Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
It's time for security now. Steve
0:02
Gibson is here. less to talk
0:04
about. Most importantly that Apple exploit
0:06
that everybody said it was on
0:08
patch of all the end of
0:10
the world see says that so
0:13
fast. Go fetch er topic next
0:15
Security Now. This. Episode is
0:17
brought to you by Z Scalar,
0:19
the leader and cloud security cyber
0:21
attackers are now using a I
0:24
and creative ways to compromise users
0:26
and breach organizations. In a security
0:28
landscape where you must fight a
0:31
I with a I. The best
0:33
day I protection comes from having
0:35
the best data. Z Scalar has
0:37
extended his Zero Trust architecture with
0:40
powerful Ai engines that are trained
0:42
in tuned by five hundred trillion
0:44
daily signals. Learn more about. Zscalar
0:47
Zero Trust plus ai
0:49
to prevent ran somewhere
0:51
and ai attacks. Experience
0:54
your world secured. Visit
0:56
zscalar.com/zero Trust A I.
1:01
Guess you love from people
1:03
you trust? This
1:06
is tweaked. This.
1:12
Is Security now? Steve Gibson
1:14
Episode Nine Hundred Sixty Seven
1:16
Recorded Tuesday, March Twenty Sixth.
1:18
Twenty Twenty Four. Go.
1:20
Fetch. This. Episode
1:22
of Security Now is brought
1:24
to you by Bit Warden
1:26
the password manager offering a
1:28
cost effective solution that can
1:30
dramatically increase your chances of
1:32
staying safe on. Line.
1:35
But Warden has just launched a new
1:37
feature I love this called Inline Auto
1:39
Fill. The. Makes it easier than ever
1:41
to log into web sites. I know is
1:44
when it happened I went oh this is
1:46
great. A dropdown menu will appear when you
1:48
select a user name or password field and
1:50
most sites letting you quickly choose which log
1:53
in you wanna use. Clicking on the log
1:55
in or of fills the username and password
1:57
and you're in. And by the way if
1:59
you're. The site. I. Know I
2:01
use it with Google. I use it with
2:03
a kid hub that supports pass keys Ula.
2:06
you'll like it even better. Click the length
2:08
as as use your pesky bit. Warden can
2:10
store all your past east which is nice
2:12
to bring it with you to every platform
2:14
but wardens on instant larger. If your current
2:17
user you gotta turn this feature on the
2:19
auto So feature. Go to settings and select
2:21
auto, fill the news the drop down box
2:23
and show auto so menu in the form
2:25
fields to pick which option works best for
2:28
you. It's loves a I love about the
2:30
or. A. Are they give
2:32
you a choice? It's open source software
2:34
which means it's free for life for
2:36
individual users and that means many passwords
2:38
is he was many devices you once
2:41
you've even use pass keys and hardware
2:43
and so the case and keys and
2:45
the Qb keys free forever be or
2:47
name by Wired is best For most
2:50
people honored by Fast Company is twenty
2:52
one of the twenty twenty three brands
2:54
that matter and security and it's the
2:56
only password Manager Steve and I use
2:59
them. Wonder Bit Warden is the. Open
3:01
Source Password Manager trusted by millions.
3:03
Get started with that words. Free
3:05
trial of a team. Or.
3:08
Enterprise Plan or get started for
3:10
free across all devices As an
3:12
individual user. Bit. warden.com/twist.
3:16
That's been warden.com/to it.
3:20
Is. Time for security. Now you say
3:22
the time I look forward to. All.
3:25
Week in this case for last three
3:27
weeks. Thank you to make the surgeon
3:29
for Silliman Steve Gibson the man about
3:31
town is here. talks as your as
3:33
he. Might. To did a great job.
3:36
He at help around the the alert and was
3:38
engaging and and good. I'm glad you like him
3:40
because in about a year he's going to be
3:42
in charge of the whole damn thing. I
3:46
notice you do in the Leonard Nimoy
3:48
salute. Does one say it's live long
3:50
and prosper day? Leonard Nimoy, his birthday.
3:52
Would be today March Twenty six. So.
3:55
That my boy he was born and thirty
3:57
one I think l. L. And
4:01
last time we saw abuse look at
4:03
it to via know he him he
4:05
in the old Captain Kirk are still
4:07
is the morning so live I thought
4:10
he'd past he stole that's right I
4:12
remember he did as of yours is
4:14
well I haven't yet and he and
4:16
I have the same birthday oh you
4:18
were organized thirty one however no no
4:21
no no that happened today I did
4:23
I know had happy birthday. While.
4:26
You are, So that means you're You're four
4:28
months older than me. Yes
4:30
I am as well as and a
4:32
couple years right or no a mid
4:35
I'm November Fifty six, your March Fifty
4:37
Five. So yet around one year and
4:39
in a few months? okay yeah. So
4:43
a happy birthday good Do anything special to
4:45
celebrate. Thank you add of wait We initially
4:47
had some plans to go have a fancy
4:49
dinner but you know I but I said
4:51
the to. Laurie. Yesterday I
4:53
said, you know. That is would
4:56
rather have a nice steak at home
4:58
so altitude even. Yep some beautiful stats
5:00
was he said actually does it make
5:02
a great wisely and it's aftermath of
5:04
the was it a super You know
5:06
you'll be. Yeah. But we are
5:08
When I was a kid my mom
5:10
there's a birthday dinner that was the
5:13
same every year my mom would make
5:15
for as I look forward to those
5:17
wonderful yellow. Happy though we have a.
5:20
Mendis. Podcast. Today
5:23
of course it's titled Go
5:25
Fetch which is. The.
5:28
That name that's been given. By.
5:31
The. I. Would call
5:33
it the discovers but as
5:35
sort of the rediscovers because
5:37
they first stumbled onto this
5:39
two years ago. Oh interest
5:41
Oh, brought it up. And.
5:43
In fact, my theory is it's the
5:45
reason that the M Three chip has
5:47
a switch. Which. What? M
5:50
One and M Two dozen members. Because.
5:53
They kind of scared apple but
5:55
then, but they weren't really able
5:57
to make a strong case. Well,
6:00
Why that case been made Now and veg.
6:02
We're gonna start off when we talk about
6:04
this theory and and as to have an
6:06
hour so. About
6:09
how wound up that tech
6:11
press has gotten and l.
6:13
Miss. Wound because boy did they get
6:15
it wrong. But we'll have some fun with
6:18
that. And and again, this is Gabi. One
6:20
of our listeners favorite types of episodes because
6:22
it's gonna be a deep dive. So did
6:24
out your propeller tap beanies and why them
6:27
up? Because we're I'm you. By the time
6:29
were done, Every. One is
6:31
gonna understand exactly what happened.
6:34
Why? It happened to how it happened.
6:36
What it means. And.
6:39
Like you do, kids get up, go to
6:41
a cocktail party and really put your friends
6:43
to sleep. Well I've
6:45
been seeing as we been talking about obviously.
6:48
Orbs, On trade and to they a
6:50
metric weekend Amazon you know? I'm sure Steve
6:52
will cover this and I'm and much more
6:54
accurately. And much more granular is
6:56
so soon industry now today. Such a bad
6:59
idea. Only one I don't coordinate with you.
7:01
I just figured oh, he's going to jump
7:03
into this one so go say I'm also
7:05
gonna jump it briefly. Because.
7:08
I'm not a legal scholar or experts
7:10
to live. A couple of to say
7:12
about the Us Department of Justice's anti
7:14
Trust suit against Apple. There are so
7:17
arguments the they'll make about that. Our
7:19
security related zone says it's hands on
7:21
on us. A little bits about just
7:23
sort of have a little sort of
7:26
an overview of of that. and you
7:28
know, capitalism and monopolies and so forth.
7:30
Us We're going to update on General
7:32
Motors Autumnal. Have you heard about this
7:35
Leo? This astonishing violation of their car
7:37
owners privacy. Oh boy. Oh.
7:39
Boy as unbelievable us. Also we're
7:41
going to look at were answered
7:43
the question. What? Happy news
7:45
is Super Sushi Samurai's solas really up
7:48
to their a day I don't I
7:50
was at his okay whether Apple were
7:52
also good or will look at whether
7:54
Apple has a band that it's plans
7:56
you are talking about. This is the
7:58
and Mack break actually. For his
8:00
home kit, compatible routers and of
8:02
what appears to be shaping up
8:04
to take their place. Will.
8:07
Are private networks? Oh this
8:09
is cool. Gonna be receiving
8:11
their own domain names. I
8:13
can has been busy and
8:15
if so what is it
8:17
or the Un has spoken
8:19
out about a I've does
8:21
anyone care and what do
8:23
I think the prospects are
8:25
of us controlling a I
8:27
what's significant European country just
8:30
blocked telegram Also what did
8:32
the just finished twenty twenty
8:34
four posts to own competition
8:36
teachers. Once again, Might.
8:39
The U S be hanging back.
8:42
Against. China as they are
8:44
against us. I've long been bemoaning
8:46
the fact that we never hear
8:48
anything about the other Direction. Well,
8:51
we've heard something and after a
8:53
bit of interesting spin, right, update
8:55
news that a bit of feedback
8:58
from our listeners. As I said,
9:00
we're gonna spend the rest of
9:02
our time looking into last week's
9:05
quite explosive headlines about the apparently
9:07
horrific and six civil toxic flaws
9:09
in Apple's M series. A similar.
9:12
To on. Just how bad
9:14
is it? Okay
9:16
good as I've been saying don't worry but
9:18
will buy that was or where the real
9:20
expert has to say in a just a
9:22
little bit. I look forward to that are
9:25
course we do have a fantastic picture of
9:27
the we as courtesy of our marvelous listeners.
9:29
A great life fact I think something everybody
9:31
why want to adopt a threat. But
9:34
first let me tell you as a
9:37
you definitely want to adopt which is
9:39
our favorite little honey pot. Thinks.
9:41
It's canary Now The canary is
9:43
designed by as I'm a very
9:46
smart fellows who for years talk
9:48
governments and companies, how to avoid
9:50
break ins actually be taught him
9:52
how to break into computers. Some
9:54
cases they've learned a lot and
9:57
they know the one of the
9:59
biggest. Read. To. You
10:01
and your network and me in mind that
10:03
work until all of us is not. You
10:05
know the perimeter defense keeping the bad guys
10:08
out as we know that they eventually they
10:10
get in. or maybe you've got a malicious
10:12
insider the biggest or it is not knowing
10:14
that there there and we hear about breaches
10:16
all the time or companies say year they've
10:19
been in their six months a year. In.
10:21
Some cases a couple years and we
10:23
didn't know what. And. Boy
10:25
what bad guys can do if they
10:28
have untrammeled. Access to everything
10:30
inside your network. Amazing. X will
10:32
trade information. that's why they ran
10:34
somewhere now. Extorts you are you
10:36
know before they encrypt you, helps
10:38
them do their encryption job of
10:40
finding at all places you back
10:42
stuff up but see if you
10:44
have a things to canary or
10:47
two or three in your network
10:49
that some banks begun. Prices have
10:51
hundreds. You got the best defense
10:53
against malicious insiders and hackers have
10:55
gotten because the minute they see
10:57
that canary they're going Think. It's
10:59
something. Valuable. Not vulnerable,
11:01
valuable and I I yes sir for
11:03
this and we have not been patched
11:05
lately or a network attached. storage devices,
11:07
skaters device, all kinds of thing can
11:10
be anything. a linux box so you
11:12
can light it up like Christmas tree.
11:14
Every service turned on our judiciously just
11:16
turn on a couple knowing that the
11:18
bag as going to say oh i
11:20
can get into this one but the
11:22
minute they touch it. The.
11:24
Minute they try to log in or x
11:26
access said server or open. as far as
11:28
you can also create files he spread over
11:31
your network, you're going to get know sick
11:33
is. Just a notifications that
11:35
matter. Very. Few false
11:37
positives. We've had things canaries running and our
11:39
network for some time never have had a
11:41
false positive. the one time that went off.
11:44
In. Something like five or six years and
11:46
one time went up. There really was something
11:48
scanning all the ports on a network. Turns
11:50
out was inside the network. Who's a. Of
11:53
road device that we are reviewing.
11:56
Sound right away before could do any
11:58
damage. thank you Think. Canary. If
12:02
someone's asking your lures accessing your lore
12:04
files as trip wires is around. Then
12:07
by the way, they can be Pts.
12:09
They can be Excel file or they
12:11
look like Pts Excel files. And soon
12:13
as a bad guy goes on the
12:15
openness, I'm examine this. Let's see what
12:17
this is. You're going to get that
12:19
notification says they try to log into
12:21
your fake Internet Ssh or internal Ssh
12:24
server. They're going immediately. Get. A
12:26
notification to you choose a profile for you
12:28
things canary device by the way you can
12:30
change it. It's fun to play with. it
12:32
is there are hundreds to choose from. It
12:34
even emanates so accurately. Get down as a
12:36
Mac address you know my son knowledge he
12:38
fakes and algae mass honey pots actually as
12:41
as analogy mac address. On. The
12:43
Dsm as up today's Dsm seven. It
12:46
looks real as authentic looking. It's really
12:48
incredible. Yeah, yeah, yeahs. sappy things. canaries.
12:50
choose the device you want. takes a
12:53
second. You. Register with the hosted
12:55
console for monitoring and as occasions and you
12:57
done new a. Bad.
12:59
Guy in your system, militias, insiders. any
13:01
adversary will immediately let themselves know because
13:03
that's what does look for. It had
13:05
stuff you spread around. The
13:08
thinks it's canary is
13:10
genius. Visit Canary.to/twit. As.
13:13
I said the number yeah have
13:15
may vary the start with size.
13:17
Good starting point seventy five hundred
13:19
dollars a year. The very affordable
13:21
you get five of them. your
13:23
own hosted console yet upgrades, support
13:25
maintenance. Still where you don't have
13:27
to use their console by the
13:29
way of for notifications, email text,
13:31
web hooks, slats. ah there's in
13:33
a P I A. The Sky's
13:35
the limit. You get notifications anyway
13:37
you prefer. Okay, Assist
13:40
lot yeah. Supports Islam. If
13:42
you use the code twit in the how did
13:44
you hear about as bucks by the way, ten
13:46
percent off. Forever. And
13:49
if you're all nervous, he should be
13:51
reassured. You can return your things canaries
13:53
for a full refund any time in
13:55
the first sixty days is a two
13:57
month full money back guarantee. But I
13:59
have to tell. We've
14:01
They've been advertising on his show for years
14:03
and all that time nobody has ever asked
14:05
for their money back. It's once you get
14:07
install and you see how easy it is
14:09
and and any see the need for it.
14:12
Everybody. Says this is the best thing ever. Said.
14:15
If you go to Canary.tools/love you can
14:17
see all the love people have four
14:19
and the Canary Canary that tools less
14:22
tweets to sign up he gets your
14:24
offer code tweet in the how do
14:26
your best bucks for ten percent off
14:28
you gotta have this thing Canary! Dot.
14:31
Tools. Sake
14:34
of so much for supporting Steve's
14:36
vital work here. And. Security
14:38
Now. So a
14:40
picture of the week time. So.
14:43
For. All. My
14:45
Life. Leo. I'm. I
14:47
have found coat hanger wire.
14:50
To be really convenient. So
14:52
useful. Or is and know
14:55
used to get the that the coat hangers
14:57
the from the I back from the dry
14:59
cleaners with your shirts on them and ever
15:01
they'd laugh at have a a little bit
15:04
of a paper wrapping on and but you
15:06
can take that off but that that gauge
15:08
of coat hanger is perfect me you can
15:10
get banned in all kinds of use only
15:13
rain at picking up birth to hook up
15:15
or ring that somebody lost her exactly as
15:17
suggests actually you know it's at it's just
15:19
super has have out here we have. Applications
15:23
that I would not recommend by I
15:25
think this is eyeing my sex Don't
15:27
you think everybody should do this? Or
15:34
is so philo words are going
15:36
to value. So so somebody has
15:38
has has a a U s
15:41
be charging cable air which is
15:43
way too long and maybe they
15:45
needed to be lawn but this
15:47
is like a neat nick person
15:50
and I think we're seeing sort
15:52
of a seem here because they've
15:54
they've they've. Coiled up this
15:56
way too long I may dislike.
16:00
Fifteen feet of of us be charging cable
16:02
but you know you don't want of line
16:04
around on the floor right to they coil
16:07
that all up now. Okay now what he
16:09
didn't do you got those coil of us
16:11
be charging cables did he didn't hang it
16:13
somewhere. So. And it
16:15
does a really you can't really hang on the
16:17
charger because it'll fall off these to be more
16:20
secure than that. So this. Clever.
16:22
O C D person. Ah,
16:25
Dot hate. Ill
16:27
I've always found coat hanger
16:29
wire to be really handy.
16:32
For. Making stuff, So.
16:34
As a happy to have a pair of buyers
16:36
around so. Basically fashioned
16:39
this beautiful. I mean by
16:41
all measures this is a
16:43
beautiful husky. Spend some time
16:46
with his though pliers or
16:48
bending and curving is gorgeous.
16:51
Yeah is his grades and
16:53
boy does it worse as
16:55
a hook to hang around.
16:57
The wrong was of the
17:00
Apple five what charges goes
17:02
right around those beauty Verizon
17:04
of was lies the bravo
17:06
What I've I've never I
17:09
don't recall ever actually touching
17:11
that the the leaves of
17:13
my own litter to. A
17:16
to that this wire it it
17:18
must be. Bit. They are
17:20
that is coated with some sort
17:22
of a little an insulating. Is
17:26
it varnish is of zones or
17:28
isn't? Otherwise this would have already
17:30
exploded. Smashed
17:33
his own is susan Swedes here I
17:35
think the he is not switch sit
17:37
on yet Oh boy of I began
17:39
with that point of view I use.
17:41
As use put your shoes odd and use
17:43
a couple of hours to. I would have
17:45
turned this blog i another point. Because.
17:48
He looks like he really is, you
17:50
know, Oh Cd and careful he has
17:52
now this plugs upside down. Right?
17:58
Already got the yeah, did not. Highly
18:00
little fail. Not smiling. littered like
18:02
a little Hammerheads? Yeah, yeah, what's
18:04
going on That good? So anyway,
18:07
so just so people are, Begin.
18:09
The we haven't completely lost her
18:11
mind this. the the point is
18:13
that this hot has two legs
18:16
that go up. By. Up
18:18
behind. This. Us be
18:20
charger and then bed around.
18:22
You know, in use you
18:24
have to hang over the
18:26
two prongs of the A
18:28
C plug. Yeah there you
18:30
wire on wire on. Why?
18:33
is like they made it
18:35
for this. Oh it's
18:37
beautiful. I did it is. It is a
18:39
beautiful. Construction. But.
18:42
No. The menu for they would
18:45
have been would a heat up will
18:47
start to glow always and on our
18:49
this may have any meat Is this
18:52
the good news is all homes ever
18:54
made even when they had you know
18:56
screw them in fuses in the fuse
18:59
box in the basement. Where.
19:01
They had some cut out such
19:03
said if if if any circuits
19:05
suddenly do too much power rather
19:07
that is exploding in your face
19:09
down in the basement, something would
19:12
go home and and then you'd
19:14
now of course. What's.
19:16
What's you don't want is to run out
19:18
of uses. His
19:20
tenure as it know right there
19:22
was a little did was like
19:24
oh shoot we're not enough I
19:26
don't know why this views blue
19:28
but is it isn't so I
19:30
don't I see to be all
19:32
our fresh out of fuses hear
19:34
that was stick a parody and
19:36
novel access episodes of any of the
19:39
socket and screw the blown out
19:41
circle your the resort or blown
19:43
out through the on views on
19:45
top. Anyway, Yes
19:47
folks do not do this at home. The
19:50
only thing I did think leo is that
19:52
this there must be some some varnish. On.
19:55
This, but. He value
19:57
over time as it's use rights
19:59
Good. It moved back and
20:01
forth on riding on the
20:03
top of these the prongs.
20:06
opposes plug. At. It's
20:08
just gonna explode at some. Have her
20:10
put metal around the prongs of your
20:12
plugs. I learned that in an upgrade
20:14
when a nail on that knows he
20:16
has his we're we do have are
20:18
the queue the pits are cute. Up
20:20
for next week. Another goodies oh nice.
20:23
Variation is not the same. We don't
20:25
want to get repetitious here but will
20:27
I were going to have just as
20:29
much by with it. Somebody.
20:31
Yeah. Somebody. Told me
20:33
that that is the commercially preferred way
20:35
of installing a plug socket is upside
20:37
down like that. And. Then
20:39
somebody else in the discord says, that's how you
20:42
know it's a switch circuit. I've.
20:44
Never seen that before. But.
20:48
Just a movement reason. I'm saying that to preclude
20:50
all the email that you and I never. Have
20:54
some. Fun license. Liked her sins
20:56
say absolutely that you were hundred
20:58
correctly rescue her not overflowing my
21:00
inbox. I also hope that I
21:02
am not the subject of the
21:04
picture of the week next week.
21:07
Because. I installed
21:09
yes Yesterday we have a
21:11
a little lighting problem and
21:13
I and my brother and
21:15
last like electric work, electrical
21:18
work, I were installing a new
21:20
under counter lab and you see that switch
21:22
right there. and that said just rights of
21:24
on Reddit Joe there as he was installing
21:26
the wires he accidently backed into it and
21:28
switched it on and got a little bit
21:30
of a shock. Oh now yes
21:32
I see you're still worried. The avocado shirt
21:35
from Sunday I am wearing this was the
21:37
right after I got home Sunday they said
21:39
and in here and I am also wearing
21:41
his surprise of see. The. Most
21:43
useful device for at home handyman anywhere.
21:46
As you have you have a head
21:48
mounted lamp, a headlamp. Please
21:54
do not make that the picture the reason So
21:56
he comes as begging of you. Okay. Sometimes
22:00
when laurie oh you know when to look
22:02
at zoo well I've got no these are
22:05
the back of the the magnify oh that
22:07
we're gonna who and what do you were
22:09
that for Steve besides looking like an alien.
22:13
What? I'm what. I'm building. Things like this:
22:16
Oh guess you gotta get very close.
22:18
That's right are you soldering with those
22:20
on his? Those are little those a
22:22
little surface mount the podium and little
22:25
itty bitty so yeah yeah ah there's
22:27
that Apis along with said he was
22:29
a way to take that awful a
22:31
much to believe it or not we
22:34
have lose against us I saw last
22:36
Thursday march twenty first was it was
22:38
a by all measures a rough day
22:41
for Apple not only as I mentioned
22:43
to detect press explode with truly hair
22:45
on fire. Headlines about critical
22:47
and six Sibyl Unpalatable deeply
22:50
rooted cryptographic flaws rendering Apple's
22:52
recent M Series are based
22:54
Scylla taught in capable of
22:57
performing secure a cryptographic, operational
22:59
more capable. Can be done
23:01
which is the topic will be spending the rest
23:04
of the days podcast with yeah to some detail
23:06
if was we get this thing started. Ah. Because
23:14
actually super interesting. But before that
23:16
Also, last Thursday's the Us Department
23:18
of Justice was joined by fifteen
23:21
other states and the District of
23:23
Columbia, which which is it was
23:25
a state but isn't in a
23:28
lawsuit alleging that Apple has been
23:30
will slowly and deliberately violating Section
23:32
Two of the Sherman Anti Trust
23:35
Act. Now of the
23:37
city share five senses from the
23:39
D O J. His comments which
23:41
were delivered last Thursday they read
23:44
as our complaint alleges Apple has
23:46
maintained monopoly power in the smartphone
23:48
market, not simply by staying ahead
23:50
of the competition on the merits,
23:52
but by violating Federal anti Trust
23:54
law. Period. Consumers
23:57
should not have to pay higher.
24:00
Prices because companies break the law.
24:03
Okay, We allege that
24:05
Apple has employed a strategy
24:07
that relies on exclusionary any
24:09
competitive conduct that hurts both
24:12
consumers and developers. For consumers,
24:14
that is meant fewer choices,
24:16
higher prices, and seized lower
24:18
quality smartphones. Apps
24:21
and accessories and less innovation
24:23
from Apple and it's competitors.
24:27
For. Developers that as vent being
24:29
forced to play by rules
24:31
that insulate apples from competition.
24:34
Okay, Now. This
24:37
is not clearly a podcast about anti
24:39
trust law. We all know I'm not
24:41
an attorney, nor am I trained in
24:43
the law, so I had no specific
24:45
legal opinion to render here. However, I've
24:48
been a successful small business founder,
24:50
owner, operator throughout my entire life.
24:52
It's and I'm certainly a big
24:54
fan and believer in the free
24:56
enterprise system and in the principles
24:58
of capitalism. But
25:00
I also appreciate that
25:03
this system of competition
25:05
is inherently unstable. It
25:08
has a natural tendency for
25:10
the big to get bigger.
25:13
Through acquisition and the application of
25:15
economies of scale and leverage. That
25:18
same system that creates an
25:20
environment which promotes fair competition
25:23
can be abused once sufficient
25:25
power has been acquired. Those.
25:28
Of us have a certain
25:30
age have watched apple being
25:32
born. Them. Fall.
25:35
Only. To rise again from the ashes.
25:37
My. Own first commercial success was
25:39
the design, development, production and sales
25:42
of our high speed high resolution
25:44
like pen for the Apple To
25:46
which allowed it's users to interact
25:49
directly with the Apple Twos scream.
25:52
To my mind, there's no question
25:54
that as a society, we are
25:56
all richer for the influence that
25:58
Apple's aggressive person. Of perfection
26:00
has had on the world. Things.
26:03
As simple as product, packaging will
26:06
never be the same. But.
26:09
For some time we've been hearing
26:11
complaints about Apple's having taken this
26:13
to far. it's understandable for competitors
26:15
to complain and to ask the
26:18
government to step in a do
26:20
something. At some points
26:22
that becomes the government's very necessary
26:24
rules just as we saw previously
26:27
when the same thing happened with
26:29
Microsoft and some would argue ought
26:32
to happen again with Microsoft. For
26:34
many years, the Us government has
26:36
done nothing. While Apple has continued
26:39
to grow and continued to aggressively
26:41
use it's market power to increase
26:43
it's shareholders wealth, The question is.
26:46
When. Does use of market
26:49
power become abuse of market
26:51
power? The. Next few
26:53
years will be spent in
26:55
endless depositions at expert testimony,
26:57
working to decide exactly what
27:00
sort of cage apple needs
27:02
to be constrained within. One.
27:05
Thing we know is that
27:07
many of the arguments Apple
27:09
will be making on it's
27:11
own behalf will involve security.
27:13
The security inherent in it's
27:15
close messaging system, the inherent
27:17
security of it's close app
27:19
store. In all things
27:21
we've touched on many times
27:23
in this podcast, Apple will
27:25
allege that by keeping his
27:27
systems closed, it is protecting
27:30
it's users from unseen nefarious
27:32
forces. But. For example,
27:34
the presence of signal and
27:36
what's app in the app
27:38
store and on Apple devices
27:41
which creates freely and or
27:43
operable super secure A cross
27:45
platform messaging suggests that Apple's
27:47
own messaging technology could work
27:49
similarly if they wish to.
27:51
To. During. The news
27:53
coverage of this said Thursday I've
27:55
encountered snippets of evidence which suggests
27:58
that the government has obtained. Proof
28:00
of Apple's true motives
28:02
were: Apples technology has
28:04
been designed to support
28:06
Apples interests rather than
28:08
those of it's users.
28:11
In. Any event and. Maybe
28:13
those are aligned? That's really the
28:15
question, right? Or apples in present
28:17
as users interests Perfectly aligned. Nothing.
28:21
Is going to happen. On. This front
28:23
for a long time. Years will
28:25
pass and this podcast will be
28:27
well into four digits by the
28:29
time anything is resolved with a
28:32
D O J is anti trust
28:34
lawsuit The way things have been
28:36
going. It. Seems to me
28:38
much more likely that the laws
28:41
being written and it acted within
28:43
the European Union today will be
28:45
forcing apples hand long before the
28:48
D O J finishes making his
28:50
case. All that may eventually be
28:53
required will be for the for
28:55
the Us to force Apple to
28:57
do the same saying that they're
29:00
already doing in the In A
29:02
over in Europe here as well.
29:06
As for whether Apple design
29:08
so like on cannot perform
29:11
secured cryptographic operations. Is
29:13
something this podcast can speak to authoritatively
29:16
and will be doing so once we
29:18
caught up with the more interesting news
29:20
and feed the. I
29:23
always said back in the day. The.
29:26
Vegan was during. It's funny how you was.
29:28
Began this with the good old days of
29:30
Apple because back in the day when the
29:32
deliver justice was swing microsoft. I. Always
29:34
said if if Apple were as big and
29:37
powerful as Microsoft did be just as bad,
29:39
but they aren't. Like the animals
29:41
were business and money. Seven. And
29:44
now that they are even a little bit bigger
29:46
than Microsoft. Yeah. They're just as.
29:49
A. Scout even had him as it
29:51
is is exactly what happens as
29:54
is not anybody is a bad
29:56
person. it's it all mean that
29:58
they they argue that there is
30:00
the that the executives are you
30:02
that is their job to maximize
30:04
shareholder wealth. that's capitalism. Yes,
30:07
Exactly exactly. And so it. So it's
30:09
us. It's a fundamental property that there
30:12
needs that they're need to be constraints.
30:14
And of course in the Us we
30:16
have the Earth is boys a painful
30:19
death them. but it is. Interesting Allies:
30:21
The guy who were they saying that
30:23
his body was that the spin up
30:26
or another podcast and already been. I'll
30:28
keep track of this. So L O
30:30
lives are locked in a. I'm
30:33
not gonna bother with and no we're not
30:35
going to do it. you know know that
30:37
said it'll do on a meal on and
30:39
will mention a once in awhile Namibia right
30:41
it will. it'll varietal. This thing will go
30:44
for years of know it as if you
30:46
know exactly that happened with with Microsoft. So.
30:49
Ah, Last week. We. Shared
30:51
the A Difficult to be
30:53
truly difficult to believe. But
30:56
true story that General
30:58
Motors. Had. Actually been
31:01
sharing. And by sharing I'm
31:03
pretty sure the proper term
31:05
would be selling the detailed
31:08
driving record data. Of.
31:11
It's Cars Owners. Down.
31:14
To how rapidly the owners
31:16
car accelerated, how hard it
31:18
breaks, and it's average speed
31:21
from point A to point
31:23
B Lille. They literally have
31:25
instrumentation in there that is
31:27
monitoring. Everything. The
31:30
car does. And. On.
31:33
A on and these cars are
31:35
on all interconnect connected Now they
31:37
it was all being beamed back
31:39
back to Gm who it turns
31:41
out was selling it to Lexis
31:43
Nexis. Eight Eight
31:46
Joe Major Data Broker. And
31:49
way so. What? Happened was
31:51
the As and and this was as
31:53
I have. A.
31:56
New York Times or Wash it Opposing was
31:58
a New York Times. Peace last
32:00
week. the just blew the lid off
32:03
to some guy. I think he was
32:05
in Canada or maybe we just up
32:07
north Us. He saw his insurance go
32:09
up twenty one. Percent.
32:12
In one year, although he had never
32:14
been an accident. And.
32:17
At or at an end and
32:19
didn't have tickets. And
32:21
so what? He asked his insurance company
32:24
why they sort of hemmed and hawed.
32:26
It's ah, it's he. He'd also tried
32:28
don't get to obtain alternate insurance and
32:30
all the quotes that he got back
32:32
from from from competing companies were the
32:34
same. Finally, One. Of them
32:36
said well. You. Should check
32:38
your Lexis Nexis report. Because.
32:42
It's. A little worried about your drone so
32:44
now they're sick. Written like the credit report
32:46
is now a car driving report. But
32:49
yeah you know what? In some ways I
32:51
am not surprised. Insurance companies have for years
32:53
has offered good driver discussed in the past
32:55
used to have an app and stuff. I'm
32:58
not surprised to hear this and optionally installs
33:00
ally for like look low mileage drivers were
33:02
it would monitor if they I'm from resorts
33:04
about it on is out there but this
33:07
is good for you and me because insurers
33:09
instead of this guy who really is not
33:11
a safe driver pain is same as you
33:13
and me who drive like liberal men. Because.
33:16
We are ah we should
33:18
get reduced. Bright. And
33:21
they he should pay more. It's fair
33:23
I think. and. Should. It
33:25
be done without consent. Well.
33:28
In a way I bet you he
33:30
did consents. I bet you there's somewhere
33:33
a document that he something funny book
33:35
bag dar that said data's being collected
33:37
reduce other Mozilla report last year
33:39
we talked about it's about our cars
33:42
or privacy nightmare. That. Will
33:44
We're all wondering recently a how
33:46
your sexual habits we're being recorded
33:48
by other hard was like let's
33:51
say space it was is is
33:53
monitoring is suspended describing him as
33:55
you well know that comes. Okay
33:57
so the good news is this.
34:00
Reduced an outcry which
34:02
caused Gm to immediately.
34:05
Terminate. This. Conduct and
34:07
no doubt threats of lawsuits
34:10
were involved to us they
34:12
they they they said Gm
34:14
is is is immediately stopping
34:16
the sharing of this data
34:18
with his with these brokers.
34:20
Of the reports that after
34:22
public outcry General Motors has
34:24
decided to stop sharing driving
34:27
data from it's connected cars
34:29
with data brokers. Last week's
34:31
news broke that that customers
34:33
enrolled in Gmc on Star
34:35
Smart Driver apps. Have.
34:37
Had their data shared with Lexis,
34:39
Nexis, and various. Those data brokers
34:42
in turn shared the information with
34:44
insurance companies, resulting in some drivers
34:46
fighting a much harder or more
34:48
expensive exactly as you said, leo
34:50
to obtain insurance. To make matters
34:53
much worse, Customers allege. They.
34:55
Never signed up for on star Smart
34:57
driver and the first place claiming the
34:59
choice was made for them by sales
35:01
people during the car buying process year
35:03
and you know what becomes of the
35:05
car and you know it's good. It's
35:07
all for your safety that's why we
35:10
put him so that if you get
35:12
a regular for as the on start
35:14
button assess as right as were that
35:16
people will with people will come after
35:18
that were not big brother watching over
35:20
you know hours. Okay, so.
35:23
Let's us! Ah, I saw this bit
35:26
of happy crypto currency news that just
35:28
made me smile. It seems
35:30
that last week. The block
35:32
chain game. I. Didn't know you
35:34
had a be there was a block chain day. but
35:37
yes. So. What has made
35:39
a d about a block chain
35:41
at is called Super Sushi Samurai.
35:44
Super Sushi Samurai have
35:46
four point six million
35:48
dollars. Worth. Of it's
35:51
tokens stolen. However,
35:53
It's just. Reported that they have
35:56
all been recovered. So. What
35:58
Happened? They. Explained. That
36:00
the heck was actually the
36:02
work of a security researcher
36:04
who exploited a bug in
36:06
their code to move the
36:08
funds out of harm's way
36:10
to prevent future sister that
36:12
was on Op's That's Right
36:14
Is Was movement. a loosely
36:16
samurai described the incident as
36:18
a white hat rescue and
36:20
as ended up hiring to
36:23
the White Hat to be
36:25
a technical advisor. So.
36:27
That's what I call a G
36:29
rated a happy ending. Okay,
36:32
but I believe it. Why
36:34
not as Sun and also
36:36
you you you guys touched
36:39
on this lot on Mac.
36:41
Brits are Apple insider. Has.
36:43
Some interesting coverage about Apple's
36:46
apparently failed initiative to move
36:48
their home kit technology up
36:50
into home routers. Of
36:53
I was a fan of this
36:55
since it promised to provide router
36:58
in forced into a device. Traffic
37:01
isolation and the only place that
37:03
to really be accomplished is at
37:05
the router. Our. Listeners know
37:07
that I've been advocating for
37:09
the creation of isolated networks
37:11
so that I O T
37:13
devices will be kept separate
37:15
from the households Pcs. But.
37:18
What Apple proposed five years
37:20
ago back and twenty nineteen would
37:22
have additionally isolated each I
37:24
O T device. Like
37:26
with. That level of granularity from
37:29
all the others. So.
37:31
Here's what Apple Insider explained. They
37:34
said Apple's Home Kids Secure routers
37:36
were announced and twenty nineteen but
37:38
more. never really taken up by
37:40
manufacturers and now some vendors are
37:42
claiming app lose, no longer pursuing
37:44
the technology and will get to
37:46
wire in a minute. Home Kit
37:48
secure routers a row were introduced
37:50
by Craig. For. Us. And
37:54
a Reagan salary. The I know is they
37:57
ice. The problem is the I'm a big
37:59
Star Trek. And I wanted a for
38:01
ring deal with. The
38:06
over there. Glasses
38:08
stop and say as it
38:10
is not for into commodities
38:13
such as a matter of
38:15
just as wow so perfect
38:17
century he at Worldwide Developers
38:19
Conference twenty nineteen and in
38:22
the same breath as at
38:24
at had the same time
38:26
they introduce home kits, secure
38:28
video. The manner that
38:30
is hoped it's gear video took time to
38:33
reach the market but it was used and
38:35
manufacturers adopted. It's even if others would not.
38:38
Okay, Now. During. This year's
38:40
just happened. see as Twenty Twenty
38:43
Four. Two. Router
38:45
vendors separately told Apple Insider that
38:47
Apple is no longer accepting new
38:49
routers into it's program. If that
38:52
claim is correct and it probably
38:54
is, it's It came from the
38:56
same rejected manufacturers Given the lack
38:58
of home kits secure routers on
39:01
the market lot is in five
39:03
years, not much happens. It appears
39:05
that Apple's has abandoned the ideas
39:07
even though Apple still has active
39:10
support pages on the matter of
39:12
so ever. Apple Insider noted. That
39:14
is also has support pages on airport
39:16
routers to and who's are. As they
39:18
put, it's a dead as a doornail
39:21
is really are dead Yeah. A
39:24
Final: I was so excited that Apple
39:26
would offer the security standards that we
39:28
could you know have some confidence in
39:30
the security and and frankly that room
39:32
where update ability of our routers. It's
39:34
a little disappointing. To. Me. Anyway,
39:36
it's not going to happen as
39:39
odd as it did they, they
39:41
backed out. Apple Lives are them?
39:43
In a long story short of
39:45
pulled the route. The various routers
39:48
that Apple listed. There is one
39:50
Lynxes, Vela up a X, Forty,
39:52
two hundred and an amplify. Aly
39:54
and Router are apparently the only
39:57
two that that are currently listed
39:59
by Apple as being support. Did
40:01
the the Ah hero has a
40:04
notice saying that it's Ero Pro.
40:06
Six Eat and Six Plus do
40:08
not support Apple home kits and
40:10
they have no plans to offer
40:13
Apple home kit router functionality anyway.
40:15
So it you know not everything
40:17
that gets announced happens and. Asking.
40:20
Router manufacturers to modify
40:23
their firmware to incorporate
40:25
the required home kit
40:27
functionality. And. It appears
40:29
that it may have taken some significant.
40:32
Customization. It was just
40:34
never gonna get off the ground. And.
40:38
This is probably for the better. Since.
40:41
It appears that we have
40:43
already and oh thank God
40:46
blessedly quickly moved beyond disparate,
40:48
proprietary closed I O T
40:50
ecosystems which it all is.
40:52
Where it looks like we're
40:54
headed with Amazon, Alexa, an
40:57
Apples Home Kit, and Google
40:59
Home and Samsung Smart Things
41:01
all creating their own. Let's
41:03
do our own thing. All
41:06
the buzz appears and now
41:08
be surrounding the interoperability technology
41:10
known. As matter. This
41:13
was formerly known as Chip
41:15
which stood for Connected Home over
41:17
Ip. now been rebranded as
41:19
Matter and every appears to be
41:21
seeing the light. Nobody wants
41:23
to be left out. all those
41:26
guys I just mentioned Al
41:28
Amazon with Alexis, Apple with their
41:30
Home kit, Google with Home
41:32
and Samsung. Smart Things are all
41:35
supply have announced and are
41:37
supporting Matter. It's now at version
41:39
one point to open Open
41:41
Source License. Free Anyone can create
41:43
matter compatible devices if they follow
41:46
the spec they will in or
41:48
rate and more than five hundred
41:50
and fifty companies have a doubts
41:53
their commitment to Matter So. It
41:55
all this is done right. I mean
41:57
that at all of the biggies. Gonna
42:00
be supporting matter. They really have no choice at
42:02
all at this point. I just I wanted to
42:04
make sure I brought it up because I wouldn't.
42:07
Purchase. Something. You. Know
42:09
that that random Ac plug that I
42:11
got for her shockingly arrows dollars or
42:14
something. It's amazing. How could this be
42:16
a killer? That and exercise such? It's
42:18
a plastic in the fall and the
42:20
day the other problems would cost four
42:23
dollars does with our back on your
42:25
driving habits. However, so that I'd it's
42:27
fall ask a little eyeball and at
42:29
the second I was around the room.
42:32
kind of freaky but soon after have
42:34
though I mean a thing about Apple's
42:36
a home kits router standard was it
42:38
had security. Requirements built him
42:41
and I, but Met does matter. Have something
42:43
like that's what they were, that you're right.
42:45
That's what they were going to produce. As
42:47
a Matter is about interconnectivity, rights, rights, and
42:50
whoop. Which is not to say it couldn't
42:52
be made more secure. But the ah, that's
42:54
not their focus, right? Elio.
42:57
we're having so much fun I
42:59
think we should take a break
43:01
so that I can a recap
43:03
and eight I've is I don't
43:05
need more caffeine but what that's
43:07
funny was breaks that was in
43:09
your mind is as how it
43:11
works. successor are so they brought
43:14
you buy Pan Optic her pan
43:16
optical. Cisco's Cloud Application Security Solutions
43:18
provides and and life cycle protection
43:20
for cloud native application environments. It
43:22
empowers organizations to safeguard their A
43:24
P Eyes service functions containers. And
43:27
communities environments and Optic ensures
43:29
comprehensive cloud security compliance and
43:32
monitoring and scale, offering deep
43:34
visibility, contextual risk assessments, and
43:37
actionable remediation insights for all
43:39
your cloud Ss Powered by
43:42
grass based technologies, Pen Optic,
43:44
as attack pass engines, prioritizes
43:46
in, offers dynamic remediation for
43:49
vulnerable attack vectors. A big
43:51
security teams quickly identify and
43:54
remediate potential risks across cloud.
43:56
Infrastructures: A unified cloud native
43:59
security plan Warm minimizes gaps
44:01
are multiple solutions providing centralized
44:03
management's and reducing non critical
44:06
vulnerabilities from fragmented systems. Pan
44:08
Optic that utilizes advanced attack
44:11
pass analysis, root cause analysis,
44:13
and dynamic remediation techniques to
44:15
reveal potential risks from an
44:18
attackers' viewpoints. This approach identifies
44:20
new and known risks, emphasizing
44:22
critical attack paths and their
44:25
potential impact. His. Insides Unique
44:27
and difficult to glean from other
44:29
sources of security telemetry such as
44:32
network firewalls. To get more information
44:34
on Pen Optic as website: Pen
44:36
Optic A.app. More. Details on
44:38
pen optic as website and
44:41
Optic A.ap. Rees
44:43
a pen of the go
44:45
for their support over security.
44:47
Now back to seize. Thank
44:51
you my friend. Okay, In
44:53
a cool bit of news, I
44:55
can, the Internet Corporation for Assigned
44:58
Names and Numbers is gonna make
45:00
an assignment. Ah, it's in the
45:03
process of designating and reserving. Get
45:05
this: a top level domain. Specifically.
45:09
For use on private internal
45:11
networks. And. Other words
45:13
are ten.and are one nine to.one
45:15
six eight dot networks and is
45:17
a seventeen dot sixteen thing in
45:20
their to will be obtaining an
45:22
official T L D. Of.
45:24
Their own. So. Local
45:26
host may soon be less lonely.
45:29
Here's the executive summary which
45:31
explains the lays out the
45:33
rationale behind I Can plans
45:35
they wrote in this document.
45:38
The Ss A see that's
45:40
the Security and Stability Advisory
45:42
committee because he stops what
45:44
you want in your internet
45:46
is some security and stability
45:49
advising. They recommend the reservation
45:51
of a Dns label that
45:53
does not and cannot correspond
45:55
to any current or future
45:57
delegation from the. root zone
46:00
of the global DNS which is the
46:02
very we're
46:05
going to get our own dot something
46:07
TLD they said this
46:09
label can then serve as
46:11
the top level domain name
46:13
of a privately resolvable namespace
46:15
that will not collide with
46:17
the resolution of names delegated
46:19
from the root zone that
46:21
is you know the the public DNS root zone
46:24
in order for this to
46:26
work properly this reserved private
46:28
use TLD must never be
46:31
delegated in the global DNS
46:33
root currently many
46:35
enterprises and device vendors make ad
46:37
hoc use of TLDs that are
46:40
not present in the root zone
46:42
when they intend the name for
46:44
private use only this
46:46
usage is uncoordinated and can
46:48
cause harm to internet users
46:51
oh my the DNS has
46:54
no explicit provision for internally
46:56
scoped names and current
46:58
advice is for the vendors or service
47:00
providers to use a subdomain of a
47:03
public domain name for internal
47:06
or private use using
47:08
subdomains of registered public domain
47:11
names is still the best
47:13
practice to name internal resources
47:15
the SSAC concurs with this
47:17
best practice and encourages enterprises
47:19
device vendors and others who
47:22
require internally scoped names to
47:24
use subdomains of registered
47:27
public domain names wherever possible
47:29
however this is not always
47:31
feasible and there are legitimate
47:33
use cases for private use
47:35
TLD and I'll just note that
47:37
you know for example an individual
47:40
could register a domain with
47:42
hover who I don't know if they should
47:44
if they're still a sponsor of the twit
47:46
network they are still my domain name provider
47:49
I've moved everything away from network solutions I
47:51
agree it came clear I don't think they
47:53
respond anymore but we still love them yep
47:56
they're the right guy yeah anyway so you
47:58
know Johnny Applesey You
48:00
could get that. Of course you can't get dot
48:02
Johnny Apple Seed so that wouldn't work.
48:05
But you could get a
48:09
dot com or some inexpensive
48:11
subdomain of some established top
48:13
level domain and just use
48:15
that for your own purpose
48:17
because you have that subdomain,
48:19
nobody else is going to
48:21
be able to use it
48:23
publicly. So you're safe. So
48:25
that's what these guys are
48:27
saying. So they
48:29
continue the need for private use
48:31
identifiers is not unique for
48:33
domain names. And
48:36
a useful analogy can be drawn
48:38
between the uses of private IP
48:40
address space and those of a
48:43
private use TLD. Network operators use
48:45
private IP address space to number
48:47
resources not intended to be externally
48:50
accessible and private use TLDs
48:52
are used by network operators in a similar
48:54
fashion. This document proposes
48:56
reserving a string in
48:59
a manner similar to the current use
49:01
of private IP address space. A
49:03
similar rationale can be used to reserve more
49:05
strings in case the need
49:08
arises. Okay, so they go
49:10
on and on. Anyway, finally, after all
49:12
the bureaucratic boilerplate has settled down, ICANN
49:15
wrote, the internet
49:17
assigned numbers authority
49:19
IANA has made
49:21
a provisional determination that
49:24
dot internal should
49:26
be reserved for private use and
49:29
internal network applications. Prior
49:32
to review and approval of this reservation
49:34
by the ICANN board, we're seeking feedback
49:36
on whether the selection complies with their
49:39
specified procedure from SAC 113, more
49:42
bureaucracy, and
49:45
other observations that this string would
49:47
be and to verify
49:51
that it would be an appropriate selection for
49:53
this purpose. So it's all
49:55
but certain that dot
49:58
internal will be reserved and
50:01
will never be used for any
50:03
public purpose and therefore it
50:05
would be safe for anyone to start using
50:08
it for any internal purpose. Yeah, I think
50:10
I have. Very cool. Dot internal. And
50:12
I saw some commentary saying, well it
50:15
only took 30 years. That's
50:19
true. That is true. Okay, so last Thursday as I said
50:21
earlier was a very busy day. Not
50:28
only did the DOJ announce their
50:30
pursuit of Apple and Apple's M-series
50:33
silicon was discovered to be useless
50:35
for crypto, but the
50:37
United Nations General Assembly adopted
50:40
a resolution on artificial intelligence.
50:43
Not that anyone cares or that anyone
50:45
could do anything about AI in any
50:47
event. But for the record, UN officials
50:50
formally called on tech
50:53
companies to develop safe
50:55
and reliable AI
50:57
systems that comply with international
50:59
human rights. And I
51:02
love this. They said quote, systems
51:04
that don't comply should
51:06
be taken offline. So
51:09
you know if you have a mean AI,
51:11
just unplug it folks. Officials
51:14
said the same rights that apply
51:16
offline should also be
51:18
protected online, including against AI
51:20
systems. I've
51:22
never said much about AI here.
51:25
Just as I'm not trained as
51:27
an attorney, I do not have
51:29
any expertise in AI systems. What
51:31
I do have however is stunned
51:33
amazement. As
51:35
they would say over in the UK, I
51:38
am gobsmacked by what
51:40
I've seen. It is impressive, isn't it? Oh
51:43
my god. You know I haven't ever asked you, and we talk about
51:45
it all the time on the other shows, but what do you think
51:47
the future holds? Well here I
51:49
come. So
51:53
what I may lack in expertise
51:55
appears to have been made up
51:58
for by my intuition. Which
52:01
has been screaming at me
52:03
ever since I spent some time
52:06
chatting with chatgpt4. My
52:09
take on the whole AI mess
52:11
and controversy can be summed up
52:13
in just four words. And
52:15
they are, good luck restraining
52:18
anything. Yeah, that's my attitude.
52:21
Exactly. Yes. I
52:23
doubt that any part of
52:25
this is restrainable. At
52:28
some point in the recent past, we
52:31
crossed over a tipping point. And
52:34
we're seeing something that no one
52:36
would have believed possible even five
52:38
years ago. Everyone
52:40
knows there's no going back. Only
52:44
people who have not been paying attention imagine
52:46
that there's any hope of controlling
52:49
what happens going forward. I
52:52
don't know and I can't predict what
52:54
the future holds, but whatever is going
52:56
to happen is going to happen.
52:59
And I'm pretty sure that it's bigger than
53:01
us. We're
53:03
not a sufficiently organized
53:06
species to be able
53:08
to control or contain them. Look
53:12
how well we've done with the nuclear proliferation.
53:16
And that's still incredibly hard to
53:19
purify enough plutonium to
53:21
make a bomb. It's
53:23
trivially easy. And
53:26
the process is well, well known to make
53:28
an LLM. It's
53:31
out. It
53:33
would be like government saying, whoops, stop
53:36
exporting crypto. Like, what? Exactly.
53:39
Yes. So,
53:42
Leo, you and I are on the same page. And
53:46
if we don't do it, we
53:48
know North Korea is not sitting around doing
53:50
nothing. They apparently have quite smart people. It
53:53
annoys me that they're so good
53:55
at hacking. But boy, they are
53:57
serious hackers. And so, you know.
54:00
It's gonna happen. It
54:02
is. I would argue
54:04
it already has. And
54:07
we just haven't dawned on
54:09
us yet. Yeah. Right? Like
54:12
there's some inertia of recognition. But, yeah.
54:15
For one, I'm excited. I
54:17
mean, this is sci-fi. We're gonna live in,
54:19
I think I might even live to see
54:21
it, a very weird and
54:23
different future. It's coming. Yeah.
54:26
It's gonna be fun. Buckle
54:28
up. Buckle up. That's
54:31
exactly right. That's exactly
54:33
right. Okay, so
54:35
a few more points to get to. In
54:38
a somewhat disturbing turn, Spain
54:41
has joined the likes of
54:44
China, Thailand, Pakistan, Iran,
54:46
and Cuba to be
54:48
blocking all use of and
54:50
access to telegram across its
54:53
territory. This came
54:55
after Spain's four largest media
54:57
companies successfully complained to the
55:00
High Court in Spain that
55:02
telegram was being used to
55:05
propagate their copyrighted content without
55:07
permission. A judge
55:09
with Spain's High Court had asked
55:11
telegram to provide certain information relating
55:14
to the case, which apparently telegram
55:16
just blew off and ignored. They
55:19
chose not to respond to the judge's request. So
55:22
he ordered all telecommunications carriers
55:24
to block all access to
55:26
telegram throughout the country. That
55:28
began yesterday. So
55:32
it's a problem. I'd be very interested to see how
55:35
this holds up because I heard that
55:37
about a third of Spain uses
55:39
telegram. Yes, it
55:41
has already created a huge ... Yes,
55:43
there's a huge consumer backlash against this
55:46
as one would expect. Yes, I remember
55:48
Brazil tried to do this and they
55:50
ended up having to back down. I think it was for WhatsApp, but
55:53
they ended up having to back down because we can't
55:55
communicate. What are you doing? Well,
55:58
have you seen the movie Brazil? The only I'm
56:01
gonna rise animal problem that
56:03
was Pads Right Tests Wonderful!
56:05
My last week Vancouver held
56:07
It's Twenty Twenty Four Ponder
56:09
Own hacking competition. One.
56:11
Security researcher by the
56:14
name of Manfred Paul
56:16
distinguished himself. By. Successfully
56:18
exploiting get this. All.
56:21
Four of the major web
56:23
browser platforms. He
56:26
found exploits in Chrome,
56:28
Edge, Firefox, and Safari.
56:31
He became this year's master
56:33
of bone and to com
56:36
two hundred and two thousand,
56:38
five hundred dollars in prize
56:40
money overall. And here's really
56:42
the lesson. That. Competing
56:44
security researchers. Turned
56:47
hackers, Successfully. Demonstrated
56:50
Twenty nine. Previously.
56:53
Unknown: Zero days. During.
56:56
The contest and took home
56:58
a total of one point
57:00
One million dollars in prize
57:02
money. That money chemical companies
57:05
that their polling pretty much
57:07
right. Yes, Yes, Twenty Nine.
57:09
Okay, Twenty nine Previously unknown
57:11
Zero Days. Words. Found
57:14
in demonstrated. To
57:16
me this serves to demonstrates why
57:19
I continued to believe that the
57:21
best working model. That's
57:23
been presented for security and
57:25
okay, yes, I'm the one
57:28
who presented it is ferocity.
57:30
Piss poor ah, City or
57:32
Raphael. We. Don't want it
57:34
to be. But. Security is
57:37
porous. How else can
57:39
we explain that? One lone
57:41
research: Soccer is able to
57:43
take down all four of
57:45
the industry's fully patched browsers
57:48
whenever someone offers him some
57:50
cash to do so. and
57:53
that overall twenty nine
57:55
new previously unknown zero
57:58
days were revealed when
58:00
others were similarly offered some
58:03
cash prize incentive. You
58:06
push hard and you get in. That's
58:09
the definition of porous, and
58:12
that's the security we have. I
58:15
should also take a moment to give a shout out
58:18
to Mozilla's Firefox team, who
58:21
had patched and updated Firefox in
58:23
fewer than 24 hours
58:26
following the vulnerability disclosure.
58:29
Frederick Braun posted on
58:31
Mastodon, quote, last night,
58:34
about 21 hours ago, Manfred
58:36
Paul demonstrated a security exploit targeting
58:38
Firefox 124 at Pwn to Own.
58:43
In response, we have just published
58:46
Firefox 124.0.1 and Firefox ESR 115.9.1
58:48
containing the
58:56
security fix. He
58:59
said, please update your foxes. Kudos
59:02
to all the countless people
59:04
postponing their sleep and
59:06
working toward resolving this so quickly.
59:09
Really impressive teamwork again. Also
59:13
kudos to Manfred for pwning
59:15
Firefox again. So
59:18
this is the way security is supposed to work
59:20
at the best of times. White
59:23
hat hackers are given some reason to look
59:26
and compensated for their discoveries,
59:28
which makes the products safer
59:30
for everyone. And then
59:32
the publishers of those products promptly respond
59:34
to provide all of that product's users
59:36
the benefits of that discovery. Yay.
59:42
And in this welcome bit of news,
59:45
perhaps we and
59:47
others are giving
59:49
as good as we get. I've
59:52
often noted that all we
59:54
ever hear about Attacks
59:57
are. Our
1:00:00
infrastructure are Chinese state
1:00:03
sponsored attacks. That. Are
1:00:05
successfully getting in ill and
1:00:07
I'd note that naturally we
1:00:09
never hear about are similar
1:00:12
successes against China now like
1:00:14
the and essays gonna brag
1:00:16
so. I've wanted
1:00:18
to believe that we feel while
1:00:20
we would not be destructive if
1:00:23
we were to get in bed
1:00:25
that we'd only seats to have
1:00:27
a presence is side chinese networks
1:00:29
so that they understand that we're
1:00:32
just not sitting here defenseless. Over
1:00:34
on this side of the Pacific. Well.
1:00:36
It turns out that last
1:00:39
week try to state security
1:00:41
agency themselves. Urged their
1:00:43
local companies, To. Improve
1:00:46
their cyber security defenses.
1:00:49
The Ministry of State
1:00:51
Security said that foreign
1:00:54
spy agencies have infiltrated
1:00:57
hundreds of local businesses
1:00:59
and government units. So.
1:01:03
That does sound like we may
1:01:05
be at parity in is weird
1:01:07
cyber Cold War that where am
1:01:10
I hate it? But. It
1:01:12
all birds what we've got. Our
1:01:15
oh and just a
1:01:17
reminder er there has
1:01:19
been a a an
1:01:21
observed significant increase in
1:01:23
tax season related fishing.
1:01:26
So I just wanted to
1:01:28
remind everyone that as happens
1:01:30
at every time this year
1:01:33
Ah yes, Phishing Scams A
1:01:35
suddenly jumped with all kinds
1:01:37
of like or you just
1:01:39
we received your electronically submitted
1:01:41
return but it had a
1:01:44
problem. Please, please click here.
1:01:46
For. That's not from the I Rs. So
1:01:49
you know everybody put up
1:01:51
your skepticism shields and and
1:01:53
resist clicking. i
1:01:57
have to quick notes of news on does it
1:01:59
ever It's also quite interesting on the Spinrite front.
1:02:02
One of the things that quickly became apparent
1:02:04
as our listeners were wishing to obtain and
1:02:06
use 6.1 was that
1:02:09
the world had changed in another
1:02:11
way since Spinrite 6's release back
1:02:13
in 2004. Back
1:02:16
then, Linux was still
1:02:18
largely a curiosity, with
1:02:20
a relatively small fan base and
1:02:23
no real adoption. Not
1:02:25
so today, at least not among
1:02:27
our listeners. Back
1:02:29
in 2004, it was acceptable to
1:02:31
require a Spinrite user, I mean
1:02:34
just assumed that a Spinrite user
1:02:36
would have Windows, which
1:02:38
they would use to set up the
1:02:40
boot media since Windows
1:02:42
and Mac was pretty much all there was
1:02:45
and Spinrite was never really targeted at the
1:02:47
Mac market. Today, we've
1:02:49
encountered many would-be users who
1:02:51
do not have ready access
1:02:53
to a Windows machine and
1:02:56
they've been having a problem. I
1:03:00
needed to create a non-Windows
1:03:02
setup facility that I have
1:03:04
long envisioned but never needed
1:03:06
until now, today it
1:03:08
exists. Over
1:03:11
at GRC's prerelease.htm
1:03:13
page is,
1:03:16
as before, the downloadable
1:03:18
Windows DOS hybrid executable
1:03:21
and now also a
1:03:23
downloadable zip file. The
1:03:26
zip file, which is smaller than 400K,
1:03:29
contains the image of
1:03:32
the front of a 4GB FAT32 DOS
1:03:36
partition. Any
1:03:39
Spinrite owner without access to Windows, because
1:03:41
using Windows is still easier, may choose
1:03:45
to instead download this
1:03:47
zip file and it's
1:03:50
personalized. I've added
1:03:52
on the fly partition
1:03:54
creation and Spinrite
1:03:56
has added to the file system.
1:03:59
It's ventriloed. Uncatered and I've got on the
1:04:01
fly zipping. I've been busy It
1:04:04
contains about an eight point
1:04:07
the zip file Which is only which
1:04:09
is outside less than 400k contains an
1:04:11
eight point three megabyte file Which
1:04:13
is named SR 6 1 dot
1:04:16
IMG any Linux
1:04:19
User can you know DD
1:04:21
copy that file? On
1:04:24
to any USB thumb drive to
1:04:27
create an up to four gigabyte
1:04:30
Fat 32 partition that will immediately
1:04:32
boot and run spin, right? The
1:04:36
tricky bit that I worked out last week
1:04:39
is that when this drive is booted for
1:04:41
the first time if the
1:04:43
media Under which this
1:04:46
image file was copied
1:04:48
is smaller than the partition Described
1:04:51
by the image which is a four
1:04:53
gig partition for example You know spin
1:04:55
rights owner copies the image to an
1:04:58
old but trusted 256
1:05:00
megabyte thumb drive a little
1:05:04
built-in utility named downsize
1:05:07
kicks in examines the
1:05:09
size of the partitions underlying physical
1:05:11
drive and dynamically
1:05:13
on the fly Downsizes
1:05:16
the partition to fit onto
1:05:18
its host drive It's
1:05:20
all transparent and automatic and
1:05:23
since the same technology was also going to be
1:05:25
needed for spin, right? Seven it made sense to
1:05:27
get it done. So it's there now second
1:05:30
point a
1:05:34
New wrinkle to surface last week is
1:05:36
bad RAM Over
1:05:39
in GRC's web forums a spin, right?
1:05:42
6 1 user reported data verification
1:05:44
errors being produced by spin, right
1:05:46
when running on his cute little
1:05:49
Zima board Spin,
1:05:51
right always identified and logged
1:05:53
the location of the apparent
1:05:55
problem But from one run
1:05:57
to the next there was no correlation in
1:06:00
where the problems appeared to be occurring. And
1:06:03
when he ran the same drive under Spinrite
1:06:05
on a different PC, it
1:06:08
passed Spinrite's most thorough level 5
1:06:10
testing without a single complaint. And
1:06:13
he was able to go back and
1:06:16
forth to easily recreate the trouble multiple
1:06:18
times on one system but never on
1:06:20
the other. The inhabitants
1:06:22
of the forums jumped on this
1:06:24
and suggested a bad or
1:06:27
undersized power supply for his Zima
1:06:29
board, flaky cabling and anything else
1:06:31
they could think of. All great
1:06:34
suggestions. Finally, I asked
1:06:36
this user to try running the
1:06:38
venerable Memtest86 on his brand new
1:06:42
Zima board. And guess what?
1:06:45
Yep, memory errors. There
1:06:47
should never be any. But the
1:06:49
first time he ran Memtest86 it found 6. And
1:06:54
the second time it found 101. Seeing
1:06:58
that, we ran Memtest86 on all
1:07:00
of our Zima boards, that is all
1:07:03
of the developers, and they
1:07:05
all passed with zero errors as
1:07:07
they always should. So
1:07:09
this user had a Zima
1:07:12
board with a marginal DRAM
1:07:14
memory subsystem. There was
1:07:16
no correlation in the locations of
1:07:18
the errors that Spinrite was reporting
1:07:20
from one memory that
1:07:24
his Memtest was reporting from one
1:07:26
pass to the next. But
1:07:29
there were always two specific bits
1:07:32
out of the 32 that Memtest86 always identified
1:07:37
as being the culprits. They were soft. And
1:07:40
Spinrite was getting tripped up by
1:07:42
this machine's bad RAM when it
1:07:45
was performing data verification that's available
1:07:47
from Spinrite's levels 4 and
1:07:49
5. The
1:07:51
problem was not the drive. It
1:07:53
was the machine hosting Spinrite and
1:07:55
the drive. So
1:07:58
by this point, our long-time listener who've
1:08:00
grown to know me listening
1:08:02
to this podcast know what I'm gonna say
1:08:04
next. Yep, Spinrite
1:08:06
61 now tests the memory
1:08:09
of any machine it's running
1:08:11
off. Clever. Who needs mem
1:08:14
tests? I've got Spinrite. That's
1:08:16
right, it works great. It's like immediately
1:08:19
found the errors this guy was having.
1:08:22
What's interesting is that Spinrite 1.0 back in 1988 also built in
1:08:24
a memory test. Back then it made
1:08:31
sense to verify the RAM memory
1:08:33
that would be used to temporarily
1:08:35
hold a tracked data
1:08:38
while Spinrite was pattern testing the
1:08:40
physical surface and giving it a fresh
1:08:42
new low level new low level format.
1:08:46
But I don't know when it happened.
1:08:48
Somewhere along the way I removed that
1:08:51
feature from Spinrite. We never heard of
1:08:53
it ever being useful. So my initially
1:08:55
over cautious approach seemed
1:08:57
to have been proven unnecessary
1:09:00
until last week. So
1:09:02
late last week I implemented a very
1:09:04
nice little DRAM memory
1:09:07
tester right into Spinrite and then
1:09:09
had the guy with the bad Zima board give it
1:09:11
a try. It successfully determined that
1:09:14
his machine's memory was not reliable
1:09:16
and Spinrite will then refuse to
1:09:18
run on any such
1:09:20
machine after making that determination.
1:09:23
It's just not safe to run it. And
1:09:25
of course no such machine should be
1:09:28
trusted for actually doing anything else. It's
1:09:31
like a send it back to the manufacturer
1:09:33
or if you can change the RAM or
1:09:35
diagnose it. So anyway this new
1:09:38
built-in RAM testing feature which is not
1:09:40
yet present. Don't go download an updated
1:09:42
copy of Spinrite. It's not there yet. Not
1:09:45
yet present in any spinrite that's available
1:09:47
for download. But it'll appear along
1:09:49
with a few other minor improvements that I've
1:09:52
made shortly. So I'm sure I'll be announcing
1:09:54
it next week. And
1:09:57
I just have two little pieces of feedback
1:09:59
from our listeners. because we have lots to
1:10:01
still talk about here. I got a
1:10:03
note from someone who's Hansel is jazz
1:10:05
man. He said, Hi Steve, great show
1:10:07
as always. I work
1:10:09
in a cell phone free environment.
1:10:12
Not only no service but we're not
1:10:14
allowed to bring them. We
1:10:17
have internet computers but we're not
1:10:19
trusted to install anything on them.
1:10:21
The problem is I like to have two-factor authentication
1:10:27
to protect my email and
1:10:29
other stuff. My understanding is
1:10:31
if I were to use
1:10:33
pass keys I need my
1:10:35
phone. I use Bitwarden
1:10:37
with two-factor authentication. My question,
1:10:41
are there any good solutions for a
1:10:43
for a cell free environment? Kind
1:10:45
regards, Bjorn. Okay
1:10:48
so and then we've been talking about this for
1:10:50
the last couple weeks. Whether to have you know
1:10:53
two-factor and now optionally
1:10:55
pass keys managed
1:10:59
by your password
1:11:01
manager or to keep it separate.
1:11:04
In a phone free environment
1:11:07
I agree that relying upon
1:11:09
Bitwarden for all authentication services
1:11:12
is likely the best bet.
1:11:16
I think it's probably your only bet right?
1:11:18
You know we would usually prefer to have
1:11:20
pass keys or our authenticator on
1:11:23
a separate device like a phone but
1:11:25
where that's not possible merging
1:11:28
those functions into a single
1:11:30
password manager like Bitwarden makes
1:11:32
sense. And I should just note that
1:11:35
Yuba keys are also pass
1:11:37
keys capable and they're able to store
1:11:40
up to 25 pass
1:11:42
keys in a Yuba
1:11:44
key. So a Yuba key
1:11:46
is another possibility if that's
1:11:48
somewhat limited pass keys capacity
1:11:50
doesn't pose a problem. And
1:11:54
finally William Ruckman he said, hi
1:11:56
Steve, are pass keys quantum
1:11:58
safe? I thought public key
1:12:00
crypto was vulnerable. And
1:12:02
we've also been speaking just
1:12:04
recently about how the big
1:12:06
difference between username and
1:12:08
password and passkeys is
1:12:12
the essentially symmetric
1:12:15
crypto secret keeping whereas passkeys uses
1:12:17
public key crypto which is why
1:12:20
William's asking. So
1:12:23
it's a terrific question because as we
1:12:25
know it's the public
1:12:27
key crypto that passkeys offers
1:12:30
which is why it's so valuable.
1:12:33
The good news is the FIDO2
1:12:36
specification which
1:12:38
underlies web authn which
1:12:41
underlies passkeys already
1:12:44
provides for plug-in future
1:12:47
proof crypto. So
1:12:50
passkeys and web
1:12:52
authn slash FIDO2 will
1:12:54
all be able to move to quantum
1:12:57
safe algorithms whenever that's
1:12:59
appropriate and as soon as we've settled
1:13:01
on them and they've been standardized. So
1:13:03
yes that's good news and it would
1:13:05
be backward safe. It
1:13:07
would be backward to all the passkeys you already are
1:13:09
using and all that. Right?
1:13:13
No. You'd have to regenerate it all. Yes
1:13:16
if you change the crypto you would
1:13:18
have to regenerate the passkeys
1:13:21
because you're holding private keys
1:13:23
with a specific algorithm and there
1:13:25
is actually no way for the
1:13:27
website even to help you. I
1:13:29
mean it might say you might
1:13:31
go through a use your
1:13:33
old passkey now use your new
1:13:35
passkey and if you did that
1:13:37
you know sequentially then it would
1:13:40
get actually squirrel had a similar
1:13:42
facility. So it
1:13:45
would use the first authentication to
1:13:47
assert your identity and thus
1:13:50
honor the second authentication which would be
1:13:52
from the newfangled crypto and now it
1:13:55
would have the public key under the
1:13:57
new algorithm. You
1:14:00
don't have to worry about it yet. There's only about four sites that
1:14:02
use it. I know.
1:14:04
I saw in
1:14:06
doing some research just yesterday, I saw
1:14:09
someone who had something to sell. They
1:14:12
were trying to sell some equivalent
1:14:15
of a Yubikey, I think, and it said, since
1:14:18
the majority of the Internet's websites
1:14:20
are now using pass keys, I
1:14:22
thought, are you on it in a time machine?
1:14:24
What are you talking about? Oh, you're talking 2030. Oh, yeah. Maybe.
1:14:28
Yeah. Maybe. Yeah. The
1:14:32
majority, as long as you only log
1:14:34
into for PayPal. Yeah, right. There's literally
1:14:36
just a handful of sites that use
1:14:38
it. I know. It's too
1:14:40
bad because it's so easy when it works. I
1:14:43
heard you talked a lot about that last week
1:14:45
with Micah, and I agree
1:14:47
with you. I think it's going to be a big
1:14:49
improvement someday. Someday
1:14:53
our prints will come. Okay.
1:14:55
After our final announcement,
1:14:58
Leo, oh boy, we're going to have some fun. Oh, boy. Get
1:15:02
the beanies lubed. I
1:15:05
don't know who can say that. She didn't
1:15:07
say that out loud, anyway. Unlube
1:15:10
the beanies for a moment because we are
1:15:12
going to talk about our sponsor for the
1:15:14
section, Collide. I
1:15:16
love Collide. K-O-L-I-D-E. I
1:15:20
know you've heard us talk a lot about Collide. I've
1:15:22
sung its praises. Did you
1:15:24
know they were just acquired by one password?
1:15:26
Now, I'm sure some people go, oh, no.
1:15:28
No, that's good news. Both
1:15:31
companies are leading industry security
1:15:35
experts creating solutions that put users
1:15:37
first. I mean, it's a
1:15:39
great partnership. And you should be happy
1:15:42
to know Collide is going to continue doing
1:15:45
exactly what it's been doing for the last
1:15:47
year or so. Collide Device
1:15:49
Trust has helped companies using Okta
1:15:52
ensure that only known and
1:15:55
secure, very important devices,
1:15:57
can access their data. what
1:16:00
they're going to still do just as part of 1Password.
1:16:02
That means more resources. It's great news. If
1:16:06
you've got Okta and you've been meaning to check out
1:16:08
Collide, this is a perfect time to
1:16:11
do it. Collide comes with a library of
1:16:13
pre-built device posture checks or you can write
1:16:15
your own custom checks for
1:16:18
just about anything you can think of, which means
1:16:20
you can say to your users, hey,
1:16:22
you got to fix that, you got to fix that. Before
1:16:24
we let you in the network, you got to patch your
1:16:26
stuff or get the latest web browser
1:16:29
or update your operating system. Plus,
1:16:32
I love it because you can use
1:16:34
Collide on pretty much anything without MDM.
1:16:37
So that means now your Linux
1:16:39
fleet is included, your contractor devices,
1:16:41
and of course, every BYOD phone
1:16:44
and laptop in your company. Now
1:16:46
that Collide's part of 1Password, it's just
1:16:48
going to get better. Check
1:16:51
it out at kolide.com
1:16:53
security. Now, collide.com security.
1:16:57
Now, you can watch a demo there and learn more about it.
1:16:59
It's a really smart idea.
1:17:02
Collide, k-o-l-i-d-e.com/
1:17:05
security. Now, we thank them so much for supporting
1:17:08
Steve and the show. And
1:17:11
now, let's talk about Fetch.
1:17:13
Go Fetch. So, Go Fetch.
1:17:15
Last Thursday, the world
1:17:18
learned that Apple had some problems
1:17:20
with their cryptography. Unfortunately,
1:17:23
it would be impossible
1:17:25
to determine from most of
1:17:27
the tech press's coverage of this whether
1:17:29
this was an apocalyptic event or
1:17:32
just another bump in the road. Ars
1:17:34
Technica was apparently unable to
1:17:36
resist becoming clickbait central with
1:17:39
their headline, Unpatchable
1:17:42
Vulnerability in
1:17:44
Apple Chip Leaks Secret
1:17:46
Encryption Keys. Wow.
1:17:49
That would be bad if it was true.
1:17:51
Fortunately, it's not the least bit true. It's
1:17:54
not unpatchable, and it's not a vulnerability
1:17:57
in an Apple chip. Kim
1:17:59
Zetters. Zero Day goes with Apple
1:18:02
chip flaw, let's hackers
1:18:04
steal encryption keys. This
1:18:07
chip flaw in air quotes theme
1:18:09
seems to become pretty popular even
1:18:11
though nowhere did any of the
1:18:13
actual researchers ever say anything about
1:18:15
any chip flaw. Even
1:18:18
Apple Insiders headline read, Apple
1:18:20
Silicon Vulnerability Leaks Encryption
1:18:23
Keys and Can't Be
1:18:25
Patched Easily. What?
1:18:28
Apple was told 107 days before the disclosure back on December
1:18:30
5th of last year. Apple
1:18:36
is certainly quite aware of the issue and
1:18:39
I'm sure they're taking it seriously. And
1:18:42
for their newer M3 chips all that's needed
1:18:44
is for a single bit to be flipped.
1:18:47
Tom's hardware went with new
1:18:50
chip flaw hits Apple Silicon
1:18:52
and steals cryptographic keys from
1:18:54
system cache. No
1:18:56
fetch vulnerability attacks Apple M1,
1:18:59
M2, M3 processors
1:19:02
can't be fixed in hardware.
1:19:05
Oh dear. Except for a
1:19:07
few details. It's not
1:19:09
new, it's not a flaw, nothing
1:19:11
ever hit Apple Silicon and
1:19:13
as for it not being fixable
1:19:15
in Apple M1, M2 or M3
1:19:18
processors, if you have an M3
1:19:20
chip just flip the bit
1:19:22
on them during crypto operations and
1:19:24
the unfixable problem is solved. And
1:19:26
finally, as we'll see by the
1:19:28
end of this topic today, there
1:19:30
are equally simple workarounds for the
1:19:32
earlier M series processors. Okay,
1:19:35
so I could
1:19:37
keep going because the material in
1:19:39
this instance was endless. Not a
1:19:42
single one of the headlines of
1:19:44
the supposedly tech press stories that
1:19:46
covered this characterized this even close
1:19:48
to accurately. It's not
1:19:50
a flaw, nothing is flawed, everything
1:19:53
is working just as it's supposed to. It's
1:19:56
not a vulnerability in Apple Silicon.
1:19:58
Apple Silicon is just fine. and
1:20:00
nothing needs to change and is
1:20:02
certainly not unfixable or unpatched. Cyber
1:20:05
news headline was M series
1:20:07
max can leak secrets due
1:20:09
to inherent vulnerability. The
1:20:11
only thing that's inherently vulnerable here
1:20:13
is the credibility of the tech
1:20:15
presses coverage of this. Holy cow. It
1:20:17
really has been quite over the
1:20:19
top. After sitting
1:20:21
back and thinking about it, the
1:20:24
only explanation I can come up with is
1:20:26
that because what's
1:20:28
actually going on with
1:20:31
this wonderfully and subtly
1:20:33
complex problem, no
1:20:37
one writing for the press really
1:20:39
understood what the researchers have very
1:20:41
carefully and reasonably explained. So
1:20:44
they just went with variations
1:20:47
on ours, technica's, you know,
1:20:49
initial unpatched vulnerability in Apple's
1:20:51
chip nonsense. For
1:20:54
the assumption that ours must have actually understood
1:20:56
what was going on. So everyone just copied.
1:20:58
I just assumed Dan Gooden knows if he
1:21:00
doesn't know it. That's right. You know, Dan's
1:21:03
on the ball typically. And
1:21:05
we do know in fairness to Dan, he
1:21:08
doesn't provide the headlines. Back
1:21:10
when I was writing the Tech Talk column for
1:21:13
InfoWorld, I was often really
1:21:16
annoyed by what my columns
1:21:18
were headlined because that's not
1:21:20
what I said in the text. But
1:21:23
you know, some copy editor, I guess that's
1:21:25
what they're called, you know, gave it the
1:21:27
headline that would get people to turn to
1:21:29
the page. So okay, not
1:21:32
Dan's fault. Okay. The
1:21:34
TLDR of this whole fiasco
1:21:37
is that a handful of researchers
1:21:40
built upon an earlier two-year-old
1:21:44
discovery which three of
1:21:46
them had been participants in back
1:21:48
then that was dismissed at
1:21:50
the time by Apple
1:21:54
as being of only academic interest.
1:21:58
It's yet another form of side-channel
1:22:00
attack on otherwise
1:22:03
very carefully designed to be
1:22:06
side-channel attack-free constant
1:22:09
time cryptographic algorithms.
1:22:13
The attack surrounds an arm- based
1:22:16
performance optimization feature known
1:22:18
as DMP. I was
1:22:21
thinking boy if the acronym had been EMP
1:22:23
that would have really blown the tech press
1:22:25
right off the top. Anyway, not
1:22:27
EMP DMP and
1:22:31
a variation of the same type of
1:22:34
optimization is also present in the
1:22:36
newest Intel chips, the Razer or
1:22:38
something or other. Anyway I'll get
1:22:41
to that. Okay and so
1:22:44
true to Bruce Schneier's observation
1:22:46
that attacks never get worse,
1:22:48
they only ever get better,
1:22:52
about a year and a half
1:22:54
after that initial discovery two years
1:22:56
ago which never amounted to much,
1:22:59
it turned out that the
1:23:01
presence of this DMP which
1:23:03
I will be explaining in
1:23:05
detail optimization feature actually
1:23:07
did and does
1:23:10
create an exploitable vulnerability
1:23:13
that can be very cleverly
1:23:15
leveraged to reveal a systems
1:23:18
otherwise well-protected
1:23:20
cryptographic secrets. After
1:23:23
verifying that this was true, the
1:23:26
researchers did the responsible thing
1:23:28
by informing Apple and
1:23:30
we have to assume Apple
1:23:33
decided what they wanted to do next. Okay
1:23:37
unfortunately that true story doesn't make
1:23:39
for nearly as exciting a headline
1:23:43
so none of the hyperventilating press explained
1:23:45
it this way. One
1:23:47
important thing that sets this
1:23:49
apart from the similar and
1:23:51
related specter and meltdown vulnerabilities
1:23:53
from yesteryear is
1:23:55
that this new exploitation of
1:23:58
the DMP optimizer is
1:24:00
not purely theoretical. All
1:24:03
we had back in those early
1:24:05
days of speculative execution vulnerabilities was
1:24:08
a profound fear over
1:24:10
what could be done, over what this meant.
1:24:13
It was clear that Intel had never
1:24:16
intended for their chip's internal operation to
1:24:18
be probed in that fashion, and
1:24:21
not much imagination was required to
1:24:23
envision how this might be abused.
1:24:26
But we lacked any concrete,
1:24:29
real-world proof of concept.
1:24:33
Not so today. And
1:24:35
not even post-quantum crypto
1:24:37
is safe from this
1:24:39
attack, since we're not
1:24:41
attacking the strength of the crypto, but
1:24:44
rather the underlying keys are
1:24:47
being revealed. The
1:24:49
GoFetch proof of concept app
1:24:52
running on an Apple Mac
1:24:55
connects to the targeted app
1:24:58
also on the same machine which
1:25:00
contains the secrets. It
1:25:03
feeds the app a series
1:25:05
of inputs that the
1:25:07
app signs or decrypts or does
1:25:09
something using its secret keys.
1:25:14
The app is already inducing it
1:25:16
to perform cryptographic operations that require
1:25:18
it to use the secrets
1:25:21
it's intending to keep. As
1:25:24
it's doing this, the app
1:25:26
monitors aspects of the processor's
1:25:28
caches, and it
1:25:31
shares the processor's
1:25:33
caches which it shares
1:25:35
with the targeted app, in
1:25:38
order to obtain hints about
1:25:40
the app's secret key. Okay,
1:25:45
so how bad is it? As I
1:25:47
mentioned, the attack works against both
1:25:50
pre- and post-quantum encryption. The
1:25:52
demo GoFetch app requires less
1:25:55
than an hour to
1:25:57
extract a 2048-bit RSAT
1:26:01
and a little over two hours to extract
1:26:03
a 2048-bit Diffie-Hellman key. The
1:26:08
attack takes 54 minutes to
1:26:11
extract the material required to
1:26:13
later assemble a Kiber
1:26:15
512-bit key and
1:26:18
about 10 hours for a Dilithium
1:26:20
II key, though sometimes
1:26:22
also required afterwards for offline processing
1:26:24
of the raw data that is
1:26:27
collected. In other words, it
1:26:29
is an attack that is practical
1:26:31
to employ in the real world.
1:26:35
Okay, so what exactly is DMP? What
1:26:39
did the researchers discover and how did
1:26:41
they arrange to make their max give
1:26:44
up the closely held secrets being
1:26:46
hidden inside? The
1:26:48
research paper is titled Go
1:26:50
Fetch! Breaking
1:26:52
constant time cryptographic
1:26:55
implementations using data
1:26:57
memory dependent prefetchers. Okay,
1:27:00
now that sounds more complex than it is. We
1:27:03
have breaking constant time
1:27:05
cryptographic implementations. We
1:27:08
already know that a classic
1:27:10
side channel vulnerability, which is
1:27:12
often present in poorly written
1:27:14
crypto implementations, is for
1:27:16
an algorithm to in any
1:27:18
way change its behavior depending
1:27:21
upon the secret key it is
1:27:24
using. If that
1:27:26
happens, the key dependent behavior
1:27:28
change can be used to
1:27:30
infer some properties of the
1:27:32
key. So the
1:27:34
first portion of the title tells
1:27:36
us that this attack is effective
1:27:38
against properly written constant
1:27:41
time cryptographic implementations that
1:27:43
do not change their behavior
1:27:46
in any way. That
1:27:49
is not where things got screwed up. The
1:27:51
second part of the paper's title is
1:27:54
using data memory dependent
1:27:57
prefetchers. And that's
1:27:59
what's new here. If
1:28:02
you guessed that the
1:28:04
Performance Optimization Technique known
1:28:06
as DMP stands for
1:28:08
Data Memory Dependent Prefetchers,
1:28:10
you'd be correct. Three
1:28:12
of the seven co-authors of today's
1:28:15
paper co-authored the earlier
1:28:17
groundbreaking research two years
1:28:19
ago which described
1:28:22
their reverse engineered
1:28:24
discovery of
1:28:26
this DMP facility residing
1:28:29
inside Apple's M-series
1:28:31
arm-derived chips. Back
1:28:34
then, they raised and
1:28:36
waved a flag around, noting
1:28:39
that what this thing was
1:28:41
doing seemed worrisome,
1:28:44
but they stopped short of coming up
1:28:46
with any way to actually extract
1:28:48
information, and the information
1:28:50
that they had was made public.
1:28:53
Now, we don't know for
1:28:55
sure that sophisticated intelligence agencies
1:28:57
somewhere might not have picked
1:28:59
up on this and
1:29:01
turned it into a working exploit, as
1:29:04
has now happened, but
1:29:06
we do know for sure that Apple
1:29:08
apparently didn't give this much thought or
1:29:10
concern two years ago since
1:29:13
every one of their
1:29:15
Mac M-series chips was
1:29:17
vulnerable to exploitation several
1:29:19
years later. Okay, I'm
1:29:21
going to share today's research
1:29:23
abstract today's, the updated current
1:29:26
research abstract and introduction since
1:29:28
it's packed with information and
1:29:30
some valuable perspective, and then
1:29:32
I'll break it down. So
1:29:35
they wrote, micro-architectural side
1:29:37
channel attacks have shaken
1:29:40
the foundations of modern
1:29:42
processor design. The
1:29:44
cornerstone defense against these
1:29:47
attacks has been to
1:29:49
ensure that security critical
1:29:51
programs do not use
1:29:53
secret dependent data addresses.
1:29:56
Put simply, do Not
1:29:58
pass secrets as addresses. For
1:30:00
example, data memory instructions.
1:30:03
Yet. The discovery of data
1:30:06
memory depended prefectures, These.
1:30:08
D M P's which
1:30:10
turned program data into
1:30:12
addresses directly from within
1:30:14
the memory system. Calls.
1:30:17
Into question. Whether. This
1:30:19
approach will continue to remain secure.
1:30:22
This. Paper. Shows. That.
1:30:25
These security threat from
1:30:27
D M P's is
1:30:29
significantly worse than was
1:30:32
previously thought. And. Demonstrates
1:30:34
the first end to
1:30:36
end attacks. On. Security
1:30:38
Chronicle software using the Apple
1:30:41
M Series, D M P's.
1:30:43
Under. Girding are attacks is
1:30:45
a new understanding of how
1:30:47
D M P's behave, which
1:30:50
shows among other things that
1:30:52
the Apple D M P
1:30:54
will activate on behalf of
1:30:56
any victim program, an attempt
1:30:58
to leith any cash data
1:31:00
that resembles a pointer. From.
1:31:02
This understanding we design a
1:31:05
new type of chosen to
1:31:07
attack that uses a D
1:31:09
M P to perform an
1:31:11
end to end to end
1:31:14
key extraction on popular constant
1:31:16
time implementations of classical and
1:31:18
post quantum cryptography. And.
1:31:20
By way of introduction, they
1:31:23
said for over a decade
1:31:25
modern processors have faced a
1:31:27
myriad of micro architectural side
1:31:29
channel attacks for example through
1:31:31
caches T, B's, it or
1:31:33
translation look aside, buffers, branch
1:31:35
predictors on Sept interconnects, memory
1:31:37
management units, speculative execution voltage,
1:31:40
frequency scaling, and more. It
1:31:42
all as we know, even
1:31:44
like the sound of the
1:31:46
power supply changing can can
1:31:48
leak information. They
1:31:50
said the most prominent class
1:31:52
of these attacks occurs when
1:31:55
the programs memory access pattern
1:31:57
becomes dependent on secret data.
1:31:59
For. Of. Simple. Cash. And
1:32:02
Peel beside channel attacks arise
1:32:04
when the programs data memory
1:32:06
access pattern become secret dependent.
1:32:09
Other attacks, for example, those
1:32:11
monitoring on chip interconnects can
1:32:14
be viewed similarly with respect
1:32:16
to the programs and structured
1:32:18
memory access pattern. This has
1:32:20
led to the development of
1:32:22
a wide range of defense's
1:32:24
including the ubiquitous constant time
1:32:27
programming model, information flow, base
1:32:29
tracking, and more. All.
1:32:31
Of which seek to prevent
1:32:33
secret data for being used
1:32:35
as an address to memory
1:32:37
control flow instructions. Recently.
1:32:40
However, Augury.
1:32:42
That's what they called their first
1:32:44
research two years ago. a huge
1:32:46
g you are wise ah at
1:32:48
it roof and related to an
1:32:50
auger being used. Demonstrated
1:32:53
that Apple M Series
1:32:55
Cp use undermine his
1:32:57
programming model by introducing
1:32:59
a data memory dependent
1:33:02
prefecture. That. Will attempt
1:33:04
to presets addresses found in
1:33:06
the contents of program memory.
1:33:08
Thus, in theory Apples D
1:33:10
M P leaks memory contents
1:33:12
V A cast side channels.
1:33:15
Even. If that memory is never passed
1:33:17
as an address to a memory control
1:33:19
flow instruction okay, I as a guy
1:33:22
again, I will explain exactly what all
1:33:24
that means. I got a couple paragraphs
1:33:26
left they said. despite. The.
1:33:28
Apple D M P's novel
1:33:30
leakage care capabilities it's restrictive
1:33:32
behavior has prevented it from
1:33:35
big used in attacks, in
1:33:37
particular. Augury. Reported.
1:33:40
That. The D M P
1:33:42
only activates in the presence
1:33:44
of a rather idiosyncratic program
1:33:47
memory access pattern. Where.
1:33:49
The program streams through an
1:33:51
array of pointers and architecturally,
1:33:53
d references these pointers. This
1:33:55
access pattern is not typically
1:33:58
found in Security Credit. The
1:34:00
software such as Side Channel
1:34:02
hardened constant time code. Hence,
1:34:05
Making that code impervious to
1:34:07
leak, it's through the Dmp
1:34:09
with the Dm. Peaceful security
1:34:11
implications are clear in this
1:34:14
paper. We address the following
1:34:16
two questions. Do.
1:34:18
D M P's create a
1:34:21
critical security threat to high
1:34:23
value software. And. Can
1:34:26
attacks use D M
1:34:28
P's to bypass side
1:34:30
channel counter measures such
1:34:32
as constant time programming.
1:34:35
This. Paper. Answers. The
1:34:38
above questions in the
1:34:40
affirmative. Showing how
1:34:42
Apple's D M P implementation
1:34:45
poses severe risks to the
1:34:47
constant time coding paradigm, in
1:34:49
particular, we demonstrate end to
1:34:52
end t extraction attacks against
1:34:54
for state of the art
1:34:57
cryptographic implementations all deploying constant
1:34:59
time programming. A To be
1:35:01
clear, when they say end
1:35:04
to end attacks, they mean.
1:35:07
They. Run something and they get
1:35:09
the key. Being all the
1:35:11
work is done, nothing left
1:35:13
for the reader to tude
1:35:15
to finish. the all this
1:35:17
thing works. Ok
1:35:20
as we've had the occasion to
1:35:22
discuss to the years on this
1:35:24
podcast, the performance of Dram. The.
1:35:27
Dynamic Ram Memory the forms
1:35:29
the bulk of our systems
1:35:31
memory has lagged far behind
1:35:34
the memory bandwidth demands of
1:35:36
our processors. Through the years,
1:35:38
we've been able to significantly
1:35:40
increase the density of dram,
1:35:42
but not as performance And
1:35:45
as we know, even the
1:35:47
increasing density has met with
1:35:49
challenges in the form of
1:35:51
susceptibility to adjacent row interference,
1:35:54
which led to the various
1:35:56
dram hammering attacks. But.
1:35:58
All the performance side. The
1:36:00
saving grace has been the
1:36:03
processor memory access patterns. Are.
1:36:05
Not linear. And
1:36:08
The Dawn Of Repetitive. They.
1:36:10
Are typically sigh li
1:36:12
repetitive. The. Programs
1:36:15
almost always loop.
1:36:17
Meetings. That they are executing
1:36:20
the same code. Get. An
1:36:22
Again over and over and
1:36:24
that in turn means that
1:36:27
is a much smaller, but
1:36:29
much faster cache of memory
1:36:31
is inserted between the main
1:36:34
dram and the processor. The
1:36:36
processors repetition of the same
1:36:38
instructions and often the data
1:36:41
for those instructions can be
1:36:43
facility much more quickly from
1:36:45
the local cache then. From.
1:36:48
May memory. During.
1:36:50
Our discussions of speculative execution, we
1:36:52
saw that another way to speed
1:36:55
up our processors was to allow
1:36:57
the processor to run well ahead
1:37:00
of where execution was and if
1:37:02
the code encountered a fork in
1:37:04
the road. In In
1:37:07
in the codes flow it would
1:37:09
fetch a head down both paths
1:37:11
of the fork so that once
1:37:13
the past to be taken became
1:37:16
known. Which. Ever way
1:37:18
that went, the system would
1:37:20
already have read the coated
1:37:22
instructions for that path and
1:37:24
have them ready to execute.
1:37:26
In practice, this is accomplished
1:37:28
by breaking our processors into
1:37:31
several specialized pieces, one being
1:37:33
the presets engine. Whose.
1:37:35
Job it is to keep
1:37:37
the the execution engines said
1:37:39
with data from main. Many.
1:37:43
instructions do not make any
1:37:45
main memory accesses they might
1:37:47
be working only within the
1:37:50
processors internal registers or within
1:37:52
what's already present in the
1:37:54
processors local cache so this
1:37:57
gives the priest fetching engine
1:37:59
time to anticipate where
1:38:01
the processor might go next,
1:38:04
and to guess at what it might need.
1:38:07
In a modern system, there's never
1:38:09
any reason to allow main memory
1:38:11
to sit idly by, not
1:38:13
even for a single cycle. A
1:38:16
good prefetching system will always
1:38:19
be working to anticipate its
1:38:21
processor's needs and to have
1:38:23
already loaded the contents of
1:38:26
slower DRAM into the high-speed
1:38:28
cache when the processor gets
1:38:30
to needing it. Okay,
1:38:33
now let's add one additional layer
1:38:35
of complexity. One
1:38:37
of the features of all
1:38:39
modern processor architectures is
1:38:42
the concept of a pointer. A
1:38:45
location in memory, or the
1:38:47
contents of a register, could
1:38:50
contain an object's value
1:38:52
itself, or instead,
1:38:54
it could contain the
1:38:57
memory address of the object.
1:39:00
In that second case, we would say
1:39:02
that the value in the memory or
1:39:04
register contains, instead
1:39:07
of the value of the object itself, a
1:39:09
pointer to the object. As
1:39:12
a coder, I cannot imagine
1:39:14
my life without pointers. They
1:39:16
are absolutely everywhere in code
1:39:19
because they are so useful.
1:39:22
We need one bit of new vocabulary
1:39:25
to talk about pointers. Since
1:39:27
a pointer is used to
1:39:29
point to or refer
1:39:32
to something else, the
1:39:34
pointer contains a reference to
1:39:37
the object. So
1:39:39
we call the act of following a
1:39:41
pointer to the object, dereferencing
1:39:45
the pointer. We'll see the
1:39:47
researchers using that jargon in a minute. But
1:39:51
first, let's think about that
1:39:53
cache-filling prefetch engine.
1:39:56
Its entire reason for existence is
1:39:59
to anticipate the future needs
1:40:02
of its processor so
1:40:04
that whatever the processor wants
1:40:06
will already be waiting for it
1:40:09
and instantly available from its cache.
1:40:12
The processor will think that
1:40:14
its pre-fetch engine is magic.
1:40:18
So one evening,
1:40:21
probably about seven years ago, some
1:40:24
Apple engineers are sitting around a
1:40:27
white board with a bunch of
1:40:29
half-eaten pizzas, their
1:40:31
brainstorming ways to further
1:40:33
speed up Apple's proprietary
1:40:35
silicon. Given the
1:40:37
time frame, this would first
1:40:40
be able to appear in
1:40:42
their A14 Bionic processor. So
1:40:46
one of them says, you know,
1:40:49
we're already doing a great job of
1:40:51
fetching the data that the processor is
1:40:53
going to ask for. But
1:40:55
when we fetch data that contains
1:40:58
what looks like pointers, we're
1:41:01
not fetching the data that those pointers
1:41:03
are pointing to. If
1:41:06
the data really are pointers, then
1:41:09
there's a good chance that once the
1:41:11
processor gets its hands on them, it's
1:41:13
going to be asking for that data next.
1:41:17
We could anticipate that and
1:41:20
have it ready too, just
1:41:23
in case it might be
1:41:25
useful. I mean,
1:41:27
what's the whole point of being a pre-fetching
1:41:29
engine? I mean, right? That's the whole point.
1:41:32
That's what we're here for. Now
1:41:35
at this point, the pizza is
1:41:37
forgotten and several in
1:41:39
the group lean forward. They're
1:41:41
thinking about the kinds of
1:41:43
cars they're going to be able to get with the
1:41:45
raises. This idea will earn them. Then
1:41:48
they realize they need to make it work first. Although
1:41:52
they're immediately hooked by the
1:41:54
idea because they know there's
1:41:56
something there. One of
1:41:59
them plays devil's advocate. saying but
1:42:01
the cache is context
1:42:04
free. What he means
1:42:06
by that is that the prefetch
1:42:08
engine sees everything
1:42:10
as data. It's all the same
1:42:12
to it. The prefetcher doesn't
1:42:14
know what the data means. It
1:42:17
has no meaning in DRAM.
1:42:20
It's all just mixed bytes
1:42:22
of instructions and data. The
1:42:24
Hodgepodge. It's not until
1:42:26
that data is fetched from the
1:42:28
cache and is actually consumed by
1:42:31
the processor that the data acquires
1:42:33
context and meaning. The
1:42:36
answer to the but the
1:42:38
cache is context free guy
1:42:40
is yeah and so what.
1:42:43
If some data that's being added to
1:42:45
the cache looks like a
1:42:48
pointer and if it's
1:42:50
pointing into valid DRAM
1:42:52
memory what's the
1:42:54
harm in treating it as
1:42:56
a pointer and going out and
1:42:58
also grabbing the thing that it
1:43:00
might be pointing to. If
1:43:03
we have time and we're right
1:43:06
it's a win for the processor. The
1:43:09
processor won't believe it's luck. In
1:43:11
already having the thing it was
1:43:13
just about to ask for already
1:43:15
magically waiting there in its
1:43:17
local cache. So
1:43:19
finally after their last dry
1:43:22
erase marker stops working from
1:43:24
the hastily scribbled diagrams on
1:43:26
their whiteboards they're
1:43:28
satisfied that they're really
1:43:30
onto a useful next
1:43:32
generation optimization. So
1:43:35
one of them asks okay this
1:43:37
is good but it needs a name. What
1:43:40
are we going to call it? One
1:43:42
of them says well how about data
1:43:45
memory dependent prefetching or
1:43:47
DMP for short. So
1:43:51
here we've just
1:43:53
seen a perfect example Of
1:43:56
where and how these next
1:43:58
generation features are invented. Did.
1:44:00
Over. Pizza and dry erase markers.
1:44:03
And it's also easy to see
1:44:06
that the security implications of this
1:44:08
don't even make it onto the
1:44:10
radar. All. They're doing,
1:44:12
after all, is anticipating
1:44:14
a possible future use
1:44:17
of what might be
1:44:19
a pointer. And
1:44:21
pre fetching the thing as pointing
1:44:23
to in case they're right. And
1:44:26
it is a pointer that in case
1:44:28
the processor might eventually ask for it.
1:44:31
Is disconnected from whatever the
1:44:33
processor is doing right? It's
1:44:36
a data memory dependent prefecture.
1:44:39
With. This amounts to is us
1:44:41
some what smarter. Prefecture.
1:44:45
It cannot be certain whether it's fetching
1:44:47
a pointer, but in case it might
1:44:49
be. It'll just jump ahead.
1:44:52
Even further to also presets
1:44:54
the thing that what might
1:44:56
be a pointer may be
1:44:58
pointing to. Okay,
1:45:01
So now let's hear from the
1:45:04
geniuses who likely also consume their
1:45:06
share of pizza while they scratch
1:45:08
the it's that apparently been lingering
1:45:10
with at least three of them
1:45:13
for a couple of years ever
1:45:15
since That. First. Bit of
1:45:17
work. When. They discovered that
1:45:20
Apple had dropped this
1:45:22
memory did this data
1:45:24
memory dependent prefecture into
1:45:26
their silicone. Here's how
1:45:28
they explain what they came up with. They.
1:45:30
Said. We. Start by
1:45:33
reexamining. The. Findings in
1:45:36
Audrey. Here. We
1:45:38
find that Auguries analysis
1:45:40
of the D M
1:45:42
P activation model was
1:45:44
overly restrictive and missed
1:45:46
several D M P
1:45:49
activation scenarios. Through new
1:45:51
reverse engineering, we find
1:45:53
that the D M
1:45:55
P activates on behalf
1:45:57
of potentially any program.
1:46:00
An attempt to d reference. He.
1:46:03
Data. Brought. Into cash
1:46:05
that resembles a pointer. This
1:46:09
behavior places a significant amount
1:46:11
of program data at risk
1:46:14
and eliminates the restrictions reported
1:46:16
by prior work. Finally,
1:46:19
going beyond Apple, we
1:46:21
confirmed the existence of
1:46:23
a similar D M
1:46:25
P on entails latest
1:46:28
Third T generation wrap
1:46:30
door lake architecture with
1:46:32
more restrictive activation criteria.
1:46:34
Next, we show how
1:46:36
to exploit the D
1:46:38
M P to break
1:46:40
security critical software. We
1:46:42
demonstrate the widespread presence
1:46:44
of code vulnerable to
1:46:46
D M P aided.
1:46:49
Attacks in state of
1:46:51
the yard constant time
1:46:53
Cryptographic software spanning classical
1:46:55
to post quantum key
1:46:57
exchange and signing algorithms.
1:47:00
Are tape and then finally. This last bit
1:47:02
is the key to everything. I'll read it
1:47:05
first that I'll take it apart they said.
1:47:07
Are T and site is
1:47:10
that while the D M
1:47:12
P only D references pointers
1:47:15
on, attacker can craft program
1:47:17
imports so that when those
1:47:19
imports mix. With. Cryptographic
1:47:22
Secrets: The resulting intermediate
1:47:24
stage can be engineered
1:47:27
to look like a
1:47:30
pointer. If. And
1:47:32
only is the secret
1:47:35
satisfies an attacker chosen
1:47:37
predicate. For. Example they
1:47:39
said: imagine that a
1:47:41
program has secrets s.
1:47:44
Takes. Acts as input and
1:47:46
computes and then stores y
1:47:49
equals s x or with
1:47:51
x to it's program memory.
1:47:55
the attacker can craft
1:47:57
different x's and infer
1:47:59
part partial or even
1:48:01
complete information about S
1:48:04
by observing whether the
1:48:06
DMP is able to dereference
1:48:09
Y. We
1:48:12
first use this observation to
1:48:14
break the guarantees of a
1:48:17
standard constant-time swap primitive recommended
1:48:19
for use in cryptographic implementations.
1:48:22
We then show how to
1:48:24
break complete cryptographic implementations designed
1:48:26
to be secure against
1:48:28
chosen input attacks. OK.
1:48:33
So they realized that Apple's
1:48:35
DMP technology is far
1:48:37
more aggressive than they
1:48:39
initially appreciated. It
1:48:41
is busily examining all
1:48:44
of the data that's being put
1:48:46
into the cache for all
1:48:48
of the processes running in the system.
1:48:51
It's looking for anything that looks
1:48:54
pointer-like and when
1:48:56
found it's going to go out
1:48:58
and prefetch that because it
1:49:01
may be pointing to something that the processor
1:49:03
is going to ask for in the future.
1:49:06
Their next step was to realize
1:49:08
that since this pointer-like
1:49:11
behavior is
1:49:13
highly prone to producing
1:49:15
false positive hits which
1:49:18
would prefetch miscellaneous bogus
1:49:20
data and since it operates
1:49:22
indiscriminately on any and all
1:49:25
data in the system they
1:49:28
can deliberately trick Apple's
1:49:30
DMP system to misfire.
1:49:34
When it does it will prefetch data
1:49:36
that wasn't really being pointed to
1:49:38
and they can
1:49:40
use standard well understood cache
1:49:43
probing to determine whether
1:49:45
or not the DMP did
1:49:47
in fact misfire and prefetch.
1:49:51
Since the cause of that mixes
1:49:53
secrets with what they provide it
1:49:56
reveals information about the
1:49:58
secret. They
1:50:02
induce the isolated process containing
1:50:05
the secrets to perform a
1:50:07
large number of cryptographic operations
1:50:10
on their deliberately crafted
1:50:12
data while using the
1:50:15
now well-understood behavior of
1:50:17
the DMP to create
1:50:19
an inadvertent side channel
1:50:22
that leaks the secret key
1:50:24
even though the cryptographic code
1:50:26
itself is being super careful
1:50:29
not to behave differently in any
1:50:31
way based upon the value of
1:50:33
the secret key. In other words, it's
1:50:36
being betrayed by this
1:50:38
advanced operation of
1:50:41
the prefetching cache. The
1:50:47
code's care doesn't matter because
1:50:49
the cryptographic code, as I
1:50:53
said, is being betrayed. What
1:50:55
I've just explained is a
1:50:57
version of what these
1:50:59
very clever researchers revealed to
1:51:02
Apple back 107 days ago
1:51:04
from last Thursday in early
1:51:07
December last year. So
1:51:10
what does Apple do about this? This
1:51:13
does seem like the sort of thing Apple ought to
1:51:15
be able to turn off. One
1:51:17
of the things we've learned is that
1:51:19
these initial nifty-seeming
1:51:22
slick performance optimization things like
1:51:24
Spectre and Meltdown and all
1:51:26
the others always
1:51:28
seem to come back to bite us
1:51:31
sooner or later. So the
1:51:34
lesson we absolutely as an industry have
1:51:36
to take away, and surprisingly
1:51:40
we haven't yet, is that anything
1:51:42
like this should have
1:51:44
an off switch. And
1:51:47
what do you know? It may
1:51:49
have been, and likely was, in
1:51:52
reaction to these researchers'
1:51:55
initial augury DMP
1:51:57
paper back in 2022. Apple
1:52:01
added that off switch to their
1:52:04
M3 chip. Apple
1:52:07
announced it on October
1:52:09
30th last year, the day
1:52:11
before Halloween, and that M3 can
1:52:13
have DMP turned off. I've
1:52:19
heard, but I haven't confirmed,
1:52:21
that Apple's own crypto code
1:52:24
is flipping DMP off during
1:52:27
any and all of their
1:52:29
own cryptographic operations. So
1:52:32
it may only be non-Apple
1:52:34
crypto code running on Macs
1:52:36
that are endangered on M3
1:52:38
based machines. The
1:52:41
researchers cite their compromise
1:52:43
of the Diffie-Hellman key
1:52:46
exchange in OpenSSL, you
1:52:48
know, not an Apple library, and
1:52:50
the RSA key operations in
1:52:53
the Go language library. So
1:52:55
again, not Apples. So
1:52:58
what about the non-M3 chips,
1:53:00
the Apple A14 Bionic,
1:53:02
the M1 and the M2? Well,
1:53:05
it turns out that these so-called
1:53:07
SOC, you know, systems on a
1:53:09
chip, all have
1:53:11
multiple cores, and the
1:53:14
cores are not all the same type. Only
1:53:17
half of the cores are vulnerable,
1:53:19
because only half of them incorporate
1:53:22
the DMP. Apple's M
1:53:24
series have two types of cores, the
1:53:27
bigger Firestorm cores, also known as
1:53:29
the Performance cores, and the smaller
1:53:31
Ice storm cores, also known as
1:53:33
the Efficiency cores. On the
1:53:35
M1 and M2 chips, only
1:53:37
the Firestorm Performance cores offer
1:53:40
the problematic DMP prefetching system.
1:53:42
So all Apple needs to
1:53:44
do is to move their crypto
1:53:47
over to the smaller Efficiency cores.
1:53:50
Crypto operations will run more slowly
1:53:52
there, but they will be completely
1:53:54
secure from this trouble. So,
1:53:57
is Apple gonna do any of these things? they
1:54:00
already, the press thinks that nothing
1:54:02
has been done yet. I find
1:54:04
that curious given that the concerns
1:54:06
are real and that solutions
1:54:09
are available. But so far,
1:54:11
all the press has reported, now again,
1:54:13
Apple knew about this in early December, all
1:54:16
the press has reported that Apple has
1:54:18
been curiously mute on the subject.
1:54:21
Apple just says no comment. This
1:54:24
is doubly confounding given
1:54:26
that Thursday's research disclosure came
1:54:29
as no surprise to them
1:54:33
and also that the firestorm
1:54:38
of truly over-the-top
1:54:40
apoplectic and apocalyptic headlines
1:54:42
that have ensued as
1:54:44
a result really
1:54:47
does need a response. I imagine that
1:54:49
something will be forthcoming from Apple soon.
1:54:52
Until then, for what it's worth,
1:54:54
the attack, if it were to
1:54:57
happen, would be local and
1:54:59
would be targeted and would
1:55:01
require someone arranging to install
1:55:04
malware onto the victim's
1:55:07
machine. It's not the end
1:55:09
of the world and as I'm always saying
1:55:11
around here, anyone can make a mistake, but
1:55:14
Apple's customers would seem to need
1:55:16
and deserve more than silence from
1:55:18
Apple. So if we
1:55:20
ought to hear something, but at least
1:55:22
now we understand exactly what's going on.
1:55:25
And by the way, if somebody can install that on
1:55:27
your system, they can also just put a keystroke logger
1:55:30
on there. There's all sorts of ways they can get
1:55:32
full access. In fact, that's
1:55:35
probably a lot easier to do it some
1:55:37
other way than a side
1:55:39
channel attack. Does it take a lot of monitoring
1:55:42
and trial and error to have this side
1:55:44
channel? No, it doesn't. It takes an hour
1:55:46
and you get the key. And
1:55:49
so you actually do get a secret that
1:55:51
was trying to be protected. So I could
1:55:53
see a nation state saying, oh good, all
1:55:55
right, we'll do is we'll get this on
1:55:57
there through some other malware.
1:56:00
exploit, we'll run it and then we'll
1:56:02
erase all traces. Guy will
1:56:04
never know he was hacked but we've got the key and
1:56:06
we've got the key forever until
1:56:09
he changes it. Right. Yeah.
1:56:11
And the point I made was that when
1:56:14
this became public two years ago,
1:56:18
these guys apparently stopped their research. We
1:56:20
don't know the NSA did. The
1:56:23
NSA might have gone, hey, that's interesting.
1:56:25
Let's take a look at that. Oh,
1:56:27
come on. The NSA could, NSA has
1:56:29
probably been working on this same thing
1:56:31
forever, right? I mean, they
1:56:34
know about these side channel attacks. They
1:56:36
know about speculative execution. They know what
1:56:38
Spectre and Meltdown produced on the x86
1:56:41
platforms. I'm sure they were looking for
1:56:43
it too. Just whose
1:56:45
professors are better, I guess. Yeah,
1:56:48
hopefully we have good profs. I think we
1:56:50
have good profs in the NSA. Good
1:56:53
will hunting notwithstanding. Mr. Steve Gibson,
1:56:55
ladies and gentlemen. Happy birthday, Steve.
1:56:58
Thank you very much. Very nice. You're
1:57:00
getting there one more year and it's going to be a
1:57:02
big one. We're going to have a big party for
1:57:04
you next year. I know. I just
1:57:06
hope there's no loss of function. I want to
1:57:09
keep going at the current rate.
1:57:12
It's fine. Getting old is not so
1:57:14
bad as long as the body understands it needs
1:57:16
to continue doing everything properly.
1:57:19
And then, you know. Well, and objectively,
1:57:21
the sad thing is, I mean, I feel great.
1:57:23
I don't think I've lost any of my energy
1:57:26
or anything. And objectively,
1:57:28
you look at 80-year-olds and
1:57:31
they're, you know. How
1:57:35
much you can do is slow that down. My mom's 92 every
1:57:37
night at one. And
1:57:41
I, you know, she's still going strong. I'd be
1:57:43
happy if I were in her shape in 20
1:57:45
years. She's in
1:57:47
great shape. Or 13 years. I don't think you'd
1:57:49
be writing spin-right 10. Let's
1:57:52
hope you're doing some fishing. I know. I
1:57:54
might keep the brain sharp. I know. That's
1:57:56
what I'm working on. You know, I'm trying to keep the brain sharp.
1:58:00
going on here so
1:58:04
having a lot of fun with the coding I
1:58:06
feel like if I can do this I still
1:58:09
have something upstairs I love to code
1:58:11
coding so much there's I am so
1:58:13
happy yeah really so much
1:58:15
fun in fact
1:58:17
I had kind of a breakthrough this morning that's why I'm cool
1:58:19
yeah day 19 on Advent of Code it's a lot of fun Steve
1:58:27
Gibson lives at
1:58:29
grc.com the Gibson
1:58:31
Research corporation.com that is
1:58:33
where you'll find of course spin right
1:58:35
the world's finest hard drive actually all
1:58:37
mass storage maintenance and recovery utility 6.1
1:58:40
is out kids go on and get yourself
1:58:42
a copy and if
1:58:45
you already have a copy that will
1:58:47
browse around there's all sorts of other
1:58:49
wonderful stuff including this show you'll find
1:58:51
it actually a couple
1:58:53
of unique versions of this show
1:58:56
at grc.com 16 kilobit
1:58:58
audio which is the smallest
1:59:00
audio version of the show he also
1:59:02
has a 64 kilobit audio which sounds
1:59:04
a lot better he also has transcripts
1:59:06
handcrafted by Elaine Ferris so you can
1:59:08
read along as you listen or search
1:59:10
or do what feed them to your
1:59:13
AI and have make an AI Steve whatever it
1:59:15
is that you need to do you can do
1:59:17
it with those grc.com we
1:59:19
are at twit.tv and of course
1:59:21
security now shows to it that
1:59:23
TV slash SN we have
1:59:25
64 kilobit audio as well but our unique
1:59:27
format is video you can watch Steve smile
1:59:29
and face you
1:59:31
can watch us do the show every Tuesday
1:59:33
right after Mac break weekly usually works
1:59:36
out to around 1 30 p.m. Pacific
1:59:38
for 30 Eastern 2030
1:59:40
UTC and we stream
1:59:42
that live on YouTube youtube.com slash
1:59:47
twit so tune in
1:59:49
when the show begins tune out when the show's
1:59:51
over but though you know if
1:59:53
you you know if you subscribe and you hit the bell
1:59:55
then you get a notification whenever that's about
1:59:57
and try not to tune out before the show's over
2:00:00
Well, there I thought in the Discord
2:00:02
I noticed a couple of people saying, okay,
2:00:05
I understand what you're talking about. I think I'll leave
2:00:07
now. I always just try to let
2:00:09
it drift over my head and hope that it will seep
2:00:11
in at some point. That's exactly, I've
2:00:13
often suggested exactly that strategy. Don't worry about
2:00:15
the details, you'll just get the feel for
2:00:17
it. I've learned a few
2:00:20
things, you know, from listening to this show over the last,
2:00:22
what is it, 15, 16 years? Something
2:00:25
like that. Honey, we're in year 21. Or
2:00:29
was it 19? No, 20, yeah, because we, Twit
2:00:31
itself, it's 19th birthday's next month,
2:00:33
it's in a couple of weeks. That's
2:00:35
it. Okay. So you're
2:00:37
a little younger than that, just a tad. So you are
2:00:39
in your 20th year, you will be in your 20th year
2:00:41
soon. Which is kind
2:00:44
of mind boggling. I didn't
2:00:46
even think podcasting will last 20 months. Yeah.
2:00:51
Have a great birthday. I hope you
2:00:53
get some cake. You
2:00:55
know, I bet you Lori right now, she's got the apron on.
2:00:58
She's whipping up the batter. She's going, you know, she's
2:01:00
going to make you a nice cake, a little
2:01:03
coconut cream icing on top. She's
2:01:07
going to be cooking a nice medium rare
2:01:09
steak. That's all you care about. A little
2:01:11
cab, a little Santa Cruz mountain cab. That's
2:01:14
a great idea. Thank you,
2:01:16
Steve. Have a great week. And all
2:01:18
of you, thank you, especially to our club Twit
2:01:20
members who make this show possible. If you're not
2:01:22
a member, seven bucks a month, twit.tv slash club
2:01:25
Twit. Take care, Steve. Bye,
2:01:28
buddy. See you next week. Oh, or
2:01:30
is it still going to be March or is it April? No, it'll
2:01:32
be April. See you in April. Cool.
2:01:35
Live long and prosper, Mr. Gibson. Bye. Bye.
2:01:40
She's here ready now.
2:01:48
As humans were naturally driven by the search for
2:01:50
better. But when it comes to hiring, the best
2:01:53
way to search for a candidate isn't to search
2:01:55
at all. Search match with
2:01:57
indeed when I was looking to hire
2:01:59
some one it was so slow
2:02:01
and overwhelming. I wish I had
2:02:03
used Indeed. If you need to
2:02:06
hire, you need Indeed. Indeed
2:02:08
is your matching and hiring platform with over 350
2:02:10
million global monthly visitors according
2:02:13
to Indeed data and a matching engine
2:02:15
that helps you find quality candidates fast.
2:02:17
Ditch the busy work. Use
2:02:20
Indeed for scheduling, screening and messaging so
2:02:22
you can connect with candidates faster. And
2:02:24
Indeed doesn't just help you hire faster.
2:02:28
93% of employers agree Indeed delivers
2:02:30
the highest quality matches compared to other
2:02:32
job sites, according to a recent Indeed
2:02:34
survey. And listeners of this show will
2:02:36
get a $75 sponsored
2:02:38
job credit to get
2:02:40
your jobs more visibility
2:02:42
at indeed.com/podcast. That's indeed.com/podcast.
2:02:45
Terms and conditions apply.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More