"There is no way for us to defend ourselves: even skilled technologists who administer their own networked services are no match for the bandits. To keep bandits out, you have to be perfect and perfectly vigilant, and never make a single mistake. For the bandits to get you, they need merely find a single mistake that you’ve made."
Ooof. What a boot-to-the-face reminder. Despite my use of a Tor Router, three ubikeys and Google authenticator, password manager, non-GSM voice (GoogleVoice), and several hard tokens from various financial institutions, I still have no idea if I'm doing enough because I don't control any of my three OSes, including Ubuntu 18.04 (we almost missed elliptic key backdoor in OpenSSL, what else is in there?).
If what you are communicating needs to be guaranteed to never be crackable, you only need to use the oldest and most secure way of communicating before the days of internet and computers: short wave transmitted one time pad codes.
The reason that number stations continue to operate is that it really is the best way to communicate/order under surveillance which almost certainly is happening in every embassy in non-friendly countries.
One time pads are truly unbreakable and it's techniques have been refined for the past 80 years since Cold War began.
Luckily you don't need a shortwave radio anymore and the CIA I believe utilizes emoticons. Even if you intercept a bunch of smiley faces followed by a wink, how do you figure out the contents of the message when the medium to decode is completely unknowable?
It was only when they captured a few Cuban spies were they able to break the number stations operating out of Havana but this is perhaps the only case in history.
Everybody has a different standard of privacy they want. There are different levels of trade offs they can make as they become more secure. What you’re describing is the top level of security but it’s not very convenient to use. It also uses private keys which makes establishing a new connection challenging.
There are as I see it a few main security modes: stopping automated surveillance and hacking, stopping low effort surveillance and hacking, and being “perfectly” secure from the most motivated adversary.
Being perfectly secure on a networked computer is basically impossible. Governments likely have access to back doors and 0days that can compromise anyone (and keep in mind if the person on the other end has bad opsec, you’ve already lost). But they’re probably not going to unleash the fire and fury on Joe Schmo, and would probably be reluctant to target someone security-minded who might identify how they got pwned and publicize the vulnerability unless they have a damned good reason.
Most people don’t need never-crackable, they just need to be reasonably assured that only a very motivated adversary could crack them.
> Governments likely have access to back doors and 0days that can compromise anyone
* anyone running a certain configuration
Bugs don't exist in a vacuum. They exist in a specific piece of software, which usually supports a specific feature (e.g. Flash, Microsoft Word, or TCP/IP).
Curious in more informed opinions, but it seems unlikely there's a large universe of zero days applicable to every configuration out there.
Consequently, a huge part of security is (and has always been!) limiting unnecessary code. Specifically, code accepting input from network connections.
Parent's point about crypto algorithms is a form of this: one reason they're so secure, and proveably so, is because they have extremely limited attack surfaces. They take this input, they produce this output.
What I first replied to is about a specific private key algorithm that doesn’t have any patterns, and using it over something that can’t be backdoored. Using OTP is not just using crypto, it is pretty much the only “uncrackable” encryption if used properly.
My point is that using something like PGP to communicate over TOR (or even OTP over TOR) doesn’t matter if whoever you are trying to hide from has a backdoor to your OS or has the ability to exploit a vulnerability in your OS (which only requires something trivial like you having loaded some random JS in the past year). And there is no way to protect against an undocumented bug in some software you depend on other than to not use it. You can only hope that a government or criminal doesn’t care enough to burn a 0day on you.
(Of course you can still airgap a computer with the private PGP key and manually copy the encrypted data over but the question then is whether that is worth the minuscule chance of it mattering)
> no way to protect against an undocumented bug in some software you depend on
I understand the point you're making, but I feel like it's overstating the frequency.
Of all the code in a piece of software, only some amount will have bugs. Of those bugs, only some will be executable in your configuration. Of that buggy code, only some will create security issues. Of those security issues, only some will be network-exploitable.
That's a lot of partitioning.
So it's fair to say systems run on other systems, but I don't think it's fair to say it's likely that every system has an undiscovered, network accessible security vulnerability.
> If what you are communicating needs to be guaranteed to never be crackable, you only need to use the oldest and most secure way of communicating before the days of internet and computers: short wave transmitted one time pad codes.
I'd say using a dead drop is probably even older and more secure. I don't think it'd attract any extra attention unless you're already being followed.
A numbers station is really only useful to a particular use case that seems exclusive to nation-state spies: you don't care who knows you're transmitting, but you need the message and the location of the recipient to be absolutely secure.
It's not that I'm a spy. It's that I want to protect myself digitally as much as possible, despite being forced to interface with the internet by large institutions.
We can go back and time and argue about the lack of security just four decades ago (George Hayduke[1] had a series of books on how to exfiltrate info in the 60's & 70's through social engineering). However, here we are: in a virtual world that is simultaneously more secure and less secure than ever. Compare: we have evolving security protocols that are being hardend every year by attacker's pushing on them, yet our entire lives are open like never before for the picking-off by one clever blackhat.
It is maddening, and I consider myself far more cognizant of the issues than a typical chain-letter sharing, 8-char all-text passwording, facebook user.
From whom? Understanding the threat model is incredibly important to understanding how and what to defend against. It sounds like you're just chucking "security ideas" over the fence in the hopes that one might protect you.
Protection against cyber criminals and other net denizens? You're probably overkill and also not helpful in some circumstances. Tor is generally for anonymizing internet traffic, but using a financial institution is the exact opposite of anonymity.
ISP? Maybe? Depends on what you're doing and why. With DPI and other tools it's not clear cut.
Nation state? Not much you can do. Very little can protect you if Russia decides you're a person of interest.
> It sounds like you're just chucking "security ideas" over the fence in the hopes that one might protect you.
Precisely my point!
You describe a situation where "buyer beware" means staying up to date with the latest netsec and tech rags. That is simply unfeasible for the vast majority of people, including me.
But you know what: I can't get simjacked anymore because I read about that. I have stronger passwords because of hard tokens, because I read about that.
What next 50 things do I need to read about to stay "safe", and what even IS "safe"?
This is nontrivial and our identities literally depend on it. The fall-off costs are astonishingly high.
> It was only when they captured a few Cuban spies were they able to break the number stations operating out of Havana but this is perhaps the only case in history
Bad OPSEC (Reuse of pads) allowed the West to extremely painfully decrypt chunks of soviet communications - finding just how bad communist infiltration was in the process.
Read "Spycatcher" by Peter Wright. It's one of not many books on spying like this (Wright was cleaning up the mess Venona revealed for years) actually written by an intelligence officer, in clear breach of the official secrets act, and even better he was an engineer too so there are lots of tales of him reverse engineering soviet bugs like "The thing" and tracking down spurious radio emissions to find spies.
His theory about Roger Hollis is probably lost to time although MI5's complete failure to address it is probably a hint.
You can't operate a number station in someone else's country.... they might not be able to crack the code, but they can sure track down the number station and turn it off/arrest the operator.
Oh yes absolutely. There's a reason why both Korea's broadcast numbers in their respective borders. I remember when I first discovered number station....it kept me obsessed for days
You're joking, but I don't think I will be running Windows without uwfmgr.exe aka Unified Write Filter if I ever decide to use it as my main OS again. More people should be aware of it. It's only for Enterprise editions, but maybe there are similar options out there.
To go one step further, have three, or more, identical fire walled systems running and have them vote on every calculation with the votes sent to a hardwired switch, that prevents the system from advancing if there’s a disagreement, and shuts off power to the RAM if there’s too many in a row. The chances of any compromise happening to all the systems within the same nanosecond would be infinitesimal.
Wouldn't it be better to do a reinstall of the OS in the VM (or use a previous image), apply the security updates, and then reinstall any other software that was on the system?
Typically the base, non-persistent image is carefully managed to be pristine, e.g. through a tree of storage snapshots that allows reversion to known-good checkpoints.
Information security is not a matter of secure or not-secure. Throughout history, it has always been a matter of available resources and risk management.
Failing to consider security in terms of resources and risk leads to moments like this. The crushing fear that you're not doing enough, never doing enough, never sure enough...
It's a bottomless pit of anxiety. You can always add on more protections, more tools, and more layers. Your anxiety is never really soothed because you can never actually fully banish risk.
As long as you conceive of information security as deterministic or binary, you're going to struggle.
The entire point of signatures is that you don't have to trust the channel that delivers them.
The root of trust is the private key that comes with the operating system install ISO, but that you can download over HTTPS or have it delivered as physical media etc.
But the public signing key, that's already installed via presumably verified initial media is already there, so unless their private key is compromised, which would be a bigger deal ....
How does this chain of trust bootstrap for a first time (or stand alone) user who downloads Ubuntu from a non-Ubuntu system? If I've got MITM, I can change both the ISO (with the totally-not-verified public key) as well as the gpg sig to match using a private key I know (and gave you the public key to).
Sure. And how does a TLS connection for the ISO download solve this problem? You would need to make sure that the TLS connection is to the correct server. How do you check it is the right server? Probably by checking the hostname against some webpage and the TLS certificate against some CA roots in your browser. How you get the right hostname? How do you know the CA roots in your browser are correct? How do you know your browser executable and config are correct?
There's an extremely wide range of adversaries between "potentially capable of MITMing a network I use" and "potentially capable of screwing with my OS/browser's CA roots or actively acquiring and misusing an illegally obtained valid TLS cert for ubuntu.com".
Sure, most nation states can craft whatever TLS cert they want, with only some risk of bad press if they get caught signing a ubuntu.com TLS cert fraudulently via a CA they control/coerce. If those people are my adversary I'm screwed. "YOU'RE STILL GONNA GET MOSSAD'D UPON!"
A TLS connection for the download (and the gpg signature) protects against people like the disgruntled hotel IT guy, the kid futzing with the cafe wifi, an evil housemate, some crappy rooted IoT shit somebody hooked up to the wifi, an overly curious coworker or corporate IT drone, the red team in a company pen test.
I've heard the arguments here - that it's a difficult problem for all the mirror operators to add ssl certs, that it'll stop downloads being cacheable, etc. But I didn't really buy those arguments 5 years ago, and these days, with LetsEncrypt and HSTS - I think those arguments are even more bogus than they were in 2015...
Side-channel verification with the distro developers. Contact them over a channel that's unlikely to be compromised, get them to confirm that the keys in the system signature keyrings belong to them. Repeat for many channels until you get enough confidence.
Ooof. What a boot-to-the-face reminder. Despite my use of a Tor Router, three ubikeys and Google authenticator, password manager, non-GSM voice (GoogleVoice), and several hard tokens from various financial institutions, I still have no idea if I'm doing enough because I don't control any of my three OSes, including Ubuntu 18.04 (we almost missed elliptic key backdoor in OpenSSL, what else is in there?).