STE WILLIAMS

Intel’s fix for Spectre variant 2 – the branch target injection design flaw affecting most of its processor chips – is not to fix it.

Rather than preventing abuse of processor branch prediction by disabling the capability and incurring a performance hit, Chipzilla’s future chips – at least for a few years until microarchitecture changes can be implemented – will ship vulnerable by default but will include a protection flag that can be set by software.

Intel explained its approach in its technical note about Spectre mitigation, titled Speculative Execution Side Channel Mitigations. Instead of treating Spectre as a bug, the chip maker is offering Spectre protection as a feature.

The decision to address the flaw with an opt-in flag rather than activating defenses by default has left Linux kernel steward Linus Torvalds apoplectic.

Known for incendiary tirades, Torvalds does not disappoint. In a message posted to the Linux kernel mailing list on Sunday, he wrote, “As it is, the patches are COMPLETE AND UTTER GARBAGE.”

“All of this is pure garbage. Is Intel really planning on making this shit architectural?” he asked. “Has anybody talked to them and told them they are f*cking insane? Please, any Intel engineers here – talk to your managers.”

The kernel supremo wasn’t done there. In response to the suggestion from a long-time developer that the patches were a necessary “nasty hack,” Torvalds exploded:

They do literally insane things. They do things that do not make sense … The patches do things that are not sane.

WHAT THE F*CK IS GOING ON?

Torvalds’ ire arises from Intel’s plan to have future processors advertise that they include a Spectre v2 fix while also requiring that the fix is enabled at boot time by setting a flag called the IBRS_ALL bit.

IBRS refers to Indirect Branch Restricted Speculation, one of three new hardware patches Intel is offering as CPU microcode updates, in addition to the mitigation created by Google called retpoline. You’ll need this microcode from Chipzilla to fully mitigate Spectre on Intel CPUs, although, as detailed below, said microcode is unstable at the moment.

IBRS, along with Single Thread Indirect Branch Predictors (STIBP) and Indirect Branch Predictor Barrier (IBPB), prevent a potential attacker or malware from abusing branch prediction to read memory it shouldn’t – such as passwords or other sensitive information out of protected kernel memory.

Intel chips use branch prediction to look ahead into a program’s code, and do future work while completing the execution of current instructions. If the CPU guesses the right path to follow through the software, it saves time by priming itself with these instructions, which were going to be executed anyway; if not, it tosses the stuff it speculatively processed.

Being able to look into the processor’s future, the Spectre attack shows, can be dangerous. A Spectre v2 attack involves poisoning the CPU indirect branch predictor so that it speculatively executes code in a way that leaves traces in its cache revealing the contents of arbitrary memory – such as the kernel memory, which the code shouldn’t be able to snoop on.

Marketing spin

The expectation here, at least on Torvald’s part, is that a future chip addressing past flaws should include a flag or version number that tells the kernel it’s not vulnerable, so no unneeded and potentially performance-killing mitigations need to be applied. In other words, the chip should indicate to the kernel that its hardware design has been revised to remove the Spectre vulnerability, and thus does not need any software mitigations or workarounds.

Intel’s approach is backwards, making the fix opt-in. Processors can, when asked, reveal to the kernel that Spectre countermeasures are present but disabled by default, and these therefore need to be enabled by the operating system. Presumably, this is because the performance hit is potentially too annoying, or because Intel doesn’t want to appear to admit there is a catastrophic security blunder in its blueprints.

Annoyed by this convoluted approach, Torvalds himself suggested Intel’s motivation is avoiding legal liability – recalling two decades of flawed chips would be ruinously expensive – and bad benchmarks. After all, Intel is already being sued all over the place right now.

Torvalds observed that the cost of using IBRS on existing hardware is so significant that no one will set the hardware capability bits. “Nobody sane will use them, since the cost is too damn high,” he said.

The cost in terms of speed varies, depending on the hardware and workload involved. In some cases, it may be negligible, but not in all cases.

“At Lyft, we saw an approximately 20 per cent slowdown on certain system call heavy workloads on AWS C4 instances when the mitigations were rolled out,” said software engineer Matt Klein in a recent post.

Meltdown/Spectre week three: World still knee-deep in something nasty

READ MORE

The Register asked Intel whether anyone cared to address Torvalds’ complaint. We haven’t heard back.

In a separate but related note, Intel on Monday identified the problem with its Broadwell and Haswell CPU updates to mitigate Spectre v2 attacks. Its initial patch had been causing affected machines to crash, so it’s preparing a patch without the problematic bits – the Spectre v2 mitigation – that it can offer until it gets the full patch right.

“We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current [microcode] versions, as they may introduce higher than expected reboots and other unpredictable system behavior,” warned Intel, effectively freezing the rollout of fixes it earlier this month promised were golden.

“We ask that our industry partners focus efforts on testing early versions of the updated solution so we can accelerate its release. We expect to share more details on timing later this week.”

HPE is the latest biz, among Lenovo, VMware, and others, to pull Intel’s firmware update from its download pages.

“For those concerned about system stability while we finalize the updated solutions, we are also working with our OEM partners on the option to utilize a previous version of microcode that does not display these issues, but removes the Variant 2 (Spectre) mitigations,” Intel continued.

For those not concerned about system stability, it’s all good. ®

Updated to add

After this story was filed, an Intel spokesperson emailed The Register to say: “We take the feedback of industry partners seriously. We are actively engaging with the Linux community, including Linus, as we seek to work together on solutions.”

Sponsored:
Minds Mastering Machines – Call for papers now open

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2018/01/22/intel_spectre_fix_linux/

New Kroll Annual Global Fraud Risk Report says 86% of companies worldwide experienced security incidents and information theft and loss in the past twelve months.

Seventy percent of organizations worldwide suffered at least one security incident during the past year – up from 68% in the previous year, a new study by Kroll found.

Meanwhile, security incidents and information theft and loss hit some 86% of companies in the past twelve months. The new 2017/18 Kroll Annual Global Fraud Risk Report also shows that physical theft or loss of intellectual property most commonly occured these security incidents, at 41%.

“People instinctively think about data being targeted by cyber attacks, but not all threats to information are confined to the digital realm. There is a convergence between physical and digital threats, with issues arising from equipment with sensitive data being stolen or lost, for example, or employees with access to highly sensitive information accidentally or intentionally causing a breach,” said Jason Smolanoff, senior managing director and global cyber security practice leader for Kroll.

Nearly two-thirds of companies said incidents due to fraud (65%), cyber (67%), or security (66%) incidents had damaged their reputations. Some 23% say their company suffered losses of 7% or more in revenues.

Read the full report here. 

 

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/cloud/most-companies-suffer-reputation-damage-after-security-incidents/d/d-id/1330869?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Hacktivists driven by political, religious, and other causes commonly exploit basic vulnerabilities to spread their messages, researchers say.

File inclusion vulnerabilities, SQL injections, and known vulnerabilities are the most common flaws leveraged by hacktivists who launch Web defacement campaigns.

Trend Micro researchers dug into 18 years’ worth of data to produce “A Deep Dive into Defacement: How Geopolitical Events Trigger Web Attacks.” This report is the analysis of more than 13 million Web defacement reports against websites on multiple continents.

Traditional cybercriminals use Web attacks for profit. Hacktivists use Web attacks to spread political, religious, or other ideological messages. Web defacement hacktivism is the process of taking over a website with the goal of spreading a particular agenda or political ideology. Attackers compromise an organization’s site and replace the original page with their own.

“Their biggest consideration is being seen and making an impact,” says Rik Ferguson, Trend Micro’s vice president of security research. “It’s very appealing, if you’re in a politically motivated campaign, to compromise the sites of ideological opponents — but the overriding concern is to deface the website. The higher-profile [site], the better.”

Researchers found a total of 104,135 unique defacers and nearly 10 million unique compromised domains. One domain can have multiple incidents recorded. Linux is the most frequently compromised OS with 9 million incidents, followed by Windows 2003 (1.5 million).

The top seven campaigns connected to, and motivated by, real-world conflict stretched across Europe, the Middle East, and Asia. These included #OpIsrael, an anti-Israel defacement campaign, which had the most attackers; “Free Kashmir” had the greatest number of defacements. Other large campaigns were savesyria, #antiserbs, #opindia, #opfrance, and South China Sea.

In terms of the specific web vulnerabilities exploited, Ferguson points out there is significant overlap with the Open Web Application Security Project (OWASP) Top 10 list for 2017. Researchers found file inclusion vulns were most frequently exploited, with 2.4 million instances, followed by SQL injection (1.3 million) and known vulnerabilities like unpatched systems (1.2 million).

Other notable tactics include social engineering, server intrusion attacks, URL poisoning, and leveraging man-in-the-middle attacks to grab credentials. Defacers often leave their email or twitter handle on a defaced site as a type of promotion, or “cyber-tagging,” as Ferguson says.

Ferguson says many security pros are more interested in the newest, most exciting attack techniques but admits these aren’t worth worrying about. “It’s the absolute minority of people who are affected by overly complex intrusions,” he explains, adding that most people are affected by simple security oversights like poor authentication and weak password policies, not zero-days.

“As you could say with online crime in general, attackers don’t evolve their techniques until they have to,” says Ferguson. “And right now, the good guys are making it too easy.”

When hacktivism takes a malicious turn

While most hacktivists are not involved in malicious file propagation, defacement pages can unknowingly carry malicious code. Researchers discovered Ramnit malware, designed to steal banking credentials, distributed on malicious sites or packaged as fake software installers. Ramnit has evolved to have worm propagation techniques and the ability to infect files.

Researchers found 9,726 defacements included Ramnit, which infected Web defacement templates to include the malicious VBscript. This made defaced pages distribute the malware.

While this doesn’t mean hacktivists are using their powers for malicious purposes, says Ferguson, it is plausible for defacers to transition into hacking and cybercrime.

“If you’re in defacement, the only thing you’re concerned about is getting a toehold on the Internet-facing infrastructure so you can make the content changes you want to make,” he continues. “If your interest is … maintaining your presence and exfiltrating data, you’re going to not only need an initial point of entry, but the tools, techniques, and expertise for data exfiltration.”

That said, it wouldn’t take much for defacers to cause damage, he notes. With their initial point of entry, they would only need to invest in an exploit kit and use simple JavaScript to make their operation more malicious. The Internet of Things will be a growing area of concern as hacktivists expand their tactics from standard websites to include IoT-connected devices.

How to protect your business

“First and most important is about configuration and implementation,” says Ferguson. Walking through a wizard and using standard configuration for your Web server isn’t good enough. You need to make sure you lock down access with strong authentication, preferably multifactor, and strong passwords.

He also emphasizes the importance of using Web application firewalls to monitor traffic and block exploit attempts, which he calls an “absolute basic step,” as well as applying patches to Web infrastructure as they are available. When this isn’t possible, as is the case for many organizations, you should have host-based server protection technology for vulnerabilities so they can’t be exploited before the patch can be applied.

Related Content:

• BEC Attacks to Exceed $9B in 2018: Trend Micro
• Feds Team with Foreign Policy Experts to Assess US Election Security
• Schneider Electric: TRITON/TRISIS Attack Used 0-Day Flaw in its Safety Controller System, and a RAT
• Threats from Russia, North Korea Loom as Geopolitics Spills into Cyber Realm

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/file-inclusion-vulns-sql-injection-top-web-defacement-tactics/d/d-id/1330870?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Cause of reboot problems with its Broadwell and Haswell microprocessor patching now identified, the chipmaker said.

Intel is now advising its customers and partners to halt the installation of patches for its Broadwell and Haswell microprocessor systems in the wake of recent reports of reboot problems. 

Navin Shenoy, executive vice president and general manager of the Data Center Group at Intel, today said in a post that Intel soon will be issuing a fix for the patch. In the meantime, he says customers should refrain from applying the problematic patches.

“We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior,” he said.

Word that customers were experiencing higher system reboot problems began circulating earlier this month, and Intel issued an advisory  about the problem on Jan. 11.

“We have now identified the root cause for Broadwell and Haswell platforms, and made good progress in developing a solution to address it. Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been completed,” he said.

Intel early this month issued updates for most of its modern microprocessors after researchers from Google’s Project Zero Team, Cyberus Technology, Graz University of Technology, University of Pennsylvania, the University of Maryland, Rambus, and University of Adelaide and Data61, all discovered critical flaws in a method used for performance optimization that could allow an attacker to read sensitive system memory, which could contain passwords, encryption keys, and emails, for example. The vulnerabilities affect CPUs from Intel, AMD, and ARM.

The so-called Meltdown and Spectre hardware vulnerabilities allow for so-called side-channel attacks: in the case of Meltdown, that means sensitive information in the kernel memory is at risk of being accessed nefariously, and for Spectre, a user application could read the kernel memory as well as that of another application. So an attacker could read sensitive system memory, which could contain passwords, encryption keys, and emails – and use that information to help craft a local attack.

Intel recommends that customers and OEMs refer to its Intel.com Security Center site for more details on the fix for the Spectre and Meltdown fix.

Related Content:

• Critical Microprocessor Flaws Affect Nearly Every Machine
• Vendors Rush to Issue Security Updates for Meltdown, Spectre Flaws
• Meltdown, Spectre Likely Just Scratch the Surface of Microprocessor Vulnerabilities
• Microsoft Confirms Windows Performance Hits with Meltdown, Spectre Patches

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/intel-says-to-stop-applying-problematic-spectre-meltdown-patch-/d/d-id/1330871?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Latest version targets systems running ARC processors.

The authors of the Satori IoT malware family have dramatically increased their pool of bot recruits for attack botnets with a new version of the tool targeting systems running ARC processors.

The latest Satori variant, the fourth since the malware first surfaced in Dec. 2017, appears to be the first aimed specifically at ARC chipsets, DDoS attack mitigation vendor Arbor Networks said in an advisory this week.   

ARC processors are 32-bit power-efficient CPUs that are used in a wide range of applications including automotive, industrial, and IoT. More than 1.5 billion embedded systems containing ARC cores ship every year, including electronic steering controls and infotainment systems in cars, as well as personal fitness bands and digital TV set tops, and smart thermostats.

Like other Satori variants, the newest one also leverages the Mirai code base. Like Mirai, it is designed to propagate through credential scanning, meaning the malware can potentially infect any ARC device with default and easily guessable telnet usernames and passwords. The previous Satori variant specifically targeted Huawei routers.

It’s hard to say which specific ARC-based devices the Satori authors are hoping to target because of the huge installed base of systems, says Peter Arzamendi, security researcher at NETSCOUT, Arbor’s Security Engineering Response Team. 

However, “botnets that target new and novel types of IoT devices is the new normal,” he says. “With the proliferation of IoT and BYOD, enterprises will need to understand how to both defend these devices and be able to respond when they are compromised,” Arzamendi says.

Support for ARC processors allows Satori variants to target a wide range of systems including those based on Intel, ARM, MIPS, PPC, and SuperH processor architectures. All of the variants differ slightly in targeting and in capabilities.

Building malware for a new processor architecture like ARC is not too difficult an endeavor and only requires a compiler that supports the architecture, and some open source tools to help with porting code, says Arzamendi.

“IoT [botnets] depend on compromising as many devices as possible. Threat actors will have less competition by focusing on new types of devices that others are not targeting,” he says of the latest Satori development.

On Defense

With DDoS-capable malware available for a wider range of Internet-connected devices than when Mirai first surfaced in late 2016, network operators need to review their defense strategies, according to Arbor.

In addition to protections against DDoS attacks, businesses need to ensure their own IoT network and device is not being used in DDoS attacks, Arbor said. “The collateral damage due to scanning and outbound DDoS attacks alone can be crippling if network architectural and operational best current practices are not proactively implemented,” the security vendor said in its advisory.

Adam Meyers, vice president of intelligence at CrowdStrike, says organizations need to invest in DDoS protection if they haven’t done so already, and ensure they know what to do in the event of an attack. Tabletop exercises are a great way to ensure that all stakeholders are in lockstep when an attack does occur, he says.

“Protecting against IoT botnets will become increasingly difficult as IoT devices age in place,” Meyers says. “A bulk of these devices is going to remain deployed as long as they continue to function, and patching will not be widespread. In addition, new vulnerabilities in some of these platforms will continue to be identified.”

In addition to DDoS attacks, enterprises should also be aware of the fact that IoT botnets can be used for other purposes such as: creating a non-attribution proxy network for criminal enterprises, distributing spam, and hosting Web content for phishing.

Related Content:

• Hacker Targeted Huawei Router 0-Day in Attempt to Create New Mirai Botnet
• IOTroop Botnet Hits Over a Million Organizations in Under 30 Days
• ‘Reaper’ IoT Botnet Likely a DDoS-for-Hire Tool
• 8 Ways IoT Manufacturers Can Improve Security

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year … View Full Bio

Article source: https://www.darkreading.com/vulnerabilities---threats/satori-botnet-malware-now-can-infect-even-more-iot-devices/d/d-id/1330875?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

This article was inspired by Elonka Dunin’s Schmoocon 2018 presentation about this fascinating topic.
Dunin’s original paper, Cipher on the William and Elizebeth Friedman tombstone at Arlington National Cemetery is solved, was published in April 2017.
Hat tip to Iain Thomson at The Register for writing up Dunin’s talk at Schmoocon.

William and Elizebeth Friedman were a husband-and-wife team who were amongst the very first US government cryptographers.

Their careers started just before the US entered World War One in 1917, and continued through and beyond World War Two.

William died in 1969; Elizebeth (apparently, her mother liked the name Elizabeth but but not Eliza, and chose the unusual spelling to prevent unwanted abbreviations) in 1980:

William was an army Colonel, so their joint tombstone is in the Arlington National Cemetery, just across the river from Washington DC, the capital of the United States.

Of course, the tombstone didn’t always look like the picture above – it was commissioned by Elizebeth after she was widowed; obviously, her name was added only after her death more than a decade later.

The phrase at the bottom, KNOWLEDGE IS POWER, was a favourite sayings of William’s, so much so that he encoded it into the graduation photograph of the army cryptography course that he and Elizebeth taught in 1918:

The code used here is what’s known as a Bacon cipher, essentially a 5-bit binary encoding of the letters of the alphabet:

Bacon used A and B, but you can replace them with 0 and 1 and treat the codes as binary numbers.

Bacon’s idea was to hide the As and Bs (or zeros and ones) in regular printed text by using different faces, weights, styles or sizes for successive characters, or by other minor differences in a picture or diagram.

In the graduation photo above, the As and Bs were encoded by whether the person was looking directly at the camera, or to one side.

Below, however, I’ve done it by mixing mixed two typacefaces, American Typewriter (the one with the serifs, or flourishes, on each letter) and Arial Black (with clean edges and uniform stroke widths):

Marked up with colours, the differences are easier to see:

Spaced cleanly into fives, as required in the Bacon cipher, with black for Bacon’s Bs and red for the As, we can easily decode it:

Bacon redux

Guess what?

The Friedmans originally met and married when they were working together on a project to investigate the many historical claims that Shakespeare’s plays were written anonymously by some other author.

Sir Francis Bacon is one of the authors often proposed as “the real Shakespeare”, allegedly on the basis of messages left behind – in the Bacon cipher, of course – in contemporary texts.

But the Friedmans published a definitive book in 1957, entitled The Shakespearean Ciphers Examined: An analysis of cryptographic systems used as evidence that some author other than William Shakespeare wrote the plays commonly attributed to him.

The book pretty much settled the matter: the Baconian theory of Shakespearean authorship was debunked for ever.

Fast forward to the twenty-first century.

Elonka Dunin, a renowned video game creator and cryptographic historian, visited Arlington Cemetery to pay her respects at the Friedmans’ grave, and her attention was quite understandably drawn to the words at the bottom of the tombstone:

If you were Elizebeth, you’d have squeezed a cryptogram in there, wouldn’t you?

Look closely and you will see that some of the letters do not have serifs – the little strokes that are obvious on the strokes of letters such as K and G above – even though all the other writing on the tombstone is carved in a serif face.

With a bit of care (the letter O doesn’t have strokes, but is typically thinner at top and bottom in a serif face), you can make out a pattern on the tombstone:

The characters differences are subtle, at least in the low-resolution image here, but we agree with Dunin’s assessment of how this comes out:

Dunin found additional evidence that Elizebeth planned this all along, and thus that there is no wishful thinking here, thanks to an image found in the Elizebeth Smith Friedman collection:

To make the image above a bit easier to read, we fiddled with the levels in the image, which is why it looks somewhat unnatural; however, that brought out some additional details.

Although the words KNOWLEDGE IS POWER have apparently been added in later in a different hand with what looks like a ballpoint pen, you can see that this paper note definitely relates to the tombstone design if you flip it over and read the other side:

Knowledge is power, indeed.

What a splendid memento!

PS. Can you make out any more of the text on the other side of the note? You can use the colour-tweaked version we have here, or try your own enhancements of the original from Dunin’s paper. (We used GIMP’s Levels operator and did a Flip horizontally.) What about the numbers at the bottom? We think we can see 3 ft 6 in high and 3 [??] 2 [???] (presumably the width), but there’s more data there for the finding. Let us know what you think you’ve got!

Follow @NakedSecurity
Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/thDB27YqO78/

This article was inspired by Elonka Dunin’s Schmoocon 2018 presentation about this fascinating topic.
Dunin’s original paper, Cipher on the William and Elizebeth Friedman tombstone at Arlington National Cemetery is solved, was published in April 2017.
Hat tip to Iain Thomson at The Register for writing up Dunin’s talk at Schmoocon.

William and Elizebeth Friedman were a husband-and-wife team who were amongst the very first US government cryptographers.

Their careers started just before the US entered World War One in 1917, and continued through and beyond World War Two.

William died in 1969; Elizebeth (apparently, her mother liked the name Elizabeth but but not Eliza, and chose the unusual spelling to prevent unwanted abbreviations) in 1980:

William was an army Colonel, so their joint tombstone is in the Arlington National Cemetery, just across the river from Washington DC, the capital of the United States.

Of course, the tombstone didn’t always look like the picture above – it was commissioned by Elizebeth after she was widowed; obviously, her name was added only after her death more than a decade later.

The phrase at the bottom, KNOWLEDGE IS POWER, was a favourite sayings of William’s, so much so that he encoded it into the graduation photograph of the army cryptography course that he and Elizebeth taught in 1918:

The code used here is what’s known as a Bacon cipher, essentially a 5-bit binary encoding of the letters of the alphabet:

Bacon used A and B, but you can replace them with 0 and 1 and treat the codes as binary numbers.

Bacon’s idea was to hide the As and Bs (or zeros and ones) in regular printed text by using different faces, weights, styles or sizes for successive characters, or by other minor differences in a picture or diagram.

In the graduation photo above, the As and Bs were encoded by whether the person was looking directly at the camera, or to one side.

Below, however, I’ve done it by mixing mixed two typacefaces, American Typewriter (the one with the serifs, or flourishes, on each letter) and Arial Black (with clean edges and uniform stroke widths):

Marked up with colours, the differences are easier to see:

Spaced cleanly into fives, as required in the Bacon cipher, with black for Bacon’s Bs and red for the As, we can easily decode it:

Bacon redux

Guess what?

The Friedmans originally met and married when they were working together on a project to investigate the many historical claims that Shakespeare’s plays were written anonymously by some other author.

Sir Francis Bacon is one of the authors often proposed as “the real Shakespeare”, allegedly on the basis of messages left behind – in the Bacon cipher, of course – in contemporary texts.

But the Friedmans published a definitive book in 1957, entitled The Shakespearean Ciphers Examined: An analysis of cryptographic systems used as evidence that some author other than William Shakespeare wrote the plays commonly attributed to him.

The book pretty much settled the matter: the Baconian theory of Shakespearean authorship was debunked for ever.

Fast forward to the twenty-first century.

Elonka Dunin, a renowned video game creator and cryptographic historian, visited Arlington Cemetery to pay her respects at the Friedmans’ grave, and her attention was quite understandably drawn to the words at the bottom of the tombstone:

If you were Elizebeth, you’d have squeezed a cryptogram in there, wouldn’t you?

Look closely and you will see that some of the letters do not have serifs – the little strokes that are obvious on the strokes of letters such as K and G above – even though all the other writing on the tombstone is carved in a serif face.

With a bit of care (the letter O doesn’t have strokes, but is typically thinner at top and bottom in a serif face), you can make out a pattern on the tombstone:

The characters differences are subtle, at least in the low-resolution image here, but we agree with Dunin’s assessment of how this comes out:

Dunin found additional evidence that Elizebeth planned this all along, and thus that there is no wishful thinking here, thanks to an image found in the Elizebeth Smith Friedman collection:

To make the image above a bit easier to read, we fiddled with the levels in the image, which is why it looks somewhat unnatural; however, that brought out some additional details.

Although the words KNOWLEDGE IS POWER have apparently been added in later in a different hand with what looks like a ballpoint pen, you can see that this paper note definitely relates to the tombstone design if you flip it over and read the other side:

Knowledge is power, indeed.

What a splendid memento!

PS. Can you make out any more of the text on the other side of the note? You can use the colour-tweaked version we have here, or try your own enhancements of the original from Dunin’s paper. (We used GIMP’s Levels operator and did a Flip horizontally.) What about the numbers at the bottom? We think we can see 3 ft 6 in high and 3 [??] 2 [???] (presumably the width), but there’s more data there for the finding. Let us know what you think you’ve got!

Follow @NakedSecurity
Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/thDB27YqO78/

This article was inspired by Elonka Dunin’s Schmoocon 2018 presentation about this fascinating topic.
Dunin’s original paper, Cipher on the William and Elizebeth Friedman tombstone at Arlington National Cemetery is solved, was published in April 2017.
Hat tip to Iain Thomson at The Register for writing up Dunin’s talk at Schmoocon.

William and Elizebeth Friedman were a husband-and-wife team who were amongst the very first US government cryptographers.

Their careers started just before the US entered World War One in 1917, and continued through and beyond World War Two.

William died in 1969; Elizebeth (apparently, her mother liked the name Elizabeth but but not Eliza, and chose the unusual spelling to prevent unwanted abbreviations) in 1980:

William was an army Colonel, so their joint tombstone is in the Arlington National Cemetery, just across the river from Washington DC, the capital of the United States.

Of course, the tombstone didn’t always look like the picture above – it was commissioned by Elizebeth after she was widowed; obviously, her name was added only after her death more than a decade later.

The phrase at the bottom, KNOWLEDGE IS POWER, was a favourite sayings of William’s, so much so that he encoded it into the graduation photograph of the army cryptography course that he and Elizebeth taught in 1918:

The code used here is what’s known as a Bacon cipher, essentially a 5-bit binary encoding of the letters of the alphabet:

Bacon used A and B, but you can replace them with 0 and 1 and treat the codes as binary numbers.

Bacon’s idea was to hide the As and Bs (or zeros and ones) in regular printed text by using different faces, weights, styles or sizes for successive characters, or by other minor differences in a picture or diagram.

In the graduation photo above, the As and Bs were encoded by whether the person was looking directly at the camera, or to one side.

Below, however, I’ve done it by mixing mixed two typacefaces, American Typewriter (the one with the serifs, or flourishes, on each letter) and Arial Black (with clean edges and uniform stroke widths):

Marked up with colours, the differences are easier to see:

Spaced cleanly into fives, as required in the Bacon cipher, with black for Bacon’s Bs and red for the As, we can easily decode it:

Bacon redux

Guess what?

The Friedmans originally met and married when they were working together on a project to investigate the many historical claims that Shakespeare’s plays were written anonymously by some other author.

Sir Francis Bacon is one of the authors often proposed as “the real Shakespeare”, allegedly on the basis of messages left behind – in the Bacon cipher, of course – in contemporary texts.

But the Friedmans published a definitive book in 1957, entitled The Shakespearean Ciphers Examined: An analysis of cryptographic systems used as evidence that some author other than William Shakespeare wrote the plays commonly attributed to him.

The book pretty much settled the matter: the Baconian theory of Shakespearean authorship was debunked for ever.

Fast forward to the twenty-first century.

Elonka Dunin, a renowned video game creator and cryptographic historian, visited Arlington Cemetery to pay her respects at the Friedmans’ grave, and her attention was quite understandably drawn to the words at the bottom of the tombstone:

If you were Elizebeth, you’d have squeezed a cryptogram in there, wouldn’t you?

Look closely and you will see that some of the letters do not have serifs – the little strokes that are obvious on the strokes of letters such as K and G above – even though all the other writing on the tombstone is carved in a serif face.

With a bit of care (the letter O doesn’t have strokes, but is typically thinner at top and bottom in a serif face), you can make out a pattern on the tombstone:

The characters differences are subtle, at least in the low-resolution image here, but we agree with Dunin’s assessment of how this comes out:

Dunin found additional evidence that Elizebeth planned this all along, and thus that there is no wishful thinking here, thanks to an image found in the Elizebeth Smith Friedman collection:

To make the image above a bit easier to read, we fiddled with the levels in the image, which is why it looks somewhat unnatural; however, that brought out some additional details.

Although the words KNOWLEDGE IS POWER have apparently been added in later in a different hand with what looks like a ballpoint pen, you can see that this paper note definitely relates to the tombstone design if you flip it over and read the other side:

Knowledge is power, indeed.

What a splendid memento!

PS. Can you make out any more of the text on the other side of the note? You can use the colour-tweaked version we have here, or try your own enhancements of the original from Dunin’s paper. (We used GIMP’s Levels operator and did a Flip horizontally.) What about the numbers at the bottom? We think we can see 3 ft 6 in high and 3 [??] 2 [???] (presumably the width), but there’s more data there for the finding. Let us know what you think you’ve got!

Follow @NakedSecurity
Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/thDB27YqO78/

This article was inspired by Elonka Dunin’s Schmoocon 2018 presentation about this fascinating topic.
Dunin’s original paper, Cipher on the William and Elizebeth Friedman tombstone at Arlington National Cemetery is solved, was published in April 2017.
Hat tip to Iain Thomson at The Register for writing up Dunin’s talk at Schmoocon.

William and Elizebeth Friedman were a husband-and-wife team who were amongst the very first US government cryptographers.

Their careers started just before the US entered World War One in 1917, and continued through and beyond World War Two.

William died in 1969; Elizebeth (apparently, her mother liked the name Elizabeth but but not Eliza, and chose the unusual spelling to prevent unwanted abbreviations) in 1980:

William was an army Colonel, so their joint tombstone is in the Arlington National Cemetery, just across the river from Washington DC, the capital of the United States.

Of course, the tombstone didn’t always look like the picture above – it was commissioned by Elizebeth after she was widowed; obviously, her name was added only after her death more than a decade later.

The phrase at the bottom, KNOWLEDGE IS POWER, was a favourite sayings of William’s, so much so that he encoded it into the graduation photograph of the army cryptography course that he and Elizebeth taught in 1918:

The code used here is what’s known as a Bacon cipher, essentially a 5-bit binary encoding of the letters of the alphabet:

Bacon used A and B, but you can replace them with 0 and 1 and treat the codes as binary numbers.

Bacon’s idea was to hide the As and Bs (or zeros and ones) in regular printed text by using different faces, weights, styles or sizes for successive characters, or by other minor differences in a picture or diagram.

In the graduation photo above, the As and Bs were encoded by whether the person was looking directly at the camera, or to one side.

Below, however, I’ve done it by mixing mixed two typacefaces, American Typewriter (the one with the serifs, or flourishes, on each letter) and Arial Black (with clean edges and uniform stroke widths):

Marked up with colours, the differences are easier to see:

Spaced cleanly into fives, as required in the Bacon cipher, with black for Bacon’s Bs and red for the As, we can easily decode it:

Bacon redux

Guess what?

The Friedmans originally met and married when they were working together on a project to investigate the many historical claims that Shakespeare’s plays were written anonymously by some other author.

Sir Francis Bacon is one of the authors often proposed as “the real Shakespeare”, allegedly on the basis of messages left behind – in the Bacon cipher, of course – in contemporary texts.

But the Friedmans published a definitive book in 1957, entitled The Shakespearean Ciphers Examined: An analysis of cryptographic systems used as evidence that some author other than William Shakespeare wrote the plays commonly attributed to him.

The book pretty much settled the matter: the Baconian theory of Shakespearean authorship was debunked for ever.

Fast forward to the twenty-first century.

Elonka Dunin, a renowned video game creator and cryptographic historian, visited Arlington Cemetery to pay her respects at the Friedmans’ grave, and her attention was quite understandably drawn to the words at the bottom of the tombstone:

If you were Elizebeth, you’d have squeezed a cryptogram in there, wouldn’t you?

Look closely and you will see that some of the letters do not have serifs – the little strokes that are obvious on the strokes of letters such as K and G above – even though all the other writing on the tombstone is carved in a serif face.

With a bit of care (the letter O doesn’t have strokes, but is typically thinner at top and bottom in a serif face), you can make out a pattern on the tombstone:

The characters differences are subtle, at least in the low-resolution image here, but we agree with Dunin’s assessment of how this comes out:

Dunin found additional evidence that Elizebeth planned this all along, and thus that there is no wishful thinking here, thanks to an image found in the Elizebeth Smith Friedman collection:

To make the image above a bit easier to read, we fiddled with the levels in the image, which is why it looks somewhat unnatural; however, that brought out some additional details.

Although the words KNOWLEDGE IS POWER have apparently been added in later in a different hand with what looks like a ballpoint pen, you can see that this paper note definitely relates to the tombstone design if you flip it over and read the other side:

Knowledge is power, indeed.

What a splendid memento!

PS. Can you make out any more of the text on the other side of the note? You can use the colour-tweaked version we have here, or try your own enhancements of the original from Dunin’s paper. (We used GIMP’s Levels operator and did a Flip horizontally.) What about the numbers at the bottom? We think we can see 3 ft 6 in high and 3 [??] 2 [???] (presumably the width), but there’s more data there for the finding. Let us know what you think you’ve got!

Follow @NakedSecurity
Follow @duckblog

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/thDB27YqO78/

Shmoocon An analysis of comments submitted to the United States Federal Communications Commission’s consultation on the future of the nation’s net neutrality rules has shown the whole process of public comments was fatally flawed.

Speaking at the Shmoocon hacking conference in Washington DC, Leah Figueroa, lead data engineer at data analytics biz Gravwell, detailed how analysing net neutrality comments showed massive anomalies.

In particular, Figueroa spotted that over a million messages were sent by commenters using P*rnHub.com email addresses. Given that the super-smut site only has 55 employees, and doesn’t hand out email accounts to netizens, either each staffer sent in 18,000 comments, or people were sending in volumes of rants using faked addresses.

And it’s most likely the latter because the FCC did not verify whether or not someone writing in really owned the email address they provided. The whole thing shows that it was possible for people to spam the regulator with thousands upon thousands of comments, making it look as though there was huge support for or against the network neutrality protections.

Net neutrality comments close: Let the BS begin!

READ MORE

“As of July 2017 P*rnHub had only 55 employees, which means either they sent all out over 18,000 submissions per person or there was something unusual going on,” she said.

Figueroa analysed submissions from over 22 million comments to the FCC and found a lot of odd behavior. Over a thousand came from [email protected] for example, and that address is linked to an Indian GitHub repository.

At the heart of the matter is the fact that the FCC allowed batch submissions of comments on its net neutrality proposals without verifying email addresses. Figueroa said plenty of these looked looked inauthentic. Hundreds of thousands of comments were submitted at exactly midnight on four separate days in July – hardly normal behavior.

The majority of these batch submissions were anti-net neutrality, and if you strip them out only about 17 per cent of the comments actually came from likely-to-be-people logging on to the FCC’s website and filing a personal message.

Even after the batch-submitted comments were removed the pattern of comments still looks suspect. Many appeared to have come from bots and the timing of submissions didn’t always sync with the US times you’d expect. Such submissions were also typically in ALL CAPS, rather than conventional text.

After removal of the oddly-sourced-or-worded comments, the vast majority of the comments submitted directly to the FCC’s website supported net neutrality.

However, in the end it didn’t matter that much, because the Republican members of the FCC decided that comments wouldn’t influence their decision. Commissioner Michael O’Rielly argued that the agency didn’t have to take comments into account when it made its decision on strictly party-political lines.

New York Attorney General Eric Schneiderman has said he is investigating the comments process on the grounds that some of his constituents may have suffered from identity theft. However, the FCC has backtracked on an earlier promise to cooperate and is now stonewalling any investigation.

American democracy – ain’t it great? ®

Sponsored:
Minds Mastering Machines – Call for papers now open

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2018/01/22/smut_site_fingered_for_fraud_after_a_million_net_neutrality_comments_get_sent/