from person typing 22. He asks at S G G R C, you mentioned dice wear on security. Now log two of 7 70 76, which is, you know, the number of dice wear words there are, he says is 12.9 bits of entropy per word. Yes, they have fewer bits of entropy per character, but a six to eight word random dice wear phrase plus one capital digit and special is the holy grail memorable, easily typed and secure. <Laugh>, I hear this horse staple thing all the time. Can we debunk? We're gonna, well, so I, so writing back to person typing, I get the attraction of the dice wear idea, but 12.9 bits of entropy per word is not a lot of entropy. It's about equivalent to two randomly chosen characters worth of entropy.

So to get the 20 randomly chosen characters worth of entropy that are about what you need, we need to use 10 dice wear words. And that's quite a lot of typing. And your password that you're entering is often blanked, so you can't see your typos. So, you know, I'm not that that much, much as you aren't now, I don't know why it never occurred to me to just share what I have always been doing. Somehow I've never talked about it as if divulging my own personal system would make my own use of it more vulnerable. But that's not the case. If you've paid close attention to this podcast, you may have heard me mention some of the words I've made up through the years, but I've been quite careful to never mention any of the made up words I use for master passwords. Made up words are an intriguing compromise.

Let's consider the advantages of using your own fun made up words that you won't forget because they're auditory. You know, such non words are easy to invent. They could be shorter, like bingo boho les crumple suit tra too simulx or jubilee. Or you could go with longer words like v hogan wiggles taken ram blows S or fu trimeth <laugh>. I do wanna point out that you will want to steer clear of anything you having to do with ululate. No emulators, no. Or in cannulators. No, no, no, no, no, no. So my point is made up words have a lot going for them, but Russ Manzo <laugh> that well close being phonetic, they're fun to say and memorable. If you practice them a bit, unlike dice wear words, they're not gonna be in anyone's dictionary. And since each one can have many characters, when you use several of them together, you get a self padding, longer haystack style benefit as well.

So my best advice, it's actually what I do is invent a few of your own fun words, add some capitalization and toss in a random special character between each word. And you've got something that's memorable with good entropy that won't be found by any dictionary attack and won't be cracked within several lifetimes. And oh, if you're feeling a lack of inspiration or imagination, look on the net under fake word generators, you'll discover that the many of those exist. You can use them as a starting point, building your own set of personal words that you know, you wind up settling on. I gotta point out though that anything at all, and I'm I this, this, this has gotta be provable that you can remember is inherently less secure than random. It's absolutely true. And I mean it is absolutely true. And the reason this is less secure than random is because English has rules about what letters follow what letters.

Yes. And so, and you're following those rules even when you're making up a word. Otherwise, it wouldn't be memorable, it wouldn't be a word. So there are rules about, and that lowers the entropy between letter two and letter three. There are rules absolutely. About how they can be combined. Abs absolutely does. Yeah. But it's still sufficient probably. Right? Well from a brute force attack standpoint what you would need would be an algorithm for the brute forcer to be guessing made up words that, that aren't in the dictionary, but which, which, you know, some re some person may have come up with. Because there, I don't think you go that far. I think you just say, well I've got an E here. And it's, it's very unlikely that e would be followed by some letters and more likely to be followed by other letters. Right.

It's still pretty. I mean, look, if it's long enough, it's still intractable. I think that fu trimeth as a as a word that's gonna be Yeah. But that t and r t is awful followed by R and i and, and Leo, I'm not saying that 20 bits of gibberish aren't better. Yeah. Yeah. But you can't, but that you can't remember it. You know. Now you tell me what this, so this is what I do. I think of a phrase, let's say to be or not to be. That is the question. And then I take initial characters of each of those because those are less likely to be related one to another. Right? So to B or not to be that is the question would not be a good passphrase. Not only is it English words, but it uses rules of, of, of relationship between letters.

But t the, the letters T B N T B or even better, the number two B N two B are not so closely related. You'd have to know what the originating phrase is. Now obviously don't choose to be or not to be, because that might well be something in someone's jurisdiction or the Gettysburg address or the Constitution, you know, nobody would think of. Maybe pick a book that you really like and take page 300 and the third paragraph in and use that first if you have a favorite passage from the Bible. Yeah, exactly. And then I usually intersperse that with some other rules. Rules are always risky. Rules imply less than random. And you don't have to use the first letter either. Ah, there you go. Second letter. There you go. Or a your own algorithm of alternating which letter you use, right.

Or another algorithm somebody's used. And the idea is that you, you can reconstruct it in your head because you know what the rules are. Somebody said, take the last 10 presidents, capitalize 'em if they're Democrats, lower case of efforts Republican, you know that. But that's gonna be very hard to brute force, I think, right? Yeah. The point is to make a password, you can build, you can reconstruct knowing what rules to use. And then as I mentioned last week, I always add my childhood phone number, my zip code. Oh, but one tip, do not have anything to do with your birthday. Do not your birthday. That's well known, your own password and don't do as Paris Hilton did and include the names of your well-known dogs in the password <laugh>. Oh, this, if it's in Wikipedia, don't, don't, don't do it, I think would be the word.

Yes. Because that means that chat g p t knows about it. It already knows. Yeah. Yeah. So I think there are ways to come up with less than with, with memorable or reconstructible passwords that are even better than dice wear words to me. No, no argument. Yeah, no argument. And I don't think dice wear is all that good. I mean, I guess if you had 10 maybe, and, and that's the point. You need 10 in order to get, you know, the kind of entropy that we would like to have. Yeah. And then it becomes, I know again, you're gonna type 10 words where you cannot see what you're typing. No. I don't know. A a lot of these password number, this is a, a dice wear page, somebody put together, they use these, you know, oh, look at the number of possible passwords. Look how large that number is.

But that isn't really germane to it because these are all in a dictionary. Yep, exactly. So you can greatly reduce the, the search space. Exactly. And that's what it's all about, is reducing the search space. All right. We have a listener, Barry Wallace, who he said you actually, he tweeted to both of us at SG GRC and at Leola Port. But I realized, Leo, you're no longer seeing good luck <laugh> at Leo Laport. I haven't seen anything on that stage for a long time. Barry said, listening to the last SN had me come up with a new term instead of script kitties. We now have chat kitties. Yep. And I liked Barry's thought we do need a new term. They're similar in concept to script kitties, but I, I think the word chat maybe isn't domain specific enough. Mm-Hmm. <affirmative>. So maybe chatbot kitties. Yeah. Where, you know, they're using chatbots to write their scripts for them.

Yep. last Tuesday burned tweeting from at Q U E X T E N, he said, hi Steve, glad to hear you mention changes towards Argon two support in Bit Warden today. Some clarification of why the, the, the S script pull request is closed now. Oh, in favor of Argon too. Oh, good. I first implemented S script because the libraries were more widely available. Pure JavaScript in the browser and ready to use Bouncy Castle Library on mobile. After the simple to implement s script support was done, I began work on the Argon two poll requests expecting them to take longer and they did take a fair bit more work. Argon two requires web assembly in the browser, and that was a concern in the forums in the last few years. But these days, all browsers accept ie. Which hopefully no one support it.

Mobile support was also a bit more work. And finally, changes in the server are necessary to account for Argon two's extra parameters. S script mainly relies on a single work factor, which determines both memory and time complexity while Argon two configures memory and time separately. Because of this, changes in the backend communications are necessary to send these extra parameters required by Argon two compared to BBB K DF two s simpler iteration count. Since the initial Argon two pull request was complete before S script was reviewed and merged. And since multiple new key derivation functions seemed redundant, an Argon two is the newer more crack resistant function. We decided to close the s script pull request to focus on argon two. Hmm. O OSP also recommends Argon two over S script S script over B crypt and B crypt over PBK DF two. Anyways, after some back and forth with the bit warden team, we are close to getting support merged, which is exciting.

Now that was one week ago today, last Tuesday. Then yesterday at 8:46 AM he tweeted final update on Argon two in bit. Warden support has now been merged into their master branches for mobile, desktop, web, and servers. Next release should feature Argon two as a new P B K D F option. I thank you for that and I thank Questin for writing it. And there's the, and we should mention Bit Warden's a sponsor, but there's the beauty of open source right there. Yes. Question doesn't work for Bit Warden. Yes. Didn't he? But he, he was able to do a poll request and get it integrated in. Yep. You know, and if this is an example of the agility that we have with open source approach, isn't that great? You know, a and the mentality you know, that this can bring to security products where agility can be crucial.

I'm sold. Boy is that great. I can't I, the minute they turn that on, we will tell everybody and yep. We'll get you all to switch over from PB kd F two to Argon two. Nice mu much very nice. Much more g P brute force T resistant. Fantastic. It's a great solution. Dennis Keefe who's I guess a financial coach that's in his name, he said, Steve, in regards to chat G P t becoming so popular, what do you think would be the best career path to focus on over the next five years? I'm currently working on Linux CIS admin certifications. Okay. So, you know, the use of these large language model transformers is bringing us to the brink of something. Mm-Hmm. <affirmative>, but like most big game-changing somethings we almost certainly do not yet fully understand the something that we're on the brink of.

If you wanna go back to school, there's likely to be big career opportunities in artificial intelligence. Just as there are large companies, you know, or j just as all large companies need a C E O and a C F O and a c o and a c o, it may very well be that before long there will be a C A I O position at the top as well because I suspect that the application for this technology is going to surprise us. But my best advice for picking a career, any career has never changed. First and foremost, follow your heart over your wallet. Many people with fat wallets have thin lives. Find something you love and work to get really good at it. You'll enjoy the process of getting good at it and then you'll love being good at it. One thing we know for certain is that the career opportunities in cybersecurity are very real as we've discussed. They're likely not for someone who wants to punch out at 5:00 PM every weekday since computers never sleep and bad guys are often in far away time zones. But it should be clear to anyone who follows this podcast that cybersecurity is a growth industry today.

 Mark Seidel asked, he said, Steve bid warden can store the T O T P seed. That's, you know, the time-based, one-time password seed for a website. When you visit the site, it will automatically copy the current six digit code to the clipboard, making it simple to paste the code into the site's MFA control. Would you ever use this bid warden feature? I've been meaning to ask you about this cuz how convenient is that? Right. It would seem to, he says it would seem to reduce m FFA protection to a single factor, your bid warden master password. And I think that Mark is exactly right. One of our recurring observations is that just because something can be done doesn't mean that it should be done. I don't mind having bit Warden offering this feature, but I would never consider using it for exactly the reasoning that Mark suggests.

The entire benefit of the one-time password off app running in my iPhone is that it is physically and logically disconnected from the website though from the website I am authenticating to. If my password manager is able to fill in my username, my password, and my time varying six, six digit token, then a useful aspect of that second factor's separation is lost. Now the counter-argument to this is that what the one-time token actually protects against is the theft and reuse of our static credentials. It makes one of our required credentials dynamic so that credential reuse, which of course was last week's topic, is completely thwarted when viewed from that perspective, having a password manager also able to provide the dynamic component of a set of credentials seems reasonable. So I suppose that what makes me nervous about turning over my, my one-time password generation to the same system that's holding all of my other credentials is the all of my eggs in one basket concern.

As I've said, the first thing that went through my mind when I heard that LA the Last Pass customer vault backups were now in the hands of bad guys was that all of the sites I most cared about are set up with one time. You know, time varying, one time password tokens. That last pass never had any awareness of that turned out to be a blessing. So I'm glad that my one time password token generation keys were never theirs to lose. You print your QR codes out, don't you? And I do store them somewhere. Yeah, that's probably a good idea. I do. John tweeting from C Veteran, he said, Hey Steve I'm looking back through the podcast and show notes looking for the name of the VPN n like technology you guys talked about in reference every now and then. One of its features was much wider bandwidth than classic VPN technologies.

Could you recall the name for me? I'm stumped. Warm regards and thanks for your great insights as always, John. Okay. I think that what John is asking about is what's now being referred to generically as overlaid networks or sometimes mesh networks. This was what we discovered early in this podcast with hamachi and there are now a number of similar solutions. The ones we've talked about in the past are tail scale, zero tier and Nebula. For example, Nebula, which we last talked about is an open source peer-to-peer mesh network, which was created by engineers at Slack and open sourced Afro several years of their own internal use. Also many things impressed me about tail scale, including that it's a mesh network based on wire guard, which is the right core. And after and after that, we talked about oh, and, and after we talked about tail scale, many of our listeners gave it a try and specifically wrote to say that they were astonished by how easy it was to set up and use.

It's like, like zero configuration yet super secure. And, and it is also free for personal use and hobby projects. You're able to connect up to 20 devices for these secure peer-to-peer connections. Also offering single sign-on and multifactor authentication on the other side, zero tier is open source. So if you're more focused on open source or only want that kind of solution, zero tier is exactly the same sort of thing. So anyway, based upon its specification and the amazing experiences of our users, you know, I would say any of those three tail scales, zero tier or Nebula. And I'm pretty sure that's what John was talking about.

 Huh. I, I had a note here that I did not have a chance to flesh out. Stephen Lacy asked at SG G R C during security now 9 0 5 titled one, because that was the, remember the horrible iteration count that some LastPass users found still set in their vaults. He said, you, I know you mentioned the lack of an API for password changes. Is there any chance this could be implemented in a safe and secure way? And I, I thought that would be a fun thing to do a little brainstorming about and think about, and I just didn't have time to do it. So thank you, Steven, for that question. I'm, I'm gonna keep it on the, the back burner. A quick bit of update on the spin right front. We had a very productive week dealing with various oddball edge cases.

 I'll chair just two examples. We discovered that there are some bios whose u sb support uses the available 32 bit of the processor while not preserving the high 16 bits that they modify. Now, this would be okay if only 16 bit client programs were running on those machines since those clients would be unaware that they are actually operating on a 32 bit processor. But spin right is now working with multiple 16 megabyte buffers within a flat 32 bit address space. So it has grown into a real 32 bit application running within a 16 bit Doss real mode environment. A p i functions, which are called, are required to preserve any registers that they use. But we discovered that the u sb functions on some a M D motherboards are not doing that. So now spin rider is protecting itself proactively from that behavior and a handful of mysterious misbehavior that we, we've been experiencing all disappeared immediately.

Interesting. Huh. Uhhuh, <affirmative>, I mean, this is sort of where we are now, where like, you know, spin right's working, it's done, but, you know, people have the, you know, there's some number of people will be booting A U S B on an a m D mother board. And and what was happening was they were getting a message saying that the ec the, that spin right's executable was corrupted. That a spin right. Checks itself to make sure that, that it hasn't been infected. Cuz you want to make sure that it's working correctly. Well, that, that self test was failing and it wasn't failing for me. It wasn't failing for a bunch of people, but it was failing for a bunch of other people. And it was like, what the heck? Well, it turns out most of them had a m d mother boards. And I've, I ended up, in fact, one a per a German user, Chris in has early on he had a motherboard that I was having that he was, he had a motherboard that where I couldn't reproduce what he was seeing.

So I got that motherboard from eBay as set it up and, and had it around. So he was having the problem. He said, Steve, you've got one of these motherboards. I dusted that one off, plugged it in. I was, do you have a motherboard rack somewhere with a bunch of, oh, I've got, I've got my, yeah. Wow. I, I've and in fact, I received, I received 10 hard drives which were FedEx to me by a Canadian tester. Because in fact, this is the second example. I, I wrote in a second example, a Canadian tester named Andre sent me some drives, one of which was reliably causing spin right to crash. I had a similar drive that was also misbehaving, but Spin Wright did not crash for me. The drives arrived yesterday morning, they did Monday morning. So I plugged in the culprit and at long last recreated the crash that Andre and others had been able to independently reproduce.

I saw when it was happening, when there in the code, the problem occur, saw that something was modifying the stack, found the problem, fixed it, no more crashes. Hmm. So it's funny because in, in our communication he had boxed up these, these, these 10 like dead, dead or dying hard drives. Wow. And he made a comment that his wife was really glad to see those leaving <laugh> because, well, they've been on the dining room table for six months, months because, you know, and, and, and I wrote back and I said, Andre, how is it possible that you and I have both married the same woman, <laugh>, I think many of us have <laugh>. Yeah. She, she and Lori's very patient. She says, are you done with this hardware testing part yet? Oh Lord, no. Not quite honey. So just step her over that pile. Mm-Hmm. <affirmative>

And cuz I know where each one of those things are and, and what they do. Okay. So anyway, that's where Spin right is now it's done and it's working 629 current Spin ride owners have been testing it. And I'm happy to say that most of them are bored. Board testers is what you want, but not all of them are bored yet. And I want all testers to be bored <laugh>, because, you know, they've been unable to find any wacky system or damage drive that causes spin. Right. Any trouble. So we're getting there, you know, this is always the 95 5 rule, but I, I wanna push this thing all the way so that, well, because once I get it published, I want to immediately start working on spin. Right. Seven and not, not be dragged back to deal with spin. Right. Six one things that I didn't find.

So when it's done, it's really gonna be done. Okay. this is really a neat topic. Data operan, independent timing. You wanna tell us about the Club, Leo? Yeah, sure. Be glad to and then we'll get into Do it. Just do it. Ooh baby. Just do it. Our show today, and much of what we do on TWI is, is brought to you not by a sponsor, but by you, our listeners and in particular, our club members. Were so grateful to our club members. Lisa started Club Twit about two years ago. She had a great, you know, deep thoughts. She said you know, as, as, as this is in the midst of pandemic, it's getting harder and harder to find advertisers. Why don't we make an offering to our listeners that gives them something extra and they can help us by subscribing. But it's not expensive.

$7 a month and I think it's a great deal buck less than a blue check on Twitter, but you get a lot more, you get ad free versions of this show and every show we do you also get shows that we don't put out in public, like Hands on Macintosh with Micah, Sergeant Paul Thots, hands on Windows, the Untitled Linux Show with Jonathan Bennett, the Gizz Fizz Stacy's book club. There are events. In fact, we've got some great events coming up in the club including a chance to ask questions of science fiction author Daniel Suarez. His new book comes out today. Daniel will join us February 10th for an interview. We will put that interview out on triangulation, on the TWIT events feed. So everybody will get to hear that. But if you wanna ask questions, you need to be in the club in our club Twit Discord.

And oh, by the way, that's another wonderful benefit of the club. The Discord has kind of surprised me. I'd never used it before, what used a little bit, but not a lot before. I'd never experienced it as a community. It is a wonderful place to hang out The club. Twit Discord has, of course, wonderful people in it. They're all club twit members, all paying members, which somehow elevates the conversation a little bit. And it's conversations yes, about the shows, but also about other things of interest from anime to autos, from coding to alcoholic beverages and everything in between. And it's a great place to go to meet people, to talk to people, to to have some fun. So that's another benefit you get. And the Twit plus feed, which includes a lot of the stuff that never made it to the shows, you know, before and after every show.

 I and our hosts have wonderful conversations. Those have just fell on the cutting room floor in the past. Now we put them out along with those special shows. We also u on the club twit twit Plus Feet. We also use the club to introduce new programming. So this week space started in the club. Club members supported it before it was, you know, when it was just a baby, not big enough to get advertising. And then as it grew and got advertising support, we put it out in the public. Now actually, it's doing so well, we're gonna add video as well. We're we, now, we, in the old days, we used to kind of launch a show full bore, which cost us a lot of money. And, and in the end, if a show didn't make it, that was money was lost forever.

So the Club has really become a great launching pad for us. And again, that financial support, seven bucks a month, $84 a year, there's corporate memberships. Makes a huge difference to our bottom line. I'd like to get every one of you in the club. It would mean, frankly, we'd be no longer beholden to advertisers. We could, we could do what we do, we could do more of what we do. So I'm really pushing people. You know, I know not everybody can afford it. And for that reason, of course we'll continue to offer free versions of all of our shows ads supported. But if you can afford it, and I think seven bucks a month, you know, it's a couple of cups of coffee a month. If you could donate that, that makes a huge difference. There is a slider. You could add more if you want, but not necessary to do this.

TWI tv slash club twit. And I thank you so much on behalf of all of our staff the Stay employed, thanks to you, our hosts we really appreciate your support. It makes a big difference. It, it heartens us to be honest with you. We, you know, we go look at those stats and we go, that's great. And we, I go in the Discord and I see all these smart, interesting people conversing and meeting each other. And I go, this is, this is what it's all about. Twit.Tv/Club twit. No, no guilt. If you don't, that's fine. But if you can thank you, it would be great. Now let's do it, man. Okay, so last Wednesday the 25th, Eric Biggers, a software engineer at Google on the platform encryption team, brought a significant cryptographic security issue to the attention of the well trafficked o s s security list.

In a posting, he titled Data Operand Dependent Timing on Intel and Arm CPUs. Now, admittedly in any other venue than ours, that might sound dry, huh? But not here. We were recently talking about data dependent timing, which is a huge issue for cryptographic security. We were talking about it in the context of the S script P B K D F algorithm, which might suffer from a side channel attack as the initial version of Argon two also did, due to the fact that the value of the user's password directs the functioning of the algorithm. In other words, if the algorithm operates in any way differently, depending upon the data that it's processing, specifically anything that must remain secret like the user's password or the algorithm's secret key, then it's theoretically possible to reverse that process by observing the algorithm's behavior, perhaps from afar. You know, things like power usage, execution, timing, cash hits and misses, branch prediction traces, you know, whatever, to figure out what data must have been given to the algorithm in order for it to behave the way that it was observed to behave.

And we've seen how astonishingly clever researchers have turned out to be in this regard. One of the reasons the Rhind Dohl Cipher won the competition to become the a e s standard was that its operation was beautifully independent of the secret key. It was operating upon no jumps or branches were taken or not based upon the algorithm's secret key. You don't wanna have any secret dependent behavior, but what if the timing of the instructions themselves was dependent upon the data that the instructions were processing? Now, a traditional example of this may be familiar to old coders and that's C P U, multiply instructions. Binary multiplication is an inherently complex process. So inside a processor multiplication was traditionally an iterative process with the number of clock cycles required varying widely, depending upon the data that was being multiplied. In the show notes, I have a table showing the number of clock cycles required by various early Intel CPUs from the original 80, 88 and 86, the 2 86, the 3 86, and the 4 86.

And even the later of those, the 4 86 a 32 bit multiply will require anywhere between 13 and 42 clock cycles, where that count is entirely dependent upon the data that's being multiplied. So we come back to the question, what if Yeah, and, and, and you can see it there on, on, on the screen that they're, that's meaningful to you. You, you're a better man than I <laugh>. So the, the, the tho those, those those ranges three to 14 under 3 86 12 to 17, 13 to 18, those are the ranges of clock cycles that that single instruction could require to execute depending upon the data that it's being asked to multiply. So we come back to the question, what if the timing of the instructions themselves was dependent upon the data that the instruction was processing? Which leads us into what Eric wrote. So Eric from Google said to Linux people, hi.

I'd like to draw people's attention to the fact that on recent Intel and armed CPUs, by default, the execution time of instructions may depend upon the data values operated on. This even includes instructions like additions, exor, and AEs. Instructions that are traditionally assumed to be constant time with respect to the data values operated on. For details, see the documents from each vendor, non-constant time instructions break cryptographic code that relies on constant time code to prevent timing attacks on cryptographic keys, which is most cryptographic code. This issue may also have a wider impact on the ability of operating systems to protect data from unprivileged processes for Intel processors with Ice Lake and later are affected by this issue. The fix for this issue is to set a C P U flag that restores the old correct behavior of data, independent timing. D i t data, independent timing on ARM and D O I T M data operand independent timing mode on Intel Linux version 6.2 will enable DI on arm, but only in the kernel without any additional patches, user space code will still get data dependent timing by default, no patch has been merged to enable D O I T M for Intel processors.

Thus, as is it's not really possible to safely execute cryptographic algorithms on Linux systems that use an Intel processor with Ice Lake or later. And he says, I'd guess that the same is true for other operating systems too. Linux is the one I'm looking at to fix this issue. I've proposed a Linux kernel patch that enables D O I T M globally and he finishes, I consider this issue to be a C P U security vulnerability. It shares many characteristics with other CPU U security vulnerabilities such as Meltdown inspector. However, Intel and ARM do not seem to consider it to be a security vulnerability. No CVEs seem to have been assigned yet, Eric. Okay, first of all, CVEs are not generally assigned to things that are deliberate and by design, as everything Eric is complaining about is, it's not fair to compare this to Specter and Meltdown, which shocked and rocked the computing world five years ago in January of 2018.

But being today's podcast topic, you can bet that there are some interesting details here to share. After encountering Eric's posting, I started digging and the fairest characterization would not be to say, as Eric did, that Intel doesn't seem to consider this to be a security vulnerability. Only that they have decided to turn this over to developers. Okay, first I was curious about when this suddenly became a problem. So Intel explains, they wrote for Intel core family processors based on micro architectures before Ice Lake, an Intel Adam family processors based on micro architectures before Gracemont, neither of which enumerate. And then they have the name of a, of a feature. It's I a 32 underscore u arc underscore mis underscore ctl, which is an internal control register. So our micro architectures before Ice Lake on the core and before Gracemont on the Adam family don't have that register.

So they say developers may assume that the instructions listed here operate as if D O I T M is enabled Intel core family processors based on Ice Lake and later, such as Tiger Lake, lake Field, and Rocket Lake will explicitly enumerate D O I T M. In other words, demonstrate that it's there available to be turned on or off. Intel Adam family processors based on Gracemont and later will also enumerate D O I T M. Okay, so translating that a little more into English, Intel's earlier processors executed all of their instructions in constant time. So they were inherently safe to use regardless of os kernel user land or anything else. Instruction, timing did not vary based upon the data that the instruction was processing. If the data in two registers were added xor or multiplied, the instructions always took the same amount of time, regardless of what was in the registers being used.

Then that changed. What must have happened is that Intel realized that there was a way to optimize and speed up the execution of some instructions depending upon their data. Okay, so here's an off the cuff example that I've just made up to highlight the idea. One of cryptographers most favorite instructions is the exor, where one of the instructions two datums conditionally inverts the bits of the other exor is also known as careless multiplication. Since the operation is similar to multiplication, but where adjacent bits do not carry an overflow into the next most significant bit, thus adjacent bits do not affect one another. And that's significant since that means that adjacent bites don't affect one another either. Now, suppose that Intels internal micro architecture contains lots of granular execution engines, as in fact we know it does. So imagine that the work of performing a 32 bit exor could be subdivided into four separate eight bit exor.

With each eight bit exor being handled by a different execution micro engine. Then we observe that with an exor, anytime either of the bites being exor is zero, no data is changed and the exor has no effect. Thus there's nothing for that little micro engine to do, and it could instead be made available to work on other instructions. So in this little synthetic example, we see how a 32 bit exor, which encountered non-zero data in all four bites of both arguments, would need to enlist the help of four eight bit micro engines. Whereas the same 32 bit instruction presented with bites of zeros in either argument would leave those micro engines free to work on other instructions in this fashion. The effective execution time of such a processor's 32 bit exor becomes dependent upon the data it's exor ing. Okay, so was Intel ever going to pass up the opportunity to make their chips go faster by arranging for some instructions to go faster Some of the time?

No, no way. But whoops, a side of this is that it would screw up the longstanding assumptions made by cryptographers that the execution speed of instructions was independent of the data being processed. So what did Intel do? They could not permanently break everyone's crypto sending us all back to the dark ages. So they added a mode called, as Leo calls it, do it data opera independent timing. The controversy is that by default it's off. This means that suddenly the behavior of Intel's newer chips has changed. They are no longer safe for crypto. They got somewhat faster by being able to finish some instructions more quickly. But the side effect is of this is that they have also become insecure processors for performing cryptographic operations. Unless this new doit mode is explicitly and deliberately turned on, it will be off. And what Eric is lobbying hard for within the Lennox kernel is to immediately turn the darn thing on permanently and globally.

The only real question is, is Eric overreacting Intel for their part writes this. They said, quote, software can enable data operand independent timing operation on a logical processor by setting D O I T M to one setting, D o I t m to one may impact performance and may impact, and that impact may increase in future processor generations. Users should evaluate their threat model to decide whether this is a significant threat to their applications. I know you don't need to evaluate your threat model to know you want. That's right. Encryption working <laugh> only cat, oh, you don't need encryption. Steve script model. We're we're, it'll all finish it in approximately the same amount of time. Okay. And then ask, the operating system says, Intel to only deploy D O I T mode to applications that they deem necessary. In other words, it says Intel. Sure, you can have old school constant speed instructions if you really think you need them, but we are hereby abandoning that model in the interest of performance today and probably even more so in the future.

So now it's gonna be up to you. Okay, so now we're back to trying to get a sense for how bad the problem is and how much cure we need to pour over it. Thomas Porten, the author of the bear, s s l s s l t t l s library, has some nice real world reality check perspective about the threats and challenges of constant time Crypto Thomas Wrights. In 1996, Paul Kocher published a novel attack on R s a, specifically on R s A implementations that extracted information on the private key by simply measuring the time taken by the private key operation on various inputs. It took a few years for people to accept the idea, Leo, we were so innocent back then. Those are just quaint dis quaint times. Churning now had not yet been invented <laugh>, it took a few years for people to accept the idea that such attacks were practical and could be enacted remotely on, for instance, an SSL server In an article from, from Bon and Brumley seven years later in 2003, they conclude that quote, our results demonstrate that timing attacks against network servers are practical and therefore all security systems should defend against them.

Thomas Wrights. Since then, many timing attacks have been demonstrated in lab conditions against both symmetric and asymmetric cryptographic systems. This requires a few comments. First, while timing attacks work well in research conditions, they are extremely rarely spotted in the wild. He says, Parz, I am not aware of a single case. Closed prez Timing attacks usually require many attempts to gather enough samples for statistics to reveal the sought timing difference. As such, they tend to be somewhat slow and not very discreet. This does not mean that timing attacks are not real or do not apply. Only that the state of the security of many systems is such that typical attackers have easier, faster weighs in. In other words, it's not the the lowest hanging fruit. Another important point he says is, is that when timing attacks apply, they are all encompassing. If the context is such that secret information held in a system may leak through external timing measures, then everything the system does may be subject to such leaking.

This is not limited to cryptographic algorithms. Research on timing attacks tends to focus on secret keys because keys are high value targets. He says the key concentrates a lot of secre of a lot of secrecy and cryptographers talk mostly about cryptography. However, even if all cryptographic algorithms in your system are protected against timing attacks, you are not necessarily out of trouble in that respect. In Bear s s l I am doing my part by providing constant time implementations for all operations that are relevant to ssl. But slapping a constant time SSL implementation over existing software is not sufficient to achieve general timing immunity. This is only a good start timing attacks or a subset of a more general class of attacks known as side channel attacks. A computer system runs operations in a conceptual abstract machine that takes some inputs and provides some outputs. Side channel attacks are all about exploiting the difference between that abstract model and the real thing in the context of smart card security.

For exa instance, power analysis attacks, in particular differential power analysis that compares power usage between successive runs have proven to be a great threat. Timing attacks still have a special place in that they can be applied remotely through a network, while all other side channel leakages require the attacker to be physically close to the target. Constant time implementations are pieces of code that do not leak secret information through timing analysis. This is one of the two main ways to defeat timing attacks. Since such attacks exploit differences in execution time that depend on secret elements. Make it make it so that execution time does not depend on secret elements or more precisely that variations in execution time are not correlated with secret elements. Execution time may still vary, but not in a way that can be traced back to any kind of value that you wish to keep Secret in particular.

But not only cryptic graphic keys. Okay, so where does all this leave us? With Linux, we have an open process and transparency even the discussion will be transparent. So anyone interested can follow along and see, you know, what both sides say about this. We don't have that with Windows or Apple. And even though Apple has has gone, arm arm is doing the same thing, calling theirs dit. If history repeats, it's likely gonna take some of those clever researchers demonstrating that Windows needs to take this seriously before Microsoft will ponderously go about doing. So. It appears that the future of our processors will be one of super optimized variable speed instructions with many of those instructions able to finish their work faster depending upon what that work is. But since doing this is anathema to crypto security, crypto implementations will need to be updated to flip on constant time mode while they do their work.

Then flip it back off afterward. I imagine that someone like Bears SSLs Thomas porn will quickly add this awareness to his library. As will everyone else who has any sense since actual real world timing attacks have only been shown in the lab. Does this mean that they're impractical? We know that crypto is where the truly paranoid or welcome Linux may be panicking a bit depending upon the degree of true performance hit arising from flipping the switch into always on mode. It does appear that wrapping timing sensitive crypto in constant time mode will be the right solution rather than simply wrapping the entire operating system in it. This is all too this, you know, this is a whole thing. This the, this whole topic is far too juicy for the world's security gurus to pass up. That Band of Mary researchers at the Ben Guion University of the Negev must be rubbing their hands together in delight.

I suspect that we'll be reading a paper of theirs before long. So this is now on everyone's radar and I'm sure we'll be circling back to this intriguing topic in the future. For now, it's wait and see. But for chat G P T we have it's statement of the week. <Laugh>, is this a new feature? <Laugh>? Yes. The chat. The chat G p T statement of the week, bio tweeting from at bio tweeted the output from chat G P T when he asked it to quote, explain an S SSL certificate chain like a stoned surfer, bro. Hmm. And Leo, I think you should do the honors dude. Dude, an SSL certificate chain is like this gnarly wave of trust, bro. You got your main certificate, that's like the, the big kahuna, the main dude. Then you got all these other little certificates like, like tributaries. It all flew together to create this one big wave of trust and it's all verified.

But this dude called a, a certificate authority. He, he's, he's like the lifeguard of the internet dude, making sure everything is kosher and legit. And when you surf a website, oh, it's like you're catching your wave and it's like, you know, you're in a safe spot. No sharks or anything, just pure shredding dude. Pure shredding. That's pretty good. Forche. G P T. I'm impressed. I know <laugh>, I'm, I'm astonished We feed this into one of the new voice synthesizing devices like 11. And you're gonna have something there, Leo. This this large language model technology is gonna change the world. It's wild, isn't it? It it is gonna change the world. Yeah, it's fascinating. I just was reading that the the creators of Instagram, Kevin Syman company have a new startup. I guess they, when they quit Facebook, they probably, they said you can't do anything else for a couple of years, <laugh>.

So they've just launched something called Artifact, which is a newsfeed driven by artificial intelligence. So that's gonna be good. <Laugh>, that's a great name too. Oh my god. Art of God. Yeah, what a great name. Yeah, yeah. Wow. It has an, has a lot of resonance in various areas we live in. Interesting times, Steve. See, this is why you don't wanna stop at 9 99. It's just getting started. You, it's gonna, and, you know, a couple of years we're gonna have so many things to talk about. We'll see where we are. My friend Steve Gibson, he's at, that's the Gibson Research Corporation. That's where he hangs his hat and his his boxing gloves and his his keyboard. If you wanna get a copy of this show, you can get it from him directly. He's got two unique versions, A 16 kilobit audio version for the bandwidth impaired, and also really nice transcripts written by a human, Elaine Ferris, who's an expert in this stuff.

This is what she does. So it's really a great way to read along as you listen or to search for something you're interested in. There's transcripts going all the way back. Did you start with episode one? Probably not, but they go back quite a ways. Oh no, I, we, I went back and asked her to, to transcribe the ones before she started. Nice. Yep. Very good. So there's 907 of them, 908 will be up soon. That's While you're there, check out everything going on. There's lots of free stuff like shields up, so you could test your router and you know, shoot the messenger and discombobulator and password haystacks, but you definitely want to check out his bread and butter. The one thing Steve charges for, and that's spin right, the world's best mass storage, maintenance and recovery utility. You've heard Steve talk about this for years.

Current version 6.0 is available now. Buy that though, and you'll get 6.1 as soon as it comes out, which isn't much longer. He, you could see though, how much care he puts into it. You know why he doesn't want to fix bugs. He wants it to be perfect the day he ships it so he can move on in his life. Grc.Com, get yourself a copy of Spin, right? We have also, we have the show at our website, There's a YouTube channel devoted to security. Now that's a, by the way, an easy way to share bits and pieces of it. Youtube, you just go to that part and YouTube will let you snip it out and send that off to somebody. Everybody has access to YouTube. And of course you can subscribe in your favorite podcast client and get it automatically the minute it's available.

Just search for security now in your podcast client and subscribe, audio or video available of the show. You can also watch us live if you wanna be here for the freshest version, the version that's actually being created as it's created. Watch the sausage being made every Tuesday, one 30 Pacific, four 30 Eastern, 2130 UTC Live audio and video streams are at live. Do TWI tv. There's the irc. You can chat along as you're listening. Irc do twit tv. Also club members of course can chat The Discord. There's a Security Now channel there as well. Steve. have a great week and I'll see you next time on Security Now. Okay, bro. Dude,

Rod Pyle (01:44:37):
<Laugh>. Hey, I'm Rod Pyle, editor-in-Chief of Ad Astra magazine. And each week I joined with my co-host to bring you this week in space, the latest and greatest news from the Final Frontier. We talked to NASA, chief space scientists, engineers, educators, and artists. And sometimes we just shoot the breeze over what's hot and what's not in space. Books and tv. And we do it all for you, our fellow true believers. So whether you're an armchair adventurer or waiting for your turn to grab a slot in Elon's Mars Rocket, join us on this weekend space and be part of the greatest adventure of all time

... (01:45:11):
Security Now.

All Transcripts posts