I wouldn't be as alarmed at the NSA's data collection revealed by Snowden if I felt they took their job of defending and protecting US systems with as much zeal.
Of course, as the government's own reports show mass surveillance doesn't prevent terrorism, and we are also seeing how poorly citizen data is being protected.
This feels very familiar. Instead of seeing a malicious organization, I'm just realizing its incompetent. Forget about Pokemon Go asking for too many permissions, your data is already lost.
"I wouldn't be as alarmed at the NSA's data collection revealed by Snowden if I felt they took their job of defending and protecting US systems with as much zeal."
I thought that at one point but DOD tried and nobody wanted the stuff. COTS, low-cost, and high-speed above all else even for critical stuff. Government kept trying with Common Criteria but almost all vendors and customers went for least secure stuff. NSA tried again with programs like SPOCK that evaluated Sentinel's HYDRA firewall. Defense contractors and DARPA/NSF-funded groups keep making stuff. Basically nobody buys it.
So, I blame the demand side instead of NSA. If market gave a shit, NSA would be working their butts off trying to get anything done in a memory-safe, type-safe, CPU-on-up system. But no... Least we're going to see another effort with the Dover to integrate RISC-V with SAFE architecture's PUMP. Both RISC-V and SAFE were U.S. government funded IIRC. Years of papers on both with no uptake in industry or FOSS for even SAFE's basic techniques until Dover.
Far as NSA, at least they still fund Rockwell-Collins' SHADE and Galois Inc's awesome work. CRYPTOL language & toolkit got open-sourced by Galois. Nobody uses it. Seeing a pattern?
> Government kept trying with Common Criteria but almost all vendors and customers went for least secure stuff. NSA tried again with programs like SPOCK that evaluated Sentinel's HYDRA firewall. Defense contractors and DARPA/NSF-funded groups keep making stuff. Basically nobody buys it.
That is the truth. But there is a chicken and egg a bit there as well. Common Criteria certification (say EAL4) is not cheap and takes years to achieve. RedHat even opted to do it in Germany by exploiting some international mutual agreement thing. RHEL 7 was out 3 or so years ago and it is still "in evaluation". Who has time for that?
So I think the requirements and boilerplate needed is too much and too many hoops to jump through. A lot are not technical I feel but rather bureaucratic. I call it paper security -- security that exists only as rubber stamps or checkmarks in some checklist, which might not actually improve anything in reality. A lot of it is downright dangerous -- such as mandating installing an antivirus on a Linux server, which installs a kernel driver, which has a buffer overflow and so on, cue full on kernel level remote exploits ... as a result of a "security requirement".
"Common Criteria certification (say EAL4) is not cheap and takes years to achieve."
Oh yeah. The original criteria got watered down to point that it's mostly expensive paperwork and takes years to achieve. The only ones that are even meaningful are EAL5-7. That's when the assurance activities that benefit security kick in plus you get pentesting of source. Contrary to pjc, I think certification is meaningful if it's a continuous or regular thing against meaningful criteria. The EAL's are meaningful given each requirement has proven to improve security in the past. Protection profiles often have sensible requirements mixed with BS. So, process needs to be subsetted and in a way that focuses on active evaluation rather than just paperwork with sensible requirements and only higher EAL's.
Far as specifics, the original systems secured to A1-class are still mostly secure today. I could shoot holes in them with what we've learned. Yet, the techniques they used left them in really good shape after all this time and still easier to apply modern stuff to than modern software. Imagine that. It's as if the certification criteria on design & assurance side were fundamental principles that geniuses figured out through many military & academic experiments that still work better than what most developers guess at or throw together. ;)
Note: Started with SCOMP and GEMSOS. SCOMP had minimal TCB, IOMMU, totally compartmentalized OS, trusted path, and (as XTS-300) ran UNIX apps in user-mode.
Note: I keep citing this, mainly layered design and assurance sections, because it's still more secure at software level than most virtualization. Just look at level of precision, testing, configuration management, safer coding, and so on. They also, per criteria, did a covert channel analysis that would've helped all these clouds with their so-called "side channels." ;)
Note: A B3-class OS (w/ KeySAFE) from capability-security field. NanoKernel, protected IPC, and regular checkpointing for integrity/availability after a crash.
Notes: LOCK was interesting as it was a hardware/software system with Type 1 cryptoprocessor & UNIX layer. They invented Type Enforcement for this product then implemented it with capability mechanisms. After it was canceled, "features over assurance," NSA had Utah reimplement that tech in a microkernel. They later added it to Linux as SELinux. LOCK was original model, though, with the UNIX section confirming prior experiments that UNIX calls are inherently insecure to point you can have compatibility or security. It's why separation kernels that came later all just virtualized it as a whole with security-critical apps running right on separation kernel.
So, there's four systems that illustrate some design requirements and especially assurance activities. The assurance activities worked. Real flaws were found. A few did great in pentesting and/or the field. Definitely worth copying even if one avoids a CC evaluation: private certification against the criteria with plenty of source code focus instead. Preferably an ongoing process that starts at beginning of the project with third parties auditing feeding right back into development, esp catching flaws.
> I thought that at one point but DOD tried and nobody wanted the stuff. COTS, low-cost, and high-speed above all else even for critical stuff. Government kept trying with Common Criteria but almost all vendors and customers went for least secure stuff. NSA tried again with programs like SPOCK that evaluated Sentinel's HYDRA firewall. Defense contractors and DARPA/NSF-funded groups keep making stuff. Basically nobody buys it.
> So, I blame the demand side instead of NSA. If market gave a shit, NSA would be working their butts off trying to get anything done in a memory-safe, type-safe, CPU-on-up system. But no... Least we're going to see another effort with the Dover to integrate RISC-V with SAFE architecture's PUMP. Both RISC-V and SAFE were U.S. government funded IIRC. Years of papers on both with no uptake in industry or FOSS for even SAFE's basic techniques until Dover.
And instead we get Intel ME. I seriously don't know what to think.. Certainly the later is a sub-system that 99% of users don't care for or want but will still happen to have (and all vulnerabilities associated). If opposite is possible why couldn't they shove a safer system down users-throats after all?
Backward compatibility with insecure apps, language, and OS features above all else is what market said. That plus raw speed. The above projects collectively cost Intel over a billion dollars that they didn't make back. i432 died for sure. i960 is in legacy mode with security features turned off or removed. Itanium is in downward spiral. Realistically, they should just modify x86 to support C safety like Cambridge's CHERI or other group's Hardbound are doing. Then, they get compatibility + safety.
They're probably just too afraid to make another attempt after loosing a billion to a market that said "F* security or software maintenance." Giving them the insecure crap they demand is actually the ethical choice in capitalism given they'll put you out of business otherwise. Only two that ever made it with a Right Thing approach were Burroughs B5000 and System/38 (aka AS/400). Both turned off hardware security due to user demand (performance over security) but kept OS architecture. Both still sell.
It's just an extension for one problem. A good thing that's happening. It's not a solution to a bunch at once. They're not risking it. Maybe they'll do it incrementally over time.
Not true. Private sector blows money on bullshit all the time. That's that lucrative, enterprise market you hear about. They'll sometimes spend extra for quality or availability. Stratus Computers and HP NonStop come to mind. Orreck vacuums haha.
They just usually won't do it for security. So, you have to sell high-security as part of some other product with benefits they want that justifies the expense. Security appliances were my obvious choice. Sentinel HYRDA, Secure64 DNS, Sirrix TrustedDesktop, & Samsung KNOX are all examples where they try to sell something useful to businesses with extra assurance embedded in there. I also thought a database or ERP package might pull it off. Subsidize the TCB development at least since enterprises expect the exhorbitant licensing. Shit, make it run PostgresSQL underneath with your "database" just being the front-end on a high-security appliance. ;) Funny enough, I used to design and build stuff like that via Seaview & LDV architectures.
> The report did not provide specific evidence that China was behind the hack.
This. Every time. Yet they point the blame guns at China without a single doubt regardless. Then media puts large Sinophobic and Communism-themed banners and images to top it off.
Seriously? Does it not sound like Beijing has become their favorite scapegoat, along the lines of say, I failed to secure system xyz because Beijing was behind the attack?
The title of the article blames China, they have a menacing graphic (the official Chinese government hacking mouse) and the body of the article affirms that there is no evidence that the hack originated in China.
I see stories like this and get pretty depressed. It also makes me wonder if, given it is actually China, it is government-based or rogue blackhats. It also makes me wonder the amount the US attempts to hack China and also what the ratio of government versus rogue blackhats are doing the work.
You should check out the documentary "Zero Days" released this year. It talks about Operation Olympic Games among others and how common it is for nation states to wage cyber warfare because there are currently no rules against it.
Not in our minds, but these people see others with power and think if only they had that power, preferably centralized (who likes redundancies??? DRY!), they could do something really special. They are The Anointed[1]. They've cracked the code somehow. But they get to the helm only to discover there's 10 other hands on the wheel, and no one can see the effect until well after the next election cycle.
This is an excellent point. This may seem off-topic, but I realized some time ago during the debates about minimum wage increases, it wasn't the managers of fast food joints being the loudest opposition, it was lower-middle class people who don't want to give up their $1 cheeseburgers, no matter what the societal costs.
If you create distance between a person and the consequences of their evil, they become more likely to tolerate their evil.
I don't think this has been the case for a long time. The US government is subservient to its own interests, and no other - like any other government, its citizenship benefits only as a coincidence of the actions of the government, not as an intentional boon to the citizens. Appeasements are made to keep a docile citizenship, and otherwise the condition of the country is made "just good enough" for those in positions of power to live the way they want, on the tax payer's expense. The system of checks and balances is a farce intended to give the illusion of control, but ultimately those with money or good connections (often one begets the other) live by a special set of rules.
The idea that the general public has the power to somehow control the Federal Government or even local State Governments is simply inaccurate - the Federal level is protected by its own allegedly self-correcting system which basically means that they decide their own fate, and the State level avoids problems simply by throwing more money than the citizenship can muster at any problem.
Individual public servants may enjoy helping their fellow person; bus drivers, postal workers, maintenance crews, I do not doubt they take pride in the work they do to improve the places they live and the people they serve. But the organizations themselves, the structures that these human workers live under, are machines designed to benefit a small elite few privileged enough to be part of the oligarchy.
This is how governments work - they're a soul-less tool used by an elite few, given legitimacy from the citizenship through the elective process, a largely ceremonial event at this juncture. Even a direct democracy still surrenders power and riches to a small few - the white salary from the contract may say one price, the perks and benefits though add up to something else completely different.
I would posit something even scarier... My theory is that the US gov isn't even serving it's own interests. Allow me to explain.
While it may seem like the corruption and cronyism that has grown rampant in DC and WallStreet is a result of organic self interest, almost every larger geopolitical and geostrategic move we make is focused on the immediate short term, with a complete ignorance of future blow back. At first this just seems like self interest combined with incompetence, but after years of trying to understand the bigger picture since I participated in the Iraq war, I have come to a different conclusion:
The Supranational oligarchy, in particular the British oligarchy of London City and the vestiges of monarchy around the globe, have infiltrated and subverted our government at the very highest levels in order to bring us down from within, and pave a path for the solution side of the hegellian dialectic to be to join global government.
I actually have plenty of references and citations to back this up, but to be frank I question if the turn key totalitarian surveillance state has already been given to much power, if that dissenting will become dangerous to life at some point when they install a dictator, break all the encrypted comma stored in Utah and Texas, and start walking the cat back.
As Hitchens said, The American Revolution is the only revolution left that still stands a chance. I think McCarthy, for all his antics, was actually onto something, but he went after low totem pole people and should have focusing at the very top of agencies.
An NSA equivalent to the star chamber and a CIA formed by the teachings of the British by WallStreet lawyers (which are almost all lackeys for London), would then start to fit the current picture state of things much better than simple Machiavellianism run amok.
I think the people in government are idiots. I think most people are not as capable or intelligent as some of us would like to believe. The really smart and exceptional people are rare, and they never go into politics.
Heh, I don't think you need to be too smart to sit at the top of a bureaucratic mess, but this is just a childish X-files style conspiracy theory more than anything, and likely the result of me being disillusioned with politics in general.
I wouldn't put too much thought into what I said, since I certainly didn't.
Of course, as the government's own reports show mass surveillance doesn't prevent terrorism, and we are also seeing how poorly citizen data is being protected.
This feels very familiar. Instead of seeing a malicious organization, I'm just realizing its incompetent. Forget about Pokemon Go asking for too many permissions, your data is already lost.