Also that ITAR enabled Thawte in South Africa (where I’m from) as a business to completely dominate sales for 128 bit SSL certs outside the US. Thawte was eventually acquired by Verizon for $600 million and the founder Mark Shuttleworth used the cash to become an astronaut and then founded Ubuntu.

https://commons.wikimedia.org/wiki/File:Munitions_T-shirt_(f...

The code:

http://www.cypherspace.org/adam/shirt/design/

Did it? Or did it just give them plausible deniability?

I remember playing with OCR as a kid and all the software I could get my hands on gave horrendous results, even if the input was as perfect as one could hope for.

And even today I sometimes run tesseract on perfect screenshots and it still makes weird mistakes.

Would be interesting to know if the book had any extra OCR-enabling features. I'm sure the recipients would get access to proper tools and software but OCRing source-code still seems like a nightmare back then.

In the modern day, cheque OCR is monopolized by one company, Mitek. They may use tesseract somewhere in their stack but I've never read that anywhere.

[1] https://en.wikipedia.org/wiki/Phil_Zimmermann#Arms_Export_Co...

[2] https://www.eff.org/deeplinks/2015/04/remembering-case-estab...

[3] https://en.wikipedia.org/wiki/Bernstein_v._United_States

I think anchoring it to something old school like a book was a good call.

That wasnt the case at the time.

"The U.S. Munitions List changes over time. Until 1996–1997, ITAR classified strong cryptography as arms and prohibited their export from the U.S.[5]

Another change occurred as a result of Space Systems/Loral's conduct after the February 1996 failed launch of the Intelsat 708 satellite. The Department of State charged Space Systems/Loral with violating the Arms Export Control Act and the ITAR.[6][7]

As a result, technology pertaining to satellites and launch vehicles became more carefully protected." https://en.wikipedia.org/wiki/International_Traffic_in_Arms_....

> On 11 February 2020, The Washington Post, ZDF and SRF revealed that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence, and the spy agencies could easily break the codes used to send encrypted messages.

https://en.m.wikipedia.org/wiki/Crypto_AG

[0]: A Brief History of NSA Backdoors (2013), https://www.ethanheilman.com/x/12/index.html

This was of particular interest to me:

>>>"...1986 Reagan tipped off the Libyans that the US could decrypt their communications by talking about information he could only get through Libya decrypts on TV15. In 1991 the Iranians learned that the NSA could break their diplomatic communications when transcripts of Iranian diplomatic communications ended up in a French court case..."

Because, in 1986 - thats effectively when a lot of the phreaking and social engineering was at a peak - Cyberpunk was moving from imagination --> zeitgeist --> reality.

Social engineering and line-printer litter recovery were yielding the backdoors into the Telecom Switching system. BBS's were raging [0].

So when you get a gaph-guffaw look into infosec in a slipup like these ones, it reinforces in mind that the 80s were some really wild times all around as technology tsunami'd from people's minds business and reality.

[0] BBS Docu - https://www.imdb.com/title/tt0460402/

[1] phreaking - https://en.wikipedia.org/wiki/Phreaking

[2] history of phreaking - https://www.youtube.com/watch?v=8PmkUPBhL4U

Wow this is super interesting I noticed this paragraph in the text.

> 2013, Enabling for Encryption Chips: In the NSA's budget request documents released by Edward Snowden, one of the goals of the NSA's SIGINT project is to fully backdoor or "enable" certain encryption chips by the end of 201311. It is not publicly known to which encryption chips they are referring.

From what I know Cavium is one of these "SIGINT enabled" chip manufactures.

> https://www.electrospaces.net/2023/09/some-new-snippets-from...

>> "While working on documents in the Snowden archive the thesis author learned that an American fabless semiconductor CPU vendor named Cavium is listed as a successful SIGINT "enabled" CPU vendor. By chance this was the same CPU present in the thesis author's Internet router (UniFi USG3). The entire Snowden archive should be open for academic researchers to better understand more of the history of such behavior." (page 71, note 21)

> https://www.computerweekly.com/news/366552520/New-revelation...

Unfortunately the relevant text for the second is pretty long so I dont wanna quote it.

https://web.archive.org/web/20200212014117/https://www.washi...

https://robert.sesek.com/2014/10/nsa_s_eci_compartments.html

> HISTORY HST NCSC (TS//SI//NF) Protects NSA and certain commercial cryptologic equipment manufacturer relationships.

My guess would be quite a few in the soft privacy selling business, such as VPN or email providers.

To address the broader topic of this thread, there is no comparison between Crypto AG and us. Our encryption occurs client-side, our cryptographic code is open source ( https://proton.me/community/open-source ), and our tech can and has been independently verified. More about this here: https://proton.me/blog/is-protonmail-trustworthy.

Gmail is close enough, but I want an alternative. An email service run by the nsa or the cia would be great.

(No sarcasm is intended)

That's a... really strange list of office locations, especially considering the relatively small number of employees.

> The owners of Crypto AG were unknown, supposedly even to the managers of the firm, and they held their ownership through bearer shares.

How does this work in practice? If management doesn't know who owns the company, how can the owners exercise influence on company business?

Interestingly I found that after I got a reply (rough summary: you are a corporate requester, this is overly broad, it will be very expensive) I could no longer access the NSA website. Some kind of fingerprint block. The block persisted across IP addresses, browsers, incognito tabs, and devices so it can't be based on cookies / storage.

Still in place today:

  Access Denied

  You don't have permission to access "http://nsa.gov/serve-from-netstorage/" on this server.

Then what is it based on, if it happens across different devices and different IP addresses?

I find it very surprising that the NSA would go to such technologically advanced lengths to block FOIA requesters from their website (which, needless to say, doesn't contain any sensitive information).

Idk, maybe you can figure out the block, I think it's beyond me. Here's a picture if that helps haha! :)

https://imgur.com/a/rNIjrB2

Highly unlikely to be a coincidence but I took it to mean: Don't make these requests ... OK ... haha! :)

It could simply be you read more pages and it may have triggered anti-scraping rules.

I cannot access many .gov websites either, and maybe it was after 5 pages or so.

also fun fact, even Tor Browser can't hide the real OS you're running when a site uses javascript-based OS queries.

https://en.wikipedia.org/wiki/2015_San_Bernardino_attack

I know puri.sm[0] takes some steps to try to plug the hole, but haven't read up to see if it's effective or no.

[0] https://puri.sm/learn/intel-me/

Not really; anyone using chips with Intel ME or AMD PSP have an additional large binary blob running on their system which may or may not contain bugs or backdoors (of course, also realizing a sufficiently bad bug is indistinguishable from a backdoor).

There are tens to hundreds of such blobs running on almost any modern system and these are just one example. I would argue that ME and PSP are not the worst blob on many systems; they have both unsupported but almost certainly effective (MEcleaner / ME code removal), supported and almost certainly effective (HAP bit), or supported and likely effective (ME / PSP disable command) mechanisms to disable their functionality, and they are comparatively well-documented versus the firmware that runs on every other peripheral (networking, GPU, etc.) and comparatively hardened versus EFI.

RISKV has been a great step forward and I'd love to see it succeed but I'm also aware of the lack of open source architecture for GPU's or AI accelerators.

And sure, companies can choose not to share chip designs, but if you want an open-design CPU then you should be checking for that specifically and not just filtering by ISA. There exist such chips already, and I expect they'll catch up with AArch64 chips (in terms of being able to run desktop Linux) in

However, onboard firmware based attacks are absolutely accessible remotely and after boot in many scenarios. It’s certainly plausible in theory that an exploit in ME firmware could, for example, allow an attacker to escape a VM or bypass various types of memory protection. Unfortunately the actual role of the ME is rather opaque (it’s known, for example, to manage peripherals in s0ix sleep).

Ditto for any other blob. Maybe a specially crafted packet can exploit a WiFi firmware. Maybe a video frame can compromise the GPU.

These are also good persistence vectors - gain access remotely to the NOR flash containing EFI, and you have a huge attack surface area to install an early boot implant. (or if secure boot isn’t enabled, it’s just game over anyway). On Linux, it’s often just hanging out in /dev as a block device; otherwise, once an attacker has access to the full address space, it’s not too hard to bitbang.

These are all fairly esoteric attacks compared to the more likely ways to get owned (supply chain, browser bugs, misconfiguration), but they’re definitely real things.

The closed-sourceness is only a tiny part of the problem, too - a lot of the worst attacks so far are actually in open source based EFI firmware, which is riddled with bugs.

Which takes me back to my original response to “isn’t everyone backdoored by ME” - sure, maybe, but if you’re looking for practical holes and back doors, ME is hardly your largest problem.

Can you elaborate and/or provide context/links?

https://binarly.io/posts/The_Far_Reaching_Consequences_of_Lo...

For most consumers, the main valid complaint about the ME is that it's a huge pile of unnecessary complexity operating at low levels of their system with minimal documentation. Anything fitting that description is a bit of a security risk, but the ME is merely one of many of those closed firmware blobs.

> I can't prove the absence of a silicon backdoor on any machine, but I can say that given everything we know about AS systems (and we know quite a bit), there is no known place a significant backdoor could hide that could completely compromise my system. And there are several such places on pretty much every x86 system

(Long) thread starts here, show hidden comments for the full discussion https://old.reddit.com/r/AsahiLinux/comments/13voeey/what_is...

I highly recommend reading this if you’re interested https://github.com/AsahiLinux/docs/wiki/Introduction-to-Appl...

The existence of security coprocessors is not a security hole and firmware updates to these processors can be released if a security issue was found.

https://en.m.wikipedia.org/wiki/Speck_(cipher)

Also, US tried to convince the world only 56 bits of encryption was sufficient. As SSL (I don’t think TLS was a thing back then) was becoming more mainstream, US govt only permitted banks and other entities to use DES [1] to “secure” their communications. Using anything more than 56 bits was considered illegal.

https://en.m.wikipedia.org/wiki/Data_Encryption_Standard

Histories biggest bug bounty is sitting on the bitcoin blockchain, if it were even theoretically plausible to crack sha-256 like that then we would probably know, and many have tried.

And that's exactly what we see - and every time it happens, the bitcoin community just laughs that someone must have been bad at key management or used a weak random number generator.

Except that has been the case in every instance thus far. The dev that lost his bitcoin last year was using arcane software, after a biopsy they found the library being used only had like 64 bits of entropy.

The head of security for Golang, a google employee, was also part of the TLS 1.3 committee and in Golang, it's impossible by design to disable specific ciphers in TLS 1.3

The prick actually had the nerve to assert that TLS 1.3's security is so good this should never be necessary, and that even if it were, they'll just patch it and everyone can upgrade.

So someone releases a 0-day exploit for a specific TLS cipher. Now you have to wait until a patch is released and upgrade your production environment to fix it - all the while your pants are down. That's assuming you're running a current version in production and you don't have to test for bugs or performance issues upgrading to a current release.

Heaven fucking forbid you hear a cipher is exploitable and be able to push a config change within minutes of your team hearing about it.

I'd place 50/50 odds on it being a bribe by the NSA vs sheer ego.

Then all your performance tests can rely on the encryption and key exchange will always use the same amount of CPU time etc.

Presumably this is because they didn't want adversaries being able to decrypt stuff due to a fundamental flaw. I guess it's possible they also weakened it in another way, but if so nobody has managed to find it.

https://en.wikipedia.org/wiki/Export_of_cryptography_from_th...

https://www.bleepingcomputer.com/news/security/bounty-offere...

Government routinely posits a desperate need for backdoors in crypto and crypto secured products, but almost universally they get the data they want without needing a manufacturer provided backdoor. So why they insist on continuing to do that is beyond me. It's almost security theater.

If they really want your protected information they will be able to get it. Either through a wrench or a legal wrench. In lieu of that they can use practically unlimited resources at their disposal from who they employ (or contract out to) to the long axis to which most secured devices succumb from, time.

My personal threat model isn't to defeat the government. They will get the data eventually. My personal threat model is corporations that want to know literally everything about me and bad faith private actors (scammers, cybercrime and thieves) that do too.

Ultimately it will take strict legislation and compliance measurement along with penalties to protect the government from overstepping the bounds they promise not to step over already, let alone new ones. It will take even stricter legislation to stop corporations from doing it. There are significant financial and political incentives for our ruling bodies to not do that, unfortunately.

I mean honestly, when you have this kind of ability at your disposal...

https://www.npr.org/2021/06/08/1004332551/drug-rings-platfor...

They will find ways to not comply, often blatantly. They have no scruples.

https://cases.justia.com/federal/district-courts/texas/txwdc...

Then there's this: https://www.cnet.com/tech/tech-industry/nsa-secret-backdoor-...

And then there was the Tailored Access Operations group that backdoored hundreds if not thousands of computers and networking gear https://en.wikipedia.org/wiki/Tailored_Access_Operations

And then there's Bullrun where they partnered with commercial software and hardware companies to insert backdoors, specifically in many commercial VPN systems https://en.wikipedia.org/wiki/Bullrun_(decryption_program)

Let's also not forget the backdooring of Windows NT: https://en.wikipedia.org/wiki/NSAKEY

...and Lotus Notes was also backdoored, as well.

> Heat Initiative is led by Sarah Gardner, former vice president of external affairs for the nonprofit Thorn, which works to use new technologies to combat child exploitation online and sex trafficking. In 2021, Thorn lauded Apple's plan to develop an iCloud CSAM scanning feature. Gardner said in an email to CEO Tim Cook on Wednesday, August 30, which Apple also shared with WIRED, that Heat Initiative found Apple's decision to kill the feature “disappointing.”

> “Apple is one of the most successful companies in the world with an army of world-class engineers,” Gardner wrote in a statement to WIRED. “It is their responsibility to design a safe, privacy-forward environment that allows for the detection of known child sexual abuse images and videos. For as long as people can still share and store a known image of a child being raped in iCloud we will demand that they do better.”

https://www.wired.com/story/apple-csam-scanning-heat-initiat...

I have an even stronger belief in the right to privacy, and those in the government who want to break it should be executed from their positions (fired and publicly shamed).

Yeah, IIRC, there is precedent for this being prosecuted. Reprehensible as it is, it worries me deeply that consuming fiction can cross a line into illegality. Pedophilia is such a rightfully hated thing that it's a powerful motivator in politics and social action; people will throw away their lives just to spite child abusers sometimes. I think we need to be extra careful about our response to the issue because of that, especially as it pertains to essential rights.

Yeah, within the bounds of not torturing people and all that constitutional punishment stuff.

  It looks like you're writing an article about encryption. Would you like help?

  (o) Insert a joke about Apple forcing a U2 album on us

  (o) Let me write the joke myself

  [x] Don't show me this tip again

I think I hit quite a few of those 'suspicious' check-boxes that law enforcement would consider important, whilst actually technically knowledgeable people wouldn't even blink at them. Refer: https://news.ycombinator.com/item?id=39050898

Corporations however? They are, by design, utterly amoral.

So the modern state is that corporations are hoovering all your data they can for "ad research and optimization". I think I read recently that facebook has thousands of companies involved in the customer data supply chain?

And if those companies have your data, it's not that YOUR government has it guaranteed. It's that ALL governments have your data.

i wonder what tools do guerilla armies or drug lords use to communicate..

or maybe its better to hide in plain sight.

just use some kind of double speak that gives plausible deniability.

One can't take it personally, as all despotic movements also started with sycophantic idealism.

Have a great day, =)

https://xkcd.com/538/

I once insisted I could be bribed to avoid the escalation of coercion as a joke, that was funny until someone actually offered $80k for my company workstation one day.

It is a cultural phenomena, as in some places it is considered standard acceptable practice.

My advice is to be as boring as possible, legally proactive, and keep corporate financial profit modes quiet.

Good luck =)

Mercedes recently forgot a token in a public repository which grants access to everything.

Microsoft forgot its “Golden Key” in the open, allowing all kinds of activation and secure boot shenanigans.

Microsoft’s JWT private key is also stolen, making the login page a decoration.

Somebody stole Realtek’s driver signing keys for Stuxnet attack.

HDMI master key is broken.

BluRay master key is broken.

DVD CSS master key is broken.

TSA master keys are in all 3D printing repositories now.

Staying on the physical realm, somebody made an automated tool to profile, interpret and print key blanks for locks with "restricted keyways" which has no blanks available.

These are the ones I remember just top of my head.

So yes, any digital or physical secret key is secure until it isn’t.

It’s not a question of if, but when. So, no escrows or back doors. Thanks.

On the other hand, there are 4K, 10bit HDR + multichannel versions everywhere, so there must be some secret sauce somewhere.

This is not a rabbit hole I want to enter, though.

Your devices would be secure as long as a private key that happened to be the most valuable intelligence asset in the United States, accessed thousands of times per day, by police spread across the entire nation, was never copied or stolen.

Well, keep in mind they would have to keep it secure in perpetuity. Any leak over the lifetime of any of that hardware would be devastating to the owners. Blue Team/Defensive security is often described as needing to be lucky every time, where as Red Team/attackers just have to get lucky once.

This attack vector is in addition to just exploiting the implementation in some way, which I don't think can be handwaved away.

Which government? Software crosses borders.

You can bet that if the US mandated a back door to be inserted into software that was being exported to another country, that country would want to either have the master key for that back door, or a different version of the software with a different back door or without the back door. A software user could choose the version of the software that they wanted to use according to which country (if any) could snoop on them. It's unworkable.

That's a big "if". Look at how the government has protected physical keys...

Ever since the TSA accidentally leaked them, you can buy a set of keys on Amazon for $5 that opens 99% of "TSA approved" locks

Not disingenuous. Keys are stolen or leaked all the time. And the blast radius of such a master key would be extremely large.

If the power doesn't exist, nobody can exploit it.

The times highly valuable cryptographic keys leaked for various cryptocurrency exchanges it has generally if not always been due to gross negligence.

Such a key would be highly sensitive and it would also require very little traffic to use. You would just need to send the secure system a KEM (

I don't doubt they could secure it. Can even split the key into shares and require multiple parties to be present in the secure location.

For many years, the code was 00000000.

https://arstechnica.com/tech-policy/2013/12/launch-code-for-...

Nobody has to know the rate of leaks, it's irrelevant. Gross negligence is not necessary, how would you even know? Leaks by definition are rarely exposed, we only see some of them.

A "highly sensitive" key doesn't mean anything. Assigning more words to it doesn't somehow change the nature of it. Humans are bad at securing things, that's why the best security is to not have a system that requires it.

Whatever hypothetical solution you have would be crushed under the weight of government committees and office politics until your security measures are bogus.

Looks like criminals were using it for four years undetected.

In practice though most people are screwed b/c it's all already in icloud.

During the last days of 2023 there was a big discussion, also on HN, after it was revealed that all recent Apple devices had a hardware backdoor that allowed bypassing all memory access protections claimed to exist by Apple.

It is likely that the backdoor consisted in some cache memory test registers used during production, but it is absolutely incomprehensible how it has been possible for many years that those test registers were not disabled at the end of the manufacturing process but they remained accessible for the attackers who knew Apple's secrets. For instance any iPhone could be completely controlled remotely after sending to it an invisible iMessage message.

    if (user_id == "adrian_b")
       pwn ();

?

I think we are nearly certain that the bug is because of a MMIO accessible register that allows you to write into the CPU's cache (its nearly certain this is related to the GPU's coherent L2 cache).

But I don't think it's 'incomprehensible' that such a bug could exist unintentionally. Modern computers and even more so high end mobile devices are a huge basket of complexity that has so many interactions and coprocessors all over the place I think it's very likely that a similar bug exists undiscovered unmitigated.

> For instance any iPhone could be completely controlled remotely after sending to it an invisible iMessage message.

I don't think the iMessage was invisible I think it deleted itself once the exploit had run, its also worth noting just how complicated the attack chain was and that the attacker _needed_ a hardware bug just to patch the kernel whilst having kernel code execution.

It's an unnecessary moving part that can break, except that this particular part breaking defeats the whole purpose of the system.

That's a disingenuous claim since it's known they can't

As Pauli said, "That's not even wrong". It cannot even meet the basic criteria for truth or falsehood.

It's simply naked hubris.