![[Valid Atom 1.0]](images/valid-atom.png "Valid Atom 1.0")
This is a valid Atom 1.0 feed.
This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.
... r.com/styles/atom.css" type="text/css"?><feed xmlns='http://www.w3.org/2 ...
^
... r.com/styles/atom.css" type="text/css"?><feed xmlns='http://www.w3.org/2 ...
^
... a Security</title><subtitle type='html'></subtitle><link rel='http://sch ...
^
... gger.com/feeds/37798047/posts/default'/><link rel='alternate' type='text ...
^
line 1, column 0: (7 occurrences) [help]
<?xml version='1.0' encoding='UTF-8'?><?xml-stylesheet href="http://www.blog ...
line 1, column 0: (47 occurrences) [help]
<?xml version='1.0' encoding='UTF-8'?><?xml-stylesheet href="http://www.blog ...
line 1, column 0: (47 occurrences) [help]
<?xml version='1.0' encoding='UTF-8'?><?xml-stylesheet href="http://www.blog ...
line 2, column 0: (6 occurrences) [help]
<blockquote class="twitter-tweet"><p dir="ltr" ...
line 3, column 0: (3 occurrences) [help]
<blockquote class="twitter-tweet" data-conversation="none& ...
... set="utf-8"></script></content><link rel='replies' ty ...
^
<?xml version='1.0' encoding='UTF-8'?><?xml-stylesheet href="http://www.blogger.com/styles/atom.css" type="text/css"?><feed xmlns='http://www.w3.org/2005/Atom' xmlns:openSearch='http://a9.com/-/spec/opensearchrss/1.0/' xmlns:blogger='http://schemas.google.com/blogger/2008' xmlns:georss='http://www.georss.org/georss' xmlns:gd="http://schemas.google.com/g/2005" xmlns:thr='http://purl.org/syndication/thread/1.0'><id>tag:blogger.com,1999:blog-37798047</id><updated>2024-05-15T15:55:54.132-04:00</updated><category term="Apple"/><category term="humor"/><category term="NSA"/><category term="Microsoft"/><category term="CFAA"/><category term="masscan"/><category term="0day"/><category term="LookingGlass"/><category term="weev"/><category term="wifi"/><category term="HEV"/><category term="snowden"/><category term="C10M"/><category term="bitcoin"/><category term="password"/><category term="AxBan"/><category term="Ferret"/><category term="cyberwar"/><category term="#Anonymous"/><category term="Blackhat"/><category term="NetNeutrality"/><category term="SDLC"/><category term="TwiGUARD"/><category term="Twitter"/><category term="crack"/><category term="iPhone"/><category term="law"/><category term="net neutrality"/><category term="IDS"/><category term="SQL injection"/><category term="crypto"/><category term="malware"/><category term="Cisco"/><category term="EFF"/><category term="Metasploit"/><category term="OSX"/><category term="Occupy Wall Street"/><category term="ProtoDev"/><category term="Shmoocon2013"/><category term="TSA"/><category term="Vendor of the Week"/><category term="XKeyScore"/><category term="blog"/><category term="cliché"/><category term="deep inspection"/><category term="election"/><category term="random"/><category term="troll"/><category term="Alfa Bank"/><category term="Legacy negligence"/><category term="RSA"/><category term="Russia"/><category term="Tor"/><category term="Trump"/><category term="Trump Orgainzation"/><category term="anti-virus"/><category term="bugs"/><category term="cliche"/><category term="comodo"/><category term="comodogate"/><category term="fbi"/><category term="heartbleed"/><category term="netbook"/><category term="swartz"/><category term="virus"/><category term="wikileaks"/><category term="#glass"/><category term="Anonymous"/><category term="DRM"/><category term="Errata"/><category term="Facebook"/><category term="GPU"/><category term="Orwell"/><category term="Ruby"/><category term="Silicon Snake Oil"/><category term="Solaris"/><category term="TV"/><category term="activism"/><category term="code"/><category term="cracking"/><category term="dorks"/><category term="economics"/><category term="global warming"/><category term="google"/><category term="groupthink"/><category term="hacking"/><category term="identity theft"/><category term="journalism"/><category term="movies"/><category term="myth"/><category term="shellshock"/><category term="sidejacking"/><category term="survey"/><category term="#BSidesATL"/><category term="60minutes"/><category term="ASLR"/><category term="Books"/><category term="CCC"/><category term="CISSP"/><category term="DNS"/><category term="FCC"/><category term="George Ou"/><category term="Hacker Eye View"/><category term="Laws that are bad ideas"/><category term="Manning"/><category term="NAISG"/><category term="NAS"/><category term="PWN2OWN"/><category term="Snort"/><category term="Sony"/><category term="Toorcon"/><category term="United Nations"/><category term="Windows Mobile"/><category term="aaron"/><category term="certification"/><category term="cloud"/><category term="cyberterrorism"/><category term="data plane"/><category term="encryption"/><category term="ethics"/><category term="exploit"/><category term="firefox"/><category term="free speech"/><category term="funny"/><category term="hamster"/><category term="intellectual property"/><category term="kindle"/><category term="leak"/><category term="lulzsec"/><category term="mozilla"/><category term="musings"/><category term="nerd"/><category term="news"/><category term="oath"/><category term="openssl"/><category term="patents"/><category term="pentest"/><category term="raspberry pi"/><category term="research"/><category term="reverse engineering"/><category term="review"/><category term="rights"/><category term="risk analysis"/><category term="scada"/><category term="scalability"/><category term="sniffing"/><category term="software assurance"/><category term="sucks"/><category term="superfish"/><category term="technology"/><category term="tools"/><category term="twinkles"/><category term="vulnerability disclosure"/><category term="worm"/><category term="xmas"/><category term="#BSidesLV"/><category term="#BSidesSF"/><category term="#attorneyclient"/><category term="#breakingin"/><category term="#corporate"/><category term="#drones"/><category term="#legal"/><category term="#siliconvalley"/><category term="#spygate"/><category term="#startup"/><category term="3DES"/><category term="ARGs"/><category term="ATHF"/><category term="Adobe"/><category term="Andy Warhol"/><category term="BIOS"/><category term="Barbie"/><category term="Benzene"/><category term="Bitlocker"/><category term="BlackICE"/><category term="Blackberry"/><category term="Bratz"/><category term="Breaking in"/><category term="CIA"/><category term="CISA"/><category term="CPU"/><category term="CanSecWest"/><category term="Chinese hackers"/><category term="Christmas"/><category term="Comcast"/><category term="Communications Act of 1934"/><category term="DLL"/><category term="Equifax"/><category term="FOIA"/><category term="GNU"/><category term="GPS spoofing"/><category term="Guns"/><category term="Hacker"/><category term="Internet"/><category term="Ironport"/><category term="JavaScript"/><category term="Kindle Fire"/><category term="MAPP"/><category term="MMORPG"/><category term="MSCHAPv2"/><category term="Mac Pro"/><category term="MacAfee"/><category term="McAfee"/><category term="Mirai"/><category term="Myspace"/><category term="NAC"/><category term="NASCAR"/><category term="NDAA"/><category term="Neo"/><category term="NodeJS"/><category term="North Korea"/><category term="NotPetya"/><category term="OS/2"/><category term="Oakley"/><category term="Operation Global Blackout"/><category term="Oracle"/><category term="Oreilly"/><category term="PF_RING"/><category term="PayPal"/><category term="PoC"/><category term="Profile Spy"/><category term="Quicktime"/><category term="RAID"/><category term="ROI"/><category term="RSP"/><category term="Radio"/><category term="Ranum"/><category term="Reality Leigh Winner"/><category term="Rogue"/><category term="SANs"/><category term="SMS"/><category term="SOPA"/><category term="Safari"/><category term="SecTor"/><category term="Signature List"/><category term="Street View"/><category term="Summercon"/><category term="Symbian"/><category term="TCP/IP"/><category term="TV show"/><category term="Target"/><category term="Terminator"/><category term="The Intercept"/><category term="The Matrix"/><category term="The end of the cyber world"/><category term="USRP"/><category term="WabiSabiLabi"/><category term="WinNT"/><category term="Windows 7"/><category term="Yahoo"/><category term="active defense"/><category term="amazon"/><category term="amazon ec2"/><category term="analogies"/><category term="anonymous sources"/><category term="anti-vax"/><category term="atom"/><category term="attribation"/><category term="attribution"/><category term="aws"/><category term="backdoor"/><category term="backtrack"/><category term="bad bloggers"/><category term="badge"/><category term="bash"/><category term="beta"/><category term="bilski"/><category term="bizzaro world"/><category term="bluehat"/><category term="bluetooth"/><category term="botnet"/><category term="breach"/><category term="bully"/><category term="business"/><category term="cablegate"/><category term="captcha"/><category term="careers"/><category term="certificate"/><category term="chumby"/><category term="coffee"/><category term="collateral murder"/><category term="comedy"/><category term="conspiracy theories"/><category term="cookies"/><category term="crazy"/><category term="creationism"/><category term="cyberpunk"/><category term="cyberweapons"/><category term="darkreading"/><category term="database"/><category term="deep knowledge"/><category term="defcon"/><category term="denier"/><category term="detained"/><category term="dictionary"/><category term="disarmament"/><category term="dm1z"/><category term="down twinkles"/><category term="drama"/><category term="echelon"/><category term="email"/><category term="employment agreement"/><category term="entertainment"/><category term="evasion"/><category term="events with wifi"/><category term="evolution"/><category term="exploit sales"/><category term="fame"/><category term="fascism"/><category term="firewall"/><category term="freakonomics"/><category term="ftc"/><category term="fuzzing"/><category term="games"/><category term="going dark"/><category term="guru"/><category term="hack back"/><category term="hacker tool"/><category term="hacktivism"/><category term="hurricane"/><category term="iPad"/><category term="ida pro"/><category term="infrared"/><category term="intelligent design"/><category term="interesting"/><category term="internships"/><category term="intresting"/><category term="invention"/><category term="invisibility cloaks"/><category term="iptables"/><category term="iran"/><category term="jokes"/><category term="journalism guide"/><category term="kerb"/><category term="legal"/><category term="minigubs"/><category term="misconceptions"/><category term="mitm"/><category term="mobile"/><category term="multi-core"/><category term="nPetya"/><category term="nginx"/><category term="ninja"/><category term="nmap"/><category term="obama"/><category term="open-source"/><category term="party"/><category term="pcap_next"/><category term="pcap_set_immediate_mode"/><category term="performance"/><category term="phishing"/><category term="phones"/><category term="policy"/><category term="politics"/><category term="populism"/><category term="port scan"/><category term="process"/><category term="propaganda"/><category term="pundits"/><category term="ransomware"/><category term="red flags rule"/><category term="redacted document"/><category term="responsible disclosure"/><category term="risk"/><category term="robert khan"/><category term="rogaway"/><category term="rootkit"/><category term="roundup"/><category term="rvm"/><category term="sabu"/><category term="salt"/><category term="science"/><category term="sdl"/><category term="seattle"/><category term="sellout"/><category term="sexism"/><category term="shodan"/><category term="shout hacking"/><category term="shows"/><category term="simpsons"/><category term="sniffer"/><category term="social engineering"/><category term="software defined networks"/><category term="software patents"/><category term="spam"/><category term="spoofing"/><category term="sprint"/><category term="spygate"/><category term="ssh"/><category term="ssl"/><category term="startups"/><category term="steganography"/><category term="supreme court"/><category term="surveillance"/><category term="tape"/><category term="telnet"/><category term="testing"/><category term="tldr"/><category term="tradeoffs"/><category term="trope"/><category term="truther"/><category term="unmanned systems"/><category term="unsafe clib"/><category term="vapid populists"/><category term="vint cerf"/><category term="virtualization"/><category term="vista"/><category term="vuln"/><category term="vulnerability market"/><category term="war on hackers"/><category term="wassenaar"/><category term="wget"/><category term="white-hat"/><category term="wizards"/><category term="wrong"/><category term="x86"/><title type='text'>Errata Security</title><subtitle type='html'></subtitle><link rel='http://schemas.google.com/g/2005#feed' type='application/atom+xml' href='https://blog.erratasec.com/feeds/posts/default'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/'/><link rel='hub' href='http://pubsubhubbub.appspot.com/'/><link rel='next' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default?start-index=26&max-results=25'/><author><name>David Maynor</name><uri>http://www.blogger.com/profile/09921229607193067441</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='16' height='16' src='https://img1.blogblog.com/img/b16-rounded.gif'/></author><generator version='7.00' uri='http://www.blogger.com'>Blogger</generator><openSearch:totalResults>1224</openSearch:totalResults><openSearch:startIndex>1</openSearch:startIndex><openSearch:itemsPerPage>25</openSearch:itemsPerPage><entry><id>tag:blogger.com,1999:blog-37798047.post-2857142063679853500</id><published>2024-02-14T17:30:00.002-05:00</published><updated>2024-02-14T17:30:42.635-05:00</updated><title type='text'>C can be memory safe, part 2</title><content type='html'><p><a href="https://blog.erratasec.com/2023/02/c-can-be-memory-safe.html">This post</a> from last year was posted to <a href="https://lobste.rs/s/gnjx2n/c_can_be_memory_safe">a forum,</a> so I thought I'd write up some rebuttals to their comments.</p><p>The first comment is by David Chisnall, creator of CHERI C/C++, which proposes we can solve the problem with CPU instruction set extensions. It's a good idea, but after 14 years, CPUs haven't had their instruction-sets upgraded. Even mainstream RISC V processors haven't been created using those extensions.</p><p>Chisnall: "<i><b>If your safety requires you to insert explicit checks, it’s not safe</b></i>". This is true from one perspective, false from another. My proposal includes compilers spitting out <b>warnings</b>&nbsp;whenever bounds information doesn't exist.</p><p>C is full of problems in theory that doesn't exist in practice because the compiler spits out warnings telling programmers to fix the problem. Warnings can also note cases where programmers probably made mistakes. We can't achieve perfect guarantees, because programmers can still make mistakes, but we can certainly achieve "good enough".</p><p>Chisnall: <i>....<b>tread safety</b>.....</i> I'm not sure I full understand the comment. I understand that CHERI can guarantee atomicity of bounds checking, which would require multiple (interruptible) instructions otherwise. The number of cases where this is a problem, and the C proposal would be no worse than other languages like Rust.</p><p>Chisnall: <b><i>Temporal safety....</i></b>&nbsp;A lot of Rust "ownership" techniques can be applied to C with these annotations, namely, marking which variables OWN allocated memory and which simply BORROW it. I've reviewed a lot of famous use-after-free and double-free bugs, and most can be trivially fixed by annotation.</p><p>Chisnall: <i><b>If you are writing a blog never having actually tried to make large (million line or more) C codebases memory safe, you probably underestimate the difficulty by at least one order of magnitude.</b>&nbsp;</i>I'm both a programmer who has written a million lines of code in my lifetime as well as a hacker with decades of experience looking for such bugs. The goal isn't to pursue the ideal of 100% safe language, but of getting rid of 99% of safety errors. 1% less safe makes the goal an order of magnitude easier to reach.</p><p>snej:&nbsp;<b>This post seems to epitomize the common engineer trait of seeing any problem you haven’t personally worked on as trivial. Sure bro, you’ll add a few patches to Clang and GCC and with those new attributes our C code will be safe. It’ll only take a few weeks and then no one will need Rust anymore.</b>&nbsp;But I've spent decades working on this. The comment epitomizes the common trait of not realizing how much thought and expertise is behind the post. I few patches to clang and GCC will make make C <i>safer</i>. The solution is far less safe than Rust. In fact, my proposal makes code more interoperable and translatable into Rust. Right now, translating C into Rust creates just a bunch of 'unsafe' code that needs to be cleaned up. With such annotations, in a refactoring step using existing testing frameworks, results in code that can no be auto-translated safely in to Rust.</p><p>As for existing clang/gcc attributes, there are only a couple that match the macros I propose. They dod show how trivial it would be to actually go further.</p><p>danso:&nbsp;<b>In addition to the criticisms I share with everyone else, I found this to be one of the most “talk is cheap, show me the code” posts I’ve ever read. </b>The reason I wrote the post is because learning clang/gcc internals is a long process, and when asking for help, I needed something to point to "this is what I'm trying to achieve". I'm not trying to communicate what other people should do, I'm communicating what I'm trying to do. I still don't know clang/gcc internals enough to even get started ... any pointers would be helpful.</p><p><br /></p><p><br /></p><p><br /></p></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/2857142063679853500/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=2857142063679853500' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/2857142063679853500'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/2857142063679853500'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2024/02/c-can-be-memory-safe-part-2.html' title='C can be memory safe, part 2'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-2577999109857103644</id><published>2023-02-01T13:30:00.002-05:00</published><updated>2023-02-01T13:30:40.794-05:00</updated><title type='text'>C can be memory-safe</title><content type='html'><p>The idea of <i>memory-safe languages</i>&nbsp;is in the news lately. C/C++ is famous for being the world's system language (that runs most things) but also infamous for being <i>unsafe</i>. Many want to solve this by <i>hard-forking</i>&nbsp;the world's system code, either by changing C/C++ into something that's memory-safe, or rewriting everything in <i>Rust</i>.</p><p>Forking is a foolish idea. The core principle of computer-science is that we need to live with legacy, not abandon it.</p><p>And there's no need. Modern C compilers already have the ability to be memory-safe, we just need to make minor -- and compatible -- changes to turn it on. Instead of a hard-fork that abandons legacy system, this would be a soft-fork that enables memory-safety for new systems.</p><p>Consider the most recent memory-safety flaw in OpenSSL. They <a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c42165b5706e42f67ef8ef4c351a9a4c5d21639a">fixed</a> it by first adding a <i>memory-bounds</i>, then putting every access to the memory behind a macro <i>PUSHC()</i>&nbsp;that checks the memory-bounds:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1qmGnd5qPg0Q9OXfjx01TjnrTllr812DVCOixemH9yC_mp2G7QLcR0Bs6cOHrzQ7mQhjx4fGZ8xwKUblh1NwvQDQuHiVgjKc68aBLRpEV4ASK2UDRXRpUR1ioMumvRNcEkqZG-tJFCZaUJ_LIQbWkJTu5qK0cvDghcWOMOP9Jb_Va-1Z7bQ/s1280/Screen%20Shot%202023-02-01%20at%2012.59.51%20PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1090" data-original-width="1280" height="273" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1qmGnd5qPg0Q9OXfjx01TjnrTllr812DVCOixemH9yC_mp2G7QLcR0Bs6cOHrzQ7mQhjx4fGZ8xwKUblh1NwvQDQuHiVgjKc68aBLRpEV4ASK2UDRXRpUR1ioMumvRNcEkqZG-tJFCZaUJ_LIQbWkJTu5qK0cvDghcWOMOP9Jb_Va-1Z7bQ/s320/Screen%20Shot%202023-02-01%20at%2012.59.51%20PM.png" width="320" /></a></div>A better (but currently hypothetical) fix would be something like the following:<div><br /></div><div><span style="font-family: courier;">size_t maxsize <b>CHK_SIZE(outptr)</b> = out ? *outlen : 0;</span></div><div><br /></div><div>This would link the memory-bounds <i>maxsize</i>&nbsp;with the memory <i>outptr</i>. The compiler can then be relied upon to do all the bounds checking to prevent buffer overflows, the rest of the code wouldn't need to be changed.</div><div><br /></div><div><div>An even better (and hypothetical) fix would be to change the function declaration like the following:</div><div><br /></div><div><span style="font-family: courier;">int ossl_a2ulabel(const char *in, char *out, size_t *outlen&nbsp;<b>CHK_INOUT_SIZE(out)</b>);</span></div><div><br /></div></div><div>That's the intent anyway, that <i>*outlen</i>&nbsp;is the memory-bounds of <i>out</i>&nbsp;on input, and receives a shorter bounds on output.</div><div><br /></div><div>This specific feature isn't in compilers. But <i>gcc</i>&nbsp;and <i>clang</i>&nbsp;already have other similar features. They've only been halfway implemented. This feature would be relatively easy to add. I'm currently studying the code to see how I can add it myself. I could just mostly copy what's done for the <i>alloc_size</i>&nbsp;attribute. But there's a considerable learning curve, I'd rather just persuade an existing developer of <i>gcc</i>&nbsp;or <i>clang</i>&nbsp;to add the new attributes for me.</div><div><br /></div><div>Once you give the programmer the ability to fix memory-safety problems like the solution above, you can then enable <i>warnings</i>&nbsp;for unsafe code. The compiler knew the above code was unsafe, but since there's no practical way to fix it, it's pointless nagging the programmer about it. With this new features comes warnings about failing to use it.</div><div><br /></div><div>In other words, it becomes compiler-guided <i>refactoring</i>. Forking code is hard, refactoring is easy.</div><div><br /></div><div>As the above function shows, the OpenSSL code is already somewhat memory safe, just based upon the flawed principle of relying upon diligent programmers. We need the compiler to enforce it. With such features, the gap is relative small, mostly just changing function parameter lists and data structures to link a pointer with its memory-bounds. The refactoring effort would be small, rather than a major rewrite.</div><div><br /></div><div>This would be a <i>soft-fork</i>. The memory-bounds would work only when compiled with new compilers. The macro would be ignored on older systems.&nbsp;</div><div><br /></div><div>This <i>memory-safety</i>&nbsp;is a problem. The idea of abandoning C/C++ isn't a solution. We already have the beginnings of a solution in modern <i>gcc</i>&nbsp;and <i>clang</i>&nbsp;compilers. We just need to extend that solution.</div><div><br /></div></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/2577999109857103644/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=2577999109857103644' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/2577999109857103644'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/2577999109857103644'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2023/02/c-can-be-memory-safe.html' title='C can be memory-safe'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1qmGnd5qPg0Q9OXfjx01TjnrTllr812DVCOixemH9yC_mp2G7QLcR0Bs6cOHrzQ7mQhjx4fGZ8xwKUblh1NwvQDQuHiVgjKc68aBLRpEV4ASK2UDRXRpUR1ioMumvRNcEkqZG-tJFCZaUJ_LIQbWkJTu5qK0cvDghcWOMOP9Jb_Va-1Z7bQ/s72-c/Screen%20Shot%202023-02-01%20at%2012.59.51%20PM.png" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-5908535200586257651</id><published>2023-01-25T16:09:00.003-05:00</published><updated>2023-01-25T16:09:34.360-05:00</updated><title type='text'>I'm still bitter about Slammer</title><content type='html'><p>Today is the 20th anniversary of the Slammer worm. I'm still angry over it, so I thought I'd write up my anger. This post will be of interest to nobody, it's just me venting my bitterness and get off my lawn!!</p><p><br /></p><p>Back in the day, I wrote "BlackICE", an intrusion detection and prevention system that ran as both a <b>desktop</b> version and a <b>network appliance</b>. Most cybersec people from that time remember it as the desktop version, but the bulk of our sales came from the network appliance.</p><p>The network appliance competed against other IDSs at the time, such as Snort, an open-source product. For much the cybersec industry, IDS was Snort -- they had no knowledge of how intrusion-detection would work other than this product, because it was open-source.</p><p>My intrusion-detection technology was radically different. The thing that makes me angry is that I couldn't explain the differences to the community <b>because they weren't technical enough</b>.</p><p>When Slammer hit, Snort and Snort-like products failed. Mine succeeded extremely well. Yet, I didn't get the credit for this.</p><p><br /></p><p>The <b>first</b> difference is that I used a custom <b>poll-mode driver</b>&nbsp;instead of <b>interrupts</b>. This the now the norm in the industry, such as with Linux <a href="https://en.wikipedia.org/wiki/New_API">NAPI</a> drivers. The problem with interrupts is that a computer could handle less than 50,000 interrupts-per-second. If network traffic arrived faster than this, then the computer would hang, spending all it's time in the interrupt handler doing no other useful work. By turning off interrupts and instead polling for packets, this problem is prevented. The cost is that if the computer isn't heavily loaded by network traffic, then polling causes wasted CPU and electrical power. Linux NAPI drivers switch between them, interrupts when traffic is light and polling when traffic is heavy.</p><p>The consequence is that a typical machine of the time (dual Pentium IIIs) could handle 2-million packets-per-second running my software, far better than the 50,000 packets-per-second of the competitors.</p><p>When Slammer hit, it filled a 1-gbps Ethernet with 300,000 packets-per-second. As a consequence, pretty much all other IDS products fell over. Those that survived were attached to slower links -- 100-mbps was still common at the time.</p><p>An industry luminary even gave a presentation at BlackHat saying that my claimed performance (2-million packets-per-second) was impossible, because everyone knew that computers couldn't handle traffic that fast. I couldn't combat that, even by explaining with very small words "but we disable interrupts".</p><p>Now this is the norm. All network drivers are written with polling in mind. Specialized drivers like PF_RING and DPDK do even better. Networks appliances are now written using these things. Now you'd expect something like Snort to keep up and not get overloaded with interrupts. What makes me bitter is that back then, this was inexplicable magic.</p><p>I wrote an article in PoC||GTFO 0x15 that shows how my portscanner <i>masscan</i>&nbsp;uses this driver, if you want more info.</p><p><br /></p><p>The <b>second</b>&nbsp;difference with my product was how signatures were written. Everyone else used signatures that triggered on the <b>pattern-matching</b>. Instead, my technology included <b>protocol-analysis</b>, code that parsed more than 100 protocols.</p><p>The difference is that when there is an exploit of a buffer-overflow vulnerability, pattern-matching searched for patterns unique to the <b>exploit</b>. In my case, we'd measure the length of the buffer, triggering when it exceeded a certain length, finding any attempt to attack the <b>vulnerability</b>.</p><p>The reason we could do this was through the use of <b>state-machine parsers</b>. Such analysis was considered heavy-weight and slow, which is why others avoided it. State-machines are faster than pattern-matching, many times faster. Better <i>and</i>&nbsp;faster.</p><p>Such parsers are now more common. Modern web-servers (nginx, ISS, LightHTTPD, etc.) use them to parse HTTP requests. You can tell if a server does this by sending 1-gigabyte of spaces between "GET" and "/". Apache gives up after 64k of input. State-machines keep going, because while in that state ("between-method-and-uri"), they'll accept any number of spaces -- the only limit is a timeout. Go read the <i>nginx</i>&nbsp;source-code to understand how this works.</p><p>I wrote a paper in PoC||GTFO 0x21 that shows the technique to implement the common <i>wc</i>&nbsp;(word-count) program. A simplified version of this <a href="https://github.com/robertdavidgraham/wc2/blob/master/wc2o.c">wc2o.c</a>. Go read the code -- it's <i>crazy</i>.</p><p>The upshot is that when Slammer hit, most IDSs didn't have a signature for it. If they didn't just fall over, what they triggered on were things like "UDP flood", not "SQL buffer overflow". This lead many to believe what was happening was DDoS attack. My product correctly identified the vulnerability being exploited.</p><p><br /></p><p>The <b>third</b>&nbsp;difference with my product was the <b>event coalescer</b>. Instead of a timestamp, my events had a start-time, end-time, and count of the number of times the event triggered.</p><p>Other event systems sometimes have this, with such events as "last event repeated 39003 times", to prevent the system from clogging up with events.</p><p>My system was more complex. For one things, an attacker may deliberately intermix events, so it can't simply be 1 event that gets coalesced this way. For another thing, the attacker could sweep targets or spoof sources. Thus, coalescing needed to aggregate events over address <b>ranges</b>&nbsp;as well as <b>time</b>.</p><p>Slammer easily filled a gigabit link with 300,000 packets-per-second. Every packet triggered the signature, thus creating 300,000 events-per-second. No system could handle that. To keep up with the load, events had to be reduced somehow.</p><p>My event coalescing logic worked. It reduced the load of events from 300,000 down to roughly 500 events-per-second. This was still a little bit higher load than the system could handle, forwarding to the remote management system. Customers reported that at their consoles, they saw the IDS slowly fall behind, spooling events at the sensor and struggling to ship them up to the management system.</p><p>The problem is so accurate that it's a big flaw in IDS still to this day. Snort often has signatures that throw away the excess data, but it's still easy to flood them with packets that overload their event logging.</p><p>What was exciting for me is that I'd designed all this in theory, tested using artificial cases, unsure how it would stand up to the real world. Watching it stand up to the real world was exciting: big customers saw it successfully work in practice, with the only complaint that at the centralized console, it fell behind a little.</p><p><br /></p><p>The point is that I made three radical design choices, unprecedented at the time though more normal now, and they worked. And yet, the industry wasn't technical enough to recognize that it worked.</p><p>For example, a few months later I had a meeting at the Pentagon where a Gartner analyst gave a presentation claiming that only hardware-based IDS would work, because software-based IDS couldn't keep up. Well, these were my customer. I didn't refute Gartner so much as my customer did, with their techies standing up and pointing out that when Slammer hit, my "software" product did keep up. Gartner doesn't test products themselves. They rightly identified the problem with other software using interrupts, but couldn't conceive there was a third alternative, "poll mode" drivers.</p><p>I apologize to you, the reader, for subjecting you to this vain bitching, but I just want to get this off my chest.</p></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/5908535200586257651/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=5908535200586257651' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/5908535200586257651'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/5908535200586257651'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2023/01/im-still-bitter-about-slammer.html' title='I'm still bitter about Slammer'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-6123534176871645490</id><published>2022-10-23T16:05:00.008-04:00</published><updated>2022-10-27T14:23:12.831-04:00</updated><title type='text'>The RISC Deprogrammer</title><content type='html'><p>I should write up a larger technical document on this, but in the meanwhile is this short (-ish) blogpost. <b>Everything you know about RISC is wrong</b>. It's some weird nerd cult. Techies frequently mention RISC in conversation, with other techies nodding their head in agreement, but it's all <i>wrong</i>. Somehow everyone has been mind controlled to believe in wrong concepts.</p><p>An example is <a href="https://news.ycombinator.com/item?id=33295947">this recent blogpost</a> which starts out saying that "RISC is a set of design principles". No, it wasn't. Let's start from this sort of viewpoint to discuss this odd cult.</p><h4 style="text-align: left;">What is RISC?</h4><p>Because of the march of Moore's Law, every year, more and more parts of a computer could be included onto a single chip. When chip densities reached the point where we could <i>almost</i>&nbsp;fit an entire computer on a chip, designers made tradeoffs, discarding unimportant stuff to make the fit happen. They made tradeoffs, deciding what needed to be included, what needed to change, and what needed to be discarded.</p><p>RISC is a set of creative tradeoffs, meaningful at the time (early 1980s), but which were meaningless by the late 1990s.</p><p>The interesting parts of CPU evolution are the three decades from <b>1964</b>&nbsp;with IBM's System/360 mainframe and <b>2007</b>&nbsp;with Apple's iPhone. The issue was a <b>32-bit</b> core with <b>memory-protection</b> allowing isolation among different programs with virtual memory. These were <b>real</b>&nbsp;computers, from the modern perspective: real computers have at least 32-bit and an MMU (memory management unit).</p><p>The year 1975 saw the release of Intel 8080 and MOS 6502, but these were 8-bit systems without memory protection. This was at the point of <b>Moore's Law</b>&nbsp;where we could get a useful CPU onto a single chip.</p><p>In the year 1977 we saw DEC release it's VAX minicomputer, having a 32-bit CPU w/ MMU. Real computing had moved from insanely expensive mainframes filling entire rooms to less expensive devices that merely filled a rack. But the VAX was way too big to fit onto a chip at this time.</p><p>The real interesting evolution of real computing happened in 1980 with Motorola's 68000 (aka. 68k) processor, essentially the first microprocessor that supported real computing.</p><p>But this comes with caveats. Making microprocessor required creative work to decide what wasn't included. In the case of the 68k, it had only a 16-bit ALU. This meant adding two 32-bit registers required passing them twice through the ALU, adding each half separately. Because of this, many call the 68k a 16-bit rather than 32-bit microprocessor.</p><p>More importantly, only the lower 24-bits of the registers were valid for memory addresses. Since it's memory addressing that makes a real computer "real", this is the more important measure. But 24-bits allows for 16-megabytes of memory, which is all that anybody could afford to include in a computer anyway. It was more than enough to run a real operating system like Unix. In contrast, 16-bit processors could only address 64-kilobytes of memory, and weren't really practical for <i>real</i> computing.</p><p>The 68k didn't come with a MMU, but it allowed an extra MMU chip. Thus, the early 1980s saw an explosion of <i>workstations</i>&nbsp;and <i>servers</i>&nbsp;consisting of a 68k and an MMU. The most famous was Sun Microsystems launched in 1982, with their own custom designed MMU chip.</p><p>Sun and its competitors transformed the industry running Unix. Many point to IBM's PC from 1982 as the transformative moment in computer history, but these were non-real 16-bit systems that struggled with more than 64k of memory. IBM PC computers wouldn't become <i>real</i>&nbsp;until 1993 with Microsoft's Windows NT, supporting full 32-bits, memory-protection, and pre-emptive multitasking.</p><p>But except for Windows itself, the rest of computing is dominated by the Unix heritage. The phone in your hand, whether Android or iPhone, is a Unix computer that inherits almost nothing from the IBM PC.</p><p>These 32-bit Unix systems from the early 1980s still lagged behind DEC's VAX in performance. The VAX was considered a mini-supercomputer. The Unix workstations were mere toys in comparison. Too many tradeoffs were made in order to fit everything onto a single chip, too many sacrifices made.</p><p>Some people asked "<b>What if we make different tradeoffs?</b>"</p><p>Most people thought the VAX was the way of the future, and were all chasing that design. The 68k CPU was essentially a cut down VAX design. But history had anti-VAX designs that worked very differently, notably the CDC 6600 supercomputer from the 1960s and the IBM 801/ROMP processor from the 1970s.</p><p>It's not simply one tradeoff, but a bunch of inter-related tradeoffs. They snowball -- each choice you make changes the costs-vs-benefit analysis of other choices, changing them as well.</p><p>This is why people <b>can't agree upon a single definition of RISC</b>. It's not one tradeoff made in isolation, but a long list of tradeoffs, each part of a larger scheme.</p><p>In 1987, Motorola shipped its 68030 version of the 68k processor, chasing the VAX ideal. By then, we had ARM, SPARC, and MIPS processors that significantly outperformed it. Given a budget of roughly 100,000 transistors allowed by Moore's Law of the time, the RISC tradeoffs were better than VAX-like tradeoffs.</p><h4 style="text-align: left;">So really, what is RISC?</h4><p>Let's define things in terms of 1986, comparing the [ARM, SPARC, MIPS] processors called "RISC" to the [68030, 80386] processors that weren't "RISC". They all supported full 32-bit processing, memory-management, and preemptive multitasking operating systems like Unix.</p><p>The major ways RISC differed were:</p><p></p><ul style="text-align: left;"><li>fixed-length instructions (32-bits or 4-bytes each)</li><li>simple instruction decoding</li><li><b>horizontal vs. vertical microcode</b></li><li>deep pipelines of around 5 stages</li><li>load/store aka reg-reg</li><li>simple address modes</li><li>compilers optimized code</li><li>more registers</li></ul><p></p><p>If you are looking for the <i>one</i>&nbsp;thing that defines RISC, it's the thing that nobody talks about: <b>horizontal microcode</b>.</p><p>The VAX/68k/x86 architecture decoded <i>external</i>&nbsp;instructions into <i>internal</i>&nbsp;control ops that were pretty complicated, supporting such things as loops. Each <i>external</i> instruction executed an <i>internal</i>&nbsp;<b>microprogram</b>&nbsp;with a variable number of such operations.</p><p>The classic RISC worked differently. Each <i>external</i>&nbsp;instruction decoded into exactly 4 <i>internal</i>&nbsp;ops. Moreover, each op had a fixed purpose:</p><p></p><ol style="text-align: left;"><li>read from two registers into the ALU (arithmetic-logic unit)</li><li>execute a math operation in the ALU</li><li>access memory (well, the L1 cache)</li><li>write results back into one register</li></ol><p style="text-align: left;">(This explanation has been fudged and simplified, btw).</p><p style="text-align: left;">This internal detail was expressed externally in the instruction set, <b>simplifying decoding</b>. The external instructions specified two registers to read, an ALU opcode, and one register to write. All of this was fit into a constant 32-bits. In contrast, the [68k/x86/VAX] model meant a complex decoding of instructions with a large ROM containing microprograms.</p><p style="text-align: left;">Roughly half (50%) of the 68000's transistors contained this complex decoding logic and ROM. In contrast, for RISC processors, it was closer to 1%. All those transistors could be dedicated to other things. See how tradeoffs snowball? Saving so many transistors involved in instruction decoding meant being able to support other features elsewhere. It's not clear this is a benefit, however. This meant that RISC needed multiple instructions to do the same thing as a single [68k/x86/VAX] instruction.</p><p style="text-align: left;">This meant instructions could be <b>deeply pipelined</b>. Instructions could be overlapped. When reading registers for the <i>current</i> instruction, we can simultaneously be fetching the <i>next</i>, and performing the ALU calculation on the <i>previous</i>&nbsp;instruction. The classic RISC pipeline had 5 stages (the 4 mentioned above plus 1 for fetching the next instruction). Each clock cycle would execute part of 5 instructions simultaneous, each at a different stage in the pipeline.</p><p style="text-align: left;">This was called <i>scalar</i>&nbsp;operation, In previous processor, it would take a variable number of clock cycles for an instruction to complete. In RISC, every instruction had 5 clock cycle <b>latency</b> from beginning to end. And since execution was overlapped/pipelined, executing 5 instructions at a time, the <b>throughput</b>&nbsp;was one instruction per clock cycle.</p><p style="text-align: left;">All CPUs are pipelined to some extent, but they need complex <b>interlocks</b>&nbsp;to prevent things from colliding with each other, such as two pipelined instructions trying to read registers at the same time. RISC removed most of those interlocks, by strictly regulation what an instruction could do in each stage of the pipeline. Removing these interlocks reduced transistor count and sped things up. This could be one possible definition of RISC that you never hear of: it got rid of all these interlocks found in other processors.</p><p style="text-align: left;">Some pipeline conflicts were worse. Because pipelining, the results of an instruction won't be available until many clock cycles later. What if one instruction writes its results to register #5 (r5), and the very next instruction attempts to read from register #5 (r5)? It's too soon, it has to wait more clock cycles for the result.</p><p style="text-align: left;">The answer: don't do that. Assembly language programmers need to know this complication, and are told to simply not write code that does this, because then the program won't work.</p><p style="text-align: left;">This was anathema of the time. Throughout history to this point, each new CPU architecture also had a new operating-system written in assembly language, with many applications written in assembly language. Thus, a programmer-friendly assembly language was considered one of the biggest requirements for any new system. Requiring programmers to know such quirks lead to buggy code was simply unacceptable. <i>Everybody</i> knew that programmer-hostile instruction-sets would never work in the market, even if they performed faster and cheaper.</p><p style="text-align: left;">But technology is littered with what everybody knowing being wrong. In this case, by 1980 we had the&nbsp; C programming language that was essentially a "portable assembly language" and the Unix operating system written in C. The only people who needed to know about a quirky assembly language were the compiler writers. They would take care of all such problems.</p><p style="text-align: left;">That's why the history lesson above talks about Unix and <i>real</i> computing. Without Unix and C, RISC wouldn't have happened. An operating-system written in a high-level language was a prerequisite for RISC. It's as import an innovation as Moore's Law allowing 100,000 transistors to fit on a chip.</p><p style="text-align: left;">Because of the lack of complex decoding logic, the transistor budget was freed up to support such things as <b>more registers</b>. The Intel x86 architecture famously had 8 registers, while the RISC competitors typically had as many as 32. The limitation was decode space. It takes 5 bits to specify one of 32 possibilities. Given that most every instructions specified two registers to read from and one register to write to, that's 15 bits, or half of the instruction space, leaving 17 bits for other purposes.</p><p style="text-align: left;">The creators of the RISC, Hennessy and Patterson, wrote a textbook called a "<i>Computer Architecture: A Quantitative Approach</i>". It's horrible. It imagines a world where people need to be taught tradeoffs and transistor budgets. But there is no other approach than a quantitative one, it's like an economics textbook "Economics: A Supply And Demand Approach". While the textbook has a weird obsession with quantitative theory, it misses non quantitative tradeoffs, like the fact that RISC couldn't happen without C and Unix.&nbsp;</p><p style="text-align: left;">Among the snowballing tradeoffs is the <b>load/store</b>&nbsp;architecture, while at the same time, having fewer <b>addressing modes</b>. It's here that we need to go back and discuss history -- what the heck is an "<i>addressing mode</i>"????</p><p style="text-align: left;">In the beginning, computers had only a single general purpose register, called the <b>accumulator</b>. All calculations, like adding two numbers together, involved reading the second value from <b>memory</b> and combining with the first value already in the accumulator. All calculations, whether arithmetic (add, subtract) or logical (AND, OR, XOR) involved one value already in the register, and another value from memory.</p><p style="text-align: left;">Addresses have to be <b>calculated</b>. For example, when accessing elements in a table, we have to take the row number, multiply it by the size of the table, add an offset into the row for desired column, then add all that to the address at the start of the table. Then after calculating this address, we often want to increment the index to fetch the next row.</p><p style="text-align: left;">If the <i>table</i>&nbsp;base address and <i>row</i>&nbsp;index are held in registers, we might get a complex instructions like the following. This calculates and address using two registers<i>&nbsp;r10</i>&nbsp;and <i>r11</i>, fetches that value from memory, then adds it into register <i>r9</i>.</p><p style="text-align: left;"><i>&nbsp;ADD r9, [r10 + r11*8 + 4]</i></p><p style="text-align: left;">Such calculations embedded in the instruction-set were <b>necessary</b>&nbsp;for such early computers. While they had only a single <i>general purpose</i>&nbsp;register (the <i>accumulator</i>), they still had multiple special purpose registers used this way for address calculations.&nbsp;</p><p style="text-align: left;">For complex computers like the VAX, such <i>address modes</i>&nbsp;imbedded in instructions were no longer necessary, but still&nbsp;<b>desirable</b>. Half the work of the computer is in calculating memory addresses. It's very tedious for programmers to do it manually, easier when the instruction-set takes care of common memory access patterns (like accessing cells within a table).</p><p style="text-align: left;">This leads us to the <b>load/store</b> issue.</p><p style="text-align: left;">With many registers, we no longer need to read another value from memory (a <i>reg-mem</i>&nbsp;calculation). We can instead perform the calculation using two registers (<i>reg-reg</i>). The VAX had such <i>reg-reg</i>&nbsp;instructions, but programmers still mostly used the <i>reg-mem</i>&nbsp;instructions with the complex address calculations.</p><p style="text-align: left;">RISC changed this. Calculations were now exclusively <i>reg-reg,</i>&nbsp;where&nbsp;math operations like <i>addition</i>&nbsp;could only operate on registers. To add something from memory, you needed first to <i>load</i>&nbsp;it from memory into a register, using a separate, explicit instruction. Likewise, writing back to memory required an explicit <i>store</i>&nbsp;operation.</p><p style="text-align: left;">This architecture can be called either <i><b>reg-reg</b></i>&nbsp;or <i style="font-weight: bold;">load/store</i>, with the second name being more popular.</p><p style="text-align: left;">With RISC, addressing modes were still desirable, but now they applied to only the two <i>load</i> and <i>store</i> instructions.</p><p style="clear: both; text-align: left;">The available addressing modes were constrained by the limited RISC pipeline and limited 32-bit fixed-length instructions. Since the pipeline allowed for the reading of two registers at the start, adding two registers together to form the address was allowed. The example shown above was too complex, though.</p><p style="clear: both; text-align: left;">What you are supposed to be reading from all of this is that <b>all of these tradeoffs are linked</b>. Each decision that diverges from the ideal VAX-like architecture snowballed into other decisions that drifted further and further from this ideal, until what we had was something that looked nothing like a VAX.</p><p style="clear: both; text-align: left;">The upshot of these decisions was being able to reduce a 32-bit MMU CPU into roughly a single chip because it needed fewer transistors, while at the same time performing much faster. It required maybe twice as many instructions to perform the same tasks (mostly due to needing more complex address calculations due to lack of addressing modes), but performed them at maybe 5 times faster, for a significant speed up.</p><p style="clear: both; text-align: left;">At the time, the VAX was the standard benchmark target. When Sun shipped it's first SPARC RISC systems (the Sun-4), they benchmarked about twice as fast as the latest VAX systems, while being considerably cheaper.</p><h4 style="clear: both; text-align: left;">The end of RISC</h4><p style="clear: both; text-align: left;">By the late 1980s, everybody knew that RISC was the future. Sure, Intel continued with its x86 and Motorola with it's 68000, but that's because the market wanted backwards compatibility with legacy instruction-sets. Both attempted to build their own RISC alternatives, but failed. When backwards compatibility wasn't required, everybody created RISC processors, because for 32-bit MMU real computing, they were&nbsp; better. And everybody knew it.</p><p style="clear: both; text-align: left;">But of course, everybody was eventually wrong. Even as early as the 80486 in 1989, Intel was converting the innards of the processor into something that looked more RISC-like.</p><p style="clear: both; text-align: left;">The nail in the coffin came in 1995 with Intel's <i>Pentium Pro</i>&nbsp;processor that supported <i>out-of-order</i>&nbsp;(or <i>OoO</i>) processing. Again, it wasn't really a new innovation. Out-of-order instructions first appeared on 1960s era supercomputers from CDC and IBM. This was the first time that transistor budgets allowed it to be practically used on single-chip microprocessors.</p><p style="clear: both; text-align: left;">Transistor budgets were so high that designers no longer had to make basic painful tradeoffs. The decisions necessary trying to cram everything into 100,000 transistors were longer meaningful when you had more than 1-million transistors to work with. Instruction-set decoding requiring 20k transistors is important with small budgets, but meaningless with large budgets.</p><p style="clear: both; text-align: left;">With OoO, the microarchitecture inside the chip looks roughly the same, regardless if it's an Intel x86, ARM, SPARC, or whatever.</p><p style="clear: both; text-align: left;">This was proven in benchmarks. When Intel released its out-of-order&nbsp;<i>Pentium Pro</i>&nbsp;in 1995, it beat all the competing in-order RISC processors on the market.</p><p style="clear: both; text-align: left;">Everybody was wrong -- RISC wasn't the future, the future was OoO.</p><p style="clear: both; text-align: left;">One way of describing the <i>Pentium Pro</i>&nbsp;is that it "<i>translates x86 into RISC-like micro-ops</i>". What that really means is that instead of vertical microcode, it translated things into horizontal, pipelined micro-ops. Most of the typical math operations were split into two micro-ops, one a <i>load/store</i> operation, and the other a <i>reg-reg</i> operation. (Some x86 instructions need even more micro-ops: address calculation, then load/store, then ALU op).</p><p style="clear: both; text-align: left;">Intel still has an "x86 tax" decoding complex instructions. But in terms of pipeline stages, that tax only applies to the first stage. Typical OoO processors have at least 10 more stages after that. Even RISC instruction-set processors like ARM must translate external instructions into internal micro-ops.</p><p style="clear: both; text-align: left;">The only significant difference left is the fact that Intel's instructions are <b>variable length</b>. The <b>fixed length</b>&nbsp;instructions of RISC means that multiple can be fetched at once, and decoded all in parallel. This is impossible with Intel x86, they must at least partially be decoded serially, one before the next. You don't know where the next instruction starts until you've figured out the length of the current instruction.</p><p style="clear: both; text-align: left;">Intel and AMD find crafty ways to get around this. For example, AMD has often put hints in its instruction cache (L1I) to so that decoders can know the length of instructions. Intel has played around with "loop caches" (so-called because they are most useful for loops) that track instructions after they've been decoded, so they don't need to be decoded again.</p><p style="clear: both; text-align: left;">The upshot is that for most code, there's no inherent difference between x86 and RISC, they have essentially the same internal architecture for out-of-order (OoO) processors. No instruction-set has an inherent advantage over the other.</p><p style="clear: both; text-align: left;">And it's been that way since 1995.</p><p style="clear: both; text-align: left;">I mention this because bizarrely this cult has persisted for the last 30 years after OoO replaced RISC for high-end real computers. It ceased being a useful technical distinction, so what are techies still discussing it?</p><p style="clear: both; text-align: left;">They persist in believing dumb things, for which no amount of deprogramming is possible. For example, they look at mobile (battery powered) devices and note that they use ARM chips to conserve power. They make the assumption that there must be some sort of inherent power-efficiency advantage.</p><p style="clear: both; text-align: left;">This isn't true. These chips consume less power by simply being slower. Fewer transistors mean less power consumption. This meant while desktops/servers used power-hungry OoO processors, mobile phones went back to the transistor budgets of yesteryear, meaning back to in-order RISC.</p><p style="clear: both; text-align: left;">But as Moore's Law turned, transistors got smaller, to the point where even mobile phones got OoO chips. They use clever tricks to keep that OoO chip powered down most of the time, often including an in-order chip that runs slower on less power for minor tasks.</p><p style="clear: both; text-align: left;">We've reached the point where mobile and laptops now use the same chips, your MacBook uses (essentially) the same chip as your iPhone, which is the same chip as Apple desktops.</p><p style="clear: both; text-align: left;">Now Apple's M1 ARM (and hence RISC) processor is much better at power consumption than it's older Intel x86 chip, but <b>this isn't because it's RISC</b>. Apple did a good job at analyzing what people do on mobile devices like laptops and phones and optimized for that. For example, they added a lot of great JavaScript features, cognizant of the ton of online and semi-offline apps that are written in JavaScript. In contrast, Intel attempts to optimize a chip simultaneously for laptops, desktops, and servers, leading poorly optimizations for laptops.</p><p style="clear: both; text-align: left;">Apple also does crazy things like putting a high end GPU (graphics processor) on the same chip. This has the effect of making their M1 ARM CPU crazy good for desktops for certain applications, those requiring the sorts of memory-bandwidth normally needed by GPUs.</p><p style="clear: both; text-align: left;">But overall, x86 chips from AMD and Intel are still faster on desktops and servers.</p><p style="clear: both; text-align: left;">In addition to the fixed-length instructions providing a tiny benefit, ARM has another key advantage, but it has nothing to do with RISC. When they upgraded their instruction-set to support 64-bit instead of just 32-bit, they went back and redesigned it from scratch. This allowed them to optimize the new instruction-set for the OoO pipeline, such as removing some dependencies that slow things down.</p><p style="clear: both; text-align: left;">This was something that Intel couldn't do. When it came time to support 64-bit, AMD simply extended the existing 32-bit instructions. A long sequence of code often looks identical between the 32-bit and 64-bit versions of the x86 instruction-sets, whereas they look completely different on ARM 32-bit vs. 64-bit.</p><h3 style="clear: both; text-align: left;">What about RISC-V and ARM-on-servers?</h3><p style="text-align: left;">We've reached the point in tech where the <b>instruction-set doesn't matter</b>. It's not simply that code is written in high-level language. It's mostly that <b>micro-architectural details have converged</b>.</p><p style="text-align: left;">Take <b>byte-order</b>, for example. Back in the 1980s, most of the major CPUs in the world were <b>big-endian</b>, while Intel bucked the trend being <b>little-endian</b>. The reason is that some engineer made a simple optimization back when the&nbsp;8008 processor was designed for terminals, and because of backwards compatibility, the poor decision continues to plague x86 today.</p><p style="text-align: left;">Except when it annoys programmers debugging memory dumps, byte-order doesn't matter. Therefore, all the RISC processors allowed a simple bit to be set to switch processors from big-endian to little-endian mode.</p><p style="text-align: left;">Over time, that has caused everyone to match Intel's little-endianess, driven primarily by Linux. The kernel itself supports either mode, but a lot of drivers depend upon byte-order, and user-mode programs developed on x86 sometimes have byte-order bugs. As it was ported to architectures like ARM or PowerPC, most of the time it was done in little-endian mode. (You can get PowerPC Linux in big-endian, but the preference is little-endian, <a href="https://lwn.net/Articles/408845/">because drivers</a>).</p><p style="text-align: left;">The same effect happens even in things that aren't strictly CPU related, like memory and I/O. The tech stack has converged so that processors look more and more alike except for the instruction-set.</p><p style="text-align: left;">The convergence of architecture is demonstrated most powerfully by Apple's M1 transition, where they stopped using Intel's processors in their computers in favor of their custom ARM processor they created for the iPhone.</p><p style="text-align: left;">The MacBook Air M1 looks <i>identical</i>&nbsp;on the outside compared to the immediately preceding x86 MacBook. But more the the point, it performs almost identically <i>running x86 code</i>&nbsp;-- it runs x86 code at native x86 speeds but on an ARM CPU. The processors are so similar architecturally that instruction-sets could be converted on the fly -- it simply reads the x86 program, converts to ARM transparently on the fly, then runs the ARM version. Previous code translation attempts have incurred massive slowdowns to account for architectural differences, but the M1 cheated by removing any differences that weren't instruction-set related, allowing smooth translation of the instructions.</p><p style="text-align: left;"><b>Technically</b>, instruction-sets don't matter, but for <b>business</b> reasons, they still do. Intel and AMD control x86, and prevent others from building compatible processors. ARM lets others build compatible processors (indeed, making no CPUs themselves), but charges them a license fee.</p><p style="text-align: left;">Especially for processors on the low-end, people don't want to pay license fees.</p><p style="text-align: left;">For that reason, RISC V has become popular. For low-end processors (in-order microcontrollers competing against ARM Cortex Ms) in the 100,000 transistor range, it matters that an instruction-set be RISC. The only free alternative is the aging MIPS. It has annoying quirks, like "delay slots", which are fixed by RISC V. Since RISC V is an open standard, free of license fees, those designing their own low end processor have adopted it.</p><p style="text-align: left;">For example, <a href="https://riscv.org/wp-content/uploads/2016/07/Tue1100_Nvidia_RISCV_Story_V2.pdf">nVidia</a> uses RISC V extensively throughout its technology. GPUs contain tiny embedded CPUs to manage things internally. They have ARM licenses, but they don't want to pay the pennies it would cost for every unit that ARM charges. Likewise, Western Digital (a big hard-drive maker) designed a RISC V core for its drives.&nbsp;</p><p style="text-align: left;">There are a lot of RISC V fans due to the RISC cult who insist it should go everywhere, but it's not going anywhere for high-end processors. At the high-end, you are going to pay licensing fees for <i>designs</i> anyway. In other words, while big companies have the resources to design small in-order processors, they don't have the resources to design big OoO processors, and would therefore buy designs from others.</p><p style="text-align: left;">Amazon's AWS Graviton is a good example (ARM-based servers). They aren't licensing the instruction-set from ARM so much as the complete OoO CPU design. They include the ARM cores on a chip of Amazon's design, having memory, I/O, security features tailored to AWS use cases. Neither the instruction-set architecture or micro-architecture particularly matter to Amazon compared to all the other features of their chips.</p><p style="text-align: left;">Lots of big companies are getting into the custom CPU game, licensing ARM cores. Big tech companies tend to have their own programming language, their own operating systems, their own computer designs, and nowadays their own CPUs. This includes Microsoft, Google, Apple, Facebook, and so on. The advantage of ARM processors (or in the future, possibly RISC V processors) isn't their RISC nature, or their instruction-sets, but the fact they are big processor designs that others can included with their own chips. There is no inherent power efficiency or speed benefit -- only the business benefit.</p><h3 style="clear: both; text-align: left;">Conclusion</h3><p style="text-align: left;">This blogpost is in reaction to that blogpost I link above. That writer just recycles old RISC rhetoric of the past 30 years, like claiming it's a "design philosophy". It, it was a set of tradeoffs meaningful to small in-order chips -- the best way of designing a chip with 100,000 transistors.</p><p style="text-align: left;">The term "RISC" has been obsolete for 30 years, and yet this nonsense continues. One reason is the Penisy textbook that indoctrinates the latest college students. Another reason is the political angle, people hating whoever is dominant (in this case, Intel on the desktop). People <i>believe</i>&nbsp;in RISC, people <i>evangelize</i>&nbsp;RISC. But it's just a cult, it's all junk. Any conversation that mentions RISC can be improved by removing the word "RISC".</p><p style="text-align: left;">OoO has replaced RISC as the dominant architecture for CPUs, and it did so in 1995, and ever since then, the terminology "RISC" is obsolete. The only thing you care about when looking at chips is whether it's an <b>in-order</b> design or an <b>out-of-order</b> design. Well, that's if you care about theory. If you care about practice, you care about whether it supports your legacy tooling and code. In the real world, whether you use x86 or ARM or MIPS or PowerPC is simply because of legacy market conditions. We still launch rockets to Mars using PowerPC processors because that's what the market for radiation-hardened CPUs has always used.</p><p></p></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/6123534176871645490/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=6123534176871645490' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/6123534176871645490'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/6123534176871645490'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2022/10/the-risc-deprogrammer.html' title='The RISC Deprogrammer'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-6145801374507785535</id><published>2022-07-03T19:02:00.003-04:00</published><updated>2023-12-05T15:53:27.153-05:00</updated><title type='text'>DS620slim tiny home server</title><content type='html'><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnkD8CEmE4nfqwbYIso9-11DW14e7MBd4qen-74Nb8jaDVOUAm8U3pV52fRLsz33ggypH5gc1AqFDnn7OAofFflDonndyXnkkJ5XZhNPDIFqKhNPOaTGPCfYZkkqO04dpAhbRb/" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="" data-original-height="400" data-original-width="668" height="192" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnkD8CEmE4nfqwbYIso9-11DW14e7MBd4qen-74Nb8jaDVOUAm8U3pV52fRLsz33ggypH5gc1AqFDnn7OAofFflDonndyXnkkJ5XZhNPDIFqKhNPOaTGPCfYZkkqO04dpAhbRb/" width="320" /></a></div>In this blogpost, I describe the Synology <a href="https://www.synology.com/en-us/products/DS620slim">DS620slim</a>. Mostly these are notes for myself, so when I need to replace something in the future, I can remember how I built the system. It's a "NAS" (network attached storage) server that has six hot-swappable bays for 2.5 inch laptop drives.</div><div><br /></div><div>That's right, <b>laptop 2.5 inch drives</b>. It makes this a tiny server that you can hold in your hand.</div><div><br /></div><div>The purpose of a NAS is <b>reliable</b>&nbsp;storage. All disk drives eventually fail. If you stick a USB external drive on your desktop for backups, it'll eventually crash, losing any data on it. A failure is unlikely tomorrow, but a spinning disk will almost certainly fail some time in the next 10 years. If you want to keep things, like photos, for the rest of your life, you need to do something different.</div><div><br /></div><div>The solution is RAID, an array of&nbsp;<b>redundant disks</b>&nbsp;such that when one fails (or even two), you don't lose any data. You simply buy a new disk to replace the failed one and keep going. With occasional replacements (as failures happen) it can last decades. My <a href="https://blog.erratasec.com/2017/09/5-years-with-home-nasraid.html">older NAS is 10 years old</a> and I've replaced all the disks, one slot replaced twice.</div><span><a name='more'></a></span><div><br /></div><div>This can be <b>expensive.</b>&nbsp;A NAS requires a separate box in addition to lots of drives. In my case, I'm spending $1500 for a 18-terabytes of disk space that would cost only $400 as an external USB drive. But amortized for the expected 10+ year lifespan, I'm paying $15/month for this home system.</div><div><br /></div><div>This unit is not just disk drives but also a <b>server</b>. Spending $500 just for a box to hold the drives is a bit expensive, but the advantage is that it's also a server that's powered on all the time. I can setup tasks to run on regular basis that would break if I tried to regularly run them on a laptop or desktop computer.</div><div><br /></div><div>There are lots of <b>do-it-yourself</b> solutions (like the Radaxa Taco carrier board for a Raspberry Pi 4 CM running Linux), but I'm choosing this solution because I want something that just works without any hassle, that's configured for exactly what I need. For example, eventually a disk will fail and I'll have to replace it, and I know now that this is something that will be effortless when it happens in the future, without having to relearn some arcane Linux commands that I've forgotten years ago.</div><div><br /></div><div>Despite this, I'm a geek who obsesses about things, so I'm still going to do possibly unnecessary things, like upgrading hardware: memory, network, and fan for an optimized system. Here are all the components of my system:</div><div><ul style="text-align: left;"><li>$500 - <a href="https://www.newegg.com/synology-ds620slim/p/N82E16822108621?Item=9SIA2F89SD8662">DS620slim </a>unit</li><li>$1000 - 6x Seagate Barracuda 5TB 2.5 inch laptop drive (<a href="https://www.amazon.com/dp/B01M0AADIX">ST5000LM000</a>)</li><li>$100 - 2x Crucial 8GB DDR3 SODIMMs (<a href="https://www.amazon.com/dp/B00JCRZ6XS">CT2K102464BF186D</a>) or 2x <a href="https://www.amazon.com/dp/B0CJMWN8JG">OWC</a>&nbsp;(update: in building a new system in 2023-December, the Crucial memory didn't work, but the OWC memory did).</li><li>$30 - 2.5gbps Ethernet USB (<a href="https://amazon.com/dp/B07VNFLTLD">CableCreation B07VNFLTLD</a>)</li><li>$15 - <a href="https://amazon.com/dp/B00NEMGCRQ">Noctua NF-A8 ULN</a> ultra silent fan</li><li>$360 - WD Elements 18TB USB drive (<a href="https://www.amazon.com/dp/B08KTRBHP1">WDBWLG0180HBK-NESN</a>)</li></ul></div><div>You can save a bunch of money by going down to 4TB drives (and a 14TB backup USB drive), but I chose the larger 5TB drives.</div><h2 style="text-align: left;">Disk Drives</h2><div>The most important reason for choosing this product is the smaller <b>2.5-inch disk drives </b>(sized for laptops). Otherwise, you should buy one of the larger (<i>much larger</i>) system that'll holder standard sized drives.</div><div><br /></div><div>The drives will be largest cost. A 5TB spinning disk costs ~$150, or an 8TB SSD flash costs ~$700. Buying 6 of them is your largest investment. You don't have to fill up the system, or buy the largest drives, but if you put in the time and effort, you might as well go all the way. On a cost-per-gigabyte, the larger drives seem to be best price.</div><div><br /></div><div>As you know, there are only three manufacturers remaining for spinning rust drives: Seagate, Western Digital (WD), and Toshiba. Also as you know, laptops have moved away from rotating disks, adopting SSDs instead. Thus, the 2.5 inch form factor for spinning disks is likely dead. For right now, they are a lot cheaper than SSDs, a fifth of the price. In the future, when a drive dies on the array, I'll likely have to replace it with an SSD, because a replacement spinning disk is no longer available. The SATA SSD itself is eventually going to disappear (to be replaced by NVMe SSDs), but they should still be around a decade from now when I need replacement drives. (I plan on the NAS lasting a decade before I have to upgrade and move the data).</div><div><br /></div><div>The <b>internal</b> 5TB drives are a bit expensive. One strategy would be to instead buy <b>external </b>USB drives and "shuck" them, removing the USB enclosure to get at the drives themselves. It's a common strategy when under certain market conditions, external drives are cheaper than internal drives. I tried buying a <a href="https://www.amazon.com/dp/B07X41PWTY">$100 5TB Western Digital external drive</a>. It didn't work -- it wasn't a SATA drive in a USB enclosure, but was natively USB on the circuit board. I'm using it as a Raspberry Pi 4 drive instead for storing blockchain info.</div><div><br /></div><div>Inserting the drive into the 620slim is easy: just pop out the carrier, add the drive, and pop it back in. The carrier comes with little posts on one side that fit the screw holes, meaning you only need to screw in the other side with 2 screws -- or you can forgo the screws altogether.</div><div><br /></div><div>The carriers have locks, to prevent people from accidentally pulling out a drive, but I don't use them. In 5 years when a drive fails and I need to replace it, I don't want to go hunting for these keys. The entire strategy I'm using here is that when failure happens, I'll fix it right away rather than finding reasons to procrastinate. I've had to replace 3 failed drives in my previous NAS, and this worked well.</div><div><br /></div><h2 style="text-align: left;">Memory</h2><div>The DS620slim comes with 2-gigabytes of memory, in a single SO-DIMM slot. There's a second empty SO-DIMM slot. (SO-DIMMs are the smaller form factor for memory that's intended for notebook computers and tiny servers).</div><div><br /></div><div>Synology will <b>officially </b>sell you a 4-gig SO-DIMM to put in the empty slot, bringing total memory to 6-gigs.</div><div><br /></div><div><b>Unofficially</b>, you can get two of these, using the second to replace the existing 2-gigs, brining it to 8-gigs total.</div><div><br /></div><div>Even <b>more unofficially</b>, you can go to 16gigs. According to Intel's official spec sheet for the <a href="https://ark.intel.com/content/www/us/en/ark/products/95597/intel-celeron-processor-j3355-2m-cache-up-to-2-50-ghz.html">J3355 CPU</a>, it only supports 8-gigs. Such numbers are usually conservative, reflecting the memory available at the time. When larger capacities appear later, they usually work. Such is the case here, where I put in 16-gigs total using <a href="https://www.amazon.com/dp/B00JCRZ6XS">Crucial SO-DIMMs</a>&nbsp;(two 8-gig DIMMs).</div><div><br /></div><div>I recommend expanding memory here, if only an extra 2gig DIMM to fill that free space. It's a quick and easy replacement, just unscrew the bottom plate and insert the memory.</div><div><br /></div><h2 style="text-align: left;">Ethernet</h2><div>The unit only comes with gigabit Ethernet. This can be a bottleneck, so we want to speed that up.</div><div><br /></div><div>It comes with two Ethernet ports, which support <b>aggregation</b>, but I couldn't get a speed increase. It seems they'll speed things up if there are at least two devices talking to the NAS, but won't speed up when there's only one client. But then, if you have two clients, then things will slow down anyway, because accesses are no longer sequential.</div><div><br /></div><div>The solution is to use a faster Ethernet adapter, like 2.5gig, 5gig, or 10gig. There's no PCIe slot in the device, but it does have USB 3. I can therefore use a 2.5gbps or 5gbps dongle.</div><div><br /></div><div>I benchmarked the three options, and found the following performance, in mbps (mega-bits per second). This was measured with large sequential transfers, small or random transfers are roughly the same speed, around 350mbps, for all three adapters.</div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjV74s7B8eQjQkXS7UFOIYLoPvZEMISsMW1tgFxbTlv6iEZAuOykrexo4GJbuiaQoQajqFqxLREDd6Yqv6mmAbgd6LfNqprLlue33iw8dK_lV8hxgdI-6x0ob6HwmdGgD3gYiik/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="127" data-original-width="305" height="133" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjV74s7B8eQjQkXS7UFOIYLoPvZEMISsMW1tgFxbTlv6iEZAuOykrexo4GJbuiaQoQajqFqxLREDd6Yqv6mmAbgd6LfNqprLlue33iw8dK_lV8hxgdI-6x0ob6HwmdGgD3gYiik/" width="320" /></a></div></div><br />There's a big jump in performance using the 2.5gbps adapter, but only a marginal increase using the 5gbps adapter.</div><div><br /></div><div>Synology doesn't support the adapters directly. To install them, I used the following steps with the following project:</div><div><ol style="text-align: left;"><li>Enable SSH, using (Control Panel -&gt; Terminal). If you are a geek, you've already done this.</li><li>Go to&nbsp;<a href="https://github.com/bb-qq/r8152">this GitHub project</a>&nbsp;and download the&nbsp;the&nbsp;<span style="font-family: courier;"><a href="https://github.com/bb-qq/r8152/releases/download/2.15.0-5/r8152-apollolake-2.15.0-5.spk">r8152-apollolake-2.15.0-5.spk</a></span>&nbsp;file (from the Releases section) to your local computer. Your DS620slim has an Apollo Lake CPU, so that's the package we are using.</li><li>Use the "Package Center" to do a "Manual" install, and upload this SPK file. If you get an error saying you don't have permissions, log out and back in. Otherwise, you'll first get a warning saying the driver isn't supported by Synology, and eventually you'll get the error "Failed to install package". This is supposed to happen.</li><li>From the SSH command-line, run the command:</li><li><span style="font-family: courier;">sudo install -m 4755 -o root -D /var/packages/r8152/target/r8152/spk_su /opt/sbin/spk_su</span></li><li>Now repeat the step using "Packet Center" to do a "Manual" install. If you didn't close the window that you had open, you can just click on the "Done" button a second time and it'll work.</li><li>Now reboot, and plug in the USB adapter.</li></ol></div><div>For 5-gbps, you can use go through the same process to install <a href="https://github.com/bb-qq/aqc111">Aquantia aqc111 drivers</a>. I did this to get a <a href="https://amazon.com/dp/B08977K9D2">Sabrent NT-SS5G</a> adapter to work.</div><div><br /></div><div>In practice, when transferring large files, you still aren't going to be able to exceed 2.5gbps much, so I just use the slower adapter. It's cheaper and uses a lot less electrical power (a 2.5gbps Ethernet adapter is noticeably cooler than a 5gbps, which is in turn noticeably cooler than 10gbps).</div><div><br /></div><h2 style="text-align: left;">Fan</h2><div>The unit comes with a small fan that by default will run in "quiet" mode, but under load, the noise becomes noticeable. A cheap $15 gets a fan that runs a lot quieter, like a <a href="https://amazon.com/dp/B00NEMGCRQ">Noctua</a> fan famous for this. Replacing the fan doesn't require any tools, as it's held in by rubber thingies.</div><div><br /></div><div>This allows me to run the fan at a higher speed, with less noise, which keeps everything even cooler. Since I plan on a 10 year lifespan with rotating disks, I figure lower temperatures will be better for longevity.</div><div><br /></div><h2 style="text-align: left;">USB drive backups</h2><div>RAID6 gives pretty good safety, allowing two drives to fail with no data loss. The term "RAID5" means one redundant disk, the term "RAID6" means two redundant disks.</div><div><br /></div><div>But you should still do backups. The NAS itself can fail. Or, ransomware can delete all the files. There's lots of possible failures.</div><div><br /></div><div>One of the neat things with Synology is that it's easy to schedule regular backups to an external USB drive.</div><div><br /></div><div>In my case, I'm using an 18 terabyte USB drive costing $400 for backups. I just schedule it and forget it, backups always happen, and ransomware on Windows machines can delete everything on the NAS but can't touch the backup.</div><div><br /></div><h2 style="text-align: left;">UPS (Uninterruptable Power Supply)</h2><div>For a small NAS, I bought a <a href="https://amazon.com/dp/B013JHYQNC">small UPS</a>. This is some weird APC unit that I got on close-out for $100. It's such a weird little product that I don't think it was very popular.</div><div><br /></div><div>It's a lithium ion UPS. The price for lithium batters, especially&nbsp;LiFePO4, is approaching the point where they are price competitive with traditional lead acid batteries. This is especially true considering that they last longer in UPS applications than lead acid.</div><div><br /></div><h2 style="text-align: left;">File system</h2><div>Now with hardware out of the way, let's talk software. Once you insert the drives, plug in the Ethernet, and turn on the power, you access the device with a web browser and configure from there.</div><div><br /></div><div>There are several choices for how you want to configure RAID and the filesystem.</div><div><br /></div><div>I chose <a href="https://en.wikipedia.org/wiki/Btrfs">BTRFS</a> on top of RAID6.</div><div><br /></div><div>BTRFS is a new Linux filesystem that's increasingly becoming the default. It's major feature is that it includes checksums for files as part of their metadata (along with filenames and timestamps). This allows the filesystem to detect when a file has become corrupted, so that the file can be repaired. Bits will rot on hard disk, so files can become corrupted over time even if the files are never written to or read. Scrubbing prevents this from happening. With Synology, I simply configure it to scrub the entire filesystem every month.</div><div><br /></div><div>This is not "btrfs-raid", but "btrfs-on-raid6". BTRFS has some experimental RAID built-in, but it's buggy and doesn't really work. Instead, I first create a RAID6 array combining multiple drives into a single virtual drive, then put BTRFS on top of that.</div><div><br /></div><div>These boxes are designed to allow multiple filesystems to be created, but I create simply the one. I do have multiple "shares", though, such as for videos and music, but these are still just directories on the same filesystem.</div><div><br /></div><div>I also occasionally take "snapshots". I'm not sure how that works since I've never restored a snapshot, but in principle it'll be quicker restoring from backups.</div><div><br /></div><h2 style="text-align: left;">Summary</h2><div>If you are looking for between 16TB and 20TB, for more personal use than a large office, it's rather perfect. Yea, it'll be 4 times more expensive than just getting an external USB drive, but it's RAID and it's own server.</div><div><br /></div><div>It's so cute I got a second one and filled it with 2TB SSDs, for database accesses that spend a lot of time searching through large database of poorly indexed data (like password dumps).</div><div><br /></div></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/6145801374507785535/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=6145801374507785535' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/6145801374507785535'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/6145801374507785535'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2022/07/ds620slim-tiny-home-server.html' title='DS620slim tiny home server'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgnkD8CEmE4nfqwbYIso9-11DW14e7MBd4qen-74Nb8jaDVOUAm8U3pV52fRLsz33ggypH5gc1AqFDnn7OAofFflDonndyXnkkJ5XZhNPDIFqKhNPOaTGPCfYZkkqO04dpAhbRb/s72-c" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-5304991896640692146</id><published>2022-01-31T15:33:00.003-05:00</published><updated>2022-01-31T15:33:58.536-05:00</updated><title type='text'>No, a researcher didn't find Olympics app spying on you</title><content type='html'><p>For the Beijing 2022 Winter Olympics, the Chinese government requires everyone to download an app onto their phone. It has many security/privacy concerns, as <a href="https://citizenlab.ca/2022/01/cross-country-exposure-analysis-my2022-olympics-app/">CitizenLab documents</a>. However, another researcher goes further, claiming <a href="https://twitter.com/jonathandata1/status/1486458526767661060">his analysis</a> proves the app is recording all audio all the time. His analysis is fraudulent. He shows a lot of technical content that looks plausible, but nowhere does he show anything that substantiates his claims.</p><p><span></span></p><a name='more'></a>Average techies may not be able to see this. It all looks technical. Therefore, I thought I'd describe one example of the problems with this data -- something the average techie can recognize.<p></p><p>His "evidence" consists screenshots from reverse-engineering tools, with red arrows pointing to the suspicious bits. An example of one of these screenshots is this on:</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEht_qbSj6D-i35cKD8v5I-exLu35CuNci3C7XB9NtawR8fXjjojtWePt69v96CAwtax02bG8nnOp-_HsIsbMiOCntQvDPpdUfM_EIzE-5UF0c0nPaGB2lrp6fSZTJUoHCgq3xEqceTpGVnMBjFPlsXMGlSvGoT-qIE1XhuUL49jNjchwhpKug" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="545" data-original-width="848" height="206" src="https://blogger.googleusercontent.com/img/a/AVvXsEht_qbSj6D-i35cKD8v5I-exLu35CuNci3C7XB9NtawR8fXjjojtWePt69v96CAwtax02bG8nnOp-_HsIsbMiOCntQvDPpdUfM_EIzE-5UF0c0nPaGB2lrp6fSZTJUoHCgq3xEqceTpGVnMBjFPlsXMGlSvGoT-qIE1XhuUL49jNjchwhpKug" width="320" /></a></div><div><br /></div><div>This screenshot is that of a reverse-engineering tool (Hopper, I think) that takes code and "disassembles" it. When you dump something into a reverse-engineering tool, it'll make a few assumptions about what it sees. These assumptions are <b>usually wrong</b>. There's a process where the human user looks at the analyzed output, does a "sniff-test" on whether it looks reasonable, and works with the tool until it gets the assumptions correct.</div><div><br /></div><div>That's the red flag above: the researcher has dumped the results of a reverse-engineering tool without recognizing that something is wrong in the analysis.</div><p>It fails the sniff test. Different researchers will notice different things first. Famed google researcher Tavis Ormandy&nbsp;<a href="https://twitter.com/taviso/status/1487089870749069313">points out</a>&nbsp;one flaw. In this post, I describe what jumps out first to me. That would be the 'imul' (multiplication) instruction shown in the blowup below:</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEil0gizOZOCfgPxDhWNvcVb4kLzGZ2uuK2vA3j5sSZwhlbbZcnv4nOyRE-JF_GmJ36giTl612W6LQDaFXejNeKgnDxf62sfSYCA647I3KWqK0IP7LwJY214i-z42UAhrs4SgZCOm2p3Ugbu8Zvu9OS0EE2Zu9ywjkWJuDLHS3XOt_BTPmYYyA" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="210" data-original-width="1050" height="64" src="https://blogger.googleusercontent.com/img/a/AVvXsEil0gizOZOCfgPxDhWNvcVb4kLzGZ2uuK2vA3j5sSZwhlbbZcnv4nOyRE-JF_GmJ36giTl612W6LQDaFXejNeKgnDxf62sfSYCA647I3KWqK0IP7LwJY214i-z42UAhrs4SgZCOm2p3Ugbu8Zvu9OS0EE2Zu9ywjkWJuDLHS3XOt_BTPmYYyA" width="320" /></a></div><br />It's obviously ASCII. In other words, it's a series of bytes. The tool has tried to interpret these bytes as Intel x86 instructions (like 'and', 'insd', 'das', 'imul', etc.). But it's obviously not Intel x86, because those instructions make no sense.<div><p></p><p>That 'imul' instruction is multiplying something by the (hex) number 0x6b657479. That doesn't look like a number -- it looks like four lower-case ASCII letters. ASCII lower-case letters are in the range 0x61 through 0x7A, so it's not the single 4-byte number 0x6b657479 but the 4 individual bytes 6b 65 74 79, which map to the ASCII letters 'k', 'e', 't', 'y' (actually, because "little-endian", reverse order, so "ytek").</p><p>No, no. Techies aren't expected to be able to <i>read</i>&nbsp;hex this way. Instead, we are expected to <i>recognize</i>&nbsp;what's going on. I just used a <a href="http://www.unit-conversion.info/texttools/hexadecimal/">random website</a> to interpret hex bytes as ASCII.</p><p>There are 26 lower case letters, roughly 10% of the 256 possible values for a byte. Thus, the chance that a random 4 byte number will consist of all lower-case letters is 1-in-10,000. Moreover, multiplication by strange constants happens even more rarely. You'll commonly see multiplications by small numbers like 48, or large well-formed numbers like 0x1000000. You pretty much never see multiplication by a number like 0x6b657479, baring something rare like an LCG.</p><p>QED: this isn't actually an Intel x86 imul instruction, it's ASCII text that the tool has tried to interpret as x86 instructions.</p><p><b>Conclusion</b></p><p>At first glance, all those screenshots by the researcher look very technical, which many will assume supports his claims. But when we actually look at them, none of them support his claims. Instead, it's all just handwaving nonsense. It's clear the researchers doesn't understand them, either.</p><p><br /></p></div></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/5304991896640692146/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=5304991896640692146' title='2 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/5304991896640692146'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/5304991896640692146'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2022/01/no-researcher-didnt-find-olympics-app.html' title='No, a researcher didn't find Olympics app spying on you'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://blogger.googleusercontent.com/img/a/AVvXsEht_qbSj6D-i35cKD8v5I-exLu35CuNci3C7XB9NtawR8fXjjojtWePt69v96CAwtax02bG8nnOp-_HsIsbMiOCntQvDPpdUfM_EIzE-5UF0c0nPaGB2lrp6fSZTJUoHCgq3xEqceTpGVnMBjFPlsXMGlSvGoT-qIE1XhuUL49jNjchwhpKug=s72-c" height="72" width="72"/><thr:total>2</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-8483431279487229778</id><published>2021-12-07T20:35:00.004-05:00</published><updated>2021-12-07T20:39:22.939-05:00</updated><title type='text'>Journalists: stop selling NFTs that you don't understand</title><content type='html'><p>The reason you don't really understand NFTs is because the journalists describing them to you don't understand them, either. We can see that when they attempt to sell an NFT as part of their stories (e.g. <a href="https://www.coindesk.com/markets/2021/03/12/associated-press-nft-artwork-sells-for-180k-in-ether/">AP</a> and <a href="https://www.nytimes.com/2021/03/26/technology/nft-sale.html">NYTimes</a>). They get important details wrong.</p><p>The latest is <a href="https://reason.com/2021/12/01/own-a-piece-of-reason-history/">Reason.com magazine selling an NFT</a>. As libertarians, you'd think at least they'd get the technical details right. But they didn't. Instead of selling an NFT of the artwork, it's just an NFT of a URL. The URL points to OpenSea, which is known to remove artwork from its site (such as in response to DMCA takedown requests).</p><p>If you buy that Reason.com NFT, what you'll actually get is a token pointing to:</p><p><a href="https://api.opensea.io/api/v1/metadata/0x495f947276749Ce646f68AC8c248420045cb7b5e/0x1F907774A05F9CD08975EBF7BF56BB4FF0A4EAF0000000000000060000000001">https://api.opensea.io/api/v1/metadata/0x495f947276749Ce646f68AC8c248420045cb7b5e/0x1F907774A05F9CD08975EBF7BF56BB4FF0A4EAF0000000000000060000000001</a></p><p>This is just the metadata, which in turn contains a link to the claimed artwork:</p><p><a href="https://lh3.googleusercontent.com/8Q2OGcPuODtCxbTmlf3epFGOqbfCbs4fXZ2RcIMnLpRdTaYHgqKArk7uETRdSZmpRAFsNE8KB4sFJx6czKE5cBKB1pa7ovc4wBUdqQ">https://lh3.googleusercontent.com/8Q2OGcPuODtCxbTmlf3epFGOqbfCbs4fXZ2RcIMnLpRdTaYHgqKArk7uETRdSZmpRAFsNE8KB4sFJx6czKE5cBKB1pa7ovc4wBUdqQ</a></p><p>If either OpenSea or Google removes the linked content, then any connection between the NFT and the artwork disappears.</p><p>It doesn't have to be this way. The correct way to do NFT artwork is to point to a "hash" instead which uniquely identifies the work regardless of where it's located. That <a href="https://blog.erratasec.com/2021/03/deconstructing-that-69million-nft.html">$69 million Beeple piece</a> was done this correct way. It's completely decentralized. If the entire Internet disappeared except for the Ethereum blockchain, that Beeple NFT would still work.</p><p>This is an analogy for the entire blockchain, cryptocurrency, and Dapp ecosystem: the hype you hear ignores technical details. They promise an entirely decentralized economy controlled by math and code, rather than any human entities. In practice, almost everything cheats, being tied to humans controlling things. In this case, the "Reason.com NFT artwork" is under control of OpenSea and not the "owner" of the token.</p><p>Journalists have a problem. NFTs selling for millions of dollars are newsworthy, and it's the journalists place to report news rather than making judgements, like whether or not it's a scam. But at the same time, journalists are trying to explain things they don't understand. Instead of standing outside the story, simply quoting sources, they insert themselves into the story, becoming advocates rather than reporters. They can no longer be trusted as an objective observers.</p><p>From a fraud perspective, it may not matter that the Reason.com NFT points to a URL instead of the promised artwork. The entire point of the blockchain is <i>caveat emptor in action</i>. Rules are supposed to be governed by code rather than companies, government, or the courts. There is no undoing of a transaction even if courts were to order it, because it's math.</p><p>But from a journalistic point of view,&nbsp; this is important. They failed at an honest description of what actually the NFT contains. They've involved themselves in the story, creating a conflict of interest. It's now hard for them to point out NFT scams when they themselves have participated in something that, from a certain point of view, could be viewed as a scam.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEisSQVAVEvUg5zjSZndwshn9yvxa23_CJq6gXtiMBy69qekJ8CA98P6x7cnuNRPxFoIu7SNMI2oA8twEHac417lvr3Act_L3Xl4B4MPcdCCDVmwYNPk60nY6xpf2ws8a1sE3ycrK04z6dz_zy2hgFeRYd3JTuEjeOBO1BAblp-xFInuAC2NbQ=s1926" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1050" data-original-width="1926" height="217" src="https://blogger.googleusercontent.com/img/a/AVvXsEisSQVAVEvUg5zjSZndwshn9yvxa23_CJq6gXtiMBy69qekJ8CA98P6x7cnuNRPxFoIu7SNMI2oA8twEHac417lvr3Act_L3Xl4B4MPcdCCDVmwYNPk60nY6xpf2ws8a1sE3ycrK04z6dz_zy2hgFeRYd3JTuEjeOBO1BAblp-xFInuAC2NbQ=w400-h217" width="400" /></a></div><br /><p><br /></p></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/8483431279487229778/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=8483431279487229778' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/8483431279487229778'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/8483431279487229778'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/12/journalists-stop-selling-nfts-that-you.html' title='Journalists: stop selling NFTs that you don't understand'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://blogger.googleusercontent.com/img/a/AVvXsEisSQVAVEvUg5zjSZndwshn9yvxa23_CJq6gXtiMBy69qekJ8CA98P6x7cnuNRPxFoIu7SNMI2oA8twEHac417lvr3Act_L3Xl4B4MPcdCCDVmwYNPk60nY6xpf2ws8a1sE3ycrK04z6dz_zy2hgFeRYd3JTuEjeOBO1BAblp-xFInuAC2NbQ=s72-w400-h217-c" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-5882299128802596099</id><published>2021-11-07T20:09:00.001-05:00</published><updated>2021-11-07T20:09:32.980-05:00</updated><title type='text'>Example: forensicating the Mesa County system image</title><content type='html'><p>Tina Peters, the election clerk in Mesa County (Colorado) <a href="https://www.washingtonpost.com/investigations/an-elections-supervisor-embraced-conspiracy-theories-officials-say-she-has-become-an-insider-threat/2021/09/26/ee60812e-1a17-11ec-a99a-5fea2b2da34b_story.html">went rogue</a> and dumped disk images of an election computer on the Internet. They are available on the Internet via BitTorrent [<a href="magnet:?xt=urn:btih:dc654b50ec08a8ad5d8f6275f9cd4fcae29686c1&amp;dn=Mesa1">Mesa1</a>][<a href="magnet:?xt=urn:btih:ef534e78bbe71b3908ccf074d6d40077a3a63074&amp;dn=Mesa2">Mesa2</a>], The Colorado Secretary of State is now suing her over the incident.</p><p>The lawsuit describes the facts of the case, how she entered the building with an accomplice on Sunday, May 23, 2021. I thought I'd do some forensics on the image to get more details.</p><p>Specifically, I see from the Mesa1 image that she logged on at 4:24pm and was done acquiring the image by 4:30pm, in and (presumably) out in under 7 minutes.</p><p>In this blogpost, I go into more detail about how to get that information.</p><p><br /></p><p><b>The image</b></p><p>To download the Mesa1 image, you need a program that can access BitTorrent, such as the Brave web browser or a BitTorrent client like qBittorrent. Either click on the "magnet" link or copy/paste into the program you'll use to download. It takes a minute to gather all the "metadata" associated with the link, but it'll soon start the download:</p><p>What you get is file named EMSSERVER.E01. This is a container file that contains both the raw disk image as well as some forensics metadata, like the date it was collected, the forensics investigator, and so on. This container is in the well-known "EnCase Expert Witness" format. EnCase is a commercial product, but its container format is a quasi-standard in the industry.</p><p>Some freeware utilities you can use to open this container and view the disk include "FTK Imager", "Autopsy", and on the Linux command line, "ewf-tools".</p><p>However you access the E01 file, what you most want to look at is the Windows operating-system logs. These are located in the directory C:\Windows\system32\winevtx. The standard Windows "Event Viewer" application can load these log files to help you view them.</p><p>When inserting a USB drive to create the disk image, these event files will be updated and written to that disk before the image was taken. Thus, we can see in the event files all the events that happen right before the disk image happens.</p><p><br /></p><div><p><b>Disk image acquisition</b></p><p>Here's what the event logs on the Mesa1 image tells us about the acquisition of the disk image itself.</p><p>The person taking the disk image logged in at 4:24:16pm, directly to the console (not remotely), on their second attempt after first typing an incorrect password. The account used was "emsadmin". Their NTLM password hash is&nbsp;9e4ec70af42436e5f0abf0a99e908b7a. This is a "role-based" account rather than an individual's account, but I think Tina Peters is the person responsible for the "emsadmin" roll.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVJlvZ3B1XIbm9111Azfh0IYzsO6TfHb3JQVkcf2gt_gPj6G-9Kv7v4lfdNMwlfwAlsXkkEXk0RYKSkiIqqsdsoDTSHYDodsedSDqffGxtgeNno2X1dgnbm8lo4OyY5KsOrxdS/" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img data-original-height="1434" data-original-width="1500" height="191" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVJlvZ3B1XIbm9111Azfh0IYzsO6TfHb3JQVkcf2gt_gPj6G-9Kv7v4lfdNMwlfwAlsXkkEXk0RYKSkiIqqsdsoDTSHYDodsedSDqffGxtgeNno2X1dgnbm8lo4OyY5KsOrxdS/w200-h191/image.png" width="200" /></a></div>Then, at 4:26:10pm, they connected via USB a Western Digital&nbsp; "easystore™" portable drive that holds 5-terabytes. This was mounted as the F: drive.<p></p><p>The program "Access Data FTK Imager 4.2.0.13" was run from the USB drive (F:\FTK Imager\FTK Imager.exe) in order to image the system. The image was taken around 4:30pm, local Mountain Time (10:30pm GMT).</p><p>It's impossible to say from this image what happened after it was taken. Presumably, they immediately hit "eject" on the drive, logged off, and disconnected the hard drive. Thus from beginning to end, it took about 7 minutes to take the image once they sat down at the computer.</p><p><br /></p></div><div><p><b>Dominion Voting Systems</b></p><p>The disk image is that of a an "EMS Server" part of the Dominion Voting Suite. This is a server on an air-gapped network (not connected to any other network) within the count offices.</p><p>Most manuals for Colorado are <a href="https://www.sos.state.co.us/pubs/elections/VotingSystems/DVS-DemocracySuite511/documentation/docIndex.html">online</a>, though some bits and pieces are missing, and can be found in documents posted to <a href="https://www.sos.ca.gov/elections/ovsta/frequently-requested-information/dominion-voting">other state's websites</a>&nbsp;(though each state does things a little different, so such cross referencing can't be completely trusted).</p><p>The locked room with an air-gapped network&nbsp; you see in the Mesa County office appears to look like the following, an "EMS Standard" configuration (EMS stands for Election Management System).</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgalVSOCVg48IG-YRkAitL7VXceV_fsZF6YE0UrICZ97HzcUceIONmufZz_7R72jjBYe7w0slDtJe2YUDVfYlQz3XrHM-2PeyoRJy296CWIFQE1R752E5srZyjeFP55iO_GWy4n/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1214" data-original-width="2048" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgalVSOCVg48IG-YRkAitL7VXceV_fsZF6YE0UrICZ97HzcUceIONmufZz_7R72jjBYe7w0slDtJe2YUDVfYlQz3XrHM-2PeyoRJy296CWIFQE1R752E5srZyjeFP55iO_GWy4n/" width="320" /></a></div><br />This small network is "air gapped", meaning there is no connection from this network to any other network in the building, nor out to the Internet. By looking at the logs from the Mesa1 image, we can see what this network looks like:<div><ul style="text-align: left;"><li>The EMS Server is named "EMSERVER" with IP address 192.168.100.10 and MAC address 44-A8-42-30-01-5D. The hard drive matches Dominion's specs: a 1-terabyte boot drive (C:) and a 2-terabyte data drive (D:) that is shared with the rest of the network as \\EMSERVER\NAS. This also acts as the network's DHCP and DNS server.</li><li>At least one network printer, model Dell E310dw.</li><li>Two EMS Workstations (EMSCLIENT01 and EMSCLIENT02). This is where users spend most of their time, before an election to create the ballots, and after all the ballots have been counted to construct the final tally.</li><li>Four&nbsp;<a href="https://www.sos.state.co.us/pubs/elections/VotingSystems/DVS-DemocracySuite511/documentation/2-03-ICC-FunctionalityDescription-5-11-CO.pdf">ImageCast Central</a>&nbsp;(ICC) (ICC01 - ICC04) scanners, for automatically scanning and tabulating ballots.</li><li>Two <a href="https://www.sos.state.co.us/pubs/elections/VotingSystems/DVS-DemocracySuite511/documentation/2-08-ADJ-SystemOperationProcedures-5-11-CO.pdf">Adjudication Workstations</a> (ADJCLIENT01 and ADJCLIENT03). These are used when the scanners reject ballots, such as when somebody does a write-in candidate, or marks two candidates. Humans need to get involved to make the final judgement on what the ballot actually says.</li></ul></div><div><p>Note this isn't the machines you'd expect to see in a precinct when you vote (which would be "ballot marking devices" predominantly). These are the machines in the back office that count the votes and store the official results.</p><p><br /></p><p><b>Conclusion</b></p><p>What we see here is that "system logs" can tell us a lot of interesting things about the system. There's good reason to retain them in the future.</p><p>On the other hand, they generally can't answer the most important question: whether the system was hacked and votes flipped.</p><p>Mike Lindell claims to have "Absolute Proof" that Chinese hackers flipped votes throughout the country, including Maricopa County. If so, this would've been the system that the Chinese hackers would've hacked. Yet, in the system image, there is no evidence of this. By this, I mean the Mesa1 image, the one from before the system logs were deleted (obviously, there would be nothing in the Mesa2 image).</p><p>This lack of hacking evidence in the logs isn't proof that it didn't happen, though. The fact is, the logs aren't comprehensive enough to record most hacks, and the hackers could've deleted the logs anyway. That's why system logs aren't considered "election records" and that laws don't mandate keeping them: they could have some utility, as I've shown above, but they really wouldn't show the things that we most want to know.</p><p><br /></p><p><br /></p><p><br /></p></div><div><div><br /></div><div><br /></div></div></div></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/5882299128802596099/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=5882299128802596099' title='1 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/5882299128802596099'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/5882299128802596099'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/11/example-forensicating-mesa-county.html' title='Example: forensicating the Mesa County system image'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVJlvZ3B1XIbm9111Azfh0IYzsO6TfHb3JQVkcf2gt_gPj6G-9Kv7v4lfdNMwlfwAlsXkkEXk0RYKSkiIqqsdsoDTSHYDodsedSDqffGxtgeNno2X1dgnbm8lo4OyY5KsOrxdS/s72-w200-h191-c/image.png" height="72" width="72"/><thr:total>1</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-7031097278681708508</id><published>2021-10-31T01:39:00.011-04:00</published><updated>2021-10-31T02:15:17.301-04:00</updated><title type='text'>Debunking: that Jones Alfa-Trump report</title><content type='html'><p>The Alfa-Trump conspiracy-theory has gotten a new life. Among the new things is a report done by Democrat operative Daniel Jones [<a href="https://krebsonsecurity.com/wp-content/uploads/2021/09/JonesvAlfa.pdf">*</a>]. In this blogpost, I debunk that report.</p><p>If you'll recall, the conspiracy-theory comes from anomalous DNS traffic captured by cybersecurity researchers. In the summer of 2016, while Trump was denying involvement with Russian banks, the Alfa Bank in Russia was doing lookups on the name "mail1.trump-email.com". During this time,&nbsp; additional lookups were also coming from two&nbsp;other organizations with suspicious ties to Trump, Spectrum Health and Heartland Payments.</p><p>This is certainly suspicious, but people have taken it further. They have crafted a conspiracy-theory to explain the anomaly, namely that these organizations were secretly connecting to a Trump server.</p><p>We know this explanation to be false. There is no Trump server, no real server at all, and no connections. Instead, the name was created and controlled by Cendyn. The server the name points to for transmitting bulk email and isn't really configured to accept connections. It's built for outgoing spam, not incoming connections. The Trump Org had no control over the name or the server. As Cendyn explains, the contract with the Trump Org ended in March 2016, after which they re-used the IP address for other marketing programs, but since they hadn't changed the DNS settings, this caused lookups of the DNS name.</p><p>This still doesn't answer why Alfa, Spectrum, Heartland, and nobody else were doing the lookups. That's still a question. But the answer isn't secret connections to a Trump server. The evidence is pretty solid on that point.</p><span><a name='more'></a></span><p><br /></p><p><b>Daniel Jones and Democracy Integrity Project</b></p><p>The report is from&nbsp;<a href="https://en.wikipedia.org/wiki/Daniel_J._Jones">Daniel Jones</a>&nbsp;and his Democracy Integrity Project.</p><p>It's at this point that things get squirrely. All sorts of right-wing sites claim he's a front for George Soros, funds Fusion GPS, and involved in the <a href="https://en.wikipedia.org/wiki/Steele_dossier">Steele Dossier</a>. That's right-wing conspiracy theory nonsense.</p><p>But at the same time, he's clearly not an independent and objective analyst. He was hired to further the interests of Democrats.</p><p>If the data and analysis held up, then partisan ties wouldn't matter. But they don't hold up. Jones is clearly trying to be deceptive.</p><p>The deception starts by repeatedly referring to the "Trump server". There is no Trump server. There is a Listrak server operated on behalf of Cendyn. Whether the Trump Org had any control over the name or the server is a key <i>question</i>&nbsp;the report should be trying to prove, not a <i>premise</i>. The report clearly understands this fact, so it can't be considered a mere <i>mistake</i>, but a deliberate <i>deception</i>.</p><p>People make assumptions that a domain name like "<i>trump-email.com</i>" would be controlled by the Trump organization. It's wasn't. When Trump Hotels hired Cendyn to do marketing for them, Cendyn did what they normally do in such cases, register a domain with their client's name for the sending of bulk emails. They did the same thing with <i>hyatt-email.com</i>, <i>denihan-email.com</i>, <i>mjh-email.com</i>, and so on. What clear is that the Trump organization had no control, no direct ties to this domain until after the conspiracy-theory hit the press.</p><p><br /></p><p><b>Finding #1 - Alfa Bank, Spectrum Health, and Heartland account for nearly all of the DNS lookups for mail1.trump-email.com in the May-September timeframe.</b></p><p>Yup, that's weird and unexplained.</p><p>But it concludes from this that there were connections, saying the following:</p><blockquote>In the DNS environment, if "computer X" does a DNS look-up of "Computer Y," it means that "Computer X" is trying to connect to "Computer Y".</blockquote><p>This is false. That's certainly the assumption we usually make, that it's probably true in most cases. But it's not something we insist upon if there's reason to doubt it. And since there's reason to doubt it here, we would need more evidence to make that conclusion.</p><p>For example, before the contract was canceled in March 2016, there were DNS lookups for the "mail1.trump-email.com" name from all over the place. That's because the Listrak server was pumping out bulk emails ("spam") promoting Trump Hotels. Servers receiving the emails would often check the identity of the server through DNS lookups, but without any attempt to connect. This fact is footnoted in the Jones report even as it claims otherwise in the main text.</p><p>Obviously, that's no longer the case after March 2016, when the contract was canceled. But if Cendyn repurposes the server for something else, such lookups can still happen without connections. The DNS records hadn't changed. So if the server sends out new things from that IP address, unrelated to Trump Org, it'd still cause DNS lookups for the "trump-email.com" domain to happen. It wouldn't mean anybody was trying to connect to the server.</p><p>This is indeed what Cendyn claims, that they repurposed the resources for their hotel meetings app (whereby hotels can schedule conferences and things on their premises).</p><p>It's still suspicious that only those three organizations were involved, but at the same time, it's clearly false to assume this is evidence of <i>connections</i>.</p><p><br /></p><p><b>Finding #2 - Comparison with <i>denihan-email.com</i>.</b></p><p>The Jones report compared the DNS logs of <i>trump-email.com</i>&nbsp;with the domain of another of Cendyn's client, Denihan. Cendyn registered the domain&nbsp;<i>denihan-email.com</i>. This is another hotel company.</p><p>This comparison was obviously bogus. The contract with Cendyn ended in March 2016, after which Cendyn claims it repurposed the server. Jones uses the timeframe August 2016 through September 2016 to compare traffic for those two domains. Of course they'd be different. A valid comparison would be a t timeframe before March 2016, when both were clients of Cendyn.</p><p>Since Jones documents the fact the contract between Cendyn and Trump Org was ended, they are knowingly comparing an apple to an orange. Thus, it's not a mistake but a deception.</p><p>This also points to the fundamental problem with the data-set. We don't really have a full picture of what happened, such as data going back to 2015. We have a carefully curated subset of the data designed to show just what they want us to see.</p><p>Everything points to <i>trump-email.com</i>&nbsp;domain and Listrak servers being just normal Cendyn stuff used for Cendyn's purposes. As far as we can tell, that domain worked the same as other Cendyn clients, such as <i>denihan-email.com</i>, <i>hyatt-email.com</i>, <i>mjh-email.com</i>, and so on. These domains are controlled by Cendyn, not their client's. Cendyn in turn points those names at Listrak servers for sending bulk email.</p><p><br /></p><p><b>Finding #3 - Missing SPF record</b></p><p>The Jone's report points to missing SPF records, showing that the server is not configured correctly for sending mass emails. It includes this exhibit.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdx0FhIhsjpQqX3J5LJCgXurzCQQBNQPQiTSy5tawoEvH35xzIbpQwI8zfJpH74LN62Fa7naMh0d8pIZxNkvcfhYWgAG6tzu6t47IIDpV-wkoKco4iAqrISPzZns-mH_XIlj5l/s1808/Screen+Shot+2021-10-30+at+3.09.24+PM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="354" data-original-width="1808" height="63" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdx0FhIhsjpQqX3J5LJCgXurzCQQBNQPQiTSy5tawoEvH35xzIbpQwI8zfJpH74LN62Fa7naMh0d8pIZxNkvcfhYWgAG6tzu6t47IIDpV-wkoKco4iAqrISPzZns-mH_XIlj5l/s320/Screen+Shot+2021-10-30+at+3.09.24+PM.png" width="320" /></a></div><div><br /></div>But a review shows that this is the same configuration as for other Cendyn/Listrak bulk email servers. For example, compared to <i>mjh-email.com</i>, we find it's configured the same:<div><br /><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB2rQiz9TrUi6iJij3jD3KlKoY5DN7p_m-1iD6JAOyEwal0v6VI4333nrj57AWRY2Zp_gxdWojUKG29v5S-FXvKOz2vzEQ0LGS-RA9vNVaj1-hg7-ibTBz-8iF65y6hBtZKZzR/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="286" data-original-width="804" height="114" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjB2rQiz9TrUi6iJij3jD3KlKoY5DN7p_m-1iD6JAOyEwal0v6VI4333nrj57AWRY2Zp_gxdWojUKG29v5S-FXvKOz2vzEQ0LGS-RA9vNVaj1-hg7-ibTBz-8iF65y6hBtZKZzR/" width="320" /></a></div></div><div><br /></div><div>The SPF and DMARC standards were not as widely used in 2016, so misconfigurations were common. Moreover, the domains also lacked a DMARC record. Without DMARC, despite SPF being bad, many receivers won't reject the emails.</div><div><br /></div><div>Listrak/Cendyn still fail to have proper DMARC records for their clients, which means that some of their bulk email is getting rejected. They should probably fix that. This doesn't mean Listrak/Cendyn aren't in the bulk email business, only that they could be better at it.</div><div><br /></div><div>Thus, we've shown that <i>trump-email.com</i>&nbsp;had the perfectly normal Cendyn SPF records. Far from proving this isn't a bulk email server, the consistency with Cendyn's normal configuration proves unequivocally that it is.</div><div><br /></div><div><br /></div><div><b>Finding #4 - Accepts emails only from specific senders</b></div><div><br /></div><div>The Jones report shows that the server in question (66.216.133.29) accepts incoming email, but rejects email from the public, accepting email only from specific senders. They assume the specific senders would be those from Alfa Bank, Spectrum, and Heartland.</div><div><br /></div><div>Again, they don't compare properly to other Cendyn/Listrak systems. If they had, they'd have found that they all are configured the same way. There's an entire subnet of servers you can test this way:</div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZiXSsbGmf6nbLhDbcBvf77laNj5VTwp1zP8TCd7UeJUIZOkMgAHDBPcSe3Fw3Ddy0Gv3LnxYf31ujQbL7XpmqjXg1NrQGVqhkrFXsYPZysFZ2Acogq-YvWRWoNCtnBcpaLmBb/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="483" data-original-width="780" height="198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZiXSsbGmf6nbLhDbcBvf77laNj5VTwp1zP8TCd7UeJUIZOkMgAHDBPcSe3Fw3Ddy0Gv3LnxYf31ujQbL7XpmqjXg1NrQGVqhkrFXsYPZysFZ2Acogq-YvWRWoNCtnBcpaLmBb/" width="320" /></a></div><br />All these servers show the same messages, allowing incoming email <i>connections </i>but not incoming email <i>messages</i>.</div><div><br /></div><div>This is a vestigial configuration common to bulk email senders. Spammers only send email. One way to test if somebody is spammer is to connect back. This configuration makes it appear they'll accept email even if they won't, passing the test.</div><div><br /></div><div>In no way is this evidence of secret communications. It's not evidence of their claim that somehow Alfa Bank, Spectrum Health, and Heartland would be on the list of allowed senders. We would need additional evidence to make that claim, not an assumption.</div><div><br /></div><div><br /></div><div><b>Finding #5 - Evidence of human interaction and coordination</b></div><div><br /></div><div>The report claims a direct link between Alfa and Trump with the following:</div><div></div><blockquote><div>On September 23, 2016, two days after <i>The New York Times</i>&nbsp;approached Alfa Bank, the Trump Organization deleted the email server "mail1.trump-email.com" ... it would have been a deliberate human action taken by a someone working on behalf of the Trump Organization and not by <i>Alfa Bank</i>. An analyst, quoted in the <i>Slate</i>&nbsp;article by Franklin Foer, observed that <i>"the knee was struck in Moscow, and the leg kicked in New York."</i></div><div></div></blockquote><div>This 'finding' is an excellent demonstration of how to identify conspiracy-theories: anomalies that cannot otherwise be explained become proof of the conspiracy. After all, the conspiracy-theory can explain everything.</div><div><br /></div><div>When I debunked the Alfa-Trump thing back in 2017, reporters grilled me on this specific point. They demanded I come up with an explanation for this coincidence. I told them I had none, but just because I didn't have one, it didn't mean it was proof of the conspiracy theory. There could be lots of explanations, just because we don't know them doesn't mean they don't exist. Just because the conspiracy-theory explains it doesn't mean this is evidence for the conspiracy.</div><div><br /></div><div>But now we do have another explanation: the FBI called Cendyn on the morning of September 23 and asked them about the domain. As the agent reported back:</div><blockquote><div>“Followed up this morning with Central Dynamics [Cendyn] who confirmed that the mail1.trump-email.com domain is an old domain that was set up in approximately 2009 when they were doing business with the Trump Organization that was never used." -- <a href="http://zububrothers.com/2021/10/31/durham-probe-inches-closer-to-hillary-as-alfa-bank-hoax-plot-thickens/">*</a></div><div></div></blockquote><div>Thus, it's not NYT contacting Alfa Bank that caused the deletion, it's the FBI calling Cendyn. Thus, there's no evidence Alfa Bank or Trump Org were even involved. The evidence is quite clear that only Cendyn was involved.</div><div><br /></div><div>After Cendyn deletes the domain "mail1.trump-email.com", lookups of that name started to fail. The Jones report notes that Alfa Bank then switched to "trump1.contact-client.com". It weaves this in to the conspiracy thusly:</div><blockquote><div>The fact that Alfa Bank was the first entity (IP address) to conduct a DNS look-up for "trump1.contact-client.com" in the data-set could indicate that someone at Alfa Bank was in some manner made aware of the new Trump Organization server name.</div><div></div></blockquote><div>The name "contact-client.com" is part of Cendyn's infrastructure. For their "<i>mail1.<b>customer</b>-email.com</i>" domains, there's a matching "<i><b>customer</b>1.contact-client.com</i>" domain. We can see test that live right now:</div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjklwYzoFzV_wlIKVML3xu4bjhAZqBS1V2F417ph1iG636fq3s_ncOX2yjYioANv0tICTWGojHi2jZMvCtngccB8904knZbw7UabbqhVFueeACy5-scnT5AkGaDYceca1e3sDCB/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="277" data-original-width="775" height="114" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjklwYzoFzV_wlIKVML3xu4bjhAZqBS1V2F417ph1iG636fq3s_ncOX2yjYioANv0tICTWGojHi2jZMvCtngccB8904knZbw7UabbqhVFueeACy5-scnT5AkGaDYceca1e3sDCB/" width="320" /></a></div><br />This is totally consistent with Cendyn's re-use of the infrastructure for a new purpose, as it would treat both domain names the same. Rather than evidence suggesting human interaction, it's evidence suggesting the opposite, that there was no human interaction.</div><div><br /></div><div><br /></div><div><b>6. The Mandiant report doesn't refuted these findings</b></div><div><br /></div><div>After this thing hit the news, Alfa Bank hired Mandiant to come to their offices and investigate. Their report was inconclusive. They didn't find anything.</div><div><br /></div><div>Note the difference in language. Things Mandiant can't explain demonstrates Mandiant's incompetence, while things Jones can't explain prove the conspiracy-theory. If Mandiant's report should be treated as inclusive and proof of nothing, then so too should the Jones report. The Jones report has even less evidence than the Mandiant report.</div><div><br /></div><div><br /></div><div><b>7. The public statements by Trump et al. are contradictory and incomplete</b></div><div><b><br /></b></div><div>Duh.</div><div><br /></div><div>The Trump Org, Alfa, and Spectrum Health have no idea what happened. Their statements are consistent with knowing they don't have secret communications, but not knowing where this DNS data came from. They are unable to refute the allegations, but at the same time, are concerned for their reputations, and behave accordingly. Which, of course, means the guess at what's going on with more confidence than is warranted.</div><div><br /></div><div>If there were secret communications among them, you'd expect they'd do a better job at coordinating their stories.</div><div><br /></div><div><br /></div><div><b>Conclusion</b></div><div><b><br /></b></div><div>In this blogpost, I've refuted all the findings of the Jones report. There is still the question where this DNS anomaly came from, but the allegation that this proves a secret connect between Alfa Bank and a Trump server is clearly false.</div><div><br /></div><div>Moreover, I've shown that the Jones report is not merely wrong, but deliberately deceptive. They repeatedly reference a "Trump Organization Server" even though it's quite clear from the text they know that no such server exists.</div><div><br /></div><div>For example, when Cendyn removed the "mail1.trump-email.com" DNS record, it was described as the "Trump Organization deleted the email server". It's clear they know that Cendyn simply removed the <i>mail1.trump-email.com</i> record, and that the Listrak server wasn't touched. Yet, they deliberate phrase things this way in order to deceive.</div><div><br /></div><div>What we have is Alfa Bank doing DNS queries. What we don't have is any connection to the Trump Org. Since Jones couldn't create the <i>conclusion</i> based on evidence that Trump Org was involve, he instead made it the <i>premise</i>.</div><div><br /></div><div>This in turn makes it easy to disprove the entire Jones report: since there's not only no evidence of Trump Org involvement, and quite a lot of evidence Trump Org had no control over the domain or servers, it disprove the entire theory that there was secret connections with Alfa Bank.</div><div><br /></div></div></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/7031097278681708508/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=7031097278681708508' title='2 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/7031097278681708508'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/7031097278681708508'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/10/debunking-that-jones-alfa-trump-report.html' title='Debunking: that Jones Alfa-Trump report'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjdx0FhIhsjpQqX3J5LJCgXurzCQQBNQPQiTSy5tawoEvH35xzIbpQwI8zfJpH74LN62Fa7naMh0d8pIZxNkvcfhYWgAG6tzu6t47IIDpV-wkoKco4iAqrISPzZns-mH_XIlj5l/s72-c/Screen+Shot+2021-10-30+at+3.09.24+PM.png" height="72" width="72"/><thr:total>2</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-5951653034642667450</id><published>2021-10-24T19:46:00.005-04:00</published><updated>2021-10-24T19:46:46.119-04:00</updated><title type='text'>Review: Dune (2021)</title><content type='html'><p>One of the most important classic sci-fi stories is the book "<i>Dune</i>" from Frank Herbert. It was recently made into a movie. I thought I'd write a quick review.</p><p>The summary is this: just read the book. It's a classic for a good reason, and you'll be missing a lot by not reading it.</p><p>But the movie <i>Dune</i> (2021) movie is very good. The most important thing to know is <b>see it in IMAX</b>. IMAX is this huge screen technology that partly wraps around the viewer, and accompanied by huge speakers that overwhelm you with sound. If you watch it in some other format, what was visually stunning becomes merely very pretty.</p><span><a name='more'></a></span><p>This is Villeneuve's trademark, which you can see in his other works, like his sequel to Bladerunner. The purpose is to marvel at the visuals in every scene. The story telling is just enough to hold the visuals together. I mean, he also seems to do a good job with the story telling, but it's just not the reason to go see the movie. (I can't tell -- I've read the book, so see the story differently than those of you who haven't).</p><p>Beyond the story and visuals, many of the actor's performances were phenomenal. Javier Bardem's "Stilgar" character steals his scenes.&nbsp;Stellan Skarsgård exudes evil. The two character actors playing the mentats were each perfect. I found the lead character (Timothée Chalamet) a bit annoying, but simply because he is at this point in the story.</p><p>Villeneuve's splits the book into two parts. This movie is only the first part. This presents a problem, because up until this point, the main character is just responding to events, not the hero who yet drives the events. It doesn't fit into the traditional Hollywood accounting model. I really want to see the second film even if the first part, released in the post-pandemic turmoil of the movie industry, doesn't perform well at the box office.</p><p>In short, if you haven't read the books, I'm not sure how well you'll follow the storytelling. But the visuals (seen at IMAX scale) and the characters are so great that I'm pretty sure most people will enjoy the movie. And go see it on IMAX in order to get the second movie made!!</p><p><br /></p></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/5951653034642667450/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=5951653034642667450' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/5951653034642667450'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/5951653034642667450'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/10/review-dune.html' title='Review: Dune (2021)'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-4064086299244535941</id><published>2021-10-13T23:33:00.002-04:00</published><updated>2021-10-13T23:33:07.845-04:00</updated><title type='text'>Fact check: that "forensics" of the Mesa image is crazy</title><content type='html'><p>Tina Peters, the elections clerk from Mesa County (Colorado) went rogue, creating a "disk-image" of the election server, and posting that image to the public Internet. Conspiracy theorists have been analyzing the disk-image trying to find anomalies supporting their conspiracy-theories. A recent example is <a href="https://www.scribd.com/document/531800293/Mesa-County-Database-and-System-Analysis">this "forensics" report</a>. In this blogpost, I debunk that report.</p><span><a name='more'></a></span><p>I suppose calling somebody a "conspiracy theorist" is insulting, but there's three objective ways we can identify them as such.</p><p>The first is when they use the logic "<b>everything we can't explain is proof of the conspiracy</b>". In other words, since there's no other rational explanation, the only remaining explanation is the conspiracy-theory. But there can be other possible explanations -- just ones unknown to the person because they aren't smart enough to understand them. We see that here: the person writing this report doesn't understand some basic concepts, like "airgapped" networks.</p><p>This leads to the second way to recognize a conspiracy-theory, when it <b>demands this one thing</b>&nbsp;that'll clear things up. Here, it's demanding that a manual audit/recount of Mesa County be performed. But it won't satisfy them. The Maricopa audit in neighboring Colorado, whose recount found no fraud, didn't clear anything up -- it just found more anomalies demanding more explanation. It's like Obama's birth certificate. The reason he ignored demands to show it was that first, there was no serious question (even if born in Kenya, he'd still be a natural born citizen -- just like how Cruz was born in Canada and McCain in Panama), and second, showing the birth certificate wouldn't change anything at all, as they'd just claim it was fake. There is no possibility of showing a birth certificate that can be proven isn't fake.</p><p>The third way to objectively identify a conspiracy theory is when they <b>repeat objectively crazy things. </b>In this case, they keep demanding that the 2020 election be "decertified". That's not a thing. There is no regulation or law where that can happen. The most you can hope for is to use this information to prosecute the fraudster, prosecute the elections clerk who didn't follow procedure, or convince legislators to change the rules for the next election. But there's just no way to change the results of the last election even if wide spread fraud is now proven.</p><p>The document makes 6 individual claims. Let's debunk them one-by-one.</p><p><b><br /></b></p><p><b>#1 Data Integrity Violation</b></p><p>The report tracks some logs on how some votes were counted. It concludes:</p><p></p><blockquote><p>If the reasons behind these findings cannot be adequately explained, then the county's election results are indeterminate and must be decertified.</p><p></p></blockquote><p>This neatly demonstrates two conditions I cited above. The analyst can't explain the anomaly not because something bad happened, but because they don't understand how Dominion's voting software works. This demand for an explanation is a common attribute of conspiracy theories -- the ignorant keep finding things they don't understand and demand somebody else explain them.</p><p>Secondly, there's the claim that the election results must be "decertified". It's something that Trump and his supporters believe is a thing, that somehow the courts will overturn the past election and reinstate Trump. This isn't a rational claim. It's not how the courts or the law works or the Constitution works.</p><p><b><br /></b></p><p><b>#2 Intentional purging of Log Files</b></p><p>This is the issue that convinced Tina Peters to go rogue, that the normal Dominion software update gets rid of all the old system-log files. She leaked two disk-images, before and after the update, to show the disappearance of system-logs. She believes this violates the law demanding the "election records" be preserved. She claims because of this, the election can't be audited.</p><p>Again, we are in crazy territory where they claim things that aren't true. System-logs aren't considered election records by any law or regulation. Moreover, they can't be used to "audit" an election.</p><p>Currently, no state/county anywhere treats system-logs as election records (since they can't be used for "audits"). Maybe this should be different. Maybe you can create a lawsuit where a judge rules that in future elections they must be treated as election records. Maybe you can convince legislatures to pass laws saying system-logs must be preserved. It's not crazy to say this should be different in the future, it's just crazy to say that past system-logs were covered under the rules.</p><p>And if you did change the rules, the way to preserve them wouldn't be to let them sit on the C: boot-drive until they eventually rot and disappear (which will eventually happen no matter what). Instead, the process to preserve them would be to copy them elsewhere. The way Dominion works is that all election records that need to be preserved are copied over to the D: data drive.</p><p>Which means, by the way, that this entire forensics report is bogus. The Mesa disk image was only of the C: boot-drive, not of the D: data drive. Thus, it's unable to say which records/logs were preserved or not. Everyone knows that system-logs probably weren't, because they aren't auditable election records, so you can still make the claim "system-logs weren't preserved". It's just that you couldn't make that claim based on a forensics of the C: boot-drive. Again, we are in crazy statements territory that identify something as a conspiracy-theory, weird claims about how reality works.</p><p>System-logs cannot be used to audit the vote. That's confusing the word "audit" with "forensics". The word "audit" implies you are looking for a definitive result, like whether the vote count was correct, or whether all procedures were followed. Forensics of system-logs can't tell you that. Instead, they can only lead to indeterminate results.</p><p>That's what you see here. This "forensics" report cannot make any definitive statement based upon the logs. It can find plenty of anomalies, meaning things the forensics investigator can't understand. But none of that is positive proof of anything. If a hacker had flipped votes on this system, it's unlikely we would have seen evidence in the log.</p><p><br /></p><p><b>#3 Evidence of network connection</b></p><p>The report claims the computer was connected to a network. Of course this is true -- it's not a problem. The network was the one shown in the diagram below:</p><p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgalVSOCVg48IG-YRkAitL7VXceV_fsZF6YE0UrICZ97HzcUceIONmufZz_7R72jjBYe7w0slDtJe2YUDVfYlQz3XrHM-2PeyoRJy296CWIFQE1R752E5srZyjeFP55iO_GWy4n/" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img alt="" data-original-height="1214" data-original-width="2048" height="190" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgalVSOCVg48IG-YRkAitL7VXceV_fsZF6YE0UrICZ97HzcUceIONmufZz_7R72jjBYe7w0slDtJe2YUDVfYlQz3XrHM-2PeyoRJy296CWIFQE1R752E5srZyjeFP55iO_GWy4n/" width="320" /></a></p><p>Specifically, this Mesa image was of the machine labeled "EMS Server" in the above diagram. From my forensics of the network logs, I can see that there are other computers on this network:</p><p></p><ol style="text-align: left;"><li>Four ICC workstations (named ICC01 through ICC04)</li><li>Two Adjudication Workstations (named ADJCLIENT01 and ADJCLINET03, I don't know what happened to number 2).</li><li>Two EMS Workstations (named EMSCLIENT01 and EMSCLIENT02).</li><li>A printer, model Dell E310dw.</li></ol><div>The word "airgapped" doesn't mean the EMS Server is airgapped from any network, but that this entire little network is airgapped from anything else. The security of this network is physical security, the fact that nobody can enter the room who isn't authorized.</div><div><br /></div><div>I did my own forensics on the Mesa image and could find none of the normal signs that the server accessed the Internet, and pretty good evidence that most of the time, it was unconnected (it gets mad when it can't find the Internet and produces logs stating this). This doesn't mean I proved conclusively no Internet connection was ever made. It's possible that somebody will find some new thing in that image that shows an Internet connection. It's just that currently, there's no reason to believe the "airgap" guarantee of security was violated.</div><div><br /></div><div>The claimed evidence about the "Microsoft Report Server" is wrong.</div><div><br /></div><div><b><br /></b></div><div><b>#4 Lack of Software Updates</b></div><div><br /></div><div>This is just stupid. The cybersecurity community does have this weird fetish demanding that every software update be applied immediately, but there's good reasons why they aren't, and ways of mitigating the security risk when they can't be applied.</div><div><br /></div><div>Software updates sometimes break things. In sensitive environments where computers must be absolutely predictable, they aren't applied. This includes live financial systems, medical equipment, and industrial control systems.</div><div><br /></div><div>This also includes elections. It's simply not acceptable canceling or delaying an election because a software update broke the computer.</div><div><br /></div><div>This is why Dominion does what they call a "Trusted Build" process that wipes out the boot-drive (deleting system-logs). To update software, they build an entire new boot image with all the software in a tested, known state. They then apply that boot disk image to all the county machines, which replaces everything on the C: boot-drive with a new version of Windows and all the software. This leaves the D: data drive untouched, where the records are preserved.</div><div><br /></div><div>If you didn't do things this way, then sometimes elections will fail.</div><div><br /></div><div>This is also why having an "airgapped" network is important. The voting machines aren't going to have software updates regularly applied, so they need to be protected. Firewalls would also be another mitigation strategy.</div><div><br /></div><div><b><br /></b></div><div><b>#5 Existence of SQL Server Management Studio.</b></div><div><br /></div><div>This is just a normal part of having an SQL server installed.</div><div><br /></div><div>Yes, in theory it would make it easy for somebody to change records in the database. But at the same time, such a thing is pretty easy even without SSMS installed. One way is command-line scripts.</div><div><br /></div><div><br /></div><div><b>#6 Referential Integrity</b></div><div><br /></div><div>This "referential integrity" is a reliability concern, not an anti-hacking measure. It just means hackers would need only an extra step if they wanted to delete or change records.</div><div><br /></div><div><br /></div><div><b>Conclusion</b></div><div><b><br /></b></div><div>Evidence is something that the expert understands. It's something they can show, explain, and defend against challengers.</div><div><br /></div><div>This report contained none of that. It contained instead anomalies the writer couldn't explain.</div><div><br /></div><div>Note that this doesn't mean they weren't an expert. Obviously, they needed enough expertise to get as far as they did. It's just a consequence of conspiracy-theories. When searching for proof of your conspiracy-theory when there is none, it means going off into the weeds past your are of expertise.</div><div><br /></div><div>Give that forensics image to any expert, and they'll find anomalies they can't explain. That includes me, I've posted some of them to Twitter and had other experts explain them to me. The difference is that I attributed the lack of an explanation to my own ignorance, not a conspiracy.</div><div><br /></div><div>At some point, we have to call out conspiracy-theories for what they are. This isn't defending the integrity of elections. If it were, it'd be proposing solutions for future elections. Instead, it's an attack on the integrity of elections, fighting the peaceful transfer of power by unfounded conspiracy-theory claims.</div><div><br /></div><div>And we can say this objectively. As I stated above, there's three objective tests. These are:</div><div><ul style="text-align: left;"><li>Anomalies that can't be explained are claimed to be evidence -- when in fact they come from simple ignorance.</li><li>Demands that something needs explaining, when it really doesn't, and which won't satisfy them anyway.</li><li>Statements of a world view (like that the election can be "decertified" or that system-logs are "election records") that nobody agrees with.</li></ul></div><div><br /></div><div><br /></div><p></p></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/4064086299244535941/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=4064086299244535941' title='1 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/4064086299244535941'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/4064086299244535941'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/10/fact-check-that-forensics-of-mesa-image.html' title='Fact check: that "forensics" of the Mesa image is crazy'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgalVSOCVg48IG-YRkAitL7VXceV_fsZF6YE0UrICZ97HzcUceIONmufZz_7R72jjBYe7w0slDtJe2YUDVfYlQz3XrHM-2PeyoRJy296CWIFQE1R752E5srZyjeFP55iO_GWy4n/s72-c" height="72" width="72"/><thr:total>1</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-6542937840234381358</id><published>2021-10-10T20:35:00.002-04:00</published><updated>2021-10-10T20:35:49.145-04:00</updated><title type='text'>100 terabyte home NAS</title><content type='html'><p>So, as a nerd, let's say you need 100 terabytes of home storage. What do you do?</p><p>My solution would be a commercial NAS RAID, like from <a href="http://amazon.com/dp/B095NW9576">Synology</a>, <a href="https://www.amazon.com/dp/B08P42JR89">QNAP</a>, or <a href="https://www.amazon.com/dp/B07Y2BJWLT">Asustor</a>. I'm a nerd, and I have setup my own Linux systems with RAID, but I'd rather get a commercial product. When a disk fails, and a disk will always eventually fail, then I want something that will loudly beep at me and make it easy to replace the drive and repair the RAID.</p><span><a name='more'></a></span><p>Some choices you have are:</p><p></p><ul style="text-align: left;"><li>vendor (Synology, QNAP, and Asustor are the vendors I know and trust the most)</li><li>number of bays (you want 8 to 12)</li><li>redundancy (you want at least 2 if not 3 disks)</li><li>filesystem (btrfs or ZFS) [not btrfs-raid builtin, but btrfs on top of RAID]</li><li>drives (NAS optimized between $20/tb and $30/tb)</li><li>networking (at least 2-gbps bonded, but box probably can't use all of 10gbps)</li><li>backup (big external USB drives)</li></ul><p></p><p>The products I link above all have at least 8 drive bays. When you google "NAS", you'll get a list of smaller products. You don't want them. You want somewhere between 8 and 12 drives.</p><p>The reason is that you want <b>two-drive redundancy</b>&nbsp;like RAID6 or RAIDZ2, meaning two additional drives. Everyone tells you one-disk redundancy (like RAID5) is enough, they are wrong. It's just legacy thinking, because it was sufficient in the past when drives were small. Disks are so big nowadays that you really need two-drive redundancy. If you have a 4-bay unit, then half the drives are used for redundancy. If you have a 12-bay unit, then only 2 out of the 12 drives are being used for redundancy.</p><p>The next decision is the filesystem. There's only two choices, <i>btrfs</i>&nbsp;and <i>ZFS</i>. The reason is that they both <b>healing</b>&nbsp;and <b>snapshots</b>. Note btrfs means btrfs-on-RAID6, not btrfs-RAID, which is broken. In other words, btrfs contains its own RAID feature that you don't want to use.</p><p>Over long periods of time, errors creep into the file system. You want to scrub the data occasionally. This means reading the entire filesystem, checksuming the files, and repairing them if there's a problem. That requires a filesystem that checksums each block of data.</p><p>Another thing you want snapshots to guard against things like ransomware. This means you mark the files you want to keep, and even if a workstation attempts to change or delete the file, it'll still be held on the disk.</p><p>QNAP uses ZFS while others like Synology and Asustor use btrfs. I really don't know which is better.</p><p>It's cheaper to buy the NAS diskless then add your own disk drives. If you can't do this, then you'll be helpless when a drive fails and needs to be replaced.</p><p>Drives cost between $20/tb and $30/tb right now. This <a href="https://www.anandtech.com/show/12075/best-consumer-hdds">recent article</a> has a good buying guide. You probably want to get a NAS optimized hard drive. You probably want to double-check that it's CMR instead of SMR -- SMR is "shingled" vs. "conventional" magnetic recording. SMR is bad. There's only three hard drive makers (Seagate, Western Digital, and Toshiba), so there's not a big selection.</p><p>Working with such large data sets over 1-gbps is painful. These units allow 802.3ad link aggregation as well as faster Ethernet. Some have 10gbe built-in, others allow a <a href="https://www.amazon.com/dp/B07G9N9KJT">PCIe adapter</a> to be plugged in.</p><p>However, due to the overhead of spinning disks, you are unlikely to get 10gbps speeds. I mention this because 10gbps copper Ethernet sucks, so is not necessarily a buying criteria. You may prefer multigig/NBASE-T that only does 5gbps with relaxed cabling requirements and lower power consumption.</p><p>This means that your NAS decision is going to be made with your home networking decision. I use a couple of these <a href="https://amazon.com/dp/B075Q6NPM2">multigig switches</a> as something that doesn't cost too much for home networking.</p><p>Even though RAID is pretty darn reliable, you still need a backup solution. The way I do this is wither <a href="https://www.amazon.com/dp/B08KTRBHP1">external USB hard drives</a>. I schedule the NAS to backup to those drives automatically. As a home user, tapes aren't an effective solution, so you are stuck with USB drives.</p><p>In the end, this means that your total storage costs, with the NAS server, the drives, and the backup drives, is going to cost you 3x the price of the raw storage. Spinning drives fail often. If you plan on keeping your data around for the next decade, there's no way to do this without 3x the cost for storage.</p><p>I choose Synology because I have the most familiarity with the software, and its software gets the best reviews. But QNAP and Asustor also have great reputations.&nbsp;</p><p>Note that I've made the assumption here that you'll want "desktop NAS" solutions. There are also rackmount solutions available.</p><p><br /></p></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/6542937840234381358/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=6542937840234381358' title='2 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/6542937840234381358'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/6542937840234381358'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/10/100-terabyte-home-nas.html' title='100 terabyte home NAS'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><thr:total>2</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-895858219046543988</id><published>2021-09-24T03:12:00.013-04:00</published><updated>2021-09-24T14:06:44.604-04:00</updated><title type='text'>Check: that Republican audit of Maricopa</title><content type='html'><p>Author: Robert Graham (@erratarob)</p><p>Later today (Friday, September 24, 2021), Republican auditors release their final report on what they found with elections in Maricopa county. Draft copies of the report have already circulated online. In this blogpost, I write up my comments on the cybersecurity portions of their draft.</p><p><a href="https://arizonaagenda.substack.com/p/we-got-the-senate-audit-report">https://arizonaagenda.substack.com/p/we-got-the-senate-audit-report</a></p><p>The three main problems are:</p><p></p><ul style="text-align: left;"><li>They misapply cybersecurity principles that are meaningful for normal networks, but which don’t really apply to the "air gapped" networks we see here.</li><li>They make some errors about technology, especially networking.</li><li>They are overstretching themselves to find dirt, claiming the things they don't understand are evidence of something bad.</li></ul><p>In the parts below, I pick apart individual pieces from that document to demonstrate these criticisms. I focus on section 7, the cybersecurity section, and ignore the other parts of the document, where others are more qualified than I to opine.</p><p>In short, when corrected, section 7 is nearly empty of any content.</p><span><a name='more'></a></span><p><b>7.5.2.1.1 Software and Patch Management, part 1</b></p><p>They claim Dominion is defective at one of the best-known cyber-security issues: applying patches.</p><p>It’s not true. The systems are “air gapped”, disconnected from the typical sort of threat that exploits unpatched systems. The primary security of the system is physical. Frequent patching isn't expected.</p><p>This is a standard in other industries with hard reliability constraints, like industrial or medical. Patches in those systems can destabilize computers and kill people, so these industries are risk averse and resist applying them. They prefer to mitigate the threat in other ways, such as with firewalls and air gaps.</p><p>Yes, this approach is controversial. There are some in the cybersecurity community who use lack of patches as a bludgeon with which to bully any who don’t apply every patch immediately. But this is because patching is more a political issue than a technical one. In the real, non-political world we live in, most things don’t get immediately patched all the time.</p><p><br /></p><p><b>7.5.2.1.1 Software and Patch Management, part 2</b></p><p>The auditors claim new software executables were applied to the system, despite the rules against new software being applied. This isn’t necessarily true.</p><p>There are many reasons why Windows may create new software executables even when no new software is added. One reason is “Features on Demand” or FOD. You’ll see new executables appear in <i>C:\Windows\WinSxS</i> for these. Another reason is their .NET language, which causes binary x86 executables to be created from bytecode. You’ll see this in the <i>C:\Windows\assembly</i> directory.</p><p>The auditors simply counted the number of new executables, with no indication which category they fell into. Maybe they are right, maybe new software was installed or old software updated. It’s just that their mere counting of executable files doesn’t show understanding of these differences.</p><p><br /></p><p><b>7.5.2.1.2 Log Management</b></p><p>The auditors claim that a central log management system should be used.</p><p>This obviously wouldn’t apply to “air gapped” systems, because it would need a connection to an external network.</p><p>Dominion already designates their EMSERVER as the central log repository for their little air gapped network. Important files from C: are copied to D:, a RAID10 drive. This is a perfectly adequate solution, adding yet another computer to their little network would be overkill, and add as many security problems as it solved.</p><p>One could argue more Windows logs need to be preserved, but that would simply mean archiving the from the C: drive onto the D: drive, not that you need to connect to the Internet to centrally log files.</p><p><br /></p><p><b>7.5.2.1.3 Credential Management</b></p><p>Like the other sections, this claim is out of place given the airgapped nature of the network.</p><p>Dominion simply uses “role based security” instead of normal user accounts. It’s a well known technique, and considered very appropriate for this sort of environment.</p><p>The auditors claim account passwords must “be changed every 90 days”. This is a well-know fallacy in cybersecurity. It took years to get NIST to remove it from their recommendations. If CISA still has it in their recommendations for election systems, then CISA is wrong.</p><p>Ideally, accounts wouldn’t be created until they were needed. In practice, system administrators aren’t available (again, it’s an airgapped system, so no remote administration). Dominions alternative is to create the accounts ahead of time, suc has “adjuser09”, waiting for the 9th person you hire that might use that account.</p><p>They are all given the same default password to start, like “Arizona2019!!!”. Some customers choose to change the default password, but obviously Maricopa did not. This is weak – but not a big deal, since the primary security is from controlling physical access.</p><p><br /></p><p><b>7.5.2.1.4 Lack of Baseline for Host and Network Activity</b></p><p>They claim sort of baselining should be done. This is absurd. Baselines are always problematic, but would be especially so in this case.</p><p>The theory of baselines is that a networks traffic is somewhat predictable on a day-to-day basis. This obviously doesn’t apply to elections systems, which are highly variable day-to-day, especially on election day.</p><p>Baselining is the sort of thing you do with a dedicated threat hunting team. It’s incredibly inappropriate for a small installation like this.</p><p><br /></p><p><b>7.5.3.1.1 Network Related Data</b></p><p>The auditors asked for an unreasonable access to network data, in the worst way possible, triggering the refusal to hand it over. They didn’t ask for reasonable data. They blame Maricopa Count for the conflict, but it’s really themselves who are to blame.</p><p>A reasonable request would take the MAC addresses from the election machines and ask for any matching records the Maricopa might have in their Splunk, DHCP, or ARP logs. Matches shouldn’t be found, but if they were, the auditors should then ask for flow data for the associated IP addresses.</p><p>They are correct in identifying this as a very important issue. Dominion security depends upon an airgap. If auditors find a netowrk connection, it’s bad. It’s not catastrophic, and sometimes machines are disconnected from one network and attached to a network during other times than the election. But this would very much be a useful part of a report – if only they had made a reasonable request that didn’t demand Maricopa spend their entire yearly budget to comply.</p><p><br /></p><p><b>7.5.3.1.? Other Devices Connected to the Election Network</b></p><p>The auditors complain they weren’t given access to the router identified by 192.168.100.1.</p><p>It probably doesn’t exist.</p><p>Routers aren’t needed by devices that are on the same local Ethernet. They wouldn’t exist on a single-segment air gapped network. But typical operating-system configuration demands one be configured anyway, so it’s common to put in a dummy router address even if it’s unused.</p><p>If you see messages like this one in the logs, it means the router wasn’t there:</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLvMyKpknq6gxajDiGa0oGRwG9tnL2OUnYo-a96PEu3zwdfu7rFjBnCLet9wokriLWZmup0qNyWBu5YZqhBzTr3KsaPM0FXeG_I9uUvdhZUwA1HH_RzEJrYinvqhCyIw8BDrO_/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="237" data-original-width="577" height="131" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLvMyKpknq6gxajDiGa0oGRwG9tnL2OUnYo-a96PEu3zwdfu7rFjBnCLet9wokriLWZmup0qNyWBu5YZqhBzTr3KsaPM0FXeG_I9uUvdhZUwA1HH_RzEJrYinvqhCyIw8BDrO_/" width="320" /></a></div><br />The auditors are right in identifying this as an important issue. If there were such a router, then this would cast doubt whether the network was “airgapped”.<p></p><p>Note that if such a router did exist, it would almost certainly be a NAT. This would still offer some firewall protection, just not as strong as an air gap.</p><p><br /></p><p><b>7.5.4 Anonymous Logins</b></p><p>They see something in the security logs they don’t understand, and blame Maricopa’s lack of network data ("the routers") for their inability to explain it.</p><p>This is an extraordinarily inappropriate claim, based not on expert understanding of what they see in the logs, but complete ignorance. There’s no reason to believe that getting access to Maricopa Count network logs would explain what’s going on here.</p><p>This demonstrates they are on a phishing expedition, and that everything they see that they can’t explain is used as evidence of a conspiracy, either of Maricopa to withhold data, or of election fraud.</p><p>The Dominion suite of applications and services is oddly constructed and will produce anomalies. Comparing against a general Windows server not running Dominion’s suite is meaningless.</p><p><br /></p><p><b>7.5.5 Dual Boot System Discovered</b></p><p>The auditors claim something about “dual-homed hosts” or “jump-boxes”. That’s not how these terms are normally used. These terms normally refer to a box with access to two separate networks, not a box with two separate operating systems.</p><p>This requires no nefarious explanation. This is commonly seen in corporate networks, either because somebody simply added a new drive to re-install the operating-system, or repurposed an old drive from another system as a data drive, and simply forgot to wipe it. The BIOS points to one they intend to boot from and ignore the fact that the other can also boot.</p><p>There are endless non-nefarious explanations for what is seen here that doesn’t require a nefarious one. It’s not even clear its a failure of their build process, which focuses on what’s on the boot drive and not what’s on other drives in the system.</p><p><br /></p><p><b>7.5.6 EMS Operating System Logs Not Preserved</b></p><p>It is true the EMS operating-system logs are not preserved (well, generally not preserved). By this I refer to the generic Windows logs, the same logs that your own Windows desktop keeps.</p><p>The auditors falsely claim that this violates the law. This is false. The “electron records” laws don’t cover the operating-system. The laws instead are intended to preserve the records of the election software running on top of the operating-system, not those of the operating-system itself.</p><p>This issue has long been known. You don’t need an auditor’s report to tell you that these logs aren’t generally preserved – everyone has known this for a long time, including those who certified Dominion.</p><p>The subtext of this claim is the continued argument by Republicans that the fact they can’t find evidence for 2020 election fraud is because key data is missing. That’s the argument of Tina Peters, the former clerk of a county in the neighboring state of Colorado, who claims their elections cannot be audited because they don’t have the Windows operating-system logs.</p><p>It’s not true. System logs are as likely to cause confusion, as they do above with the “anonymous logins” issue. They are unlikely to provide proof of votes being flipped in a hack. If there was massive fraud, as detected by recounts of paper ballots, I’d certainly want such system logs to search for how it happened. But I wouldn’t use such logs in order to audit the vote.</p><p>Note that the description of “deleting” log entries by overfilling the logs is wrong. If it were important to preserve such logs, then they would be copied right after the election. They wouldn’t be left to rot on the boot drive for months afterwards.</p><p>As a forensics guy, I would certainly support the idea that Dominion should both enable more logs and preserve them after each election. They don’t require excessive storage and can be saved automatically in the last phase of an election. But their lack really isn’t all that important, they are mostly just full of junk.</p><p><br /></p><p><b>Conclusion</b></p><p>We live in a pluralistic democracy, meaning there are many centers of power, each competing with each other. It's inherently valid for one side to question and challenge the other side. But this can go too far, to the point where you are challenging the stability of our republic.</p><p>The Republican party is split. Some are upholding that principle of pluralism, wanting to make sure future elections are secure and fair. Others are attacking that principle, challenging the peaceful transfer of power in the last election with baseless accusations of fraud.</p><p>This split is seen in Arizona, where Republicans have demanded an audit by highly partisan auditors. An early draft of their report straddles that split, containing some reasonable attempt to create recommendations for future elections, while simultaneous providing fodder for the other side to believe the last election was stolen.</p><p>A common problem with auditors is that when they can’t find the clear evidence they were looking for, the fill their reports with things they don’t understand. I think I see that here. The auditors make technical errors in ways that question their competence, but that’s likely not true. Instead, they kept searching past where they were strong into areas where they were weak, looking for as much dirt as possible. Thus, in this report, we see where they are technically weak.</p><p>Trumpists, meaning those attacking the peaceful transfer of power with baseless accusations of fraud, will certainly use this report to champion their cause, despite the headline portion that confirms the vote count. But for the rest of us, we should welcome this report. Elections do need to be fixed, and while it’s unlikely we’ll fix them in the ways suggested in this report, it will add visibility into the process which we can use to debate improvements.</p><div>This blogpost is only a first draft. While the technical bits in section 7 look fairly straightforward to me, I'm guessing that people who don't understand them will come up with weird conspiracy-theories about them. Thus, I'm guessing I'll have to write another blogpost in a week debunking some of the crazier ideas.</div></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/895858219046543988/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=895858219046543988' title='12 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/895858219046543988'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/895858219046543988'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/09/check-that-republican-audit-of-maricopa.html' title='Check: that Republican audit of Maricopa'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLvMyKpknq6gxajDiGa0oGRwG9tnL2OUnYo-a96PEu3zwdfu7rFjBnCLet9wokriLWZmup0qNyWBu5YZqhBzTr3KsaPM0FXeG_I9uUvdhZUwA1HH_RzEJrYinvqhCyIw8BDrO_/s72-c" height="72" width="72"/><thr:total>12</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-436861897425412865</id><published>2021-09-21T18:01:00.004-04:00</published><updated>2021-09-26T11:56:50.068-04:00</updated><title type='text'>That Alfa-Trump Sussman indictment</title><content type='html'><p>Five years ago, online magazine Slate broke a <a href="http://www.slate.com/articles/news_and_politics/cover_story/2016/10/was_a_server_registered_to_the_trump_organization_communicating_with_russia.html">story</a> about how DNS packets showed secret communications between Alfa Bank in Russia and the Trump Organization, proving a link that Trump denied. I was the only prominent tech expert that debunked this as just a conspiracy-theory[<a href="https://blog.erratasec.com/2016/11/debunking-trumps-secret-server.html">*</a>][<a href="https://blog.erratasec.com/2016/11/in-which-i-have-to-debunk-second-time.html">*</a>][<a href="https://blog.erratasec.com/2017/03/fbi-what-to-look-for-in-trumpalfabank.html">*</a>].</p><p>Last week, I was vindicated by the&nbsp;<a href="https://s3.documentcloud.org/documents/21063441/sussmann.pdf">indictment</a>&nbsp;of a lawyer involved, a Michael Sussman. It tells a story of where this data came from, and some problems with it.</p><span><a name='more'></a></span><p>But we should first avoid reading too much into this indictment. It cherry picks data supporting its argument while excluding anything that disagrees with it. We see chat messages expressing doubt in the DNS data. If chat messages existed expressing confidence in the data, we wouldn't see them in the indictment.</p><p>In addition, the indictment tries to make strong ties to the Hillary campaign and the Steele Dossier, but ultimately, it's weak. It looks to me like an outsider trying to ingratiated themselves with the Hillary campaign rather than there being part of a grand Clinton-lead conspiracy against Trump.</p><p>With these caveats, we do see some important things about where the data came from.</p><p>We see how Tech-Executive-1 used his position at cyber-security companies to search private data (namely, private DNS logs) to search for anything that might link Trump to somebody nefarious, including Russian banks. In other words, a link between Trump and Alfa bank wasn't something they accidentally found, it was one of the many thousands of links they looked for.</p><p>Such a technique has been long known as a problem in science. If you cast the net wide enough, you are sure to find things that would otherwise be statistically unlikely. In other words, if you do hundreds of tests of hydroxychloroquine or invermectin on Covid-19, you are sure to find results that are so statistically unlikely that they wouldn't happen more than 1% of the time.</p><p>If you search world-wide DNS logs, you are certain to find weird anomalies that you can't explain. Unexplained computer anomalies happen all the time, as every user of computers can tell you.</p><p>We've seen from the start that the data was highly manipulated. It's likely that the data is real, that the DNS requests actually happened, but at the same time, it's been stripped of everything that might cast doubt on the data. In this indictment we see why: before the data was found the purpose was to smear Trump. The finders of the data don't want people to come to the best explanation, they want only explainations that hurt Trump.</p><p>Trump had no control over the domain in question, trump-email.com. Instead, it was created by a hotel marketing firm they hired, Cendyne. It's Cendyne who put Trump's name in the domain. A broader collection of DNS information including Cendyne's other clients would show whether this was normal or not.</p><p>In other words, a possible explanation of the data, hints of a Trump-Alfa connection, has always been the dishonesty of those who collected the data. The above indictment confirms they were at this level of dishonesty. It doesn't mean the DNS requests didn't happen, but that their anomalous nature can be created by deletion of explanatory data.</p><p>Lastly, we see in this indictment the problem with "experts".</p><p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkL_j3i3ThTFlnuLbPWw0O3aeAIxqG5F2zPmGTPQaT8fzxA-3Db6V86LjsxtBtEAUky9knXSQmGGSaZsvDNQQZQHlZbls8DLx-lmisAGKBZ07SDJ0h2Ocd5NApfO05KXmpfNcr/s1186/Screen+Shot+2021-09-16+at+9.03.23+PM.png" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="220" data-original-width="1186" height="59" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkL_j3i3ThTFlnuLbPWw0O3aeAIxqG5F2zPmGTPQaT8fzxA-3Db6V86LjsxtBtEAUky9knXSQmGGSaZsvDNQQZQHlZbls8DLx-lmisAGKBZ07SDJ0h2Ocd5NApfO05KXmpfNcr/s320/Screen+Shot+2021-09-16+at+9.03.23+PM.png" width="320" /></a></p><p>Sadly, this didn't happen. Even experts are biased. The original Slate story quoted Paul Vixie, who hates Trump, who was willing to believe it rather than question it. It's not necessarily Vixie's fault: the Slate reporter gave the experts they quoted a brief taste of the data, then pretended their response was a full in-depth analysis, rather than a quick hot-take. It's not clear that Vixie really still stands behind the conclusions in the story.</p><p>But of the rest of the "experts" in the field, few really care. Most hate Trump, and therefore, wouldn't challenge anything that hurts Trump. Experts who like Trump also wouldn't put the work into it, because nobody would listen to them. Most people choose sides -- they don't care about the evidence.</p><p>This indictment vindicates my analysis in those blogposts linked above. My analysis shows convincingly that Trump had no real connection to the domain. I can't explain the anomaly, why Alfa Bank is so interested in a domain containing the word "trump", but I can show that conspirational communications is the least likely explanation.</p><p><br /></p></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/436861897425412865/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=436861897425412865' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/436861897425412865'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/436861897425412865'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/09/that-alfa-trump-sussman-indictment.html' title='That Alfa-Trump Sussman indictment'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhkL_j3i3ThTFlnuLbPWw0O3aeAIxqG5F2zPmGTPQaT8fzxA-3Db6V86LjsxtBtEAUky9knXSQmGGSaZsvDNQQZQHlZbls8DLx-lmisAGKBZ07SDJ0h2Ocd5NApfO05KXmpfNcr/s72-c/Screen+Shot+2021-09-16+at+9.03.23+PM.png" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-2180228297562107817</id><published>2021-09-14T23:07:00.009-04:00</published><updated>2021-09-15T14:19:24.002-04:00</updated><title type='text'>How not to get caught in law-enforcement geofence requests</title><content type='html'><p>I thought I'd write up a response to this question from well-known 4th Amendment and CFAA lawyer Orin Kerr:</p><blockquote class="twitter-tweet"><p dir="ltr" lang="en">Question for tech people related to "geofence" warrants served on Google: How easy is it for a cell phone user, either of an Android or an iPhone, to stop Google from generating the detailed location info needed to be responsive to a geofence warrant? What do you need to do?</p>— Orin Kerr (@OrinKerr) <a href="https://twitter.com/OrinKerr/status/1437929337357963265?ref_src=twsrc%5Etfw">September 15, 2021</a></blockquote> <script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script><blockquote class="twitter-tweet" data-conversation="none"><p dir="ltr" lang="en">(FWIW, I'm seeking info from people who actually know the answer based on their expertise, not from those who are just guessing, or are who are now googling around to figure out what the answer may be,)</p>— Orin Kerr (@OrinKerr) <a href="https://twitter.com/OrinKerr/status/1437930368523407366?ref_src=twsrc%5Etfw">September 15, 2021</a></blockquote> <script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script><p>First, let me address the second part of his tweet, whether I'm technically qualified to answer this. I'm not sure, I have only 80% confidence that I am. Hence, I'm writing this answer as blogpost hoping people will correct me if I'm wrong.</p><span><a name='more'></a></span><p><b>There is a simple answer</b>&nbsp;and it's this: just disable "Location" tracking in the settings on the phone. Both iPhone and Android have a one-click button to tap that disables everything.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPTvHwU1eiv8vwSiHqZvnyTrMEujwBkCEY5Vq90DyTG78bYYD3wveTrWD27V3Y9Tw_qDTItz9mk53nTLxea10UG1i0k0b6RSct7A-GyJRXE8YiLsPoQstC9OOgQWJzTyScm9ay/" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="" data-original-height="2436" data-original-width="1125" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPTvHwU1eiv8vwSiHqZvnyTrMEujwBkCEY5Vq90DyTG78bYYD3wveTrWD27V3Y9Tw_qDTItz9mk53nTLxea10UG1i0k0b6RSct7A-GyJRXE8YiLsPoQstC9OOgQWJzTyScm9ay/" width="111" /></a></div>The trick is knowing which thing to disable. On the iPhone it's called "Location Services". On the Android, it's simply called "Location".<div><br /></div><div>If you do start googling around for answers, you'll find <a href="https://apnews.com/article/north-america-science-technology-business-ap-top-news-828aefab64d4411bac257a07c1af0ecb">articles</a> upset that Google is still tracking them. That's because they disabled "Location History" and not "Location". This left "Location Services" and "Web and App Activity" still tracking them. Disabling "Location" on the phone disables all these things [<a href="https://support.google.com/accounts/answer/3467281">*</a>].<p></p><p>It's that simple: one click and done, and Google won't be able to report your location in a geofence request.</p><p>I'm pretty confident in this answer, despite what your googling around will tell you about Google's pernicious ways. But I'm only 80% confident in my answer. Technology is complex and constantly changing.</p><p>Note that the answer is very different for mobile phone companies, like AT&amp;T or T-Mobile. They have their own ways of knowing about your phone's location independent of whatever Google or Apple do on the phone itself. Because of modern 4G/LTE, cell towers must estimate both your direction and distance from the tower. I've confirmed that they can know your location to within 50 feet. There are limitations to this, it depends upon whether you are simply in range of the tower or have an active phone call in progress. Thus, I think law enforcement prefers asking Google.</p><p>Another example is how my car uses Google Maps all the time, and doesn't have privacy settings. I don't know what it reports to Google. So when I rob a bank, my phone won't betray me, but my car will.</p><p>Note that "disabling GPS" isn't sufficient. I include the screenshot above because of how it mentions the phone relies upon WiFi, BlueTooth, and cell tower info to also confirm your location. Tricking GPS will do little to stop your phone from knowing your location.</p><p>I only know about this from the phone side of things and not actual legal cases. I'd love to see the sort of geofence results the FBI gets. There might be some subtle thing that I missed about how Android works with mobile companies, such as this <a href="https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled/">old story</a> where Android phones reported cell tower information to Google (since removed). Or worse, there might be something completely obvious I should've known about that everyone seems to know, but for some reason I simply forgot.</p><p>Both Apple and Google are upfront about what private information they do and don't track and how to disable it. Thus, while I think they may do something on accident hidden from view, I don't think there's anything going on that isn't documented. And what's documented this concern is that simply turning off the "Location" button.</p><p><b><br /></b></p><hr /><p><b>Update:</b>&nbsp;Many comments note that Google does log the IP address of requests, and that IP addresses can sometimes be geolocated.</p><p>Well, yes and no. It's not something companies log in that way. Thus, when given a geofence request for everything within a certain physical location, logs containing only IP addresses wouldn't be something covered by the request. The log would need a record of the physical location to be covered. Moreover, geolocation by IP address is incredibly inaccurate, often telling you only what city or neighborhood where the IP address is located. Even if Google logged a record of the best-guess about location, I'm still not sure whether it would be an appropriate response to a geofence request.</p><p>In any event, this wouldn't apply to mobile IP addresses. In America, consumer mobile phones don't have public IP addresses by share the same pool of private addresses. Thus, the IP address from a mobile phone is meaningless for location purposes.</p><p>Now you can create a hypothetical situation like the following:</p><p></p><ul style="text-align: left;"><li>a Capitol Hill protestor logs onto a nearby WiFi (meaning: it's not the mobile IP address in question, but the IP address of the WiFi hotspot)</li><li>the geolocation record of that WiFi hotspot is actually accurate</li><li>requests to Google resolves that geolocation when it logs the IP address</li><li>they give such IP/location logs in response to geofence request</li></ul><p></p><p>Then, yes, my argument is defeated, a hypothetical geofence request might then get you.</p><p>Which I actually like. It's a good demonstration of why I doubt myself at the top of the post. I don't think this scenario is likely, and hence don't consider it a reasonable rebuttal, but "unlikely" doesn't mean "impossible". I'm still pretty confident that a one-click disabling "Location" is all you need to defeat geofence warrants given to Google.</p><p>Note that the discussion of this blogpost is just about the "geofence request to Google". This "Capital Hill WiFi" hypothetical is unlikely to help with requests by location, but of course would for requests by IP address. Law enforcement could certainly ask Google for a list of users that came in via the Capital Hill WiFi IP address.</p></div><blockquote class="twitter-tweet" data-conversation="none"><p dir="ltr" lang="en">Except I bet they started with cell carriers and are being thorough. <br /><br />Contact Google via public wifi in the Capitol and BOOM.</p>— Bob (Moderna #3) Kerns (@BobKerns) <a href="https://twitter.com/BobKerns/status/1438145330374086663?ref_src=twsrc%5Etfw">September 15, 2021</a></blockquote> <script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/2180228297562107817/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=2180228297562107817' title='1 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/2180228297562107817'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/2180228297562107817'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/09/how-not-to-get-caught-in-law.html' title='How not to get caught in law-enforcement geofence requests'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjPTvHwU1eiv8vwSiHqZvnyTrMEujwBkCEY5Vq90DyTG78bYYD3wveTrWD27V3Y9Tw_qDTItz9mk53nTLxea10UG1i0k0b6RSct7A-GyJRXE8YiLsPoQstC9OOgQWJzTyScm9ay/s72-c" height="72" width="72"/><thr:total>1</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-3133624835814497538</id><published>2021-07-26T20:52:00.002-04:00</published><updated>2021-07-26T20:52:15.510-04:00</updated><title type='text'>Of course you can't trust scientists on politics</title><content type='html'>Many people make the same claim as this tweet. It's obviously wrong. Yes,, the right-wing has a problem with science, but this isn't it.<blockquote class="twitter-tweet"><p dir="ltr" lang="en">If you think you don't trust scientists, you're mistaken. You trust scientists in a million different ways every time you step on a plane, or for that matter turn on your tap or open a can of beans. The fact that you're unaware of this doesn't mean it's not so.</p>— Paul Graham (@paulg) <a href="https://twitter.com/paulg/status/1419765657080578052?ref_src=twsrc%5Etfw">July 26, 2021</a></blockquote><p>First of all, people trust airplanes because of their long track record of safety, not because of any claims made by scientists. Secondly, people distrust "scientists" when politics is involved because of course scientists are human and can get corrupted by their political (or religious) beliefs.</p><p>And thirdly, the concept of "trusting scientific authority" is wrong, since the bedrock principle of science is distrusting authority. What defines sciences is how often prevailing scientific beliefs are challenged.</p><span><a name='more'></a></span><p>Carl Sagan has many quotes along these lines that eloquently expresses this:</p><p></p><blockquote>A central lesson of science is that to understand complex issues (or even simple ones), we must try to free our minds of dogma and to guarantee the freedom to publish, to contradict, and to experiment. Arguments from authority are unacceptable.</blockquote><p></p><p>If you are "arguing from authority", like Paul Graham is doing above, then you are fundamentally misunderstanding both the principles of science and its history.</p><p>We know where this controversy comes from: politics. The above tweet isn't complaining about the $400 billion U.S. market for alternative medicines, a largely non-political example. It's complaining about political issues like vaccines, global warming, and evolution.</p><p>The reason those on the right-wing resist these things isn't because they are inherently anti-science, it's because the left-wing is. They left has corrupted and politicized these topics. The "Green New Deal" contains very little that is "Green" and much that is "New Deal", for example. The left goes from the fact "carbon dioxide absorbs infrared" to justify "we need to promote labor unions".</p><p>Take Marjorie Taylor Green's (MTG) claim that she doesn't believe in the Delta variant because she doesn't believe in evolution. Her argument is laughably stupid, of course, but it starts with the way the left has politicized the term "evolution".</p><p>The "Delta" variant didn't arise from "evolution", it arose because of "mutation" and "natural selection". We know the "mutation" bit is true, because we can sequence the complete DNA and detect that changes happen. We know that "selection" happens, because we see some variants overtake others in how fast they spread.</p><p>Yes, "evolution" is synonymous with mutation plus selection, but it's also a politically loaded term that means a lot of additional things. The public doesn't understand mutation and natural-selection, because these concepts are not really taught in school. Schools don't teach students to <i>understand</i> these things, they teach students to <i>believe</i>.</p><p>The focus of science eduction in school is indoctrinating students into believing in "evolution" rather than teaching the mechanisms of "mutation" and "natural-selection". We see the conflict in things like describing the evolution of the eyeball, which Creationists "reasonably" believe is too complex to have evolved this way. I put "reasonable" in quotes here because it's just the "Gods in the gaps" argument, which credits God for everything that science can't explain, which isn't very smart. But at the same time, science textbooks go too far, refusing to admit their gaps in knowledge here. The fossil records shows a lot of complexity arising over time through steady change -- it just doesn't show anything about eyeballs.</p><p>In other words, it's possible for a kid to graduate high-school with a full understanding of science, including mutation, selection, and the fossil record, while believing God created the eyeball. This is anathema to educators, who would rather students "believe in evolution" than understand it.</p><p>Thus, "believing" in the "evolution" of the Delta variant becomes this horrible political debate because the left-wing has corrupted science. You have politicians like MTG virtue signaling their opposition to evolution in what should be a non-political, neutral science discussion.</p><p>The political debate over vaccines isn't the vaccines themselves, but forcing people to become vaccinated.</p><p>The evidence is clear that the covid vaccines are in your own (and your kids') best interest. If we left it there, few would be challenging the science. There is no inherent right-wing opposition to vaccines. Indeed, Trump championed the covid vaccines, trying to take credit for their development.&nbsp;</p><p>But the left-wing chose a different argument, that covid vaccines are in the best interest of society, and therefore, that government must coerce/force people to become vaccinated. It's at this point that political opposition appears on the right-wing. It's the same whether you are describing the debate in the United States, Europe, or Asia.</p><p>We know the juvenile method which people defend their political positions. Once people decide to oppose "forcible vaccination", they then build a position that vaccines aren't "good" anyway.</p><p>Thus, you'll get these nonsense arguments from people who have get their opinions from dodgy blogs/podcasts, like "these don't even meet the definition of a vaccine". The started from the political goal first, and then looked for things that might support it, no matter how intellectually vacuous. It's frustrating trying to argue against the garbage arguments they'll toss up.</p><p>But at the same time, the left is no better. The tweet above is equally a vacuous meme, that they repeat because it sounds good, not because they've put much thought into it. It's simply an argument that strokes the prejudices of those who repeat it, rather than being a robust argument that can change the minds of opponents. It's obviously false: people trust planes because of their track record, not because of scientists claim. They trust scientists and doctors on non-political things, but rightly distrust their pronouncements on politically-tainted issues. And lastly, the above argument is completely anti-scientific -- science is all about questioning and doubting.</p><p><br /></p> <script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/3133624835814497538/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=3133624835814497538' title='2 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/3133624835814497538'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/3133624835814497538'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/07/of-course-you-cant-trust-scientists-on.html' title='Of course you can't trust scientists on politics'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><thr:total>2</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-2166895125765554100</id><published>2021-07-21T18:11:00.002-04:00</published><updated>2021-07-21T18:11:58.104-04:00</updated><title type='text'>Risk analysis for DEF CON 2021</title><content type='html'><p>It's the second year of the pandemic and the DEF CON hacker conference wasn't canceled. However, the Delta variant is spreading. I thought I'd do a little bit of risk analysis. TL;DR: I'm not canceling my ticket, but changing my plans what I do in Vegas during the convention.</p><span><a name='more'></a></span><p>First, a note about risk analysis. For many people, "risk" means something to avoid. They work in a binary world, labeling things as either "risky" (to be avoided) or "not risky". But real risk analysis is about shades of gray, trying to quantify things.</p><p>The Delta variant is a mutation out of India that, at the moment, is particularly affecting the UK. Cases are nearly up to their pre-vaccination peaks in that country.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDH09X1x2xo7EbB6_yQt_84duZ46Zbm2PuE-ci341SI2UEHmlylUxr-7AgXs4F2rUOOqyK6fy2NOBJdosMm9lgXsNZAkJYBXoHZoP03bHdBh46rqDYsl3mPrP7mOsO63GTACu1/s1486/Screen+Shot+2021-07-21+at+5.37.03+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="938" data-original-width="1486" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDH09X1x2xo7EbB6_yQt_84duZ46Zbm2PuE-ci341SI2UEHmlylUxr-7AgXs4F2rUOOqyK6fy2NOBJdosMm9lgXsNZAkJYBXoHZoP03bHdBh46rqDYsl3mPrP7mOsO63GTACu1/s320/Screen+Shot+2021-07-21+at+5.37.03+PM.png" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><p>Note that the UK has already vaccinated nearly 70% of their population -- more than the United States. In both the UK and US there are few preventive measures in place (no lockdowns, no masks) other than vaccines.</p><p></p><p>&nbsp;</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzQ8NTa24G0QgUEQK2DzeAVQrKTDGmKB-XCRvxGTs_3NsOchZumKWqhqg9dXoZ3qLD3taBpaYKadn2KauDpTQ71NyYR23prsyJA-9NHcCEPVggoT_XBVDgwFFyY_Q3Lw3M7Are/s1442/Screen+Shot+2021-07-21+at+11.15.38+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1004" data-original-width="1442" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzQ8NTa24G0QgUEQK2DzeAVQrKTDGmKB-XCRvxGTs_3NsOchZumKWqhqg9dXoZ3qLD3taBpaYKadn2KauDpTQ71NyYR23prsyJA-9NHcCEPVggoT_XBVDgwFFyY_Q3Lw3M7Are/s320/Screen+Shot+2021-07-21+at+11.15.38+AM.png" width="320" /></a></div><br /><p>Thus, the UK graph is somewhat predictive of what will happen in the United States. If we time things from when the latest wave hit the same levels as peak of the first wave, then it looks like the USA is only about 1.5 months behind the UK.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUzz106H_G2hTQIhLs5EhUE7igrxJRJEWkBwPjF5_Wz-y9LMZMv-uBuF9bRP20mVDNSPbafQCN5hCUQUjOaTOqc0GvYW5eQiaw9IMXep8cjT8Mm2Xz9jidsipXP6JNiI_eZJcv/s1502/Screen+Shot+2021-07-21+at+5.32.45+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="920" data-original-width="1502" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUzz106H_G2hTQIhLs5EhUE7igrxJRJEWkBwPjF5_Wz-y9LMZMv-uBuF9bRP20mVDNSPbafQCN5hCUQUjOaTOqc0GvYW5eQiaw9IMXep8cjT8Mm2Xz9jidsipXP6JNiI_eZJcv/s320/Screen+Shot+2021-07-21+at+5.32.45+PM.png" width="320" /></a></div><br /><p>It's another interesting lesson about risk analysis. Most people experience these things as sudden changes. One moment, everything seems fine, and cases are decreasing. The next moment, we are experiencing a major new wave of infections. It's especially jarring when the thing we are tracking is exponential. But we can compare the curves and see that things are totally predictable. In about another 1.5 months, the US will experience a wave that looks similar to the UK wave.</p><p>Sometimes the problem is that the change is inconceivable. We saw that recently with 1-in-100 year floods in Germany. Weather forecasters predicted 1-in-100 level of floods days in advance, but they still surprised many people.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfML6nU3sgd6QL1s_fpiZBmribYuHimgBLtbHomCCbDwnDBBonG_rjWIM4XjpMXf52VlmaCFLspclLHjzNeJ-SV9v99CMt-x7EEcj-cEEjLOyzPE2YOuilBaLS0FP79eMtLQzt/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="336" data-original-width="640" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfML6nU3sgd6QL1s_fpiZBmribYuHimgBLtbHomCCbDwnDBBonG_rjWIM4XjpMXf52VlmaCFLspclLHjzNeJ-SV9v99CMt-x7EEcj-cEEjLOyzPE2YOuilBaLS0FP79eMtLQzt/" width="320" /></a></div><br />Nevada is ahead of the curve in the US, probably because Vegas is such a hub of unvaccinated people going on vacation. Because of exponential growth, there's a good chance that in 2 weeks, that peek will be triple where it is now. It may not look like "time to cancel your ticket" now, but it probably will in 2 weeks when the event takes place. In other words, the closer we get to the event, the more people will look at this graph and cancel their tickets.<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFeNMFRCnumJoTmDmZ1UhJzMaJtggq8F3exZMGc1gcH-q48LpQO_Cn_SycAjgvgX-Vr4j5P7EsNswfCsS06RJaT-BC0bXsJydbip5qECOihDItWc-a50-Mx5Bipi6eB6heqJ1k/s1486/Screen+Shot+2021-07-21+at+5.45.19+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="920" data-original-width="1486" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFeNMFRCnumJoTmDmZ1UhJzMaJtggq8F3exZMGc1gcH-q48LpQO_Cn_SycAjgvgX-Vr4j5P7EsNswfCsS06RJaT-BC0bXsJydbip5qECOihDItWc-a50-Mx5Bipi6eB6heqJ1k/s320/Screen+Shot+2021-07-21+at+5.45.19+PM.png" width="320" /></a></div><div><br /></div>The risk is really high for the unvaccinated, but much less for the vaccinated. We see that in the death rates in the UK, which are still low, even accounting for the 2 week lag that you see between spikes in infections and spikes in deaths. This is partly due to the fact that while the new variant infects the vaccinated, it doesn't cause much harm. Also, I suspect it's due to how much better we are at treating infections if they do require a hospital visit.<div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzusjRQXrpwuRRDJUOPqXZTq5VPw2zcQYBVg0GQo-HuqYwLXZRw5ngin99lcily22Jy9t_S2rjaLv53nob-p6O3BUc4RQRrNraZ4M9FjijoPy-Hiuqkfnkaze9et1a8zjsmF0F/s1468/Screen+Shot+2021-07-21+at+5.49.35+PM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="926" data-original-width="1468" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzusjRQXrpwuRRDJUOPqXZTq5VPw2zcQYBVg0GQo-HuqYwLXZRw5ngin99lcily22Jy9t_S2rjaLv53nob-p6O3BUc4RQRrNraZ4M9FjijoPy-Hiuqkfnkaze9et1a8zjsmF0F/s320/Screen+Shot+2021-07-21+at+5.49.35+PM.png" width="320" /></a></div><br />But still, death isn't the major concern. It appears the major concern is long term-lung (and other organ) damage caused by even mild cases. Thus, one should fear infection even if one believes they have no chance of dying.</div><div><br /></div><div>So here's my personal risk analysis: I'm not canceling my ticket. Instead, I'm changing my plans of what I do. For the most part, this means that wherever there's a crowd, go someplace else.</div><div><br /></div><div>It also means I'm going to take this opportunity to do things I've never had the opportunity to do before: go outside of Vegas. I plan on renting a car to go down to the Grand Canyon, Hoover Dam, and do hikes around the area (like along Lake Meade, up in the canyons, and so on). This means spending most of my time away from people.</div><div><br /></div><div>During the pandemic, outdoor activities (without masks, socially distanced) is one of the safest things you can do, especially considering the exercise and vitamin D that you'll be getting.</div><div><br /></div><div>Also, airplanes aren't much of a worry. They have great filtration and as far as anybody can tell, haven't resulted in superspreader events this entire pandemic.</div><div><br /></div><div>The real point of this blogpost is the idea of "predictions". This post predicts that US infection rates will be spiking in 1.5 months in a curve that looks similar to the UK, and that in 2 weeks during DEFCON, Nevada's infection rates will be around 3 times higher. The biggest lesson about risk analysis is that it's usually done in hind-sight, what people should've known, once the outcome is known. It's much harder doing it the other way around, estimating what might happen in the future.</div><div><br /></div><div><br /></div><div><br /><p><br /></p><p><br /></p><p><br /></p></div></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/2166895125765554100/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=2166895125765554100' title='2 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/2166895125765554100'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/2166895125765554100'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/07/risk-analysis-for-def-con-2021.html' title='Risk analysis for DEF CON 2021'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDH09X1x2xo7EbB6_yQt_84duZ46Zbm2PuE-ci341SI2UEHmlylUxr-7AgXs4F2rUOOqyK6fy2NOBJdosMm9lgXsNZAkJYBXoHZoP03bHdBh46rqDYsl3mPrP7mOsO63GTACu1/s72-c/Screen+Shot+2021-07-21+at+5.37.03+PM.png" height="72" width="72"/><thr:total>2</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-6733311247470341311</id><published>2021-07-14T20:49:00.000-04:00</published><updated>2021-07-14T20:49:05.921-04:00</updated><title type='text'>Ransomware: Quis custodiet ipsos custodes</title><content type='html'><p>Many claim that "ransomware" is due to cybersecurity failures. It's not really true. We are adequately protecting users and computers. The failure is in the inability of cybersecurity guardians to protect themselves. Ransomware doesn't make the news when it only accesses the files normal users have access to. The big ransomware news events happened because ransomware elevated itself to that of an "administrator" over the network, giving it access to all files, including online backups.</p><p>Generic improvements in cybersecurity will help only a little, because they don't specifically address this problem. Likewise, blaming ransomware on how it breached perimeter defenses (phishing, patches, password reuse) will only produce marginal improvements. Ransomware solutions need to instead focus on looking at the typical <a href="https://docs.microsoft.com/en-us/security/compass/human-operated-ransomware">human-operated ransomware</a> killchain, identify how they typically achieve "administrator" credentials, and fix those problems. In particular, large organizations need to redesign how they handle Windows "domains" and "segment" networks.</p><span><a name='more'></a></span><p>I read a lot of lazy op-eds on ransomware. Most of them claim that the problem is due to some sort of moral weakness (laziness, stupidity, greed, slovenliness, lust). They suggest things like "taking cybersecurity more seriously" or "do better at basic cyber hygiene". These are "unfalsifiable" -- things that nobody would disagree with, meaning they are things the speaker doesn't really have to defend. They don't rest upon technical authority but moral authority: anybody, regardless of technical qualifications, can have an opinion on ransomware as long as they phrase it in such terms.</p><p>Another flaw of these "unfalsifiable" solutions is that they are not measurable. There's no standard definition for "best practices" or "basic cyber hygiene", so there no way to tell if you aren't already doing such things, or the gap you need to overcome to reach this standard. Worse, some people point to the "NIST Cybersecurity Framework" as the "basics" -- but that's a framework for <i>all</i>&nbsp;cybersecurity practices. In other words, anything short of doing <i>everything&nbsp;possible</i> is considered a failure to follow the basics.</p><p>In this post, I try to focus on specifics, while at the same time, making sure things are broadly applicable. It's detailed enough that people will disagree with my solutions.</p><p><br /></p><p>The thesis of this blogpost is that <b>we are failing to protect "administrative" accounts</b>. The big ransomware attacks happen because the hackers got administrative control over the network, usually the Windows <i>domain admin</i>. It's with administrative control that they are able to cause such devastation, able to reach all the files in the network, while also being able to delete backups.</p><p>The <b>Kaseya</b> attacks highlight this particularly well. The company produces a product that is in turn used by "Managed Security Providers" (MSPs) to administer the security of small and medium sized businesses. Hackers found and exploited a vulnerability in the product, which gave them administrative control of over 1000 small and medium sized businesses around the world.</p><p>The underlying problems start with the way their software gives indiscriminate administrative access over computers. Then, this software was written using standard software techniques, meaning, with the standard vulnerabilities that most software has (such as "SQL injection"). It wasn't written in a paranoid, careful way that you'd hope for software that poses this much danger.</p><p>A good analogy is airplanes. A common joke refers to the "black box" flight-recorders that survive airplane crashes, that maybe we should make the entire airplane out of that material. The reason we can't do this is that airplanes would be too heavy to fly. The same is true of software: airplane software is written with extreme paranoia knowing that bugs can lead to airplanes falling out of the sky. You wouldn't want to write all software to that standard, because it'd be too costly.</p><p>This analogy tells us we can't write all software to the highest possible standard. However, we should write a<i>dministrative software</i> (like Kaseya) to this sort of standard. Anything less invites something like the massive attack we saw in the last couple weeks.</p><p><br /></p><p>Another illustrative example is the "<b>PrinterNightmare</b>" bug. The federal government issued a directive telling everyone under it's authority (executive branch, military) to <a href="https://us-cert.cisa.gov/ncas/current-activity/2021/07/13/cisa-issues-emergency-directive-microsoft-windows-print-spooler">disable the Printer Spooler on "domain controllers"</a>. The issue here is that this service should never have been enabled on "domain controllers" in the first place.</p><p>Windows security works by putting all the security eggs into a single basket known as "Active Directory", which is managed by several "Domain Controller" (AD DC) servers. Hacking a key DC gives the ransomware hacker full control over the network. Thus, we should be paranoid about protecting DCs. They should not be running any service other than those needed to fulfill their mission. The more additional services they provide, like "printing", the larger the attack surface, the more likely they can get hacked, allowing hackers full control over the network.&nbsp;</p><p>Yet, I rarely see Domain Controllers with this level of paranoid security. Instead, when an organization has a server, they load it up with lots of services, including those for managing domains. Microsoft's advice&nbsp;<a href="https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/reducing-the-active-directory-attack-surface">securing domain controllers</a>&nbsp;"recommends" a more paranoid attitude, but only as one of the many other things it "recommends".</p><p><br /></p><p>When you look at detailed analysis of ransomware killchains, you'll find the most frequently used technique is "<b>domain admin account hijacking</b>". Once a hacker controls a desktop computer, they wait for an administrator to login, then steal the administrators credentials. There are various ways this happens, the most famous being "pass-the-hash" (which itself is outdated, but good analogy for still-current techniques). Hijacking even <i>restricted</i> administrator accounts can lead to elevation to <i>unrestricted</i> administrator privileges over the entire network.</p><p>If you had to fix only one thing in your network, it would be this specific problem.</p><p>Unfortunately, I only know how to <i>attack</i>&nbsp;this problem as a pentester, I don't know how to <i>defend</i>&nbsp;against it. I feel that separating <i>desktop admins</i>&nbsp;and <i>server/domain admins</i>&nbsp;into separate, non-overlapping groups is the answer, but I don't know how to achieve this in practice. I don't have enough experience as a defender to know how to make reasonable tradeoffs.</p><p><br /></p><p>In addition to attacking <i>servers</i> and <i>accounts</i>, ransomware attackers also target <b>networks</b>. Organizations focus on "perimeter security", where the major security controls are between the public Internet and the internal organization. They also need an internal perimeter, between the organization's network and the core servers.</p><p>There are lots of tools for doing this: VLANs, port-isolation, network segmentation, read-only Domain Controllers, and the like.</p><p>As an attacker, I see the lack of these techniques. I don't know why defenders doin't use them more. There might be good reasons. I suspect the biggest problem is inertia: networks were designed back when these solutions were hard, and change would break things.</p><p><br /></p><p>In summary, I see the major problem exploited by ransomware is that we don't protect "administrators" enough. We don't do enough to protect administrative software, servers, accounts, or network segments. When we look at ransomware, the big cases that get splashed across the news, its not because they compromised a single desktop, but because they got administrative control over the entire network and thus were able to encrypt everything.</p><p>Sadly, as a person experience in attack (red-team) and exploiting these problems, I can see the problem. However, I have little experience as a defender (blue-team), and while solutions look easy in theory, I'm not sure what can be done in practice to mitigate these threats.</p><p>I do know that general hand-waving, exhorting people to "take security seriously" and perform "cyber hygiene" is the least helpful answer to the problem.</p><p><br /></p></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/6733311247470341311/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=6733311247470341311' title='8 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/6733311247470341311'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/6733311247470341311'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/07/ransomware-quis-custodiet-ipsos-custodes.html' title='Ransomware: Quis custodiet ipsos custodes'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><thr:total>8</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-7766669610303791684</id><published>2021-07-05T17:15:00.003-04:00</published><updated>2021-07-05T17:15:28.711-04:00</updated><title type='text'>Some quick notes on SDR</title><content type='html'><p>I'm trying to create perfect screen captures of SDR to explain the world of radio around us. In this blogpost, I'm going to discuss some of the imperfect captures I'm getting, specifically, some notes about WiFi and Bluetooth.</p><p>An SDR is a "software defined radio" which digitally samples radio waves and uses number crunching to decode the signal into data. Among the simplest thing an SDR can do is look at a chunk of spectrum and see signal strength. This is shown below, where I'm monitoring part of the famous 2.4 GHz pectrum used by WiFi/Bluetooth/microwave-ovens:</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbz69YcYg9p4Y4jySkNi7XJLJmpClhCptaRArmCrGHjZ7KNl7dXQA665V-sAfdhqBVda84ZujOFyTRIRgY-9DfzXsqcCmGQKR7zCJW2oY05tiJqexulPrBpEuMUGW553fhtTxV/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1075" data-original-width="2048" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbz69YcYg9p4Y4jySkNi7XJLJmpClhCptaRArmCrGHjZ7KNl7dXQA665V-sAfdhqBVda84ZujOFyTRIRgY-9DfzXsqcCmGQKR7zCJW2oY05tiJqexulPrBpEuMUGW553fhtTxV/" width="320" /></a></div><p></p><span><a name='more'></a></span><p><br />There are two panes. The top shows the current signal strength as graph. The bottom pane is the "waterfall" graph showing signal strength over time, display strength as colors: black means almost no signal, blue means some, and yellow means a strong signal.</p><p>The signal strength graph is a bowl shape, because we are actually sampling at a specific frequency of 2.42 GHz, and the further away from this "center", the less accurate the analysis. Thus, the algorithms think there is more signal the further away from the center we are.</p><p>What we do see here is two peaks, at 2.402 GHz toward the left and 2.426 GHz toward the right (which I've marked with the red line). These are the "Bluetooth beacon" channels. I was able to capture the screen at the moment some packets were sent, showing signal at this point. Below in the waterfall chart, we see packets constantly being sent at these frequencies.</p><p>We are surrounded by devices giving off packets here: our phones, our watches, "tags" attached to devices, televisions, remote controls, speakers, computers, and so on. This is a picture from my home, showing only my devices and perhaps my neighbors. In a crowded area, these two bands are saturated with traffic.</p><p>The 2.4 GHz region also includes WiFi. So I connected to a WiFi access-point to watch the signal.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgE6KQ_rW30FZbUrvko0fNyi3aXUbm9GkqqdqFDOV-bG_9lPhgnDcW_DFANJTaB0I7xvTsQO2jgUU9k7Wb7w-vTy0q5wOf7QkXfj0WK0CWF4HyBZQjg1p-kYtaXcYstZ9KY5vik/s2048/Screen+Shot+2021-07-05+at+4.21.31+PM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1104" data-original-width="2048" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgE6KQ_rW30FZbUrvko0fNyi3aXUbm9GkqqdqFDOV-bG_9lPhgnDcW_DFANJTaB0I7xvTsQO2jgUU9k7Wb7w-vTy0q5wOf7QkXfj0WK0CWF4HyBZQjg1p-kYtaXcYstZ9KY5vik/s320/Screen+Shot+2021-07-05+at+4.21.31+PM.png" width="320" /></a></div>WiFi uses more bandwidth than Bluetooth. The term "bandwidth" is used today to mean "faster speeds", but it comes from the world of radio where it quite literally means the width of the band. The width of the Bluetooth transmissions seen above is 2 MHz, the width of the WiFi band shown here is 20 MHz.<div><br /></div><div>It took about 50 screenshots before getting these two. I had to hit the "capture" button right at the moment things were being transmitted. And easier way is a setting that graphs the current signal strength compared to the maximum recently seen as a separate line. That's shown below: the instant it was taken, there was no signal, but it shows the maximum of recent signals as a separate line:</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5DC9BdZpaj-0kBYECXyEw15Qih5Bnpv7busuVTn2xM49qoay_oBoXcSNTFkqceEhaM2aXrI_sduLJUbRDmkOWQ6vQuQ2u_2v_2XKTSyFj_UEKUAPAjgLoj9q604I6C-Yai2JH/s2048/Screen+Shot+2021-07-05+at+4.27.54+PM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1104" data-original-width="2048" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5DC9BdZpaj-0kBYECXyEw15Qih5Bnpv7busuVTn2xM49qoay_oBoXcSNTFkqceEhaM2aXrI_sduLJUbRDmkOWQ6vQuQ2u_2v_2XKTSyFj_UEKUAPAjgLoj9q604I6C-Yai2JH/s320/Screen+Shot+2021-07-05+at+4.27.54+PM.png" width="320" /></a></div><br /><div>You can see there is WiFi traffic on multiple channels. My traffic is on channel #1 at 2.412 GHz. My neighbor has traffic on channel #6 at 2.437 GHz. Another neighbor has traffic on channel #8 at 2.447 GHz. WiFi splits the spectrum assigned to it into 11 overlapping channels set 5 MHz apart.</div><div><br /></div><div>Now the reason I wanted to take these pictures was to highlight the difference between old WiFi (802.11b) and new WiFi (802.11n). The newer standard uses the spectrum more efficiently. Notice in the picture above how signal strength for a WiFi channel is strongest in the center but gets weaker toward the edges. That means it's not fully using all the band.</div><div><br /></div><div>Newer WiFi uses a different scheme to encode data into radio waves, using all the band given to it. We can see the difference in shape below, when I change from 802.11b to 802.11n:</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmihXNzBA-O8EBy2lqAinkbe6S5bx3gaAiCRVgeLDUK6H6Jcs_nJnMF7zmb2yw2_11lCBS-J_ImEbuCUDZUwxjO1XCSR-fFi6F6RRbrRy_p0lwayAhoBzi87HvfAnO8BuQdbLF/s2048/Screen+Shot+2021-07-05+at+4.35.38+PM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1104" data-original-width="2048" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgmihXNzBA-O8EBy2lqAinkbe6S5bx3gaAiCRVgeLDUK6H6Jcs_nJnMF7zmb2yw2_11lCBS-J_ImEbuCUDZUwxjO1XCSR-fFi6F6RRbrRy_p0lwayAhoBzi87HvfAnO8BuQdbLF/s320/Screen+Shot+2021-07-05+at+4.35.38+PM.png" width="320" /></a></div><br /><div>Instead of a curve it's more of a square block. It fills its entire 20 MHz bandwidth instead of only using the center.</div><div><br /></div><div>What we see here is the limits of math and physics, known as the <i>Shannon Limit</i>, that governs the maximum possible speed for something like WiFi (or mobile phone radios like LTE). It's simply the size of that box: its width times its height. The width is measured in frequency, 20 MHz wide. It's height is signal strength measure above the noise floor (which should be straight line across the bottom of our graph, but as I mentioned before, is shown in this SDR by a curved line increasingly inaccurate near the edges).</div><div><br /></div><div>As we move toward faster and faster speeds, we cannot exceed this theoretical limit.</div><div><br /></div><div>One solution is directional antennas, such as the yagi antennas you see on top of houses or satellite dishes. A directional antenna or dish means getting a stronger signal with less noise -- thus, increasing the "height" of the box.</div><div><br /></div><div>The same effect can be achieved with something called "phased arrays", using multiple antennas that transmit/receive at (very) slightly different times, such that waves they produce reinforce each other in one direction but cancel each other out in other directions. This is how SpaceX "Starlink" space-based Internet works. The low Earth orbit satellites whizzing by overhead travel too fast to keep an antenna pointed at them, so their antenna is a phases array instead. The antennas are fixed, but the timing is slightly altered to aim the beam toward the satellite.</div><div><br /></div><div>What's even more interesting is MIMO: receiving different signals on different antennas. With fancy circuits and math, doubling the number of antennas doubles the effective bandwidth.</div><div><br /></div><div>The latest mobile phones and WiFi use MIMO and phases arrays to increase bandwidth.</div><div><br /></div><div>But mostly, higher frequencies give more bandwidth. That's why WiFi at 5 GHz is better -- bands are a minimum of 40 MHz (instead of 20 MHz as in 2.4 GHz WiFi), are more commonly 80 MHz, and can go up to 160 MHz.</div><div><br /></div><div>Anyway, these are more imperfect picture I'm creating to explain WiFi and Bluetooth. At some point in the time, I'll be generating more perfect ones.</div><div><br /></div></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/7766669610303791684/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=7766669610303791684' title='1 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/7766669610303791684'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/7766669610303791684'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/07/some-quick-notes-on-sdr.html' title='Some quick notes on SDR'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbz69YcYg9p4Y4jySkNi7XJLJmpClhCptaRArmCrGHjZ7KNl7dXQA665V-sAfdhqBVda84ZujOFyTRIRgY-9DfzXsqcCmGQKR7zCJW2oY05tiJqexulPrBpEuMUGW553fhtTxV/s72-c" height="72" width="72"/><thr:total>1</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-8007125639266971739</id><published>2021-06-20T20:34:00.004-04:00</published><updated>2021-06-20T20:34:42.293-04:00</updated><title type='text'>When we'll get a 128-bit CPU</title><content type='html'><p>On Hacker News, this article claiming "<a href="https://news.ycombinator.com/item?id=27572663">You won't live to see a 128-bit CPU</a>" is trending". Sadly, it was non-technical, so didn't really contain anything useful. I thought I'd write up some technical notes.</p><p>The issue isn't the CPU, but memory. It's not about the size of computations, but when CPUs will need more than 64-bits to address all the memory future computers will have. It's a simple question of math and Moore's Law.</p><span><a name='more'></a></span><p><br /></p><p>Today, Intel's server CPUs support 48-bit addresses, which is enough to address 256-terabytes of memory -- in theory. In practice, Amazon's AWS cloud servers are offered up to 24-terabytes, or 45-bit addresses, in the year 2020.</p><p>Doing the math, it means we have 19-bits or 38-years left before we exceed the 64-bit registers in modern processors. This means that by the year 2058, we'll exceed the current address size and need to move 128-bits. Most people reading this blogpost will be alive to see that, though probably retired.</p><p>There are lots of reasons to suspect that this event will come both sooner and later.</p><p>It could come sooner if&nbsp;<i>storage</i> merges with <i>memory</i>. We are moving away from rotating platters of rust toward solid-state storage like flash. There are post-flash technologies like Intel's Optane that promise storage that can be accessed at speeds close to that of memory. We already have machines needing petabytes (at least 50-bits worth) of storage.</p><p>Addresses often contain more just the memory address, but also some sort of description about the memory. For many applications, 56-bits is the maximum, as they use the remaining 8-bits for tags.</p><p>Combining those two points, we may be only 12 years away from people starting to argue for 128-bit registers in the CPU.</p><p>Or, it could come later because few applications need more than 64-bits, other than databases and file-systems.</p><p>Previous transitions were delayed for this reason, as the x86 history shows. The first Intel CPUs were 16-bits addressing 20-bits of memory, and the Pentium Pro was 32-bits addressing 36-bits worth of memory.</p><p>The few applications that needed the extra memory could deal with the pain of needing to use multiple numbers for addressing. Databases used Intel's address extensions, almost nobody else did. It took 20 years, from the initial release of MIPS R4000 in 1990 to Intel's average desktop processor shipped in 2010 for mainstream apps needing larger addresses.</p><p>For the transition beyond 64-bits, it'll likely take even longer, and might never happen. Working with large datasets needing more than 64-bit addresses will be such a specialized discipline that it'll happen behind libraries or operating-systems anyway.</p><p>So let's look at the internal cost of larger registers, if we expand registers to hold larger addresses.</p><p>We already have 512-bit CPUs -- with registers that large. My laptop uses one. It supports AVX-512, a form of "SIMD" that packs multiple small numbers in one big register, so that he can perform identical computations on many numbers at once, in parallel, rather than sequentially. Indeed, even very low-end processors have been 128-bit for a long time -- for "SIMD".</p><p>In other words, we can have a large register file with wide registers, and handle the bandwidth of shipping those registers around the CPU performing computations on them. Today's processors already handle this for certain types of computations.</p><p>But just because we can do many 64-bit computations at once ("SIMD") still doesn't mean we can do a 128-bit computation ("scalar"). Simple problems like "carry" get difficult as numbers get larger. Just because SIMD can do multiple small computations doesn't tell us what one large computation will cost. This was why it took an extra decade for Intel to make the transition -- they added 64-bit MMX registers for SIMD a decade before they added 64-bit for normal computations.</p><p>The above discussion is about speed, but it's also a concern for power consumption. Mobile devices were a decade later (than desktops) adopting 64-bits, exceeding the 32-bit barrier just now. It's likely they be decades late getting to 128-bits. Even if you live to see supercomputers transition to 128-bits, you probably won't live to see your mobile device transition.</p><p>Now let's look at the market. What the last 40 years has taught us is that old technology doesn't really day, it's that it stops growing -- with all the growth happening in some new direction. 40 years ago, IBM dominated computing with their mainframes. Their mainframe business is as large as ever, it's just that all the growth in the industry has been in other directions than the mainframe. The same thing happened to Microsoft's business, Windows still dominates the desktop, but all the growth in the last 15 years has bypassed the desktop, moving to mobile devices and the cloud.</p><p>40 years from now, it won't be an issue of mainstream processors jumping from 64-bits to 128-bits, like the previous transitions. I'm pretty sure we'll have ossified into some 64-bit standard like ARM. Instead, I think 128-bit systems will come with a bunch of other radical changes. It'll happen on the side of computers, much like how GPUs evolved separately from mainstream CPUs can became increasingly integrated into them.</p><p><br /></p></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/8007125639266971739/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=8007125639266971739' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/8007125639266971739'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/8007125639266971739'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/06/when-well-get-128-bit-cpu.html' title='When we'll get a 128-bit CPU'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-4008232982979402236</id><published>2021-04-29T04:09:00.005-04:00</published><updated>2021-04-29T15:19:19.634-04:00</updated><title type='text'>Anatomy of how you get pwned</title><content type='html'><p>Today, somebody had a problem: they kept seeing a popup on their screen, and obvious scam trying to sell them McAfee anti-virus. Where was this coming from?</p><p>In this blogpost, I follow this rabbit hole on down. It starts with "search engine optimization" links and leads to an entire industry of tricks, scams, exploiting popups, trying to infect your machine with viruses, and stealing emails or credit card numbers.</p><p>Evidence of the attack first appeared with occasional popups like the following. The popup isn't part of any webpage.</p><p><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisxnmkKzQg_ZP5a1OcYT984GOcOouARM8UbJhGy-dDhHuwLQcQWDqW1j_I1jc4tQm2nPT9oyM5NE7j_Ml0ycobZRBR_YCx1qyoRgUK4eDh9LVfCeoebYehjMpV-jg9ZeVNVBO2/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="180" data-original-width="542" height="106" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisxnmkKzQg_ZP5a1OcYT984GOcOouARM8UbJhGy-dDhHuwLQcQWDqW1j_I1jc4tQm2nPT9oyM5NE7j_Ml0ycobZRBR_YCx1qyoRgUK4eDh9LVfCeoebYehjMpV-jg9ZeVNVBO2/w320-h106/image.png" width="320" /></a></div><br /><br /></div><p>This is obviously a trick. But from where? How did it "get on the machine"?</p><p></p><p>There's lots of possible answers. But the most obvious answer (to most people), that your machine is infected with a virus, is likely wrong. Viruses are generally silent, doing evil things in the background. When you see something like this, you aren't infected ... yet.</p><p>Instead, things popping with warnings is almost entirely due to evil websites. But that's confusing, since this popup doesn't appear within a web page. It's off to one side of the screen, nowhere near the web browser.</p><p>Moreover, we spent some time diagnosing this. We restarted the webbrowser in "troubleshooting mode" with all extensions disabled and went to a clean website like Twitter. The popup still kept happening.</p><p>As it turns out, he had another windows with Firefox running under a different profile. So while he cleaned out everything in this one profile, he wasn't aware the other one was still running</p><p>This happens a lot in investigations. We first rule out the obvious things, and then struggle to find the less obvious explanation -- when it was the obvious thing all along.</p><p>In this case, the reason the popup wasn't attached to a browser window is because it's a new type of popup notification that's suppose to act more like an app and less like a web page. It has a hidden web page underneath called a "service worker", so the popups keep happening when you think the webpage is closed.</p><p>Once we figured the mistake of the other Firefox profile, we quickly tracked this down and saw that indeed, it was in the Notification list with Permissions set to Allow. Simply changing this solved the problem.</p><p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhi4eKTcKRJZSLoRkO9L7epnAI9AsyMr09L4WTbU7ycP-iBSCEJXQc64mqT5wSvHnFv6PxjohEYZeMLdEAjECdUgojJ2kXEuJAdeEDE8GcQZcdmO8s1T0b545nDHPvMtEP4VEYE/" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img alt="" data-original-height="687" data-original-width="964" height="228" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhi4eKTcKRJZSLoRkO9L7epnAI9AsyMr09L4WTbU7ycP-iBSCEJXQc64mqT5wSvHnFv6PxjohEYZeMLdEAjECdUgojJ2kXEuJAdeEDE8GcQZcdmO8s1T0b545nDHPvMtEP4VEYE/" width="320" /></a></p><p>Note that the above picture of the popup has a little wheel in the lower right. We are taught not to click on dangerous thing, so the user in this case was avoiding it. However, had the user clicked on it, it would've led him straight here to the solution. I can't recommend you click on such a thing and trust it, because that means in the future, malicious tricks will contain such safe looking icons that aren't so safe.</p><p>Anyway, the next question is: which website did this come from?</p><p>The answer is Google.</p><p>In the news today was the story of the Michigan guys who tried to kidnap the governor. The user googled "<a href="http://google.com/search?q=attempted+kidnap+sentencing+guidelines">attempted kidnap sentencing guidelines</a>". This search produced a page with the following top result:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqpeVDz7ICSRdWEY_f7OGsUjJlLCPzr6AhulgLL5mLF2amH8YyCa_3q9Wfh4YhZxzRJFzso8ThnbyvZ2BFf6y_lAIQP3WZ1YHaHRuwttkr3gJ8b5Zr42uwaRHzy24RsiSGmGG5/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="676" data-original-width="1159" height="187" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiqpeVDz7ICSRdWEY_f7OGsUjJlLCPzr6AhulgLL5mLF2amH8YyCa_3q9Wfh4YhZxzRJFzso8ThnbyvZ2BFf6y_lAIQP3WZ1YHaHRuwttkr3gJ8b5Zr42uwaRHzy24RsiSGmGG5/" width="320" /></a></div><br />Google labels this a "featured snippet". This isn't an advertisement, not a "promoted" result. But it's a link that Google's algorithms thinks is somehow more worthy than the rest.<div><br /></div><div>This happened because hackers tricked Google's algorithms. It's been a constant cat and mouse game for 20 years, in an industry known as "search engine optimization" or SEO. People are always trying to trick google into placing their content highest, both legitimate companies and the quasi-illegitimate that we see here. In this case, they seem to have succeeded.</div><div><br /></div><div>The way this trick works is that the hackers posted a PDF instead of a webpage containing the desired text. Since PDF documents are much less useful for SEO purposes, google apparently trusts them more.</div><div><br /></div><div>But the hackers have found a way to make PDFs more useful. They designed it to appear like a webpage with the standard CAPTCHA. You click anywhere on the page such as saying "I'm not robot", and it takes you to the real webstie.</div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiz5vu9F8IQL-JvotRDMNu9VY-_ifCbSKiN3POaelyRDPQotGgcLusA-b76dHxwH1Srfpodx3tjar_IFlJ_5NxgL1ycL1qWkHgAbyAt5j3q69zV8dLz_-Jjnzd6W_0IAO6s-wq4/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="676" data-original-width="1159" height="187" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiz5vu9F8IQL-JvotRDMNu9VY-_ifCbSKiN3POaelyRDPQotGgcLusA-b76dHxwH1Srfpodx3tjar_IFlJ_5NxgL1ycL1qWkHgAbyAt5j3q69zV8dLz_-Jjnzd6W_0IAO6s-wq4/" width="320" /></a></div><br /><br /><p>But where is the text I was promised in the Google's search result? It's there, behind the image. PDF files have layers. You can put images on top that hides the text underneath. Humans only see the top layer, but google's indexing spiders see all the layers, and will index the hidden text. You can verify this by downloading the PDF and using tools to examine the raw text:</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_eVXmvcZXVUHKdFODaouId1jDAA-pwYF3z2sZGclcAP7LjunXi4XhJFvofHVd8VrZZQ8BMpbK44wBZdHTn83NkM7-yg_aK1yKScMEMV6-gFrX0SB_T34hw_H2YQTfRswZIR2Z/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="663" data-original-width="1000" height="212" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_eVXmvcZXVUHKdFODaouId1jDAA-pwYF3z2sZGclcAP7LjunXi4XhJFvofHVd8VrZZQ8BMpbK44wBZdHTn83NkM7-yg_aK1yKScMEMV6-gFrX0SB_T34hw_H2YQTfRswZIR2Z/" width="320" /></a></div><br />If you click on the "I am not robot" in the fake PDF, it takes you to a page like the following:<p></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjI3IV4FtFSRg60ZdApWxmDI0cKHucvWHFPIOWglR3fZQgJTGSj-I7LlpxymJYEu_sHBeqFbe5puUQrzhGljJunHraTTmN10hQYQwVhI6nZMP-Ju8C-oAAd0JqcfnFounVBqQtQ/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="471" data-original-width="913" height="165" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjI3IV4FtFSRg60ZdApWxmDI0cKHucvWHFPIOWglR3fZQgJTGSj-I7LlpxymJYEu_sHBeqFbe5puUQrzhGljJunHraTTmN10hQYQwVhI6nZMP-Ju8C-oAAd0JqcfnFounVBqQtQ/" width="320" /></a></div><br />Here's where the "hack" happened. The user misclicked on "Allow" instead of "Block" -- accidentally. Once they did that, popups started happening, even when this window appeared to go away.</div><div><br /></div><div>The lesson here is that "misclicks happen". Even the most knowledgeable users, the smartest of cybersecurity experts, will eventually misclick themselves.</div><div><p>As described above, once we identified this problem, we were able to safely turn off the popups by going to Firefox's "Notification Permissions".</p><p>Note that the screenshots above are a mixture of Firefox images from the original user, and pictures of Chrome where I tried to replicate the attack in one of my browsers. I didn't succeed -- I still haven't been able to get any popups appearing on my computer.</p><p>So I tried a bunch of different browsers: Firefox, Chrome, and Brave on both Windows and macOS.</p><p>Each browser produced a different result, a sort of A/B testing based on the User-Agent (the string sent to webservers that identifies which browser you are using). Sometime following the hostile link from that PDF attempted to install a popup script in our original example, but sometimes it tried something else.</p><p>For example, on my Firefox, it tried to download a ZIP file containing a virus:</p><p></p><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJBzQboxRN_RetSrC6hIyikOgJ_LGp0qAPQQraBbWxNyYgl9T1hdElC4Uu5mQj-zttKzhg1ckE9B6JEjus6z9dRBeONE4itnmmnSa2gT_HVzZC5S1PriXyKB3_L72U5zyq_4hq/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="637" data-original-width="996" height="205" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJBzQboxRN_RetSrC6hIyikOgJ_LGp0qAPQQraBbWxNyYgl9T1hdElC4Uu5mQj-zttKzhg1ckE9B6JEjus6z9dRBeONE4itnmmnSa2gT_HVzZC5S1PriXyKB3_L72U5zyq_4hq/" width="320" /></a></div></div><p><br /></p>When I attempt to download, Firefox tells me it's a virus -- probably because Firefox knows the site where it came from is evil.<div><br /></div><div>However, Microsoft's free anti-virus didn't catch it. One reason is that it comes as an <i>encrypted zip</i>&nbsp;file. In order to open the file, you have to first read the unencrypted text file to get the password -- something humans can do but anti-virus products aren't able to do (or at least, not well).</div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlutzKo_IEJgAHfeiBPyYnUsnORmgupnRI9-dbZ3eF6IYbi2YPYt4U23khK9ZsszWoNAyAPGQlYn4rys-AxG-bWzqcGusF8sPDjhjBF5v_j2Ijd_ISTzMtXrYNYtJ1LZKDOFX5/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="431" data-original-width="1016" height="136" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjlutzKo_IEJgAHfeiBPyYnUsnORmgupnRI9-dbZ3eF6IYbi2YPYt4U23khK9ZsszWoNAyAPGQlYn4rys-AxG-bWzqcGusF8sPDjhjBF5v_j2Ijd_ISTzMtXrYNYtJ1LZKDOFX5/" width="320" /></a></div><br />So I opened the password file to get the password ("257048169") and extracted the virus. This is mostly safe -- as long as I don't <i>run</i> it. Viruses are harmless sitting on your machine as long as they aren't running. I say "mostly" because even for experts, "misclicks happen", and if I'm not careful, I may infect my machine.</div><div><br /></div><div>Anyway, I want to see what the virus actually is. The easiest way to do that is <a href="https://www.virustotal.com/gui/file/aefeb01a28379d3ac99576317a86ba58e6960dccb53792b7010bd1f471914169/detection">upload it to VirusTotal</a>, a website that runs all the known anti-virus programs on a submission to see what triggers what. It tells me that somebody else uploaded the same sample 2 hours ago, and that a bunch of anti-virus vendors detect it, with the following names:</div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5GmTQ6BORO7Sy6paMtwqZ3-5ROhz0wLBWwlKJrD9oNp5hvUx2kgyrkztTdD8IQesaW7wPQA-UDTs13kwEf9KzN9Rn2UloPPCO5NUpCir8A-m91BaC2r4DRcVTW9cmWbqHVupv/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="911" data-original-width="1273" height="229" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5GmTQ6BORO7Sy6paMtwqZ3-5ROhz0wLBWwlKJrD9oNp5hvUx2kgyrkztTdD8IQesaW7wPQA-UDTs13kwEf9KzN9Rn2UloPPCO5NUpCir8A-m91BaC2r4DRcVTW9cmWbqHVupv/" width="320" /></a></div></div><div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">With VirusTotal, you can investigate why anti-virus products think it may be a virus.&nbsp;</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">For example, anti-virus companies will run viruses to see what they do. They run them in "emulated" machines that are a lot slower, but safer. If viruses find themselves running in an emulated environment, then they stop doing all the bad behaviors the anti-virus programs might detection. So they repeated check the timestamp to see how fast they are running -- if too slow, they assume emulation.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;">But this itself is a bad behavior. This timestamp detection is one of the behaviors the anti-virus programs triggered on as suspicious.</div><div class="separator" style="clear: both; text-align: left;"><br /></div><div class="separator" style="clear: both; text-align: left;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFztQKvV5zKZo9p2n6oiZYFFLwF9MaAzNBbt51lA8B6eOOrzWHsSWBs_3JifWXgELRRuOIgK0IFg67EZ30cnZOtnKoOoIQ4ZQ2MErLZCEmo-y3eOSGUzXUzYfnW3rUCh_uMeUV/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="911" data-original-width="1273" height="229" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFztQKvV5zKZo9p2n6oiZYFFLwF9MaAzNBbt51lA8B6eOOrzWHsSWBs_3JifWXgELRRuOIgK0IFg67EZ30cnZOtnKoOoIQ4ZQ2MErLZCEmo-y3eOSGUzXUzYfnW3rUCh_uMeUV/" width="320" /></a></div><br />You can go investigate on VirusTotal <a href="https://www.virustotal.com/gui/file/aefeb01a28379d3ac99576317a86ba58e6960dccb53792b7010bd1f471914169/behavior">other things it found with this virus</a>.</div><br />Viruses and disconnected popups wasn't the only trick. In yet another attempt with web browsers, the hostile site attempt to open lots and lots of windows full of advertising. This is a direct way they earn money -- hacking the advertising companies rather than hacking you.<br /><p></p><p>In yet another attempt with another browser, this time from my MacBook air, it asked for an email address:</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8tD27X0mKTfxOLQqHpVoVwtx1ZrIyVKacFQnyvNNWExUEQG0I1b76GPY2bHH1CKw4BFQtPmacSxS4uXU7ny2Vcozz0AVRq7XnQtH5QYsHX2MDZjx_rO1-cPpG1bNx3-8oQ8TK/s1788/Screen+Shot+2021-04-29+at+2.54.28+AM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1280" data-original-width="1788" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8tD27X0mKTfxOLQqHpVoVwtx1ZrIyVKacFQnyvNNWExUEQG0I1b76GPY2bHH1CKw4BFQtPmacSxS4uXU7ny2Vcozz0AVRq7XnQtH5QYsHX2MDZjx_rO1-cPpG1bNx3-8oQ8TK/s320/Screen+Shot+2021-04-29+at+2.54.28+AM.png" width="320" /></a></div>I happily obliged, giving it a fake address.</div><div><br /></div><div>At this point, the hackers are going to try to use the same email and password to log into Gmail, into a few banks, and so on. It's one of the top hacks these days (if not the most important hack) -- since most people reuse the same password for everything, even though it's not asking your for your Gmail or bank password, most of the time people will simply reuse them anyway. (This is why you need to keep important passwords separate from unimportant ones -- and write down your passwords or use a password manager).</div><div><br /></div><div>Anyway, I now get the next webpage. This is a straight up attempt to steal my credit card -- maybe.&nbsp;</div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8O5FH15nM8N5jfq-gCPyx_sqGJ7oVCGLx3zKFk1hAtfO9CJtjTpbjBbWCeNbVWE0NdUYhQvQ74iB0sBwANlph9Ih5QBPAZ1xkghdGcNYsaIgM3tvISFCwd3O-Kxq408nfa7o8/s1746/Screen+Shot+2021-04-29+at+3.03.46+AM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1746" data-original-width="1630" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8O5FH15nM8N5jfq-gCPyx_sqGJ7oVCGLx3zKFk1hAtfO9CJtjTpbjBbWCeNbVWE0NdUYhQvQ74iB0sBwANlph9Ih5QBPAZ1xkghdGcNYsaIgM3tvISFCwd3O-Kxq408nfa7o8/s320/Screen+Shot+2021-04-29+at+3.03.46+AM.png" /></a></div>This is a website called "AppCine.net" that promises streaming movies, for free signup, but requires a credit card.<br /><div><br /></div><div>This may be a quasi-legitimate website. I saw "quasi" because their goal isn't outright credit card fraud, but a "dark pattern" whereby they make it easy to sign up for the first month free with a credit card, and then make it nearly impossible to stop the service, where they continue to bill you month after month. As long as the charges are small each month, most people won't bother going through all the effort canceling the service. And since it's not actually fraud, people won't call their credit card company and reverse the charges, since they actually did sign up for the service and haven't canceled it.</div><div><br /></div><div>It's a <a href="https://www.nytimes.com/2021/04/03/us/politics/trump-donations.html">slimy thing the Trump campaign did</a> in the last election. Their website asked for one time donations but tricked people into unwittingly making it a regular donation. This caused a lot of "chargebacks" as people complained to their credit card company.</div><div><br /></div><div>In truth, everyone does the same pattern: makes it easy to sign up, and sign up for more than you realize, and then makes it hard to cancel. I thought I'd canceled an AT&amp;T phone but found out they'd kept billing me for 3 years, despite the phone no longer existing and using their network.</div><div><br /></div><div>They probably have a rewards program. In other words, they aren't out there doing SEO hacking of google. Instead, they pay others to do it for them, and then give a percentage profit, either for incoming links, but probably "conversion", money whenever somebody actually enters their credit card number and signs up.</div><div><br /></div><div>Those people are in tern a different middleman. It probably goes like this:</div><div><ul style="text-align: left;"><li>somebody skilled at SEO optimization, who sends links to a broker</li><li>a broker who then forwards those links to other middlemen</li><li>middlemen who then deliver those links to sites like AppCine.net that actually ask for an email address or credit card</li></ul></div><div>There's probably even more layers -- like any fine tuned industry, there are lots of specialists who focus on doing their job well.</div><div><br /></div><div>Okay, I'll play along, and I enter a credit card number to see what happens (I have bunch of used debit cards to play this game). This leads to an error message saying the website is down and they can't deliver videos for me, but then pops up another box asking for my email, from yet another movie website:</div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjb_o8vcqVwlnmiTv2p7X5gw_CnABiTSBMc214I4HeldbZIrIoRPTYWJ8M8_3Ew554UKnZXxDhZDDPPK3qaDkYDqBG2hfczsrnH-Du02SbKljgJ1GEtmSfqAZYZSsMn_fnWJ-Es/s1638/Screen+Shot+2021-04-29+at+3.13.50+AM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1166" data-original-width="1638" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjb_o8vcqVwlnmiTv2p7X5gw_CnABiTSBMc214I4HeldbZIrIoRPTYWJ8M8_3Ew554UKnZXxDhZDDPPK3qaDkYDqBG2hfczsrnH-Du02SbKljgJ1GEtmSfqAZYZSsMn_fnWJ-Es/s320/Screen+Shot+2021-04-29+at+3.13.50+AM.png" width="320" /></a></div><br /></div>This leads to yet another site:<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdz-UjGbgg9KoeL6ZJK3u8clgFv-98kBrpaVFNjf02ED3PT5aTBRcRjCOMNoBG9J_8dpwbSBPhno4hW1cTDLMkj8XFe_OtYEbn46E77Uq4arAoKaCOM_C0zSJcqxzRuO0aptAp/s1638/Screen+Shot+2021-04-29+at+3.16.36+AM.png" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1480" data-original-width="1638" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdz-UjGbgg9KoeL6ZJK3u8clgFv-98kBrpaVFNjf02ED3PT5aTBRcRjCOMNoBG9J_8dpwbSBPhno4hW1cTDLMkj8XFe_OtYEbn46E77Uq4arAoKaCOM_C0zSJcqxzRuO0aptAp/s320/Screen+Shot+2021-04-29+at+3.16.36+AM.png" width="320" /></a></div>It's an endless series. Once a site "converts" you, it then simply sells the link back to another middleman, who then forwards you on to the next. I could probably sit there all day with fake email addresses and credit cards and still not come to the end of it all.</div><div><br /></div><div><b>Summary</b></div><div><b><br /></b></div><div>So here's what we found.</div><div><br /></div><div>First, there was a "search engine optimization" hacker who specializes in getting their content at the top of search results for random terms.</div><div><br /></div><div>Second, they pass hits off to a broker who distributes the hits to various hackers who pay them. These hackers will try to exploit you with:</div><div><ul style="text-align: left;"><li>popups pretending to be anti-virus warnings that show up outside the browser</li><li>actual virus downloads in encrypted zips that try to evade anti-virus, but not well</li><li>endless new windows selling you advertising</li><li>steal your email address and password, hoping that you've simply reused one from legitimate websites, like Gmail or your bank</li><li>signups for free movie websites that try to get your credit card and charge you legally</li></ul></div><div>Even experts get confused. I had trouble helping this user track down exactly where the popup was coming from. Also, any expert can misclick and make the wrong thing happen -- this user had been clicking the right thing "Block" for years and accidentally hit "Allow" this one time.</div></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/4008232982979402236/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=4008232982979402236' title='0 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/4008232982979402236'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/4008232982979402236'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/04/anatomy-of-how-you-get-pwned.html' title='Anatomy of how you get pwned'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisxnmkKzQg_ZP5a1OcYT984GOcOouARM8UbJhGy-dDhHuwLQcQWDqW1j_I1jc4tQm2nPT9oyM5NE7j_Ml0ycobZRBR_YCx1qyoRgUK4eDh9LVfCeoebYehjMpV-jg9ZeVNVBO2/s72-w320-h106-c/image.png" height="72" width="72"/><thr:total>0</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-7497953035384868701</id><published>2021-04-21T17:27:00.001-04:00</published><updated>2021-04-21T17:27:21.203-04:00</updated><title type='text'>Ethics: University of Minnesota's hostile patches</title><content type='html'><p>The University of Minnesota (UMN) got into trouble this week for doing a study where they have submitted deliberately vulnerable patches into open-source projects, in order to test whether hostile actors can do this to hack things. After a UMN researcher submitted a crappy patch to the Linux Kernel, kernel maintainers decided to rip out all recent UMN patches.</p><p>Both things can be true:</p><p></p><ul style="text-align: left;"><li>Their study was an important contribution to the field of cybersecurity.</li><li>Their study was unethical.</li></ul><div>It's like Nazi medical research on victims in concentration camps, or U.S. military research on unwitting soldiers. The research can simultaneously be wildly unethical but at the same time produce useful knowledge.</div><div><br /></div><div>I'd agree that <a href="https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf">their paper</a>&nbsp;is useful. I would not be able to immediately recognize their patches as adding a vulnerability -- and I'm an expert at such things.</div><div><br /></div><div>In addition, the sorts of bugs it exploits shows a way forward in the evolution of programming languages. It's not clear that a "safe" language like Rust would be the answer. Linux kernel programming requires tracking resources in ways that Rust would consider inherently "unsafe". Instead, the C language needs to evolve with better safety features and better static analysis. Specifically, we need to be able to annotate the parameters and return statements from functions. For example, if a pointer can't be NULL, then it needs to be documented as a non-nullable pointer. (Imagine if pointers could be <i>signed</i>&nbsp;and <i>unsigned</i>, meaning, can sometimes be NULL or never be NULL).</div><div><br /></div><div>So I'm glad this paper exists. As a researcher, I'll likely cite it in the future. As a programmer, I'll be more vigilant in the future. In my own open-source projects, I should probably review some previous pull requests that I've accepted, since many of them have been the same crappy quality of simply adding a (probably) unnecessary NULL-pointer check.</div><div><br /></div><div>The next question is whether this is ethical. Well, the paper claims to have sign-off from their university's IRB -- their <a href="https://en.wikipedia.org/wiki/Institutional_review_board">Institutional Review Board</a> that reviews the ethics of experiments. Universities created IRBs to deal with the fact that many medical experiments were done on either unwilling or unwitting subjects, such as the Tuskegee Syphilis Study. All medical research must have IRB sign-off these days.</div><div><br /></div><div>However, I think IRB sign-off for computer security research is stupid. Things like masscanning of the entire Internet are undecidable with traditional ethics. I regularly scan every device on the IPv4 Internet, including your own home router. If you paid attention to the packets your firewall drops, some of them would be from me. Some consider this a gross violation of basic ethics and get very upset that I'm scanning their computer. Others consider this to be the expected consequence of the end-to-end nature of the public Internet, that there's an inherent social contract that you must be prepared to receive any packet from anywhere. Kerckhoff's Principle from the 1800s suggests that core ethic of cybersecurity is exposure to such things rather than trying to cover them up.</div><div><br /></div><div>The point isn't to argue whether masscanning is ethical. The point is to argue that it's undecided, and that your IRB isn't going to be able to answer the question better than anybody else.</div><div><br /></div><div>But here's the thing about masscanning: I'm honest and transparent about it. My very first scan of the entire Internet came with a tweet "BTW, this is me scanning the entire Internet".</div><div><br /></div><div>A lot of ethical questions in other fields comes down to honesty. If you have to lie about it or cover it up, then there's a good chance it's unethical.</div><div><br /></div><div>For example, the west suffers a lot of cyberattacks from Russia and China. Therefore, as a lone wolf actor capable of hacking them back, is it ethical to do so? The easy answer is that when discovered, would you say "yes, I did that, and I'm proud of it", or would you lie about it? I admit this is a difficult question, because it's posed in terms of whether you'd want to evade the disapproval from other people, when the reality is that you might not want to get <a href="https://en.wikipedia.org/wiki/Poisoning_of_Alexei_Navalny">novichoked</a> by Putin.</div><div><br /></div><div>The above research is based on a lie. Lying has consequences.</div><div><br /></div><div>The natural consequence here is that now that UMN did that study, none of the patches they submit can be trusted. It's not just this one&nbsp;<a href="https://lore.kernel.org/linux-nfs/20210407001658.2208535-1-pakki001@umn.edu/">submitted patch</a>. The kernel maintainers are taking&nbsp;<a href="https://lore.kernel.org/lkml/20210421130105.1226686-1-gregkh@linuxfoundation.org/">scorched earth response</a>, reverting all recent patches from the university and banning future patches from them. It may be a little hysterical, but at the same time, this is a new situation that no existing policy covers.</div><div><br /></div><div>I partly disagree with the kernel maintainer's <a href="https://lore.kernel.org/linux-nfs/YH%2FfM%2FTsbmcZzwnX@kroah.com/">conclusion</a> that the patches "obviously were _NOT_ created by a static analysis tool". This is exactly the sort of noise static analyzers have produced in the past. I reviewed the <a href="https://elixir.bootlin.com/linux/latest/source/net/sunrpc/auth_gss/auth_gss.c#L385">source file</a> for how a static analyzer might come to this conclusion, and found it's exactly the sort of thing it might produce.</div><div><br /></div><div>But at the same time, it's obviously noise and bad output. If the researcher were developing a static analyzer tool, they should understand that this is crap noise and bad output from the static analyzer. They should not be submitting low-quality patches like this one. The main concern that researchers need to focus on for static analysis isn't increasing detection of vulns, but decreasing noise.</div><div><br /></div><div>In other words, the debate here is whether the researcher is incompetent or dishonest. Given that UMN has practiced dishonesty in the past, it's legitimate to believe they are doing so again. Indeed, "static analysis" research might also include research in automated ways to find subversive bugs. One might create a static analyzer to search code for ways to insert a NULL pointer check to add a vuln.</div><div><br /></div><div>Now incompetence is actually a fine thing. That's the point of research, is to learn things. Starting fresh without all the preconceptions of old work is also useful. That researcher has problems today, but a year or two from now they'll be an ultra-competent expert in their field. That's how one achieves competence -- making mistakes, lots of them.</div><div><br /></div><div>But either way, the Linux kernel maintainer response of "we are not part of your research project" is a valid. These patches are crap, regardless of which research project they are pursuing (static analyzer or malicious patch submissions).</div><div><br /></div><div><br /></div><div><b>Conclusion</b></div><div><b><br /></b></div><div>I think the UMN research into bad-faith patches is useful to the community. I reject the idea that their IRB, which is focused on biomedical ethics rather than cybersecurity ethics, would be useful here. Indeed, it's done the reverse: IRB approval has tainted the entire university with the problem rather than limiting the fallout to just the researchers that could've been disavowed.</div><div><br /></div><div>The natural consequence of being dishonest is that people can't trust you. In cybersecurity, trust is hard to win and easy to lose -- and UMN lost it. The researchers should have understand that "dishonesty" was going to be a problem.</div><div><br /></div><div>I'm not sure there is a way to ethically be dishonest, so I'm not sure how such useful research can be done without the researchers or sponsors being tainted by it. I just know that "dishonesty" is an easily recognizable issue in cybersecurity that needs to be avoided. If anybody knows how to be ethically dishonest, I'd like to hear it.</div><div><br /></div><div><b>Update:</b>&nbsp;This person proposes a way this research could be conducted to ethically be dishonest:</div><blockquote class="twitter-tweet"><p dir="ltr" lang="en">By asking the top boss if it's okay if you lie to their team, a la an authorized penetration test.<br /><br />In this case that might still not be ethical, because while the top guy can answer for the /project/ he can't answer for the other /people/, who are volunteers and not employees.</p>— Random of Eddie (@random_eddie) <a href="https://twitter.com/random_eddie/status/1384979654256308225?ref_src=twsrc%5Etfw">April 21, 2021</a></blockquote> <script async="" charset="utf-8" src="https://platform.twitter.com/widgets.js"></script></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/7497953035384868701/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=7497953035384868701' title='1 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/7497953035384868701'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/7497953035384868701'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/04/ethics-university-of-minnesotas-hostile.html' title='Ethics: University of Minnesota's hostile patches'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><thr:total>1</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-1949610645936705403</id><published>2021-03-26T14:43:00.003-04:00</published><updated>2021-03-26T14:51:59.223-04:00</updated><title type='text'>A quick FAQ about NFTs</title><content type='html'><p>I thought I'd write up 4 technical questions about NFTs. They may not be the ones you ask, but they are the ones you should be asking. The questions:</p><p></p><ul style="text-align: left;"><li>What does the token look like?</li><li>How does it contain the artwork? (or, where is the artwork contained?)</li><li>How are tokens traded? (How do they get paid? How do they get from one account to another?)</li><li>What does the link from token to artwork mean? Does it give copyrights?</li></ul><div>I'm going to use 4 sample tokens that have been sold for outrageous prices as examples.</div><div><br /></div><p></p><p><b>#1 What does the token look like?</b></p><p>An NFT token has a unique number, analogous to:</p><p></p><ul style="text-align: left;"><li>your social security number (SSN#)</li><li>your credit card number</li><li>the VIN# on your car</li><li>the serial number on a dollar bill</li><li>etc.</li></ul><p></p><p>This unique number is composed of two things:</p><p></p><ul style="text-align: left;"><li>the contract number, identifying the contract that manages the token</li><li>the unique token identifier within that contract</li></ul><div>Here are some example tokens, listing the contract number (the long string) and token ID (short number), as well as a link to a story on how much it sold for recently.</div><p></p><p></p><ul style="text-align: left;"><li><a href="https://etherscan.io/address/0x2a46f2ffd99e19a89476e2f62270e0a35bbf0756#code"><i><span style="font-family: courier; font-size: x-small;">0x2a46f2ffd99e19a89476e2f62270e0a35bbf0756</span></i></a> - #40913 (<a href="https://www.theverge.com/2021/3/11/22325054/beeple-christies-nft-sale-cost-everydays-69-million">Beeple $69m</a>)</li><li><a href="https://etherscan.io/address/0xb47e3cd837ddf8e4c57f05d70ab865de6e193bbb#code"><i><span style="font-family: courier; font-size: x-small;">0xb47e3cd837dDF8e4c57F05d70Ab865de6e193BBB</span></i></a>&nbsp; #7804 (<a href="https://www.forbes.com/sites/alexkonrad/2021/03/18/figma-ceo-dylan-field-talks-cryptopunks-nft-beeple-metaverse/?sh=38a2c7105a1d">$7.6m CryptoPunks</a>)</li><li><a href="https://etherscan.io/address/0x9fc4e38da3a5f7d4950e396732ae10c3f0a54886#code"><i><span style="font-family: courier; font-size: x-small;">0x9fc4e38da3a5f7d4950e396732ae10c3f0a54886</span></i>&nbsp;</a>- #1 (<a href="https://www.nasdaq.com/articles/associated-press-nft-artwork-sells-for-%24180k-in-ether-2021-03-12">AP $180k</a>)</li><li><i><span style="font-family: courier; font-size: x-small;"><a href="https://etherscan.io/address/0x06012c8cf97bead5deae237070f9587f8e7a266d#code">0x06012c8cf97BEaD5deAe237070F9587f8E7A266d</a></span></i> - #896775 (<a href="https://thenextweb.com/hardfork/2018/09/05/most-expensive-cryptokitty/">$170k CryptoKitty</a>)</li></ul><p></p><p>With these two numbers, you can go find the token on the blockchain, and read the code to determine what the token contains, how it's traded, its current owner, and so on.</p><p><br /></p><p><b>#2 How do NFTs contain artwork? or, where is artwork contained?</b></p><p>Tokens can't*** contain artwork -- art is too big to fit on the blockchain. That Beeple piece is 300-megabytes in size. Therefore, tokens point to artwork that is located somewhere else than the blockchain.</p><p></p><blockquote>*** (footnote) This isn't actually true. It's just that it's very expensive to put artwork on the blockchain. That Beeple artwork would cost about $5million to put onto the blockchain. Yes, this less than a tenth the purchase price of $69million, but when you account for <i>all</i>&nbsp;the artwork for which people have created NFTs, the total exceeds the prices for all NFTs.</blockquote><p></p><p>So if artwork isn't on the blockchain, where is it located? and how do the NFTs link to it?</p><p>Our four examples of NFT mentioned above show four different answers to this question. Some are smart, others are stupid -- and by "stupid" I mean "tantamount to fraud".</p><p>The correct way to link a token with a piece of digital art is through a <i><b>hash</b></i>, which can be used with the decentralized <i><b>darknet</b></i>.</p><p>A&nbsp;<i>hash</i>&nbsp;is a unique cryptographic "key" (sic) generated from the file contents. No two files with different contents (or different lengths) will generate the same&nbsp;<i>hash</i>. A hacker can't create a different file that generates the same hash. Therefore, the&nbsp;<i>hash</i>&nbsp;becomes the&nbsp;<i>identity</i>&nbsp;of the file -- if you have a hash and a file, you can independently verify the two match.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirQrGRMWEXu3WuX5v7PMyS5syelGleF_oIi327qGS-dFA8kT13K5E8plLZRNOwZoRkXqO0-2Fn9mWayIa_fZaTxhPDzYSiZnnUhrKPHi1BT44BsbiRd2RaDDU7fe18CJujD3oH/" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="" data-original-height="813" data-original-width="1220" height="134" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirQrGRMWEXu3WuX5v7PMyS5syelGleF_oIi327qGS-dFA8kT13K5E8plLZRNOwZoRkXqO0-2Fn9mWayIa_fZaTxhPDzYSiZnnUhrKPHi1BT44BsbiRd2RaDDU7fe18CJujD3oH/w200-h134/image.png" width="200" /></a></div>The hash (and therefore unique identity) of the <b>Beeple file</b> is the following string:<p></p><blockquote><p>QmXkxpwAHCtDXbbZHUwqtFucG1RMS6T87vi1CdvadfL7qA</p></blockquote><p>With the hash, it doesn't matter where the file is located right now in cyberspace. It only matters that at some point in the future, when the owner of the NFT wants to sell it, they can produce the file which provably matches the hash.</p><p>To repeat: because of the magic of cryptographic <i>hashes</i>, the artwork in question doesn't have to be located anywhere in particular.</p><p>However, people do like having a live copy of the file available in a well known location. One way of doing this is with the <i>darknet</i>, which is essentially a decentralized version of the web. In much the same way the blockchain provides <i>decentralized</i>&nbsp;transactions, darknet services provide <i>decentralized</i>&nbsp;file sharing. The most famous of such services is BitTorrent. The most popular for use with NFTs is known as IPFS (<a href="https://en.wikipedia.org/wiki/InterPlanetary_File_System">InterPlanetary File System</a>). A hash contained within an NFT token often links to the IPFS system.</p><p>In the $69million Beeple NFT, this link is:</p><blockquote><p>ipfs://ipfs/QmPAg1mjxcEQPPtqsLoEcauVedaeMH81WXDPvPx3VC5zUz</p></blockquote><p>Sharp eyed readers will notice the hash of the artwork (above) doesn't match the hash in this IPFS link.</p><p>That's because the NFT token points to a <a href="https://ipfsgateway.makersplace.com/ipfs/QmPAg1mjxcEQPPtqsLoEcauVedaeMH81WXDPvPx3VC5zUz">metadata file</a> that contains the real hash, along with other information about the artwork. The QmPAg.... hash points to metadata that contains the QmXkx... hash.</p><p>But a chain of hashes in this manner is still just as secure as a single hash -- indeed, that's what the "blockchain" is -- a hash chain. In the future, when the owner sells this NFT, they'll need to provide both files, the metadata and the artwork, to conclusively transfer ownership.</p><p>Thus, in answer to the question of where the artwork is located (in the NFT? on the web?), the answer is often that the NFT token contains a hash pointing to the darknet.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjOLbRezsx3DBvOmdjCtiUj7wSGdhbd1f_mK8L7payXtY6tUef0fTTrx3e7bfHKTce7GLwZI_p-nSXgmlt0DLS7Q69iAiywQcTKrTOh_2vha0yH0Mh92z8U8DeB62Lw_4mKCTc/" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="" data-original-height="432" data-original-width="768" height="113" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjOLbRezsx3DBvOmdjCtiUj7wSGdhbd1f_mK8L7payXtY6tUef0fTTrx3e7bfHKTce7GLwZI_p-nSXgmlt0DLS7Q69iAiywQcTKrTOh_2vha0yH0Mh92z8U8DeB62Lw_4mKCTc/w200-h113/image.png" width="200" /></a></div>Let's look at another token on our list, the <b>$180k AP artwork</b>. The NFT links to the following URL:<p></p><p></p><blockquote><a href="https://ap-nft.everipedia.org/api/presidential-2020/1">https://ap-nft.everipedia.org/api/presidential-2020/1</a></blockquote><p></p><p>Like the above example with Beeple, this too points to a metadata file, with a link to the eventual artwork (<a href="https://gateway.pinata.cloud/ipfs/QmU81jiJ41qne5DFoDwsmgpq6AG3ziHdJbSnMkXBYQVU8v">here</a>). However, this chain is broken in the middle with that URL -- it isn't decentralized, and there's no guarantee in the future that it'll exist. The company "Everipedia" could go out of business tomorrow, or simply decide to stop sharing the file to the web, or decide to provide a different file at that location. In these cases, the thing the NFT points to disappears.</p><p>In other words, 50 years from now, after WW III and we've all moved to the off-world colonies, the owner of Beeple's NFT will still be able to sell it, providing the two additional files. The owner of this AP NFT probably won't -- the link will probably have disappeared from the web -- they won't be able to prove that the NFT they control points to the indicated artwork.</p><p>I would call this tantamount to fraud -- almost. The information is all there for the buyer to check, so they know the problems with this NFT. They obviously didn't care -- maybe they plan on being able to offload the NFT onto another buyer before the URL disappears.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhH9TC-wQ9_jnuSynyagaDbHo_9vecqNHkcOK5dkR33GJ8Qua6oiLaagaKgmcgcD3a9iQHrMF6ALBNxnOGpfJtPG10ONEnEdCxcYZD4aGsc_YgiGub-cu7jTf6RZWBP4PbPbQrt/" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="" data-original-height="476" data-original-width="483" height="197" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhH9TC-wQ9_jnuSynyagaDbHo_9vecqNHkcOK5dkR33GJ8Qua6oiLaagaKgmcgcD3a9iQHrMF6ALBNxnOGpfJtPG10ONEnEdCxcYZD4aGsc_YgiGub-cu7jTf6RZWBP4PbPbQrt/w200-h197/image.png" width="200" /></a></div>Now let's look at the <b>CryptoPunks #7804</b>&nbsp;NFT. The contract points to the same <i>hash</i> of an image file that contains all 10,000 possible token images. That hash is the following. Click on it to see the file it maps to:<p></p><p></p><blockquote><a href="https://github.com/larvalabs/cryptopunks/raw/master/punks.png">ac39af4793119ee46bbff351d8cb6b5f23da60222126add4268e261199a2921b</a></blockquote><p></p><p>The token ID in question is #7804. If you look in that file for the 7804th face, you'll see which one the token matches.</p><p>Unfortunately, the original contract doesn't actually explain how we arrive at the 7804th sub-image. Do we go left to right? Top down? or some other method? Currently, there exists a website that does the translation using one algorithm, but in the future, there's no hard proof which token maps to which face inside that massive image.</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi10k2-8LFjo8M8lmLeUaarcILLFkDqc1-FwCCdjOStrfQesv3evpgMuwq4OD5eZx0NCzV9sQNQIN-hkJwKGlo-omVOCMr0aueCfHRSa86e8Cb2NQkuLTsMydVrqOxSI8tEQNUE/" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img alt="" data-original-height="447" data-original-width="572" height="156" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi10k2-8LFjo8M8lmLeUaarcILLFkDqc1-FwCCdjOStrfQesv3evpgMuwq4OD5eZx0NCzV9sQNQIN-hkJwKGlo-omVOCMr0aueCfHRSa86e8Cb2NQkuLTsMydVrqOxSI8tEQNUE/w200-h156/image.png" width="200" /></a></div>Now let's look at the <b>CryptoKitty #896775</b>&nbsp;. In this case, there's no hashes involved, and no image. Instead, each kitty is expressed as a pattern of "genes", with contracts that specify how to two kittens can breed together to create a new kitty's genes. The above token contains the gene sequence:<p></p><p></p><blockquote>235340506405654824796728975308592110924822688777991068596785613937685997</blockquote><p></p><p>There are other contracts on the blockchain that can interact with this.&nbsp;</p><p>The CryptoKitty images we see are generated by an algorithm that reads the gene sequence. Thus, there is no image file, no hash of a file. The algorithm that does this is located off-chain, so again we have the problem that in the future, the owner of the token may not be able to prove ownership of the correct image.</p><p>So what we see in these examples is one case where there's a robust hash chain linking the NFT with the corresponding image file, and three examples where the link is problematic -- ranging from slightly broken to almost fraudulent.</p><p><br /></p><p><b>#3 How are tokens traded?</b></p><p>There are two ways you can sell your NFTs:</p><p></p><ul style="text-align: left;"><li>off the blockchain</li><li>on the blockchain</li></ul><p></p><p>The Beeple artwork was sold through Christie's -- meaning off blockchain. Christies conducted the bidding and collected the payment, took its cut, and gave the rest to the artist. The artist then transferred the NFT. We can see this on the blockchain where Beeple transferred the NFT for $0, but we can't see the flow of money <b>off blockchain</b>.</p><p>This is the exception. The rule is that NFTs are supposed to be traded <b>on blockchain</b>.</p><p>NFT contracts don't have auction or selling capabilities themselves. Instead, they follow a standard (known as ERC721) that allows them to be managed by other contracts. A person controlling a token selects some other auction/selling contract that matches the terms they want, and gives control to that contract.</p><p>Because contracts are code, both sides are know what the terms are, and can be confident they won't be defrauded by the other side.</p><p>For example, a contract's terms might be to provide for bids over 5 days, transfer the NFT from the owner to the buyer, and transfer coins from the buyer to the previous owner.</p><p>This is really why NFTs are so popular: not ownership of artwork, but <i>on blockchain</i> buying and selling of tokens. It's the ability to conduct such commerce where the rules are dictated by code rather than by humans, where such transfers happen in a decentralized manner rather than through a central authority that can commit fraud.</p><p>So the upshot is that if you own an NFT, you can use the <b>Transfer()</b>&nbsp;function to transfer it to some other owner, or you can authorize some other contract to do the selling for you, which will eventually call this Transfer() function when the deal is done. Such a contract will likely also transfer coins in the other direction, paying you for your token.</p><p><br /></p><p><b>#4 What does this all mean?</b></p><p>If you break into the Louvre Museum and steal the Mona Lisa, you will <b>control</b>&nbsp;the artwork. But you won't <b>own</b>&nbsp;it. The word "ownership" is defined to mean your legal rights over the object. If the legal authorities catch up with you, they'll stick you in jail and transfer control of the artwork back to the rightful legal owner.</p><p>We keep talking about "ownership" of NFTs, but this is fiction. Instead, all that you get when you acquire an NFT is "control" -- control of just the token even, and not of the underlying artwork. Much of what happens in blockchain/cryptocurrencies isn't covered by the law. Therefore, you can't really "own" tokens. But you certainly control them (with the private key in your wallet that matches the public key of your account/address on the blockchain).</p><p>This is why NFTs are problematic, people are paying attention to the fiction ("ownership") and not the technical details ("control"). We see that in the AP artwork above which simply links to a URL instead of a hash, missing a crucial step. They weren't paying attention to the details.</p><p>There are other missing steps. For example, I can create my own NFTs representing all these artworks and sell them (maybe covered in a future blogpost). It's a fiction that one of these is valid and my copy NFTs are invalid.</p><p>On the other hand, this criticism can go too far. Some people claim the entire blockchain/cryptocurrency market is complete fiction. This isn't true -- there's lots of obvious value in transactions that are carried out by code rather than by humans.</p><p>For example, an oil company might sell tokens for oil futures, allowing people to trade such futures on the blockchain. Ultimately, though, the value of such tokens comes down to faith in the original issuer that they'll deliver on the promise -- that the controller of the token will eventually get something in the real world. There are lots of companies being successful with this sort of thing, such as the BAT token used in the "Brave" web browser that provides websites with micropayment revenue instead of advertising revenue.</p><p>Thus, the difference here is that cryptocurrencies are part fiction, part real -- tied to real world things. But NFTs representing artwork are pretty much completely fiction. They confer no control over the artwork in the real world. Whatever tie a token has to the artwork is purely in your imagination.</p></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/1949610645936705403/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=1949610645936705403' title='1 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/1949610645936705403'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/1949610645936705403'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/03/a-quick-faq-about-nfts.html' title='A quick FAQ about NFTs'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirQrGRMWEXu3WuX5v7PMyS5syelGleF_oIi327qGS-dFA8kT13K5E8plLZRNOwZoRkXqO0-2Fn9mWayIa_fZaTxhPDzYSiZnnUhrKPHi1BT44BsbiRd2RaDDU7fe18CJujD3oH/s72-w200-h134-c/image.png" height="72" width="72"/><thr:total>1</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-4049457482069625866</id><published>2021-03-20T23:12:00.005-04:00</published><updated>2021-03-20T23:52:47.549-04:00</updated><title type='text'>Deconstructing that $69million NFT</title><content type='html'><p>"NFTs" have hit the mainstream news with the sale of an NFT based digital artwork for $69 million. I thought I'd write up an explainer. Specifically, I deconstruct that huge purchase and show what actually was exchanged, down to the raw code. (The answer: almost nothing).</p><p>The reason for this post is that every other description of NFTs describe what they <i>pretend</i>&nbsp;to be. In this blogpost, I drill down on what they <i>actually</i>&nbsp;are.</p><p>Note that this example is about "NFT artwork", the thing that's been in the news. There are other uses of NFTs, which work very differently than what's shown here.</p><p><b>tl;dr</b></p><p>I have long bit of text explaining things. Here is the short form that allows you to drill down to the individual pieces.</p><p></p><ul><li><a href="https://www.beeple-crap.com/">Beeple</a> created a piece of art in a <a href="https://ipfsgateway.makersplace.com/ipfs/QmXkxpwAHCtDXbbZHUwqtFucG1RMS6T87vi1CdvadfL7qA">file</a></li><li>He created a <a href="https://google.com/search?q=QmXkxpwAHCtDXbbZHUwqtFucG1RMS6T87vi1CdvadfL7qA">hash</a> that uniquely, and unhackably, identified that file<br /></li><li>He created a <a href="https://dweb.link/ipfs/QmPAg1mjxcEQPPtqsLoEcauVedaeMH81WXDPvPx3VC5zUz">metadata file</a> that included the hash to the artwork</li><li>He created a <a href="https://google.com/search?q=QmPAg1mjxcEQPPtqsLoEcauVedaeMH81WXDPvPx3VC5zUz">hash</a> to the metadata file</li><li>He uploaded both files (metadata and artwork) to the <a href="https://en.wikipedia.org/wiki/InterPlanetary_File_System">IPFS</a> darknet decentralized file sharing service</li><li>He created, or&nbsp;<a href="https://etherscan.io/tx/0x84760768c527794ede901f97973385bfc1bf2e297f7ed16f523f75412ae772b3#eventlog">minted a token</a> governed by the <a href="https://etherscan.io/address/0x2a46f2ffd99e19a89476e2f62270e0a35bbf0756#code">MakersTokenV2 smart contract</a> on the Ethereum blockchain</li><li>Christies created an <a href="https://onlineonly.christies.com/s/first-open-beeple/beeple-b-1981-1/112924">auction</a> for this token</li><li>The auction was concluded with a payment of $69 million worth of Ether cryptocurrency. However, nobody has been able to find this payment on the Ethereum blockchain, the money was probably transferred through some private means.</li><li>Beeple <a href="https://etherscan.io/tx/0xa342e9de61c34900883218fe52bc9931daa1a10b6f48c506f2253c279b15e5bf#eventlog">transferred</a> the token to the winner, who <a href="https://etherscan.io/tx/0x01d0967faaaf95f3e19164803a1cf1a2f96644ebfababb2b810d41a72f502d49#eventlog">transferred</a> it again to this final <a href="https://etherscan.io/address/0x8bb37fb0f0462bb3fc8995cf17721f8e4a399629#tokentxnsErc721">Metakovan</a> account</li></ul><div>Each of the link above allows you to drill down to exactly what's happening on the blockchain. The rest of this post discusses things in long form.</div><div><br /></div><p><b>Why do I care?</b></p><p>Well, you don't. It makes you feel stupid that you haven't heard about it, when everyone is suddenly talking about it as if it's been a thing for a long time. But the reality, <i>they</i>&nbsp;didn't know what it was a month ago, either. Here is the Google Trends graph to prove this point -- interest has only exploded in the last couple months:</p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiz76iRC5UAkv0R-Asg4LcveX0SgAJs1nPc6XR9PQSYCBg6ZkvO4Q8dv5tvKAEox6j3UFQg_zfjAi2P0xhOaORqVVaf07KUBGSpJpntxBzDnw5ACuxm5iuw-ORUYd44J7iWZaF/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="479" data-original-width="1223" height="125" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiz76iRC5UAkv0R-Asg4LcveX0SgAJs1nPc6XR9PQSYCBg6ZkvO4Q8dv5tvKAEox6j3UFQg_zfjAi2P0xhOaORqVVaf07KUBGSpJpntxBzDnw5ACuxm5iuw-ORUYd44J7iWZaF/" width="320" /></a></div><p></p><div>The same applies to me. I've been aware of them (since the CryptoKitties craze from a couple years ago) but haven't invested time reading source code until now. Much of this blogpost is written as notes as I discover for myself exactly what was purchased for $69 million, reading the actual transactions.</div><div><br /></div><div style="font-weight: bold;"><b><br /></b></div><b>So what is it?</b><div><br /></div><div>My definition: "Something new that can be traded on a blockchain that isn't a fungible cryptocurrency".</div><div><br /></div><div>In this post, I'm going to explain in technical details. Before this, you might want to pause and see what everyone else is saying about it. You can look <a href="https://en.wikipedia.org/wiki/Non-fungible_token">on Wikipedia</a> to answer that question, or look at the following definition <a href="https://www.cnn.com/2021/03/17/business/what-is-nft-meaning-fe-series/index.html">from CNN</a> (the first result when I google it):</div><div><span style="font-size: x-small;"><blockquote>Non-fungible tokens, or NFTs, are pieces of digital content linked to the blockchain, the digital database underpinning cryptocurrencies such as bitcoin and ethereum. Unlike NFTs, those assets are fungible, meaning they can be replaced or exchanged with another identical one of the same value, much like a dollar bill.</blockquote></span></div><div>You can also get a list of common NFT systems <a href="https://etherscan.io/tokens-nft">here</a>. While this list of NFT systems contains a lot of things related to artwork (as described in this blogpost), a lot aren't. For example, CryptoKitties is an online game, not artwork (though it too allows ties to pictures of the kitties).</div><div><br /><b><br /></b></div><div><b>What is fungible?</b></div><div><p>Let's define the word <b>fungible</b> first. The word refers to goods you purchase that can be replaced by an identical good, like a pound of sugar, an ounce of gold, a barrel of West Texas Intermediate crude oil. When you buy one, you don't care which one you get.</p><p>In contrast, an automobile is a <b>non-fungible</b> good -- if you order a Tesla Model 3, you won't be satisfied with just any car that comes out of the factory, but one that matches the color and trim that you ordered. Art work is a well known non-fungible asset -- there's only one Mona Lisa painting in the world, for example.</p><p>Dollar bills and coins are fungible <b>tokens</b> -- they represent the value printed on the currency. You can pay your bar bill with any dollars.&nbsp;</p><p><b>Cryptocurrencies</b> like Bitcoin, ZCash, and Ethereum are also "fungible tokens". That's where they get their value, from their fungibility.</p><p>NFTs, or <b>non-fungible tokens</b>, is the idea of trading something unique (non-fungible, not the same as anything else) on the blockchain. You can trade them, but each is unique, like a painting, a trading card, a rare coin, and so on.</p><p>This is a <b>token</b>&nbsp; -- it represents a thing. You aren't trading an artwork itself on the blockchain, but a token that represents the artwork. I mention this because most descriptions about NFTs are that you are buying artwork -- you aren't. Instead, you are buying a token that points to the artwork.</p><p>The best real world example is a <b>receipt</b> for purchase. Let's say you go to the Louvre and buy the Mona Lisa painting, and they give you a receipt attesting to the authenticity of the transaction. The receipt is not the artwork itself, but something that represents the artwork. It's proof you legitimately purchased it -- that you didn't steal it. If you ever resell the painting, you'll probably need something like this proving the provenance of the piece.</p><p><br /></p><p><b>Show me an example!</b></p><p>So let's look an at an example NFT, the technical details, to see how it works. We might as well use this massive $69 million purchase as our example. Some news reports describing the purchase are here: [<a href="https://www.washingtonpost.com/technology/2021/03/17/nft-beeple-metakovan-christies/">1</a>] [<a href="https://www.theverge.com/2021/3/11/22325054/beeple-christies-nft-sale-cost-everydays-69-million">2</a>] [<a href="https://www.nytimes.com/2021/03/11/arts/design/nft-auction-christies-beeple.html">3</a>].</p><p>None of these stories say what actually happened. They say the "artwork was purchased", but what does that actually mean? We are going to deconstruct that here. (The answer is: the artwork wasn't actually purchased).</p><p><b><br /></b></p><p><b>What was the artwork?</b></p><p>It's a piece created by an artist named "<a href="https://www.beeple-crap.com/everydays">Beeple</a>" (Mike Winkelmann), called "<b>Everydays: The First 5000 Days</b>". It's a 500-megapixel image, which is about 300-megabytes in size. A thumbnail of this work is shown below.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://ipfsgateway.makersplace.com/ipfs/QmZ15eQX8FPjfrtdX3QYbrhZxJpbLpvDpsgb2p3VEH8Bqq" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="800" data-original-width="800" height="194" src="https://ipfsgateway.makersplace.com/ipfs/QmZ15eQX8FPjfrtdX3QYbrhZxJpbLpvDpsgb2p3VEH8Bqq" width="194" /></a></div><div><br /></div><div><br /></div><div>So the obvious question is <b>where is this artwork?</b>&nbsp;Is it somewhere on the blockchain? Well, no, the file is 300-megabytes in size, much too large to put on the blockchain. Instead, the file exists somewhere out in cyberspace (described below).</div><div><br /></div><div>What exists on the blockchain is a unique fingerprint linking to the file, known as a <b>hash</b>.</div><div><br /></div><div><br /></div><div><b>What is a hash?</b></div><div><p>It's at this point we need to discuss <b>cryptography</b>: it's not just about encryption, but also random numbers, public keys, and hashing.</p><p>A "hash" passes all the bytes of a file through an algorithm to generate a short <b>signature</b>&nbsp;or <b>fingerprint</b>&nbsp;unique to that file. No two files with different contents can have the same hash. The most popular algorithm is <b>SHA-256</b>, which produces a 256-bit hash.</p><p>We call it a <b>cryptographic hash</b>&nbsp;to differentiate it from weaker algorithms. With a strong algorithm, it's <i>essentially</i>&nbsp;impossible for a hacker to create a different file that has the same hash -- even if the hacker tried really hard.</p><p>Thus, the hash is the <b>identity</b>&nbsp;of the file. The identity of the artwork in question is not the title of the piece mentioned above, other pieces of art can also be given that title. Instead, the identity of the artwork is its hash. Other pieces of artwork cannot have the same hash.</p><p>For this artwork, that 300-megabyte file is hashed, producing a 256-bit value. Written in hex, this value is:</p><blockquote><p>6314b55cc6ff34f67a18e1ccc977234b803f7a5497b94f1f994ac9d1b896a017</p></blockquote><p>Hexadecimal results in long strings. There are shorter ways of representing hashes. One is a format called <b>MultiHash</b>. It's value is shown below. This refers to the same 256-bits, and thus the two forms equivalent, they are simply displayed in different ways.</p><blockquote><p>QmXkxpwAHCtDXbbZHUwqtFucG1RMS6T87vi1CdvadfL7qA</p></blockquote><p>This is the identity of the artwork. If you want to download the entire 300-megabyte file, simply copy and paste that into google, and it'll lead you to someplace in cyberspace where you can download it. Once you download it, you can verify the hash, such as with the command-line tool OpenSSL:</p><p></p><blockquote><p><span style="font-family: courier; font-size: x-small;">$ openssl dgst -sha256 everdays5000.jfif</span></p><p><span style="font-family: courier; font-size: x-small;">SHA256(everdays5000.jfif)= 6314b55cc6ff34f67a18e1ccc977234b803f7a5497b94f1f994ac9d1b896a017</span></p><p></p></blockquote><p>The above is exactly what I've done -- I downloaded the file from cyberspace, named it "everydays5000.jfif", and then calculated the hash to see if it matches. As you can tell by looking at my result with the above hash, they do match, so I know I have an exact copy of the artwork.</p><p><b><br /></b></p><p><b>Where to download the image from cyberspace?</b></p><p>Above, I downloaded the file in order to demonstrate calculating the hash. It doesn't live on the blockchain, so where does it live?</p><p>There's two answers. The first answer is potentially&nbsp;<b>anywhere in cyberspace. </b>Thousands of people have downloaded the file onto the personal computers, so obviously it exists on their machines -- you just can't get at it. If you ever do come across it somewhere, you can always verify it's the exact copy by looking at the hash.</p><p>The second answer is <b>somewhere on the darknet</b>. The term "darknet" refers to various systems on the Internet other than the web. Remember, the "web" is not the "Internet", but simply one of many services on the Internet.</p><p>The most popular darknet services are <b>decentralized file sharing</b>&nbsp;systems like BitTorrent and <a href="https://en.wikipedia.org/wiki/InterPlanetary_File_System">IPFS</a>. In much the same way that blockchains are decentralized transaction services, these two system are decentralized file services. When something is too big to live on the blockchain, it often lives on the darknet, usually via IPFS.</p><p>The way these services identify files is through their hashes. If you know their hash, you can stick it into one of these services and find it. Thus, if you want to find this file on IPFS, download some IPFS aware software, and plug in the hash.</p><p>There's an alternative privacy-focused browser called "Brave" that includes darknet features (TOR, BitTorrent, and IPFS). To download this file using Brave, simply use the following URL:</p><p></p><blockquote>ipfs://QmXkxpwAHCtDXbbZHUwqtFucG1RMS6T87vi1CdvadfL7qA</blockquote><p></p><p>But an easier way is to use one of the many <b>IPFS gateways</b>. These are web servers that will copy a file off the darknet and make it available to you. Here is a URL using one of those gateways:</p><p></p><blockquote><a href="https://ipfsgateway.makersplace.com/ipfs/QmXkxpwAHCtDXbbZHUwqtFucG1RMS6T87vi1CdvadfL7qA">https://ipfsgateway.makersplace.com/ipfs/QmXkxpwAHCtDXbbZHUwqtFucG1RMS6T87vi1CdvadfL7qA</a></blockquote><p></p><p>If you click on this link within your browser, you'll download the 300-megabyte file from the IPFS darknet. It'll take a while, the service is slow. Once you get it, you can verify the hashes match. But since the URL is based on the hash, of course they should match, unless there was some error in transmission.</p><p><br /></p><p><b>So this hash is on the blockchain?</b></p><p>Well, it could've been, but it wasn't. Instead, the hash that's on the blockchain points to a file containing metadata -- and it's the metadata that points to the hash.</p><p>In other words, it's a chain of hashes. The hash on the blockchain (as we'll see below) is this one here (I've made it a link so you can click on it to see the raw data):</p><p></p><blockquote><a href="https://dweb.link/ipfs/QmPAg1mjxcEQPPtqsLoEcauVedaeMH81WXDPvPx3VC5zUz">QmPAg1mjxcEQPPtqsLoEcauVedaeMH81WXDPvPx3VC5zUz</a></blockquote><p></p><p>When you click on this, you see a bunch of JSON data. Below, I've stripped away the uninteresting stuff to show the meaningful bits;</p><blockquote><b>title</b>:"<i>EVERYDAYS: THE FIRST 5000 DAYS</i>"&nbsp;</blockquote><blockquote><b>description</b>:"<i>I made a picture from start to finish every single day from May 1st, 2007 - January 7th, 2021.&nbsp; This is every motherfucking one of those pictures.</i>"&nbsp;</blockquote><blockquote><b>digital_media_signature</b>:"<i>6314b55cc6ff34f67a18e1ccc977234b803f7a5497b94f1f994ac9d1b896a017</i>"&nbsp;</blockquote><blockquote><b>raw_media_file</b>:"<i><a href="https://ipfsgateway.makersplace.com/ipfs/QmXkxpwAHCtDXbbZHUwqtFucG1RMS6T87vi1CdvadfL7qA">https://ipfsgateway.makersplace.com/ipfs/QmXkxpwAHCtDXbbZHUwqtFucG1RMS6T87vi1CdvadfL7qA</a></i>"</blockquote><p>Now remember that due to the magic of cryptographic hashes, this chain can't be broken. One hash leads to the next, such that changing any single bit breaks the chain. Indeed, that's what a "blockchain" is -- a hash chain. Changing any bit of information anywhere on the Bitcoin blockchain is immediately detectable, because it throws off the hash calculations.</p><p>So we have a chain:&nbsp;</p><p></p><blockquote>hash -&gt; metadata -&gt; hash -&gt; artwork</blockquote><p></p><p>So if you own the root, you own the entire chain.</p><p>Note that this chain seems unbreakable here, in this $69 million NFT token. However, in a lot of other tokens, it's not. I mean, the hash chain itself doesn't promise much (it simply points at the artwork, giving no control over it), but other NFTs promise even less.</p><p><b><br /></b></p><p><b>So what, exactly, is the NFT that was bought and sold?</b></p><p>Here's what&nbsp;<a href="https://en.wikipedia.org/wiki/Christie%27s">Christie's</a>&nbsp;sold. Here's how <a href="https://onlineonly.christies.com/s/first-open-beeple/beeple-b-1981-1/112924">Christies describes it</a>:</p><p></p><blockquote><p>Beeple (b. 1981)<br />EVERYDAYS: THE FIRST 5000 DAYS<br /><b>token ID</b>: 40913<br />wallet address: 0xc6b0562605D35eE710138402B878ffe6F2E23807<br /><b>smart contract address</b>: 0x2a46f2ffd99e19a89476e2f62270e0a35bbf0756<br />non-fungible token (jpg)<br />21,069 x 21,069 pixels (319,168,313 bytes)<br />Minted on 16 February 2021. This work is unique.</p><p></p></blockquote><p>The seller is the artist&nbsp;<a href="https://www.beeple-crap.com/">Beeple</a>. The artist created the <b>token </b>(shown below) and assigned their <b>wallet address</b>&nbsp;as the owner. This is their wallet address:</p><blockquote><a href="https://etherscan.io/address/0xc6b0562605d35ee710138402b878ffe6f2e23807">0xc6b0562605D35eE710138402B878ffe6F2E23807</a></blockquote><p></p><p>When Beeple created the token, he did so using a <b>smart contract</b>&nbsp;that governs the rules for the token. Such smart contracts is what makes Ethereum different from Bitcoin, allowing things to be created and managed on the blockchain other than simple currency transfers. Contracts have addresses on the blockchain, too, but no person controls them -- they are rules for decentralized transfer of things, with nobody (other than the code) in control.</p><p>There are many smart contracts that can manage NFTs. The one Beeple chose is known as <b>MakersTokenV2</b>. This contract has the following address:</p><blockquote><a href="https://etherscan.io/address/0x2a46f2ffd99e19a89476e2f62270e0a35bbf0756#code">0x2a46f2ffd99e19a89476e2f62270e0a35bbf0756</a></blockquote><p></p><p>Note that if you browse this link, you'll eventually get to the&nbsp;<a href="https://etherscan.io/address/0x2a46f2ffd99e19a89476e2f62270e0a35bbf0756#code" style="font-weight: bold;">code</a>&nbsp;so that you can read the smart contract and see how it works. It's a derivation of something known as&nbsp;<a href="https://github.com/ethereum/EIPs/blob/master/EIPS/eip-721.md">ERC721</a>&nbsp;that defines the properties of a certain class of non-fungible tokens.</p><p>Finally, we get to the actual token being sold here. It is:</p><blockquote><p>#40913</p></blockquote><p>In other words, it's the 40913rd token created and managed by the MakersTokenV2 contract. The full description of what Christies is selling is this token number governed by the named contract on the Ethereum blockchain:</p><blockquote><p>Ethereum -&gt; 0x2a46f2ffd99e19a89476e2f62270e0a35bbf0756 -&gt; 40913</p></blockquote><p>We have to search the blockchain in order to find the transaction that created this token. The transaction is identified by the hash:</p><blockquote><p><a href="https://etherscan.io/tx/0x84760768c527794ede901f97973385bfc1bf2e297f7ed16f523f75412ae772b3#eventlog">0x84760768c527794ede901f97973385bfc1bf2e297f7ed16f523f75412ae772b3</a></p></blockquote><p>The smart contract is code, so in the above transaction, Beeple calls functions within the contract to create a new token, assign digital media to it (the hash), and assign himself owner of the newly created token.</p><p>After doing this, the token #40913 now contains the following information:</p><div><blockquote><b>creator </b>: 0xc6b0562605d35ee710138402b878ffe6f2e23807<br /><div><b>metadataPath </b>: QmPAg1mjxcEQPPtqsLoEcauVedaeMH81WXDPvPx3VC5zUz<br /><div><b>tokenURI </b>: ipfs://ipfs/QmPAg1mjxcEQPPtqsLoEcauVedaeMH81WXDPvPx3VC5zUz</div></div></blockquote><div><span style="font-size: x-small;"></span></div></div><p>This is the thing that Christie's auction house sold. As you can see in their description above, it all points to this token on the blockcahin.</p><p>Now after the auction, the next step is to transfer the token to the new owner. Again, the contract is code, so this is calling the "Transfer()" function in that code. Beeple is the only person who can do this transfer, because only he knows the private key that controls his wallet. This transfer is done in the transaction below:</p><blockquote><p><a href="https://etherscan.io/tx/0xa342e9de61c34900883218fe52bc9931daa1a10b6f48c506f2253c279b15e5bf#eventlog">0xa342e9de61c34900883218fe52bc9931daa1a10b6f48c506f2253c279b15e5bf&nbsp;</a></p></blockquote><blockquote>token : 40913<br />from : 0xc6b0562605d35ee710138402b878ffe6f2e23807<br />to : 0x58bf1fbeac9596fc20d87d346423d7d108c5361a</blockquote><p></p><p>That's not the current owner. Instead, it was soon transferred again in the following transaction:</p><p></p><blockquote><p><a href="https://etherscan.io/tx/0x01d0967faaaf95f3e19164803a1cf1a2f96644ebfababb2b810d41a72f502d49#eventlog">0x01d0967faaaf95f3e19164803a1cf1a2f96644ebfababb2b810d41a72f502d49</a>&nbsp;</p></blockquote><blockquote><p>token : 40913<br />from : 0x58bf1fbeac9596fc20d87d346423d7d108c5361a<br />to :&nbsp;0x8bb37fb0f0462bb3fc8995cf17721f8e4a399629</p><p></p></blockquote><p>That final address is known to belong to a person named "Metakovan", who the press has identified as the buyer of the piece. I don't know what that intermediary address between Beeple and Metakovan was, but it's common in the cryptocurrency world to have many accounts that people transfer things between, so I bet it also belongs to Metakovan.</p><p><br /></p><p><b>How are things transferred?</b></p><p>Like everything on the blockchain, control is transfered via public/private keys. Your <b>wallet address</b>&nbsp;is a hash of your <b>public key</b>, which everyone knows. Anybody can transfer something to your public address without you being involved.</p><p>But every public key has a matching <b>private key</b>. Both are generated together, because they are mathematically related. Only somebody who knows the private key that matches the wallet address can transfer something out of the wallet to another person.</p><p>Thus Beeple's account as the following public address. But we don't know his private key, which he has stored on a computer file somewhere.</p><p></p><blockquote><a href="https://etherscan.io/address/0xc6b0562605d35ee710138402b878ffe6f2e23807">0xc6b0562605D35eE710138402B878ffe6F2E23807</a></blockquote><p></p><p><br /></p><p><b>To summarize what was bought and sold</b></p><p>So that's it. To summarize:</p><p></p><ul style="text-align: left;"><li><a href="https://www.beeple-crap.com/">Beeple</a>&nbsp;created a piece of art in a&nbsp;<a href="https://ipfsgateway.makersplace.com/ipfs/QmXkxpwAHCtDXbbZHUwqtFucG1RMS6T87vi1CdvadfL7qA">file</a></li><li>He created a&nbsp;<a href="https://google.com/search?q=QmXkxpwAHCtDXbbZHUwqtFucG1RMS6T87vi1CdvadfL7qA">hash</a>&nbsp;that uniquely, and unhackably, identified that file</li><li>He created a&nbsp;<a href="https://dweb.link/ipfs/QmPAg1mjxcEQPPtqsLoEcauVedaeMH81WXDPvPx3VC5zUz">metadata file</a>&nbsp;that included the hash to the artwork</li><li>He created a&nbsp;<a href="https://google.com/search?q=QmPAg1mjxcEQPPtqsLoEcauVedaeMH81WXDPvPx3VC5zUz">hash</a>&nbsp;to the metadata file</li><li>He uploaded both files (metadata and artwork) to the&nbsp;<a href="https://en.wikipedia.org/wiki/InterPlanetary_File_System">IPFS</a>&nbsp;darknet decentralized file sharing service</li><li>He created, or&nbsp;<a href="https://etherscan.io/tx/0x84760768c527794ede901f97973385bfc1bf2e297f7ed16f523f75412ae772b3#eventlog">minted a token</a>&nbsp;governed by the&nbsp;<a href="https://etherscan.io/address/0x2a46f2ffd99e19a89476e2f62270e0a35bbf0756#code">MakersTokenV2 smart contract</a>&nbsp;on the Ethereum blockchain</li><li>Christies created an&nbsp;<a href="https://onlineonly.christies.com/s/first-open-beeple/beeple-b-1981-1/112924">auction</a>&nbsp;for this token</li><li>The auction was concluded with a payment of $69 million worth of Ether cryptocurrency. However, nobody has been able to find this payment on the Ethereum blockchain, the money was probably transferred through some private means.</li><li>Beeple&nbsp;<a href="https://etherscan.io/tx/0xa342e9de61c34900883218fe52bc9931daa1a10b6f48c506f2253c279b15e5bf#eventlog">transferred</a>&nbsp;the token to the winner, who&nbsp;<a href="https://etherscan.io/tx/0x01d0967faaaf95f3e19164803a1cf1a2f96644ebfababb2b810d41a72f502d49#eventlog">transferred</a>&nbsp;it again to this final&nbsp;<a href="https://etherscan.io/address/0x8bb37fb0f0462bb3fc8995cf17721f8e4a399629#tokentxnsErc721">Metakovan</a>&nbsp;account</li></ul><div>And that's it.</div><div><br /></div><div><b>Okay, I understand. But I have a question. WHAT IS AN NFT????</b></div><div><b><br /></b></div><div>So if you've been paying attention, and understood everything I've said, then you should still be completely confused. What exactly was purchased that was worth $69 million?</div><div><br /></div><div>If we are asking what Metakovan purchased for his $69 million, it comes down to this: the ability to transfer MakersTokenV2 #40913 to somebody else.</div><div><br /></div><div>That's it. That's everything he purchased. He didn't purchase the artwork, he didn't purchase the copyrights, he didn't purchase anything more than the ability to transfer that token. Even saying he owns the token is a misnomer, since the token lives on the blockchain. Instead, since only Metakovan knows the private key that controls his wallet, all that he possesses is the ability to transfer the token to the control of another private key.</div><div><br /></div><div>It's not even as unique as people claim. Beeple can mint another token for the same artwork. Anybody else can mint a token for Beeple's artwork. Insignificant changes can be made to that artwork, and tokens can be minted for that, too. There's nothing hard and fast controlled by the code -- the relationship is in people's minds.</div><div><br /></div><div>If you are coming here asking why somebody thinks this is worth $69 million, I have no answer for you.</div><div><br /></div><div><br /></div><div><b>The conclusion</b></div><p></p><div>I think there are two things that are clear here:</div><div><ul style="text-align: left;"><li>This token is not going to be meaningful to most of us: who cares if the token points to a hash that eventually points to a file freely available on the Internet?</li><li>This token is meaningful to those in the "crypto" (meaning "cryptocurrency") community, but it's in their minds, rather than something hard and fast controlled by code or cryptography.</li></ul><div>In other words, the work didn't sell for $69 million of real money.</div><div><br /></div><div>For one thing, it's not the work that was traded, or rights or control over that work. It's simply a token that pointed to the work.</div><div><br /></div><div>For another thing, it was sold for 42329.453 ETH, not $dollars. Early adopters with lots of cryptocurrency are likely to believe the idea that the token is meaningful, whereas outsiders with $dollars don't.</div><div><br /></div><div>An NFT is ultimately like those plaques you see next to paintings in a museum telling people about the donor or philanthropist involved -- only this plaque is somewhere where pretty much nobody will see it.</div><div><br /></div><div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgH1qv72M_Z2zpwrh4ovslSolaewHZ6cYY_k8HBGo65epxsKryBwXJRDXSQm-jJIgpW3xe6eabeGWy-yJHP-V-Bu-CqdR7W2C4-Y1fECRl_G9vDkJfsGNw8_2K91YbvNT00scfC/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="1404" data-original-width="1920" height="234" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgH1qv72M_Z2zpwrh4ovslSolaewHZ6cYY_k8HBGo65epxsKryBwXJRDXSQm-jJIgpW3xe6eabeGWy-yJHP-V-Bu-CqdR7W2C4-Y1fECRl_G9vDkJfsGNw8_2K91YbvNT00scfC/" width="320" /></a></div><br /><br /></div><div><br /></div></div></div></div></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/4049457482069625866/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=4049457482069625866' title='8 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/4049457482069625866'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/4049457482069625866'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/03/deconstructing-that-69million-nft.html' title='Deconstructing that $69million NFT'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><media:thumbnail xmlns:media="http://search.yahoo.com/mrss/" url="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgiz76iRC5UAkv0R-Asg4LcveX0SgAJs1nPc6XR9PQSYCBg6ZkvO4Q8dv5tvKAEox6j3UFQg_zfjAi2P0xhOaORqVVaf07KUBGSpJpntxBzDnw5ACuxm5iuw-ORUYd44J7iWZaF/s72-c" height="72" width="72"/><thr:total>8</thr:total></entry><entry><id>tag:blogger.com,1999:blog-37798047.post-5423611307430503564</id><published>2021-02-28T19:06:00.006-05:00</published><updated>2021-02-28T20:05:19.523-05:00</updated><title type='text'>We are living in 1984 (ETERNALBLUE)</title><content type='html'><p>In the book <i>1984</i>, the protagonist questions his sanity, because his memory differs from what appears to be everybody else's memory.</p><p></p><blockquote><p>The Party said that Oceania had never been in alliance with Eurasia. He, Winston Smith, knew that Oceania had been in alliance with Eurasia as short a time as four years ago. But where did that knowledge exist? Only in his own consciousness, which in any case must soon be annihilated. And if all others accepted the lie which the Party imposed—<b>if all records told the same tale—then the lie passed into history and became truth</b>. ‘Who controls the past,’ ran the Party slogan, ‘controls the future: who controls the present controls the past.’ And yet the past, though of its nature alterable, never had been altered. Whatever was true now was true from everlasting to everlasting. It was quite simple. All that was needed was an unending series of victories over your own memory. ‘Reality control’, they called it: in Newspeak, ‘doublethink’.</p><p></p></blockquote><p>I know that EternalBlue didn't cause the <a href="https://en.wikipedia.org/wiki/2019_Baltimore_ransomware_attack">Baltimore ransomware attack</a>. When the attack happened, the entire cybersecurity community agreed that EternalBlue wasn't responsible.</p><p>But <a href="https://www.nytimes.com/2019/05/25/us/nsa-hacking-tool-baltimore.html">this New York Times article</a> said otherwise, blaming the Baltimore attack on EternalBlue. And there are hundreds of other news articles [<a href="https://www.theverge.com/2019/5/25/18639859/baltimore-city-computer-systems-cyberattack-nsa-eternalblue-wannacry-notpetya-cybersecurity">eg</a>] that agree, citing the New York Times. There are no news articles that dispute this.</p><p>In a&nbsp;<a href="https://blog.erratasec.com/2021/02/review-perlroths-book-on-cyberarms.html">recent book</a>, the author of that article admits it's not true, that EternalBlue didn't cause the ransomware to spread. But they defend themselves as it being essentially true, that EternalBlue is responsible for a lot of bad things, even if technically, not in this case. Such errors are justified, on the grounds they are generalizations and simplifications needed for the mass audience.</p><p>So we are left with the situation Orwell describes: all records tell the same tale -- when the lie passes into history, it becomes the truth.</p><p>Orwell continues:</p><p></p><blockquote><p>He wondered, as he had many times wondered before, whether he himself was a lunatic. Perhaps a lunatic was simply a minority of one. At one time it had been a sign of madness to believe that the earth goes round the sun; today, to believe that the past is inalterable. He might be ALONE in holding that belief, and if alone, then a lunatic. But the thought of being a lunatic did not greatly trouble him: the horror was that he might also be wrong.</p><p></p></blockquote><p>I'm definitely a lunatic, alone in my beliefs. I sure hope I'm not wrong.</p><p><br /></p><p><br /></p> <hr/><b>Update:</b> Other lunatics document their struggles with Minitrue:<blockquote class="twitter-tweet" data-conversation="none" data-dnt="true"><p lang="en" dir="ltr">When I was investigating the TJX breach, there were NYT articles citing unnamed sources that were made up &amp; then outlets would publish citing the NYT. The TJX lawyers would require us to disprove the articles. Each time we would. It was maddening fighting lies for 8 months.</p>&mdash; Nicholas J. Percoco (@c7five) <a href="https://twitter.com/c7five/status/1366189900454895625?ref_src=twsrc%5Etfw">March 1, 2021</a></blockquote> <script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script></content><link rel='replies' type='application/atom+xml' href='https://blog.erratasec.com/feeds/5423611307430503564/comments/default' title='Post Comments'/><link rel='replies' type='text/html' href='https://www.blogger.com/comment.g?blogID=37798047&postID=5423611307430503564' title='2 Comments'/><link rel='edit' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/5423611307430503564'/><link rel='self' type='application/atom+xml' href='https://www.blogger.com/feeds/37798047/posts/default/5423611307430503564'/><link rel='alternate' type='text/html' href='https://blog.erratasec.com/2021/02/we-are-living-in-1984-eternalblue.html' title='We are living in 1984 (ETERNALBLUE)'/><author><name>Robert Graham</name><uri>http://www.blogger.com/profile/09879238874208877740</uri><email>noreply@blogger.com</email><gd:image rel='http://schemas.google.com/g/2005#thumbnail' width='26' height='32' src='//blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjJp1K5oBkDsBDOh7UOk0xPIdd0d8DKmV7PEAPZ7x-ckmfG6iWTVCt5LvUpd2iwW3UUYeaqd2UoYnupOSz1VDFUok6gUW_48x_rCU1Sth9Sk4-vEidqnqC2M3DXw16T4o0/s220/robertgraham.jpg'/></author><thr:total>2</thr:total></entry></feed>If you would like to create a banner that links to this page (i.e. this validation result), do the following:
Download the "valid Atom 1.0" banner.
Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)
Add this HTML to your page (change the image src attribute if necessary):
If you would like to create a text link instead, here is the URL you can use:
http://www.feedvalidator.org/check.cgi?url=http%3A//erratasec.blogspot.com/feeds/posts/default
